* [PATCH 6.0 000/862] 6.0.3-rc1 review
@ 2022-10-19 8:21 Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 001/862] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
` (876 more replies)
0 siblings, 877 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw
This is the start of the stable review cycle for the 6.0.3 release.
There are 862 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.0.3-rc1
Nathan Chancellor <nathan@kernel.org>
lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5
Masahiro Yamada <masahiroy@kernel.org>
Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
Masahiro Yamada <masahiroy@kernel.org>
Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
Jens Axboe <axboe@kernel.dk>
io_uring/rw: ensure kiocb_end_write() is always called
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix fdinfo sqe offsets calculation
Nathan Chancellor <nathan@kernel.org>
drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
net/ieee802154: don't warn zero-sized raw_sendmsg()
Alexander Aring <aahringo@redhat.com>
Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
Aric Cyr <aric.cyr@amd.com>
Revert "drm/amd/display: correct hostvm flag"
Randy Dunlap <rdunlap@infradead.org>
net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses
Yu Kuai <yukuai3@huawei.com>
blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix last interface check for registration
Alexander Aring <aahringo@redhat.com>
net: ieee802154: return -EINVAL for unknown addr type
Liu Shixin <liushixin2@huawei.com>
mm: hugetlb: fix UAF in hugetlb_handle_userfault
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: fix notif cqe reordering
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: don't skip notifs for failed requests
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: rename io_sendzc()
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: don't lose partial send_zc on fail
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: use io_sr_msg for sendzc
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: refactor io_sr_msg types
Adrian Hunter <adrian.hunter@intel.com>
perf intel-pt: Fix system_wide dummy event for hybrid
Adrian Hunter <adrian.hunter@intel.com>
perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
Rob Herring <robh@kernel.org>
perf: Skip and warn on unknown format 'configN' attrs
Ivan T. Ivanov <iivanov@suse.de>
clk: bcm2835: Round UART input clock up
Wayne Chang <waynec@nvidia.com>
usb: typec: ucsi: Don't warn on probe deferral
Manivannan Sadhasivam <mani@kernel.org>
dmaengine: dw-edma: Remove runtime PM support
Lv Ruyi <lv.ruyi@zte.com.cn>
fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe
Eddie James <eajames@linux.ibm.com>
fsi: occ: Prevent use after free
Eddie James <eajames@linux.ibm.com>
hwmon (occ): Retry for checksum failure
Keith Busch <kbusch@kernel.org>
blk-mq: use quiesced elevator switch when reinitializing queues
Dongliang Mu <mudongliangabcd@gmail.com>
usb: idmouse: fix an uninit-value in idmouse_open
Varun Prakash <varun@chelsio.com>
nvmet-tcp: add bounds check on Transfer Tag
Keith Busch <kbusch@kernel.org>
nvme: copy firmware_rev on each init
Keith Busch <kbusch@kernel.org>
nvme: handle effects after freeing the request
Jan Kara <jack@suse.cz>
ext2: Use kvmalloc() for group descriptor array
Arun Easi <aeasi@marvell.com>
scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled
Xiaoke Wang <xkernel.wang@foxmail.com>
staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
Xiaoke Wang <xkernel.wang@foxmail.com>
staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix CQE reordering
sunghwan jung <onenowy@gmail.com>
Revert "usb: storage: Add quirk for Samsung Fit flash"
Piyush Mehta <piyush.mehta@amd.com>
usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug
Alexander Stein <alexander.stein@ew.tq-group.com>
arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes
Alexander Stein <alexander.stein@ew.tq-group.com>
usb: dwc3: core: add gfladj_refclk_lpm_sel quirk
Robin Guo <guoweibin@inspur.com>
usb: musb: Fix musb_gadget.c rxstate overflow bug
Jianglei Nie <niejianglei2021@163.com>
usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
Logan Gunthorpe <logang@deltatee.com>
md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
Johnothan King <johnothanking@protonmail.com>
HID: nintendo: check analog user calibration for plausibility
Jianglei Nie <niejianglei2021@163.com>
HSI: ssi_protocol: fix potential resource leak in ssip_pn_open()
Hyunwoo Kim <imv4bel@gmail.com>
HID: roccat: Fix use-after-free in roccat_read()
Harry Stern <harry@harrystern.net>
hid: topre: Add driver fixing report descriptor
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
soundwire: intel: fix error handling on dai registration issues
Richard Fitzgerald <rf@opensource.cirrus.com>
soundwire: cadence: Don't overwrite msg->buf during write commands
Coly Li <colyli@suse.de>
bcache: fix set_at_max_writeback_rate() for multiple attached devices
Serge Semin <Sergey.Semin@baikalelectronics.ru>
ata: libahci_platform: Sanity check the DT child nodes number
Yu Kuai <yukuai3@huawei.com>
blk-throttle: prevent overflow while calculating wait time
Nam Cao <namcaov@gmail.com>
staging: vt6655: fix potential memory leak
Wei Yongjun <weiyongjun1@huawei.com>
power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
Michael Grzeschik <m.grzeschik@pengutronix.de>
usb: gadget: uvc: increase worker prio to WQ_HIGHPRI
Yicong Yang <yangyicong@hisilicon.com>
iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity
Shigeru Yoshida <syoshida@redhat.com>
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
Letu Ren <fantasquex@gmail.com>
scsi: 3w-9xxx: Avoid disabling device if failing to enable it
Vaishnav Achath <vaishnav.a@ti.com>
dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID
Justin Chen <justinpopo6@gmail.com>
usb: host: xhci-plat: suspend/resume clks for brcm
Justin Chen <justinpopo6@gmail.com>
usb: host: xhci-plat: suspend and resume clocks
Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
RDMA/rxe: Delete error messages triggered by incoming Read requests
Quanyang Wang <quanyang.wang@windriver.com>
clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
Hangyu Hua <hbh25y@gmail.com>
media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc
Zheyu Ma <zheyuma97@gmail.com>
media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
Ian Nam <young.kwan.nam@xilinx.com>
clk: zynqmp: Fix stack-out-of-bounds in strncpy`
Alex Sverdlin <alexander.sverdlin@nokia.com>
ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
Li Huafei <lihuafei1@huawei.com>
ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value
Li Huafei <lihuafei1@huawei.com>
ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack()
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
arm64: dts: uniphier: Add USB-device support for PXs3 reference board
Josef Bacik <josef@toxicpanda.com>
btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure
Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
btrfs: don't print information about space cache or tree every remount
Qu Wenruo <wqu@suse.com>
btrfs: scrub: try to fix super block errors
Qu Wenruo <wqu@suse.com>
btrfs: scrub: properly report super block errors in system log
Qu Wenruo <wqu@suse.com>
btrfs: dump extra info if one free space cache has more bitmaps than it should
Arnd Bergmann <arnd@arndb.de>
ARM: orion: fix include path
Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
Frieder Schrempf <frieder.schrempf@kontron.de>
arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage
Mark Brown <broonie@kernel.org>
kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
Marcel Ziswiler <marcel.ziswiler@toradex.com>
ARM: dts: imx6sx-udoo-neo: don't use multiple blank lines
Marcel Ziswiler <marcel.ziswiler@toradex.com>
ARM: dts: imx6sl: use tabs for code indent
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6sx: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6sll: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6sl: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6qp: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6dl: add missing properties for sram
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6q: add missing properties for sram
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address
Haibo Chen <haibo.chen@nxp.com>
ARM: dts: imx7d-sdb: config the max pressure for tsc2046
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6: delete interrupts property if interrupts-extended is set
Felix Kuehling <Felix.Kuehling@amd.com>
drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
Wenjing Liu <wenjing.liu@amd.com>
drm/amd/display: polling vid stream status in hpo dp blank
Aric Cyr <aric.cyr@amd.com>
drm/amd/display: Remove interface for periodic interrupt 1
Khaled Almahallawy <khaled.almahallawy@intel.com>
drm/dp: Don't rewrite link config when setting phy test pattern
Richard Acayan <mailingradian@gmail.com>
mmc: sdhci-msm: add compatible string check for sdm670
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/meson: remove drm bridges at aggregate driver unbind time
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/meson: explicitly remove aggregate driver at module unload time
Adrián Larumbe <adrian.larumbe@collabora.com>
drm/meson: reorder driver deinit sequence to fix use-after-free bug
Mario Limonciello <mario.limonciello@amd.com>
ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table
Xiaoyan Li <lxy.lixiaoyan@gmail.com>
ASoC: amd: yc: Add ASUS UM5302TA into DMI table
hongao <hongao@uniontech.com>
drm/amdgpu: fix initial connector audio value
Sherry Wang <Yao.Wang1@amd.com>
drm/amd/display: correct hostvm flag
George Shen <george.shen@amd.com>
drm/amd/display: Fix urgent latency override for DCN32/DCN321
Philip Yang <Philip.Yang@amd.com>
drm/amdgpu: SDMA update use unlocked iterator
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: SOF: add quirk to override topology mclk_id
Mikhail Rudenko <mike.rudenko@gmail.com>
ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component
Jairaj Arava <jairaj.arava@intel.com>
ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
Muralidhar Reddy <muralidhar.reddy@intel.com>
ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS
Hans de Goede <hdegoede@redhat.com>
platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
Jorge Lopez <jorge.lopez2@hp.com>
platform/x86: hp-wmi: Setting thermal profile fails with 0x06
Jameson Thies <jthies@google.com>
platform/chrome: cros_ec: Notify the PM of wake events during resume
Maya Matuszczyk <maccraft123mc@gmail.com>
drm: panel-orientation-quirks: Add quirk for Aya Neo Air
Maya Matuszczyk <maccraft123mc@gmail.com>
drm: panel-orientation-quirks: Add quirk for Anbernic Win600
Mateusz Kwiatkowski <kfyatek+publicgit@gmail.com>
drm/vc4: vec: Fix timings for VEC modes
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Register card at the last interface
Yifan Zha <Yifan.Zha@amd.com>
drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF
Yifan Zha <Yifan.Zha@amd.com>
drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0
sunliming <sunliming@kylinos.cn>
drm/amd/display: Fix variable dereferenced before check
Lucas Stach <l.stach@pengutronix.de>
drm: bridge: dw_hdmi: only trigger hotplug event on link change
Bernard Zhao <bernard@vivo.com>
drm/amd: fix potential memory leak
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
platform/x86: pmc_atom: Improve quirk message to be less cryptic
Vivek Kasireddy <vivek.kasireddy@intel.com>
udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
Conner Knox <connerknoxpublic@gmail.com>
ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support
Cezary Rojewski <cezary.rojewski@intel.com>
ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
David Gow <davidgow@google.com>
drm/amd/display: fix overflow on MIN_I64 definition
Zeng Jingxiang <linuszeng@tencent.com>
gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
Liviu Dudau <liviu.dudau@arm.com>
drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook
Javier Martinez Canillas <javierm@redhat.com>
drm: Prevent drm_copy_field() to attempt copying a NULL pointer
Javier Martinez Canillas <javierm@redhat.com>
drm: Use size_t type for len variable in drm_copy_field()
Jianglei Nie <niejianglei2021@163.com>
drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
Andrew Gaul <gaul@gaul.org>
r8152: Rate limit overflow messages
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
i2c: designware-pci: Group AMD NAVI quirk parts together
Xin Liu <liuxin350@huawei.com>
libbpf: Fix overrun in netlink attribute iteration
Kees Cook <keescook@chromium.org>
net: sched: cls_u32: Avoid memcpy() false-positive warning
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: L2CAP: Fix user-after-free
Song Liu <song@kernel.org>
bpf: use bpf_prog_pack for bpf_dispatcher
Jiri Olsa <jolsa@kernel.org>
bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT
Liu Jian <liujian56@huawei.com>
net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
Jason A. Donenfeld <Jason@zx2c4.com>
hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: correctly set BBP register 86 for MT7620
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: set SoC wmac clock register
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: set VGC gain for both chains of MT7620
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
Daniel Golle <daniel@makrotopia.org>
wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
Ziyang Xuan <william.xuanziyang@huawei.com>
can: bcm: check the result of can_send() in bcm_can_tx()
Hou Tao <houtao1@huawei.com>
selftests/bpf: Free the allocated resources after test case succeeds
Vadim Fedorenko <vfedorenko@novek.ru>
bnxt_en: replace reset with config timestamps
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_event: Make sure ISO events don't affect non-ISO connections
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
Po-Hao Huang <phhuang@realtek.com>
wifi: rtw89: fix rx filter after scan
Po-Hao Huang <phhuang@realtek.com>
wifi: rtw89: free unused skb to prevent memory leak
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
Jianglei Nie <niejianglei2021@163.com>
wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()
Patrick Rudolph <patrick.rudolph@9elements.com>
regulator: core: Prevent integer underflow
Kiran K <kiran.k@intel.com>
Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk
Alexander Coffin <alex.coffin@matician.com>
wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
Michal Jaron <michalx.jaron@intel.com>
iavf: Fix race between iavf_close and iavf_reset_task
Sergei Antonov <saproj@gmail.com>
net: ftmac100: fix endianness-related issues from 'sparse'
Zong-Zhe Yang <kevin_yang@realtek.com>
rtw89: ser: leave lps with mutex
Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
wifi: ath11k: Register shutdown handler for WCN6750
Khalid Masum <khalid.masum.92@gmail.com>
xfrm: Update ipcomp_scratches with NULL when freed
Richard Gobert <richardbgobert@gmail.com>
net-next: Fix IP_UNICAST_IF option behavior for connected sockets
Robert Hancock <robert.hancock@calian.com>
net: axienet: Switch to 64-bit RX/TX statistics
Daniel Sneddon <daniel.sneddon@linux.intel.com>
x86/apic: Don't disable x2APIC if locked
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
Jane Chu <jane.chu@oracle.com>
x86/mce: Retrieve poison range from hardware
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: accept STA changes without link changes
Jerry Ray <jerry.ray@microchip.com>
micrel: ksz8851: fixes struct pointer issue
Eric Dumazet <edumazet@google.com>
tcp: annotate data-race around tcp_md5sig_pool_populated
Mike Pattrick <mkp@redhat.com>
openvswitch: Fix overreporting of drops in dropwatch
Mike Pattrick <mkp@redhat.com>
openvswitch: Fix double reporting of drops in dropwatch
Ravi Gunasekaran <r-gunasekaran@ti.com>
net: ethernet: ti: davinci_mdio: Add workaround for errata i2329
Quentin Monnet <quentin@isovalent.com>
bpftool: Clear errno after libcap's checks
Wright Feng <wright.feng@cypress.com>
wifi: brcmfmac: fix invalid address access when enabling SCAN log level
Zong-Zhe Yang <kevin_yang@realtek.com>
wifi: rtw88: phy: fix warning of possible buffer overflow
Hengqi Chen <hengqi.chen@gmail.com>
libbpf: Do not require executable permission for shared libraries
James Hilliard <james.hilliard1@gmail.com>
libbpf: Ensure functions with always_inline attribute are inline
Dai Ngo <dai.ngo@oracle.com>
NFSD: fix use-after-free on source server when doing inter-server copy
Anna Schumaker <Anna.Schumaker@Netapp.com>
NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
Kees Cook <keescook@chromium.org>
x86/entry: Work around Clang __bdos() bug
Mario Limonciello <mario.limonciello@amd.com>
ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable
Kees Cook <keescook@chromium.org>
ARM: decompressor: Include .data.rel.ro.local
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
Chao Qin <chao.qin@intel.com>
powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
Kees Cook <keescook@chromium.org>
MIPS: BCM47XX: Cast memcmp() of function to (void *)
Doug Smythies <dsmythies@telus.net>
cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode
Hans de Goede <hdegoede@redhat.com>
ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address
Kees Cook <keescook@chromium.org>
fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL
Arvid Norlander <lkml@vorpal.se>
ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
Perry Yuan <Perry.Yuan@amd.com>
cpufreq: amd_pstate: fix wrong lowest perf fetch
Paul E. McKenney <paulmck@kernel.org>
rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states
Zqiang <qiang1.zhang@intel.com>
rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
Michal Hocko <mhocko@suse.com>
rcu: Back off upon fill_page_cache_func() allocation failure
Zqiang <qiang1.zhang@intel.com>
rcu: Avoid triggering strict-GP irq-work when RCU is idle
Alexander Aring <aahringo@redhat.com>
fs: dlm: fix race in lowcomms
Aaron Tomlin <atomlin@redhat.com>
module: tracking: Keep a record of tainted unloaded modules only
Christoph Hellwig <hch@lst.de>
ARM/dma-mappіng: don't override ->dma_coherent when set from a bus notifier
Stefan Berger <stefanb@linux.ibm.com>
selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
Zhang Rui <rui.zhang@intel.com>
tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain
Chao Yu <chao@kernel.org>
f2fs: fix to account FS_CP_DATA_IO correctly
Zhang Qilong <zhangqilong3@huawei.com>
f2fs: fix race condition on setting FI_NO_EXTENT flag
Shuai Xue <xueshuai@linux.alibaba.com>
ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
Vincent Knecht <vincent.knecht@mailoo.org>
thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
Jason A. Donenfeld <Jason@zx2c4.com>
random: schedule jitter credit for next jiffy, not in two jiffies
Dan Carpenter <dan.carpenter@oracle.com>
crypto: cavium - prevent integer overflow loading firmware
Dan Carpenter <dan.carpenter@oracle.com>
crypto: marvell/octeontx - prevent integer overflows
Janis Schoetterl-Glausch <scgl@linux.ibm.com>
kbuild: rpm-pkg: fix breakage when V=1 is used
Masahiro Yamada <masahiroy@kernel.org>
linux/export: use inline assembler to populate symbol CRCs
Masahiro Yamada <masahiroy@kernel.org>
kbuild: remove the target in signal traps when interrupted
Song Liu <song@kernel.org>
ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller
Nico Pache <npache@redhat.com>
tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads
Yipeng Zou <zouyipeng@huawei.com>
tracing: kprobe: Make gen test module work in arm and riscv
Yipeng Zou <zouyipeng@huawei.com>
tracing: kprobe: Fix kprobe event gen test module on exit
Robin Murphy <robin.murphy@arm.com>
iommu/iova: Fix module config properly
Enzo Matsumiya <ematsumiya@suse.de>
cifs: return correct error in ->calc_signature()
Lin Yujun <linyujun809@huawei.com>
clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe
Kunkun Jiang <jiangkunkun@huawei.com>
clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921
Damian Muszynski <damian.muszynski@intel.com>
crypto: qat - fix DMA transfer direction
Peter Harliman Liem <pliem@maxlinear.com>
crypto: inside-secure - Change swab to swab32
Koba Ko <koba.ko@canonical.com>
crypto: ccp - Release dma channels before dmaengine unrgister
Ignat Korchagin <ignat@cloudflare.com>
crypto: akcipher - default implementation for setting a private key
Dan Carpenter <dan.carpenter@oracle.com>
iommu/omap: Fix buffer overflow in debugfs
Waiman Long <longman@redhat.com>
cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
Weili Qian <qianweili@huawei.com>
crypto: hisilicon/qm - fix missing put dfx access
Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
crypto: qat - fix default value of WDT timer
Kshitiz Varshney <kshitiz.varshney@nxp.com>
hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()
Martin Kaiser <martin@kaiser.cx>
hwrng: imx-rngc - use devm_clk_get_enabled
Michal Koutný <mkoutny@suse.com>
cgroup: Honor caller's cgroup NS when resolving path
Jacky Li <jackyli@google.com>
crypto: ccp - Fail the PSP initialization when writing psp data file failed
James Cowgill <james.cowgill@blaize.com>
hwrng: arm-smccc-trng - fix NO_ENTROPY handling
Ye Weihua <yeweihua4@huawei.com>
crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
Zhengchao Shao <shaozhengchao@huawei.com>
crypto: sahara - don't sleep when in softirq
Haren Myneni <haren@linux.ibm.com>
powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
Li Huafei <lihuafei1@huawei.com>
powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()
Pali Rohár <pali@kernel.org>
powerpc: Fix SPE Power ISA properties for e500v1 platforms
Nicholas Piggin <npiggin@gmail.com>
powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending
Nicholas Piggin <npiggin@gmail.com>
powerpc/64: mark irqs hard disabled in boot paca
Nicholas Piggin <npiggin@gmail.com>
powerpc/64/interrupt: Fix false warning in context tracking due to idle state
Nicholas Piggin <npiggin@gmail.com>
powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
Vitaly Kuznetsov <vkuznets@redhat.com>
x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
Rohan McLure <rmclure@linux.ibm.com>
powerpc: Fix fallocate and fadvise64_64 compat parameter combination
Pali Rohár <pali@kernel.org>
powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes
Pali Rohár <pali@kernel.org>
powerpc: dts: turris1x.dts: Fix NOR partitions labels
Anup Patel <apatel@ventanamicro.com>
cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage
Zheng Yongjun <zhengyongjun3@huawei.com>
powerpc/powernv: add missing of_node_put() in opal_export_attrs()
Liang He <windhl@126.com>
powerpc/pci_dn: Add missing of_node_put()
Liang He <windhl@126.com>
powerpc/sysdev/fsl_msi: Add missing of_node_put()
Nathan Chancellor <nathan@kernel.org>
powerpc/math_emu/efp: Include module.h
Michael Ellerman <mpe@ellerman.id.au>
powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig
Hangyu Hua <hbh25y@gmail.com>
ipc: mqueue: fix possible memory leak in init_mqueue_fs()
Jack Wang <jinpu.wang@ionos.com>
mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
Conor Dooley <conor.dooley@microchip.com>
mailbox: mpfs: account for mbox offsets while sending
Conor Dooley <conor.dooley@microchip.com>
mailbox: mpfs: fix handling of the reg property
Peng Fan <peng.fan@nxp.com>
mailbox: imx: fix RST channel support
Joel Stanley <joel@jms.id.au>
clk: ast2600: BCLK comes from EPLL
Miaoqian Lin <linmq006@gmail.com>
clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
Liang He <windhl@126.com>
clk: ti: Balance of_node_get() calls for of_find_node_by_name()
Lin Yujun <linyujun809@huawei.com>
clk: imx: scu: fix memleak on platform_device_add() fails
Peng Fan <peng.fan@nxp.com>
clk: imx8mp: tune the order of enet_qos_root_clk
Stefan Wahren <stefan.wahren@i2se.com>
clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
Maxime Ripard <maxime@cerno.tech>
clk: bcm2835: Make peripheral PLLC critical
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: baikal-t1: Add SATA internal ref clock buffer
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: baikal-t1: Fix invalid xGMAC PTP clock divider
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
David Collins <collinsd@codeaurora.org>
spmi: pmic-arb: correct duplicate APID to PPID mapping logic
Chunfeng Yun <chunfeng.yun@mediatek.com>
usb: mtu3: fix failed runtime suspend in host only mode
Basavaraj Natikar <Basavaraj.Natikar@amd.com>
HID: amd_sfh: Handle condition of "no sensors" for SFH1.1
Dave Jiang <dave.jiang@intel.com>
dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
Jens Axboe <axboe@kernel.dk>
io_uring/rw: defer fsnotify calls to task context
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY
Chen-Yu Tsai <wenst@chromium.org>
clk: mediatek: Migrate remaining clk_unregister_*() to clk_hw_unregister_*()
Chen-Yu Tsai <wenst@chromium.org>
clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes
Chen-Yu Tsai <wenst@chromium.org>
clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
Jens Hillenstedt <jens.hillenstedt@ise.de>
mfd: da9061: Fix Failed to set Two-Wire Bus Mode.
Jiasheng Jiang <jiasheng@iscas.ac.cn>
mfd: sm501: Add check for platform_driver_register()
Dan Carpenter <dan.carpenter@oracle.com>
mfd: fsl-imx25: Fix check for platform_get_irq() errors
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: lp8788: Fix an error handling path in lp8788_probe()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
fsi: core: Check error number after calling ida_simple_get
Bob Pearson <rpearsonhpe@gmail.com>
RDMA/rxe: Fix resize_finish() in rxe_queue.c
Bob Pearson <rpearsonhpe@gmail.com>
RDMA/rxe: Set pd early in mr alloc routines
Christoph Hellwig <hch@lst.de>
nvmet-auth: don't try to cancel a non-initialized work_struct
Adam Skladowski <a_skl39@protonmail.com>
clk: qcom: gcc-sm6115: Override default Alpha PLL regs
Robert Marko <robimarko@gmail.com>
clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
Mike Christie <michael.christie@oracle.com>
scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
John Garry <john.garry@huawei.com>
scsi: pm8001: Fix running_req for internal abort commands
Duoming Zhou <duoming@zju.edu.cn>
scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
Pali Rohár <pali@kernel.org>
serial: 8250: Fix restoring termios speed after suspend
Guilherme G. Piccoli <gpiccoli@igalia.com>
firmware: google: Test spinlock on panic path to avoid lockups
Lin Yujun <linyujun809@huawei.com>
slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register
Nam Cao <namcaov@gmail.com>
staging: vt6655: fix some erroneous memory clean-up loops
Dongliang Mu <mudongliangabcd@gmail.com>
phy: qualcomm: call clk_disable_unprepare in the error handling
Sherry Sun <sherry.sun@nxp.com>
tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250: Toggle IER bits on only after irq has been set up
Dan Carpenter <dan.carpenter@oracle.com>
drivers: serial: jsm: fix some leaks in probe
Dan Carpenter <dan.carpenter@oracle.com>
usb: dwc3: core: fix some leaks in probe
Liang He <windhl@126.com>
usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name()
Albert Briscoe <albertsbriscoe@gmail.com>
usb: gadget: function: fix dangling pnp_string in f_printer.c
Mario Limonciello <mario.limonciello@amd.com>
xhci: Don't show warning for reinit on known broken suspend
Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
Mark Zhang <markzhang@nvidia.com>
RDMA/cm: Use SLID in the work completion as the DLID in responder side
Logan Gunthorpe <logang@deltatee.com>
md: Remove extra mddev_get() in md_seq_start()
David Sloan <david.sloan@eideticom.com>
md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
Logan Gunthorpe <logang@deltatee.com>
md/raid5: Ensure stripe_fill happens on non-read IO with journal
Saurabh Sengar <ssengar@linux.microsoft.com>
md: Replace snprintf with scnprintf
Jens Axboe <axboe@kernel.dk>
io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128
Dylan Yudaken <dylany@fb.com>
eventfd: guard wake_up in eventfd fs calls as well
Bart Van Assche <bvanassche@acm.org>
block: Fix the enum blk_eh_timer_return documentation
Dan Carpenter <dan.carpenter@oracle.com>
mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_has_dipm()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_has_ncq_autosense()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_has_devslp()
Niklas Cassel <niklas.cassel@wdc.com>
ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
Bernard Metzler <bmt@zurich.ibm.com>
RDMA/siw: Fix QP destroy to wait for all references dropped.
Bernard Metzler <bmt@zurich.ibm.com>
RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
Bart Van Assche <bvanassche@acm.org>
RDMA/srp: Fix srp_abort()
Shiraz Saleem <shiraz.saleem@intel.com>
RDMA/irdma: Validate udata inlen and outlen
Sindhu-Devale <sindhu.devale@intel.com>
RDMA/irdma: Align AE id codes to correct flush code and event
Pali Rohár <pali@kernel.org>
mtd: rawnand: fsl_elbc: Fix none ECC mode
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
mtd: rawnand: intel: Remove undocumented compatible string
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
mtd: rawnand: intel: Read the chip-select line from the correct OF node
Chunfeng Yun <chunfeng.yun@mediatek.com>
phy: phy-mtk-tphy: fix the phy type setting issue
Liang He <windhl@126.com>
phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent()
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp-usb: fix memleak on probe deferral
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp-ufs: fix memleak on probe deferral
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp-combo: fix memleak on probe deferral
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp-pcie-msm8996: fix memleak on probe deferral
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp-pcie: fix memleak on probe deferral
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp-pcie: add pcs_misc sanity check
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp-usb: disable runtime PM on unbind
Dan Carpenter <dan.carpenter@oracle.com>
remoteproc: Harden rproc_handle_vdev() against integer overflow
William Dean <williamsukatube@gmail.com>
mtd: devices: docg3: check the return value of devm_ioremap() in the probe
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix various issues reported by tools
Dang Huynh <danct12@riseup.net>
clk: qcom: sm6115: Select QCOM_GDSC
Jan Kara <jack@suse.cz>
sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up()
Jim Cromie <jim.cromie@gmail.com>
dyndbg: drop EXPORTed dynamic_debug_exec_queries
Jim Cromie <jim.cromie@gmail.com>
dyndbg: let query-modname override actual module name
Jim Cromie <jim.cromie@gmail.com>
dyndbg: fix module.dyndbg handling
Jim Cromie <jim.cromie@gmail.com>
dyndbg: fix static_branch manipulation
Dan Carpenter <dan.carpenter@oracle.com>
usb: gadget: f_fs: stricter integer overflow checks
Vincent Whitchurch <vincent.whitchurch@axis.com>
iio: Use per-device lockdep class for mlock
Jie Hai <haijie1@huawei.com>
dmaengine: hisilicon: Add multi-thread support for a DMA channel
Jie Hai <haijie1@huawei.com>
dmaengine: hisilicon: Fix CQ head update
Jie Hai <haijie1@huawei.com>
dmaengine: hisilicon: Disable channels when unregister hisi_dma
Jerry Snitselaar <jsnitsel@redhat.com>
dmaengine: idxd: avoid deadlock in process_misc_interrupts()
Peter Geis <pgwipeout@gmail.com>
phy: rockchip-inno-usb2: Return zero after otg sync
Dan Carpenter <dan.carpenter@oracle.com>
fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
Matthew Gerlach <matthew.gerlach@linux.intel.com>
fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards
Hangyu Hua <hbh25y@gmail.com>
misc: ocxl: fix possible refcount leak in afu_ioctl()
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintf's parent
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intf's parent
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix the error caused by qp->sk
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix "kernel NULL pointer dereference" error
Miaoqian Lin <linmq006@gmail.com>
media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
Yunke Cao <yunkec@google.com>
media: uvcvideo: Use entity get_cur in uvc_ctrl_set
José Expósito <jose.exposito89@gmail.com>
media: uvcvideo: Fix memory leak in uvc_gpio_parse
Xu Qiang <xuqiang36@huawei.com>
media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start()
Ming Qian <ming.qian@nxp.com>
media: amphion: fix a bug that vpu core may not resume after suspend
Ming Qian <ming.qian@nxp.com>
media: amphion: don't change the colorspace reported by decoder.
Ming Qian <ming.qian@nxp.com>
media: amphion: adjust the encoder's value range of gop size
Ming Qian <ming.qian@nxp.com>
media: amphion: insert picture startcode after seek for vc1g format
Hirokazu Honda <hiroh@chromium.org>
media: mediatek: vcodec: Skip non CBR bitrate mode
Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
tty: xilinx_uartps: Fix the ignore_status
Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
tty: xilinx_uartps: Check clk_enable return value
Dongliang Mu <mudongliangabcd@gmail.com>
media: airspy: fix memory leak in airspy probe
Liang He <windhl@126.com>
media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
Marijn Suijten <marijn.suijten@somainline.org>
clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock
Jack Wang <jinpu.wang@ionos.com>
HSI: omap_ssi_port: Fix dma_map_sg error check
Miaoqian Lin <linmq006@gmail.com>
HSI: omap_ssi: Fix refcount leak in ssi_probe
José Expósito <jose.exposito89@gmail.com>
HID: uclogic: Fix warning in uclogic_rdesc_template_apply
José Expósito <jose.exposito89@gmail.com>
HID: uclogic: Add missing suffix for digitalizers
Yu Kuai <yukuai3@huawei.com>
sbitmap: fix possible io hung due to lost wakeup
Chanho Park <chanho61.park@samsung.com>
clk: samsung: exynosautov9: correct register offsets of peric0/c1
Miaoqian Lin <linmq006@gmail.com>
clk: tegra20: Fix refcount leak in tegra20_clock_init
Miaoqian Lin <linmq006@gmail.com>
clk: tegra: Fix refcount leak in tegra114_clock_init
Miaoqian Lin <linmq006@gmail.com>
clk: tegra: Fix refcount leak in tegra210_clock_init
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
coresight: docs: Fix a broken reference
Liang He <windhl@126.com>
clk: sprd: Hold reference returned by of_get_parent()
Liang He <windhl@126.com>
clk: berlin: Add of_node_put() for of_get_parent()
Liang He <windhl@126.com>
clk: qoriq: Hold reference returned by of_get_parent()
Liang He <windhl@126.com>
clk: oxnas: Hold reference returned by of_get_parent()
Liang He <windhl@126.com>
clk: st: Hold reference returned by of_get_parent()
Liang He <windhl@126.com>
clk: meson: Hold reference returned by of_get_parent()
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: common: debug: Check non-standard control requests
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
usb: common: usb-conn-gpio: Simplify some error message
Aharon Landau <aharonl@nvidia.com>
RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey
Jakob Hauser <jahau@rocketmail.com>
iio: magnetometer: yas530: Change data type of hard_offsets to signed
Jonathan Cameron <Jonathan.Cameron@huawei.com>
iio: ABI: Fix wrong format of differential capacitance channel ABI.
Nuno Sá <nuno.sa@analog.com>
iio: inkern: fix return value in devm_of_iio_channel_get_by_name()
Nuno Sá <nuno.sa@analog.com>
iio: inkern: only release the device node when done with it
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: check return status for pressure and touch
Claudiu Beznea <claudiu.beznea@microchip.com>
iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
Zhao Gongyi <zhaogongyi@huawei.com>
selftests/cpu-hotplug: Reserve one cpu online at least
Zhao Gongyi <zhaogongyi@huawei.com>
selftests/cpu-hotplug: Delete fault injection related code
Zhao Gongyi <zhaogongyi@huawei.com>
selftests/cpu-hotplug: Use return instead of exit
Darrick J. Wong <djwong@kernel.org>
iomap: iomap: fix memory corruption when recording errors during writeback
Dmitry Torokhov <dmitry.torokhov@gmail.com>
ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
Dmitry Torokhov <dmitry.torokhov@gmail.com>
arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2
Mark Rutland <mark.rutland@arm.com>
arm64: ftrace: fix module PLTs with mcount
Josh Triplett <josh@joshtriplett.org>
ext4: don't run ext4lazyinit for read-only filesystems
Jerry Lee 李修賢 <jerrylee@qnap.com>
ext4: continue to expand file system when the target size doesn't reach
Geert Uytterhoeven <geert+renesas@glider.be>
ARM: Drop CMDLINE_* dependency on ATAGS
Dmitry Torokhov <dmitry.torokhov@gmail.com>
ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
Matt Ranostay <mranostay@ti.com>
arm64: dts: ti: k3-j7200: fix main pinmux range
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sm8450: fix UFS PHY serdes size
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
Dmitry Osipenko <digetx@gmail.com>
soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
Liang He <windhl@126.com>
soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sm8350-sagami: correct TS pin property
Randy Dunlap <rdunlap@infradead.org>
ia64: export memory_add_physaddr_to_nid to fix cxl build error
Bhupesh Sharma <bhupesh.sharma@linaro.org>
arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node
Chris Packham <chris.packham@alliedtelesis.co.nz>
arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios
Michael Walle <michael@walle.cc>
ARM: dts: kirkwood: lsxl: remove first ethernet port
Michael Walle <michael@walle.cc>
ARM: dts: kirkwood: lsxl: fix serial line
Marek Behún <kabel@kernel.org>
ARM: dts: turris-omnia: Fix mpp26 pin name and comment
Stephen Boyd <swboyd@chromium.org>
arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
arm64: dts: qcom: pm8350c: Drop PWM reg declaration
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sa8295p-adp: disallow regulator mode switches
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: disallow regulator mode switches
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches
Satya Priya <quic_c_skakit@quicinc.com>
arm64: dts: qcom: sc7280: Update lpasscore node
Satya Priya <quic_c_skakit@quicinc.com>
arm64: dts: qcom: sc7280: Cleanup the lpasscc node
Geert Uytterhoeven <geert+renesas@glider.be>
arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl
Chanho Park <chanho61.park@samsung.com>
dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1
Biju Das <biju.das.jz@bp.renesas.com>
arm64: dts: renesas: r9a07g043: Fix SCI{Rx,Tx} interrupt types
Biju Das <biju.das.jz@bp.renesas.com>
arm64: dts: renesas: r9a07g054: Fix SCI{Rx,Tx} interrupt types
Biju Das <biju.das.jz@bp.renesas.com>
arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types
Lucas Stach <l.stach@pengutronix.de>
ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus
Liang He <windhl@126.com>
soc: qcom: smem_state: Add refcounting for the 'state->of_node'
Liang He <windhl@126.com>
soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
Amir Goldstein <amir73il@gmail.com>
locks: fix TOCTOU race when granting write lease
Liang He <windhl@126.com>
memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
Liang He <windhl@126.com>
memory: of: Fix refcount leak bug in of_get_ddr_timings()
Liang He <windhl@126.com>
memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
Takashi Iwai <tiwai@suse.de>
ALSA: hda/hdmi: Don't skip notification handling during PM operation
Judy Hsiao <judyhsiao@chromium.org>
ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()"
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
Andreas Pape <apape@de.adit-jv.com>
ALSA: dmaengine: increment buffer pointer atomically
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
ASoC: codecs: tx-macro: fix kcontrol put
Dan Carpenter <dan.carpenter@oracle.com>
virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create()
Rafael Mendonca <rafaelmendsr@gmail.com>
drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup()
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Properly refcounting clock rate
Jaroslav Kysela <perex@perex.cz>
ALSA: hda/hdmi: Fix the converter allocation for the silent stream
Jaroslav Kysela <perex@perex.cz>
ALSA: hda/hdmi: change type for the 'assigned' variable
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices
Liang He <windhl@126.com>
ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
Judy Hsiao <judyhsiao@chromium.org>
ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR
Rafael Mendonca <rafaelmendsr@gmail.com>
drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
Liang He <windhl@126.com>
drm/omap: dss: Fix refcount leak bugs
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF
Gerd Hoffmann <kraxel@redhat.com>
drm/bochs: fix blanking
Chia-I Wu <olvaffe@gmail.com>
drm/virtio: set fb_modifiers_not_supported
Takashi Iwai <tiwai@suse.de>
ALSA: hda: beep: Simplify keep-power-at-enable behavior
Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
ASoC: wm_adsp: Handle optional legacy support
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: rsnd: Add check for rsnd_mod_power_on
Pin-yen Lin <treapking@chromium.org>
drm/bridge: it6505: Fix the order of DP_SET_POWER commands
Zheyu Ma <zheyuma97@gmail.com>
drm/bridge: megachips: Fix a null pointer dereference bug
Yang Yingliang <yangyingliang@huawei.com>
drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume()
Prashant Malani <pmalani@chromium.org>
platform/chrome: cros_ec_typec: Correct alt mode index
Prashant Malani <pmalani@chromium.org>
platform/chrome: cros_ec_typec: Add bit offset for DP VDO
Randy Dunlap <rdunlap@infradead.org>
drm: fix drm_mipi_dbi build errors
Randy Dunlap <rdunlap@infradead.org>
drm/panel: use 'select' for Ili9341 panel driver helpers
Hans de Goede <hdegoede@redhat.com>
platform/x86: msi-laptop: Fix resource cleanup
Hans de Goede <hdegoede@redhat.com>
platform/x86: msi-laptop: Fix old-ec check for backlight registering
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2764: Fix mute/unmute
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2764: Drop conflicting set_bias_level power setting
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2764: Allow mono streams
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close()
Rob Clark <robdclark@chromium.org>
drm/virtio: Fix same-context optimization
Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
drm/i915/dg2: Bump up CDCLK for DG2
Dan Carpenter <dan.carpenter@oracle.com>
platform/chrome: fix memory corruption in ioctl
Rustam Subkhankulov <subkhankulov@ispras.ru>
platform/chrome: fix double-free in chromeos_laptop_prepare()
Javier Martinez Canillas <javierm@redhat.com>
drm/msm: Make .remove and .shutdown HW shutdown consistent
Yang Yingliang <yangyingliang@huawei.com>
ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe()
Dan Carpenter <dan.carpenter@oracle.com>
ASoC: mt6359: fix tests for platform_get_irq() failure
Liang He <windhl@126.com>
drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node()
Simon Ser <contact@emersion.fr>
drm/dp_mst: fix drm_dp_dpcd_read return value checks
José Expósito <jose.exposito89@gmail.com>
drm/format-helper: Fix test on big endian architectures
Chen-Yu Tsai <wenst@chromium.org>
drm/bridge: parade-ps8640: Fix regulator supply order
Liang He <windhl@126.com>
drm/bridge: tc358767: Add of_node_put() when breaking out of loop
Liang He <windhl@126.com>
drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt()
Dmitry Osipenko <dmitry.osipenko@collabora.com>
drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
Thomas Zimmermann <tzimmermann@suse.de>
video/aperture: Disable and unregister sysfb devices via aperture helpers
Pin-Yen Lin <treapking@chromium.org>
drm/bridge: it6505: Power on downstream device in .atomic_enable
Maxime Ripard <maxime@cerno.tech>
drm/vc4: drv: Call component_unbind_all()
Maxime Ripard <maxime@cerno.tech>
drm/mipi-dsi: Detach devices when removing the host
Dan Carpenter <dan.carpenter@oracle.com>
drm/bridge: Avoid uninitialized variable warning
Alvin Šipraga <alsi@bang-olufsen.dk>
drm: bridge: adv7511: unregister cec i2c device after cec adapter
Alvin Šipraga <alsi@bang-olufsen.dk>
drm: bridge: adv7511: fix CEC power down control register offset
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: mvpp2: fix mvpp2 debugfs leak
Eric Dumazet <edumazet@google.com>
once: add DO_ONCE_SLOW() for sleepable contexts
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
net/ieee802154: reject zero-sized raw_sendmsg()
Maxim Mikityanskiy <maxtram95@gmail.com>
net: wwan: iosm: Call mutex_init before locking it
Zheng Wang <zyytlz.wz@163.com>
eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address
Jianglei Nie <niejianglei2021@163.com>
bnx2x: fix potential memory leak in bnx2x_tpa_stop()
Raju Lakkaraju <Raju.Lakkaraju@microchip.com>
eth: lan743x: reject extts for non-pci11x1x devices
Jiasheng Jiang <jiasheng@iscas.ac.cn>
net: prestera: acl: Add check for kmemdup
Kuniyuki Iwashima <kuniyu@amazon.com>
af_unix: Fix memory leaks of the whole sk due to OOB skb.
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
Oleksandr Shamray <oleksandrs@nvidia.com>
hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_sync: Fix not indicating power state
Marek Szyprowski <m.szyprowski@samsung.com>
spi: Ensure that sg_table won't be used after being freed
Neal Cardwell <ncardwell@google.com>
tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
Xin Long <lucien.xin@gmail.com>
sctp: handle the error returned from sctp_auth_asoc_init_active_key
Duoming Zhou <duoming@zju.edu.cn>
mISDN: fix use-after-free bugs in l1oip timer handlers
Jakub Kicinski <kuba@kernel.org>
eth: alx: take rtnl_lock on resume
Junichi Uekawa <uekawa@chromium.org>
vhost/vsock: Use kvmalloc/kvfree for larger packets.
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: gen2: Enable 40 MHz channel width
Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Bluetooth: Prevent double register of suspend
Vincent Whitchurch <vincent.whitchurch@axis.com>
spi: s3c64xx: Fix large transfers with DMA
Phil Sutter <phil@nwl.cc>
netfilter: nft_fib: Fix for rpath check with VRF devices
Liu Jian <liujian56@huawei.com>
xfrm: Reinject transport-mode packets through workqueue
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_core: Fix not handling link timeouts propertly
Asmaa Mnebhi <asmaa@nvidia.com>
i2c: mlxbf: support lock mechanism
Andrii Nakryiko <andrii@kernel.org>
libbpf: Don't require full struct enum64 in UAPI headers
Xiaomeng Tong <xiam0nd.tong@gmail.com>
cw1200: fix incorrect check to determine if no element is found in list
Liu Jian <liujian56@huawei.com>
skmsg: Schedule psock work if the cached skb exists on the psock
Zhang Qilong <zhangqilong3@huawei.com>
spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
Zhang Qilong <zhangqilong3@huawei.com>
spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
Zhang Qilong <zhangqilong3@huawei.com>
spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe
Luciano Leão <lucianorsleao@gmail.com>
x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
Christian Marangi <ansuelsmth@gmail.com>
wifi: ath11k: fix peer addition/deletion error on sta band migration
Andrii Nakryiko <andrii@kernel.org>
libbpf: restore memory layout of bpf_object_open_opts
Kees Cook <keescook@chromium.org>
x86/microcode/AMD: Track patch allocation size explicitly
Arınç ÜNAL <arinc.unal@arinc9.com>
mips: dts: ralink: mt7621: fix external phy on GB-PC2
Jesus Fernandez Manzano <jesus.manzano@galgus.net>
wifi: ath11k: fix number of VHT beamformee spatial streams
Wen Gong <quic_wgong@quicinc.com>
wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected
Duoming Zhou <duoming@zju.edu.cn>
mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
Qingqing Yang <qingqing.yang@broadcom.com>
flow_dissector: Do not count vlan tags inside tunnel payload
Pu Lehui <pulehui@huawei.com>
selftests/bpf: Adapt cgroup effective query uapi change
Pu Lehui <pulehui@huawei.com>
bpftool: Fix wrong cgroup attach flags being assigned to effective progs
Pu Lehui <pulehui@huawei.com>
bpf, cgroup: Reject prog_attach_flags array when effective query
Antoine Tenart <atenart@kernel.org>
netfilter: conntrack: revisit the gc initial rescheduling bias
Antoine Tenart <atenart@kernel.org>
netfilter: conntrack: fix the gc rescheduling delay
Xin Liu <liuxin350@huawei.com>
libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
Baochen Qiang <quic_bqiang@quicinc.com>
wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default
Andrii Nakryiko <andrii@kernel.org>
libbpf: Fix crash if SEC("freplace") programs don't have attach_prog_fd set
Lee Jones <lee@kernel.org>
bpf: Ensure correct locking around vulnerable function find_vpid()
Zheng Yongjun <zhengyongjun3@huawei.com>
net: fs_enet: Fix wrong check in do_pd_setup
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release
Deren Wu <deren.wu@mediatek.com>
wifi: mt76: mt7921e: fix rmmod crash in driver reload test
Howard Hsu <howard-yh.hsu@mediatek.com>
wifi: mt76: mt7915: do not check state before configuring implicit beamform
Lorenzo Bianconi <lorenzo@kernel.org>
wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx
Howard Hsu <howard-yh.hsu@mediatek.com>
wifi: mt76: mt7915: fix mcs value in ht mode
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: mt7921: fix the firmware version report
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap
Lorenzo Bianconi <lorenzo@kernel.org>
wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv
Lorenzo Bianconi <lorenzo@kernel.org>
wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup
Lorenzo Bianconi <lorenzo@kernel.org>
wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload
YN Chen <yn.chen@mediatek.com>
wifi: mt76: sdio: fix transmitting packet hangs
Dan Carpenter <dan.carpenter@oracle.com>
wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
Dan Carpenter <dan.carpenter@oracle.com>
wifi: mt76: mt7915: fix an uninitialized variable bug
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: sdio: poll sta stat when device transmits data
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: mt7921u: fix race issue between reset and suspend/resume
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: mt7921s: fix race issue between reset and suspend/resume
Sean Wang <sean.wang@mediatek.com>
wifi: mt76: mt7921e: fix race issue between reset and suspend/resume
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
Lorenz Bauer <oss@lmb.io>
bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
Neil Armstrong <neil.armstrong@linaro.org>
spi: meson-spicc: do not rely on busy flag in pow2 clk ops
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtl8xxxu: Fix skb misuse in TX queue selection
Xu Qiang <xuqiang36@huawei.com>
spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
Xu Qiang <xuqiang36@huawei.com>
spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: mlme: assign link address correctly
Ian Rogers <irogers@google.com>
selftests/xsk: Avoid use-after-free on ctx
Yang Yingliang <yangyingliang@huawei.com>
wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init()
Dan Carpenter <dan.carpenter@oracle.com>
wifi: wfx: prevent underflow in wfx_send_pds()
Dan Carpenter <dan.carpenter@oracle.com>
wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
Ping-Ke Shih <pkshih@realtek.com>
wifi: rtw89: pci: correct TX resource checking in low power mode
Ping-Ke Shih <pkshih@realtek.com>
wifi: rtw89: pci: fix interrupt stuck after leaving low power mode
Hou Tao <houtao1@huawei.com>
bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on
Sean Wang <sean.wang@mediatek.com>
Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
Hou Tao <houtao1@huawei.com>
bpf: Use this_cpu_{inc_return|dec} for prog->active
Hou Tao <houtao1@huawei.com>
bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy
Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
wifi: ath11k: Fix incorrect QMI message ID mappings
Hou Tao <houtao1@huawei.com>
bpf: Propagate error from htab_lock_bucket() to userspace
Hou Tao <houtao1@huawei.com>
bpf: Disable preemption when increasing per-cpu map_locked
Maciej Fijalkowski <maciej.fijalkowski@intel.com>
selftests/xsk: Add missing close() on netns fd
Maciej Fijalkowski <maciej.fijalkowski@intel.com>
xsk: Fix backpressure mechanism on Tx
Kohei Tarumizu <tarumizu.kohei@fujitsu.com>
x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
spi: mt7621: Fix an error message in mt7621_spi_probe()
Sabrina Dubroca <sd@queasysnail.net>
esp: choose the correct inner protocol for GSO on inter address family tunnels
Richard Guy Briggs <rgb@redhat.com>
audit: free audit_proctitle only on task exit
Richard Guy Briggs <rgb@redhat.com>
audit: explicitly check audit_context->context enum value
Jacob Keller <jacob.e.keller@intel.com>
ice: set tx_tstamps when creating new Tx rings via ethtool
Lam Thai <lamthai@arista.com>
bpftool: Fix a wrong type cast in btf_dumper_int
Hari Chandrakanthan <quic_haric@quicinc.com>
wifi: mac80211: allow bw change during channel switch in mesh
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211_hwsim: fix link change handling
Mordechay Goodstein <mordechay.goodstein@intel.com>
wifi: mac80211: mlme: don't add empty EML capabilities
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: fix use-after-free
Shaul Triebitz <shaul.triebitz@intel.com>
wifi: cfg80211: get correct AP link chandef
Shaul Triebitz <shaul.triebitz@intel.com>
wifi: mac80211: properly set old_links when removing a link
Kumar Kartikeya Dwivedi <memxor@gmail.com>
bpf: Fix reference state management for synchronous callbacks
Maksym Glubokiy <maksym.glubokiy@plvision.eu>
net: prestera: cache port state for non-phylink ports too
Gerhard Engleder <gerhard@engleder-embedded.com>
tsnep: Fix TSNEP_INFO_TX_TIME register define
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
leds: lm3601x: Don't use mutex after it was destroyed
Joanne Koong <joannelkoong@gmail.com>
bpf: Fix ref_obj_id for dynptr data slices in verifier
Dave Marchevsky <davemarchevsky@fb.com>
bpf: Cleanup check_refcount_ok
Wen Gong <quic_wgong@quicinc.com>
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
Youghandhar Chintala <quic_youghand@quicinc.com>
wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices
Ping-Ke Shih <pkshih@realtek.com>
wifi: rtlwifi: 8192de: correct checking of IQK reload
Florian Fainelli <f.fainelli@gmail.com>
libbpf: Initialize err in probe_map_create
Jason A. Donenfeld <Jason@zx2c4.com>
m68k: Process bootinfo records before saving them
Bill Wendling <morbo@google.com>
x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled
Chuck Lever <chuck.lever@oracle.com>
NFSD: Fix handling of oversized NFSv4 COMPOUND requests
Chuck Lever <chuck.lever@oracle.com>
NFSD: Protect against send buffer overflow in NFSv2 READDIR
Chuck Lever <chuck.lever@oracle.com>
SUNRPC: Fix svcxdr_init_encode's buflen calculation
Chuck Lever <chuck.lever@oracle.com>
SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
nfsd: Fix a memory leak in an error handling path
Sami Tolvanen <samitolvanen@google.com>
objtool: Preserve special st_shndx indexes in elf_update_symbol
Huisong Li <lihuisong@huawei.com>
ACPI: PCC: Fix Tx acknowledge in the PCC address space handler
Huisong Li <lihuisong@huawei.com>
ACPI: PCC: replace wait_for_completion()
Rafael Mendonca <rafaelmendsr@gmail.com>
ACPI: PCC: Release resources on address space setup failure path
Wang Kefeng <wangkefeng.wang@huawei.com>
ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
Wang Kefeng <wangkefeng.wang@huawei.com>
ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
Bart Van Assche <bvanassche@acm.org>
ARM: 9243/1: riscpc: Unbreak the build
Jia Zhu <zhujia.zj@bytedance.com>
erofs: use kill_anon_super() to kill super in fscache mode
Gao Xiang <xiang@kernel.org>
erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
Lin Yujun <linyujun809@huawei.com>
MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
Lin Yujun <linyujun809@huawei.com>
MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create()
Kees Cook <keescook@chromium.org>
sh: machvec: Use char[] for section boundaries
Perry Yuan <Perry.Yuan@amd.com>
cpufreq: amd-pstate: Fix initial highest_perf value
Xuewen Yan <xuewen.yan@unisoc.com>
thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register()
Christian Brauner <brauner@kernel.org>
acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
Christian Brauner <brauner@kernel.org>
ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
Ondrej Mosnacek <omosnace@redhat.com>
userfaultfd: open userfaultfds with O_RDONLY
Mimi Zohar <zohar@linux.ibm.com>
ima: fix blocking of security.ima xattrs of unsupported algorithms
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
selinux: use "grep -E" instead of "egrep"
Steve French <stfrench@microsoft.com>
smb3: must initialize two ACL struct fields to zero
Ruili Ji <ruiliji2@amd.com>
drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd
Sonny Jiang <sonny.jiang@amd.com>
drm/amdgpu: Enable VCN PG on GC11_0_1
Shirish S <shirish.s@amd.com>
drm/amd/display: explicitly disable psr_feature_enable appropriately
Aurabindo Pillai <aurabindo.pillai@amd.com>
drm/amd/display: Add HUBP surface flip interrupt handler
Yunxiang Li <Yunxiang.Li@amd.com>
drm/amd/display: Fix vblank refcount in vrr transition
Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
drm/amd/display: Enable 2 to 1 ODM policy if supported
Roman Li <roman.li@amd.com>
drm/amd/display: Enable dpia support for dcn314
Fangzhi Zuo <Jerry.Zuo@amd.com>
drm/amd/display: Validate DSC After Enable All New CRTCs
Martin Leung <Martin.Leung@amd.com>
drm/amd/display: zeromem mypipe heap struct before using it
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Update PMFW z-state interface for DCN314
Alvin Lee <Alvin.Lee2@amd.com>
drm/amd/display: Fix watermark calculation
Thomas Hellström <thomas.hellstrom@linux.intel.com>
drm/i915: Fix display problems after resume
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix watermark calculations for DG2 CCS+CC modifier
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix watermark calculations for DG2 CCS modifiers
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
Tvrtko Ursulin <tvrtko.ursulin@intel.com>
drm/i915/guc: Fix revocation of non-persistent contexts
Chris Wilson <chris.p.wilson@intel.com>
drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
Jianglei Nie <niejianglei2021@163.com>
drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
Lyude Paul <lyude@redhat.com>
drm/nouveau/kms/nv140-: Disable interlacing
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: greybus: audio_helper: remove unused and wrong debugfs usage
Sean Christopherson <seanjc@google.com>
KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
Sean Christopherson <seanjc@google.com>
KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
Michal Luczaj <mhal@rbox.co>
KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
Yu Kuai <yukuai3@huawei.com>
blk-wbt: call rq_qos_add() after wb_normal is initialized
Yu Kuai <yukuai3@huawei.com>
blk-throttle: fix that io throttle can only work for single bio
Dmitry Osipenko <dmitry.osipenko@collabora.com>
media: cedrus: Fix endless loop in cedrus_h265_skip_bits()
Dmitry Osipenko <dmitry.osipenko@collabora.com>
media: cedrus: Set the platform driver data earlier
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: cedrus: Fix watchdog race condition
Ard Biesheuvel <ardb@kernel.org>
efi: libstub: drop pointless get_memory_map() call
Mario Limonciello <mario.limonciello@amd.com>
thunderbolt: Explicitly enable lane adapter hotplug events at startup
Shengjiu Wang <shengjiu.wang@nxp.com>
rpmsg: char: Avoid double destroy of default endpoint
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Fix reading strings from synthetic events
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Add "(fault)" name injection to kernel probes
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Move duplicate code of trace_kprobe/eprobe.c into header
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Do not free snapshot if tracer is on cmdline
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Add ioctl() to force ring buffer waiters to wake up
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Wake up waiters when tracing is disabled
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Wake up ring buffer waiters on closing of the file
Waiman Long <longman@redhat.com>
tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
Tao Chen <chentao.kernel@linux.alibaba.com>
tracing/eprobe: Fix alloc event dir failed when event name no set
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Fix race between reset page and reading page
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Add ring_buffer_wake_waiters()
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Check pending waiters when doing wake ups as well
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Have the shortest_full queue be the shortest not longest
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Allow splice to read previous partially read pages
Steven Rostedt (Google) <rostedt@goodmis.org>
ftrace: Still disable enabled records marked as disabled
Zheng Yejian <zhengyejian1@huawei.com>
ftrace: Properly unset FTRACE_HASH_FL_MOD
Rik van Riel <riel@surriel.com>
livepatch: fix race between fork and KLP transition
Ye Bin <yebin10@huawei.com>
ext4: update 'state->fc_regions_size' after successful memory allocation
Ye Bin <yebin10@huawei.com>
ext4: fix potential memory leak in ext4_fc_record_regions()
Ye Bin <yebin10@huawei.com>
ext4: fix potential memory leak in ext4_fc_record_modified_inode()
Ye Bin <yebin10@huawei.com>
ext4: fix miss release buffer head in ext4_fc_write_inode
Zhihao Cheng <chengzhihao1@huawei.com>
ext4: fix dir corruption when ext4_dx_add_entry() fails
Jeff Layton <jlayton@kernel.org>
ext4: fix i_version handling in ext4
Jinke Han <hanjinke.666@bytedance.com>
ext4: place buffer head allocation before handle start
Zhang Yi <yi.zhang@huawei.com>
ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
Jeff Layton <jlayton@kernel.org>
ext4: unconditionally enable the i_version counter
Lukas Czerner <lczerner@redhat.com>
ext4: don't increase iversion counter for ea_inodes
Jan Kara <jack@suse.cz>
ext4: fix check for block being out of directory size
Lalith Rajendran <lalithkraj@google.com>
ext4: make ext4_lazyinit_thread freezable
Baokun Li <libaokun1@huawei.com>
ext4: fix null-ptr-deref in ext4_write_info
Jan Kara <jack@suse.cz>
ext4: avoid crash when inline data creation follows DIO write
Jan Kara <jack@suse.cz>
ext2: Add sanity checks for group and filesystem size
Ye Bin <yebin10@huawei.com>
jbd2: add miss release buffer head in fc_do_one_pass()
Ye Bin <yebin10@huawei.com>
jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
Ye Bin <yebin10@huawei.com>
jbd2: fix potential buffer head reference count leak
Andrew Perepechko <anserper@ya.ru>
jbd2: wake up journal waiters in FIFO order, not LIFO
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: allow direct read for zoned device
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on summary info
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on destination blkaddr during recovery
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: increase the limit for reserve_root
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: flush pending checkpoints when freezing super
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: complete checkpoints during remount
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: fix wrong continue condition in GC
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer
Filipe Manana <fdmanana@suse.com>
btrfs: fix missed extent on fsync after dropping extent maps
Filipe Manana <fdmanana@suse.com>
btrfs: fix race between quota enable and quota rescan ioctl
Qu Wenruo <wqu@suse.com>
btrfs: enhance unsupported compat RO flags handling
Alexander Zhu <alexlzhu@fb.com>
btrfs: fix alignment of VMA for memory mapped files on THP
Lukas Czerner <lczerner@redhat.com>
fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
Mickaël Salaün <mic@digikod.net>
ksmbd: Fix user namespace mapping
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
ksmbd: Fix wrong return value and message length check in smb2_ioctl()
Namjae Jeon <linkinjeon@kernel.org>
ksmbd: fix endless loop when encryption for response fails
Namjae Jeon <linkinjeon@kernel.org>
ksmbd: fix incorrect handling of iterate_dir
Steve French <stfrench@microsoft.com>
smb3: do not log confusing message when server returns no network interfaces
Jason A. Donenfeld <Jason@zx2c4.com>
hwrng: core - let sleep be interrupted when unregistering hwrng
Hyunwoo Kim <imv4bel@gmail.com>
fbdev: smscufx: Fix use-after-free in ufx_ops_open()
Quentin Schulz <quentin.schulz@theobroma-systems.com>
pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
Quentin Schulz <quentin.schulz@theobroma-systems.com>
gpio: rockchip: request GPIO mux to pinctrl when setting direction
Saurav Kashyap <skashyap@marvell.com>
scsi: qedf: Populate sysfs attributes for vport
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Rework MIB Rx Monitor debug info logic
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
slimbus: qcom-ngd: cleanup in probe error path
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure
Pali Rohár <pali@kernel.org>
powerpc/boot: Explicitly disable usage of SPE instructions
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE
Zhang Rui <rui.zhang@intel.com>
powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
Matthias Kaehlcke <mka@chromium.org>
LoadPin: Fix Kconfig doc about format of file with verity digests
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning
Chuck Lever <chuck.lever@oracle.com>
NFSD: Protect against send buffer overflow in NFSv3 READ
Chuck Lever <chuck.lever@oracle.com>
NFSD: Protect against send buffer overflow in NFSv2 READ
Chuck Lever <chuck.lever@oracle.com>
NFSD: Protect against send buffer overflow in NFSv3 READDIR
Maciej W. Rozycki <macro@orcam.me.uk>
serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices
Maciej W. Rozycki <macro@orcam.me.uk>
serial: 8250: Let drivers request full 16550A feature probing
Lukas Wunner <lukas@wunner.de>
serial: ar933x: Deassert Transmit Enable on ->rs485_config()
Lukas Wunner <lukas@wunner.de>
serial: Deassert Transmit Enable on probe in driver-specific way
Lukas Wunner <lukas@wunner.de>
serial: stm32: Deassert Transmit Enable on ->rs485_config()
Christophe Leroy <christophe.leroy@csgroup.eu>
serial: cpm_uart: Don't request IRQ too early for console port
Maciej W. Rozycki <macro@orcam.me.uk>
PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
M. Vefa Bicakci <m.v.b@runbox.com>
xen/gntdev: Accommodate VMA splitting
M. Vefa Bicakci <m.v.b@runbox.com>
xen/gntdev: Prevent leaking grants
Carlos Llamas <cmllamas@google.com>
mm/mmap: undo ->mmap() when arch_validate_flags() fails
Peter Xu <peterx@redhat.com>
mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in
Baolin Wang <baolin.wang@linux.alibaba.com>
mm/damon: validate if the pmd entry is present before accessing
Baolin Wang <baolin.wang@linux.alibaba.com>
mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
Yang Guo <guoyang2@huawei.com>
clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value
James Morse <james.morse@arm.com>
arm64: errata: Add Cortex-A55 to the repeat tlbi list
Catalin Marinas <catalin.marinas@arm.com>
arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
Peter Collingbourne <pcc@google.com>
arm64: mte: move register initialization to C
Takashi Iwai <tiwai@suse.de>
drm/udl: Restore display mode on resume
Dmitry Osipenko <dmitry.osipenko@collabora.com>
drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
Dmitry Osipenko <dmitry.osipenko@collabora.com>
drm/virtio: Unlock reservations on dma_resv_reserve_fences() error
Dmitry Osipenko <dmitry.osipenko@collabora.com>
drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error
Dmitry Osipenko <dmitry.osipenko@collabora.com>
drm/virtio: Check whether transferred 2D BO is shmem
Christian Marangi <ansuelsmth@gmail.com>
dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg
Christian Marangi <ansuelsmth@gmail.com>
dmaengine: qcom-adm: fix wrong sizeof config in slave_config
Dario Binacchi <dario.binacchi@amarulasolutions.com>
dmaengine: mxs: use platform_driver_register
Matthias Kaehlcke <mka@chromium.org>
dm: verity-loadpin: Only trust verity targets with enforcement
Hamza Mahfooz <hamza.mahfooz@amd.com>
Revert "drm/amdgpu: use dirty framebuffer helper"
Sagi Grimberg <sagi@grimberg.me>
nvme-multipath: fix possible hang in live ns resize with ANA access
Gaosheng Cui <cuigaosheng1@huawei.com>
nvmem: core: Fix memleak in nvmem_register()
Huacai Chen <chenhuacai@kernel.org>
UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
Fangrui Song <maskray@google.com>
riscv: Pass -mno-relax only on lld < 15.0.0
Wenting Zhang <zephray@outlook.com>
riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
Andrew Bresticker <abrestic@rivosinc.com>
riscv: Make VM_WRITE imply VM_READ
Andrew Bresticker <abrestic@rivosinc.com>
riscv: Allow PROT_WRITE-only mmap()
Jisheng Zhang <jszhang@kernel.org>
riscv: vdso: fix NULL deference in vdso_join_timens() when vfork
Helge Deller <deller@gmx.de>
parisc: Fix userspace graphics card breakage due to pgtable special bit
Helge Deller <deller@gmx.de>
parisc: fbdev/stifb: Align graphics memory size to 4MB
Maciej W. Rozycki <macro@orcam.me.uk>
RISC-V: Make port I/O string accessors actually work
Palmer Dabbelt <palmer@rivosinc.com>
RISC-V: Re-enable counter access from userspace
Conor Dooley <conor.dooley@microchip.com>
riscv: topology: fix default topology reporting
Conor Dooley <conor.dooley@microchip.com>
arm64: topology: move store_cpu_topology() to shared code
Linus Walleij <linus.walleij@linaro.org>
regulator: qcom_rpm: Fix circular deferral regression
Mika Westerberg <mika.westerberg@linux.intel.com>
net: thunderbolt: Enable DMA paths only after rings are enabled
Liang He <windhl@126.com>
hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: wcd934x: fix order of Slimbus unprepare/disable
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: wcd9335: fix order of Slimbus unprepare/disable
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sdm845-mtp: correct ADC settle time
Patryk Duda <pdk@semihalf.com>
platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
Zhihao Cheng <chengzhihao1@huawei.com>
quota: Check next/prev free block number after reading from quota file
Andri Yngvason <andri@yngvason.is>
HID: multitouch: Add memory barriers
Jan Kara <jack@suse.cz>
mbcache: Avoid nesting of cache->c_list_lock under bit locks
Roberto Sassu <roberto.sassu@huawei.com>
btf: Export bpf_dynptr definition
Alexander Aring <aahringo@redhat.com>
fs: dlm: fix invalid derefence of sb_lvbptr
Alexander Aring <aahringo@redhat.com>
fs: dlm: handle -EBUSY first in lock arg validation
Alexander Aring <aahringo@redhat.com>
fs: dlm: fix race between test_bit() and queue_work()
Jarkko Nikula <jarkko.nikula@linux.intel.com>
i2c: designware: Fix handling of real but unexpected device interrupts
Wenchao Chen <wenchao.chen@unisoc.com>
mmc: sdhci-sprd: Fix minimum clock limit
Prathamesh Shete <pshete@nvidia.com>
mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
Biju Das <biju.das.jz@bp.renesas.com>
mmc: renesas_sdhi: Fix rounding errors
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix CAN state after restart
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix TX queue out of sync after restart
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb_leaf: Fix overread with an invalid command
Anssi Hannula <anssi.hannula@bitwise.fi>
can: kvaser_usb: Fix use of uninitialized completion
Avri Altman <avri.altman@wdc.com>
mmc: core: Add SD card quirk for broken discard
Jean-Francois Le Fillatre <jflf_kernel@gmx.com>
usb: add quirks for Lenovo OneLink+ Dock
Nathan Chancellor <nathan@kernel.org>
usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video()
Rafael Mendonca <rafaelmendsr@gmail.com>
xhci: dbc: Fix memory leak in xhci_alloc_dbc()
Eddie James <eajames@linux.ibm.com>
iio: pressure: dps310: Reset chip after timeout
Eddie James <eajames@linux.ibm.com>
iio: pressure: dps310: Refactor startup procedure
Nuno Sá <nuno.sa@analog.com>
iio: adc: ad7923: fix channel readings for some variants
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
iio: ltc2497: Fix reading conversion results
Michael Hennerich <michael.hennerich@analog.com>
iio: dac: ad5593r: Fix i2c read protocol requirements
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
Ronnie Sahlberg <lsahlber@redhat.com>
cifs: destage dirty pages before re-reading them for cache=none
Gaurav Kohli <gauravkohli@linux.microsoft.com>
hv_netvsc: Fix race between VF offering and VF association message from host
Pavel Begunkov <asml.silence@gmail.com>
io_uring: correct pinned_vm accounting
Pavel Begunkov <asml.silence@gmail.com>
io_uring/af_unix: defer registered files gc to io_uring release
Jens Axboe <axboe@kernel.dk>
io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT
Pavel Begunkov <asml.silence@gmail.com>
io_uring: limit registration w/ SINGLE_ISSUER
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: don't update msg_name if not provided
Stefan Metzmacher <metze@samba.org>
io_uring/net: fix fast_iov assignment in io_setup_async_msg()
Pavel Begunkov <asml.silence@gmail.com>
io_uring/rw: don't lose short results on io_setup_async_rw()
Pavel Begunkov <asml.silence@gmail.com>
io_uring/rw: fix unexpected link breakage
Pavel Begunkov <asml.silence@gmail.com>
io_uring/net: don't lose partial send/recv on fail
Pavel Begunkov <asml.silence@gmail.com>
io_uring/rw: don't lose partial IO result on fail
Pavel Begunkov <asml.silence@gmail.com>
io_uring: add custom opcode hooks on fail
Tudor Ambarus <tudor.ambarus@microchip.com>
mtd: rawnand: atmel: Unmap streaming DMA mappings
Saranya Gopal <saranya.gopal@intel.com>
ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
Luke D. Jones <luke@ljones.dev>
ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
Luke D. Jones <luke@ljones.dev>
ALSA: hda/realtek: Correct pin configs for ASUS G533Z
Callum Osmotherly <callum.osmotherly@gmail.com>
ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix NULL dererence at error path
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix potential memory leaks
Takashi Iwai <tiwai@suse.de>
ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
Takashi Iwai <tiwai@suse.de>
ALSA: oss: Fix potential deadlock at unregistration
-------------
Diffstat:
Documentation/ABI/testing/sysfs-bus-iio | 2 +-
Documentation/admin-guide/kernel-parameters.txt | 4 +
Documentation/arm64/silicon-errata.rst | 2 +
Documentation/filesystems/vfs.rst | 3 +
.../trace/coresight/coresight-cpu-debug.rst | 3 +-
Makefile | 4 +-
arch/arm/Kconfig | 1 -
arch/arm/boot/compressed/misc.c | 2 +
arch/arm/boot/compressed/vmlinux.lds.S | 2 +
arch/arm/boot/dts/armada-385-turris-omnia.dts | 4 +-
arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
arch/arm/boot/dts/exynos4412-origen.dts | 2 +-
arch/arm/boot/dts/imx6dl-riotboard.dts | 1 +
arch/arm/boot/dts/imx6dl.dtsi | 3 +
arch/arm/boot/dts/imx6q-arm2.dts | 1 +
arch/arm/boot/dts/imx6q-evi.dts | 1 +
arch/arm/boot/dts/imx6q-mccmon6.dts | 1 +
arch/arm/boot/dts/imx6q.dtsi | 3 +
arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 6 +-
arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-sabreauto.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-tqma6a.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-ts7970.dtsi | 1 +
arch/arm/boot/dts/imx6qp.dtsi | 6 +
arch/arm/boot/dts/imx6sl.dtsi | 23 +-
arch/arm/boot/dts/imx6sll.dtsi | 3 +
arch/arm/boot/dts/imx6sx-udoo-neo.dtsi | 14 +-
arch/arm/boot/dts/imx6sx.dtsi | 6 +
arch/arm/boot/dts/imx7d-sdb.dts | 7 +-
arch/arm/boot/dts/kirkwood-lsxl.dtsi | 16 +-
arch/arm/boot/dts/uniphier-pinctrl.dtsi | 10 +
arch/arm/include/asm/stacktrace.h | 6 +
arch/arm/kernel/return_address.c | 1 +
arch/arm/kernel/stacktrace.c | 84 +++--
arch/arm/lib/call_with_stack.S | 2 +
arch/arm/mm/dma-mapping.c | 12 +-
arch/arm/mm/dump.c | 2 +-
arch/arm/mm/kasan_init.c | 9 +-
arch/arm/mm/mmu.c | 4 +
arch/arm/plat-orion/Makefile | 2 +-
arch/arm64/Kconfig | 17 +
.../boot/dts/exynos/exynos5433-tm2-common.dtsi | 2 +-
.../boot/dts/freescale/imx8mm-kontron-n801x-s.dts | 3 +
.../dts/freescale/imx8mm-kontron-n801x-som.dtsi | 2 -
arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 +-
arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi | 1 +
arch/arm64/boot/dts/marvell/ac5-98dx25xx.dtsi | 8 +-
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 4 +-
arch/arm64/boot/dts/qcom/pm8350c.dtsi | 3 +-
arch/arm64/boot/dts/qcom/sa8295p-adp.dts | 11 -
.../boot/dts/qcom/sc7180-trogdor-coachz-r1.dts | 2 -
arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor.dtsi | 2 -
arch/arm64/boot/dts/qcom/sc7280-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sc7280-idp.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sc7280.dtsi | 9 +-
arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 9 -
.../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 10 -
arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi | 3 +-
arch/arm64/boot/dts/qcom/sdm845-mtp.dts | 12 +-
arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts | 2 +-
.../boot/dts/qcom/sm8350-sony-xperia-sagami.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
arch/arm64/boot/dts/renesas/r9a07g043.dtsi | 8 +-
arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 8 +-
arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 8 +-
arch/arm64/boot/dts/socionext/Makefile | 4 +-
.../dts/socionext/uniphier-pxs3-ref-gadget0.dts | 41 +++
.../dts/socionext/uniphier-pxs3-ref-gadget1.dts | 40 +++
.../boot/dts/ti/k3-j7200-common-proc-board.dts | 10 +-
arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 11 +-
arch/arm64/include/asm/mte.h | 5 +
arch/arm64/kernel/cpu_errata.c | 5 +
arch/arm64/kernel/cpufeature.c | 3 +-
arch/arm64/kernel/ftrace.c | 17 +-
arch/arm64/kernel/mte.c | 60 +++-
arch/arm64/kernel/suspend.c | 2 +
arch/arm64/kernel/topology.c | 40 ---
arch/arm64/mm/mteswap.c | 7 +-
arch/arm64/mm/proc.S | 46 +--
arch/ia64/mm/numa.c | 1 +
arch/m68k/kernel/setup_mm.c | 5 +-
arch/mips/bcm47xx/prom.c | 4 +-
arch/mips/boot/dts/ralink/mt7621-gnubee-gb-pc2.dts | 6 +-
arch/mips/sgi-ip27/ip27-xtalk.c | 70 +++--
arch/mips/sgi-ip30/ip30-xtalk.c | 70 +++--
arch/parisc/include/asm/pgtable.h | 7 +-
arch/parisc/kernel/entry.S | 8 +
arch/powerpc/Kconfig | 2 +-
arch/powerpc/Makefile | 2 +-
arch/powerpc/boot/Makefile | 1 +
arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi | 51 +++
arch/powerpc/boot/dts/fsl/mpc8540ads.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8541cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8555cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8560ads.dts | 2 +-
arch/powerpc/boot/dts/turris1x.dts | 14 +-
arch/powerpc/configs/pseries_defconfig | 1 +
arch/powerpc/include/asm/interrupt.h | 3 +-
arch/powerpc/include/asm/syscalls.h | 12 +
arch/powerpc/kernel/interrupt.c | 10 -
arch/powerpc/kernel/interrupt_64.S | 45 ++-
arch/powerpc/kernel/kprobes.c | 8 +-
arch/powerpc/kernel/pci_dn.c | 1 +
arch/powerpc/kernel/setup_64.c | 4 +-
arch/powerpc/kernel/sys_ppc32.c | 14 +-
arch/powerpc/kernel/syscalls.c | 4 +-
arch/powerpc/math-emu/math_efp.c | 1 +
arch/powerpc/platforms/powernv/opal.c | 1 +
arch/powerpc/platforms/pseries/vas.c | 2 +-
arch/powerpc/sysdev/fsl_msi.c | 2 +
arch/riscv/Kconfig | 2 +-
arch/riscv/Makefile | 2 +
arch/riscv/include/asm/io.h | 16 +-
arch/riscv/include/asm/mmu.h | 1 -
arch/riscv/kernel/setup.c | 4 +-
arch/riscv/kernel/smpboot.c | 3 +-
arch/riscv/kernel/sys_riscv.c | 3 -
arch/riscv/kernel/vdso.c | 13 +-
arch/riscv/mm/fault.c | 3 +-
arch/sh/include/asm/sections.h | 2 +-
arch/sh/kernel/machvec.c | 10 +-
arch/um/kernel/um_arch.c | 2 +-
arch/x86/Kconfig | 7 +-
arch/x86/include/asm/cpu.h | 2 +
arch/x86/include/asm/hyperv-tlfs.h | 4 +-
arch/x86/include/asm/microcode.h | 1 +
arch/x86/include/asm/msr-index.h | 13 +
arch/x86/include/asm/paravirt_types.h | 11 +-
arch/x86/kernel/apic/apic.c | 44 ++-
arch/x86/kernel/cpu/feat_ctl.c | 2 +-
arch/x86/kernel/cpu/mce/apei.c | 13 +-
arch/x86/kernel/cpu/microcode/amd.c | 3 +-
arch/x86/kernel/cpu/resctrl/pseudo_lock.c | 12 +-
arch/x86/kvm/emulate.c | 2 +-
arch/x86/kvm/vmx/nested.c | 37 ++-
arch/x86/kvm/vmx/vmx.c | 12 +-
arch/x86/kvm/x86.c | 27 +-
arch/x86/net/bpf_jit_comp.c | 16 +-
arch/x86/xen/enlighten_pv.c | 3 +-
block/bio.c | 2 -
block/blk-mq.c | 6 +-
block/blk-throttle.c | 28 +-
block/blk-throttle.h | 2 +-
block/blk-wbt.c | 10 +-
block/blk.h | 3 +-
block/elevator.c | 4 +-
crypto/akcipher.c | 8 +
drivers/acpi/acpi_fpdt.c | 22 ++
drivers/acpi/acpi_pcc.c | 28 +-
drivers/acpi/acpi_video.c | 16 +
drivers/acpi/apei/ghes.c | 2 +-
drivers/acpi/x86/utils.c | 19 +-
drivers/ata/libahci_platform.c | 14 +-
drivers/base/arch_topology.c | 19 ++
drivers/block/nbd.c | 6 +-
drivers/bluetooth/btintel.c | 17 +-
drivers/bluetooth/btusb.c | 14 +
drivers/bluetooth/hci_ldisc.c | 7 +-
drivers/bluetooth/hci_serdev.c | 10 +-
drivers/char/hw_random/arm_smccc_trng.c | 4 +-
drivers/char/hw_random/core.c | 19 +-
drivers/char/hw_random/imx-rngc.c | 37 +--
drivers/char/random.c | 4 +-
drivers/clk/baikal-t1/ccu-div.c | 65 ++++
drivers/clk/baikal-t1/ccu-div.h | 10 +
drivers/clk/baikal-t1/clk-ccu-div.c | 26 +-
drivers/clk/bcm/clk-bcm2835.c | 43 ++-
drivers/clk/berlin/bg2.c | 5 +-
drivers/clk/berlin/bg2q.c | 6 +-
drivers/clk/clk-ast2600.c | 2 +-
drivers/clk/clk-oxnas.c | 6 +-
drivers/clk/clk-qoriq.c | 10 +-
drivers/clk/clk-versaclock5.c | 2 +-
drivers/clk/imx/clk-imx8mp.c | 2 +-
drivers/clk/imx/clk-scu.c | 6 +-
drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 6 +-
drivers/clk/mediatek/clk-mt8195-infra_ao.c | 13 +-
drivers/clk/mediatek/clk-mt8195-mfg.c | 6 +-
drivers/clk/mediatek/clk-mt8195-vdo0.c | 7 +-
drivers/clk/mediatek/clk-mt8195-vdo1.c | 6 +-
drivers/clk/mediatek/clk-mtk.c | 12 +-
drivers/clk/meson/meson-aoclk.c | 5 +-
drivers/clk/meson/meson-eeclk.c | 5 +-
drivers/clk/meson/meson8b.c | 5 +-
drivers/clk/qcom/Kconfig | 1 +
drivers/clk/qcom/apss-ipq6018.c | 2 +-
drivers/clk/qcom/gcc-sdm660.c | 2 +-
drivers/clk/qcom/gcc-sm6115.c | 46 ++-
drivers/clk/samsung/clk-exynosautov9.c | 20 +-
drivers/clk/sprd/common.c | 9 +-
drivers/clk/st/clkgen-fsyn.c | 5 +-
drivers/clk/st/clkgen-mux.c | 5 +-
drivers/clk/tegra/clk-tegra114.c | 1 +
drivers/clk/tegra/clk-tegra20.c | 1 +
drivers/clk/tegra/clk-tegra210.c | 1 +
drivers/clk/ti/clk-dra7-atl.c | 9 +-
drivers/clk/ti/clk.c | 5 +-
drivers/clk/zynqmp/clkc.c | 7 +
drivers/clk/zynqmp/pll.c | 31 +-
drivers/clocksource/arm_arch_timer.c | 6 +-
drivers/clocksource/timer-gxp.c | 7 +-
drivers/cpufreq/amd-pstate.c | 16 +-
drivers/cpufreq/intel_pstate.c | 1 +
drivers/cpufreq/qcom-cpufreq-hw.c | 10 +-
drivers/cpuidle/cpuidle-riscv-sbi.c | 7 +-
drivers/crypto/cavium/cpt/cptpf_main.c | 6 +-
drivers/crypto/ccp/ccp-dmaengine.c | 6 +-
drivers/crypto/ccp/sev-dev.c | 26 +-
drivers/crypto/hisilicon/qm.c | 6 +-
drivers/crypto/hisilicon/zip/zip_crypto.c | 4 +-
drivers/crypto/inside-secure/safexcel_hash.c | 8 +-
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 18 +-
drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 2 +-
drivers/crypto/qat/qat_common/qat_algs.c | 18 +-
drivers/crypto/sahara.c | 18 +-
drivers/dma-buf/udmabuf.c | 9 +-
drivers/dma/dw-edma/dw-edma-core.c | 12 -
drivers/dma/hisi_dma.c | 28 +-
drivers/dma/idxd/irq.c | 2 -
drivers/dma/ioat/dma.c | 6 +-
drivers/dma/mxs-dma.c | 11 +-
drivers/dma/qcom/qcom_adm.c | 22 +-
drivers/dma/ti/k3-udma.c | 25 +-
drivers/firmware/efi/libstub/fdt.c | 8 -
drivers/firmware/google/gsmi.c | 9 +
drivers/fpga/dfl-pci.c | 18 ++
drivers/fpga/dfl.c | 2 +-
drivers/fsi/fsi-core.c | 3 +
drivers/fsi/fsi-master-ast-cf.c | 2 +
drivers/fsi/fsi-occ.c | 18 +-
drivers/gpio/gpio-rockchip.c | 7 +
drivers/gpu/drm/Kconfig | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 7 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 14 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 9 +-
drivers/gpu/drm/amd/amdgpu/mmhub_v3_0.c | 10 +-
drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c | 3 +-
drivers/gpu/drm/amd/amdgpu/soc21.c | 5 +
.../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 45 ++-
drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 3 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 83 ++---
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 +-
.../drm/amd/display/dc/clk_mgr/dcn314/dcn314_smu.c | 11 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 16 +-
drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 6 +-
drivers/gpu/drm/amd/display/dc/dc_stream.h | 6 +-
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 35 +--
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 +-
.../display/dc/dcn31/dcn31_hpo_dp_stream_encoder.c | 6 +-
.../drm/amd/display/dc/dcn314/dcn314_resource.c | 4 +-
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hubp.c | 1 +
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 4 +
.../gpu/drm/amd/display/dc/dml/calcs/bw_fixed.c | 6 +-
.../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 1 +
.../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 2 +
.../gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 1 +
drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 +-
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 4 +-
drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 21 +-
drivers/gpu/drm/arm/display/komeda/komeda_kms.h | 2 +
drivers/gpu/drm/bridge/adv7511/adv7511.h | 5 +-
drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 4 +-
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 5 +-
drivers/gpu/drm/bridge/analogix/anx7625.c | 1 +
drivers/gpu/drm/bridge/ite-it6505.c | 5 +-
drivers/gpu/drm/bridge/lontium-lt9611.c | 3 +-
.../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 4 +-
drivers/gpu/drm/bridge/parade-ps8640.c | 4 +-
drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 13 +-
drivers/gpu/drm/bridge/tc358767.c | 5 +-
drivers/gpu/drm/display/drm_dp_helper.c | 9 -
drivers/gpu/drm/display/drm_dp_mst_topology.c | 6 +-
drivers/gpu/drm/drm_bridge.c | 4 +-
drivers/gpu/drm/drm_ioctl.c | 8 +-
drivers/gpu/drm/drm_mipi_dsi.c | 1 +
drivers/gpu/drm/drm_panel_orientation_quirks.c | 18 ++
drivers/gpu/drm/i915/display/intel_cdclk.c | 4 +-
drivers/gpu/drm/i915/gem/i915_gem_context.c | 8 +-
drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 16 +-
drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 58 ++--
drivers/gpu/drm/i915/gt/intel_context.c | 5 +-
drivers/gpu/drm/i915/gt/intel_context.h | 3 +-
drivers/gpu/drm/i915/gt/intel_ggtt.c | 8 +-
drivers/gpu/drm/i915/gt/intel_gtt.c | 3 +
drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 26 +-
drivers/gpu/drm/i915/intel_pm.c | 16 +-
drivers/gpu/drm/meson/meson_drv.c | 14 +-
drivers/gpu/drm/meson/meson_drv.h | 7 +
drivers/gpu/drm/meson/meson_encoder_cvbs.c | 13 +
drivers/gpu/drm/meson/meson_encoder_cvbs.h | 1 +
drivers/gpu/drm/meson/meson_encoder_hdmi.c | 13 +
drivers/gpu/drm/meson/meson_encoder_hdmi.h | 1 +
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 19 +-
drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c | 29 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 9 +-
drivers/gpu/drm/msm/dp/dp_catalog.c | 2 +-
drivers/gpu/drm/msm/msm_drv.c | 13 +-
drivers/gpu/drm/msm/msm_drv.h | 2 +
drivers/gpu/drm/msm/msm_io_utils.c | 22 ++
drivers/gpu/drm/nouveau/nouveau_bo.c | 4 +-
drivers/gpu/drm/nouveau/nouveau_connector.c | 3 +-
drivers/gpu/drm/nouveau/nouveau_prime.c | 1 -
drivers/gpu/drm/omapdrm/dss/dss.c | 3 +
drivers/gpu/drm/panel/Kconfig | 4 +-
drivers/gpu/drm/pl111/pl111_versatile.c | 1 +
drivers/gpu/drm/tests/drm_format_helper_test.c | 23 +-
drivers/gpu/drm/tiny/bochs.c | 2 +
drivers/gpu/drm/udl/udl_modeset.c | 3 -
drivers/gpu/drm/vc4/vc4_drv.c | 14 +-
drivers/gpu/drm/vc4/vc4_drv.h | 1 +
drivers/gpu/drm/vc4/vc4_vec.c | 4 +-
drivers/gpu/drm/virtio/virtgpu_display.c | 2 +
drivers/gpu/drm/virtio/virtgpu_gem.c | 4 +-
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 4 +-
drivers/gpu/drm/virtio/virtgpu_object.c | 3 +
drivers/gpu/drm/virtio/virtgpu_plane.c | 6 +-
drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 1 +
drivers/hid/Kconfig | 6 +
drivers/hid/Makefile | 1 +
drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 +
drivers/hid/hid-ids.h | 3 +
drivers/hid/hid-multitouch.c | 8 +-
drivers/hid/hid-nintendo.c | 55 ++--
drivers/hid/hid-roccat.c | 4 +
drivers/hid/hid-topre.c | 49 +++
drivers/hid/hid-uclogic-core.c | 1 +
drivers/hid/hid-uclogic-rdesc.c | 2 +-
drivers/hsi/clients/ssi_protocol.c | 1 +
drivers/hsi/controllers/omap_ssi_core.c | 1 +
drivers/hsi/controllers/omap_ssi_port.c | 8 +-
drivers/hwmon/gsc-hwmon.c | 1 +
drivers/hwmon/occ/p9_sbe.c | 17 +-
drivers/hwmon/pmbus/mp2888.c | 13 +-
drivers/hwmon/sht4x.c | 2 +-
drivers/i2c/busses/i2c-designware-core.h | 7 +-
drivers/i2c/busses/i2c-designware-master.c | 13 +
drivers/i2c/busses/i2c-designware-pcidrv.c | 30 +-
drivers/i2c/busses/i2c-mlxbf.c | 44 ++-
drivers/iio/adc/ad7923.c | 4 +-
drivers/iio/adc/at91-sama5d2_adc.c | 28 +-
drivers/iio/adc/ltc2497.c | 13 +
drivers/iio/dac/ad5593r.c | 46 +--
drivers/iio/industrialio-core.c | 5 +
drivers/iio/inkern.c | 8 +-
drivers/iio/magnetometer/yamaha-yas530.c | 2 +-
drivers/iio/pressure/dps310.c | 262 ++++++++++------
drivers/infiniband/core/cm.c | 14 +-
drivers/infiniband/core/uverbs_cmd.c | 5 +-
drivers/infiniband/core/verbs.c | 2 +
drivers/infiniband/hw/hns/hns_roce_mr.c | 1 -
drivers/infiniband/hw/irdma/defs.h | 1 +
drivers/infiniband/hw/irdma/hw.c | 51 +--
drivers/infiniband/hw/irdma/type.h | 1 +
drivers/infiniband/hw/irdma/user.h | 1 +
drivers/infiniband/hw/irdma/utils.c | 3 +
drivers/infiniband/hw/irdma/verbs.c | 69 ++++-
drivers/infiniband/hw/mlx4/mr.c | 1 -
drivers/infiniband/hw/mlx5/main.c | 3 +
drivers/infiniband/hw/mlx5/odp.c | 3 +-
drivers/infiniband/sw/rxe/rxe_loc.h | 6 +-
drivers/infiniband/sw/rxe/rxe_mr.c | 11 +-
drivers/infiniband/sw/rxe/rxe_qp.c | 10 +-
drivers/infiniband/sw/rxe/rxe_queue.c | 12 +-
drivers/infiniband/sw/rxe/rxe_resp.c | 10 +-
drivers/infiniband/sw/rxe/rxe_verbs.c | 12 +-
drivers/infiniband/sw/siw/siw.h | 1 +
drivers/infiniband/sw/siw/siw_qp.c | 2 +-
drivers/infiniband/sw/siw/siw_qp_rx.c | 27 +-
drivers/infiniband/sw/siw/siw_verbs.c | 3 +
drivers/infiniband/ulp/srp/ib_srp.c | 4 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 21 ++
drivers/iommu/omap-iommu-debug.c | 6 +-
drivers/isdn/mISDN/l1oip.h | 1 +
drivers/isdn/mISDN/l1oip_core.c | 13 +-
drivers/leds/flash/leds-lm3601x.c | 2 -
drivers/mailbox/bcm-flexrm-mailbox.c | 8 +-
drivers/mailbox/imx-mailbox.c | 10 +-
drivers/mailbox/mailbox-mpfs.c | 25 +-
drivers/md/bcache/writeback.c | 73 +++--
drivers/md/dm-verity-loadpin.c | 8 +
drivers/md/dm-verity-target.c | 16 +
drivers/md/dm-verity.h | 1 +
drivers/md/md.c | 1 -
drivers/md/raid0.c | 2 +-
drivers/md/raid5.c | 15 +-
drivers/media/pci/cx88/cx88-vbi.c | 9 +-
drivers/media/pci/cx88/cx88-video.c | 43 +--
drivers/media/platform/amlogic/meson-ge2d/ge2d.c | 1 -
drivers/media/platform/amphion/vdec.c | 16 +-
drivers/media/platform/amphion/venc.c | 2 +-
drivers/media/platform/amphion/vpu.h | 1 -
drivers/media/platform/amphion/vpu_core.c | 84 ++---
drivers/media/platform/amphion/vpu_core.h | 1 +
drivers/media/platform/amphion/vpu_dbg.c | 9 +-
drivers/media/platform/amphion/vpu_malone.c | 2 +-
.../media/platform/mediatek/jpeg/mtk_jpeg_core.c | 1 -
.../platform/mediatek/vcodec/mtk_vcodec_enc.c | 3 +-
.../media/platform/samsung/exynos4-is/fimc-is.c | 1 +
drivers/media/platform/samsung/s5p-mfc/s5p_mfc.c | 3 +-
drivers/media/platform/xilinx/xilinx-vipp.c | 9 +-
drivers/media/usb/airspy/airspy.c | 4 +
drivers/media/usb/uvc/uvc_ctrl.c | 83 ++---
drivers/media/usb/uvc/uvc_driver.c | 8 +-
drivers/memory/of_memory.c | 2 +
drivers/memory/pl353-smc.c | 1 +
drivers/mfd/da9062-core.c | 1 +
drivers/mfd/fsl-imx25-tsadc.c | 34 +-
drivers/mfd/intel_soc_pmic_core.c | 1 +
drivers/mfd/lp8788-irq.c | 3 +
drivers/mfd/lp8788.c | 12 +-
drivers/mfd/sm501.c | 7 +-
drivers/misc/ocxl/file.c | 2 +
drivers/mmc/core/block.c | 6 +-
drivers/mmc/core/card.h | 6 +
drivers/mmc/core/quirks.h | 6 +
drivers/mmc/host/au1xmmc.c | 3 +-
drivers/mmc/host/renesas_sdhi_core.c | 21 +-
drivers/mmc/host/sdhci-msm.c | 1 +
drivers/mmc/host/sdhci-sprd.c | 2 +-
drivers/mmc/host/sdhci-tegra.c | 2 +-
drivers/mmc/host/wmt-sdmmc.c | 5 +-
drivers/mtd/devices/docg3.c | 7 +-
drivers/mtd/nand/raw/atmel/nand-controller.c | 1 +
drivers/mtd/nand/raw/fsl_elbc_nand.c | 28 +-
drivers/mtd/nand/raw/intel-nand-controller.c | 12 +-
drivers/mtd/nand/raw/meson_nand.c | 4 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 2 +
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 3 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 2 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 79 +++++
drivers/net/ethernet/atheros/alx/main.c | 5 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 10 +-
drivers/net/ethernet/engleder/tsnep_hw.h | 3 +-
drivers/net/ethernet/faraday/ftmac100.h | 12 +-
drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +-
drivers/net/ethernet/intel/iavf/iavf_main.c | 177 ++++++++---
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 +
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 1 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c | 10 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 13 +-
.../net/ethernet/marvell/prestera/prestera_acl.c | 8 +-
.../net/ethernet/marvell/prestera/prestera_acl.h | 4 +-
.../ethernet/marvell/prestera/prestera_flower.c | 6 +-
.../net/ethernet/marvell/prestera/prestera_main.c | 36 +--
drivers/net/ethernet/micrel/ks8851_spi.c | 5 +-
drivers/net/ethernet/microchip/lan743x_ptp.c | 7 +
drivers/net/ethernet/sunplus/spl2sw_driver.c | 2 +-
drivers/net/ethernet/ti/Kconfig | 1 +
drivers/net/ethernet/ti/davinci_mdio.c | 242 ++++++++++++++-
drivers/net/ethernet/xilinx/xilinx_axienet.h | 12 +
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 ++-
drivers/net/hyperv/hyperv_net.h | 3 +-
drivers/net/hyperv/netvsc.c | 4 +
drivers/net/hyperv/netvsc_drv.c | 19 ++
drivers/net/thunderbolt.c | 28 +-
drivers/net/usb/r8152.c | 4 +-
drivers/net/wireless/ath/ath10k/core.c | 16 +
drivers/net/wireless/ath/ath10k/htc.c | 11 +-
drivers/net/wireless/ath/ath10k/hw.h | 2 +
drivers/net/wireless/ath/ath10k/mac.c | 54 ++--
drivers/net/wireless/ath/ath11k/ahb.c | 58 +++-
drivers/net/wireless/ath/ath11k/core.c | 2 +
drivers/net/wireless/ath/ath11k/dp_rx.c | 3 +-
drivers/net/wireless/ath/ath11k/mac.c | 25 +-
drivers/net/wireless/ath/ath11k/mhi.c | 17 +-
drivers/net/wireless/ath/ath11k/peer.c | 30 +-
drivers/net/wireless/ath/ath11k/qmi.c | 38 ++-
drivers/net/wireless/ath/ath11k/qmi.h | 10 +-
drivers/net/wireless/ath/ath11k/wmi.c | 9 +-
drivers/net/wireless/ath/ath11k/wmi.h | 2 +-
drivers/net/wireless/ath/ath9k/htc_hst.c | 43 ++-
drivers/net/wireless/ath/ath9k/rng.c | 3 +-
.../wireless/broadcom/brcm80211/brcmfmac/core.c | 3 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 12 +-
drivers/net/wireless/mac80211_hwsim.c | 7 +-
drivers/net/wireless/marvell/mwifiex/init.c | 9 +-
drivers/net/wireless/marvell/mwifiex/main.h | 3 +-
drivers/net/wireless/marvell/mwifiex/sta_event.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7615/main.c | 4 +
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +-
.../net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 12 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 +-
.../net/wireless/mediatek/mt76/mt7921/acpi_sar.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 7 +-
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 26 +-
drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 15 +-
drivers/net/wireless/mediatek/mt76/mt7921/sdio.c | 13 +-
drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 28 +-
drivers/net/wireless/mediatek/mt76/sdio.c | 8 +-
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 34 +-
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 6 +-
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 96 ++++--
.../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 9 +-
drivers/net/wireless/realtek/rtw88/main.c | 8 +-
drivers/net/wireless/realtek/rtw88/phy.c | 21 +-
drivers/net/wireless/realtek/rtw89/core.c | 1 +
drivers/net/wireless/realtek/rtw89/fw.c | 12 +-
drivers/net/wireless/realtek/rtw89/pci.c | 5 +-
drivers/net/wireless/realtek/rtw89/ser.c | 3 +
drivers/net/wireless/silabs/wfx/main.c | 2 +-
drivers/net/wireless/st/cw1200/queue.c | 18 +-
drivers/net/wwan/iosm/iosm_ipc_wwan.c | 5 +-
drivers/nvme/host/core.c | 20 +-
drivers/nvme/host/ioctl.c | 9 +-
drivers/nvme/host/multipath.c | 1 +
drivers/nvme/host/nvme.h | 4 +-
drivers/nvme/target/core.c | 1 +
drivers/nvme/target/fabrics-cmd-auth.c | 13 +-
drivers/nvme/target/fabrics-cmd.c | 6 +-
drivers/nvme/target/nvmet.h | 7 +-
drivers/nvme/target/passthru.c | 7 +-
drivers/nvme/target/tcp.c | 11 +-
drivers/nvmem/core.c | 15 +-
drivers/pci/setup-res.c | 11 +
drivers/perf/riscv_pmu_sbi.c | 7 +-
.../phy/amlogic/phy-meson-axg-mipi-pcie-analog.c | 6 +-
drivers/phy/mediatek/phy-mtk-tphy.c | 7 +-
drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 32 +-
drivers/phy/qualcomm/phy-qcom-qmp-pcie-msm8996.c | 23 +-
drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 39 ++-
drivers/phy/qualcomm/phy-qcom-qmp-ufs.c | 30 +-
drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 64 ++--
drivers/phy/qualcomm/phy-qcom-usb-hsic.c | 6 +-
drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 +-
drivers/pinctrl/pinctrl-rockchip.c | 13 +
drivers/platform/chrome/chromeos_laptop.c | 24 +-
drivers/platform/chrome/cros_ec.c | 8 +-
drivers/platform/chrome/cros_ec_chardev.c | 3 +
drivers/platform/chrome/cros_ec_proto.c | 32 ++
drivers/platform/chrome/cros_ec_typec.c | 5 +-
drivers/platform/x86/hp-wmi.c | 11 +-
drivers/platform/x86/msi-laptop.c | 14 +-
drivers/platform/x86/pmc_atom.c | 2 +-
drivers/power/supply/adp5061.c | 6 +-
drivers/powercap/intel_rapl_common.c | 4 +-
drivers/regulator/core.c | 2 +-
drivers/regulator/qcom_rpm-regulator.c | 24 +-
drivers/remoteproc/remoteproc_core.c | 5 +-
drivers/rpmsg/rpmsg_char.c | 4 +-
drivers/scsi/3w-9xxx.c | 2 +-
drivers/scsi/iscsi_tcp.c | 73 +++--
drivers/scsi/iscsi_tcp.h | 3 +
drivers/scsi/libsas/sas_expander.c | 2 +-
drivers/scsi/lpfc/lpfc.h | 14 +-
drivers/scsi/lpfc/lpfc_crtn.h | 8 +
drivers/scsi/lpfc/lpfc_ct.c | 7 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 61 +---
drivers/scsi/lpfc/lpfc_debugfs.h | 2 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 4 +-
drivers/scsi/lpfc/lpfc_init.c | 332 ++++++++++----------
drivers/scsi/lpfc/lpfc_mem.c | 9 +-
drivers/scsi/lpfc/lpfc_sli.c | 193 +++++++++++-
drivers/scsi/lpfc/lpfc_sli4.h | 4 +-
drivers/scsi/lpfc/lpfc_vmid.c | 4 +-
drivers/scsi/pm8001/pm8001_hwi.c | 4 +
drivers/scsi/qedf/qedf_main.c | 21 ++
drivers/slimbus/qcom-ngd-ctrl.c | 22 +-
drivers/soc/qcom/smem_state.c | 3 +-
drivers/soc/qcom/smsm.c | 20 +-
drivers/soc/tegra/Kconfig | 1 -
drivers/soc/tegra/fuse/fuse-tegra.c | 1 +
drivers/soundwire/cadence_master.c | 9 +-
drivers/soundwire/intel.c | 1 -
drivers/spi/spi-cadence-quadspi.c | 3 +-
drivers/spi/spi-dw-bt1.c | 4 +-
drivers/spi/spi-meson-spicc.c | 6 +-
drivers/spi/spi-mt7621.c | 8 +-
drivers/spi/spi-omap-100k.c | 1 +
drivers/spi/spi-qup.c | 21 +-
drivers/spi/spi-s3c64xx.c | 9 +
drivers/spi/spi.c | 2 +
drivers/spmi/spmi-pmic-arb.c | 13 +-
drivers/staging/greybus/audio_helper.c | 11 -
drivers/staging/media/meson/vdec/vdec_hevc.c | 6 +-
drivers/staging/media/sunxi/cedrus/cedrus.c | 4 +-
drivers/staging/media/sunxi/cedrus/cedrus_dec.c | 4 +-
drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 5 +-
drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 +-
drivers/staging/rtl8723bs/os_dep/os_intfs.c | 60 ++--
drivers/staging/vt6655/device_main.c | 8 +-
drivers/thermal/cpufreq_cooling.c | 10 +-
drivers/thermal/intel/intel_powerclamp.c | 6 +-
drivers/thermal/qcom/tsens-v0_1.c | 2 +-
drivers/thunderbolt/nhi.c | 49 ++-
drivers/thunderbolt/switch.c | 24 ++
drivers/thunderbolt/tb.h | 1 +
drivers/thunderbolt/tb_regs.h | 1 +
drivers/thunderbolt/usb4.c | 20 ++
drivers/tty/serial/8250/8250_core.c | 16 +-
drivers/tty/serial/8250/8250_omap.c | 3 +
drivers/tty/serial/8250/8250_pci.c | 14 +-
drivers/tty/serial/8250/8250_port.c | 30 +-
drivers/tty/serial/ar933x_uart.c | 7 +
drivers/tty/serial/cpm_uart/cpm_uart_core.c | 22 +-
drivers/tty/serial/fsl_lpuart.c | 12 +-
drivers/tty/serial/imx.c | 8 +-
drivers/tty/serial/jsm/jsm_driver.c | 3 +-
drivers/tty/serial/serial_core.c | 36 ++-
drivers/tty/serial/stm32-usart.c | 100 +++---
drivers/tty/serial/xilinx_uartps.c | 14 +-
drivers/usb/common/debug.c | 96 ++++--
drivers/usb/common/usb-conn-gpio.c | 6 +-
drivers/usb/core/quirks.c | 4 +
drivers/usb/dwc3/core.c | 83 +++--
drivers/usb/dwc3/core.h | 6 +
drivers/usb/gadget/function/f_fs.c | 4 +-
drivers/usb/gadget/function/f_printer.c | 12 +-
drivers/usb/gadget/function/f_uvc.c | 6 +-
drivers/usb/gadget/function/uvc.h | 1 +
drivers/usb/gadget/function/uvc_v4l2.c | 2 +-
drivers/usb/gadget/function/uvc_video.c | 9 +-
drivers/usb/host/xhci-dbgcap.c | 2 +-
drivers/usb/host/xhci-mem.c | 7 +-
drivers/usb/host/xhci-plat.c | 18 +-
drivers/usb/host/xhci.c | 3 +-
drivers/usb/host/xhci.h | 1 +
drivers/usb/misc/idmouse.c | 8 +-
drivers/usb/mtu3/mtu3_core.c | 2 -
drivers/usb/mtu3/mtu3_plat.c | 2 +
drivers/usb/musb/musb_gadget.c | 3 +
drivers/usb/storage/unusual_devs.h | 6 -
drivers/usb/typec/anx7411.c | 4 +-
drivers/usb/typec/ucsi/ucsi.c | 8 +-
drivers/vhost/vsock.c | 2 +-
drivers/video/aperture.c | 14 +
drivers/video/fbdev/core/fbmem.c | 12 -
drivers/video/fbdev/smscufx.c | 14 +-
drivers/video/fbdev/stifb.c | 2 +-
drivers/xen/gntdev-common.h | 3 +-
drivers/xen/gntdev.c | 80 ++---
fs/btrfs/block-group.c | 11 +-
fs/btrfs/extent-tree.c | 3 +
fs/btrfs/file.c | 59 +++-
fs/btrfs/free-space-cache.c | 59 ++--
fs/btrfs/qgroup.c | 15 +
fs/btrfs/scrub.c | 69 +++--
fs/btrfs/super.c | 20 +-
fs/cifs/cifsproto.h | 2 +-
fs/cifs/connect.c | 2 +-
fs/cifs/file.c | 9 +
fs/cifs/smb2ops.c | 23 +-
fs/cifs/smb2pdu.c | 7 +-
fs/cifs/smb2transport.c | 10 +-
fs/dlm/ast.c | 6 +-
fs/dlm/lock.c | 20 +-
fs/dlm/lowcomms.c | 4 +
fs/erofs/inode.c | 2 +-
fs/erofs/super.c | 2 +-
fs/eventfd.c | 10 +-
fs/ext2/super.c | 22 +-
fs/ext4/fast_commit.c | 40 ++-
fs/ext4/file.c | 6 +
fs/ext4/inode.c | 17 +-
fs/ext4/ioctl.c | 4 +
fs/ext4/namei.c | 17 +-
fs/ext4/resize.c | 2 +-
fs/ext4/super.c | 47 +--
fs/ext4/xattr.c | 1 +
fs/f2fs/checkpoint.c | 47 ++-
fs/f2fs/data.c | 4 +-
fs/f2fs/extent_cache.c | 3 +-
fs/f2fs/f2fs.h | 16 +-
fs/f2fs/gc.c | 22 +-
fs/f2fs/recovery.c | 23 +-
fs/f2fs/segment.c | 2 +-
fs/f2fs/super.c | 15 +-
fs/file_table.c | 7 +-
fs/fs-writeback.c | 37 ++-
fs/internal.h | 10 +
fs/iomap/buffered-io.c | 2 +-
fs/jbd2/commit.c | 2 +-
fs/jbd2/journal.c | 10 +-
fs/jbd2/recovery.c | 1 +
fs/jbd2/transaction.c | 6 +-
fs/ksmbd/server.c | 4 +-
fs/ksmbd/smb2pdu.c | 27 +-
fs/ksmbd/smb_common.c | 6 +-
fs/mbcache.c | 17 +-
fs/nfsd/nfs3proc.c | 11 +-
fs/nfsd/nfs4proc.c | 19 +-
fs/nfsd/nfs4recover.c | 4 +-
fs/nfsd/nfs4state.c | 5 +
fs/nfsd/nfs4xdr.c | 14 +-
fs/nfsd/nfsproc.c | 6 +-
fs/nfsd/xdr4.h | 3 +-
fs/ntfs3/inode.c | 2 -
fs/ntfs3/xattr.c | 102 +-----
fs/open.c | 11 +-
fs/posix_acl.c | 25 +-
fs/quota/quota_tree.c | 38 +++
fs/userfaultfd.c | 4 +-
fs/xfs/xfs_super.c | 10 +-
include/dt-bindings/clock/samsung,exynosautov9.h | 56 ++--
include/linux/ata.h | 39 +--
include/linux/bio.h | 2 +-
include/linux/blk-mq.h | 11 +-
include/linux/blk_types.h | 2 +-
include/linux/bpf.h | 3 +-
include/linux/bpf_verifier.h | 11 +
include/linux/dynamic_debug.h | 11 +-
include/linux/eventfd.h | 2 +-
include/linux/export-internal.h | 6 +-
include/linux/filter.h | 5 +
include/linux/fortify-string.h | 3 +-
include/linux/fs.h | 9 +-
include/linux/hugetlb.h | 8 +-
include/linux/hw_random.h | 3 +
include/linux/iio/iio-opaque.h | 2 +
include/linux/iova.h | 2 +-
include/linux/mmc/card.h | 1 +
include/linux/once.h | 28 ++
include/linux/ring_buffer.h | 2 +-
include/linux/sched.h | 2 +-
include/linux/serial_8250.h | 1 +
include/linux/serial_core.h | 4 +-
include/linux/skbuff.h | 2 +
include/linux/sunrpc/svc.h | 19 +-
include/linux/tcp.h | 2 +-
include/linux/trace.h | 36 ++-
include/linux/trace_events.h | 1 +
include/net/ieee802154_netdev.h | 12 +-
include/net/tcp.h | 5 +-
include/uapi/linux/bpf.h | 7 +-
include/uapi/rdma/mlx5-abi.h | 1 +
io_uring/fdinfo.c | 32 +-
io_uring/io_uring.c | 29 +-
io_uring/io_uring.h | 12 +-
io_uring/net.c | 107 ++++---
io_uring/net.h | 9 +-
io_uring/opdef.c | 17 +-
io_uring/opdef.h | 1 +
io_uring/rsrc.c | 1 +
io_uring/rw.c | 47 ++-
io_uring/rw.h | 1 +
ipc/mqueue.c | 1 +
kernel/auditsc.c | 4 +-
kernel/bpf/bpf_local_storage.c | 4 +-
kernel/bpf/bpf_lsm.c | 6 +
kernel/bpf/bpf_task_storage.c | 8 +-
kernel/bpf/btf.c | 2 +-
kernel/bpf/cgroup.c | 28 +-
kernel/bpf/core.c | 9 +-
kernel/bpf/dispatcher.c | 27 +-
kernel/bpf/hashtab.c | 30 +-
kernel/bpf/helpers.c | 2 +
kernel/bpf/syscall.c | 2 +
kernel/bpf/trampoline.c | 8 +-
kernel/bpf/verifier.c | 146 +++++----
kernel/cgroup/cgroup.c | 6 +-
kernel/cgroup/cpuset.c | 18 +-
kernel/livepatch/transition.c | 18 +-
kernel/module/tracking.c | 3 +
kernel/rcu/tasks.h | 5 +-
kernel/rcu/tree.c | 17 +-
kernel/rcu/tree_plugin.h | 3 +-
kernel/trace/bpf_trace.c | 20 +-
kernel/trace/ftrace.c | 34 +-
kernel/trace/kprobe_event_gen_test.c | 49 ++-
kernel/trace/ring_buffer.c | 87 +++++-
kernel/trace/trace.c | 76 ++++-
kernel/trace/trace_eprobe.c | 63 +---
kernel/trace/trace_events_synth.c | 23 +-
kernel/trace/trace_kprobe.c | 60 +---
kernel/trace/trace_osnoise.c | 3 +-
kernel/trace/trace_probe_kernel.h | 115 +++++++
lib/Kconfig.debug | 10 +-
lib/dynamic_debug.c | 45 +--
lib/once.c | 30 ++
lib/sbitmap.c | 69 +++--
mm/damon/vaddr.c | 10 +
mm/gup.c | 14 +-
mm/hugetlb.c | 68 ++--
mm/memory.c | 2 +
mm/mmap.c | 5 +-
mm/mprotect.c | 2 +
net/bluetooth/hci_core.c | 38 ++-
net/bluetooth/hci_event.c | 14 +
net/bluetooth/hci_sock.c | 3 -
net/bluetooth/hci_sync.c | 1 +
net/bluetooth/hci_sysfs.c | 3 +
net/bluetooth/l2cap_core.c | 17 +-
net/bluetooth/mgmt.c | 4 +-
net/bluetooth/rfcomm/sock.c | 3 +
net/can/bcm.c | 7 +-
net/core/flow_dissector.c | 4 +-
net/core/skmsg.c | 12 +-
net/core/stream.c | 3 +-
net/ieee802154/socket.c | 4 +
net/ipv4/datagram.c | 2 +
net/ipv4/esp4_offload.c | 5 +-
net/ipv4/inet_hashtables.c | 4 +-
net/ipv4/netfilter/nft_fib_ipv4.c | 3 +
net/ipv4/tcp.c | 16 +-
net/ipv4/tcp_output.c | 19 +-
net/ipv6/esp6_offload.c | 5 +-
net/ipv6/netfilter/nft_fib_ipv6.c | 6 +-
net/mac80211/cfg.c | 17 +-
net/mac80211/mlme.c | 20 +-
net/mac80211/sta_info.c | 4 +-
net/netfilter/nf_conntrack_core.c | 18 +-
net/openvswitch/datapath.c | 18 +-
net/rds/tcp.c | 2 +-
net/sched/cls_u32.c | 6 +-
net/sctp/auth.c | 18 +-
net/unix/af_unix.c | 13 +-
net/unix/garbage.c | 20 ++
net/vmw_vsock/virtio_transport_common.c | 2 +-
net/wireless/reg.c | 4 +
net/xdp/xsk.c | 22 +-
net/xdp/xsk_queue.h | 22 +-
net/xfrm/xfrm_input.c | 18 +-
net/xfrm/xfrm_ipcomp.c | 1 +
scripts/Kbuild.include | 23 +-
scripts/package/mkspec | 4 +-
scripts/selinux/install_policy.sh | 2 +-
security/integrity/ima/ima_appraise.c | 12 +-
security/loadpin/Kconfig | 2 +-
sound/core/pcm_dmaengine.c | 8 +-
sound/core/rawmidi.c | 2 -
sound/core/sound_oss.c | 13 +-
sound/hda/intel-dsp-config.c | 5 +
sound/pci/hda/hda_beep.c | 15 +-
sound/pci/hda/hda_beep.h | 1 +
sound/pci/hda/hda_codec.c | 41 ++-
sound/pci/hda/patch_hdmi.c | 36 +--
sound/pci/hda/patch_realtek.c | 11 +-
sound/pci/hda/patch_sigmatel.c | 25 +-
sound/soc/amd/acp/acp-pci.c | 1 +
sound/soc/amd/yc/acp6x-mach.c | 14 +
sound/soc/codecs/da7219.c | 5 +-
sound/soc/codecs/lpass-tx-macro.c | 13 +-
sound/soc/codecs/mt6359-accdet.c | 6 +-
sound/soc/codecs/mt6660.c | 8 +-
sound/soc/codecs/tas2764.c | 78 ++---
sound/soc/codecs/wcd-mbhc-v2.c | 10 +-
sound/soc/codecs/wcd9335.c | 2 +-
sound/soc/codecs/wcd934x.c | 2 +-
sound/soc/codecs/wm5102.c | 6 +-
sound/soc/codecs/wm5110.c | 6 +-
sound/soc/codecs/wm8997.c | 6 +-
sound/soc/codecs/wm_adsp.c | 4 +-
sound/soc/fsl/eukrea-tlv320.c | 8 +-
sound/soc/mediatek/mt8195/mt8195-mt6359.c | 6 +
sound/soc/rockchip/rockchip_i2s.c | 41 +--
sound/soc/sh/rcar/ctu.c | 6 +-
sound/soc/sh/rcar/dvc.c | 6 +-
sound/soc/sh/rcar/mix.c | 6 +-
sound/soc/sh/rcar/src.c | 5 +-
sound/soc/sh/rcar/ssi.c | 4 +-
sound/soc/soc-pcm.c | 2 +-
sound/soc/sof/intel/hda.c | 11 +
sound/soc/sof/ipc3-topology.c | 7 +
sound/soc/sof/ipc4-topology.c | 9 +-
sound/soc/sof/mediatek/mt8195/mt8195.c | 1 +
sound/soc/sof/sof-pci-dev.c | 2 +-
sound/soc/sof/sof-priv.h | 4 +
sound/soc/stm/stm32_adfsdm.c | 8 +-
sound/soc/stm/stm32_i2s.c | 4 +-
sound/soc/stm/stm32_spdifrx.c | 4 +-
sound/soc/sunxi/sun4i-codec.c | 3 +
sound/usb/card.c | 32 +-
sound/usb/endpoint.c | 17 +-
sound/usb/quirks-table.h | 76 +++++
sound/usb/quirks.c | 344 ++++++++++++++++++---
sound/usb/quirks.h | 2 -
sound/usb/usbaudio.h | 1 +
tools/bpf/bpftool/btf_dumper.c | 2 +-
tools/bpf/bpftool/cgroup.c | 54 +++-
tools/bpf/bpftool/main.c | 10 +
tools/include/uapi/linux/bpf.h | 7 +-
tools/lib/bpf/bpf_tracing.h | 14 +-
tools/lib/bpf/btf.h | 25 +-
tools/lib/bpf/btf_dump.c | 2 +-
tools/lib/bpf/libbpf.c | 21 +-
tools/lib/bpf/libbpf.h | 4 +-
tools/lib/bpf/libbpf_probes.c | 2 +-
tools/lib/bpf/nlattr.c | 2 +-
tools/lib/bpf/usdt.bpf.h | 4 +-
tools/objtool/elf.c | 7 +-
tools/perf/arch/x86/util/intel-pt.c | 2 +-
tools/perf/util/intel-pt.c | 9 +-
tools/perf/util/parse-events.c | 3 +
tools/perf/util/pmu.c | 17 +
tools/perf/util/pmu.h | 2 +
tools/perf/util/pmu.l | 2 -
tools/perf/util/pmu.y | 15 +-
tools/power/x86/turbostat/turbostat.c | 1 -
.../selftests/arm64/signal/testcases/testcases.c | 2 +-
.../selftests/bpf/map_tests/array_map_batch_ops.c | 2 +
.../selftests/bpf/map_tests/htab_map_batch_ops.c | 2 +
.../bpf/map_tests/lpm_trie_map_batch_ops.c | 2 +
.../testing/selftests/bpf/prog_tests/cgroup_link.c | 11 +-
tools/testing/selftests/bpf/progs/kprobe_multi.c | 4 +-
tools/testing/selftests/bpf/test_maps.c | 24 +-
tools/testing/selftests/bpf/xsk.c | 6 +-
tools/testing/selftests/bpf/xskxceiver.c | 4 +
tools/testing/selftests/cpu-hotplug/config | 1 -
.../selftests/cpu-hotplug/cpu-on-off-test.sh | 138 +++------
tools/testing/selftests/net/fcnal-test.sh | 30 ++
tools/testing/selftests/net/nettest.c | 16 +-
tools/testing/selftests/tpm2/tpm2.py | 4 +
908 files changed, 8789 insertions(+), 4121 deletions(-)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 001/862] ALSA: oss: Fix potential deadlock at unregistration
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 002/862] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
` (875 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 97d917879d7f92df09c3f21fd54609a8bcd654b2 upstream.
We took sound_oss_mutex around the calls of unregister_sound_special()
at unregistering OSS devices. This may, however, lead to a deadlock,
because we manage the card release via the card's device object, and
the release may happen at unregister_sound_special() call -- which
will take sound_oss_mutex again in turn.
Although the deadlock might be fixed by relaxing the rawmidi mutex in
the previous commit, it's safer to move unregister_sound_special()
calls themselves out of the sound_oss_mutex, too. The call is
race-safe as the function has a spinlock protection by itself.
Link: https://lore.kernel.org/r/CAB7eexJP7w1B0mVgDF0dQ+gWor7UdkiwPczmL7pn91xx8xpzOA@mail.gmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221011070147.7611-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/sound_oss.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/sound/core/sound_oss.c
+++ b/sound/core/sound_oss.c
@@ -162,7 +162,6 @@ int snd_unregister_oss_device(int type,
mutex_unlock(&sound_oss_mutex);
return -ENOENT;
}
- unregister_sound_special(minor);
switch (SNDRV_MINOR_OSS_DEVICE(minor)) {
case SNDRV_MINOR_OSS_PCM:
track2 = SNDRV_MINOR_OSS(cidx, SNDRV_MINOR_OSS_AUDIO);
@@ -174,12 +173,18 @@ int snd_unregister_oss_device(int type,
track2 = SNDRV_MINOR_OSS(cidx, SNDRV_MINOR_OSS_DMMIDI1);
break;
}
- if (track2 >= 0) {
- unregister_sound_special(track2);
+ if (track2 >= 0)
snd_oss_minors[track2] = NULL;
- }
snd_oss_minors[minor] = NULL;
mutex_unlock(&sound_oss_mutex);
+
+ /* call unregister_sound_special() outside sound_oss_mutex;
+ * otherwise may deadlock, as it can trigger the release of a card
+ */
+ unregister_sound_special(minor);
+ if (track2 >= 0)
+ unregister_sound_special(track2);
+
kfree(mptr);
return 0;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 002/862] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 001/862] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 003/862] ALSA: usb-audio: Fix potential memory leaks Greg Kroah-Hartman
` (874 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit a70aef7982b012e86dfd39fbb235e76a21ae778a upstream.
The register_mutex taken around the dev_unregister callback call in
snd_rawmidi_free() may potentially lead to a mutex deadlock, when OSS
emulation and a hot unplug are involved.
Since the mutex doesn't protect the actual race (as the registration
itself is already protected by another means), let's drop it.
Link: https://lore.kernel.org/r/CAB7eexJP7w1B0mVgDF0dQ+gWor7UdkiwPczmL7pn91xx8xpzOA@mail.gmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221011070147.7611-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/rawmidi.c | 2 --
1 file changed, 2 deletions(-)
--- a/sound/core/rawmidi.c
+++ b/sound/core/rawmidi.c
@@ -1899,10 +1899,8 @@ static int snd_rawmidi_free(struct snd_r
snd_info_free_entry(rmidi->proc_entry);
rmidi->proc_entry = NULL;
- mutex_lock(®ister_mutex);
if (rmidi->ops && rmidi->ops->dev_unregister)
rmidi->ops->dev_unregister(rmidi);
- mutex_unlock(®ister_mutex);
snd_rawmidi_free_substreams(&rmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT]);
snd_rawmidi_free_substreams(&rmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT]);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 003/862] ALSA: usb-audio: Fix potential memory leaks
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 001/862] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 002/862] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 004/862] ALSA: usb-audio: Fix NULL dererence at error path Greg Kroah-Hartman
` (873 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 6382da0828995af87aa8b8bef28cc61aceb4aff3 upstream.
When the driver hits -ENOMEM at allocating a URB or a buffer, it
aborts and goes to the error path that releases the all previously
allocated resources. However, when -ENOMEM hits at the middle of the
sync EP URB allocation loop, the partially allocated URBs might be
left without released, because ep->nurbs is still zero at that point.
Fix it by setting ep->nurbs at first, so that the error handler loops
over the full URB list.
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220930100151.19461-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/endpoint.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -1261,6 +1261,7 @@ static int sync_ep_set_params(struct snd
if (!ep->syncbuf)
return -ENOMEM;
+ ep->nurbs = SYNC_URBS;
for (i = 0; i < SYNC_URBS; i++) {
struct snd_urb_ctx *u = &ep->urb[i];
u->index = i;
@@ -1280,8 +1281,6 @@ static int sync_ep_set_params(struct snd
u->urb->complete = snd_complete_urb;
}
- ep->nurbs = SYNC_URBS;
-
return 0;
out_of_memory:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 004/862] ALSA: usb-audio: Fix NULL dererence at error path
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 003/862] ALSA: usb-audio: Fix potential memory leaks Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 005/862] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Greg Kroah-Hartman
` (872 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sabri N. Ferreiro, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 568be8aaf8a535f79c4db76cabe17b035aa2584d upstream.
At an error path to release URB buffers and contexts, the driver might
hit a NULL dererence for u->urb pointer, when u->buffer_size has been
already set but the actual URB allocation failed.
Fix it by adding the NULL check of urb. Also, make sure that
buffer_size is cleared after the error path or the close.
Cc: <stable@vger.kernel.org>
Reported-by: Sabri N. Ferreiro <snferreiro1@gmail.com>
Link: https://lore.kernel.org/r/CAKG+3NRjTey+fFfUEGwuxL-pi_=T4cUskYG9OzpzHytF+tzYng@mail.gmail.com
Link: https://lore.kernel.org/r/20220930100129.19445-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/endpoint.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -93,12 +93,13 @@ static inline unsigned get_usb_high_spee
*/
static void release_urb_ctx(struct snd_urb_ctx *u)
{
- if (u->buffer_size)
+ if (u->urb && u->buffer_size)
usb_free_coherent(u->ep->chip->dev, u->buffer_size,
u->urb->transfer_buffer,
u->urb->transfer_dma);
usb_free_urb(u->urb);
u->urb = NULL;
+ u->buffer_size = 0;
}
static const char *usb_error_string(int err)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 005/862] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 004/862] ALSA: usb-audio: Fix NULL dererence at error path Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 006/862] ALSA: hda/realtek: Correct pin configs for ASUS G533Z Greg Kroah-Hartman
` (871 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Callum Osmotherly, Takashi Iwai
From: Callum Osmotherly <callum.osmotherly@gmail.com>
commit 417b9c51f59734d852e47252476fadc293ad994a upstream.
After some feedback from users with Dell Precision 5530 machines, this
patch reverts the previous change to add ALC289_FIXUP_DUAL_SPK.
While it improved the speaker output quality, it caused the headphone
jack to have an audible "pop" sound when power saving was toggled.
Fixes: 1885ff13d4c4 ("ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop")
Signed-off-by: Callum Osmotherly <callum.osmotherly@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/Yz0uyN1zwZhnyRD6@piranha
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 -
1 file changed, 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9186,7 +9186,6 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1028, 0x0871, "Dell Precision 3630", ALC255_FIXUP_DELL_HEADSET_MIC),
SND_PCI_QUIRK(0x1028, 0x0872, "Dell Precision 3630", ALC255_FIXUP_DELL_HEADSET_MIC),
SND_PCI_QUIRK(0x1028, 0x0873, "Dell Precision 3930", ALC255_FIXUP_DUMMY_LINEOUT_VERB),
- SND_PCI_QUIRK(0x1028, 0x087d, "Dell Precision 5530", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x08ad, "Dell WYSE AIO", ALC225_FIXUP_DELL_WYSE_AIO_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x08ae, "Dell WYSE NB", ALC225_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x0935, "Dell", ALC274_FIXUP_DELL_AIO_LINEOUT_VERB),
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 006/862] ALSA: hda/realtek: Correct pin configs for ASUS G533Z
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 005/862] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 007/862] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Greg Kroah-Hartman
` (870 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luke D. Jones, Takashi Iwai
From: Luke D. Jones <luke@ljones.dev>
commit 66ba7c88507344dee68ad1acbdb630473ab36114 upstream.
The initial fix for ASUS G533Z was based on faulty information. This
fixes the pincfg to values that have been verified with no existing
module options or other hacks enabled.
Enables headphone jack, and 5.1 surround.
[ corrected the indent level by tiwai ]
Fixes: bc2c23549ccd ("ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack")
Signed-off-by: Luke D. Jones <luke@ljones.dev>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221010065702.35190-1-luke@ljones.dev
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8427,11 +8427,13 @@ static const struct hda_fixup alc269_fix
[ALC285_FIXUP_ASUS_G533Z_PINS] = {
.type = HDA_FIXUP_PINS,
.v.pins = (const struct hda_pintbl[]) {
- { 0x14, 0x90170120 },
+ { 0x14, 0x90170152 }, /* Speaker Surround Playback Switch */
+ { 0x19, 0x03a19020 }, /* Mic Boost Volume */
+ { 0x1a, 0x03a11c30 }, /* Mic Boost Volume */
+ { 0x1e, 0x90170151 }, /* Rear jack, IN OUT EAPD Detect */
+ { 0x21, 0x03211420 },
{ }
},
- .chained = true,
- .chain_id = ALC294_FIXUP_ASUS_G513_PINS,
},
[ALC294_FIXUP_ASUS_COEF_1B] = {
.type = HDA_FIXUP_VERBS,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 007/862] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 006/862] ALSA: hda/realtek: Correct pin configs for ASUS G533Z Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 008/862] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Greg Kroah-Hartman
` (869 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luke D. Jones, Takashi Iwai
From: Luke D. Jones <luke@ljones.dev>
commit 2ea8e1297801f7b0220ebf6ae61a5b74ca83981e upstream.
The ASUS ROG X16 (GV601R) series laptop has the same node-to-DAC pairs
as early models and the G14, this includes bass speakers which are by
default mapped incorrectly to the 0x06 node.
Add a quirk to use the same DAC pairs as the G14.
Signed-off-by: Luke D. Jones <luke@ljones.dev>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221010070347.36883-1-luke@ljones.dev
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9411,6 +9411,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1043, 0x1e8e, "ASUS Zephyrus G15", ALC289_FIXUP_ASUS_GA401),
SND_PCI_QUIRK(0x1043, 0x1c52, "ASUS Zephyrus G15 2022", ALC289_FIXUP_ASUS_GA401),
SND_PCI_QUIRK(0x1043, 0x1f11, "ASUS Zephyrus G14", ALC289_FIXUP_ASUS_GA401),
+ SND_PCI_QUIRK(0x1043, 0x1f92, "ASUS ROG Flow X16", ALC289_FIXUP_ASUS_GA401),
SND_PCI_QUIRK(0x1043, 0x3030, "ASUS ZN270IE", ALC256_FIXUP_ASUS_AIO_GPIO2),
SND_PCI_QUIRK(0x1043, 0x831a, "ASUS P901", ALC269_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x1043, 0x834a, "ASUS S101", ALC269_FIXUP_STEREO_DMIC),
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 008/862] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 007/862] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 009/862] mtd: rawnand: atmel: Unmap streaming DMA mappings Greg Kroah-Hartman
` (868 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Saranya Gopal, Ninad Naik, Takashi Iwai
From: Saranya Gopal <saranya.gopal@intel.com>
commit 4f2e56a59b9947b3e698d3cabcb858765c12b1e8 upstream.
This patch fixes the issue with 3.5mm headset keys
on RPL-P platform.
[ Rearranged the entry in SSID order by tiwai ]
Signed-off-by: Saranya Gopal <saranya.gopal@intel.com>
Signed-off-by: Ninad Naik <ninad.naik@intel.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221011044916.2278867-1-saranya.gopal@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9433,6 +9433,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x10ec, 0x10f2, "Intel Reference board", ALC700_FIXUP_INTEL_REFERENCE),
SND_PCI_QUIRK(0x10ec, 0x118c, "Medion EE4254 MD62100", ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE),
SND_PCI_QUIRK(0x10ec, 0x1230, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
+ SND_PCI_QUIRK(0x10ec, 0x124c, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
SND_PCI_QUIRK(0x10ec, 0x1252, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
SND_PCI_QUIRK(0x10ec, 0x1254, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK),
SND_PCI_QUIRK(0x10f7, 0x8338, "Panasonic CF-SZ6", ALC269_FIXUP_HEADSET_MODE),
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 009/862] mtd: rawnand: atmel: Unmap streaming DMA mappings
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 008/862] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 010/862] io_uring: add custom opcode hooks on fail Greg Kroah-Hartman
` (867 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Alexander Dahl,
Peter Rosin, Boris Brezillon, Miquel Raynal
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 1161703c9bd664da5e3b2eb1a3bb40c210e026ea upstream.
Every dma_map_single() call should have its dma_unmap_single() counterpart,
because the DMA address space is a shared resource and one could render the
machine unusable by consuming all DMA addresses.
Link: https://lore.kernel.org/lkml/13c6c9a2-6db5-c3bf-349b-4c127ad3496a@axentia.se/
Cc: stable@vger.kernel.org
Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Alexander Dahl <ada@thorsis.com>
Reported-by: Peter Rosin <peda@axentia.se>
Tested-by: Alexander Dahl <ada@thorsis.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Tested-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220728074014.145406-1-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/atmel/nand-controller.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/nand/raw/atmel/nand-controller.c
+++ b/drivers/mtd/nand/raw/atmel/nand-controller.c
@@ -405,6 +405,7 @@ static int atmel_nand_dma_transfer(struc
dma_async_issue_pending(nc->dmac);
wait_for_completion(&finished);
+ dma_unmap_single(nc->dev, buf_dma, len, dir);
return 0;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 010/862] io_uring: add custom opcode hooks on fail
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 009/862] mtd: rawnand: atmel: Unmap streaming DMA mappings Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 011/862] io_uring/rw: dont lose partial IO result " Greg Kroah-Hartman
` (866 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit a47b255e90395bdb481975ab3d9e96fcf8b3165f upstream.
Sometimes we have to do a little bit of a fixup on a request failuer in
io_req_complete_failed(). Add a callback in opdef for that.
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b734cff4e67cb30cca976b9face321023f37549a.1663668091.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/io_uring.c | 4 ++++
io_uring/opdef.h | 1 +
2 files changed, 5 insertions(+)
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -823,8 +823,12 @@ inline void __io_req_complete(struct io_
void io_req_complete_failed(struct io_kiocb *req, s32 res)
{
+ const struct io_op_def *def = &io_op_defs[req->opcode];
+
req_set_fail(req);
io_req_set_res(req, res, io_put_kbuf(req, IO_URING_F_UNLOCKED));
+ if (def->fail)
+ def->fail(req);
io_req_complete_post(req);
}
--- a/io_uring/opdef.h
+++ b/io_uring/opdef.h
@@ -36,6 +36,7 @@ struct io_op_def {
int (*issue)(struct io_kiocb *, unsigned int);
int (*prep_async)(struct io_kiocb *);
void (*cleanup)(struct io_kiocb *);
+ void (*fail)(struct io_kiocb *);
};
extern const struct io_op_def io_op_defs[];
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 011/862] io_uring/rw: dont lose partial IO result on fail
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 010/862] io_uring: add custom opcode hooks on fail Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 012/862] io_uring/net: dont lose partial send/recv " Greg Kroah-Hartman
` (865 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 47b4c68660752facfa6247b1fc9ca9d722b8b601 upstream.
A partially done read/write may end up in io_req_complete_failed() and
loose the result, make sure we return the number of bytes processed.
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/05e0879c226bcd53b441bf92868eadd4bf04e2fc.1663668091.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/opdef.c | 6 ++++++
io_uring/rw.c | 8 ++++++++
io_uring/rw.h | 1 +
3 files changed, 15 insertions(+)
--- a/io_uring/opdef.c
+++ b/io_uring/opdef.c
@@ -69,6 +69,7 @@ const struct io_op_def io_op_defs[] = {
.issue = io_read,
.prep_async = io_readv_prep_async,
.cleanup = io_readv_writev_cleanup,
+ .fail = io_rw_fail,
},
[IORING_OP_WRITEV] = {
.needs_file = 1,
@@ -85,6 +86,7 @@ const struct io_op_def io_op_defs[] = {
.issue = io_write,
.prep_async = io_writev_prep_async,
.cleanup = io_readv_writev_cleanup,
+ .fail = io_rw_fail,
},
[IORING_OP_FSYNC] = {
.needs_file = 1,
@@ -105,6 +107,7 @@ const struct io_op_def io_op_defs[] = {
.name = "READ_FIXED",
.prep = io_prep_rw,
.issue = io_read,
+ .fail = io_rw_fail,
},
[IORING_OP_WRITE_FIXED] = {
.needs_file = 1,
@@ -119,6 +122,7 @@ const struct io_op_def io_op_defs[] = {
.name = "WRITE_FIXED",
.prep = io_prep_rw,
.issue = io_write,
+ .fail = io_rw_fail,
},
[IORING_OP_POLL_ADD] = {
.needs_file = 1,
@@ -273,6 +277,7 @@ const struct io_op_def io_op_defs[] = {
.name = "READ",
.prep = io_prep_rw,
.issue = io_read,
+ .fail = io_rw_fail,
},
[IORING_OP_WRITE] = {
.needs_file = 1,
@@ -287,6 +292,7 @@ const struct io_op_def io_op_defs[] = {
.name = "WRITE",
.prep = io_prep_rw,
.issue = io_write,
+ .fail = io_rw_fail,
},
[IORING_OP_FADVISE] = {
.needs_file = 1,
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -984,6 +984,14 @@ static void io_cqring_ev_posted_iopoll(s
io_cqring_wake(ctx);
}
+void io_rw_fail(struct io_kiocb *req)
+{
+ int res;
+
+ res = io_fixup_rw_res(req, req->cqe.res);
+ io_req_set_res(req, res, req->cqe.flags);
+}
+
int io_do_iopoll(struct io_ring_ctx *ctx, bool force_nonspin)
{
struct io_wq_work_node *pos, *start, *prev;
--- a/io_uring/rw.h
+++ b/io_uring/rw.h
@@ -21,3 +21,4 @@ int io_readv_prep_async(struct io_kiocb
int io_write(struct io_kiocb *req, unsigned int issue_flags);
int io_writev_prep_async(struct io_kiocb *req);
void io_readv_writev_cleanup(struct io_kiocb *req);
+void io_rw_fail(struct io_kiocb *req);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 012/862] io_uring/net: dont lose partial send/recv on fail
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 011/862] io_uring/rw: dont lose partial IO result " Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 013/862] io_uring/rw: fix unexpected link breakage Greg Kroah-Hartman
` (864 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 7e6b638ed501cced4e472298d6b08dd16346f3a6 upstream.
Just as with rw, partial send/recv may end up in
io_req_complete_failed() and loose the result, make sure we return the
number of bytes processed.
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/a4ff95897b5419356fca9ea55db91ac15b2975f9.1663668091.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 10 ++++++++++
io_uring/net.h | 2 ++
io_uring/opdef.c | 4 ++++
3 files changed, 16 insertions(+)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -1087,6 +1087,16 @@ int io_sendzc(struct io_kiocb *req, unsi
return IOU_OK;
}
+void io_sendrecv_fail(struct io_kiocb *req)
+{
+ struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg);
+ int res = req->cqe.res;
+
+ if (req->flags & REQ_F_PARTIAL_IO)
+ res = sr->done_io;
+ io_req_set_res(req, res, req->cqe.flags);
+}
+
int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_accept *accept = io_kiocb_to_cmd(req, struct io_accept);
--- a/io_uring/net.h
+++ b/io_uring/net.h
@@ -43,6 +43,8 @@ int io_recvmsg_prep(struct io_kiocb *req
int io_recvmsg(struct io_kiocb *req, unsigned int issue_flags);
int io_recv(struct io_kiocb *req, unsigned int issue_flags);
+void io_sendrecv_fail(struct io_kiocb *req);
+
int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe);
int io_accept(struct io_kiocb *req, unsigned int issue_flags);
--- a/io_uring/opdef.c
+++ b/io_uring/opdef.c
@@ -157,6 +157,7 @@ const struct io_op_def io_op_defs[] = {
.issue = io_sendmsg,
.prep_async = io_sendmsg_prep_async,
.cleanup = io_sendmsg_recvmsg_cleanup,
+ .fail = io_sendrecv_fail,
#else
.prep = io_eopnotsupp_prep,
#endif
@@ -174,6 +175,7 @@ const struct io_op_def io_op_defs[] = {
.issue = io_recvmsg,
.prep_async = io_recvmsg_prep_async,
.cleanup = io_sendmsg_recvmsg_cleanup,
+ .fail = io_sendrecv_fail,
#else
.prep = io_eopnotsupp_prep,
#endif
@@ -316,6 +318,7 @@ const struct io_op_def io_op_defs[] = {
#if defined(CONFIG_NET)
.prep = io_sendmsg_prep,
.issue = io_send,
+ .fail = io_sendrecv_fail,
#else
.prep = io_eopnotsupp_prep,
#endif
@@ -331,6 +334,7 @@ const struct io_op_def io_op_defs[] = {
#if defined(CONFIG_NET)
.prep = io_recvmsg_prep,
.issue = io_recv,
+ .fail = io_sendrecv_fail,
#else
.prep = io_eopnotsupp_prep,
#endif
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 013/862] io_uring/rw: fix unexpected link breakage
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 012/862] io_uring/net: dont lose partial send/recv " Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 014/862] io_uring/rw: dont lose short results on io_setup_async_rw() Greg Kroah-Hartman
` (863 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe, Beld Zhang
From: Pavel Begunkov <asml.silence@gmail.com>
commit bf68b5b34311ee57ed40749a1257a30b46127556 upstream.
req->cqe.res is set in io_read() to the amount of bytes left to be done,
which is used to figure out whether to fail a read or not. However,
io_read() may do another without returning, and we stash the previous
value into ->bytes_done but forget to update cqe.res. Then we ask a read
to do strictly less than cqe.res but expect the return to be exactly
cqe.res.
Fix the bug by updating cqe.res for retries.
Cc: stable@vger.kernel.org
Reported-and-Tested-by: Beld Zhang <beldzhang@gmail.com>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/3a1088440c7be98e5800267af922a67da0ef9f13.1664235732.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/rw.c | 1 +
1 file changed, 1 insertion(+)
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -823,6 +823,7 @@ int io_read(struct io_kiocb *req, unsign
return -EAGAIN;
}
+ req->cqe.res = iov_iter_count(&s->iter);
/*
* Now retry read with the IOCB_WAITQ parts set in the iocb. If
* we get -EIOCBQUEUED, then we'll get a notification when the
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 014/862] io_uring/rw: dont lose short results on io_setup_async_rw()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 013/862] io_uring/rw: fix unexpected link breakage Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 015/862] io_uring/net: fix fast_iov assignment in io_setup_async_msg() Greg Kroah-Hartman
` (862 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit c278d9f8ac0db5590909e6d9e85b5ca2b786704f upstream.
If a retry io_setup_async_rw() fails we lose result from the first
io_iter_do_read(), which is a problem mostly for streams/sockets.
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/0e8d20cebe5fc9c96ed268463c394237daabc384.1664235732.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/rw.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -794,10 +794,12 @@ int io_read(struct io_kiocb *req, unsign
iov_iter_restore(&s->iter, &s->iter_state);
ret2 = io_setup_async_rw(req, iovec, s, true);
- if (ret2)
- return ret2;
-
iovec = NULL;
+ if (ret2) {
+ ret = ret > 0 ? ret : ret2;
+ goto done;
+ }
+
io = req->async_data;
s = &io->s;
/*
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 015/862] io_uring/net: fix fast_iov assignment in io_setup_async_msg()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 014/862] io_uring/rw: dont lose short results on io_setup_async_rw() Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 016/862] io_uring/net: dont update msg_name if not provided Greg Kroah-Hartman
` (861 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Metzmacher, Pavel Begunkov,
Jens Axboe
From: Stefan Metzmacher <metze@samba.org>
commit 3e4cb6ebbb2bad201c1186bc0b7e8cf41dd7f7e6 upstream.
I hit a very bad problem during my tests of SENDMSG_ZC.
BUG(); in first_iovec_segment() triggered very easily.
The problem was io_setup_async_msg() in the partial retry case,
which seems to happen more often with _ZC.
iov_iter_iovec_advance() may change i->iov in order to have i->iov_offset
being only relative to the first element.
Which means kmsg->msg.msg_iter.iov is no longer the
same as kmsg->fast_iov.
But this would rewind the copy to be the start of
async_msg->fast_iov, which means the internal
state of sync_msg->msg.msg_iter is inconsitent.
I tested with 5 vectors with length like this 4, 0, 64, 20, 8388608
and got a short writes with:
- ret=2675244 min_ret=8388692 => remaining 5713448 sr->done_io=2675244
- ret=-EAGAIN => io_uring_poll_arm
- ret=4911225 min_ret=5713448 => remaining 802223 sr->done_io=7586469
- ret=-EAGAIN => io_uring_poll_arm
- ret=802223 min_ret=802223 => res=8388692
While this was easily triggered with SENDMSG_ZC (queued for 6.1),
it was a potential problem starting with 7ba89d2af17aa879dda30f5d5d3f152e587fc551
in 5.18 for IORING_OP_RECVMSG.
And also with 4c3c09439c08b03d9503df0ca4c7619c5842892e in 5.19
for IORING_OP_SENDMSG.
However 257e84a5377fbbc336ff563833a8712619acce56 introduced the critical
code into io_setup_async_msg() in 5.11.
Fixes: 7ba89d2af17aa ("io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly")
Fixes: 257e84a5377fb ("io_uring: refactor sendmsg/recvmsg iov managing")
Cc: stable@vger.kernel.org
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b2e7be246e2fb173520862b0c7098e55767567a2.1664436949.git.metze@samba.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -165,8 +165,10 @@ static int io_setup_async_msg(struct io_
memcpy(async_msg, kmsg, sizeof(*kmsg));
async_msg->msg.msg_name = &async_msg->addr;
/* if were using fast_iov, set it to the new one */
- if (!async_msg->free_iov)
- async_msg->msg.msg_iter.iov = async_msg->fast_iov;
+ if (!kmsg->free_iov) {
+ size_t fast_idx = kmsg->msg.msg_iter.iov - kmsg->fast_iov;
+ async_msg->msg.msg_iter.iov = &async_msg->fast_iov[fast_idx];
+ }
return -EAGAIN;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 016/862] io_uring/net: dont update msg_name if not provided
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 015/862] io_uring/net: fix fast_iov assignment in io_setup_async_msg() Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 017/862] io_uring: limit registration w/ SINGLE_ISSUER Greg Kroah-Hartman
` (860 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 6f10ae8a155446248055c7ddd480ef40139af788 upstream.
io_sendmsg_copy_hdr() may clear msg->msg_name if the userspace didn't
provide it, we should retain NULL in this case.
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/97d49f61b5ec76d0900df658cfde3aa59ff22121.1664486545.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -163,7 +163,8 @@ static int io_setup_async_msg(struct io_
}
req->flags |= REQ_F_NEED_CLEANUP;
memcpy(async_msg, kmsg, sizeof(*kmsg));
- async_msg->msg.msg_name = &async_msg->addr;
+ if (async_msg->msg.msg_name)
+ async_msg->msg.msg_name = &async_msg->addr;
/* if were using fast_iov, set it to the new one */
if (!kmsg->free_iov) {
size_t fast_idx = kmsg->msg.msg_iter.iov - kmsg->fast_iov;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 017/862] io_uring: limit registration w/ SINGLE_ISSUER
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 016/862] io_uring/net: dont update msg_name if not provided Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 018/862] io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT Greg Kroah-Hartman
` (859 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit d7cce96c449e35bbfd41e830b341b95973891eed upstream.
IORING_SETUP_SINGLE_ISSUER restricts what tasks can submit requests.
Extend it to registration as well, so non-owning task can't do
registrations. It's not necessary at the moment but might be useful in
the future.
Cc: <stable@vger.kernel.org> # 6.0
Fixes: 97bbdc06a444 ("io_uring: add IORING_SETUP_SINGLE_ISSUER")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/f52a6a9c8a8990d4a831f73c0571e7406aac2bba.1664237592.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/io_uring.c | 3 +++
1 file changed, 3 insertions(+)
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -3710,6 +3710,9 @@ static int __io_uring_register(struct io
if (WARN_ON_ONCE(percpu_ref_is_dying(&ctx->refs)))
return -ENXIO;
+ if (ctx->submitter_task && ctx->submitter_task != current)
+ return -EEXIST;
+
if (ctx->restricted) {
if (opcode >= IORING_REGISTER_LAST)
return -EINVAL;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 018/862] io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 017/862] io_uring: limit registration w/ SINGLE_ISSUER Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 019/862] io_uring/af_unix: defer registered files gc to io_uring release Greg Kroah-Hartman
` (858 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aidan Sun, Jens Axboe
From: Jens Axboe <axboe@kernel.dk>
commit 3fb1bd68817288729179444caf1fd5c5c4d2d65d upstream.
We treat EINPROGRESS like EAGAIN, but if we're retrying post getting
EINPROGRESS, then we just need to check the socket for errors and
terminate the request.
This was exposed on a bluetooth connection request which ends up
taking a while and hitting EINPROGRESS, and yields a CQE result of
-EBADFD because we're retrying a connect on a socket that is now
connected.
Cc: stable@vger.kernel.org
Fixes: 87f80d623c6c ("io_uring: handle connect -EINPROGRESS like -EAGAIN")
Link: https://github.com/axboe/liburing/issues/671
Reported-by: Aidan Sun <aidansun05@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -46,6 +46,7 @@ struct io_connect {
struct file *file;
struct sockaddr __user *addr;
int addr_len;
+ bool in_progress;
};
struct io_sr_msg {
@@ -1263,6 +1264,7 @@ int io_connect_prep(struct io_kiocb *req
conn->addr = u64_to_user_ptr(READ_ONCE(sqe->addr));
conn->addr_len = READ_ONCE(sqe->addr2);
+ conn->in_progress = false;
return 0;
}
@@ -1274,6 +1276,16 @@ int io_connect(struct io_kiocb *req, uns
int ret;
bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK;
+ if (connect->in_progress) {
+ struct socket *socket;
+
+ ret = -ENOTSOCK;
+ socket = sock_from_file(req->file);
+ if (socket)
+ ret = sock_error(socket->sk);
+ goto out;
+ }
+
if (req_has_async_data(req)) {
io = req->async_data;
} else {
@@ -1290,13 +1302,17 @@ int io_connect(struct io_kiocb *req, uns
ret = __sys_connect_file(req->file, &io->address,
connect->addr_len, file_flags);
if ((ret == -EAGAIN || ret == -EINPROGRESS) && force_nonblock) {
- if (req_has_async_data(req))
- return -EAGAIN;
- if (io_alloc_async_data(req)) {
- ret = -ENOMEM;
- goto out;
+ if (ret == -EINPROGRESS) {
+ connect->in_progress = true;
+ } else {
+ if (req_has_async_data(req))
+ return -EAGAIN;
+ if (io_alloc_async_data(req)) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ memcpy(req->async_data, &__io, sizeof(__io));
}
- memcpy(req->async_data, &__io, sizeof(__io));
return -EAGAIN;
}
if (ret == -ERESTARTSYS)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 019/862] io_uring/af_unix: defer registered files gc to io_uring release
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 018/862] io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 020/862] io_uring: correct pinned_vm accounting Greg Kroah-Hartman
` (857 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Begunkov,
Thadeu Lima de Souza Cascardo, Jens Axboe, David Bouman
From: Pavel Begunkov <asml.silence@gmail.com>
commit 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 upstream.
Instead of putting io_uring's registered files in unix_gc() we want it
to be done by io_uring itself. The trick here is to consider io_uring
registered files for cycle detection but not actually putting them down.
Because io_uring can't register other ring instances, this will remove
all refs to the ring file triggering the ->release path and clean up
with io_ring_ctx_free().
Cc: stable@vger.kernel.org
Fixes: 6b06314c47e1 ("io_uring: add file set registration")
Reported-and-tested-by: David Bouman <dbouman03@gmail.com>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
[axboe: add kerneldoc comment to skb, fold in skb leak fix]
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/skbuff.h | 2 ++
io_uring/rsrc.c | 1 +
net/unix/garbage.c | 20 ++++++++++++++++++++
3 files changed, 23 insertions(+)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -796,6 +796,7 @@ typedef unsigned char *sk_buff_data_t;
* @csum_level: indicates the number of consecutive checksums found in
* the packet minus one that have been verified as
* CHECKSUM_UNNECESSARY (max 3)
+ * @scm_io_uring: SKB holds io_uring registered files
* @dst_pending_confirm: need to confirm neighbour
* @decrypted: Decrypted SKB
* @slow_gro: state present at GRO time, slower prepare step required
@@ -975,6 +976,7 @@ struct sk_buff {
#endif
__u8 slow_gro:1;
__u8 csum_not_inet:1;
+ __u8 scm_io_uring:1;
#ifdef CONFIG_NET_SCHED
__u16 tc_index; /* traffic control index */
--- a/io_uring/rsrc.c
+++ b/io_uring/rsrc.c
@@ -855,6 +855,7 @@ int __io_scm_file_account(struct io_ring
UNIXCB(skb).fp = fpl;
skb->sk = sk;
+ skb->scm_io_uring = 1;
skb->destructor = unix_destruct_scm;
refcount_add(skb->truesize, &sk->sk_wmem_alloc);
}
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -204,6 +204,7 @@ void wait_for_unix_gc(void)
/* The external entry point: unix_gc() */
void unix_gc(void)
{
+ struct sk_buff *next_skb, *skb;
struct unix_sock *u;
struct unix_sock *next;
struct sk_buff_head hitlist;
@@ -297,11 +298,30 @@ void unix_gc(void)
spin_unlock(&unix_gc_lock);
+ /* We need io_uring to clean its registered files, ignore all io_uring
+ * originated skbs. It's fine as io_uring doesn't keep references to
+ * other io_uring instances and so killing all other files in the cycle
+ * will put all io_uring references forcing it to go through normal
+ * release.path eventually putting registered files.
+ */
+ skb_queue_walk_safe(&hitlist, skb, next_skb) {
+ if (skb->scm_io_uring) {
+ __skb_unlink(skb, &hitlist);
+ skb_queue_tail(&skb->sk->sk_receive_queue, skb);
+ }
+ }
+
/* Here we are. Hitlist is filled. Die. */
__skb_queue_purge(&hitlist);
spin_lock(&unix_gc_lock);
+ /* There could be io_uring registered files, just push them back to
+ * the inflight list
+ */
+ list_for_each_entry_safe(u, next, &gc_candidates, link)
+ list_move_tail(&u->link, &gc_inflight_list);
+
/* All candidates should have been detached by now. */
BUG_ON(!list_empty(&gc_candidates));
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 020/862] io_uring: correct pinned_vm accounting
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 019/862] io_uring/af_unix: defer registered files gc to io_uring release Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 021/862] hv_netvsc: Fix race between VF offering and VF association message from host Greg Kroah-Hartman
` (856 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stable, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 42b6419d0aba47c5d8644cdc0b68502254671de5 upstream.
->mm_account should be released only after we free all registered
buffers, otherwise __io_sqe_buffers_unregister() will see a NULL
->mm_account and skip locked_vm accounting.
Cc: <Stable@vger.kernel.org>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/6d798f65ed4ab8db3664c4d3397d4af16ca98846.1664849932.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/io_uring.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -2422,12 +2422,6 @@ static void io_req_caches_free(struct io
static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx)
{
io_sq_thread_finish(ctx);
-
- if (ctx->mm_account) {
- mmdrop(ctx->mm_account);
- ctx->mm_account = NULL;
- }
-
io_rsrc_refs_drop(ctx);
/* __io_rsrc_put_work() may need uring_lock to progress, wait w/o it */
io_wait_rsrc_data(ctx->buf_data);
@@ -2470,6 +2464,10 @@ static __cold void io_ring_ctx_free(stru
WARN_ON_ONCE(!list_empty(&ctx->ltimeout_list));
WARN_ON_ONCE(ctx->notif_slots || ctx->nr_notif_slots);
+ if (ctx->mm_account) {
+ mmdrop(ctx->mm_account);
+ ctx->mm_account = NULL;
+ }
io_mem_free(ctx->rings);
io_mem_free(ctx->sq_sqes);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 021/862] hv_netvsc: Fix race between VF offering and VF association message from host
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 020/862] io_uring: correct pinned_vm accounting Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 022/862] cifs: destage dirty pages before re-reading them for cache=none Greg Kroah-Hartman
` (855 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haiyang Zhang, Gaurav Kohli, David S. Miller
From: Gaurav Kohli <gauravkohli@linux.microsoft.com>
commit 365e1ececb2905f94cc10a5817c5b644a32a3ae2 upstream.
During vm boot, there might be possibility that vf registration
call comes before the vf association from host to vm.
And this might break netvsc vf path, To prevent the same block
vf registration until vf bind message comes from host.
Cc: stable@vger.kernel.org
Fixes: 00d7ddba11436 ("hv_netvsc: pair VF based on serial number")
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Gaurav Kohli <gauravkohli@linux.microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/hyperv_net.h | 3 ++-
drivers/net/hyperv/netvsc.c | 4 ++++
drivers/net/hyperv/netvsc_drv.c | 19 +++++++++++++++++++
3 files changed, 25 insertions(+), 1 deletion(-)
--- a/drivers/net/hyperv/hyperv_net.h
+++ b/drivers/net/hyperv/hyperv_net.h
@@ -1051,7 +1051,8 @@ struct net_device_context {
u32 vf_alloc;
/* Serial number of the VF to team with */
u32 vf_serial;
-
+ /* completion variable to confirm vf association */
+ struct completion vf_add;
/* Is the current data path through the VF NIC? */
bool data_path_is_vf;
--- a/drivers/net/hyperv/netvsc.c
+++ b/drivers/net/hyperv/netvsc.c
@@ -1580,6 +1580,10 @@ static void netvsc_send_vf(struct net_de
net_device_ctx->vf_alloc = nvmsg->msg.v4_msg.vf_assoc.allocated;
net_device_ctx->vf_serial = nvmsg->msg.v4_msg.vf_assoc.serial;
+
+ if (net_device_ctx->vf_alloc)
+ complete(&net_device_ctx->vf_add);
+
netdev_info(ndev, "VF slot %u %s\n",
net_device_ctx->vf_serial,
net_device_ctx->vf_alloc ? "added" : "removed");
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -2313,6 +2313,18 @@ static struct net_device *get_netvsc_bys
}
+ /* Fallback path to check synthetic vf with
+ * help of mac addr
+ */
+ list_for_each_entry(ndev_ctx, &netvsc_dev_list, list) {
+ ndev = hv_get_drvdata(ndev_ctx->device_ctx);
+ if (ether_addr_equal(vf_netdev->perm_addr, ndev->perm_addr)) {
+ netdev_notice(vf_netdev,
+ "falling back to mac addr based matching\n");
+ return ndev;
+ }
+ }
+
netdev_notice(vf_netdev,
"no netdev found for vf serial:%u\n", serial);
return NULL;
@@ -2409,6 +2421,11 @@ static int netvsc_vf_changed(struct net_
if (net_device_ctx->data_path_is_vf == vf_is_up)
return NOTIFY_OK;
+ if (vf_is_up && !net_device_ctx->vf_alloc) {
+ netdev_info(ndev, "Waiting for the VF association from host\n");
+ wait_for_completion(&net_device_ctx->vf_add);
+ }
+
ret = netvsc_switch_datapath(ndev, vf_is_up);
if (ret) {
@@ -2440,6 +2457,7 @@ static int netvsc_unregister_vf(struct n
netvsc_vf_setxdp(vf_netdev, NULL);
+ reinit_completion(&net_device_ctx->vf_add);
netdev_rx_handler_unregister(vf_netdev);
netdev_upper_dev_unlink(vf_netdev, ndev);
RCU_INIT_POINTER(net_device_ctx->vf_netdev, NULL);
@@ -2479,6 +2497,7 @@ static int netvsc_probe(struct hv_device
INIT_DELAYED_WORK(&net_device_ctx->dwork, netvsc_link_change);
+ init_completion(&net_device_ctx->vf_add);
spin_lock_init(&net_device_ctx->lock);
INIT_LIST_HEAD(&net_device_ctx->reconfig_events);
INIT_DELAYED_WORK(&net_device_ctx->vf_takeover, netvsc_vf_setup);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 022/862] cifs: destage dirty pages before re-reading them for cache=none
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 021/862] hv_netvsc: Fix race between VF offering and VF association message from host Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 023/862] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Greg Kroah-Hartman
` (854 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paulo Alcantara (SUSE),
Enzo Matsumiya, Ronnie Sahlberg, Steve French
From: Ronnie Sahlberg <lsahlber@redhat.com>
commit bb44c31cdcac107344dd2fcc3bd0504a53575c51 upstream.
This is the opposite case of kernel bugzilla 216301.
If we mmap a file using cache=none and then proceed to update the mmapped
area these updates are not reflected in a later pread() of that part of the
file.
To fix this we must first destage any dirty pages in the range before
we allow the pread() to proceed.
Cc: stable@vger.kernel.org
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/file.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -4271,6 +4271,15 @@ static ssize_t __cifs_readv(
len = ctx->len;
}
+ if (direct) {
+ rc = filemap_write_and_wait_range(file->f_inode->i_mapping,
+ offset, offset + len - 1);
+ if (rc) {
+ kref_put(&ctx->refcount, cifs_aio_ctx_release);
+ return -EAGAIN;
+ }
+ }
+
/* grab a lock here due to read response handlers can access ctx */
mutex_lock(&ctx->aio_mutex);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 023/862] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 022/862] cifs: destage dirty pages before re-reading them for cache=none Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 024/862] iio: dac: ad5593r: Fix i2c read protocol requirements Greg Kroah-Hartman
` (853 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Xiaoxu, Paulo Alcantara (SUSE),
Tom Talpey, Steve French
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
commit e98ecc6e94f4e6d21c06660b0f336df02836694f upstream.
Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list")
extend the dialects from 3 to 4, but forget to decrease the extended
length when specific the dialect, then the message length is larger
than expected.
This maybe leak some info through network because not initialize the
message body.
After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is
reduced from 28 bytes to 26 bytes.
Fixes: d5c7076b772a ("smb3: add smb3.1.1 to default dialect list")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Cc: <stable@vger.kernel.org>
Acked-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Reviewed-by: Tom Talpey <tom@talpey.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1169,9 +1169,9 @@ int smb3_validate_negotiate(const unsign
pneg_inbuf->Dialects[0] =
cpu_to_le16(server->vals->protocol_id);
pneg_inbuf->DialectCount = cpu_to_le16(1);
- /* structure is big enough for 3 dialects, sending only 1 */
+ /* structure is big enough for 4 dialects, sending only 1 */
inbuflen = sizeof(*pneg_inbuf) -
- sizeof(pneg_inbuf->Dialects[0]) * 2;
+ sizeof(pneg_inbuf->Dialects[0]) * 3;
}
rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 024/862] iio: dac: ad5593r: Fix i2c read protocol requirements
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 023/862] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 025/862] iio: ltc2497: Fix reading conversion results Greg Kroah-Hartman
` (852 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Hennerich, Nuno Sá,
Stable, Jonathan Cameron
From: Michael Hennerich <michael.hennerich@analog.com>
commit 558a25f903b4af6361b7fbeea08a6446a0745653 upstream.
For reliable operation across the full range of supported
interface rates, the AD5593R needs a STOP condition between
address write, and data read (like show in the datasheet Figure 40)
so in turn i2c_smbus_read_word_swapped cannot be used.
While at it, a simple helper was added to make the code simpler.
Fixes: 56ca9db862bf ("iio: dac: Add support for the AD5592R/AD5593R ADCs/DACs")
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220913073413.140475-2-nuno.sa@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/dac/ad5593r.c | 46 +++++++++++++++++++++++++++-------------------
1 file changed, 27 insertions(+), 19 deletions(-)
--- a/drivers/iio/dac/ad5593r.c
+++ b/drivers/iio/dac/ad5593r.c
@@ -13,6 +13,8 @@
#include <linux/module.h>
#include <linux/mod_devicetable.h>
+#include <asm/unaligned.h>
+
#define AD5593R_MODE_CONF (0 << 4)
#define AD5593R_MODE_DAC_WRITE (1 << 4)
#define AD5593R_MODE_ADC_READBACK (4 << 4)
@@ -20,6 +22,24 @@
#define AD5593R_MODE_GPIO_READBACK (6 << 4)
#define AD5593R_MODE_REG_READBACK (7 << 4)
+static int ad5593r_read_word(struct i2c_client *i2c, u8 reg, u16 *value)
+{
+ int ret;
+ u8 buf[2];
+
+ ret = i2c_smbus_write_byte(i2c, reg);
+ if (ret < 0)
+ return ret;
+
+ ret = i2c_master_recv(i2c, buf, sizeof(buf));
+ if (ret < 0)
+ return ret;
+
+ *value = get_unaligned_be16(buf);
+
+ return 0;
+}
+
static int ad5593r_write_dac(struct ad5592r_state *st, unsigned chan, u16 value)
{
struct i2c_client *i2c = to_i2c_client(st->dev);
@@ -38,13 +58,7 @@ static int ad5593r_read_adc(struct ad559
if (val < 0)
return (int) val;
- val = i2c_smbus_read_word_swapped(i2c, AD5593R_MODE_ADC_READBACK);
- if (val < 0)
- return (int) val;
-
- *value = (u16) val;
-
- return 0;
+ return ad5593r_read_word(i2c, AD5593R_MODE_ADC_READBACK, value);
}
static int ad5593r_reg_write(struct ad5592r_state *st, u8 reg, u16 value)
@@ -58,25 +72,19 @@ static int ad5593r_reg_write(struct ad55
static int ad5593r_reg_read(struct ad5592r_state *st, u8 reg, u16 *value)
{
struct i2c_client *i2c = to_i2c_client(st->dev);
- s32 val;
-
- val = i2c_smbus_read_word_swapped(i2c, AD5593R_MODE_REG_READBACK | reg);
- if (val < 0)
- return (int) val;
- *value = (u16) val;
-
- return 0;
+ return ad5593r_read_word(i2c, AD5593R_MODE_REG_READBACK | reg, value);
}
static int ad5593r_gpio_read(struct ad5592r_state *st, u8 *value)
{
struct i2c_client *i2c = to_i2c_client(st->dev);
- s32 val;
+ u16 val;
+ int ret;
- val = i2c_smbus_read_word_swapped(i2c, AD5593R_MODE_GPIO_READBACK);
- if (val < 0)
- return (int) val;
+ ret = ad5593r_read_word(i2c, AD5593R_MODE_GPIO_READBACK, &val);
+ if (ret)
+ return ret;
*value = (u8) val;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 025/862] iio: ltc2497: Fix reading conversion results
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 024/862] iio: dac: ad5593r: Fix i2c read protocol requirements Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 026/862] iio: adc: ad7923: fix channel readings for some variants Greg Kroah-Hartman
` (851 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Meng Li, Uwe Kleine-König,
Denys Zagorui, Stable, Jonathan Cameron
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
commit 7f4f1096d5921f5d90547596f9ce80e0b924f887 upstream.
After the result of the previous conversion is read the chip
automatically starts a new conversion and doesn't accept new i2c
transfers until this conversion is completed which makes the function
return failure.
So add an early return iff the programming of the new address isn't
needed. Note this will not fix the problem in general, but all cases
that are currently used. Once this changes we get the failure back, but
this can be addressed when the need arises.
Fixes: 69548b7c2c4f ("iio: adc: ltc2497: split protocol independent part in a separate module ")
Reported-by: Meng Li <Meng.Li@windriver.com>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Tested-by: Denys Zagorui <dzagorui@cisco.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220815091647.1523532-1-dzagorui@cisco.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/ltc2497.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/iio/adc/ltc2497.c
+++ b/drivers/iio/adc/ltc2497.c
@@ -41,6 +41,19 @@ static int ltc2497_result_and_measure(st
}
*val = (be32_to_cpu(st->buf) >> 14) - (1 << 17);
+
+ /*
+ * The part started a new conversion at the end of the above i2c
+ * transfer, so if the address didn't change since the last call
+ * everything is fine and we can return early.
+ * If not (which should only happen when some sort of bulk
+ * conversion is implemented) we have to program the new
+ * address. Note that this probably fails as the conversion that
+ * was triggered above is like not complete yet and the two
+ * operations have to be done in a single transfer.
+ */
+ if (ddata->addr_prev == address)
+ return 0;
}
ret = i2c_smbus_write_byte(st->client,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 026/862] iio: adc: ad7923: fix channel readings for some variants
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 025/862] iio: ltc2497: Fix reading conversion results Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 027/862] iio: pressure: dps310: Refactor startup procedure Greg Kroah-Hartman
` (850 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nuno Sá, Stable, Jonathan Cameron
From: Nuno Sá <nuno.sa@analog.com>
commit f4f43f01cff2f29779343ade755191afd2581c77 upstream.
Some of the supported devices have 4 or 2 LSB trailing bits that should
not be taken into account. Hence we need to shift these bits out which
fits perfectly on the scan type shift property. This change fixes both
raw and buffered reads.
Fixes: f2f7a449707e ("iio:adc:ad7923: Add support for the ad7904/ad7914/ad7924")
Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20220912081223.173584-2-nuno.sa@analog.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/ad7923.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/iio/adc/ad7923.c
+++ b/drivers/iio/adc/ad7923.c
@@ -93,6 +93,7 @@ enum ad7923_id {
.sign = 'u', \
.realbits = (bits), \
.storagebits = 16, \
+ .shift = 12 - (bits), \
.endianness = IIO_BE, \
}, \
}
@@ -268,7 +269,8 @@ static int ad7923_read_raw(struct iio_de
return ret;
if (chan->address == EXTRACT(ret, 12, 4))
- *val = EXTRACT(ret, 0, 12);
+ *val = EXTRACT(ret, chan->scan_type.shift,
+ chan->scan_type.realbits);
else
return -EIO;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 027/862] iio: pressure: dps310: Refactor startup procedure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 026/862] iio: adc: ad7923: fix channel readings for some variants Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 028/862] iio: pressure: dps310: Reset chip after timeout Greg Kroah-Hartman
` (849 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Joel Stanley,
Andy Shevchenko, Jonathan Cameron
From: Eddie James <eajames@linux.ibm.com>
commit c2329717bdd3fa62f8a2f3d8d85ad0bee4556bd7 upstream.
Move the startup procedure into a function, and correct a missing
check on the return code for writing the PRS_CFG register.
Cc: <stable@vger.kernel.org>
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220915195719.136812-2-eajames@linux.ibm.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/dps310.c | 188 ++++++++++++++++++++++--------------------
1 file changed, 99 insertions(+), 89 deletions(-)
--- a/drivers/iio/pressure/dps310.c
+++ b/drivers/iio/pressure/dps310.c
@@ -159,6 +159,102 @@ static int dps310_get_coefs(struct dps31
return 0;
}
+/*
+ * Some versions of the chip will read temperatures in the ~60C range when
+ * it's actually ~20C. This is the manufacturer recommended workaround
+ * to correct the issue. The registers used below are undocumented.
+ */
+static int dps310_temp_workaround(struct dps310_data *data)
+{
+ int rc;
+ int reg;
+
+ rc = regmap_read(data->regmap, 0x32, ®);
+ if (rc)
+ return rc;
+
+ /*
+ * If bit 1 is set then the device is okay, and the workaround does not
+ * need to be applied
+ */
+ if (reg & BIT(1))
+ return 0;
+
+ rc = regmap_write(data->regmap, 0x0e, 0xA5);
+ if (rc)
+ return rc;
+
+ rc = regmap_write(data->regmap, 0x0f, 0x96);
+ if (rc)
+ return rc;
+
+ rc = regmap_write(data->regmap, 0x62, 0x02);
+ if (rc)
+ return rc;
+
+ rc = regmap_write(data->regmap, 0x0e, 0x00);
+ if (rc)
+ return rc;
+
+ return regmap_write(data->regmap, 0x0f, 0x00);
+}
+
+static int dps310_startup(struct dps310_data *data)
+{
+ int rc;
+ int ready;
+
+ /*
+ * Set up pressure sensor in single sample, one measurement per second
+ * mode
+ */
+ rc = regmap_write(data->regmap, DPS310_PRS_CFG, 0);
+ if (rc)
+ return rc;
+
+ /*
+ * Set up external (MEMS) temperature sensor in single sample, one
+ * measurement per second mode
+ */
+ rc = regmap_write(data->regmap, DPS310_TMP_CFG, DPS310_TMP_EXT);
+ if (rc)
+ return rc;
+
+ /* Temp and pressure shifts are disabled when PRC <= 8 */
+ rc = regmap_write_bits(data->regmap, DPS310_CFG_REG,
+ DPS310_PRS_SHIFT_EN | DPS310_TMP_SHIFT_EN, 0);
+ if (rc)
+ return rc;
+
+ /* MEAS_CFG doesn't update correctly unless first written with 0 */
+ rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
+ DPS310_MEAS_CTRL_BITS, 0);
+ if (rc)
+ return rc;
+
+ /* Turn on temperature and pressure measurement in the background */
+ rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
+ DPS310_MEAS_CTRL_BITS, DPS310_PRS_EN |
+ DPS310_TEMP_EN | DPS310_BACKGROUND);
+ if (rc)
+ return rc;
+
+ /*
+ * Calibration coefficients required for reporting temperature.
+ * They are available 40ms after the device has started
+ */
+ rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
+ ready & DPS310_COEF_RDY, 10000, 40000);
+ if (rc)
+ return rc;
+
+ rc = dps310_get_coefs(data);
+ if (rc)
+ return rc;
+
+ return dps310_temp_workaround(data);
+}
+
static int dps310_get_pres_precision(struct dps310_data *data)
{
int rc;
@@ -677,52 +773,12 @@ static const struct iio_info dps310_info
.write_raw = dps310_write_raw,
};
-/*
- * Some verions of chip will read temperatures in the ~60C range when
- * its actually ~20C. This is the manufacturer recommended workaround
- * to correct the issue. The registers used below are undocumented.
- */
-static int dps310_temp_workaround(struct dps310_data *data)
-{
- int rc;
- int reg;
-
- rc = regmap_read(data->regmap, 0x32, ®);
- if (rc < 0)
- return rc;
-
- /*
- * If bit 1 is set then the device is okay, and the workaround does not
- * need to be applied
- */
- if (reg & BIT(1))
- return 0;
-
- rc = regmap_write(data->regmap, 0x0e, 0xA5);
- if (rc < 0)
- return rc;
-
- rc = regmap_write(data->regmap, 0x0f, 0x96);
- if (rc < 0)
- return rc;
-
- rc = regmap_write(data->regmap, 0x62, 0x02);
- if (rc < 0)
- return rc;
-
- rc = regmap_write(data->regmap, 0x0e, 0x00);
- if (rc < 0)
- return rc;
-
- return regmap_write(data->regmap, 0x0f, 0x00);
-}
-
static int dps310_probe(struct i2c_client *client,
const struct i2c_device_id *id)
{
struct dps310_data *data;
struct iio_dev *iio;
- int rc, ready;
+ int rc;
iio = devm_iio_device_alloc(&client->dev, sizeof(*data));
if (!iio)
@@ -747,54 +803,8 @@ static int dps310_probe(struct i2c_clien
if (rc)
return rc;
- /*
- * Set up pressure sensor in single sample, one measurement per second
- * mode
- */
- rc = regmap_write(data->regmap, DPS310_PRS_CFG, 0);
-
- /*
- * Set up external (MEMS) temperature sensor in single sample, one
- * measurement per second mode
- */
- rc = regmap_write(data->regmap, DPS310_TMP_CFG, DPS310_TMP_EXT);
- if (rc < 0)
- return rc;
-
- /* Temp and pressure shifts are disabled when PRC <= 8 */
- rc = regmap_write_bits(data->regmap, DPS310_CFG_REG,
- DPS310_PRS_SHIFT_EN | DPS310_TMP_SHIFT_EN, 0);
- if (rc < 0)
- return rc;
-
- /* MEAS_CFG doesn't update correctly unless first written with 0 */
- rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
- DPS310_MEAS_CTRL_BITS, 0);
- if (rc < 0)
- return rc;
-
- /* Turn on temperature and pressure measurement in the background */
- rc = regmap_write_bits(data->regmap, DPS310_MEAS_CFG,
- DPS310_MEAS_CTRL_BITS, DPS310_PRS_EN |
- DPS310_TEMP_EN | DPS310_BACKGROUND);
- if (rc < 0)
- return rc;
-
- /*
- * Calibration coefficients required for reporting temperature.
- * They are available 40ms after the device has started
- */
- rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
- ready & DPS310_COEF_RDY, 10000, 40000);
- if (rc < 0)
- return rc;
-
- rc = dps310_get_coefs(data);
- if (rc < 0)
- return rc;
-
- rc = dps310_temp_workaround(data);
- if (rc < 0)
+ rc = dps310_startup(data);
+ if (rc)
return rc;
rc = devm_iio_device_register(&client->dev, iio);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 028/862] iio: pressure: dps310: Reset chip after timeout
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 027/862] iio: pressure: dps310: Refactor startup procedure Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 029/862] xhci: dbc: Fix memory leak in xhci_alloc_dbc() Greg Kroah-Hartman
` (848 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Andy Shevchenko,
Jonathan Cameron
From: Eddie James <eajames@linux.ibm.com>
commit 7b4ab4abcea4c0c10b25187bf2569e5a07e9a20c upstream.
The DPS310 chip has been observed to get "stuck" such that pressure
and temperature measurements are never indicated as "ready" in the
MEAS_CFG register. The only solution is to reset the device and try
again. In order to avoid continual failures, use a boolean flag to
only try the reset after timeout once if errors persist.
Fixes: ba6ec48e76bc ("iio: Add driver for Infineon DPS310")
Cc: <stable@vger.kernel.org>
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220915195719.136812-3-eajames@linux.ibm.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/dps310.c | 74 ++++++++++++++++++++++++++++++++++++------
1 file changed, 64 insertions(+), 10 deletions(-)
--- a/drivers/iio/pressure/dps310.c
+++ b/drivers/iio/pressure/dps310.c
@@ -89,6 +89,7 @@ struct dps310_data {
s32 c00, c10, c20, c30, c01, c11, c21;
s32 pressure_raw;
s32 temp_raw;
+ bool timeout_recovery_failed;
};
static const struct iio_chan_spec dps310_channels[] = {
@@ -393,11 +394,69 @@ static int dps310_get_temp_k(struct dps3
return scale_factors[ilog2(rc)];
}
+static int dps310_reset_wait(struct dps310_data *data)
+{
+ int rc;
+
+ rc = regmap_write(data->regmap, DPS310_RESET, DPS310_RESET_MAGIC);
+ if (rc)
+ return rc;
+
+ /* Wait for device chip access: 2.5ms in specification */
+ usleep_range(2500, 12000);
+ return 0;
+}
+
+static int dps310_reset_reinit(struct dps310_data *data)
+{
+ int rc;
+
+ rc = dps310_reset_wait(data);
+ if (rc)
+ return rc;
+
+ return dps310_startup(data);
+}
+
+static int dps310_ready_status(struct dps310_data *data, int ready_bit, int timeout)
+{
+ int sleep = DPS310_POLL_SLEEP_US(timeout);
+ int ready;
+
+ return regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready, ready & ready_bit,
+ sleep, timeout);
+}
+
+static int dps310_ready(struct dps310_data *data, int ready_bit, int timeout)
+{
+ int rc;
+
+ rc = dps310_ready_status(data, ready_bit, timeout);
+ if (rc) {
+ if (rc == -ETIMEDOUT && !data->timeout_recovery_failed) {
+ /* Reset and reinitialize the chip. */
+ if (dps310_reset_reinit(data)) {
+ data->timeout_recovery_failed = true;
+ } else {
+ /* Try again to get sensor ready status. */
+ if (dps310_ready_status(data, ready_bit, timeout))
+ data->timeout_recovery_failed = true;
+ else
+ return 0;
+ }
+ }
+
+ return rc;
+ }
+
+ data->timeout_recovery_failed = false;
+ return 0;
+}
+
static int dps310_read_pres_raw(struct dps310_data *data)
{
int rc;
int rate;
- int ready;
int timeout;
s32 raw;
u8 val[3];
@@ -409,9 +468,7 @@ static int dps310_read_pres_raw(struct d
timeout = DPS310_POLL_TIMEOUT_US(rate);
/* Poll for sensor readiness; base the timeout upon the sample rate. */
- rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
- ready & DPS310_PRS_RDY,
- DPS310_POLL_SLEEP_US(timeout), timeout);
+ rc = dps310_ready(data, DPS310_PRS_RDY, timeout);
if (rc)
goto done;
@@ -448,7 +505,6 @@ static int dps310_read_temp_raw(struct d
{
int rc;
int rate;
- int ready;
int timeout;
if (mutex_lock_interruptible(&data->lock))
@@ -458,10 +514,8 @@ static int dps310_read_temp_raw(struct d
timeout = DPS310_POLL_TIMEOUT_US(rate);
/* Poll for sensor readiness; base the timeout upon the sample rate. */
- rc = regmap_read_poll_timeout(data->regmap, DPS310_MEAS_CFG, ready,
- ready & DPS310_TMP_RDY,
- DPS310_POLL_SLEEP_US(timeout), timeout);
- if (rc < 0)
+ rc = dps310_ready(data, DPS310_TMP_RDY, timeout);
+ if (rc)
goto done;
rc = dps310_read_temp_ready(data);
@@ -756,7 +810,7 @@ static void dps310_reset(void *action_da
{
struct dps310_data *data = action_data;
- regmap_write(data->regmap, DPS310_RESET, DPS310_RESET_MAGIC);
+ dps310_reset_wait(data);
}
static const struct regmap_config dps310_regmap_config = {
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 029/862] xhci: dbc: Fix memory leak in xhci_alloc_dbc()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 028/862] iio: pressure: dps310: Reset chip after timeout Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 030/862] usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video() Greg Kroah-Hartman
` (847 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rafael Mendonca, Mathias Nyman
From: Rafael Mendonca <rafaelmendsr@gmail.com>
commit d591b32e519603524a35b172156db71df9116902 upstream.
If DbC is already in use, then the allocated memory for the xhci_dbc struct
doesn't get freed before returning NULL, which leads to a memleak.
Fixes: 534675942e90 ("xhci: dbc: refactor xhci_dbc_init()")
Cc: stable@vger.kernel.org
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220921123450.671459-3-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-dbgcap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/host/xhci-dbgcap.c
+++ b/drivers/usb/host/xhci-dbgcap.c
@@ -988,7 +988,7 @@ xhci_alloc_dbc(struct device *dev, void
dbc->driver = driver;
if (readl(&dbc->regs->control) & DBC_CTRL_DBC_ENABLE)
- return NULL;
+ goto err;
INIT_DELAYED_WORK(&dbc->event_work, xhci_dbc_handle_events);
spin_lock_init(&dbc->lock);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 030/862] usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 029/862] xhci: dbc: Fix memory leak in xhci_alloc_dbc() Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 031/862] usb: add quirks for Lenovo OneLink+ Dock Greg Kroah-Hartman
` (846 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Laurent Pinchart,
Kees Cook
From: Nathan Chancellor <nathan@kernel.org>
commit a15e17acce5aaae54243f55a7349c2225450b9bc upstream.
When building s390 allmodconfig after commit 9b91a6523078 ("usb: gadget:
uvc: increase worker prio to WQ_HIGHPRI"), the following error occurs:
In file included from ../include/linux/string.h:253,
from ../include/linux/bitmap.h:11,
from ../include/linux/cpumask.h:12,
from ../include/linux/smp.h:13,
from ../include/linux/lockdep.h:14,
from ../include/linux/rcupdate.h:29,
from ../include/linux/rculist.h:11,
from ../include/linux/pid.h:5,
from ../include/linux/sched.h:14,
from ../include/linux/ratelimit.h:6,
from ../include/linux/dev_printk.h:16,
from ../include/linux/device.h:15,
from ../drivers/usb/gadget/function/f_uvc.c:9:
In function ‘fortify_memset_chk’,
inlined from ‘uvc_register_video’ at ../drivers/usb/gadget/function/f_uvc.c:424:2:
../include/linux/fortify-string.h:301:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
301 | __write_overflow_field(p_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This points to the memset() in uvc_register_video(). It is clear that
the argument to sizeof() is incorrect, as uvc->vdev (a 'struct
video_device') is being zeroed out but the size of uvc->video (a 'struct
uvc_video') is being used as the third arugment to memset().
pahole shows that prior to commit 9b91a6523078 ("usb: gadget: uvc:
increase worker prio to WQ_HIGHPRI"), 'struct video_device' and
'struct ucv_video' had the same size, meaning that the argument to
sizeof() is incorrect semantically but there is no visible issue:
$ pahole -s build/drivers/usb/gadget/function/f_uvc.o | grep -E "(uvc_video|video_device)\s+"
video_device 1400 4
uvc_video 1400 3
After that change, uvc_video becomes slightly larger, meaning that the
memset() will overwrite by 8 bytes:
$ pahole -s build/drivers/usb/gadget/function/f_uvc.o | grep -E "(uvc_video|video_device)\s+"
video_device 1400 4
uvc_video 1408 3
Fix the arugment to sizeof() so that there is no overwrite.
Cc: stable@vger.kernel.org
Fixes: e4ce9ed835bc ("usb: gadget: uvc: ensure the vdev is unset")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220928201921.3152163-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_uvc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/gadget/function/f_uvc.c
+++ b/drivers/usb/gadget/function/f_uvc.c
@@ -421,7 +421,7 @@ uvc_register_video(struct uvc_device *uv
int ret;
/* TODO reference counting. */
- memset(&uvc->vdev, 0, sizeof(uvc->video));
+ memset(&uvc->vdev, 0, sizeof(uvc->vdev));
uvc->vdev.v4l2_dev = &uvc->v4l2_dev;
uvc->vdev.v4l2_dev->dev = &cdev->gadget->dev;
uvc->vdev.fops = &uvc_v4l2_fops;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 031/862] usb: add quirks for Lenovo OneLink+ Dock
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 030/862] usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video() Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 032/862] mmc: core: Add SD card quirk for broken discard Greg Kroah-Hartman
` (845 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jean-Francois Le Fillatre, stable
From: Jean-Francois Le Fillatre <jflf_kernel@gmx.com>
commit 37d49519b41405b08748392c6a7f193d9f77ecd2 upstream.
The Lenovo OneLink+ Dock contains two VL812 USB3.0 controllers:
17ef:1018 upstream
17ef:1019 downstream
These hubs suffer from two separate problems:
1) After the host system was suspended and woken up, the hubs appear to
be in a random state. Some downstream ports (both internal to the
built-in audio and network controllers, and external to USB sockets)
may no longer be functional. The exact list of disabled ports (if
any) changes from wakeup to wakeup. Ports remain in that state until
the dock is power-cycled, or until the laptop is rebooted.
Wakeup sources connected to the hubs (keyboard, WoL on the integrated
gigabit controller) will wake the system up from suspend, but they
may no longer work after wakeup (and in that case will no longer work
as wakeup source in a subsequent suspend-wakeup cycle).
This issue appears in the logs with messages such as:
usb 1-6.1-port4: cannot disable (err = -71)
usb 1-6-port2: cannot disable (err = -71)
usb 1-6.1: clear tt 1 (80c0) error -71
usb 1-6-port4: cannot disable (err = -71)
usb 1-6.4: PM: dpm_run_callback(): usb_dev_resume+0x0/0x10 [usbcore] returns -71
usb 1-6.4: PM: failed to resume async: error -71
usb 1-7: reset full-speed USB device number 5 using xhci_hcd
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: Cannot enable. Maybe the USB cable is bad?
usb 1-6.1-port1: cannot disable (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: cannot reset (err = -71)
usb 1-6.1-port1: Cannot enable. Maybe the USB cable is bad?
usb 1-6.1-port1: cannot disable (err = -71)
2) Some USB devices cannot be enumerated properly. So far I have only
seen the issue with USB 3.0 devices. The same devices work without
problem directly connected to the host system, to other systems or to
other hubs (even when those hubs are connected to the OneLink+ dock).
One very reliable reproducer is this USB 3.0 HDD enclosure:
152d:9561 JMicron Technology Corp. / JMicron USA Technology Corp. Mobius
I have seen it happen sporadically with other USB 3.0 enclosures,
with controllers from different manufacturers, all self-powered.
Typical messages in the logs:
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 6, error -62
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 7, error -62
usb 2-1-port4: attempt power cycle
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 8, error -62
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
xhci_hcd 0000:00:14.0: Timeout while waiting for setup device command
usb 2-1.4: device not accepting address 9, error -62
usb 2-1-port4: unable to enumerate USB device
Through trial and error, I found that the USB_QUIRK_RESET_RESUME solved
the second issue. Further testing then uncovered the first issue. Test
results are summarized in this table:
=======================================================================================
Settings USB2 hotplug USB3 hotplug State after waking up
---------------------------------------------------------------------------------------
power/control=auto works fails broken
usbcore.autosuspend=-1 works works broken
OR power/control=on
power/control=auto works (1) works (1) works
and USB_QUIRK_RESET_RESUME
power/control=on works works works
and USB_QUIRK_RESET_RESUME
HUB_QUIRK_DISABLE_AUTOSUSPEND works works works
and USB_QUIRK_RESET_RESUME
=======================================================================================
In those results, the power/control settings are applied to both hubs,
both on the USB2 and USB3 side, before each test.
>From those results, USB_QUIRK_RESET_RESUME is required to reset the hubs
properly after a suspend-wakeup cycle, and the hubs must not autosuspend
to work around the USB3 issue.
A secondary effect of USB_QUIRK_RESET_RESUME is to prevent the hubs'
upstream links from suspending (the downstream ports can still suspend).
This secondary effect is used in results (1). It is enough to solve the
USB3 problem.
Setting USB_QUIRK_RESET_RESUME on those hubs is the smallest patch that
solves both issues.
Prior to creating this patch, I have used the USB_QUIRK_RESET_RESUME via
the kernel command line for over a year without noticing any side
effect.
Thanks to Oliver Neukum @Suse for explanations of the operations of
USB_QUIRK_RESET_RESUME, and requesting more testing.
Signed-off-by: Jean-Francois Le Fillatre <jflf_kernel@gmx.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20220927073407.5672-1-jflf_kernel@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -437,6 +437,10 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x1532, 0x0116), .driver_info =
USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL },
+ /* Lenovo ThinkPad OneLink+ Dock twin hub controllers (VIA Labs VL812) */
+ { USB_DEVICE(0x17ef, 0x1018), .driver_info = USB_QUIRK_RESET_RESUME },
+ { USB_DEVICE(0x17ef, 0x1019), .driver_info = USB_QUIRK_RESET_RESUME },
+
/* Lenovo USB-C to Ethernet Adapter RTL8153-04 */
{ USB_DEVICE(0x17ef, 0x720c), .driver_info = USB_QUIRK_NO_LPM },
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 032/862] mmc: core: Add SD card quirk for broken discard
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 031/862] usb: add quirks for Lenovo OneLink+ Dock Greg Kroah-Hartman
@ 2022-10-19 8:21 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 033/862] can: kvaser_usb: Fix use of uninitialized completion Greg Kroah-Hartman
` (844 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Avri Altman, Ulf Hansson
From: Avri Altman <avri.altman@wdc.com>
commit 07d2872bf4c864eb83d034263c155746a2fb7a3b upstream.
Some SD-cards from Sandisk that are SDA-6.0 compliant reports they supports
discard, while they actually don't. This might cause mk2fs to fail while
trying to format the card and revert it to a read-only mode.
To fix this problem, let's add a card quirk (MMC_QUIRK_BROKEN_SD_DISCARD)
to indicate that we shall fall-back to use the legacy erase command
instead.
Signed-off-by: Avri Altman <avri.altman@wdc.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220928095744.16455-1-avri.altman@wdc.com
[Ulf: Updated the commit message]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/block.c | 6 +++++-
drivers/mmc/core/card.h | 6 ++++++
drivers/mmc/core/quirks.h | 6 ++++++
include/linux/mmc/card.h | 1 +
4 files changed, 18 insertions(+), 1 deletion(-)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -1140,8 +1140,12 @@ static void mmc_blk_issue_discard_rq(str
{
struct mmc_blk_data *md = mq->blkdata;
struct mmc_card *card = md->queue.card;
+ unsigned int arg = card->erase_arg;
- mmc_blk_issue_erase_rq(mq, req, MMC_BLK_DISCARD, card->erase_arg);
+ if (mmc_card_broken_sd_discard(card))
+ arg = SD_ERASE_ARG;
+
+ mmc_blk_issue_erase_rq(mq, req, MMC_BLK_DISCARD, arg);
}
static void mmc_blk_issue_secdiscard_rq(struct mmc_queue *mq,
--- a/drivers/mmc/core/card.h
+++ b/drivers/mmc/core/card.h
@@ -73,6 +73,7 @@ struct mmc_fixup {
#define EXT_CSD_REV_ANY (-1u)
#define CID_MANFID_SANDISK 0x2
+#define CID_MANFID_SANDISK_SD 0x3
#define CID_MANFID_ATP 0x9
#define CID_MANFID_TOSHIBA 0x11
#define CID_MANFID_MICRON 0x13
@@ -258,4 +259,9 @@ static inline int mmc_card_broken_hpi(co
return c->quirks & MMC_QUIRK_BROKEN_HPI;
}
+static inline int mmc_card_broken_sd_discard(const struct mmc_card *c)
+{
+ return c->quirks & MMC_QUIRK_BROKEN_SD_DISCARD;
+}
+
#endif
--- a/drivers/mmc/core/quirks.h
+++ b/drivers/mmc/core/quirks.h
@@ -100,6 +100,12 @@ static const struct mmc_fixup __maybe_un
MMC_FIXUP("V10016", CID_MANFID_KINGSTON, CID_OEMID_ANY, add_quirk_mmc,
MMC_QUIRK_TRIM_BROKEN),
+ /*
+ * Some SD cards reports discard support while they don't
+ */
+ MMC_FIXUP(CID_NAME_ANY, CID_MANFID_SANDISK_SD, 0x5344, add_quirk_sd,
+ MMC_QUIRK_BROKEN_SD_DISCARD),
+
END_FIXUP
};
--- a/include/linux/mmc/card.h
+++ b/include/linux/mmc/card.h
@@ -293,6 +293,7 @@ struct mmc_card {
#define MMC_QUIRK_BROKEN_IRQ_POLLING (1<<11) /* Polling SDIO_CCCR_INTx could create a fake interrupt */
#define MMC_QUIRK_TRIM_BROKEN (1<<12) /* Skip trim */
#define MMC_QUIRK_BROKEN_HPI (1<<13) /* Disable broken HPI support */
+#define MMC_QUIRK_BROKEN_SD_DISCARD (1<<14) /* Disable broken SD discard support */
bool reenable_cmdq; /* Re-enable Command Queue */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 033/862] can: kvaser_usb: Fix use of uninitialized completion
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-10-19 8:21 ` [PATCH 6.0 032/862] mmc: core: Add SD card quirk for broken discard Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 034/862] can: kvaser_usb_leaf: Fix overread with an invalid command Greg Kroah-Hartman
` (843 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit cd7f30e174d09a02ca2afa5ef093fb0f0352e0d8 upstream.
flush_comp is initialized when CMD_FLUSH_QUEUE is sent to the device and
completed when the device sends CMD_FLUSH_QUEUE_RESP.
This causes completion of uninitialized completion if the device sends
CMD_FLUSH_QUEUE_RESP before CMD_FLUSH_QUEUE is ever sent (e.g. as a
response to a flush by a previously bound driver, or a misbehaving
device).
Fix that by initializing flush_comp in kvaser_usb_init_one() like the
other completions.
This issue is only triggerable after RX URBs have been set up, i.e. the
interface has been opened at least once.
Cc: stable@vger.kernel.org
Fixes: aec5fb2268b7 ("can: kvaser_usb: Add support for Kvaser USB hydra family")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-3-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 +
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
@@ -729,6 +729,7 @@ static int kvaser_usb_init_one(struct kv
init_usb_anchor(&priv->tx_submitted);
init_completion(&priv->start_comp);
init_completion(&priv->stop_comp);
+ init_completion(&priv->flush_comp);
priv->can.ctrlmode_supported = 0;
priv->dev = dev;
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
@@ -1916,7 +1916,7 @@ static int kvaser_usb_hydra_flush_queue(
{
int err;
- init_completion(&priv->flush_comp);
+ reinit_completion(&priv->flush_comp);
err = kvaser_usb_hydra_send_simple_cmd(priv->dev, CMD_FLUSH_QUEUE,
priv->channel);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 034/862] can: kvaser_usb_leaf: Fix overread with an invalid command
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 033/862] can: kvaser_usb: Fix use of uninitialized completion Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 035/862] can: kvaser_usb_leaf: Fix TX queue out of sync after restart Greg Kroah-Hartman
` (842 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit 1499ecaea9d2ba68d5e18d80573b4561a8dc4ee7 upstream.
For command events read from the device,
kvaser_usb_leaf_read_bulk_callback() verifies that cmd->len does not
exceed the size of the received data, but the actual kvaser_cmd handlers
will happily read any kvaser_cmd fields without checking for cmd->len.
This can cause an overread if the last cmd in the buffer is shorter than
expected for the command type (with cmd->len showing the actual short
size).
Maximum overread seems to be 22 bytes (CMD_LEAF_LOG_MESSAGE), some of
which are delivered to userspace as-is.
Fix that by verifying the length of command before handling it.
This issue can only occur after RX URBs have been set up, i.e. the
interface has been opened at least once.
Cc: stable@vger.kernel.org
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-2-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 75 +++++++++++++++++++++++
1 file changed, 75 insertions(+)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -310,6 +310,38 @@ struct kvaser_cmd {
} u;
} __packed;
+#define CMD_SIZE_ANY 0xff
+#define kvaser_fsize(field) sizeof_field(struct kvaser_cmd, field)
+
+static const u8 kvaser_usb_leaf_cmd_sizes_leaf[] = {
+ [CMD_START_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_STOP_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_GET_CARD_INFO_REPLY] = kvaser_fsize(u.cardinfo),
+ [CMD_TX_ACKNOWLEDGE] = kvaser_fsize(u.tx_acknowledge_header),
+ [CMD_GET_SOFTWARE_INFO_REPLY] = kvaser_fsize(u.leaf.softinfo),
+ [CMD_RX_STD_MESSAGE] = kvaser_fsize(u.leaf.rx_can),
+ [CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.leaf.rx_can),
+ [CMD_LEAF_LOG_MESSAGE] = kvaser_fsize(u.leaf.log_message),
+ [CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.leaf.chip_state_event),
+ [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.error_event),
+ /* ignored events: */
+ [CMD_FLUSH_QUEUE_REPLY] = CMD_SIZE_ANY,
+};
+
+static const u8 kvaser_usb_leaf_cmd_sizes_usbcan[] = {
+ [CMD_START_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_STOP_CHIP_REPLY] = kvaser_fsize(u.simple),
+ [CMD_GET_CARD_INFO_REPLY] = kvaser_fsize(u.cardinfo),
+ [CMD_TX_ACKNOWLEDGE] = kvaser_fsize(u.tx_acknowledge_header),
+ [CMD_GET_SOFTWARE_INFO_REPLY] = kvaser_fsize(u.usbcan.softinfo),
+ [CMD_RX_STD_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
+ [CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
+ [CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.usbcan.chip_state_event),
+ [CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.usbcan.error_event),
+ /* ignored events: */
+ [CMD_USBCAN_CLOCK_OVERFLOW_EVENT] = CMD_SIZE_ANY,
+};
+
/* Summary of a kvaser error event, for a unified Leaf/Usbcan error
* handling. Some discrepancies between the two families exist:
*
@@ -397,6 +429,43 @@ static const struct kvaser_usb_dev_cfg k
.bittiming_const = &kvaser_usb_flexc_bittiming_const,
};
+static int kvaser_usb_leaf_verify_size(const struct kvaser_usb *dev,
+ const struct kvaser_cmd *cmd)
+{
+ /* buffer size >= cmd->len ensured by caller */
+ u8 min_size = 0;
+
+ switch (dev->driver_info->family) {
+ case KVASER_LEAF:
+ if (cmd->id < ARRAY_SIZE(kvaser_usb_leaf_cmd_sizes_leaf))
+ min_size = kvaser_usb_leaf_cmd_sizes_leaf[cmd->id];
+ break;
+ case KVASER_USBCAN:
+ if (cmd->id < ARRAY_SIZE(kvaser_usb_leaf_cmd_sizes_usbcan))
+ min_size = kvaser_usb_leaf_cmd_sizes_usbcan[cmd->id];
+ break;
+ }
+
+ if (min_size == CMD_SIZE_ANY)
+ return 0;
+
+ if (min_size) {
+ min_size += CMD_HEADER_LEN;
+ if (cmd->len >= min_size)
+ return 0;
+
+ dev_err_ratelimited(&dev->intf->dev,
+ "Received command %u too short (size %u, needed %u)",
+ cmd->id, cmd->len, min_size);
+ return -EIO;
+ }
+
+ dev_warn_ratelimited(&dev->intf->dev,
+ "Unhandled command (%d, size %d)\n",
+ cmd->id, cmd->len);
+ return -EINVAL;
+}
+
static void *
kvaser_usb_leaf_frame_to_cmd(const struct kvaser_usb_net_priv *priv,
const struct sk_buff *skb, int *cmd_len,
@@ -502,6 +571,9 @@ static int kvaser_usb_leaf_wait_cmd(cons
end:
kfree(buf);
+ if (err == 0)
+ err = kvaser_usb_leaf_verify_size(dev, cmd);
+
return err;
}
@@ -1133,6 +1205,9 @@ static void kvaser_usb_leaf_stop_chip_re
static void kvaser_usb_leaf_handle_command(const struct kvaser_usb *dev,
const struct kvaser_cmd *cmd)
{
+ if (kvaser_usb_leaf_verify_size(dev, cmd) < 0)
+ return;
+
switch (cmd->id) {
case CMD_START_CHIP_REPLY:
kvaser_usb_leaf_start_chip_reply(dev, cmd);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 035/862] can: kvaser_usb_leaf: Fix TX queue out of sync after restart
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 034/862] can: kvaser_usb_leaf: Fix overread with an invalid command Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 036/862] can: kvaser_usb_leaf: Fix CAN state " Greg Kroah-Hartman
` (841 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit 455561fb618fde40558776b5b8435f9420f335db upstream.
The TX queue seems to be implicitly flushed by the hardware during
bus-off or bus-off recovery, but the driver does not reset the TX
bookkeeping.
Despite not resetting TX bookkeeping the driver still re-enables TX
queue unconditionally, leading to "cannot find free context" /
NETDEV_TX_BUSY errors if the TX queue was full at bus-off time.
Fix that by resetting TX bookkeeping on CAN restart.
Tested with 0bfd:0124 Kvaser Mini PCI Express 2xHS FW 4.18.778.
Cc: stable@vger.kernel.org
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-4-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 2 ++
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 2 ++
3 files changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb.h
@@ -178,6 +178,8 @@ struct kvaser_usb_dev_cfg {
extern const struct kvaser_usb_dev_ops kvaser_usb_hydra_dev_ops;
extern const struct kvaser_usb_dev_ops kvaser_usb_leaf_dev_ops;
+void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv);
+
int kvaser_usb_recv_cmd(const struct kvaser_usb *dev, void *cmd, int len,
int *actual_len);
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
@@ -477,7 +477,7 @@ static void kvaser_usb_reset_tx_urb_cont
/* This method might sleep. Do not call it in the atomic context
* of URB completions.
*/
-static void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv)
+void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv)
{
usb_kill_anchored_urbs(&priv->tx_submitted);
kvaser_usb_reset_tx_urb_contexts(priv);
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -1426,6 +1426,8 @@ static int kvaser_usb_leaf_set_mode(stru
switch (mode) {
case CAN_MODE_START:
+ kvaser_usb_unlink_tx_urbs(priv);
+
err = kvaser_usb_leaf_simple_cmd_async(priv, CMD_START_CHIP);
if (err)
return err;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 036/862] can: kvaser_usb_leaf: Fix CAN state after restart
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 035/862] can: kvaser_usb_leaf: Fix TX queue out of sync after restart Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 037/862] mmc: renesas_sdhi: Fix rounding errors Greg Kroah-Hartman
` (840 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Anssi Hannula,
Marc Kleine-Budde
From: Anssi Hannula <anssi.hannula@bitwise.fi>
commit 0be1a655fe68c8e6dcadbcbddb69cf2fb29881f5 upstream.
can_restart() expects CMD_START_CHIP to set the error state to
ERROR_ACTIVE as it calls netif_carrier_on() immediately afterwards.
Otherwise the user may immediately trigger restart again and hit a
BUG_ON() in can_restart().
Fix kvaser_usb_leaf set_mode(CMD_START_CHIP) to set the expected state.
Cc: stable@vger.kernel.org
Fixes: 080f40a6fa28 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
Tested-by: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
Link: https://lore.kernel.org/all/20221010150829.199676-5-extja@kvaser.com
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -1431,6 +1431,8 @@ static int kvaser_usb_leaf_set_mode(stru
err = kvaser_usb_leaf_simple_cmd_async(priv, CMD_START_CHIP);
if (err)
return err;
+
+ priv->can.state = CAN_STATE_ERROR_ACTIVE;
break;
default:
return -EOPNOTSUPP;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 037/862] mmc: renesas_sdhi: Fix rounding errors
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 036/862] can: kvaser_usb_leaf: Fix CAN state " Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 038/862] mmc: sdhci-tegra: Use actual clock rate for SW tuning correction Greg Kroah-Hartman
` (839 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven,
Wolfram Sang, Ulf Hansson
From: Biju Das <biju.das.jz@bp.renesas.com>
commit f0c00454bf78975925eccc9737faaa4d4951edbf upstream.
Due to clk rounding errors on RZ/G2L platforms, it selects a clock source
with a lower clock rate compared to a higher one.
For eg: The rounding error (533333333 Hz / 4 * 4 = 533333332 Hz < 5333333
33 Hz) selects a clk source of 400 MHz instead of 533.333333 MHz.
This patch fixes this issue by adding a margin of (1/1024) higher to
the clock rate.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Fixes: bb6d3fa98a41 ("clk: renesas: rcar-gen3: Switch to new SD clock handling")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220928110755.849275-1-biju.das.jz@bp.renesas.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/renesas_sdhi_core.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
--- a/drivers/mmc/host/renesas_sdhi_core.c
+++ b/drivers/mmc/host/renesas_sdhi_core.c
@@ -128,6 +128,7 @@ static unsigned int renesas_sdhi_clk_upd
struct clk *ref_clk = priv->clk;
unsigned int freq, diff, best_freq = 0, diff_min = ~0;
unsigned int new_clock, clkh_shift = 0;
+ unsigned int new_upper_limit;
int i;
/*
@@ -153,13 +154,20 @@ static unsigned int renesas_sdhi_clk_upd
* greater than, new_clock. As we can divide by 1 << i for
* any i in [0, 9] we want the input clock to be as close as
* possible, but no greater than, new_clock << i.
+ *
+ * Add an upper limit of 1/1024 rate higher to the clock rate to fix
+ * clk rate jumping to lower rate due to rounding error (eg: RZ/G2L has
+ * 3 clk sources 533.333333 MHz, 400 MHz and 266.666666 MHz. The request
+ * for 533.333333 MHz will selects a slower 400 MHz due to rounding
+ * error (533333333 Hz / 4 * 4 = 533333332 Hz < 533333333 Hz)).
*/
for (i = min(9, ilog2(UINT_MAX / new_clock)); i >= 0; i--) {
freq = clk_round_rate(ref_clk, new_clock << i);
- if (freq > (new_clock << i)) {
+ new_upper_limit = (new_clock << i) + ((new_clock << i) >> 10);
+ if (freq > new_upper_limit) {
/* Too fast; look for a slightly slower option */
freq = clk_round_rate(ref_clk, (new_clock << i) / 4 * 3);
- if (freq > (new_clock << i))
+ if (freq > new_upper_limit)
continue;
}
@@ -181,6 +189,7 @@ static unsigned int renesas_sdhi_clk_upd
static void renesas_sdhi_set_clock(struct tmio_mmc_host *host,
unsigned int new_clock)
{
+ unsigned int clk_margin;
u32 clk = 0, clock;
sd_ctrl_write16(host, CTL_SD_CARD_CLK_CTL, ~CLK_CTL_SCLKEN &
@@ -194,7 +203,13 @@ static void renesas_sdhi_set_clock(struc
host->mmc->actual_clock = renesas_sdhi_clk_update(host, new_clock);
clock = host->mmc->actual_clock / 512;
- for (clk = 0x80000080; new_clock >= (clock << 1); clk >>= 1)
+ /*
+ * Add a margin of 1/1024 rate higher to the clock rate in order
+ * to avoid clk variable setting a value of 0 due to the margin
+ * provided for actual_clock in renesas_sdhi_clk_update().
+ */
+ clk_margin = new_clock >> 10;
+ for (clk = 0x80000080; new_clock + clk_margin >= (clock << 1); clk >>= 1)
clock <<= 1;
/* 1/1 clock is option */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 038/862] mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 037/862] mmc: renesas_sdhi: Fix rounding errors Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 039/862] mmc: sdhci-sprd: Fix minimum clock limit Greg Kroah-Hartman
` (838 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aniruddha TVS Rao, Prathamesh Shete,
Adrian Hunter, Thierry Reding, Ulf Hansson
From: Prathamesh Shete <pshete@nvidia.com>
commit b78870e7f41534cc719c295d1f8809aca93aeeab upstream.
Ensure tegra_host member "curr_clk_rate" holds the actual clock rate
instead of requested clock rate for proper use during tuning correction
algorithm. Actual clk rate may not be the same as the requested clk
frequency depending on the parent clock source set. Tuning correction
algorithm depends on certain parameters which are sensitive to current
clk rate. If the host clk is selected instead of the actual clock rate,
tuning correction algorithm may end up applying invalid correction,
which could result in errors
Fixes: ea8fc5953e8b ("mmc: tegra: update hw tuning process")
Signed-off-by: Aniruddha TVS Rao <anrao@nvidia.com>
Signed-off-by: Prathamesh Shete <pshete@nvidia.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221006130622.22900-4-pshete@nvidia.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-tegra.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/host/sdhci-tegra.c
+++ b/drivers/mmc/host/sdhci-tegra.c
@@ -773,7 +773,7 @@ static void tegra_sdhci_set_clock(struct
dev_err(dev, "failed to set clk rate to %luHz: %d\n",
host_clk, err);
- tegra_host->curr_clk_rate = host_clk;
+ tegra_host->curr_clk_rate = clk_get_rate(pltfm_host->clk);
if (tegra_host->ddr_signaling)
host->max_clk = host_clk;
else
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 039/862] mmc: sdhci-sprd: Fix minimum clock limit
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 038/862] mmc: sdhci-tegra: Use actual clock rate for SW tuning correction Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 040/862] i2c: designware: Fix handling of real but unexpected device interrupts Greg Kroah-Hartman
` (837 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenchao Chen, Adrian Hunter, Ulf Hansson
From: Wenchao Chen <wenchao.chen@unisoc.com>
commit 6e141772e6465f937458b35ddcfd0a981b6f5280 upstream.
The Spreadtrum controller supports 100KHz minimal clock rate, which means
that the current value 400KHz is wrong.
Unfortunately this has also lead to fail to initialize some cards, which
are allowed to require 100KHz to work. So, let's fix the problem by
changing the minimal supported clock rate to 100KHz.
Signed-off-by: Wenchao Chen <wenchao.chen@unisoc.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Fixes: fb8bd90f83c4 ("mmc: sdhci-sprd: Add Spreadtrum's initial host controller")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221011104935.10980-1-wenchao.chen666@gmail.com
[Ulf: Clarified to commit-message]
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-sprd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/host/sdhci-sprd.c
+++ b/drivers/mmc/host/sdhci-sprd.c
@@ -309,7 +309,7 @@ static unsigned int sdhci_sprd_get_max_c
static unsigned int sdhci_sprd_get_min_clock(struct sdhci_host *host)
{
- return 400000;
+ return 100000;
}
static void sdhci_sprd_set_uhs_signaling(struct sdhci_host *host,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 040/862] i2c: designware: Fix handling of real but unexpected device interrupts
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 039/862] mmc: sdhci-sprd: Fix minimum clock limit Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 041/862] fs: dlm: fix race between test_bit() and queue_work() Greg Kroah-Hartman
` (836 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samuel Clark, Jarkko Nikula,
Andy Shevchenko, Wolfram Sang
From: Jarkko Nikula <jarkko.nikula@linux.intel.com>
commit 301c8f5c32c8fb79c67539bc23972dc3ef48024c upstream.
Commit c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI
IDs") caused a regression on certain Gigabyte motherboards for Intel
Alder Lake-S where system crashes to NULL pointer dereference in
i2c_dw_xfer_msg() when system resumes from S3 sleep state ("deep").
I was able to debug the issue on Gigabyte Z690 AORUS ELITE and made
following notes:
- Issue happens when resuming from S3 but not when resuming from
"s2idle"
- PCI device 00:15.0 == i2c_designware.0 is already in D0 state when
system enters into pci_pm_resume_noirq() while all other i2c_designware
PCI devices are in D3. Devices were runtime suspended and in D3 prior
entering into suspend
- Interrupt comes after pci_pm_resume_noirq() when device interrupts are
re-enabled
- According to register dump the interrupt really comes from the
i2c_designware.0. Controller is enabled, I2C target address register
points to a one detectable I2C device address 0x60 and the
DW_IC_RAW_INTR_STAT register START_DET, STOP_DET, ACTIVITY and
TX_EMPTY bits are set indicating completed I2C transaction.
My guess is that the firmware uses this controller to communicate with
an on-board I2C device during resume but does not disable the controller
before giving control to an operating system.
I was told the UEFI update fixes this but never the less it revealed the
driver is not ready to handle TX_EMPTY (or RX_FULL) interrupt when device
is supposed to be idle and state variables are not set (especially the
dev->msgs pointer which may point to NULL or stale old data).
Introduce a new software status flag STATUS_ACTIVE indicating when the
controller is active in driver point of view. Now treat all interrupts
that occur when is not set as unexpected and mask all interrupts from
the controller.
Fixes: c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs")
Reported-by: Samuel Clark <slc2015@gmail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215907
Cc: stable@vger.kernel.org # v5.12+
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-designware-core.h | 7 +++++--
drivers/i2c/busses/i2c-designware-master.c | 13 +++++++++++++
2 files changed, 18 insertions(+), 2 deletions(-)
--- a/drivers/i2c/busses/i2c-designware-core.h
+++ b/drivers/i2c/busses/i2c-designware-core.h
@@ -126,8 +126,9 @@
* status codes
*/
#define STATUS_IDLE 0x0
-#define STATUS_WRITE_IN_PROGRESS 0x1
-#define STATUS_READ_IN_PROGRESS 0x2
+#define STATUS_ACTIVE 0x1
+#define STATUS_WRITE_IN_PROGRESS 0x2
+#define STATUS_READ_IN_PROGRESS 0x4
/*
* operation modes
@@ -334,12 +335,14 @@ void i2c_dw_disable_int(struct dw_i2c_de
static inline void __i2c_dw_enable(struct dw_i2c_dev *dev)
{
+ dev->status |= STATUS_ACTIVE;
regmap_write(dev->map, DW_IC_ENABLE, 1);
}
static inline void __i2c_dw_disable_nowait(struct dw_i2c_dev *dev)
{
regmap_write(dev->map, DW_IC_ENABLE, 0);
+ dev->status &= ~STATUS_ACTIVE;
}
void __i2c_dw_disable(struct dw_i2c_dev *dev);
--- a/drivers/i2c/busses/i2c-designware-master.c
+++ b/drivers/i2c/busses/i2c-designware-master.c
@@ -716,6 +716,19 @@ static int i2c_dw_irq_handler_master(str
u32 stat;
stat = i2c_dw_read_clear_intrbits(dev);
+
+ if (!(dev->status & STATUS_ACTIVE)) {
+ /*
+ * Unexpected interrupt in driver point of view. State
+ * variables are either unset or stale so acknowledge and
+ * disable interrupts for suppressing further interrupts if
+ * interrupt really came from this HW (E.g. firmware has left
+ * the HW active).
+ */
+ regmap_write(dev->map, DW_IC_INTR_MASK, 0);
+ return 0;
+ }
+
if (stat & DW_IC_INTR_TX_ABRT) {
dev->cmd_err |= DW_IC_ERR_TX_ABRT;
dev->status = STATUS_IDLE;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 041/862] fs: dlm: fix race between test_bit() and queue_work()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 040/862] i2c: designware: Fix handling of real but unexpected device interrupts Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 042/862] fs: dlm: handle -EBUSY first in lock arg validation Greg Kroah-Hartman
` (835 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit eef6ec9bf390e836a6c4029f3620fe49528aa1fe upstream.
This patch fixes a race by using ls_cb_mutex around the bit
operations and conditional code blocks for LSFL_CB_DELAY.
The function dlm_callback_stop() expects to stop all callbacks and
flush all currently queued onces. The set_bit() is not enough because
there can still be queue_work() after the workqueue was flushed.
To avoid queue_work() after set_bit(), surround both by ls_cb_mutex.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/ast.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/dlm/ast.c
+++ b/fs/dlm/ast.c
@@ -200,13 +200,13 @@ void dlm_add_cb(struct dlm_lkb *lkb, uin
if (!prev_seq) {
kref_get(&lkb->lkb_ref);
+ mutex_lock(&ls->ls_cb_mutex);
if (test_bit(LSFL_CB_DELAY, &ls->ls_flags)) {
- mutex_lock(&ls->ls_cb_mutex);
list_add(&lkb->lkb_cb_list, &ls->ls_cb_delay);
- mutex_unlock(&ls->ls_cb_mutex);
} else {
queue_work(ls->ls_callback_wq, &lkb->lkb_cb_work);
}
+ mutex_unlock(&ls->ls_cb_mutex);
}
out:
mutex_unlock(&lkb->lkb_cb_mutex);
@@ -288,7 +288,9 @@ void dlm_callback_stop(struct dlm_ls *ls
void dlm_callback_suspend(struct dlm_ls *ls)
{
+ mutex_lock(&ls->ls_cb_mutex);
set_bit(LSFL_CB_DELAY, &ls->ls_flags);
+ mutex_unlock(&ls->ls_cb_mutex);
if (ls->ls_callback_wq)
flush_workqueue(ls->ls_callback_wq);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 042/862] fs: dlm: handle -EBUSY first in lock arg validation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 041/862] fs: dlm: fix race between test_bit() and queue_work() Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 043/862] fs: dlm: fix invalid derefence of sb_lvbptr Greg Kroah-Hartman
` (834 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 44637ca41d551d409a481117b07fa209b330fca9 upstream.
During lock arg validation, first check for -EBUSY cases, then for
-EINVAL cases. The -EINVAL checks look at lkb state variables
which are not stable when an lkb is busy and would cause an
-EBUSY result, e.g. lkb->lkb_grmode.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/lock.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -2864,17 +2864,9 @@ static int set_unlock_args(uint32_t flag
static int validate_lock_args(struct dlm_ls *ls, struct dlm_lkb *lkb,
struct dlm_args *args)
{
- int rv = -EINVAL;
+ int rv = -EBUSY;
if (args->flags & DLM_LKF_CONVERT) {
- if (lkb->lkb_flags & DLM_IFL_MSTCPY)
- goto out;
-
- if (args->flags & DLM_LKF_QUECVT &&
- !__quecvt_compat_matrix[lkb->lkb_grmode+1][args->mode+1])
- goto out;
-
- rv = -EBUSY;
if (lkb->lkb_status != DLM_LKSTS_GRANTED)
goto out;
@@ -2884,6 +2876,14 @@ static int validate_lock_args(struct dlm
if (is_overlap(lkb))
goto out;
+
+ rv = -EINVAL;
+ if (lkb->lkb_flags & DLM_IFL_MSTCPY)
+ goto out;
+
+ if (args->flags & DLM_LKF_QUECVT &&
+ !__quecvt_compat_matrix[lkb->lkb_grmode+1][args->mode+1])
+ goto out;
}
lkb->lkb_exflags = args->flags;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 043/862] fs: dlm: fix invalid derefence of sb_lvbptr
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 042/862] fs: dlm: handle -EBUSY first in lock arg validation Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 044/862] btf: Export bpf_dynptr definition Greg Kroah-Hartman
` (833 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 7175e131ebba47afef47e6ac4d5bab474d1e6e49 upstream.
I experience issues when putting a lkbsb on the stack and have sb_lvbptr
field to a dangled pointer while not using DLM_LKF_VALBLK. It will crash
with the following kernel message, the dangled pointer is here
0xdeadbeef as example:
[ 102.749317] BUG: unable to handle page fault for address: 00000000deadbeef
[ 102.749320] #PF: supervisor read access in kernel mode
[ 102.749323] #PF: error_code(0x0000) - not-present page
[ 102.749325] PGD 0 P4D 0
[ 102.749332] Oops: 0000 [#1] PREEMPT SMP PTI
[ 102.749336] CPU: 0 PID: 1567 Comm: lock_torture_wr Tainted: G W 5.19.0-rc3+ #1565
[ 102.749343] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-2.module+el8.7.0+15506+033991b0 04/01/2014
[ 102.749344] RIP: 0010:memcpy_erms+0x6/0x10
[ 102.749353] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[ 102.749355] RSP: 0018:ffff97a58145fd08 EFLAGS: 00010202
[ 102.749358] RAX: ffff901778b77070 RBX: 0000000000000000 RCX: 0000000000000040
[ 102.749360] RDX: 0000000000000040 RSI: 00000000deadbeef RDI: ffff901778b77070
[ 102.749362] RBP: ffff97a58145fd10 R08: ffff901760b67a70 R09: 0000000000000001
[ 102.749364] R10: ffff9017008e2cb8 R11: 0000000000000001 R12: ffff901760b67a70
[ 102.749366] R13: ffff901760b78f00 R14: 0000000000000003 R15: 0000000000000001
[ 102.749368] FS: 0000000000000000(0000) GS:ffff901876e00000(0000) knlGS:0000000000000000
[ 102.749372] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 102.749374] CR2: 00000000deadbeef CR3: 000000017c49a004 CR4: 0000000000770ef0
[ 102.749376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 102.749378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 102.749379] PKRU: 55555554
[ 102.749381] Call Trace:
[ 102.749382] <TASK>
[ 102.749383] ? send_args+0xb2/0xd0
[ 102.749389] send_common+0xb7/0xd0
[ 102.749395] _unlock_lock+0x2c/0x90
[ 102.749400] unlock_lock.isra.56+0x62/0xa0
[ 102.749405] dlm_unlock+0x21e/0x330
[ 102.749411] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]
[ 102.749416] torture_unlock+0x5a/0x90 [dlm_locktorture]
[ 102.749419] ? preempt_count_sub+0xba/0x100
[ 102.749427] lock_torture_writer+0xbd/0x150 [dlm_locktorture]
[ 102.786186] kthread+0x10a/0x130
[ 102.786581] ? kthread_complete_and_exit+0x20/0x20
[ 102.787156] ret_from_fork+0x22/0x30
[ 102.787588] </TASK>
[ 102.787855] Modules linked in: dlm_locktorture torture rpcsec_gss_krb5 intel_rapl_msr intel_rapl_common kvm_intel iTCO_wdt iTCO_vendor_support kvm vmw_vsock_virtio_transport qxl irqbypass vmw_vsock_virtio_transport_common drm_ttm_helper crc32_pclmul joydev crc32c_intel ttm vsock virtio_scsi virtio_balloon snd_pcm drm_kms_helper virtio_console snd_timer snd drm soundcore syscopyarea i2c_i801 sysfillrect sysimgblt i2c_smbus pcspkr fb_sys_fops lpc_ich serio_raw
[ 102.792536] CR2: 00000000deadbeef
[ 102.792930] ---[ end trace 0000000000000000 ]---
This patch fixes the issue by checking also on DLM_LKF_VALBLK on exflags
is set when copying the lvbptr array instead of if it's just null which
fixes for me the issue.
I think this patch can fix other dlm users as well, depending how they
handle the init, freeing memory handling of sb_lvbptr and don't set
DLM_LKF_VALBLK for some dlm_lock() calls. It might a there could be a
hidden issue all the time. However with checking on DLM_LKF_VALBLK the
user always need to provide a sb_lvbptr non-null value. There might be
more intelligent handling between per ls lvblen, DLM_LKF_VALBLK and
non-null to report the user the way how DLM API is used is wrong but can
be added for later, this will only fix the current behaviour.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/lock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -3623,7 +3623,7 @@ static void send_args(struct dlm_rsb *r,
case cpu_to_le32(DLM_MSG_REQUEST_REPLY):
case cpu_to_le32(DLM_MSG_CONVERT_REPLY):
case cpu_to_le32(DLM_MSG_GRANT):
- if (!lkb->lkb_lvbptr)
+ if (!lkb->lkb_lvbptr || !(lkb->lkb_exflags & DLM_LKF_VALBLK))
break;
memcpy(ms->m_extra, lkb->lkb_lvbptr, r->res_ls->ls_lvblen);
break;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 044/862] btf: Export bpf_dynptr definition
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 043/862] fs: dlm: fix invalid derefence of sb_lvbptr Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 045/862] mbcache: Avoid nesting of cache->c_list_lock under bit locks Greg Kroah-Hartman
` (832 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joanne Koong, Roberto Sassu,
Yonghong Song, KP Singh, Alexei Starovoitov
From: Roberto Sassu <roberto.sassu@huawei.com>
commit 00f146413ccb6c84308e559281449755c83f54c5 upstream.
eBPF dynamic pointers is a new feature recently added to upstream. It binds
together a pointer to a memory area and its size. The internal kernel
structure bpf_dynptr_kern is not accessible by eBPF programs in user space.
They instead see bpf_dynptr, which is then translated to the internal
kernel structure by the eBPF verifier.
The problem is that it is not possible to include at the same time the uapi
include linux/bpf.h and the vmlinux BTF vmlinux.h, as they both contain the
definition of some structures/enums. The compiler complains saying that the
structures/enums are redefined.
As bpf_dynptr is defined in the uapi include linux/bpf.h, this makes it
impossible to include vmlinux.h. However, in some cases, e.g. when using
kfuncs, vmlinux.h has to be included. The only option until now was to
include vmlinux.h and add the definition of bpf_dynptr directly in the eBPF
program source code from linux/bpf.h.
Solve the problem by using the same approach as for bpf_timer (which also
follows the same scheme with the _kern suffix for the internal kernel
structure).
Add the following line in one of the dynamic pointer helpers,
bpf_dynptr_from_mem():
BTF_TYPE_EMIT(struct bpf_dynptr);
Cc: stable@vger.kernel.org
Cc: Joanne Koong <joannelkoong@gmail.com>
Fixes: 97e03f521050c ("bpf: Add verifier support for dynptrs")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Yonghong Song <yhs@fb.com>
Tested-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20220920075951.929132-3-roberto.sassu@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/helpers.c | 2 ++
1 file changed, 2 insertions(+)
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -1468,6 +1468,8 @@ BPF_CALL_4(bpf_dynptr_from_mem, void *,
{
int err;
+ BTF_TYPE_EMIT(struct bpf_dynptr);
+
err = bpf_dynptr_check_size(size);
if (err)
goto error;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 045/862] mbcache: Avoid nesting of cache->c_list_lock under bit locks
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 044/862] btf: Export bpf_dynptr definition Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 046/862] HID: multitouch: Add memory barriers Greg Kroah-Hartman
` (831 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Mike Galbraith, Jan Kara,
Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 5fc4cbd9fde5d4630494fd6ffc884148fb618087 upstream.
Commit 307af6c87937 ("mbcache: automatically delete entries from cache
on freeing") started nesting cache->c_list_lock under the bit locks
protecting hash buckets of the mbcache hash table in
mb_cache_entry_create(). This causes problems for real-time kernels
because there spinlocks are sleeping locks while bitlocks stay atomic.
Luckily the nesting is easy to avoid by holding entry reference until
the entry is added to the LRU list. This makes sure we cannot race with
entry deletion.
Cc: stable@kernel.org
Fixes: 307af6c87937 ("mbcache: automatically delete entries from cache on freeing")
Reported-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220908091032.10513-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/mbcache.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/fs/mbcache.c b/fs/mbcache.c
index 47ccfcbe0a22..e272ad738faf 100644
--- a/fs/mbcache.c
+++ b/fs/mbcache.c
@@ -90,8 +90,14 @@ int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key,
return -ENOMEM;
INIT_LIST_HEAD(&entry->e_list);
- /* Initial hash reference */
- atomic_set(&entry->e_refcnt, 1);
+ /*
+ * We create entry with two references. One reference is kept by the
+ * hash table, the other reference is used to protect us from
+ * mb_cache_entry_delete_or_get() until the entry is fully setup. This
+ * avoids nesting of cache->c_list_lock into hash table bit locks which
+ * is problematic for RT.
+ */
+ atomic_set(&entry->e_refcnt, 2);
entry->e_key = key;
entry->e_value = value;
entry->e_reusable = reusable;
@@ -106,15 +112,12 @@ int mb_cache_entry_create(struct mb_cache *cache, gfp_t mask, u32 key,
}
}
hlist_bl_add_head(&entry->e_hash_list, head);
- /*
- * Add entry to LRU list before it can be found by
- * mb_cache_entry_delete() to avoid races
- */
+ hlist_bl_unlock(head);
spin_lock(&cache->c_list_lock);
list_add_tail(&entry->e_list, &cache->c_list);
cache->c_entry_count++;
spin_unlock(&cache->c_list_lock);
- hlist_bl_unlock(head);
+ mb_cache_entry_put(cache, entry);
return 0;
}
--
2.38.0
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 046/862] HID: multitouch: Add memory barriers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 045/862] mbcache: Avoid nesting of cache->c_list_lock under bit locks Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 047/862] quota: Check next/prev free block number after reading from quota file Greg Kroah-Hartman
` (830 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andri Yngvason, Benjamin Tissoires
From: Andri Yngvason <andri@yngvason.is>
commit be6e2b5734a425941fcdcdbd2a9337be498ce2cf upstream.
This fixes broken atomic checks which cause a race between the
release-timer and processing of hid input.
I noticed that contacts were sometimes sticking, even with the "sticky
fingers" quirk enabled. This fixes that problem.
Cc: stable@vger.kernel.org
Fixes: 9609827458c3 ("HID: multitouch: optimize the sticky fingers timer")
Signed-off-by: Andri Yngvason <andri@yngvason.is>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20220907150159.2285460-1-andri@yngvason.is
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-multitouch.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -1186,7 +1186,7 @@ static void mt_touch_report(struct hid_d
int contact_count = -1;
/* sticky fingers release in progress, abort */
- if (test_and_set_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
+ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
return;
scantime = *app->scantime;
@@ -1267,7 +1267,7 @@ static void mt_touch_report(struct hid_d
del_timer(&td->release_timer);
}
- clear_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
+ clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
}
static int mt_touch_input_configured(struct hid_device *hdev,
@@ -1699,11 +1699,11 @@ static void mt_expired_timeout(struct ti
* An input report came in just before we release the sticky fingers,
* it will take care of the sticky fingers.
*/
- if (test_and_set_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
+ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags))
return;
if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags))
mt_release_contacts(hdev);
- clear_bit(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
+ clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags);
}
static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 047/862] quota: Check next/prev free block number after reading from quota file
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 046/862] HID: multitouch: Add memory barriers Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 048/862] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Greg Kroah-Hartman
` (829 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Jan Kara
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 6c8ea8b8cd4722efd419f91ca46a2dc81b7d89a3 upstream.
Following process:
Init: v2_read_file_info: <3> dqi_free_blk 0 dqi_free_entry 5 dqi_blks 6
Step 1. chown bin f_a -> dquot_acquire -> v2_write_dquot:
qtree_write_dquot
do_insert_tree
find_free_dqentry
get_free_dqblk
write_blk(info->dqi_blocks) // info->dqi_blocks = 6, failure. The
content in physical block (corresponding to blk 6) is random.
Step 2. chown root f_a -> dquot_transfer -> dqput_all -> dqput ->
ext4_release_dquot -> v2_release_dquot -> qtree_delete_dquot:
dquot_release
remove_tree
free_dqentry
put_free_dqblk(6)
info->dqi_free_blk = blk // info->dqi_free_blk = 6
Step 3. drop cache (buffer head for block 6 is released)
Step 4. chown bin f_b -> dquot_acquire -> commit_dqblk -> v2_write_dquot:
qtree_write_dquot
do_insert_tree
find_free_dqentry
get_free_dqblk
dh = (struct qt_disk_dqdbheader *)buf
blk = info->dqi_free_blk // 6
ret = read_blk(info, blk, buf) // The content of buf is random
info->dqi_free_blk = le32_to_cpu(dh->dqdh_next_free) // random blk
Step 5. chown bin f_c -> notify_change -> ext4_setattr -> dquot_transfer:
dquot = dqget -> acquire_dquot -> ext4_acquire_dquot -> dquot_acquire ->
commit_dqblk -> v2_write_dquot -> dq_insert_tree:
do_insert_tree
find_free_dqentry
get_free_dqblk
blk = info->dqi_free_blk // If blk < 0 and blk is not an error
code, it will be returned as dquot
transfer_to[USRQUOTA] = dquot // A random negative value
__dquot_transfer(transfer_to)
dquot_add_inodes(transfer_to[cnt])
spin_lock(&dquot->dq_dqb_lock) // page fault
, which will lead to kernel page fault:
Quota error (device sda): qtree_write_dquot: Error -8000 occurred
while creating quota
BUG: unable to handle page fault for address: ffffffffffffe120
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
Oops: 0002 [#1] PREEMPT SMP
CPU: 0 PID: 5974 Comm: chown Not tainted 6.0.0-rc1-00004
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:_raw_spin_lock+0x3a/0x90
Call Trace:
dquot_add_inodes+0x28/0x270
__dquot_transfer+0x377/0x840
dquot_transfer+0xde/0x540
ext4_setattr+0x405/0x14d0
notify_change+0x68e/0x9f0
chown_common+0x300/0x430
__x64_sys_fchownat+0x29/0x40
In order to avoid accessing invalid quota memory address, this patch adds
block number checking of next/prev free block read from quota file.
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216372
Fixes: 1da177e4c3f4152 ("Linux-2.6.12-rc2")
CC: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220923134555.2623931-2-chengzhihao1@huawei.com
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/quota/quota_tree.c | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
--- a/fs/quota/quota_tree.c
+++ b/fs/quota/quota_tree.c
@@ -71,6 +71,35 @@ static ssize_t write_blk(struct qtree_me
return ret;
}
+static inline int do_check_range(struct super_block *sb, const char *val_name,
+ uint val, uint min_val, uint max_val)
+{
+ if (val < min_val || val > max_val) {
+ quota_error(sb, "Getting %s %u out of range %u-%u",
+ val_name, val, min_val, max_val);
+ return -EUCLEAN;
+ }
+
+ return 0;
+}
+
+static int check_dquot_block_header(struct qtree_mem_dqinfo *info,
+ struct qt_disk_dqdbheader *dh)
+{
+ int err = 0;
+
+ err = do_check_range(info->dqi_sb, "dqdh_next_free",
+ le32_to_cpu(dh->dqdh_next_free), 0,
+ info->dqi_blocks - 1);
+ if (err)
+ return err;
+ err = do_check_range(info->dqi_sb, "dqdh_prev_free",
+ le32_to_cpu(dh->dqdh_prev_free), 0,
+ info->dqi_blocks - 1);
+
+ return err;
+}
+
/* Remove empty block from list and return it */
static int get_free_dqblk(struct qtree_mem_dqinfo *info)
{
@@ -85,6 +114,9 @@ static int get_free_dqblk(struct qtree_m
ret = read_blk(info, blk, buf);
if (ret < 0)
goto out_buf;
+ ret = check_dquot_block_header(info, dh);
+ if (ret)
+ goto out_buf;
info->dqi_free_blk = le32_to_cpu(dh->dqdh_next_free);
}
else {
@@ -232,6 +264,9 @@ static uint find_free_dqentry(struct qtr
*err = read_blk(info, blk, buf);
if (*err < 0)
goto out_buf;
+ *err = check_dquot_block_header(info, dh);
+ if (*err)
+ goto out_buf;
} else {
blk = get_free_dqblk(info);
if ((int)blk < 0) {
@@ -424,6 +459,9 @@ static int free_dqentry(struct qtree_mem
goto out_buf;
}
dh = (struct qt_disk_dqdbheader *)buf;
+ ret = check_dquot_block_header(info, dh);
+ if (ret)
+ goto out_buf;
le16_add_cpu(&dh->dqdh_entries, -1);
if (!le16_to_cpu(dh->dqdh_entries)) { /* Block got free? */
ret = remove_free_dqentry(info, buf, blk);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 048/862] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 047/862] quota: Check next/prev free block number after reading from quota file Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 049/862] arm64: dts: qcom: sdm845-mtp: correct ADC settle time Greg Kroah-Hartman
` (828 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Patryk Duda, Tzung-Bi Shih
From: Patryk Duda <pdk@semihalf.com>
commit f74c7557ed0d321947e8bb4e9d47c1013f8b2227 upstream.
Some EC based devices (e.g. Fingerpint MCU) can jump to RO part of the
firmware (intentionally or due to device reboot). The RO part doesn't
change during the device lifecycle, so it won't support newer version
of EC_CMD_GET_NEXT_EVENT command.
Function cros_ec_query_all() is responsible for finding maximum
supported MKBP event version. It's usually called when the device is
running RW part of the firmware, so the command version can be
potentially higher than version supported by the RO.
The problem was fixed by updating maximum supported version when the
device returns EC_RES_INVALID_VERSION (mapped to -ENOPROTOOPT). That way
the kernel will use highest common version supported by RO and RW.
Fixes: 3300fdd630d4 ("platform/chrome: cros_ec: handle MKBP more events flag")
Cc: <stable@vger.kernel.org> # 5.10+
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Patryk Duda <pdk@semihalf.com>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220802154128.21175-1-pdk@semihalf.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/chrome/cros_ec_proto.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
--- a/drivers/platform/chrome/cros_ec_proto.c
+++ b/drivers/platform/chrome/cros_ec_proto.c
@@ -773,6 +773,7 @@ int cros_ec_get_next_event(struct cros_e
u8 event_type;
u32 host_event;
int ret;
+ u32 ver_mask;
/*
* Default value for wake_event.
@@ -794,6 +795,37 @@ int cros_ec_get_next_event(struct cros_e
return get_keyboard_state_event(ec_dev);
ret = get_next_event(ec_dev);
+ /*
+ * -ENOPROTOOPT is returned when EC returns EC_RES_INVALID_VERSION.
+ * This can occur when EC based device (e.g. Fingerprint MCU) jumps to
+ * the RO image which doesn't support newer version of the command. In
+ * this case we will attempt to update maximum supported version of the
+ * EC_CMD_GET_NEXT_EVENT.
+ */
+ if (ret == -ENOPROTOOPT) {
+ dev_dbg(ec_dev->dev,
+ "GET_NEXT_EVENT returned invalid version error.\n");
+ ret = cros_ec_get_host_command_version_mask(ec_dev,
+ EC_CMD_GET_NEXT_EVENT,
+ &ver_mask);
+ if (ret < 0 || ver_mask == 0)
+ /*
+ * Do not change the MKBP supported version if we can't
+ * obtain supported version correctly. Please note that
+ * calling EC_CMD_GET_NEXT_EVENT returned
+ * EC_RES_INVALID_VERSION which means that the command
+ * is present.
+ */
+ return -ENOPROTOOPT;
+
+ ec_dev->mkbp_event_supported = fls(ver_mask);
+ dev_dbg(ec_dev->dev, "MKBP support version changed to %u\n",
+ ec_dev->mkbp_event_supported - 1);
+
+ /* Try to get next event with new MKBP support version set. */
+ ret = get_next_event(ec_dev);
+ }
+
if (ret <= 0)
return ret;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 049/862] arm64: dts: qcom: sdm845-mtp: correct ADC settle time
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 048/862] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 050/862] ASoC: wcd9335: fix order of Slimbus unprepare/disable Greg Kroah-Hartman
` (827 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Stephen Boyd,
Vinod Koul, David Heidelberg, Bjorn Andersson
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit 209a04885ab5f76722a1671d0fbf0a5b4bccacec upstream.
The PMIC's VADC property for settle time is qcom,hw-settle-time, not
qcom,hw-settle-time-us. The latter is used in PMIC's TM ADC.
qcom/sdm845-mtp.dtb: pmic@0: adc@3100:adc-chan@4c: 'qcom,hw-settle-time-us' does not match any of the regexes: 'pinctrl-[0-9]+'
Fixes: d5e12f3823ae ("arm64: dts: qcom: sdm845: mtp: Add vadc channels and thermal zones")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: David Heidelberg <david@ixit.cz>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220828084341.112146-13-krzysztof.kozlowski@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sdm845-mtp.dts | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/arch/arm64/boot/dts/qcom/sdm845-mtp.dts
+++ b/arch/arm64/boot/dts/qcom/sdm845-mtp.dts
@@ -536,42 +536,42 @@
reg = <ADC5_XO_THERM_100K_PU>;
label = "xo_therm";
qcom,ratiometric;
- qcom,hw-settle-time-us = <200>;
+ qcom,hw-settle-time = <200>;
};
adc-chan@4d {
reg = <ADC5_AMUX_THM1_100K_PU>;
label = "msm_therm";
qcom,ratiometric;
- qcom,hw-settle-time-us = <200>;
+ qcom,hw-settle-time = <200>;
};
adc-chan@4f {
reg = <ADC5_AMUX_THM3_100K_PU>;
label = "pa_therm1";
qcom,ratiometric;
- qcom,hw-settle-time-us = <200>;
+ qcom,hw-settle-time = <200>;
};
adc-chan@51 {
reg = <ADC5_AMUX_THM5_100K_PU>;
label = "quiet_therm";
qcom,ratiometric;
- qcom,hw-settle-time-us = <200>;
+ qcom,hw-settle-time = <200>;
};
adc-chan@83 {
reg = <ADC5_VPH_PWR>;
label = "vph_pwr";
qcom,ratiometric;
- qcom,hw-settle-time-us = <200>;
+ qcom,hw-settle-time = <200>;
};
adc-chan@85 {
reg = <ADC5_VCOIN>;
label = "vcoin";
qcom,ratiometric;
- qcom,hw-settle-time-us = <200>;
+ qcom,hw-settle-time = <200>;
};
};
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 050/862] ASoC: wcd9335: fix order of Slimbus unprepare/disable
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 049/862] arm64: dts: qcom: sdm845-mtp: correct ADC settle time Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 051/862] ASoC: wcd934x: " Greg Kroah-Hartman
` (826 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Srinivas Kandagatla, Mark Brown
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit ea8ef003aa53ad23e7705c5cab1c4e664faa6c79 upstream.
Slimbus streams are first prepared and then enabled, so the cleanup path
should reverse it. The unprepare sets stream->num_ports to 0 and frees
the stream->ports. Calling disable after unprepare was not really
effective (channels was not deactivated) and could lead to further
issues due to making transfers on unprepared stream.
Fixes: 20aedafdf492 ("ASoC: wcd9335: add support to wcd9335 codec")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220921145354.1683791-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/wcd9335.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -1974,8 +1974,8 @@ static int wcd9335_trigger(struct snd_pc
case SNDRV_PCM_TRIGGER_STOP:
case SNDRV_PCM_TRIGGER_SUSPEND:
case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
- slim_stream_unprepare(dai_data->sruntime);
slim_stream_disable(dai_data->sruntime);
+ slim_stream_unprepare(dai_data->sruntime);
break;
default:
break;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 051/862] ASoC: wcd934x: fix order of Slimbus unprepare/disable
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 050/862] ASoC: wcd9335: fix order of Slimbus unprepare/disable Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 052/862] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Greg Kroah-Hartman
` (825 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Srinivas Kandagatla, Mark Brown
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit e96bca7eaa5747633ec638b065630ff83728982a upstream.
Slimbus streams are first prepared and then enabled, so the cleanup path
should reverse it. The unprepare sets stream->num_ports to 0 and frees
the stream->ports. Calling disable after unprepare was not really
effective (channels was not deactivated) and could lead to further
issues due to making transfers on unprepared stream.
Fixes: a61f3b4f476e ("ASoC: wcd934x: add support to wcd9340/wcd9341 codec")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220921145354.1683791-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/wcd934x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/wcd934x.c
+++ b/sound/soc/codecs/wcd934x.c
@@ -1913,8 +1913,8 @@ static int wcd934x_trigger(struct snd_pc
case SNDRV_PCM_TRIGGER_STOP:
case SNDRV_PCM_TRIGGER_SUSPEND:
case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
- slim_stream_unprepare(dai_data->sruntime);
slim_stream_disable(dai_data->sruntime);
+ slim_stream_unprepare(dai_data->sruntime);
break;
default:
break;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 052/862] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 051/862] ASoC: wcd934x: " Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 053/862] net: thunderbolt: Enable DMA paths only after rings are enabled Greg Kroah-Hartman
` (824 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Mengda Chen, Guenter Roeck
From: Liang He <windhl@126.com>
commit 7f62cf781e6567d59c8935dc8c6068ce2bb904b7 upstream.
In gsc_hwmon_get_devtree_pdata(), we should call of_node_get() before
the of_find_compatible_node() which will automatically call
of_node_put() for the 'from' argument.
Fixes: 3bce5377ef66 ("hwmon: Add Gateworks System Controller support")
Signed-off-by: Liang He <windhl@126.com>
Co-developed-by: Mengda Chen <chenmengda2009@163.com>
Signed-off-by: Mengda Chen <chenmengda2009@163.com>
Link: https://lore.kernel.org/r/20220916154708.3084515-1-chenmengda2009@163.com
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/gsc-hwmon.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/hwmon/gsc-hwmon.c
+++ b/drivers/hwmon/gsc-hwmon.c
@@ -267,6 +267,7 @@ gsc_hwmon_get_devtree_pdata(struct devic
pdata->nchannels = nchannels;
/* fan controller base address */
+ of_node_get(dev->parent->of_node);
fan = of_find_compatible_node(dev->parent->of_node, NULL, "gw,gsc-fan");
if (fan && of_property_read_u32(fan, "reg", &pdata->fan_base)) {
of_node_put(fan);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 053/862] net: thunderbolt: Enable DMA paths only after rings are enabled
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 052/862] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 054/862] regulator: qcom_rpm: Fix circular deferral regression Greg Kroah-Hartman
` (823 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mika Westerberg, David S. Miller
From: Mika Westerberg <mika.westerberg@linux.intel.com>
commit ff7cd07f306406493f7b78890475e85b6d0811ed upstream.
If the other host starts sending packets early on it is possible that we
are still in the middle of populating the initial Rx ring packets to the
ring. This causes the tbnet_poll() to mess over the queue and causes
list corruption. This happens specifically when connected with macOS as
it seems start sending various IP discovery packets as soon as its side
of the paths are configured.
To prevent this we move the DMA path enabling to happen after we have
primed the Rx ring. This makes sure no incoming packets can arrive
before we are ready to handle them.
Fixes: e69b6c02b4c3 ("net: Add support for networking over Thunderbolt cable")
Cc: stable@vger.kernel.org
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/thunderbolt.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
--- a/drivers/net/thunderbolt.c
+++ b/drivers/net/thunderbolt.c
@@ -612,18 +612,13 @@ static void tbnet_connected_work(struct
return;
}
- /* Both logins successful so enable the high-speed DMA paths and
- * start the network device queue.
+ /* Both logins successful so enable the rings, high-speed DMA
+ * paths and start the network device queue.
+ *
+ * Note we enable the DMA paths last to make sure we have primed
+ * the Rx ring before any incoming packets are allowed to
+ * arrive.
*/
- ret = tb_xdomain_enable_paths(net->xd, net->local_transmit_path,
- net->rx_ring.ring->hop,
- net->remote_transmit_path,
- net->tx_ring.ring->hop);
- if (ret) {
- netdev_err(net->dev, "failed to enable DMA paths\n");
- return;
- }
-
tb_ring_start(net->tx_ring.ring);
tb_ring_start(net->rx_ring.ring);
@@ -635,10 +630,21 @@ static void tbnet_connected_work(struct
if (ret)
goto err_free_rx_buffers;
+ ret = tb_xdomain_enable_paths(net->xd, net->local_transmit_path,
+ net->rx_ring.ring->hop,
+ net->remote_transmit_path,
+ net->tx_ring.ring->hop);
+ if (ret) {
+ netdev_err(net->dev, "failed to enable DMA paths\n");
+ goto err_free_tx_buffers;
+ }
+
netif_carrier_on(net->dev);
netif_start_queue(net->dev);
return;
+err_free_tx_buffers:
+ tbnet_free_buffers(&net->tx_ring);
err_free_rx_buffers:
tbnet_free_buffers(&net->rx_ring);
err_stop_rings:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 054/862] regulator: qcom_rpm: Fix circular deferral regression
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 053/862] net: thunderbolt: Enable DMA paths only after rings are enabled Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 055/862] arm64: topology: move store_cpu_topology() to shared code Greg Kroah-Hartman
` (822 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Gross, Bjorn Andersson,
Konrad Dybcio, linux-arm-msm, Linus Walleij, Mark Brown
From: Linus Walleij <linus.walleij@linaro.org>
commit 8478ed5844588703a1a4c96a004b1525fbdbdd5e upstream.
On recent kernels, the PM8058 L16 (or any other PM8058 LDO-regulator)
does not come up if they are supplied by an SMPS-regulator. This
is not very strange since the regulators are registered in a long
array and the L-regulators are registered before the S-regulators,
and if an L-regulator defers, it will never get around to registering
the S-regulator that it needs.
See arch/arm/boot/dts/qcom-apq8060-dragonboard.dts:
pm8058-regulators {
(...)
vdd_l13_l16-supply = <&pm8058_s4>;
(...)
Ooops.
Fix this by moving the PM8058 S-regulators first in the array.
Do the same for the PM8901 S-regulators (though this is currently
not causing any problems with out device trees) so that the pattern
of registration order is the same on all PMnnnn chips.
Fixes: 087a1b5cdd55 ("regulator: qcom: Rework to single platform device")
Cc: stable@vger.kernel.org
Cc: Andy Gross <agross@kernel.org>
Cc: Bjorn Andersson <andersson@kernel.org>
Cc: Konrad Dybcio <konrad.dybcio@somainline.org>
Cc: linux-arm-msm@vger.kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220909112529.239143-1-linus.walleij@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/qcom_rpm-regulator.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/drivers/regulator/qcom_rpm-regulator.c
+++ b/drivers/regulator/qcom_rpm-regulator.c
@@ -802,6 +802,12 @@ static const struct rpm_regulator_data r
};
static const struct rpm_regulator_data rpm_pm8058_regulators[] = {
+ { "s0", QCOM_RPM_PM8058_SMPS0, &pm8058_smps, "vdd_s0" },
+ { "s1", QCOM_RPM_PM8058_SMPS1, &pm8058_smps, "vdd_s1" },
+ { "s2", QCOM_RPM_PM8058_SMPS2, &pm8058_smps, "vdd_s2" },
+ { "s3", QCOM_RPM_PM8058_SMPS3, &pm8058_smps, "vdd_s3" },
+ { "s4", QCOM_RPM_PM8058_SMPS4, &pm8058_smps, "vdd_s4" },
+
{ "l0", QCOM_RPM_PM8058_LDO0, &pm8058_nldo, "vdd_l0_l1_lvs" },
{ "l1", QCOM_RPM_PM8058_LDO1, &pm8058_nldo, "vdd_l0_l1_lvs" },
{ "l2", QCOM_RPM_PM8058_LDO2, &pm8058_pldo, "vdd_l2_l11_l12" },
@@ -829,12 +835,6 @@ static const struct rpm_regulator_data r
{ "l24", QCOM_RPM_PM8058_LDO24, &pm8058_nldo, "vdd_l23_l24_l25" },
{ "l25", QCOM_RPM_PM8058_LDO25, &pm8058_nldo, "vdd_l23_l24_l25" },
- { "s0", QCOM_RPM_PM8058_SMPS0, &pm8058_smps, "vdd_s0" },
- { "s1", QCOM_RPM_PM8058_SMPS1, &pm8058_smps, "vdd_s1" },
- { "s2", QCOM_RPM_PM8058_SMPS2, &pm8058_smps, "vdd_s2" },
- { "s3", QCOM_RPM_PM8058_SMPS3, &pm8058_smps, "vdd_s3" },
- { "s4", QCOM_RPM_PM8058_SMPS4, &pm8058_smps, "vdd_s4" },
-
{ "lvs0", QCOM_RPM_PM8058_LVS0, &pm8058_switch, "vdd_l0_l1_lvs" },
{ "lvs1", QCOM_RPM_PM8058_LVS1, &pm8058_switch, "vdd_l0_l1_lvs" },
@@ -843,6 +843,12 @@ static const struct rpm_regulator_data r
};
static const struct rpm_regulator_data rpm_pm8901_regulators[] = {
+ { "s0", QCOM_RPM_PM8901_SMPS0, &pm8901_ftsmps, "vdd_s0" },
+ { "s1", QCOM_RPM_PM8901_SMPS1, &pm8901_ftsmps, "vdd_s1" },
+ { "s2", QCOM_RPM_PM8901_SMPS2, &pm8901_ftsmps, "vdd_s2" },
+ { "s3", QCOM_RPM_PM8901_SMPS3, &pm8901_ftsmps, "vdd_s3" },
+ { "s4", QCOM_RPM_PM8901_SMPS4, &pm8901_ftsmps, "vdd_s4" },
+
{ "l0", QCOM_RPM_PM8901_LDO0, &pm8901_nldo, "vdd_l0" },
{ "l1", QCOM_RPM_PM8901_LDO1, &pm8901_pldo, "vdd_l1" },
{ "l2", QCOM_RPM_PM8901_LDO2, &pm8901_pldo, "vdd_l2" },
@@ -851,12 +857,6 @@ static const struct rpm_regulator_data r
{ "l5", QCOM_RPM_PM8901_LDO5, &pm8901_pldo, "vdd_l5" },
{ "l6", QCOM_RPM_PM8901_LDO6, &pm8901_pldo, "vdd_l6" },
- { "s0", QCOM_RPM_PM8901_SMPS0, &pm8901_ftsmps, "vdd_s0" },
- { "s1", QCOM_RPM_PM8901_SMPS1, &pm8901_ftsmps, "vdd_s1" },
- { "s2", QCOM_RPM_PM8901_SMPS2, &pm8901_ftsmps, "vdd_s2" },
- { "s3", QCOM_RPM_PM8901_SMPS3, &pm8901_ftsmps, "vdd_s3" },
- { "s4", QCOM_RPM_PM8901_SMPS4, &pm8901_ftsmps, "vdd_s4" },
-
{ "lvs0", QCOM_RPM_PM8901_LVS0, &pm8901_switch, "lvs0_in" },
{ "lvs1", QCOM_RPM_PM8901_LVS1, &pm8901_switch, "lvs1_in" },
{ "lvs2", QCOM_RPM_PM8901_LVS2, &pm8901_switch, "lvs2_in" },
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 055/862] arm64: topology: move store_cpu_topology() to shared code
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 054/862] regulator: qcom_rpm: Fix circular deferral regression Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 056/862] riscv: topology: fix default topology reporting Greg Kroah-Hartman
` (821 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sudeep Holla, Catalin Marinas,
Atish Patra, Conor Dooley
From: Conor Dooley <conor.dooley@microchip.com>
commit 456797da792fa7cbf6698febf275fe9b36691f78 upstream.
arm64's method of defining a default cpu topology requires only minimal
changes to apply to RISC-V also. The current arm64 implementation exits
early in a uniprocessor configuration by reading MPIDR & claiming that
uniprocessor can rely on the default values.
This is appears to be a hangover from prior to '3102bc0e6ac7 ("arm64:
topology: Stop using MPIDR for topology information")', because the
current code just assigns default values for multiprocessor systems.
With the MPIDR references removed, store_cpu_topolgy() can be moved to
the common arch_topology code.
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/topology.c | 40 ----------------------------------------
drivers/base/arch_topology.c | 19 +++++++++++++++++++
2 files changed, 19 insertions(+), 40 deletions(-)
--- a/arch/arm64/kernel/topology.c
+++ b/arch/arm64/kernel/topology.c
@@ -22,46 +22,6 @@
#include <asm/cputype.h>
#include <asm/topology.h>
-void store_cpu_topology(unsigned int cpuid)
-{
- struct cpu_topology *cpuid_topo = &cpu_topology[cpuid];
- u64 mpidr;
-
- if (cpuid_topo->package_id != -1)
- goto topology_populated;
-
- mpidr = read_cpuid_mpidr();
-
- /* Uniprocessor systems can rely on default topology values */
- if (mpidr & MPIDR_UP_BITMASK)
- return;
-
- /*
- * This would be the place to create cpu topology based on MPIDR.
- *
- * However, it cannot be trusted to depict the actual topology; some
- * pieces of the architecture enforce an artificial cap on Aff0 values
- * (e.g. GICv3's ICC_SGI1R_EL1 limits it to 15), leading to an
- * artificial cycling of Aff1, Aff2 and Aff3 values. IOW, these end up
- * having absolutely no relationship to the actual underlying system
- * topology, and cannot be reasonably used as core / package ID.
- *
- * If the MT bit is set, Aff0 *could* be used to define a thread ID, but
- * we still wouldn't be able to obtain a sane core ID. This means we
- * need to entirely ignore MPIDR for any topology deduction.
- */
- cpuid_topo->thread_id = -1;
- cpuid_topo->core_id = cpuid;
- cpuid_topo->package_id = cpu_to_node(cpuid);
-
- pr_debug("CPU%u: cluster %d core %d thread %d mpidr %#016llx\n",
- cpuid, cpuid_topo->package_id, cpuid_topo->core_id,
- cpuid_topo->thread_id, mpidr);
-
-topology_populated:
- update_siblings_masks(cpuid);
-}
-
#ifdef CONFIG_ACPI
static bool __init acpi_cpu_is_threaded(int cpu)
{
--- a/drivers/base/arch_topology.c
+++ b/drivers/base/arch_topology.c
@@ -841,4 +841,23 @@ void __init init_cpu_topology(void)
return;
}
}
+
+void store_cpu_topology(unsigned int cpuid)
+{
+ struct cpu_topology *cpuid_topo = &cpu_topology[cpuid];
+
+ if (cpuid_topo->package_id != -1)
+ goto topology_populated;
+
+ cpuid_topo->thread_id = -1;
+ cpuid_topo->core_id = cpuid;
+ cpuid_topo->package_id = cpu_to_node(cpuid);
+
+ pr_debug("CPU%u: package %d core %d thread %d\n",
+ cpuid, cpuid_topo->package_id, cpuid_topo->core_id,
+ cpuid_topo->thread_id);
+
+topology_populated:
+ update_siblings_masks(cpuid);
+}
#endif
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 056/862] riscv: topology: fix default topology reporting
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 055/862] arm64: topology: move store_cpu_topology() to shared code Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 057/862] RISC-V: Re-enable counter access from userspace Greg Kroah-Hartman
` (820 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brice Goglin, Sudeep Holla,
Atish Patra, Conor Dooley
From: Conor Dooley <conor.dooley@microchip.com>
commit fbd92809997a391f28075f1c8b5ee314c225557c upstream.
RISC-V has no sane defaults to fall back on where there is no cpu-map
in the devicetree.
Without sane defaults, the package, core and thread IDs are all set to
-1. This causes user-visible inaccuracies for tools like hwloc/lstopo
which rely on the sysfs cpu topology files to detect a system's
topology.
On a PolarFire SoC, which should have 4 harts with a thread each,
lstopo currently reports:
Machine (793MB total)
Package L#0
NUMANode L#0 (P#0 793MB)
Core L#0
L1d L#0 (32KB) + L1i L#0 (32KB) + PU L#0 (P#0)
L1d L#1 (32KB) + L1i L#1 (32KB) + PU L#1 (P#1)
L1d L#2 (32KB) + L1i L#2 (32KB) + PU L#2 (P#2)
L1d L#3 (32KB) + L1i L#3 (32KB) + PU L#3 (P#3)
Adding calls to store_cpu_topology() in {boot,smp} hart bringup code
results in the correct topolgy being reported:
Machine (793MB total)
Package L#0
NUMANode L#0 (P#0 793MB)
L1d L#0 (32KB) + L1i L#0 (32KB) + Core L#0 + PU L#0 (P#0)
L1d L#1 (32KB) + L1i L#1 (32KB) + Core L#1 + PU L#1 (P#1)
L1d L#2 (32KB) + L1i L#2 (32KB) + Core L#2 + PU L#2 (P#2)
L1d L#3 (32KB) + L1i L#3 (32KB) + Core L#3 + PU L#3 (P#3)
CC: stable@vger.kernel.org # 456797da792f: arm64: topology: move store_cpu_topology() to shared code
Fixes: 03f11f03dbfe ("RISC-V: Parse cpu topology during boot.")
Reported-by: Brice Goglin <Brice.Goglin@inria.fr>
Link: https://github.com/open-mpi/hwloc/issues/536
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/Kconfig | 2 +-
arch/riscv/kernel/smpboot.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -52,7 +52,7 @@ config RISCV
select COMMON_CLK
select CPU_PM if CPU_IDLE
select EDAC_SUPPORT
- select GENERIC_ARCH_TOPOLOGY if SMP
+ select GENERIC_ARCH_TOPOLOGY
select GENERIC_ATOMIC64 if !64BIT
select GENERIC_CLOCKEVENTS_BROADCAST if SMP
select GENERIC_EARLY_IOREMAP
--- a/arch/riscv/kernel/smpboot.c
+++ b/arch/riscv/kernel/smpboot.c
@@ -49,6 +49,7 @@ void __init smp_prepare_cpus(unsigned in
unsigned int curr_cpuid;
curr_cpuid = smp_processor_id();
+ store_cpu_topology(curr_cpuid);
numa_store_cpu_info(curr_cpuid);
numa_add_cpu(curr_cpuid);
@@ -162,9 +163,9 @@ asmlinkage __visible void smp_callin(voi
mmgrab(mm);
current->active_mm = mm;
+ store_cpu_topology(curr_cpuid);
notify_cpu_starting(curr_cpuid);
numa_add_cpu(curr_cpuid);
- update_siblings_masks(curr_cpuid);
set_cpu_online(curr_cpuid, 1);
/*
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 057/862] RISC-V: Re-enable counter access from userspace
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 056/862] riscv: topology: fix default topology reporting Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 058/862] RISC-V: Make port I/O string accessors actually work Greg Kroah-Hartman
` (819 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Conor Dooley, Palmer Dabbelt
From: Palmer Dabbelt <palmer@rivosinc.com>
commit 5a5294fbe0200d1327f0e089135dad77b45aa2ee upstream.
These counters were part of the ISA when we froze the uABI, removing
them breaks userspace.
Link: https://lore.kernel.org/all/YxEhC%2FmDW1lFt36J@aurel32.net/
Fixes: e9991434596f ("RISC-V: Add perf platform driver based on SBI PMU extension")
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20220928131807.30386-1-palmer@rivosinc.com
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/perf/riscv_pmu_sbi.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/perf/riscv_pmu_sbi.c
+++ b/drivers/perf/riscv_pmu_sbi.c
@@ -645,8 +645,11 @@ static int pmu_sbi_starting_cpu(unsigned
struct riscv_pmu *pmu = hlist_entry_safe(node, struct riscv_pmu, node);
struct cpu_hw_events *cpu_hw_evt = this_cpu_ptr(pmu->hw_events);
- /* Enable the access for TIME csr only from the user mode now */
- csr_write(CSR_SCOUNTEREN, 0x2);
+ /*
+ * Enable the access for CYCLE, TIME, and INSTRET CSRs from userspace,
+ * as is necessary to maintain uABI compatibility.
+ */
+ csr_write(CSR_SCOUNTEREN, 0x7);
/* Stop all the counters so that they can be enabled from perf */
pmu_sbi_stop_all(pmu);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 058/862] RISC-V: Make port I/O string accessors actually work
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 057/862] RISC-V: Re-enable counter access from userspace Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 059/862] parisc: fbdev/stifb: Align graphics memory size to 4MB Greg Kroah-Hartman
` (818 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Arnd Bergmann,
Palmer Dabbelt
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 9cc205e3c17d5716da7ebb7fa0c985555e95d009 upstream.
Fix port I/O string accessors such as `insb', `outsb', etc. which use
the physical PCI port I/O address rather than the corresponding memory
mapping to get at the requested location, which in turn breaks at least
accesses made by our parport driver to a PCIe parallel port such as:
PCI parallel port detected: 1415:c118, I/O at 0x1000(0x1008), IRQ 20
parport0: PC-style at 0x1000 (0x1008), irq 20, using FIFO [PCSPP,TRISTATE,COMPAT,EPP,ECP]
causing a memory access fault:
Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000001008
Oops [#1]
Modules linked in:
CPU: 1 PID: 350 Comm: cat Not tainted 6.0.0-rc2-00283-g10d4879f9ef0-dirty #23
Hardware name: SiFive HiFive Unmatched A00 (DT)
epc : parport_pc_fifo_write_block_pio+0x266/0x416
ra : parport_pc_fifo_write_block_pio+0xb4/0x416
epc : ffffffff80542c3e ra : ffffffff80542a8c sp : ffffffd88899fc60
gp : ffffffff80fa2700 tp : ffffffd882b1e900 t0 : ffffffd883d0b000
t1 : ffffffffff000002 t2 : 4646393043330a38 s0 : ffffffd88899fcf0
s1 : 0000000000001000 a0 : 0000000000000010 a1 : 0000000000000000
a2 : ffffffd883d0a010 a3 : 0000000000000023 a4 : 00000000ffff8fbb
a5 : ffffffd883d0a001 a6 : 0000000100000000 a7 : ffffffc800000000
s2 : ffffffffff000002 s3 : ffffffff80d28880 s4 : ffffffff80fa1f50
s5 : 0000000000001008 s6 : 0000000000000008 s7 : ffffffd883d0a000
s8 : 0004000000000000 s9 : ffffffff80dc1d80 s10: ffffffd8807e4000
s11: 0000000000000000 t3 : 00000000000000ff t4 : 393044410a303930
t5 : 0000000000001000 t6 : 0000000000040000
status: 0000000200000120 badaddr: 0000000000001008 cause: 000000000000000f
[<ffffffff80543212>] parport_pc_compat_write_block_pio+0xfe/0x200
[<ffffffff8053bbc0>] parport_write+0x46/0xf8
[<ffffffff8050530e>] lp_write+0x158/0x2d2
[<ffffffff80185716>] vfs_write+0x8e/0x2c2
[<ffffffff80185a74>] ksys_write+0x52/0xc2
[<ffffffff80185af2>] sys_write+0xe/0x16
[<ffffffff80003770>] ret_from_syscall+0x0/0x2
---[ end trace 0000000000000000 ]---
For simplicity address the problem by adding PCI_IOBASE to the physical
address requested in the respective wrapper macros only, observing that
the raw accessors such as `__insb', `__outsb', etc. are not supposed to
be used other than by said macros. Remove the cast to `long' that is no
longer needed on `addr' now that it is used as an offset from PCI_IOBASE
and add parentheses around `addr' needed for predictable evaluation in
macro expansion. No need to make said adjustments in separate changes
given that current code is gravely broken and does not ever work.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: fab957c11efe2 ("RISC-V: Atomic and Locking Code")
Cc: stable@vger.kernel.org # v4.15+
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209220223080.29493@angie.orcam.me.uk
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/io.h | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/arch/riscv/include/asm/io.h
+++ b/arch/riscv/include/asm/io.h
@@ -101,9 +101,9 @@ __io_reads_ins(reads, u32, l, __io_br(),
__io_reads_ins(ins, u8, b, __io_pbr(), __io_par(addr))
__io_reads_ins(ins, u16, w, __io_pbr(), __io_par(addr))
__io_reads_ins(ins, u32, l, __io_pbr(), __io_par(addr))
-#define insb(addr, buffer, count) __insb((void __iomem *)(long)addr, buffer, count)
-#define insw(addr, buffer, count) __insw((void __iomem *)(long)addr, buffer, count)
-#define insl(addr, buffer, count) __insl((void __iomem *)(long)addr, buffer, count)
+#define insb(addr, buffer, count) __insb(PCI_IOBASE + (addr), buffer, count)
+#define insw(addr, buffer, count) __insw(PCI_IOBASE + (addr), buffer, count)
+#define insl(addr, buffer, count) __insl(PCI_IOBASE + (addr), buffer, count)
__io_writes_outs(writes, u8, b, __io_bw(), __io_aw())
__io_writes_outs(writes, u16, w, __io_bw(), __io_aw())
@@ -115,22 +115,22 @@ __io_writes_outs(writes, u32, l, __io_bw
__io_writes_outs(outs, u8, b, __io_pbw(), __io_paw())
__io_writes_outs(outs, u16, w, __io_pbw(), __io_paw())
__io_writes_outs(outs, u32, l, __io_pbw(), __io_paw())
-#define outsb(addr, buffer, count) __outsb((void __iomem *)(long)addr, buffer, count)
-#define outsw(addr, buffer, count) __outsw((void __iomem *)(long)addr, buffer, count)
-#define outsl(addr, buffer, count) __outsl((void __iomem *)(long)addr, buffer, count)
+#define outsb(addr, buffer, count) __outsb(PCI_IOBASE + (addr), buffer, count)
+#define outsw(addr, buffer, count) __outsw(PCI_IOBASE + (addr), buffer, count)
+#define outsl(addr, buffer, count) __outsl(PCI_IOBASE + (addr), buffer, count)
#ifdef CONFIG_64BIT
__io_reads_ins(reads, u64, q, __io_br(), __io_ar(addr))
#define readsq(addr, buffer, count) __readsq(addr, buffer, count)
__io_reads_ins(ins, u64, q, __io_pbr(), __io_par(addr))
-#define insq(addr, buffer, count) __insq((void __iomem *)addr, buffer, count)
+#define insq(addr, buffer, count) __insq(PCI_IOBASE + (addr), buffer, count)
__io_writes_outs(writes, u64, q, __io_bw(), __io_aw())
#define writesq(addr, buffer, count) __writesq(addr, buffer, count)
__io_writes_outs(outs, u64, q, __io_pbr(), __io_paw())
-#define outsq(addr, buffer, count) __outsq((void __iomem *)addr, buffer, count)
+#define outsq(addr, buffer, count) __outsq(PCI_IOBASE + (addr), buffer, count)
#endif
#include <asm-generic/io.h>
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 059/862] parisc: fbdev/stifb: Align graphics memory size to 4MB
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 058/862] RISC-V: Make port I/O string accessors actually work Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 060/862] parisc: Fix userspace graphics card breakage due to pgtable special bit Greg Kroah-Hartman
` (817 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit aca7c13d3bee81a968337a5515411409ae9d095d upstream.
Independend of the current graphics resolution, adjust the reported
graphics card memory size to the next 4MB boundary.
This fixes the fbtest program which expects a naturally aligned size.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/stifb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/video/fbdev/stifb.c
+++ b/drivers/video/fbdev/stifb.c
@@ -1298,7 +1298,7 @@ static int __init stifb_init_fb(struct s
/* limit fbsize to max visible screen size */
if (fix->smem_len > yres*fix->line_length)
- fix->smem_len = yres*fix->line_length;
+ fix->smem_len = ALIGN(yres*fix->line_length, 4*1024*1024);
fix->accel = FB_ACCEL_NONE;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 060/862] parisc: Fix userspace graphics card breakage due to pgtable special bit
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 059/862] parisc: fbdev/stifb: Align graphics memory size to 4MB Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 061/862] riscv: vdso: fix NULL deference in vdso_join_timens() when vfork Greg Kroah-Hartman
` (816 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit 70be49f2f6223ddd2fcddb0089a40864c37e1494 upstream.
Commit df24e1783e6e ("parisc: Add vDSO support") introduced the vDSO
support, for which a _PAGE_SPECIAL page table flag was needed. Since we
wanted to keep every page table entry in 32-bits, this patch re-used the
existing - but yet unused - _PAGE_DMB flag (which triggers a hardware break
if a page is accessed) to store the special bit.
But when graphics card memory is mmapped into userspace, the kernel uses
vm_iomap_memory() which sets the the special flag. So, with the DMB bit
set, every access to the graphics memory now triggered a hardware
exception and segfaulted the userspace program.
Fix this breakage by dropping the DMB bit when writing the page
protection bits to the CPU TLB.
In addition this patch adds a small optimization: if huge pages aren't
configured (which is at least the case for 32-bit kernels), then the
special bit is stored in the hpage (HUGE PAGE) bit instead. That way we
can skip to reset the DMB bit.
Fixes: df24e1783e6e ("parisc: Add vDSO support")
Cc: <stable@vger.kernel.org> # 5.18+
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/pgtable.h | 7 ++++++-
arch/parisc/kernel/entry.S | 8 ++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
--- a/arch/parisc/include/asm/pgtable.h
+++ b/arch/parisc/include/asm/pgtable.h
@@ -192,6 +192,11 @@ extern void __update_cache(pte_t pte);
#define _PAGE_PRESENT_BIT 22 /* (0x200) Software: translation valid */
#define _PAGE_HPAGE_BIT 21 /* (0x400) Software: Huge Page */
#define _PAGE_USER_BIT 20 /* (0x800) Software: User accessible page */
+#ifdef CONFIG_HUGETLB_PAGE
+#define _PAGE_SPECIAL_BIT _PAGE_DMB_BIT /* DMB feature is currently unused */
+#else
+#define _PAGE_SPECIAL_BIT _PAGE_HPAGE_BIT /* use unused HUGE PAGE bit */
+#endif
/* N.B. The bits are defined in terms of a 32 bit word above, so the */
/* following macro is ok for both 32 and 64 bit. */
@@ -219,7 +224,7 @@ extern void __update_cache(pte_t pte);
#define _PAGE_PRESENT (1 << xlate_pabit(_PAGE_PRESENT_BIT))
#define _PAGE_HUGE (1 << xlate_pabit(_PAGE_HPAGE_BIT))
#define _PAGE_USER (1 << xlate_pabit(_PAGE_USER_BIT))
-#define _PAGE_SPECIAL (_PAGE_DMB)
+#define _PAGE_SPECIAL (1 << xlate_pabit(_PAGE_SPECIAL_BIT))
#define _PAGE_TABLE (_PAGE_PRESENT | _PAGE_READ | _PAGE_WRITE | _PAGE_DIRTY | _PAGE_ACCESSED)
#define _PAGE_CHG_MASK (PAGE_MASK | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_SPECIAL)
--- a/arch/parisc/kernel/entry.S
+++ b/arch/parisc/kernel/entry.S
@@ -499,6 +499,10 @@
* Finally, _PAGE_READ goes in the top bit of PL1 (so we
* trigger an access rights trap in user space if the user
* tries to read an unreadable page */
+#if _PAGE_SPECIAL_BIT == _PAGE_DMB_BIT
+ /* need to drop DMB bit, as it's used as SPECIAL flag */
+ depi 0,_PAGE_SPECIAL_BIT,1,\pte
+#endif
depd \pte,8,7,\prot
/* PAGE_USER indicates the page can be read with user privileges,
@@ -529,6 +533,10 @@
* makes the tlb entry for the differently formatted pa11
* insertion instructions */
.macro make_insert_tlb_11 spc,pte,prot
+#if _PAGE_SPECIAL_BIT == _PAGE_DMB_BIT
+ /* need to drop DMB bit, as it's used as SPECIAL flag */
+ depi 0,_PAGE_SPECIAL_BIT,1,\pte
+#endif
zdep \spc,30,15,\prot
dep \pte,8,7,\prot
extru,= \pte,_PAGE_NO_CACHE_BIT,1,%r0
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 061/862] riscv: vdso: fix NULL deference in vdso_join_timens() when vfork
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 060/862] parisc: Fix userspace graphics card breakage due to pgtable special bit Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 062/862] riscv: Allow PROT_WRITE-only mmap() Greg Kroah-Hartman
` (815 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jisheng Zhang, Palmer Dabbelt
From: Jisheng Zhang <jszhang@kernel.org>
commit a8616d2dc193b6becc36b5f3cfeaa9ac7a5762f9 upstream.
Testing tools/testing/selftests/timens/vfork_exec.c got below
kernel log:
[ 6.838454] Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000020
[ 6.842255] Oops [#1]
[ 6.842871] Modules linked in:
[ 6.844249] CPU: 1 PID: 64 Comm: vfork_exec Not tainted 6.0.0-rc3-rt15+ #8
[ 6.845861] Hardware name: riscv-virtio,qemu (DT)
[ 6.848009] epc : vdso_join_timens+0xd2/0x110
[ 6.850097] ra : vdso_join_timens+0xd2/0x110
[ 6.851164] epc : ffffffff8000635c ra : ffffffff8000635c sp : ff6000000181fbf0
[ 6.852562] gp : ffffffff80cff648 tp : ff60000000fdb700 t0 : 3030303030303030
[ 6.853852] t1 : 0000000000000030 t2 : 3030303030303030 s0 : ff6000000181fc40
[ 6.854984] s1 : ff60000001e6c000 a0 : 0000000000000010 a1 : ffffffff8005654c
[ 6.856221] a2 : 00000000ffffefff a3 : 0000000000000000 a4 : 0000000000000000
[ 6.858114] a5 : 0000000000000000 a6 : 0000000000000008 a7 : 0000000000000038
[ 6.859484] s2 : ff60000001e6c068 s3 : ff6000000108abb0 s4 : 0000000000000000
[ 6.860751] s5 : 0000000000001000 s6 : ffffffff8089dc40 s7 : ffffffff8089dc38
[ 6.862029] s8 : ffffffff8089dc30 s9 : ff60000000fdbe38 s10: 000000000000005e
[ 6.863304] s11: ffffffff80cc3510 t3 : ffffffff80d1112f t4 : ffffffff80d1112f
[ 6.864565] t5 : ffffffff80d11130 t6 : ff6000000181fa00
[ 6.865561] status: 0000000000000120 badaddr: 0000000000000020 cause: 000000000000000d
[ 6.868046] [<ffffffff8008dc94>] timens_commit+0x38/0x11a
[ 6.869089] [<ffffffff8008dde8>] timens_on_fork+0x72/0xb4
[ 6.870055] [<ffffffff80190096>] begin_new_exec+0x3c6/0x9f0
[ 6.871231] [<ffffffff801d826c>] load_elf_binary+0x628/0x1214
[ 6.872304] [<ffffffff8018ee7a>] bprm_execve+0x1f2/0x4e4
[ 6.873243] [<ffffffff8018f90c>] do_execveat_common+0x16e/0x1ee
[ 6.874258] [<ffffffff8018f9c8>] sys_execve+0x3c/0x48
[ 6.875162] [<ffffffff80003556>] ret_from_syscall+0x0/0x2
[ 6.877484] ---[ end trace 0000000000000000 ]---
This is because the mm->context.vdso_info is NULL in vfork case. From
another side, mm->context.vdso_info either points to vdso info
for RV64 or vdso info for compat, there's no need to bloat riscv's
mm_context_t, we can handle the difference when setup the additional
page for vdso.
Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Suggested-by: Palmer Dabbelt <palmer@rivosinc.com>
Fixes: 3092eb456375 ("riscv: compat: vdso: Add setup additional pages implementation")
Link: https://lore.kernel.org/r/20220924070737.3048-1-jszhang@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/mmu.h | 1 -
arch/riscv/kernel/vdso.c | 13 ++++++++++---
2 files changed, 10 insertions(+), 4 deletions(-)
--- a/arch/riscv/include/asm/mmu.h
+++ b/arch/riscv/include/asm/mmu.h
@@ -16,7 +16,6 @@ typedef struct {
atomic_long_t id;
#endif
void *vdso;
- void *vdso_info;
#ifdef CONFIG_SMP
/* A local icache flush is needed before user execution can resume. */
cpumask_t icache_stale_mask;
--- a/arch/riscv/kernel/vdso.c
+++ b/arch/riscv/kernel/vdso.c
@@ -60,6 +60,11 @@ struct __vdso_info {
struct vm_special_mapping *cm;
};
+static struct __vdso_info vdso_info;
+#ifdef CONFIG_COMPAT
+static struct __vdso_info compat_vdso_info;
+#endif
+
static int vdso_mremap(const struct vm_special_mapping *sm,
struct vm_area_struct *new_vma)
{
@@ -114,15 +119,18 @@ int vdso_join_timens(struct task_struct
{
struct mm_struct *mm = task->mm;
struct vm_area_struct *vma;
- struct __vdso_info *vdso_info = mm->context.vdso_info;
mmap_read_lock(mm);
for (vma = mm->mmap; vma; vma = vma->vm_next) {
unsigned long size = vma->vm_end - vma->vm_start;
- if (vma_is_special_mapping(vma, vdso_info->dm))
+ if (vma_is_special_mapping(vma, vdso_info.dm))
zap_page_range(vma, vma->vm_start, size);
+#ifdef CONFIG_COMPAT
+ if (vma_is_special_mapping(vma, compat_vdso_info.dm))
+ zap_page_range(vma, vma->vm_start, size);
+#endif
}
mmap_read_unlock(mm);
@@ -264,7 +272,6 @@ static int __setup_additional_pages(stru
vdso_base += VVAR_SIZE;
mm->context.vdso = (void *)vdso_base;
- mm->context.vdso_info = (void *)vdso_info;
ret =
_install_special_mapping(mm, vdso_base, vdso_text_len,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 062/862] riscv: Allow PROT_WRITE-only mmap()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 061/862] riscv: vdso: fix NULL deference in vdso_join_timens() when vfork Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 063/862] riscv: Make VM_WRITE imply VM_READ Greg Kroah-Hartman
` (814 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Atish Patra, Andrew Bresticker,
Palmer Dabbelt
From: Andrew Bresticker <abrestic@rivosinc.com>
commit 9e2e6042a7ec6504fe8e366717afa2f40cf16488 upstream.
Commit 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is
invalid") made mmap() return EINVAL if PROT_WRITE was set wihtout
PROT_READ with the justification that a write-only PTE is considered a
reserved PTE permission bit pattern in the privileged spec. This check
is unnecessary since we let VM_WRITE imply VM_READ on RISC-V, and it is
inconsistent with other architectures that don't support write-only PTEs,
creating a potential software portability issue. Just remove the check
altogether and let PROT_WRITE imply PROT_READ as is the case on other
architectures.
Note that this also allows PROT_WRITE|PROT_EXEC mappings which were
disallowed prior to the aforementioned commit; PROT_READ is implied in
such mappings as well.
Fixes: 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is invalid")
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Andrew Bresticker <abrestic@rivosinc.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220915193702.2201018-3-abrestic@rivosinc.com/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/kernel/sys_riscv.c | 3 ---
1 file changed, 3 deletions(-)
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -18,9 +18,6 @@ static long riscv_sys_mmap(unsigned long
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
- if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
- return -EINVAL;
-
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 063/862] riscv: Make VM_WRITE imply VM_READ
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 062/862] riscv: Allow PROT_WRITE-only mmap() Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 064/862] riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb Greg Kroah-Hartman
` (813 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Atish Patra, Andrew Bresticker,
Palmer Dabbelt
From: Andrew Bresticker <abrestic@rivosinc.com>
commit 7ab72c597356be1e7f0f3d856e54ce78527f43c8 upstream.
RISC-V does not presently have write-only mappings as that PTE bit pattern
is considered reserved in the privileged spec, so allow handling of read
faults in VMAs that have VM_WRITE without VM_READ in order to be consistent
with other architectures that have similar limitations.
Fixes: 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is invalid")
Reviewed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Andrew Bresticker <abrestic@rivosinc.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220915193702.2201018-2-abrestic@rivosinc.com/
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/mm/fault.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -184,7 +184,8 @@ static inline bool access_error(unsigned
}
break;
case EXC_LOAD_PAGE_FAULT:
- if (!(vma->vm_flags & VM_READ)) {
+ /* Write implies read */
+ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) {
return true;
}
break;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 064/862] riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 063/862] riscv: Make VM_WRITE imply VM_READ Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 065/862] riscv: Pass -mno-relax only on lld < 15.0.0 Greg Kroah-Hartman
` (812 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenting Zhang, Björn Töpel,
Conor Dooley, Palmer Dabbelt
From: Wenting Zhang <zephray@outlook.com>
commit 10f6913c548b32ecb73801a16b120e761c6957ea upstream.
When CONFIG_CMDLINE_FORCE is enabled, cmdline provided by
CONFIG_CMDLINE are always used. This allows CONFIG_CMDLINE to be
used regardless of the result of device tree scanning.
This especially fixes the case where a device tree without the
chosen node is supplied to the kernel. In such cases,
early_init_dt_scan would return true. But inside
early_init_dt_scan_chosen, the cmdline won't be updated as there
is no chosen node in the device tree. As a result, CONFIG_CMDLINE
is not copied into boot_command_line even if CONFIG_CMDLINE_FORCE
is enabled. This commit allows properly update boot_command_line
in this situation.
Fixes: 8fd6e05c7463 ("arch: riscv: support kernel command line forcing when no DTB passed")
Signed-off-by: Wenting Zhang <zephray@outlook.com>
Reviewed-by: Björn Töpel <bjorn@kernel.org>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/PSBPR04MB399135DFC54928AB958D0638B1829@PSBPR04MB3991.apcprd04.prod.outlook.com
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/kernel/setup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/riscv/kernel/setup.c
+++ b/arch/riscv/kernel/setup.c
@@ -252,10 +252,10 @@ static void __init parse_dtb(void)
pr_info("Machine model: %s\n", name);
dump_stack_set_arch_desc("%s (DT)", name);
}
- return;
+ } else {
+ pr_err("No DTB passed to the kernel\n");
}
- pr_err("No DTB passed to the kernel\n");
#ifdef CONFIG_CMDLINE_FORCE
strscpy(boot_command_line, CONFIG_CMDLINE, COMMAND_LINE_SIZE);
pr_info("Forcing kernel command line to: %s\n", boot_command_line);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 065/862] riscv: Pass -mno-relax only on lld < 15.0.0
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 064/862] riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 066/862] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
` (811 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fangrui Song, Nick Desaulniers,
Nathan Chancellor, Conor Dooley, Palmer Dabbelt
From: Fangrui Song <maskray@google.com>
commit 3cebf80e9a0d3adcb174053be32c88a640b3344b upstream.
lld since llvm:6611d58f5bbc ("[ELF] Relax R_RISCV_ALIGN"), which will be
included in the 15.0.0 release, has implemented some RISC-V linker
relaxation. -mno-relax is no longer needed in
KBUILD_CFLAGS/KBUILD_AFLAGS to suppress R_RISCV_ALIGN which older lld
can not handle:
ld.lld: error: capability.c:(.fixup+0x0): relocation R_RISCV_ALIGN
requires unimplemented linker relaxation; recompile with -mno-relax
but the .o is already compiled with -mno-relax
Signed-off-by: Fangrui Song <maskray@google.com>
Link: https://lore.kernel.org/r/20220710071117.446112-1-maskray@google.com/
Link: https://lore.kernel.org/r/20220918092933.19943-1-palmer@rivosinc.com
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/Makefile | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/riscv/Makefile
+++ b/arch/riscv/Makefile
@@ -37,6 +37,7 @@ else
endif
ifeq ($(CONFIG_LD_IS_LLD),y)
+ifeq ($(shell test $(CONFIG_LLD_VERSION) -lt 150000; echo $$?),0)
KBUILD_CFLAGS += -mno-relax
KBUILD_AFLAGS += -mno-relax
ifndef CONFIG_AS_IS_LLVM
@@ -44,6 +45,7 @@ ifndef CONFIG_AS_IS_LLVM
KBUILD_AFLAGS += -Wa,-mno-relax
endif
endif
+endif
# ISA string setting
riscv-march-$(CONFIG_ARCH_RV32I) := rv32ima
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 066/862] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 065/862] riscv: Pass -mno-relax only on lld < 15.0.0 Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 067/862] nvmem: core: Fix memleak in nvmem_register() Greg Kroah-Hartman
` (810 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Huacai Chen, Richard Weinberger
From: Huacai Chen <chenhuacai@loongson.cn>
commit 16c546e148fa6d14a019431436a6f7b4087dbccd upstream.
When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,
cpu_max_bits_warn() generates a runtime warning similar as below while
we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)
instead of NR_CPUS to iterate CPUs.
[ 3.052463] ------------[ cut here ]------------
[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0
[ 3.070072] Modules linked in: efivarfs autofs4
[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052
[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000
[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430
[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff
[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890
[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa
[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000
[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000
[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000
[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286
[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c
[ 3.195868] ...
[ 3.199917] Call Trace:
[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c
[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88
[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100
[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc
[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0
[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4
[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4
[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0
[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100
[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94
[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160
[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---
Cc: stable@vger.kernel.org
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/kernel/um_arch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/um/kernel/um_arch.c
+++ b/arch/um/kernel/um_arch.c
@@ -96,7 +96,7 @@ static int show_cpuinfo(struct seq_file
static void *c_start(struct seq_file *m, loff_t *pos)
{
- return *pos < NR_CPUS ? cpu_data + *pos : NULL;
+ return *pos < nr_cpu_ids ? cpu_data + *pos : NULL;
}
static void *c_next(struct seq_file *m, void *v, loff_t *pos)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 067/862] nvmem: core: Fix memleak in nvmem_register()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 066/862] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 068/862] nvme-multipath: fix possible hang in live ns resize with ANA access Greg Kroah-Hartman
` (809 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gaosheng Cui, Srinivas Kandagatla
From: Gaosheng Cui <cuigaosheng1@huawei.com>
commit bd1244561fa2a4531ded40dbf09c9599084f8b29 upstream.
dev_set_name will alloc memory for nvmem->dev.kobj.name in
nvmem_register, when nvmem_validate_keepouts failed, nvmem's
memory will be freed and return, but nobody will free memory
for nvmem->dev.kobj.name, there will be memleak, so moving
nvmem_validate_keepouts() after device_register() and let
the device core deal with cleaning name in error cases.
Fixes: de0534df9347 ("nvmem: core: fix error handling while validating keepout regions")
Cc: stable@vger.kernel.org
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220916120402.38753-1-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvmem/core.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -829,21 +829,18 @@ struct nvmem_device *nvmem_register(cons
nvmem->dev.groups = nvmem_dev_groups;
#endif
- if (nvmem->nkeepout) {
- rval = nvmem_validate_keepouts(nvmem);
- if (rval) {
- ida_free(&nvmem_ida, nvmem->id);
- kfree(nvmem);
- return ERR_PTR(rval);
- }
- }
-
dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);
rval = device_register(&nvmem->dev);
if (rval)
goto err_put_device;
+ if (nvmem->nkeepout) {
+ rval = nvmem_validate_keepouts(nvmem);
+ if (rval)
+ goto err_device_del;
+ }
+
if (config->compat) {
rval = nvmem_sysfs_setup_compat(nvmem, config);
if (rval)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 068/862] nvme-multipath: fix possible hang in live ns resize with ANA access
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 067/862] nvmem: core: Fix memleak in nvmem_register() Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 069/862] Revert "drm/amdgpu: use dirty framebuffer helper" Greg Kroah-Hartman
` (808 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yogev Cohen, Sagi Grimberg,
Christoph Hellwig
From: Sagi Grimberg <sagi@grimberg.me>
commit 72e3b8883a36e80ebfa41015c7b6926ce31ace05 upstream.
When we revalidate paths as part of ns size change (as of commit
e7d65803e2bb), it is possible that during the path revalidation, the
only paths that is IO capable (i.e. optimized/non-optimized) are the
ones that ns resize was not yet informed to the host, which will cause
inflight requests to be requeued (as we have available paths but none
are IO capable). These requests on the requeue list are waiting for
someone to resubmit them at some point.
The IO capable paths will eventually notify the ns resize change to the
host, but there is nothing that will kick the requeue list to resubmit
the queued requests.
Fix this by always kicking the requeue list, and if no IO capable path
exists, these requests will be queued again.
A typical log that indicates that IOs are requeued:
--
nvme nvme1: creating 4 I/O queues.
nvme nvme1: new ctrl: "testnqn1"
nvme nvme2: creating 4 I/O queues.
nvme nvme2: mapped 4/0/0 default/read/poll queues.
nvme nvme2: new ctrl: NQN "testnqn1", addr 127.0.0.1:8009
nvme nvme1: rescanning namespaces.
nvme1n1: detected capacity change from 2097152 to 4194304
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
block nvme1n1: no usable path - requeuing I/O
nvme nvme2: rescanning namespaces.
--
Reported-by: Yogev Cohen <yogev@lightbitslabs.com>
Fixes: e7d65803e2bb ("nvme-multipath: revalidate paths during rescan")
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Cc: <stable@vger.kernel.org> # v5.15+
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/multipath.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -182,6 +182,7 @@ void nvme_mpath_revalidate_paths(struct
for_each_node(node)
rcu_assign_pointer(head->current_path[node], NULL);
+ kblockd_schedule_work(&head->requeue_work);
}
static bool nvme_path_is_disabled(struct nvme_ns *ns)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 069/862] Revert "drm/amdgpu: use dirty framebuffer helper"
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 068/862] nvme-multipath: fix possible hang in live ns resize with ANA access Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 070/862] dm: verity-loadpin: Only trust verity targets with enforcement Greg Kroah-Hartman
` (807 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hamza Mahfooz, Alex Deucher
From: Hamza Mahfooz <hamza.mahfooz@amd.com>
commit 17d819e2828cacca2e4c909044eb9798ed379cd2 upstream.
This reverts commit 66f99628eb24409cb8feb5061f78283c8b65f820.
Unfortunately, that commit causes performance regressions on non-PSR
setups. So, just revert it until FB_DAMAGE_CLIPS support can be added.
Cc: stable@vger.kernel.org
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2189
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216554
Fixes: 66f99628eb2440 ("drm/amdgpu: use dirty framebuffer helper")
Fixes: abbc7a3dafb91b ("drm/amdgpu: don't register a dirty callback for non-atomic")
Signed-off-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c
@@ -38,8 +38,6 @@
#include <linux/pci.h>
#include <linux/pm_runtime.h>
#include <drm/drm_crtc_helper.h>
-#include <drm/drm_damage_helper.h>
-#include <drm/drm_drv.h>
#include <drm/drm_edid.h>
#include <drm/drm_gem_framebuffer_helper.h>
#include <drm/drm_fb_helper.h>
@@ -500,12 +498,6 @@ static const struct drm_framebuffer_func
.create_handle = drm_gem_fb_create_handle,
};
-static const struct drm_framebuffer_funcs amdgpu_fb_funcs_atomic = {
- .destroy = drm_gem_fb_destroy,
- .create_handle = drm_gem_fb_create_handle,
- .dirty = drm_atomic_helper_dirtyfb,
-};
-
uint32_t amdgpu_display_supported_domains(struct amdgpu_device *adev,
uint64_t bo_flags)
{
@@ -1108,10 +1100,8 @@ static int amdgpu_display_gem_fb_verify_
if (ret)
goto err;
- if (drm_drv_uses_atomic_modeset(dev))
- ret = drm_framebuffer_init(dev, &rfb->base, &amdgpu_fb_funcs_atomic);
- else
- ret = drm_framebuffer_init(dev, &rfb->base, &amdgpu_fb_funcs);
+ ret = drm_framebuffer_init(dev, &rfb->base, &amdgpu_fb_funcs);
+
if (ret)
goto err;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 070/862] dm: verity-loadpin: Only trust verity targets with enforcement
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 069/862] Revert "drm/amdgpu: use dirty framebuffer helper" Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 071/862] dmaengine: mxs: use platform_driver_register Greg Kroah-Hartman
` (806 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sarthak Kukreti, Matthias Kaehlcke,
Kees Cook
From: Matthias Kaehlcke <mka@chromium.org>
commit 916ef6232cc4b84db7082b4c3d3cf1753d9462ba upstream.
Verity targets can be configured to ignore corrupted data blocks.
LoadPin must only trust verity targets that are configured to
perform some kind of enforcement when data corruption is detected,
like returning an error, restarting the system or triggering a
panic.
Fixes: b6c1c5745ccc ("dm: Add verity helpers for LoadPin")
Reported-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220907133055.1.Ic8a1dafe960dc0f8302e189642bc88ebb785d274@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-verity-loadpin.c | 8 ++++++++
drivers/md/dm-verity-target.c | 16 ++++++++++++++++
drivers/md/dm-verity.h | 1 +
3 files changed, 25 insertions(+)
diff --git a/drivers/md/dm-verity-loadpin.c b/drivers/md/dm-verity-loadpin.c
index 387ec43aef72..4f78cc55c251 100644
--- a/drivers/md/dm-verity-loadpin.c
+++ b/drivers/md/dm-verity-loadpin.c
@@ -14,6 +14,7 @@ LIST_HEAD(dm_verity_loadpin_trusted_root_digests);
static bool is_trusted_verity_target(struct dm_target *ti)
{
+ int verity_mode;
u8 *root_digest;
unsigned int digest_size;
struct dm_verity_loadpin_trusted_root_digest *trd;
@@ -22,6 +23,13 @@ static bool is_trusted_verity_target(struct dm_target *ti)
if (!dm_is_verity_target(ti))
return false;
+ verity_mode = dm_verity_get_mode(ti);
+
+ if ((verity_mode != DM_VERITY_MODE_EIO) &&
+ (verity_mode != DM_VERITY_MODE_RESTART) &&
+ (verity_mode != DM_VERITY_MODE_PANIC))
+ return false;
+
if (dm_verity_get_root_digest(ti, &root_digest, &digest_size))
return false;
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 94b6cb599db4..8a00cc42e498 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -1446,6 +1446,22 @@ bool dm_is_verity_target(struct dm_target *ti)
return ti->type->module == THIS_MODULE;
}
+/*
+ * Get the verity mode (error behavior) of a verity target.
+ *
+ * Returns the verity mode of the target, or -EINVAL if 'ti' is not a verity
+ * target.
+ */
+int dm_verity_get_mode(struct dm_target *ti)
+{
+ struct dm_verity *v = ti->private;
+
+ if (!dm_is_verity_target(ti))
+ return -EINVAL;
+
+ return v->mode;
+}
+
/*
* Get the root digest of a verity target.
*
diff --git a/drivers/md/dm-verity.h b/drivers/md/dm-verity.h
index 45455de1b4bc..98f306ec6a33 100644
--- a/drivers/md/dm-verity.h
+++ b/drivers/md/dm-verity.h
@@ -134,6 +134,7 @@ extern int verity_hash_for_block(struct dm_verity *v, struct dm_verity_io *io,
sector_t block, u8 *digest, bool *is_zero);
extern bool dm_is_verity_target(struct dm_target *ti);
+extern int dm_verity_get_mode(struct dm_target *ti);
extern int dm_verity_get_root_digest(struct dm_target *ti, u8 **root_digest,
unsigned int *digest_size);
--
2.38.0
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 071/862] dmaengine: mxs: use platform_driver_register
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 070/862] dm: verity-loadpin: Only trust verity targets with enforcement Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 072/862] dmaengine: qcom-adm: fix wrong sizeof config in slave_config Greg Kroah-Hartman
` (805 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Trimarchi, Dario Binacchi,
Sascha Hauer, Vinod Koul
From: Dario Binacchi <dario.binacchi@amarulasolutions.com>
commit 26696d4657167112a1079f86cba1739765c1360e upstream.
Driver registration fails on SOC imx8mn as its supplier, the clock
control module, is probed later than subsys initcall level. This driver
uses platform_driver_probe which is not compatible with deferred probing
and won't be probed again later if probe function fails due to clock not
being available at that time.
This patch replaces the use of platform_driver_probe with
platform_driver_register which will allow probing the driver later again
when the clock control module will be available.
The __init annotation has been dropped because it is not compatible with
deferred probing. The code is not executed once and its memory cannot be
freed.
Fixes: a580b8c5429a ("dmaengine: mxs-dma: add dma support for i.MX23/28")
Co-developed-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20220921170556.1055962-1-dario.binacchi@amarulasolutions.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
---
drivers/dma/mxs-dma.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
--- a/drivers/dma/mxs-dma.c
+++ b/drivers/dma/mxs-dma.c
@@ -670,7 +670,7 @@ static enum dma_status mxs_dma_tx_status
return mxs_chan->status;
}
-static int __init mxs_dma_init(struct mxs_dma_engine *mxs_dma)
+static int mxs_dma_init(struct mxs_dma_engine *mxs_dma)
{
int ret;
@@ -741,7 +741,7 @@ static struct dma_chan *mxs_dma_xlate(st
ofdma->of_node);
}
-static int __init mxs_dma_probe(struct platform_device *pdev)
+static int mxs_dma_probe(struct platform_device *pdev)
{
struct device_node *np = pdev->dev.of_node;
const struct mxs_dma_type *dma_type;
@@ -839,10 +839,7 @@ static struct platform_driver mxs_dma_dr
.name = "mxs-dma",
.of_match_table = mxs_dma_dt_ids,
},
+ .probe = mxs_dma_probe,
};
-static int __init mxs_dma_module_init(void)
-{
- return platform_driver_probe(&mxs_dma_driver, mxs_dma_probe);
-}
-subsys_initcall(mxs_dma_module_init);
+builtin_platform_driver(mxs_dma_driver);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 072/862] dmaengine: qcom-adm: fix wrong sizeof config in slave_config
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 071/862] dmaengine: mxs: use platform_driver_register Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 073/862] dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg Greg Kroah-Hartman
` (804 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Marangi, Arnd Bergmann,
Dmitry Baryshkov, Vinod Koul
From: Christian Marangi <ansuelsmth@gmail.com>
commit 7c8765308371be30f50c1b5b97618b731514b207 upstream.
Fix broken slave_config function that uncorrectly compare the
peripheral_size with the size of the config pointer instead of the size
of the config struct. This cause the crci value to be ignored and cause
a kernel panic on any slave that use adm driver.
To fix this, compare to the size of the struct and NOT the size of the
pointer.
Fixes: 03de6b273805 ("dmaengine: qcom-adm: stop abusing slave_id config")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org # v5.17+
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20220915204844.3838-1-ansuelsmth@gmail.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/qcom/qcom_adm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma/qcom/qcom_adm.c
+++ b/drivers/dma/qcom/qcom_adm.c
@@ -494,7 +494,7 @@ static int adm_slave_config(struct dma_c
spin_lock_irqsave(&achan->vc.lock, flag);
memcpy(&achan->slave, cfg, sizeof(struct dma_slave_config));
- if (cfg->peripheral_size == sizeof(config))
+ if (cfg->peripheral_size == sizeof(*config))
achan->crci = config->crci;
spin_unlock_irqrestore(&achan->vc.lock, flag);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 073/862] dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 072/862] dmaengine: qcom-adm: fix wrong sizeof config in slave_config Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 074/862] drm/virtio: Check whether transferred 2D BO is shmem Greg Kroah-Hartman
` (803 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christian Marangi, Vinod Koul
From: Christian Marangi <ansuelsmth@gmail.com>
commit b9d2140c3badf4107973ad77c5a0ec3075705c85 upstream.
The calling convention for pre_slave_sg is to return NULL on error and
provide an error log to the system. Qcom-adm instead provide error
pointer when an error occur. This indirectly cause kernel panic for
example for the nandc driver that checks only if the pointer returned by
device_prep_slave_sg is not NULL. Returning an error pointer makes nandc
think the device_prep_slave_sg function correctly completed and makes
the kernel panics later in the code.
While nandc is the one that makes the kernel crash, it was pointed out
that the real problem is qcom-adm not following calling convention for
that function.
To fix this, drop returning error pointer and return NULL with an error
log.
Fixes: 03de6b273805 ("dmaengine: qcom-adm: stop abusing slave_id config")
Fixes: 5c9f8c2dbdbe ("dmaengine: qcom: Add ADM driver")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org # v5.11+
Link: https://lore.kernel.org/r/20220916041256.7104-1-ansuelsmth@gmail.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/qcom/qcom_adm.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
--- a/drivers/dma/qcom/qcom_adm.c
+++ b/drivers/dma/qcom/qcom_adm.c
@@ -379,13 +379,13 @@ static struct dma_async_tx_descriptor *a
if (blk_size < 0) {
dev_err(adev->dev, "invalid burst value: %d\n",
burst);
- return ERR_PTR(-EINVAL);
+ return NULL;
}
crci = achan->crci & 0xf;
if (!crci || achan->crci > 0x1f) {
dev_err(adev->dev, "invalid crci value\n");
- return ERR_PTR(-EINVAL);
+ return NULL;
}
}
@@ -403,8 +403,10 @@ static struct dma_async_tx_descriptor *a
}
async_desc = kzalloc(sizeof(*async_desc), GFP_NOWAIT);
- if (!async_desc)
- return ERR_PTR(-ENOMEM);
+ if (!async_desc) {
+ dev_err(adev->dev, "not enough memory for async_desc struct\n");
+ return NULL;
+ }
async_desc->mux = achan->mux ? ADM_CRCI_CTL_MUX_SEL : 0;
async_desc->crci = crci;
@@ -414,8 +416,10 @@ static struct dma_async_tx_descriptor *a
sizeof(*cple) + 2 * ADM_DESC_ALIGN;
async_desc->cpl = kzalloc(async_desc->dma_len, GFP_NOWAIT);
- if (!async_desc->cpl)
+ if (!async_desc->cpl) {
+ dev_err(adev->dev, "not enough memory for cpl struct\n");
goto free;
+ }
async_desc->adev = adev;
@@ -437,8 +441,10 @@ static struct dma_async_tx_descriptor *a
async_desc->dma_addr = dma_map_single(adev->dev, async_desc->cpl,
async_desc->dma_len,
DMA_TO_DEVICE);
- if (dma_mapping_error(adev->dev, async_desc->dma_addr))
+ if (dma_mapping_error(adev->dev, async_desc->dma_addr)) {
+ dev_err(adev->dev, "dma mapping error for cpl\n");
goto free;
+ }
cple_addr = async_desc->dma_addr + ((void *)cple - async_desc->cpl);
@@ -454,7 +460,7 @@ static struct dma_async_tx_descriptor *a
free:
kfree(async_desc);
- return ERR_PTR(-ENOMEM);
+ return NULL;
}
/**
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 074/862] drm/virtio: Check whether transferred 2D BO is shmem
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 073/862] dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 075/862] drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error Greg Kroah-Hartman
` (802 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emil Velikov, Dmitry Osipenko, Gerd Hoffmann
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit e473216b42aa1fd9fc6b94b608b42c210c655908 upstream.
Transferred 2D BO always must be a shmem BO. Add check for that to prevent
NULL dereference if userspace passes a VRAM BO.
Cc: stable@vger.kernel.org
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-3-dmitry.osipenko@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/virtio/virtgpu_vq.c
+++ b/drivers/gpu/drm/virtio/virtgpu_vq.c
@@ -597,7 +597,7 @@ void virtio_gpu_cmd_transfer_to_host_2d(
bool use_dma_api = !virtio_has_dma_quirk(vgdev->vdev);
struct virtio_gpu_object_shmem *shmem = to_virtio_gpu_shmem(bo);
- if (use_dma_api)
+ if (virtio_gpu_is_shmem(bo) && use_dma_api)
dma_sync_sgtable_for_device(vgdev->vdev->dev.parent,
shmem->pages, DMA_TO_DEVICE);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 075/862] drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 074/862] drm/virtio: Check whether transferred 2D BO is shmem Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 076/862] drm/virtio: Unlock reservations on dma_resv_reserve_fences() error Greg Kroah-Hartman
` (801 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emil Velikov, Dmitry Osipenko, Gerd Hoffmann
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit fdf0ff4d12cbcd76b53f27c96ce51ddca400884a upstream.
Unlock reservations in the error code path of virtio_gpu_object_create()
to silence debug warning splat produced by ww_mutex_destroy(&obj->lock)
when GEM is released with the held lock.
Cc: stable@vger.kernel.org
Fixes: 30172efbfb84 ("drm/virtio: blob prep: refactor getting pages and attaching backing")
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-4-dmitry.osipenko@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_object.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/virtio/virtgpu_object.c
+++ b/drivers/gpu/drm/virtio/virtgpu_object.c
@@ -248,6 +248,8 @@ int virtio_gpu_object_create(struct virt
ret = virtio_gpu_object_shmem_init(vgdev, bo, &ents, &nents);
if (ret != 0) {
+ if (fence)
+ virtio_gpu_array_unlock_resv(objs);
virtio_gpu_array_put_free(objs);
virtio_gpu_free_object(&shmem_obj->base);
return ret;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 076/862] drm/virtio: Unlock reservations on dma_resv_reserve_fences() error
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 075/862] drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 077/862] drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() Greg Kroah-Hartman
` (800 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Hellström,
Dmitry Osipenko, Gerd Hoffmann
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit 0f877398d30e1df657a31a62f7c7de1869b072b5 upstream.
Unlock reservations on dma_resv_reserve_fences() error to fix recursive
locking of the reservations when this error happens.
Cc: stable@vger.kernel.org
Fixes: c8d4c18bfbc4 ("dma-buf/drivers: make reserving a shared slot mandatory v4")
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-5-dmitry.osipenko@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_gem.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/virtio/virtgpu_gem.c
+++ b/drivers/gpu/drm/virtio/virtgpu_gem.c
@@ -228,8 +228,10 @@ int virtio_gpu_array_lock_resv(struct vi
for (i = 0; i < objs->nents; ++i) {
ret = dma_resv_reserve_fences(objs->objs[i]->resv, 1);
- if (ret)
+ if (ret) {
+ virtio_gpu_array_unlock_resv(objs);
return ret;
+ }
}
return ret;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 077/862] drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 076/862] drm/virtio: Unlock reservations on dma_resv_reserve_fences() error Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 078/862] drm/udl: Restore display mode on resume Greg Kroah-Hartman
` (799 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dmitry Osipenko, Gerd Hoffmann
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit 4656b3a26a9e9fe5f04bfd2ab55b066266ba7f4d upstream.
Make virtio_gpu_plane_cleanup_fb() to clean the state which DRM core
wants to clean up and not the current plane's state. Normally the older
atomic state is cleaned up, but the newer state could also be cleaned up
in case of aborted commits.
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-6-dmitry.osipenko@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_plane.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/virtio/virtgpu_plane.c
+++ b/drivers/gpu/drm/virtio/virtgpu_plane.c
@@ -266,14 +266,14 @@ static int virtio_gpu_plane_prepare_fb(s
}
static void virtio_gpu_plane_cleanup_fb(struct drm_plane *plane,
- struct drm_plane_state *old_state)
+ struct drm_plane_state *state)
{
struct virtio_gpu_framebuffer *vgfb;
- if (!plane->state->fb)
+ if (!state->fb)
return;
- vgfb = to_virtio_gpu_framebuffer(plane->state->fb);
+ vgfb = to_virtio_gpu_framebuffer(state->fb);
if (vgfb->fence) {
dma_fence_put(&vgfb->fence->f);
vgfb->fence = NULL;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 078/862] drm/udl: Restore display mode on resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 077/862] drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 079/862] arm64: mte: move register initialization to C Greg Kroah-Hartman
` (798 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Vetter, Takashi Iwai,
Thomas Zimmermann
From: Takashi Iwai <tiwai@suse.de>
commit 6d6e732835db92e66c28dbcf258a7e3d3c71420d upstream.
Restore the display mode whne resuming from suspend. Currently, the
display remains dark.
On resume, the CRTC's mode does not change, but the 'active' flag
changes to 'true'. Taking this into account when considering a mode
switch restores the display mode.
The bug is reproducable by using Gnome with udl and observing the
adapter's suspend/resume behavior.
Actually, the whole check added in udl_simple_display_pipe_enable()
about the crtc_state->mode_changed was bogus. We should drop the
whole check and always apply the mode change in this function.
[ tiwai -- Drop the mode_changed check entirely instead, per Daniel's
suggestion ]
Fixes: 997d33c35618 ("drm/udl: Inline DPMS code into CRTC enable and disable functions")
Cc: <stable@vger.kernel.org>
Suggested-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220908095115.23396-2-tiwai@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/udl/udl_modeset.c | 3 ---
1 file changed, 3 deletions(-)
--- a/drivers/gpu/drm/udl/udl_modeset.c
+++ b/drivers/gpu/drm/udl/udl_modeset.c
@@ -382,9 +382,6 @@ udl_simple_display_pipe_enable(struct dr
udl_handle_damage(fb, &shadow_plane_state->data[0], 0, 0, fb->width, fb->height);
- if (!crtc_state->mode_changed)
- return;
-
/* enable display */
udl_crtc_write_mode_to_hw(crtc);
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 079/862] arm64: mte: move register initialization to C
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 078/862] drm/udl: Restore display mode on resume Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 080/862] arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored Greg Kroah-Hartman
` (797 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Collingbourne,
Evgenii Stepanov, Catalin Marinas, kernel test robot
From: Peter Collingbourne <pcc@google.com>
commit 973b9e37330656dec719ede508e4dc40e5c2d80c upstream.
If FEAT_MTE2 is disabled via the arm64.nomte command line argument on a
CPU that claims to support FEAT_MTE2, the kernel will use Tagged Normal
in the MAIR. If we interpret arm64.nomte to mean that the CPU does not
in fact implement FEAT_MTE2, setting the system register like this may
lead to UNSPECIFIED behavior. Fix it by arranging for MAIR to be set
in the C function cpu_enable_mte which is called based on the sanitized
version of the system register.
There is no need for the rest of the MTE-related system register
initialization to happen from assembly, with the exception of TCR_EL1,
which must be set to include at least TBI1 because the secondary CPUs
access KASan-allocated data structures early. Therefore, make the TCR_EL1
initialization unconditional and move the rest of the initialization to
cpu_enable_mte so that we no longer have a dependency on the unsanitized
ID register value.
Co-developed-by: Evgenii Stepanov <eugenis@google.com>
Signed-off-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Evgenii Stepanov <eugenis@google.com>
Suggested-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 3b714d24ef17 ("arm64: mte: CPU feature detection and initial sysreg configuration")
Cc: <stable@vger.kernel.org> # 5.10.x
Link: https://lore.kernel.org/r/20220915222053.3484231-1-eugenis@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/mte.h | 5 ++++
arch/arm64/kernel/cpufeature.c | 3 +-
arch/arm64/kernel/mte.c | 51 +++++++++++++++++++++++++++++++++++++++++
arch/arm64/kernel/suspend.c | 2 +
arch/arm64/mm/proc.S | 46 ++++--------------------------------
5 files changed, 65 insertions(+), 42 deletions(-)
--- a/arch/arm64/include/asm/mte.h
+++ b/arch/arm64/include/asm/mte.h
@@ -42,7 +42,9 @@ void mte_sync_tags(pte_t old_pte, pte_t
void mte_copy_page_tags(void *kto, const void *kfrom);
void mte_thread_init_user(void);
void mte_thread_switch(struct task_struct *next);
+void mte_cpu_setup(void);
void mte_suspend_enter(void);
+void mte_suspend_exit(void);
long set_mte_ctrl(struct task_struct *task, unsigned long arg);
long get_mte_ctrl(struct task_struct *task);
int mte_ptrace_copy_tags(struct task_struct *child, long request,
@@ -72,6 +74,9 @@ static inline void mte_thread_switch(str
static inline void mte_suspend_enter(void)
{
}
+static inline void mte_suspend_exit(void)
+{
+}
static inline long set_mte_ctrl(struct task_struct *task, unsigned long arg)
{
return 0;
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2034,7 +2034,8 @@ static void bti_enable(const struct arm6
static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
{
sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_ATA | SCTLR_EL1_ATA0);
- isb();
+
+ mte_cpu_setup();
/*
* Clear the tags in the zero page. This needs to be done via the
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -285,6 +285,49 @@ void mte_thread_switch(struct task_struc
mte_check_tfsr_el1();
}
+void mte_cpu_setup(void)
+{
+ u64 rgsr;
+
+ /*
+ * CnP must be enabled only after the MAIR_EL1 register has been set
+ * up. Inconsistent MAIR_EL1 between CPUs sharing the same TLB may
+ * lead to the wrong memory type being used for a brief window during
+ * CPU power-up.
+ *
+ * CnP is not a boot feature so MTE gets enabled before CnP, but let's
+ * make sure that is the case.
+ */
+ BUG_ON(read_sysreg(ttbr0_el1) & TTBR_CNP_BIT);
+ BUG_ON(read_sysreg(ttbr1_el1) & TTBR_CNP_BIT);
+
+ /* Normal Tagged memory type at the corresponding MAIR index */
+ sysreg_clear_set(mair_el1,
+ MAIR_ATTRIDX(MAIR_ATTR_MASK, MT_NORMAL_TAGGED),
+ MAIR_ATTRIDX(MAIR_ATTR_NORMAL_TAGGED,
+ MT_NORMAL_TAGGED));
+
+ write_sysreg_s(KERNEL_GCR_EL1, SYS_GCR_EL1);
+
+ /*
+ * If GCR_EL1.RRND=1 is implemented the same way as RRND=0, then
+ * RGSR_EL1.SEED must be non-zero for IRG to produce
+ * pseudorandom numbers. As RGSR_EL1 is UNKNOWN out of reset, we
+ * must initialize it.
+ */
+ rgsr = (read_sysreg(CNTVCT_EL0) & SYS_RGSR_EL1_SEED_MASK) <<
+ SYS_RGSR_EL1_SEED_SHIFT;
+ if (rgsr == 0)
+ rgsr = 1 << SYS_RGSR_EL1_SEED_SHIFT;
+ write_sysreg_s(rgsr, SYS_RGSR_EL1);
+
+ /* clear any pending tag check faults in TFSR*_EL1 */
+ write_sysreg_s(0, SYS_TFSR_EL1);
+ write_sysreg_s(0, SYS_TFSRE0_EL1);
+
+ local_flush_tlb_all();
+}
+
void mte_suspend_enter(void)
{
if (!system_supports_mte())
@@ -301,6 +344,14 @@ void mte_suspend_enter(void)
mte_check_tfsr_el1();
}
+void mte_suspend_exit(void)
+{
+ if (!system_supports_mte())
+ return;
+
+ mte_cpu_setup();
+}
+
long set_mte_ctrl(struct task_struct *task, unsigned long arg)
{
u64 mte_ctrl = (~((arg & PR_MTE_TAG_MASK) >> PR_MTE_TAG_SHIFT) &
--- a/arch/arm64/kernel/suspend.c
+++ b/arch/arm64/kernel/suspend.c
@@ -43,6 +43,8 @@ void notrace __cpu_suspend_exit(void)
{
unsigned int cpu = smp_processor_id();
+ mte_suspend_exit();
+
/*
* We are resuming from reset with the idmap active in TTBR0_EL1.
* We must uninstall the idmap and restore the expected MMU
--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -48,17 +48,19 @@
#ifdef CONFIG_KASAN_HW_TAGS
#define TCR_MTE_FLAGS TCR_TCMA1 | TCR_TBI1 | TCR_TBID1
-#else
+#elif defined(CONFIG_ARM64_MTE)
/*
* The mte_zero_clear_page_tags() implementation uses DC GZVA, which relies on
* TBI being enabled at EL1.
*/
#define TCR_MTE_FLAGS TCR_TBI1 | TCR_TBID1
+#else
+#define TCR_MTE_FLAGS 0
#endif
/*
* Default MAIR_EL1. MT_NORMAL_TAGGED is initially mapped as Normal memory and
- * changed during __cpu_setup to Normal Tagged if the system supports MTE.
+ * changed during mte_cpu_setup to Normal Tagged if the system supports MTE.
*/
#define MAIR_EL1_SET \
(MAIR_ATTRIDX(MAIR_ATTR_DEVICE_nGnRnE, MT_DEVICE_nGnRnE) | \
@@ -426,46 +428,8 @@ SYM_FUNC_START(__cpu_setup)
mov_q mair, MAIR_EL1_SET
mov_q tcr, TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \
TCR_TG_FLAGS | TCR_KASLR_FLAGS | TCR_ASID16 | \
- TCR_TBI0 | TCR_A1 | TCR_KASAN_SW_FLAGS
-
-#ifdef CONFIG_ARM64_MTE
- /*
- * Update MAIR_EL1, GCR_EL1 and TFSR*_EL1 if MTE is supported
- * (ID_AA64PFR1_EL1[11:8] > 1).
- */
- mrs x10, ID_AA64PFR1_EL1
- ubfx x10, x10, #ID_AA64PFR1_MTE_SHIFT, #4
- cmp x10, #ID_AA64PFR1_MTE
- b.lt 1f
-
- /* Normal Tagged memory type at the corresponding MAIR index */
- mov x10, #MAIR_ATTR_NORMAL_TAGGED
- bfi mair, x10, #(8 * MT_NORMAL_TAGGED), #8
+ TCR_TBI0 | TCR_A1 | TCR_KASAN_SW_FLAGS | TCR_MTE_FLAGS
- mov x10, #KERNEL_GCR_EL1
- msr_s SYS_GCR_EL1, x10
-
- /*
- * If GCR_EL1.RRND=1 is implemented the same way as RRND=0, then
- * RGSR_EL1.SEED must be non-zero for IRG to produce
- * pseudorandom numbers. As RGSR_EL1 is UNKNOWN out of reset, we
- * must initialize it.
- */
- mrs x10, CNTVCT_EL0
- ands x10, x10, #SYS_RGSR_EL1_SEED_MASK
- csinc x10, x10, xzr, ne
- lsl x10, x10, #SYS_RGSR_EL1_SEED_SHIFT
- msr_s SYS_RGSR_EL1, x10
-
- /* clear any pending tag check faults in TFSR*_EL1 */
- msr_s SYS_TFSR_EL1, xzr
- msr_s SYS_TFSRE0_EL1, xzr
-
- /* set the TCR_EL1 bits */
- mov_q x10, TCR_MTE_FLAGS
- orr tcr, tcr, x10
-1:
-#endif
tcr_clear_errata_bits tcr, x9, x5
#ifdef CONFIG_ARM64_VA_BITS_52
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 080/862] arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 079/862] arm64: mte: move register initialization to C Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 081/862] arm64: errata: Add Cortex-A55 to the repeat tlbi list Greg Kroah-Hartman
` (796 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Catalin Marinas,
syzbot+c2c79c6d6eddc5262b77, Steven Price, Andrey Konovalov,
Vincenzo Frascino, Will Deacon
From: Catalin Marinas <catalin.marinas@arm.com>
commit a8e5e5146ad08d794c58252bab00b261045ef16d upstream.
Prior to commit 69e3b846d8a7 ("arm64: mte: Sync tags for pages where PTE
is untagged"), mte_sync_tags() was only called for pte_tagged() entries
(those mapped with PROT_MTE). Therefore mte_sync_tags() could safely use
test_and_set_bit(PG_mte_tagged, &page->flags) without inadvertently
setting PG_mte_tagged on an untagged page.
The above commit was required as guests may enable MTE without any
control at the stage 2 mapping, nor a PROT_MTE mapping in the VMM.
However, the side-effect was that any page with a PTE that looked like
swap (or migration) was getting PG_mte_tagged set automatically. A
subsequent page copy (e.g. migration) copied the tags to the destination
page even if the tags were owned by KASAN.
This issue was masked by the page_kasan_tag_reset() call introduced in
commit e5b8d9218951 ("arm64: mte: reset the page tag in page->flags").
When this commit was reverted (20794545c146), KASAN started reporting
access faults because the overriding tags in a page did not match the
original page->flags (with CONFIG_KASAN_HW_TAGS=y):
BUG: KASAN: invalid-access in copy_page+0x10/0xd0 arch/arm64/lib/copy_page.S:26
Read at addr f5ff000017f2e000 by task syz-executor.1/2218
Pointer tag: [f5], memory tag: [f2]
Move the PG_mte_tagged bit setting from mte_sync_tags() to the actual
place where tags are cleared (mte_sync_page_tags()) or restored
(mte_restore_tags()).
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: syzbot+c2c79c6d6eddc5262b77@syzkaller.appspotmail.com
Fixes: 69e3b846d8a7 ("arm64: mte: Sync tags for pages where PTE is untagged")
Cc: <stable@vger.kernel.org> # 5.14.x
Cc: Steven Price <steven.price@arm.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/0000000000004387dc05e5888ae5@google.com/
Reviewed-by: Steven Price <steven.price@arm.com>
Link: https://lore.kernel.org/r/20221006163354.3194102-1-catalin.marinas@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/mte.c | 9 +++++++--
arch/arm64/mm/mteswap.c | 7 ++++++-
2 files changed, 13 insertions(+), 3 deletions(-)
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -48,7 +48,12 @@ static void mte_sync_page_tags(struct pa
if (!pte_is_tagged)
return;
- mte_clear_page_tags(page_address(page));
+ /*
+ * Test PG_mte_tagged again in case it was racing with another
+ * set_pte_at().
+ */
+ if (!test_and_set_bit(PG_mte_tagged, &page->flags))
+ mte_clear_page_tags(page_address(page));
}
void mte_sync_tags(pte_t old_pte, pte_t pte)
@@ -64,7 +69,7 @@ void mte_sync_tags(pte_t old_pte, pte_t
/* if PG_mte_tagged is set, tags have already been initialised */
for (i = 0; i < nr_pages; i++, page++) {
- if (!test_and_set_bit(PG_mte_tagged, &page->flags))
+ if (!test_bit(PG_mte_tagged, &page->flags))
mte_sync_page_tags(page, old_pte, check_swap,
pte_is_tagged);
}
--- a/arch/arm64/mm/mteswap.c
+++ b/arch/arm64/mm/mteswap.c
@@ -53,7 +53,12 @@ bool mte_restore_tags(swp_entry_t entry,
if (!tags)
return false;
- mte_restore_page_tags(page_address(page), tags);
+ /*
+ * Test PG_mte_tagged again in case it was racing with another
+ * set_pte_at().
+ */
+ if (!test_and_set_bit(PG_mte_tagged, &page->flags))
+ mte_restore_page_tags(page_address(page), tags);
return true;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 081/862] arm64: errata: Add Cortex-A55 to the repeat tlbi list
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 080/862] arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 082/862] clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value Greg Kroah-Hartman
` (795 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, James Morse, Catalin Marinas
From: James Morse <james.morse@arm.com>
commit 171df58028bf4649460fb146a56a58dcb0c8f75a upstream.
Cortex-A55 is affected by an erratum where in rare circumstances the
CPUs may not handle a race between a break-before-make sequence on one
CPU, and another CPU accessing the same page. This could allow a store
to a page that has been unmapped.
Work around this by adding the affected CPUs to the list that needs
TLB sequences to be done twice.
Signed-off-by: James Morse <james.morse@arm.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220930131959.3082594-1-james.morse@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/arm64/silicon-errata.rst | 2 ++
arch/arm64/Kconfig | 17 +++++++++++++++++
arch/arm64/kernel/cpu_errata.c | 5 +++++
3 files changed, 24 insertions(+)
--- a/Documentation/arm64/silicon-errata.rst
+++ b/Documentation/arm64/silicon-errata.rst
@@ -76,6 +76,8 @@ stable kernels.
+----------------+-----------------+-----------------+-----------------------------+
| ARM | Cortex-A55 | #1530923 | ARM64_ERRATUM_1530923 |
+----------------+-----------------+-----------------+-----------------------------+
+| ARM | Cortex-A55 | #2441007 | ARM64_ERRATUM_2441007 |
++----------------+-----------------+-----------------+-----------------------------+
| ARM | Cortex-A57 | #832075 | ARM64_ERRATUM_832075 |
+----------------+-----------------+-----------------+-----------------------------+
| ARM | Cortex-A57 | #852523 | N/A |
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -632,6 +632,23 @@ config ARM64_ERRATUM_1530923
config ARM64_WORKAROUND_REPEAT_TLBI
bool
+config ARM64_ERRATUM_2441007
+ bool "Cortex-A55: Completion of affected memory accesses might not be guaranteed by completion of a TLBI"
+ default y
+ select ARM64_WORKAROUND_REPEAT_TLBI
+ help
+ This option adds a workaround for ARM Cortex-A55 erratum #2441007.
+
+ Under very rare circumstances, affected Cortex-A55 CPUs
+ may not handle a race between a break-before-make sequence on one
+ CPU, and another CPU accessing the same page. This could allow a
+ store to a page that has been unmapped.
+
+ Work around this by adding the affected CPUs to the list that needs
+ TLB sequences to be done twice.
+
+ If unsure, say Y.
+
config ARM64_ERRATUM_1286807
bool "Cortex-A76: Modification of the translation table for a virtual address might lead to read-after-read ordering violation"
default y
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -214,6 +214,11 @@ static const struct arm64_cpu_capabiliti
ERRATA_MIDR_RANGE(MIDR_QCOM_KRYO_4XX_GOLD, 0xc, 0xe, 0xf, 0xe),
},
#endif
+#ifdef CONFIG_ARM64_ERRATUM_2441007
+ {
+ ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A55),
+ },
+#endif
#ifdef CONFIG_ARM64_ERRATUM_2441009
{
/* Cortex-A510 r0p0 -> r1p1. Fixed in r1p2 */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 082/862] clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 081/862] arm64: errata: Add Cortex-A55 to the repeat tlbi list Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 083/862] mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page Greg Kroah-Hartman
` (794 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Lezcano, Thomas Gleixner,
Marc Zyngier, Mark Rutland, Yang Guo, Shaokun Zhang
From: Yang Guo <guoyang2@huawei.com>
commit af246cc6d0ed11318223606128bb0b09866c4c08 upstream.
CNTPCT_LO and CNTVCT_LO are defined by mistake in commit '8b82c4f883a7',
so fix them according to the Arm ARM DDI 0487I.a, Table I2-4
"CNTBaseN memory map" as follows:
Offset Register Type Description
0x000 CNTPCT[31:0] RO Physical Count register.
0x004 CNTPCT[63:32] RO
0x008 CNTVCT[31:0] RO Virtual Count register.
0x00C CNTVCT[63:32] RO
Fixes: 8b82c4f883a7 ("clocksource/drivers/arm_arch_timer: Move MMIO timer programming over to CVAL")
Cc: stable@vger.kernel.org
Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Yang Guo <guoyang2@huawei.com>
Signed-off-by: Shaokun Zhang <zhangshaokun@hisilicon.com>
Link: https://lore.kernel.org/r/20220927033221.49589-1-zhangshaokun@hisilicon.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clocksource/arm_arch_timer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/clocksource/arm_arch_timer.c
+++ b/drivers/clocksource/arm_arch_timer.c
@@ -44,8 +44,8 @@
#define CNTACR_RWVT BIT(4)
#define CNTACR_RWPT BIT(5)
-#define CNTVCT_LO 0x00
-#define CNTPCT_LO 0x08
+#define CNTPCT_LO 0x00
+#define CNTVCT_LO 0x08
#define CNTFRQ 0x10
#define CNTP_CVAL_LO 0x20
#define CNTP_CTL 0x2c
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 083/862] mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 082/862] clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 084/862] mm/damon: validate if the pmd entry is present before accessing Greg Kroah-Hartman
` (793 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baolin Wang, Mike Kravetz,
David Hildenbrand, Muchun Song, Andrew Morton
From: Baolin Wang <baolin.wang@linux.alibaba.com>
commit fac35ba763ed07ba93154c95ffc0c4a55023707f upstream.
On some architectures (like ARM64), it can support CONT-PTE/PMD size
hugetlb, which means it can support not only PMD/PUD size hugetlb (2M and
1G), but also CONT-PTE/PMD size(64K and 32M) if a 4K page size specified.
So when looking up a CONT-PTE size hugetlb page by follow_page(), it will
use pte_offset_map_lock() to get the pte entry lock for the CONT-PTE size
hugetlb in follow_page_pte(). However this pte entry lock is incorrect
for the CONT-PTE size hugetlb, since we should use huge_pte_lock() to get
the correct lock, which is mm->page_table_lock.
That means the pte entry of the CONT-PTE size hugetlb under current pte
lock is unstable in follow_page_pte(), we can continue to migrate or
poison the pte entry of the CONT-PTE size hugetlb, which can cause some
potential race issues, even though they are under the 'pte lock'.
For example, suppose thread A is trying to look up a CONT-PTE size hugetlb
page by move_pages() syscall under the lock, however antoher thread B can
migrate the CONT-PTE hugetlb page at the same time, which will cause
thread A to get an incorrect page, if thread A also wants to do page
migration, then data inconsistency error occurs.
Moreover we have the same issue for CONT-PMD size hugetlb in
follow_huge_pmd().
To fix above issues, rename the follow_huge_pmd() as follow_huge_pmd_pte()
to handle PMD and PTE level size hugetlb, which uses huge_pte_lock() to
get the correct pte entry lock to make the pte entry stable.
Mike said:
Support for CONT_PMD/_PTE was added with bb9dd3df8ee9 ("arm64: hugetlb:
refactor find_num_contig()"). Patch series "Support for contiguous pte
hugepages", v4. However, I do not believe these code paths were
executed until migration support was added with 5480280d3f2d ("arm64/mm:
enable HugeTLB migration for contiguous bit HugeTLB pages") I would go
with 5480280d3f2d for the Fixes: targe.
Link: https://lkml.kernel.org/r/635f43bdd85ac2615a58405da82b4d33c6e5eb05.1662017562.git.baolin.wang@linux.alibaba.com
Fixes: 5480280d3f2d ("arm64/mm: enable HugeTLB migration for contiguous bit HugeTLB pages")
Signed-off-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Suggested-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/hugetlb.h | 8 ++++----
mm/gup.c | 14 +++++++++++++-
mm/hugetlb.c | 27 +++++++++++++--------------
3 files changed, 30 insertions(+), 19 deletions(-)
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -207,8 +207,8 @@ struct page *follow_huge_addr(struct mm_
struct page *follow_huge_pd(struct vm_area_struct *vma,
unsigned long address, hugepd_t hpd,
int flags, int pdshift);
-struct page *follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int flags);
+struct page *follow_huge_pmd_pte(struct vm_area_struct *vma, unsigned long address,
+ int flags);
struct page *follow_huge_pud(struct mm_struct *mm, unsigned long address,
pud_t *pud, int flags);
struct page *follow_huge_pgd(struct mm_struct *mm, unsigned long address,
@@ -312,8 +312,8 @@ static inline struct page *follow_huge_p
return NULL;
}
-static inline struct page *follow_huge_pmd(struct mm_struct *mm,
- unsigned long address, pmd_t *pmd, int flags)
+static inline struct page *follow_huge_pmd_pte(struct vm_area_struct *vma,
+ unsigned long address, int flags)
{
return NULL;
}
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -530,6 +530,18 @@ static struct page *follow_page_pte(stru
if (WARN_ON_ONCE((flags & (FOLL_PIN | FOLL_GET)) ==
(FOLL_PIN | FOLL_GET)))
return ERR_PTR(-EINVAL);
+
+ /*
+ * Considering PTE level hugetlb, like continuous-PTE hugetlb on
+ * ARM64 architecture.
+ */
+ if (is_vm_hugetlb_page(vma)) {
+ page = follow_huge_pmd_pte(vma, address, flags);
+ if (page)
+ return page;
+ return no_page_table(vma, flags);
+ }
+
retry:
if (unlikely(pmd_bad(*pmd)))
return no_page_table(vma, flags);
@@ -662,7 +674,7 @@ static struct page *follow_pmd_mask(stru
if (pmd_none(pmdval))
return no_page_table(vma, flags);
if (pmd_huge(pmdval) && is_vm_hugetlb_page(vma)) {
- page = follow_huge_pmd(mm, address, pmd, flags);
+ page = follow_huge_pmd_pte(vma, address, flags);
if (page)
return page;
return no_page_table(vma, flags);
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -6946,12 +6946,13 @@ follow_huge_pd(struct vm_area_struct *vm
}
struct page * __weak
-follow_huge_pmd(struct mm_struct *mm, unsigned long address,
- pmd_t *pmd, int flags)
+follow_huge_pmd_pte(struct vm_area_struct *vma, unsigned long address, int flags)
{
+ struct hstate *h = hstate_vma(vma);
+ struct mm_struct *mm = vma->vm_mm;
struct page *page = NULL;
spinlock_t *ptl;
- pte_t pte;
+ pte_t *ptep, pte;
/*
* FOLL_PIN is not supported for follow_page(). Ordinary GUP goes via
@@ -6961,17 +6962,15 @@ follow_huge_pmd(struct mm_struct *mm, un
return NULL;
retry:
- ptl = pmd_lockptr(mm, pmd);
- spin_lock(ptl);
- /*
- * make sure that the address range covered by this pmd is not
- * unmapped from other threads.
- */
- if (!pmd_huge(*pmd))
- goto out;
- pte = huge_ptep_get((pte_t *)pmd);
+ ptep = huge_pte_offset(mm, address, huge_page_size(h));
+ if (!ptep)
+ return NULL;
+
+ ptl = huge_pte_lock(h, mm, ptep);
+ pte = huge_ptep_get(ptep);
if (pte_present(pte)) {
- page = pmd_page(*pmd) + ((address & ~PMD_MASK) >> PAGE_SHIFT);
+ page = pte_page(pte) +
+ ((address & ~huge_page_mask(h)) >> PAGE_SHIFT);
/*
* try_grab_page() should always succeed here, because: a) we
* hold the pmd (ptl) lock, and b) we've just checked that the
@@ -6987,7 +6986,7 @@ retry:
} else {
if (is_hugetlb_entry_migration(pte)) {
spin_unlock(ptl);
- __migration_entry_wait_huge((pte_t *)pmd, ptl);
+ __migration_entry_wait_huge(ptep, ptl);
goto retry;
}
/*
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 084/862] mm/damon: validate if the pmd entry is present before accessing
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 083/862] mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 085/862] mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in Greg Kroah-Hartman
` (792 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baolin Wang, SeongJae Park,
Muchun Song, Mike Kravetz, Andrew Morton
From: Baolin Wang <baolin.wang@linux.alibaba.com>
commit c8b9aff419303e4d4219b5ff64b1c7e062dee48e upstream.
pmd_huge() is used to validate if the pmd entry is mapped by a huge page,
also including the case of non-present (migration or hwpoisoned) pmd entry
on arm64 or x86 architectures. This means that pmd_pfn() can not get the
correct pfn number for a non-present pmd entry, which will cause
damon_get_page() to get an incorrect page struct (also may be NULL by
pfn_to_online_page()), making the access statistics incorrect.
This means that the DAMON may make incorrect decision according to the
incorrect statistics, for example, DAMON may can not reclaim cold page
in time due to this cold page was regarded as accessed mistakenly if
DAMOS_PAGEOUT operation is specified.
Moreover it does not make sense that we still waste time to get the page
of the non-present entry. Just treat it as not-accessed and skip it,
which maintains consistency with non-present pte level entries.
So add pmd entry present validation to fix the above issues.
Link: https://lkml.kernel.org/r/58b1d1f5fbda7db49ca886d9ef6783e3dcbbbc98.1660805030.git.baolin.wang@linux.alibaba.com
Fixes: 3f49584b262c ("mm/damon: implement primitives for the virtual memory address spaces")
Signed-off-by: Baolin Wang <baolin.wang@linux.alibaba.com>
Reviewed-by: SeongJae Park <sj@kernel.org>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/damon/vaddr.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/mm/damon/vaddr.c
+++ b/mm/damon/vaddr.c
@@ -304,6 +304,11 @@ static int damon_mkold_pmd_entry(pmd_t *
if (pmd_huge(*pmd)) {
ptl = pmd_lock(walk->mm, pmd);
+ if (!pmd_present(*pmd)) {
+ spin_unlock(ptl);
+ return 0;
+ }
+
if (pmd_huge(*pmd)) {
damon_pmdp_mkold(pmd, walk->mm, addr);
spin_unlock(ptl);
@@ -431,6 +436,11 @@ static int damon_young_pmd_entry(pmd_t *
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
if (pmd_huge(*pmd)) {
ptl = pmd_lock(walk->mm, pmd);
+ if (!pmd_present(*pmd)) {
+ spin_unlock(ptl);
+ return 0;
+ }
+
if (!pmd_huge(*pmd)) {
spin_unlock(ptl);
goto regular_page;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 085/862] mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 084/862] mm/damon: validate if the pmd entry is present before accessing Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 086/862] mm/mmap: undo ->mmap() when arch_validate_flags() fails Greg Kroah-Hartman
` (791 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Xu,
syzbot+2b9b4f0895be09a6dec3, Axel Rasmussen, Brian Geffon,
Edward Liaw, Liu Shixin, Mike Kravetz, Andrew Morton
From: Peter Xu <peterx@redhat.com>
commit 515778e2d790652a38a24554fdb7f21420d91efc upstream.
When PTE_MARKER_UFFD_WP not configured, it's still possible to reach pte
marker code and trigger an warning. Add a few CONFIG_PTE_MARKER_UFFD_WP
ifdefs to make sure the code won't be reached when not compiled in.
Link: https://lkml.kernel.org/r/YzeR+R6b4bwBlBHh@x1n
Fixes: b1f9e876862d ("mm/uffd: enable write protection for shmem & hugetlbfs")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reported-by: <syzbot+2b9b4f0895be09a6dec3@syzkaller.appspotmail.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Brian Geffon <bgeffon@google.com>
Cc: Edward Liaw <edliaw@google.com>
Cc: Liu Shixin <liushixin2@huawei.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 4 ++++
mm/memory.c | 2 ++
mm/mprotect.c | 2 ++
3 files changed, 8 insertions(+)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5059,6 +5059,7 @@ static void __unmap_hugepage_range(struc
* unmapped and its refcount is dropped, so just clear pte here.
*/
if (unlikely(!pte_present(pte))) {
+#ifdef CONFIG_PTE_MARKER_UFFD_WP
/*
* If the pte was wr-protected by uffd-wp in any of the
* swap forms, meanwhile the caller does not want to
@@ -5070,6 +5071,7 @@ static void __unmap_hugepage_range(struc
set_huge_pte_at(mm, address, ptep,
make_pte_marker(PTE_MARKER_UFFD_WP));
else
+#endif
huge_pte_clear(mm, address, ptep, sz);
spin_unlock(ptl);
continue;
@@ -5098,11 +5100,13 @@ static void __unmap_hugepage_range(struc
tlb_remove_huge_tlb_entry(h, tlb, ptep, address);
if (huge_pte_dirty(pte))
set_page_dirty(page);
+#ifdef CONFIG_PTE_MARKER_UFFD_WP
/* Leave a uffd-wp pte marker if needed */
if (huge_pte_uffd_wp(pte) &&
!(zap_flags & ZAP_FLAG_DROP_MARKER))
set_huge_pte_at(mm, address, ptep,
make_pte_marker(PTE_MARKER_UFFD_WP));
+#endif
hugetlb_count_sub(pages_per_huge_page(h), mm);
page_remove_rmap(page, vma, true);
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1393,10 +1393,12 @@ zap_install_uffd_wp_if_needed(struct vm_
unsigned long addr, pte_t *pte,
struct zap_details *details, pte_t pteval)
{
+#ifdef CONFIG_PTE_MARKER_UFFD_WP
if (zap_drop_file_uffd_wp(details))
return;
pte_install_uffd_wp_if_needed(vma, addr, pte, pteval);
+#endif
}
static unsigned long zap_pte_range(struct mmu_gather *tlb,
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -260,6 +260,7 @@ static unsigned long change_pte_range(st
} else {
/* It must be an none page, or what else?.. */
WARN_ON_ONCE(!pte_none(oldpte));
+#ifdef CONFIG_PTE_MARKER_UFFD_WP
if (unlikely(uffd_wp && !vma_is_anonymous(vma))) {
/*
* For file-backed mem, we need to be able to
@@ -271,6 +272,7 @@ static unsigned long change_pte_range(st
make_pte_marker(PTE_MARKER_UFFD_WP));
pages++;
}
+#endif
}
} while (pte++, addr += PAGE_SIZE, addr != end);
arch_leave_lazy_mmu_mode();
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 086/862] mm/mmap: undo ->mmap() when arch_validate_flags() fails
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 085/862] mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 087/862] xen/gntdev: Prevent leaking grants Greg Kroah-Hartman
` (790 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Carlos Llamas, Catalin Marinas,
Andrii Nakryiko, Liam Howlett, Christian Brauner (Microsoft),
Michal Hocko, Suren Baghdasaryan, Andrew Morton
From: Carlos Llamas <cmllamas@google.com>
commit deb0f6562884b5b4beb883d73e66a7d3a1b96d99 upstream.
Commit c462ac288f2c ("mm: Introduce arch_validate_flags()") added a late
check in mmap_region() to let architectures validate vm_flags. The check
needs to happen after calling ->mmap() as the flags can potentially be
modified during this callback.
If arch_validate_flags() check fails we unmap and free the vma. However,
the error path fails to undo the ->mmap() call that previously succeeded
and depending on the specific ->mmap() implementation this translates to
reference increments, memory allocations and other operations what will
not be cleaned up.
There are several places (mainly device drivers) where this is an issue.
However, one specific example is bpf_map_mmap() which keeps count of the
mappings in map->writecnt. The count is incremented on ->mmap() and then
decremented on vm_ops->close(). When arch_validate_flags() fails this
count is off since bpf_map_mmap_close() is never called.
One can reproduce this issue in arm64 devices with MTE support. Here the
vm_flags are checked to only allow VM_MTE if VM_MTE_ALLOWED has been set
previously. From userspace then is enough to pass the PROT_MTE flag to
mmap() syscall to trigger the arch_validate_flags() failure.
The following program reproduces this issue:
#include <stdio.h>
#include <unistd.h>
#include <linux/unistd.h>
#include <linux/bpf.h>
#include <sys/mman.h>
int main(void)
{
union bpf_attr attr = {
.map_type = BPF_MAP_TYPE_ARRAY,
.key_size = sizeof(int),
.value_size = sizeof(long long),
.max_entries = 256,
.map_flags = BPF_F_MMAPABLE,
};
int fd;
fd = syscall(__NR_bpf, BPF_MAP_CREATE, &attr, sizeof(attr));
mmap(NULL, 4096, PROT_WRITE | PROT_MTE, MAP_SHARED, fd, 0);
return 0;
}
By manually adding some log statements to the vm_ops callbacks we can
confirm that when passing PROT_MTE to mmap() the map->writecnt is off upon
->release():
With PROT_MTE flag:
root@debian:~# ./bpf-test
[ 111.263874] bpf_map_write_active_inc: map=9 writecnt=1
[ 111.288763] bpf_map_release: map=9 writecnt=1
Without PROT_MTE flag:
root@debian:~# ./bpf-test
[ 157.816912] bpf_map_write_active_inc: map=10 writecnt=1
[ 157.830442] bpf_map_write_active_dec: map=10 writecnt=0
[ 157.832396] bpf_map_release: map=10 writecnt=0
This patch fixes the above issue by calling vm_ops->close() when the
arch_validate_flags() check fails, after this we can proceed to unmap and
free the vma on the error path.
Link: https://lkml.kernel.org/r/20220930003844.1210987-1-cmllamas@google.com
Fixes: c462ac288f2c ("mm: Introduce arch_validate_flags()")
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Liam Howlett <liam.howlett@oracle.com>
Cc: Christian Brauner (Microsoft) <brauner@kernel.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: <stable@vger.kernel.org> [5.10+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mmap.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1797,7 +1797,7 @@ unsigned long mmap_region(struct file *f
if (!arch_validate_flags(vma->vm_flags)) {
error = -EINVAL;
if (file)
- goto unmap_and_free_vma;
+ goto close_and_free_vma;
else
goto free_vma;
}
@@ -1844,6 +1844,9 @@ out:
return addr;
+close_and_free_vma:
+ if (vma->vm_ops && vma->vm_ops->close)
+ vma->vm_ops->close(vma);
unmap_and_free_vma:
fput(vma->vm_file);
vma->vm_file = NULL;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 087/862] xen/gntdev: Prevent leaking grants
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 086/862] mm/mmap: undo ->mmap() when arch_validate_flags() fails Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 088/862] xen/gntdev: Accommodate VMA splitting Greg Kroah-Hartman
` (789 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, M. Vefa Bicakci, Demi Marie Obenour,
Juergen Gross
From: M. Vefa Bicakci <m.v.b@runbox.com>
commit 0991028cd49567d7016d1b224fe0117c35059f86 upstream.
Prior to this commit, if a grant mapping operation failed partially,
some of the entries in the map_ops array would be invalid, whereas all
of the entries in the kmap_ops array would be valid. This in turn would
cause the following logic in gntdev_map_grant_pages to become invalid:
for (i = 0; i < map->count; i++) {
if (map->map_ops[i].status == GNTST_okay) {
map->unmap_ops[i].handle = map->map_ops[i].handle;
if (!use_ptemod)
alloced++;
}
if (use_ptemod) {
if (map->kmap_ops[i].status == GNTST_okay) {
if (map->map_ops[i].status == GNTST_okay)
alloced++;
map->kunmap_ops[i].handle = map->kmap_ops[i].handle;
}
}
}
...
atomic_add(alloced, &map->live_grants);
Assume that use_ptemod is true (i.e., the domain mapping the granted
pages is a paravirtualized domain). In the code excerpt above, note that
the "alloced" variable is only incremented when both kmap_ops[i].status
and map_ops[i].status are set to GNTST_okay (i.e., both mapping
operations are successful). However, as also noted above, there are
cases where a grant mapping operation fails partially, breaking the
assumption of the code excerpt above.
The aforementioned causes map->live_grants to be incorrectly set. In
some cases, all of the map_ops mappings fail, but all of the kmap_ops
mappings succeed, meaning that live_grants may remain zero. This in turn
makes it impossible to unmap the successfully grant-mapped pages pointed
to by kmap_ops, because unmap_grant_pages has the following snippet of
code at its beginning:
if (atomic_read(&map->live_grants) == 0)
return; /* Nothing to do */
In other cases where only some of the map_ops mappings fail but all
kmap_ops mappings succeed, live_grants is made positive, but when the
user requests unmapping the grant-mapped pages, __unmap_grant_pages_done
will then make map->live_grants negative, because the latter function
does not check if all of the pages that were requested to be unmapped
were actually unmapped, and the same function unconditionally subtracts
"data->count" (i.e., a value that can be greater than map->live_grants)
from map->live_grants. The side effects of a negative live_grants value
have not been studied.
The net effect of all of this is that grant references are leaked in one
of the above conditions. In Qubes OS v4.1 (which uses Xen's grant
mechanism extensively for X11 GUI isolation), this issue manifests
itself with warning messages like the following to be printed out by the
Linux kernel in the VM that had granted pages (that contain X11 GUI
window data) to dom0: "g.e. 0x1234 still pending", especially after the
user rapidly resizes GUI VM windows (causing some grant-mapping
operations to partially or completely fail, due to the fact that the VM
unshares some of the pages as part of the window resizing, making the
pages impossible to grant-map from dom0).
The fix for this issue involves counting all successful map_ops and
kmap_ops mappings separately, and then adding the sum to live_grants.
During unmapping, only the number of successfully unmapped grants is
subtracted from live_grants. The code is also modified to check for
negative live_grants values after the subtraction and warn the user.
Link: https://github.com/QubesOS/qubes-issues/issues/7631
Fixes: dbe97cff7dd9 ("xen/gntdev: Avoid blocking in unmap_grant_pages()")
Cc: stable@vger.kernel.org
Signed-off-by: M. Vefa Bicakci <m.v.b@runbox.com>
Acked-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20221002222006.2077-2-m.v.b@runbox.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/gntdev.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -367,8 +367,7 @@ int gntdev_map_grant_pages(struct gntdev
for (i = 0; i < map->count; i++) {
if (map->map_ops[i].status == GNTST_okay) {
map->unmap_ops[i].handle = map->map_ops[i].handle;
- if (!use_ptemod)
- alloced++;
+ alloced++;
} else if (!err)
err = -EINVAL;
@@ -377,8 +376,7 @@ int gntdev_map_grant_pages(struct gntdev
if (use_ptemod) {
if (map->kmap_ops[i].status == GNTST_okay) {
- if (map->map_ops[i].status == GNTST_okay)
- alloced++;
+ alloced++;
map->kunmap_ops[i].handle = map->kmap_ops[i].handle;
} else if (!err)
err = -EINVAL;
@@ -394,8 +392,14 @@ static void __unmap_grant_pages_done(int
unsigned int i;
struct gntdev_grant_map *map = data->data;
unsigned int offset = data->unmap_ops - map->unmap_ops;
+ int successful_unmaps = 0;
+ int live_grants;
for (i = 0; i < data->count; i++) {
+ if (map->unmap_ops[offset + i].status == GNTST_okay &&
+ map->unmap_ops[offset + i].handle != INVALID_GRANT_HANDLE)
+ successful_unmaps++;
+
WARN_ON(map->unmap_ops[offset + i].status != GNTST_okay &&
map->unmap_ops[offset + i].handle != INVALID_GRANT_HANDLE);
pr_debug("unmap handle=%d st=%d\n",
@@ -403,6 +407,10 @@ static void __unmap_grant_pages_done(int
map->unmap_ops[offset+i].status);
map->unmap_ops[offset+i].handle = INVALID_GRANT_HANDLE;
if (use_ptemod) {
+ if (map->kunmap_ops[offset + i].status == GNTST_okay &&
+ map->kunmap_ops[offset + i].handle != INVALID_GRANT_HANDLE)
+ successful_unmaps++;
+
WARN_ON(map->kunmap_ops[offset + i].status != GNTST_okay &&
map->kunmap_ops[offset + i].handle != INVALID_GRANT_HANDLE);
pr_debug("kunmap handle=%u st=%d\n",
@@ -411,11 +419,15 @@ static void __unmap_grant_pages_done(int
map->kunmap_ops[offset+i].handle = INVALID_GRANT_HANDLE;
}
}
+
/*
* Decrease the live-grant counter. This must happen after the loop to
* prevent premature reuse of the grants by gnttab_mmap().
*/
- atomic_sub(data->count, &map->live_grants);
+ live_grants = atomic_sub_return(successful_unmaps, &map->live_grants);
+ if (WARN_ON(live_grants < 0))
+ pr_err("%s: live_grants became negative (%d) after unmapping %d pages!\n",
+ __func__, live_grants, successful_unmaps);
/* Release reference taken by __unmap_grant_pages */
gntdev_put_map(NULL, map);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 088/862] xen/gntdev: Accommodate VMA splitting
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 087/862] xen/gntdev: Prevent leaking grants Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 089/862] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge Greg Kroah-Hartman
` (788 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, M. Vefa Bicakci, Juergen Gross
From: M. Vefa Bicakci <m.v.b@runbox.com>
commit 5c13a4a0291b30191eff9ead8d010e1ca43a4d0c upstream.
Prior to this commit, the gntdev driver code did not handle the
following scenario correctly with paravirtualized (PV) Xen domains:
* User process sets up a gntdev mapping composed of two grant mappings
(i.e., two pages shared by another Xen domain).
* User process munmap()s one of the pages.
* User process munmap()s the remaining page.
* User process exits.
In the scenario above, the user process would cause the kernel to log
the following messages in dmesg for the first munmap(), and the second
munmap() call would result in similar log messages:
BUG: Bad page map in process doublemap.test pte:... pmd:...
page:0000000057c97bff refcount:1 mapcount:-1 \
mapping:0000000000000000 index:0x0 pfn:...
...
page dumped because: bad pte
...
file:gntdev fault:0x0 mmap:gntdev_mmap [xen_gntdev] readpage:0x0
...
Call Trace:
<TASK>
dump_stack_lvl+0x46/0x5e
print_bad_pte.cold+0x66/0xb6
unmap_page_range+0x7e5/0xdc0
unmap_vmas+0x78/0xf0
unmap_region+0xa8/0x110
__do_munmap+0x1ea/0x4e0
__vm_munmap+0x75/0x120
__x64_sys_munmap+0x28/0x40
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x61/0xcb
...
For each munmap() call, the Xen hypervisor (if built with CONFIG_DEBUG)
would print out the following and trigger a general protection fault in
the affected Xen PV domain:
(XEN) d0v... Attempt to implicitly unmap d0's grant PTE ...
(XEN) d0v... Attempt to implicitly unmap d0's grant PTE ...
As of this writing, gntdev_grant_map structure's vma field (referred to
as map->vma below) is mainly used for checking the start and end
addresses of mappings. However, with split VMAs, these may change, and
there could be more than one VMA associated with a gntdev mapping.
Hence, remove the use of map->vma and rely on map->pages_vm_start for
the original start address and on (map->count << PAGE_SHIFT) for the
original mapping size. Let the invalidate() and find_special_page()
hooks use these.
Also, given that there can be multiple VMAs associated with a gntdev
mapping, move the "mmu_interval_notifier_remove(&map->notifier)" call to
the end of gntdev_put_map, so that the MMU notifier is only removed
after the closing of the last remaining VMA.
Finally, use an atomic to prevent inadvertent gntdev mapping re-use,
instead of using the map->live_grants atomic counter and/or the map->vma
pointer (the latter of which is now removed). This prevents the
userspace from mmap()'ing (with MAP_FIXED) a gntdev mapping over the
same address range as a previously set up gntdev mapping. This scenario
can be summarized with the following call-trace, which was valid prior
to this commit:
mmap
gntdev_mmap
mmap (repeat mmap with MAP_FIXED over the same address range)
gntdev_invalidate
unmap_grant_pages (sets 'being_removed' entries to true)
gnttab_unmap_refs_async
unmap_single_vma
gntdev_mmap (maps the shared pages again)
munmap
gntdev_invalidate
unmap_grant_pages
(no-op because 'being_removed' entries are true)
unmap_single_vma (For PV domains, Xen reports that a granted page
is being unmapped and triggers a general protection fault in the
affected domain, if Xen was built with CONFIG_DEBUG)
The fix for this last scenario could be worth its own commit, but we
opted for a single commit, because removing the gntdev_grant_map
structure's vma field requires guarding the entry to gntdev_mmap(), and
the live_grants atomic counter is not sufficient on its own to prevent
the mmap() over a pre-existing mapping.
Link: https://github.com/QubesOS/qubes-issues/issues/7631
Fixes: ab31523c2fca ("xen/gntdev: allow usermode to map granted pages")
Cc: stable@vger.kernel.org
Signed-off-by: M. Vefa Bicakci <m.v.b@runbox.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20221002222006.2077-3-m.v.b@runbox.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/gntdev-common.h | 3 +-
drivers/xen/gntdev.c | 58 ++++++++++++++++++--------------------------
2 files changed, 27 insertions(+), 34 deletions(-)
--- a/drivers/xen/gntdev-common.h
+++ b/drivers/xen/gntdev-common.h
@@ -44,9 +44,10 @@ struct gntdev_unmap_notify {
};
struct gntdev_grant_map {
+ atomic_t in_use;
struct mmu_interval_notifier notifier;
+ bool notifier_init;
struct list_head next;
- struct vm_area_struct *vma;
int index;
int count;
int flags;
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -286,6 +286,9 @@ void gntdev_put_map(struct gntdev_priv *
*/
}
+ if (use_ptemod && map->notifier_init)
+ mmu_interval_notifier_remove(&map->notifier);
+
if (map->notify.flags & UNMAP_NOTIFY_SEND_EVENT) {
notify_remote_via_evtchn(map->notify.event);
evtchn_put(map->notify.event);
@@ -298,7 +301,7 @@ void gntdev_put_map(struct gntdev_priv *
static int find_grant_ptes(pte_t *pte, unsigned long addr, void *data)
{
struct gntdev_grant_map *map = data;
- unsigned int pgnr = (addr - map->vma->vm_start) >> PAGE_SHIFT;
+ unsigned int pgnr = (addr - map->pages_vm_start) >> PAGE_SHIFT;
int flags = map->flags | GNTMAP_application_map | GNTMAP_contains_pte |
(1 << _GNTMAP_guest_avail0);
u64 pte_maddr;
@@ -508,11 +511,7 @@ static void gntdev_vma_close(struct vm_a
struct gntdev_priv *priv = file->private_data;
pr_debug("gntdev_vma_close %p\n", vma);
- if (use_ptemod) {
- WARN_ON(map->vma != vma);
- mmu_interval_notifier_remove(&map->notifier);
- map->vma = NULL;
- }
+
vma->vm_private_data = NULL;
gntdev_put_map(priv, map);
}
@@ -540,29 +539,30 @@ static bool gntdev_invalidate(struct mmu
struct gntdev_grant_map *map =
container_of(mn, struct gntdev_grant_map, notifier);
unsigned long mstart, mend;
+ unsigned long map_start, map_end;
if (!mmu_notifier_range_blockable(range))
return false;
+ map_start = map->pages_vm_start;
+ map_end = map->pages_vm_start + (map->count << PAGE_SHIFT);
+
/*
* If the VMA is split or otherwise changed the notifier is not
* updated, but we don't want to process VA's outside the modified
* VMA. FIXME: It would be much more understandable to just prevent
* modifying the VMA in the first place.
*/
- if (map->vma->vm_start >= range->end ||
- map->vma->vm_end <= range->start)
+ if (map_start >= range->end || map_end <= range->start)
return true;
- mstart = max(range->start, map->vma->vm_start);
- mend = min(range->end, map->vma->vm_end);
+ mstart = max(range->start, map_start);
+ mend = min(range->end, map_end);
pr_debug("map %d+%d (%lx %lx), range %lx %lx, mrange %lx %lx\n",
- map->index, map->count,
- map->vma->vm_start, map->vma->vm_end,
- range->start, range->end, mstart, mend);
- unmap_grant_pages(map,
- (mstart - map->vma->vm_start) >> PAGE_SHIFT,
- (mend - mstart) >> PAGE_SHIFT);
+ map->index, map->count, map_start, map_end,
+ range->start, range->end, mstart, mend);
+ unmap_grant_pages(map, (mstart - map_start) >> PAGE_SHIFT,
+ (mend - mstart) >> PAGE_SHIFT);
return true;
}
@@ -1042,18 +1042,15 @@ static int gntdev_mmap(struct file *flip
return -EINVAL;
pr_debug("map %d+%d at %lx (pgoff %lx)\n",
- index, count, vma->vm_start, vma->vm_pgoff);
+ index, count, vma->vm_start, vma->vm_pgoff);
mutex_lock(&priv->lock);
map = gntdev_find_map_index(priv, index, count);
if (!map)
goto unlock_out;
- if (use_ptemod && map->vma)
- goto unlock_out;
- if (atomic_read(&map->live_grants)) {
- err = -EAGAIN;
+ if (!atomic_add_unless(&map->in_use, 1, 1))
goto unlock_out;
- }
+
refcount_inc(&map->users);
vma->vm_ops = &gntdev_vmops;
@@ -1074,15 +1071,16 @@ static int gntdev_mmap(struct file *flip
map->flags |= GNTMAP_readonly;
}
+ map->pages_vm_start = vma->vm_start;
+
if (use_ptemod) {
- map->vma = vma;
err = mmu_interval_notifier_insert_locked(
&map->notifier, vma->vm_mm, vma->vm_start,
vma->vm_end - vma->vm_start, &gntdev_mmu_ops);
- if (err) {
- map->vma = NULL;
+ if (err)
goto out_unlock_put;
- }
+
+ map->notifier_init = true;
}
mutex_unlock(&priv->lock);
@@ -1099,7 +1097,6 @@ static int gntdev_mmap(struct file *flip
*/
mmu_interval_read_begin(&map->notifier);
- map->pages_vm_start = vma->vm_start;
err = apply_to_page_range(vma->vm_mm, vma->vm_start,
vma->vm_end - vma->vm_start,
find_grant_ptes, map);
@@ -1128,13 +1125,8 @@ unlock_out:
out_unlock_put:
mutex_unlock(&priv->lock);
out_put_map:
- if (use_ptemod) {
+ if (use_ptemod)
unmap_grant_pages(map, 0, map->count);
- if (map->vma) {
- mmu_interval_notifier_remove(&map->notifier);
- map->vma = NULL;
- }
- }
gntdev_put_map(priv, map);
return err;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 089/862] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 088/862] xen/gntdev: Accommodate VMA splitting Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 090/862] serial: cpm_uart: Dont request IRQ too early for console port Greg Kroah-Hartman
` (787 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Bjorn Helgaas
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 0e32818397426a688f598f35d3bc762eca6d7592 upstream.
When pci_assign_resource() is unable to assign resources to a BAR, it uses
pci_revert_fw_address() to fall back to a firmware assignment (if any).
Previously pci_revert_fw_address() assumed all addresses could reach the
device, but this is not true if the device is below a bridge that only
forwards addresses within its windows.
This problem was observed on a Tyan Tomcat IV S1564D system where the BIOS
did not assign valid addresses to several bridges and USB devices:
pci 0000:00:11.0: PCI-to-PCIe bridge to [bus 01-ff]
pci 0000:00:11.0: bridge window [io 0xe000-0xefff]
pci 0000:01:00.0: PCIe Upstream Port to [bus 02-ff]
pci 0000:01:00.0: bridge window [io 0x0000-0x0fff] # unreachable
pci 0000:02:02.0: PCIe Downstream Port to [bus 05-ff]
pci 0000:02:02.0: bridge window [io 0x0000-0x0fff] # unreachable
pci 0000:05:00.0: PCIe-to-PCI bridge to [bus 06-ff]
pci 0000:05:00.0: bridge window [io 0x0000-0x0fff] # unreachable
pci 0000:06:08.0: USB UHCI 1.1
pci 0000:06:08.0: BAR 4: [io 0xfce0-0xfcff] # unreachable
pci 0000:06:08.1: USB UHCI 1.1
pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] # unreachable
pci 0000:06:08.0: can't claim BAR 4 [io 0xfce0-0xfcff]: no compatible bridge window
pci 0000:06:08.1: can't claim BAR 4 [io 0xfce0-0xfcff]: no compatible bridge window
During the first pass of assigning unassigned resources, there was not
enough I/O space available, so we couldn't assign the 06:08.0 BAR and
reverted to the firmware assignment (still unreachable). Reverting the
06:08.1 assignment failed because it conflicted with 06:08.0:
pci 0000:00:11.0: bridge window [io 0xe000-0xefff]
pci 0000:01:00.0: no space for bridge window [io size 0x2000]
pci 0000:02:02.0: no space for bridge window [io size 0x1000]
pci 0000:05:00.0: no space for bridge window [io size 0x1000]
pci 0000:06:08.0: BAR 4: no space for [io size 0x0020]
pci 0000:06:08.0: BAR 4: trying firmware assignment [io 0xfce0-0xfcff]
pci 0000:06:08.1: BAR 4: no space for [io size 0x0020]
pci 0000:06:08.1: BAR 4: trying firmware assignment [io 0xfce0-0xfcff]
pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] conflicts with 0000:06:08.0 [io 0xfce0-0xfcff]
A subsequent pass assigned valid bridge windows and a valid 06:08.1 BAR,
but left the 06:08.0 BAR alone, so the UHCI device was still unusable:
pci 0000:00:11.0: bridge window [io 0xe000-0xefff] released
pci 0000:00:11.0: bridge window [io 0x1000-0x2fff] # reassigned
pci 0000:01:00.0: bridge window [io 0x1000-0x2fff] # reassigned
pci 0000:02:02.0: bridge window [io 0x2000-0x2fff] # reassigned
pci 0000:05:00.0: bridge window [io 0x2000-0x2fff] # reassigned
pci 0000:06:08.0: BAR 4: assigned [io 0xfce0-0xfcff] # left alone
pci 0000:06:08.1: BAR 4: assigned [io 0x2000-0x201f]
...
uhci_hcd 0000:06:08.0: host system error, PCI problems?
uhci_hcd 0000:06:08.0: host controller process error, something bad happened!
uhci_hcd 0000:06:08.0: host controller halted, very bad!
uhci_hcd 0000:06:08.0: HCRESET not completed yet!
uhci_hcd 0000:06:08.0: HC died; cleaning up
If the address assigned by firmware is not reachable because it's not
within upstream bridge windows, fail instead of assigning the unusable
address from firmware.
[bhelgaas: commit log, use pci_upstream_bridge()]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=16263
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2203012338460.46819@angie.orcam.me.uk
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209211921250.29493@angie.orcam.me.uk
Fixes: 58c84eda0756 ("PCI: fall back to original BIOS BAR addresses")
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org # v2.6.35+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/setup-res.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/pci/setup-res.c
+++ b/drivers/pci/setup-res.c
@@ -214,6 +214,17 @@ static int pci_revert_fw_address(struct
root = pci_find_parent_resource(dev, res);
if (!root) {
+ /*
+ * If dev is behind a bridge, accesses will only reach it
+ * if res is inside the relevant bridge window.
+ */
+ if (pci_upstream_bridge(dev))
+ return -ENXIO;
+
+ /*
+ * On the root bus, assume the host bridge will forward
+ * everything.
+ */
if (res->flags & IORESOURCE_IO)
root = &ioport_resource;
else
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 090/862] serial: cpm_uart: Dont request IRQ too early for console port
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 089/862] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 091/862] serial: stm32: Deassert Transmit Enable on ->rs485_config() Greg Kroah-Hartman
` (786 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe Leroy
From: Christophe Leroy <christophe.leroy@csgroup.eu>
commit 30963b2f75bfdbbcf1cc5d80bf88fec7aaba808d upstream.
The following message is seen during boot and the activation of
console port gets delayed until normal serial ports activation.
[ 0.001346] irq: no irq domain found for pic@930 !
The console port doesn't need irq, perform irq reservation later,
during cpm_uart probe.
While at it, don't use NO_IRQ but 0 which is the value returned
by irq_of_parse_and_map() in case of error. By chance powerpc's
NO_IRQ has value 0 but on some architectures it is -1.
Fixes: 14d893fc6846 ("powerpc/8xx: Convert CPM1 interrupt controller to platform_device")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/r/8bed0f30c2e9ef16ae64fb1243a16d54a48eb8da.1664526717.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/cpm_uart/cpm_uart_core.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
--- a/drivers/tty/serial/cpm_uart/cpm_uart_core.c
+++ b/drivers/tty/serial/cpm_uart/cpm_uart_core.c
@@ -1214,12 +1214,6 @@ static int cpm_uart_init_port(struct dev
pinfo->port.fifosize = pinfo->tx_nrfifos * pinfo->tx_fifosize;
spin_lock_init(&pinfo->port.lock);
- pinfo->port.irq = irq_of_parse_and_map(np, 0);
- if (pinfo->port.irq == NO_IRQ) {
- ret = -EINVAL;
- goto out_pram;
- }
-
for (i = 0; i < NUM_GPIOS; i++) {
struct gpio_desc *gpiod;
@@ -1229,7 +1223,7 @@ static int cpm_uart_init_port(struct dev
if (IS_ERR(gpiod)) {
ret = PTR_ERR(gpiod);
- goto out_irq;
+ goto out_pram;
}
if (gpiod) {
@@ -1255,8 +1249,6 @@ static int cpm_uart_init_port(struct dev
return cpm_uart_request_port(&pinfo->port);
-out_irq:
- irq_dispose_mapping(pinfo->port.irq);
out_pram:
cpm_uart_unmap_pram(pinfo, pram);
out_mem:
@@ -1436,11 +1428,17 @@ static int cpm_uart_probe(struct platfor
/* initialize the device pointer for the port */
pinfo->port.dev = &ofdev->dev;
+ pinfo->port.irq = irq_of_parse_and_map(ofdev->dev.of_node, 0);
+ if (!pinfo->port.irq)
+ return -EINVAL;
+
ret = cpm_uart_init_port(ofdev->dev.of_node, pinfo);
- if (ret)
- return ret;
+ if (!ret)
+ return uart_add_one_port(&cpm_reg, &pinfo->port);
+
+ irq_dispose_mapping(pinfo->port.irq);
- return uart_add_one_port(&cpm_reg, &pinfo->port);
+ return ret;
}
static int cpm_uart_remove(struct platform_device *ofdev)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 091/862] serial: stm32: Deassert Transmit Enable on ->rs485_config()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 090/862] serial: cpm_uart: Dont request IRQ too early for console port Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 092/862] serial: Deassert Transmit Enable on probe in driver-specific way Greg Kroah-Hartman
` (785 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Ilpo Järvinen,
Lukas Wunner
From: Lukas Wunner <lukas@wunner.de>
commit adafbbf6895eb0ce41a313c6ee68870ab9aa93cd upstream.
The STM32 USART can control RS-485 Transmit Enable in hardware. Since
commit 7df5081cbf5e ("serial: stm32: Add RS485 RTS GPIO control"),
it can alternatively be controlled in software. That was done to allow
RS-485 even if the RTS pin is unavailable because it's pinmuxed to a
different function.
However the commit neglected to deassert Transmit Enable upon invocation
of the ->rs485_config() callback. Fix it.
Avoid forward declarations by moving stm32_usart_tx_empty(),
stm32_usart_rs485_rts_enable() and stm32_usart_rs485_rts_disable()
further up in the driver.
Fixes: 7df5081cbf5e ("serial: stm32: Add RS485 RTS GPIO control")
Cc: stable@vger.kernel.org # v5.9+
Cc: Marek Vasut <marex@denx.de>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/6059eab35dba394468335ef640df8b0050fd9dbd.1662886616.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/stm32-usart.c | 100 ++++++++++++++++++++-------------------
1 file changed, 53 insertions(+), 47 deletions(-)
--- a/drivers/tty/serial/stm32-usart.c
+++ b/drivers/tty/serial/stm32-usart.c
@@ -131,6 +131,53 @@ static void stm32_usart_clr_bits(struct
writel_relaxed(val, port->membase + reg);
}
+static unsigned int stm32_usart_tx_empty(struct uart_port *port)
+{
+ struct stm32_port *stm32_port = to_stm32_port(port);
+ const struct stm32_usart_offsets *ofs = &stm32_port->info->ofs;
+
+ if (readl_relaxed(port->membase + ofs->isr) & USART_SR_TC)
+ return TIOCSER_TEMT;
+
+ return 0;
+}
+
+static void stm32_usart_rs485_rts_enable(struct uart_port *port)
+{
+ struct stm32_port *stm32_port = to_stm32_port(port);
+ struct serial_rs485 *rs485conf = &port->rs485;
+
+ if (stm32_port->hw_flow_control ||
+ !(rs485conf->flags & SER_RS485_ENABLED))
+ return;
+
+ if (rs485conf->flags & SER_RS485_RTS_ON_SEND) {
+ mctrl_gpio_set(stm32_port->gpios,
+ stm32_port->port.mctrl | TIOCM_RTS);
+ } else {
+ mctrl_gpio_set(stm32_port->gpios,
+ stm32_port->port.mctrl & ~TIOCM_RTS);
+ }
+}
+
+static void stm32_usart_rs485_rts_disable(struct uart_port *port)
+{
+ struct stm32_port *stm32_port = to_stm32_port(port);
+ struct serial_rs485 *rs485conf = &port->rs485;
+
+ if (stm32_port->hw_flow_control ||
+ !(rs485conf->flags & SER_RS485_ENABLED))
+ return;
+
+ if (rs485conf->flags & SER_RS485_RTS_ON_SEND) {
+ mctrl_gpio_set(stm32_port->gpios,
+ stm32_port->port.mctrl & ~TIOCM_RTS);
+ } else {
+ mctrl_gpio_set(stm32_port->gpios,
+ stm32_port->port.mctrl | TIOCM_RTS);
+ }
+}
+
static void stm32_usart_config_reg_rs485(u32 *cr1, u32 *cr3, u32 delay_ADE,
u32 delay_DDE, u32 baud)
{
@@ -214,6 +261,12 @@ static int stm32_usart_config_rs485(stru
stm32_usart_set_bits(port, ofs->cr1, BIT(cfg->uart_enable_bit));
+ /* Adjust RTS polarity in case it's driven in software */
+ if (stm32_usart_tx_empty(port))
+ stm32_usart_rs485_rts_disable(port);
+ else
+ stm32_usart_rs485_rts_enable(port);
+
return 0;
}
@@ -529,42 +582,6 @@ static void stm32_usart_tc_interrupt_dis
stm32_usart_clr_bits(port, ofs->cr1, USART_CR1_TCIE);
}
-static void stm32_usart_rs485_rts_enable(struct uart_port *port)
-{
- struct stm32_port *stm32_port = to_stm32_port(port);
- struct serial_rs485 *rs485conf = &port->rs485;
-
- if (stm32_port->hw_flow_control ||
- !(rs485conf->flags & SER_RS485_ENABLED))
- return;
-
- if (rs485conf->flags & SER_RS485_RTS_ON_SEND) {
- mctrl_gpio_set(stm32_port->gpios,
- stm32_port->port.mctrl | TIOCM_RTS);
- } else {
- mctrl_gpio_set(stm32_port->gpios,
- stm32_port->port.mctrl & ~TIOCM_RTS);
- }
-}
-
-static void stm32_usart_rs485_rts_disable(struct uart_port *port)
-{
- struct stm32_port *stm32_port = to_stm32_port(port);
- struct serial_rs485 *rs485conf = &port->rs485;
-
- if (stm32_port->hw_flow_control ||
- !(rs485conf->flags & SER_RS485_ENABLED))
- return;
-
- if (rs485conf->flags & SER_RS485_RTS_ON_SEND) {
- mctrl_gpio_set(stm32_port->gpios,
- stm32_port->port.mctrl & ~TIOCM_RTS);
- } else {
- mctrl_gpio_set(stm32_port->gpios,
- stm32_port->port.mctrl | TIOCM_RTS);
- }
-}
-
static void stm32_usart_transmit_chars_pio(struct uart_port *port)
{
struct stm32_port *stm32_port = to_stm32_port(port);
@@ -807,17 +824,6 @@ static irqreturn_t stm32_usart_threaded_
return IRQ_HANDLED;
}
-static unsigned int stm32_usart_tx_empty(struct uart_port *port)
-{
- struct stm32_port *stm32_port = to_stm32_port(port);
- const struct stm32_usart_offsets *ofs = &stm32_port->info->ofs;
-
- if (readl_relaxed(port->membase + ofs->isr) & USART_SR_TC)
- return TIOCSER_TEMT;
-
- return 0;
-}
-
static void stm32_usart_set_mctrl(struct uart_port *port, unsigned int mctrl)
{
struct stm32_port *stm32_port = to_stm32_port(port);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 092/862] serial: Deassert Transmit Enable on probe in driver-specific way
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 091/862] serial: stm32: Deassert Transmit Enable on ->rs485_config() Greg Kroah-Hartman
@ 2022-10-19 8:22 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 093/862] serial: ar933x: Deassert Transmit Enable on ->rs485_config() Greg Kroah-Hartman
` (784 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Schiffer, Roosen Henri,
Ilpo Järvinen, Lukas Wunner
From: Lukas Wunner <lukas@wunner.de>
commit 7c7f9bc986e698873b489c371a08f206979d06b7 upstream.
When a UART port is newly registered, uart_configure_port() seeks to
deassert RS485 Transmit Enable by setting the RTS bit in port->mctrl.
However a number of UART drivers interpret a set RTS bit as *assertion*
instead of deassertion: Affected drivers include those using
serial8250_em485_config() (except 8250_bcm2835aux.c) and some using
mctrl_gpio (e.g. imx.c).
Since the interpretation of the RTS bit is driver-specific, it is not
suitable as a means to centrally deassert Transmit Enable in the serial
core. Instead, the serial core must call on drivers to deassert it in
their driver-specific way. One way to achieve that is to call
->rs485_config(). It implicitly deasserts Transmit Enable.
So amend uart_configure_port() and uart_resume_port() to invoke
uart_rs485_config(). That allows removing calls to uart_rs485_config()
from drivers' ->probe() hooks and declaring the function static.
Skip any invocation of ->set_mctrl() if RS485 is enabled. RS485 has no
hardware flow control, so the modem control lines are irrelevant and
need not be touched. When leaving RS485 mode, reset the modem control
lines to the state stored in port->mctrl. That way, UARTs which are
muxed between RS485 and RS232 transceivers drive the lines correctly
when switched to RS232. (serial8250_do_startup() historically raises
the OUT1 modem signal because otherwise interrupts are not signaled on
ancient PC UARTs, but I believe that no longer applies to modern,
RS485-capable UARTs and is thus safe to be skipped.)
imx.c modifies port->mctrl whenever Transmit Enable is asserted and
deasserted. Stop it from doing that so port->mctrl reflects the RS232
line state.
8250_omap.c deasserts Transmit Enable on ->runtime_resume() by calling
->set_mctrl(). Because that is now a no-op in RS485 mode, amend the
function to call serial8250_em485_stop_tx().
fsl_lpuart.c retrieves and applies the RS485 device tree properties
after registering the UART port. Because applying now happens on
registration in uart_configure_port(), move retrieval of the properties
ahead of uart_add_one_port().
Link: https://lore.kernel.org/all/20220329085050.311408-1-matthias.schiffer@ew.tq-group.com/
Link: https://lore.kernel.org/all/8f538a8903795f22f9acc94a9a31b03c9c4ccacb.camel@ginzinger.com/
Fixes: d3b3404df318 ("serial: Fix incorrect rs485 polarity on uart open")
Cc: stable@vger.kernel.org # v4.14+
Reported-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reported-by: Roosen Henri <Henri.Roosen@ginzinger.com>
Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/2de36eba3fbe11278d5002e4e501afe0ceaca039.1663863805.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_omap.c | 3 +++
drivers/tty/serial/8250/8250_pci.c | 9 +--------
drivers/tty/serial/8250/8250_port.c | 12 +++++++-----
drivers/tty/serial/fsl_lpuart.c | 10 ++++------
drivers/tty/serial/imx.c | 8 ++------
drivers/tty/serial/serial_core.c | 36 ++++++++++++++++++++----------------
include/linux/serial_core.h | 1 -
7 files changed, 37 insertions(+), 42 deletions(-)
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -342,6 +342,9 @@ static void omap8250_restore_regs(struct
omap8250_update_mdr1(up, priv);
up->port.ops->set_mctrl(&up->port, up->port.mctrl);
+
+ if (up->port.rs485.flags & SER_RS485_ENABLED)
+ serial8250_em485_stop_tx(up);
}
/*
--- a/drivers/tty/serial/8250/8250_pci.c
+++ b/drivers/tty/serial/8250/8250_pci.c
@@ -1627,7 +1627,6 @@ static int pci_fintek_init(struct pci_de
resource_size_t bar_data[3];
u8 config_base;
struct serial_private *priv = pci_get_drvdata(dev);
- struct uart_8250_port *port;
if (!(pci_resource_flags(dev, 5) & IORESOURCE_IO) ||
!(pci_resource_flags(dev, 4) & IORESOURCE_IO) ||
@@ -1674,13 +1673,7 @@ static int pci_fintek_init(struct pci_de
pci_write_config_byte(dev, config_base + 0x06, dev->irq);
- if (priv) {
- /* re-apply RS232/485 mode when
- * pciserial_resume_ports()
- */
- port = serial8250_get_port(priv->line[i]);
- uart_rs485_config(&port->port);
- } else {
+ if (!priv) {
/* First init without port data
* force init to RS232 Mode
*/
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -600,7 +600,7 @@ EXPORT_SYMBOL_GPL(serial8250_rpm_put);
static int serial8250_em485_init(struct uart_8250_port *p)
{
if (p->em485)
- return 0;
+ goto deassert_rts;
p->em485 = kmalloc(sizeof(struct uart_8250_em485), GFP_ATOMIC);
if (!p->em485)
@@ -616,7 +616,9 @@ static int serial8250_em485_init(struct
p->em485->active_timer = NULL;
p->em485->tx_stopped = true;
- p->rs485_stop_tx(p);
+deassert_rts:
+ if (p->em485->tx_stopped)
+ p->rs485_stop_tx(p);
return 0;
}
@@ -2042,6 +2044,9 @@ EXPORT_SYMBOL_GPL(serial8250_do_set_mctr
static void serial8250_set_mctrl(struct uart_port *port, unsigned int mctrl)
{
+ if (port->rs485.flags & SER_RS485_ENABLED)
+ return;
+
if (port->set_mctrl)
port->set_mctrl(port, mctrl);
else
@@ -3187,9 +3192,6 @@ static void serial8250_config_port(struc
if (flags & UART_CONFIG_TYPE)
autoconfig(up);
- if (port->rs485.flags & SER_RS485_ENABLED)
- uart_rs485_config(port);
-
/* if access method is AU, it is a 16550 with a quirk */
if (port->type == PORT_16550A && port->iotype == UPIO_AU)
up->bugs |= UART_BUG_NOMSR;
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -2729,15 +2729,13 @@ static int lpuart_probe(struct platform_
if (ret)
goto failed_reset;
- ret = uart_add_one_port(&lpuart_reg, &sport->port);
- if (ret)
- goto failed_attach_port;
-
ret = uart_get_rs485_mode(&sport->port);
if (ret)
goto failed_get_rs485;
- uart_rs485_config(&sport->port);
+ ret = uart_add_one_port(&lpuart_reg, &sport->port);
+ if (ret)
+ goto failed_attach_port;
ret = devm_request_irq(&pdev->dev, sport->port.irq, handler, 0,
DRIVER_NAME, sport);
@@ -2747,9 +2745,9 @@ static int lpuart_probe(struct platform_
return 0;
failed_irq_request:
-failed_get_rs485:
uart_remove_one_port(&lpuart_reg, &sport->port);
failed_attach_port:
+failed_get_rs485:
failed_reset:
lpuart_disable_clks(sport);
return ret;
--- a/drivers/tty/serial/imx.c
+++ b/drivers/tty/serial/imx.c
@@ -380,8 +380,7 @@ static void imx_uart_rts_active(struct i
{
*ucr2 &= ~(UCR2_CTSC | UCR2_CTS);
- sport->port.mctrl |= TIOCM_RTS;
- mctrl_gpio_set(sport->gpios, sport->port.mctrl);
+ mctrl_gpio_set(sport->gpios, sport->port.mctrl | TIOCM_RTS);
}
/* called with port.lock taken and irqs caller dependent */
@@ -390,8 +389,7 @@ static void imx_uart_rts_inactive(struct
*ucr2 &= ~UCR2_CTSC;
*ucr2 |= UCR2_CTS;
- sport->port.mctrl &= ~TIOCM_RTS;
- mctrl_gpio_set(sport->gpios, sport->port.mctrl);
+ mctrl_gpio_set(sport->gpios, sport->port.mctrl & ~TIOCM_RTS);
}
static void start_hrtimer_ms(struct hrtimer *hrt, unsigned long msec)
@@ -2347,8 +2345,6 @@ static int imx_uart_probe(struct platfor
dev_err(&pdev->dev,
"low-active RTS not possible when receiver is off, enabling receiver\n");
- uart_rs485_config(&sport->port);
-
/* Disable interrupts before requesting them */
ucr1 = imx_uart_readl(sport, UCR1);
ucr1 &= ~(UCR1_ADEN | UCR1_TRDYEN | UCR1_IDEN | UCR1_RRDYEN | UCR1_RTSDEN);
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -158,15 +158,10 @@ uart_update_mctrl(struct uart_port *port
unsigned long flags;
unsigned int old;
- if (port->rs485.flags & SER_RS485_ENABLED) {
- set &= ~TIOCM_RTS;
- clear &= ~TIOCM_RTS;
- }
-
spin_lock_irqsave(&port->lock, flags);
old = port->mctrl;
port->mctrl = (old & ~clear) | set;
- if (old != port->mctrl)
+ if (old != port->mctrl && !(port->rs485.flags & SER_RS485_ENABLED))
port->ops->set_mctrl(port, port->mctrl);
spin_unlock_irqrestore(&port->lock, flags);
}
@@ -1391,7 +1386,7 @@ static void uart_set_rs485_termination(s
!!(rs485->flags & SER_RS485_TERMINATE_BUS));
}
-int uart_rs485_config(struct uart_port *port)
+static int uart_rs485_config(struct uart_port *port)
{
struct serial_rs485 *rs485 = &port->rs485;
int ret;
@@ -1405,7 +1400,6 @@ int uart_rs485_config(struct uart_port *
return ret;
}
-EXPORT_SYMBOL_GPL(uart_rs485_config);
static int uart_get_rs485_config(struct uart_port *port,
struct serial_rs485 __user *rs485)
@@ -1444,8 +1438,13 @@ static int uart_set_rs485_config(struct
spin_lock_irqsave(&port->lock, flags);
ret = port->rs485_config(port, &tty->termios, &rs485);
- if (!ret)
+ if (!ret) {
port->rs485 = rs485;
+
+ /* Reset RTS and other mctrl lines when disabling RS485 */
+ if (!(rs485.flags & SER_RS485_ENABLED))
+ port->ops->set_mctrl(port, port->mctrl);
+ }
spin_unlock_irqrestore(&port->lock, flags);
if (ret)
return ret;
@@ -2352,7 +2351,8 @@ int uart_suspend_port(struct uart_driver
spin_lock_irq(&uport->lock);
ops->stop_tx(uport);
- ops->set_mctrl(uport, 0);
+ if (!(uport->rs485.flags & SER_RS485_ENABLED))
+ ops->set_mctrl(uport, 0);
/* save mctrl so it can be restored on resume */
mctrl = uport->mctrl;
uport->mctrl = 0;
@@ -2440,7 +2440,8 @@ int uart_resume_port(struct uart_driver
uart_change_pm(state, UART_PM_STATE_ON);
spin_lock_irq(&uport->lock);
- ops->set_mctrl(uport, 0);
+ if (!(uport->rs485.flags & SER_RS485_ENABLED))
+ ops->set_mctrl(uport, 0);
spin_unlock_irq(&uport->lock);
if (console_suspend_enabled || !uart_console(uport)) {
/* Protected by port mutex for now */
@@ -2451,7 +2452,10 @@ int uart_resume_port(struct uart_driver
if (tty)
uart_change_speed(tty, state, NULL);
spin_lock_irq(&uport->lock);
- ops->set_mctrl(uport, uport->mctrl);
+ if (!(uport->rs485.flags & SER_RS485_ENABLED))
+ ops->set_mctrl(uport, uport->mctrl);
+ else
+ uart_rs485_config(uport);
ops->start_tx(uport);
spin_unlock_irq(&uport->lock);
tty_port_set_initialized(port, 1);
@@ -2558,10 +2562,10 @@ uart_configure_port(struct uart_driver *
*/
spin_lock_irqsave(&port->lock, flags);
port->mctrl &= TIOCM_DTR;
- if (port->rs485.flags & SER_RS485_ENABLED &&
- !(port->rs485.flags & SER_RS485_RTS_AFTER_SEND))
- port->mctrl |= TIOCM_RTS;
- port->ops->set_mctrl(port, port->mctrl);
+ if (!(port->rs485.flags & SER_RS485_ENABLED))
+ port->ops->set_mctrl(port, port->mctrl);
+ else
+ uart_rs485_config(port);
spin_unlock_irqrestore(&port->lock, flags);
/*
--- a/include/linux/serial_core.h
+++ b/include/linux/serial_core.h
@@ -950,5 +950,4 @@ static inline int uart_handle_break(stru
!((cflag) & CLOCAL))
int uart_get_rs485_mode(struct uart_port *port);
-int uart_rs485_config(struct uart_port *port);
#endif /* LINUX_SERIAL_CORE_H */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 093/862] serial: ar933x: Deassert Transmit Enable on ->rs485_config()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-10-19 8:22 ` [PATCH 6.0 092/862] serial: Deassert Transmit Enable on probe in driver-specific way Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 094/862] serial: 8250: Let drivers request full 16550A feature probing Greg Kroah-Hartman
` (783 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Golle, Ilpo Järvinen,
Lukas Wunner
From: Lukas Wunner <lukas@wunner.de>
commit 3a939433ddc1bab98be028903aaa286e5e7461d7 upstream.
The ar933x_uart driver neglects to deassert Transmit Enable when
->rs485_config() is invoked. Fix it.
Fixes: 9be1064fe524 ("serial: ar933x_uart: add RS485 support")
Cc: stable@vger.kernel.org # v5.7+
Cc: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/5b36af26e57553f084334666e7d24c7fd131a01e.1662887231.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/ar933x_uart.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/tty/serial/ar933x_uart.c
+++ b/drivers/tty/serial/ar933x_uart.c
@@ -583,6 +583,13 @@ static const struct uart_ops ar933x_uart
static int ar933x_config_rs485(struct uart_port *port, struct ktermios *termios,
struct serial_rs485 *rs485conf)
{
+ struct ar933x_uart_port *up =
+ container_of(port, struct ar933x_uart_port, port);
+
+ if (port->rs485.flags & SER_RS485_ENABLED)
+ gpiod_set_value(up->rts_gpiod,
+ !!(rs485conf->flags & SER_RS485_RTS_AFTER_SEND));
+
return 0;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 094/862] serial: 8250: Let drivers request full 16550A feature probing
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 093/862] serial: ar933x: Deassert Transmit Enable on ->rs485_config() Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 095/862] serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices Greg Kroah-Hartman
` (782 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anders Blomdell, Maciej W. Rozycki
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 9906890c89e4dbd900ed87ad3040080339a7f411 upstream.
A SERIAL_8250_16550A_VARIANTS configuration option has been recently
defined that lets one request the 8250 driver not to probe for 16550A
device features so as to reduce the driver's device startup time in
virtual machines.
Some actual hardware devices require these features to have been fully
determined however for their driver to work correctly, so define a flag
to let drivers request full 16550A feature probing on a device-by-device
basis if required regardless of the SERIAL_8250_16550A_VARIANTS option
setting chosen.
Fixes: dc56ecb81a0a ("serial: 8250: Support disabling mdelay-filled probes of 16550A variants")
Cc: stable@vger.kernel.org # v5.6+
Reported-by: Anders Blomdell <anders.blomdell@control.lth.se>
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209202357520.41633@angie.orcam.me.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_port.c | 3 ++-
include/linux/serial_core.h | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1023,7 +1023,8 @@ static void autoconfig_16550a(struct uar
up->port.type = PORT_16550A;
up->capabilities |= UART_CAP_FIFO;
- if (!IS_ENABLED(CONFIG_SERIAL_8250_16550A_VARIANTS))
+ if (!IS_ENABLED(CONFIG_SERIAL_8250_16550A_VARIANTS) &&
+ !(up->port.flags & UPF_FULL_PROBE))
return;
/*
--- a/include/linux/serial_core.h
+++ b/include/linux/serial_core.h
@@ -422,7 +422,7 @@ struct uart_icount {
__u32 buf_overrun;
};
-typedef unsigned int __bitwise upf_t;
+typedef u64 __bitwise upf_t;
typedef unsigned int __bitwise upstat_t;
struct uart_port {
@@ -530,6 +530,7 @@ struct uart_port {
#define UPF_FIXED_PORT ((__force upf_t) (1 << 29))
#define UPF_DEAD ((__force upf_t) (1 << 30))
#define UPF_IOREMAP ((__force upf_t) (1 << 31))
+#define UPF_FULL_PROBE ((__force upf_t) (1ULL << 32))
#define __UPF_CHANGE_MASK 0x17fff
#define UPF_CHANGE_MASK ((__force upf_t) __UPF_CHANGE_MASK)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 095/862] serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 094/862] serial: 8250: Let drivers request full 16550A feature probing Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 096/862] NFSD: Protect against send buffer overflow in NFSv3 READDIR Greg Kroah-Hartman
` (781 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anders Blomdell, Maciej W. Rozycki
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 00b7a4d4ee42be1c515e56cb1e8ba0f25e271d8e upstream.
Oxford Semiconductor PCIe (Tornado) 950 serial port devices need to
operate in the enhanced mode via the EFR register for the Divide-by-M
N/8 baud rate generator prescaler to be used in their native UART mode.
Otherwise the prescaler is fixed at 1 causing grossly incorrect baud
rates to be programmed.
Accessing the EFR register requires 16550A features to have been probed
for, so request this to happen regardless of SERIAL_8250_16550A_VARIANTS
by setting UPF_FULL_PROBE in port flags.
Fixes: 366f6c955d4d ("serial: 8250: Add proper clock handling for OxSemi PCIe devices")
Cc: stable@vger.kernel.org # v5.19+
Reported-by: Anders Blomdell <anders.blomdell@control.lth.se>
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209210005040.41633@angie.orcam.me.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_pci.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/tty/serial/8250/8250_pci.c
+++ b/drivers/tty/serial/8250/8250_pci.c
@@ -1232,6 +1232,10 @@ static void pci_oxsemi_tornado_set_mctrl
serial8250_do_set_mctrl(port, mctrl);
}
+/*
+ * We require EFR features for clock programming, so set UPF_FULL_PROBE
+ * for full probing regardless of CONFIG_SERIAL_8250_16550A_VARIANTS setting.
+ */
static int pci_oxsemi_tornado_setup(struct serial_private *priv,
const struct pciserial_board *board,
struct uart_8250_port *up, int idx)
@@ -1239,6 +1243,7 @@ static int pci_oxsemi_tornado_setup(stru
struct pci_dev *dev = priv->dev;
if (pci_oxsemi_tornado_p(dev)) {
+ up->port.flags |= UPF_FULL_PROBE;
up->port.get_divisor = pci_oxsemi_tornado_get_divisor;
up->port.set_divisor = pci_oxsemi_tornado_set_divisor;
up->port.set_mctrl = pci_oxsemi_tornado_set_mctrl;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 096/862] NFSD: Protect against send buffer overflow in NFSv3 READDIR
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 095/862] serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 097/862] NFSD: Protect against send buffer overflow in NFSv2 READ Greg Kroah-Hartman
` (780 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Ronallo, Chuck Lever, Jeff Layton
From: Chuck Lever <chuck.lever@oracle.com>
commit 640f87c190e0d1b2a0fcb2ecf6d2cd53b1c41991 upstream.
Since before the git era, NFSD has conserved the number of pages
held by each nfsd thread by combining the RPC receive and send
buffers into a single array of pages. This works because there are
no cases where an operation needs a large RPC Call message and a
large RPC Reply message at the same time.
Once an RPC Call has been received, svc_process() updates
svc_rqst::rq_res to describe the part of rq_pages that can be
used for constructing the Reply. This means that the send buffer
(rq_res) shrinks when the received RPC record containing the RPC
Call is large.
A client can force this shrinkage on TCP by sending a correctly-
formed RPC Call header contained in an RPC record that is
excessively large. The full maximum payload size cannot be
constructed in that case.
Thanks to Aleksi Illikainen and Kari Hulkko for uncovering this
issue.
Reported-by: Ben Ronallo <Benjamin.Ronallo@synopsys.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs3proc.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/fs/nfsd/nfs3proc.c
+++ b/fs/nfsd/nfs3proc.c
@@ -563,13 +563,14 @@ static void nfsd3_init_dirlist_pages(str
{
struct xdr_buf *buf = &resp->dirlist;
struct xdr_stream *xdr = &resp->xdr;
-
- count = clamp(count, (u32)(XDR_UNIT * 2), svc_max_payload(rqstp));
+ unsigned int sendbuf = min_t(unsigned int, rqstp->rq_res.buflen,
+ svc_max_payload(rqstp));
memset(buf, 0, sizeof(*buf));
/* Reserve room for the NULL ptr & eof flag (-2 words) */
- buf->buflen = count - XDR_UNIT * 2;
+ buf->buflen = clamp(count, (u32)(XDR_UNIT * 2), sendbuf);
+ buf->buflen -= XDR_UNIT * 2;
buf->pages = rqstp->rq_next_page;
rqstp->rq_next_page += (buf->buflen + PAGE_SIZE - 1) >> PAGE_SHIFT;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 097/862] NFSD: Protect against send buffer overflow in NFSv2 READ
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 096/862] NFSD: Protect against send buffer overflow in NFSv3 READDIR Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 098/862] NFSD: Protect against send buffer overflow in NFSv3 READ Greg Kroah-Hartman
` (779 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chuck Lever, Jeff Layton
From: Chuck Lever <chuck.lever@oracle.com>
commit 401bc1f90874280a80b93f23be33a0e7e2d1f912 upstream.
Since before the git era, NFSD has conserved the number of pages
held by each nfsd thread by combining the RPC receive and send
buffers into a single array of pages. This works because there are
no cases where an operation needs a large RPC Call message and a
large RPC Reply at the same time.
Once an RPC Call has been received, svc_process() updates
svc_rqst::rq_res to describe the part of rq_pages that can be
used for constructing the Reply. This means that the send buffer
(rq_res) shrinks when the received RPC record containing the RPC
Call is large.
A client can force this shrinkage on TCP by sending a correctly-
formed RPC Call header contained in an RPC record that is
excessively large. The full maximum payload size cannot be
constructed in that case.
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfsproc.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/nfsd/nfsproc.c
+++ b/fs/nfsd/nfsproc.c
@@ -185,6 +185,7 @@ nfsd_proc_read(struct svc_rqst *rqstp)
argp->count, argp->offset);
argp->count = min_t(u32, argp->count, NFSSVC_MAXBLKSIZE_V2);
+ argp->count = min_t(u32, argp->count, rqstp->rq_res.buflen);
v = 0;
len = argp->count;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 098/862] NFSD: Protect against send buffer overflow in NFSv3 READ
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 097/862] NFSD: Protect against send buffer overflow in NFSv2 READ Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 099/862] cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning Greg Kroah-Hartman
` (778 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chuck Lever, Jeff Layton
From: Chuck Lever <chuck.lever@oracle.com>
commit fa6be9cc6e80ec79892ddf08a8c10cabab9baf38 upstream.
Since before the git era, NFSD has conserved the number of pages
held by each nfsd thread by combining the RPC receive and send
buffers into a single array of pages. This works because there are
no cases where an operation needs a large RPC Call message and a
large RPC Reply at the same time.
Once an RPC Call has been received, svc_process() updates
svc_rqst::rq_res to describe the part of rq_pages that can be
used for constructing the Reply. This means that the send buffer
(rq_res) shrinks when the received RPC record containing the RPC
Call is large.
A client can force this shrinkage on TCP by sending a correctly-
formed RPC Call header contained in an RPC record that is
excessively large. The full maximum payload size cannot be
constructed in that case.
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs3proc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/nfsd/nfs3proc.c
+++ b/fs/nfsd/nfs3proc.c
@@ -150,7 +150,6 @@ nfsd3_proc_read(struct svc_rqst *rqstp)
{
struct nfsd3_readargs *argp = rqstp->rq_argp;
struct nfsd3_readres *resp = rqstp->rq_resp;
- u32 max_blocksize = svc_max_payload(rqstp);
unsigned int len;
int v;
@@ -159,7 +158,8 @@ nfsd3_proc_read(struct svc_rqst *rqstp)
(unsigned long) argp->count,
(unsigned long long) argp->offset);
- argp->count = min_t(u32, argp->count, max_blocksize);
+ argp->count = min_t(u32, argp->count, svc_max_payload(rqstp));
+ argp->count = min_t(u32, argp->count, rqstp->rq_res.buflen);
if (argp->offset > (u64)OFFSET_MAX)
argp->offset = (u64)OFFSET_MAX;
if (argp->offset + argp->count > (u64)OFFSET_MAX)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 099/862] cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 098/862] NFSD: Protect against send buffer overflow in NFSv3 READ Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 100/862] LoadPin: Fix Kconfig doc about format of file with verity digests Greg Kroah-Hartman
` (777 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Neil Armstrong, Viresh Kumar
From: Viresh Kumar <viresh.kumar@linaro.org>
commit 91dc90fdb8b8199519a3aac9c46a433b02223c5b upstream.
Commit 6240aaad75e1 was supposed to drop the reference count to the OPP,
instead it avoided more stuff if the OPP isn't found. This isn't
entirely correct. We already have a frequency value available, we just
couldn't align it with an OPP in case of IS_ERR(opp).
Lets continue with updating thermal pressure, etc, even if we aren't
able to find an OPP here.
This fixes warning generated by the 'smatch' tool.
Fixes: 6240aaad75e1 ("cpufreq: qcom-hw: fix the opp entries refcounting")
Cc: v5.18+ <stable@vger.kernel.org> # v5.18+
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cpufreq/qcom-cpufreq-hw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/cpufreq/qcom-cpufreq-hw.c
+++ b/drivers/cpufreq/qcom-cpufreq-hw.c
@@ -316,14 +316,14 @@ static void qcom_lmh_dcvs_notify(struct
if (IS_ERR(opp)) {
dev_warn(dev, "Can't find the OPP for throttling: %pe!\n", opp);
} else {
- throttled_freq = freq_hz / HZ_PER_KHZ;
-
- /* Update thermal pressure (the boost frequencies are accepted) */
- arch_update_thermal_pressure(policy->related_cpus, throttled_freq);
-
dev_pm_opp_put(opp);
}
+ throttled_freq = freq_hz / HZ_PER_KHZ;
+
+ /* Update thermal pressure (the boost frequencies are accepted) */
+ arch_update_thermal_pressure(policy->related_cpus, throttled_freq);
+
/*
* In the unlikely case policy is unregistered do not enable
* polling or h/w interrupt
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 100/862] LoadPin: Fix Kconfig doc about format of file with verity digests
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 099/862] cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 101/862] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
` (776 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jae Hoon Kim, Matthias Kaehlcke, Kees Cook
From: Matthias Kaehlcke <mka@chromium.org>
commit aafc203bbad4bf6cf394a34ea698c2b0b8affae0 upstream.
The doc for CONFIG_SECURITY_LOADPIN_VERITY says that the file with verity
digests must contain a comma separated list of digests. That was the case
at some stage of the development, but was changed during the review
process to one digest per line. Update the Kconfig doc accordingly.
Reported-by: Jae Hoon Kim <kimjae@chromium.org>
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Fixes: 3f805f8cc23b ("LoadPin: Enable loading from trusted dm-verity devices")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220829174557.1.I5d202d1344212a3800d9828f936df6511eb2d0d1@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/loadpin/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/loadpin/Kconfig
+++ b/security/loadpin/Kconfig
@@ -33,4 +33,4 @@ config SECURITY_LOADPIN_VERITY
on the LoadPin securityfs entry 'dm-verity'. The ioctl
expects a file descriptor of a file with verity digests as
parameter. The file must be located on the pinned root and
- contain a comma separated list of digests.
+ contain one digest per line.
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 101/862] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 100/862] LoadPin: Fix Kconfig doc about format of file with verity digests Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 102/862] powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE Greg Kroah-Hartman
` (775 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Rui, Wang Wendy, Rafael J. Wysocki
From: Zhang Rui <rui.zhang@intel.com>
commit 4c081324df5608b73428662ca54d5221ea03a6bd upstream.
Intel Xeon servers used to use a fixed energy resolution (15.3uj) for
Dram RAPL domain. But on SPR, Dram RAPL domain follows the standard
energy resolution as described in MSR_RAPL_POWER_UNIT.
Remove the SPR dram_domain_energy_unit quirk.
Fixes: 2d798d9f5967 ("powercap: intel_rapl: add support for Sapphire Rapids")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Wang Wendy <wendy.wang@intel.com>
Cc: 5.9+ <stable@vger.kernel.org> # 5.9+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/powercap/intel_rapl_common.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/powercap/intel_rapl_common.c
+++ b/drivers/powercap/intel_rapl_common.c
@@ -1035,7 +1035,6 @@ static const struct rapl_defaults rapl_d
.check_unit = rapl_check_unit_core,
.set_floor_freq = set_floor_freq_default,
.compute_time_window = rapl_compute_time_window_core,
- .dram_domain_energy_unit = 15300,
.psys_domain_energy_unit = 1000000000,
.spr_psys_bits = true,
};
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 102/862] powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 101/862] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 103/862] powerpc/boot: Explicitly disable usage of SPE instructions Greg Kroah-Hartman
` (774 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman
From: Christophe Leroy <christophe.leroy@csgroup.eu>
commit d1203f32d86987a3ccd7de9ba2448ba12d86d125 upstream.
CONFIG_PPC_FSL_BOOKE doesn't exist. Should be CONFIG_FSL_BOOKE.
Fixes: 49e3d8ea6248 ("powerpc/fsl_booke: Enable STRICT_KERNEL_RWX")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/828f6a64eeb51ce9abfa1d4e84c521a02fecebb8.1663606875.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -828,7 +828,7 @@ config DATA_SHIFT
default 24 if STRICT_KERNEL_RWX && PPC64
range 17 28 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC || KFENCE) && PPC_BOOK3S_32
range 19 23 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC || KFENCE) && PPC_8xx
- range 20 24 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC || KFENCE) && PPC_FSL_BOOKE
+ range 20 24 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC || KFENCE) && FSL_BOOKE
default 22 if STRICT_KERNEL_RWX && PPC_BOOK3S_32
default 18 if (DEBUG_PAGEALLOC || KFENCE) && PPC_BOOK3S_32
default 23 if STRICT_KERNEL_RWX && PPC_8xx
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 103/862] powerpc/boot: Explicitly disable usage of SPE instructions
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 102/862] powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 104/862] slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure Greg Kroah-Hartman
` (773 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman
From: Pali Rohár <pali@kernel.org>
commit 110a58b9f91c66f743c01a2c217243d94c899c23 upstream.
uImage boot wrapper should not use SPE instructions, like kernel itself.
Boot wrapper has already disabled Altivec and VSX instructions but not SPE.
Options -mno-spe and -mspe=no already set when compilation of kernel, but
not when compiling uImage wrapper yet. Fix it.
Cc: stable@vger.kernel.org
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220827134454.17365-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/boot/Makefile | 1 +
1 file changed, 1 insertion(+)
--- a/arch/powerpc/boot/Makefile
+++ b/arch/powerpc/boot/Makefile
@@ -34,6 +34,7 @@ endif
BOOTCFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
-fno-strict-aliasing -O2 -msoft-float -mno-altivec -mno-vsx \
+ $(call cc-option,-mno-spe) $(call cc-option,-mspe=no) \
-pipe -fomit-frame-pointer -fno-builtin -fPIC -nostdinc \
$(LINUXINCLUDE)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 104/862] slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 103/862] powerpc/boot: Explicitly disable usage of SPE instructions Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 105/862] slimbus: qcom-ngd: cleanup in probe error path Greg Kroah-Hartman
` (772 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Srinivas Kandagatla
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit 5038d21dde818fe74ba1fcb6f2cee35b8c2ebbf2 upstream.
Use correct error code, instead of previous 'ret' value, when printing
error from pdr_add_lookup() failure.
Fixes: e1ae85e1830e ("slimbus: qcom-ngd-ctrl: add Protection Domain Restart Support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220916122910.170730-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/slimbus/qcom-ngd-ctrl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/slimbus/qcom-ngd-ctrl.c
+++ b/drivers/slimbus/qcom-ngd-ctrl.c
@@ -1581,8 +1581,9 @@ static int qcom_slim_ngd_ctrl_probe(stru
pds = pdr_add_lookup(ctrl->pdr, "avs/audio", "msm/adsp/audio_pd");
if (IS_ERR(pds) && PTR_ERR(pds) != -EALREADY) {
+ ret = PTR_ERR(pds);
dev_err(dev, "pdr add lookup failed: %d\n", ret);
- return PTR_ERR(pds);
+ return ret;
}
platform_driver_register(&qcom_slim_ngd_driver);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 105/862] slimbus: qcom-ngd: cleanup in probe error path
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 104/862] slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 106/862] scsi: lpfc: Rework MIB Rx Monitor debug info logic Greg Kroah-Hartman
` (771 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Srinivas Kandagatla
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit 16f14551d0df9e7cd283545d7d748829594d912f upstream.
Add proper error path in probe() to cleanup resources previously
acquired/allocated to fix warnings visible during probe deferral:
notifier callback qcom_slim_ngd_ssr_notify already registered
WARNING: CPU: 6 PID: 70 at kernel/notifier.c:28 notifier_chain_register+0x5c/0x90
Modules linked in:
CPU: 6 PID: 70 Comm: kworker/u16:1 Not tainted 6.0.0-rc3-next-20220830 #380
Call trace:
notifier_chain_register+0x5c/0x90
srcu_notifier_chain_register+0x44/0x90
qcom_register_ssr_notifier+0x38/0x4c
qcom_slim_ngd_ctrl_probe+0xd8/0x400
platform_probe+0x6c/0xe0
really_probe+0xbc/0x2d4
__driver_probe_device+0x78/0xe0
driver_probe_device+0x3c/0x12c
__device_attach_driver+0xb8/0x120
bus_for_each_drv+0x78/0xd0
__device_attach+0xa8/0x1c0
device_initial_probe+0x18/0x24
bus_probe_device+0xa0/0xac
deferred_probe_work_func+0x88/0xc0
process_one_work+0x1d4/0x320
worker_thread+0x2cc/0x44c
kthread+0x110/0x114
ret_from_fork+0x10/0x20
Fixes: e1ae85e1830e ("slimbus: qcom-ngd-ctrl: add Protection Domain Restart Support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220916122910.170730-3-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/slimbus/qcom-ngd-ctrl.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/drivers/slimbus/qcom-ngd-ctrl.c
+++ b/drivers/slimbus/qcom-ngd-ctrl.c
@@ -1576,18 +1576,27 @@ static int qcom_slim_ngd_ctrl_probe(stru
ctrl->pdr = pdr_handle_alloc(slim_pd_status, ctrl);
if (IS_ERR(ctrl->pdr)) {
dev_err(dev, "Failed to init PDR handle\n");
- return PTR_ERR(ctrl->pdr);
+ ret = PTR_ERR(ctrl->pdr);
+ goto err_pdr_alloc;
}
pds = pdr_add_lookup(ctrl->pdr, "avs/audio", "msm/adsp/audio_pd");
if (IS_ERR(pds) && PTR_ERR(pds) != -EALREADY) {
ret = PTR_ERR(pds);
dev_err(dev, "pdr add lookup failed: %d\n", ret);
- return ret;
+ goto err_pdr_lookup;
}
platform_driver_register(&qcom_slim_ngd_driver);
return of_qcom_slim_ngd_register(dev, ctrl);
+
+err_pdr_alloc:
+ qcom_unregister_ssr_notifier(ctrl->notifier, &ctrl->nb);
+
+err_pdr_lookup:
+ pdr_handle_release(ctrl->pdr);
+
+ return ret;
}
static int qcom_slim_ngd_ctrl_remove(struct platform_device *pdev)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 106/862] scsi: lpfc: Rework MIB Rx Monitor debug info logic
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 105/862] slimbus: qcom-ngd: cleanup in probe error path Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 107/862] scsi: qedf: Populate sysfs attributes for vport Greg Kroah-Hartman
` (770 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart, Martin K. Petersen
From: James Smart <jsmart2021@gmail.com>
commit bd269188ea94e40ab002cad7b0df8f12b8f0de54 upstream.
The kernel test robot reported the following sparse warning:
arch/arm64/include/asm/cmpxchg.h:88:1: sparse: sparse: cast truncates
bits from constant value (369 becomes 69)
On arm64, atomic_xchg only works on 8-bit byte fields. Thus, the macro
usage of LPFC_RXMONITOR_TABLE_IN_USE can be unintentionally truncated
leading to all logic involving the LPFC_RXMONITOR_TABLE_IN_USE macro to not
work properly.
Replace the Rx Table atomic_t indexing logic with a new
lpfc_rx_info_monitor structure that holds a circular ring buffer. For
locking semantics, a spinlock_t is used.
Link: https://lore.kernel.org/r/20220819011736.14141-4-jsmart2021@gmail.com
Fixes: 17b27ac59224 ("scsi: lpfc: Add rx monitoring statistics")
Cc: <stable@vger.kernel.org> # v5.15+
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc.h | 14 +-
drivers/scsi/lpfc/lpfc_crtn.h | 8 +
drivers/scsi/lpfc/lpfc_debugfs.c | 59 ++----------
drivers/scsi/lpfc/lpfc_debugfs.h | 2
drivers/scsi/lpfc/lpfc_init.c | 83 ++++-------------
drivers/scsi/lpfc/lpfc_mem.c | 9 +
drivers/scsi/lpfc/lpfc_sli.c | 190 +++++++++++++++++++++++++++++++++++++--
7 files changed, 240 insertions(+), 125 deletions(-)
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
@@ -1570,10 +1570,7 @@ struct lpfc_hba {
u32 cgn_acqe_cnt;
/* RX monitor handling for CMF */
- struct rxtable_entry *rxtable; /* RX_monitor information */
- atomic_t rxtable_idx_head;
-#define LPFC_RXMONITOR_TABLE_IN_USE (LPFC_MAX_RXMONITOR_ENTRY + 73)
- atomic_t rxtable_idx_tail;
+ struct lpfc_rx_info_monitor *rx_monitor;
atomic_t rx_max_read_cnt; /* Maximum read bytes */
uint64_t rx_block_cnt;
@@ -1622,7 +1619,7 @@ struct lpfc_hba {
#define LPFC_MAX_RXMONITOR_ENTRY 800
#define LPFC_MAX_RXMONITOR_DUMP 32
-struct rxtable_entry {
+struct rx_info_entry {
uint64_t cmf_bytes; /* Total no of read bytes for CMF_SYNC_WQE */
uint64_t total_bytes; /* Total no of read bytes requested */
uint64_t rcv_bytes; /* Total no of read bytes completed */
@@ -1637,6 +1634,13 @@ struct rxtable_entry {
uint32_t timer_interval;
};
+struct lpfc_rx_info_monitor {
+ struct rx_info_entry *ring; /* info organized in a circular buffer */
+ u32 head_idx, tail_idx; /* index to head/tail of ring */
+ spinlock_t lock; /* spinlock for ring */
+ u32 entries; /* storing number entries/size of ring */
+};
+
static inline struct Scsi_Host *
lpfc_shost_from_vport(struct lpfc_vport *vport)
{
--- a/drivers/scsi/lpfc/lpfc_crtn.h
+++ b/drivers/scsi/lpfc/lpfc_crtn.h
@@ -92,6 +92,14 @@ void lpfc_cgn_dump_rxmonitor(struct lpfc
void lpfc_cgn_update_stat(struct lpfc_hba *phba, uint32_t dtag);
void lpfc_unblock_requests(struct lpfc_hba *phba);
void lpfc_block_requests(struct lpfc_hba *phba);
+int lpfc_rx_monitor_create_ring(struct lpfc_rx_info_monitor *rx_monitor,
+ u32 entries);
+void lpfc_rx_monitor_destroy_ring(struct lpfc_rx_info_monitor *rx_monitor);
+void lpfc_rx_monitor_record(struct lpfc_rx_info_monitor *rx_monitor,
+ struct rx_info_entry *entry);
+u32 lpfc_rx_monitor_report(struct lpfc_hba *phba,
+ struct lpfc_rx_info_monitor *rx_monitor, char *buf,
+ u32 buf_len, u32 max_read_entries);
void lpfc_mbx_cmpl_local_config_link(struct lpfc_hba *, LPFC_MBOXQ_t *);
void lpfc_mbx_cmpl_reg_login(struct lpfc_hba *, LPFC_MBOXQ_t *);
--- a/drivers/scsi/lpfc/lpfc_debugfs.c
+++ b/drivers/scsi/lpfc/lpfc_debugfs.c
@@ -5531,7 +5531,7 @@ lpfc_rx_monitor_open(struct inode *inode
if (!debug)
goto out;
- debug->buffer = vmalloc(MAX_DEBUGFS_RX_TABLE_SIZE);
+ debug->buffer = vmalloc(MAX_DEBUGFS_RX_INFO_SIZE);
if (!debug->buffer) {
kfree(debug);
goto out;
@@ -5552,57 +5552,18 @@ lpfc_rx_monitor_read(struct file *file,
struct lpfc_rx_monitor_debug *debug = file->private_data;
struct lpfc_hba *phba = (struct lpfc_hba *)debug->i_private;
char *buffer = debug->buffer;
- struct rxtable_entry *entry;
- int i, len = 0, head, tail, last, start;
- head = atomic_read(&phba->rxtable_idx_head);
- while (head == LPFC_RXMONITOR_TABLE_IN_USE) {
- /* Table is getting updated */
- msleep(20);
- head = atomic_read(&phba->rxtable_idx_head);
+ if (!phba->rx_monitor) {
+ scnprintf(buffer, MAX_DEBUGFS_RX_INFO_SIZE,
+ "Rx Monitor Info is empty.\n");
+ } else {
+ lpfc_rx_monitor_report(phba, phba->rx_monitor, buffer,
+ MAX_DEBUGFS_RX_INFO_SIZE,
+ LPFC_MAX_RXMONITOR_ENTRY);
}
- tail = atomic_xchg(&phba->rxtable_idx_tail, head);
- if (!phba->rxtable || head == tail) {
- len += scnprintf(buffer + len, MAX_DEBUGFS_RX_TABLE_SIZE - len,
- "Rxtable is empty\n");
- goto out;
- }
- last = (head > tail) ? head : LPFC_MAX_RXMONITOR_ENTRY;
- start = tail;
-
- len += scnprintf(buffer + len, MAX_DEBUGFS_RX_TABLE_SIZE - len,
- " MaxBPI Tot_Data_CMF Tot_Data_Cmd "
- "Tot_Data_Cmpl Lat(us) Avg_IO Max_IO "
- "Bsy IO_cnt Info BWutil(ms)\n");
-get_table:
- for (i = start; i < last; i++) {
- entry = &phba->rxtable[i];
- len += scnprintf(buffer + len, MAX_DEBUGFS_RX_TABLE_SIZE - len,
- "%3d:%12lld %12lld %12lld %12lld "
- "%7lldus %8lld %7lld "
- "%2d %4d %2d %2d(%2d)\n",
- i, entry->max_bytes_per_interval,
- entry->cmf_bytes,
- entry->total_bytes,
- entry->rcv_bytes,
- entry->avg_io_latency,
- entry->avg_io_size,
- entry->max_read_cnt,
- entry->cmf_busy,
- entry->io_cnt,
- entry->cmf_info,
- entry->timer_utilization,
- entry->timer_interval);
- }
-
- if (head != last) {
- start = 0;
- last = head;
- goto get_table;
- }
-out:
- return simple_read_from_buffer(buf, nbytes, ppos, buffer, len);
+ return simple_read_from_buffer(buf, nbytes, ppos, buffer,
+ strlen(buffer));
}
static int
--- a/drivers/scsi/lpfc/lpfc_debugfs.h
+++ b/drivers/scsi/lpfc/lpfc_debugfs.h
@@ -282,7 +282,7 @@ struct lpfc_idiag {
void *ptr_private;
};
-#define MAX_DEBUGFS_RX_TABLE_SIZE (128 * LPFC_MAX_RXMONITOR_ENTRY)
+#define MAX_DEBUGFS_RX_INFO_SIZE (128 * LPFC_MAX_RXMONITOR_ENTRY)
struct lpfc_rx_monitor_debug {
char *i_private;
char *buffer;
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -5569,38 +5569,12 @@ lpfc_async_link_speed_to_read_top(struct
void
lpfc_cgn_dump_rxmonitor(struct lpfc_hba *phba)
{
- struct rxtable_entry *entry;
- int cnt = 0, head, tail, last, start;
-
- head = atomic_read(&phba->rxtable_idx_head);
- tail = atomic_read(&phba->rxtable_idx_tail);
- if (!phba->rxtable || head == tail) {
- lpfc_printf_log(phba, KERN_ERR, LOG_CGN_MGMT,
- "4411 Rxtable is empty\n");
- return;
- }
- last = tail;
- start = head;
-
- /* Display the last LPFC_MAX_RXMONITOR_DUMP entries from the rxtable */
- while (start != last) {
- if (start)
- start--;
- else
- start = LPFC_MAX_RXMONITOR_ENTRY - 1;
- entry = &phba->rxtable[start];
+ if (!phba->rx_monitor) {
lpfc_printf_log(phba, KERN_INFO, LOG_CGN_MGMT,
- "4410 %02d: MBPI %lld Xmit %lld Cmpl %lld "
- "Lat %lld ASz %lld Info %02d BWUtil %d "
- "Int %d slot %d\n",
- cnt, entry->max_bytes_per_interval,
- entry->total_bytes, entry->rcv_bytes,
- entry->avg_io_latency, entry->avg_io_size,
- entry->cmf_info, entry->timer_utilization,
- entry->timer_interval, start);
- cnt++;
- if (cnt >= LPFC_MAX_RXMONITOR_DUMP)
- return;
+ "4411 Rx Monitor Info is empty.\n");
+ } else {
+ lpfc_rx_monitor_report(phba, phba->rx_monitor, NULL, 0,
+ LPFC_MAX_RXMONITOR_DUMP);
}
}
@@ -6007,9 +5981,8 @@ lpfc_cmf_timer(struct hrtimer *timer)
{
struct lpfc_hba *phba = container_of(timer, struct lpfc_hba,
cmf_timer);
- struct rxtable_entry *entry;
+ struct rx_info_entry entry;
uint32_t io_cnt;
- uint32_t head, tail;
uint32_t busy, max_read;
uint64_t total, rcv, lat, mbpi, extra, cnt;
int timer_interval = LPFC_CMF_INTERVAL;
@@ -6129,40 +6102,30 @@ lpfc_cmf_timer(struct hrtimer *timer)
}
/* Save rxmonitor information for debug */
- if (phba->rxtable) {
- head = atomic_xchg(&phba->rxtable_idx_head,
- LPFC_RXMONITOR_TABLE_IN_USE);
- entry = &phba->rxtable[head];
- entry->total_bytes = total;
- entry->cmf_bytes = total + extra;
- entry->rcv_bytes = rcv;
- entry->cmf_busy = busy;
- entry->cmf_info = phba->cmf_active_info;
+ if (phba->rx_monitor) {
+ entry.total_bytes = total;
+ entry.cmf_bytes = total + extra;
+ entry.rcv_bytes = rcv;
+ entry.cmf_busy = busy;
+ entry.cmf_info = phba->cmf_active_info;
if (io_cnt) {
- entry->avg_io_latency = div_u64(lat, io_cnt);
- entry->avg_io_size = div_u64(rcv, io_cnt);
+ entry.avg_io_latency = div_u64(lat, io_cnt);
+ entry.avg_io_size = div_u64(rcv, io_cnt);
} else {
- entry->avg_io_latency = 0;
- entry->avg_io_size = 0;
+ entry.avg_io_latency = 0;
+ entry.avg_io_size = 0;
}
- entry->max_read_cnt = max_read;
- entry->io_cnt = io_cnt;
- entry->max_bytes_per_interval = mbpi;
+ entry.max_read_cnt = max_read;
+ entry.io_cnt = io_cnt;
+ entry.max_bytes_per_interval = mbpi;
if (phba->cmf_active_mode == LPFC_CFG_MANAGED)
- entry->timer_utilization = phba->cmf_last_ts;
+ entry.timer_utilization = phba->cmf_last_ts;
else
- entry->timer_utilization = ms;
- entry->timer_interval = ms;
+ entry.timer_utilization = ms;
+ entry.timer_interval = ms;
phba->cmf_last_ts = 0;
- /* Increment rxtable index */
- head = (head + 1) % LPFC_MAX_RXMONITOR_ENTRY;
- tail = atomic_read(&phba->rxtable_idx_tail);
- if (head == tail) {
- tail = (tail + 1) % LPFC_MAX_RXMONITOR_ENTRY;
- atomic_set(&phba->rxtable_idx_tail, tail);
- }
- atomic_set(&phba->rxtable_idx_head, head);
+ lpfc_rx_monitor_record(phba->rx_monitor, &entry);
}
if (phba->cmf_active_mode == LPFC_CFG_MONITOR) {
--- a/drivers/scsi/lpfc/lpfc_mem.c
+++ b/drivers/scsi/lpfc/lpfc_mem.c
@@ -344,9 +344,12 @@ lpfc_mem_free_all(struct lpfc_hba *phba)
phba->cgn_i = NULL;
}
- /* Free RX table */
- kfree(phba->rxtable);
- phba->rxtable = NULL;
+ /* Free RX Monitor */
+ if (phba->rx_monitor) {
+ lpfc_rx_monitor_destroy_ring(phba->rx_monitor);
+ kfree(phba->rx_monitor);
+ phba->rx_monitor = NULL;
+ }
/* Free the iocb lookup array */
kfree(psli->iocbq_lookup);
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -7960,6 +7960,172 @@ static void lpfc_sli4_dip(struct lpfc_hb
}
/**
+ * lpfc_rx_monitor_create_ring - Initialize ring buffer for rx_monitor
+ * @rx_monitor: Pointer to lpfc_rx_info_monitor object
+ * @entries: Number of rx_info_entry objects to allocate in ring
+ *
+ * Return:
+ * 0 - Success
+ * ENOMEM - Failure to kmalloc
+ **/
+int lpfc_rx_monitor_create_ring(struct lpfc_rx_info_monitor *rx_monitor,
+ u32 entries)
+{
+ rx_monitor->ring = kmalloc_array(entries, sizeof(struct rx_info_entry),
+ GFP_KERNEL);
+ if (!rx_monitor->ring)
+ return -ENOMEM;
+
+ rx_monitor->head_idx = 0;
+ rx_monitor->tail_idx = 0;
+ spin_lock_init(&rx_monitor->lock);
+ rx_monitor->entries = entries;
+
+ return 0;
+}
+
+/**
+ * lpfc_rx_monitor_destroy_ring - Free ring buffer for rx_monitor
+ * @rx_monitor: Pointer to lpfc_rx_info_monitor object
+ **/
+void lpfc_rx_monitor_destroy_ring(struct lpfc_rx_info_monitor *rx_monitor)
+{
+ spin_lock(&rx_monitor->lock);
+ kfree(rx_monitor->ring);
+ rx_monitor->ring = NULL;
+ rx_monitor->entries = 0;
+ rx_monitor->head_idx = 0;
+ rx_monitor->tail_idx = 0;
+ spin_unlock(&rx_monitor->lock);
+}
+
+/**
+ * lpfc_rx_monitor_record - Insert an entry into rx_monitor's ring
+ * @rx_monitor: Pointer to lpfc_rx_info_monitor object
+ * @entry: Pointer to rx_info_entry
+ *
+ * Used to insert an rx_info_entry into rx_monitor's ring. Note that this is a
+ * deep copy of rx_info_entry not a shallow copy of the rx_info_entry ptr.
+ *
+ * This is called from lpfc_cmf_timer, which is in timer/softirq context.
+ *
+ * In cases of old data overflow, we do a best effort of FIFO order.
+ **/
+void lpfc_rx_monitor_record(struct lpfc_rx_info_monitor *rx_monitor,
+ struct rx_info_entry *entry)
+{
+ struct rx_info_entry *ring = rx_monitor->ring;
+ u32 *head_idx = &rx_monitor->head_idx;
+ u32 *tail_idx = &rx_monitor->tail_idx;
+ spinlock_t *ring_lock = &rx_monitor->lock;
+ u32 ring_size = rx_monitor->entries;
+
+ spin_lock(ring_lock);
+ memcpy(&ring[*tail_idx], entry, sizeof(*entry));
+ *tail_idx = (*tail_idx + 1) % ring_size;
+
+ /* Best effort of FIFO saved data */
+ if (*tail_idx == *head_idx)
+ *head_idx = (*head_idx + 1) % ring_size;
+
+ spin_unlock(ring_lock);
+}
+
+/**
+ * lpfc_rx_monitor_report - Read out rx_monitor's ring
+ * @phba: Pointer to lpfc_hba object
+ * @rx_monitor: Pointer to lpfc_rx_info_monitor object
+ * @buf: Pointer to char buffer that will contain rx monitor info data
+ * @buf_len: Length buf including null char
+ * @max_read_entries: Maximum number of entries to read out of ring
+ *
+ * Used to dump/read what's in rx_monitor's ring buffer.
+ *
+ * If buf is NULL || buf_len == 0, then it is implied that we want to log the
+ * information to kmsg instead of filling out buf.
+ *
+ * Return:
+ * Number of entries read out of the ring
+ **/
+u32 lpfc_rx_monitor_report(struct lpfc_hba *phba,
+ struct lpfc_rx_info_monitor *rx_monitor, char *buf,
+ u32 buf_len, u32 max_read_entries)
+{
+ struct rx_info_entry *ring = rx_monitor->ring;
+ struct rx_info_entry *entry;
+ u32 *head_idx = &rx_monitor->head_idx;
+ u32 *tail_idx = &rx_monitor->tail_idx;
+ spinlock_t *ring_lock = &rx_monitor->lock;
+ u32 ring_size = rx_monitor->entries;
+ u32 cnt = 0;
+ char tmp[DBG_LOG_STR_SZ] = {0};
+ bool log_to_kmsg = (!buf || !buf_len) ? true : false;
+
+ if (!log_to_kmsg) {
+ /* clear the buffer to be sure */
+ memset(buf, 0, buf_len);
+
+ scnprintf(buf, buf_len, "\t%-16s%-16s%-16s%-16s%-8s%-8s%-8s"
+ "%-8s%-8s%-8s%-16s\n",
+ "MaxBPI", "Tot_Data_CMF",
+ "Tot_Data_Cmd", "Tot_Data_Cmpl",
+ "Lat(us)", "Avg_IO", "Max_IO", "Bsy",
+ "IO_cnt", "Info", "BWutil(ms)");
+ }
+
+ /* Needs to be _bh because record is called from timer interrupt
+ * context
+ */
+ spin_lock_bh(ring_lock);
+ while (*head_idx != *tail_idx) {
+ entry = &ring[*head_idx];
+
+ /* Read out this entry's data. */
+ if (!log_to_kmsg) {
+ /* If !log_to_kmsg, then store to buf. */
+ scnprintf(tmp, sizeof(tmp),
+ "%03d:\t%-16llu%-16llu%-16llu%-16llu%-8llu"
+ "%-8llu%-8llu%-8u%-8u%-8u%u(%u)\n",
+ *head_idx, entry->max_bytes_per_interval,
+ entry->cmf_bytes, entry->total_bytes,
+ entry->rcv_bytes, entry->avg_io_latency,
+ entry->avg_io_size, entry->max_read_cnt,
+ entry->cmf_busy, entry->io_cnt,
+ entry->cmf_info, entry->timer_utilization,
+ entry->timer_interval);
+
+ /* Check for buffer overflow */
+ if ((strlen(buf) + strlen(tmp)) >= buf_len)
+ break;
+
+ /* Append entry's data to buffer */
+ strlcat(buf, tmp, buf_len);
+ } else {
+ lpfc_printf_log(phba, KERN_INFO, LOG_CGN_MGMT,
+ "4410 %02u: MBPI %llu Xmit %llu "
+ "Cmpl %llu Lat %llu ASz %llu Info %02u "
+ "BWUtil %u Int %u slot %u\n",
+ cnt, entry->max_bytes_per_interval,
+ entry->total_bytes, entry->rcv_bytes,
+ entry->avg_io_latency,
+ entry->avg_io_size, entry->cmf_info,
+ entry->timer_utilization,
+ entry->timer_interval, *head_idx);
+ }
+
+ *head_idx = (*head_idx + 1) % ring_size;
+
+ /* Don't feed more than max_read_entries */
+ cnt++;
+ if (cnt >= max_read_entries)
+ break;
+ }
+ spin_unlock_bh(ring_lock);
+
+ return cnt;
+}
+
+/**
* lpfc_cmf_setup - Initialize idle_stat tracking
* @phba: Pointer to HBA context object.
*
@@ -8133,19 +8299,29 @@ no_cmf:
phba->cmf_interval_rate = LPFC_CMF_INTERVAL;
/* Allocate RX Monitor Buffer */
- if (!phba->rxtable) {
- phba->rxtable = kmalloc_array(LPFC_MAX_RXMONITOR_ENTRY,
- sizeof(struct rxtable_entry),
- GFP_KERNEL);
- if (!phba->rxtable) {
+ if (!phba->rx_monitor) {
+ phba->rx_monitor = kzalloc(sizeof(*phba->rx_monitor),
+ GFP_KERNEL);
+
+ if (!phba->rx_monitor) {
lpfc_printf_log(phba, KERN_ERR, LOG_INIT,
"2644 Failed to alloc memory "
"for RX Monitor Buffer\n");
return -ENOMEM;
}
+
+ /* Instruct the rx_monitor object to instantiate its ring */
+ if (lpfc_rx_monitor_create_ring(phba->rx_monitor,
+ LPFC_MAX_RXMONITOR_ENTRY)) {
+ kfree(phba->rx_monitor);
+ phba->rx_monitor = NULL;
+ lpfc_printf_log(phba, KERN_ERR, LOG_INIT,
+ "2645 Failed to alloc memory "
+ "for RX Monitor's Ring\n");
+ return -ENOMEM;
+ }
}
- atomic_set(&phba->rxtable_idx_head, 0);
- atomic_set(&phba->rxtable_idx_tail, 0);
+
return 0;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 107/862] scsi: qedf: Populate sysfs attributes for vport
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 106/862] scsi: lpfc: Rework MIB Rx Monitor debug info logic Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 108/862] gpio: rockchip: request GPIO mux to pinctrl when setting direction Greg Kroah-Hartman
` (769 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guangwu Zhang, John Meneghini,
Saurav Kashyap, Nilesh Javali, Martin K. Petersen
From: Saurav Kashyap <skashyap@marvell.com>
commit 592642e6b11e620e4b43189f8072752429fc8dc3 upstream.
Few vport parameters were displayed by systool as 'Unknown' or 'NULL'.
Copy speed, supported_speed, frame_size and update port_type for NPIV port.
Link: https://lore.kernel.org/r/20220919134434.3513-1-njavali@marvell.com
Cc: stable@vger.kernel.org
Tested-by: Guangwu Zhang <guazhang@redhat.com>
Reviewed-by: John Meneghini <jmeneghi@redhat.com>
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qedf/qedf_main.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/drivers/scsi/qedf/qedf_main.c
+++ b/drivers/scsi/qedf/qedf_main.c
@@ -1921,6 +1921,27 @@ static int qedf_vport_create(struct fc_v
fc_vport_setlink(vn_port);
}
+ /* Set symbolic node name */
+ if (base_qedf->pdev->device == QL45xxx)
+ snprintf(fc_host_symbolic_name(vn_port->host), 256,
+ "Marvell FastLinQ 45xxx FCoE v%s", QEDF_VERSION);
+
+ if (base_qedf->pdev->device == QL41xxx)
+ snprintf(fc_host_symbolic_name(vn_port->host), 256,
+ "Marvell FastLinQ 41xxx FCoE v%s", QEDF_VERSION);
+
+ /* Set supported speed */
+ fc_host_supported_speeds(vn_port->host) = n_port->link_supported_speeds;
+
+ /* Set speed */
+ vn_port->link_speed = n_port->link_speed;
+
+ /* Set port type */
+ fc_host_port_type(vn_port->host) = FC_PORTTYPE_NPIV;
+
+ /* Set maxframe size */
+ fc_host_maxframe_size(vn_port->host) = n_port->mfs;
+
QEDF_INFO(&(base_qedf->dbg_ctx), QEDF_LOG_NPIV, "vn_port=%p.\n",
vn_port);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 108/862] gpio: rockchip: request GPIO mux to pinctrl when setting direction
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 107/862] scsi: qedf: Populate sysfs attributes for vport Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 109/862] pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback Greg Kroah-Hartman
` (768 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiko Stuebner, Quentin Schulz,
Linus Walleij
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
commit 8ea8af6c8469156ac2042d83d73f6b74eb4b4b45 upstream.
Before the split of gpio and pinctrl sections in their own driver,
rockchip_set_mux was called in pinmux_ops.gpio_set_direction for
configuring a pin in its GPIO function.
This is essential for cases where pinctrl is "bypassed" by gpio
consumers otherwise the GPIO function is not configured for the pin and
it does not work. Such was the case for the sysfs/libgpiod userspace
GPIO handling.
Let's call pinctrl_gpio_direction_input/output when setting the
direction of a GPIO so that the pinctrl core requests from the rockchip
pinctrl driver to put the pin in its GPIO function.
Fixes: 9ce9a02039de ("pinctrl/rockchip: drop the gpio related codes")
Fixes: 936ee2675eee ("gpio/rockchip: add driver for rockchip gpio")
Cc: stable@vger.kernel.org
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Link: https://lore.kernel.org/r/20220930132033.4003377-3-foss+kernel@0leil.net
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpio-rockchip.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/gpio/gpio-rockchip.c
+++ b/drivers/gpio/gpio-rockchip.c
@@ -19,6 +19,7 @@
#include <linux/of_address.h>
#include <linux/of_device.h>
#include <linux/of_irq.h>
+#include <linux/pinctrl/consumer.h>
#include <linux/pinctrl/pinconf-generic.h>
#include <linux/regmap.h>
@@ -156,6 +157,12 @@ static int rockchip_gpio_set_direction(s
unsigned long flags;
u32 data = input ? 0 : 1;
+
+ if (input)
+ pinctrl_gpio_direction_input(bank->pin_base + offset);
+ else
+ pinctrl_gpio_direction_output(bank->pin_base + offset);
+
raw_spin_lock_irqsave(&bank->slock, flags);
rockchip_gpio_writel_bit(bank, offset, data, bank->gpio_regs->port_ddr);
raw_spin_unlock_irqrestore(&bank->slock, flags);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 109/862] pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 108/862] gpio: rockchip: request GPIO mux to pinctrl when setting direction Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 110/862] fbdev: smscufx: Fix use-after-free in ufx_ops_open() Greg Kroah-Hartman
` (767 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiko Stuebner, Quentin Schulz,
Linus Walleij
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
commit 4635c0e2a7f7f3568cbfccae70121f9835efa62c upstream.
Before the split of gpio and pinctrl sections in their own driver,
rockchip_set_mux was called in pinmux_ops.gpio_set_direction for
configuring a pin in its GPIO function.
This is essential for cases where pinctrl is "bypassed" by gpio
consumers otherwise the GPIO function is not configured for the pin and
it does not work. Such was the case for the sysfs/libgpiod userspace
GPIO handling.
Let's re-implement the pinmux_ops.gpio_set_direction callback so that
the gpio subsystem can request from the pinctrl driver to put the pin in
its GPIO function.
Fixes: 9ce9a02039de ("pinctrl/rockchip: drop the gpio related codes")
Cc: stable@vger.kernel.org
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Link: https://lore.kernel.org/r/20220930132033.4003377-2-foss+kernel@0leil.net
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/pinctrl-rockchip.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/pinctrl/pinctrl-rockchip.c
+++ b/drivers/pinctrl/pinctrl-rockchip.c
@@ -2393,11 +2393,24 @@ static int rockchip_pmx_set(struct pinct
return 0;
}
+static int rockchip_pmx_gpio_set_direction(struct pinctrl_dev *pctldev,
+ struct pinctrl_gpio_range *range,
+ unsigned offset,
+ bool input)
+{
+ struct rockchip_pinctrl *info = pinctrl_dev_get_drvdata(pctldev);
+ struct rockchip_pin_bank *bank;
+
+ bank = pin_to_bank(info, offset);
+ return rockchip_set_mux(bank, offset - bank->pin_base, RK_FUNC_GPIO);
+}
+
static const struct pinmux_ops rockchip_pmx_ops = {
.get_functions_count = rockchip_pmx_get_funcs_count,
.get_function_name = rockchip_pmx_get_func_name,
.get_function_groups = rockchip_pmx_get_groups,
.set_mux = rockchip_pmx_set,
+ .gpio_set_direction = rockchip_pmx_gpio_set_direction,
};
/*
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 110/862] fbdev: smscufx: Fix use-after-free in ufx_ops_open()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 109/862] pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 111/862] hwrng: core - let sleep be interrupted when unregistering hwrng Greg Kroah-Hartman
` (766 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hyunwoo Kim, Helge Deller
From: Hyunwoo Kim <imv4bel@gmail.com>
commit 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c upstream.
A race condition may occur if the user physically removes the
USB device while calling open() for this device node.
This is a race condition between the ufx_ops_open() function and
the ufx_usb_disconnect() function, which may eventually result in UAF.
So, add a mutex to the ufx_ops_open() and ufx_usb_disconnect() functions
to avoid race contidion of krefs.
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/smscufx.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/drivers/video/fbdev/smscufx.c
+++ b/drivers/video/fbdev/smscufx.c
@@ -137,6 +137,8 @@ static int ufx_submit_urb(struct ufx_dat
static int ufx_alloc_urb_list(struct ufx_data *dev, int count, size_t size);
static void ufx_free_urb_list(struct ufx_data *dev);
+static DEFINE_MUTEX(disconnect_mutex);
+
/* reads a control register */
static int ufx_reg_read(struct ufx_data *dev, u32 index, u32 *data)
{
@@ -1071,9 +1073,13 @@ static int ufx_ops_open(struct fb_info *
if (user == 0 && !console)
return -EBUSY;
+ mutex_lock(&disconnect_mutex);
+
/* If the USB device is gone, we don't accept new opens */
- if (dev->virtualized)
+ if (dev->virtualized) {
+ mutex_unlock(&disconnect_mutex);
return -ENODEV;
+ }
dev->fb_count++;
@@ -1097,6 +1103,8 @@ static int ufx_ops_open(struct fb_info *
pr_debug("open /dev/fb%d user=%d fb_info=%p count=%d",
info->node, user, info, dev->fb_count);
+ mutex_unlock(&disconnect_mutex);
+
return 0;
}
@@ -1741,6 +1749,8 @@ static void ufx_usb_disconnect(struct us
{
struct ufx_data *dev;
+ mutex_lock(&disconnect_mutex);
+
dev = usb_get_intfdata(interface);
pr_debug("USB disconnect starting\n");
@@ -1761,6 +1771,8 @@ static void ufx_usb_disconnect(struct us
kref_put(&dev->kref, ufx_free);
/* consider ufx_data freed */
+
+ mutex_unlock(&disconnect_mutex);
}
static struct usb_driver ufx_driver = {
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 111/862] hwrng: core - let sleep be interrupted when unregistering hwrng
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 110/862] fbdev: smscufx: Fix use-after-free in ufx_ops_open() Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 112/862] smb3: do not log confusing message when server returns no network interfaces Greg Kroah-Hartman
` (765 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gregory Erwin, Jason A. Donenfeld,
Herbert Xu, Toke Høiland-Jørgensen, Kalle Valo
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 36cb6494429bd64b27b7ff8b4af56f8e526da2b4 upstream.
There are two deadlock scenarios that need addressing, which cause
problems when the computer goes to sleep, the interface is set down, and
hwrng_unregister() is called. When the deadlock is hit, sleep is delayed
for tens of seconds, causing it to fail. These scenarios are:
1) The hwrng kthread can't be stopped while it's sleeping, because it
uses msleep_interruptible() which does not react to kthread_stop.
2) A normal user thread can't be interrupted by hwrng_unregister() while
it's sleeping, because hwrng_unregister() is called from elsewhere.
We solve both issues by add a completion object called dying that
fulfils waiters once we have started the process in hwrng_unregister.
At the same time, we should cleanup a common and useless dmesg splat
in the same area.
Cc: <stable@vger.kernel.org>
Reported-by: Gregory Erwin <gregerwin256@gmail.com>
Fixes: fcd09c90c3c5 ("ath9k: use hw_random API instead of directly dumping into random.c")
Link: https://lore.kernel.org/all/CAO+Okf6ZJC5-nTE_EJUGQtd8JiCkiEHytGgDsFGTEjs0c00giw@mail.gmail.com/
Link: https://lore.kernel.org/lkml/CAO+Okf5k+C+SE6pMVfPf-d8MfVPVq4PO7EY8Hys_DVXtent3HA@mail.gmail.com/
Link: https://bugs.archlinux.org/task/75138
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Acked-by: Kalle Valo <kvalo@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/hw_random/core.c | 19 +++++++++++++++----
drivers/net/wireless/ath/ath9k/rng.c | 3 ++-
include/linux/hw_random.h | 3 +++
3 files changed, 20 insertions(+), 5 deletions(-)
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -507,16 +507,17 @@ static int hwrng_fillfn(void *unused)
rng->quality = current_quality; /* obsolete */
quality = rng->quality;
mutex_unlock(&reading_mutex);
+
+ if (rc <= 0)
+ hwrng_msleep(rng, 10000);
+
put_rng(rng);
if (!quality)
break;
- if (rc <= 0) {
- pr_warn("hwrng: no data available\n");
- msleep_interruptible(10000);
+ if (rc <= 0)
continue;
- }
/* If we cannot credit at least one bit of entropy,
* keep track of the remainder for the next iteration
@@ -570,6 +571,7 @@ int hwrng_register(struct hwrng *rng)
init_completion(&rng->cleanup_done);
complete(&rng->cleanup_done);
+ init_completion(&rng->dying);
if (!current_rng ||
(!cur_rng_set_by_user && rng->quality > current_rng->quality)) {
@@ -617,6 +619,7 @@ void hwrng_unregister(struct hwrng *rng)
old_rng = current_rng;
list_del(&rng->list);
+ complete_all(&rng->dying);
if (current_rng == rng) {
err = enable_best_rng();
if (err) {
@@ -685,6 +688,14 @@ void devm_hwrng_unregister(struct device
}
EXPORT_SYMBOL_GPL(devm_hwrng_unregister);
+long hwrng_msleep(struct hwrng *rng, unsigned int msecs)
+{
+ unsigned long timeout = msecs_to_jiffies(msecs) + 1;
+
+ return wait_for_completion_interruptible_timeout(&rng->dying, timeout);
+}
+EXPORT_SYMBOL_GPL(hwrng_msleep);
+
static int __init hwrng_modinit(void)
{
int ret;
--- a/drivers/net/wireless/ath/ath9k/rng.c
+++ b/drivers/net/wireless/ath/ath9k/rng.c
@@ -83,7 +83,8 @@ static int ath9k_rng_read(struct hwrng *
if (!wait || !max || likely(bytes_read) || fail_stats > 110)
break;
- msleep_interruptible(ath9k_rng_delay_get(++fail_stats));
+ if (hwrng_msleep(rng, ath9k_rng_delay_get(++fail_stats)))
+ break;
}
if (wait && !bytes_read && max)
--- a/include/linux/hw_random.h
+++ b/include/linux/hw_random.h
@@ -50,6 +50,7 @@ struct hwrng {
struct list_head list;
struct kref ref;
struct completion cleanup_done;
+ struct completion dying;
};
struct device;
@@ -61,4 +62,6 @@ extern int devm_hwrng_register(struct de
extern void hwrng_unregister(struct hwrng *rng);
extern void devm_hwrng_unregister(struct device *dve, struct hwrng *rng);
+extern long hwrng_msleep(struct hwrng *rng, unsigned int msecs);
+
#endif /* LINUX_HWRANDOM_H_ */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 112/862] smb3: do not log confusing message when server returns no network interfaces
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 111/862] hwrng: core - let sleep be interrupted when unregistering hwrng Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 113/862] ksmbd: fix incorrect handling of iterate_dir Greg Kroah-Hartman
` (764 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paulo Alcantara (SUSE), Steve French
From: Steve French <stfrench@microsoft.com>
commit 4659f01e3cd94f64d9bd06764ace2ef8fe1b6227 upstream.
Some servers can return an empty network interface list so, unless
multichannel is requested, no need to log an error for this, and
when multichannel is requested on mount but no interfaces, log
something less confusing. For this case change
parse_server_interfaces: malformed interface info
to
empty network interface list returned by server localhost
Also do not relog this error every ten minutes (only log on mount, once)
Cc: <stable@vger.kernel.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsproto.h | 2 +-
fs/cifs/connect.c | 2 +-
fs/cifs/smb2ops.c | 23 ++++++++++++++++++-----
3 files changed, 20 insertions(+), 7 deletions(-)
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -639,7 +639,7 @@ cifs_chan_is_iface_active(struct cifs_se
int
cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server);
int
-SMB3_request_interfaces(const unsigned int xid, struct cifs_tcon *tcon);
+SMB3_request_interfaces(const unsigned int xid, struct cifs_tcon *tcon, bool in_mount);
void extract_unc_hostname(const char *unc, const char **h, size_t *len);
int copy_path_name(char *dst, const char *src);
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -155,7 +155,7 @@ static void smb2_query_server_interfaces
/*
* query server network interfaces, in case they change
*/
- rc = SMB3_request_interfaces(0, tcon);
+ rc = SMB3_request_interfaces(0, tcon, false);
if (rc) {
cifs_dbg(FYI, "%s: failed to query server interfaces: %d\n",
__func__, rc);
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -512,8 +512,7 @@ smb3_negotiate_rsize(struct cifs_tcon *t
static int
parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf,
- size_t buf_len,
- struct cifs_ses *ses)
+ size_t buf_len, struct cifs_ses *ses, bool in_mount)
{
struct network_interface_info_ioctl_rsp *p;
struct sockaddr_in *addr4;
@@ -543,6 +542,20 @@ parse_server_interfaces(struct network_i
}
spin_unlock(&ses->iface_lock);
+ /*
+ * Samba server e.g. can return an empty interface list in some cases,
+ * which would only be a problem if we were requesting multichannel
+ */
+ if (bytes_left == 0) {
+ /* avoid spamming logs every 10 minutes, so log only in mount */
+ if ((ses->chan_max > 1) && in_mount)
+ cifs_dbg(VFS,
+ "empty network interface list returned by server %s\n",
+ ses->server->hostname);
+ rc = -EINVAL;
+ goto out;
+ }
+
while (bytes_left >= sizeof(*p)) {
memset(&tmp_iface, 0, sizeof(tmp_iface));
tmp_iface.speed = le64_to_cpu(p->LinkSpeed);
@@ -673,7 +686,7 @@ out:
}
int
-SMB3_request_interfaces(const unsigned int xid, struct cifs_tcon *tcon)
+SMB3_request_interfaces(const unsigned int xid, struct cifs_tcon *tcon, bool in_mount)
{
int rc;
unsigned int ret_data_len = 0;
@@ -693,7 +706,7 @@ SMB3_request_interfaces(const unsigned i
goto out;
}
- rc = parse_server_interfaces(out_buf, ret_data_len, ses);
+ rc = parse_server_interfaces(out_buf, ret_data_len, ses, in_mount);
if (rc)
goto out;
@@ -729,7 +742,7 @@ smb3_qfs_tcon(const unsigned int xid, st
if (rc)
return;
- SMB3_request_interfaces(xid, tcon);
+ SMB3_request_interfaces(xid, tcon, true /* called during mount */);
SMB2_QFS_attr(xid, tcon, fid.persistent_fid, fid.volatile_fid,
FS_ATTRIBUTE_INFORMATION);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 113/862] ksmbd: fix incorrect handling of iterate_dir
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 112/862] smb3: do not log confusing message when server returns no network interfaces Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 114/862] ksmbd: fix endless loop when encryption for response fails Greg Kroah-Hartman
` (763 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hyunchul Lee, Namjae Jeon, Steve French
From: Namjae Jeon <linkinjeon@kernel.org>
commit 88541cb414b7a2450c45fc9c131b37b5753b7679 upstream.
if iterate_dir() returns non-negative value, caller has to treat it
as normal and check there is any error while populating dentry
information. ksmbd doesn't have to do anything because ksmbd already
checks too small OutputBufferLength to store one file information.
And because ctx->pos is set to file->f_pos when iterative_dir is called,
remove restart_ctx(). And if iterate_dir() return -EIO, which mean
directory entry is corrupted, return STATUS_FILE_CORRUPT_ERROR error
response.
This patch fixes some failure of SMB2_QUERY_DIRECTORY, which happens when
ntfs3 is local filesystem.
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/smb2pdu.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -3808,11 +3808,6 @@ static int __query_dir(struct dir_contex
return 0;
}
-static void restart_ctx(struct dir_context *ctx)
-{
- ctx->pos = 0;
-}
-
static int verify_info_level(int info_level)
{
switch (info_level) {
@@ -3921,7 +3916,6 @@ int smb2_query_dir(struct ksmbd_work *wo
if (srch_flag & SMB2_REOPEN || srch_flag & SMB2_RESTART_SCANS) {
ksmbd_debug(SMB, "Restart directory scan\n");
generic_file_llseek(dir_fp->filp, 0, SEEK_SET);
- restart_ctx(&dir_fp->readdir_data.ctx);
}
memset(&d_info, 0, sizeof(struct ksmbd_dir_info));
@@ -3968,11 +3962,9 @@ int smb2_query_dir(struct ksmbd_work *wo
*/
if (!d_info.out_buf_len && !d_info.num_entry)
goto no_buf_len;
- if (rc == 0)
- restart_ctx(&dir_fp->readdir_data.ctx);
- if (rc == -ENOSPC)
+ if (rc > 0 || rc == -ENOSPC)
rc = 0;
- if (rc)
+ else if (rc)
goto err_out;
d_info.wptr = d_info.rptr;
@@ -4029,6 +4021,8 @@ err_out2:
rsp->hdr.Status = STATUS_NO_MEMORY;
else if (rc == -EFAULT)
rsp->hdr.Status = STATUS_INVALID_INFO_CLASS;
+ else if (rc == -EIO)
+ rsp->hdr.Status = STATUS_FILE_CORRUPT_ERROR;
if (!rsp->hdr.Status)
rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 114/862] ksmbd: fix endless loop when encryption for response fails
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 113/862] ksmbd: fix incorrect handling of iterate_dir Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 115/862] ksmbd: Fix wrong return value and message length check in smb2_ioctl() Greg Kroah-Hartman
` (762 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Namjae Jeon, Steve French
From: Namjae Jeon <linkinjeon@kernel.org>
commit 360c8ee6fefdb496fffd2c18bb9a96a376a1a804 upstream.
If ->encrypt_resp return error, goto statement cause endless loop.
It send an error response immediately after removing it.
Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/server.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/fs/ksmbd/server.c
+++ b/fs/ksmbd/server.c
@@ -235,10 +235,8 @@ send:
if (work->sess && work->sess->enc && work->encrypted &&
conn->ops->encrypt_resp) {
rc = conn->ops->encrypt_resp(work);
- if (rc < 0) {
+ if (rc < 0)
conn->ops->set_rsp_status(work, STATUS_DATA_ERROR);
- goto send;
- }
}
ksmbd_conn_write(work);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 115/862] ksmbd: Fix wrong return value and message length check in smb2_ioctl()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 114/862] ksmbd: fix endless loop when encryption for response fails Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 116/862] ksmbd: Fix user namespace mapping Greg Kroah-Hartman
` (761 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Xiaoxu, Namjae Jeon, Steve French
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
commit b1763d265af62800ec96eeb79803c4c537dcef3a upstream.
Commit c7803b05f74b ("smb3: fix ksmbd bigendian bug in oplock
break, and move its struct to smbfs_common") use the defination
of 'struct validate_negotiate_info_req' in smbfs_common, the
array length of 'Dialects' changed from 1 to 4, but the protocol
does not require the client to send all 4. This lead the request
which satisfied with protocol and server to fail.
So just ensure the request payload has the 'DialectCount' in
smb2_ioctl(), then fsctl_validate_negotiate_info() will use it
to validate the payload length and each dialect.
Also when the {in, out}_buf_len is less than the required, should
goto out to initialize the status in the response header.
Fixes: f7db8fd03a4b ("ksmbd: add validation in smb2_ioctl")
Cc: stable@vger.kernel.org
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/smb2pdu.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -7637,11 +7637,16 @@ int smb2_ioctl(struct ksmbd_work *work)
goto out;
}
- if (in_buf_len < sizeof(struct validate_negotiate_info_req))
- return -EINVAL;
+ if (in_buf_len < offsetof(struct validate_negotiate_info_req,
+ Dialects)) {
+ ret = -EINVAL;
+ goto out;
+ }
- if (out_buf_len < sizeof(struct validate_negotiate_info_rsp))
- return -EINVAL;
+ if (out_buf_len < sizeof(struct validate_negotiate_info_rsp)) {
+ ret = -EINVAL;
+ goto out;
+ }
ret = fsctl_validate_negotiate_info(conn,
(struct validate_negotiate_info_req *)&req->Buffer[0],
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 116/862] ksmbd: Fix user namespace mapping
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 115/862] ksmbd: Fix wrong return value and message length check in smb2_ioctl() Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 117/862] fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE Greg Kroah-Hartman
` (760 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hyunchul Lee, Steve French,
Mickaël Salaün, Christian Brauner (Microsoft),
Namjae Jeon, Steve French
From: Mickaël Salaün <mic@digikod.net>
commit 7c88c1e0ab1704bacb751341ee6431c3be34b834 upstream.
A kernel daemon should not rely on the current thread, which is unknown
and might be malicious. Before this security fix,
ksmbd_override_fsids() didn't correctly override FS UID/GID which means
that arbitrary user space threads could trick the kernel to impersonate
arbitrary users or groups for file system access checks, leading to
file system access bypass.
This was found while investigating truncate support for Landlock:
https://lore.kernel.org/r/CAKYAXd8fpMJ7guizOjHgxEyyjoUwPsx3jLOPZP=wPYcbhkVXqA@mail.gmail.com
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: Hyunchul Lee <hyc.lee@gmail.com>
Cc: Steve French <smfrench@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20220929100447.108468-1-mic@digikod.net
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ksmbd/smb_common.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/ksmbd/smb_common.c
+++ b/fs/ksmbd/smb_common.c
@@ -4,6 +4,8 @@
* Copyright (C) 2018 Namjae Jeon <linkinjeon@kernel.org>
*/
+#include <linux/user_namespace.h>
+
#include "smb_common.h"
#include "server.h"
#include "misc.h"
@@ -625,8 +627,8 @@ int ksmbd_override_fsids(struct ksmbd_wo
if (!cred)
return -ENOMEM;
- cred->fsuid = make_kuid(current_user_ns(), uid);
- cred->fsgid = make_kgid(current_user_ns(), gid);
+ cred->fsuid = make_kuid(&init_user_ns, uid);
+ cred->fsgid = make_kgid(&init_user_ns, gid);
gi = groups_alloc(0);
if (!gi) {
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 117/862] fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 116/862] ksmbd: Fix user namespace mapping Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 118/862] btrfs: fix alignment of VMA for memory mapped files on THP Greg Kroah-Hartman
` (759 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Christoph Hellwig,
stable, Lukas Czerner, Jan Kara, Theodore Tso
From: Lukas Czerner <lczerner@redhat.com>
commit cbfecb927f429a6fa613d74b998496bd71e4438a upstream.
Currently the I_DIRTY_TIME will never get set if the inode already has
I_DIRTY_INODE with assumption that it supersedes I_DIRTY_TIME. That's
true, however ext4 will only update the on-disk inode in
->dirty_inode(), not on actual writeback. As a result if the inode
already has I_DIRTY_INODE state by the time we get to
__mark_inode_dirty() only with I_DIRTY_TIME, the time was already filled
into on-disk inode and will not get updated until the next I_DIRTY_INODE
update, which might never come if we crash or get a power failure.
The problem can be reproduced on ext4 by running xfstest generic/622
with -o iversion mount option.
Fix it by allowing I_DIRTY_TIME to be set even if the inode already has
I_DIRTY_INODE. Also make sure that the case is properly handled in
writeback_single_inode() as well. Additionally changes in
xfs_fs_dirty_inode() was made to accommodate for I_DIRTY_TIME in flag.
Thanks Jan Kara for suggestions on how to make this work properly.
Cc: Dave Chinner <david@fromorbit.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: stable@kernel.org
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Suggested-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220825100657.44217-1-lczerner@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/filesystems/vfs.rst | 3 +++
fs/fs-writeback.c | 37 +++++++++++++++++++++++++------------
fs/xfs/xfs_super.c | 10 ++++++++--
include/linux/fs.h | 9 +++++----
4 files changed, 41 insertions(+), 18 deletions(-)
--- a/Documentation/filesystems/vfs.rst
+++ b/Documentation/filesystems/vfs.rst
@@ -274,6 +274,9 @@ or bottom half).
This is specifically for the inode itself being marked dirty,
not its data. If the update needs to be persisted by fdatasync(),
then I_DIRTY_DATASYNC will be set in the flags argument.
+ I_DIRTY_TIME will be set in the flags in case lazytime is enabled
+ and struct inode has times updated since the last ->dirty_inode
+ call.
``write_inode``
this method is called when the VFS needs to write an inode to
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -1718,9 +1718,14 @@ static int writeback_single_inode(struct
*/
if (!(inode->i_state & I_DIRTY_ALL))
inode_cgwb_move_to_attached(inode, wb);
- else if (!(inode->i_state & I_SYNC_QUEUED) &&
- (inode->i_state & I_DIRTY))
- redirty_tail_locked(inode, wb);
+ else if (!(inode->i_state & I_SYNC_QUEUED)) {
+ if ((inode->i_state & I_DIRTY))
+ redirty_tail_locked(inode, wb);
+ else if (inode->i_state & I_DIRTY_TIME) {
+ inode->dirtied_when = jiffies;
+ inode_io_list_move_locked(inode, wb, &wb->b_dirty_time);
+ }
+ }
spin_unlock(&wb->list_lock);
inode_sync_complete(inode);
@@ -2370,6 +2375,20 @@ void __mark_inode_dirty(struct inode *in
if (flags & I_DIRTY_INODE) {
/*
+ * Inode timestamp update will piggback on this dirtying.
+ * We tell ->dirty_inode callback that timestamps need to
+ * be updated by setting I_DIRTY_TIME in flags.
+ */
+ if (inode->i_state & I_DIRTY_TIME) {
+ spin_lock(&inode->i_lock);
+ if (inode->i_state & I_DIRTY_TIME) {
+ inode->i_state &= ~I_DIRTY_TIME;
+ flags |= I_DIRTY_TIME;
+ }
+ spin_unlock(&inode->i_lock);
+ }
+
+ /*
* Notify the filesystem about the inode being dirtied, so that
* (if needed) it can update on-disk fields and journal the
* inode. This is only needed when the inode itself is being
@@ -2378,7 +2397,8 @@ void __mark_inode_dirty(struct inode *in
*/
trace_writeback_dirty_inode_start(inode, flags);
if (sb->s_op->dirty_inode)
- sb->s_op->dirty_inode(inode, flags & I_DIRTY_INODE);
+ sb->s_op->dirty_inode(inode,
+ flags & (I_DIRTY_INODE | I_DIRTY_TIME));
trace_writeback_dirty_inode(inode, flags);
/* I_DIRTY_INODE supersedes I_DIRTY_TIME. */
@@ -2399,21 +2419,15 @@ void __mark_inode_dirty(struct inode *in
*/
smp_mb();
- if (((inode->i_state & flags) == flags) ||
- (dirtytime && (inode->i_state & I_DIRTY_INODE)))
+ if ((inode->i_state & flags) == flags)
return;
spin_lock(&inode->i_lock);
- if (dirtytime && (inode->i_state & I_DIRTY_INODE))
- goto out_unlock_inode;
if ((inode->i_state & flags) != flags) {
const int was_dirty = inode->i_state & I_DIRTY;
inode_attach_wb(inode, NULL);
- /* I_DIRTY_INODE supersedes I_DIRTY_TIME. */
- if (flags & I_DIRTY_INODE)
- inode->i_state &= ~I_DIRTY_TIME;
inode->i_state |= flags;
/*
@@ -2486,7 +2500,6 @@ void __mark_inode_dirty(struct inode *in
out_unlock:
if (wb)
spin_unlock(&wb->list_lock);
-out_unlock_inode:
spin_unlock(&inode->i_lock);
}
EXPORT_SYMBOL(__mark_inode_dirty);
--- a/fs/xfs/xfs_super.c
+++ b/fs/xfs/xfs_super.c
@@ -653,7 +653,7 @@ xfs_fs_destroy_inode(
static void
xfs_fs_dirty_inode(
struct inode *inode,
- int flag)
+ int flags)
{
struct xfs_inode *ip = XFS_I(inode);
struct xfs_mount *mp = ip->i_mount;
@@ -661,7 +661,13 @@ xfs_fs_dirty_inode(
if (!(inode->i_sb->s_flags & SB_LAZYTIME))
return;
- if (flag != I_DIRTY_SYNC || !(inode->i_state & I_DIRTY_TIME))
+
+ /*
+ * Only do the timestamp update if the inode is dirty (I_DIRTY_SYNC)
+ * and has dirty timestamp (I_DIRTY_TIME). I_DIRTY_TIME can be passed
+ * in flags possibly together with I_DIRTY_SYNC.
+ */
+ if ((flags & ~I_DIRTY_TIME) != I_DIRTY_SYNC || !(flags & I_DIRTY_TIME))
return;
if (xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp))
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2371,13 +2371,14 @@ static inline void kiocb_clone(struct ki
* don't have to write inode on fdatasync() when only
* e.g. the timestamps have changed.
* I_DIRTY_PAGES Inode has dirty pages. Inode itself may be clean.
- * I_DIRTY_TIME The inode itself only has dirty timestamps, and the
+ * I_DIRTY_TIME The inode itself has dirty timestamps, and the
* lazytime mount option is enabled. We keep track of this
* separately from I_DIRTY_SYNC in order to implement
* lazytime. This gets cleared if I_DIRTY_INODE
- * (I_DIRTY_SYNC and/or I_DIRTY_DATASYNC) gets set. I.e.
- * either I_DIRTY_TIME *or* I_DIRTY_INODE can be set in
- * i_state, but not both. I_DIRTY_PAGES may still be set.
+ * (I_DIRTY_SYNC and/or I_DIRTY_DATASYNC) gets set. But
+ * I_DIRTY_TIME can still be set if I_DIRTY_SYNC is already
+ * in place because writeback might already be in progress
+ * and we don't want to lose the time update
* I_NEW Serves as both a mutex and completion notification.
* New inodes set I_NEW. If two processes both create
* the same inode, one of them will release its inode and
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 118/862] btrfs: fix alignment of VMA for memory mapped files on THP
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 117/862] fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 119/862] btrfs: enhance unsupported compat RO flags handling Greg Kroah-Hartman
` (758 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Zhu, David Sterba
From: Alexander Zhu <alexlzhu@fb.com>
commit b0c582233a8563f3c4228df838cdc67a8807ec78 upstream.
With CONFIG_READ_ONLY_THP_FOR_FS, the Linux kernel supports using THPs for
read-only mmapped files, such as shared libraries. However, the kernel
makes no attempt to actually align those mappings on 2MB boundaries,
which makes it impossible to use those THPs most of the time. This issue
applies to general file mapping THP as well as existing setups using
CONFIG_READ_ONLY_THP_FOR_FS. This is easily fixed by using
thp_get_unmapped_area for the unmapped_area function in btrfs, which
is what ext2, ext4, fuse, and xfs all use.
Initially btrfs had been left out in commit 8c07fc452ac0 ("btrfs: fix
alignment of VMA for memory mapped files on THP") as btrfs does not support
DAX. However, commit 1854bc6e2420 ("mm/readahead: Align file mappings
for non-DAX") removed the DAX requirement. We should now be able to call
thp_get_unmapped_area() for btrfs.
The problem can be seen in /proc/PID/smaps where THPeligible is set to 0
on mappings to eligible shared object files as shown below.
Before this patch:
7fc6a7e18000-7fc6a80cc000 r-xp 00000000 00:1e 199856
/usr/lib64/libcrypto.so.1.1.1k
Size: 2768 kB
THPeligible: 0
VmFlags: rd ex mr mw me
With this patch the library is mapped at a 2MB aligned address:
fbdfe200000-7fbdfe4b4000 r-xp 00000000 00:1e 199856
/usr/lib64/libcrypto.so.1.1.1k
Size: 2768 kB
THPeligible: 1
VmFlags: rd ex mr mw me
This fixes the alignment of VMAs for any mmap of a file that has the
rd and ex permissions and size >= 2MB. The VMA alignment and
THPeligible field for anonymous memory is handled separately and
is thus not effected by this change.
CC: stable@vger.kernel.org # 5.18+
Signed-off-by: Alexander Zhu <alexlzhu@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -3810,6 +3810,7 @@ const struct file_operations btrfs_file_
.mmap = btrfs_file_mmap,
.open = btrfs_file_open,
.release = btrfs_release_file,
+ .get_unmapped_area = thp_get_unmapped_area,
.fsync = btrfs_sync_file,
.fallocate = btrfs_fallocate,
.unlocked_ioctl = btrfs_ioctl,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 119/862] btrfs: enhance unsupported compat RO flags handling
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 118/862] btrfs: fix alignment of VMA for memory mapped files on THP Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 120/862] btrfs: fix race between quota enable and quota rescan ioctl Greg Kroah-Hartman
` (757 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit 81d5d61454c365718655cfc87d8200c84e25d596 upstream.
Currently there are two corner cases not handling compat RO flags
correctly:
- Remount
We can still mount the fs RO with compat RO flags, then remount it RW.
We should not allow any write into a fs with unsupported RO flags.
- Still try to search block group items
In fact, behavior/on-disk format change to extent tree should not
need a full incompat flag.
And since we can ensure fs with unsupported RO flags never got any
writes (with above case fixed), then we can even skip block group
items search at mount time.
This patch will enhance the unsupported RO compat flags by:
- Reject read-write remount if there are unsupported RO compat flags
- Go dummy block group items directly for unsupported RO compat flags
In fact, only changes to chunk/subvolume/root/csum trees should go
incompat flags.
The latter part should allow future change to extent tree to be compat
RO flags.
Thus this patch also needs to be backported to all stable trees.
CC: stable@vger.kernel.org # 4.9+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/block-group.c | 11 ++++++++++-
fs/btrfs/super.c | 9 +++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -2190,7 +2190,16 @@ int btrfs_read_block_groups(struct btrfs
int need_clear = 0;
u64 cache_gen;
- if (!root)
+ /*
+ * Either no extent root (with ibadroots rescue option) or we have
+ * unsupported RO options. The fs can never be mounted read-write, so no
+ * need to waste time searching block group items.
+ *
+ * This also allows new extent tree related changes to be RO compat,
+ * no need for a full incompat flag.
+ */
+ if (!root || (btrfs_super_compat_ro_flags(info->super_copy) &
+ ~BTRFS_FEATURE_COMPAT_RO_SUPP))
return fill_dummy_bgs(info);
key.objectid = 0;
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -2112,6 +2112,15 @@ static int btrfs_remount(struct super_bl
ret = -EINVAL;
goto restore;
}
+ if (btrfs_super_compat_ro_flags(fs_info->super_copy) &
+ ~BTRFS_FEATURE_COMPAT_RO_SUPP) {
+ btrfs_err(fs_info,
+ "can not remount read-write due to unsupported optional flags 0x%llx",
+ btrfs_super_compat_ro_flags(fs_info->super_copy) &
+ ~BTRFS_FEATURE_COMPAT_RO_SUPP);
+ ret = -EINVAL;
+ goto restore;
+ }
if (fs_info->fs_devices->rw_devices == 0) {
ret = -EACCES;
goto restore;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 120/862] btrfs: fix race between quota enable and quota rescan ioctl
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 119/862] btrfs: enhance unsupported compat RO flags handling Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 121/862] btrfs: fix missed extent on fsync after dropping extent maps Greg Kroah-Hartman
` (756 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Bin, Qu Wenruo, Filipe Manana,
David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 331cd9461412e103d07595a10289de90004ac890 upstream.
When enabling quotas, at btrfs_quota_enable(), after committing the
transaction, we change fs_info->quota_root to point to the quota root we
created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try
to start the qgroup rescan worker, first by initializing it with a call
to qgroup_rescan_init() - however if that fails we end up freeing the
quota root but we leave fs_info->quota_root still pointing to it, this
can later result in a use-after-free somewhere else.
We have previously set the flags BTRFS_FS_QUOTA_ENABLED and
BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with -EINPROGRESS at
btrfs_quota_enable(), which is possible if someone already called the
quota rescan ioctl, and therefore started the rescan worker.
So fix this by ignoring an -EINPROGRESS and asserting we can't get any
other error.
Reported-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/linux-btrfs/20220823015931.421355-1-yebin10@huawei.com/
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -1174,6 +1174,21 @@ out_add_root:
fs_info->qgroup_rescan_running = true;
btrfs_queue_work(fs_info->qgroup_rescan_workers,
&fs_info->qgroup_rescan_work);
+ } else {
+ /*
+ * We have set both BTRFS_FS_QUOTA_ENABLED and
+ * BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with
+ * -EINPROGRESS. That can happen because someone started the
+ * rescan worker by calling quota rescan ioctl before we
+ * attempted to initialize the rescan worker. Failure due to
+ * quotas disabled in the meanwhile is not possible, because
+ * we are holding a write lock on fs_info->subvol_sem, which
+ * is also acquired when disabling quotas.
+ * Ignore such error, and any other error would need to undo
+ * everything we did in the transaction we just committed.
+ */
+ ASSERT(ret == -EINPROGRESS);
+ ret = 0;
}
out_free_path:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 121/862] btrfs: fix missed extent on fsync after dropping extent maps
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 120/862] btrfs: fix race between quota enable and quota rescan ioctl Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 122/862] btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer Greg Kroah-Hartman
` (755 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anand Jain, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit cef7820d6abf8d61f8e1db411eae3c712f6d72a2 upstream.
When dropping extent maps for a range, through btrfs_drop_extent_cache(),
if we find an extent map that starts before our target range and/or ends
before the target range, and we are not able to allocate extent maps for
splitting that extent map, then we don't fail and simply remove the entire
extent map from the inode's extent map tree.
This is generally fine, because in case anyone needs to access the extent
map, it can just load it again later from the respective file extent
item(s) in the subvolume btree. However, if that extent map is new and is
in the list of modified extents, then a fast fsync will miss the parts of
the extent that were outside our range (that needed to be split),
therefore not logging them. Fix that by marking the inode for a full
fsync. This issue was introduced after removing BUG_ON()s triggered when
the split extent map allocations failed, done by commit 7014cdb49305ed
("Btrfs: btrfs_drop_extent_cache should never fail"), back in 2012, and
the fast fsync path already existed but was very recent.
Also, in the case where we could allocate extent maps for the split
operations but then fail to add a split extent map to the tree, mark the
inode for a full fsync as well. This is not supposed to ever fail, and we
assert that, but in case assertions are disabled (CONFIG_BTRFS_ASSERT is
not set), it's the correct thing to do to make sure a fast fsync will not
miss a new extent.
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/file.c | 58 ++++++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 46 insertions(+), 12 deletions(-)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -523,6 +523,7 @@ void btrfs_drop_extent_cache(struct btrf
testend = 0;
}
while (1) {
+ bool ends_after_range = false;
int no_splits = 0;
modified = false;
@@ -539,10 +540,12 @@ void btrfs_drop_extent_cache(struct btrf
write_unlock(&em_tree->lock);
break;
}
+ if (testend && em->start + em->len > start + len)
+ ends_after_range = true;
flags = em->flags;
gen = em->generation;
if (skip_pinned && test_bit(EXTENT_FLAG_PINNED, &em->flags)) {
- if (testend && em->start + em->len >= start + len) {
+ if (ends_after_range) {
free_extent_map(em);
write_unlock(&em_tree->lock);
break;
@@ -592,7 +595,7 @@ void btrfs_drop_extent_cache(struct btrf
split = split2;
split2 = NULL;
}
- if (testend && em->start + em->len > start + len) {
+ if (ends_after_range) {
u64 diff = start + len - em->start;
split->start = start + len;
@@ -630,14 +633,42 @@ void btrfs_drop_extent_cache(struct btrf
} else {
ret = add_extent_mapping(em_tree, split,
modified);
- ASSERT(ret == 0); /* Logic error */
+ /* Logic error, shouldn't happen. */
+ ASSERT(ret == 0);
+ if (WARN_ON(ret != 0) && modified)
+ btrfs_set_inode_full_sync(inode);
}
free_extent_map(split);
split = NULL;
}
next:
- if (extent_map_in_tree(em))
+ if (extent_map_in_tree(em)) {
+ /*
+ * If the extent map is still in the tree it means that
+ * either of the following is true:
+ *
+ * 1) It fits entirely in our range (doesn't end beyond
+ * it or starts before it);
+ *
+ * 2) It starts before our range and/or ends after our
+ * range, and we were not able to allocate the extent
+ * maps for split operations, @split and @split2.
+ *
+ * If we are at case 2) then we just remove the entire
+ * extent map - this is fine since if anyone needs it to
+ * access the subranges outside our range, will just
+ * load it again from the subvolume tree's file extent
+ * item. However if the extent map was in the list of
+ * modified extents, then we must mark the inode for a
+ * full fsync, otherwise a fast fsync will miss this
+ * extent if it's new and needs to be logged.
+ */
+ if ((em->start < start || ends_after_range) && modified) {
+ ASSERT(no_splits);
+ btrfs_set_inode_full_sync(inode);
+ }
remove_extent_mapping(em_tree, em);
+ }
write_unlock(&em_tree->lock);
/* once for us */
@@ -2201,14 +2232,6 @@ int btrfs_sync_file(struct file *file, l
atomic_inc(&root->log_batch);
/*
- * Always check for the full sync flag while holding the inode's lock,
- * to avoid races with other tasks. The flag must be either set all the
- * time during logging or always off all the time while logging.
- */
- full_sync = test_bit(BTRFS_INODE_NEEDS_FULL_SYNC,
- &BTRFS_I(inode)->runtime_flags);
-
- /*
* Before we acquired the inode's lock and the mmap lock, someone may
* have dirtied more pages in the target range. We need to make sure
* that writeback for any such pages does not start while we are logging
@@ -2233,6 +2256,17 @@ int btrfs_sync_file(struct file *file, l
}
/*
+ * Always check for the full sync flag while holding the inode's lock,
+ * to avoid races with other tasks. The flag must be either set all the
+ * time during logging or always off all the time while logging.
+ * We check the flag here after starting delalloc above, because when
+ * running delalloc the full sync flag may be set if we need to drop
+ * extra extent map ranges due to temporary memory allocation failures.
+ */
+ full_sync = test_bit(BTRFS_INODE_NEEDS_FULL_SYNC,
+ &BTRFS_I(inode)->runtime_flags);
+
+ /*
* We have to do this here to avoid the priority inversion of waiting on
* IO of a lower priority task while holding a transaction open.
*
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 122/862] btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 121/862] btrfs: fix missed extent on fsync after dropping extent maps Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 123/862] f2fs: fix wrong continue condition in GC Greg Kroah-Hartman
` (754 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa, David Sterba
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit cbddcc4fa3443fe8cfb2ff8e210deb1f6a0eea38 upstream.
syzbot is reporting uninit-value in btrfs_clean_tree_block() [1], for
commit bc877d285ca3dba2 ("btrfs: Deduplicate extent_buffer init code")
missed that btrfs_set_header_generation() in btrfs_init_new_buffer() must
not be moved to after clean_tree_block() because clean_tree_block() is
calling btrfs_header_generation() since commit 55c69072d6bd5be1 ("Btrfs:
Fix extent_buffer usage when nodesize != leafsize").
Since memzero_extent_buffer() will reset "struct btrfs_header" part, we
can't move btrfs_set_header_generation() to before memzero_extent_buffer().
Just re-add btrfs_set_header_generation() before btrfs_clean_tree_block().
Link: https://syzkaller.appspot.com/bug?extid=fba8e2116a12609b6c59 [1]
Reported-by: syzbot <syzbot+fba8e2116a12609b6c59@syzkaller.appspotmail.com>
Fixes: bc877d285ca3dba2 ("btrfs: Deduplicate extent_buffer init code")
CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent-tree.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -4888,6 +4888,9 @@ btrfs_init_new_buffer(struct btrfs_trans
!test_bit(BTRFS_ROOT_RESET_LOCKDEP_CLASS, &root->state))
lockdep_owner = BTRFS_FS_TREE_OBJECTID;
+ /* btrfs_clean_tree_block() accesses generation field. */
+ btrfs_set_header_generation(buf, trans->transid);
+
/*
* This needs to stay, because we could allocate a freed block from an
* old tree into a new tree, so we need to make sure this new block is
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 123/862] f2fs: fix wrong continue condition in GC
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 122/862] btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 124/862] f2fs: complete checkpoints during remount Greg Kroah-Hartman
` (753 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 605b0a778aa2599aa902ae639b8e9937c74b869b upstream.
We should decrease the frozen counter.
Cc: stable@vger.kernel.org
Fixes: 325163e9892b ("f2fs: add gc_urgent_high_remaining sysfs node")
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/gc.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -97,14 +97,10 @@ static int gc_thread_func(void *data)
*/
if (sbi->gc_mode == GC_URGENT_HIGH) {
spin_lock(&sbi->gc_urgent_high_lock);
- if (sbi->gc_urgent_high_limited) {
- if (!sbi->gc_urgent_high_remaining) {
- sbi->gc_urgent_high_limited = false;
- spin_unlock(&sbi->gc_urgent_high_lock);
- sbi->gc_mode = GC_NORMAL;
- continue;
- }
- sbi->gc_urgent_high_remaining--;
+ if (sbi->gc_urgent_high_limited &&
+ !sbi->gc_urgent_high_remaining--) {
+ sbi->gc_urgent_high_limited = false;
+ sbi->gc_mode = GC_NORMAL;
}
spin_unlock(&sbi->gc_urgent_high_lock);
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 124/862] f2fs: complete checkpoints during remount
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 123/862] f2fs: fix wrong continue condition in GC Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 125/862] f2fs: flush pending checkpoints when freezing super Greg Kroah-Hartman
` (752 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 4f99484d27961cb194cebcd917176fa038a5025f upstream.
Otherwise, pending checkpoints can contribute a race condition to give a
quota warning.
- Thread - checkpoint thread
add checkpoints to the list
do_remount()
down_write(&sb->s_umount);
f2fs_remount()
block_operations()
down_read_trylock(&sb->s_umount) = 0
up_write(&sb->s_umount);
f2fs_quota_sync()
dquot_writeback_dquots()
WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
Or,
do_remount()
down_write(&sb->s_umount);
f2fs_remount()
create a ckpt thread
f2fs_enable_checkpoint() adds checkpoints
wait for f2fs_sync_fs()
trigger another pending checkpoint
block_operations()
down_read_trylock(&sb->s_umount) = 0
up_write(&sb->s_umount);
f2fs_quota_sync()
dquot_writeback_dquots()
WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
Cc: stable@vger.kernel.org
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -2181,6 +2181,9 @@ static void f2fs_enable_checkpoint(struc
f2fs_up_write(&sbi->gc_lock);
f2fs_sync_fs(sbi->sb, 1);
+
+ /* Let's ensure there's no pending checkpoint anymore */
+ f2fs_flush_ckpt_thread(sbi);
}
static int f2fs_remount(struct super_block *sb, int *flags, char *data)
@@ -2346,6 +2349,9 @@ static int f2fs_remount(struct super_blo
f2fs_stop_ckpt_thread(sbi);
need_restart_ckpt = true;
} else {
+ /* Flush if the prevous checkpoint, if exists. */
+ f2fs_flush_ckpt_thread(sbi);
+
err = f2fs_start_ckpt_thread(sbi);
if (err) {
f2fs_err(sbi,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 125/862] f2fs: flush pending checkpoints when freezing super
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 124/862] f2fs: complete checkpoints during remount Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 126/862] f2fs: increase the limit for reserve_root Greg Kroah-Hartman
` (751 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit c7b58576370147833999fd4cc874d0f918bdf9ca upstream.
This avoids -EINVAL when trying to freeze f2fs.
Cc: stable@vger.kernel.org
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/checkpoint.c | 24 ++++++++++++++++++------
fs/f2fs/f2fs.h | 1 +
fs/f2fs/super.c | 5 ++---
3 files changed, 21 insertions(+), 9 deletions(-)
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -1892,15 +1892,27 @@ int f2fs_start_ckpt_thread(struct f2fs_s
void f2fs_stop_ckpt_thread(struct f2fs_sb_info *sbi)
{
struct ckpt_req_control *cprc = &sbi->cprc_info;
+ struct task_struct *ckpt_task;
- if (cprc->f2fs_issue_ckpt) {
- struct task_struct *ckpt_task = cprc->f2fs_issue_ckpt;
+ if (!cprc->f2fs_issue_ckpt)
+ return;
- cprc->f2fs_issue_ckpt = NULL;
- kthread_stop(ckpt_task);
+ ckpt_task = cprc->f2fs_issue_ckpt;
+ cprc->f2fs_issue_ckpt = NULL;
+ kthread_stop(ckpt_task);
- flush_remained_ckpt_reqs(sbi, NULL);
- }
+ f2fs_flush_ckpt_thread(sbi);
+}
+
+void f2fs_flush_ckpt_thread(struct f2fs_sb_info *sbi)
+{
+ struct ckpt_req_control *cprc = &sbi->cprc_info;
+
+ flush_remained_ckpt_reqs(sbi, NULL);
+
+ /* Let's wait for the previous dispatched checkpoint. */
+ while (atomic_read(&cprc->queued_ckpt))
+ io_schedule_timeout(DEFAULT_IO_TIMEOUT);
}
void f2fs_init_ckpt_req_control(struct f2fs_sb_info *sbi)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -3707,6 +3707,7 @@ static inline bool f2fs_need_rand_seg(st
* checkpoint.c
*/
void f2fs_stop_checkpoint(struct f2fs_sb_info *sbi, bool end_io);
+void f2fs_flush_ckpt_thread(struct f2fs_sb_info *sbi);
struct page *f2fs_grab_meta_page(struct f2fs_sb_info *sbi, pgoff_t index);
struct page *f2fs_get_meta_page(struct f2fs_sb_info *sbi, pgoff_t index);
struct page *f2fs_get_meta_page_retry(struct f2fs_sb_info *sbi, pgoff_t index);
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1666,9 +1666,8 @@ static int f2fs_freeze(struct super_bloc
if (is_sbi_flag_set(F2FS_SB(sb), SBI_IS_DIRTY))
return -EINVAL;
- /* ensure no checkpoint required */
- if (!llist_empty(&F2FS_SB(sb)->cprc_info.issue_list))
- return -EINVAL;
+ /* Let's flush checkpoints and stop the thread. */
+ f2fs_flush_ckpt_thread(F2FS_SB(sb));
/* to avoid deadlock on f2fs_evict_inode->SB_FREEZE_FS */
set_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 126/862] f2fs: increase the limit for reserve_root
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 125/862] f2fs: flush pending checkpoints when freezing super Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 127/862] f2fs: fix to do sanity check on destination blkaddr during recovery Greg Kroah-Hartman
` (750 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aran Dalton, Chao Yu, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit da35fe96d12d15779f3cb74929b7ed03941cf983 upstream.
This patch increases the threshold that limits the reserved root space from 0.2%
to 12.5% by using simple shift operation.
Typically Android sets 128MB, but if the storage capacity is 32GB, 0.2% which is
around 64MB becomes too small. Let's relax it.
Cc: stable@vger.kernel.org
Reported-by: Aran Dalton <arda@allwinnertech.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -301,10 +301,10 @@ static void f2fs_destroy_casefold_cache(
static inline void limit_reserve_root(struct f2fs_sb_info *sbi)
{
- block_t limit = min((sbi->user_block_count << 1) / 1000,
+ block_t limit = min((sbi->user_block_count >> 3),
sbi->user_block_count - sbi->reserved_blocks);
- /* limit is 0.2% */
+ /* limit is 12.5% */
if (test_opt(sbi, RESERVE_ROOT) &&
F2FS_OPTION(sbi).root_reserved_blocks > limit) {
F2FS_OPTION(sbi).root_reserved_blocks = limit;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 127/862] f2fs: fix to do sanity check on destination blkaddr during recovery
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 126/862] f2fs: increase the limit for reserve_root Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 128/862] f2fs: fix to do sanity check on summary info Greg Kroah-Hartman
` (749 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenqing Liu, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 0ef4ca04a3f9223ff8bc440041c524b2123e09a3 upstream.
As Wenqing Liu reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=216456
loop5: detected capacity change from 0 to 131072
F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1
F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0
F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1
F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0
F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1
F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0
F2FS-fs (loop5): Bitmap was wrongly set, blk:5634
------------[ cut here ]------------
WARNING: CPU: 3 PID: 1013 at fs/f2fs/segment.c:2198
RIP: 0010:update_sit_entry+0xa55/0x10b0 [f2fs]
Call Trace:
<TASK>
f2fs_do_replace_block+0xa98/0x1890 [f2fs]
f2fs_replace_block+0xeb/0x180 [f2fs]
recover_data+0x1a69/0x6ae0 [f2fs]
f2fs_recover_fsync_data+0x120d/0x1fc0 [f2fs]
f2fs_fill_super+0x4665/0x61e0 [f2fs]
mount_bdev+0x2cf/0x3b0
legacy_get_tree+0xed/0x1d0
vfs_get_tree+0x81/0x2b0
path_mount+0x47e/0x19d0
do_mount+0xce/0xf0
__x64_sys_mount+0x12c/0x1a0
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
If we enable CONFIG_F2FS_CHECK_FS config, it will trigger a kernel panic
instead of warning.
The root cause is: in fuzzed image, SIT table is inconsistent with inode
mapping table, result in triggering such warning during SIT table update.
This patch introduces a new flag DATA_GENERIC_ENHANCE_UPDATE, w/ this
flag, data block recovery flow can check destination blkaddr's validation
in SIT table, and skip f2fs_replace_block() to avoid inconsistent status.
Cc: stable@vger.kernel.org
Reported-by: Wenqing Liu <wenqingliu0120@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/checkpoint.c | 10 +++++++++-
fs/f2fs/f2fs.h | 4 ++++
fs/f2fs/recovery.c | 8 ++++++++
3 files changed, 21 insertions(+), 1 deletion(-)
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -140,7 +140,7 @@ static bool __is_bitmap_valid(struct f2f
unsigned int segno, offset;
bool exist;
- if (type != DATA_GENERIC_ENHANCE && type != DATA_GENERIC_ENHANCE_READ)
+ if (type == DATA_GENERIC)
return true;
segno = GET_SEGNO(sbi, blkaddr);
@@ -148,6 +148,13 @@ static bool __is_bitmap_valid(struct f2f
se = get_seg_entry(sbi, segno);
exist = f2fs_test_bit(offset, se->cur_valid_map);
+ if (exist && type == DATA_GENERIC_ENHANCE_UPDATE) {
+ f2fs_err(sbi, "Inconsistent error blkaddr:%u, sit bitmap:%d",
+ blkaddr, exist);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ return exist;
+ }
+
if (!exist && type == DATA_GENERIC_ENHANCE) {
f2fs_err(sbi, "Inconsistent error blkaddr:%u, sit bitmap:%d",
blkaddr, exist);
@@ -185,6 +192,7 @@ bool f2fs_is_valid_blkaddr(struct f2fs_s
case DATA_GENERIC:
case DATA_GENERIC_ENHANCE:
case DATA_GENERIC_ENHANCE_READ:
+ case DATA_GENERIC_ENHANCE_UPDATE:
if (unlikely(blkaddr >= MAX_BLKADDR(sbi) ||
blkaddr < MAIN_BLKADDR(sbi))) {
f2fs_warn(sbi, "access invalid blkaddr:%u",
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -266,6 +266,10 @@ enum {
* condition of read on truncated area
* by extent_cache
*/
+ DATA_GENERIC_ENHANCE_UPDATE, /*
+ * strong check on range and segment
+ * bitmap for update case
+ */
META_GENERIC,
};
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -698,6 +698,14 @@ retry_prev:
goto err;
}
+ if (f2fs_is_valid_blkaddr(sbi, dest,
+ DATA_GENERIC_ENHANCE_UPDATE)) {
+ f2fs_err(sbi, "Inconsistent dest blkaddr:%u, ino:%lu, ofs:%u",
+ dest, inode->i_ino, dn.ofs_in_node);
+ err = -EFSCORRUPTED;
+ goto err;
+ }
+
/* write dummy data page */
f2fs_replace_block(sbi, &dn, src, dest,
ni.version, false, false);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 128/862] f2fs: fix to do sanity check on summary info
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 127/862] f2fs: fix to do sanity check on destination blkaddr during recovery Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 129/862] f2fs: allow direct read for zoned device Greg Kroah-Hartman
` (748 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenqing Liu, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit c6ad7fd16657ebd34a87a97d9588195aae87597d upstream.
As Wenqing Liu reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=216456
BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs]
Read of size 4 at addr ffff8881464dcd80 by task mount/1013
CPU: 3 PID: 1013 Comm: mount Tainted: G W 6.0.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0x45/0x5e
print_report.cold+0xf3/0x68d
kasan_report+0xa8/0x130
recover_data+0x63ae/0x6ae0 [f2fs]
f2fs_recover_fsync_data+0x120d/0x1fc0 [f2fs]
f2fs_fill_super+0x4665/0x61e0 [f2fs]
mount_bdev+0x2cf/0x3b0
legacy_get_tree+0xed/0x1d0
vfs_get_tree+0x81/0x2b0
path_mount+0x47e/0x19d0
do_mount+0xce/0xf0
__x64_sys_mount+0x12c/0x1a0
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The root cause is: in fuzzed image, SSA table is corrupted: ofs_in_node
is larger than ADDRS_PER_PAGE(), result in out-of-range access on 4k-size
page.
- recover_data
- do_recover_data
- check_index_in_prev_nodes
- f2fs_data_blkaddr
This patch adds sanity check on summary info in recovery and GC flow
in where the flows rely on them.
After patch:
[ 29.310883] F2FS-fs (loop0): Inconsistent ofs_in_node:65286 in summary, ino:0, nid:6, max:1018
Cc: stable@vger.kernel.org
Reported-by: Wenqing Liu <wenqingliu0120@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/gc.c | 10 +++++++++-
fs/f2fs/recovery.c | 15 ++++++++++++---
2 files changed, 21 insertions(+), 4 deletions(-)
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -1078,7 +1078,7 @@ static bool is_alive(struct f2fs_sb_info
{
struct page *node_page;
nid_t nid;
- unsigned int ofs_in_node;
+ unsigned int ofs_in_node, max_addrs;
block_t source_blkaddr;
nid = le32_to_cpu(sum->nid);
@@ -1104,6 +1104,14 @@ static bool is_alive(struct f2fs_sb_info
return false;
}
+ max_addrs = IS_INODE(node_page) ? DEF_ADDRS_PER_INODE :
+ DEF_ADDRS_PER_BLOCK;
+ if (ofs_in_node >= max_addrs) {
+ f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%u, nid:%u, max:%u",
+ ofs_in_node, dni->ino, dni->nid, max_addrs);
+ return false;
+ }
+
*nofs = ofs_of_node(node_page);
source_blkaddr = data_blkaddr(NULL, node_page, ofs_in_node);
f2fs_put_page(node_page, 1);
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -474,7 +474,7 @@ static int check_index_in_prev_nodes(str
struct dnode_of_data tdn = *dn;
nid_t ino, nid;
struct inode *inode;
- unsigned int offset;
+ unsigned int offset, ofs_in_node, max_addrs;
block_t bidx;
int i;
@@ -501,15 +501,24 @@ static int check_index_in_prev_nodes(str
got_it:
/* Use the locked dnode page and inode */
nid = le32_to_cpu(sum.nid);
+ ofs_in_node = le16_to_cpu(sum.ofs_in_node);
+
+ max_addrs = ADDRS_PER_PAGE(dn->node_page, dn->inode);
+ if (ofs_in_node >= max_addrs) {
+ f2fs_err(sbi, "Inconsistent ofs_in_node:%u in summary, ino:%lu, nid:%u, max:%u",
+ ofs_in_node, dn->inode->i_ino, nid, max_addrs);
+ return -EFSCORRUPTED;
+ }
+
if (dn->inode->i_ino == nid) {
tdn.nid = nid;
if (!dn->inode_page_locked)
lock_page(dn->inode_page);
tdn.node_page = dn->inode_page;
- tdn.ofs_in_node = le16_to_cpu(sum.ofs_in_node);
+ tdn.ofs_in_node = ofs_in_node;
goto truncate_out;
} else if (dn->nid == nid) {
- tdn.ofs_in_node = le16_to_cpu(sum.ofs_in_node);
+ tdn.ofs_in_node = ofs_in_node;
goto truncate_out;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 129/862] f2fs: allow direct read for zoned device
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 128/862] f2fs: fix to do sanity check on summary info Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 130/862] jbd2: wake up journal waiters in FIFO order, not LIFO Greg Kroah-Hartman
` (747 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eunhee Rho, Chao Yu, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 689fe57e7ecefd2eeba76c32aa569bb3e1e790d9 upstream.
This reverts dbf8e63f48af ("f2fs: remove device type check for direct IO"),
and apply the below first version, since it contributed out-of-order DIO writes.
For zoned devices, f2fs forbids direct IO and forces buffered IO
to serialize write IOs. However, the constraint does not apply to
read IOs.
Cc: stable@vger.kernel.org
Fixes: dbf8e63f48af ("f2fs: remove device type check for direct IO")
Signed-off-by: Eunhee Rho <eunhee83.rho@samsung.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/f2fs.h | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -4513,7 +4513,12 @@ static inline bool f2fs_force_buffered_i
/* disallow direct IO if any of devices has unaligned blksize */
if (f2fs_is_multi_device(sbi) && !sbi->aligned_blksize)
return true;
-
+ /*
+ * for blkzoned device, fallback direct IO to buffered IO, so
+ * all IOs can be serialized by log-structured write.
+ */
+ if (f2fs_sb_has_blkzoned(sbi) && (rw == WRITE))
+ return true;
if (f2fs_lfs_mode(sbi) && (rw == WRITE)) {
if (block_unaligned_IO(inode, iocb, iter))
return true;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 130/862] jbd2: wake up journal waiters in FIFO order, not LIFO
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 129/862] f2fs: allow direct read for zoned device Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 131/862] jbd2: fix potential buffer head reference count leak Greg Kroah-Hartman
` (746 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Alexey Lyashkov,
Ritesh Harjani (IBM),
Theodore Tso
From: Andrew Perepechko <anserper@ya.ru>
commit 34fc8768ec6089565d6d73bad26724083cecf7bd upstream.
LIFO wakeup order is unfair and sometimes leads to a journal
user not being able to get a journal handle for hundreds of
transactions in a row.
FIFO wakeup can make things more fair.
Cc: stable@kernel.org
Signed-off-by: Alexey Lyashkov <alexey.lyashkov@gmail.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20220907165959.1137482-1-alexey.lyashkov@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/commit.c | 2 +-
fs/jbd2/transaction.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
--- a/fs/jbd2/commit.c
+++ b/fs/jbd2/commit.c
@@ -570,7 +570,7 @@ void jbd2_journal_commit_transaction(jou
journal->j_running_transaction = NULL;
start_time = ktime_get();
commit_transaction->t_log_start = journal->j_head;
- wake_up(&journal->j_wait_transaction_locked);
+ wake_up_all(&journal->j_wait_transaction_locked);
write_unlock(&journal->j_state_lock);
jbd2_debug(3, "JBD2: commit phase 2a\n");
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -168,7 +168,7 @@ static void wait_transaction_locked(jour
int need_to_start;
tid_t tid = journal->j_running_transaction->t_tid;
- prepare_to_wait(&journal->j_wait_transaction_locked, &wait,
+ prepare_to_wait_exclusive(&journal->j_wait_transaction_locked, &wait,
TASK_UNINTERRUPTIBLE);
need_to_start = !tid_geq(journal->j_commit_request, tid);
read_unlock(&journal->j_state_lock);
@@ -194,7 +194,7 @@ static void wait_transaction_switching(j
read_unlock(&journal->j_state_lock);
return;
}
- prepare_to_wait(&journal->j_wait_transaction_locked, &wait,
+ prepare_to_wait_exclusive(&journal->j_wait_transaction_locked, &wait,
TASK_UNINTERRUPTIBLE);
read_unlock(&journal->j_state_lock);
/*
@@ -920,7 +920,7 @@ void jbd2_journal_unlock_updates (journa
write_lock(&journal->j_state_lock);
--journal->j_barrier_count;
write_unlock(&journal->j_state_lock);
- wake_up(&journal->j_wait_transaction_locked);
+ wake_up_all(&journal->j_wait_transaction_locked);
}
static void warn_dirty_buffer(struct buffer_head *bh)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 131/862] jbd2: fix potential buffer head reference count leak
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 130/862] jbd2: wake up journal waiters in FIFO order, not LIFO Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 132/862] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Greg Kroah-Hartman
` (745 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit e0d5fc7a6d80ac2406c7dfc6bb625201d0250a8a upstream.
As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without
update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head
from ‘j_fc_off - 1’ if 'bh' is NULL will terminal release which will lead to
buffer head buffer head reference count leak.
To solve above issue, update 'journal->j_fc_off' before return -EIO.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220914100812.1414768-2-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/journal.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -925,8 +925,14 @@ int jbd2_fc_wait_bufs(journal_t *journal
wait_on_buffer(bh);
put_bh(bh);
journal->j_fc_wbuf[i] = NULL;
- if (unlikely(!buffer_uptodate(bh)))
+ /*
+ * Update j_fc_off so jbd2_fc_release_bufs can release remain
+ * buffer head.
+ */
+ if (unlikely(!buffer_uptodate(bh))) {
+ journal->j_fc_off = i;
return -EIO;
+ }
}
return 0;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 132/862] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 131/862] jbd2: fix potential buffer head reference count leak Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 133/862] jbd2: add miss release buffer head in fc_do_one_pass() Greg Kroah-Hartman
` (744 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 243d1a5d505d0b0460c9af0ad56ed4a56ef0bebd upstream.
In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count
which may lead to use-after-free.
So judge buffer if uptodate before put buffer head reference count.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220914100812.1414768-3-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/journal.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -923,16 +923,16 @@ int jbd2_fc_wait_bufs(journal_t *journal
for (i = j_fc_off - 1; i >= j_fc_off - num_blks; i--) {
bh = journal->j_fc_wbuf[i];
wait_on_buffer(bh);
- put_bh(bh);
- journal->j_fc_wbuf[i] = NULL;
/*
* Update j_fc_off so jbd2_fc_release_bufs can release remain
* buffer head.
*/
if (unlikely(!buffer_uptodate(bh))) {
- journal->j_fc_off = i;
+ journal->j_fc_off = i + 1;
return -EIO;
}
+ put_bh(bh);
+ journal->j_fc_wbuf[i] = NULL;
}
return 0;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 133/862] jbd2: add miss release buffer head in fc_do_one_pass()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 132/862] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 134/862] ext2: Add sanity checks for group and filesystem size Greg Kroah-Hartman
` (743 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit dfff66f30f66b9524b661f311bbed8ff3d2ca49f upstream.
In fc_do_one_pass() miss release buffer head after use which will lead
to reference count leak.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220917093805.1782845-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jbd2/recovery.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/jbd2/recovery.c
+++ b/fs/jbd2/recovery.c
@@ -256,6 +256,7 @@ static int fc_do_one_pass(journal_t *jou
err = journal->j_fc_replay_callback(journal, bh, pass,
next_fc_block - journal->j_fc_first,
expected_commit_id);
+ brelse(bh);
next_fc_block++;
if (err < 0 || err == JBD2_FC_REPLAY_STOP)
break;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 134/862] ext2: Add sanity checks for group and filesystem size
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 133/862] jbd2: add miss release buffer head in fc_do_one_pass() Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 135/862] ext4: avoid crash when inline data creation follows DIO write Greg Kroah-Hartman
` (742 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+0f2f7e65a3007d39539f,
Jan Kara, kernel test robot
From: Jan Kara <jack@suse.cz>
commit d766f2d1e3e3bd44024a7f971ffcf8b8fbb7c5d2 upstream.
Add sanity check that filesystem size does not exceed the underlying
device size and that group size is big enough so that metadata can fit
into it. This avoid trying to mount some crafted filesystems with
extremely large group counts.
Reported-by: syzbot+0f2f7e65a3007d39539f@syzkaller.appspotmail.com
Reported-by: kernel test robot <oliver.sang@intel.com> # Test fixup
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext2/super.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -1052,6 +1052,13 @@ static int ext2_fill_super(struct super_
sbi->s_blocks_per_group);
goto failed_mount;
}
+ /* At least inode table, bitmaps, and sb have to fit in one group */
+ if (sbi->s_blocks_per_group <= sbi->s_itb_per_group + 3) {
+ ext2_msg(sb, KERN_ERR,
+ "error: #blocks per group smaller than metadata size: %lu <= %lu",
+ sbi->s_blocks_per_group, sbi->s_inodes_per_group + 3);
+ goto failed_mount;
+ }
if (sbi->s_frags_per_group > sb->s_blocksize * 8) {
ext2_msg(sb, KERN_ERR,
"error: #fragments per group too big: %lu",
@@ -1065,9 +1072,14 @@ static int ext2_fill_super(struct super_
sbi->s_inodes_per_group);
goto failed_mount;
}
+ if (sb_bdev_nr_blocks(sb) < le32_to_cpu(es->s_blocks_count)) {
+ ext2_msg(sb, KERN_ERR,
+ "bad geometry: block count %u exceeds size of device (%u blocks)",
+ le32_to_cpu(es->s_blocks_count),
+ (unsigned)sb_bdev_nr_blocks(sb));
+ goto failed_mount;
+ }
- if (EXT2_BLOCKS_PER_GROUP(sb) == 0)
- goto cantfind_ext2;
sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) -
le32_to_cpu(es->s_first_data_block) - 1)
/ EXT2_BLOCKS_PER_GROUP(sb)) + 1;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 135/862] ext4: avoid crash when inline data creation follows DIO write
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 134/862] ext2: Add sanity checks for group and filesystem size Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 136/862] ext4: fix null-ptr-deref in ext4_write_info Greg Kroah-Hartman
` (741 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Tadeusz Struk,
syzbot+bd13648a53ed6933ca49, Jan Kara, Lukas Czerner,
Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 4bb26f2885ac6930984ee451b952c5a6042f2c0e upstream.
When inode is created and written to using direct IO, there is nothing
to clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets
truncated later to say 1 byte and written using normal write, we will
try to store the data as inline data. This confuses the code later
because the inode now has both normal block and inline data allocated
and the confusion manifests for example as:
kernel BUG at fs/ext4/inode.c:2721!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 359 Comm: repro Not tainted 5.19.0-rc8-00001-g31ba1e3b8305-dirty #15
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014
RIP: 0010:ext4_writepages+0x363d/0x3660
RSP: 0018:ffffc90000ccf260 EFLAGS: 00010293
RAX: ffffffff81e1abcd RBX: 0000008000000000 RCX: ffff88810842a180
RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000
RBP: ffffc90000ccf650 R08: ffffffff81e17d58 R09: ffffed10222c680b
R10: dfffe910222c680c R11: 1ffff110222c680a R12: ffff888111634128
R13: ffffc90000ccf880 R14: 0000008410000000 R15: 0000000000000001
FS: 00007f72635d2640(0000) GS:ffff88811b000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000565243379180 CR3: 000000010aa74000 CR4: 0000000000150eb0
Call Trace:
<TASK>
do_writepages+0x397/0x640
filemap_fdatawrite_wbc+0x151/0x1b0
file_write_and_wait_range+0x1c9/0x2b0
ext4_sync_file+0x19e/0xa00
vfs_fsync_range+0x17b/0x190
ext4_buffered_write_iter+0x488/0x530
ext4_file_write_iter+0x449/0x1b90
vfs_write+0xbcd/0xf40
ksys_write+0x198/0x2c0
__x64_sys_write+0x7b/0x90
do_syscall_64+0x3d/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
Fix the problem by clearing EXT4_STATE_MAY_INLINE_DATA when we are doing
direct IO write to a file.
Cc: stable@kernel.org
Reported-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Reported-by: syzbot+bd13648a53ed6933ca49@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=a1e89d09bbbcbd5c4cb45db230ee28c822953984
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Tested-by: Tadeusz Struk<tadeusz.struk@linaro.org>
Link: https://lore.kernel.org/r/20220727155753.13969-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/file.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -528,6 +528,12 @@ static ssize_t ext4_dio_write_iter(struc
ret = -EAGAIN;
goto out;
}
+ /*
+ * Make sure inline data cannot be created anymore since we are going
+ * to allocate blocks for DIO. We know the inode does not have any
+ * inline data now because ext4_dio_supported() checked for that.
+ */
+ ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
offset = iocb->ki_pos;
count = ret;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 136/862] ext4: fix null-ptr-deref in ext4_write_info
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 135/862] ext4: avoid crash when inline data creation follows DIO write Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 137/862] ext4: make ext4_lazyinit_thread freezable Greg Kroah-Hartman
` (740 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Baokun Li, Jan Kara, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit f9c1f248607d5546075d3f731e7607d5571f2b60 upstream.
I caught a null-ptr-deref bug as follows:
==================================================================
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339
RIP: 0010:ext4_write_info+0x53/0x1b0
[...]
Call Trace:
dquot_writeback_dquots+0x341/0x9a0
ext4_sync_fs+0x19e/0x800
__sync_filesystem+0x83/0x100
sync_filesystem+0x89/0xf0
generic_shutdown_super+0x79/0x3e0
kill_block_super+0xa1/0x110
deactivate_locked_super+0xac/0x130
deactivate_super+0xb6/0xd0
cleanup_mnt+0x289/0x400
__cleanup_mnt+0x16/0x20
task_work_run+0x11c/0x1c0
exit_to_user_mode_prepare+0x203/0x210
syscall_exit_to_user_mode+0x5b/0x3a0
do_syscall_64+0x59/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================
Above issue may happen as follows:
-------------------------------------
exit_to_user_mode_prepare
task_work_run
__cleanup_mnt
cleanup_mnt
deactivate_super
deactivate_locked_super
kill_block_super
generic_shutdown_super
shrink_dcache_for_umount
dentry = sb->s_root
sb->s_root = NULL <--- Here set NULL
sync_filesystem
__sync_filesystem
sb->s_op->sync_fs > ext4_sync_fs
dquot_writeback_dquots
sb->dq_op->write_info > ext4_write_info
ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2)
d_inode(sb->s_root)
s_root->d_inode <--- Null pointer dereference
To solve this problem, we use ext4_journal_start_sb directly
to avoid s_root being used.
Cc: stable@kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220805123947.565152-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6653,7 +6653,7 @@ static int ext4_write_info(struct super_
handle_t *handle;
/* Data block + inode block */
- handle = ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2);
+ handle = ext4_journal_start_sb(sb, EXT4_HT_QUOTA, 2);
if (IS_ERR(handle))
return PTR_ERR(handle);
ret = dquot_commit_info(sb, type);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 137/862] ext4: make ext4_lazyinit_thread freezable
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 136/862] ext4: fix null-ptr-deref in ext4_write_info Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 138/862] ext4: fix check for block being out of directory size Greg Kroah-Hartman
` (739 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Lalith Rajendran, Theodore Tso
From: Lalith Rajendran <lalithkraj@google.com>
commit 3b575495ab8dbb4dbe85b4ac7f991693c3668ff5 upstream.
ext4_lazyinit_thread is not set freezable. Hence when the thread calls
try_to_freeze it doesn't freeze during suspend and continues to send
requests to the storage during suspend, resulting in suspend failures.
Cc: stable@kernel.org
Signed-off-by: Lalith Rajendran <lalithkraj@google.com>
Link: https://lore.kernel.org/r/20220818214049.1519544-1-lalithkraj@google.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3767,6 +3767,7 @@ static int ext4_lazyinit_thread(void *ar
unsigned long next_wakeup, cur;
BUG_ON(NULL == eli);
+ set_freezable();
cont_thread:
while (true) {
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 138/862] ext4: fix check for block being out of directory size
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 137/862] ext4: make ext4_lazyinit_thread freezable Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 139/862] ext4: dont increase iversion counter for ea_inodes Greg Kroah-Hartman
` (738 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, Lukas Czerner, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 61a1d87a324ad5e3ed27c6699dfc93218fcf3201 upstream.
The check in __ext4_read_dirblock() for block being outside of directory
size was wrong because it compared block number against directory size
in bytes. Fix it.
Fixes: 65f8ea4cd57d ("ext4: check if directory block is within i_size")
CVE: CVE-2022-1184
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Link: https://lore.kernel.org/r/20220822114832.1482-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -126,7 +126,7 @@ static struct buffer_head *__ext4_read_d
struct ext4_dir_entry *dirent;
int is_dx_block = 0;
- if (block >= inode->i_size) {
+ if (block >= inode->i_size >> inode->i_blkbits) {
ext4_error_inode(inode, func, line, block,
"Attempting to read directory block (%u) that is past i_size (%llu)",
block, inode->i_size);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 139/862] ext4: dont increase iversion counter for ea_inodes
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 138/862] ext4: fix check for block being out of directory size Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 140/862] ext4: unconditionally enable the i_version counter Greg Kroah-Hartman
` (737 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Lukas Czerner, Jan Kara,
Jeff Layton, Christian Brauner (Microsoft),
Theodore Tso
From: Lukas Czerner <lczerner@redhat.com>
commit 50f094a5580e6297bf10a807d16f0ee23fa576cf upstream.
ea_inodes are using i_version for storing part of the reference count so
we really need to leave it alone.
The problem can be reproduced by xfstest ext4/026 when iversion is
enabled. Fix it by not calling inode_inc_iversion() for EXT4_EA_INODE_FL
inodes in ext4_mark_iloc_dirty().
Cc: stable@kernel.org
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Link: https://lore.kernel.org/r/20220824160349.39664-1-lczerner@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5731,7 +5731,12 @@ int ext4_mark_iloc_dirty(handle_t *handl
}
ext4_fc_track_inode(handle, inode);
- if (IS_I_VERSION(inode))
+ /*
+ * ea_inodes are using i_version for storing reference count, don't
+ * mess with it
+ */
+ if (IS_I_VERSION(inode) &&
+ !(EXT4_I(inode)->i_flags & EXT4_EA_INODE_FL))
inode_inc_iversion(inode);
/* the do_update_inode consumes one bh->b_count */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 140/862] ext4: unconditionally enable the i_version counter
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 139/862] ext4: dont increase iversion counter for ea_inodes Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 141/862] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate Greg Kroah-Hartman
` (736 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Dave Chinner,
Benjamin Coddington, Christoph Hellwig, Darrick J. Wong,
Jeff Layton, Lukas Czerner, Christian Brauner (Microsoft),
Jan Kara, Theodore Tso
From: Jeff Layton <jlayton@kernel.org>
commit 1ff20307393e17dc57fde62226df625a3a3c36e9 upstream.
The original i_version implementation was pretty expensive, requiring a
log flush on every change. Because of this, it was gated behind a mount
option (implemented via the MS_I_VERSION mountoption flag).
Commit ae5e165d855d (fs: new API for handling inode->i_version) made the
i_version flag much less expensive, so there is no longer a performance
penalty from enabling it. xfs and btrfs already enable it
unconditionally when the on-disk format can support it.
Have ext4 ignore the SB_I_VERSION flag, and just enable it
unconditionally. While we're in here, mark the i_version mount
option Opt_removed.
[ Removed leftover bits of i_version from ext4_apply_options() since it
now can't ever be set in ctx->mask_s_flags -- lczerner ]
Cc: stable@kernel.org
Cc: Dave Chinner <david@fromorbit.com>
Cc: Benjamin Coddington <bcodding@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220824160349.39664-3-lczerner@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 5 ++---
fs/ext4/super.c | 22 +++++-----------------
2 files changed, 7 insertions(+), 20 deletions(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5425,7 +5425,7 @@ int ext4_setattr(struct user_namespace *
return -EINVAL;
}
- if (IS_I_VERSION(inode) && attr->ia_size != inode->i_size)
+ if (attr->ia_size != inode->i_size)
inode_inc_iversion(inode);
if (shrink) {
@@ -5735,8 +5735,7 @@ int ext4_mark_iloc_dirty(handle_t *handl
* ea_inodes are using i_version for storing reference count, don't
* mess with it
*/
- if (IS_I_VERSION(inode) &&
- !(EXT4_I(inode)->i_flags & EXT4_EA_INODE_FL))
+ if (!(EXT4_I(inode)->i_flags & EXT4_EA_INODE_FL))
inode_inc_iversion(inode);
/* the do_update_inode consumes one bh->b_count */
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1585,7 +1585,7 @@ enum {
Opt_inlinecrypt,
Opt_usrjquota, Opt_grpjquota, Opt_quota,
Opt_noquota, Opt_barrier, Opt_nobarrier, Opt_err,
- Opt_usrquota, Opt_grpquota, Opt_prjquota, Opt_i_version,
+ Opt_usrquota, Opt_grpquota, Opt_prjquota,
Opt_dax, Opt_dax_always, Opt_dax_inode, Opt_dax_never,
Opt_stripe, Opt_delalloc, Opt_nodelalloc, Opt_warn_on_error,
Opt_nowarn_on_error, Opt_mblk_io_submit, Opt_debug_want_extra_isize,
@@ -1694,7 +1694,7 @@ static const struct fs_parameter_spec ex
fsparam_flag ("barrier", Opt_barrier),
fsparam_u32 ("barrier", Opt_barrier),
fsparam_flag ("nobarrier", Opt_nobarrier),
- fsparam_flag ("i_version", Opt_i_version),
+ fsparam_flag ("i_version", Opt_removed),
fsparam_flag ("dax", Opt_dax),
fsparam_enum ("dax", Opt_dax_type, ext4_param_dax),
fsparam_u32 ("stripe", Opt_stripe),
@@ -2140,11 +2140,6 @@ static int ext4_parse_param(struct fs_co
case Opt_abort:
ctx_set_mount_flag(ctx, EXT4_MF_FS_ABORTED);
return 0;
- case Opt_i_version:
- ext4_msg(NULL, KERN_WARNING, deprecated_msg, param->key, "5.20");
- ext4_msg(NULL, KERN_WARNING, "Use iversion instead\n");
- ctx_set_flags(ctx, SB_I_VERSION);
- return 0;
case Opt_inlinecrypt:
#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
ctx_set_flags(ctx, SB_INLINECRYPT);
@@ -2814,14 +2809,6 @@ static void ext4_apply_options(struct fs
sb->s_flags &= ~ctx->mask_s_flags;
sb->s_flags |= ctx->vals_s_flags;
- /*
- * i_version differs from common mount option iversion so we have
- * to let vfs know that it was set, otherwise it would get cleared
- * on remount
- */
- if (ctx->mask_s_flags & SB_I_VERSION)
- fc->sb_flags |= SB_I_VERSION;
-
#define APPLY(X) ({ if (ctx->spec & EXT4_SPEC_##X) sbi->X = ctx->X; })
APPLY(s_commit_interval);
APPLY(s_stripe);
@@ -2970,8 +2957,6 @@ static int _ext4_show_options(struct seq
SEQ_OPTS_PRINT("min_batch_time=%u", sbi->s_min_batch_time);
if (nodefs || sbi->s_max_batch_time != EXT4_DEF_MAX_BATCH_TIME)
SEQ_OPTS_PRINT("max_batch_time=%u", sbi->s_max_batch_time);
- if (sb->s_flags & SB_I_VERSION)
- SEQ_OPTS_PUTS("i_version");
if (nodefs || sbi->s_stripe)
SEQ_OPTS_PRINT("stripe=%lu", sbi->s_stripe);
if (nodefs || EXT4_MOUNT_DATA_FLAGS &
@@ -4641,6 +4626,9 @@ static int __ext4_fill_super(struct fs_c
sb->s_flags = (sb->s_flags & ~SB_POSIXACL) |
(test_opt(sb, POSIX_ACL) ? SB_POSIXACL : 0);
+ /* i_version is always enabled now */
+ sb->s_flags |= SB_I_VERSION;
+
if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV &&
(ext4_has_compat_features(sb) ||
ext4_has_ro_compat_features(sb) ||
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 141/862] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 140/862] ext4: unconditionally enable the i_version counter Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 142/862] ext4: place buffer head allocation before handle start Greg Kroah-Hartman
` (735 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Zhang Yi, Jan Kara, Theodore Tso
From: Zhang Yi <yi.zhang@huawei.com>
commit 0b73284c564d3ae4feef4bc920292f004acf4980 upstream.
Recently we notice that ext4 filesystem would occasionally fail to read
metadata from disk and report error message, but the disk and block
layer looks fine. After analyse, we lockon commit 88dbcbb3a484
("blkdev: avoid migration stalls for blkdev pages"). It provide a
migration method for the bdev, we could move page that has buffers
without extra users now, but it lock the buffers on the page, which
breaks the fragile metadata read operation on ext4 filesystem,
ext4_read_bh_lock() was copied from ll_rw_block(), it depends on the
assumption of that locked buffer means it is under IO. So it just
trylock the buffer and skip submit IO if it lock failed, after
wait_on_buffer() we conclude IO error because the buffer is not
uptodate.
This issue could be easily reproduced by add some delay just after
buffer_migrate_lock_buffers() in __buffer_migrate_folio() and do
fsstress on ext4 filesystem.
EXT4-fs error (device pmem1): __ext4_find_entry:1658: inode #73193:
comm fsstress: reading directory lblock 0
EXT4-fs error (device pmem1): __ext4_find_entry:1658: inode #75334:
comm fsstress: reading directory lblock 0
Fix it by removing the trylock logic in ext4_read_bh_lock(), just lock
the buffer and submit IO if it's not uptodate, and also leave over
readahead helper.
Cc: stable@kernel.org
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220831074629.3755110-1-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 16 +++++-----------
1 file changed, 5 insertions(+), 11 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -205,19 +205,12 @@ int ext4_read_bh(struct buffer_head *bh,
int ext4_read_bh_lock(struct buffer_head *bh, blk_opf_t op_flags, bool wait)
{
- if (trylock_buffer(bh)) {
- if (wait)
- return ext4_read_bh(bh, op_flags, NULL);
+ lock_buffer(bh);
+ if (!wait) {
ext4_read_bh_nowait(bh, op_flags, NULL);
return 0;
}
- if (wait) {
- wait_on_buffer(bh);
- if (buffer_uptodate(bh))
- return 0;
- return -EIO;
- }
- return 0;
+ return ext4_read_bh(bh, op_flags, NULL);
}
/*
@@ -264,7 +257,8 @@ void ext4_sb_breadahead_unmovable(struct
struct buffer_head *bh = sb_getblk_gfp(sb, block, 0);
if (likely(bh)) {
- ext4_read_bh_lock(bh, REQ_RAHEAD, false);
+ if (trylock_buffer(bh))
+ ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL);
brelse(bh);
}
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 142/862] ext4: place buffer head allocation before handle start
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 141/862] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 143/862] ext4: fix i_version handling in ext4 Greg Kroah-Hartman
` (734 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Jinke Han, Theodore Tso
From: Jinke Han <hanjinke.666@bytedance.com>
commit d1052d236eddf6aa851434db1897b942e8db9921 upstream.
In our product environment, we encounter some jbd hung waiting handles to
stop while several writters were doing memory reclaim for buffer head
allocation in delay alloc write path. Ext4 do buffer head allocation with
holding transaction handle which may be blocked too long if the reclaim
works not so smooth. According to our bcc trace, the reclaim time in
buffer head allocation can reach 258s and the jbd transaction commit also
take almost the same time meanwhile. Except for these extreme cases,
we often see several seconds delays for cgroup memory reclaim on our
servers. This is more likely to happen considering docker environment.
One thing to note, the allocation of buffer heads is as often as page
allocation or more often when blocksize less than page size. Just like
page cache allocation, we should also place the buffer head allocation
before startting the handle.
Cc: stable@kernel.org
Signed-off-by: Jinke Han <hanjinke.666@bytedance.com>
Link: https://lore.kernel.org/r/20220903012429.22555-1-hanjinke.666@bytedance.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1188,6 +1188,13 @@ retry_grab:
page = grab_cache_page_write_begin(mapping, index);
if (!page)
return -ENOMEM;
+ /*
+ * The same as page allocation, we prealloc buffer heads before
+ * starting the handle.
+ */
+ if (!page_has_buffers(page))
+ create_empty_buffers(page, inode->i_sb->s_blocksize, 0);
+
unlock_page(page);
retry_journal:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 143/862] ext4: fix i_version handling in ext4
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 142/862] ext4: place buffer head allocation before handle start Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 144/862] ext4: fix dir corruption when ext4_dx_add_entry() fails Greg Kroah-Hartman
` (733 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Lukas Czerner, Jan Kara,
Christian Brauner (Microsoft),
Jeff Layton, Theodore Tso
From: Jeff Layton <jlayton@kernel.org>
commit a642c2c0827f5604a93f9fa1e5701eecdce4ae22 upstream.
ext4 currently updates the i_version counter when the atime is updated
during a read. This is less than ideal as it can cause unnecessary cache
invalidations with NFSv4 and unnecessary remeasurements for IMA.
The increment in ext4_mark_iloc_dirty is also problematic since it can
corrupt the i_version counter for ea_inodes. We aren't bumping the file
times in ext4_mark_iloc_dirty, so changing the i_version there seems
wrong, and is the cause of both problems.
Remove that callsite and add increments to the setattr, setxattr and
ioctl codepaths, at the same times that we update the ctime. The
i_version bump that already happens during timestamp updates should take
care of the rest.
In ext4_move_extents, increment the i_version on both inodes, and also
add in missing ctime updates.
[ Some minor updates since we've already enabled the i_version counter
unconditionally already via another patch series. -- TYT ]
Cc: stable@kernel.org
Cc: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Link: https://lore.kernel.org/r/20220908172448.208585-3-jlayton@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 14 +++++---------
fs/ext4/ioctl.c | 4 ++++
fs/ext4/xattr.c | 1 +
3 files changed, 10 insertions(+), 9 deletions(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5349,6 +5349,7 @@ int ext4_setattr(struct user_namespace *
int error, rc = 0;
int orphan = 0;
const unsigned int ia_valid = attr->ia_valid;
+ bool inc_ivers = true;
if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
return -EIO;
@@ -5432,8 +5433,8 @@ int ext4_setattr(struct user_namespace *
return -EINVAL;
}
- if (attr->ia_size != inode->i_size)
- inode_inc_iversion(inode);
+ if (attr->ia_size == inode->i_size)
+ inc_ivers = false;
if (shrink) {
if (ext4_should_order_data(inode)) {
@@ -5535,6 +5536,8 @@ out_mmap_sem:
}
if (!error) {
+ if (inc_ivers)
+ inode_inc_iversion(inode);
setattr_copy(mnt_userns, inode, attr);
mark_inode_dirty(inode);
}
@@ -5738,13 +5741,6 @@ int ext4_mark_iloc_dirty(handle_t *handl
}
ext4_fc_track_inode(handle, inode);
- /*
- * ea_inodes are using i_version for storing reference count, don't
- * mess with it
- */
- if (!(EXT4_I(inode)->i_flags & EXT4_EA_INODE_FL))
- inode_inc_iversion(inode);
-
/* the do_update_inode consumes one bh->b_count */
get_bh(iloc->bh);
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -452,6 +452,7 @@ static long swap_inode_boot_loader(struc
swap_inode_data(inode, inode_bl);
inode->i_ctime = inode_bl->i_ctime = current_time(inode);
+ inode_inc_iversion(inode);
inode->i_generation = prandom_u32();
inode_bl->i_generation = prandom_u32();
@@ -665,6 +666,7 @@ static int ext4_ioctl_setflags(struct in
ext4_set_inode_flags(inode, false);
inode->i_ctime = current_time(inode);
+ inode_inc_iversion(inode);
err = ext4_mark_iloc_dirty(handle, inode, &iloc);
flags_err:
@@ -775,6 +777,7 @@ static int ext4_ioctl_setproject(struct
EXT4_I(inode)->i_projid = kprojid;
inode->i_ctime = current_time(inode);
+ inode_inc_iversion(inode);
out_dirty:
rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
if (!err)
@@ -1257,6 +1260,7 @@ static long __ext4_ioctl(struct file *fi
err = ext4_reserve_inode_write(handle, inode, &iloc);
if (err == 0) {
inode->i_ctime = current_time(inode);
+ inode_inc_iversion(inode);
inode->i_generation = generation;
err = ext4_mark_iloc_dirty(handle, inode, &iloc);
}
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2412,6 +2412,7 @@ retry_inode:
if (!error) {
ext4_xattr_update_super_block(handle, inode->i_sb);
inode->i_ctime = current_time(inode);
+ inode_inc_iversion(inode);
if (!value)
no_expand = 0;
error = ext4_mark_iloc_dirty(handle, inode, &is.iloc);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 144/862] ext4: fix dir corruption when ext4_dx_add_entry() fails
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 143/862] ext4: fix i_version handling in ext4 Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 145/862] ext4: fix miss release buffer head in ext4_fc_write_inode Greg Kroah-Hartman
` (732 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Jan Kara, Theodore Tso
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 7177dd009c7c04290891e9a534cd47d1b620bd04 upstream.
Following process may lead to fs corruption:
1. ext4_create(dir/foo)
ext4_add_nondir
ext4_add_entry
ext4_dx_add_entry
a. add_dirent_to_buf
ext4_mark_inode_dirty
ext4_handle_dirty_metadata // dir inode bh is recorded into journal
b. ext4_append // dx_get_count(entries) == dx_get_limit(entries)
ext4_bread(EXT4_GET_BLOCKS_CREATE)
ext4_getblk
ext4_map_blocks
ext4_ext_map_blocks
ext4_mb_new_blocks
dquot_alloc_block
dquot_alloc_space_nodirty
inode_add_bytes // update dir's i_blocks
ext4_ext_insert_extent
ext4_ext_dirty // record extent bh into journal
ext4_handle_dirty_metadata(bh)
// record new block into journal
inode->i_size += inode->i_sb->s_blocksize // new size(in mem)
c. ext4_handle_dirty_dx_node(bh2)
// record dir's new block(dx_node) into journal
d. ext4_handle_dirty_dx_node((frame - 1)->bh)
e. ext4_handle_dirty_dx_node(frame->bh)
f. do_split // ret err!
g. add_dirent_to_buf
ext4_mark_inode_dirty(dir) // update raw_inode on disk(skipped)
2. fsck -a /dev/sdb
drop last block(dx_node) which beyonds dir's i_size.
/dev/sdb: recovering journal
/dev/sdb contains a file system with errors, check forced.
/dev/sdb: Inode 12, end of extent exceeds allowed value
(logical block 128, physical block 3938, len 1)
3. fsck -fn /dev/sdb
dx_node->entry[i].blk > dir->i_size
Pass 2: Checking directory structure
Problem in HTREE directory inode 12 (/dir): bad block number 128.
Clear HTree index? no
Problem in HTREE directory inode 12: block #3 has invalid depth (2)
Problem in HTREE directory inode 12: block #3 has bad max hash
Problem in HTREE directory inode 12: block #3 not referenced
Fix it by marking inode dirty directly inside ext4_append().
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216466
Cc: stable@vger.kernel.org
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220911045204.516460-1-chengzhihao1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -85,15 +85,20 @@ static struct buffer_head *ext4_append(h
return bh;
inode->i_size += inode->i_sb->s_blocksize;
EXT4_I(inode)->i_disksize = inode->i_size;
+ err = ext4_mark_inode_dirty(handle, inode);
+ if (err)
+ goto out;
BUFFER_TRACE(bh, "get_write_access");
err = ext4_journal_get_write_access(handle, inode->i_sb, bh,
EXT4_JTR_NONE);
- if (err) {
- brelse(bh);
- ext4_std_error(inode->i_sb, err);
- return ERR_PTR(err);
- }
+ if (err)
+ goto out;
return bh;
+
+out:
+ brelse(bh);
+ ext4_std_error(inode->i_sb, err);
+ return ERR_PTR(err);
}
static int ext4_dx_csum_verify(struct inode *inode,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 145/862] ext4: fix miss release buffer head in ext4_fc_write_inode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 144/862] ext4: fix dir corruption when ext4_dx_add_entry() fails Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 146/862] ext4: fix potential memory leak in ext4_fc_record_modified_inode() Greg Kroah-Hartman
` (731 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit ccbf8eeb39f2ff00b54726a2b20b35d788c4ecb5 upstream.
In 'ext4_fc_write_inode' function first call 'ext4_get_inode_loc' get 'iloc',
after use it miss release 'iloc.bh'.
So just release 'iloc.bh' before 'ext4_fc_write_inode' return.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220914100859.1415196-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -874,22 +874,25 @@ static int ext4_fc_write_inode(struct in
tl.fc_tag = cpu_to_le16(EXT4_FC_TAG_INODE);
tl.fc_len = cpu_to_le16(inode_len + sizeof(fc_inode.fc_ino));
+ ret = -ECANCELED;
dst = ext4_fc_reserve_space(inode->i_sb,
sizeof(tl) + inode_len + sizeof(fc_inode.fc_ino), crc);
if (!dst)
- return -ECANCELED;
+ goto err;
if (!ext4_fc_memcpy(inode->i_sb, dst, &tl, sizeof(tl), crc))
- return -ECANCELED;
+ goto err;
dst += sizeof(tl);
if (!ext4_fc_memcpy(inode->i_sb, dst, &fc_inode, sizeof(fc_inode), crc))
- return -ECANCELED;
+ goto err;
dst += sizeof(fc_inode);
if (!ext4_fc_memcpy(inode->i_sb, dst, (u8 *)ext4_raw_inode(&iloc),
inode_len, crc))
- return -ECANCELED;
-
- return 0;
+ goto err;
+ ret = 0;
+err:
+ brelse(iloc.bh);
+ return ret;
}
/*
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 146/862] ext4: fix potential memory leak in ext4_fc_record_modified_inode()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 145/862] ext4: fix miss release buffer head in ext4_fc_write_inode Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 147/862] ext4: fix potential memory leak in ext4_fc_record_regions() Greg Kroah-Hartman
` (730 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 9305721a309fa1bd7c194e0d4a2335bf3b29dca4 upstream.
As krealloc may return NULL, in this case 'state->fc_modified_inodes'
may not be freed by krealloc, but 'state->fc_modified_inodes' already
set NULL. Then will lead to 'state->fc_modified_inodes' memory leak.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220921064040.3693255-2-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -1494,13 +1494,15 @@ static int ext4_fc_record_modified_inode
if (state->fc_modified_inodes[i] == ino)
return 0;
if (state->fc_modified_inodes_used == state->fc_modified_inodes_size) {
- state->fc_modified_inodes = krealloc(
- state->fc_modified_inodes,
+ int *fc_modified_inodes;
+
+ fc_modified_inodes = krealloc(state->fc_modified_inodes,
sizeof(int) * (state->fc_modified_inodes_size +
EXT4_FC_REPLAY_REALLOC_INCREMENT),
GFP_KERNEL);
- if (!state->fc_modified_inodes)
+ if (!fc_modified_inodes)
return -ENOMEM;
+ state->fc_modified_inodes = fc_modified_inodes;
state->fc_modified_inodes_size +=
EXT4_FC_REPLAY_REALLOC_INCREMENT;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 147/862] ext4: fix potential memory leak in ext4_fc_record_regions()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 146/862] ext4: fix potential memory leak in ext4_fc_record_modified_inode() Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 148/862] ext4: update state->fc_regions_size after successful memory allocation Greg Kroah-Hartman
` (729 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 7069d105c1f15c442b68af43f7fde784f3126739 upstream.
As krealloc may return NULL, in this case 'state->fc_regions' may not be
freed by krealloc, but 'state->fc_regions' already set NULL. Then will
lead to 'state->fc_regions' memory leak.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220921064040.3693255-3-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -1687,15 +1687,17 @@ int ext4_fc_record_regions(struct super_
if (replay && state->fc_regions_used != state->fc_regions_valid)
state->fc_regions_used = state->fc_regions_valid;
if (state->fc_regions_used == state->fc_regions_size) {
+ struct ext4_fc_alloc_region *fc_regions;
+
state->fc_regions_size +=
EXT4_FC_REPLAY_REALLOC_INCREMENT;
- state->fc_regions = krealloc(
- state->fc_regions,
- state->fc_regions_size *
- sizeof(struct ext4_fc_alloc_region),
- GFP_KERNEL);
- if (!state->fc_regions)
+ fc_regions = krealloc(state->fc_regions,
+ state->fc_regions_size *
+ sizeof(struct ext4_fc_alloc_region),
+ GFP_KERNEL);
+ if (!fc_regions)
return -ENOMEM;
+ state->fc_regions = fc_regions;
}
region = &state->fc_regions[state->fc_regions_used++];
region->ino = ino;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 148/862] ext4: update state->fc_regions_size after successful memory allocation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 147/862] ext4: fix potential memory leak in ext4_fc_record_regions() Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 149/862] livepatch: fix race between fork and KLP transition Greg Kroah-Hartman
` (728 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit 27cd49780381c6ccbf248798e5e8fd076200ffba upstream.
To avoid to 'state->fc_regions_size' mismatch with 'state->fc_regions'
when fail to reallocate 'fc_reqions',only update 'state->fc_regions_size'
after 'state->fc_regions' is allocated successfully.
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220921064040.3693255-4-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fast_commit.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -1689,14 +1689,15 @@ int ext4_fc_record_regions(struct super_
if (state->fc_regions_used == state->fc_regions_size) {
struct ext4_fc_alloc_region *fc_regions;
- state->fc_regions_size +=
- EXT4_FC_REPLAY_REALLOC_INCREMENT;
fc_regions = krealloc(state->fc_regions,
- state->fc_regions_size *
- sizeof(struct ext4_fc_alloc_region),
+ sizeof(struct ext4_fc_alloc_region) *
+ (state->fc_regions_size +
+ EXT4_FC_REPLAY_REALLOC_INCREMENT),
GFP_KERNEL);
if (!fc_regions)
return -ENOMEM;
+ state->fc_regions_size +=
+ EXT4_FC_REPLAY_REALLOC_INCREMENT;
state->fc_regions = fc_regions;
}
region = &state->fc_regions[state->fc_regions_used++];
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 149/862] livepatch: fix race between fork and KLP transition
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 148/862] ext4: update state->fc_regions_size after successful memory allocation Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 150/862] ftrace: Properly unset FTRACE_HASH_FL_MOD Greg Kroah-Hartman
` (727 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rik van Riel, Breno Leitao,
Petr Mladek, Josh Poimboeuf, stable
From: Rik van Riel <riel@surriel.com>
commit 747f7a2901174c9afa805dddfb7b24db6f65e985 upstream.
The KLP transition code depends on the TIF_PATCH_PENDING and
the task->patch_state to stay in sync. On a normal (forward)
transition, TIF_PATCH_PENDING will be set on every task in
the system, while on a reverse transition (after a failed
forward one) first TIF_PATCH_PENDING will be cleared from
every task, followed by it being set on tasks that need to
be transitioned back to the original code.
However, the fork code copies over the TIF_PATCH_PENDING flag
from the parent to the child early on, in dup_task_struct and
setup_thread_stack. Much later, klp_copy_process will set
child->patch_state to match that of the parent.
However, the parent's patch_state may have been changed by KLP loading
or unloading since it was initially copied over into the child.
This results in the KLP code occasionally hitting this warning in
klp_complete_transition:
for_each_process_thread(g, task) {
WARN_ON_ONCE(test_tsk_thread_flag(task, TIF_PATCH_PENDING));
task->patch_state = KLP_UNDEFINED;
}
Set, or clear, the TIF_PATCH_PENDING flag in the child task
depending on whether or not it is needed at the time
klp_copy_process is called, at a point in copy_process where the
tasklist_lock is held exclusively, preventing races with the KLP
code.
The KLP code does have a few places where the state is changed
without the tasklist_lock held, but those should not cause
problems because klp_update_patch_state(current) cannot be
called while the current task is in the middle of fork,
klp_check_and_switch_task() which is called under the pi_lock,
which prevents rescheduling, and manipulation of the patch
state of idle tasks, which do not fork.
This should prevent this warning from triggering again in the
future, and close the race for both normal and reverse transitions.
Signed-off-by: Rik van Riel <riel@surriel.com>
Reported-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Fixes: d83a7cb375ee ("livepatch: change to a per-task consistency model")
Cc: stable@kernel.org
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20220808150019.03d6a67b@imladris.surriel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/livepatch/transition.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- a/kernel/livepatch/transition.c
+++ b/kernel/livepatch/transition.c
@@ -610,9 +610,23 @@ void klp_reverse_transition(void)
/* Called from copy_process() during fork */
void klp_copy_process(struct task_struct *child)
{
- child->patch_state = current->patch_state;
- /* TIF_PATCH_PENDING gets copied in setup_thread_stack() */
+ /*
+ * The parent process may have gone through a KLP transition since
+ * the thread flag was copied in setup_thread_stack earlier. Bring
+ * the task flag up to date with the parent here.
+ *
+ * The operation is serialized against all klp_*_transition()
+ * operations by the tasklist_lock. The only exception is
+ * klp_update_patch_state(current), but we cannot race with
+ * that because we are current.
+ */
+ if (test_tsk_thread_flag(current, TIF_PATCH_PENDING))
+ set_tsk_thread_flag(child, TIF_PATCH_PENDING);
+ else
+ clear_tsk_thread_flag(child, TIF_PATCH_PENDING);
+
+ child->patch_state = current->patch_state;
}
/*
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 150/862] ftrace: Properly unset FTRACE_HASH_FL_MOD
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 149/862] livepatch: fix race between fork and KLP transition Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 151/862] ftrace: Still disable enabled records marked as disabled Greg Kroah-Hartman
` (726 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, mingo, Zheng Yejian, Steven Rostedt (Google)
From: Zheng Yejian <zhengyejian1@huawei.com>
commit 0ce0638edf5ec83343302b884fa208179580700a upstream.
When executing following commands like what document said, but the log
"#### all functions enabled ####" was not shown as expect:
1. Set a 'mod' filter:
$ echo 'write*:mod:ext3' > /sys/kernel/tracing/set_ftrace_filter
2. Invert above filter:
$ echo '!write*:mod:ext3' >> /sys/kernel/tracing/set_ftrace_filter
3. Read the file:
$ cat /sys/kernel/tracing/set_ftrace_filter
By some debugging, I found that flag FTRACE_HASH_FL_MOD was not unset
after inversion like above step 2 and then result of ftrace_hash_empty()
is incorrect.
Link: https://lkml.kernel.org/r/20220926152008.2239274-1-zhengyejian1@huawei.com
Cc: <mingo@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 8c08f0d5c6fb ("ftrace: Have cached module filters be an active filter")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -6081,8 +6081,12 @@ int ftrace_regex_release(struct inode *i
if (filter_hash) {
orig_hash = &iter->ops->func_hash->filter_hash;
- if (iter->tr && !list_empty(&iter->tr->mod_trace))
- iter->hash->flags |= FTRACE_HASH_FL_MOD;
+ if (iter->tr) {
+ if (list_empty(&iter->tr->mod_trace))
+ iter->hash->flags &= ~FTRACE_HASH_FL_MOD;
+ else
+ iter->hash->flags |= FTRACE_HASH_FL_MOD;
+ }
} else
orig_hash = &iter->ops->func_hash->notrace_hash;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 151/862] ftrace: Still disable enabled records marked as disabled
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 150/862] ftrace: Properly unset FTRACE_HASH_FL_MOD Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 152/862] ring-buffer: Allow splice to read previous partially read pages Greg Kroah-Hartman
` (725 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit cf04f2d5df0037741207382ac8fe289e8bf84ced upstream.
Weak functions started causing havoc as they showed up in the
"available_filter_functions" and this confused people as to why some
functions marked as "notrace" were listed, but when enabled they did
nothing. This was because weak functions can still have fentry calls, and
these addresses get added to the "available_filter_functions" file.
kallsyms is what converts those addresses to names, and since the weak
functions are not listed in kallsyms, it would just pick the function
before that.
To solve this, there was a trick to detect weak functions listed, and
these records would be marked as DISABLED so that they do not get enabled
and are mostly ignored. As the processing of the list of all functions to
figure out what is weak or not can take a long time, this process is put
off into a kernel thread and run in parallel with the rest of start up.
Now the issue happens whet function tracing is enabled via the kernel
command line. As it starts very early in boot up, it can be enabled before
the records that are weak are marked to be disabled. This causes an issue
in the accounting, as the weak records are enabled by the command line
function tracing, but after boot up, they are not disabled.
The ftrace records have several accounting flags and a ref count. The
DISABLED flag is just one. If the record is enabled before it is marked
DISABLED it will get an ENABLED flag and also have its ref counter
incremented. After it is marked for DISABLED, neither the ENABLED flag nor
the ref counter is cleared. There's sanity checks on the records that are
performed after an ftrace function is registered or unregistered, and this
detected that there were records marked as ENABLED with ref counter that
should not have been.
Note, the module loading code uses the DISABLED flag as well to keep its
functions from being modified while its being loaded and some of these
flags may get set in this process. So changing the verification code to
ignore DISABLED records is a no go, as it still needs to verify that the
module records are working too.
Also, the weak functions still are calling a trampoline. Even though they
should never be called, it is dangerous to leave these weak functions
calling a trampoline that is freed, so they should still be set back to
nops.
There's two places that need to not skip records that have the ENABLED
and the DISABLED flags set. That is where the ftrace_ops is processed and
sets the records ref counts, and then later when the function itself is to
be updated, and the ENABLED flag gets removed. Add a helper function
"skip_record()" that returns true if the record has the DISABLED flag set
but not the ENABLED flag.
Link: https://lkml.kernel.org/r/20221005003809.27d2b97b@gandalf.local.home
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Fixes: b39181f7c6907 ("ftrace: Add FTRACE_MCOUNT_MAX_OFFSET to avoid adding weak function")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1644,6 +1644,18 @@ ftrace_find_tramp_ops_any_other(struct d
static struct ftrace_ops *
ftrace_find_tramp_ops_next(struct dyn_ftrace *rec, struct ftrace_ops *ops);
+static bool skip_record(struct dyn_ftrace *rec)
+{
+ /*
+ * At boot up, weak functions are set to disable. Function tracing
+ * can be enabled before they are, and they still need to be disabled now.
+ * If the record is disabled, still continue if it is marked as already
+ * enabled (this is needed to keep the accounting working).
+ */
+ return rec->flags & FTRACE_FL_DISABLED &&
+ !(rec->flags & FTRACE_FL_ENABLED);
+}
+
static bool __ftrace_hash_rec_update(struct ftrace_ops *ops,
int filter_hash,
bool inc)
@@ -1693,7 +1705,7 @@ static bool __ftrace_hash_rec_update(str
int in_hash = 0;
int match = 0;
- if (rec->flags & FTRACE_FL_DISABLED)
+ if (skip_record(rec))
continue;
if (all) {
@@ -2126,7 +2138,7 @@ static int ftrace_check_record(struct dy
ftrace_bug_type = FTRACE_BUG_UNKNOWN;
- if (rec->flags & FTRACE_FL_DISABLED)
+ if (skip_record(rec))
return FTRACE_UPDATE_IGNORE;
/*
@@ -2241,7 +2253,7 @@ static int ftrace_check_record(struct dy
if (update) {
/* If there's no more users, clear all flags */
if (!ftrace_rec_count(rec))
- rec->flags = 0;
+ rec->flags &= FTRACE_FL_DISABLED;
else
/*
* Just disable the record, but keep the ops TRAMP
@@ -2634,7 +2646,7 @@ void __weak ftrace_replace_code(int mod_
do_for_each_ftrace_rec(pg, rec) {
- if (rec->flags & FTRACE_FL_DISABLED)
+ if (skip_record(rec))
continue;
failed = __ftrace_replace_code(rec, enable);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 152/862] ring-buffer: Allow splice to read previous partially read pages
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 151/862] ftrace: Still disable enabled records marked as disabled Greg Kroah-Hartman
@ 2022-10-19 8:23 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 153/862] ring-buffer: Have the shortest_full queue be the shortest not longest Greg Kroah-Hartman
` (724 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:23 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit fa8f4a89736b654125fb254b0db753ac68a5fced upstream.
If a page is partially read, and then the splice system call is run
against the ring buffer, it will always fail to read, no matter how much
is in the ring buffer. That's because the code path for a partial read of
the page does will fail if the "full" flag is set.
The splice system call wants full pages, so if the read of the ring buffer
is not yet full, it should return zero, and the splice will block. But if
a previous read was done, where the beginning has been consumed, it should
still be given to the splice caller if the rest of the page has been
written to.
This caused the splice command to never consume data in this scenario, and
let the ring buffer just fill up and lose events.
Link: https://lkml.kernel.org/r/20220927144317.46be6b80@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes: 8789a9e7df6bf ("ring-buffer: read page interface")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -5616,7 +5616,15 @@ int ring_buffer_read_page(struct trace_b
unsigned int pos = 0;
unsigned int size;
- if (full)
+ /*
+ * If a full page is expected, this can still be returned
+ * if there's been a previous partial read and the
+ * rest of the page can be read and the commit page is off
+ * the reader page.
+ */
+ if (full &&
+ (!read || (len < (commit - read)) ||
+ cpu_buffer->reader_page == cpu_buffer->commit_page))
goto out_unlock;
if (len > (commit - read))
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 153/862] ring-buffer: Have the shortest_full queue be the shortest not longest
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-10-19 8:23 ` [PATCH 6.0 152/862] ring-buffer: Allow splice to read previous partially read pages Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 154/862] ring-buffer: Check pending waiters when doing wake ups as well Greg Kroah-Hartman
` (723 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 3b19d614b61b93a131f463817e08219c9ce1fee3 upstream.
The logic to know when the shortest waiters on the ring buffer should be
woken up or not has uses a less than instead of a greater than compare,
which causes the shortest_full to actually be the longest.
Link: https://lkml.kernel.org/r/20220927231823.718039222@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1011,7 +1011,7 @@ int ring_buffer_wait(struct trace_buffer
nr_pages = cpu_buffer->nr_pages;
dirty = ring_buffer_nr_dirty_pages(buffer, cpu);
if (!cpu_buffer->shortest_full ||
- cpu_buffer->shortest_full < full)
+ cpu_buffer->shortest_full > full)
cpu_buffer->shortest_full = full;
raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
if (!pagebusy &&
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 154/862] ring-buffer: Check pending waiters when doing wake ups as well
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 153/862] ring-buffer: Have the shortest_full queue be the shortest not longest Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 155/862] ring-buffer: Add ring_buffer_wake_waiters() Greg Kroah-Hartman
` (722 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit ec0bbc5ec5664dcee344f79373852117dc672c86 upstream.
The wake up waiters only checks the "wakeup_full" variable and not the
"full_waiters_pending". The full_waiters_pending is set when a waiter is
added to the wait queue. The wakeup_full is only set when an event is
triggered, and it clears the full_waiters_pending to avoid multiple calls
to irq_work_queue().
The irq_work callback really needs to check both wakeup_full as well as
full_waiters_pending such that this code can be used to wake up waiters
when a file is closed that represents the ring buffer and the waiters need
to be woken up.
Link: https://lkml.kernel.org/r/20220927231824.209460321@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 15693458c4bc0 ("tracing/ring-buffer: Move poll wake ups into ring buffer code")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -917,8 +917,9 @@ static void rb_wake_up_waiters(struct ir
struct rb_irq_work *rbwork = container_of(work, struct rb_irq_work, work);
wake_up_all(&rbwork->waiters);
- if (rbwork->wakeup_full) {
+ if (rbwork->full_waiters_pending || rbwork->wakeup_full) {
rbwork->wakeup_full = false;
+ rbwork->full_waiters_pending = false;
wake_up_all(&rbwork->full_waiters);
}
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 155/862] ring-buffer: Add ring_buffer_wake_waiters()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 154/862] ring-buffer: Check pending waiters when doing wake ups as well Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 156/862] ring-buffer: Fix race between reset page and reading page Greg Kroah-Hartman
` (721 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 7e9fbbb1b776d8d7969551565bc246f74ec53b27 upstream.
On closing of a file that represents a ring buffer or flushing the file,
there may be waiters on the ring buffer that needs to be woken up and exit
the ring_buffer_wait() function.
Add ring_buffer_wake_waiters() to wake up the waiters on the ring buffer
and allow them to exit the wait loop.
Link: https://lkml.kernel.org/r/20220928133938.28dc2c27@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 15693458c4bc0 ("tracing/ring-buffer: Move poll wake ups into ring buffer code")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ring_buffer.h | 2 +-
kernel/trace/ring_buffer.c | 39 +++++++++++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+), 1 deletion(-)
--- a/include/linux/ring_buffer.h
+++ b/include/linux/ring_buffer.h
@@ -101,7 +101,7 @@ __ring_buffer_alloc(unsigned long size,
int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full);
__poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
struct file *filp, poll_table *poll_table);
-
+void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu);
#define RING_BUFFER_ALL_CPUS -1
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -413,6 +413,7 @@ struct rb_irq_work {
struct irq_work work;
wait_queue_head_t waiters;
wait_queue_head_t full_waiters;
+ long wait_index;
bool waiters_pending;
bool full_waiters_pending;
bool wakeup_full;
@@ -925,6 +926,37 @@ static void rb_wake_up_waiters(struct ir
}
/**
+ * ring_buffer_wake_waiters - wake up any waiters on this ring buffer
+ * @buffer: The ring buffer to wake waiters on
+ *
+ * In the case of a file that represents a ring buffer is closing,
+ * it is prudent to wake up any waiters that are on this.
+ */
+void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu)
+{
+ struct ring_buffer_per_cpu *cpu_buffer;
+ struct rb_irq_work *rbwork;
+
+ if (cpu == RING_BUFFER_ALL_CPUS) {
+
+ /* Wake up individual ones too. One level recursion */
+ for_each_buffer_cpu(buffer, cpu)
+ ring_buffer_wake_waiters(buffer, cpu);
+
+ rbwork = &buffer->irq_work;
+ } else {
+ cpu_buffer = buffer->buffers[cpu];
+ rbwork = &cpu_buffer->irq_work;
+ }
+
+ rbwork->wait_index++;
+ /* make sure the waiters see the new index */
+ smp_wmb();
+
+ rb_wake_up_waiters(&rbwork->work);
+}
+
+/**
* ring_buffer_wait - wait for input to the ring buffer
* @buffer: buffer to wait on
* @cpu: the cpu buffer to wait on
@@ -939,6 +971,7 @@ int ring_buffer_wait(struct trace_buffer
struct ring_buffer_per_cpu *cpu_buffer;
DEFINE_WAIT(wait);
struct rb_irq_work *work;
+ long wait_index;
int ret = 0;
/*
@@ -957,6 +990,7 @@ int ring_buffer_wait(struct trace_buffer
work = &cpu_buffer->irq_work;
}
+ wait_index = READ_ONCE(work->wait_index);
while (true) {
if (full)
@@ -1021,6 +1055,11 @@ int ring_buffer_wait(struct trace_buffer
}
schedule();
+
+ /* Make sure to see the new wait index */
+ smp_rmb();
+ if (wait_index != work->wait_index)
+ break;
}
if (full)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 156/862] ring-buffer: Fix race between reset page and reading page
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 155/862] ring-buffer: Add ring_buffer_wake_waiters() Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 157/862] tracing/eprobe: Fix alloc event dir failed when event name no set Greg Kroah-Hartman
` (720 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton, Jiazi.Li,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit a0fcaaed0c46cf9399d3a2d6e0c87ddb3df0e044 upstream.
The ring buffer is broken up into sub buffers (currently of page size).
Each sub buffer has a pointer to its "tail" (the last event written to the
sub buffer). When a new event is requested, the tail is locally
incremented to cover the size of the new event. This is done in a way that
there is no need for locking.
If the tail goes past the end of the sub buffer, the process of moving to
the next sub buffer takes place. After setting the current sub buffer to
the next one, the previous one that had the tail go passed the end of the
sub buffer needs to be reset back to the original tail location (before
the new event was requested) and the rest of the sub buffer needs to be
"padded".
The race happens when a reader takes control of the sub buffer. As readers
do a "swap" of sub buffers from the ring buffer to get exclusive access to
the sub buffer, it replaces the "head" sub buffer with an empty sub buffer
that goes back into the writable portion of the ring buffer. This swap can
happen as soon as the writer moves to the next sub buffer and before it
updates the last sub buffer with padding.
Because the sub buffer can be released to the reader while the writer is
still updating the padding, it is possible for the reader to see the event
that goes past the end of the sub buffer. This can cause obvious issues.
To fix this, add a few memory barriers so that the reader definitely sees
the updates to the sub buffer, and also waits until the writer has put
back the "tail" of the sub buffer back to the last event that was written
on it.
To be paranoid, it will only spin for 1 second, otherwise it will
warn and shutdown the ring buffer code. 1 second should be enough as
the writer does have preemption disabled. If the writer doesn't move
within 1 second (with preemption disabled) something is horribly
wrong. No interrupt should last 1 second!
Link: https://lore.kernel.org/all/20220830120854.7545-1-jiazi.li@transsion.com/
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216369
Link: https://lkml.kernel.org/r/20220929104909.0650a36c@gandalf.local.home
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Fixes: c7b0930857e22 ("ring-buffer: prevent adding write in discarded area")
Reported-by: Jiazi.Li <jiazi.li@transsion.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -2648,6 +2648,9 @@ rb_reset_tail(struct ring_buffer_per_cpu
/* Mark the rest of the page with padding */
rb_event_set_padding(event);
+ /* Make sure the padding is visible before the write update */
+ smp_wmb();
+
/* Set the write back to the previous setting */
local_sub(length, &tail_page->write);
return;
@@ -2659,6 +2662,9 @@ rb_reset_tail(struct ring_buffer_per_cpu
/* time delta must be non zero */
event->time_delta = 1;
+ /* Make sure the padding is visible before the tail_page->write update */
+ smp_wmb();
+
/* Set write to end of buffer */
length = (tail + length) - BUF_PAGE_SIZE;
local_sub(length, &tail_page->write);
@@ -4627,6 +4633,33 @@ rb_get_reader_page(struct ring_buffer_pe
arch_spin_unlock(&cpu_buffer->lock);
local_irq_restore(flags);
+ /*
+ * The writer has preempt disable, wait for it. But not forever
+ * Although, 1 second is pretty much "forever"
+ */
+#define USECS_WAIT 1000000
+ for (nr_loops = 0; nr_loops < USECS_WAIT; nr_loops++) {
+ /* If the write is past the end of page, a writer is still updating it */
+ if (likely(!reader || rb_page_write(reader) <= BUF_PAGE_SIZE))
+ break;
+
+ udelay(1);
+
+ /* Get the latest version of the reader write value */
+ smp_rmb();
+ }
+
+ /* The writer is not moving forward? Something is wrong */
+ if (RB_WARN_ON(cpu_buffer, nr_loops == USECS_WAIT))
+ reader = NULL;
+
+ /*
+ * Make sure we see any padding after the write update
+ * (see rb_reset_tail())
+ */
+ smp_rmb();
+
+
return reader;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 157/862] tracing/eprobe: Fix alloc event dir failed when event name no set
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 156/862] ring-buffer: Fix race between reset page and reading page Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 158/862] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Greg Kroah-Hartman
` (719 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Tom Zanussi, Linyu Yuan,
Masami Hiramatsu (Google), Tao Chen, Steven Rostedt (Google)
From: Tao Chen <chentao.kernel@linux.alibaba.com>
commit dc399adecd4e2826868e5d116a58e33071b18346 upstream.
The event dir will alloc failed when event name no set, using the
command:
"echo "e:esys/ syscalls/sys_enter_openat file=\$filename:string"
>> dynamic_events"
It seems that dir name="syscalls/sys_enter_openat" is not allowed
in debugfs. So just use the "sys_enter_openat" as the event name.
Link: https://lkml.kernel.org/r/1664028814-45923-1-git-send-email-chentao.kernel@linux.alibaba.com
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: Linyu Yuan <quic_linyyuan@quicinc.com>
Cc: Tao Chen <chentao.kernel@linux.alibaba.com
Cc: stable@vger.kernel.org
Fixes: 95c104c378dc ("tracing: Auto generate event name when creating a group of events")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Tao Chen <chentao.kernel@linux.alibaba.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_eprobe.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/kernel/trace/trace_eprobe.c
+++ b/kernel/trace/trace_eprobe.c
@@ -968,8 +968,7 @@ static int __trace_eprobe_create(int arg
}
if (!event) {
- strscpy(buf1, argv[1], MAX_EVENT_NAME_LEN);
- sanitize_event_name(buf1);
+ strscpy(buf1, sys_event, MAX_EVENT_NAME_LEN);
event = buf1;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 158/862] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 157/862] tracing/eprobe: Fix alloc event dir failed when event name no set Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 159/862] tracing: Wake up ring buffer waiters on closing of the file Greg Kroah-Hartman
` (718 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Ingo Molnar,
Will Deacon, Boqun Feng, Steven Rostedt, Waiman Long
From: Waiman Long <longman@redhat.com>
commit c0a581d7126c0bbc96163276f585fd7b4e4d8d0e upstream.
It was found that some tracing functions in kernel/trace/trace.c acquire
an arch_spinlock_t with preemption and irqs enabled. An example is the
tracing_saved_cmdlines_size_read() function which intermittently causes
a "BUG: using smp_processor_id() in preemptible" warning when the LTP
read_all_proc test is run.
That can be problematic in case preemption happens after acquiring the
lock. Add the necessary preemption or interrupt disabling code in the
appropriate places before acquiring an arch_spinlock_t.
The convention here is to disable preemption for trace_cmdline_lock and
interupt for max_lock.
Link: https://lkml.kernel.org/r/20220922145622.1744826-1-longman@redhat.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Will Deacon <will@kernel.org>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: stable@vger.kernel.org
Fixes: a35873a0993b ("tracing: Add conditional snapshot")
Fixes: 939c7a4f04fc ("tracing: Introduce saved_cmdlines_size file")
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1193,12 +1193,14 @@ void *tracing_cond_snapshot_data(struct
{
void *cond_data = NULL;
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (tr->cond_snapshot)
cond_data = tr->cond_snapshot->cond_data;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
return cond_data;
}
@@ -1334,9 +1336,11 @@ int tracing_snapshot_cond_enable(struct
goto fail_unlock;
}
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
tr->cond_snapshot = cond_snapshot;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
mutex_unlock(&trace_types_lock);
@@ -1363,6 +1367,7 @@ int tracing_snapshot_cond_disable(struct
{
int ret = 0;
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (!tr->cond_snapshot)
@@ -1373,6 +1378,7 @@ int tracing_snapshot_cond_disable(struct
}
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
return ret;
}
@@ -2200,6 +2206,11 @@ static size_t tgid_map_max;
#define SAVED_CMDLINES_DEFAULT 128
#define NO_CMDLINE_MAP UINT_MAX
+/*
+ * Preemption must be disabled before acquiring trace_cmdline_lock.
+ * The various trace_arrays' max_lock must be acquired in a context
+ * where interrupt is disabled.
+ */
static arch_spinlock_t trace_cmdline_lock = __ARCH_SPIN_LOCK_UNLOCKED;
struct saved_cmdlines_buffer {
unsigned map_pid_to_cmdline[PID_MAX_DEFAULT+1];
@@ -2412,7 +2423,11 @@ static int trace_save_cmdline(struct tas
* the lock, but we also don't want to spin
* nor do we want to disable interrupts,
* so if we miss here, then better luck next time.
+ *
+ * This is called within the scheduler and wake up, so interrupts
+ * had better been disabled and run queue lock been held.
*/
+ lockdep_assert_preemption_disabled();
if (!arch_spin_trylock(&trace_cmdline_lock))
return 0;
@@ -5890,9 +5905,11 @@ tracing_saved_cmdlines_size_read(struct
char buf[64];
int r;
+ preempt_disable();
arch_spin_lock(&trace_cmdline_lock);
r = scnprintf(buf, sizeof(buf), "%u\n", savedcmd->cmdline_num);
arch_spin_unlock(&trace_cmdline_lock);
+ preempt_enable();
return simple_read_from_buffer(ubuf, cnt, ppos, buf, r);
}
@@ -5917,10 +5934,12 @@ static int tracing_resize_saved_cmdlines
return -ENOMEM;
}
+ preempt_disable();
arch_spin_lock(&trace_cmdline_lock);
savedcmd_temp = savedcmd;
savedcmd = s;
arch_spin_unlock(&trace_cmdline_lock);
+ preempt_enable();
free_saved_cmdlines_buffer(savedcmd_temp);
return 0;
@@ -6373,10 +6392,12 @@ int tracing_set_tracer(struct trace_arra
#ifdef CONFIG_TRACER_SNAPSHOT
if (t->use_max_tr) {
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (tr->cond_snapshot)
ret = -EBUSY;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
if (ret)
goto out;
}
@@ -7436,10 +7457,12 @@ tracing_snapshot_write(struct file *filp
goto out;
}
+ local_irq_disable();
arch_spin_lock(&tr->max_lock);
if (tr->cond_snapshot)
ret = -EBUSY;
arch_spin_unlock(&tr->max_lock);
+ local_irq_enable();
if (ret)
goto out;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 159/862] tracing: Wake up ring buffer waiters on closing of the file
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 158/862] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 160/862] tracing: Wake up waiters when tracing is disabled Greg Kroah-Hartman
` (717 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit f3ddb74ad0790030c9592229fb14d8c451f4e9a8 upstream.
When the file that represents the ring buffer is closed, there may be
waiters waiting on more input from the ring buffer. Call
ring_buffer_wake_waiters() to wake up any waiters when the file is
closed.
Link: https://lkml.kernel.org/r/20220927231825.182416969@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: e30f53aad2202 ("tracing: Do not busy wait in buffer splice")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/trace_events.h | 1 +
kernel/trace/trace.c | 15 +++++++++++++++
2 files changed, 16 insertions(+)
--- a/include/linux/trace_events.h
+++ b/include/linux/trace_events.h
@@ -92,6 +92,7 @@ struct trace_iterator {
unsigned int temp_size;
char *fmt; /* modified format holder */
unsigned int fmt_size;
+ long wait_index;
/* trace_seq for __print_flags() and __print_symbolic() etc. */
struct trace_seq tmp_seq;
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -8160,6 +8160,12 @@ static int tracing_buffers_release(struc
__trace_array_put(iter->tr);
+ iter->wait_index++;
+ /* Make sure the waiters see the new wait_index */
+ smp_wmb();
+
+ ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file);
+
if (info->spare)
ring_buffer_free_read_page(iter->array_buffer->buffer,
info->spare_cpu, info->spare);
@@ -8313,6 +8319,8 @@ tracing_buffers_splice_read(struct file
/* did we read anything? */
if (!spd.nr_pages) {
+ long wait_index;
+
if (ret)
goto out;
@@ -8320,10 +8328,17 @@ tracing_buffers_splice_read(struct file
if ((file->f_flags & O_NONBLOCK) || (flags & SPLICE_F_NONBLOCK))
goto out;
+ wait_index = READ_ONCE(iter->wait_index);
+
ret = wait_on_pipe(iter, iter->tr->buffer_percent);
if (ret)
goto out;
+ /* Make sure we see the new wait_index */
+ smp_rmb();
+ if (wait_index != iter->wait_index)
+ goto out;
+
goto again;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 160/862] tracing: Wake up waiters when tracing is disabled
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 159/862] tracing: Wake up ring buffer waiters on closing of the file Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 161/862] tracing: Add ioctl() to force ring buffer waiters to wake up Greg Kroah-Hartman
` (716 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 2b0fd9a59b7990c161fa1cb7b79edb22847c87c2 upstream.
When tracing is disabled, there's no reason that waiters should stay
waiting, wake them up, otherwise tasks get stuck when they should be
flushing the buffers.
Cc: stable@vger.kernel.org
Fixes: e30f53aad2202 ("tracing: Do not busy wait in buffer splice")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -8334,6 +8334,10 @@ tracing_buffers_splice_read(struct file
if (ret)
goto out;
+ /* No need to wait after waking up when tracing is off */
+ if (!tracer_tracing_is_on(iter->tr))
+ goto out;
+
/* Make sure we see the new wait_index */
smp_rmb();
if (wait_index != iter->wait_index)
@@ -9043,6 +9047,8 @@ rb_simple_write(struct file *filp, const
tracer_tracing_off(tr);
if (tr->current_trace->stop)
tr->current_trace->stop(tr);
+ /* Wake up any waiters */
+ ring_buffer_wake_waiters(buffer, RING_BUFFER_ALL_CPUS);
}
mutex_unlock(&trace_types_lock);
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 161/862] tracing: Add ioctl() to force ring buffer waiters to wake up
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 160/862] tracing: Wake up waiters when tracing is disabled Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 162/862] tracing: Do not free snapshot if tracer is on cmdline Greg Kroah-Hartman
` (715 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 01b2a52171735c6eea80ee2f355f32bea6c41418 upstream.
If a process is waiting on the ring buffer for data, there currently isn't
a clean way to force it to wake up. Add an ioctl call that will force any
tasks that are waiting on the trace_pipe_raw file to wake up.
Link: https://lkml.kernel.org/r/20220929095029.117f913f@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: e30f53aad2202 ("tracing: Do not busy wait in buffer splice")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -8353,12 +8353,34 @@ out:
return ret;
}
+/* An ioctl call with cmd 0 to the ring buffer file will wake up all waiters */
+static long tracing_buffers_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+{
+ struct ftrace_buffer_info *info = file->private_data;
+ struct trace_iterator *iter = &info->iter;
+
+ if (cmd)
+ return -ENOIOCTLCMD;
+
+ mutex_lock(&trace_types_lock);
+
+ iter->wait_index++;
+ /* Make sure the waiters see the new wait_index */
+ smp_wmb();
+
+ ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file);
+
+ mutex_unlock(&trace_types_lock);
+ return 0;
+}
+
static const struct file_operations tracing_buffers_fops = {
.open = tracing_buffers_open,
.read = tracing_buffers_read,
.poll = tracing_buffers_poll,
.release = tracing_buffers_release,
.splice_read = tracing_buffers_splice_read,
+ .unlocked_ioctl = tracing_buffers_ioctl,
.llseek = no_llseek,
};
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 162/862] tracing: Do not free snapshot if tracer is on cmdline
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 161/862] tracing: Add ioctl() to force ring buffer waiters to wake up Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 163/862] tracing: Move duplicate code of trace_kprobe/eprobe.c into header Greg Kroah-Hartman
` (714 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu, Andrew Morton,
Ross Zwisler, Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit a541a9559bb0a8ecc434de01d3e4826c32e8bb53 upstream.
The ftrace_boot_snapshot and alloc_snapshot cmdline options allocate the
snapshot buffer at boot up for use later. The ftrace_boot_snapshot in
particular requires the snapshot to be allocated because it will take a
snapshot at the end of boot up allowing to see the traces that happened
during boot so that it's not lost when user space takes over.
When a tracer is registered (started) there's a path that checks if it
requires the snapshot buffer or not, and if it does not and it was
allocated it will do a synchronization and free the snapshot buffer.
This is only required if the previous tracer was using it for "max
latency" snapshots, as it needs to make sure all max snapshots are
complete before freeing. But this is only needed if the previous tracer
was using the snapshot buffer for latency (like irqoff tracer and
friends). But it does not make sense to free it, if the previous tracer
was not using it, and the snapshot was allocated by the cmdline
parameters. This basically takes away the point of allocating it in the
first place!
Note, the allocated snapshot worked fine for just trace events, but fails
when a tracer is enabled on the cmdline.
Further investigation, this goes back even further and it does not require
a tracer on the cmdline to fail. Simply enable snapshots and then enable a
tracer, and it will remove the snapshot.
Link: https://lkml.kernel.org/r/20221005113757.041df7fe@gandalf.local.home
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Fixes: 45ad21ca5530 ("tracing: Have trace_array keep track if snapshot buffer is allocated")
Reported-by: Ross Zwisler <zwisler@kernel.org>
Tested-by: Ross Zwisler <zwisler@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6428,12 +6428,12 @@ int tracing_set_tracer(struct trace_arra
if (tr->current_trace->reset)
tr->current_trace->reset(tr);
+#ifdef CONFIG_TRACER_MAX_TRACE
+ had_max_tr = tr->current_trace->use_max_tr;
+
/* Current trace needs to be nop_trace before synchronize_rcu */
tr->current_trace = &nop_trace;
-#ifdef CONFIG_TRACER_MAX_TRACE
- had_max_tr = tr->allocated_snapshot;
-
if (had_max_tr && !t->use_max_tr) {
/*
* We need to make sure that the update_max_tr sees that
@@ -6446,11 +6446,13 @@ int tracing_set_tracer(struct trace_arra
free_snapshot(tr);
}
- if (t->use_max_tr && !had_max_tr) {
+ if (t->use_max_tr && !tr->allocated_snapshot) {
ret = tracing_alloc_snapshot_instance(tr);
if (ret < 0)
goto out;
}
+#else
+ tr->current_trace = &nop_trace;
#endif
if (t->init) {
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 163/862] tracing: Move duplicate code of trace_kprobe/eprobe.c into header
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 162/862] tracing: Do not free snapshot if tracer is on cmdline Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 164/862] tracing: Add "(fault)" name injection to kernel probes Greg Kroah-Hartman
` (713 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Morton, Tom Zanussi,
Masami Hiramatsu (Google), Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit f1d3cbfaafc10464550c6d3a125f4fc802bbaed5 upstream.
The functions:
fetch_store_strlen_user()
fetch_store_strlen()
fetch_store_string_user()
fetch_store_string()
are identical in both trace_kprobe.c and trace_eprobe.c. Move them into
a new header file trace_probe_kernel.h to share it. This code will later
be used by the synthetic events as well.
Marked for stable as a fix for a crash in synthetic events requires it.
Link: https://lkml.kernel.org/r/20221012104534.467668078@goodmis.org
Cc: stable@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Fixes: bd82631d7ccdc ("tracing: Add support for dynamic strings to synthetic events")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_eprobe.c | 60 +----------------------
kernel/trace/trace_kprobe.c | 60 +----------------------
kernel/trace/trace_probe_kernel.h | 96 ++++++++++++++++++++++++++++++++++++++
3 files changed, 106 insertions(+), 110 deletions(-)
create mode 100644 kernel/trace/trace_probe_kernel.h
--- a/kernel/trace/trace_eprobe.c
+++ b/kernel/trace/trace_eprobe.c
@@ -16,6 +16,7 @@
#include "trace_dynevent.h"
#include "trace_probe.h"
#include "trace_probe_tmpl.h"
+#include "trace_probe_kernel.h"
#define EPROBE_EVENT_SYSTEM "eprobes"
@@ -453,29 +454,14 @@ NOKPROBE_SYMBOL(process_fetch_insn)
static nokprobe_inline int
fetch_store_strlen_user(unsigned long addr)
{
- const void __user *uaddr = (__force const void __user *)addr;
-
- return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
+ return kern_fetch_store_strlen_user(addr);
}
/* Return the length of string -- including null terminal byte */
static nokprobe_inline int
fetch_store_strlen(unsigned long addr)
{
- int ret, len = 0;
- u8 c;
-
-#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
- if (addr < TASK_SIZE)
- return fetch_store_strlen_user(addr);
-#endif
-
- do {
- ret = copy_from_kernel_nofault(&c, (u8 *)addr + len, 1);
- len++;
- } while (c && ret == 0 && len < MAX_STRING_SIZE);
-
- return (ret < 0) ? ret : len;
+ return kern_fetch_store_strlen(addr);
}
/*
@@ -485,21 +471,7 @@ fetch_store_strlen(unsigned long addr)
static nokprobe_inline int
fetch_store_string_user(unsigned long addr, void *dest, void *base)
{
- const void __user *uaddr = (__force const void __user *)addr;
- int maxlen = get_loc_len(*(u32 *)dest);
- void *__dest;
- long ret;
-
- if (unlikely(!maxlen))
- return -ENOMEM;
-
- __dest = get_loc_data(dest, base);
-
- ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
- if (ret >= 0)
- *(u32 *)dest = make_data_loc(ret, __dest - base);
-
- return ret;
+ return kern_fetch_store_string_user(addr, dest, base);
}
/*
@@ -509,29 +481,7 @@ fetch_store_string_user(unsigned long ad
static nokprobe_inline int
fetch_store_string(unsigned long addr, void *dest, void *base)
{
- int maxlen = get_loc_len(*(u32 *)dest);
- void *__dest;
- long ret;
-
-#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
- if ((unsigned long)addr < TASK_SIZE)
- return fetch_store_string_user(addr, dest, base);
-#endif
-
- if (unlikely(!maxlen))
- return -ENOMEM;
-
- __dest = get_loc_data(dest, base);
-
- /*
- * Try to get string again, since the string can be changed while
- * probing.
- */
- ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen);
- if (ret >= 0)
- *(u32 *)dest = make_data_loc(ret, __dest - base);
-
- return ret;
+ return kern_fetch_store_string(addr, dest, base);
}
static nokprobe_inline int
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -20,6 +20,7 @@
#include "trace_kprobe_selftest.h"
#include "trace_probe.h"
#include "trace_probe_tmpl.h"
+#include "trace_probe_kernel.h"
#define KPROBE_EVENT_SYSTEM "kprobes"
#define KRETPROBE_MAXACTIVE_MAX 4096
@@ -1223,29 +1224,14 @@ static const struct file_operations kpro
static nokprobe_inline int
fetch_store_strlen_user(unsigned long addr)
{
- const void __user *uaddr = (__force const void __user *)addr;
-
- return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
+ return kern_fetch_store_strlen_user(addr);
}
/* Return the length of string -- including null terminal byte */
static nokprobe_inline int
fetch_store_strlen(unsigned long addr)
{
- int ret, len = 0;
- u8 c;
-
-#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
- if (addr < TASK_SIZE)
- return fetch_store_strlen_user(addr);
-#endif
-
- do {
- ret = copy_from_kernel_nofault(&c, (u8 *)addr + len, 1);
- len++;
- } while (c && ret == 0 && len < MAX_STRING_SIZE);
-
- return (ret < 0) ? ret : len;
+ return kern_fetch_store_strlen(addr);
}
/*
@@ -1255,21 +1241,7 @@ fetch_store_strlen(unsigned long addr)
static nokprobe_inline int
fetch_store_string_user(unsigned long addr, void *dest, void *base)
{
- const void __user *uaddr = (__force const void __user *)addr;
- int maxlen = get_loc_len(*(u32 *)dest);
- void *__dest;
- long ret;
-
- if (unlikely(!maxlen))
- return -ENOMEM;
-
- __dest = get_loc_data(dest, base);
-
- ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
- if (ret >= 0)
- *(u32 *)dest = make_data_loc(ret, __dest - base);
-
- return ret;
+ return kern_fetch_store_string_user(addr, dest, base);
}
/*
@@ -1279,29 +1251,7 @@ fetch_store_string_user(unsigned long ad
static nokprobe_inline int
fetch_store_string(unsigned long addr, void *dest, void *base)
{
- int maxlen = get_loc_len(*(u32 *)dest);
- void *__dest;
- long ret;
-
-#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
- if ((unsigned long)addr < TASK_SIZE)
- return fetch_store_string_user(addr, dest, base);
-#endif
-
- if (unlikely(!maxlen))
- return -ENOMEM;
-
- __dest = get_loc_data(dest, base);
-
- /*
- * Try to get string again, since the string can be changed while
- * probing.
- */
- ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen);
- if (ret >= 0)
- *(u32 *)dest = make_data_loc(ret, __dest - base);
-
- return ret;
+ return kern_fetch_store_string(addr, dest, base);
}
static nokprobe_inline int
--- /dev/null
+++ b/kernel/trace/trace_probe_kernel.h
@@ -0,0 +1,96 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __TRACE_PROBE_KERNEL_H_
+#define __TRACE_PROBE_KERNEL_H_
+
+/*
+ * This depends on trace_probe.h, but can not include it due to
+ * the way trace_probe_tmpl.h is used by trace_kprobe.c and trace_eprobe.c.
+ * Which means that any other user must include trace_probe.h before including
+ * this file.
+ */
+/* Return the length of string -- including null terminal byte */
+static nokprobe_inline int
+kern_fetch_store_strlen_user(unsigned long addr)
+{
+ const void __user *uaddr = (__force const void __user *)addr;
+
+ return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
+}
+
+/* Return the length of string -- including null terminal byte */
+static nokprobe_inline int
+kern_fetch_store_strlen(unsigned long addr)
+{
+ int ret, len = 0;
+ u8 c;
+
+#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
+ if (addr < TASK_SIZE)
+ return kern_fetch_store_strlen_user(addr);
+#endif
+
+ do {
+ ret = copy_from_kernel_nofault(&c, (u8 *)addr + len, 1);
+ len++;
+ } while (c && ret == 0 && len < MAX_STRING_SIZE);
+
+ return (ret < 0) ? ret : len;
+}
+
+/*
+ * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
+ * with max length and relative data location.
+ */
+static nokprobe_inline int
+kern_fetch_store_string_user(unsigned long addr, void *dest, void *base)
+{
+ const void __user *uaddr = (__force const void __user *)addr;
+ int maxlen = get_loc_len(*(u32 *)dest);
+ void *__dest;
+ long ret;
+
+ if (unlikely(!maxlen))
+ return -ENOMEM;
+
+ __dest = get_loc_data(dest, base);
+
+ ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
+ if (ret >= 0)
+ *(u32 *)dest = make_data_loc(ret, __dest - base);
+
+ return ret;
+}
+
+/*
+ * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
+ * length and relative data location.
+ */
+static nokprobe_inline int
+kern_fetch_store_string(unsigned long addr, void *dest, void *base)
+{
+ int maxlen = get_loc_len(*(u32 *)dest);
+ void *__dest;
+ long ret;
+
+#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
+ if ((unsigned long)addr < TASK_SIZE)
+ return kern_fetch_store_string_user(addr, dest, base);
+#endif
+
+ if (unlikely(!maxlen))
+ return -ENOMEM;
+
+ __dest = get_loc_data(dest, base);
+
+ /*
+ * Try to get string again, since the string can be changed while
+ * probing.
+ */
+ ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen);
+ if (ret >= 0)
+ *(u32 *)dest = make_data_loc(ret, __dest - base);
+
+ return ret;
+}
+
+#endif /* __TRACE_PROBE_KERNEL_H_ */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 164/862] tracing: Add "(fault)" name injection to kernel probes
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 163/862] tracing: Move duplicate code of trace_kprobe/eprobe.c into header Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 165/862] tracing: Fix reading strings from synthetic events Greg Kroah-Hartman
` (712 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Morton, Tom Zanussi,
Masami Hiramatsu (Google), Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 2e9906f84fc7c99388bb7123ade167250d50f1c0 upstream.
Have the specific functions for kernel probes that read strings to inject
the "(fault)" name directly. trace_probes.c does this too (for uprobes)
but as the code to read strings are going to be used by synthetic events
(and perhaps other utilities), it simplifies the code by making sure those
other uses do not need to implement the "(fault)" name injection as well.
Link: https://lkml.kernel.org/r/20221012104534.644803645@goodmis.org
Cc: stable@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Fixes: bd82631d7ccdc ("tracing: Add support for dynamic strings to synthetic events")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_probe_kernel.h | 31 +++++++++++++++++++++++++------
1 file changed, 25 insertions(+), 6 deletions(-)
--- a/kernel/trace/trace_probe_kernel.h
+++ b/kernel/trace/trace_probe_kernel.h
@@ -2,6 +2,8 @@
#ifndef __TRACE_PROBE_KERNEL_H_
#define __TRACE_PROBE_KERNEL_H_
+#define FAULT_STRING "(fault)"
+
/*
* This depends on trace_probe.h, but can not include it due to
* the way trace_probe_tmpl.h is used by trace_kprobe.c and trace_eprobe.c.
@@ -13,8 +15,16 @@ static nokprobe_inline int
kern_fetch_store_strlen_user(unsigned long addr)
{
const void __user *uaddr = (__force const void __user *)addr;
+ int ret;
- return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
+ ret = strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
+ /*
+ * strnlen_user_nofault returns zero on fault, insert the
+ * FAULT_STRING when that occurs.
+ */
+ if (ret <= 0)
+ return strlen(FAULT_STRING) + 1;
+ return ret;
}
/* Return the length of string -- including null terminal byte */
@@ -34,7 +44,18 @@ kern_fetch_store_strlen(unsigned long ad
len++;
} while (c && ret == 0 && len < MAX_STRING_SIZE);
- return (ret < 0) ? ret : len;
+ /* For faults, return enough to hold the FAULT_STRING */
+ return (ret < 0) ? strlen(FAULT_STRING) + 1 : len;
+}
+
+static nokprobe_inline void set_data_loc(int ret, void *dest, void *__dest, void *base, int len)
+{
+ if (ret >= 0) {
+ *(u32 *)dest = make_data_loc(ret, __dest - base);
+ } else {
+ strscpy(__dest, FAULT_STRING, len);
+ ret = strlen(__dest) + 1;
+ }
}
/*
@@ -55,8 +76,7 @@ kern_fetch_store_string_user(unsigned lo
__dest = get_loc_data(dest, base);
ret = strncpy_from_user_nofault(__dest, uaddr, maxlen);
- if (ret >= 0)
- *(u32 *)dest = make_data_loc(ret, __dest - base);
+ set_data_loc(ret, dest, __dest, base, maxlen);
return ret;
}
@@ -87,8 +107,7 @@ kern_fetch_store_string(unsigned long ad
* probing.
*/
ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen);
- if (ret >= 0)
- *(u32 *)dest = make_data_loc(ret, __dest - base);
+ set_data_loc(ret, dest, __dest, base, maxlen);
return ret;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 165/862] tracing: Fix reading strings from synthetic events
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 164/862] tracing: Add "(fault)" name injection to kernel probes Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 166/862] rpmsg: char: Avoid double destroy of default endpoint Greg Kroah-Hartman
` (711 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Morton, Tom Zanussi,
Masami Hiramatsu (Google), Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 0934ae9977c27133449b6dd8c6213970e7eece38 upstream.
The follow commands caused a crash:
# cd /sys/kernel/tracing
# echo 's:open char file[]' > dynamic_events
# echo 'hist:keys=common_pid:file=filename:onchange($file).trace(open,$file)' > events/syscalls/sys_enter_openat/trigger'
# echo 1 > events/synthetic/open/enable
BOOM!
The problem is that the synthetic event field "char file[]" will read
the value given to it as a string without any memory checks to make sure
the address is valid. The above example will pass in the user space
address and the sythetic event code will happily call strlen() on it
and then strscpy() where either one will cause an oops when accessing
user space addresses.
Use the helper functions from trace_kprobe and trace_eprobe that can
read strings safely (and actually succeed when the address is from user
space and the memory is mapped in).
Now the above can show:
packagekitd-1721 [000] ...2. 104.597170: open: file=/usr/lib/rpm/fileattrs/cmake.attr
in:imjournal-978 [006] ...2. 104.599642: open: file=/var/lib/rsyslog/imjournal.state.tmp
packagekitd-1721 [000] ...2. 104.626308: open: file=/usr/lib/rpm/fileattrs/debuginfo.attr
Link: https://lkml.kernel.org/r/20221012104534.826549315@goodmis.org
Cc: stable@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Fixes: bd82631d7ccdc ("tracing: Add support for dynamic strings to synthetic events")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_synth.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -17,6 +17,8 @@
/* for gfp flag names */
#include <linux/trace_events.h>
#include <trace/events/mmflags.h>
+#include "trace_probe.h"
+#include "trace_probe_kernel.h"
#include "trace_synth.h"
@@ -409,6 +411,7 @@ static unsigned int trace_string(struct
{
unsigned int len = 0;
char *str_field;
+ int ret;
if (is_dynamic) {
u32 data_offset;
@@ -417,19 +420,27 @@ static unsigned int trace_string(struct
data_offset += event->n_u64 * sizeof(u64);
data_offset += data_size;
- str_field = (char *)entry + data_offset;
-
- len = strlen(str_val) + 1;
- strscpy(str_field, str_val, len);
+ len = kern_fetch_store_strlen((unsigned long)str_val);
data_offset |= len << 16;
*(u32 *)&entry->fields[*n_u64] = data_offset;
+ ret = kern_fetch_store_string((unsigned long)str_val, &entry->fields[*n_u64], entry);
+
(*n_u64)++;
} else {
str_field = (char *)&entry->fields[*n_u64];
- strscpy(str_field, str_val, STR_VAR_LEN_MAX);
+#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
+ if ((unsigned long)str_val < TASK_SIZE)
+ ret = strncpy_from_user_nofault(str_field, str_val, STR_VAR_LEN_MAX);
+ else
+#endif
+ ret = strncpy_from_kernel_nofault(str_field, str_val, STR_VAR_LEN_MAX);
+
+ if (ret < 0)
+ strcpy(str_field, FAULT_STRING);
+
(*n_u64) += STR_VAR_LEN_MAX / sizeof(u64);
}
@@ -462,7 +473,7 @@ static notrace void trace_event_raw_even
val_idx = var_ref_idx[field_pos];
str_val = (char *)(long)var_ref_vals[val_idx];
- len = strlen(str_val) + 1;
+ len = kern_fetch_store_strlen((unsigned long)str_val);
fields_size += len;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 166/862] rpmsg: char: Avoid double destroy of default endpoint
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 165/862] tracing: Fix reading strings from synthetic events Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 167/862] thunderbolt: Explicitly enable lane adapter hotplug events at startup Greg Kroah-Hartman
` (710 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shengjiu Wang, Arnaud Pouliquen,
Peng Fan, Mathieu Poirier
From: Shengjiu Wang <shengjiu.wang@nxp.com>
commit 467233a4ac29b215d492843d067a9f091e6bf0c5 upstream.
The rpmsg_dev_remove() in rpmsg_core is the place for releasing
this default endpoint.
So need to avoid destroying the default endpoint in
rpmsg_chrdev_eptdev_destroy(), this should be the same as
rpmsg_eptdev_release(). Otherwise there will be double destroy
issue that ept->refcount report warning:
refcount_t: underflow; use-after-free.
Call trace:
refcount_warn_saturate+0xf8/0x150
virtio_rpmsg_destroy_ept+0xd4/0xec
rpmsg_dev_remove+0x60/0x70
The issue can be reproduced by stopping remoteproc before
closing the /dev/rpmsgX.
Fixes: bea9b79c2d10 ("rpmsg: char: Add possibility to use default endpoint of the rpmsg device")
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1663725523-6514-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rpmsg/rpmsg_char.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/rpmsg/rpmsg_char.c
+++ b/drivers/rpmsg/rpmsg_char.c
@@ -76,7 +76,9 @@ int rpmsg_chrdev_eptdev_destroy(struct d
mutex_lock(&eptdev->ept_lock);
if (eptdev->ept) {
- rpmsg_destroy_ept(eptdev->ept);
+ /* The default endpoint is released by the rpmsg core */
+ if (!eptdev->default_ept)
+ rpmsg_destroy_ept(eptdev->ept);
eptdev->ept = NULL;
}
mutex_unlock(&eptdev->ept_lock);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 167/862] thunderbolt: Explicitly enable lane adapter hotplug events at startup
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 166/862] rpmsg: char: Avoid double destroy of default endpoint Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 168/862] efi: libstub: drop pointless get_memory_map() call Greg Kroah-Hartman
` (709 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mario Limonciello, Mika Westerberg
From: Mario Limonciello <mario.limonciello@amd.com>
commit 5d2569cb4a65c373896ec0217febdf88739ed295 upstream.
Software that has run before the USB4 CM in Linux runs may have disabled
hotplug events for a given lane adapter.
Other CMs such as that one distributed with Windows 11 will enable hotplug
events. Do the same thing in the Linux CM which fixes hotplug events on
"AMD Pink Sardine".
Cc: stable@vger.kernel.org
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thunderbolt/switch.c | 24 ++++++++++++++++++++++++
drivers/thunderbolt/tb.h | 1 +
drivers/thunderbolt/tb_regs.h | 1 +
drivers/thunderbolt/usb4.c | 20 ++++++++++++++++++++
4 files changed, 46 insertions(+)
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -2822,6 +2822,26 @@ static void tb_switch_credits_init(struc
tb_sw_info(sw, "failed to determine preferred buffer allocation, using defaults\n");
}
+static int tb_switch_port_hotplug_enable(struct tb_switch *sw)
+{
+ struct tb_port *port;
+
+ if (tb_switch_is_icm(sw))
+ return 0;
+
+ tb_switch_for_each_port(sw, port) {
+ int res;
+
+ if (!port->cap_usb4)
+ continue;
+
+ res = usb4_port_hotplug_enable(port);
+ if (res)
+ return res;
+ }
+ return 0;
+}
+
/**
* tb_switch_add() - Add a switch to the domain
* @sw: Switch to add
@@ -2891,6 +2911,10 @@ int tb_switch_add(struct tb_switch *sw)
return ret;
}
+ ret = tb_switch_port_hotplug_enable(sw);
+ if (ret)
+ return ret;
+
ret = device_add(&sw->dev);
if (ret) {
dev_err(&sw->dev, "failed to add device: %d\n", ret);
--- a/drivers/thunderbolt/tb.h
+++ b/drivers/thunderbolt/tb.h
@@ -1174,6 +1174,7 @@ int usb4_switch_add_ports(struct tb_swit
void usb4_switch_remove_ports(struct tb_switch *sw);
int usb4_port_unlock(struct tb_port *port);
+int usb4_port_hotplug_enable(struct tb_port *port);
int usb4_port_configure(struct tb_port *port);
void usb4_port_unconfigure(struct tb_port *port);
int usb4_port_configure_xdomain(struct tb_port *port);
--- a/drivers/thunderbolt/tb_regs.h
+++ b/drivers/thunderbolt/tb_regs.h
@@ -308,6 +308,7 @@ struct tb_regs_port_header {
#define ADP_CS_5 0x05
#define ADP_CS_5_LCA_MASK GENMASK(28, 22)
#define ADP_CS_5_LCA_SHIFT 22
+#define ADP_CS_5_DHP BIT(31)
/* TMU adapter registers */
#define TMU_ADP_CS_3 0x03
--- a/drivers/thunderbolt/usb4.c
+++ b/drivers/thunderbolt/usb4.c
@@ -1046,6 +1046,26 @@ int usb4_port_unlock(struct tb_port *por
return tb_port_write(port, &val, TB_CFG_PORT, ADP_CS_4, 1);
}
+/**
+ * usb4_port_hotplug_enable() - Enables hotplug for a port
+ * @port: USB4 port to operate on
+ *
+ * Enables hot plug events on a given port. This is only intended
+ * to be used on lane, DP-IN, and DP-OUT adapters.
+ */
+int usb4_port_hotplug_enable(struct tb_port *port)
+{
+ int ret;
+ u32 val;
+
+ ret = tb_port_read(port, &val, TB_CFG_PORT, ADP_CS_5, 1);
+ if (ret)
+ return ret;
+
+ val &= ~ADP_CS_5_DHP;
+ return tb_port_write(port, &val, TB_CFG_PORT, ADP_CS_5, 1);
+}
+
static int usb4_port_set_configured(struct tb_port *port, bool configured)
{
int ret;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 168/862] efi: libstub: drop pointless get_memory_map() call
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 167/862] thunderbolt: Explicitly enable lane adapter hotplug events at startup Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 169/862] media: cedrus: Fix watchdog race condition Greg Kroah-Hartman
` (708 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel
From: Ard Biesheuvel <ardb@kernel.org>
commit d80ca810f096ff66f451e7a3ed2f0cd9ef1ff519 upstream.
Currently, the non-x86 stub code calls get_memory_map() redundantly,
given that the data it returns is never used anywhere. So drop the call.
Cc: <stable@vger.kernel.org> # v4.14+
Fixes: 24d7c494ce46 ("efi/arm-stub: Round up FDT allocation to mapping size")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/libstub/fdt.c | 8 --------
1 file changed, 8 deletions(-)
--- a/drivers/firmware/efi/libstub/fdt.c
+++ b/drivers/firmware/efi/libstub/fdt.c
@@ -280,14 +280,6 @@ efi_status_t allocate_new_fdt_and_exit_b
goto fail;
}
- /*
- * Now that we have done our final memory allocation (and free)
- * we can get the memory map key needed for exit_boot_services().
- */
- status = efi_get_memory_map(&map);
- if (status != EFI_SUCCESS)
- goto fail_free_new_fdt;
-
status = update_fdt((void *)fdt_addr, fdt_size,
(void *)*new_fdt_addr, MAX_FDT_SIZE, cmdline_ptr,
initrd_addr, initrd_size);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 169/862] media: cedrus: Fix watchdog race condition
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 168/862] efi: libstub: drop pointless get_memory_map() call Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 170/862] media: cedrus: Set the platform driver data earlier Greg Kroah-Hartman
` (707 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dufresne, Paul Kocialkowski,
Hans Verkuil, Mauro Carvalho Chehab
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
commit fe8b81fde69acfcbb5af9e85328e5b9549999fdb upstream.
The watchdog needs to be scheduled before we trigger the decode
operation, otherwise there is a risk that the decoder IRQ will be
called before we have schedule the watchdog. As a side effect, the
watchdog would never be cancelled and its function would be called
at an inappropriate time.
This was observed while running Fluster with GStreamer as a backend.
Some programming error would cause the decoder IRQ to be call very
quickly after the trigger. Later calls into the driver would deadlock
due to the unbalanced state.
Cc: stable@vger.kernel.org
Fixes: 7c38a551bda1 ("media: cedrus: Add watchdog for job completion")
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/media/sunxi/cedrus/cedrus_dec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/staging/media/sunxi/cedrus/cedrus_dec.c
+++ b/drivers/staging/media/sunxi/cedrus/cedrus_dec.c
@@ -106,11 +106,11 @@ void cedrus_device_run(void *priv)
/* Trigger decoding if setup went well, bail out otherwise. */
if (!error) {
- dev->dec_ops[ctx->current_codec]->trigger(ctx);
-
/* Start the watchdog timer. */
schedule_delayed_work(&dev->watchdog_work,
msecs_to_jiffies(2000));
+
+ dev->dec_ops[ctx->current_codec]->trigger(ctx);
} else {
v4l2_m2m_buf_done_and_job_finish(ctx->dev->m2m_dev,
ctx->fh.m2m_ctx,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 170/862] media: cedrus: Set the platform driver data earlier
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 169/862] media: cedrus: Fix watchdog race condition Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 171/862] media: cedrus: Fix endless loop in cedrus_h265_skip_bits() Greg Kroah-Hartman
` (706 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Osipenko, Nicolas Dufresne,
Samuel Holland, Paul Kocialkowski, Hans Verkuil,
Mauro Carvalho Chehab
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit 708938f8495147fe2e77a9a3e1015d8e6899323e upstream.
The cedrus_hw_resume() crashes with NULL deference on driver probe if
runtime PM is disabled because it uses platform data that hasn't been
set up yet. Fix this by setting the platform data earlier during probe.
Cc: stable@vger.kernel.org
Fixes: 50e761516f2b (media: platform: Add Cedrus VPU decoder driver)
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Acked-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/media/sunxi/cedrus/cedrus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/staging/media/sunxi/cedrus/cedrus.c
+++ b/drivers/staging/media/sunxi/cedrus/cedrus.c
@@ -448,6 +448,8 @@ static int cedrus_probe(struct platform_
if (!dev)
return -ENOMEM;
+ platform_set_drvdata(pdev, dev);
+
dev->vfd = cedrus_video_device;
dev->dev = &pdev->dev;
dev->pdev = pdev;
@@ -521,8 +523,6 @@ static int cedrus_probe(struct platform_
goto err_m2m_mc;
}
- platform_set_drvdata(pdev, dev);
-
return 0;
err_m2m_mc:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 171/862] media: cedrus: Fix endless loop in cedrus_h265_skip_bits()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 170/862] media: cedrus: Set the platform driver data earlier Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 172/862] blk-throttle: fix that io throttle can only work for single bio Greg Kroah-Hartman
` (705 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dufresne, Dmitry Osipenko,
Hans Verkuil, Mauro Carvalho Chehab
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit 91db7a3fc7fe670cf1770a398a43bb4a1f776bf1 upstream.
The busy status bit may never de-assert if number of programmed skip
bits is incorrect, resulting in a kernel hang because the bit is polled
endlessly in the code. Fix it by adding timeout for the bit-polling.
This problem is reproducible by setting the data_bit_offset field of
the HEVC slice params to a wrong value by userspace.
Cc: stable@vger.kernel.org
Fixes: 7678c5462680 (media: cedrus: Fix decoding for some HEVC videos)
Reported-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
+++ b/drivers/staging/media/sunxi/cedrus/cedrus_h265.c
@@ -234,8 +234,9 @@ static void cedrus_h265_skip_bits(struct
cedrus_write(dev, VE_DEC_H265_TRIGGER,
VE_DEC_H265_TRIGGER_FLUSH_BITS |
VE_DEC_H265_TRIGGER_TYPE_N_BITS(tmp));
- while (cedrus_read(dev, VE_DEC_H265_STATUS) & VE_DEC_H265_STATUS_VLD_BUSY)
- udelay(1);
+
+ if (cedrus_wait_for(dev, VE_DEC_H265_STATUS, VE_DEC_H265_STATUS_VLD_BUSY))
+ dev_err_ratelimited(dev->dev, "timed out waiting to skip bits\n");
count += tmp;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 172/862] blk-throttle: fix that io throttle can only work for single bio
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 171/862] media: cedrus: Fix endless loop in cedrus_h265_skip_bits() Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 173/862] blk-wbt: call rq_qos_add() after wb_normal is initialized Greg Kroah-Hartman
` (704 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yu Kuai, Tejun Heo, Jens Axboe
From: Yu Kuai <yukuai3@huawei.com>
commit 320fb0f91e55ba248d4bad106b408e59099cfa89 upstream.
Test scripts:
cd /sys/fs/cgroup/blkio/
echo "8:0 1024" > blkio.throttle.write_bps_device
echo $$ > cgroup.procs
dd if=/dev/zero of=/dev/sda bs=10k count=1 oflag=direct &
dd if=/dev/zero of=/dev/sda bs=10k count=1 oflag=direct &
Test result:
10240 bytes (10 kB, 10 KiB) copied, 10.0134 s, 1.0 kB/s
10240 bytes (10 kB, 10 KiB) copied, 10.0135 s, 1.0 kB/s
The problem is that the second bio is finished after 10s instead of 20s.
Root cause:
1) second bio will be flagged:
__blk_throtl_bio
while (true) {
...
if (sq->nr_queued[rw]) -> some bio is throttled already
break
};
bio_set_flag(bio, BIO_THROTTLED); -> flag the bio
2) flagged bio will be dispatched without waiting:
throtl_dispatch_tg
tg_may_dispatch
tg_with_in_bps_limit
if (bps_limit == U64_MAX || bio_flagged(bio, BIO_THROTTLED))
*wait = 0; -> wait time is zero
return true;
commit 9f5ede3c01f9 ("block: throttle split bio in case of iops limit")
support to count split bios for iops limit, thus it adds flagged bio
checking in tg_with_in_bps_limit() so that split bios will only count
once for bps limit, however, it introduce a new problem that io throttle
won't work if multiple bios are throttled.
In order to fix the problem, handle iops/bps limit in different ways:
1) for iops limit, there is no flag to record if the bio is throttled,
and iops is always applied.
2) for bps limit, original bio will be flagged with BIO_BPS_THROTTLED,
and io throttle will ignore bio with the flag.
Noted this patch also remove the code to set flag in __bio_clone(), it's
introduced in commit 111be8839817 ("block-throttle: avoid double
charge"), and author thinks split bio can be resubmited and throttled
again, which is wrong because split bio will continue to dispatch from
caller.
Fixes: 9f5ede3c01f9 ("block: throttle split bio in case of iops limit")
Cc: <stable@vger.kernel.org>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Acked-by: Tejun Heo <tj@kernel.org>
Link: https://lore.kernel.org/r/20220829022240.3348319-2-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bio.c | 2 --
block/blk-throttle.c | 20 ++++++--------------
block/blk-throttle.h | 2 +-
include/linux/bio.h | 2 +-
include/linux/blk_types.h | 2 +-
5 files changed, 9 insertions(+), 19 deletions(-)
--- a/block/bio.c
+++ b/block/bio.c
@@ -760,8 +760,6 @@ EXPORT_SYMBOL(bio_put);
static int __bio_clone(struct bio *bio, struct bio *bio_src, gfp_t gfp)
{
bio_set_flag(bio, BIO_CLONED);
- if (bio_flagged(bio_src, BIO_THROTTLED))
- bio_set_flag(bio, BIO_THROTTLED);
bio->bi_ioprio = bio_src->bi_ioprio;
bio->bi_iter = bio_src->bi_iter;
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -811,7 +811,7 @@ static bool tg_with_in_bps_limit(struct
unsigned int bio_size = throtl_bio_data_size(bio);
/* no need to throttle if this bio's bytes have been accounted */
- if (bps_limit == U64_MAX || bio_flagged(bio, BIO_THROTTLED)) {
+ if (bps_limit == U64_MAX || bio_flagged(bio, BIO_BPS_THROTTLED)) {
if (wait)
*wait = 0;
return true;
@@ -921,22 +921,13 @@ static void throtl_charge_bio(struct thr
unsigned int bio_size = throtl_bio_data_size(bio);
/* Charge the bio to the group */
- if (!bio_flagged(bio, BIO_THROTTLED)) {
+ if (!bio_flagged(bio, BIO_BPS_THROTTLED)) {
tg->bytes_disp[rw] += bio_size;
tg->last_bytes_disp[rw] += bio_size;
}
tg->io_disp[rw]++;
tg->last_io_disp[rw]++;
-
- /*
- * BIO_THROTTLED is used to prevent the same bio to be throttled
- * more than once as a throttled bio will go through blk-throtl the
- * second time when it eventually gets issued. Set it when a bio
- * is being charged to a tg.
- */
- if (!bio_flagged(bio, BIO_THROTTLED))
- bio_set_flag(bio, BIO_THROTTLED);
}
/**
@@ -1026,6 +1017,7 @@ static void tg_dispatch_one_bio(struct t
sq->nr_queued[rw]--;
throtl_charge_bio(tg, bio);
+ bio_set_flag(bio, BIO_BPS_THROTTLED);
/*
* If our parent is another tg, we just need to transfer @bio to
@@ -2159,8 +2151,10 @@ again:
qn = &tg->qnode_on_parent[rw];
sq = sq->parent_sq;
tg = sq_to_tg(sq);
- if (!tg)
+ if (!tg) {
+ bio_set_flag(bio, BIO_BPS_THROTTLED);
goto out_unlock;
+ }
}
/* out-of-limit, queue to @tg */
@@ -2189,8 +2183,6 @@ again:
}
out_unlock:
- bio_set_flag(bio, BIO_THROTTLED);
-
#ifdef CONFIG_BLK_DEV_THROTTLING_LOW
if (throttled || !td->track_bio_latency)
bio->bi_issue.value |= BIO_ISSUE_THROTL_SKIP_LATENCY;
--- a/block/blk-throttle.h
+++ b/block/blk-throttle.h
@@ -175,7 +175,7 @@ static inline bool blk_throtl_bio(struct
struct throtl_grp *tg = blkg_to_tg(bio->bi_blkg);
/* no need to throttle bps any more if the bio has been throttled */
- if (bio_flagged(bio, BIO_THROTTLED) &&
+ if (bio_flagged(bio, BIO_BPS_THROTTLED) &&
!(tg->flags & THROTL_TG_HAS_IOPS_LIMIT))
return false;
--- a/include/linux/bio.h
+++ b/include/linux/bio.h
@@ -509,7 +509,7 @@ static inline void bio_set_dev(struct bi
{
bio_clear_flag(bio, BIO_REMAPPED);
if (bio->bi_bdev != bdev)
- bio_clear_flag(bio, BIO_THROTTLED);
+ bio_clear_flag(bio, BIO_BPS_THROTTLED);
bio->bi_bdev = bdev;
bio_associate_blkg(bio);
}
--- a/include/linux/blk_types.h
+++ b/include/linux/blk_types.h
@@ -325,7 +325,7 @@ enum {
BIO_QUIET, /* Make BIO Quiet */
BIO_CHAIN, /* chained bio, ->bi_remaining in effect */
BIO_REFFED, /* bio has elevated ->bi_cnt */
- BIO_THROTTLED, /* This bio has already been subjected to
+ BIO_BPS_THROTTLED, /* This bio has already been subjected to
* throttling rules. Don't do it again. */
BIO_TRACE_COMPLETION, /* bio_endio() should trace the final completion
* of this bio. */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 173/862] blk-wbt: call rq_qos_add() after wb_normal is initialized
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 172/862] blk-throttle: fix that io throttle can only work for single bio Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 174/862] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Greg Kroah-Hartman
` (703 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yu Kuai, Jens Axboe
From: Yu Kuai <yukuai3@huawei.com>
commit 8c5035dfbb9475b67c82b3fdb7351236525bf52b upstream.
Our test found a problem that wbt inflight counter is negative, which
will cause io hang(noted that this problem doesn't exist in mainline):
t1: device create t2: issue io
add_disk
blk_register_queue
wbt_enable_default
wbt_init
rq_qos_add
// wb_normal is still 0
/*
* in mainline, disk can't be opened before
* bdev_add(), however, in old kernels, disk
* can be opened before blk_register_queue().
*/
blkdev_issue_flush
// disk size is 0, however, it's not checked
submit_bio_wait
submit_bio
blk_mq_submit_bio
rq_qos_throttle
wbt_wait
bio_to_wbt_flags
rwb_enabled
// wb_normal is 0, inflight is not increased
wbt_queue_depth_changed(&rwb->rqos);
wbt_update_limits
// wb_normal is initialized
rq_qos_track
wbt_track
rq->wbt_flags |= bio_to_wbt_flags(rwb, bio);
// wb_normal is not 0,wbt_flags will be set
t3: io completion
blk_mq_free_request
rq_qos_done
wbt_done
wbt_is_tracked
// return true
__wbt_done
wbt_rqw_done
atomic_dec_return(&rqw->inflight);
// inflight is decreased
commit 8235b5c1e8c1 ("block: call bdev_add later in device_add_disk") can
avoid this problem, however it's better to fix this problem in wbt:
1) Lower kernel can't backport this patch due to lots of refactor.
2) Root cause is that wbt call rq_qos_add() before wb_normal is
initialized.
Fixes: e34cbd307477 ("blk-wbt: add general throttling mechanism")
Cc: <stable@vger.kernel.org>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Link: https://lore.kernel.org/r/20220913105749.3086243-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-wbt.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--- a/block/blk-wbt.c
+++ b/block/blk-wbt.c
@@ -843,6 +843,10 @@ int wbt_init(struct request_queue *q)
rwb->enable_state = WBT_STATE_ON_DEFAULT;
rwb->wc = 1;
rwb->rq_depth.default_depth = RWB_DEF_DEPTH;
+ rwb->min_lat_nsec = wbt_default_latency_nsec(q);
+
+ wbt_queue_depth_changed(&rwb->rqos);
+ wbt_set_write_cache(q, test_bit(QUEUE_FLAG_WC, &q->queue_flags));
/*
* Assign rwb and add the stats callback.
@@ -853,11 +857,6 @@ int wbt_init(struct request_queue *q)
blk_stat_add_callback(q, rwb->cb);
- rwb->min_lat_nsec = wbt_default_latency_nsec(q);
-
- wbt_queue_depth_changed(&rwb->rqos);
- wbt_set_write_cache(q, test_bit(QUEUE_FLAG_WC, &q->queue_flags));
-
return 0;
err_free:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 174/862] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 173/862] blk-wbt: call rq_qos_add() after wb_normal is initialized Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 175/862] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Greg Kroah-Hartman
` (702 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Luczaj, Sean Christopherson
From: Michal Luczaj <mhal@rbox.co>
commit 6aa5c47c351b22c21205c87977c84809cd015fcf upstream.
The emulator checks the wrong variable while setting the CPU
interruptibility state, the target segment is embedded in the instruction
opcode, not the ModR/M register. Fix the condition.
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Fixes: a5457e7bcf9a ("KVM: emulate: POP SS triggers a MOV SS shadow too")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20220821215900.1419215-1-mhal@rbox.co
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1953,7 +1953,7 @@ static int em_pop_sreg(struct x86_emulat
if (rc != X86EMUL_CONTINUE)
return rc;
- if (ctxt->modrm_reg == VCPU_SREG_SS)
+ if (seg == VCPU_SREG_SS)
ctxt->interruptibility = KVM_X86_SHADOW_INT_MOV_SS;
if (ctxt->op_bytes > 2)
rsp_increment(ctxt, ctxt->op_bytes - 2);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 175/862] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 174/862] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 176/862] KVM: nVMX: Dont propagate vmcs12s PERF_GLOBAL_CTRL settings to vmcs02 Greg Kroah-Hartman
` (701 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Jim Mattson,
Maxim Levitsky, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit d953540430c5af57f5de97ea9e36253908204027 upstream.
Drop pending exceptions and events queued for re-injection when leaving
nested guest mode, even if the "exit" is due to VM-Fail, SMI, or forced
by host userspace. Failure to purge events could result in an event
belonging to L2 being injected into L1.
This _should_ never happen for VM-Fail as all events should be blocked by
nested_run_pending, but it's possible if KVM, not the L1 hypervisor, is
the source of VM-Fail when running vmcs02.
SMI is a nop (barring unknown bugs) as recognition of SMI and thus entry
to SMM is blocked by pending exceptions and re-injected events.
Forced exit is definitely buggy, but has likely gone unnoticed because
userspace probably follows the forced exit with KVM_SET_VCPU_EVENTS (or
some other ioctl() that purges the queue).
Fixes: 4f350c6dbcb9 ("kvm: nVMX: Handle deferred early VMLAUNCH/VMRESUME failure properly")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220830231614.3580124-2-seanjc@google.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4255,14 +4255,6 @@ static void prepare_vmcs12(struct kvm_vc
nested_vmx_abort(vcpu,
VMX_ABORT_SAVE_GUEST_MSR_FAIL);
}
-
- /*
- * Drop what we picked up for L2 via vmx_complete_interrupts. It is
- * preserved above and would only end up incorrectly in L1.
- */
- vcpu->arch.nmi_injected = false;
- kvm_clear_exception_queue(vcpu);
- kvm_clear_interrupt_queue(vcpu);
}
/*
@@ -4602,6 +4594,17 @@ void nested_vmx_vmexit(struct kvm_vcpu *
WARN_ON_ONCE(nested_early_check);
}
+ /*
+ * Drop events/exceptions that were queued for re-injection to L2
+ * (picked up via vmx_complete_interrupts()), as well as exceptions
+ * that were pending for L2. Note, this must NOT be hoisted above
+ * prepare_vmcs12(), events/exceptions queued for re-injection need to
+ * be captured in vmcs12 (see vmcs12_save_pending_event()).
+ */
+ vcpu->arch.nmi_injected = false;
+ kvm_clear_exception_queue(vcpu);
+ kvm_clear_interrupt_queue(vcpu);
+
vmx_switch_vmcs(vcpu, &vmx->vmcs01);
/* Update any VMCS fields that might have changed while L2 ran */
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 176/862] KVM: nVMX: Dont propagate vmcs12s PERF_GLOBAL_CTRL settings to vmcs02
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 175/862] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 177/862] KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) Greg Kroah-Hartman
` (700 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson,
Vitaly Kuznetsov, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit def9d705c05eab3fdedeb10ad67907513b12038e upstream.
Don't propagate vmcs12's VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL to vmcs02.
KVM doesn't disallow L1 from using VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL
even when KVM itself doesn't use the control, e.g. due to the various
CPU errata that where the MSR can be corrupted on VM-Exit.
Preserve KVM's (vmcs01) setting to hopefully avoid having to toggle the
bit in vmcs02 at a later point. E.g. if KVM is loading PERF_GLOBAL_CTRL
when running L1, then odds are good KVM will also load the MSR when
running L2.
Fixes: 8bf00a529967 ("KVM: VMX: add support for switching of PERF_GLOBAL_CTRL")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Link: https://lore.kernel.org/r/20220830133737.1539624-18-vkuznets@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -2328,9 +2328,14 @@ static void prepare_vmcs02_early(struct
* are emulated by vmx_set_efer() in prepare_vmcs02(), but speculate
* on the related bits (if supported by the CPU) in the hope that
* we can avoid VMWrites during vmx_set_efer().
+ *
+ * Similarly, take vmcs01's PERF_GLOBAL_CTRL in the hope that if KVM is
+ * loading PERF_GLOBAL_CTRL via the VMCS for L1, then KVM will want to
+ * do the same for L2.
*/
exec_control = __vm_entry_controls_get(vmcs01);
- exec_control |= vmcs12->vm_entry_controls;
+ exec_control |= (vmcs12->vm_entry_controls &
+ ~VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL);
exec_control &= ~(VM_ENTRY_IA32E_MODE | VM_ENTRY_LOAD_IA32_EFER);
if (cpu_has_load_ia32_efer()) {
if (guest_efer & EFER_LMA)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 177/862] KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 176/862] KVM: nVMX: Dont propagate vmcs12s PERF_GLOBAL_CTRL settings to vmcs02 Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 178/862] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Greg Kroah-Hartman
` (699 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Maxim Levitsky,
Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit 5623f751bd9c438ed12840e086f33c4646440d19 upstream.
Add a dedicated "exception type" for #DBs, as #DBs can be fault-like or
trap-like depending the sub-type of #DB, and effectively defer the
decision of what to do with the #DB to the caller.
For the emulator's two calls to exception_type(), treat the #DB as
fault-like, as the emulator handles only code breakpoint and general
detect #DBs, both of which are fault-like.
For event injection, which uses exception_type() to determine whether to
set EFLAGS.RF=1 on the stack, keep the current behavior of not setting
RF=1 for #DBs. Intel and AMD explicitly state RF isn't set on code #DBs,
so exempting by failing the "== EXCPT_FAULT" check is correct. The only
other fault-like #DB is General Detect, and despite Intel and AMD both
strongly implying (through omission) that General Detect #DBs should set
RF=1, hardware (multiple generations of both Intel and AMD), in fact does
not. Through insider knowledge, extreme foresight, sheer dumb luck, or
some combination thereof, KVM correctly handled RF for General Detect #DBs.
Fixes: 38827dbd3fb8 ("KVM: x86: Do not update EFLAGS on faulting emulation")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220830231614.3580124-9-seanjc@google.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -528,6 +528,7 @@ static int exception_class(int vector)
#define EXCPT_TRAP 1
#define EXCPT_ABORT 2
#define EXCPT_INTERRUPT 3
+#define EXCPT_DB 4
static int exception_type(int vector)
{
@@ -538,8 +539,14 @@ static int exception_type(int vector)
mask = 1 << vector;
- /* #DB is trap, as instruction watchpoints are handled elsewhere */
- if (mask & ((1 << DB_VECTOR) | (1 << BP_VECTOR) | (1 << OF_VECTOR)))
+ /*
+ * #DBs can be trap-like or fault-like, the caller must check other CPU
+ * state, e.g. DR6, to determine whether a #DB is a trap or fault.
+ */
+ if (mask & (1 << DB_VECTOR))
+ return EXCPT_DB;
+
+ if (mask & ((1 << BP_VECTOR) | (1 << OF_VECTOR)))
return EXCPT_TRAP;
if (mask & ((1 << DF_VECTOR) | (1 << MC_VECTOR)))
@@ -8801,6 +8808,12 @@ writeback:
unsigned long rflags = static_call(kvm_x86_get_rflags)(vcpu);
toggle_interruptibility(vcpu, ctxt->interruptibility);
vcpu->arch.emulate_regs_need_sync_to_vcpu = false;
+
+ /*
+ * Note, EXCPT_DB is assumed to be fault-like as the emulator
+ * only supports code breakpoints and general detect #DB, both
+ * of which are fault-like.
+ */
if (!ctxt->have_exception ||
exception_type(ctxt->exception.vector) == EXCPT_TRAP) {
kvm_pmu_trigger_event(vcpu, PERF_COUNT_HW_INSTRUCTIONS);
@@ -9724,6 +9737,16 @@ static int inject_pending_event(struct k
/* try to inject new event if pending */
if (vcpu->arch.exception.pending) {
+ /*
+ * Fault-class exceptions, except #DBs, set RF=1 in the RFLAGS
+ * value pushed on the stack. Trap-like exception and all #DBs
+ * leave RF as-is (KVM follows Intel's behavior in this regard;
+ * AMD states that code breakpoint #DBs excplitly clear RF=0).
+ *
+ * Note, most versions of Intel's SDM and AMD's APM incorrectly
+ * describe the behavior of General Detect #DBs, which are
+ * fault-like. They do _not_ set RF, a la code breakpoints.
+ */
if (exception_type(vcpu->arch.exception.nr) == EXCPT_FAULT)
__kvm_set_rflags(vcpu, kvm_get_rflags(vcpu) |
X86_EFLAGS_RF);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 178/862] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 177/862] KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 179/862] staging: greybus: audio_helper: remove unused and wrong debugfs usage Greg Kroah-Hartman
` (698 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Jim Mattson,
Maxim Levitsky, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit eba9799b5a6efe2993cf92529608e4aa8163d73b upstream.
Deliberately truncate the exception error code when shoving it into the
VMCS (VM-Entry field for vmcs01 and vmcs02, VM-Exit field for vmcs12).
Intel CPUs are incapable of handling 32-bit error codes and will never
generate an error code with bits 31:16, but userspace can provide an
arbitrary error code via KVM_SET_VCPU_EVENTS. Failure to drop the bits
on exception injection results in failed VM-Entry, as VMX disallows
setting bits 31:16. Setting the bits on VM-Exit would at best confuse
L1, and at worse induce a nested VM-Entry failure, e.g. if L1 decided to
reinject the exception back into L2.
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220830231614.3580124-3-seanjc@google.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 11 ++++++++++-
arch/x86/kvm/vmx/vmx.c | 12 +++++++++++-
2 files changed, 21 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3832,7 +3832,16 @@ static void nested_vmx_inject_exception_
u32 intr_info = nr | INTR_INFO_VALID_MASK;
if (vcpu->arch.exception.has_error_code) {
- vmcs12->vm_exit_intr_error_code = vcpu->arch.exception.error_code;
+ /*
+ * Intel CPUs do not generate error codes with bits 31:16 set,
+ * and more importantly VMX disallows setting bits 31:16 in the
+ * injected error code for VM-Entry. Drop the bits to mimic
+ * hardware and avoid inducing failure on nested VM-Entry if L1
+ * chooses to inject the exception back to L2. AMD CPUs _do_
+ * generate "full" 32-bit error codes, so KVM allows userspace
+ * to inject exception error codes with bits 31:16 set.
+ */
+ vmcs12->vm_exit_intr_error_code = (u16)vcpu->arch.exception.error_code;
intr_info |= INTR_INFO_DELIVER_CODE_MASK;
}
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1695,7 +1695,17 @@ static void vmx_queue_exception(struct k
kvm_deliver_exception_payload(vcpu);
if (has_error_code) {
- vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code);
+ /*
+ * Despite the error code being architecturally defined as 32
+ * bits, and the VMCS field being 32 bits, Intel CPUs and thus
+ * VMX don't actually supporting setting bits 31:16. Hardware
+ * will (should) never provide a bogus error code, but AMD CPUs
+ * do generate error codes with bits 31:16 set, and so KVM's
+ * ABI lets userspace shove in arbitrary 32-bit values. Drop
+ * the upper bits to avoid VM-Fail, losing information that
+ * does't really exist is preferable to killing the VM.
+ */
+ vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, (u16)error_code);
intr_info |= INTR_INFO_DELIVER_CODE_MASK;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 179/862] staging: greybus: audio_helper: remove unused and wrong debugfs usage
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 178/862] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 180/862] drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman
` (697 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Alex Elder, stable
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d517cdeb904ddc0cbebcc959d43596426cac40b0 upstream.
In the greybus audio_helper code, the debugfs file for the dapm has the
potential to be removed and memory will be leaked. There is also the
very real potential for this code to remove ALL debugfs entries from the
system, and it seems like this is what will really happen if this code
ever runs. This all is very wrong as the greybus audio driver did not
create this debugfs file, the sound core did and controls the lifespan
of it.
So remove all of the debugfs logic from the audio_helper code as there's
no way it could be correct. If this really is needed, it can come back
with a fixup for the incorrect usage of the debugfs_lookup() call which
is what caused this to be noticed at all.
Cc: Johan Hovold <johan@kernel.org>
Cc: Alex Elder <elder@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20220902143715.320500-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/greybus/audio_helper.c | 11 -----------
1 file changed, 11 deletions(-)
--- a/drivers/staging/greybus/audio_helper.c
+++ b/drivers/staging/greybus/audio_helper.c
@@ -3,7 +3,6 @@
* Greybus Audio Sound SoC helper APIs
*/
-#include <linux/debugfs.h>
#include <sound/core.h>
#include <sound/soc.h>
#include <sound/soc-dapm.h>
@@ -116,10 +115,6 @@ int gbaudio_dapm_free_controls(struct sn
{
int i;
struct snd_soc_dapm_widget *w, *tmp_w;
-#ifdef CONFIG_DEBUG_FS
- struct dentry *parent = dapm->debugfs_dapm;
- struct dentry *debugfs_w = NULL;
-#endif
mutex_lock(&dapm->card->dapm_mutex);
for (i = 0; i < num; i++) {
@@ -139,12 +134,6 @@ int gbaudio_dapm_free_controls(struct sn
continue;
}
widget++;
-#ifdef CONFIG_DEBUG_FS
- if (!parent)
- debugfs_w = debugfs_lookup(w->name, parent);
- debugfs_remove(debugfs_w);
- debugfs_w = NULL;
-#endif
gbaudio_dapm_free_widget(w);
}
mutex_unlock(&dapm->card->dapm_mutex);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 180/862] drm/nouveau/kms/nv140-: Disable interlacing
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 179/862] staging: greybus: audio_helper: remove unused and wrong debugfs usage Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 181/862] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Greg Kroah-Hartman
` (696 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lyude Paul, Karol Herbst
From: Lyude Paul <lyude@redhat.com>
commit 8ba9249396bef37cb68be9e8dee7847f1737db9d upstream.
As it turns out: while Nvidia does actually have interlacing knobs on their
GPU still pretty much no current GPUs since Volta actually support it.
Trying interlacing on these GPUs will result in NVDisplay being quite
unhappy like so:
nouveau 0000:1f:00.0: disp: chid 0 stat 00004802 reason 4 [INVALID_ARG] mthd 2008 data 00000001 code 00080000
nouveau 0000:1f:00.0: disp: chid 0 stat 10005080 reason 5 [INVALID_STATE] mthd 0200 data 00000001 code 00000001
So let's fix this by following the same behavior Nvidia's driver does and
disable interlacing entirely.
Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Karol Herbst <kherbst@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220816180436.156310-1-lyude@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_connector.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
+++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
@@ -504,7 +504,8 @@ nouveau_connector_set_encoder(struct drm
connector->interlace_allowed =
nv_encoder->caps.dp_interlace;
else
- connector->interlace_allowed = true;
+ connector->interlace_allowed =
+ drm->client.device.info.family < NV_DEVICE_INFO_V0_VOLTA;
connector->doublescan_allowed = true;
} else
if (nv_encoder->dcb->type == DCB_OUTPUT_LVDS ||
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 181/862] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 180/862] drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 182/862] drm/i915/gt: Use i915_vm_put on ppgtt_create error paths Greg Kroah-Hartman
` (695 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Lyude Paul, Thierry Reding
From: Jianglei Nie <niejianglei2021@163.com>
commit 540dfd188ea2940582841c1c220bd035a7db0e51 upstream.
nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code
back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and
free the memory.Thus, when nouveau_bo_init() returns an error, the gem
object has already been released. Then the call to nouveau_bo_ref() will
use the freed "nvbo->bo" and lead to a use-after-free bug.
We should delete the call to nouveau_bo_ref() to avoid the use-after-free.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Fixes: 019cbd4a4feb ("drm/nouveau: Initialize GEM object before TTM object")
Cc: Thierry Reding <treding@nvidia.com>
Cc: <stable@vger.kernel.org> # v5.4+
Link: https://patchwork.freedesktop.org/patch/msgid/20220705132546.2247677-1-niejianglei2021@163.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_prime.c | 1 -
1 file changed, 1 deletion(-)
--- a/drivers/gpu/drm/nouveau/nouveau_prime.c
+++ b/drivers/gpu/drm/nouveau/nouveau_prime.c
@@ -71,7 +71,6 @@ struct drm_gem_object *nouveau_gem_prime
ret = nouveau_bo_init(nvbo, size, align, NOUVEAU_GEM_DOMAIN_GART,
sg, robj);
if (ret) {
- nouveau_bo_ref(NULL, &nvbo);
obj = ERR_PTR(ret);
goto unlock;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 182/862] drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 181/862] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 183/862] drm/i915/guc: Fix revocation of non-persistent contexts Greg Kroah-Hartman
` (694 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Wilson, Thomas Hellström,
Matthew Auld, Tvrtko Ursulin
From: Chris Wilson <chris.p.wilson@intel.com>
commit 20e377e7b2e7c327039f10db80ba5bcc1f6c882d upstream.
Now that the scratch page and page directories have a reference back to
the i915_address_space, we cannot do an immediate free of the ppgtt upon
error as those buffer objects will perform a later i915_vm_put in their
deferred frees.
The downside is that by replacing the onion unwind along the error
paths, the ppgtt cleanup must handle a partially constructed vm. This
includes ensuring that the vm->cleanup is set prior to the error path.
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/6900
Signed-off-by: Chris Wilson <chris.p.wilson@intel.com>
Fixes: 4d8151ae5329 ("drm/i915: Don't free shared locks while shared")
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Matthew Auld <matthew.auld@intel.com>
Cc: <stable@vger.kernel.org> # v5.14+
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220926153333.102195-1-matthew.auld@intel.com
(cherry picked from commit c286558f58535cf97b717b946d6c96d774a09d17)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 16 ++++-----
drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 58 ++++++++++++++++++-----------------
drivers/gpu/drm/i915/gt/intel_gtt.c | 3 +
3 files changed, 41 insertions(+), 36 deletions(-)
--- a/drivers/gpu/drm/i915/gt/gen6_ppgtt.c
+++ b/drivers/gpu/drm/i915/gt/gen6_ppgtt.c
@@ -247,6 +247,7 @@ err_scratch1:
i915_gem_object_put(vm->scratch[1]);
err_scratch0:
i915_gem_object_put(vm->scratch[0]);
+ vm->scratch[0] = NULL;
return ret;
}
@@ -268,9 +269,10 @@ static void gen6_ppgtt_cleanup(struct i9
gen6_ppgtt_free_pd(ppgtt);
free_scratch(vm);
- mutex_destroy(&ppgtt->flush);
+ if (ppgtt->base.pd)
+ free_pd(&ppgtt->base.vm, ppgtt->base.pd);
- free_pd(&ppgtt->base.vm, ppgtt->base.pd);
+ mutex_destroy(&ppgtt->flush);
}
static void pd_vma_bind(struct i915_address_space *vm,
@@ -449,19 +451,17 @@ struct i915_ppgtt *gen6_ppgtt_create(str
err = gen6_ppgtt_init_scratch(ppgtt);
if (err)
- goto err_free;
+ goto err_put;
ppgtt->base.pd = gen6_alloc_top_pd(ppgtt);
if (IS_ERR(ppgtt->base.pd)) {
err = PTR_ERR(ppgtt->base.pd);
- goto err_scratch;
+ goto err_put;
}
return &ppgtt->base;
-err_scratch:
- free_scratch(&ppgtt->base.vm);
-err_free:
- kfree(ppgtt);
+err_put:
+ i915_vm_put(&ppgtt->base.vm);
return ERR_PTR(err);
}
--- a/drivers/gpu/drm/i915/gt/gen8_ppgtt.c
+++ b/drivers/gpu/drm/i915/gt/gen8_ppgtt.c
@@ -196,7 +196,10 @@ static void gen8_ppgtt_cleanup(struct i9
if (intel_vgpu_active(vm->i915))
gen8_ppgtt_notify_vgt(ppgtt, false);
- __gen8_ppgtt_cleanup(vm, ppgtt->pd, gen8_pd_top_count(vm), vm->top);
+ if (ppgtt->pd)
+ __gen8_ppgtt_cleanup(vm, ppgtt->pd,
+ gen8_pd_top_count(vm), vm->top);
+
free_scratch(vm);
}
@@ -803,8 +806,10 @@ static int gen8_init_scratch(struct i915
struct drm_i915_gem_object *obj;
obj = vm->alloc_pt_dma(vm, I915_GTT_PAGE_SIZE_4K);
- if (IS_ERR(obj))
+ if (IS_ERR(obj)) {
+ ret = PTR_ERR(obj);
goto free_scratch;
+ }
ret = map_pt_dma(vm, obj);
if (ret) {
@@ -823,7 +828,8 @@ static int gen8_init_scratch(struct i915
free_scratch:
while (i--)
i915_gem_object_put(vm->scratch[i]);
- return -ENOMEM;
+ vm->scratch[0] = NULL;
+ return ret;
}
static int gen8_preallocate_top_level_pdp(struct i915_ppgtt *ppgtt)
@@ -901,6 +907,7 @@ err_pd:
struct i915_ppgtt *gen8_ppgtt_create(struct intel_gt *gt,
unsigned long lmem_pt_obj_flags)
{
+ struct i915_page_directory *pd;
struct i915_ppgtt *ppgtt;
int err;
@@ -946,21 +953,7 @@ struct i915_ppgtt *gen8_ppgtt_create(str
ppgtt->vm.alloc_scratch_dma = alloc_pt_dma;
}
- err = gen8_init_scratch(&ppgtt->vm);
- if (err)
- goto err_free;
-
- ppgtt->pd = gen8_alloc_top_pd(&ppgtt->vm);
- if (IS_ERR(ppgtt->pd)) {
- err = PTR_ERR(ppgtt->pd);
- goto err_free_scratch;
- }
-
- if (!i915_vm_is_4lvl(&ppgtt->vm)) {
- err = gen8_preallocate_top_level_pdp(ppgtt);
- if (err)
- goto err_free_pd;
- }
+ ppgtt->vm.pte_encode = gen8_pte_encode;
ppgtt->vm.bind_async_flags = I915_VMA_LOCAL_BIND;
ppgtt->vm.insert_entries = gen8_ppgtt_insert;
@@ -971,22 +964,31 @@ struct i915_ppgtt *gen8_ppgtt_create(str
ppgtt->vm.allocate_va_range = gen8_ppgtt_alloc;
ppgtt->vm.clear_range = gen8_ppgtt_clear;
ppgtt->vm.foreach = gen8_ppgtt_foreach;
+ ppgtt->vm.cleanup = gen8_ppgtt_cleanup;
- ppgtt->vm.pte_encode = gen8_pte_encode;
+ err = gen8_init_scratch(&ppgtt->vm);
+ if (err)
+ goto err_put;
+
+ pd = gen8_alloc_top_pd(&ppgtt->vm);
+ if (IS_ERR(pd)) {
+ err = PTR_ERR(pd);
+ goto err_put;
+ }
+ ppgtt->pd = pd;
+
+ if (!i915_vm_is_4lvl(&ppgtt->vm)) {
+ err = gen8_preallocate_top_level_pdp(ppgtt);
+ if (err)
+ goto err_put;
+ }
if (intel_vgpu_active(gt->i915))
gen8_ppgtt_notify_vgt(ppgtt, true);
- ppgtt->vm.cleanup = gen8_ppgtt_cleanup;
-
return ppgtt;
-err_free_pd:
- __gen8_ppgtt_cleanup(&ppgtt->vm, ppgtt->pd,
- gen8_pd_top_count(&ppgtt->vm), ppgtt->vm.top);
-err_free_scratch:
- free_scratch(&ppgtt->vm);
-err_free:
- kfree(ppgtt);
+err_put:
+ i915_vm_put(&ppgtt->vm);
return ERR_PTR(err);
}
--- a/drivers/gpu/drm/i915/gt/intel_gtt.c
+++ b/drivers/gpu/drm/i915/gt/intel_gtt.c
@@ -405,6 +405,9 @@ void free_scratch(struct i915_address_sp
{
int i;
+ if (!vm->scratch[0])
+ return;
+
for (i = 0; i <= vm->top; i++)
i915_gem_object_put(vm->scratch[i]);
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 183/862] drm/i915/guc: Fix revocation of non-persistent contexts
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 182/862] drm/i915/gt: Use i915_vm_put on ppgtt_create error paths Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 184/862] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Greg Kroah-Hartman
` (693 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tvrtko Ursulin, Andrzej Hajda,
John Harrison, Daniele Ceraolo Spurio
From: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
commit 7023472834a39341460dae5c9b506c76c5940cad upstream.
Patch which added graceful exit for non-persistent contexts missed the
fact it is not enough to set the exiting flag on a context and let the
backend handle it from there.
GuC backend cannot handle it because it runs independently in the
firmware and driver might not see the requests ever again. Patch also
missed the fact some usages of intel_context_is_banned in the GuC backend
needed replacing with newly introduced intel_context_is_schedulable.
Fix the first issue by calling into backend revoke when we know this is
the last chance to do it. Fix the second issue by replacing
intel_context_is_banned with intel_context_is_schedulable, which should
always be safe since latter is a superset of the former.
v2:
* Just call ce->ops->revoke unconditionally. (Andrzej)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Fixes: 45c64ecf97ee ("drm/i915: Improve user experience and driver robustness under SIGINT or similar")
Cc: Andrzej Hajda <andrzej.hajda@intel.com>
Cc: John Harrison <John.C.Harrison@Intel.com>
Cc: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
Cc: <stable@vger.kernel.org> # v6.0+
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Acked-by: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003121630.694249-1-tvrtko.ursulin@linux.intel.com
(cherry picked from commit 0add082cebac8555ee3972ba768ae5c01db7a498)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gem/i915_gem_context.c | 8 ------
drivers/gpu/drm/i915/gt/intel_context.c | 5 +---
drivers/gpu/drm/i915/gt/intel_context.h | 3 --
drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 26 +++++++++++-----------
4 files changed, 17 insertions(+), 25 deletions(-)
--- a/drivers/gpu/drm/i915/gem/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_context.c
@@ -1387,14 +1387,8 @@ kill_engines(struct i915_gem_engines *en
*/
for_each_gem_engine(ce, engines, it) {
struct intel_engine_cs *engine;
- bool skip = false;
- if (exit)
- skip = intel_context_set_exiting(ce);
- else if (!persistent)
- skip = intel_context_exit_nonpersistent(ce, NULL);
-
- if (skip)
+ if ((exit || !persistent) && intel_context_revoke(ce))
continue; /* Already marked. */
/*
--- a/drivers/gpu/drm/i915/gt/intel_context.c
+++ b/drivers/gpu/drm/i915/gt/intel_context.c
@@ -614,13 +614,12 @@ bool intel_context_ban(struct intel_cont
return ret;
}
-bool intel_context_exit_nonpersistent(struct intel_context *ce,
- struct i915_request *rq)
+bool intel_context_revoke(struct intel_context *ce)
{
bool ret = intel_context_set_exiting(ce);
if (ce->ops->revoke)
- ce->ops->revoke(ce, rq, ce->engine->props.preempt_timeout_ms);
+ ce->ops->revoke(ce, NULL, ce->engine->props.preempt_timeout_ms);
return ret;
}
--- a/drivers/gpu/drm/i915/gt/intel_context.h
+++ b/drivers/gpu/drm/i915/gt/intel_context.h
@@ -329,8 +329,7 @@ static inline bool intel_context_set_exi
return test_and_set_bit(CONTEXT_EXITING, &ce->flags);
}
-bool intel_context_exit_nonpersistent(struct intel_context *ce,
- struct i915_request *rq);
+bool intel_context_revoke(struct intel_context *ce);
static inline bool
intel_context_force_single_submission(const struct intel_context *ce)
--- a/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
+++ b/drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c
@@ -684,7 +684,7 @@ static int __guc_add_request(struct inte
* Corner case where requests were sitting in the priority list or a
* request resubmitted after the context was banned.
*/
- if (unlikely(intel_context_is_banned(ce))) {
+ if (unlikely(!intel_context_is_schedulable(ce))) {
i915_request_put(i915_request_mark_eio(rq));
intel_engine_signal_breadcrumbs(ce->engine);
return 0;
@@ -870,15 +870,15 @@ static int guc_wq_item_append(struct int
struct i915_request *rq)
{
struct intel_context *ce = request_to_scheduling_context(rq);
- int ret = 0;
+ int ret;
- if (likely(!intel_context_is_banned(ce))) {
- ret = __guc_wq_item_append(rq);
+ if (unlikely(!intel_context_is_schedulable(ce)))
+ return 0;
- if (unlikely(ret == -EBUSY)) {
- guc->stalled_request = rq;
- guc->submission_stall_reason = STALL_MOVE_LRC_TAIL;
- }
+ ret = __guc_wq_item_append(rq);
+ if (unlikely(ret == -EBUSY)) {
+ guc->stalled_request = rq;
+ guc->submission_stall_reason = STALL_MOVE_LRC_TAIL;
}
return ret;
@@ -897,7 +897,7 @@ static bool multi_lrc_submit(struct i915
* submitting all the requests generated in parallel.
*/
return test_bit(I915_FENCE_FLAG_SUBMIT_PARALLEL, &rq->fence.flags) ||
- intel_context_is_banned(ce);
+ !intel_context_is_schedulable(ce);
}
static int guc_dequeue_one_context(struct intel_guc *guc)
@@ -966,7 +966,7 @@ register_context:
struct intel_context *ce = request_to_scheduling_context(last);
if (unlikely(!ctx_id_mapped(guc, ce->guc_id.id) &&
- !intel_context_is_banned(ce))) {
+ intel_context_is_schedulable(ce))) {
ret = try_context_registration(ce, false);
if (unlikely(ret == -EPIPE)) {
goto deadlk;
@@ -1576,7 +1576,7 @@ static void guc_reset_state(struct intel
{
struct intel_engine_cs *engine = __context_to_physical_engine(ce);
- if (intel_context_is_banned(ce))
+ if (!intel_context_is_schedulable(ce))
return;
GEM_BUG_ON(!intel_context_is_pinned(ce));
@@ -4434,12 +4434,12 @@ static void guc_handle_context_reset(str
{
trace_intel_context_reset(ce);
- if (likely(!intel_context_is_banned(ce))) {
+ if (likely(intel_context_is_schedulable(ce))) {
capture_error_state(guc, ce);
guc_context_replay(ce);
} else {
drm_info(&guc_to_gt(guc)->i915->drm,
- "Ignoring context reset notification of banned context 0x%04X on %s",
+ "Ignoring context reset notification of exiting context 0x%04X on %s",
ce->guc_id.id, ce->engine->name);
}
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 184/862] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 183/862] drm/i915/guc: Fix revocation of non-persistent contexts Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 185/862] drm/i915: Fix watermark calculations for gen12+ MC " Greg Kroah-Hartman
` (692 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juha-Pekka Heikkila,
Ville Syrjälä,
Tvrtko Ursulin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit c56453a00f19ccddee302f5f9fe96b80e0b47fd3 upstream.
Take the gen12+ RC CCS modifier into account when calculating the
watermarks. Othwerwise we'll calculate the watermarks thinking this
Y-tiled modifier is linear.
The rc_surface part is actually a nop since that is not used
for any glk+ platform.
v2: Split RC CCS vs. MC CCS to separate patches
Cc: stable@vger.kernel.org
Fixes: b3e57bccd68a ("drm/i915/tgl: Gen-12 render decompression")
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003111544.8007-2-ville.syrjala@linux.intel.com
(cherry picked from commit a89a96a586114f67598c6391c75678b4dba5c2da)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -5308,10 +5308,12 @@ skl_compute_wm_params(const struct intel
modifier == I915_FORMAT_MOD_4_TILED ||
modifier == I915_FORMAT_MOD_Yf_TILED ||
modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Yf_TILED_CCS;
+ modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
wp->x_tiled = modifier == I915_FORMAT_MOD_X_TILED;
wp->rc_surface = modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Yf_TILED_CCS;
+ modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
wp->is_planar = intel_format_info_is_yuv_semiplanar(format, modifier);
wp->width = width;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 185/862] drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 184/862] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 186/862] drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier Greg Kroah-Hartman
` (691 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juha-Pekka Heikkila,
Ville Syrjälä,
Tvrtko Ursulin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit 484b2b9281000274ef7c5cb0a9ebc5da6f5c281c upstream.
Take the gen12+ MC CCS modifier into account when calculating the
watermarks. Othwerwise we'll calculate the watermarks thinking this
Y-tiled modifier is linear.
The rc_surface part is actually a nop since that is not used
for any glk+ platform.
v2: Split RC CCS vs. MC CCS to separate patches
Cc: stable@vger.kernel.org
Fixes: 2dfbf9d2873a ("drm/i915/tgl: Gen-12 display can decompress surfaces compressed by the media engine")
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003111544.8007-3-ville.syrjala@linux.intel.com
(cherry picked from commit 91c9651425fe955b1387f3637607dda005f3f710)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -5309,11 +5309,13 @@ skl_compute_wm_params(const struct intel
modifier == I915_FORMAT_MOD_Yf_TILED ||
modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS;
wp->x_tiled = modifier == I915_FORMAT_MOD_X_TILED;
wp->rc_surface = modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS;
wp->is_planar = intel_format_info_is_yuv_semiplanar(format, modifier);
wp->width = width;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 186/862] drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 185/862] drm/i915: Fix watermark calculations for gen12+ MC " Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 187/862] drm/i915: Fix watermark calculations for DG2 CCS modifiers Greg Kroah-Hartman
` (690 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juha-Pekka Heikkila,
Ville Syrjälä,
Tvrtko Ursulin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit 070a2855900de17b1e11a0dc35af9794e80f1a28 upstream.
Take the gen12+ CCS+CC modifier into account when calculating the
watermarks. Othwerwise we'll calculate the watermarks thinking this
Y-tiled modifier is linear.
The rc_surface part is actually a nop since that is not used
for any glk+ platform.
Cc: stable@vger.kernel.org
Fixes: d1e2775e9b96 ("drm/i915/tgl: Add Clear Color support for TGL Render Decompression")
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003111544.8007-4-ville.syrjala@linux.intel.com
(cherry picked from commit a627455bbe50a111475d7a42beb58fa64bd96c83)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -5310,12 +5310,14 @@ skl_compute_wm_params(const struct intel
modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC;
wp->x_tiled = modifier == I915_FORMAT_MOD_X_TILED;
wp->rc_surface = modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS ||
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC;
wp->is_planar = intel_format_info_is_yuv_semiplanar(format, modifier);
wp->width = width;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 187/862] drm/i915: Fix watermark calculations for DG2 CCS modifiers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 186/862] drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 188/862] drm/i915: Fix watermark calculations for DG2 CCS+CC modifier Greg Kroah-Hartman
` (689 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juha-Pekka Heikkila,
Ville Syrjälä,
Tvrtko Ursulin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit ccfa6d35f9233702c924316cdf40c05b6ce88113 upstream.
Take the DG2 CCS modifiers into account when calculating the
watermarks. Othwerwise we'll calculate the watermarks thinking these
tile-4 modifiers are linear.
The rc_surface part is actually a nop since that is not used
for any glk+ platform.
Cc: stable@vger.kernel.org
Fixes: 4c3afa72138c ("drm/i915/dg2: Add support for DG2 render and media compression")
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003111544.8007-5-ville.syrjala@linux.intel.com
(cherry picked from commit f25d9f81a8e09ace4f04106995550bae1f522143)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -5311,13 +5311,17 @@ skl_compute_wm_params(const struct intel
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC ||
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_RC_CCS ||
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_MC_CCS;
wp->x_tiled = modifier == I915_FORMAT_MOD_X_TILED;
wp->rc_surface = modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS ||
- modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC;
+ modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC ||
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_RC_CCS ||
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_MC_CCS;
wp->is_planar = intel_format_info_is_yuv_semiplanar(format, modifier);
wp->width = width;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 188/862] drm/i915: Fix watermark calculations for DG2 CCS+CC modifier
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 187/862] drm/i915: Fix watermark calculations for DG2 CCS modifiers Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 189/862] drm/i915: Fix display problems after resume Greg Kroah-Hartman
` (688 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juha-Pekka Heikkila,
Ville Syrjälä,
Tvrtko Ursulin
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit b2e3a1af8cce4117de06ff1a4eab0749753ede27 upstream.
Take the DG2 CCS+CC modifier into account when calculating the
watermarks. Othwerwise we'll calculate the watermarks thinking this
tile-4 modifier is linear.
The rc_surface part is actually a nop since that is not used
for any glk+ platform.
Cc: stable@vger.kernel.org
Fixes: 680025dcc400 ("drm/i915/dg2: Add support for DG2 clear color compression")
Reviewed-by: Juha-Pekka Heikkila <juhapekka.heikkila@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221003111544.8007-6-ville.syrjala@linux.intel.com
(cherry picked from commit 334810f82024815283a6e7febd3d2de1fed6c232)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/intel_pm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -5313,7 +5313,8 @@ skl_compute_wm_params(const struct intel
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC ||
modifier == I915_FORMAT_MOD_4_TILED_DG2_RC_CCS ||
- modifier == I915_FORMAT_MOD_4_TILED_DG2_MC_CCS;
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_MC_CCS ||
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_RC_CCS_CC;
wp->x_tiled = modifier == I915_FORMAT_MOD_X_TILED;
wp->rc_surface = modifier == I915_FORMAT_MOD_Y_TILED_CCS ||
modifier == I915_FORMAT_MOD_Yf_TILED_CCS ||
@@ -5321,7 +5322,8 @@ skl_compute_wm_params(const struct intel
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_MC_CCS ||
modifier == I915_FORMAT_MOD_Y_TILED_GEN12_RC_CCS_CC ||
modifier == I915_FORMAT_MOD_4_TILED_DG2_RC_CCS ||
- modifier == I915_FORMAT_MOD_4_TILED_DG2_MC_CCS;
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_MC_CCS ||
+ modifier == I915_FORMAT_MOD_4_TILED_DG2_RC_CCS_CC;
wp->is_planar = intel_format_info_is_yuv_semiplanar(format, modifier);
wp->width = width;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 189/862] drm/i915: Fix display problems after resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 188/862] drm/i915: Fix watermark calculations for DG2 CCS+CC modifier Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 190/862] drm/amd/display: Fix watermark calculation Greg Kroah-Hartman
` (687 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Hellström, Matthew Auld,
intel-gfx, David de Sousa, Andrzej Hajda, Tvrtko Ursulin,
Kevin Boulain
From: Thomas Hellström <thomas.hellstrom@linux.intel.com>
commit 6c482c62a635aa4f534d2439fbf8afa37452b986 upstream.
Commit 39a2bd34c933 ("drm/i915: Use the vma resource as argument for gtt
binding / unbinding") introduced a regression that due to the vma resource
tracking of the binding state, dpt ptes were not correctly repopulated.
Fix this by clearing the vma resource state before repopulating.
The state will subsequently be restored by the bind_vma operation.
Fixes: 39a2bd34c933 ("drm/i915: Use the vma resource as argument for gtt binding / unbinding")
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220912121957.31310-1-thomas.hellstrom@linux.intel.com
Cc: Matthew Auld <matthew.auld@intel.com>
Cc: intel-gfx@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v5.18+
Reported-and-tested-by: Kevin Boulain <kevinboulain@gmail.com>
Tested-by: David de Sousa <davidesousa@gmail.com>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221005121159.340245-1-thomas.hellstrom@linux.intel.com
(cherry picked from commit bc2472538c0d1cce334ffc9e97df0614cd2b1469)
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gt/intel_ggtt.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/i915/gt/intel_ggtt.c
+++ b/drivers/gpu/drm/i915/gt/intel_ggtt.c
@@ -1267,10 +1267,16 @@ bool i915_ggtt_resume_vm(struct i915_add
atomic_read(&vma->flags) & I915_VMA_BIND_MASK;
GEM_BUG_ON(!was_bound);
- if (!retained_ptes)
+ if (!retained_ptes) {
+ /*
+ * Clear the bound flags of the vma resource to allow
+ * ptes to be repopulated.
+ */
+ vma->resource->bound_flags = 0;
vma->ops->bind_vma(vm, NULL, vma->resource,
obj ? obj->cache_level : 0,
was_bound);
+ }
if (obj) { /* only used during resume => exclusive access */
write_domain_objs |= fetch_and_zero(&obj->write_domain);
obj->read_domains |= I915_GEM_DOMAIN_GTT;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 190/862] drm/amd/display: Fix watermark calculation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 189/862] drm/i915: Fix display problems after resume Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 191/862] drm/amd/display: Update PMFW z-state interface for DCN314 Greg Kroah-Hartman
` (686 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Wheeler, Rodrigo Siqueira,
Qingqing Zhuo, Alvin Lee, Alex Deucher
From: Alvin Lee <Alvin.Lee2@amd.com>
commit 9799702360d51a714e888fef4ab5fb9123dfb41f upstream.
Watermark calculation was incorrect due to missing brackets.
Fixes: 85f4bc0c333c ("drm/amd/display: Add SubVP required code")
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Alvin Lee <Alvin.Lee2@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c
+++ b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c
@@ -719,7 +719,7 @@ void dc_dmub_setup_subvp_dmub_command(st
// Store the original watermark value for this SubVP config so we can lower it when the
// MCLK switch starts
wm_val_refclk = context->bw_ctx.bw.dcn.watermarks.a.cstate_pstate.pstate_change_ns *
- dc->res_pool->ref_clocks.dchub_ref_clock_inKhz / 1000 / 1000;
+ (dc->res_pool->ref_clocks.dchub_ref_clock_inKhz / 1000) / 1000;
cmd.fw_assisted_mclk_switch_v2.config_data.watermark_a_cache = wm_val_refclk < 0xFFFF ? wm_val_refclk : 0xFFFF;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 191/862] drm/amd/display: Update PMFW z-state interface for DCN314
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 190/862] drm/amd/display: Fix watermark calculation Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 192/862] drm/amd/display: zeromem mypipe heap struct before using it Greg Kroah-Hartman
` (685 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Wheeler, Charlene Liu,
Mario Limonciello, Qingqing Zhuo, Nicholas Kazlauskas,
Alex Deucher
From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
commit 4f5bdde386d3b8e9317df5562950e1b4fa177599 upstream.
[Why]
Request from PMFW to change the messaging format to specify whether we
support z-state via individual bits.
[How]
Update the args we pass in the support message.
Fixes: d5c6909e7460 ("drm/amd/display: Add DCN314 clock manager")
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Charlene Liu <Charlene.Liu@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_smu.c | 11 +++--------
drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c | 3 ++-
2 files changed, 5 insertions(+), 9 deletions(-)
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_smu.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_smu.c
@@ -339,29 +339,24 @@ void dcn314_smu_set_zstate_support(struc
if (!clk_mgr->smu_present)
return;
- if (!clk_mgr->base.ctx->dc->debug.enable_z9_disable_interface &&
- (support == DCN_ZSTATE_SUPPORT_ALLOW_Z10_ONLY))
- support = DCN_ZSTATE_SUPPORT_DISALLOW;
-
-
// Arg[15:0] = 8/9/0 for Z8/Z9/disallow -> existing bits
// Arg[16] = Disallow Z9 -> new bit
switch (support) {
case DCN_ZSTATE_SUPPORT_ALLOW:
msg_id = VBIOSSMC_MSG_AllowZstatesEntry;
- param = 9;
+ param = (1 << 10) | (1 << 9) | (1 << 8);
break;
case DCN_ZSTATE_SUPPORT_DISALLOW:
msg_id = VBIOSSMC_MSG_AllowZstatesEntry;
- param = 8;
+ param = 0;
break;
case DCN_ZSTATE_SUPPORT_ALLOW_Z10_ONLY:
msg_id = VBIOSSMC_MSG_AllowZstatesEntry;
- param = 0x00010008;
+ param = (1 << 10);
break;
default: //DCN_ZSTATE_SUPPORT_UNKNOWN
--- a/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c
@@ -881,7 +881,8 @@ static const struct dc_plane_cap plane_c
};
static const struct dc_debug_options debug_defaults_drv = {
- .disable_z10 = true, /*hw not support it*/
+ .disable_z10 = false,
+ .enable_z9_disable_interface = true,
.disable_dmcu = true,
.force_abm_enable = false,
.timing_trace = false,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 192/862] drm/amd/display: zeromem mypipe heap struct before using it
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 191/862] drm/amd/display: Update PMFW z-state interface for DCN314 Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 193/862] drm/amd/display: Validate DSC After Enable All New CRTCs Greg Kroah-Hartman
` (684 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Wheeler, Rodrigo Siqueira,
Qingqing Zhuo, Martin Leung, Alex Deucher
From: Martin Leung <Martin.Leung@amd.com>
commit 5ff32b52995155f91de582124485d0f0f8881363 upstream.
[Why & How]
bug was caused when moving variable from stack to
heap because it was reusable and garbage was left
over, so we need to zero mem
Fixes: 7acc487ab57e ("drm/amd/display: reduce stack size in dcn32 dml (v2)")
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Martin Leung <Martin.Leung@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
@@ -733,6 +733,8 @@ static void DISPCLKDPPCLKDCFCLKDeepSleep
mode_lib->vba.FCLKChangeLatency, v->UrgentLatency,
mode_lib->vba.SREnterPlusExitTime);
+ memset(&v->dummy_vars.DISPCLKDPPCLKDCFCLKDeepSleepPrefetchParametersWatermarksAndPerformanceCalculation.myPipe, 0, sizeof(DmlPipe));
+
v->dummy_vars.DISPCLKDPPCLKDCFCLKDeepSleepPrefetchParametersWatermarksAndPerformanceCalculation.myPipe.Dppclk = mode_lib->vba.DPPCLK[k];
v->dummy_vars.DISPCLKDPPCLKDCFCLKDeepSleepPrefetchParametersWatermarksAndPerformanceCalculation.myPipe.Dispclk = mode_lib->vba.DISPCLK;
v->dummy_vars.DISPCLKDPPCLKDCFCLKDeepSleepPrefetchParametersWatermarksAndPerformanceCalculation.myPipe.PixelClock = mode_lib->vba.PixelClock[k];
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 193/862] drm/amd/display: Validate DSC After Enable All New CRTCs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 192/862] drm/amd/display: zeromem mypipe heap struct before using it Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 194/862] drm/amd/display: Enable dpia support for dcn314 Greg Kroah-Hartman
` (683 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Wheeler, Roman Li,
Qingqing Zhuo, Fangzhi Zuo, Mark Broadworth, Alex Deucher
From: Fangzhi Zuo <Jerry.Zuo@amd.com>
commit 876fcc4222e1d0e5b73343f4010a8b66be058f48 upstream.
Before enabling new crtc, stream_count in dc_state does not sync with
that in drm_atomic_state. Validating dsc in such case would leave newly
added stream not jointly participating in dsc optimization with existing
streams, but simply using default initialized vcpi all the time which
gives wrong dsc determination decision.
Consider the scenaio where one 4k60 connected to the dock under dp-alt mode.
Since dp-alt mode is 2-lane setup, stream 1 consumes 63 slots with dsc needed.
Then hook up a second 4k60 to the dock.
stream 2 connected with 65 slot initialized by default without dsc. dsc
pre validate will not jointly optimize stream 2 with stream 1 before
crtc 2 added into the dc_state. That leads to stream 2 not getting dsc
optimization, and trigger atomic_check failure all the time, as 65 > 63
limit.
After getting all new crtcs added into the state, stream_count in
dc_state correctly reflect that in drm_atomic_state which comes up with
correct dsc decision.
Fixes: 71be4b16d39a ("drm/amd/display: dsc validate fail not pass to atomic check")
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Roman Li <Roman.Li@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Fangzhi Zuo <Jerry.Zuo@amd.com>
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -9408,10 +9408,6 @@ static int amdgpu_dm_atomic_check(struct
}
}
}
- if (!pre_validate_dsc(state, &dm_state, vars)) {
- ret = -EINVAL;
- goto fail;
- }
}
#endif
for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, new_crtc_state, i) {
@@ -9545,6 +9541,15 @@ static int amdgpu_dm_atomic_check(struct
}
}
+#if defined(CONFIG_DRM_AMD_DC_DCN)
+ if (dc_resource_is_dsc_encoding_supported(dc)) {
+ if (!pre_validate_dsc(state, &dm_state, vars)) {
+ ret = -EINVAL;
+ goto fail;
+ }
+ }
+#endif
+
/* Run this here since we want to validate the streams we created */
ret = drm_atomic_helper_check_planes(dev, state);
if (ret) {
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 194/862] drm/amd/display: Enable dpia support for dcn314
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 193/862] drm/amd/display: Validate DSC After Enable All New CRTCs Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 195/862] drm/amd/display: Enable 2 to 1 ODM policy if supported Greg Kroah-Hartman
` (682 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roman Li, Nicholas Kazlauskas,
Mario Limonciello, Alex Deucher
From: Roman Li <roman.li@amd.com>
commit f6aa84b83aee629fbbbc4ea16c2c142caf920d5a upstream.
[Why]
DCN 3.1.4 supports DPIA.
[How]
- Set dpia_supported flag for dcn314 in dmub_hw_init()
- Remove comment that becomes irrelevant after this change.
Signed-off-by: Roman Li <roman.li@amd.com>
Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1109,7 +1109,8 @@ static int dm_dmub_hw_init(struct amdgpu
hw_params.fb[i] = &fb_info->fb[i];
switch (adev->ip_versions[DCE_HWIP][0]) {
- case IP_VERSION(3, 1, 3): /* Only for this asic hw internal rev B0 */
+ case IP_VERSION(3, 1, 3):
+ case IP_VERSION(3, 1, 4):
hw_params.dpia_supported = true;
hw_params.disable_dpia = adev->dm.dc->debug.dpia_debug.bits.disable_dpia;
break;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 195/862] drm/amd/display: Enable 2 to 1 ODM policy if supported
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 194/862] drm/amd/display: Enable dpia support for dcn314 Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 196/862] drm/amd/display: Fix vblank refcount in vrr transition Greg Kroah-Hartman
` (681 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aurabindo Pillai, Rodrigo Siqueira,
Alex Deucher
From: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
commit 54fae65ff469a79fc0ca46f480c4e7fce50f3963 upstream.
If the current configuration supports 2 to 1 ODM policy, let's also
enable the windowed MPO feature.
Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c
@@ -1001,6 +1001,10 @@ void dcn32_init_hw(struct dc *dc)
dc_dmub_srv_query_caps_cmd(dc->ctx->dmub_srv->dmub);
dc->caps.dmub_caps.psr = dc->ctx->dmub_srv->dmub->feature_caps.psr;
}
+
+ /* Enable support for ODM and windowed MPO if policy flag is set */
+ if (dc->debug.enable_single_display_2to1_odm_policy)
+ dc->config.enable_windowed_mpo_odm = true;
}
static int calc_mpc_flow_ctrl_cnt(const struct dc_stream_state *stream,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 196/862] drm/amd/display: Fix vblank refcount in vrr transition
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 195/862] drm/amd/display: Enable 2 to 1 ODM policy if supported Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 197/862] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
` (680 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Wheeler, Rodrigo Siqueira,
Yunxiang Li, Alex Deucher
From: Yunxiang Li <Yunxiang.Li@amd.com>
commit 8799c0be89ebb99a16098bdf618f49f817bef76a upstream.
manage_dm_interrupts disable/enable vblank using drm_crtc_vblank_off/on
which causes drm_crtc_vblank_get in vrr_transition to fail, and later
when drm_crtc_vblank_put is called the refcount on vblank will be messed
up. Therefore move the call to after manage_dm_interrupts.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1247
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1380
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Yunxiang Li <Yunxiang.Li@amd.com>
Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 55 ++++++++++------------
1 file changed, 26 insertions(+), 29 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -7491,15 +7491,15 @@ static void amdgpu_dm_handle_vrr_transit
* We also need vupdate irq for the actual core vblank handling
* at end of vblank.
*/
- dm_set_vupdate_irq(new_state->base.crtc, true);
- drm_crtc_vblank_get(new_state->base.crtc);
+ WARN_ON(dm_set_vupdate_irq(new_state->base.crtc, true) != 0);
+ WARN_ON(drm_crtc_vblank_get(new_state->base.crtc) != 0);
DRM_DEBUG_DRIVER("%s: crtc=%u VRR off->on: Get vblank ref\n",
__func__, new_state->base.crtc->base.id);
} else if (old_vrr_active && !new_vrr_active) {
/* Transition VRR active -> inactive:
* Allow vblank irq disable again for fixed refresh rate.
*/
- dm_set_vupdate_irq(new_state->base.crtc, false);
+ WARN_ON(dm_set_vupdate_irq(new_state->base.crtc, false) != 0);
drm_crtc_vblank_put(new_state->base.crtc);
DRM_DEBUG_DRIVER("%s: crtc=%u VRR on->off: Drop vblank ref\n",
__func__, new_state->base.crtc->base.id);
@@ -8254,23 +8254,6 @@ static void amdgpu_dm_atomic_commit_tail
mutex_unlock(&dm->dc_lock);
}
- /* Count number of newly disabled CRTCs for dropping PM refs later. */
- for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state,
- new_crtc_state, i) {
- if (old_crtc_state->active && !new_crtc_state->active)
- crtc_disable_count++;
-
- dm_new_crtc_state = to_dm_crtc_state(new_crtc_state);
- dm_old_crtc_state = to_dm_crtc_state(old_crtc_state);
-
- /* For freesync config update on crtc state and params for irq */
- update_stream_irq_parameters(dm, dm_new_crtc_state);
-
- /* Handle vrr on->off / off->on transitions */
- amdgpu_dm_handle_vrr_transition(dm_old_crtc_state,
- dm_new_crtc_state);
- }
-
/**
* Enable interrupts for CRTCs that are newly enabled or went through
* a modeset. It was intentionally deferred until after the front end
@@ -8280,16 +8263,29 @@ static void amdgpu_dm_atomic_commit_tail
for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, new_crtc_state, i) {
struct amdgpu_crtc *acrtc = to_amdgpu_crtc(crtc);
#ifdef CONFIG_DEBUG_FS
- bool configure_crc = false;
enum amdgpu_dm_pipe_crc_source cur_crc_src;
#if defined(CONFIG_DRM_AMD_SECURE_DISPLAY)
- struct crc_rd_work *crc_rd_wrk = dm->crc_rd_wrk;
+ struct crc_rd_work *crc_rd_wrk;
+#endif
+#endif
+ /* Count number of newly disabled CRTCs for dropping PM refs later. */
+ if (old_crtc_state->active && !new_crtc_state->active)
+ crtc_disable_count++;
+
+ dm_new_crtc_state = to_dm_crtc_state(new_crtc_state);
+ dm_old_crtc_state = to_dm_crtc_state(old_crtc_state);
+
+ /* For freesync config update on crtc state and params for irq */
+ update_stream_irq_parameters(dm, dm_new_crtc_state);
+
+#ifdef CONFIG_DEBUG_FS
+#if defined(CONFIG_DRM_AMD_SECURE_DISPLAY)
+ crc_rd_wrk = dm->crc_rd_wrk;
#endif
spin_lock_irqsave(&adev_to_drm(adev)->event_lock, flags);
cur_crc_src = acrtc->dm_irq_params.crc_src;
spin_unlock_irqrestore(&adev_to_drm(adev)->event_lock, flags);
#endif
- dm_new_crtc_state = to_dm_crtc_state(new_crtc_state);
if (new_crtc_state->active &&
(!old_crtc_state->active ||
@@ -8297,16 +8293,19 @@ static void amdgpu_dm_atomic_commit_tail
dc_stream_retain(dm_new_crtc_state->stream);
acrtc->dm_irq_params.stream = dm_new_crtc_state->stream;
manage_dm_interrupts(adev, acrtc, true);
+ }
+ /* Handle vrr on->off / off->on transitions */
+ amdgpu_dm_handle_vrr_transition(dm_old_crtc_state, dm_new_crtc_state);
#ifdef CONFIG_DEBUG_FS
+ if (new_crtc_state->active &&
+ (!old_crtc_state->active ||
+ drm_atomic_crtc_needs_modeset(new_crtc_state))) {
/**
* Frontend may have changed so reapply the CRC capture
* settings for the stream.
*/
- dm_new_crtc_state = to_dm_crtc_state(new_crtc_state);
-
if (amdgpu_dm_is_valid_crc_source(cur_crc_src)) {
- configure_crc = true;
#if defined(CONFIG_DRM_AMD_SECURE_DISPLAY)
if (amdgpu_dm_crc_window_is_activated(crtc)) {
spin_lock_irqsave(&adev_to_drm(adev)->event_lock, flags);
@@ -8318,12 +8317,10 @@ static void amdgpu_dm_atomic_commit_tail
spin_unlock_irqrestore(&adev_to_drm(adev)->event_lock, flags);
}
#endif
- }
-
- if (configure_crc)
if (amdgpu_dm_crtc_configure_crc_source(
crtc, dm_new_crtc_state, cur_crc_src))
DRM_DEBUG_DRIVER("Failed to configure crc source");
+ }
#endif
}
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 197/862] drm/amd/display: Add HUBP surface flip interrupt handler
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 196/862] drm/amd/display: Fix vblank refcount in vrr transition Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 198/862] drm/amd/display: explicitly disable psr_feature_enable appropriately Greg Kroah-Hartman
` (679 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Deucher, Rodrigo Siqueira,
Aurabindo Pillai
From: Aurabindo Pillai <aurabindo.pillai@amd.com>
commit 0811b9e4530d7c46542a8993ce6b725d042c6154 upstream.
Add the hubp surface flip handler. This fixes some flip timeout issues.
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hubp.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hubp.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hubp.c
@@ -179,6 +179,7 @@ static struct hubp_funcs dcn32_hubp_func
.hubp_init = hubp3_init,
.set_unbounded_requesting = hubp31_set_unbounded_requesting,
.hubp_soft_reset = hubp31_soft_reset,
+ .hubp_set_flip_int = hubp1_set_flip_int,
.hubp_in_blank = hubp1_in_blank,
.hubp_update_force_pstate_disallow = hubp32_update_force_pstate_disallow,
.phantom_hubp_post_enable = hubp32_phantom_hubp_post_enable,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 198/862] drm/amd/display: explicitly disable psr_feature_enable appropriately
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 197/862] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 199/862] drm/amdgpu: Enable VCN PG on GC11_0_1 Greg Kroah-Hartman
` (678 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shirish S, Leo Li, Mario Limonciello,
Alex Deucher
From: Shirish S <shirish.s@amd.com>
commit 6094b9136ca9038b61e9c4b5d25cd5512ce50b34 upstream.
[Why]
If psr_feature_enable is set to true by default, it continues to be enabled
for non capable links.
[How]
explicitly disable the feature on links that are not capable of the same.
Fixes: 8c322309e48e9 ("drm/amd/display: Enable PSR")
Signed-off-by: Shirish S <shirish.s@amd.com>
Reviewed-by: Leo Li <sunpeng.li@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 5.15+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c
@@ -60,11 +60,15 @@ static bool link_supports_psrsu(struct d
*/
void amdgpu_dm_set_psr_caps(struct dc_link *link)
{
- if (!(link->connector_signal & SIGNAL_TYPE_EDP))
+ if (!(link->connector_signal & SIGNAL_TYPE_EDP)) {
+ link->psr_settings.psr_feature_enabled = false;
return;
+ }
- if (link->type == dc_connection_none)
+ if (link->type == dc_connection_none) {
+ link->psr_settings.psr_feature_enabled = false;
return;
+ }
if (link->dpcd_caps.psr_info.psr_version == 0) {
link->psr_settings.psr_version = DC_PSR_VERSION_UNSUPPORTED;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 199/862] drm/amdgpu: Enable VCN PG on GC11_0_1
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 198/862] drm/amd/display: explicitly disable psr_feature_enable appropriately Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 200/862] drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd Greg Kroah-Hartman
` (677 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sonny Jiang, James Zhu, Alex Deucher
From: Sonny Jiang <sonny.jiang@amd.com>
commit e626d9b9c6e038a6918aad1b5affd38f6b9deaed upstream.
Enable VCN PG on GC11_0_1
Signed-off-by: Sonny Jiang <sonny.jiang@amd.com>
Reviewed-by: James Zhu <James.Zhu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/soc21.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/amdgpu/soc21.c
+++ b/drivers/gpu/drm/amd/amdgpu/soc21.c
@@ -625,6 +625,7 @@ static int soc21_common_early_init(void
AMD_CG_SUPPORT_JPEG_MGCG;
adev->pg_flags =
AMD_PG_SUPPORT_GFX_PG |
+ AMD_PG_SUPPORT_VCN |
AMD_PG_SUPPORT_VCN_DPG |
AMD_PG_SUPPORT_JPEG;
adev->external_rev_id = adev->rev_id + 0x1;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 200/862] drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 199/862] drm/amdgpu: Enable VCN PG on GC11_0_1 Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 201/862] smb3: must initialize two ACL struct fields to zero Greg Kroah-Hartman
` (676 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ruili Ji, Yifan Zhang, Alex Deucher
From: Ruili Ji <ruiliji2@amd.com>
commit 21a550de5faf9f54013334c9a6a7643b8fd80b36 upstream.
This patch is to fix the SDMA user queue doorbell missing issue on
SDMA 6.0. F32_WPTR_POLL_ENABLE has to be set if doorbell mode is
used. Otherwise ringing SDMA user queue doorbell can't wake up
system from gfxoff.
Signed-off-by: Ruili Ji <ruiliji2@amd.com>
Reviewed-by: Yifan Zhang <yifan1.zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c | 3 ++-
drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c
@@ -910,7 +910,8 @@ static int sdma_v6_0_mqd_init(struct amd
m->sdmax_rlcx_rb_cntl =
order_base_2(prop->queue_size / 4) << SDMA0_QUEUE0_RB_CNTL__RB_SIZE__SHIFT |
1 << SDMA0_QUEUE0_RB_CNTL__RPTR_WRITEBACK_ENABLE__SHIFT |
- 4 << SDMA0_QUEUE0_RB_CNTL__RPTR_WRITEBACK_TIMER__SHIFT;
+ 4 << SDMA0_QUEUE0_RB_CNTL__RPTR_WRITEBACK_TIMER__SHIFT |
+ 1 << SDMA0_QUEUE0_RB_CNTL__F32_WPTR_POLL_ENABLE__SHIFT;
m->sdmax_rlcx_rb_base = lower_32_bits(prop->hqd_base_gpu_addr >> 8);
m->sdmax_rlcx_rb_base_hi = upper_32_bits(prop->hqd_base_gpu_addr >> 8);
--- a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c
@@ -375,7 +375,8 @@ static void update_mqd_sdma(struct mqd_m
<< SDMA0_QUEUE0_RB_CNTL__RB_SIZE__SHIFT |
q->vmid << SDMA0_QUEUE0_RB_CNTL__RB_VMID__SHIFT |
1 << SDMA0_QUEUE0_RB_CNTL__RPTR_WRITEBACK_ENABLE__SHIFT |
- 6 << SDMA0_QUEUE0_RB_CNTL__RPTR_WRITEBACK_TIMER__SHIFT;
+ 6 << SDMA0_QUEUE0_RB_CNTL__RPTR_WRITEBACK_TIMER__SHIFT |
+ 1 << SDMA0_QUEUE0_RB_CNTL__F32_WPTR_POLL_ENABLE__SHIFT;
m->sdmax_rlcx_rb_base = lower_32_bits(q->queue_address >> 8);
m->sdmax_rlcx_rb_base_hi = upper_32_bits(q->queue_address >> 8);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 201/862] smb3: must initialize two ACL struct fields to zero
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 200/862] drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 202/862] selinux: use "grep -E" instead of "egrep" Greg Kroah-Hartman
` (675 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paulo Alcantara (SUSE), Steve French
From: Steve French <stfrench@microsoft.com>
commit f09bd695af3b8ab46fc24e5d6954a24104c38387 upstream.
Coverity spotted that we were not initalizing Stbz1 and Stbz2 to
zero in create_sd_buf.
Addresses-Coverity: 1513848 ("Uninitialized scalar variable")
Cc: <stable@vger.kernel.org>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2411,7 +2411,7 @@ create_sd_buf(umode_t mode, bool set_own
unsigned int acelen, acl_size, ace_count;
unsigned int owner_offset = 0;
unsigned int group_offset = 0;
- struct smb3_acl acl;
+ struct smb3_acl acl = {};
*len = roundup(sizeof(struct crt_sd_ctxt) + (sizeof(struct cifs_ace) * 4), 8);
@@ -2484,6 +2484,7 @@ create_sd_buf(umode_t mode, bool set_own
acl.AclRevision = ACL_REVISION; /* See 2.4.4.1 of MS-DTYP */
acl.AclSize = cpu_to_le16(acl_size);
acl.AceCount = cpu_to_le16(ace_count);
+ /* acl.Sbz1 and Sbz2 MBZ so are not set here, but initialized above */
memcpy(aclptr, &acl, sizeof(struct smb3_acl));
buf->ccontext.DataLength = cpu_to_le32(ptr - (__u8 *)&buf->sd);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 202/862] selinux: use "grep -E" instead of "egrep"
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 201/862] smb3: must initialize two ACL struct fields to zero Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 203/862] ima: fix blocking of security.ima xattrs of unsupported algorithms Greg Kroah-Hartman
` (674 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Moore, Stephen Smalley,
Eric Paris, selinux
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c969bb8dbaf2f3628927eae73e7c579a74cf1b6e upstream.
The latest version of grep claims that egrep is now obsolete so the build
now contains warnings that look like:
egrep: warning: egrep is obsolescent; using grep -E
fix this by using "grep -E" instead.
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: selinux@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[PM: tweak to remove vdso reference, cleanup subj line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/selinux/install_policy.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/scripts/selinux/install_policy.sh
+++ b/scripts/selinux/install_policy.sh
@@ -78,7 +78,7 @@ cd /etc/selinux/dummy/contexts/files
$SF -F file_contexts /
mounts=`cat /proc/$$/mounts | \
- egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
+ grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
awk '{ print $2 '}`
$SF -F file_contexts $mounts
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 203/862] ima: fix blocking of security.ima xattrs of unsupported algorithms
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 202/862] selinux: use "grep -E" instead of "egrep" Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 204/862] userfaultfd: open userfaultfds with O_RDONLY Greg Kroah-Hartman
` (673 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Brauner, Mimi Zohar, Sasha Levin
From: Mimi Zohar <zohar@linux.ibm.com>
[ Upstream commit 5926586f291b53cb8a0c9631fc19489be1186e2d ]
Limit validating the hash algorithm to just security.ima xattr, not
the security.evm xattr or any of the protected EVM security xattrs,
nor posix acls.
Fixes: 50f742dd9147 ("IMA: block writes of the security.ima xattr with unsupported algorithms")
Reported-by: Christian Brauner <brauner@kernel.org>
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/ima/ima_appraise.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index bde74fcecee3..3e0fbbd99534 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -750,22 +750,26 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
const struct evm_ima_xattr_data *xvalue = xattr_value;
int digsig = 0;
int result;
+ int err;
result = ima_protect_xattr(dentry, xattr_name, xattr_value,
xattr_value_len);
if (result == 1) {
if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
return -EINVAL;
+
+ err = validate_hash_algo(dentry, xvalue, xattr_value_len);
+ if (err)
+ return err;
+
digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG);
} else if (!strcmp(xattr_name, XATTR_NAME_EVM) && xattr_value_len > 0) {
digsig = (xvalue->type == EVM_XATTR_PORTABLE_DIGSIG);
}
if (result == 1 || evm_revalidate_status(xattr_name)) {
- result = validate_hash_algo(dentry, xvalue, xattr_value_len);
- if (result)
- return result;
-
ima_reset_appraise_flags(d_backing_inode(dentry), digsig);
+ if (result == 1)
+ result = 0;
}
return result;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 204/862] userfaultfd: open userfaultfds with O_RDONLY
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 203/862] ima: fix blocking of security.ima xattrs of unsupported algorithms Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 205/862] ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers Greg Kroah-Hartman
` (672 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert OCallahan, Ondrej Mosnacek,
Peter Xu, Christian Brauner (Microsoft),
Paul Moore, Sasha Levin
From: Ondrej Mosnacek <omosnace@redhat.com>
[ Upstream commit abec3d015fdfb7c63105c7e1c956188bf381aa55 ]
Since userfaultfd doesn't implement a write operation, it is more
appropriate to open it read-only.
When userfaultfds are opened read-write like it is now, and such fd is
passed from one process to another, SELinux will check both read and
write permissions for the target process, even though it can't actually
do any write operation on the fd later.
Inspired by the following bug report, which has hit the SELinux scenario
described above:
https://bugzilla.redhat.com/show_bug.cgi?id=1974559
Reported-by: Robert O'Callahan <roc@ocallahan.org>
Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/userfaultfd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 175de70e3adf..0c1d33c4f74c 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -991,7 +991,7 @@ static int resolve_userfault_fork(struct userfaultfd_ctx *new,
int fd;
fd = anon_inode_getfd_secure("[userfaultfd]", &userfaultfd_fops, new,
- O_RDWR | (new->flags & UFFD_SHARED_FCNTL_FLAGS), inode);
+ O_RDONLY | (new->flags & UFFD_SHARED_FCNTL_FLAGS), inode);
if (fd < 0)
return fd;
@@ -2094,7 +2094,7 @@ SYSCALL_DEFINE1(userfaultfd, int, flags)
mmgrab(ctx->mm);
fd = anon_inode_getfd_secure("[userfaultfd]", &userfaultfd_fops, ctx,
- O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS), NULL);
+ O_RDONLY | (flags & UFFD_SHARED_FCNTL_FLAGS), NULL);
if (fd < 0) {
mmdrop(ctx->mm);
kmem_cache_free(userfaultfd_ctx_cachep, ctx);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 205/862] ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 204/862] userfaultfd: open userfaultfds with O_RDONLY Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 206/862] acl: return EOPNOTSUPP in posix_acl_fix_xattr_common() Greg Kroah-Hartman
` (671 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Brauner (Microsoft),
Sasha Levin, Seth Forshee
From: Christian Brauner <brauner@kernel.org>
[ Upstream commit a26aa12384158116c0d80d50e0bdc7b3323551e2 ]
The xattr code in ntfs3 is currently a bit confused. For example, it
defines a POSIX ACL i_op->set_acl() method but instead of relying on the
generic POSIX ACL VFS helpers it defines its own set of xattr helpers
with the consequence that i_op->set_acl() is currently dead code.
Switch ntfs3 to rely on the VFS POSIX ACL xattr handlers. Also remove
i_op->{g,s}et_acl() methods from symlink inode operations. Symlinks
don't support xattrs.
This is a preliminary change for the following patches which move
handling idmapped mounts directly in posix_acl_xattr_set().
This survives POSIX ACL xfstests.
Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations")
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ntfs3/inode.c | 2 -
fs/ntfs3/xattr.c | 102 +++--------------------------------------------
2 files changed, 6 insertions(+), 98 deletions(-)
diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 51363d4e8636..26a76ebfe58f 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -1927,8 +1927,6 @@ const struct inode_operations ntfs_link_inode_operations = {
.setattr = ntfs3_setattr,
.listxattr = ntfs_listxattr,
.permission = ntfs_permission,
- .get_acl = ntfs_get_acl,
- .set_acl = ntfs_set_acl,
};
const struct address_space_operations ntfs_aops = {
diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
index 6ae1f56b7358..7de8718c68a9 100644
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -625,67 +625,6 @@ int ntfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
return ntfs_set_acl_ex(mnt_userns, inode, acl, type, false);
}
-static int ntfs_xattr_get_acl(struct user_namespace *mnt_userns,
- struct inode *inode, int type, void *buffer,
- size_t size)
-{
- struct posix_acl *acl;
- int err;
-
- if (!(inode->i_sb->s_flags & SB_POSIXACL)) {
- ntfs_inode_warn(inode, "add mount option \"acl\" to use acl");
- return -EOPNOTSUPP;
- }
-
- acl = ntfs_get_acl(inode, type, false);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
-
- if (!acl)
- return -ENODATA;
-
- err = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
- posix_acl_release(acl);
-
- return err;
-}
-
-static int ntfs_xattr_set_acl(struct user_namespace *mnt_userns,
- struct inode *inode, int type, const void *value,
- size_t size)
-{
- struct posix_acl *acl;
- int err;
-
- if (!(inode->i_sb->s_flags & SB_POSIXACL)) {
- ntfs_inode_warn(inode, "add mount option \"acl\" to use acl");
- return -EOPNOTSUPP;
- }
-
- if (!inode_owner_or_capable(mnt_userns, inode))
- return -EPERM;
-
- if (!value) {
- acl = NULL;
- } else {
- acl = posix_acl_from_xattr(&init_user_ns, value, size);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
-
- if (acl) {
- err = posix_acl_valid(&init_user_ns, acl);
- if (err)
- goto release_and_out;
- }
- }
-
- err = ntfs_set_acl(mnt_userns, inode, acl, type);
-
-release_and_out:
- posix_acl_release(acl);
- return err;
-}
-
/*
* ntfs_init_acl - Initialize the ACLs of a new inode.
*
@@ -852,23 +791,6 @@ static int ntfs_getxattr(const struct xattr_handler *handler, struct dentry *de,
goto out;
}
-#ifdef CONFIG_NTFS3_FS_POSIX_ACL
- if ((name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1 &&
- !memcmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
- sizeof(XATTR_NAME_POSIX_ACL_ACCESS))) ||
- (name_len == sizeof(XATTR_NAME_POSIX_ACL_DEFAULT) - 1 &&
- !memcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
- sizeof(XATTR_NAME_POSIX_ACL_DEFAULT)))) {
- /* TODO: init_user_ns? */
- err = ntfs_xattr_get_acl(
- &init_user_ns, inode,
- name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1
- ? ACL_TYPE_ACCESS
- : ACL_TYPE_DEFAULT,
- buffer, size);
- goto out;
- }
-#endif
/* Deal with NTFS extended attribute. */
err = ntfs_get_ea(inode, name, name_len, buffer, size, NULL);
@@ -981,22 +903,6 @@ static noinline int ntfs_setxattr(const struct xattr_handler *handler,
goto out;
}
-#ifdef CONFIG_NTFS3_FS_POSIX_ACL
- if ((name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1 &&
- !memcmp(name, XATTR_NAME_POSIX_ACL_ACCESS,
- sizeof(XATTR_NAME_POSIX_ACL_ACCESS))) ||
- (name_len == sizeof(XATTR_NAME_POSIX_ACL_DEFAULT) - 1 &&
- !memcmp(name, XATTR_NAME_POSIX_ACL_DEFAULT,
- sizeof(XATTR_NAME_POSIX_ACL_DEFAULT)))) {
- err = ntfs_xattr_set_acl(
- mnt_userns, inode,
- name_len == sizeof(XATTR_NAME_POSIX_ACL_ACCESS) - 1
- ? ACL_TYPE_ACCESS
- : ACL_TYPE_DEFAULT,
- value, size);
- goto out;
- }
-#endif
/* Deal with NTFS extended attribute. */
err = ntfs_set_ea(inode, name, name_len, value, size, flags, 0);
@@ -1086,7 +992,7 @@ static bool ntfs_xattr_user_list(struct dentry *dentry)
}
// clang-format off
-static const struct xattr_handler ntfs_xattr_handler = {
+static const struct xattr_handler ntfs_other_xattr_handler = {
.prefix = "",
.get = ntfs_getxattr,
.set = ntfs_setxattr,
@@ -1094,7 +1000,11 @@ static const struct xattr_handler ntfs_xattr_handler = {
};
const struct xattr_handler *ntfs_xattr_handlers[] = {
- &ntfs_xattr_handler,
+#ifdef CONFIG_NTFS3_FS_POSIX_ACL
+ &posix_acl_access_xattr_handler,
+ &posix_acl_default_xattr_handler,
+#endif
+ &ntfs_other_xattr_handler,
NULL,
};
// clang-format on
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 206/862] acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 205/862] ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 207/862] thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() Greg Kroah-Hartman
` (670 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Brauner (Microsoft),
Sasha Levin, Seth Forshee
From: Christian Brauner <brauner@kernel.org>
[ Upstream commit 985a6d0b3c800265a2d5312a52c549bf09254e55 ]
Return EOPNOTSUPP when the POSIX ACL version doesn't match and zero if
there are no entries. This will allow us to reuse the helper in
posix_acl_from_xattr(). This change will have no user visible effects.
Fixes: 0c5fd887d2bb ("acl: move idmapped mount fixup into vfs_{g,s}etxattr()")
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/posix_acl.c | 25 +++++++++----------------
1 file changed, 9 insertions(+), 16 deletions(-)
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 5af33800743e..abe387700ba9 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -710,9 +710,9 @@ EXPORT_SYMBOL(posix_acl_update_mode);
/*
* Fix up the uids and gids in posix acl extended attributes in place.
*/
-static int posix_acl_fix_xattr_common(void *value, size_t size)
+static int posix_acl_fix_xattr_common(const void *value, size_t size)
{
- struct posix_acl_xattr_header *header = value;
+ const struct posix_acl_xattr_header *header = value;
int count;
if (!header)
@@ -720,13 +720,13 @@ static int posix_acl_fix_xattr_common(void *value, size_t size)
if (size < sizeof(struct posix_acl_xattr_header))
return -EINVAL;
if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION))
- return -EINVAL;
+ return -EOPNOTSUPP;
count = posix_acl_xattr_count(size);
if (count < 0)
return -EINVAL;
if (count == 0)
- return -EINVAL;
+ return 0;
return count;
}
@@ -748,7 +748,7 @@ void posix_acl_getxattr_idmapped_mnt(struct user_namespace *mnt_userns,
return;
count = posix_acl_fix_xattr_common(value, size);
- if (count < 0)
+ if (count <= 0)
return;
for (end = entry + count; entry != end; entry++) {
@@ -788,7 +788,7 @@ void posix_acl_setxattr_idmapped_mnt(struct user_namespace *mnt_userns,
return;
count = posix_acl_fix_xattr_common(value, size);
- if (count < 0)
+ if (count <= 0)
return;
for (end = entry + count; entry != end; entry++) {
@@ -822,7 +822,7 @@ static void posix_acl_fix_xattr_userns(
kgid_t gid;
count = posix_acl_fix_xattr_common(value, size);
- if (count < 0)
+ if (count <= 0)
return;
for (end = entry + count; entry != end; entry++) {
@@ -870,16 +870,9 @@ posix_acl_from_xattr(struct user_namespace *user_ns,
struct posix_acl *acl;
struct posix_acl_entry *acl_e;
- if (!value)
- return NULL;
- if (size < sizeof(struct posix_acl_xattr_header))
- return ERR_PTR(-EINVAL);
- if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION))
- return ERR_PTR(-EOPNOTSUPP);
-
- count = posix_acl_xattr_count(size);
+ count = posix_acl_fix_xattr_common(value, size);
if (count < 0)
- return ERR_PTR(-EINVAL);
+ return ERR_PTR(count);
if (count == 0)
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 207/862] thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 206/862] acl: return EOPNOTSUPP in posix_acl_fix_xattr_common() Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 208/862] cpufreq: amd-pstate: Fix initial highest_perf value Greg Kroah-Hartman
` (669 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xuewen Yan, Viresh Kumar,
Rafael J. Wysocki, Sasha Levin
From: Xuewen Yan <xuewen.yan@unisoc.com>
[ Upstream commit cff895277c8558221ba180aefe26799dcb4eec86 ]
Since the policy needs to be accessed first when obtaining cpu devices,
first check whether the policy is legal before this.
Fixes: 5130802ddbb1 ("thermal: cpu_cooling: Switch to QoS requests for freq limits")
Signed-off-by: Xuewen Yan <xuewen.yan@unisoc.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/cpufreq_cooling.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/thermal/cpufreq_cooling.c b/drivers/thermal/cpufreq_cooling.c
index b76293cc989c..7838b6e2dba5 100644
--- a/drivers/thermal/cpufreq_cooling.c
+++ b/drivers/thermal/cpufreq_cooling.c
@@ -501,17 +501,17 @@ __cpufreq_cooling_register(struct device_node *np,
struct thermal_cooling_device_ops *cooling_ops;
char *name;
+ if (IS_ERR_OR_NULL(policy)) {
+ pr_err("%s: cpufreq policy isn't valid: %p\n", __func__, policy);
+ return ERR_PTR(-EINVAL);
+ }
+
dev = get_cpu_device(policy->cpu);
if (unlikely(!dev)) {
pr_warn("No cpu device for cpu %d\n", policy->cpu);
return ERR_PTR(-ENODEV);
}
- if (IS_ERR_OR_NULL(policy)) {
- pr_err("%s: cpufreq policy isn't valid: %p\n", __func__, policy);
- return ERR_PTR(-EINVAL);
- }
-
i = cpufreq_table_count_valid_entries(policy);
if (!i) {
pr_debug("%s: CPUFreq table not found or has no valid entries\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 208/862] cpufreq: amd-pstate: Fix initial highest_perf value
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 207/862] thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 209/862] sh: machvec: Use char[] for section boundaries Greg Kroah-Hartman
` (668 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huang Rui, Perry Yuan,
Rafael J. Wysocki, Sasha Levin
From: Perry Yuan <Perry.Yuan@amd.com>
[ Upstream commit bedadcfb011fef55273bd686e8893fdd8911dcdb ]
To avoid some new AMD processors use wrong highest perf when amd pstate
driver loaded, this fix will query the highest perf from MSR register
MSR_AMD_CPPC_CAP1 and cppc_acpi interface firstly, then compare with the
highest perf value got by calling amd_get_highest_perf() function.
The lower value will be the correct highest perf we need to use.
Otherwise the CPU max MHz will be incorrect if the
amd_get_highest_perf() did not cover the new process family and model ID.
Like this lscpu info, the max frequency is incorrect.
Vendor ID: AuthenticAMD
Socket(s): 1
Stepping: 2
CPU max MHz: 5410.0000
CPU min MHz: 400.0000
BogoMIPS: 5600.54
Fixes: 3743d55b289c2 (x86, sched: Fix the AMD CPPC maximum performance value on certain AMD Ryzen generations)
Acked-by: Huang Rui <ray.huang@amd.com>
Signed-off-by: Perry Yuan <Perry.Yuan@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/amd-pstate.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c
index 9ac75c1cde9c..365f3ad166a7 100644
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -152,6 +152,7 @@ static inline int amd_pstate_enable(bool enable)
static int pstate_init_perf(struct amd_cpudata *cpudata)
{
u64 cap1;
+ u32 highest_perf;
int ret = rdmsrl_safe_on_cpu(cpudata->cpu, MSR_AMD_CPPC_CAP1,
&cap1);
@@ -163,7 +164,11 @@ static int pstate_init_perf(struct amd_cpudata *cpudata)
*
* CPPC entry doesn't indicate the highest performance in some ASICs.
*/
- WRITE_ONCE(cpudata->highest_perf, amd_get_highest_perf());
+ highest_perf = amd_get_highest_perf();
+ if (highest_perf > AMD_CPPC_HIGHEST_PERF(cap1))
+ highest_perf = AMD_CPPC_HIGHEST_PERF(cap1);
+
+ WRITE_ONCE(cpudata->highest_perf, highest_perf);
WRITE_ONCE(cpudata->nominal_perf, AMD_CPPC_NOMINAL_PERF(cap1));
WRITE_ONCE(cpudata->lowest_nonlinear_perf, AMD_CPPC_LOWNONLIN_PERF(cap1));
@@ -175,12 +180,17 @@ static int pstate_init_perf(struct amd_cpudata *cpudata)
static int cppc_init_perf(struct amd_cpudata *cpudata)
{
struct cppc_perf_caps cppc_perf;
+ u32 highest_perf;
int ret = cppc_get_perf_caps(cpudata->cpu, &cppc_perf);
if (ret)
return ret;
- WRITE_ONCE(cpudata->highest_perf, amd_get_highest_perf());
+ highest_perf = amd_get_highest_perf();
+ if (highest_perf > cppc_perf.highest_perf)
+ highest_perf = cppc_perf.highest_perf;
+
+ WRITE_ONCE(cpudata->highest_perf, highest_perf);
WRITE_ONCE(cpudata->nominal_perf, cppc_perf.nominal_perf);
WRITE_ONCE(cpudata->lowest_nonlinear_perf,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 209/862] sh: machvec: Use char[] for section boundaries
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 208/862] cpufreq: amd-pstate: Fix initial highest_perf value Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 210/862] MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create() Greg Kroah-Hartman
` (667 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yoshinori Sato, Rich Felker,
linux-sh, Geert Uytterhoeven, Geert Uytterhoeven,
Gustavo A. R. Silva, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit c5783af354688b24abd359f7086c282ec74de993 ]
As done for other sections, define the extern as a character array,
which relaxes many of the compiler-time object size checks, which would
otherwise assume it's a single long. Solves the following build error:
arch/sh/kernel/machvec.c: error: array subscript 'struct sh_machine_vector[0]' is partly outside array bounds of 'long int[1]' [-Werror=array-bounds]: => 105:33
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Cc: linux-sh@vger.kernel.org
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/lkml/alpine.DEB.2.22.394.2209050944290.964530@ramsan.of.borg/
Fixes: 9655ad03af2d ("sh: Fixup machvec support.")
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Acked-by: Rich Felker <dalias@libc.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sh/include/asm/sections.h | 2 +-
arch/sh/kernel/machvec.c | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/sh/include/asm/sections.h b/arch/sh/include/asm/sections.h
index 8edb824049b9..0cb0ca149ac3 100644
--- a/arch/sh/include/asm/sections.h
+++ b/arch/sh/include/asm/sections.h
@@ -4,7 +4,7 @@
#include <asm-generic/sections.h>
-extern long __machvec_start, __machvec_end;
+extern char __machvec_start[], __machvec_end[];
extern char __uncached_start, __uncached_end;
extern char __start_eh_frame[], __stop_eh_frame[];
diff --git a/arch/sh/kernel/machvec.c b/arch/sh/kernel/machvec.c
index d606679a211e..57efaf5b82ae 100644
--- a/arch/sh/kernel/machvec.c
+++ b/arch/sh/kernel/machvec.c
@@ -20,8 +20,8 @@
#define MV_NAME_SIZE 32
#define for_each_mv(mv) \
- for ((mv) = (struct sh_machine_vector *)&__machvec_start; \
- (mv) && (unsigned long)(mv) < (unsigned long)&__machvec_end; \
+ for ((mv) = (struct sh_machine_vector *)__machvec_start; \
+ (mv) && (unsigned long)(mv) < (unsigned long)__machvec_end; \
(mv)++)
static struct sh_machine_vector * __init get_mv_byname(const char *name)
@@ -87,8 +87,8 @@ void __init sh_mv_setup(void)
if (!machvec_selected) {
unsigned long machvec_size;
- machvec_size = ((unsigned long)&__machvec_end -
- (unsigned long)&__machvec_start);
+ machvec_size = ((unsigned long)__machvec_end -
+ (unsigned long)__machvec_start);
/*
* Sanity check for machvec section alignment. Ensure
@@ -102,7 +102,7 @@ void __init sh_mv_setup(void)
* vector (usually the only one) from .machvec.init.
*/
if (machvec_size >= sizeof(struct sh_machine_vector))
- sh_mv = *(struct sh_machine_vector *)&__machvec_start;
+ sh_mv = *(struct sh_machine_vector *)__machvec_start;
}
pr_notice("Booting machvec: %s\n", get_system_type());
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 210/862] MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 209/862] sh: machvec: Use char[] for section boundaries Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 211/862] MIPS: SGI-IP27: " Greg Kroah-Hartman
` (666 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Yujun, Thomas Bogendoerfer, Sasha Levin
From: Lin Yujun <linyujun809@huawei.com>
[ Upstream commit 1e6d11fe72e311c1989991ee318d239f650fa318 ]
In error case in bridge_platform_create after calling
platform_device_add()/platform_device_add_data()/
platform_device_add_resources(), release the failed
'pdev' or it will be leak, call platform_device_put()
to fix this problem.
Besides, 'pdev' is divided into 'pdev_wd' and 'pdev_bd',
use platform_device_unregister() to release sgi_w1
resources when xtalk-bridge registration fails.
Fixes: fd27234f24ae ("MIPS: add support for SGI Octane (IP30)")
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/sgi-ip30/ip30-xtalk.c | 70 +++++++++++++++++++++++----------
1 file changed, 50 insertions(+), 20 deletions(-)
diff --git a/arch/mips/sgi-ip30/ip30-xtalk.c b/arch/mips/sgi-ip30/ip30-xtalk.c
index 8129524421cb..7ceb2b23ea1c 100644
--- a/arch/mips/sgi-ip30/ip30-xtalk.c
+++ b/arch/mips/sgi-ip30/ip30-xtalk.c
@@ -40,12 +40,15 @@ static void bridge_platform_create(int widget, int masterwid)
{
struct xtalk_bridge_platform_data *bd;
struct sgi_w1_platform_data *wd;
- struct platform_device *pdev;
+ struct platform_device *pdev_wd;
+ struct platform_device *pdev_bd;
struct resource w1_res;
wd = kzalloc(sizeof(*wd), GFP_KERNEL);
- if (!wd)
- goto no_mem;
+ if (!wd) {
+ pr_warn("xtalk:%x bridge create out of memory\n", widget);
+ return;
+ }
snprintf(wd->dev_id, sizeof(wd->dev_id), "bridge-%012lx",
IP30_SWIN_BASE(widget));
@@ -56,24 +59,35 @@ static void bridge_platform_create(int widget, int masterwid)
w1_res.end = w1_res.start + 3;
w1_res.flags = IORESOURCE_MEM;
- pdev = platform_device_alloc("sgi_w1", PLATFORM_DEVID_AUTO);
- if (!pdev) {
- kfree(wd);
- goto no_mem;
+ pdev_wd = platform_device_alloc("sgi_w1", PLATFORM_DEVID_AUTO);
+ if (!pdev_wd) {
+ pr_warn("xtalk:%x bridge create out of memory\n", widget);
+ goto err_kfree_wd;
+ }
+ if (platform_device_add_resources(pdev_wd, &w1_res, 1)) {
+ pr_warn("xtalk:%x bridge failed to add platform resources.\n", widget);
+ goto err_put_pdev_wd;
+ }
+ if (platform_device_add_data(pdev_wd, wd, sizeof(*wd))) {
+ pr_warn("xtalk:%x bridge failed to add platform data.\n", widget);
+ goto err_put_pdev_wd;
+ }
+ if (platform_device_add(pdev_wd)) {
+ pr_warn("xtalk:%x bridge failed to add platform device.\n", widget);
+ goto err_put_pdev_wd;
}
- platform_device_add_resources(pdev, &w1_res, 1);
- platform_device_add_data(pdev, wd, sizeof(*wd));
/* platform_device_add_data() duplicates the data */
kfree(wd);
- platform_device_add(pdev);
bd = kzalloc(sizeof(*bd), GFP_KERNEL);
- if (!bd)
- goto no_mem;
- pdev = platform_device_alloc("xtalk-bridge", PLATFORM_DEVID_AUTO);
- if (!pdev) {
- kfree(bd);
- goto no_mem;
+ if (!bd) {
+ pr_warn("xtalk:%x bridge create out of memory\n", widget);
+ goto err_unregister_pdev_wd;
+ }
+ pdev_bd = platform_device_alloc("xtalk-bridge", PLATFORM_DEVID_AUTO);
+ if (!pdev_bd) {
+ pr_warn("xtalk:%x bridge create out of memory\n", widget);
+ goto err_kfree_bd;
}
bd->bridge_addr = IP30_RAW_SWIN_BASE(widget);
@@ -93,15 +107,31 @@ static void bridge_platform_create(int widget, int masterwid)
bd->io.flags = IORESOURCE_IO;
bd->io_offset = IP30_SWIN_BASE(widget);
- platform_device_add_data(pdev, bd, sizeof(*bd));
+ if (platform_device_add_data(pdev_bd, bd, sizeof(*bd))) {
+ pr_warn("xtalk:%x bridge failed to add platform data.\n", widget);
+ goto err_put_pdev_bd;
+ }
+ if (platform_device_add(pdev_bd)) {
+ pr_warn("xtalk:%x bridge failed to add platform device.\n", widget);
+ goto err_put_pdev_bd;
+ }
/* platform_device_add_data() duplicates the data */
kfree(bd);
- platform_device_add(pdev);
pr_info("xtalk:%x bridge widget\n", widget);
return;
-no_mem:
- pr_warn("xtalk:%x bridge create out of memory\n", widget);
+err_put_pdev_bd:
+ platform_device_put(pdev_bd);
+err_kfree_bd:
+ kfree(bd);
+err_unregister_pdev_wd:
+ platform_device_unregister(pdev_wd);
+ return;
+err_put_pdev_wd:
+ platform_device_put(pdev_wd);
+err_kfree_wd:
+ kfree(wd);
+ return;
}
static unsigned int __init xbow_widget_active(s8 wid)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 211/862] MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 210/862] MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create() Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 212/862] erofs: fix order >= MAX_ORDER warning due to crafted negative i_size Greg Kroah-Hartman
` (665 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Yujun, Thomas Bogendoerfer, Sasha Levin
From: Lin Yujun <linyujun809@huawei.com>
[ Upstream commit 11bec9cba4de06b3c0e9e4041453c2caaa1cbec1 ]
In error case in bridge_platform_create after calling
platform_device_add()/platform_device_add_data()/
platform_device_add_resources(), release the failed
'pdev' or it will be leak, call platform_device_put()
to fix this problem.
Besides, 'pdev' is divided into 'pdev_wd' and 'pdev_bd',
use platform_device_unregister() to release sgi_w1
resources when xtalk-bridge registration fails.
Fixes: 5dc76a96e95a ("MIPS: PCI: use information from 1-wire PROM for IOC3 detection")
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/sgi-ip27/ip27-xtalk.c | 70 +++++++++++++++++++++++----------
1 file changed, 50 insertions(+), 20 deletions(-)
diff --git a/arch/mips/sgi-ip27/ip27-xtalk.c b/arch/mips/sgi-ip27/ip27-xtalk.c
index e762886d1dda..5143d1cf8984 100644
--- a/arch/mips/sgi-ip27/ip27-xtalk.c
+++ b/arch/mips/sgi-ip27/ip27-xtalk.c
@@ -27,15 +27,18 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
{
struct xtalk_bridge_platform_data *bd;
struct sgi_w1_platform_data *wd;
- struct platform_device *pdev;
+ struct platform_device *pdev_wd;
+ struct platform_device *pdev_bd;
struct resource w1_res;
unsigned long offset;
offset = NODE_OFFSET(nasid);
wd = kzalloc(sizeof(*wd), GFP_KERNEL);
- if (!wd)
- goto no_mem;
+ if (!wd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ return;
+ }
snprintf(wd->dev_id, sizeof(wd->dev_id), "bridge-%012lx",
offset + (widget << SWIN_SIZE_BITS));
@@ -46,24 +49,35 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
w1_res.end = w1_res.start + 3;
w1_res.flags = IORESOURCE_MEM;
- pdev = platform_device_alloc("sgi_w1", PLATFORM_DEVID_AUTO);
- if (!pdev) {
- kfree(wd);
- goto no_mem;
+ pdev_wd = platform_device_alloc("sgi_w1", PLATFORM_DEVID_AUTO);
+ if (!pdev_wd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ goto err_kfree_wd;
+ }
+ if (platform_device_add_resources(pdev_wd, &w1_res, 1)) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform resources.\n", nasid, widget);
+ goto err_put_pdev_wd;
+ }
+ if (platform_device_add_data(pdev_wd, wd, sizeof(*wd))) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform data.\n", nasid, widget);
+ goto err_put_pdev_wd;
+ }
+ if (platform_device_add(pdev_wd)) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform device.\n", nasid, widget);
+ goto err_put_pdev_wd;
}
- platform_device_add_resources(pdev, &w1_res, 1);
- platform_device_add_data(pdev, wd, sizeof(*wd));
/* platform_device_add_data() duplicates the data */
kfree(wd);
- platform_device_add(pdev);
bd = kzalloc(sizeof(*bd), GFP_KERNEL);
- if (!bd)
- goto no_mem;
- pdev = platform_device_alloc("xtalk-bridge", PLATFORM_DEVID_AUTO);
- if (!pdev) {
- kfree(bd);
- goto no_mem;
+ if (!bd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ goto err_unregister_pdev_wd;
+ }
+ pdev_bd = platform_device_alloc("xtalk-bridge", PLATFORM_DEVID_AUTO);
+ if (!pdev_bd) {
+ pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+ goto err_kfree_bd;
}
@@ -84,15 +98,31 @@ static void bridge_platform_create(nasid_t nasid, int widget, int masterwid)
bd->io.flags = IORESOURCE_IO;
bd->io_offset = offset;
- platform_device_add_data(pdev, bd, sizeof(*bd));
+ if (platform_device_add_data(pdev_bd, bd, sizeof(*bd))) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform data.\n", nasid, widget);
+ goto err_put_pdev_bd;
+ }
+ if (platform_device_add(pdev_bd)) {
+ pr_warn("xtalk:n%d/%x bridge failed to add platform device.\n", nasid, widget);
+ goto err_put_pdev_bd;
+ }
/* platform_device_add_data() duplicates the data */
kfree(bd);
- platform_device_add(pdev);
pr_info("xtalk:n%d/%x bridge widget\n", nasid, widget);
return;
-no_mem:
- pr_warn("xtalk:n%d/%x bridge create out of memory\n", nasid, widget);
+err_put_pdev_bd:
+ platform_device_put(pdev_bd);
+err_kfree_bd:
+ kfree(bd);
+err_unregister_pdev_wd:
+ platform_device_unregister(pdev_wd);
+ return;
+err_put_pdev_wd:
+ platform_device_put(pdev_wd);
+err_kfree_wd:
+ kfree(wd);
+ return;
}
static int probe_one_port(nasid_t nasid, int widget, int masterwid)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 212/862] erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 211/862] MIPS: SGI-IP27: " Greg Kroah-Hartman
@ 2022-10-19 8:24 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 213/862] erofs: use kill_anon_super() to kill super in fscache mode Greg Kroah-Hartman
` (664 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+f966c13b1b4fc0403b19, Yue Hu,
Gao Xiang, Sasha Levin
From: Gao Xiang <hsiangkao@linux.alibaba.com>
[ Upstream commit 1dd73601a1cba37a0ed5f89a8662c90191df5873 ]
As syzbot reported [1], the root cause is that i_size field is a
signed type, and negative i_size is also less than EROFS_BLKSIZ.
As a consequence, it's handled as fast symlink unexpectedly.
Let's fall back to the generic path to deal with such unusual i_size.
[1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com
Reported-by: syzbot+f966c13b1b4fc0403b19@syzkaller.appspotmail.com
Fixes: 431339ba9042 ("staging: erofs: add inode operations")
Reviewed-by: Yue Hu <huyue2@coolpad.com>
Link: https://lore.kernel.org/r/20220909023948.28925-1-hsiangkao@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/erofs/inode.c b/fs/erofs/inode.c
index 95a403720e8c..16cf9a283557 100644
--- a/fs/erofs/inode.c
+++ b/fs/erofs/inode.c
@@ -214,7 +214,7 @@ static int erofs_fill_symlink(struct inode *inode, void *kaddr,
/* if it cannot be handled with fast symlink scheme */
if (vi->datalayout != EROFS_INODE_FLAT_INLINE ||
- inode->i_size >= EROFS_BLKSIZ) {
+ inode->i_size >= EROFS_BLKSIZ || inode->i_size < 0) {
inode->i_op = &erofs_symlink_iops;
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 213/862] erofs: use kill_anon_super() to kill super in fscache mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-10-19 8:24 ` [PATCH 6.0 212/862] erofs: fix order >= MAX_ORDER warning due to crafted negative i_size Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 214/862] ARM: 9243/1: riscpc: Unbreak the build Greg Kroah-Hartman
` (663 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jingbo Xu, Jia Zhu, Gao Xiang, Sasha Levin
From: Jia Zhu <zhujia.zj@bytedance.com>
[ Upstream commit 1015c1016c231b26d4e2c9b3da65b6c043eb97a3 ]
Use kill_anon_super() instead of generic_shutdown_super() since the
mount() in erofs fscache mode uses get_tree_nodev() and associated
anon bdev needs to be freed.
Fixes: 9c0cc9c729657 ("erofs: add 'fsid' mount option")
Suggested-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Signed-off-by: Jia Zhu <zhujia.zj@bytedance.com>
Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220918043456.147-2-zhujia.zj@bytedance.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/erofs/super.c b/fs/erofs/super.c
index 3173debeaa5a..9716d355a63e 100644
--- a/fs/erofs/super.c
+++ b/fs/erofs/super.c
@@ -879,7 +879,7 @@ static void erofs_kill_sb(struct super_block *sb)
WARN_ON(sb->s_magic != EROFS_SUPER_MAGIC);
if (erofs_is_fscache_mode(sb))
- generic_shutdown_super(sb);
+ kill_anon_super(sb);
else
kill_block_super(sb);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 214/862] ARM: 9243/1: riscpc: Unbreak the build
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 213/862] erofs: use kill_anon_super() to kill super in fscache mode Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 215/862] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Greg Kroah-Hartman
` (662 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel, Russell King
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, linux-arm-kernel,
Bart Van Assche, Russell King (Oracle),
Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 32844a8eecaa4a3e65841c53e43e04a9087d1ef6 ]
This patch fixes the following build error:
In file included from ./include/linux/io.h:13,
from ./arch/arm/mach-rpc/include/mach/uncompress.h:9,
from arch/arm/boot/compressed/misc.c:31:
./arch/arm/include/asm/io.h:85:22: error: conflicting types for ‘__raw_writeb’
85 | #define __raw_writeb __raw_writeb
| ^~~~~~~~~~~~
./arch/arm/include/asm/io.h:86:20: note: in expansion of macro ‘__raw_writeb’
86 | static inline void __raw_writeb(u8 val, volatile void __iomem *addr)
| ^~~~~~~~~~~~
In file included from arch/arm/boot/compressed/misc.c:26:
arch/arm/boot/compressed/misc-ep93xx.h:13:20: note: previous definition of ‘__raw_writeb’ was here
13 | static inline void __raw_writeb(unsigned char value, unsigned int ptr)
| ^~~~~~~~~~~~
To: Russell King <linux@armlinux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: linux-arm-kernel@lists.infradead.org
Fixes: 0361c7e504b1 ("ARM: ep93xx: multiplatform support")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/compressed/misc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c
index cb2e069dc73f..abfed1aa2baa 100644
--- a/arch/arm/boot/compressed/misc.c
+++ b/arch/arm/boot/compressed/misc.c
@@ -23,7 +23,9 @@ unsigned int __machine_arch_type;
#include <linux/types.h>
#include <linux/linkage.h>
#include "misc.h"
+#ifdef CONFIG_ARCH_EP93XX
#include "misc-ep93xx.h"
+#endif
static void putstr(const char *ptr);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 215/862] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 214/862] ARM: 9243/1: riscpc: Unbreak the build Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 216/862] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Greg Kroah-Hartman
` (661 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, Russell King (Oracle),
Sasha Levin
From: Wang Kefeng <wangkefeng.wang@huawei.com>
[ Upstream commit 2ccd19b3ffac07cc7e75a2bd1ed779728bb67197 ]
After ARM supports p4d page tables, the pg_level for note_page()
in walk_pmd() should be 4, not 3, fix it.
Fixes: 84e6ffb2c49c ("arm: add support for folded p4d page tables")
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/dump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mm/dump.c b/arch/arm/mm/dump.c
index fb688003d156..712da6a81b23 100644
--- a/arch/arm/mm/dump.c
+++ b/arch/arm/mm/dump.c
@@ -346,7 +346,7 @@ static void walk_pmd(struct pg_state *st, pud_t *pud, unsigned long start)
addr = start + i * PMD_SIZE;
domain = get_domain_name(pmd);
if (pmd_none(*pmd) || pmd_large(*pmd) || !pmd_present(*pmd))
- note_page(st, addr, 3, pmd_val(*pmd), domain);
+ note_page(st, addr, 4, pmd_val(*pmd), domain);
else
walk_pte(st, pmd, addr, domain);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 216/862] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 215/862] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 217/862] ACPI: PCC: Release resources on address space setup failure path Greg Kroah-Hartman
` (660 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kefeng Wang, Russell King (Oracle),
Sasha Levin
From: Wang Kefeng <wangkefeng.wang@huawei.com>
[ Upstream commit 14ca1a4690750bb54e1049e49f3140ef48958a6e ]
MT_MEMORY_RO is introduced by commit 598f0a99fa8a ("ARM: 9210/1:
Mark the FDT_FIXED sections as shareable"), which is a readonly
memory type for FDT area, but there are some different between
ARM_LPAE and non-ARM_LPAE, we need to setup PMD_SECT_AP2 and
L_PMD_SECT_RDONLY for MT_MEMORY_RO when ARM_LAPE enabled.
non-ARM_LPAE 0xff800000-0xffa00000 2M PGD KERNEL ro NX SHD
ARM_LPAE 0xff800000-0xffc00000 4M PMD RW NX SHD
ARM_LPAE+fix 0xff800000-0xffc00000 4M PMD ro NX SHD
Fixes: 598f0a99fa8a ("ARM: 9210/1: Mark the FDT_FIXED sections as shareable")
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/mmu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
index a49f0b9c0f75..463fc2a8448f 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -300,7 +300,11 @@ static struct mem_type mem_types[] __ro_after_init = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
L_PTE_XN | L_PTE_RDONLY,
.prot_l1 = PMD_TYPE_TABLE,
+#ifdef CONFIG_ARM_LPAE
+ .prot_sect = PMD_TYPE_SECT | L_PMD_SECT_RDONLY | PMD_SECT_AP2,
+#else
.prot_sect = PMD_TYPE_SECT,
+#endif
.domain = DOMAIN_KERNEL,
},
[MT_ROM] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 217/862] ACPI: PCC: Release resources on address space setup failure path
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 216/862] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 218/862] ACPI: PCC: replace wait_for_completion() Greg Kroah-Hartman
` (659 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafael Mendonca, Sudeep Holla,
Rafael J. Wysocki, Sasha Levin
From: Rafael Mendonca <rafaelmendsr@gmail.com>
[ Upstream commit f890157e61b85ce8ae01a41ffa375e3b99853698 ]
The allocated memory for the pcc_data struct doesn't get freed under an
error path in pcc_mbox_request_channel() or acpi_os_ioremap(). Also, the
PCC mailbox channel doesn't get freed under an error path in
acpi_os_ioremap().
Fixes: 77e2a04745ff8 ("ACPI: PCC: Implement OperationRegion handler for the PCC Type 3 subtype")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_pcc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/acpi_pcc.c b/drivers/acpi/acpi_pcc.c
index a12b55d81209..84f1ac416b57 100644
--- a/drivers/acpi/acpi_pcc.c
+++ b/drivers/acpi/acpi_pcc.c
@@ -63,6 +63,7 @@ acpi_pcc_address_space_setup(acpi_handle region_handle, u32 function,
if (IS_ERR(data->pcc_chan)) {
pr_err("Failed to find PCC channel for subspace %d\n",
ctx->subspace_id);
+ kfree(data);
return AE_NOT_FOUND;
}
@@ -72,6 +73,8 @@ acpi_pcc_address_space_setup(acpi_handle region_handle, u32 function,
if (!data->pcc_comm_addr) {
pr_err("Failed to ioremap PCC comm region mem for %d\n",
ctx->subspace_id);
+ pcc_mbox_free_channel(data->pcc_chan);
+ kfree(data);
return AE_NO_MEMORY;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 218/862] ACPI: PCC: replace wait_for_completion()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 217/862] ACPI: PCC: Release resources on address space setup failure path Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 219/862] ACPI: PCC: Fix Tx acknowledge in the PCC address space handler Greg Kroah-Hartman
` (658 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huisong Li, Sudeep Holla,
Rafael J. Wysocki, Sasha Levin
From: Huisong Li <lihuisong@huawei.com>
[ Upstream commit 91cefefb699120efd0a5ba345d12626b688f86ce ]
Currently, the function waiting for completion of mailbox operation is
'wait_for_completion()'. The PCC method will be permanently blocked if
this mailbox message fails to execute. So this patch replaces it with
'wait_for_completion_timeout()'. And set the timeout interval to an
arbitrary retries on top of nominal to prevent the remote processor is
slow to respond to PCC commands.
Fixes: 77e2a04745ff ("ACPI: PCC: Implement OperationRegion handler for the PCC Type 3 subtype")
Signed-off-by: Huisong Li <lihuisong@huawei.com>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_pcc.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/acpi_pcc.c b/drivers/acpi/acpi_pcc.c
index 84f1ac416b57..16ba875e3293 100644
--- a/drivers/acpi/acpi_pcc.c
+++ b/drivers/acpi/acpi_pcc.c
@@ -23,6 +23,12 @@
#include <acpi/pcc.h>
+/*
+ * Arbitrary retries in case the remote processor is slow to respond
+ * to PCC commands
+ */
+#define PCC_CMD_WAIT_RETRIES_NUM 500
+
struct pcc_data {
struct pcc_mbox_chan *pcc_chan;
void __iomem *pcc_comm_addr;
@@ -89,6 +95,7 @@ acpi_pcc_address_space_handler(u32 function, acpi_physical_address addr,
{
int ret;
struct pcc_data *data = region_context;
+ u64 usecs_lat;
reinit_completion(&data->done);
@@ -99,8 +106,20 @@ acpi_pcc_address_space_handler(u32 function, acpi_physical_address addr,
if (ret < 0)
return AE_ERROR;
- if (data->pcc_chan->mchan->mbox->txdone_irq)
- wait_for_completion(&data->done);
+ if (data->pcc_chan->mchan->mbox->txdone_irq) {
+ /*
+ * pcc_chan->latency is just a Nominal value. In reality the remote
+ * processor could be much slower to reply. So add an arbitrary
+ * amount of wait on top of Nominal.
+ */
+ usecs_lat = PCC_CMD_WAIT_RETRIES_NUM * data->pcc_chan->latency;
+ ret = wait_for_completion_timeout(&data->done,
+ usecs_to_jiffies(usecs_lat));
+ if (ret == 0) {
+ pr_err("PCC command executed timeout!\n");
+ return AE_TIME;
+ }
+ }
mbox_client_txdone(data->pcc_chan->mchan, ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 219/862] ACPI: PCC: Fix Tx acknowledge in the PCC address space handler
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 218/862] ACPI: PCC: replace wait_for_completion() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 220/862] objtool: Preserve special st_shndx indexes in elf_update_symbol Greg Kroah-Hartman
` (657 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huisong Li, Sudeep Holla,
Rafael J. Wysocki, Sasha Levin
From: Huisong Li <lihuisong@huawei.com>
[ Upstream commit 18729106c26fb97d4c9ae63ba7aba9889a058dc4 ]
Currently, mbox_client_txdone() is called from the PCC address space
handler and that expects the user the Tx state machine to be controlled
by the client which is not the case and the below warning is thrown:
| PCCT: Client can't run the TX ticker
Let the controller run the state machine and the end of Tx can be
acknowledge by calling mbox_chan_txdone() instead.
Fixes: 77e2a04745ff ("ACPI: PCC: Implement OperationRegion handler for the PCC Type 3 subtype")
Signed-off-by: Huisong Li <lihuisong@huawei.com>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_pcc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/acpi_pcc.c b/drivers/acpi/acpi_pcc.c
index 16ba875e3293..ee4ce5ba1fb2 100644
--- a/drivers/acpi/acpi_pcc.c
+++ b/drivers/acpi/acpi_pcc.c
@@ -121,7 +121,7 @@ acpi_pcc_address_space_handler(u32 function, acpi_physical_address addr,
}
}
- mbox_client_txdone(data->pcc_chan->mchan, ret);
+ mbox_chan_txdone(data->pcc_chan->mchan, ret);
memcpy_fromio(value, data->pcc_comm_addr, data->ctx.length);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 220/862] objtool: Preserve special st_shndx indexes in elf_update_symbol
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 219/862] ACPI: PCC: Fix Tx acknowledge in the PCC address space handler Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 221/862] nfsd: Fix a memory leak in an error handling path Greg Kroah-Hartman
` (656 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sami Tolvanen, Peter Zijlstra (Intel),
Kees Cook, Sasha Levin
From: Sami Tolvanen <samitolvanen@google.com>
[ Upstream commit 5141d3a06b2da1731ac82091298b766a1f95d3d8 ]
elf_update_symbol fails to preserve the special st_shndx values
between [SHN_LORESERVE, SHN_HIRESERVE], which results in it
converting SHN_ABS entries into SHN_UNDEF, for example. Explicitly
check for the special indexes and ensure these symbols are not
marked undefined.
Fixes: ead165fa1042 ("objtool: Fix symbol creation")
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220908215504.3686827-17-samitolvanen@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/objtool/elf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index c25e957c1e52..7e24b09b1163 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -619,6 +619,11 @@ static int elf_update_symbol(struct elf *elf, struct section *symtab,
Elf64_Xword entsize = symtab->sh.sh_entsize;
int max_idx, idx = sym->idx;
Elf_Scn *s, *t = NULL;
+ bool is_special_shndx = sym->sym.st_shndx >= SHN_LORESERVE &&
+ sym->sym.st_shndx != SHN_XINDEX;
+
+ if (is_special_shndx)
+ shndx = sym->sym.st_shndx;
s = elf_getscn(elf->elf, symtab->idx);
if (!s) {
@@ -704,7 +709,7 @@ static int elf_update_symbol(struct elf *elf, struct section *symtab,
}
/* setup extended section index magic and write the symbol */
- if (shndx >= SHN_UNDEF && shndx < SHN_LORESERVE) {
+ if ((shndx >= SHN_UNDEF && shndx < SHN_LORESERVE) || is_special_shndx) {
sym->sym.st_shndx = shndx;
if (!shndx_data)
shndx = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 221/862] nfsd: Fix a memory leak in an error handling path
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 220/862] objtool: Preserve special st_shndx indexes in elf_update_symbol Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 222/862] SUNRPC: Fix svcxdr_init_decodes end-of-buffer calculation Greg Kroah-Hartman
` (655 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Jeff Layton,
Chuck Lever, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit fd1ef88049de09bc70d60b549992524cfc0e66ff ]
If this memdup_user() call fails, the memory allocated in a previous call
a few lines above should be freed. Otherwise it leaks.
Fixes: 6ee95d1c8991 ("nfsd: add support for upcall version 2")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4recover.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index c634483d85d2..8f24485e0f04 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -815,8 +815,10 @@ __cld_pipe_inprogress_downcall(const struct cld_msg_v2 __user *cmsg,
princhash.data = memdup_user(
&ci->cc_princhash.cp_data,
princhashlen);
- if (IS_ERR_OR_NULL(princhash.data))
+ if (IS_ERR_OR_NULL(princhash.data)) {
+ kfree(name.data);
return -EFAULT;
+ }
princhash.len = princhashlen;
} else
princhash.len = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 222/862] SUNRPC: Fix svcxdr_init_decodes end-of-buffer calculation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 221/862] nfsd: Fix a memory leak in an error handling path Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 223/862] SUNRPC: Fix svcxdr_init_encodes buflen calculation Greg Kroah-Hartman
` (654 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Layton, Chuck Lever, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 90bfc37b5ab91c1a6165e3e5cfc49bf04571b762 ]
Ensure that stream-based argument decoding can't go past the actual
end of the receive buffer. xdr_init_decode's calculation of the
value of xdr->end over-estimates the end of the buffer because the
Linux kernel RPC server code does not remove the size of the RPC
header from rqstp->rq_arg before calling the upper layer's
dispatcher.
The server-side still uses the svc_getnl() macros to decode the
RPC call header. These macros reduce the length of the head iov
but do not update the total length of the message in the buffer
(buf->len).
A proper fix for this would be to replace the use of svc_getnl() and
friends in the RPC header decoder, but that would be a large and
invasive change that would be difficult to backport.
Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sunrpc/svc.h | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
index daecb009c05b..5a830b66f059 100644
--- a/include/linux/sunrpc/svc.h
+++ b/include/linux/sunrpc/svc.h
@@ -544,16 +544,27 @@ static inline void svc_reserve_auth(struct svc_rqst *rqstp, int space)
}
/**
- * svcxdr_init_decode - Prepare an xdr_stream for svc Call decoding
+ * svcxdr_init_decode - Prepare an xdr_stream for Call decoding
* @rqstp: controlling server RPC transaction context
*
+ * This function currently assumes the RPC header in rq_arg has
+ * already been decoded. Upon return, xdr->p points to the
+ * location of the upper layer header.
*/
static inline void svcxdr_init_decode(struct svc_rqst *rqstp)
{
struct xdr_stream *xdr = &rqstp->rq_arg_stream;
- struct kvec *argv = rqstp->rq_arg.head;
+ struct xdr_buf *buf = &rqstp->rq_arg;
+ struct kvec *argv = buf->head;
- xdr_init_decode(xdr, &rqstp->rq_arg, argv->iov_base, NULL);
+ /*
+ * svc_getnl() and friends do not keep the xdr_buf's ::len
+ * field up to date. Refresh that field before initializing
+ * the argument decoding stream.
+ */
+ buf->len = buf->head->iov_len + buf->page_len + buf->tail->iov_len;
+
+ xdr_init_decode(xdr, buf, argv->iov_base, NULL);
xdr_set_scratch_page(xdr, rqstp->rq_scratch_page);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 223/862] SUNRPC: Fix svcxdr_init_encodes buflen calculation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 222/862] SUNRPC: Fix svcxdr_init_decodes end-of-buffer calculation Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 224/862] NFSD: Protect against send buffer overflow in NFSv2 READDIR Greg Kroah-Hartman
` (653 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Layton, Chuck Lever, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 1242a87da0d8cd2a428e96ca68e7ea899b0f4624 ]
Commit 2825a7f90753 ("nfsd4: allow encoding across page boundaries")
added an explicit computation of the remaining length in the rq_res
XDR buffer.
The computation appears to suffer from an "off-by-one" bug. Because
buflen is too large by one page, XDR encoding can run off the end of
the send buffer by eventually trying to use the struct page address
in rq_page_end, which always contains NULL.
Fixes: bddfdbcddbe2 ("NFSD: Extract the svcxdr_init_encode() helper")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sunrpc/svc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
index 5a830b66f059..0ca8a8ffb47e 100644
--- a/include/linux/sunrpc/svc.h
+++ b/include/linux/sunrpc/svc.h
@@ -587,7 +587,7 @@ static inline void svcxdr_init_encode(struct svc_rqst *rqstp)
xdr->end = resv->iov_base + PAGE_SIZE - rqstp->rq_auth_slack;
buf->len = resv->iov_len;
xdr->page_ptr = buf->pages - 1;
- buf->buflen = PAGE_SIZE * (1 + rqstp->rq_page_end - buf->pages);
+ buf->buflen = PAGE_SIZE * (rqstp->rq_page_end - buf->pages);
buf->buflen -= rqstp->rq_auth_slack;
xdr->rqst = NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 224/862] NFSD: Protect against send buffer overflow in NFSv2 READDIR
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 223/862] SUNRPC: Fix svcxdr_init_encodes buflen calculation Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 225/862] NFSD: Fix handling of oversized NFSv4 COMPOUND requests Greg Kroah-Hartman
` (652 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuck Lever, Jeff Layton, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 00b4492686e0497fdb924a9d4c8f6f99377e176c ]
Restore the previous limit on the @count argument to prevent a
buffer overflow attack.
Fixes: 53b1119a6e50 ("NFSD: Fix READDIR buffer overflow")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfsproc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/nfsd/nfsproc.c b/fs/nfsd/nfsproc.c
index fcbf7e4083af..4b19cc727ea5 100644
--- a/fs/nfsd/nfsproc.c
+++ b/fs/nfsd/nfsproc.c
@@ -568,12 +568,11 @@ static void nfsd_init_dirlist_pages(struct svc_rqst *rqstp,
struct xdr_buf *buf = &resp->dirlist;
struct xdr_stream *xdr = &resp->xdr;
- count = clamp(count, (u32)(XDR_UNIT * 2), svc_max_payload(rqstp));
-
memset(buf, 0, sizeof(*buf));
/* Reserve room for the NULL ptr & eof flag (-2 words) */
- buf->buflen = count - XDR_UNIT * 2;
+ buf->buflen = clamp(count, (u32)(XDR_UNIT * 2), (u32)PAGE_SIZE);
+ buf->buflen -= XDR_UNIT * 2;
buf->pages = rqstp->rq_next_page;
rqstp->rq_next_page++;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 225/862] NFSD: Fix handling of oversized NFSv4 COMPOUND requests
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 224/862] NFSD: Protect against send buffer overflow in NFSv2 READDIR Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 226/862] x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled Greg Kroah-Hartman
` (651 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bruce Fields, Chuck Lever, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 7518a3dc5ea249d4112156ce71b8b184eb786151 ]
If an NFS server returns NFS4ERR_RESOURCE on the first operation in
an NFSv4 COMPOUND, there's no way for a client to know where the
problem is and then simplify the compound to make forward progress.
So instead, make NFSD process as many operations in an oversized
COMPOUND as it can and then return NFS4ERR_RESOURCE on the first
operation it did not process.
pynfs NFSv4.0 COMP6 exercises this case, but checks only for the
COMPOUND status code, not whether the server has processed any
of the operations.
pynfs NFSv4.1 SEQ6 and SEQ7 exercise the NFSv4.1 case, which detects
too many operations per COMPOUND by checking against the limits
negotiated when the session was created.
Suggested-by: Bruce Fields <bfields@fieldses.org>
Fixes: 0078117c6d91 ("nfsd: return RESOURCE not GARBAGE_ARGS on too many ops")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4proc.c | 19 +++++++++++++------
fs/nfsd/nfs4xdr.c | 12 +++---------
fs/nfsd/xdr4.h | 3 ++-
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 0437210b9898..22de5e0249ea 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -2633,9 +2633,6 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
status = nfserr_minor_vers_mismatch;
if (nfsd_minorversion(nn, args->minorversion, NFSD_TEST) <= 0)
goto out;
- status = nfserr_resource;
- if (args->opcnt > NFSD_MAX_OPS_PER_COMPOUND)
- goto out;
status = nfs41_check_op_ordering(args);
if (status) {
@@ -2648,10 +2645,20 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
rqstp->rq_lease_breaker = (void **)&cstate->clp;
- trace_nfsd_compound(rqstp, args->opcnt);
+ trace_nfsd_compound(rqstp, args->client_opcnt);
while (!status && resp->opcnt < args->opcnt) {
op = &args->ops[resp->opcnt++];
+ if (unlikely(resp->opcnt == NFSD_MAX_OPS_PER_COMPOUND)) {
+ /* If there are still more operations to process,
+ * stop here and report NFS4ERR_RESOURCE. */
+ if (cstate->minorversion == 0 &&
+ args->client_opcnt > resp->opcnt) {
+ op->status = nfserr_resource;
+ goto encode_op;
+ }
+ }
+
/*
* The XDR decode routines may have pre-set op->status;
* for example, if there is a miscellaneous XDR error
@@ -2727,8 +2734,8 @@ nfsd4_proc_compound(struct svc_rqst *rqstp)
status = op->status;
}
- trace_nfsd_compound_status(args->opcnt, resp->opcnt, status,
- nfsd4_op_name(op->opnum));
+ trace_nfsd_compound_status(args->client_opcnt, resp->opcnt,
+ status, nfsd4_op_name(op->opnum));
nfsd4_cstate_clear_replay(cstate);
nfsd4_increment_op_stats(op->opnum);
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 1e9690a061ec..ac1b03cf05a5 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2357,16 +2357,10 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
if (xdr_stream_decode_u32(argp->xdr, &argp->minorversion) < 0)
return false;
- if (xdr_stream_decode_u32(argp->xdr, &argp->opcnt) < 0)
+ if (xdr_stream_decode_u32(argp->xdr, &argp->client_opcnt) < 0)
return false;
-
- /*
- * NFS4ERR_RESOURCE is a more helpful error than GARBAGE_ARGS
- * here, so we return success at the xdr level so that
- * nfsd4_proc can handle this is an NFS-level error.
- */
- if (argp->opcnt > NFSD_MAX_OPS_PER_COMPOUND)
- return true;
+ argp->opcnt = min_t(u32, argp->client_opcnt,
+ NFSD_MAX_OPS_PER_COMPOUND);
if (argp->opcnt > ARRAY_SIZE(argp->iops)) {
argp->ops = kzalloc(argp->opcnt * sizeof(*argp->ops), GFP_KERNEL);
diff --git a/fs/nfsd/xdr4.h b/fs/nfsd/xdr4.h
index 96267258e629..466e2786fc97 100644
--- a/fs/nfsd/xdr4.h
+++ b/fs/nfsd/xdr4.h
@@ -717,9 +717,10 @@ struct nfsd4_compoundargs {
struct svcxdr_tmpbuf *to_free;
struct svc_rqst *rqstp;
- u32 taglen;
char * tag;
+ u32 taglen;
u32 minorversion;
+ u32 client_opcnt;
u32 opcnt;
struct nfsd4_op *ops;
struct nfsd4_op iops[8];
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 226/862] x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 225/862] NFSD: Fix handling of oversized NFSv4 COMPOUND requests Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 227/862] m68k: Process bootinfo records before saving them Greg Kroah-Hartman
` (650 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bill Wendling, Juergen Gross,
Kees Cook, Sasha Levin, Nathan Chancellor
From: Bill Wendling <morbo@google.com>
[ Upstream commit 8c86f29bfb18465d15b05cfd26a6454ec787b793 ]
The ZERO_CALL_USED_REGS feature may zero out caller-saved registers
before returning.
In spurious_kernel_fault(), the "pte_offset_kernel()" call results in
this assembly code:
.Ltmp151:
#APP
# ALT: oldnstr
.Ltmp152:
.Ltmp153:
.Ltmp154:
.section .discard.retpoline_safe,"",@progbits
.quad .Ltmp154
.text
callq *pv_ops+536(%rip)
.Ltmp155:
.section .parainstructions,"a",@progbits
.p2align 3, 0x0
.quad .Ltmp153
.byte 67
.byte .Ltmp155-.Ltmp153
.short 1
.text
.Ltmp156:
# ALT: padding
.zero (-(((.Ltmp157-.Ltmp158)-(.Ltmp156-.Ltmp152))>0))*((.Ltmp157-.Ltmp158)-(.Ltmp156-.Ltmp152)),144
.Ltmp159:
.section .altinstructions,"a",@progbits
.Ltmp160:
.long .Ltmp152-.Ltmp160
.Ltmp161:
.long .Ltmp158-.Ltmp161
.short 33040
.byte .Ltmp159-.Ltmp152
.byte .Ltmp157-.Ltmp158
.text
.section .altinstr_replacement,"ax",@progbits
# ALT: replacement 1
.Ltmp158:
movq %rdi, %rax
.Ltmp157:
.text
#NO_APP
.Ltmp162:
testb $-128, %dil
The "testb" here is using %dil, but the %rdi register was cleared before
returning from "callq *pv_ops+536(%rip)". Adding the proper constraints
results in the use of a different register:
movq %r11, %rdi
# Similar to above.
testb $-128, %r11b
Link: https://github.com/KSPP/linux/issues/192
Signed-off-by: Bill Wendling <morbo@google.com>
Reported-and-tested-by: Nathan Chancellor <nathan@kernel.org>
Fixes: 035f7f87b729 ("randstruct: Enable Clang support")
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/lkml/fa6df43b-8a1a-8ad1-0236-94d2a0b588fa@suse.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220902213750.1124421-3-morbo@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/paravirt_types.h | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index 89df6c6617f5..bc2e1b67319d 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -414,8 +414,17 @@ int paravirt_disable_iospace(void);
"=c" (__ecx)
#define PVOP_CALL_CLOBBERS PVOP_VCALL_CLOBBERS, "=a" (__eax)
-/* void functions are still allowed [re]ax for scratch */
+/*
+ * void functions are still allowed [re]ax for scratch.
+ *
+ * The ZERO_CALL_USED REGS feature may end up zeroing out callee-saved
+ * registers. Make sure we model this with the appropriate clobbers.
+ */
+#ifdef CONFIG_ZERO_CALL_USED_REGS
+#define PVOP_VCALLEE_CLOBBERS "=a" (__eax), PVOP_VCALL_CLOBBERS
+#else
#define PVOP_VCALLEE_CLOBBERS "=a" (__eax)
+#endif
#define PVOP_CALLEE_CLOBBERS PVOP_VCALLEE_CLOBBERS
#define EXTRA_CLOBBERS , "r8", "r9", "r10", "r11"
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 227/862] m68k: Process bootinfo records before saving them
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 226/862] x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 228/862] libbpf: Initialize err in probe_map_create Greg Kroah-Hartman
` (649 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld,
Geert Uytterhoeven, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 7c236d93c6764dcaca7ab66d76768a044647876d ]
The RNG seed boot record is memzeroed after processing, in order to
preserve forward secrecy. By saving the bootinfo for procfs prior to
that, forward secrecy is violated, since it becomes possible to recover
past states. So, save the bootinfo block only after first processing
them.
Fixes: a1ee38ab1a75 ("m68k: virt: Use RNG seed from bootinfo block")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20220927130835.1629806-1-Jason@zx2c4.com
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/kernel/setup_mm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/m68k/kernel/setup_mm.c b/arch/m68k/kernel/setup_mm.c
index e62fa8f2149b..7e7ef67cff8b 100644
--- a/arch/m68k/kernel/setup_mm.c
+++ b/arch/m68k/kernel/setup_mm.c
@@ -109,10 +109,9 @@ extern void paging_init(void);
static void __init m68k_parse_bootinfo(const struct bi_record *record)
{
+ const struct bi_record *first_record = record;
uint16_t tag;
- save_bootinfo(record);
-
while ((tag = be16_to_cpu(record->tag)) != BI_LAST) {
int unknown = 0;
const void *data = record->data;
@@ -182,6 +181,8 @@ static void __init m68k_parse_bootinfo(const struct bi_record *record)
record = (struct bi_record *)((unsigned long)record + size);
}
+ save_bootinfo(first_record);
+
m68k_realnum_memory = m68k_num_memory;
#ifdef CONFIG_SINGLE_MEMORY_CHUNK
if (m68k_num_memory > 1) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 228/862] libbpf: Initialize err in probe_map_create
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 227/862] m68k: Process bootinfo records before saving them Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 229/862] wifi: rtlwifi: 8192de: correct checking of IQK reload Greg Kroah-Hartman
` (648 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Andrii Nakryiko,
Jiri Olsa, Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 3045f42a64324d339125a8a1a1763bb9e1e08300 ]
GCC-11 warns about the possibly unitialized err variable in
probe_map_create:
libbpf_probes.c: In function 'probe_map_create':
libbpf_probes.c:361:38: error: 'err' may be used uninitialized in this function [-Werror=maybe-uninitialized]
361 | return fd < 0 && err == exp_err ? 1 : 0;
| ~~~~^~~~~~~~~~
Fixes: 878d8def0603 ("libbpf: Rework feature-probing APIs")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/bpf/20220801025109.1206633-1-f.fainelli@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf_probes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/libbpf_probes.c b/tools/lib/bpf/libbpf_probes.c
index 0b5398786bf3..6d495656f554 100644
--- a/tools/lib/bpf/libbpf_probes.c
+++ b/tools/lib/bpf/libbpf_probes.c
@@ -193,7 +193,7 @@ static int probe_map_create(enum bpf_map_type map_type)
LIBBPF_OPTS(bpf_map_create_opts, opts);
int key_size, value_size, max_entries;
__u32 btf_key_type_id = 0, btf_value_type_id = 0;
- int fd = -1, btf_fd = -1, fd_inner = -1, exp_err = 0, err;
+ int fd = -1, btf_fd = -1, fd_inner = -1, exp_err = 0, err = 0;
key_size = sizeof(__u32);
value_size = sizeof(__u32);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 229/862] wifi: rtlwifi: 8192de: correct checking of IQK reload
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 228/862] libbpf: Initialize err in probe_map_create Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 230/862] wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices Greg Kroah-Hartman
` (647 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ping-Ke Shih, Kalle Valo, Sasha Levin
From: Ping-Ke Shih <pkshih@realtek.com>
[ Upstream commit 93fbc1ebd978cf408ef5765e9c1630fce9a8621b ]
Since IQK could spend time, we make a cache of IQK result matrix that looks
like iqk_matrix[channel_idx].val[x][y], and we can reload the matrix if we
have made a cache. To determine a cache is made, we check
iqk_matrix[channel_idx].val[0][0].
The initial commit 7274a8c22980 ("rtlwifi: rtl8192de: Merge phy routines")
make a mistake that checks incorrect iqk_matrix[channel_idx].val[0] that
is always true, and this mistake is found by commit ee3db469dd31
("wifi: rtlwifi: remove always-true condition pointed out by GCC 12"), so
I recall the vendor driver to find fix and apply the correctness.
Fixes: 7274a8c22980 ("rtlwifi: rtl8192de: Merge phy routines")
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220801113345.42016-1-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c
index 15e6a6aded31..d18c092b6142 100644
--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c
@@ -2386,11 +2386,10 @@ void rtl92d_phy_reload_iqk_setting(struct ieee80211_hw *hw, u8 channel)
rtl_dbg(rtlpriv, COMP_SCAN, DBG_LOUD,
"Just Read IQK Matrix reg for channel:%d....\n",
channel);
- _rtl92d_phy_patha_fill_iqk_matrix(hw, true,
- rtlphy->iqk_matrix[
- indexforchannel].value, 0,
- (rtlphy->iqk_matrix[
- indexforchannel].value[0][2] == 0));
+ if (rtlphy->iqk_matrix[indexforchannel].value[0][0] != 0)
+ _rtl92d_phy_patha_fill_iqk_matrix(hw, true,
+ rtlphy->iqk_matrix[indexforchannel].value, 0,
+ rtlphy->iqk_matrix[indexforchannel].value[0][2] == 0);
if (IS_92D_SINGLEPHY(rtlhal->version)) {
if ((rtlphy->iqk_matrix[
indexforchannel].value[0][4] != 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 230/862] wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 229/862] wifi: rtlwifi: 8192de: correct checking of IQK reload Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 231/862] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Greg Kroah-Hartman
` (646 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Youghandhar Chintala, Kalle Valo,
Sasha Levin
From: Youghandhar Chintala <quic_youghand@quicinc.com>
[ Upstream commit d81bbb684c250a637186d9286d75b1cb04d2986c ]
Currently host can send two WMI commands at once. There is possibility to
cause SMMU issues or corruption, if host wants to initiate 2 DMA
transfers, it is possible when copy complete interrupt for first DMA
reaches host, CE has already updated SRRI (Source ring read index) for
both DMA transfers and is in the middle of 2nd DMA. Host uses SRRI
(Source ring read index) to interpret how many DMA’s have been completed
and tries to unmap/free both the DMA entries. Hence now it is limiting to
one.Because CE is still in the middle of 2nd DMA which can cause these
issues when handling two DMA transfers.
This change will not impact other targets, as it is only for WCN3990.
Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
Signed-off-by: Youghandhar Chintala <quic_youghand@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220801134941.15216-1-quic_youghand@quicinc.com
Stable-dep-of: f020d9570a04 ("wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/core.c | 16 ++++++++++++++++
drivers/net/wireless/ath/ath10k/htc.c | 11 ++++++++---
drivers/net/wireless/ath/ath10k/hw.h | 2 ++
3 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/core.c b/drivers/net/wireless/ath/ath10k/core.c
index 276954b70d63..d1ac64026cb3 100644
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -98,6 +98,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = true,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA988X_HW_2_0_VERSION,
@@ -136,6 +137,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = true,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA9887_HW_1_0_VERSION,
@@ -175,6 +177,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA6174_HW_3_2_VERSION,
@@ -209,6 +212,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.supports_peer_stats_info = true,
.dynamic_sar_support = true,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA6174_HW_2_1_VERSION,
@@ -247,6 +251,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA6174_HW_2_1_VERSION,
@@ -285,6 +290,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA6174_HW_3_0_VERSION,
@@ -323,6 +329,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA6174_HW_3_2_VERSION,
@@ -365,6 +372,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.supports_peer_stats_info = true,
.dynamic_sar_support = true,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA99X0_HW_2_0_DEV_VERSION,
@@ -409,6 +417,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA9984_HW_1_0_DEV_VERSION,
@@ -460,6 +469,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA9888_HW_2_0_DEV_VERSION,
@@ -508,6 +518,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA9377_HW_1_0_DEV_VERSION,
@@ -546,6 +557,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA9377_HW_1_1_DEV_VERSION,
@@ -586,6 +598,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA9377_HW_1_1_DEV_VERSION,
@@ -617,6 +630,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.credit_size_workaround = true,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = QCA4019_HW_1_0_DEV_VERSION,
@@ -662,6 +676,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = false,
.hw_restart_disconnect = false,
+ .use_fw_tx_credits = true,
},
{
.id = WCN3990_HW_1_0_DEV_VERSION,
@@ -693,6 +708,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
.tx_stats_over_pktlog = false,
.dynamic_sar_support = true,
.hw_restart_disconnect = true,
+ .use_fw_tx_credits = false,
},
};
diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c
index fab398046a3f..6d1784f74bea 100644
--- a/drivers/net/wireless/ath/ath10k/htc.c
+++ b/drivers/net/wireless/ath/ath10k/htc.c
@@ -947,13 +947,18 @@ int ath10k_htc_wait_target(struct ath10k_htc *htc)
return -ECOMM;
}
- htc->total_transmit_credits = __le16_to_cpu(msg->ready.credit_count);
+ if (ar->hw_params.use_fw_tx_credits)
+ htc->total_transmit_credits = __le16_to_cpu(msg->ready.credit_count);
+ else
+ htc->total_transmit_credits = 1;
+
htc->target_credit_size = __le16_to_cpu(msg->ready.credit_size);
ath10k_dbg(ar, ATH10K_DBG_HTC,
- "Target ready! transmit resources: %d size:%d\n",
+ "Target ready! transmit resources: %d size:%d actual credits:%d\n",
htc->total_transmit_credits,
- htc->target_credit_size);
+ htc->target_credit_size,
+ msg->ready.credit_count);
if ((htc->total_transmit_credits == 0) ||
(htc->target_credit_size == 0)) {
diff --git a/drivers/net/wireless/ath/ath10k/hw.h b/drivers/net/wireless/ath/ath10k/hw.h
index 93acf0dd580a..1b99f3a39a11 100644
--- a/drivers/net/wireless/ath/ath10k/hw.h
+++ b/drivers/net/wireless/ath/ath10k/hw.h
@@ -635,6 +635,8 @@ struct ath10k_hw_params {
bool dynamic_sar_support;
bool hw_restart_disconnect;
+
+ bool use_fw_tx_credits;
};
struct htt_resp;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 231/862] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 230/862] wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 232/862] bpf: Cleanup check_refcount_ok Greg Kroah-Hartman
` (645 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Kalle Valo, Sasha Levin
From: Wen Gong <quic_wgong@quicinc.com>
[ Upstream commit f020d9570a04df0762a2ac5c50cf1d8c511c9164 ]
When peer delete failed in a disconnect operation, use-after-free
detected by KFENCE in below log. It is because for each vdev_id and
address, it has only one struct ath10k_peer, it is allocated in
ath10k_peer_map_event(). When connected to an AP, it has more than
one HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the
array peer_map of struct ath10k will be set muti-elements to the
same ath10k_peer in ath10k_peer_map_event(). When peer delete failed
in ath10k_sta_state(), the ath10k_peer will be free for the 1st peer
id in array peer_map of struct ath10k, and then use-after-free happened
for the 2nd peer id because they map to the same ath10k_peer.
And clean up all peers in array peer_map for the ath10k_peer, then
user-after-free disappeared
peer map event log:
[ 306.911021] wlan0: authenticate with b0:2a:43:e6:75:0e
[ 306.957187] ath10k_pci 0000:01:00.0: mac vdev 0 peer create b0:2a:43:e6:75:0e (new sta) sta 1 / 32 peer 1 / 33
[ 306.957395] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 246
[ 306.957404] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 198
[ 306.986924] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 166
peer unmap event log:
[ 435.715691] wlan0: deauthenticating from b0:2a:43:e6:75:0e by local choice (Reason: 3=DEAUTH_LEAVING)
[ 435.716802] ath10k_pci 0000:01:00.0: mac vdev 0 peer delete b0:2a:43:e6:75:0e sta ffff990e0e9c2b50 (sta gone)
[ 435.717177] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 246
[ 435.717186] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 198
[ 435.717193] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 166
use-after-free log:
[21705.888627] wlan0: deauthenticating from d0:76:8f:82:be:75 by local choice (Reason: 3=DEAUTH_LEAVING)
[21713.799910] ath10k_pci 0000:01:00.0: failed to delete peer d0:76:8f:82:be:75 for vdev 0: -110
[21713.799925] ath10k_pci 0000:01:00.0: found sta peer d0:76:8f:82:be:75 (ptr 0000000000000000 id 102) entry on vdev 0 after it was supposedly removed
[21713.799968] ==================================================================
[21713.799991] BUG: KFENCE: use-after-free read in ath10k_sta_state+0x265/0xb8a [ath10k_core]
[21713.799991]
[21713.799997] Use-after-free read at 0x00000000abe1c75e (in kfence-#69):
[21713.800010] ath10k_sta_state+0x265/0xb8a [ath10k_core]
[21713.800041] drv_sta_state+0x115/0x677 [mac80211]
[21713.800059] __sta_info_destroy_part2+0xb1/0x133 [mac80211]
[21713.800076] __sta_info_flush+0x11d/0x162 [mac80211]
[21713.800093] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]
[21713.800110] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]
[21713.800137] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]
[21713.800153] nl80211_deauthenticate+0xf8/0x121 [cfg80211]
[21713.800161] genl_rcv_msg+0x38e/0x3be
[21713.800166] netlink_rcv_skb+0x89/0xf7
[21713.800171] genl_rcv+0x28/0x36
[21713.800176] netlink_unicast+0x179/0x24b
[21713.800181] netlink_sendmsg+0x3a0/0x40e
[21713.800187] sock_sendmsg+0x72/0x76
[21713.800192] ____sys_sendmsg+0x16d/0x1e3
[21713.800196] ___sys_sendmsg+0x95/0xd1
[21713.800200] __sys_sendmsg+0x85/0xbf
[21713.800205] do_syscall_64+0x43/0x55
[21713.800210] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[21713.800213]
[21713.800219] kfence-#69: 0x000000009149b0d5-0x000000004c0697fb, size=1064, cache=kmalloc-2k
[21713.800219]
[21713.800224] allocated by task 13 on cpu 0 at 21705.501373s:
[21713.800241] ath10k_peer_map_event+0x7e/0x154 [ath10k_core]
[21713.800254] ath10k_htt_t2h_msg_handler+0x586/0x1039 [ath10k_core]
[21713.800265] ath10k_htt_htc_t2h_msg_handler+0x12/0x28 [ath10k_core]
[21713.800277] ath10k_htc_rx_completion_handler+0x14c/0x1b5 [ath10k_core]
[21713.800283] ath10k_pci_process_rx_cb+0x195/0x1df [ath10k_pci]
[21713.800294] ath10k_ce_per_engine_service+0x55/0x74 [ath10k_core]
[21713.800305] ath10k_ce_per_engine_service_any+0x76/0x84 [ath10k_core]
[21713.800310] ath10k_pci_napi_poll+0x49/0x144 [ath10k_pci]
[21713.800316] net_rx_action+0xdc/0x361
[21713.800320] __do_softirq+0x163/0x29a
[21713.800325] asm_call_irq_on_stack+0x12/0x20
[21713.800331] do_softirq_own_stack+0x3c/0x48
[21713.800337] __irq_exit_rcu+0x9b/0x9d
[21713.800342] common_interrupt+0xc9/0x14d
[21713.800346] asm_common_interrupt+0x1e/0x40
[21713.800351] ksoftirqd_should_run+0x5/0x16
[21713.800357] smpboot_thread_fn+0x148/0x211
[21713.800362] kthread+0x150/0x15f
[21713.800367] ret_from_fork+0x22/0x30
[21713.800370]
[21713.800374] freed by task 708 on cpu 1 at 21713.799953s:
[21713.800498] ath10k_sta_state+0x2c6/0xb8a [ath10k_core]
[21713.800515] drv_sta_state+0x115/0x677 [mac80211]
[21713.800532] __sta_info_destroy_part2+0xb1/0x133 [mac80211]
[21713.800548] __sta_info_flush+0x11d/0x162 [mac80211]
[21713.800565] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]
[21713.800581] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]
[21713.800598] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]
[21713.800614] nl80211_deauthenticate+0xf8/0x121 [cfg80211]
[21713.800619] genl_rcv_msg+0x38e/0x3be
[21713.800623] netlink_rcv_skb+0x89/0xf7
[21713.800628] genl_rcv+0x28/0x36
[21713.800632] netlink_unicast+0x179/0x24b
[21713.800637] netlink_sendmsg+0x3a0/0x40e
[21713.800642] sock_sendmsg+0x72/0x76
[21713.800646] ____sys_sendmsg+0x16d/0x1e3
[21713.800651] ___sys_sendmsg+0x95/0xd1
[21713.800655] __sys_sendmsg+0x85/0xbf
[21713.800659] do_syscall_64+0x43/0x55
[21713.800663] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1
Fixes: d0eeafad1189 ("ath10k: Clean up peer when sta goes away.")
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220801141930.16794-1-quic_wgong@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 54 ++++++++++++++-------------
1 file changed, 29 insertions(+), 25 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index 9dd3b8fba4b0..23381a9db6ae 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -864,11 +864,36 @@ static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
return 0;
}
+static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
+{
+ int peer_id, i;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+ for_each_set_bit(peer_id, peer->peer_ids,
+ ATH10K_MAX_NUM_PEER_IDS) {
+ ar->peer_map[peer_id] = NULL;
+ }
+
+ /* Double check that peer is properly un-referenced from
+ * the peer_map
+ */
+ for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
+ if (ar->peer_map[i] == peer) {
+ ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
+ peer->addr, peer, i);
+ ar->peer_map[i] = NULL;
+ }
+ }
+
+ list_del(&peer->list);
+ kfree(peer);
+ ar->num_peers--;
+}
+
static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
{
struct ath10k_peer *peer, *tmp;
- int peer_id;
- int i;
lockdep_assert_held(&ar->conf_mutex);
@@ -880,25 +905,7 @@ static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
peer->addr, vdev_id);
- for_each_set_bit(peer_id, peer->peer_ids,
- ATH10K_MAX_NUM_PEER_IDS) {
- ar->peer_map[peer_id] = NULL;
- }
-
- /* Double check that peer is properly un-referenced from
- * the peer_map
- */
- for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
- if (ar->peer_map[i] == peer) {
- ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
- peer->addr, peer, i);
- ar->peer_map[i] = NULL;
- }
- }
-
- list_del(&peer->list);
- kfree(peer);
- ar->num_peers--;
+ ath10k_peer_map_cleanup(ar, peer);
}
spin_unlock_bh(&ar->data_lock);
}
@@ -7621,10 +7628,7 @@ static int ath10k_sta_state(struct ieee80211_hw *hw,
/* Clean up the peer object as well since we
* must have failed to do this above.
*/
- list_del(&peer->list);
- ar->peer_map[i] = NULL;
- kfree(peer);
- ar->num_peers--;
+ ath10k_peer_map_cleanup(ar, peer);
}
}
spin_unlock_bh(&ar->data_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 232/862] bpf: Cleanup check_refcount_ok
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 231/862] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 233/862] bpf: Fix ref_obj_id for dynptr data slices in verifier Greg Kroah-Hartman
` (644 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Marchevsky, Martin KaFai Lau,
Joanne Koong, Kumar Kartikeya Dwivedi, Alexei Starovoitov,
Sasha Levin
From: Dave Marchevsky <davemarchevsky@fb.com>
[ Upstream commit b2d8ef19c6e7ed71ba5092feb0710063a751834f ]
Discussion around a recently-submitted patch provided historical
context for check_refcount_ok [0]. Specifically, the function and its
helpers - may_be_acquire_function and arg_type_may_be_refcounted -
predate the OBJ_RELEASE type flag and the addition of many more helpers
with acquire/release semantics.
The purpose of check_refcount_ok is to ensure:
1) Helper doesn't have multiple uses of return reg's ref_obj_id
2) Helper with release semantics only has one arg needing to be
released, since that's tracked using meta->ref_obj_id
With current verifier, it's safe to remove check_refcount_ok and its
helpers. Since addition of OBJ_RELEASE type flag, case 2) has been
handled by the arg_type_is_release check in check_func_arg. To ensure
case 1) won't result in verifier silently prioritizing one use of
ref_obj_id, this patch adds a helper_multiple_ref_obj_use check which
fails loudly if a helper passes > 1 test for use of ref_obj_id.
[0]: lore.kernel.org/bpf/20220713234529.4154673-1-davemarchevsky@fb.com
Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Joanne Koong <joannelkoong@gmail.com>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220808171559.3251090-1-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Stable-dep-of: 883743422ced ("bpf: Fix ref_obj_id for dynptr data slices in verifier")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 74 +++++++++++++++++--------------------------
1 file changed, 29 insertions(+), 45 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 3eadb14e090b..1141a35216a7 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -467,25 +467,11 @@ static bool type_is_rdonly_mem(u32 type)
return type & MEM_RDONLY;
}
-static bool arg_type_may_be_refcounted(enum bpf_arg_type type)
-{
- return type == ARG_PTR_TO_SOCK_COMMON;
-}
-
static bool type_may_be_null(u32 type)
{
return type & PTR_MAYBE_NULL;
}
-static bool may_be_acquire_function(enum bpf_func_id func_id)
-{
- return func_id == BPF_FUNC_sk_lookup_tcp ||
- func_id == BPF_FUNC_sk_lookup_udp ||
- func_id == BPF_FUNC_skc_lookup_tcp ||
- func_id == BPF_FUNC_map_lookup_elem ||
- func_id == BPF_FUNC_ringbuf_reserve;
-}
-
static bool is_acquire_function(enum bpf_func_id func_id,
const struct bpf_map *map)
{
@@ -518,6 +504,26 @@ static bool is_ptr_cast_function(enum bpf_func_id func_id)
func_id == BPF_FUNC_skc_to_tcp_request_sock;
}
+static bool is_dynptr_acquire_function(enum bpf_func_id func_id)
+{
+ return func_id == BPF_FUNC_dynptr_data;
+}
+
+static bool helper_multiple_ref_obj_use(enum bpf_func_id func_id,
+ const struct bpf_map *map)
+{
+ int ref_obj_uses = 0;
+
+ if (is_ptr_cast_function(func_id))
+ ref_obj_uses++;
+ if (is_acquire_function(func_id, map))
+ ref_obj_uses++;
+ if (is_dynptr_acquire_function(func_id))
+ ref_obj_uses++;
+
+ return ref_obj_uses > 1;
+}
+
static bool is_cmpxchg_insn(const struct bpf_insn *insn)
{
return BPF_CLASS(insn->code) == BPF_STX &&
@@ -6456,33 +6462,6 @@ static bool check_arg_pair_ok(const struct bpf_func_proto *fn)
return true;
}
-static bool check_refcount_ok(const struct bpf_func_proto *fn, int func_id)
-{
- int count = 0;
-
- if (arg_type_may_be_refcounted(fn->arg1_type))
- count++;
- if (arg_type_may_be_refcounted(fn->arg2_type))
- count++;
- if (arg_type_may_be_refcounted(fn->arg3_type))
- count++;
- if (arg_type_may_be_refcounted(fn->arg4_type))
- count++;
- if (arg_type_may_be_refcounted(fn->arg5_type))
- count++;
-
- /* A reference acquiring function cannot acquire
- * another refcounted ptr.
- */
- if (may_be_acquire_function(func_id) && count)
- return false;
-
- /* We only support one arg being unreferenced at the moment,
- * which is sufficient for the helper functions we have right now.
- */
- return count <= 1;
-}
-
static bool check_btf_id_ok(const struct bpf_func_proto *fn)
{
int i;
@@ -6506,8 +6485,7 @@ static int check_func_proto(const struct bpf_func_proto *fn, int func_id,
{
return check_raw_mode_ok(fn) &&
check_arg_pair_ok(fn) &&
- check_btf_id_ok(fn) &&
- check_refcount_ok(fn, func_id) ? 0 : -EINVAL;
+ check_btf_id_ok(fn) ? 0 : -EINVAL;
}
/* Packet data might have moved, any old PTR_TO_PACKET[_META,_END]
@@ -7460,6 +7438,12 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
if (type_may_be_null(regs[BPF_REG_0].type))
regs[BPF_REG_0].id = ++env->id_gen;
+ if (helper_multiple_ref_obj_use(func_id, meta.map_ptr)) {
+ verbose(env, "verifier internal error: func %s#%d sets ref_obj_id more than once\n",
+ func_id_name(func_id), func_id);
+ return -EFAULT;
+ }
+
if (is_ptr_cast_function(func_id)) {
/* For release_reference() */
regs[BPF_REG_0].ref_obj_id = meta.ref_obj_id;
@@ -7472,10 +7456,10 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
regs[BPF_REG_0].id = id;
/* For release_reference() */
regs[BPF_REG_0].ref_obj_id = id;
- } else if (func_id == BPF_FUNC_dynptr_data) {
+ } else if (is_dynptr_acquire_function(func_id)) {
int dynptr_id = 0, i;
- /* Find the id of the dynptr we're acquiring a reference to */
+ /* Find the id of the dynptr we're tracking the reference of */
for (i = 0; i < MAX_BPF_FUNC_REG_ARGS; i++) {
if (arg_type_is_dynptr(fn->arg_type[i])) {
if (dynptr_id) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 233/862] bpf: Fix ref_obj_id for dynptr data slices in verifier
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 232/862] bpf: Cleanup check_refcount_ok Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 234/862] leds: lm3601x: Dont use mutex after it was destroyed Greg Kroah-Hartman
` (643 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joanne Koong, David Vernet,
Alexei Starovoitov, Sasha Levin
From: Joanne Koong <joannelkoong@gmail.com>
[ Upstream commit 883743422ced8c961ab05dc63ec81b75a4e56052 ]
When a data slice is obtained from a dynptr (through the bpf_dynptr_data API),
the ref obj id of the dynptr must be found and then associated with the data
slice.
The ref obj id of the dynptr must be found *before* the caller saved regs are
reset. Without this fix, the ref obj id tracking is not correct for
dynptrs that are at an offset from the frame pointer.
Please also note that the data slice's ref obj id must be assigned after the
ret types are parsed, since RET_PTR_TO_ALLOC_MEM-type return regs get
zero-marked.
Fixes: 34d4ef5775f7 ("bpf: Add dynptr data slices")
Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
Acked-by: David Vernet <void@manifault.com>
Link: https://lore.kernel.org/r/20220809214055.4050604-1-joannelkoong@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 38 ++++++++++++++++++++------------------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1141a35216a7..c127585ad429 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -504,7 +504,7 @@ static bool is_ptr_cast_function(enum bpf_func_id func_id)
func_id == BPF_FUNC_skc_to_tcp_request_sock;
}
-static bool is_dynptr_acquire_function(enum bpf_func_id func_id)
+static bool is_dynptr_ref_function(enum bpf_func_id func_id)
{
return func_id == BPF_FUNC_dynptr_data;
}
@@ -518,7 +518,7 @@ static bool helper_multiple_ref_obj_use(enum bpf_func_id func_id,
ref_obj_uses++;
if (is_acquire_function(func_id, map))
ref_obj_uses++;
- if (is_dynptr_acquire_function(func_id))
+ if (is_dynptr_ref_function(func_id))
ref_obj_uses++;
return ref_obj_uses > 1;
@@ -7322,6 +7322,23 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
}
}
break;
+ case BPF_FUNC_dynptr_data:
+ for (i = 0; i < MAX_BPF_FUNC_REG_ARGS; i++) {
+ if (arg_type_is_dynptr(fn->arg_type[i])) {
+ if (meta.ref_obj_id) {
+ verbose(env, "verifier internal error: meta.ref_obj_id already set\n");
+ return -EFAULT;
+ }
+ /* Find the id of the dynptr we're tracking the reference of */
+ meta.ref_obj_id = stack_slot_get_id(env, ®s[BPF_REG_1 + i]);
+ break;
+ }
+ }
+ if (i == MAX_BPF_FUNC_REG_ARGS) {
+ verbose(env, "verifier internal error: no dynptr in bpf_dynptr_data()\n");
+ return -EFAULT;
+ }
+ break;
}
if (err)
@@ -7444,7 +7461,7 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
return -EFAULT;
}
- if (is_ptr_cast_function(func_id)) {
+ if (is_ptr_cast_function(func_id) || is_dynptr_ref_function(func_id)) {
/* For release_reference() */
regs[BPF_REG_0].ref_obj_id = meta.ref_obj_id;
} else if (is_acquire_function(func_id, meta.map_ptr)) {
@@ -7456,21 +7473,6 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
regs[BPF_REG_0].id = id;
/* For release_reference() */
regs[BPF_REG_0].ref_obj_id = id;
- } else if (is_dynptr_acquire_function(func_id)) {
- int dynptr_id = 0, i;
-
- /* Find the id of the dynptr we're tracking the reference of */
- for (i = 0; i < MAX_BPF_FUNC_REG_ARGS; i++) {
- if (arg_type_is_dynptr(fn->arg_type[i])) {
- if (dynptr_id) {
- verbose(env, "verifier internal error: multiple dynptr args in func\n");
- return -EFAULT;
- }
- dynptr_id = stack_slot_get_id(env, ®s[BPF_REG_1 + i]);
- }
- }
- /* For release_reference() */
- regs[BPF_REG_0].ref_obj_id = dynptr_id;
}
do_refine_retval_range(regs, fn->ret_type, func_id, &meta);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 234/862] leds: lm3601x: Dont use mutex after it was destroyed
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 233/862] bpf: Fix ref_obj_id for dynptr data slices in verifier Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 235/862] tsnep: Fix TSNEP_INFO_TX_TIME register define Greg Kroah-Hartman
` (642 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Uwe Kleine-König,
Wolfram Sang, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 32f7eed0c763a9b89f6b357ec54b48398fc7b99e ]
The mutex might still be in use until the devm cleanup callback
devm_led_classdev_flash_release() is called. This only happens some time
after lm3601x_remove() completed.
Fixes: e63a744871a3 ("leds: lm3601x: Convert class registration to device managed")
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/flash/leds-lm3601x.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/leds/flash/leds-lm3601x.c b/drivers/leds/flash/leds-lm3601x.c
index d0e1d4814042..3d1272748201 100644
--- a/drivers/leds/flash/leds-lm3601x.c
+++ b/drivers/leds/flash/leds-lm3601x.c
@@ -444,8 +444,6 @@ static int lm3601x_remove(struct i2c_client *client)
{
struct lm3601x_led *led = i2c_get_clientdata(client);
- mutex_destroy(&led->lock);
-
return regmap_update_bits(led->regmap, LM3601X_ENABLE_REG,
LM3601X_ENABLE_MASK,
LM3601X_MODE_STANDBY);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 235/862] tsnep: Fix TSNEP_INFO_TX_TIME register define
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 234/862] leds: lm3601x: Dont use mutex after it was destroyed Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 236/862] net: prestera: cache port state for non-phylink ports too Greg Kroah-Hartman
` (641 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gerhard Engleder, David S. Miller,
Sasha Levin
From: Gerhard Engleder <gerhard@engleder-embedded.com>
[ Upstream commit 7d8dd6b5cd1d67dd96c132f91d7ad29c49ed3c59 ]
Fixed register define is not used, but register definition shall be kept
in sync.
Fixes: 403f69bbdbad ("tsnep: Add TSN endpoint Ethernet MAC driver")
Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/engleder/tsnep_hw.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/engleder/tsnep_hw.h b/drivers/net/ethernet/engleder/tsnep_hw.h
index 916ceac3ada2..e03aaafab559 100644
--- a/drivers/net/ethernet/engleder/tsnep_hw.h
+++ b/drivers/net/ethernet/engleder/tsnep_hw.h
@@ -92,8 +92,7 @@
/* tsnep register */
#define TSNEP_INFO 0x0100
-#define TSNEP_INFO_RX_ASSIGN 0x00010000
-#define TSNEP_INFO_TX_TIME 0x00020000
+#define TSNEP_INFO_TX_TIME 0x00010000
#define TSNEP_CONTROL 0x0108
#define TSNEP_CONTROL_TX_RESET 0x00000001
#define TSNEP_CONTROL_TX_ENABLE 0x00000002
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 236/862] net: prestera: cache port state for non-phylink ports too
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 235/862] tsnep: Fix TSNEP_INFO_TX_TIME register define Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 237/862] bpf: Fix reference state management for synchronous callbacks Greg Kroah-Hartman
` (640 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleksandr Mazur, Maksym Glubokiy,
David S. Miller, Sasha Levin
From: Maksym Glubokiy <maksym.glubokiy@plvision.eu>
[ Upstream commit 704438dd4f030c1b3d28a2a9c8f182c32d9b6bc4 ]
Port event data must stored to port-state cache regardless of whether
the port uses phylink or not since this data is used by ethtool.
Fixes: 52323ef75414 ("net: marvell: prestera: add phylink support")
Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
Signed-off-by: Maksym Glubokiy <maksym.glubokiy@plvision.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/marvell/prestera/prestera_main.c | 36 +++++++++----------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/drivers/net/ethernet/marvell/prestera/prestera_main.c b/drivers/net/ethernet/marvell/prestera/prestera_main.c
index a895862b4821..a0ad0bcbf89f 100644
--- a/drivers/net/ethernet/marvell/prestera/prestera_main.c
+++ b/drivers/net/ethernet/marvell/prestera/prestera_main.c
@@ -799,32 +799,30 @@ static void prestera_port_handle_event(struct prestera_switch *sw,
caching_dw = &port->cached_hw_stats.caching_dw;
- if (port->phy_link) {
- memset(&smac, 0, sizeof(smac));
- smac.valid = true;
- smac.oper = pevt->data.mac.oper;
- if (smac.oper) {
- smac.mode = pevt->data.mac.mode;
- smac.speed = pevt->data.mac.speed;
- smac.duplex = pevt->data.mac.duplex;
- smac.fc = pevt->data.mac.fc;
- smac.fec = pevt->data.mac.fec;
- phylink_mac_change(port->phy_link, true);
- } else {
- phylink_mac_change(port->phy_link, false);
- }
- prestera_port_mac_state_cache_write(port, &smac);
+ memset(&smac, 0, sizeof(smac));
+ smac.valid = true;
+ smac.oper = pevt->data.mac.oper;
+ if (smac.oper) {
+ smac.mode = pevt->data.mac.mode;
+ smac.speed = pevt->data.mac.speed;
+ smac.duplex = pevt->data.mac.duplex;
+ smac.fc = pevt->data.mac.fc;
+ smac.fec = pevt->data.mac.fec;
}
+ prestera_port_mac_state_cache_write(port, &smac);
if (port->state_mac.oper) {
- if (!port->phy_link)
+ if (port->phy_link)
+ phylink_mac_change(port->phy_link, true);
+ else
netif_carrier_on(port->dev);
if (!delayed_work_pending(caching_dw))
queue_delayed_work(prestera_wq, caching_dw, 0);
- } else if (netif_running(port->dev) &&
- netif_carrier_ok(port->dev)) {
- if (!port->phy_link)
+ } else {
+ if (port->phy_link)
+ phylink_mac_change(port->phy_link, false);
+ else if (netif_running(port->dev) && netif_carrier_ok(port->dev))
netif_carrier_off(port->dev);
if (delayed_work_pending(caching_dw))
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 237/862] bpf: Fix reference state management for synchronous callbacks
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 236/862] net: prestera: cache port state for non-phylink ports too Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 238/862] wifi: mac80211: properly set old_links when removing a link Greg Kroah-Hartman
` (639 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kumar Kartikeya Dwivedi,
Alexei Starovoitov, Sasha Levin
From: Kumar Kartikeya Dwivedi <memxor@gmail.com>
[ Upstream commit 9d9d00ac29d0ef7ce426964de46fa6b380357d0a ]
Currently, verifier verifies callback functions (sync and async) as if
they will be executed once, (i.e. it explores execution state as if the
function was being called once). The next insn to explore is set to
start of subprog and the exit from nested frame is handled using
curframe > 0 and prepare_func_exit. In case of async callback it uses a
customized variant of push_stack simulating a kind of branch to set up
custom state and execution context for the async callback.
While this approach is simple and works when callback really will be
executed only once, it is unsafe for all of our current helpers which
are for_each style, i.e. they execute the callback multiple times.
A callback releasing acquired references of the caller may do so
multiple times, but currently verifier sees it as one call inside the
frame, which then returns to caller. Hence, it thinks it released some
reference that the cb e.g. got access through callback_ctx (register
filled inside cb from spilled typed register on stack).
Similarly, it may see that an acquire call is unpaired inside the
callback, so the caller will copy the reference state of callback and
then will have to release the register with new ref_obj_ids. But again,
the callback may execute multiple times, but the verifier will only
account for acquired references for a single symbolic execution of the
callback, which will cause leaks.
Note that for async callback case, things are different. While currently
we have bpf_timer_set_callback which only executes it once, even for
multiple executions it would be safe, as reference state is NULL and
check_reference_leak would force program to release state before
BPF_EXIT. The state is also unaffected by analysis for the caller frame.
Hence async callback is safe.
Since we want the reference state to be accessible, e.g. for pointers
loaded from stack through callback_ctx's PTR_TO_STACK, we still have to
copy caller's reference_state to callback's bpf_func_state, but we
enforce that whatever references it adds to that reference_state has
been released before it hits BPF_EXIT. This requires introducing a new
callback_ref member in the reference state to distinguish between caller
vs callee references. Hence, check_reference_leak now errors out if it
sees we are in callback_fn and we have not released callback_ref refs.
Since there can be multiple nested callbacks, like frame 0 -> cb1 -> cb2
etc. we need to also distinguish between whether this particular ref
belongs to this callback frame or parent, and only error for our own, so
we store state->frameno (which is always non-zero for callbacks).
In short, callbacks can read parent reference_state, but cannot mutate
it, to be able to use pointers acquired by the caller. They must only
undo their changes (by releasing their own acquired_refs before
BPF_EXIT) on top of caller reference_state before returning (at which
point the caller and callback state will match anyway, so no need to
copy it back to caller).
Fixes: 69c087ba6225 ("bpf: Add bpf_for_each_map_elem() helper")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220823013125.24938-1-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf_verifier.h | 11 ++++++++++
kernel/bpf/verifier.c | 42 ++++++++++++++++++++++++++++--------
2 files changed, 44 insertions(+), 9 deletions(-)
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 2e3bad8640dc..1fdddbf3546b 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -212,6 +212,17 @@ struct bpf_reference_state {
* is used purely to inform the user of a reference leak.
*/
int insn_idx;
+ /* There can be a case like:
+ * main (frame 0)
+ * cb (frame 1)
+ * func (frame 3)
+ * cb (frame 4)
+ * Hence for frame 4, if callback_ref just stored boolean, it would be
+ * impossible to distinguish nested callback refs. Hence store the
+ * frameno and compare that to callback_ref in check_reference_leak when
+ * exiting a callback function.
+ */
+ int callback_ref;
};
/* state of the program:
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index c127585ad429..8b5ea7f6b536 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1092,6 +1092,7 @@ static int acquire_reference_state(struct bpf_verifier_env *env, int insn_idx)
id = ++env->id_gen;
state->refs[new_ofs].id = id;
state->refs[new_ofs].insn_idx = insn_idx;
+ state->refs[new_ofs].callback_ref = state->in_callback_fn ? state->frameno : 0;
return id;
}
@@ -1104,6 +1105,9 @@ static int release_reference_state(struct bpf_func_state *state, int ptr_id)
last_idx = state->acquired_refs - 1;
for (i = 0; i < state->acquired_refs; i++) {
if (state->refs[i].id == ptr_id) {
+ /* Cannot release caller references in callbacks */
+ if (state->in_callback_fn && state->refs[i].callback_ref != state->frameno)
+ return -EINVAL;
if (last_idx && i != last_idx)
memcpy(&state->refs[i], &state->refs[last_idx],
sizeof(*state->refs));
@@ -6919,10 +6923,17 @@ static int prepare_func_exit(struct bpf_verifier_env *env, int *insn_idx)
caller->regs[BPF_REG_0] = *r0;
}
- /* Transfer references to the caller */
- err = copy_reference_state(caller, callee);
- if (err)
- return err;
+ /* callback_fn frame should have released its own additions to parent's
+ * reference state at this point, or check_reference_leak would
+ * complain, hence it must be the same as the caller. There is no need
+ * to copy it back.
+ */
+ if (!callee->in_callback_fn) {
+ /* Transfer references to the caller */
+ err = copy_reference_state(caller, callee);
+ if (err)
+ return err;
+ }
*insn_idx = callee->callsite + 1;
if (env->log.level & BPF_LOG_LEVEL) {
@@ -7044,13 +7055,20 @@ record_func_key(struct bpf_verifier_env *env, struct bpf_call_arg_meta *meta,
static int check_reference_leak(struct bpf_verifier_env *env)
{
struct bpf_func_state *state = cur_func(env);
+ bool refs_lingering = false;
int i;
+ if (state->frameno && !state->in_callback_fn)
+ return 0;
+
for (i = 0; i < state->acquired_refs; i++) {
+ if (state->in_callback_fn && state->refs[i].callback_ref != state->frameno)
+ continue;
verbose(env, "Unreleased reference id=%d alloc_insn=%d\n",
state->refs[i].id, state->refs[i].insn_idx);
+ refs_lingering = true;
}
- return state->acquired_refs ? -EINVAL : 0;
+ return refs_lingering ? -EINVAL : 0;
}
static int check_bpf_snprintf_call(struct bpf_verifier_env *env,
@@ -12319,6 +12337,16 @@ static int do_check(struct bpf_verifier_env *env)
return -EINVAL;
}
+ /* We must do check_reference_leak here before
+ * prepare_func_exit to handle the case when
+ * state->curframe > 0, it may be a callback
+ * function, for which reference_state must
+ * match caller reference state when it exits.
+ */
+ err = check_reference_leak(env);
+ if (err)
+ return err;
+
if (state->curframe) {
/* exit from nested function */
err = prepare_func_exit(env, &env->insn_idx);
@@ -12328,10 +12356,6 @@ static int do_check(struct bpf_verifier_env *env)
continue;
}
- err = check_reference_leak(env);
- if (err)
- return err;
-
err = check_return_code(env);
if (err)
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 238/862] wifi: mac80211: properly set old_links when removing a link
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 237/862] bpf: Fix reference state management for synchronous callbacks Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 239/862] wifi: cfg80211: get correct AP link chandef Greg Kroah-Hartman
` (638 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaul Triebitz, Johannes Berg, Sasha Levin
From: Shaul Triebitz <shaul.triebitz@intel.com>
[ Upstream commit a8f62399daa6917e7f9efeb79bce4dd2cd494a1e ]
In ieee80211_sta_remove_link, valid_links is set to
the new_links before calling drv_change_sta_links, but
is used for the old_links.
Fixes: cb71f1d136a6 ("wifi: mac80211: add sta link addition/removal")
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/sta_info.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 58998d821778..9d7b238a6737 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -2799,6 +2799,7 @@ int ieee80211_sta_activate_link(struct sta_info *sta, unsigned int link_id)
void ieee80211_sta_remove_link(struct sta_info *sta, unsigned int link_id)
{
struct ieee80211_sub_if_data *sdata = sta->sdata;
+ u16 old_links = sta->sta.valid_links;
lockdep_assert_held(&sdata->local->sta_mtx);
@@ -2806,8 +2807,7 @@ void ieee80211_sta_remove_link(struct sta_info *sta, unsigned int link_id)
if (test_sta_flag(sta, WLAN_STA_INSERTED))
drv_change_sta_links(sdata->local, sdata, &sta->sta,
- sta->sta.valid_links,
- sta->sta.valid_links & ~BIT(link_id));
+ old_links, sta->sta.valid_links);
sta_remove_link(sta, link_id, true);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 239/862] wifi: cfg80211: get correct AP link chandef
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 238/862] wifi: mac80211: properly set old_links when removing a link Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 240/862] wifi: mac80211: fix use-after-free Greg Kroah-Hartman
` (637 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaul Triebitz, Johannes Berg, Sasha Levin
From: Shaul Triebitz <shaul.triebitz@intel.com>
[ Upstream commit bc1857619cc7612117d2ee1ed05b5bfeb638614b ]
When checking for channel regulatory validity, use the
AP link chandef (and not mesh's chandef).
Fixes: 7b0a0e3c3a88 ("wifi: cfg80211: do some rework towards MLO link APIs")
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/reg.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index c7383ede794f..d5c7a5aa6853 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2389,6 +2389,10 @@ static bool reg_wdev_chan_valid(struct wiphy *wiphy, struct wireless_dev *wdev)
switch (iftype) {
case NL80211_IFTYPE_AP:
case NL80211_IFTYPE_P2P_GO:
+ if (!wdev->links[link].ap.beacon_interval)
+ continue;
+ chandef = wdev->links[link].ap.chandef;
+ break;
case NL80211_IFTYPE_MESH_POINT:
if (!wdev->u.mesh.beacon_interval)
continue;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 240/862] wifi: mac80211: fix use-after-free
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 239/862] wifi: cfg80211: get correct AP link chandef Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 241/862] wifi: mac80211: mlme: dont add empty EML capabilities Greg Kroah-Hartman
` (636 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 40fb87129049ec5876dabf4a4d4aed6642b31f1a ]
We've already freed the assoc_data at this point, so need
to use another copy of the AP (MLD) address instead.
Fixes: 81151ce462e5 ("wifi: mac80211: support MLO authentication/association with one link")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index fc764984d687..1e9cb4be6ed3 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -5122,7 +5122,7 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
resp.req_ies = ifmgd->assoc_req_ies;
resp.req_ies_len = ifmgd->assoc_req_ies_len;
if (sdata->vif.valid_links)
- resp.ap_mld_addr = assoc_data->ap_addr;
+ resp.ap_mld_addr = sdata->vif.cfg.ap_addr;
cfg80211_rx_assoc_resp(sdata->dev, &resp);
notify_driver:
drv_mgd_complete_tx(sdata->local, sdata, &info);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 241/862] wifi: mac80211: mlme: dont add empty EML capabilities
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 240/862] wifi: mac80211: fix use-after-free Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 242/862] wifi: mac80211_hwsim: fix link change handling Greg Kroah-Hartman
` (635 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mordechay Goodstein, Johannes Berg,
Sasha Levin
From: Mordechay Goodstein <mordechay.goodstein@intel.com>
[ Upstream commit 1cb3cf372abe4a0d16620d2b1201de0e291a6c58 ]
Draft P802.11be_D2.1, section 35.3.17 states that the EML Capabilities
Field shouldn't be included in case the device doesn't have support for
EMLSR or EMLMR.
Fixes: 81151ce462e5 ("wifi: mac80211: support MLO authentication/association with one link")
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 1e9cb4be6ed3..76ae6f03d77e 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1220,14 +1220,21 @@ static void ieee80211_assoc_add_ml_elem(struct ieee80211_sub_if_data *sdata,
ml_elem = skb_put(skb, sizeof(*ml_elem));
ml_elem->control =
cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC |
- IEEE80211_MLC_BASIC_PRES_EML_CAPA |
IEEE80211_MLC_BASIC_PRES_MLD_CAPA_OP);
common = skb_put(skb, sizeof(*common));
common->len = sizeof(*common) +
- 2 + /* EML capabilities */
2; /* MLD capa/ops */
memcpy(common->mld_mac_addr, sdata->vif.addr, ETH_ALEN);
- skb_put_data(skb, &eml_capa, sizeof(eml_capa));
+
+ /* add EML_CAPA only if needed, see Draft P802.11be_D2.1, 35.3.17 */
+ if (eml_capa &
+ cpu_to_le16((IEEE80211_EML_CAP_EMLSR_SUPP |
+ IEEE80211_EML_CAP_EMLMR_SUPPORT))) {
+ common->len += 2; /* EML capabilities */
+ ml_elem->control |=
+ cpu_to_le16(IEEE80211_MLC_BASIC_PRES_EML_CAPA);
+ skb_put_data(skb, &eml_capa, sizeof(eml_capa));
+ }
/* need indication from userspace to support this */
mld_capa_ops &= ~cpu_to_le16(IEEE80211_MLD_CAP_OP_TID_TO_LINK_MAP_NEG_SUPP);
skb_put_data(skb, &mld_capa_ops, sizeof(mld_capa_ops));
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 242/862] wifi: mac80211_hwsim: fix link change handling
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 241/862] wifi: mac80211: mlme: dont add empty EML capabilities Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 243/862] wifi: mac80211: allow bw change during channel switch in mesh Greg Kroah-Hartman
` (634 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 65f7052b6c38f767d95ebfa4ae4b389b6da6a421 ]
The code for determining which links to update in wmediumd
or virtio was wrong, fix it to remove the deflink only if
there were no old links, and also add the deflink if there
are no other new links.
Fixes: c204d9df0202 ("wifi: mac80211_hwsim: handle links for wmediumd/virtio")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mac80211_hwsim.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index ee34814bd12b..a074552bcec3 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -2995,10 +2995,15 @@ static int mac80211_hwsim_change_vif_links(struct ieee80211_hw *hw,
u16 old_links, u16 new_links,
struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS])
{
- unsigned long rem = old_links & ~new_links ?: BIT(0);
+ unsigned long rem = old_links & ~new_links;
unsigned long add = new_links & ~old_links;
int i;
+ if (!old_links)
+ rem |= BIT(0);
+ if (!new_links)
+ add |= BIT(0);
+
for_each_set_bit(i, &rem, IEEE80211_MLD_MAX_NUM_LINKS)
mac80211_hwsim_config_mac_nl(hw, old[i]->addr, false);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 243/862] wifi: mac80211: allow bw change during channel switch in mesh
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 242/862] wifi: mac80211_hwsim: fix link change handling Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 244/862] bpftool: Fix a wrong type cast in btf_dumper_int Greg Kroah-Hartman
` (633 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Chandrakanthan, Johannes Berg,
Sasha Levin
From: Hari Chandrakanthan <quic_haric@quicinc.com>
[ Upstream commit 6b75f133fe05c36c52d691ff21545d5757fff721 ]
>From 'IEEE Std 802.11-2020 section 11.8.8.4.1':
The mesh channel switch may be triggered by the need to avoid
interference to a detected radar signal, or to reassign mesh STA
channels to ensure the MBSS connectivity.
A 20/40 MHz MBSS may be changed to a 20 MHz MBSS and a 20 MHz
MBSS may be changed to a 20/40 MHz MBSS.
Since the standard allows the change of bandwidth during
the channel switch in mesh, remove the bandwidth check present in
ieee80211_set_csa_beacon.
Fixes: c6da674aff94 ("{nl,cfg,mac}80211: enable the triggering of CSA frame in mesh")
Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
Link: https://lore.kernel.org/r/1658903549-21218-1-git-send-email-quic_haric@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/cfg.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index a4f6971b7a19..e5239a17a875 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3597,9 +3597,6 @@ static int ieee80211_set_csa_beacon(struct ieee80211_sub_if_data *sdata,
case NL80211_IFTYPE_MESH_POINT: {
struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
- if (params->chandef.width != sdata->vif.bss_conf.chandef.width)
- return -EINVAL;
-
/* changes into another band are not supported */
if (sdata->vif.bss_conf.chandef.chan->band !=
params->chandef.chan->band)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 244/862] bpftool: Fix a wrong type cast in btf_dumper_int
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 243/862] wifi: mac80211: allow bw change during channel switch in mesh Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 245/862] ice: set tx_tstamps when creating new Tx rings via ethtool Greg Kroah-Hartman
` (632 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lam Thai, Andrii Nakryiko,
Quentin Monnet, John Fastabend, Sasha Levin
From: Lam Thai <lamthai@arista.com>
[ Upstream commit 7184aef9c0f7a81db8fd18d183ee42481d89bf35 ]
When `data` points to a boolean value, casting it to `int *` is problematic
and could lead to a wrong value being passed to `jsonw_bool`. Change the
cast to `bool *` instead.
Fixes: b12d6ec09730 ("bpf: btf: add btf print functionality")
Signed-off-by: Lam Thai <lamthai@arista.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220824225859.9038-1-lamthai@arista.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/btf_dumper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/bpf/bpftool/btf_dumper.c b/tools/bpf/bpftool/btf_dumper.c
index 125798b0bc5d..19924b6ce796 100644
--- a/tools/bpf/bpftool/btf_dumper.c
+++ b/tools/bpf/bpftool/btf_dumper.c
@@ -452,7 +452,7 @@ static int btf_dumper_int(const struct btf_type *t, __u8 bit_offset,
*(char *)data);
break;
case BTF_INT_BOOL:
- jsonw_bool(jw, *(int *)data);
+ jsonw_bool(jw, *(bool *)data);
break;
default:
/* shouldn't happen */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 245/862] ice: set tx_tstamps when creating new Tx rings via ethtool
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 244/862] bpftool: Fix a wrong type cast in btf_dumper_int Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 246/862] audit: explicitly check audit_context->context enum value Greg Kroah-Hartman
` (631 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jacob Keller, Tony Nguyen,
Sasha Levin, Gurucharan
From: Jacob Keller <jacob.e.keller@intel.com>
[ Upstream commit b3b173745c8cab1e24d6821488b60abed3acb24d ]
When the user changes the number of queues via ethtool, the driver
allocates new rings. This allocation did not initialize tx_tstamps. This
results in the tx_tstamps field being zero (due to kcalloc allocation), and
would result in a NULL pointer dereference when attempting a transmit
timestamp on the new ring.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Stable-dep-of: fc5ae5b44eb2 ("Bluetooth: L2CAP: Fix build errors in some archs")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool.c b/drivers/net/ethernet/intel/ice/ice_ethtool.c
index a6fff8ebaf9d..bbf6a300078e 100644
--- a/drivers/net/ethernet/intel/ice/ice_ethtool.c
+++ b/drivers/net/ethernet/intel/ice/ice_ethtool.c
@@ -2826,6 +2826,7 @@ ice_set_ringparam(struct net_device *netdev, struct ethtool_ringparam *ring,
tx_rings[i].count = new_tx_cnt;
tx_rings[i].desc = NULL;
tx_rings[i].tx_buf = NULL;
+ tx_rings[i].tx_tstamps = &pf->ptp.port.tx;
err = ice_setup_tx_ring(&tx_rings[i]);
if (err) {
while (i--)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 246/862] audit: explicitly check audit_context->context enum value
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 245/862] ice: set tx_tstamps when creating new Tx rings via ethtool Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 247/862] audit: free audit_proctitle only on task exit Greg Kroah-Hartman
` (630 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Guy Briggs, Paul Moore, Sasha Levin
From: Richard Guy Briggs <rgb@redhat.com>
[ Upstream commit 3ed66951f952ed8f1a5d03e171722bf2631e8d58 ]
Be explicit in checking the struct audit_context "context" member enum
value rather than assuming the order of context enum values.
Fixes: 12c5e81d3fd0 ("audit: prepare audit_context for use in calling contexts beyond syscalls")
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/auditsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 79a5da1bc5bb..0ee09447ad04 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2069,7 +2069,7 @@ void __audit_syscall_exit(int success, long return_code)
/* run through both filters to ensure we set the filterkey properly */
audit_filter_syscall(current, context);
audit_filter_inodes(current, context);
- if (context->current_state < AUDIT_STATE_RECORD)
+ if (context->current_state != AUDIT_STATE_RECORD)
goto out;
audit_log_exit();
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 247/862] audit: free audit_proctitle only on task exit
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 246/862] audit: explicitly check audit_context->context enum value Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 248/862] esp: choose the correct inner protocol for GSO on inter address family tunnels Greg Kroah-Hartman
` (629 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Guy Briggs, Paul Moore, Sasha Levin
From: Richard Guy Briggs <rgb@redhat.com>
[ Upstream commit c3f3ea8af44d0c5fba79fe8b198087342d0c7e04 ]
Since audit_proctitle is generated at syscall exit time, its value is
used immediately and cached for the next syscall. Since this is the
case, then only clear it at task exit time. Otherwise, there is no
point in caching the value OR bearing the overhead of regenerating it.
Fixes: 12c5e81d3fd0 ("audit: prepare audit_context for use in calling contexts beyond syscalls")
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/auditsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 0ee09447ad04..63a6fe99aa3a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1016,7 +1016,6 @@ static void audit_reset_context(struct audit_context *ctx)
WARN_ON(!list_empty(&ctx->killed_trees));
audit_free_module(ctx);
ctx->fds[0] = -1;
- audit_proctitle_free(ctx);
ctx->type = 0; /* reset last for audit_free_*() */
}
@@ -1077,6 +1076,7 @@ static inline void audit_free_context(struct audit_context *context)
{
/* resetting is extra work, but it is likely just noise */
audit_reset_context(context);
+ audit_proctitle_free(context);
free_tree_refs(context);
kfree(context->filterkey);
kfree(context);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 248/862] esp: choose the correct inner protocol for GSO on inter address family tunnels
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 247/862] audit: free audit_proctitle only on task exit Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 249/862] spi: mt7621: Fix an error message in mt7621_spi_probe() Greg Kroah-Hartman
` (628 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sabrina Dubroca, Steffen Klassert,
Sasha Levin
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit 26dbd66eab8080be51759e48280da04015221e22 ]
Commit 23c7f8d7989e ("net: Fix esp GSO on inter address family
tunnels.") is incomplete. It passes to skb_eth_gso_segment the
protocol for the outer IP version, instead of the inner IP version, so
we end up calling inet_gso_segment on an inner IPv6 packet and
ipv6_gso_segment on an inner IPv4 packet and the packets are dropped.
This patch completes the fix by selecting the correct protocol based
on the inner mode's family.
Fixes: c35fe4106b92 ("xfrm: Add mode handlers for IPsec on layer 2")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/esp4_offload.c | 5 ++++-
net/ipv6/esp6_offload.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
index 935026f4c807..170152772d33 100644
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -110,7 +110,10 @@ static struct sk_buff *xfrm4_tunnel_gso_segment(struct xfrm_state *x,
struct sk_buff *skb,
netdev_features_t features)
{
- return skb_eth_gso_segment(skb, features, htons(ETH_P_IP));
+ __be16 type = x->inner_mode.family == AF_INET6 ? htons(ETH_P_IPV6)
+ : htons(ETH_P_IP);
+
+ return skb_eth_gso_segment(skb, features, type);
}
static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,
diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c
index 3a293838a91d..79d43548279c 100644
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -145,7 +145,10 @@ static struct sk_buff *xfrm6_tunnel_gso_segment(struct xfrm_state *x,
struct sk_buff *skb,
netdev_features_t features)
{
- return skb_eth_gso_segment(skb, features, htons(ETH_P_IPV6));
+ __be16 type = x->inner_mode.family == AF_INET ? htons(ETH_P_IP)
+ : htons(ETH_P_IPV6);
+
+ return skb_eth_gso_segment(skb, features, type);
}
static struct sk_buff *xfrm6_transport_gso_segment(struct xfrm_state *x,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 249/862] spi: mt7621: Fix an error message in mt7621_spi_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 248/862] esp: choose the correct inner protocol for GSO on inter address family tunnels Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 250/862] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Greg Kroah-Hartman
` (627 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Matthias Brugger,
Mark Brown, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 2b2bf6b7faa9010fae10dc7de76627a3fdb525b3 ]
'status' is known to be 0 at this point. The expected error code is
PTR_ERR(clk).
Switch to dev_err_probe() in order to display the expected error code (in a
human readable way).
This also filters -EPROBE_DEFER cases, should it happen.
Fixes: 1ab7f2a43558 ("staging: mt7621-spi: add mt7621 support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/928f3fb507d53ba0774df27cea0bbba4b055993b.1661599671.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-mt7621.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/spi/spi-mt7621.c b/drivers/spi/spi-mt7621.c
index b4b9b7309b5e..351b0ef52bbc 100644
--- a/drivers/spi/spi-mt7621.c
+++ b/drivers/spi/spi-mt7621.c
@@ -340,11 +340,9 @@ static int mt7621_spi_probe(struct platform_device *pdev)
return PTR_ERR(base);
clk = devm_clk_get(&pdev->dev, NULL);
- if (IS_ERR(clk)) {
- dev_err(&pdev->dev, "unable to get SYS clock, err=%d\n",
- status);
- return PTR_ERR(clk);
- }
+ if (IS_ERR(clk))
+ return dev_err_probe(&pdev->dev, PTR_ERR(clk),
+ "unable to get SYS clock\n");
status = clk_prepare_enable(clk);
if (status)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 250/862] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 249/862] spi: mt7621: Fix an error message in mt7621_spi_probe() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 251/862] xsk: Fix backpressure mechanism on Tx Greg Kroah-Hartman
` (626 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kohei Tarumizu, Dave Hansen,
Reinette Chatre, Sasha Levin
From: Kohei Tarumizu <tarumizu.kohei@fujitsu.com>
[ Upstream commit 499c8bb4693d1c8d8f3d6dd38e5bdde3ff5bd906 ]
The current pseudo_lock.c code overwrites the value of the
MSR_MISC_FEATURE_CONTROL to 0 even if the original value is not 0.
Therefore, modify it to save and restore the original values.
Fixes: 018961ae5579 ("x86/intel_rdt: Pseudo-lock region creation/removal core")
Fixes: 443810fe6160 ("x86/intel_rdt: Create debugfs files for pseudo-locking testing")
Fixes: 8a2fc0e1bc0c ("x86/intel_rdt: More precise L2 hit/miss measurements")
Signed-off-by: Kohei Tarumizu <tarumizu.kohei@fujitsu.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Reinette Chatre <reinette.chatre@intel.com>
Link: https://lkml.kernel.org/r/eb660f3c2010b79a792c573c02d01e8e841206ad.1661358182.git.reinette.chatre@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/resctrl/pseudo_lock.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/resctrl/pseudo_lock.c b/arch/x86/kernel/cpu/resctrl/pseudo_lock.c
index db813f819ad6..4d8398986f78 100644
--- a/arch/x86/kernel/cpu/resctrl/pseudo_lock.c
+++ b/arch/x86/kernel/cpu/resctrl/pseudo_lock.c
@@ -420,6 +420,7 @@ static int pseudo_lock_fn(void *_rdtgrp)
struct pseudo_lock_region *plr = rdtgrp->plr;
u32 rmid_p, closid_p;
unsigned long i;
+ u64 saved_msr;
#ifdef CONFIG_KASAN
/*
* The registers used for local register variables are also used
@@ -463,6 +464,7 @@ static int pseudo_lock_fn(void *_rdtgrp)
* the buffer and evict pseudo-locked memory read earlier from the
* cache.
*/
+ saved_msr = __rdmsr(MSR_MISC_FEATURE_CONTROL);
__wrmsr(MSR_MISC_FEATURE_CONTROL, prefetch_disable_bits, 0x0);
closid_p = this_cpu_read(pqr_state.cur_closid);
rmid_p = this_cpu_read(pqr_state.cur_rmid);
@@ -514,7 +516,7 @@ static int pseudo_lock_fn(void *_rdtgrp)
__wrmsr(IA32_PQR_ASSOC, rmid_p, closid_p);
/* Re-enable the hardware prefetcher(s) */
- wrmsr(MSR_MISC_FEATURE_CONTROL, 0x0, 0x0);
+ wrmsrl(MSR_MISC_FEATURE_CONTROL, saved_msr);
local_irq_enable();
plr->thread_done = 1;
@@ -871,6 +873,7 @@ bool rdtgroup_pseudo_locked_in_hierarchy(struct rdt_domain *d)
static int measure_cycles_lat_fn(void *_plr)
{
struct pseudo_lock_region *plr = _plr;
+ u32 saved_low, saved_high;
unsigned long i;
u64 start, end;
void *mem_r;
@@ -879,6 +882,7 @@ static int measure_cycles_lat_fn(void *_plr)
/*
* Disable hardware prefetchers.
*/
+ rdmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
wrmsr(MSR_MISC_FEATURE_CONTROL, prefetch_disable_bits, 0x0);
mem_r = READ_ONCE(plr->kmem);
/*
@@ -895,7 +899,7 @@ static int measure_cycles_lat_fn(void *_plr)
end = rdtsc_ordered();
trace_pseudo_lock_mem_latency((u32)(end - start));
}
- wrmsr(MSR_MISC_FEATURE_CONTROL, 0x0, 0x0);
+ wrmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
local_irq_enable();
plr->thread_done = 1;
wake_up_interruptible(&plr->lock_thread_wq);
@@ -940,6 +944,7 @@ static int measure_residency_fn(struct perf_event_attr *miss_attr,
u64 hits_before = 0, hits_after = 0, miss_before = 0, miss_after = 0;
struct perf_event *miss_event, *hit_event;
int hit_pmcnum, miss_pmcnum;
+ u32 saved_low, saved_high;
unsigned int line_size;
unsigned int size;
unsigned long i;
@@ -973,6 +978,7 @@ static int measure_residency_fn(struct perf_event_attr *miss_attr,
/*
* Disable hardware prefetchers.
*/
+ rdmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
wrmsr(MSR_MISC_FEATURE_CONTROL, prefetch_disable_bits, 0x0);
/* Initialize rest of local variables */
@@ -1031,7 +1037,7 @@ static int measure_residency_fn(struct perf_event_attr *miss_attr,
*/
rmb();
/* Re-enable hardware prefetchers */
- wrmsr(MSR_MISC_FEATURE_CONTROL, 0x0, 0x0);
+ wrmsr(MSR_MISC_FEATURE_CONTROL, saved_low, saved_high);
local_irq_enable();
out_hit:
perf_event_release_kernel(hit_event);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 251/862] xsk: Fix backpressure mechanism on Tx
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 250/862] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 252/862] selftests/xsk: Add missing close() on netns fd Greg Kroah-Hartman
` (625 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Magnus Karlsson, Maciej Fijalkowski,
Daniel Borkmann, Sasha Levin
From: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
[ Upstream commit c00c4461689e15ac2cc3b9a595a54e4d8afd3d77 ]
Commit d678cbd2f867 ("xsk: Fix handling of invalid descriptors in XSK TX
batching API") fixed batch API usage against set of descriptors with
invalid ones but introduced a problem when AF_XDP SW rings are smaller
than HW ones. Mismatch of reported Tx'ed frames between HW generator and
user space app was observed. It turned out that backpressure mechanism
became a bottleneck when the amount of produced descriptors to CQ is
lower than what we grabbed from XSK Tx ring.
Say that 512 entries had been taken from XSK Tx ring but we had only 490
free entries in CQ. Then callsite (ZC driver) will produce only 490
entries onto HW Tx ring but 512 entries will be released from Tx ring
and this is what will be seen by the user space.
In order to fix this case, mix XSK Tx/CQ ring interractions by moving
around internal functions and changing call order:
* pull out xskq_prod_nb_free() from xskq_prod_reserve_addr_batch()
up to xsk_tx_peek_release_desc_batch();
** move xskq_cons_release_n() into xskq_cons_read_desc_batch()
After doing so, algorithm can be described as follows:
1. lookup Tx entries
2. use value from 1. to reserve space in CQ (*)
3. Read from Tx ring as much descriptors as value from 2
3a. release descriptors from XSK Tx ring (**)
4. Finally produce addresses to CQ
Fixes: d678cbd2f867 ("xsk: Fix handling of invalid descriptors in XSK TX batching API")
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220830121705.8618-1-maciej.fijalkowski@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xdp/xsk.c | 22 +++++++++++-----------
net/xdp/xsk_queue.h | 22 ++++++++++------------
2 files changed, 21 insertions(+), 23 deletions(-)
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 7bada4e8460b..9f0561b67c12 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -355,16 +355,15 @@ static u32 xsk_tx_peek_release_fallback(struct xsk_buff_pool *pool, u32 max_entr
return nb_pkts;
}
-u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 max_entries)
+u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 nb_pkts)
{
struct xdp_sock *xs;
- u32 nb_pkts;
rcu_read_lock();
if (!list_is_singular(&pool->xsk_tx_list)) {
/* Fallback to the non-batched version */
rcu_read_unlock();
- return xsk_tx_peek_release_fallback(pool, max_entries);
+ return xsk_tx_peek_release_fallback(pool, nb_pkts);
}
xs = list_first_or_null_rcu(&pool->xsk_tx_list, struct xdp_sock, tx_list);
@@ -373,12 +372,7 @@ u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 max_entries)
goto out;
}
- max_entries = xskq_cons_nb_entries(xs->tx, max_entries);
- nb_pkts = xskq_cons_read_desc_batch(xs->tx, pool, max_entries);
- if (!nb_pkts) {
- xs->tx->queue_empty_descs++;
- goto out;
- }
+ nb_pkts = xskq_cons_nb_entries(xs->tx, nb_pkts);
/* This is the backpressure mechanism for the Tx path. Try to
* reserve space in the completion queue for all packets, but
@@ -386,12 +380,18 @@ u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 max_entries)
* packets. This avoids having to implement any buffering in
* the Tx path.
*/
- nb_pkts = xskq_prod_reserve_addr_batch(pool->cq, pool->tx_descs, nb_pkts);
+ nb_pkts = xskq_prod_nb_free(pool->cq, nb_pkts);
if (!nb_pkts)
goto out;
- xskq_cons_release_n(xs->tx, max_entries);
+ nb_pkts = xskq_cons_read_desc_batch(xs->tx, pool, nb_pkts);
+ if (!nb_pkts) {
+ xs->tx->queue_empty_descs++;
+ goto out;
+ }
+
__xskq_cons_release(xs->tx);
+ xskq_prod_write_addr_batch(pool->cq, pool->tx_descs, nb_pkts);
xs->sk.sk_write_space(&xs->sk);
out:
diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
index fb20bf7207cf..c6fb6b763658 100644
--- a/net/xdp/xsk_queue.h
+++ b/net/xdp/xsk_queue.h
@@ -205,6 +205,11 @@ static inline bool xskq_cons_read_desc(struct xsk_queue *q,
return false;
}
+static inline void xskq_cons_release_n(struct xsk_queue *q, u32 cnt)
+{
+ q->cached_cons += cnt;
+}
+
static inline u32 xskq_cons_read_desc_batch(struct xsk_queue *q, struct xsk_buff_pool *pool,
u32 max)
{
@@ -226,6 +231,8 @@ static inline u32 xskq_cons_read_desc_batch(struct xsk_queue *q, struct xsk_buff
cached_cons++;
}
+ /* Release valid plus any invalid entries */
+ xskq_cons_release_n(q, cached_cons - q->cached_cons);
return nb_entries;
}
@@ -291,11 +298,6 @@ static inline void xskq_cons_release(struct xsk_queue *q)
q->cached_cons++;
}
-static inline void xskq_cons_release_n(struct xsk_queue *q, u32 cnt)
-{
- q->cached_cons += cnt;
-}
-
static inline u32 xskq_cons_present_entries(struct xsk_queue *q)
{
/* No barriers needed since data is not accessed */
@@ -350,21 +352,17 @@ static inline int xskq_prod_reserve_addr(struct xsk_queue *q, u64 addr)
return 0;
}
-static inline u32 xskq_prod_reserve_addr_batch(struct xsk_queue *q, struct xdp_desc *descs,
- u32 max)
+static inline void xskq_prod_write_addr_batch(struct xsk_queue *q, struct xdp_desc *descs,
+ u32 nb_entries)
{
struct xdp_umem_ring *ring = (struct xdp_umem_ring *)q->ring;
- u32 nb_entries, i, cached_prod;
-
- nb_entries = xskq_prod_nb_free(q, max);
+ u32 i, cached_prod;
/* A, matches D */
cached_prod = q->cached_prod;
for (i = 0; i < nb_entries; i++)
ring->desc[cached_prod++ & q->ring_mask] = descs[i].addr;
q->cached_prod = cached_prod;
-
- return nb_entries;
}
static inline int xskq_prod_reserve_desc(struct xsk_queue *q,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 252/862] selftests/xsk: Add missing close() on netns fd
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 251/862] xsk: Fix backpressure mechanism on Tx Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 253/862] bpf: Disable preemption when increasing per-cpu map_locked Greg Kroah-Hartman
` (624 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej Fijalkowski, Daniel Borkmann,
Magnus Karlsson, Sasha Levin
From: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
[ Upstream commit 8a7d61bdc2fac2c460a2f32a062f5c6dbd21a764 ]
Commit 1034b03e54ac ("selftests: xsk: Simplify cleanup of ifobjects")
removed close on netns fd, which is not correct, so let us restore it.
Fixes: 1034b03e54ac ("selftests: xsk: Simplify cleanup of ifobjects")
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Link: https://lore.kernel.org/bpf/20220830133905.9945-1-maciej.fijalkowski@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/xskxceiver.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/bpf/xskxceiver.c b/tools/testing/selftests/bpf/xskxceiver.c
index 74d56d971baf..091402dc5390 100644
--- a/tools/testing/selftests/bpf/xskxceiver.c
+++ b/tools/testing/selftests/bpf/xskxceiver.c
@@ -1606,6 +1606,8 @@ static struct ifobject *ifobject_create(void)
if (!ifobj->umem)
goto out_umem;
+ ifobj->ns_fd = -1;
+
return ifobj;
out_umem:
@@ -1617,6 +1619,8 @@ static struct ifobject *ifobject_create(void)
static void ifobject_delete(struct ifobject *ifobj)
{
+ if (ifobj->ns_fd != -1)
+ close(ifobj->ns_fd);
free(ifobj->umem);
free(ifobj->xsk_arr);
free(ifobj);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 253/862] bpf: Disable preemption when increasing per-cpu map_locked
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 252/862] selftests/xsk: Add missing close() on netns fd Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 254/862] bpf: Propagate error from htab_lock_bucket() to userspace Greg Kroah-Hartman
` (623 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hao Luo, Hou Tao, Martin KaFai Lau,
Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit 2775da21628738ce073a3a6a806adcbaada0f091 ]
Per-cpu htab->map_locked is used to prohibit the concurrent accesses
from both NMI and non-NMI contexts. But since commit 74d862b682f5
("sched: Make migrate_disable/enable() independent of RT"),
migrate_disable() is also preemptible under CONFIG_PREEMPT case, so now
map_locked also disallows concurrent updates from normal contexts
(e.g. userspace processes) unexpectedly as shown below:
process A process B
htab_map_update_elem()
htab_lock_bucket()
migrate_disable()
/* return 1 */
__this_cpu_inc_return()
/* preempted by B */
htab_map_update_elem()
/* the same bucket as A */
htab_lock_bucket()
migrate_disable()
/* return 2, so lock fails */
__this_cpu_inc_return()
return -EBUSY
A fix that seems feasible is using in_nmi() in htab_lock_bucket() and
only checking the value of map_locked for nmi context. But it will
re-introduce dead-lock on bucket lock if htab_lock_bucket() is re-entered
through non-tracing program (e.g. fentry program).
One cannot use preempt_disable() to fix this issue as htab_use_raw_lock
being false causes the bucket lock to be a spin lock which can sleep and
does not work with preempt_disable().
Therefore, use migrate_disable() when using the spinlock instead of
preempt_disable() and defer fixing concurrent updates to when the kernel
has its own BPF memory allocator.
Fixes: 74d862b682f5 ("sched: Make migrate_disable/enable() independent of RT")
Reviewed-by: Hao Luo <haoluo@google.com>
Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20220831042629.130006-2-houtao@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/hashtab.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 6c530a5e560a..ad09da139589 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -162,17 +162,25 @@ static inline int htab_lock_bucket(const struct bpf_htab *htab,
unsigned long *pflags)
{
unsigned long flags;
+ bool use_raw_lock;
hash = hash & HASHTAB_MAP_LOCK_MASK;
- migrate_disable();
+ use_raw_lock = htab_use_raw_lock(htab);
+ if (use_raw_lock)
+ preempt_disable();
+ else
+ migrate_disable();
if (unlikely(__this_cpu_inc_return(*(htab->map_locked[hash])) != 1)) {
__this_cpu_dec(*(htab->map_locked[hash]));
- migrate_enable();
+ if (use_raw_lock)
+ preempt_enable();
+ else
+ migrate_enable();
return -EBUSY;
}
- if (htab_use_raw_lock(htab))
+ if (use_raw_lock)
raw_spin_lock_irqsave(&b->raw_lock, flags);
else
spin_lock_irqsave(&b->lock, flags);
@@ -185,13 +193,18 @@ static inline void htab_unlock_bucket(const struct bpf_htab *htab,
struct bucket *b, u32 hash,
unsigned long flags)
{
+ bool use_raw_lock = htab_use_raw_lock(htab);
+
hash = hash & HASHTAB_MAP_LOCK_MASK;
- if (htab_use_raw_lock(htab))
+ if (use_raw_lock)
raw_spin_unlock_irqrestore(&b->raw_lock, flags);
else
spin_unlock_irqrestore(&b->lock, flags);
__this_cpu_dec(*(htab->map_locked[hash]));
- migrate_enable();
+ if (use_raw_lock)
+ preempt_enable();
+ else
+ migrate_enable();
}
static bool htab_lru_map_delete_node(void *arg, struct bpf_lru_node *node);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 254/862] bpf: Propagate error from htab_lock_bucket() to userspace
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 253/862] bpf: Disable preemption when increasing per-cpu map_locked Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 255/862] wifi: ath11k: Fix incorrect QMI message ID mappings Greg Kroah-Hartman
` (622 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hao Sun, Hou Tao, Martin KaFai Lau,
Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit 66a7a92e4d0d091e79148a4c6ec15d1da65f4280 ]
In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns
-EBUSY, it will go to next bucket. Going to next bucket may not only
skip the elements in current bucket silently, but also incur
out-of-bound memory access or expose kernel memory to userspace if
current bucket_cnt is greater than bucket_size or zero.
Fixing it by stopping batch operation and returning -EBUSY when
htab_lock_bucket() fails, and the application can retry or skip the busy
batch as needed.
Fixes: 20b6cc34ea74 ("bpf: Avoid hashtab deadlock with map_locked")
Reported-by: Hao Sun <sunhao.th@gmail.com>
Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20220831042629.130006-3-houtao@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/hashtab.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index ad09da139589..75f77df910dc 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -1704,8 +1704,11 @@ __htab_map_lookup_and_delete_batch(struct bpf_map *map,
/* do not grab the lock unless need it (bucket_cnt > 0). */
if (locked) {
ret = htab_lock_bucket(htab, b, batch, &flags);
- if (ret)
- goto next_batch;
+ if (ret) {
+ rcu_read_unlock();
+ bpf_enable_instrumentation();
+ goto after_loop;
+ }
}
bucket_cnt = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 255/862] wifi: ath11k: Fix incorrect QMI message ID mappings
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 254/862] bpf: Propagate error from htab_lock_bucket() to userspace Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 256/862] bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy Greg Kroah-Hartman
` (621 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manikanta Pubbisetty, Kalle Valo,
Sasha Levin
From: Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
[ Upstream commit b3ca32308e46b6384fdcb7e64b3fca4f61aff14b ]
QMI message IDs for some of the QMI messages were incorrectly
defined in the original implementation. These have to be corrected
to enable cold boot support on WCN6750. These corrections are
applicable for all chipsets and will not impact them. Refactor the
code accordingly.
Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220720134909.15626-2-quic_mpubbise@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/qmi.c | 38 ++++++++++++++++++++++++---
drivers/net/wireless/ath/ath11k/qmi.h | 10 +++++--
2 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c
index 00136601cb7d..e6ced8597e1d 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
@@ -1696,6 +1696,13 @@ static struct qmi_elem_info qmi_wlanfw_wlan_ini_resp_msg_v01_ei[] = {
},
};
+static struct qmi_elem_info qmi_wlfw_fw_init_done_ind_msg_v01_ei[] = {
+ {
+ .data_type = QMI_EOTI,
+ .array_type = NO_ARRAY,
+ },
+};
+
static int ath11k_qmi_host_cap_send(struct ath11k_base *ab)
{
struct qmi_wlanfw_host_cap_req_msg_v01 req;
@@ -3006,6 +3013,10 @@ static void ath11k_qmi_msg_fw_ready_cb(struct qmi_handle *qmi_hdl,
struct ath11k_base *ab = qmi->ab;
ath11k_dbg(ab, ATH11K_DBG_QMI, "qmi firmware ready\n");
+
+ ab->qmi.cal_done = 1;
+ wake_up(&ab->qmi.cold_boot_waitq);
+
ath11k_qmi_driver_event_post(qmi, ATH11K_QMI_EVENT_FW_READY, NULL);
}
@@ -3018,11 +3029,22 @@ static void ath11k_qmi_msg_cold_boot_cal_done_cb(struct qmi_handle *qmi_hdl,
struct ath11k_qmi, handle);
struct ath11k_base *ab = qmi->ab;
- ab->qmi.cal_done = 1;
- wake_up(&ab->qmi.cold_boot_waitq);
ath11k_dbg(ab, ATH11K_DBG_QMI, "qmi cold boot calibration done\n");
}
+static void ath11k_qmi_msg_fw_init_done_cb(struct qmi_handle *qmi_hdl,
+ struct sockaddr_qrtr *sq,
+ struct qmi_txn *txn,
+ const void *decoded)
+{
+ struct ath11k_qmi *qmi = container_of(qmi_hdl,
+ struct ath11k_qmi, handle);
+ struct ath11k_base *ab = qmi->ab;
+
+ ath11k_qmi_driver_event_post(qmi, ATH11K_QMI_EVENT_FW_INIT_DONE, NULL);
+ ath11k_dbg(ab, ATH11K_DBG_QMI, "qmi firmware init done\n");
+}
+
static const struct qmi_msg_handler ath11k_qmi_msg_handlers[] = {
{
.type = QMI_INDICATION,
@@ -3053,6 +3075,14 @@ static const struct qmi_msg_handler ath11k_qmi_msg_handlers[] = {
sizeof(struct qmi_wlanfw_fw_cold_cal_done_ind_msg_v01),
.fn = ath11k_qmi_msg_cold_boot_cal_done_cb,
},
+ {
+ .type = QMI_INDICATION,
+ .msg_id = QMI_WLFW_FW_INIT_DONE_IND_V01,
+ .ei = qmi_wlfw_fw_init_done_ind_msg_v01_ei,
+ .decoded_size =
+ sizeof(struct qmi_wlfw_fw_init_done_ind_msg_v01),
+ .fn = ath11k_qmi_msg_fw_init_done_cb,
+ },
};
static int ath11k_qmi_ops_new_server(struct qmi_handle *qmi_hdl,
@@ -3145,7 +3175,7 @@ static void ath11k_qmi_driver_event_work(struct work_struct *work)
}
break;
- case ATH11K_QMI_EVENT_FW_READY:
+ case ATH11K_QMI_EVENT_FW_INIT_DONE:
clear_bit(ATH11K_FLAG_QMI_FAIL, &ab->dev_flags);
if (test_bit(ATH11K_FLAG_REGISTERED, &ab->dev_flags)) {
ath11k_hal_dump_srng_stats(ab);
@@ -3168,6 +3198,8 @@ static void ath11k_qmi_driver_event_work(struct work_struct *work)
set_bit(ATH11K_FLAG_REGISTERED, &ab->dev_flags);
}
+ break;
+ case ATH11K_QMI_EVENT_FW_READY:
break;
case ATH11K_QMI_EVENT_COLD_BOOT_CAL_DONE:
break;
diff --git a/drivers/net/wireless/ath/ath11k/qmi.h b/drivers/net/wireless/ath/ath11k/qmi.h
index c83cf822be81..2ec56a34fa81 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.h
+++ b/drivers/net/wireless/ath/ath11k/qmi.h
@@ -31,8 +31,9 @@
#define QMI_WLFW_REQUEST_MEM_IND_V01 0x0035
#define QMI_WLFW_FW_MEM_READY_IND_V01 0x0037
-#define QMI_WLFW_COLD_BOOT_CAL_DONE_IND_V01 0x0021
-#define QMI_WLFW_FW_READY_IND_V01 0x0038
+#define QMI_WLFW_COLD_BOOT_CAL_DONE_IND_V01 0x003E
+#define QMI_WLFW_FW_READY_IND_V01 0x0021
+#define QMI_WLFW_FW_INIT_DONE_IND_V01 0x0038
#define QMI_WLANFW_MAX_DATA_SIZE_V01 6144
#define ATH11K_FIRMWARE_MODE_OFF 4
@@ -69,6 +70,7 @@ enum ath11k_qmi_event_type {
ATH11K_QMI_EVENT_FORCE_FW_ASSERT,
ATH11K_QMI_EVENT_POWER_UP,
ATH11K_QMI_EVENT_POWER_DOWN,
+ ATH11K_QMI_EVENT_FW_INIT_DONE,
ATH11K_QMI_EVENT_MAX,
};
@@ -291,6 +293,10 @@ struct qmi_wlanfw_fw_cold_cal_done_ind_msg_v01 {
char placeholder;
};
+struct qmi_wlfw_fw_init_done_ind_msg_v01 {
+ char placeholder;
+};
+
#define QMI_WLANFW_CAP_REQ_MSG_V01_MAX_LEN 0
#define QMI_WLANFW_CAP_RESP_MSG_V01_MAX_LEN 235
#define QMI_WLANFW_CAP_REQ_V01 0x0024
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 256/862] bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 255/862] wifi: ath11k: Fix incorrect QMI message ID mappings Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 257/862] bpf: Use this_cpu_{inc_return|dec} for prog->active Greg Kroah-Hartman
` (620 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Alexei Starovoitov,
Martin KaFai Lau, Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit 197827a05e13808c60f52632e9887eede63f1c16 ]
Now migrate_disable() does not disable preemption and under some
architectures (e.g. arm64) __this_cpu_{inc|dec|inc_return} are neither
preemption-safe nor IRQ-safe, so for fully preemptible kernel concurrent
lookups or updates on the same task local storage and on the same CPU
may make bpf_task_storage_busy be imbalanced, and
bpf_task_storage_trylock() on the specific cpu will always fail.
Fixing it by using this_cpu_{inc|dec|inc_return} when manipulating
bpf_task_storage_busy.
Fixes: bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/r/20220901061938.3789460-2-houtao@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/bpf_local_storage.c | 4 ++--
kernel/bpf/bpf_task_storage.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/kernel/bpf/bpf_local_storage.c b/kernel/bpf/bpf_local_storage.c
index 8ce40fd869f6..d13ffb00e981 100644
--- a/kernel/bpf/bpf_local_storage.c
+++ b/kernel/bpf/bpf_local_storage.c
@@ -555,11 +555,11 @@ void bpf_local_storage_map_free(struct bpf_local_storage_map *smap,
struct bpf_local_storage_elem, map_node))) {
if (busy_counter) {
migrate_disable();
- __this_cpu_inc(*busy_counter);
+ this_cpu_inc(*busy_counter);
}
bpf_selem_unlink(selem, false);
if (busy_counter) {
- __this_cpu_dec(*busy_counter);
+ this_cpu_dec(*busy_counter);
migrate_enable();
}
cond_resched_rcu();
diff --git a/kernel/bpf/bpf_task_storage.c b/kernel/bpf/bpf_task_storage.c
index e9014dc62682..6f290623347e 100644
--- a/kernel/bpf/bpf_task_storage.c
+++ b/kernel/bpf/bpf_task_storage.c
@@ -26,20 +26,20 @@ static DEFINE_PER_CPU(int, bpf_task_storage_busy);
static void bpf_task_storage_lock(void)
{
migrate_disable();
- __this_cpu_inc(bpf_task_storage_busy);
+ this_cpu_inc(bpf_task_storage_busy);
}
static void bpf_task_storage_unlock(void)
{
- __this_cpu_dec(bpf_task_storage_busy);
+ this_cpu_dec(bpf_task_storage_busy);
migrate_enable();
}
static bool bpf_task_storage_trylock(void)
{
migrate_disable();
- if (unlikely(__this_cpu_inc_return(bpf_task_storage_busy) != 1)) {
- __this_cpu_dec(bpf_task_storage_busy);
+ if (unlikely(this_cpu_inc_return(bpf_task_storage_busy) != 1)) {
+ this_cpu_dec(bpf_task_storage_busy);
migrate_enable();
return false;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 257/862] bpf: Use this_cpu_{inc_return|dec} for prog->active
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 256/862] bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 258/862] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Greg Kroah-Hartman
` (619 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Alexei Starovoitov,
Martin KaFai Lau, Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit c89e843a11f1075d27684f6b42256213e4592383 ]
Both __this_cpu_inc_return() and __this_cpu_dec() are not preemption
safe and now migrate_disable() doesn't disable preemption, so the update
of prog-active is not atomic and in theory under fully preemptible kernel
recurisve prevention may do not work.
Fixing by using the preemption-safe and IRQ-safe variants.
Fixes: ca06f55b9002 ("bpf: Add per-program recursion prevention mechanism")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/r/20220901061938.3789460-3-houtao@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/trampoline.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
index ff87e38af8a7..ad76940b02cc 100644
--- a/kernel/bpf/trampoline.c
+++ b/kernel/bpf/trampoline.c
@@ -895,7 +895,7 @@ u64 notrace __bpf_prog_enter(struct bpf_prog *prog, struct bpf_tramp_run_ctx *ru
run_ctx->saved_run_ctx = bpf_set_run_ctx(&run_ctx->run_ctx);
- if (unlikely(__this_cpu_inc_return(*(prog->active)) != 1)) {
+ if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
inc_misses_counter(prog);
return 0;
}
@@ -930,7 +930,7 @@ void notrace __bpf_prog_exit(struct bpf_prog *prog, u64 start, struct bpf_tramp_
bpf_reset_run_ctx(run_ctx->saved_run_ctx);
update_prog_stats(prog, start);
- __this_cpu_dec(*(prog->active));
+ this_cpu_dec(*(prog->active));
migrate_enable();
rcu_read_unlock();
}
@@ -966,7 +966,7 @@ u64 notrace __bpf_prog_enter_sleepable(struct bpf_prog *prog, struct bpf_tramp_r
migrate_disable();
might_fault();
- if (unlikely(__this_cpu_inc_return(*(prog->active)) != 1)) {
+ if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
inc_misses_counter(prog);
return 0;
}
@@ -982,7 +982,7 @@ void notrace __bpf_prog_exit_sleepable(struct bpf_prog *prog, u64 start,
bpf_reset_run_ctx(run_ctx->saved_run_ctx);
update_prog_stats(prog, start);
- __this_cpu_dec(*(prog->active));
+ this_cpu_dec(*(prog->active));
migrate_enable();
rcu_read_unlock_trace();
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 258/862] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 257/862] bpf: Use this_cpu_{inc_return|dec} for prog->active Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 259/862] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on Greg Kroah-Hartman
` (618 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jing Cai, Sean Wang,
Luiz Augusto von Dentz, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit fd3f106677bac70437dc12e76c827294ed495a44 ]
WMT cmd/event doesn't follow up the generic HCI cmd/event handling, it
needs constantly polling control pipe until the host received the WMT
event, thus, we should require to specifically acquire PM counter on the
USB to prevent the interface from entering auto suspended while WMT
cmd/event in progress.
Fixes: a1c49c434e15 ("Bluetooth: btusb: Add protocol support for MediaTek MT7668U USB devices")
Co-developed-by: Jing Cai <jing.cai@mediatek.com>
Signed-off-by: Jing Cai <jing.cai@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btusb.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 15caa6469538..1bb46cbff0fa 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -2477,15 +2477,29 @@ static int btusb_mtk_hci_wmt_sync(struct hci_dev *hdev,
set_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
+ /* WMT cmd/event doesn't follow up the generic HCI cmd/event handling,
+ * it needs constantly polling control pipe until the host received the
+ * WMT event, thus, we should require to specifically acquire PM counter
+ * on the USB to prevent the interface from entering auto suspended
+ * while WMT cmd/event in progress.
+ */
+ err = usb_autopm_get_interface(data->intf);
+ if (err < 0)
+ goto err_free_wc;
+
err = __hci_cmd_send(hdev, 0xfc6f, hlen, wc);
if (err < 0) {
clear_bit(BTUSB_TX_WAIT_VND_EVT, &data->flags);
+ usb_autopm_put_interface(data->intf);
goto err_free_wc;
}
/* Submit control IN URB on demand to process the WMT event */
err = btusb_mtk_submit_wmt_recv_urb(hdev);
+
+ usb_autopm_put_interface(data->intf);
+
if (err < 0)
goto err_free_wc;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 259/862] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 258/862] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 260/862] wifi: rtw89: pci: fix interrupt stuck after leaving low power mode Greg Kroah-Hartman
` (617 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Martin KaFai Lau, Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit ef331a8d4c0061ea4d353cd0db1c9b33fd45f0f2 ]
When CONFIG_SECURITY_NETWORK is disabled, there will be build warnings
from resolve_btfids:
WARN: resolve_btfids: unresolved symbol bpf_lsm_socket_socketpair
......
WARN: resolve_btfids: unresolved symbol bpf_lsm_inet_conn_established
Fixing it by wrapping these BTF ID definitions by CONFIG_SECURITY_NETWORK.
Fixes: 69fd337a975c ("bpf: per-cgroup lsm flavor")
Fixes: 9113d7e48e91 ("bpf: expose bpf_{g,s}etsockopt to lsm cgroup")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20220901065126.3856297-1-houtao@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/bpf_lsm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index fa71d58b7ded..832a0e48a2a1 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -41,17 +41,21 @@ BTF_SET_END(bpf_lsm_hooks)
*/
BTF_SET_START(bpf_lsm_current_hooks)
/* operate on freshly allocated sk without any cgroup association */
+#ifdef CONFIG_SECURITY_NETWORK
BTF_ID(func, bpf_lsm_sk_alloc_security)
BTF_ID(func, bpf_lsm_sk_free_security)
+#endif
BTF_SET_END(bpf_lsm_current_hooks)
/* List of LSM hooks that trigger while the socket is properly locked.
*/
BTF_SET_START(bpf_lsm_locked_sockopt_hooks)
+#ifdef CONFIG_SECURITY_NETWORK
BTF_ID(func, bpf_lsm_socket_sock_rcv_skb)
BTF_ID(func, bpf_lsm_sock_graft)
BTF_ID(func, bpf_lsm_inet_csk_clone)
BTF_ID(func, bpf_lsm_inet_conn_established)
+#endif
BTF_SET_END(bpf_lsm_locked_sockopt_hooks)
/* List of LSM hooks that trigger while the socket is _not_ locked,
@@ -59,8 +63,10 @@ BTF_SET_END(bpf_lsm_locked_sockopt_hooks)
* in the early init phase.
*/
BTF_SET_START(bpf_lsm_unlocked_sockopt_hooks)
+#ifdef CONFIG_SECURITY_NETWORK
BTF_ID(func, bpf_lsm_socket_post_create)
BTF_ID(func, bpf_lsm_socket_socketpair)
+#endif
BTF_SET_END(bpf_lsm_unlocked_sockopt_hooks)
#ifdef CONFIG_CGROUP_BPF
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 260/862] wifi: rtw89: pci: fix interrupt stuck after leaving low power mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 259/862] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 261/862] wifi: rtw89: pci: correct TX resource checking in " Greg Kroah-Hartman
` (616 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ping-Ke Shih, Kalle Valo, Sasha Levin
From: Ping-Ke Shih <pkshih@realtek.com>
[ Upstream commit b7e715d3dcd2e9fa3a689ba0dd7ab85f8aaf6e9a ]
We turn off interrupt in ISR, and re-enable interrupt in threadfn or
napi_poll according to the mode it stays. If we are turning off interrupt,
rtwpci->running flag is unset and interrupt handler stop processing even
if it was called, so disallow to re-enable interrupt in this situation.
Or, wifi chip doesn't trigger interrupt events anymore because interrupt
status (ISR) isn't clear by interrupt handler anymore.
Fixes: c83dcd0508e2 ("rtw89: pci: add a separate interrupt handler for low power mode")
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220824063312.15784-1-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/pci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c
index c68fec9eb5a6..8a093e1cb328 100644
--- a/drivers/net/wireless/realtek/rtw89/pci.c
+++ b/drivers/net/wireless/realtek/rtw89/pci.c
@@ -760,7 +760,8 @@ static irqreturn_t rtw89_pci_interrupt_threadfn(int irq, void *dev)
enable_intr:
spin_lock_irqsave(&rtwpci->irq_lock, flags);
- rtw89_chip_enable_intr(rtwdev, rtwpci);
+ if (likely(rtwpci->running))
+ rtw89_chip_enable_intr(rtwdev, rtwpci);
spin_unlock_irqrestore(&rtwpci->irq_lock, flags);
return IRQ_HANDLED;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 261/862] wifi: rtw89: pci: correct TX resource checking in low power mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 260/862] wifi: rtw89: pci: fix interrupt stuck after leaving low power mode Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 262/862] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Greg Kroah-Hartman
` (615 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ping-Ke Shih, Kalle Valo, Sasha Levin
From: Ping-Ke Shih <pkshih@realtek.com>
[ Upstream commit 4a29213cd775cabcbe395229d175903accedbb9d ]
Number of TX resource must be minimum of TX_BD and TX_WD. Only considering
TX_BD could drop TX packets pulled from mac80211 if TX_WD is unavailable.
Fixes: 52edbb9fb78a ("rtw89: ps: access TX/RX rings via another registers in low power mode")
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220824063312.15784-2-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c
index 8a093e1cb328..7bb1b494c5d1 100644
--- a/drivers/net/wireless/realtek/rtw89/pci.c
+++ b/drivers/net/wireless/realtek/rtw89/pci.c
@@ -926,10 +926,12 @@ u32 __rtw89_pci_check_and_reclaim_tx_resource_noio(struct rtw89_dev *rtwdev,
{
struct rtw89_pci *rtwpci = (struct rtw89_pci *)rtwdev->priv;
struct rtw89_pci_tx_ring *tx_ring = &rtwpci->tx_rings[txch];
+ struct rtw89_pci_tx_wd_ring *wd_ring = &tx_ring->wd_ring;
u32 cnt;
spin_lock_bh(&rtwpci->trx_lock);
cnt = rtw89_pci_get_avail_txbd_num(tx_ring);
+ cnt = min(cnt, wd_ring->curr_num);
spin_unlock_bh(&rtwpci->trx_lock);
return cnt;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 262/862] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 261/862] wifi: rtw89: pci: correct TX resource checking in " Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 263/862] wifi: wfx: prevent underflow in wfx_send_pds() Greg Kroah-Hartman
` (614 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Jes Sorensen,
Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 620d5eaeb9059636864bda83ca1c68c20ede34a5 ]
There some bounds checking to ensure that "map_addr" is not out of
bounds before the start of the loop. But the checking needs to be
done as we iterate through the loop because "map_addr" gets larger as
we iterate.
Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jes Sorensen <Jes.Sorensen@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/Yv8eGLdBslLAk3Ct@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index c66f0726b253..f3a107f19cf5 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -1878,13 +1878,6 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
/* We have 8 bits to indicate validity */
map_addr = offset * 8;
- if (map_addr >= EFUSE_MAP_LEN) {
- dev_warn(dev, "%s: Illegal map_addr (%04x), "
- "efuse corrupt!\n",
- __func__, map_addr);
- ret = -EINVAL;
- goto exit;
- }
for (i = 0; i < EFUSE_MAX_WORD_UNIT; i++) {
/* Check word enable condition in the section */
if (word_mask & BIT(i)) {
@@ -1895,6 +1888,13 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
if (ret)
goto exit;
+ if (map_addr >= EFUSE_MAP_LEN - 1) {
+ dev_warn(dev, "%s: Illegal map_addr (%04x), "
+ "efuse corrupt!\n",
+ __func__, map_addr);
+ ret = -EINVAL;
+ goto exit;
+ }
priv->efuse_wifi.raw[map_addr++] = val8;
ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 263/862] wifi: wfx: prevent underflow in wfx_send_pds()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 262/862] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 264/862] wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() Greg Kroah-Hartman
` (613 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter,
Jérôme Pouiller, Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit f97c81f5b7f8047810b0d79a8f759a83951210a0 ]
This does a "chunk_len - 4" subtraction later when it calls:
ret = wfx_hif_configuration(wdev, buf + 4, chunk_len - 4);
so check for "chunk_len" is less than 4.
Fixes: dcbecb497908 ("staging: wfx: allow new PDS format")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/Yv8eX7Xv2ubUOvW7@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/silabs/wfx/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/silabs/wfx/main.c b/drivers/net/wireless/silabs/wfx/main.c
index e015bfb8d221..84d82ddded56 100644
--- a/drivers/net/wireless/silabs/wfx/main.c
+++ b/drivers/net/wireless/silabs/wfx/main.c
@@ -181,7 +181,7 @@ int wfx_send_pds(struct wfx_dev *wdev, u8 *buf, size_t len)
while (len > 0) {
chunk_type = get_unaligned_le16(buf + 0);
chunk_len = get_unaligned_le16(buf + 2);
- if (chunk_len > len) {
+ if (chunk_len < 4 || chunk_len > len) {
dev_err(wdev->dev, "PDS:%d: corrupted file\n", chunk_num);
return -EINVAL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 264/862] wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 263/862] wifi: wfx: prevent underflow in wfx_send_pds() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 265/862] selftests/xsk: Avoid use-after-free on ctx Greg Kroah-Hartman
` (612 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit b0ea758b30bbdf7c4323c78b7c50c05d2e1224d5 ]
Add the missing destroy_workqueue() before return from rtw_core_init()
in error path.
Fixes: fe101716c7c9 ("rtw88: replace tx tasklet with work queue")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220826023817.3908255-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/realtek/rtw88/main.c
+++ b/drivers/net/wireless/realtek/rtw88/main.c
@@ -2045,7 +2045,7 @@ int rtw_core_init(struct rtw_dev *rtwdev
ret = rtw_load_firmware(rtwdev, RTW_NORMAL_FW);
if (ret) {
rtw_warn(rtwdev, "no firmware loaded\n");
- return ret;
+ goto out;
}
if (chip->wow_fw_name) {
@@ -2055,11 +2055,15 @@ int rtw_core_init(struct rtw_dev *rtwdev
wait_for_completion(&rtwdev->fw.completion);
if (rtwdev->fw.firmware)
release_firmware(rtwdev->fw.firmware);
- return ret;
+ goto out;
}
}
return 0;
+
+out:
+ destroy_workqueue(rtwdev->tx_wq);
+ return ret;
}
EXPORT_SYMBOL(rtw_core_init);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 265/862] selftests/xsk: Avoid use-after-free on ctx
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 264/862] wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 266/862] wifi: mac80211: mlme: assign link address correctly Greg Kroah-Hartman
` (611 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Rogers, Daniel Borkmann,
Magnus Karlsson, Sasha Levin
From: Ian Rogers <irogers@google.com>
[ Upstream commit af515a5587b8f45f19e11657746e0c89411b0380 ]
The put lowers the reference count to 0 and frees ctx, reading it
afterwards is invalid. Move the put after the uses and determine the
last use by the reference count being 1.
Fixes: 39e940d4abfa ("selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0")
Signed-off-by: Ian Rogers <irogers@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Link: https://lore.kernel.org/bpf/20220901202645.1463552-1-irogers@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/xsk.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/bpf/xsk.c b/tools/testing/selftests/bpf/xsk.c
index f2721a4ae7c5..0b3ff49c740d 100644
--- a/tools/testing/selftests/bpf/xsk.c
+++ b/tools/testing/selftests/bpf/xsk.c
@@ -1237,15 +1237,15 @@ void xsk_socket__delete(struct xsk_socket *xsk)
ctx = xsk->ctx;
umem = ctx->umem;
- xsk_put_ctx(ctx, true);
-
- if (!ctx->refcount) {
+ if (ctx->refcount == 1) {
xsk_delete_bpf_maps(xsk);
close(ctx->prog_fd);
if (ctx->has_bpf_link)
close(ctx->link_fd);
}
+ xsk_put_ctx(ctx, true);
+
err = xsk_get_mmap_offsets(xsk->fd, &off);
if (!err) {
if (xsk->rx) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 266/862] wifi: mac80211: mlme: assign link address correctly
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 265/862] selftests/xsk: Avoid use-after-free on ctx Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 267/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Greg Kroah-Hartman
` (610 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit acdc3e47881d86dc1cb89d4603e3fed90ab150db ]
Right now, we assign the link address only after we add
the link to the driver, which is quite obviously wrong.
It happens to work in many cases because it gets updated
immediately, and then link_conf updates may update it,
but it's clearly not really right.
Set the link address during ieee80211_mgd_setup_link()
so it's set before telling the driver about the link.
Fixes: 81151ce462e5 ("wifi: mac80211: support MLO authentication/association with one link")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 76ae6f03d77e..654414caeb71 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -6291,6 +6291,8 @@ void ieee80211_mgd_setup_link(struct ieee80211_link_data *link)
if (sdata->u.mgd.assoc_data)
ether_addr_copy(link->conf->addr,
sdata->u.mgd.assoc_data->link[link_id].addr);
+ else if (!is_valid_ether_addr(link->conf->addr))
+ eth_random_addr(link->conf->addr);
}
/* scan finished notification */
@@ -6378,9 +6380,6 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
goto out_err;
}
- if (mlo && !is_valid_ether_addr(link->conf->addr))
- eth_random_addr(link->conf->addr);
-
if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data)) {
err = -EINVAL;
goto out_err;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 267/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 266/862] wifi: mac80211: mlme: assign link address correctly Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 268/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Greg Kroah-Hartman
` (609 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Qiang, Mark Brown, Sasha Levin
From: Xu Qiang <xuqiang36@huawei.com>
[ Upstream commit 70034320fdc597b8f58b4a43bb547f17c4c5557a ]
Add the missing clk_disable_unprepare() before return
from spi_qup_resume() in the error handling case.
Fixes: 64ff247a978f (“spi: Add Qualcomm QUP SPI controller support”)
Signed-off-by: Xu Qiang <xuqiang36@huawei.com>
Link: https://lore.kernel.org/r/20220825065324.68446-1-xuqiang36@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-qup.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-qup.c b/drivers/spi/spi-qup.c
index 00d6084306b4..ae4e67f152ec 100644
--- a/drivers/spi/spi-qup.c
+++ b/drivers/spi/spi-qup.c
@@ -1245,14 +1245,25 @@ static int spi_qup_resume(struct device *device)
return ret;
ret = clk_prepare_enable(controller->cclk);
- if (ret)
+ if (ret) {
+ clk_disable_unprepare(controller->iclk);
return ret;
+ }
ret = spi_qup_set_state(controller, QUP_STATE_RESET);
if (ret)
- return ret;
+ goto disable_clk;
+
+ ret = spi_master_resume(master);
+ if (ret)
+ goto disable_clk;
- return spi_master_resume(master);
+ return 0;
+
+disable_clk:
+ clk_disable_unprepare(controller->cclk);
+ clk_disable_unprepare(controller->iclk);
+ return ret;
}
#endif /* CONFIG_PM_SLEEP */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 268/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 267/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 269/862] wifi: rtl8xxxu: Fix skb misuse in TX queue selection Greg Kroah-Hartman
` (608 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Qiang, Mark Brown, Sasha Levin
From: Xu Qiang <xuqiang36@huawei.com>
[ Upstream commit 494a22765ce479c9f8ad181c5d24cffda9f534bb ]
Add the missing clk_disable_unprepare() before return
from spi_qup_pm_resume_runtime() in the error handling case.
Fixes: dae1a7700b34 (“spi: qup: Handle clocks in pm_runtime suspend and resume”)
Signed-off-by: Xu Qiang <xuqiang36@huawei.com>
Link: https://lore.kernel.org/r/20220825065324.68446-2-xuqiang36@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-qup.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-qup.c b/drivers/spi/spi-qup.c
index ae4e67f152ec..7d89510dc3f0 100644
--- a/drivers/spi/spi-qup.c
+++ b/drivers/spi/spi-qup.c
@@ -1198,8 +1198,10 @@ static int spi_qup_pm_resume_runtime(struct device *device)
return ret;
ret = clk_prepare_enable(controller->cclk);
- if (ret)
+ if (ret) {
+ clk_disable_unprepare(controller->iclk);
return ret;
+ }
/* Disable clocks auto gaiting */
config = readl_relaxed(controller->base + QUP_CONFIG);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 269/862] wifi: rtl8xxxu: Fix skb misuse in TX queue selection
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 268/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 270/862] spi: meson-spicc: do not rely on busy flag in pow2 clk ops Greg Kroah-Hartman
` (607 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit edd5747aa12ed61a5ecbfa58d3908623fddbf1e8 ]
rtl8xxxu_queue_select() selects the wrong TX queues because it's
reading memory from the wrong address. It expects to find ieee80211_hdr
at skb->data, but that's not the case after skb_push(). Move the call
to rtl8xxxu_queue_select() before the call to skb_push().
Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/7fa4819a-4f20-b2af-b7a6-8ee01ac49295@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index f3a107f19cf5..02b7bc57d217 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -5062,6 +5062,8 @@ static void rtl8xxxu_tx(struct ieee80211_hw *hw,
if (control && control->sta)
sta = control->sta;
+ queue = rtl8xxxu_queue_select(hw, skb);
+
tx_desc = skb_push(skb, tx_desc_size);
memset(tx_desc, 0, tx_desc_size);
@@ -5074,7 +5076,6 @@ static void rtl8xxxu_tx(struct ieee80211_hw *hw,
is_broadcast_ether_addr(ieee80211_get_DA(hdr)))
tx_desc->txdw0 |= TXDESC_BROADMULTICAST;
- queue = rtl8xxxu_queue_select(hw, skb);
tx_desc->txdw1 = cpu_to_le32(queue << TXDESC_QUEUE_SHIFT);
if (tx_info->control.hw_key) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 270/862] spi: meson-spicc: do not rely on busy flag in pow2 clk ops
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 269/862] wifi: rtl8xxxu: Fix skb misuse in TX queue selection Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 271/862] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Greg Kroah-Hartman
` (606 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markus Schneider-Pargmann,
Neil Armstrong, Mark Brown, Sasha Levin
From: Neil Armstrong <narmstrong@baylibre.com>
[ Upstream commit 36acf80fc0c4b5ebe6fa010b524d442ee7f08fd3 ]
Since [1], controller's busy flag isn't set anymore when the
__spi_transfer_message_noqueue() is used instead of the
__spi_pump_transfer_message() logic for spi_sync transfers.
Since the pow2 clock ops were limited to only be available when a
transfer is ongoing (between prepare_transfer_hardware and
unprepare_transfer_hardware callbacks), the only way to track this
down is to check for the controller cur_msg.
[1] ae7d2346dc89 ("spi: Don't use the message queue if possible in spi_sync")
Fixes: 09992025dacd ("spi: meson-spicc: add local pow2 clock ops to preserve rate between messages")
Fixes: ae7d2346dc89 ("spi: Don't use the message queue if possible in spi_sync")
Reported-by: Markus Schneider-Pargmann <msp@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Markus Schneider-Pargmann <msp@baylibre.com>
Link: https://lore.kernel.org/r/20220908121803.919943-1-narmstrong@baylibre.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-meson-spicc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/spi/spi-meson-spicc.c b/drivers/spi/spi-meson-spicc.c
index e4cb52e1fe26..6974a1c947aa 100644
--- a/drivers/spi/spi-meson-spicc.c
+++ b/drivers/spi/spi-meson-spicc.c
@@ -537,7 +537,7 @@ static unsigned long meson_spicc_pow2_recalc_rate(struct clk_hw *hw,
struct clk_divider *divider = to_clk_divider(hw);
struct meson_spicc_device *spicc = pow2_clk_to_spicc(divider);
- if (!spicc->master->cur_msg || !spicc->master->busy)
+ if (!spicc->master->cur_msg)
return 0;
return clk_divider_ops.recalc_rate(hw, parent_rate);
@@ -549,7 +549,7 @@ static int meson_spicc_pow2_determine_rate(struct clk_hw *hw,
struct clk_divider *divider = to_clk_divider(hw);
struct meson_spicc_device *spicc = pow2_clk_to_spicc(divider);
- if (!spicc->master->cur_msg || !spicc->master->busy)
+ if (!spicc->master->cur_msg)
return -EINVAL;
return clk_divider_ops.determine_rate(hw, req);
@@ -561,7 +561,7 @@ static int meson_spicc_pow2_set_rate(struct clk_hw *hw, unsigned long rate,
struct clk_divider *divider = to_clk_divider(hw);
struct meson_spicc_device *spicc = pow2_clk_to_spicc(divider);
- if (!spicc->master->cur_msg || !spicc->master->busy)
+ if (!spicc->master->cur_msg)
return -EINVAL;
return clk_divider_ops.set_rate(hw, rate, parent_rate);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 271/862] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 270/862] spi: meson-spicc: do not rely on busy flag in pow2 clk ops Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 272/862] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Greg Kroah-Hartman
` (605 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stanislav Fomichev, Lorenz Bauer,
Alexei Starovoitov, Sasha Levin
From: Lorenz Bauer <oss@lmb.io>
[ Upstream commit a37a32583e282d8d815e22add29bc1e91e19951a ]
When trying to finish resolving a struct member, btf_struct_resolve
saves the member type id in a u16 temporary variable. This truncates
the 32 bit type id value if it exceeds UINT16_MAX.
As a result, structs that have members with type ids > UINT16_MAX and
which need resolution will fail with a message like this:
[67414] STRUCT ff_device size=120 vlen=12
effect_owners type_id=67434 bits_offset=960 Member exceeds struct_size
Fix this by changing the type of last_member_type_id to u32.
Fixes: a0791f0df7d2 ("bpf: fix BTF limits")
Reviewed-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Lorenz Bauer <oss@lmb.io>
Link: https://lore.kernel.org/r/20220910110120.339242-1-oss@lmb.io
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 7e64447659f3..36fd4b509294 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -3128,7 +3128,7 @@ static int btf_struct_resolve(struct btf_verifier_env *env,
if (v->next_member) {
const struct btf_type *last_member_type;
const struct btf_member *last_member;
- u16 last_member_type_id;
+ u32 last_member_type_id;
last_member = btf_type_member(v->t) + v->next_member - 1;
last_member_type_id = last_member->type;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 272/862] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 271/862] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Greg Kroah-Hartman
@ 2022-10-19 8:25 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 273/862] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Greg Kroah-Hartman
` (604 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit e963a19c64ac0d2f8785d36a27391abd91ac77aa ]
Found by comparing with the vendor driver. Currently this affects
only the RTL8192EU, which is the only gen2 chip with 2 TX paths
supported by this driver. It's unclear what kind of effect the
mistake had in practice, since I don't have any RTL8192EU devices
to test it.
Fixes: e1547c535ede ("rtl8xxxu: First stab at adding IQK calibration for 8723bu parts")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/30a59f3a-cfa9-8379-7af0-78a8f4c77cfd@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 02b7bc57d217..7a1ea4a59569 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -2929,12 +2929,12 @@ bool rtl8xxxu_gen2_simularity_compare(struct rtl8xxxu_priv *priv,
}
if (!(simubitmap & 0x30) && priv->tx_paths > 1) {
- /* path B RX OK */
+ /* path B TX OK */
for (i = 4; i < 6; i++)
result[3][i] = result[c1][i];
}
- if (!(simubitmap & 0x30) && priv->tx_paths > 1) {
+ if (!(simubitmap & 0xc0) && priv->tx_paths > 1) {
/* path B RX OK */
for (i = 6; i < 8; i++)
result[3][i] = result[c1][i];
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 273/862] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-10-19 8:25 ` [PATCH 6.0 272/862] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 274/862] Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() Greg Kroah-Hartman
` (603 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit d5350756c03cdf18696295c6b11d7acc4dbf825c ]
It looks like a leftover from copying rtl8xxxu_update_rate_mask,
which is used with the gen1 chips.
It wasn't causing any problems for my RTL8188FU test device, but it's
clearly a mistake, so remove it.
Fixes: f653e69009c6 ("rtl8xxxu: Implement basic 8723b specific update_rate_mask() function")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/d5544fe8-9798-28f1-54bd-6839a1974b10@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 7a1ea4a59569..41d46c54444f 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4353,15 +4353,14 @@ void rtl8xxxu_gen2_update_rate_mask(struct rtl8xxxu_priv *priv,
h2c.b_macid_cfg.ramask2 = (ramask >> 16) & 0xff;
h2c.b_macid_cfg.ramask3 = (ramask >> 24) & 0xff;
- h2c.ramask.arg = 0x80;
h2c.b_macid_cfg.data1 = rateid;
if (sgi)
h2c.b_macid_cfg.data1 |= BIT(7);
h2c.b_macid_cfg.data2 = bw;
- dev_dbg(&priv->udev->dev, "%s: rate mask %08x, arg %02x, size %zi\n",
- __func__, ramask, h2c.ramask.arg, sizeof(h2c.b_macid_cfg));
+ dev_dbg(&priv->udev->dev, "%s: rate mask %08x, rateid %02x, sgi %d, size %zi\n",
+ __func__, ramask, rateid, sgi, sizeof(h2c.b_macid_cfg));
rtl8xxxu_gen2_h2c_cmd(priv, &h2c, sizeof(h2c.b_macid_cfg));
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 274/862] Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 273/862] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 275/862] wifi: mt76: mt7921e: fix race issue between reset and suspend/resume Greg Kroah-Hartman
` (602 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+844c7bf1b1aa4119c5de,
Tetsuo Handa, Luiz Augusto von Dentz, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit f74ca25d6d6629ffd4fd80a1a73037253b57d06b ]
syzbot is again reporting attempt to cancel uninitialized work
at mgmt_index_removed() [1], for setting of HCI_MGMT flag from
mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can
race with testing of HCI_MGMT flag from mgmt_index_removed() from
hci_sock_bind() due to lack of serialization via hci_dev_lock().
Since mgmt_init_hdev() is called with mgmt_chan_list_lock held, we can
safely split hci_dev_test_and_set_flag() into hci_dev_test_flag() and
hci_dev_set_flag(). Thus, in order to close this race, set HCI_MGMT flag
after INIT_DELAYED_WORK() completed.
This is a local fix based on mgmt_chan_list_lock. Lack of serialization
via hci_dev_lock() might be causing different race conditions somewhere
else. But a global fix based on hci_dev_lock() should deserve a future
patch.
Link: https://syzkaller.appspot.com/bug?extid=844c7bf1b1aa4119c5de
Reported-by: syzbot+844c7bf1b1aa4119c5de@syzkaller.appspotmail.com
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 3f2893d3c142986a ("Bluetooth: don't try to cancel uninitialized works at mgmt_index_removed()")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/mgmt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 72e6595a71cc..3d1cd0666968 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1050,7 +1050,7 @@ static void discov_off(struct work_struct *work)
static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
{
- if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
+ if (hci_dev_test_flag(hdev, HCI_MGMT))
return;
BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
@@ -1065,6 +1065,8 @@ static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
* it
*/
hci_dev_clear_flag(hdev, HCI_BONDABLE);
+
+ hci_dev_set_flag(hdev, HCI_MGMT);
}
static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 275/862] wifi: mt76: mt7921e: fix race issue between reset and suspend/resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 274/862] Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 276/862] wifi: mt76: mt7921s: " Greg Kroah-Hartman
` (601 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YN Chen, Sean Wang, Felix Fietkau,
Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit ff6c4a6449793e9718ef2e9ad46864b63022648e ]
It is unexpected that the reset work is running simultaneously with
the suspend or resume context and it is possible that reset work is still
running even after mt7921 is suspended if we don't fix the race issue.
Thus, the suspend procedure should be waiting until the reset is completed
at the beginning and ignore the subsequent the reset requests.
In case there is an error that happens during either suspend or resume
handler, we will schedule a reset task to recover the error before
returning the error code to ensure we can immediately fix the error there.
Fixes: 0c1ce9884607 ("mt76: mt7921: add wifi reset support")
Co-developed-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 5 +++++
drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 13 +++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
index 47f0aa81ab02..6bd9fc9228a2 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
@@ -780,6 +780,7 @@ void mt7921_mac_reset_work(struct work_struct *work)
void mt7921_reset(struct mt76_dev *mdev)
{
struct mt7921_dev *dev = container_of(mdev, struct mt7921_dev, mt76);
+ struct mt76_connac_pm *pm = &dev->pm;
if (!dev->hw_init_done)
return;
@@ -787,8 +788,12 @@ void mt7921_reset(struct mt76_dev *mdev)
if (dev->hw_full_reset)
return;
+ if (pm->suspended)
+ return;
+
queue_work(dev->mt76.wq, &dev->reset_work);
}
+EXPORT_SYMBOL_GPL(mt7921_reset);
void mt7921_mac_update_mib_stats(struct mt7921_phy *phy)
{
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
index ea3069d18c35..2b015dacbba2 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
@@ -367,6 +367,7 @@ static int mt7921_pci_suspend(struct device *device)
int i, err;
pm->suspended = true;
+ flush_work(&dev->reset_work);
cancel_delayed_work_sync(&pm->ps_work);
cancel_work_sync(&pm->wake_work);
@@ -428,6 +429,9 @@ static int mt7921_pci_suspend(struct device *device)
restore_suspend:
pm->suspended = false;
+ if (err < 0)
+ mt7921_reset(&dev->mt76);
+
return err;
}
@@ -441,7 +445,7 @@ static int mt7921_pci_resume(struct device *device)
err = mt7921_mcu_drv_pmctrl(dev);
if (err < 0)
- return err;
+ goto failed;
mt7921_wpdma_reinit_cond(dev);
@@ -471,11 +475,12 @@ static int mt7921_pci_resume(struct device *device)
mt76_connac_mcu_set_deep_sleep(&dev->mt76, false);
err = mt76_connac_mcu_set_hif_suspend(mdev, false);
- if (err)
- return err;
-
+failed:
pm->suspended = false;
+ if (err < 0)
+ mt7921_reset(&dev->mt76);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 276/862] wifi: mt76: mt7921s: fix race issue between reset and suspend/resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 275/862] wifi: mt76: mt7921e: fix race issue between reset and suspend/resume Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 277/862] wifi: mt76: mt7921u: " Greg Kroah-Hartman
` (600 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YN Chen, Sean Wang, Felix Fietkau,
Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit e86f10e6809add9132ecc2c6b3184ed59db7ca71 ]
It is unexpected that the reset work is running simultaneously with
the suspend or resume context and it is possible that reset work is still
running even after mt7921 is suspended if we don't fix the race issue.
Thus, the suspend procedure should be waiting until the reset is completed
at the beginning and ignore the subsequent the reset requests.
In case there is an error that happens during either suspend or resume
handler, we will schedule a reset task to recover the error before
returning the error code to ensure we can immediately fix the error there.
Fixes: ca74b9b907f9 ("mt76: mt7921s: add reset support")
Co-developed-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/sdio.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c b/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c
index 487acd6e2be8..2face849fb4f 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c
@@ -206,6 +206,7 @@ static int mt7921s_suspend(struct device *__dev)
pm->suspended = true;
set_bit(MT76_STATE_SUSPEND, &mdev->phy.state);
+ flush_work(&dev->reset_work);
cancel_delayed_work_sync(&pm->ps_work);
cancel_work_sync(&pm->wake_work);
@@ -261,6 +262,9 @@ static int mt7921s_suspend(struct device *__dev)
clear_bit(MT76_STATE_SUSPEND, &mdev->phy.state);
pm->suspended = false;
+ if (err < 0)
+ mt7921_reset(&dev->mt76);
+
return err;
}
@@ -276,7 +280,7 @@ static int mt7921s_resume(struct device *__dev)
err = mt7921_mcu_drv_pmctrl(dev);
if (err < 0)
- return err;
+ goto failed;
mt76_worker_enable(&mdev->tx_worker);
mt76_worker_enable(&mdev->sdio.txrx_worker);
@@ -288,11 +292,12 @@ static int mt7921s_resume(struct device *__dev)
mt76_connac_mcu_set_deep_sleep(mdev, false);
err = mt76_connac_mcu_set_hif_suspend(mdev, false);
- if (err)
- return err;
-
+failed:
pm->suspended = false;
+ if (err < 0)
+ mt7921_reset(&dev->mt76);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 277/862] wifi: mt76: mt7921u: fix race issue between reset and suspend/resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 276/862] wifi: mt76: mt7921s: " Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 278/862] wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work Greg Kroah-Hartman
` (599 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YN Chen, Sean Wang, Felix Fietkau,
Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit 86f15d043ba7f13211d5c3e41961c3381fb12880 ]
It is unexpected that the reset work is running simultaneously with
the suspend or resume context and it is possible that reset work is still
running even after mt7921 is suspended if we don't fix the race issue.
Thus, the suspend procedure should be waiting until the reset is completed
at the beginning and ignore the subsequent the reset requests.
In case there is an error that happens during either suspend or resume
handler, we will schedule a reset task to recover the error before
returning the error code to ensure we can immediately fix the error there.
Fixes: df3e4143ba8a ("mt76: mt7921u: add suspend/resume support")
Co-developed-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7921/usb.c | 28 ++++++++++++++++---
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/usb.c b/drivers/net/wireless/mediatek/mt76/mt7921/usb.c
index dd3b8884e162..613d5cefffc7 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/usb.c
@@ -300,11 +300,15 @@ static void mt7921u_disconnect(struct usb_interface *usb_intf)
static int mt7921u_suspend(struct usb_interface *intf, pm_message_t state)
{
struct mt7921_dev *dev = usb_get_intfdata(intf);
+ struct mt76_connac_pm *pm = &dev->pm;
int err;
+ pm->suspended = true;
+ flush_work(&dev->reset_work);
+
err = mt76_connac_mcu_set_hif_suspend(&dev->mt76, true);
if (err)
- return err;
+ goto failed;
mt76u_stop_rx(&dev->mt76);
mt76u_stop_tx(&dev->mt76);
@@ -312,11 +316,20 @@ static int mt7921u_suspend(struct usb_interface *intf, pm_message_t state)
set_bit(MT76_STATE_SUSPEND, &dev->mphy.state);
return 0;
+
+failed:
+ pm->suspended = false;
+
+ if (err < 0)
+ mt7921_reset(&dev->mt76);
+
+ return err;
}
static int mt7921u_resume(struct usb_interface *intf)
{
struct mt7921_dev *dev = usb_get_intfdata(intf);
+ struct mt76_connac_pm *pm = &dev->pm;
bool reinit = true;
int err, i;
@@ -338,16 +351,23 @@ static int mt7921u_resume(struct usb_interface *intf)
if (reinit || mt7921_dma_need_reinit(dev)) {
err = mt7921u_dma_init(dev, true);
if (err)
- return err;
+ goto failed;
}
clear_bit(MT76_STATE_SUSPEND, &dev->mphy.state);
err = mt76u_resume_rx(&dev->mt76);
if (err < 0)
- return err;
+ goto failed;
+
+ err = mt76_connac_mcu_set_hif_suspend(&dev->mt76, false);
+failed:
+ pm->suspended = false;
+
+ if (err < 0)
+ mt7921_reset(&dev->mt76);
- return mt76_connac_mcu_set_hif_suspend(&dev->mt76, false);
+ return err;
}
#endif /* CONFIG_PM */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 278/862] wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 277/862] wifi: mt76: mt7921u: " Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 279/862] wifi: mt76: sdio: poll sta stat when device transmits data Greg Kroah-Hartman
` (598 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YN Chen, Sean Wang, Felix Fietkau,
Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit e5d78fd998be94fb459a3d625df7367849b997b8 ]
Because wake_work and sdio->stat_work share the same workqueue mt76->wq,
if sdio->stat_work cannot acquire the mutex lock such as that was possibly
held up by [mt7615, mt7921]_mutex_acquire. Additionally, if
[mt7615, mt7921]_mutex_acquire was called by sdio->stat_work self, the wake
would be blocked by itself. Thus, we move the stat_work into
ieee80211_workqueue instead to break the deadlock.
Fixes: d39b52e31aa6 ("mt76: introduce mt76_sdio module")
Co-developed-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/sdio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/sdio.c b/drivers/net/wireless/mediatek/mt76/sdio.c
index aba2a9865821..fb2caeae6dba 100644
--- a/drivers/net/wireless/mediatek/mt76/sdio.c
+++ b/drivers/net/wireless/mediatek/mt76/sdio.c
@@ -481,7 +481,7 @@ static void mt76s_status_worker(struct mt76_worker *w)
if (dev->drv->tx_status_data &&
!test_and_set_bit(MT76_READING_STATS, &dev->phy.state) &&
!test_bit(MT76_STATE_SUSPEND, &dev->phy.state))
- queue_work(dev->wq, &dev->sdio.stat_work);
+ ieee80211_queue_work(dev->hw, &dev->sdio.stat_work);
} while (nframes > 0);
if (resched)
@@ -508,7 +508,7 @@ static void mt76s_tx_status_data(struct work_struct *work)
}
if (count && test_bit(MT76_STATE_RUNNING, &dev->phy.state))
- queue_work(dev->wq, &sdio->stat_work);
+ ieee80211_queue_work(dev->hw, &sdio->stat_work);
else
clear_bit(MT76_READING_STATS, &dev->phy.state);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 279/862] wifi: mt76: sdio: poll sta stat when device transmits data
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 278/862] wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 280/862] wifi: mt76: mt7915: fix an uninitialized variable bug Greg Kroah-Hartman
` (597 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Wang, Felix Fietkau, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit a323e5f041dd11af5e3de19ed7ea95a97d588c11 ]
It is not meaningful to poll sta stat when there is no data traffic.
So polling sta stat when the device has transmitted data instead to save
CPU power.
That implies that it is unallowed the stat_work to work while MCU is being
initialized in the really early stage to fix the possible time to time MCU
initialization failure.
Fixes: d39b52e31aa6 ("mt76: introduce mt76_sdio module")
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/sdio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/sdio.c b/drivers/net/wireless/mediatek/mt76/sdio.c
index fb2caeae6dba..ece4e4bb94a1 100644
--- a/drivers/net/wireless/mediatek/mt76/sdio.c
+++ b/drivers/net/wireless/mediatek/mt76/sdio.c
@@ -478,7 +478,7 @@ static void mt76s_status_worker(struct mt76_worker *w)
if (ndata_frames > 0)
resched = true;
- if (dev->drv->tx_status_data &&
+ if (dev->drv->tx_status_data && ndata_frames > 0 &&
!test_and_set_bit(MT76_READING_STATS, &dev->phy.state) &&
!test_bit(MT76_STATE_SUSPEND, &dev->phy.state))
ieee80211_queue_work(dev->hw, &dev->sdio.stat_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 280/862] wifi: mt76: mt7915: fix an uninitialized variable bug
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 279/862] wifi: mt76: sdio: poll sta stat when device transmits data Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 281/862] wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() Greg Kroah-Hartman
` (596 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Felix Fietkau, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit b5ee771c84082b4e54cc39d9d9a2dd239e4f6b86 ]
Smatch complains that:
drivers/net/wireless/mediatek/mt76/mt7915/mac.c:428 mt7915_mac_fill_rx()
error: uninitialized symbol 'msta'.
It looks like this was supposed to be initialized to NULL.
Fixes: 0880d40871d1 ("mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
index 60ae834d95a6..4ddcd3afa428 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
@@ -232,7 +232,7 @@ mt7915_mac_fill_rx(struct mt7915_dev *dev, struct sk_buff *skb)
bool unicast, insert_ccmp_hdr = false;
u8 remove_pad, amsdu_info;
u8 mode = 0, qos_ctl = 0;
- struct mt7915_sta *msta;
+ struct mt7915_sta *msta = NULL;
bool hdr_trans;
u16 hdr_gap;
u16 seq_ctrl = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 281/862] wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 280/862] wifi: mt76: mt7915: fix an uninitialized variable bug Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 282/862] wifi: mt76: sdio: fix transmitting packet hangs Greg Kroah-Hartman
` (595 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Felix Fietkau, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit e7de4b4979bd8d313ec837931dde936653ca82ea ]
Don't dereference "sar_root" after it has been freed.
Fixes: f965333e491e ("mt76: mt7921: introduce ACPI SAR support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/acpi_sar.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/acpi_sar.c b/drivers/net/wireless/mediatek/mt76/mt7921/acpi_sar.c
index be4f07ad3af9..47e034a9b003 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/acpi_sar.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/acpi_sar.c
@@ -13,6 +13,7 @@ mt7921_acpi_read(struct mt7921_dev *dev, u8 *method, u8 **tbl, u32 *len)
acpi_handle root, handle;
acpi_status status;
u32 i = 0;
+ int ret;
root = ACPI_HANDLE(mdev->dev);
if (!root)
@@ -52,9 +53,11 @@ mt7921_acpi_read(struct mt7921_dev *dev, u8 *method, u8 **tbl, u32 *len)
*(*tbl + i) = (u8)sar_unit->integer.value;
}
free:
+ ret = (i == sar_root->package.count) ? 0 : -EINVAL;
+
kfree(sar_root);
- return (i == sar_root->package.count) ? 0 : -EINVAL;
+ return ret;
}
/* MTCL : Country List Table for 6G band */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 282/862] wifi: mt76: sdio: fix transmitting packet hangs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 281/862] wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 283/862] wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload Greg Kroah-Hartman
` (594 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Wang, YN Chen, Felix Fietkau,
Sasha Levin
From: YN Chen <yn.chen@mediatek.com>
[ Upstream commit 250b1827205846ff346a76044955cb79d4963f70 ]
Fix transmitting packets hangs with continuing to pull the pending packet
from mac80211 queues when receiving Tx status notification from the device.
Fixes: aac5104bf631 ("mt76: sdio: do not run mt76_txq_schedule directly")
Acked-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: YN Chen <yn.chen@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/sdio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/sdio.c b/drivers/net/wireless/mediatek/mt76/sdio.c
index ece4e4bb94a1..0ec308f99af5 100644
--- a/drivers/net/wireless/mediatek/mt76/sdio.c
+++ b/drivers/net/wireless/mediatek/mt76/sdio.c
@@ -485,7 +485,7 @@ static void mt76s_status_worker(struct mt76_worker *w)
} while (nframes > 0);
if (resched)
- mt76_worker_schedule(&dev->sdio.txrx_worker);
+ mt76_worker_schedule(&dev->tx_worker);
}
static void mt76s_tx_status_data(struct work_struct *work)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 283/862] wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 282/862] wifi: mt76: sdio: fix transmitting packet hangs Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 284/862] wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup Greg Kroah-Hartman
` (593 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Bianconi, Felix Fietkau, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 765c69d477a44c088e5d19e7758dfa4db418e3ba ]
Similar to mt7921 driver, introduce mt7615_mutex_acquire/release in
mt7615_sta_set_decap_offload in order to avoid sending mcu commands
while the device is in low-power state.
Fixes: d4b98c63d7a77 ("mt76: mt7615: add support for rx decapsulation offload")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7615/main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/main.c b/drivers/net/wireless/mediatek/mt76/mt7615/main.c
index 9bf8545c8c17..8d4733f87cda 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/main.c
@@ -1195,12 +1195,16 @@ static void mt7615_sta_set_decap_offload(struct ieee80211_hw *hw,
struct mt7615_dev *dev = mt7615_hw_dev(hw);
struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
+ mt7615_mutex_acquire(dev);
+
if (enabled)
set_bit(MT_WCID_FLAG_HDR_TRANS, &msta->wcid.flags);
else
clear_bit(MT_WCID_FLAG_HDR_TRANS, &msta->wcid.flags);
mt7615_mcu_set_sta_decap_offload(dev, vif, sta);
+
+ mt7615_mutex_release(dev);
}
#ifdef CONFIG_PM
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 284/862] wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 283/862] wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 285/862] wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv Greg Kroah-Hartman
` (592 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Lorenzo Bianconi,
Felix Fietkau, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 3d9aa54355d863e5412a7e08180f50a8f1827b7f ]
Fix possible unaligned pointer in mt7915_mac_add_twt_setup routine.
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 3782b69d03e71 ("mt76: mt7915: introduce mt7915_mac_add_twt_setup routine")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
index 4ddcd3afa428..49aa5c056063 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
@@ -2071,8 +2071,9 @@ void mt7915_mac_add_twt_setup(struct ieee80211_hw *hw,
}
flowid = ffs(~msta->twt.flowid_mask) - 1;
- le16p_replace_bits(&twt_agrt->req_type, flowid,
- IEEE80211_TWT_REQTYPE_FLOWID);
+ twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_FLOWID);
+ twt_agrt->req_type |= le16_encode_bits(flowid,
+ IEEE80211_TWT_REQTYPE_FLOWID);
table_id = ffs(~dev->twt.table_mask) - 1;
exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, req_type);
@@ -2122,8 +2123,9 @@ void mt7915_mac_add_twt_setup(struct ieee80211_hw *hw,
unlock:
mutex_unlock(&dev->mt76.mutex);
out:
- le16p_replace_bits(&twt_agrt->req_type, setup_cmd,
- IEEE80211_TWT_REQTYPE_SETUP_CMD);
+ twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_SETUP_CMD);
+ twt_agrt->req_type |=
+ le16_encode_bits(setup_cmd, IEEE80211_TWT_REQTYPE_SETUP_CMD);
twt->control = (twt->control & IEEE80211_TWT_CONTROL_WAKE_DUR_UNIT) |
(twt->control & IEEE80211_TWT_CONTROL_RX_DISABLED);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 285/862] wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 284/862] wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 286/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap Greg Kroah-Hartman
` (591 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Lorenzo Bianconi,
Felix Fietkau, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 0a4860f627f1f2b2b777f54f993de1638a79da9f ]
Fix possible unaligned pointer in mt76_connac_mcu_add_nested_tlv
routine.
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 25702d9c55dc5 ("mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
index 9b17bd97ec09..13d4722e4186 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
@@ -260,8 +260,10 @@ mt76_connac_mcu_add_nested_tlv(struct sk_buff *skb, int tag, int len,
ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
ntlv_hdr->tlv_num = cpu_to_le16(ntlv + 1);
- if (sta_hdr)
- le16_add_cpu(&sta_hdr->len, len);
+ if (sta_hdr) {
+ len += le16_to_cpu(sta_hdr->len);
+ sta_hdr->len = cpu_to_le16(len);
+ }
return ptlv;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 286/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 285/862] wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 287/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload Greg Kroah-Hartman
` (590 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Sean Wang, Lorenzo Bianconi, Felix Fietkau, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit 52b44015f031f629f1ce1d73415a2017593c7ade ]
Add mt7921_mutex_acquire at mt7921_[start, stop]_ap to fix the race
with the context holding dev->muxtex and the driver might access the
device in low power state.
Fixes: 9d958b60ebc2 ("mt76: mt7921: fix command timeout in AP stop period")
Tested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Acked-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7921/main.c | 21 ++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
index 1438a9f8d1fd..63fd33dcd3af 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -1526,17 +1526,23 @@ mt7921_start_ap(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
struct mt7921_dev *dev = mt7921_hw_dev(hw);
int err;
+ mt7921_mutex_acquire(dev);
+
err = mt76_connac_mcu_uni_add_bss(phy->mt76, vif, &mvif->sta.wcid,
true);
if (err)
- return err;
+ goto out;
err = mt7921_mcu_set_bss_pm(dev, vif, true);
if (err)
- return err;
+ goto out;
+
+ err = mt7921_mcu_sta_update(dev, NULL, vif, true,
+ MT76_STA_INFO_STATE_NONE);
+out:
+ mt7921_mutex_release(dev);
- return mt7921_mcu_sta_update(dev, NULL, vif, true,
- MT76_STA_INFO_STATE_NONE);
+ return err;
}
static void
@@ -1548,11 +1554,16 @@ mt7921_stop_ap(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
struct mt7921_dev *dev = mt7921_hw_dev(hw);
int err;
+ mt7921_mutex_acquire(dev);
+
err = mt7921_mcu_set_bss_pm(dev, vif, false);
if (err)
- return;
+ goto out;
mt76_connac_mcu_uni_add_bss(phy->mt76, vif, &mvif->sta.wcid, false);
+
+out:
+ mt7921_mutex_release(dev);
}
const struct ieee80211_ops mt7921_ops = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 287/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 286/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 288/862] wifi: mt76: mt7921: fix the firmware version report Greg Kroah-Hartman
` (589 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Lorenzo Bianconi, Sean Wang, Felix Fietkau, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit 59c20b91786d5f140ee7be2f24c242b5f8986046 ]
Add mt7921_mutex_acquire at mt7921_[start, stop]_ap to fix the race
with the context holding dev->muxtex and the driver might access the
device in low power state.
Fixes: 24299fc869f7 ("mt76: mt7921: enable rx header traslation offload")
Tested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Acked-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
index 63fd33dcd3af..7214735011d0 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -1404,6 +1404,8 @@ static void mt7921_sta_set_decap_offload(struct ieee80211_hw *hw,
struct mt7921_sta *msta = (struct mt7921_sta *)sta->drv_priv;
struct mt7921_dev *dev = mt7921_hw_dev(hw);
+ mt7921_mutex_acquire(dev);
+
if (enabled)
set_bit(MT_WCID_FLAG_HDR_TRANS, &msta->wcid.flags);
else
@@ -1411,6 +1413,8 @@ static void mt7921_sta_set_decap_offload(struct ieee80211_hw *hw,
mt76_connac_mcu_sta_update_hdr_trans(&dev->mt76, vif, &msta->wcid,
MCU_UNI_CMD(STA_REC_UPDATE));
+
+ mt7921_mutex_release(dev);
}
#if IS_ENABLED(CONFIG_IPV6)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 288/862] wifi: mt76: mt7921: fix the firmware version report
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 287/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 289/862] wifi: mt76: mt7915: fix mcs value in ht mode Greg Kroah-Hartman
` (588 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Wang, Felix Fietkau, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit 00be84d6dfc8319ed1864d3ca8658569d36a1882 ]
Fix the regression of the firmware version report since
'b9ec27102ac0 ('mt76: connac: move mt76_connac2_load_ram in connac
module')'.
Fixes: b9ec27102ac0 ("mt76: connac: move mt76_connac2_load_ram in connac module")
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
index 13d4722e4186..7cac7b126e59 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
@@ -2888,6 +2888,10 @@ int mt76_connac2_load_ram(struct mt76_dev *dev, const char *fw_wm,
goto out;
}
+ snprintf(dev->hw->wiphy->fw_version,
+ sizeof(dev->hw->wiphy->fw_version),
+ "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
+
release_firmware(fw);
if (!fw_wa)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 289/862] wifi: mt76: mt7915: fix mcs value in ht mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 288/862] wifi: mt76: mt7921: fix the firmware version report Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 290/862] wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx Greg Kroah-Hartman
` (587 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Howard Hsu, Felix Fietkau, Sasha Levin
From: Howard Hsu <howard-yh.hsu@mediatek.com>
[ Upstream commit c6d3e16ad4362502e804a6ca01e955612f3b8222 ]
Fix the error that mcs will be reduced to a range of 0 to 7 in ht mode.
Fixes: 70fd1333cd32 ("mt76: mt7915: rework .set_bitrate_mask() to support more options")
Signed-off-by: Howard Hsu <howard-yh.hsu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
index f83067961945..e99fdacc11ce 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
@@ -1360,7 +1360,7 @@ mt7915_mcu_add_rate_ctrl_fixed(struct mt7915_dev *dev,
struct sta_phy phy = {};
int ret, nrates = 0;
-#define __sta_phy_bitrate_mask_check(_mcs, _gi, _he) \
+#define __sta_phy_bitrate_mask_check(_mcs, _gi, _ht, _he) \
do { \
u8 i, gi = mask->control[band]._gi; \
gi = (_he) ? gi : gi == NL80211_TXRATE_FORCE_SGI; \
@@ -1373,15 +1373,17 @@ mt7915_mcu_add_rate_ctrl_fixed(struct mt7915_dev *dev,
continue; \
nrates += hweight16(mask->control[band]._mcs[i]); \
phy.mcs = ffs(mask->control[band]._mcs[i]) - 1; \
+ if (_ht) \
+ phy.mcs += 8 * i; \
} \
} while (0)
if (sta->deflink.he_cap.has_he) {
- __sta_phy_bitrate_mask_check(he_mcs, he_gi, 1);
+ __sta_phy_bitrate_mask_check(he_mcs, he_gi, 0, 1);
} else if (sta->deflink.vht_cap.vht_supported) {
- __sta_phy_bitrate_mask_check(vht_mcs, gi, 0);
+ __sta_phy_bitrate_mask_check(vht_mcs, gi, 0, 0);
} else if (sta->deflink.ht_cap.ht_supported) {
- __sta_phy_bitrate_mask_check(ht_mcs, gi, 0);
+ __sta_phy_bitrate_mask_check(ht_mcs, gi, 1, 0);
} else {
nrates = hweight32(mask->control[band].legacy);
phy.mcs = ffs(mask->control[band].legacy) - 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 290/862] wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 289/862] wifi: mt76: mt7915: fix mcs value in ht mode Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 291/862] wifi: mt76: mt7915: do not check state before configuring implicit beamform Greg Kroah-Hartman
` (586 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Bianconi, Felix Fietkau, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 9be57ad73984545d594ed359dac19457bcb9fc27 ]
Initialize msta pointer to NULL in mt7921_mac_fill_rx() in order to not
dereference a uninitialized pointer.
Fixes: 0880d40871d1d ("mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
index 6bd9fc9228a2..e8a7a5831782 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
@@ -235,7 +235,7 @@ mt7921_mac_fill_rx(struct mt7921_dev *dev, struct sk_buff *skb)
u32 rxd2 = le32_to_cpu(rxd[2]);
u32 rxd3 = le32_to_cpu(rxd[3]);
u32 rxd4 = le32_to_cpu(rxd[4]);
- struct mt7921_sta *msta;
+ struct mt7921_sta *msta = NULL;
u16 seq_ctrl = 0;
__le16 fc = 0;
u8 mode = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 291/862] wifi: mt76: mt7915: do not check state before configuring implicit beamform
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 290/862] wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 292/862] wifi: mt76: mt7921e: fix rmmod crash in driver reload test Greg Kroah-Hartman
` (585 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Howard Hsu, Felix Fietkau, Sasha Levin
From: Howard Hsu <howard-yh.hsu@mediatek.com>
[ Upstream commit d2b5bb6dfab29fe32bedefaade88dcd182c03a00 ]
Do not need to check running state before configuring implicit Tx
beamform. It is okay to configure implicit Tx beamform in run time.
Noted that the existing connected stations will be applied for new
configuration only if they reconnected to the interface.
Fixes: 6d6dc980e07d ("mt76: mt7915: add implicit Tx beamforming support")
Signed-off-by: Howard Hsu <howard-yh.hsu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c b/drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c
index fd76db8f5269..6ef3431cad64 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c
@@ -23,9 +23,9 @@ mt7915_implicit_txbf_set(void *data, u64 val)
{
struct mt7915_dev *dev = data;
- if (test_bit(MT76_STATE_RUNNING, &dev->mphy.state))
- return -EBUSY;
-
+ /* The existing connected stations shall reconnect to apply
+ * new implicit txbf configuration.
+ */
dev->ibf = !!val;
return mt7915_mcu_set_txbf(dev, MT_BF_TYPE_UPDATE);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 292/862] wifi: mt76: mt7921e: fix rmmod crash in driver reload test
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 291/862] wifi: mt76: mt7915: do not check state before configuring implicit beamform Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 293/862] Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release Greg Kroah-Hartman
` (584 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Deren Wu, Felix Fietkau, Sasha Levin
From: Deren Wu <deren.wu@mediatek.com>
[ Upstream commit b5a62d612b7baf6e09884e4de94decb6391d6a9d ]
In insmod/rmmod stress test, the following crash dump shows up immediately.
The problem is caused by missing mt76_dev in mt7921_pci_remove(). We
should make sure the drvdata is ready before probe() finished.
[168.862789] ==================================================================
[168.862797] BUG: KASAN: user-memory-access in try_to_grab_pending+0x59/0x480
[168.862805] Write of size 8 at addr 0000000000006df0 by task rmmod/5361
[168.862812] CPU: 7 PID: 5361 Comm: rmmod Tainted: G OE 5.19.0-rc6 #1
[168.862816] Hardware name: Intel(R) Client Systems NUC8i7BEH/NUC8BEB, 05/04/2020
[168.862820] Call Trace:
[168.862822] <TASK>
[168.862825] dump_stack_lvl+0x49/0x63
[168.862832] print_report.cold+0x493/0x6b7
[168.862845] kasan_report+0xa7/0x120
[168.862857] kasan_check_range+0x163/0x200
[168.862861] __kasan_check_write+0x14/0x20
[168.862866] try_to_grab_pending+0x59/0x480
[168.862870] __cancel_work_timer+0xbb/0x340
[168.862898] cancel_work_sync+0x10/0x20
[168.862902] mt7921_pci_remove+0x61/0x1c0 [mt7921e]
[168.862909] pci_device_remove+0xa3/0x1d0
[168.862914] device_remove+0xc4/0x170
[168.862920] device_release_driver_internal+0x163/0x300
[168.862925] driver_detach+0xc7/0x1a0
[168.862930] bus_remove_driver+0xeb/0x2d0
[168.862935] driver_unregister+0x71/0xb0
[168.862939] pci_unregister_driver+0x30/0x230
[168.862944] mt7921_pci_driver_exit+0x10/0x1b [mt7921e]
[168.862949] __x64_sys_delete_module+0x2f9/0x4b0
[168.862968] do_syscall_64+0x38/0x90
[168.862973] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Test steps:
1. insmode
2. do not ifup
3. rmmod quickly (within 1 second)
Fixes: 1c71e03afe4b ("mt76: mt7921: move mt7921_init_hw in a dedicated work")
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
index 2b015dacbba2..e5b1f6249763 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
@@ -288,6 +288,8 @@ static int mt7921_pci_probe(struct pci_dev *pdev,
goto err_free_pci_vec;
}
+ pci_set_drvdata(pdev, mdev);
+
dev = container_of(mdev, struct mt7921_dev, mt76);
dev->hif_ops = &mt7921_pcie_ops;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 293/862] Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 292/862] wifi: mt76: mt7921e: fix rmmod crash in driver reload test Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 294/862] net: fs_enet: Fix wrong check in do_pd_setup Greg Kroah-Hartman
` (583 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 812e92b824c1db16c9519f8624d48a9901a0d38f ]
Due to change to switch to use lock_sock inside rfcomm_sk_state_change
the socket shutdown/release procedure can cause a deadlock:
rfcomm_sock_shutdown():
lock_sock();
__rfcomm_sock_close():
rfcomm_dlc_close():
__rfcomm_dlc_close():
rfcomm_dlc_lock();
rfcomm_sk_state_change():
lock_sock();
To fix this when the call __rfcomm_sock_close is now done without
holding the lock_sock since rfcomm_dlc_lock exists to protect
the dlc data there is no need to use lock_sock in that code path.
Link: https://lore.kernel.org/all/CAD+dNTsbuU4w+Y_P7o+VEN7BYCAbZuwZx2+tH+OTzCdcZF82YA@mail.gmail.com/
Fixes: b7ce436a5d79 ("Bluetooth: switch to lock_sock in RFCOMM")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/rfcomm/sock.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 4bf4ea6cbb5e..21e24da4847f 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -902,7 +902,10 @@ static int rfcomm_sock_shutdown(struct socket *sock, int how)
lock_sock(sk);
if (!sk->sk_shutdown) {
sk->sk_shutdown = SHUTDOWN_MASK;
+
+ release_sock(sk);
__rfcomm_sock_close(sk);
+ lock_sock(sk);
if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime &&
!(current->flags & PF_EXITING))
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 294/862] net: fs_enet: Fix wrong check in do_pd_setup
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 293/862] Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 295/862] bpf: Ensure correct locking around vulnerable function find_vpid() Greg Kroah-Hartman
` (582 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Christophe Leroy,
David S. Miller, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit ec3f06b542a960806a81345042e4eee3f8c5dec4 ]
Should check of_iomap return value 'fep->fec.fecp' instead of 'fep->fcc.fccp'
Fixes: 976de6a8c304 ("fs_enet: Be an of_platform device when CONFIG_PPC_CPM_NEW_BINDING is set.")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/fs_enet/mac-fec.c b/drivers/net/ethernet/freescale/fs_enet/mac-fec.c
index 99fe2c210d0f..61f4b6e50d29 100644
--- a/drivers/net/ethernet/freescale/fs_enet/mac-fec.c
+++ b/drivers/net/ethernet/freescale/fs_enet/mac-fec.c
@@ -98,7 +98,7 @@ static int do_pd_setup(struct fs_enet_private *fep)
return -EINVAL;
fep->fec.fecp = of_iomap(ofdev->dev.of_node, 0);
- if (!fep->fcc.fccp)
+ if (!fep->fec.fecp)
return -EINVAL;
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 295/862] bpf: Ensure correct locking around vulnerable function find_vpid()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 294/862] net: fs_enet: Fix wrong check in do_pd_setup Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 296/862] libbpf: Fix crash if SEC("freplace") programs dont have attach_prog_fd set Greg Kroah-Hartman
` (581 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lee Jones, Daniel Borkmann,
Yonghong Song, Sasha Levin
From: Lee Jones <lee@kernel.org>
[ Upstream commit 83c10cc362d91c0d8d25e60779ee52fdbbf3894d ]
The documentation for find_vpid() clearly states:
"Must be called with the tasklist_lock or rcu_read_lock() held."
Presently we do neither for find_vpid() instance in bpf_task_fd_query().
Add proper rcu_read_lock/unlock() to fix the issue.
Fixes: 41bdc4b40ed6f ("bpf: introduce bpf subcommand BPF_TASK_FD_QUERY")
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20220912133855.1218900-1-lee@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/syscall.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index f798acd43a28..22e7a805c672 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4395,7 +4395,9 @@ static int bpf_task_fd_query(const union bpf_attr *attr,
if (attr->task_fd_query.flags != 0)
return -EINVAL;
+ rcu_read_lock();
task = get_pid_task(find_vpid(pid), PIDTYPE_PID);
+ rcu_read_unlock();
if (!task)
return -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 296/862] libbpf: Fix crash if SEC("freplace") programs dont have attach_prog_fd set
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 295/862] bpf: Ensure correct locking around vulnerable function find_vpid() Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 297/862] wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default Greg Kroah-Hartman
` (580 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrii Nakryiko, Daniel Borkmann,
Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 749c202cb6ea40f4d7ac95c4a1217a7b506f43a8 ]
Fix SIGSEGV caused by libbpf trying to find attach type in vmlinux BTF
for freplace programs. It's wrong to search in vmlinux BTF and libbpf
doesn't even mark vmlinux BTF as required for freplace programs. So
trying to search anything in obj->vmlinux_btf might cause NULL
dereference if nothing else in BPF object requires vmlinux BTF.
Instead, error out if freplace (EXT) program doesn't specify
attach_prog_fd during at the load time.
Fixes: 91abb4a6d79d ("libbpf: Support attachment of BPF tracing programs to kernel modules")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220909193053.577111-3-andrii@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -9056,11 +9056,15 @@ static int libbpf_find_attach_btf_id(str
int err = 0;
/* BPF program's BTF ID */
- if (attach_prog_fd) {
+ if (prog->type == BPF_PROG_TYPE_EXT || attach_prog_fd) {
+ if (!attach_prog_fd) {
+ pr_warn("prog '%s': attach program FD is not set\n", prog->name);
+ return -EINVAL;
+ }
err = libbpf_find_prog_btf_id(attach_name, attach_prog_fd);
if (err < 0) {
- pr_warn("failed to find BPF program (FD %d) BTF ID for '%s': %d\n",
- attach_prog_fd, attach_name, err);
+ pr_warn("prog '%s': failed to find BPF program (FD %d) BTF ID for '%s': %d\n",
+ prog->name, attach_prog_fd, attach_name, err);
return err;
}
*btf_obj_fd = 0;
@@ -9077,7 +9081,8 @@ static int libbpf_find_attach_btf_id(str
err = find_kernel_btf_id(prog->obj, attach_name, attach_type, btf_obj_fd, btf_type_id);
}
if (err) {
- pr_warn("failed to find kernel BTF type ID of '%s': %d\n", attach_name, err);
+ pr_warn("prog '%s': failed to find kernel BTF type ID of '%s': %d\n",
+ prog->name, attach_name, err);
return err;
}
return 0;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 297/862] wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 296/862] libbpf: Fix crash if SEC("freplace") programs dont have attach_prog_fd set Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 298/862] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Greg Kroah-Hartman
` (579 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baochen Qiang, Kalle Valo, Sasha Levin
From: Baochen Qiang <quic_bqiang@quicinc.com>
[ Upstream commit b7b6f86149a7e06269d61a7a5206360f5b642f80 ]
In current code STA_KEEPALIVE_ARP_RESPONSE TLV header is included only
when ARP method is used, this causes firmware always to crash when wowlan
is enabled because firmware needs it to be present no matter ARP method
is used or not.
Fix this issue by including STA_KEEPALIVE_ARP_RESPONSE TLV header by
default.
Also fix below typo:
s/WMI_TAG_STA_KEEPALVE_ARP_RESPONSE/WMI_TAG_STA_KEEPALIVE_ARP_RESPONSE/
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
Fixes: 0f84a156aa3b ("ath11k: Handle keepalive during WoWLAN suspend and resume")
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220913044358.2037-1-quic_bqiang@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/wmi.c | 9 +++++----
drivers/net/wireless/ath/ath11k/wmi.h | 2 +-
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c
index 88ee4f9d19da..b658ea60dcf7 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.c
+++ b/drivers/net/wireless/ath/ath11k/wmi.c
@@ -8962,12 +8962,13 @@ int ath11k_wmi_sta_keepalive(struct ath11k *ar,
cmd->interval = arg->interval;
cmd->method = arg->method;
+ arp = (struct wmi_sta_keepalive_arp_resp *)(cmd + 1);
+ arp->tlv_header = FIELD_PREP(WMI_TLV_TAG,
+ WMI_TAG_STA_KEEPALIVE_ARP_RESPONSE) |
+ FIELD_PREP(WMI_TLV_LEN, sizeof(*arp) - TLV_HDR_SIZE);
+
if (arg->method == WMI_STA_KEEPALIVE_METHOD_UNSOLICITED_ARP_RESPONSE ||
arg->method == WMI_STA_KEEPALIVE_METHOD_GRATUITOUS_ARP_REQUEST) {
- arp = (struct wmi_sta_keepalive_arp_resp *)(cmd + 1);
- arp->tlv_header = FIELD_PREP(WMI_TLV_TAG,
- WMI_TAG_STA_KEEPALVE_ARP_RESPONSE) |
- FIELD_PREP(WMI_TLV_LEN, sizeof(*arp) - TLV_HDR_SIZE);
arp->src_ip4_addr = arg->src_ip4_addr;
arp->dest_ip4_addr = arg->dest_ip4_addr;
ether_addr_copy(arp->dest_mac_addr.addr, arg->dest_mac_addr);
diff --git a/drivers/net/wireless/ath/ath11k/wmi.h b/drivers/net/wireless/ath/ath11k/wmi.h
index 4da248ffa318..ba5343a3411f 100644
--- a/drivers/net/wireless/ath/ath11k/wmi.h
+++ b/drivers/net/wireless/ath/ath11k/wmi.h
@@ -1214,7 +1214,7 @@ enum wmi_tlv_tag {
WMI_TAG_NS_OFFLOAD_TUPLE,
WMI_TAG_FTM_INTG_CMD,
WMI_TAG_STA_KEEPALIVE_CMD,
- WMI_TAG_STA_KEEPALVE_ARP_RESPONSE,
+ WMI_TAG_STA_KEEPALIVE_ARP_RESPONSE,
WMI_TAG_P2P_SET_VENDOR_IE_DATA_CMD,
WMI_TAG_AP_PS_PEER_CMD,
WMI_TAG_PEER_RATE_RETRY_SCHED_CMD,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 298/862] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 297/862] wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 299/862] libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data Greg Kroah-Hartman
` (578 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Luiz Augusto von Dentz, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 3124d320c22f3f4388d9ac5c8f37eaad0cefd6b1 ]
syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1],
for rcu_sync_enter() is called without rcu_sync_init() due to
hci_uart_tty_open() ignoring percpu_init_rwsem() failure.
While we are at it, fix that hci_uart_register_device() ignores
percpu_init_rwsem() failure and hci_uart_unregister_device() does not
call percpu_free_rwsem().
Link: https://syzkaller.appspot.com/bug?extid=576dfca25381fb6fbc5f [1]
Reported-by: syzbot <syzbot+576dfca25381fb6fbc5f@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 67d2f8781b9f00d1 ("Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.")
Fixes: d73e172816652772 ("Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_ldisc.c | 7 +++++--
drivers/bluetooth/hci_serdev.c | 10 +++++++---
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index f537673ede17..865112e96ff9 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -493,6 +493,11 @@ static int hci_uart_tty_open(struct tty_struct *tty)
BT_ERR("Can't allocate control structure");
return -ENFILE;
}
+ if (percpu_init_rwsem(&hu->proto_lock)) {
+ BT_ERR("Can't allocate semaphore structure");
+ kfree(hu);
+ return -ENOMEM;
+ }
tty->disc_data = hu;
hu->tty = tty;
@@ -505,8 +510,6 @@ static int hci_uart_tty_open(struct tty_struct *tty)
INIT_WORK(&hu->init_ready, hci_uart_init_work);
INIT_WORK(&hu->write_work, hci_uart_write_work);
- percpu_init_rwsem(&hu->proto_lock);
-
/* Flush any pending characters in the driver */
tty_driver_flush_buffer(tty);
diff --git a/drivers/bluetooth/hci_serdev.c b/drivers/bluetooth/hci_serdev.c
index c0e5f42ec6b7..f16fd79bc02b 100644
--- a/drivers/bluetooth/hci_serdev.c
+++ b/drivers/bluetooth/hci_serdev.c
@@ -310,11 +310,12 @@ int hci_uart_register_device(struct hci_uart *hu,
serdev_device_set_client_ops(hu->serdev, &hci_serdev_client_ops);
+ if (percpu_init_rwsem(&hu->proto_lock))
+ return -ENOMEM;
+
err = serdev_device_open(hu->serdev);
if (err)
- return err;
-
- percpu_init_rwsem(&hu->proto_lock);
+ goto err_rwsem;
err = p->open(hu);
if (err)
@@ -389,6 +390,8 @@ int hci_uart_register_device(struct hci_uart *hu,
p->close(hu);
err_open:
serdev_device_close(hu->serdev);
+err_rwsem:
+ percpu_free_rwsem(&hu->proto_lock);
return err;
}
EXPORT_SYMBOL_GPL(hci_uart_register_device);
@@ -410,5 +413,6 @@ void hci_uart_unregister_device(struct hci_uart *hu)
clear_bit(HCI_UART_PROTO_READY, &hu->flags);
serdev_device_close(hu->serdev);
}
+ percpu_free_rwsem(&hu->proto_lock);
}
EXPORT_SYMBOL_GPL(hci_uart_unregister_device);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 299/862] libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 298/862] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 300/862] netfilter: conntrack: fix the gc rescheduling delay Greg Kroah-Hartman
` (577 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xin Liu, Weibin Kong,
Andrii Nakryiko, Sasha Levin
From: Xin Liu <liuxin350@huawei.com>
[ Upstream commit 7620bffbf72cd66a5d18e444a143b5b5989efa87 ]
We found that function btf_dump__dump_type_data can be called by the
user as an API, but in this function, the `opts` parameter may be used
as a null pointer.This causes `opts->indent_str` to trigger a NULL
pointer exception.
Fixes: 2ce8450ef5a3 ("libbpf: add bpf_object__open_{file, mem} w/ extensible opts")
Signed-off-by: Xin Liu <liuxin350@huawei.com>
Signed-off-by: Weibin Kong <kongweibin2@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220917084809.30770-1-liuxin350@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/btf_dump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
index 627edb5bb6de..4221f73a74d0 100644
--- a/tools/lib/bpf/btf_dump.c
+++ b/tools/lib/bpf/btf_dump.c
@@ -2385,7 +2385,7 @@ int btf_dump__dump_type_data(struct btf_dump *d, __u32 id,
d->typed_dump->indent_lvl = OPTS_GET(opts, indent_level, 0);
/* default indent string is a tab */
- if (!opts->indent_str)
+ if (!OPTS_GET(opts, indent_str, NULL))
d->typed_dump->indent_str[0] = '\t';
else
libbpf_strlcpy(d->typed_dump->indent_str, opts->indent_str,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 300/862] netfilter: conntrack: fix the gc rescheduling delay
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 299/862] libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 301/862] netfilter: conntrack: revisit the gc initial rescheduling bias Greg Kroah-Hartman
` (576 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Antoine Tenart,
Sasha Levin
From: Antoine Tenart <atenart@kernel.org>
[ Upstream commit 95eabdd207024312876d0ebed90b4c977e050e85 ]
Commit 2cfadb761d3d ("netfilter: conntrack: revisit gc autotuning")
changed the eviction rescheduling to the use average expiry of scanned
entries (within 1-60s) by doing:
for (...) {
expires = clamp(nf_ct_expires(tmp), ...);
next_run += expires;
next_run /= 2;
}
The issue is the above will make the average ('next_run' here) more
dependent on the last expiration values than the firsts (for sets > 2).
Depending on the expiration values used to compute the average, the
result can be quite different than what's expected. To fix this we can
do the following:
for (...) {
expires = clamp(nf_ct_expires(tmp), ...);
next_run += (expires - next_run) / ++count;
}
Fixes: 2cfadb761d3d ("netfilter: conntrack: revisit gc autotuning")
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_conntrack_core.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 1357a2729a4b..2e6d5f1e6d63 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -67,6 +67,7 @@ struct conntrack_gc_work {
struct delayed_work dwork;
u32 next_bucket;
u32 avg_timeout;
+ u32 count;
u32 start_time;
bool exiting;
bool early_drop;
@@ -1466,6 +1467,7 @@ static void gc_worker(struct work_struct *work)
unsigned int expired_count = 0;
unsigned long next_run;
s32 delta_time;
+ long count;
gc_work = container_of(work, struct conntrack_gc_work, dwork.work);
@@ -1475,10 +1477,12 @@ static void gc_worker(struct work_struct *work)
if (i == 0) {
gc_work->avg_timeout = GC_SCAN_INTERVAL_INIT;
+ gc_work->count = 1;
gc_work->start_time = start_time;
}
next_run = gc_work->avg_timeout;
+ count = gc_work->count;
end_time = start_time + GC_SCAN_MAX_DURATION;
@@ -1498,8 +1502,8 @@ static void gc_worker(struct work_struct *work)
hlist_nulls_for_each_entry_rcu(h, n, &ct_hash[i], hnnode) {
struct nf_conntrack_net *cnet;
- unsigned long expires;
struct net *net;
+ long expires;
tmp = nf_ct_tuplehash_to_ctrack(h);
@@ -1513,6 +1517,7 @@ static void gc_worker(struct work_struct *work)
gc_work->next_bucket = i;
gc_work->avg_timeout = next_run;
+ gc_work->count = count;
delta_time = nfct_time_stamp - gc_work->start_time;
@@ -1528,8 +1533,8 @@ static void gc_worker(struct work_struct *work)
}
expires = clamp(nf_ct_expires(tmp), GC_SCAN_INTERVAL_MIN, GC_SCAN_INTERVAL_CLAMP);
+ expires = (expires - (long)next_run) / ++count;
next_run += expires;
- next_run /= 2u;
if (nf_conntrack_max95 == 0 || gc_worker_skip_ct(tmp))
continue;
@@ -1570,6 +1575,7 @@ static void gc_worker(struct work_struct *work)
delta_time = nfct_time_stamp - end_time;
if (delta_time > 0 && i < hashsz) {
gc_work->avg_timeout = next_run;
+ gc_work->count = count;
gc_work->next_bucket = i;
next_run = 0;
goto early_exit;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 301/862] netfilter: conntrack: revisit the gc initial rescheduling bias
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 300/862] netfilter: conntrack: fix the gc rescheduling delay Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 302/862] bpf, cgroup: Reject prog_attach_flags array when effective query Greg Kroah-Hartman
` (575 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Antoine Tenart,
Sasha Levin
From: Antoine Tenart <atenart@kernel.org>
[ Upstream commit 2aa192757005f130b2dd3547dda6e462e761199f ]
The previous commit changed the way the rescheduling delay is computed
which has a side effect: the bias is now represented as much as the
other entries in the rescheduling delay which makes the logic to kick in
only with very large sets, as the initial interval is very large
(INT_MAX).
Revisit the GC initial bias to allow more frequent GC for smaller sets
while still avoiding wakeups when a machine is mostly idle. We're moving
from a large initial value to pretending we have 100 entries expiring at
the upper bound. This way only a few entries having a small timeout
won't impact much the rescheduling delay and non-idle machines will have
enough entries to lower the delay when needed. This also improves
readability as the initial bias is now linked to what is computed
instead of being an arbitrary large value.
Fixes: 2cfadb761d3d ("netfilter: conntrack: revisit gc autotuning")
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_conntrack_core.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 2e6d5f1e6d63..8f261cd5b3a5 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -86,10 +86,12 @@ static DEFINE_MUTEX(nf_conntrack_mutex);
/* clamp timeouts to this value (TCP unacked) */
#define GC_SCAN_INTERVAL_CLAMP (300ul * HZ)
-/* large initial bias so that we don't scan often just because we have
- * three entries with a 1s timeout.
+/* Initial bias pretending we have 100 entries at the upper bound so we don't
+ * wakeup often just because we have three entries with a 1s timeout while still
+ * allowing non-idle machines to wakeup more often when needed.
*/
-#define GC_SCAN_INTERVAL_INIT INT_MAX
+#define GC_SCAN_INITIAL_COUNT 100
+#define GC_SCAN_INTERVAL_INIT GC_SCAN_INTERVAL_MAX
#define GC_SCAN_MAX_DURATION msecs_to_jiffies(10)
#define GC_SCAN_EXPIRED_MAX (64000u / HZ)
@@ -1477,7 +1479,7 @@ static void gc_worker(struct work_struct *work)
if (i == 0) {
gc_work->avg_timeout = GC_SCAN_INTERVAL_INIT;
- gc_work->count = 1;
+ gc_work->count = GC_SCAN_INITIAL_COUNT;
gc_work->start_time = start_time;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 302/862] bpf, cgroup: Reject prog_attach_flags array when effective query
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 301/862] netfilter: conntrack: revisit the gc initial rescheduling bias Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 303/862] bpftool: Fix wrong cgroup attach flags being assigned to effective progs Greg Kroah-Hartman
` (574 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pu Lehui, Martin KaFai Lau, Sasha Levin
From: Pu Lehui <pulehui@huawei.com>
[ Upstream commit 0e426a3ae030a9e891899370229e117158b35de6 ]
Attach flags is only valid for attached progs of this layer cgroup,
but not for effective progs. For querying with EFFECTIVE flags,
exporting attach flags does not make sense. So when effective query,
we reject prog_attach_flags array and don't need to populate it.
Also we limit attach_flags to output 0 during effective query.
Fixes: b79c9fc9551b ("bpf: implement BPF_PROG_QUERY for BPF_LSM_CGROUP")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Link: https://lore.kernel.org/r/20220921104604.2340580-2-pulehui@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/bpf.h | 7 +++++--
kernel/bpf/cgroup.c | 28 ++++++++++++++++++----------
tools/include/uapi/linux/bpf.h | 7 +++++--
3 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 59a217ca2dfd..4eff7fc7ae58 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1233,7 +1233,7 @@ enum {
/* Query effective (directly attached + inherited from ancestor cgroups)
* programs that will be executed for events within a cgroup.
- * attach_flags with this flag are returned only for directly attached programs.
+ * attach_flags with this flag are always returned 0.
*/
#define BPF_F_QUERY_EFFECTIVE (1U << 0)
@@ -1432,7 +1432,10 @@ union bpf_attr {
__u32 attach_flags;
__aligned_u64 prog_ids;
__u32 prog_cnt;
- __aligned_u64 prog_attach_flags; /* output: per-program attach_flags */
+ /* output: per-program attach_flags.
+ * not allowed to be set during effective query.
+ */
+ __aligned_u64 prog_attach_flags;
} query;
struct { /* anonymous struct used by BPF_RAW_TRACEPOINT_OPEN command */
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 4a400cd63731..22888aaa68b6 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1020,6 +1020,7 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
union bpf_attr __user *uattr)
{
__u32 __user *prog_attach_flags = u64_to_user_ptr(attr->query.prog_attach_flags);
+ bool effective_query = attr->query.query_flags & BPF_F_QUERY_EFFECTIVE;
__u32 __user *prog_ids = u64_to_user_ptr(attr->query.prog_ids);
enum bpf_attach_type type = attr->query.attach_type;
enum cgroup_bpf_attach_type from_atype, to_atype;
@@ -1029,8 +1030,12 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
int total_cnt = 0;
u32 flags;
+ if (effective_query && prog_attach_flags)
+ return -EINVAL;
+
if (type == BPF_LSM_CGROUP) {
- if (attr->query.prog_cnt && prog_ids && !prog_attach_flags)
+ if (!effective_query && attr->query.prog_cnt &&
+ prog_ids && !prog_attach_flags)
return -EINVAL;
from_atype = CGROUP_LSM_START;
@@ -1045,7 +1050,7 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
}
for (atype = from_atype; atype <= to_atype; atype++) {
- if (attr->query.query_flags & BPF_F_QUERY_EFFECTIVE) {
+ if (effective_query) {
effective = rcu_dereference_protected(cgrp->bpf.effective[atype],
lockdep_is_held(&cgroup_mutex));
total_cnt += bpf_prog_array_length(effective);
@@ -1054,6 +1059,8 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
}
}
+ /* always output uattr->query.attach_flags as 0 during effective query */
+ flags = effective_query ? 0 : flags;
if (copy_to_user(&uattr->query.attach_flags, &flags, sizeof(flags)))
return -EFAULT;
if (copy_to_user(&uattr->query.prog_cnt, &total_cnt, sizeof(total_cnt)))
@@ -1068,7 +1075,7 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
}
for (atype = from_atype; atype <= to_atype && total_cnt; atype++) {
- if (attr->query.query_flags & BPF_F_QUERY_EFFECTIVE) {
+ if (effective_query) {
effective = rcu_dereference_protected(cgrp->bpf.effective[atype],
lockdep_is_held(&cgroup_mutex));
cnt = min_t(int, bpf_prog_array_length(effective), total_cnt);
@@ -1090,15 +1097,16 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
if (++i == cnt)
break;
}
- }
- if (prog_attach_flags) {
- flags = cgrp->bpf.flags[atype];
+ if (prog_attach_flags) {
+ flags = cgrp->bpf.flags[atype];
- for (i = 0; i < cnt; i++)
- if (copy_to_user(prog_attach_flags + i, &flags, sizeof(flags)))
- return -EFAULT;
- prog_attach_flags += cnt;
+ for (i = 0; i < cnt; i++)
+ if (copy_to_user(prog_attach_flags + i,
+ &flags, sizeof(flags)))
+ return -EFAULT;
+ prog_attach_flags += cnt;
+ }
}
prog_ids += cnt;
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 59a217ca2dfd..4eff7fc7ae58 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1233,7 +1233,7 @@ enum {
/* Query effective (directly attached + inherited from ancestor cgroups)
* programs that will be executed for events within a cgroup.
- * attach_flags with this flag are returned only for directly attached programs.
+ * attach_flags with this flag are always returned 0.
*/
#define BPF_F_QUERY_EFFECTIVE (1U << 0)
@@ -1432,7 +1432,10 @@ union bpf_attr {
__u32 attach_flags;
__aligned_u64 prog_ids;
__u32 prog_cnt;
- __aligned_u64 prog_attach_flags; /* output: per-program attach_flags */
+ /* output: per-program attach_flags.
+ * not allowed to be set during effective query.
+ */
+ __aligned_u64 prog_attach_flags;
} query;
struct { /* anonymous struct used by BPF_RAW_TRACEPOINT_OPEN command */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 303/862] bpftool: Fix wrong cgroup attach flags being assigned to effective progs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 302/862] bpf, cgroup: Reject prog_attach_flags array when effective query Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 304/862] selftests/bpf: Adapt cgroup effective query uapi change Greg Kroah-Hartman
` (573 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pu Lehui, Martin KaFai Lau, Sasha Levin
From: Pu Lehui <pulehui@huawei.com>
[ Upstream commit bdcee1b0b0834d031c76a12209840afe949b048a ]
When root-cgroup attach multi progs and sub-cgroup attach a override prog,
bpftool will display incorrectly for the attach flags of the sub-cgroup’s
effective progs:
$ bpftool cgroup tree /sys/fs/cgroup effective
CgroupPath
ID AttachType AttachFlags Name
/sys/fs/cgroup
6 cgroup_sysctl multi sysctl_tcp_mem
13 cgroup_sysctl multi sysctl_tcp_mem
/sys/fs/cgroup/cg1
20 cgroup_sysctl override sysctl_tcp_mem
6 cgroup_sysctl override sysctl_tcp_mem <- wrong
13 cgroup_sysctl override sysctl_tcp_mem <- wrong
/sys/fs/cgroup/cg1/cg2
20 cgroup_sysctl sysctl_tcp_mem
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem
Attach flags is only valid for attached progs of this layer cgroup,
but not for effective progs. For querying with EFFECTIVE flags,
exporting attach flags does not make sense. So let's remove the
AttachFlags field and the associated logic. After this patch, the
above effective cgroup tree will show as bellow:
$ bpftool cgroup tree /sys/fs/cgroup effective
CgroupPath
ID AttachType Name
/sys/fs/cgroup
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem
/sys/fs/cgroup/cg1
20 cgroup_sysctl sysctl_tcp_mem
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem
/sys/fs/cgroup/cg1/cg2
20 cgroup_sysctl sysctl_tcp_mem
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem
Fixes: b79c9fc9551b ("bpf: implement BPF_PROG_QUERY for BPF_LSM_CGROUP")
Fixes: a98bf57391a2 ("tools: bpftool: add support for reporting the effective cgroup progs")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Link: https://lore.kernel.org/r/20220921104604.2340580-3-pulehui@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/cgroup.c | 54 ++++++++++++++++++++++++++++++++++----
1 file changed, 49 insertions(+), 5 deletions(-)
diff --git a/tools/bpf/bpftool/cgroup.c b/tools/bpf/bpftool/cgroup.c
index cced668fb2a3..b46a998d8f8d 100644
--- a/tools/bpf/bpftool/cgroup.c
+++ b/tools/bpf/bpftool/cgroup.c
@@ -136,8 +136,8 @@ static int show_bpf_prog(int id, enum bpf_attach_type attach_type,
jsonw_string_field(json_wtr, "attach_type", attach_type_str);
else
jsonw_uint_field(json_wtr, "attach_type", attach_type);
- jsonw_string_field(json_wtr, "attach_flags",
- attach_flags_str);
+ if (!(query_flags & BPF_F_QUERY_EFFECTIVE))
+ jsonw_string_field(json_wtr, "attach_flags", attach_flags_str);
jsonw_string_field(json_wtr, "name", prog_name);
if (attach_btf_name)
jsonw_string_field(json_wtr, "attach_btf_name", attach_btf_name);
@@ -150,7 +150,10 @@ static int show_bpf_prog(int id, enum bpf_attach_type attach_type,
printf("%-15s", attach_type_str);
else
printf("type %-10u", attach_type);
- printf(" %-15s %-15s", attach_flags_str, prog_name);
+ if (query_flags & BPF_F_QUERY_EFFECTIVE)
+ printf(" %-15s", prog_name);
+ else
+ printf(" %-15s %-15s", attach_flags_str, prog_name);
if (attach_btf_name)
printf(" %-15s", attach_btf_name);
else if (info.attach_btf_id)
@@ -195,6 +198,32 @@ static int cgroup_has_attached_progs(int cgroup_fd)
return no_prog ? 0 : 1;
}
+
+static int show_effective_bpf_progs(int cgroup_fd, enum bpf_attach_type type,
+ int level)
+{
+ LIBBPF_OPTS(bpf_prog_query_opts, p);
+ __u32 prog_ids[1024] = {0};
+ __u32 iter;
+ int ret;
+
+ p.query_flags = query_flags;
+ p.prog_cnt = ARRAY_SIZE(prog_ids);
+ p.prog_ids = prog_ids;
+
+ ret = bpf_prog_query_opts(cgroup_fd, type, &p);
+ if (ret)
+ return ret;
+
+ if (p.prog_cnt == 0)
+ return 0;
+
+ for (iter = 0; iter < p.prog_cnt; iter++)
+ show_bpf_prog(prog_ids[iter], type, NULL, level);
+
+ return 0;
+}
+
static int show_attached_bpf_progs(int cgroup_fd, enum bpf_attach_type type,
int level)
{
@@ -245,6 +274,14 @@ static int show_attached_bpf_progs(int cgroup_fd, enum bpf_attach_type type,
return 0;
}
+static int show_bpf_progs(int cgroup_fd, enum bpf_attach_type type,
+ int level)
+{
+ return query_flags & BPF_F_QUERY_EFFECTIVE ?
+ show_effective_bpf_progs(cgroup_fd, type, level) :
+ show_attached_bpf_progs(cgroup_fd, type, level);
+}
+
static int do_show(int argc, char **argv)
{
enum bpf_attach_type type;
@@ -292,6 +329,8 @@ static int do_show(int argc, char **argv)
if (json_output)
jsonw_start_array(json_wtr);
+ else if (query_flags & BPF_F_QUERY_EFFECTIVE)
+ printf("%-8s %-15s %-15s\n", "ID", "AttachType", "Name");
else
printf("%-8s %-15s %-15s %-15s\n", "ID", "AttachType",
"AttachFlags", "Name");
@@ -304,7 +343,7 @@ static int do_show(int argc, char **argv)
* If we were able to get the show for at least one
* attach type, let's return 0.
*/
- if (show_attached_bpf_progs(cgroup_fd, type, 0) == 0)
+ if (show_bpf_progs(cgroup_fd, type, 0) == 0)
ret = 0;
}
@@ -362,7 +401,7 @@ static int do_show_tree_fn(const char *fpath, const struct stat *sb,
btf_vmlinux = libbpf_find_kernel_btf();
for (type = 0; type < __MAX_BPF_ATTACH_TYPE; type++)
- show_attached_bpf_progs(cgroup_fd, type, ftw->level);
+ show_bpf_progs(cgroup_fd, type, ftw->level);
if (errno == EINVAL)
/* Last attach type does not support query.
@@ -436,6 +475,11 @@ static int do_show_tree(int argc, char **argv)
if (json_output)
jsonw_start_array(json_wtr);
+ else if (query_flags & BPF_F_QUERY_EFFECTIVE)
+ printf("%s\n"
+ "%-8s %-15s %-15s\n",
+ "CgroupPath",
+ "ID", "AttachType", "Name");
else
printf("%s\n"
"%-8s %-15s %-15s %-15s\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 304/862] selftests/bpf: Adapt cgroup effective query uapi change
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 303/862] bpftool: Fix wrong cgroup attach flags being assigned to effective progs Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 305/862] flow_dissector: Do not count vlan tags inside tunnel payload Greg Kroah-Hartman
` (572 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pu Lehui, Martin KaFai Lau, Sasha Levin
From: Pu Lehui <pulehui@huawei.com>
[ Upstream commit d2aa993b7d9de6deeb1df6c9a6b9b6193c337cc6 ]
The attach flags is meaningless for effective query and
its value will always be set as 0 during effective query.
Root cg's effective progs is always its attached progs,
so we use non-effective query to get its progs count and
attach flags. And we don't need the remain attach flags
check.
Fixes: b79c9fc9551b ("bpf: implement BPF_PROG_QUERY for BPF_LSM_CGROUP")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Link: https://lore.kernel.org/r/20220921104604.2340580-4-pulehui@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/prog_tests/cgroup_link.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/cgroup_link.c b/tools/testing/selftests/bpf/prog_tests/cgroup_link.c
index 9e6e6aad347c..15093a69510e 100644
--- a/tools/testing/selftests/bpf/prog_tests/cgroup_link.c
+++ b/tools/testing/selftests/bpf/prog_tests/cgroup_link.c
@@ -71,10 +71,9 @@ void serial_test_cgroup_link(void)
ping_and_check(cg_nr, 0);
- /* query the number of effective progs and attach flags in root cg */
+ /* query the number of attached progs and attach flags in root cg */
err = bpf_prog_query(cgs[0].fd, BPF_CGROUP_INET_EGRESS,
- BPF_F_QUERY_EFFECTIVE, &attach_flags, NULL,
- &prog_cnt);
+ 0, &attach_flags, NULL, &prog_cnt);
CHECK_FAIL(err);
CHECK_FAIL(attach_flags != BPF_F_ALLOW_MULTI);
if (CHECK(prog_cnt != 1, "effect_cnt", "exp %d, got %d\n", 1, prog_cnt))
@@ -85,17 +84,15 @@ void serial_test_cgroup_link(void)
BPF_F_QUERY_EFFECTIVE, NULL, NULL,
&prog_cnt);
CHECK_FAIL(err);
- CHECK_FAIL(attach_flags != BPF_F_ALLOW_MULTI);
if (CHECK(prog_cnt != cg_nr, "effect_cnt", "exp %d, got %d\n",
cg_nr, prog_cnt))
goto cleanup;
/* query the effective prog IDs in last cg */
err = bpf_prog_query(cgs[last_cg].fd, BPF_CGROUP_INET_EGRESS,
- BPF_F_QUERY_EFFECTIVE, &attach_flags,
- prog_ids, &prog_cnt);
+ BPF_F_QUERY_EFFECTIVE, NULL, prog_ids,
+ &prog_cnt);
CHECK_FAIL(err);
- CHECK_FAIL(attach_flags != BPF_F_ALLOW_MULTI);
if (CHECK(prog_cnt != cg_nr, "effect_cnt", "exp %d, got %d\n",
cg_nr, prog_cnt))
goto cleanup;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 305/862] flow_dissector: Do not count vlan tags inside tunnel payload
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 304/862] selftests/bpf: Adapt cgroup effective query uapi change Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 306/862] mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv Greg Kroah-Hartman
` (571 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qingqing Yang, Boris Sukholitko,
Jakub Kicinski, Sasha Levin
From: Qingqing Yang <qingqing.yang@broadcom.com>
[ Upstream commit 9f87eb4246994e32a4e4ea88476b20ab3b412840 ]
We've met the problem that when there is a vlan tag inside
GRE encapsulation, the match of num_of_vlans fails.
It is caused by the vlan tag inside GRE payload has been
counted into num_of_vlans, which is not expected.
One example packet is like this:
Ethernet II, Src: Broadcom_68:56:07 (00:10:18:68:56:07)
Dst: Broadcom_68:56:08 (00:10:18:68:56:08)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 100
Internet Protocol Version 4, Src: 192.168.1.4, Dst: 192.168.1.200
Generic Routing Encapsulation (Transparent Ethernet bridging)
Ethernet II, Src: Broadcom_68:58:07 (00:10:18:68:58:07)
Dst: Broadcom_68:58:08 (00:10:18:68:58:08)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 200
...
It should match the (num_of_vlans 1) rule, but it matches
the (num_of_vlans 2) rule.
The vlan tags inside the GRE or other tunnel encapsulated payload
should not be taken into num_of_vlans.
The fix is to stop counting the vlan number when the encapsulation
bit is set.
Fixes: 34951fcf26c5 ("flow_dissector: Add number of vlan tags dissector")
Signed-off-by: Qingqing Yang <qingqing.yang@broadcom.com>
Reviewed-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
Link: https://lore.kernel.org/r/20220919074808.136640-1-qingqing.yang@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/flow_dissector.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 5dc3860e9fc7..7105529abb0f 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1173,8 +1173,8 @@ bool __skb_flow_dissect(const struct net *net,
nhoff += sizeof(*vlan);
}
- if (dissector_uses_key(flow_dissector,
- FLOW_DISSECTOR_KEY_NUM_OF_VLANS)) {
+ if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_NUM_OF_VLANS) &&
+ !(key_control->flags & FLOW_DIS_ENCAPSULATION)) {
struct flow_dissector_key_num_of_vlans *key_nvs;
key_nvs = skb_flow_dissector_target(flow_dissector,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 306/862] mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 305/862] flow_dissector: Do not count vlan tags inside tunnel payload Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 307/862] wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected Greg Kroah-Hartman
` (570 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Brian Norris,
Kalle Valo, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 551e4745c7f218da7070b36a06318592913676ff ]
There are sleep in atomic context bugs when uploading device dump
data in mwifiex. The root cause is that dev_coredumpv could not
be used in atomic contexts, because it calls dev_set_name which
include operations that may sleep. The call tree shows execution
paths that could lead to bugs:
(Interrupt context)
fw_dump_timer_fn
mwifiex_upload_device_dump
dev_coredumpv(..., GFP_KERNEL)
dev_coredumpm()
kzalloc(sizeof(*devcd), gfp); //may sleep
dev_set_name
kobject_set_name_vargs
kvasprintf_const(GFP_KERNEL, ...); //may sleep
kstrdup(s, GFP_KERNEL); //may sleep
The corresponding fail log is shown below:
[ 135.275938] usb 1-1: == mwifiex dump information to /sys/class/devcoredump start
[ 135.281029] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:265
...
[ 135.293613] Call Trace:
[ 135.293613] <IRQ>
[ 135.293613] dump_stack_lvl+0x57/0x7d
[ 135.293613] __might_resched.cold+0x138/0x173
[ 135.293613] ? dev_coredumpm+0xca/0x2e0
[ 135.293613] kmem_cache_alloc_trace+0x189/0x1f0
[ 135.293613] ? devcd_match_failing+0x30/0x30
[ 135.293613] dev_coredumpm+0xca/0x2e0
[ 135.293613] ? devcd_freev+0x10/0x10
[ 135.293613] dev_coredumpv+0x1c/0x20
[ 135.293613] ? devcd_match_failing+0x30/0x30
[ 135.293613] mwifiex_upload_device_dump+0x65/0xb0
[ 135.293613] ? mwifiex_dnld_fw+0x1b0/0x1b0
[ 135.293613] call_timer_fn+0x122/0x3d0
[ 135.293613] ? msleep_interruptible+0xb0/0xb0
[ 135.293613] ? lock_downgrade+0x3c0/0x3c0
[ 135.293613] ? __next_timer_interrupt+0x13c/0x160
[ 135.293613] ? lockdep_hardirqs_on_prepare+0xe/0x220
[ 135.293613] ? mwifiex_dnld_fw+0x1b0/0x1b0
[ 135.293613] __run_timers.part.0+0x3f8/0x540
[ 135.293613] ? call_timer_fn+0x3d0/0x3d0
[ 135.293613] ? arch_restore_msi_irqs+0x10/0x10
[ 135.293613] ? lapic_next_event+0x31/0x40
[ 135.293613] run_timer_softirq+0x4f/0xb0
[ 135.293613] __do_softirq+0x1c2/0x651
...
[ 135.293613] RIP: 0010:default_idle+0xb/0x10
[ 135.293613] RSP: 0018:ffff888006317e68 EFLAGS: 00000246
[ 135.293613] RAX: ffffffff82ad8d10 RBX: ffff888006301cc0 RCX: ffffffff82ac90e1
[ 135.293613] RDX: ffffed100d9ff1b4 RSI: ffffffff831ad140 RDI: ffffffff82ad8f20
[ 135.293613] RBP: 0000000000000003 R08: 0000000000000000 R09: ffff88806cff8d9b
[ 135.293613] R10: ffffed100d9ff1b3 R11: 0000000000000001 R12: ffffffff84593410
[ 135.293613] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff11000c62fd2
...
[ 135.389205] usb 1-1: == mwifiex dump information to /sys/class/devcoredump end
This patch uses delayed work to replace timer and moves the operations
that may sleep into a delayed work in order to mitigate bugs, it was
tested on Marvell 88W8801 chip whose port is usb and the firmware is
usb8801_uapsta.bin. The following is the result after using delayed
work to replace timer.
[ 134.936453] usb 1-1: == mwifiex dump information to /sys/class/devcoredump start
[ 135.043344] usb 1-1: == mwifiex dump information to /sys/class/devcoredump end
As we can see, there is no bug now.
Fixes: f5ecd02a8b20 ("mwifiex: device dump support for usb interface")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/5cfa5c473ff6d069cb67760ffa04a2f84ef450a8.1661252818.git.duoming@zju.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/init.c | 9 +++++----
drivers/net/wireless/marvell/mwifiex/main.h | 3 ++-
drivers/net/wireless/marvell/mwifiex/sta_event.c | 6 +++---
3 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/init.c b/drivers/net/wireless/marvell/mwifiex/init.c
index fc77489cc511..7dddb4b5dea1 100644
--- a/drivers/net/wireless/marvell/mwifiex/init.c
+++ b/drivers/net/wireless/marvell/mwifiex/init.c
@@ -51,9 +51,10 @@ static void wakeup_timer_fn(struct timer_list *t)
adapter->if_ops.card_reset(adapter);
}
-static void fw_dump_timer_fn(struct timer_list *t)
+static void fw_dump_work(struct work_struct *work)
{
- struct mwifiex_adapter *adapter = from_timer(adapter, t, devdump_timer);
+ struct mwifiex_adapter *adapter =
+ container_of(work, struct mwifiex_adapter, devdump_work.work);
mwifiex_upload_device_dump(adapter);
}
@@ -309,7 +310,7 @@ static void mwifiex_init_adapter(struct mwifiex_adapter *adapter)
adapter->active_scan_triggered = false;
timer_setup(&adapter->wakeup_timer, wakeup_timer_fn, 0);
adapter->devdump_len = 0;
- timer_setup(&adapter->devdump_timer, fw_dump_timer_fn, 0);
+ INIT_DELAYED_WORK(&adapter->devdump_work, fw_dump_work);
}
/*
@@ -388,7 +389,7 @@ static void
mwifiex_adapter_cleanup(struct mwifiex_adapter *adapter)
{
del_timer(&adapter->wakeup_timer);
- del_timer_sync(&adapter->devdump_timer);
+ cancel_delayed_work_sync(&adapter->devdump_work);
mwifiex_cancel_all_pending_cmd(adapter);
wake_up_interruptible(&adapter->cmd_wait_q.wait);
wake_up_interruptible(&adapter->hs_activate_wait_q);
diff --git a/drivers/net/wireless/marvell/mwifiex/main.h b/drivers/net/wireless/marvell/mwifiex/main.h
index 87729d251fed..63f861e6b28a 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.h
+++ b/drivers/net/wireless/marvell/mwifiex/main.h
@@ -37,6 +37,7 @@
#include <linux/pm_runtime.h>
#include <linux/slab.h>
#include <linux/of_irq.h>
+#include <linux/workqueue.h>
#include "decl.h"
#include "ioctl.h"
@@ -1043,7 +1044,7 @@ struct mwifiex_adapter {
/* Device dump data/length */
void *devdump_data;
int devdump_len;
- struct timer_list devdump_timer;
+ struct delayed_work devdump_work;
bool ignore_btcoex_events;
};
diff --git a/drivers/net/wireless/marvell/mwifiex/sta_event.c b/drivers/net/wireless/marvell/mwifiex/sta_event.c
index b95e90a7d124..e80e372cce8c 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_event.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_event.c
@@ -611,8 +611,8 @@ mwifiex_fw_dump_info_event(struct mwifiex_private *priv,
* transmission event get lost, in this cornel case,
* user would still get partial of the dump.
*/
- mod_timer(&adapter->devdump_timer,
- jiffies + msecs_to_jiffies(MWIFIEX_TIMER_10S));
+ schedule_delayed_work(&adapter->devdump_work,
+ msecs_to_jiffies(MWIFIEX_TIMER_10S));
}
/* Overflow check */
@@ -631,7 +631,7 @@ mwifiex_fw_dump_info_event(struct mwifiex_private *priv,
return;
upload_dump:
- del_timer_sync(&adapter->devdump_timer);
+ cancel_delayed_work_sync(&adapter->devdump_work);
mwifiex_upload_device_dump(adapter);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 307/862] wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 306/862] mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 308/862] wifi: ath11k: fix number of VHT beamformee spatial streams Greg Kroah-Hartman
` (569 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Kalle Valo, Sasha Levin
From: Wen Gong <quic_wgong@quicinc.com>
[ Upstream commit a20ed60bb357776301c2dad7b4a4f0db97e143e9 ]
It has a fail log which is ath11k_dbg in ath11k_dp_rx_process_mon_status(),
as below, it will not print when debug_mask is not set ATH11K_DBG_DATA.
ath11k_dbg(ab, ATH11K_DBG_DATA,
"failed to find the peer with peer_id %d\n",
ppdu_info.peer_id);
When run scan with station disconnected, the peer_id is 0 for case
HAL_RX_MPDU_START in ath11k_hal_rx_parse_mon_status_tlv() which called
from ath11k_dp_rx_process_mon_status(), and the peer_id of ppdu_info is
reset to 0 in the while loop, so it does not match condition of the
check "if (ppdu_info->peer_id == HAL_INVALID_PEERID" in the loop, and
then the log "failed to find the peer with peer_id 0" print after the
check in the loop, it is below call stack when debug_mask is set
ATH11K_DBG_DATA.
The reason is this commit 01d2f285e3e5 ("ath11k: decode HE status tlv")
add "memset(ppdu_info, 0, sizeof(struct hal_rx_mon_ppdu_info))" in
ath11k_dp_rx_process_mon_status(), but the commit does not initialize
the peer_id to HAL_INVALID_PEERID, then lead the check mis-match.
Callstack of the failed log:
[12335.689072] RIP: 0010:ath11k_dp_rx_process_mon_status+0x9ea/0x1020 [ath11k]
[12335.689157] Code: 89 ff e8 f9 10 00 00 be 01 00 00 00 4c 89 f7 e8 dc 4b 4e de 48 8b 85 38 ff ff ff c7 80 e4 07 00 00 01 00 00 00 e9 20 f8 ff ff <0f> 0b 41 0f b7 96 be 06 00 00 48 c7 c6 b8 50 44 c1 4c 89 ff e8 fd
[12335.689180] RSP: 0018:ffffb874001a4ca0 EFLAGS: 00010246
[12335.689210] RAX: 0000000000000000 RBX: ffff995642cbd100 RCX: 0000000000000000
[12335.689229] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff99564212cd18
[12335.689248] RBP: ffffb874001a4dc0 R08: 0000000000000001 R09: 0000000000000000
[12335.689268] R10: 0000000000000220 R11: ffffb874001a48e8 R12: ffff995642473d40
[12335.689286] R13: ffff99564212c5b8 R14: ffff9956424736a0 R15: ffff995642120000
[12335.689303] FS: 0000000000000000(0000) GS:ffff995739000000(0000) knlGS:0000000000000000
[12335.689323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[12335.689341] CR2: 00007f43c5d5e039 CR3: 000000011c012005 CR4: 00000000000606e0
[12335.689360] Call Trace:
[12335.689377] <IRQ>
[12335.689418] ? rcu_read_lock_held_common+0x12/0x50
[12335.689447] ? rcu_read_lock_sched_held+0x25/0x80
[12335.689471] ? rcu_read_lock_held_common+0x12/0x50
[12335.689504] ath11k_dp_rx_process_mon_rings+0x8d/0x4f0 [ath11k]
[12335.689578] ? ath11k_dp_rx_process_mon_rings+0x8d/0x4f0 [ath11k]
[12335.689653] ? lock_acquire+0xef/0x360
[12335.689681] ? rcu_read_lock_sched_held+0x25/0x80
[12335.689713] ath11k_dp_service_mon_ring+0x38/0x60 [ath11k]
[12335.689784] ? ath11k_dp_rx_process_mon_rings+0x4f0/0x4f0 [ath11k]
[12335.689860] call_timer_fn+0xb2/0x2f0
[12335.689897] ? ath11k_dp_rx_process_mon_rings+0x4f0/0x4f0 [ath11k]
[12335.689970] run_timer_softirq+0x21f/0x540
[12335.689999] ? ktime_get+0xad/0x160
[12335.690025] ? lapic_next_deadline+0x2c/0x40
[12335.690053] ? clockevents_program_event+0x82/0x100
[12335.690093] __do_softirq+0x151/0x4a8
[12335.690135] irq_exit_rcu+0xc9/0x100
[12335.690165] sysvec_apic_timer_interrupt+0xa8/0xd0
[12335.690189] </IRQ>
[12335.690204] <TASK>
[12335.690225] asm_sysvec_apic_timer_interrupt+0x12/0x20
Reset the default value to HAL_INVALID_PEERID each time after memset
of ppdu_info as well as others memset which existed in function
ath11k_dp_rx_process_mon_status(), then the failed log disappeared.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
Fixes: 01d2f285e3e5 ("ath11k: decode HE status tlv")
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220518033556.31940-1-quic_wgong@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/dp_rx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c
index 2148acf37071..e9c56ad1ec9d 100644
--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
+++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
@@ -5197,7 +5197,8 @@ int ath11k_dp_rx_process_mon_status(struct ath11k_base *ab, int mac_id,
if (log_type != ATH11K_PKTLOG_TYPE_INVALID)
trace_ath11k_htt_rxdesc(ar, skb->data, log_type, rx_buf_sz);
- memset(ppdu_info, 0, sizeof(struct hal_rx_mon_ppdu_info));
+ memset(ppdu_info, 0, sizeof(*ppdu_info));
+ ppdu_info->peer_id = HAL_INVALID_PEERID;
hal_status = ath11k_hal_rx_parse_mon_status(ab, ppdu_info, skb);
if (test_bit(ATH11K_FLAG_MONITOR_STARTED, &ar->monitor_flags) &&
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 308/862] wifi: ath11k: fix number of VHT beamformee spatial streams
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 307/862] wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 309/862] mips: dts: ralink: mt7621: fix external phy on GB-PC2 Greg Kroah-Hartman
` (568 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jesus Fernandez Manzano, Kalle Valo,
Sasha Levin
From: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
[ Upstream commit 55b5ee3357d7bb98ee578cf9b84a652e7a1bc199 ]
The number of spatial streams used when acting as a beamformee in VHT
mode are reported by the firmware as 7 (8 sts - 1) both in IPQ6018 and
IPQ8074 which respectively have 2 and 4 sts each. So the firmware should
report 1 (2 - 1) and 3 (4 - 1).
Fix this by checking that the number of VHT beamformee sts reported by
the firmware is not greater than the number of receiving antennas - 1.
The fix is based on the same approach used in this same function for
sanitizing the number of sounding dimensions reported by the firmware.
Without this change, acting as a beamformee in VHT mode is not working
properly.
Tested-on: IPQ6018 hw1.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220616173947.21901-1-jesus.manzano@galgus.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 25 ++++++++++++++++++++-----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 7e91e347c9ff..7f6521314b2d 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -4954,6 +4954,8 @@ static int ath11k_mac_set_txbf_conf(struct ath11k_vif *arvif)
if (vht_cap & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)) {
nsts = vht_cap & IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
+ if (nsts > (ar->num_rx_chains - 1))
+ nsts = ar->num_rx_chains - 1;
value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
}
@@ -4994,7 +4996,7 @@ static int ath11k_mac_set_txbf_conf(struct ath11k_vif *arvif)
static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
{
bool subfer, subfee;
- int sound_dim = 0;
+ int sound_dim = 0, nsts = 0;
subfer = !!(*vht_cap & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE));
subfee = !!(*vht_cap & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE));
@@ -5004,6 +5006,11 @@ static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
subfer = false;
}
+ if (ar->num_rx_chains < 2) {
+ *vht_cap &= ~(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
+ subfee = false;
+ }
+
/* If SU Beaformer is not set, then disable MU Beamformer Capability */
if (!subfer)
*vht_cap &= ~(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
@@ -5016,7 +5023,9 @@ static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
*vht_cap &= ~IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
- /* TODO: Need to check invalid STS and Sound_dim values set by FW? */
+ nsts = (*vht_cap & IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK);
+ nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
+ *vht_cap &= ~IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
/* Enable Sounding Dimension Field only if SU BF is enabled */
if (subfer) {
@@ -5028,9 +5037,15 @@ static void ath11k_set_vht_txbf_cap(struct ath11k *ar, u32 *vht_cap)
*vht_cap |= sound_dim;
}
- /* Use the STS advertised by FW unless SU Beamformee is not supported*/
- if (!subfee)
- *vht_cap &= ~(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK);
+ /* Enable Beamformee STS Field only if SU BF is enabled */
+ if (subfee) {
+ if (nsts > (ar->num_rx_chains - 1))
+ nsts = ar->num_rx_chains - 1;
+
+ nsts <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
+ nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
+ *vht_cap |= nsts;
+ }
}
static struct ieee80211_sta_vht_cap
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 309/862] mips: dts: ralink: mt7621: fix external phy on GB-PC2
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 308/862] wifi: ath11k: fix number of VHT beamformee spatial streams Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 310/862] x86/microcode/AMD: Track patch allocation size explicitly Greg Kroah-Hartman
` (567 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arınç ÜNAL,
Sergio Paracuellos, David S. Miller, Sasha Levin
From: Arınç ÜNAL <arinc.unal@arinc9.com>
[ Upstream commit 247825f991b34440f9b9d4fe607502435a42ac7b ]
The address of the external phy on the mdio bus is 5. Update the devicetree
for GB-PC2 accordingly.
Fixes: 5bc148649cf3 ("staging: mt7621-dts: fix GB-PC2 devicetree")
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Reviewed-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/boot/dts/ralink/mt7621-gnubee-gb-pc2.dts | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/mips/boot/dts/ralink/mt7621-gnubee-gb-pc2.dts b/arch/mips/boot/dts/ralink/mt7621-gnubee-gb-pc2.dts
index 34006e667780..0d01e542a0a6 100644
--- a/arch/mips/boot/dts/ralink/mt7621-gnubee-gb-pc2.dts
+++ b/arch/mips/boot/dts/ralink/mt7621-gnubee-gb-pc2.dts
@@ -83,12 +83,12 @@
&gmac1 {
status = "okay";
- phy-handle = <ðphy7>;
+ phy-handle = <ðphy5>;
};
&mdio {
- ethphy7: ethernet-phy@7 {
- reg = <7>;
+ ethphy5: ethernet-phy@5 {
+ reg = <5>;
phy-mode = "rgmii-rxid";
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 310/862] x86/microcode/AMD: Track patch allocation size explicitly
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 309/862] mips: dts: ralink: mt7621: fix external phy on GB-PC2 Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 311/862] libbpf: restore memory layout of bpf_object_open_opts Greg Kroah-Hartman
` (566 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Micay, Kees Cook,
Borislav Petkov, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 712f210a457d9c32414df246a72781550bc23ef6 ]
In preparation for reducing the use of ksize(), record the actual
allocation size for later memcpy(). This avoids copying extra
(uninitialized!) bytes into the patch buffer when the requested
allocation size isn't exactly the size of a kmalloc bucket.
Additionally, fix potential future issues where runtime bounds checking
will notice that the buffer was allocated to a smaller value than
returned by ksize().
Fixes: 757885e94a22 ("x86, microcode, amd: Early microcode patch loading support for AMD")
Suggested-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/lkml/CA+DvKQ+bp7Y7gmaVhacjv9uF6Ar-o4tet872h4Q8RPYPJjcJQA@mail.gmail.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/microcode.h | 1 +
arch/x86/kernel/cpu/microcode/amd.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index 0c3d3440fe27..aa675783412f 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -9,6 +9,7 @@
struct ucode_patch {
struct list_head plist;
void *data; /* Intel uses only this one */
+ unsigned int size;
u32 patch_id;
u16 equiv_cpu;
};
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 8b2fcdfa6d31..615bc6efa1dd 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -788,6 +788,7 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
kfree(patch);
return -EINVAL;
}
+ patch->size = *patch_size;
mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE);
proc_id = mc_hdr->processor_rev_id;
@@ -869,7 +870,7 @@ load_microcode_amd(bool save, u8 family, const u8 *data, size_t size)
return ret;
memset(amd_ucode_patch, 0, PATCH_MAX_SIZE);
- memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE));
+ memcpy(amd_ucode_patch, p->data, min_t(u32, p->size, PATCH_MAX_SIZE));
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 311/862] libbpf: restore memory layout of bpf_object_open_opts
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 310/862] x86/microcode/AMD: Track patch allocation size explicitly Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 312/862] wifi: ath11k: fix peer addition/deletion error on sta band migration Greg Kroah-Hartman
` (565 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grant Seltzer Richman,
Andrii Nakryiko, Martin KaFai Lau, Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit dbdea9b36fb61da3b9a1be0dd63542e2bfd3e5d7 ]
When attach_prog_fd field was removed in libbpf 1.0 and replaced with
`long: 0` placeholder, it actually shifted all the subsequent fields by
8 byte. This is due to `long: 0` promising to adjust next field's offset
to long-aligned offset. But in this case we were already long-aligned
as pin_root_path is a pointer. So `long: 0` had no effect, and thus
didn't feel the gap created by removed attach_prog_fd.
Non-zero bitfield should have been used instead. I validated using
pahole. Originally kconfig field was at offset 40. With `long: 0` it's
at offset 32, which is wrong. With this change it's back at offset 40.
While technically libbpf 1.0 is allowed to break backwards
compatibility and applications should have been recompiled against
libbpf 1.0 headers, but given how trivial it is to preserve memory
layout, let's fix this.
Reported-by: Grant Seltzer Richman <grantseltzer@gmail.com>
Fixes: 146bf811f5ac ("libbpf: remove most other deprecated high-level APIs")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20220923230559.666608-1-andrii@kernel.org
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
index 61493c4cddac..9f956e6058ed 100644
--- a/tools/lib/bpf/libbpf.h
+++ b/tools/lib/bpf/libbpf.h
@@ -118,7 +118,9 @@ struct bpf_object_open_opts {
* auto-pinned to that path on load; defaults to "/sys/fs/bpf".
*/
const char *pin_root_path;
- long :0;
+
+ __u32 :32; /* stub out now removed attach_prog_fd */
+
/* Additional kernel config content that augments and overrides
* system Kconfig for CONFIG_xxx externs.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 312/862] wifi: ath11k: fix peer addition/deletion error on sta band migration
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 311/862] libbpf: restore memory layout of bpf_object_open_opts Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 313/862] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype Greg Kroah-Hartman
` (564 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Ansuel Marangi, Kalle Valo,
Sasha Levin
From: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
[ Upstream commit d673cb6fe6c03b2be157cc6c5db40481828d282d ]
This patch try to fix the following error.
Wed Jun 1 22:19:30 2022 kern.warn kernel: [ 119.561227] ath11k c000000.wifi: peer already added vdev id 0 req, vdev id 1 present
Wed Jun 1 22:19:30 2022 kern.warn kernel: [ 119.561282] ath11k c000000.wifi: Failed to add peer: 28:c2:1f:xx:xx:xx for VDEV: 0
Wed Jun 1 22:19:30 2022 kern.warn kernel: [ 119.568053] ath11k c000000.wifi: Failed to add station: 28:c2:1f:xx:xx:xx for VDEV: 0
Wed Jun 1 22:19:31 2022 daemon.notice hostapd: wlan2: STA 28:c2:1f:xx:xx:xx IEEE 802.11: Could not add STA to kernel driver
Wed Jun 1 22:19:31 2022 daemon.notice hostapd: wlan2: STA 28:c2:1f:xx:xx:xx IEEE 802.11: did not acknowledge authentication response
Wed Jun 1 22:19:31 2022 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED 28:c2:1f:xx:xx:xx
Wed Jun 1 22:19:31 2022 daemon.info hostapd: wlan1: STA 28:c2:1f:xx:xx:xx IEEE 802.11: disassociated due to inactivity
Wed Jun 1 22:19:32 2022 daemon.info hostapd: wlan1: STA 28:c2:1f:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
To repro this:
- Have 2 Wifi with the same bssid and pass on different band (2.4 and
5GHz)
- Enable 802.11r Fast Transaction with same mobility domain
- FT Protocol: FT over the Air
>From a openwrt system issue the command (with the correct mac)
ubus call hostapd.wlan1 wnm_disassoc_imminent '{"addr":"28:C2:1F:xx:xx:xx"}'
Notice the log printing the errors.
The cause of this error has been investigated and we found that this is
related to the WiFi Fast Transaction feature. We observed that this is
triggered when the router tells the device to change band. In this case
the device first auth to the other band and then the disconnect path
from the prev band is triggered.
This is problematic with the current rhash implementation since the
addrs is used as key and the logic of "adding first, delete later"
conflicts with the rhash logic.
In fact peer addition will fail since the peer is already added and with
that fixed a peer deletion will cause unitended effect by removing the
peer just added.
Current solution to this is to add additional logic to the peer delete,
make sure we are deleting the correct peer taken from the rhash
table (and fallback to the peer list) and for the peer add logic delete
the peer entry for the rhash list before adding the new one (counting as
an error only when a peer with the same vlan_id is asked to be added).
With this change, a sta can correctly transition from 2.4GHz and 5GHZ
with no drop and no error are printed.
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
Fixes: 7b0c70d92a43 ("ath11k: Add peer rhash table support")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220603164559.27769-1-ansuelsmth@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/peer.c | 30 ++++++++++++++++++++++----
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/peer.c b/drivers/net/wireless/ath/ath11k/peer.c
index 9e22aaf34b88..1ae7af02c364 100644
--- a/drivers/net/wireless/ath/ath11k/peer.c
+++ b/drivers/net/wireless/ath/ath11k/peer.c
@@ -302,6 +302,21 @@ static int __ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, const u8 *addr)
spin_lock_bh(&ab->base_lock);
peer = ath11k_peer_find_by_addr(ab, addr);
+ /* Check if the found peer is what we want to remove.
+ * While the sta is transitioning to another band we may
+ * have 2 peer with the same addr assigned to different
+ * vdev_id. Make sure we are deleting the correct peer.
+ */
+ if (peer && peer->vdev_id == vdev_id)
+ ath11k_peer_rhash_delete(ab, peer);
+
+ /* Fallback to peer list search if the correct peer can't be found.
+ * Skip the deletion of the peer from the rhash since it has already
+ * been deleted in peer add.
+ */
+ if (!peer)
+ peer = ath11k_peer_find(ab, vdev_id, addr);
+
if (!peer) {
spin_unlock_bh(&ab->base_lock);
mutex_unlock(&ab->tbl_mtx_lock);
@@ -312,8 +327,6 @@ static int __ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, const u8 *addr)
return -EINVAL;
}
- ath11k_peer_rhash_delete(ab, peer);
-
spin_unlock_bh(&ab->base_lock);
mutex_unlock(&ab->tbl_mtx_lock);
@@ -372,8 +385,17 @@ int ath11k_peer_create(struct ath11k *ar, struct ath11k_vif *arvif,
spin_lock_bh(&ar->ab->base_lock);
peer = ath11k_peer_find_by_addr(ar->ab, param->peer_addr);
if (peer) {
- spin_unlock_bh(&ar->ab->base_lock);
- return -EINVAL;
+ if (peer->vdev_id == param->vdev_id) {
+ spin_unlock_bh(&ar->ab->base_lock);
+ return -EINVAL;
+ }
+
+ /* Assume sta is transitioning to another band.
+ * Remove here the peer from rhash.
+ */
+ mutex_lock(&ar->ab->tbl_mtx_lock);
+ ath11k_peer_rhash_delete(ar->ab, peer);
+ mutex_unlock(&ar->ab->tbl_mtx_lock);
}
spin_unlock_bh(&ar->ab->base_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 313/862] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 312/862] wifi: ath11k: fix peer addition/deletion error on sta band migration Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 314/862] spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe Greg Kroah-Hartman
` (563 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luciano Leão, Borislav Petkov,
Nícolas F . R . A . Prado, Sasha Levin
From: Luciano Leão <lucianorsleao@gmail.com>
[ Upstream commit 30ea703a38ef76ca119673cd8bdd05c6e068e2ac ]
Include the header containing the prototype of init_ia32_feat_ctl(),
solving the following warning:
$ make W=1 arch/x86/kernel/cpu/feat_ctl.o
arch/x86/kernel/cpu/feat_ctl.c:112:6: warning: no previous prototype for ‘init_ia32_feat_ctl’ [-Wmissing-prototypes]
112 | void init_ia32_feat_ctl(struct cpuinfo_x86 *c)
This warning appeared after commit
5d5103595e9e5 ("x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup")
had moved the function init_ia32_feat_ctl()'s prototype from
arch/x86/kernel/cpu/cpu.h to arch/x86/include/asm/cpu.h.
Note that, before the commit mentioned above, the header include "cpu.h"
(arch/x86/kernel/cpu/cpu.h) was added by commit
0e79ad863df43 ("x86/cpu: Fix a -Wmissing-prototypes warning for init_ia32_feat_ctl()")
solely to fix init_ia32_feat_ctl()'s missing prototype. So, the header
include "cpu.h" is no longer necessary.
[ bp: Massage commit message. ]
Fixes: 5d5103595e9e5 ("x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup")
Signed-off-by: Luciano Leão <lucianorsleao@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Nícolas F. R. A. Prado <n@nfraprado.net>
Link: https://lore.kernel.org/r/20220922200053.1357470-1-lucianorsleao@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/feat_ctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/feat_ctl.c b/arch/x86/kernel/cpu/feat_ctl.c
index 993697e71854..03851240c3e3 100644
--- a/arch/x86/kernel/cpu/feat_ctl.c
+++ b/arch/x86/kernel/cpu/feat_ctl.c
@@ -1,11 +1,11 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/tboot.h>
+#include <asm/cpu.h>
#include <asm/cpufeature.h>
#include <asm/msr-index.h>
#include <asm/processor.h>
#include <asm/vmx.h>
-#include "cpu.h"
#undef pr_fmt
#define pr_fmt(fmt) "x86/cpu: " fmt
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 314/862] spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 313/862] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 315/862] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Greg Kroah-Hartman
` (562 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 4d0ef0a1c35189a6e8377d8ee8310ea5ef22c5f3 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context.
Fixes:73d5fe0462702 ("spi: cadence-quadspi: Remove spi_master_put() in probe failure path")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220924121310.78331-2-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-cadence-quadspi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c
index e12ab5b43f34..447230547945 100644
--- a/drivers/spi/spi-cadence-quadspi.c
+++ b/drivers/spi/spi-cadence-quadspi.c
@@ -1645,7 +1645,7 @@ static int cqspi_probe(struct platform_device *pdev)
pm_runtime_enable(dev);
ret = pm_runtime_resume_and_get(dev);
if (ret < 0)
- return ret;
+ goto probe_pm_failed;
ret = clk_prepare_enable(cqspi->clk);
if (ret) {
@@ -1740,6 +1740,7 @@ static int cqspi_probe(struct platform_device *pdev)
clk_disable_unprepare(cqspi->clk);
probe_clk_failed:
pm_runtime_put_sync(dev);
+probe_pm_failed:
pm_runtime_disable(dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 315/862] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 314/862] spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 316/862] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Greg Kroah-Hartman
` (561 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 618d815fc93477b1675878f3c04ff32657cc18b4 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context.
Fixes:abf00907538e2 ("spi: dw: Add Baikal-T1 SPI Controller glue driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220924121310.78331-3-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-bt1.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-dw-bt1.c b/drivers/spi/spi-dw-bt1.c
index c06553416123..3fb89dee595e 100644
--- a/drivers/spi/spi-dw-bt1.c
+++ b/drivers/spi/spi-dw-bt1.c
@@ -293,8 +293,10 @@ static int dw_spi_bt1_probe(struct platform_device *pdev)
pm_runtime_enable(&pdev->dev);
ret = dw_spi_add_host(&pdev->dev, dws);
- if (ret)
+ if (ret) {
+ pm_runtime_disable(&pdev->dev);
goto err_disable_clk;
+ }
platform_set_drvdata(pdev, dwsbt1);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 316/862] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 315/862] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 317/862] skmsg: Schedule psock work if the cached skb exists on the psock Greg Kroah-Hartman
` (560 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 29f65f2171c85a9633daa380df14009a365f42f2 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context.
Fixes:db91841b58f9a ("spi/omap100k: Convert to runtime PM")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220924121310.78331-4-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-omap-100k.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-omap-100k.c b/drivers/spi/spi-omap-100k.c
index 20b047172965..061f7394e5b9 100644
--- a/drivers/spi/spi-omap-100k.c
+++ b/drivers/spi/spi-omap-100k.c
@@ -412,6 +412,7 @@ static int omap1_spi100k_probe(struct platform_device *pdev)
return status;
err_fck:
+ pm_runtime_disable(&pdev->dev);
clk_disable_unprepare(spi100k->fck);
err_ick:
clk_disable_unprepare(spi100k->ick);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 317/862] skmsg: Schedule psock work if the cached skb exists on the psock
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 316/862] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 318/862] cw1200: fix incorrect check to determine if no element is found in list Greg Kroah-Hartman
` (559 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Jian, Daniel Borkmann,
John Fastabend, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit bec217197b412d74168c6a42fc0f76d0cc9cad00 ]
In sk_psock_backlog function, for ingress direction skb, if no new data
packet arrives after the skb is cached, the cached skb does not have a
chance to be added to the receive queue of psock. As a result, the cached
skb cannot be received by the upper-layer application. Fix this by reschedule
the psock work to dispose the cached skb in sk_msg_recvmsg function.
Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220907071311.60534-1-liujian56@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/skmsg.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 188f8558d27d..ca70525621c7 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -434,8 +434,10 @@ int sk_msg_recvmsg(struct sock *sk, struct sk_psock *psock, struct msghdr *msg,
if (copied + copy > len)
copy = len - copied;
copy = copy_page_to_iter(page, sge->offset, copy, iter);
- if (!copy)
- return copied ? copied : -EFAULT;
+ if (!copy) {
+ copied = copied ? copied : -EFAULT;
+ goto out;
+ }
copied += copy;
if (likely(!peek)) {
@@ -455,7 +457,7 @@ int sk_msg_recvmsg(struct sock *sk, struct sk_psock *psock, struct msghdr *msg,
* didn't copy the entire length lets just break.
*/
if (copy != sge->length)
- return copied;
+ goto out;
sk_msg_iter_var_next(i);
}
@@ -477,7 +479,9 @@ int sk_msg_recvmsg(struct sock *sk, struct sk_psock *psock, struct msghdr *msg,
}
msg_rx = sk_psock_peek_msg(psock);
}
-
+out:
+ if (psock->work_state.skb && copied > 0)
+ schedule_work(&psock->work);
return copied;
}
EXPORT_SYMBOL_GPL(sk_msg_recvmsg);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 318/862] cw1200: fix incorrect check to determine if no element is found in list
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 317/862] skmsg: Schedule psock work if the cached skb exists on the psock Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 319/862] libbpf: Dont require full struct enum64 in UAPI headers Greg Kroah-Hartman
` (558 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Kalle Valo, Sasha Levin
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
[ Upstream commit 86df5de5c632d3bd940f59bbb14ae912aa9cc363 ]
The bug is here: "} else if (item) {".
The list iterator value will *always* be set and non-NULL by
list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element is found in list.
Use a new value 'iter' as the list iterator, while use the old value
'item' as a dedicated pointer to point to the found element, which
1. can fix this bug, due to now 'item' is NULL only if it's not found.
2. do not need to change all the uses of 'item' after the loop.
3. can also limit the scope of the list iterator 'iter' *only inside*
the traversal loop by simply declaring 'iter' inside the loop in the
future, as usage of the iterator outside of the list_for_each_entry
is considered harmful. https://lkml.org/lkml/2022/2/17/1032
Fixes: a910e4a94f692 ("cw1200: add driver for the ST-E CW1100 & CW1200 WLAN chipsets")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220413091723.17596-1-xiam0nd.tong@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/st/cw1200/queue.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/st/cw1200/queue.c b/drivers/net/wireless/st/cw1200/queue.c
index e06da4b3b0d4..805a3c1bf8fe 100644
--- a/drivers/net/wireless/st/cw1200/queue.c
+++ b/drivers/net/wireless/st/cw1200/queue.c
@@ -91,23 +91,25 @@ static void __cw1200_queue_gc(struct cw1200_queue *queue,
bool unlock)
{
struct cw1200_queue_stats *stats = queue->stats;
- struct cw1200_queue_item *item = NULL, *tmp;
+ struct cw1200_queue_item *item = NULL, *iter, *tmp;
bool wakeup_stats = false;
- list_for_each_entry_safe(item, tmp, &queue->queue, head) {
- if (time_is_after_jiffies(item->queue_timestamp + queue->ttl))
+ list_for_each_entry_safe(iter, tmp, &queue->queue, head) {
+ if (time_is_after_jiffies(iter->queue_timestamp + queue->ttl)) {
+ item = iter;
break;
+ }
--queue->num_queued;
- --queue->link_map_cache[item->txpriv.link_id];
+ --queue->link_map_cache[iter->txpriv.link_id];
spin_lock_bh(&stats->lock);
--stats->num_queued;
- if (!--stats->link_map_cache[item->txpriv.link_id])
+ if (!--stats->link_map_cache[iter->txpriv.link_id])
wakeup_stats = true;
spin_unlock_bh(&stats->lock);
cw1200_debug_tx_ttl(stats->priv);
- cw1200_queue_register_post_gc(head, item);
- item->skb = NULL;
- list_move_tail(&item->head, &queue->free_pool);
+ cw1200_queue_register_post_gc(head, iter);
+ iter->skb = NULL;
+ list_move_tail(&iter->head, &queue->free_pool);
}
if (wakeup_stats)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 319/862] libbpf: Dont require full struct enum64 in UAPI headers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 318/862] cw1200: fix incorrect check to determine if no element is found in list Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 320/862] i2c: mlxbf: support lock mechanism Greg Kroah-Hartman
` (557 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Toke Høiland-Jørgensen,
Andrii Nakryiko, Daniel Borkmann, Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 87dbdc230d162bf9ee1ac77c8ade178b6b1e199e ]
Drop the requirement for system-wide kernel UAPI headers to provide full
struct btf_enum64 definition. This is an unexpected requirement that
slipped in libbpf 1.0 and put unnecessary pressure ([0]) on users to have
a bleeding-edge kernel UAPI header from unreleased Linux 6.0.
To achieve this, we forward declare struct btf_enum64. But that's not
enough as there is btf_enum64_value() helper that expects to know the
layout of struct btf_enum64. So we get a bit creative with
reinterpreting memory layout as array of __u32 and accesing lo32/hi32
fields as array elements. Alternative way would be to have a local
pointer variable for anonymous struct with exactly the same layout as
struct btf_enum64, but that gets us into C++ compiler errors complaining
about invalid type casts. So play it safe, if ugly.
[0] Closes: https://github.com/libbpf/libbpf/issues/562
Fixes: d90ec262b35b ("libbpf: Add enum64 support for btf_dump")
Reported-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Link: https://lore.kernel.org/bpf/20220927042940.147185-1-andrii@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/btf.h | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/tools/lib/bpf/btf.h b/tools/lib/bpf/btf.h
index 583760df83b4..d421d656a076 100644
--- a/tools/lib/bpf/btf.h
+++ b/tools/lib/bpf/btf.h
@@ -487,6 +487,8 @@ static inline struct btf_enum *btf_enum(const struct btf_type *t)
return (struct btf_enum *)(t + 1);
}
+struct btf_enum64;
+
static inline struct btf_enum64 *btf_enum64(const struct btf_type *t)
{
return (struct btf_enum64 *)(t + 1);
@@ -494,7 +496,28 @@ static inline struct btf_enum64 *btf_enum64(const struct btf_type *t)
static inline __u64 btf_enum64_value(const struct btf_enum64 *e)
{
- return ((__u64)e->val_hi32 << 32) | e->val_lo32;
+ /* struct btf_enum64 is introduced in Linux 6.0, which is very
+ * bleeding-edge. Here we are avoiding relying on struct btf_enum64
+ * definition coming from kernel UAPI headers to support wider range
+ * of system-wide kernel headers.
+ *
+ * Given this header can be also included from C++ applications, that
+ * further restricts C tricks we can use (like using compatible
+ * anonymous struct). So just treat struct btf_enum64 as
+ * a three-element array of u32 and access second (lo32) and third
+ * (hi32) elements directly.
+ *
+ * For reference, here is a struct btf_enum64 definition:
+ *
+ * const struct btf_enum64 {
+ * __u32 name_off;
+ * __u32 val_lo32;
+ * __u32 val_hi32;
+ * };
+ */
+ const __u32 *e64 = (const __u32 *)e;
+
+ return ((__u64)e64[2] << 32) | e64[1];
}
static inline struct btf_member *btf_members(const struct btf_type *t)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 320/862] i2c: mlxbf: support lock mechanism
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 319/862] libbpf: Dont require full struct enum64 in UAPI headers Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 321/862] Bluetooth: hci_core: Fix not handling link timeouts propertly Greg Kroah-Hartman
` (556 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Khalil Blaiech, Asmaa Mnebhi,
Wolfram Sang, Sasha Levin
From: Asmaa Mnebhi <asmaa@nvidia.com>
[ Upstream commit 86067ccfa1424a26491542d6f6d7546d40b61a10 ]
Linux is not the only entity using the BlueField I2C busses so
support a lock mechanism provided by hardware to avoid issues
when multiple entities are trying to access the same bus.
The lock is acquired whenever written explicitely or the lock
register is read. So make sure it is always released at the end
of a successful or failed transaction.
Fixes: b5b5b32081cd206b (i2c: mlxbf: I2C SMBus driver for Mellanox BlueField SoC)
Reviewed-by: Khalil Blaiech <kblaiech@nvidia.com>
Signed-off-by: Asmaa Mnebhi <asmaa@nvidia.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-mlxbf.c | 44 ++++++++++++++++++++++++++++++----
1 file changed, 39 insertions(+), 5 deletions(-)
diff --git a/drivers/i2c/busses/i2c-mlxbf.c b/drivers/i2c/busses/i2c-mlxbf.c
index ad5efd7497d1..0e840eba4fd6 100644
--- a/drivers/i2c/busses/i2c-mlxbf.c
+++ b/drivers/i2c/busses/i2c-mlxbf.c
@@ -306,6 +306,7 @@ static u64 mlxbf_i2c_corepll_frequency;
* exact.
*/
#define MLXBF_I2C_SMBUS_TIMEOUT (300 * 1000) /* 300ms */
+#define MLXBF_I2C_SMBUS_LOCK_POLL_TIMEOUT (300 * 1000) /* 300ms */
/* Encapsulates timing parameters. */
struct mlxbf_i2c_timings {
@@ -514,6 +515,25 @@ static bool mlxbf_smbus_master_wait_for_idle(struct mlxbf_i2c_priv *priv)
return false;
}
+/*
+ * wait for the lock to be released before acquiring it.
+ */
+static bool mlxbf_i2c_smbus_master_lock(struct mlxbf_i2c_priv *priv)
+{
+ if (mlxbf_smbus_poll(priv->smbus->io, MLXBF_I2C_SMBUS_MASTER_GW,
+ MLXBF_I2C_MASTER_LOCK_BIT, true,
+ MLXBF_I2C_SMBUS_LOCK_POLL_TIMEOUT))
+ return true;
+
+ return false;
+}
+
+static void mlxbf_i2c_smbus_master_unlock(struct mlxbf_i2c_priv *priv)
+{
+ /* Clear the gw to clear the lock */
+ writel(0, priv->smbus->io + MLXBF_I2C_SMBUS_MASTER_GW);
+}
+
static bool mlxbf_i2c_smbus_transaction_success(u32 master_status,
u32 cause_status)
{
@@ -705,10 +725,19 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
slave = request->slave & GENMASK(6, 0);
addr = slave << 1;
- /* First of all, check whether the HW is idle. */
- if (WARN_ON(!mlxbf_smbus_master_wait_for_idle(priv)))
+ /*
+ * Try to acquire the smbus gw lock before any reads of the GW register since
+ * a read sets the lock.
+ */
+ if (WARN_ON(!mlxbf_i2c_smbus_master_lock(priv)))
return -EBUSY;
+ /* Check whether the HW is idle */
+ if (WARN_ON(!mlxbf_smbus_master_wait_for_idle(priv))) {
+ ret = -EBUSY;
+ goto out_unlock;
+ }
+
/* Set first byte. */
data_desc[data_idx++] = addr;
@@ -732,8 +761,10 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
write_en = 1;
write_len += operation->length;
if (data_idx + operation->length >
- MLXBF_I2C_MASTER_DATA_DESC_SIZE)
- return -ENOBUFS;
+ MLXBF_I2C_MASTER_DATA_DESC_SIZE) {
+ ret = -ENOBUFS;
+ goto out_unlock;
+ }
memcpy(data_desc + data_idx,
operation->buffer, operation->length);
data_idx += operation->length;
@@ -765,7 +796,7 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
ret = mlxbf_i2c_smbus_enable(priv, slave, write_len, block_en,
pec_en, 0);
if (ret)
- return ret;
+ goto out_unlock;
}
if (read_en) {
@@ -792,6 +823,9 @@ mlxbf_i2c_smbus_start_transaction(struct mlxbf_i2c_priv *priv,
priv->smbus->io + MLXBF_I2C_SMBUS_MASTER_FSM);
}
+out_unlock:
+ mlxbf_i2c_smbus_master_unlock(priv);
+
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 321/862] Bluetooth: hci_core: Fix not handling link timeouts propertly
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 320/862] i2c: mlxbf: support lock mechanism Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 322/862] xfrm: Reinject transport-mode packets through workqueue Greg Kroah-Hartman
` (555 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
David Beinder, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 116523c8fac05d1d26f748fee7919a4ec5df67ea ]
Change that introduced the use of __check_timeout did not account for
link types properly, it always assumes ACL_LINK is used thus causing
hdev->acl_last_tx to be used even in case of LE_LINK and then again
uses ACL_LINK with hci_link_tx_to.
To fix this __check_timeout now takes the link type as parameter and
then procedure to use the right last_tx based on the link type and pass
it to hci_link_tx_to.
Fixes: 1b1d29e51499 ("Bluetooth: Make use of __check_timeout on hci_sched_le")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: David Beinder <david@beinder.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_core.c | 34 +++++++++++++++++++++++-----------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 9873d2e67988..e6be18eb7fe6 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -3478,15 +3478,27 @@ static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
}
-static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
+static void __check_timeout(struct hci_dev *hdev, unsigned int cnt, u8 type)
{
- if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
- /* ACL tx timeout must be longer than maximum
- * link supervision timeout (40.9 seconds) */
- if (!cnt && time_after(jiffies, hdev->acl_last_tx +
- HCI_ACL_TX_TIMEOUT))
- hci_link_tx_to(hdev, ACL_LINK);
+ unsigned long last_tx;
+
+ if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
+ return;
+
+ switch (type) {
+ case LE_LINK:
+ last_tx = hdev->le_last_tx;
+ break;
+ default:
+ last_tx = hdev->acl_last_tx;
+ break;
}
+
+ /* tx timeout must be longer than maximum link supervision timeout
+ * (40.9 seconds)
+ */
+ if (!cnt && time_after(jiffies, last_tx + HCI_ACL_TX_TIMEOUT))
+ hci_link_tx_to(hdev, type);
}
/* Schedule SCO */
@@ -3544,7 +3556,7 @@ static void hci_sched_acl_pkt(struct hci_dev *hdev)
struct sk_buff *skb;
int quote;
- __check_timeout(hdev, cnt);
+ __check_timeout(hdev, cnt, ACL_LINK);
while (hdev->acl_cnt &&
(chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
@@ -3587,8 +3599,6 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
int quote;
u8 type;
- __check_timeout(hdev, cnt);
-
BT_DBG("%s", hdev->name);
if (hdev->dev_type == HCI_AMP)
@@ -3596,6 +3606,8 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
else
type = ACL_LINK;
+ __check_timeout(hdev, cnt, type);
+
while (hdev->block_cnt > 0 &&
(chan = hci_chan_sent(hdev, type, "e))) {
u32 priority = (skb_peek(&chan->data_q))->priority;
@@ -3669,7 +3681,7 @@ static void hci_sched_le(struct hci_dev *hdev)
cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
- __check_timeout(hdev, cnt);
+ __check_timeout(hdev, cnt, LE_LINK);
tmp = cnt;
while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 322/862] xfrm: Reinject transport-mode packets through workqueue
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 321/862] Bluetooth: hci_core: Fix not handling link timeouts propertly Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 323/862] netfilter: nft_fib: Fix for rpath check with VRF devices Greg Kroah-Hartman
` (554 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Jian, Steffen Klassert, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 4f4920669d21e1060b7243e5118dc3b71ced1276 ]
The following warning is displayed when the tcp6-multi-diffip11 stress
test case of the LTP test suite is tested:
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198]
CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39
Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : des3_ede_encrypt+0x27c/0x460 [libdes]
lr : 0x3f
sp : ffff80000ceaa1b0
x29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280
x26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b
x23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038
x20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033
x17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248
x14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548
x11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748
x8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b
x5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3
x2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872
Call trace:
des3_ede_encrypt+0x27c/0x460 [libdes]
crypto_des3_ede_encrypt+0x1c/0x30 [des_generic]
crypto_cbc_encrypt+0x148/0x190
crypto_skcipher_encrypt+0x2c/0x40
crypto_authenc_encrypt+0xc8/0xfc [authenc]
crypto_aead_encrypt+0x2c/0x40
echainiv_encrypt+0x144/0x1a0 [echainiv]
crypto_aead_encrypt+0x2c/0x40
esp6_output_tail+0x1c8/0x5d0 [esp6]
esp6_output+0x120/0x278 [esp6]
xfrm_output_one+0x458/0x4ec
xfrm_output_resume+0x6c/0x1f0
xfrm_output+0xac/0x4ac
__xfrm6_output+0x130/0x270
xfrm6_output+0x60/0xec
ip6_xmit+0x2ec/0x5bc
inet6_csk_xmit+0xbc/0x10c
__tcp_transmit_skb+0x460/0x8c0
tcp_write_xmit+0x348/0x890
__tcp_push_pending_frames+0x44/0x110
tcp_rcv_established+0x3c8/0x720
tcp_v6_do_rcv+0xdc/0x4a0
tcp_v6_rcv+0xc24/0xcb0
ip6_protocol_deliver_rcu+0xf0/0x574
ip6_input_finish+0x48/0x7c
ip6_input+0x48/0xc0
ip6_rcv_finish+0x80/0x9c
xfrm_trans_reinject+0xb0/0xf4
tasklet_action_common.constprop.0+0xf8/0x134
tasklet_action+0x30/0x3c
__do_softirq+0x128/0x368
do_softirq+0xb4/0xc0
__local_bh_enable_ip+0xb0/0xb4
put_cpu_fpsimd_context+0x40/0x70
kernel_neon_end+0x20/0x40
sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce]
sha1_ce_finup+0x94/0x110 [sha1_ce]
crypto_shash_finup+0x34/0xc0
hmac_finup+0x48/0xe0
crypto_shash_finup+0x34/0xc0
shash_digest_unaligned+0x74/0x90
crypto_shash_digest+0x4c/0x9c
shash_ahash_digest+0xc8/0xf0
shash_async_digest+0x28/0x34
crypto_ahash_digest+0x48/0xcc
crypto_authenc_genicv+0x88/0xcc [authenc]
crypto_authenc_encrypt+0xd8/0xfc [authenc]
crypto_aead_encrypt+0x2c/0x40
echainiv_encrypt+0x144/0x1a0 [echainiv]
crypto_aead_encrypt+0x2c/0x40
esp6_output_tail+0x1c8/0x5d0 [esp6]
esp6_output+0x120/0x278 [esp6]
xfrm_output_one+0x458/0x4ec
xfrm_output_resume+0x6c/0x1f0
xfrm_output+0xac/0x4ac
__xfrm6_output+0x130/0x270
xfrm6_output+0x60/0xec
ip6_xmit+0x2ec/0x5bc
inet6_csk_xmit+0xbc/0x10c
__tcp_transmit_skb+0x460/0x8c0
tcp_write_xmit+0x348/0x890
__tcp_push_pending_frames+0x44/0x110
tcp_push+0xb4/0x14c
tcp_sendmsg_locked+0x71c/0xb64
tcp_sendmsg+0x40/0x6c
inet6_sendmsg+0x4c/0x80
sock_sendmsg+0x5c/0x6c
__sys_sendto+0x128/0x15c
__arm64_sys_sendto+0x30/0x40
invoke_syscall+0x50/0x120
el0_svc_common.constprop.0+0x170/0x194
do_el0_svc+0x38/0x4c
el0_svc+0x28/0xe0
el0t_64_sync_handler+0xbc/0x13c
el0t_64_sync+0x180/0x184
Get softirq info by bcc tool:
./softirqs -NT 10
Tracing soft irq event time... Hit Ctrl-C to end.
15:34:34
SOFTIRQ TOTAL_nsecs
block 158990
timer 20030920
sched 46577080
net_rx 676746820
tasklet 9906067650
15:34:45
SOFTIRQ TOTAL_nsecs
block 86100
sched 38849790
net_rx 676532470
timer 1163848790
tasklet 9409019620
15:34:55
SOFTIRQ TOTAL_nsecs
sched 58078450
net_rx 475156720
timer 533832410
tasklet 9431333300
The tasklet software interrupt takes too much time. Therefore, the
xfrm_trans_reinject executor is changed from tasklet to workqueue. Add add
spin lock to protect the queue. This reduces the processing flow of the
tcp_sendmsg function in this scenario.
Fixes: acf568ee859f0 ("xfrm: Reinject transport-mode packets through tasklet")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_input.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index b2f4ec9c537f..aa5220565763 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -24,7 +24,8 @@
#include "xfrm_inout.h"
struct xfrm_trans_tasklet {
- struct tasklet_struct tasklet;
+ struct work_struct work;
+ spinlock_t queue_lock;
struct sk_buff_head queue;
};
@@ -760,18 +761,22 @@ int xfrm_input_resume(struct sk_buff *skb, int nexthdr)
}
EXPORT_SYMBOL(xfrm_input_resume);
-static void xfrm_trans_reinject(struct tasklet_struct *t)
+static void xfrm_trans_reinject(struct work_struct *work)
{
- struct xfrm_trans_tasklet *trans = from_tasklet(trans, t, tasklet);
+ struct xfrm_trans_tasklet *trans = container_of(work, struct xfrm_trans_tasklet, work);
struct sk_buff_head queue;
struct sk_buff *skb;
__skb_queue_head_init(&queue);
+ spin_lock_bh(&trans->queue_lock);
skb_queue_splice_init(&trans->queue, &queue);
+ spin_unlock_bh(&trans->queue_lock);
+ local_bh_disable();
while ((skb = __skb_dequeue(&queue)))
XFRM_TRANS_SKB_CB(skb)->finish(XFRM_TRANS_SKB_CB(skb)->net,
NULL, skb);
+ local_bh_enable();
}
int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb,
@@ -789,8 +794,10 @@ int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb,
XFRM_TRANS_SKB_CB(skb)->finish = finish;
XFRM_TRANS_SKB_CB(skb)->net = net;
+ spin_lock_bh(&trans->queue_lock);
__skb_queue_tail(&trans->queue, skb);
- tasklet_schedule(&trans->tasklet);
+ spin_unlock_bh(&trans->queue_lock);
+ schedule_work(&trans->work);
return 0;
}
EXPORT_SYMBOL(xfrm_trans_queue_net);
@@ -817,7 +824,8 @@ void __init xfrm_input_init(void)
struct xfrm_trans_tasklet *trans;
trans = &per_cpu(xfrm_trans_tasklet, i);
+ spin_lock_init(&trans->queue_lock);
__skb_queue_head_init(&trans->queue);
- tasklet_setup(&trans->tasklet, xfrm_trans_reinject);
+ INIT_WORK(&trans->work, xfrm_trans_reinject);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 323/862] netfilter: nft_fib: Fix for rpath check with VRF devices
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 322/862] xfrm: Reinject transport-mode packets through workqueue Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 324/862] spi: s3c64xx: Fix large transfers with DMA Greg Kroah-Hartman
` (553 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Sutter, Florian Westphal, Sasha Levin
From: Phil Sutter <phil@nwl.cc>
[ Upstream commit 2a8a7c0eaa8747c16aa4a48d573aa920d5c00a5c ]
Analogous to commit b575b24b8eee3 ("netfilter: Fix rpfilter
dropping vrf packets by mistake") but for nftables fib expression:
Add special treatment of VRF devices so that typical reverse path
filtering via 'fib saddr . iif oif' expression works as expected.
Fixes: f6d0cbcf09c50 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/netfilter/nft_fib_ipv4.c | 3 +++
net/ipv6/netfilter/nft_fib_ipv6.c | 6 +++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c
index b75cac69bd7e..7ade04ff972d 100644
--- a/net/ipv4/netfilter/nft_fib_ipv4.c
+++ b/net/ipv4/netfilter/nft_fib_ipv4.c
@@ -83,6 +83,9 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,
else
oif = NULL;
+ if (priv->flags & NFTA_FIB_F_IIF)
+ fl4.flowi4_oif = l3mdev_master_ifindex_rcu(oif);
+
if (nft_hook(pkt) == NF_INET_PRE_ROUTING &&
nft_fib_is_loopback(pkt->skb, nft_in(pkt))) {
nft_fib_store_result(dest, priv, nft_in(pkt));
diff --git a/net/ipv6/netfilter/nft_fib_ipv6.c b/net/ipv6/netfilter/nft_fib_ipv6.c
index 8970d0b4faeb..1d7e520d9966 100644
--- a/net/ipv6/netfilter/nft_fib_ipv6.c
+++ b/net/ipv6/netfilter/nft_fib_ipv6.c
@@ -41,6 +41,9 @@ static int nft_fib6_flowi_init(struct flowi6 *fl6, const struct nft_fib *priv,
if (ipv6_addr_type(&fl6->daddr) & IPV6_ADDR_LINKLOCAL) {
lookup_flags |= RT6_LOOKUP_F_IFACE;
fl6->flowi6_oif = get_ifindex(dev ? dev : pkt->skb->dev);
+ } else if ((priv->flags & NFTA_FIB_F_IIF) &&
+ (netif_is_l3_master(dev) || netif_is_l3_slave(dev))) {
+ fl6->flowi6_oif = dev->ifindex;
}
if (ipv6_addr_type(&fl6->saddr) & IPV6_ADDR_UNICAST)
@@ -197,7 +200,8 @@ void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs,
if (rt->rt6i_flags & (RTF_REJECT | RTF_ANYCAST | RTF_LOCAL))
goto put_rt_err;
- if (oif && oif != rt->rt6i_idev->dev)
+ if (oif && oif != rt->rt6i_idev->dev &&
+ l3mdev_master_ifindex_rcu(rt->rt6i_idev->dev) != oif->ifindex)
goto put_rt_err;
nft_fib_store_result(dest, priv, rt->rt6i_idev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 324/862] spi: s3c64xx: Fix large transfers with DMA
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 323/862] netfilter: nft_fib: Fix for rpath check with VRF devices Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 325/862] Bluetooth: Prevent double register of suspend Greg Kroah-Hartman
` (552 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Whitchurch, Mark Brown, Sasha Levin
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
[ Upstream commit 1224e29572f655facfcd850cf0f0a4784f36a903 ]
The COUNT_VALUE in the PACKET_CNT register is 16-bit so the maximum
value is 65535. Asking the driver to transfer a larger size currently
leads to the DMA transfer timing out. Implement ->max_transfer_size()
and have the core split the transfer as needed.
Fixes: 230d42d422e7 ("spi: Add s3c64xx SPI Controller driver")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Link: https://lore.kernel.org/r/20220927112117.77599-5-vincent.whitchurch@axis.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-s3c64xx.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/spi/spi-s3c64xx.c b/drivers/spi/spi-s3c64xx.c
index 651c35dd9124..71d324ec9a70 100644
--- a/drivers/spi/spi-s3c64xx.c
+++ b/drivers/spi/spi-s3c64xx.c
@@ -84,6 +84,7 @@
#define S3C64XX_SPI_ST_TX_FIFORDY (1<<0)
#define S3C64XX_SPI_PACKET_CNT_EN (1<<16)
+#define S3C64XX_SPI_PACKET_CNT_MASK GENMASK(15, 0)
#define S3C64XX_SPI_PND_TX_UNDERRUN_CLR (1<<4)
#define S3C64XX_SPI_PND_TX_OVERRUN_CLR (1<<3)
@@ -711,6 +712,13 @@ static int s3c64xx_spi_prepare_message(struct spi_master *master,
return 0;
}
+static size_t s3c64xx_spi_max_transfer_size(struct spi_device *spi)
+{
+ struct spi_controller *ctlr = spi->controller;
+
+ return ctlr->can_dma ? S3C64XX_SPI_PACKET_CNT_MASK : SIZE_MAX;
+}
+
static int s3c64xx_spi_transfer_one(struct spi_master *master,
struct spi_device *spi,
struct spi_transfer *xfer)
@@ -1152,6 +1160,7 @@ static int s3c64xx_spi_probe(struct platform_device *pdev)
master->unprepare_transfer_hardware = s3c64xx_spi_unprepare_transfer;
master->prepare_message = s3c64xx_spi_prepare_message;
master->transfer_one = s3c64xx_spi_transfer_one;
+ master->max_transfer_size = s3c64xx_spi_max_transfer_size;
master->num_chipselect = sci->num_cs;
master->use_gpio_descriptors = true;
master->dma_alignment = 8;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 325/862] Bluetooth: Prevent double register of suspend
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 324/862] spi: s3c64xx: Fix large transfers with DMA Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 326/862] wifi: rtl8xxxu: gen2: Enable 40 MHz channel width Greg Kroah-Hartman
` (551 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Abhishek Pandit-Subedi,
Luiz Augusto von Dentz, Sasha Levin
From: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
[ Upstream commit 4b8af331bb4d4cc8bb91c284b11b98dd1e265185 ]
Suspend notifier should only be registered and unregistered once per
hdev. Simplify this by only registering during driver registration and
simply exiting early when HCI_USER_CHANNEL is set.
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 359ee4f834f5 (Bluetooth: Unregister suspend with userchannel)
Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_core.c | 4 ++++
net/bluetooth/hci_sock.c | 3 ---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index e6be18eb7fe6..6ae5aa5c0927 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2400,6 +2400,10 @@ static int hci_suspend_notifier(struct notifier_block *nb, unsigned long action,
container_of(nb, struct hci_dev, suspend_notifier);
int ret = 0;
+ /* Userspace has full control of this device. Do nothing. */
+ if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
+ return NOTIFY_DONE;
+
if (action == PM_SUSPEND_PREPARE)
ret = hci_suspend_dev(hdev);
else if (action == PM_POST_SUSPEND)
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 0d015d4a8e41..bd8358b44aa4 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -887,7 +887,6 @@ static int hci_sock_release(struct socket *sock)
*/
hci_dev_do_close(hdev);
hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
- hci_register_suspend_notifier(hdev);
mgmt_index_added(hdev);
}
@@ -1216,7 +1215,6 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
}
mgmt_index_removed(hdev);
- hci_unregister_suspend_notifier(hdev);
err = hci_dev_open(hdev->id);
if (err) {
@@ -1231,7 +1229,6 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
err = 0;
} else {
hci_dev_clear_flag(hdev, HCI_USER_CHANNEL);
- hci_register_suspend_notifier(hdev);
mgmt_index_added(hdev);
hci_dev_put(hdev);
goto done;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 326/862] wifi: rtl8xxxu: gen2: Enable 40 MHz channel width
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 325/862] Bluetooth: Prevent double register of suspend Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 327/862] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Greg Kroah-Hartman
` (550 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Jes Sorensen,
Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit a8b5aef2cca15b7fa533421d462e4e0a3429bd6f ]
The module parameter ht40_2g was supposed to enable 40 MHz operation,
but it didn't.
Tell the firmware about the channel width when updating the rate mask.
This makes it work with my gen 2 chip RTL8188FU.
I'm not sure if anything needs to be done for the gen 1 chips, if 40
MHz channel width already works or not. They update the rate mask with
a different structure which doesn't have a field for the channel width.
Also set the channel width correctly for sta_statistics.
Fixes: f653e69009c6 ("rtl8xxxu: Implement basic 8723b specific update_rate_mask() function")
Fixes: bd917b3d28c9 ("rtl8xxxu: fill up txrate info for gen1 chips")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Jes Sorensen <jes@trained-monkey.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/3a950997-7580-8a6b-97a0-e0a81a135456@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 6 +++---
.../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 21 +++++++++++++------
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
index 7ddce3c3f0c4..782b089a2e1b 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
@@ -1425,7 +1425,7 @@ struct rtl8xxxu_fileops {
void (*set_tx_power) (struct rtl8xxxu_priv *priv, int channel,
bool ht40);
void (*update_rate_mask) (struct rtl8xxxu_priv *priv,
- u32 ramask, u8 rateid, int sgi);
+ u32 ramask, u8 rateid, int sgi, int txbw_40mhz);
void (*report_connect) (struct rtl8xxxu_priv *priv,
u8 macid, bool connect);
void (*fill_txdesc) (struct ieee80211_hw *hw, struct ieee80211_hdr *hdr,
@@ -1511,9 +1511,9 @@ void rtl8xxxu_gen2_config_channel(struct ieee80211_hw *hw);
void rtl8xxxu_gen1_usb_quirks(struct rtl8xxxu_priv *priv);
void rtl8xxxu_gen2_usb_quirks(struct rtl8xxxu_priv *priv);
void rtl8xxxu_update_rate_mask(struct rtl8xxxu_priv *priv,
- u32 ramask, u8 rateid, int sgi);
+ u32 ramask, u8 rateid, int sgi, int txbw_40mhz);
void rtl8xxxu_gen2_update_rate_mask(struct rtl8xxxu_priv *priv,
- u32 ramask, u8 rateid, int sgi);
+ u32 ramask, u8 rateid, int sgi, int txbw_40mhz);
void rtl8xxxu_gen1_report_connect(struct rtl8xxxu_priv *priv,
u8 macid, bool connect);
void rtl8xxxu_gen2_report_connect(struct rtl8xxxu_priv *priv,
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index 41d46c54444f..d8f5b4bb1fa9 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4320,7 +4320,7 @@ static void rtl8xxxu_sw_scan_complete(struct ieee80211_hw *hw,
}
void rtl8xxxu_update_rate_mask(struct rtl8xxxu_priv *priv,
- u32 ramask, u8 rateid, int sgi)
+ u32 ramask, u8 rateid, int sgi, int txbw_40mhz)
{
struct h2c_cmd h2c;
@@ -4340,10 +4340,15 @@ void rtl8xxxu_update_rate_mask(struct rtl8xxxu_priv *priv,
}
void rtl8xxxu_gen2_update_rate_mask(struct rtl8xxxu_priv *priv,
- u32 ramask, u8 rateid, int sgi)
+ u32 ramask, u8 rateid, int sgi, int txbw_40mhz)
{
struct h2c_cmd h2c;
- u8 bw = RTL8XXXU_CHANNEL_WIDTH_20;
+ u8 bw;
+
+ if (txbw_40mhz)
+ bw = RTL8XXXU_CHANNEL_WIDTH_40;
+ else
+ bw = RTL8XXXU_CHANNEL_WIDTH_20;
memset(&h2c, 0, sizeof(struct h2c_cmd));
@@ -4621,7 +4626,11 @@ rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
RATE_INFO_FLAGS_SHORT_GI;
}
- rarpt->txrate.bw |= RATE_INFO_BW_20;
+ if (rtl8xxxu_ht40_2g &&
+ (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40))
+ rarpt->txrate.bw = RATE_INFO_BW_40;
+ else
+ rarpt->txrate.bw = RATE_INFO_BW_20;
}
bit_rate = cfg80211_calculate_bitrate(&rarpt->txrate);
rarpt->bit_rate = bit_rate;
@@ -4630,7 +4639,7 @@ rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
priv->vif = vif;
priv->rssi_level = RTL8XXXU_RATR_STA_INIT;
- priv->fops->update_rate_mask(priv, ramask, 0, sgi);
+ priv->fops->update_rate_mask(priv, ramask, 0, sgi, rarpt->txrate.bw == RATE_INFO_BW_40);
rtl8xxxu_write8(priv, REG_BCN_MAX_ERR, 0xff);
@@ -6344,7 +6353,7 @@ static void rtl8xxxu_refresh_rate_mask(struct rtl8xxxu_priv *priv,
}
priv->rssi_level = rssi_level;
- priv->fops->update_rate_mask(priv, rate_bitmap, ratr_idx, sgi);
+ priv->fops->update_rate_mask(priv, rate_bitmap, ratr_idx, sgi, txbw_40mhz);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 327/862] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 326/862] wifi: rtl8xxxu: gen2: Enable 40 MHz channel width Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 328/862] vhost/vsock: Use kvmalloc/kvfree for larger packets Greg Kroah-Hartman
` (549 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bitterblue Smith, Jes Sorensen,
Kalle Valo, Sasha Levin
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
[ Upstream commit 5574d3290449916397f3092dcd2bac92415498e1 ]
ieee80211_tx_queue_params.aifs is not supposed to be written directly
to the REG_EDCA_*_PARAM registers. Instead process it like the vendor
drivers do. It's kinda hacky but it works.
This change boosts the download speed and makes it more stable.
Tested with RTL8188FU but all the other supported chips should also
benefit.
Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Jes Sorensen <jes@trained-monkey.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/038cc03f-3567-77ba-a7bd-c4930e3b2fad@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 49 +++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index d8f5b4bb1fa9..08f9d17dce12 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4560,6 +4560,53 @@ rtl8xxxu_wireless_mode(struct ieee80211_hw *hw, struct ieee80211_sta *sta)
return network_type;
}
+static void rtl8xxxu_set_aifs(struct rtl8xxxu_priv *priv, u8 slot_time)
+{
+ u32 reg_edca_param[IEEE80211_NUM_ACS] = {
+ [IEEE80211_AC_VO] = REG_EDCA_VO_PARAM,
+ [IEEE80211_AC_VI] = REG_EDCA_VI_PARAM,
+ [IEEE80211_AC_BE] = REG_EDCA_BE_PARAM,
+ [IEEE80211_AC_BK] = REG_EDCA_BK_PARAM,
+ };
+ u32 val32;
+ u16 wireless_mode = 0;
+ u8 aifs, aifsn, sifs;
+ int i;
+
+ if (priv->vif) {
+ struct ieee80211_sta *sta;
+
+ rcu_read_lock();
+ sta = ieee80211_find_sta(priv->vif, priv->vif->bss_conf.bssid);
+ if (sta)
+ wireless_mode = rtl8xxxu_wireless_mode(priv->hw, sta);
+ rcu_read_unlock();
+ }
+
+ if (priv->hw->conf.chandef.chan->band == NL80211_BAND_5GHZ ||
+ (wireless_mode & WIRELESS_MODE_N_24G))
+ sifs = 16;
+ else
+ sifs = 10;
+
+ for (i = 0; i < IEEE80211_NUM_ACS; i++) {
+ val32 = rtl8xxxu_read32(priv, reg_edca_param[i]);
+
+ /* It was set in conf_tx. */
+ aifsn = val32 & 0xff;
+
+ /* aifsn not set yet or already fixed */
+ if (aifsn < 2 || aifsn > 15)
+ continue;
+
+ aifs = aifsn * slot_time + sifs;
+
+ val32 &= ~0xff;
+ val32 |= aifs;
+ rtl8xxxu_write32(priv, reg_edca_param[i], val32);
+ }
+}
+
static void
rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
struct ieee80211_bss_conf *bss_conf, u64 changed)
@@ -4679,6 +4726,8 @@ rtl8xxxu_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
else
val8 = 20;
rtl8xxxu_write8(priv, REG_SLOT, val8);
+
+ rtl8xxxu_set_aifs(priv, val8);
}
if (changed & BSS_CHANGED_BSSID) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 328/862] vhost/vsock: Use kvmalloc/kvfree for larger packets.
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 327/862] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 329/862] eth: alx: take rtnl_lock on resume Greg Kroah-Hartman
` (548 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Junichi Uekawa, Stefano Garzarella,
Michael S. Tsirkin, Jakub Kicinski, Sasha Levin
From: Junichi Uekawa <uekawa@chromium.org>
[ Upstream commit 0e3f72931fc47bb81686020cc643cde5d9cd0bb8 ]
When copying a large file over sftp over vsock, data size is usually 32kB,
and kmalloc seems to fail to try to allocate 32 32kB regions.
vhost-5837: page allocation failure: order:4, mode:0x24040c0
Call Trace:
[<ffffffffb6a0df64>] dump_stack+0x97/0xdb
[<ffffffffb68d6aed>] warn_alloc_failed+0x10f/0x138
[<ffffffffb68d868a>] ? __alloc_pages_direct_compact+0x38/0xc8
[<ffffffffb664619f>] __alloc_pages_nodemask+0x84c/0x90d
[<ffffffffb6646e56>] alloc_kmem_pages+0x17/0x19
[<ffffffffb6653a26>] kmalloc_order_trace+0x2b/0xdb
[<ffffffffb66682f3>] __kmalloc+0x177/0x1f7
[<ffffffffb66e0d94>] ? copy_from_iter+0x8d/0x31d
[<ffffffffc0689ab7>] vhost_vsock_handle_tx_kick+0x1fa/0x301 [vhost_vsock]
[<ffffffffc06828d9>] vhost_worker+0xf7/0x157 [vhost]
[<ffffffffb683ddce>] kthread+0xfd/0x105
[<ffffffffc06827e2>] ? vhost_dev_set_owner+0x22e/0x22e [vhost]
[<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
[<ffffffffb6eb332e>] ret_from_fork+0x4e/0x80
[<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
Work around by doing kvmalloc instead.
Fixes: 433fc58e6bf2 ("VSOCK: Introduce vhost_vsock.ko")
Signed-off-by: Junichi Uekawa <uekawa@chromium.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/r/20220928064538.667678-1-uekawa@chromium.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vhost/vsock.c | 2 +-
net/vmw_vsock/virtio_transport_common.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 368330417bde..5703775af129 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -393,7 +393,7 @@ vhost_vsock_alloc_pkt(struct vhost_virtqueue *vq,
return NULL;
}
- pkt->buf = kmalloc(pkt->len, GFP_KERNEL);
+ pkt->buf = kvmalloc(pkt->len, GFP_KERNEL);
if (!pkt->buf) {
kfree(pkt);
return NULL;
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index ec2c2afbf0d0..3a12aee33e92 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -1342,7 +1342,7 @@ EXPORT_SYMBOL_GPL(virtio_transport_recv_pkt);
void virtio_transport_free_pkt(struct virtio_vsock_pkt *pkt)
{
- kfree(pkt->buf);
+ kvfree(pkt->buf);
kfree(pkt);
}
EXPORT_SYMBOL_GPL(virtio_transport_free_pkt);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 329/862] eth: alx: take rtnl_lock on resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 328/862] vhost/vsock: Use kvmalloc/kvfree for larger packets Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 330/862] mISDN: fix use-after-free bugs in l1oip timer handlers Greg Kroah-Hartman
` (547 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niels Dossche, Jakub Kicinski,
Sasha Levin, Zbynek Michl
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 6ad1c94e1e7e374d88f0cfd77936dddb8339aaba ]
Zbynek reports that alx trips an rtnl assertion on resume:
RTNL: assertion failed at net/core/dev.c (2891)
RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0
Call Trace:
<TASK>
__alx_open+0x230/0x570 [alx]
alx_resume+0x54/0x80 [alx]
? pci_legacy_resume+0x80/0x80
dpm_run_callback+0x4a/0x150
device_resume+0x8b/0x190
async_resume+0x19/0x30
async_run_entry_fn+0x30/0x130
process_one_work+0x1e5/0x3b0
indeed the driver does not hold rtnl_lock during its internal close
and re-open functions during suspend/resume. Note that this is not
a huge bug as the driver implements its own locking, and does not
implement changing the number of queues, but we need to silence
the splat.
Fixes: 4a5fe57e7751 ("alx: use fine-grained locking instead of RTNL")
Reported-and-tested-by: Zbynek Michl <zbynek.michl@gmail.com>
Reviewed-by: Niels Dossche <dossche.niels@gmail.com>
Link: https://lore.kernel.org/r/20220928181236.1053043-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/atheros/alx/main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
index a89b93cb4e26..d5939586c82e 100644
--- a/drivers/net/ethernet/atheros/alx/main.c
+++ b/drivers/net/ethernet/atheros/alx/main.c
@@ -1912,11 +1912,14 @@ static int alx_suspend(struct device *dev)
if (!netif_running(alx->dev))
return 0;
+
+ rtnl_lock();
netif_device_detach(alx->dev);
mutex_lock(&alx->mtx);
__alx_stop(alx);
mutex_unlock(&alx->mtx);
+ rtnl_unlock();
return 0;
}
@@ -1927,6 +1930,7 @@ static int alx_resume(struct device *dev)
struct alx_hw *hw = &alx->hw;
int err;
+ rtnl_lock();
mutex_lock(&alx->mtx);
alx_reset_phy(hw);
@@ -1943,6 +1947,7 @@ static int alx_resume(struct device *dev)
unlock:
mutex_unlock(&alx->mtx);
+ rtnl_unlock();
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 330/862] mISDN: fix use-after-free bugs in l1oip timer handlers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 329/862] eth: alx: take rtnl_lock on resume Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 331/862] sctp: handle the error returned from sctp_auth_asoc_init_active_key Greg Kroah-Hartman
` (546 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Leon Romanovsky,
David S. Miller, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 2568a7e0832ee30b0a351016d03062ab4e0e0a3f ]
The l1oip_cleanup() traverses the l1oip_ilist and calls
release_card() to cleanup module and stack. However,
release_card() calls del_timer() to delete the timers
such as keep_tl and timeout_tl. If the timer handler is
running, the del_timer() will not stop it and result in
UAF bugs. One of the processes is shown below:
(cleanup routine) | (timer handler)
release_card() | l1oip_timeout()
... |
del_timer() | ...
... |
kfree(hc) //FREE |
| hc->timeout_on = 0 //USE
Fix by calling del_timer_sync() in release_card(), which
makes sure the timer handlers have finished before the
resources, such as l1oip and so on, have been deallocated.
What's more, the hc->workq and hc->socket_thread can kick
those timers right back in. We add a bool flag to show
if card is released. Then, check this flag in hc->workq
and hc->socket_thread.
Fixes: 3712b42d4b1b ("Add layer1 over IP support")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/mISDN/l1oip.h | 1 +
drivers/isdn/mISDN/l1oip_core.c | 13 +++++++------
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/isdn/mISDN/l1oip.h b/drivers/isdn/mISDN/l1oip.h
index 7ea10db20e3a..48133d022812 100644
--- a/drivers/isdn/mISDN/l1oip.h
+++ b/drivers/isdn/mISDN/l1oip.h
@@ -59,6 +59,7 @@ struct l1oip {
int bundle; /* bundle channels in one frm */
int codec; /* codec to use for transmis. */
int limit; /* limit number of bchannels */
+ bool shutdown; /* if card is released */
/* timer */
struct timer_list keep_tl;
diff --git a/drivers/isdn/mISDN/l1oip_core.c b/drivers/isdn/mISDN/l1oip_core.c
index 2c40412466e6..a77195e378b7 100644
--- a/drivers/isdn/mISDN/l1oip_core.c
+++ b/drivers/isdn/mISDN/l1oip_core.c
@@ -275,7 +275,7 @@ l1oip_socket_send(struct l1oip *hc, u8 localcodec, u8 channel, u32 chanmask,
p = frame;
/* restart timer */
- if (time_before(hc->keep_tl.expires, jiffies + 5 * HZ))
+ if (time_before(hc->keep_tl.expires, jiffies + 5 * HZ) && !hc->shutdown)
mod_timer(&hc->keep_tl, jiffies + L1OIP_KEEPALIVE * HZ);
else
hc->keep_tl.expires = jiffies + L1OIP_KEEPALIVE * HZ;
@@ -601,7 +601,9 @@ l1oip_socket_parse(struct l1oip *hc, struct sockaddr_in *sin, u8 *buf, int len)
goto multiframe;
/* restart timer */
- if (time_before(hc->timeout_tl.expires, jiffies + 5 * HZ) || !hc->timeout_on) {
+ if ((time_before(hc->timeout_tl.expires, jiffies + 5 * HZ) ||
+ !hc->timeout_on) &&
+ !hc->shutdown) {
hc->timeout_on = 1;
mod_timer(&hc->timeout_tl, jiffies + L1OIP_TIMEOUT * HZ);
} else /* only adjust timer */
@@ -1232,11 +1234,10 @@ release_card(struct l1oip *hc)
{
int ch;
- if (timer_pending(&hc->keep_tl))
- del_timer(&hc->keep_tl);
+ hc->shutdown = true;
- if (timer_pending(&hc->timeout_tl))
- del_timer(&hc->timeout_tl);
+ del_timer_sync(&hc->keep_tl);
+ del_timer_sync(&hc->timeout_tl);
cancel_work_sync(&hc->workq);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 331/862] sctp: handle the error returned from sctp_auth_asoc_init_active_key
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 330/862] mISDN: fix use-after-free bugs in l1oip timer handlers Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 332/862] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Greg Kroah-Hartman
` (545 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+a236dd8e9622ed8954a3,
Xin Long, David S. Miller, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 022152aaebe116a25c39818a07e175a8cd3c1e11 ]
When it returns an error from sctp_auth_asoc_init_active_key(), the
active_key is actually not updated. The old sh_key will be freeed
while it's still used as active key in asoc. Then an use-after-free
will be triggered when sending patckets, as found by syzbot:
sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112
sctp_set_owner_w net/sctp/socket.c:132 [inline]
sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863
sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025
inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:734
This patch is to fix it by not replacing the sh_key when it returns
errors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key().
For sctp_auth_set_active_key(), old active_key_id will be set back
to asoc->active_key_id when the same thing happens.
Fixes: 58acd1009226 ("sctp: update active_key for asoc when old key is being replaced")
Reported-by: syzbot+a236dd8e9622ed8954a3@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/auth.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index db6b7373d16c..34964145514e 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -863,12 +863,17 @@ int sctp_auth_set_key(struct sctp_endpoint *ep,
}
list_del_init(&shkey->key_list);
- sctp_auth_shkey_release(shkey);
list_add(&cur_key->key_list, sh_keys);
- if (asoc && asoc->active_key_id == auth_key->sca_keynumber)
- sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
+ if (asoc && asoc->active_key_id == auth_key->sca_keynumber &&
+ sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
+ list_del_init(&cur_key->key_list);
+ sctp_auth_shkey_release(cur_key);
+ list_add(&shkey->key_list, sh_keys);
+ return -ENOMEM;
+ }
+ sctp_auth_shkey_release(shkey);
return 0;
}
@@ -902,8 +907,13 @@ int sctp_auth_set_active_key(struct sctp_endpoint *ep,
return -EINVAL;
if (asoc) {
+ __u16 active_key_id = asoc->active_key_id;
+
asoc->active_key_id = key_id;
- sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL);
+ if (sctp_auth_asoc_init_active_key(asoc, GFP_KERNEL)) {
+ asoc->active_key_id = active_key_id;
+ return -ENOMEM;
+ }
} else
ep->active_key_id = key_id;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 332/862] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 331/862] sctp: handle the error returned from sctp_auth_asoc_init_active_key Greg Kroah-Hartman
@ 2022-10-19 8:26 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 333/862] spi: Ensure that sg_table wont be used after being freed Greg Kroah-Hartman
` (544 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neal Cardwell, Kevin(Yudong) Yang,
Yuchung Cheng, Eric Dumazet, David S. Miller, Sasha Levin
From: Neal Cardwell <ncardwell@google.com>
[ Upstream commit f4ce91ce12a7c6ead19b128ffa8cff6e3ded2a14 ]
This commit fixes a bug in the tracking of max_packets_out and
is_cwnd_limited. This bug can cause the connection to fail to remember
that is_cwnd_limited is true, causing the connection to fail to grow
cwnd when it should, causing throughput to be lower than it should be.
The following event sequence is an example that triggers the bug:
(a) The connection is cwnd_limited, but packets_out is not at its
peak due to TSO deferral deciding not to send another skb yet.
In such cases the connection can advance max_packets_seq and set
tp->is_cwnd_limited to true and max_packets_out to a small
number.
(b) Then later in the round trip the connection is pacing-limited (not
cwnd-limited), and packets_out is larger. In such cases the
connection would raise max_packets_out to a bigger number but
(unexpectedly) flip tp->is_cwnd_limited from true to false.
This commit fixes that bug.
One straightforward fix would be to separately track (a) the next
window after max_packets_out reaches a maximum, and (b) the next
window after tp->is_cwnd_limited is set to true. But this would
require consuming an extra u32 sequence number.
Instead, to save space we track only the most important
information. Specifically, we track the strongest available signal of
the degree to which the cwnd is fully utilized:
(1) If the connection is cwnd-limited then we remember that fact for
the current window.
(2) If the connection not cwnd-limited then we track the maximum
number of outstanding packets in the current window.
In particular, note that the new logic cannot trigger the buggy
(a)/(b) sequence above because with the new logic a condition where
tp->packets_out > tp->max_packets_out can only trigger an update of
tp->is_cwnd_limited if tp->is_cwnd_limited is false.
This first showed up in a testing of a BBRv2 dev branch, but this
buggy behavior highlighted a general issue with the
tcp_cwnd_validate() logic that can cause cwnd to fail to increase at
the proper rate for any TCP congestion control, including Reno or
CUBIC.
Fixes: ca8a22634381 ("tcp: make cwnd-limited checks measurement-based, and gentler")
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Kevin(Yudong) Yang <yyd@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/tcp.h | 2 +-
include/net/tcp.h | 5 ++++-
net/ipv4/tcp.c | 2 ++
net/ipv4/tcp_output.c | 19 ++++++++++++-------
4 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index a9fbe22732c3..4791fd801945 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -295,7 +295,7 @@ struct tcp_sock {
u32 packets_out; /* Packets which are "in flight" */
u32 retrans_out; /* Retransmitted packets out */
u32 max_packets_out; /* max packets_out in last window */
- u32 max_packets_seq; /* right edge of max_packets_out flight */
+ u32 cwnd_usage_seq; /* right edge of cwnd usage tracking flight */
u16 urg_data; /* Saved octet of OOB data and control flags */
u8 ecn_flags; /* ECN status bits. */
diff --git a/include/net/tcp.h b/include/net/tcp.h
index d10962b9f0d0..95c1d51393ac 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1295,11 +1295,14 @@ static inline bool tcp_is_cwnd_limited(const struct sock *sk)
{
const struct tcp_sock *tp = tcp_sk(sk);
+ if (tp->is_cwnd_limited)
+ return true;
+
/* If in slow start, ensure cwnd grows to twice what was ACKed. */
if (tcp_in_slow_start(tp))
return tcp_snd_cwnd(tp) < 2 * tp->max_packets_out;
- return tp->is_cwnd_limited;
+ return false;
}
/* BBR congestion control needs pacing.
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index e373dde1f46f..997a80ce1e13 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3137,6 +3137,8 @@ int tcp_disconnect(struct sock *sk, int flags)
tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
tcp_snd_cwnd_set(tp, TCP_INIT_CWND);
tp->snd_cwnd_cnt = 0;
+ tp->is_cwnd_limited = 0;
+ tp->max_packets_out = 0;
tp->window_clamp = 0;
tp->delivered = 0;
tp->delivered_ce = 0;
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 290019de766d..c69f4d966024 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1875,15 +1875,20 @@ static void tcp_cwnd_validate(struct sock *sk, bool is_cwnd_limited)
const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
struct tcp_sock *tp = tcp_sk(sk);
- /* Track the maximum number of outstanding packets in each
- * window, and remember whether we were cwnd-limited then.
+ /* Track the strongest available signal of the degree to which the cwnd
+ * is fully utilized. If cwnd-limited then remember that fact for the
+ * current window. If not cwnd-limited then track the maximum number of
+ * outstanding packets in the current window. (If cwnd-limited then we
+ * chose to not update tp->max_packets_out to avoid an extra else
+ * clause with no functional impact.)
*/
- if (!before(tp->snd_una, tp->max_packets_seq) ||
- tp->packets_out > tp->max_packets_out ||
- is_cwnd_limited) {
- tp->max_packets_out = tp->packets_out;
- tp->max_packets_seq = tp->snd_nxt;
+ if (!before(tp->snd_una, tp->cwnd_usage_seq) ||
+ is_cwnd_limited ||
+ (!tp->is_cwnd_limited &&
+ tp->packets_out > tp->max_packets_out)) {
tp->is_cwnd_limited = is_cwnd_limited;
+ tp->max_packets_out = tp->packets_out;
+ tp->cwnd_usage_seq = tp->snd_nxt;
}
if (tcp_is_cwnd_limited(sk)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 333/862] spi: Ensure that sg_table wont be used after being freed
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2022-10-19 8:26 ` [PATCH 6.0 332/862] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 334/862] Bluetooth: hci_sync: Fix not indicating power state Greg Kroah-Hartman
` (543 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Mark Brown, Sasha Levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 8e9204cddcc3fea9affcfa411715ba4f66e97587 ]
SPI code checks for non-zero sgt->orig_nents to determine if the buffer
has been DMA-mapped. Ensure that sg_table is really zeroed after free to
avoid potential NULL pointer dereference if the given SPI xfer object is
reused again without being DMA-mapped.
Fixes: 0c17ba73c08f ("spi: Fix cache corruption due to DMA/PIO overlap")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20220930113408.19720-1-m.szyprowski@samsung.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 32c01e684af3..4b42f2302a8a 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -1097,6 +1097,8 @@ void spi_unmap_buf(struct spi_controller *ctlr, struct device *dev,
if (sgt->orig_nents) {
dma_unmap_sg(dev, sgt->sgl, sgt->orig_nents, dir);
sg_free_table(sgt);
+ sgt->orig_nents = 0;
+ sgt->nents = 0;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 334/862] Bluetooth: hci_sync: Fix not indicating power state
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 333/862] spi: Ensure that sg_table wont be used after being freed Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 335/862] hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller Greg Kroah-Hartman
` (542 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
Tedd Ho-Jeong An, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 6abf0dae8c3c927f54e62c46faf8aba580ba0d04 ]
When setting power state using legacy/non-mgmt API
(e.g hcitool hci0 up) the likes of mgmt_set_powered_complete won't be
called causing clients of the MGMT API to not be notified of the change
of the state.
Fixes: cf75ad8b41d2 ("Bluetooth: hci_sync: Convert MGMT_SET_POWERED")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_sync.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index fbd5613eebfc..f70798589bf5 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -4355,6 +4355,7 @@ int hci_dev_open_sync(struct hci_dev *hdev)
hci_dev_test_flag(hdev, HCI_MGMT) &&
hdev->dev_type == HCI_PRIMARY) {
ret = hci_powered_update_sync(hdev);
+ mgmt_power_on(hdev, ret);
}
} else {
/* Init failed, cleanup */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 335/862] hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 334/862] Bluetooth: hci_sync: Fix not indicating power state Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 336/862] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks() Greg Kroah-Hartman
` (541 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleksandr Shamray, Vadim Pasternak,
Guenter Roeck, Sasha Levin
From: Oleksandr Shamray <oleksandrs@nvidia.com>
[ Upstream commit 525dd5aed67a2f4f7278116fb92a24e6a53e2622 ]
Fix scale factors for reading MPS Multi-phase mp2888 controller.
Fixed sensors:
- PIN/POUT: based on vendor documentation, set bscale factor 0.5W/LSB
- IOUT: based on vendor documentation, set scale factor 0.25 A/LSB
Fixes: e4db7719d037 ("hwmon: (pmbus) Add support for MPS Multi-phase mp2888 controller")
Signed-off-by: Oleksandr Shamray <oleksandrs@nvidia.com>
Reviewed-by: Vadim Pasternak <vadimp@nvidia.com>
Link: https://lore.kernel.org/r/20220929121642.63051-1-oleksandrs@nvidia.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/pmbus/mp2888.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/hwmon/pmbus/mp2888.c b/drivers/hwmon/pmbus/mp2888.c
index 8ecd4adfef40..24e5194706cf 100644
--- a/drivers/hwmon/pmbus/mp2888.c
+++ b/drivers/hwmon/pmbus/mp2888.c
@@ -34,7 +34,7 @@ struct mp2888_data {
int curr_sense_gain;
};
-#define to_mp2888_data(x) container_of(x, struct mp2888_data, info)
+#define to_mp2888_data(x) container_of(x, struct mp2888_data, info)
static int mp2888_read_byte_data(struct i2c_client *client, int page, int reg)
{
@@ -109,7 +109,7 @@ mp2888_read_phase(struct i2c_client *client, struct mp2888_data *data, int page,
* - Kcs is the DrMOS current sense gain of power stage, which is obtained from the
* register MP2888_MFR_VR_CONFIG1, bits 13-12 with the following selection of DrMOS
* (data->curr_sense_gain):
- * 00b - 5µA/A, 01b - 8.5µA/A, 10b - 9.7µA/A, 11b - 10µA/A.
+ * 00b - 8.5µA/A, 01b - 9.7µA/A, 1b - 10µA/A, 11b - 5µA/A.
* - Rcs is the internal phase current sense resistor. This parameter depends on hardware
* assembly. By default it is set to 1kΩ. In case of different assembly, user should
* scale this parameter by dividing it by Rcs.
@@ -118,10 +118,9 @@ mp2888_read_phase(struct i2c_client *client, struct mp2888_data *data, int page,
* because sampling of current occurrence of bit weight has a big deviation, especially for
* light load.
*/
- ret = DIV_ROUND_CLOSEST(ret * 100 - 9800, data->curr_sense_gain);
- ret = (data->phase_curr_resolution) ? ret * 2 : ret;
+ ret = DIV_ROUND_CLOSEST(ret * 200 - 19600, data->curr_sense_gain);
/* Scale according to total current resolution. */
- ret = (data->total_curr_resolution) ? ret * 8 : ret * 4;
+ ret = (data->total_curr_resolution) ? ret * 2 : ret;
return ret;
}
@@ -212,7 +211,7 @@ static int mp2888_read_word_data(struct i2c_client *client, int page, int phase,
ret = pmbus_read_word_data(client, page, phase, reg);
if (ret < 0)
return ret;
- ret = data->total_curr_resolution ? ret * 2 : ret;
+ ret = data->total_curr_resolution ? ret : DIV_ROUND_CLOSEST(ret, 2);
break;
case PMBUS_POUT_OP_WARN_LIMIT:
ret = pmbus_read_word_data(client, page, phase, reg);
@@ -223,7 +222,7 @@ static int mp2888_read_word_data(struct i2c_client *client, int page, int phase,
* set 1. Actual power is reported with 0.5W or 1W respectively resolution. Scaling
* is needed to match both.
*/
- ret = data->total_curr_resolution ? ret * 4 : ret * 2;
+ ret = data->total_curr_resolution ? ret * 2 : ret;
break;
/*
* The below registers are not implemented by device or implemented not according to the
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 336/862] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 335/862] hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 337/862] af_unix: Fix memory leaks of the whole sk due to OOB skb Greg Kroah-Hartman
` (540 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Hillf Danton, Tetsuo Handa,
David S. Miller, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit a91b750fd6629354460282bbf5146c01b05c4859 ]
syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for
commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in
rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section
protected by lock_sock() without realizing that rds_send_xmit() might call
lock_sock().
We don't need to protect cancel_delayed_work_sync() using lock_sock(), for
even if rds_{send,recv}_worker() re-queued this work while __flush_work()
from cancel_delayed_work_sync() was waiting for this work to complete,
retried rds_{send,recv}_worker() is no-op due to the absence of RDS_CONN_UP
bit.
Link: https://syzkaller.appspot.com/bug?extid=78c55c7bc6f66e53dce2 [1]
Reported-by: syzbot <syzbot+78c55c7bc6f66e53dce2@syzkaller.appspotmail.com>
Co-developed-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+78c55c7bc6f66e53dce2@syzkaller.appspotmail.com>
Fixes: ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rds_tcp_reset_callbacks()")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rds/tcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index 73ee2771093d..d0ff413f697c 100644
--- a/net/rds/tcp.c
+++ b/net/rds/tcp.c
@@ -166,10 +166,10 @@ void rds_tcp_reset_callbacks(struct socket *sock,
*/
atomic_set(&cp->cp_state, RDS_CONN_RESETTING);
wait_event(cp->cp_waitq, !test_bit(RDS_IN_XMIT, &cp->cp_flags));
- lock_sock(osock->sk);
/* reset receive side state for rds_tcp_data_recv() for osock */
cancel_delayed_work_sync(&cp->cp_send_w);
cancel_delayed_work_sync(&cp->cp_recv_w);
+ lock_sock(osock->sk);
if (tc->t_tinc) {
rds_inc_put(&tc->t_tinc->ti_inc);
tc->t_tinc = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 337/862] af_unix: Fix memory leaks of the whole sk due to OOB skb.
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 336/862] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 338/862] net: prestera: acl: Add check for kmemdup Greg Kroah-Hartman
` (539 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Kuniyuki Iwashima,
David S. Miller, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 7a62ed61367b8fd01bae1e18e30602c25060d824 ]
syzbot reported a sequence of memory leaks, and one of them indicated we
failed to free a whole sk:
unreferenced object 0xffff8880126e0000 (size 1088):
comm "syz-executor419", pid 326, jiffies 4294773607 (age 12.609s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 7d 00 00 00 00 00 00 00 ........}.......
01 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............
backtrace:
[<000000006fefe750>] sk_prot_alloc+0x64/0x2a0 net/core/sock.c:1970
[<0000000074006db5>] sk_alloc+0x3b/0x800 net/core/sock.c:2029
[<00000000728cd434>] unix_create1+0xaf/0x920 net/unix/af_unix.c:928
[<00000000a279a139>] unix_create+0x113/0x1d0 net/unix/af_unix.c:997
[<0000000068259812>] __sock_create+0x2ab/0x550 net/socket.c:1516
[<00000000da1521e1>] sock_create net/socket.c:1566 [inline]
[<00000000da1521e1>] __sys_socketpair+0x1a8/0x550 net/socket.c:1698
[<000000007ab259e1>] __do_sys_socketpair net/socket.c:1751 [inline]
[<000000007ab259e1>] __se_sys_socketpair net/socket.c:1748 [inline]
[<000000007ab259e1>] __x64_sys_socketpair+0x97/0x100 net/socket.c:1748
[<000000007dedddc1>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<000000007dedddc1>] do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
[<000000009456679f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
We can reproduce this issue by creating two AF_UNIX SOCK_STREAM sockets,
send()ing an OOB skb to each other, and close()ing them without consuming
the OOB skbs.
int skpair[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, skpair);
send(skpair[0], "x", 1, MSG_OOB);
send(skpair[1], "x", 1, MSG_OOB);
close(skpair[0]);
close(skpair[1]);
Currently, we free an OOB skb in unix_sock_destructor() which is called via
__sk_free(), but it's too late because the receiver's unix_sk(sk)->oob_skb
is accounted against the sender's sk->sk_wmem_alloc and __sk_free() is
called only when sk->sk_wmem_alloc is 0.
In the repro sequences, we do not consume the OOB skb, so both two sk's
sock_put() never reach __sk_free() due to the positive sk->sk_wmem_alloc.
Then, no one can consume the OOB skb nor call __sk_free(), and we finally
leak the two whole sk.
Thus, we must free the unconsumed OOB skb earlier when close()ing the
socket.
Fixes: 314001f0bf92 ("af_unix: Add OOB support")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/unix/af_unix.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index bf338b782fc4..d686804119c9 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -569,12 +569,6 @@ static void unix_sock_destructor(struct sock *sk)
skb_queue_purge(&sk->sk_receive_queue);
-#if IS_ENABLED(CONFIG_AF_UNIX_OOB)
- if (u->oob_skb) {
- kfree_skb(u->oob_skb);
- u->oob_skb = NULL;
- }
-#endif
DEBUG_NET_WARN_ON_ONCE(refcount_read(&sk->sk_wmem_alloc));
DEBUG_NET_WARN_ON_ONCE(!sk_unhashed(sk));
DEBUG_NET_WARN_ON_ONCE(sk->sk_socket);
@@ -620,6 +614,13 @@ static void unix_release_sock(struct sock *sk, int embrion)
unix_state_unlock(sk);
+#if IS_ENABLED(CONFIG_AF_UNIX_OOB)
+ if (u->oob_skb) {
+ kfree_skb(u->oob_skb);
+ u->oob_skb = NULL;
+ }
+#endif
+
wake_up_interruptible_all(&u->peer_wait);
if (skpair != NULL) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 338/862] net: prestera: acl: Add check for kmemdup
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 337/862] af_unix: Fix memory leaks of the whole sk due to OOB skb Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 339/862] eth: lan743x: reject extts for non-pci11x1x devices Greg Kroah-Hartman
` (538 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Taras Chornyi,
David S. Miller, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 9e6fd874c7bb47b6a4295abc4c81b2f41b97e970 ]
As the kemdup could return NULL, it should be better to check the return
value and return error if fails.
Moreover, the return value of prestera_acl_ruleset_keymask_set() should
be checked by cascade.
Fixes: 604ba230902d ("net: prestera: flower template support")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Taras Chornyi<tchornyi@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/prestera/prestera_acl.c | 8 ++++++--
drivers/net/ethernet/marvell/prestera/prestera_acl.h | 4 ++--
drivers/net/ethernet/marvell/prestera/prestera_flower.c | 6 +++++-
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/marvell/prestera/prestera_acl.c b/drivers/net/ethernet/marvell/prestera/prestera_acl.c
index 3d4b85f2d541..f6b2933859d0 100644
--- a/drivers/net/ethernet/marvell/prestera/prestera_acl.c
+++ b/drivers/net/ethernet/marvell/prestera/prestera_acl.c
@@ -178,10 +178,14 @@ prestera_acl_ruleset_create(struct prestera_acl *acl,
return ERR_PTR(err);
}
-void prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
- void *keymask)
+int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
+ void *keymask)
{
ruleset->keymask = kmemdup(keymask, ACL_KEYMASK_SIZE, GFP_KERNEL);
+ if (!ruleset->keymask)
+ return -ENOMEM;
+
+ return 0;
}
int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset)
diff --git a/drivers/net/ethernet/marvell/prestera/prestera_acl.h b/drivers/net/ethernet/marvell/prestera/prestera_acl.h
index 03fc5b9dc925..131bfbc87cd7 100644
--- a/drivers/net/ethernet/marvell/prestera/prestera_acl.h
+++ b/drivers/net/ethernet/marvell/prestera/prestera_acl.h
@@ -185,8 +185,8 @@ struct prestera_acl_ruleset *
prestera_acl_ruleset_lookup(struct prestera_acl *acl,
struct prestera_flow_block *block,
u32 chain_index);
-void prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
- void *keymask);
+int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
+ void *keymask);
bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset);
int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset);
void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset);
diff --git a/drivers/net/ethernet/marvell/prestera/prestera_flower.c b/drivers/net/ethernet/marvell/prestera/prestera_flower.c
index 19d3b55c578e..cf551a8379ac 100644
--- a/drivers/net/ethernet/marvell/prestera/prestera_flower.c
+++ b/drivers/net/ethernet/marvell/prestera/prestera_flower.c
@@ -452,7 +452,9 @@ int prestera_flower_tmplt_create(struct prestera_flow_block *block,
}
/* preserve keymask/template to this ruleset */
- prestera_acl_ruleset_keymask_set(ruleset, rule.re_key.match.mask);
+ err = prestera_acl_ruleset_keymask_set(ruleset, rule.re_key.match.mask);
+ if (err)
+ goto err_ruleset_keymask_set;
/* skip error, as it is not possible to reject template operation,
* so, keep the reference to the ruleset for rules to be added
@@ -468,6 +470,8 @@ int prestera_flower_tmplt_create(struct prestera_flow_block *block,
list_add_rcu(&template->list, &block->template_list);
return 0;
+err_ruleset_keymask_set:
+ prestera_acl_ruleset_put(ruleset);
err_ruleset_get:
kfree(template);
err_malloc:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 339/862] eth: lan743x: reject extts for non-pci11x1x devices
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 338/862] net: prestera: acl: Add check for kmemdup Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 340/862] bnx2x: fix potential memory leak in bnx2x_tpa_stop() Greg Kroah-Hartman
` (537 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Raju Lakkaraju, Horatiu Vultur,
David S. Miller, Sasha Levin
From: Raju Lakkaraju <Raju.Lakkaraju@microchip.com>
[ Upstream commit cb4b12071a4b68df323c339f60805834246b3e9e ]
Remove PTP_PF_EXTTS support for non-PCI11x1x devices since they do not support
the PTP-IO Input event triggered timestamping mechanisms added
Fixes: 60942c397af6 ("net: lan743x: Add support for PTP-IO Event Input External Timestamp (extts)")
Signed-off-by: Raju Lakkaraju <Raju.Lakkaraju@microchip.com>
Reviewed-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/microchip/lan743x_ptp.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/ethernet/microchip/lan743x_ptp.c b/drivers/net/ethernet/microchip/lan743x_ptp.c
index 6a11e2ceb013..da3ea905adbb 100644
--- a/drivers/net/ethernet/microchip/lan743x_ptp.c
+++ b/drivers/net/ethernet/microchip/lan743x_ptp.c
@@ -1049,6 +1049,10 @@ static int lan743x_ptpci_verify_pin_config(struct ptp_clock_info *ptp,
enum ptp_pin_function func,
unsigned int chan)
{
+ struct lan743x_ptp *lan_ptp =
+ container_of(ptp, struct lan743x_ptp, ptp_clock_info);
+ struct lan743x_adapter *adapter =
+ container_of(lan_ptp, struct lan743x_adapter, ptp);
int result = 0;
/* Confirm the requested function is supported. Parameter
@@ -1057,7 +1061,10 @@ static int lan743x_ptpci_verify_pin_config(struct ptp_clock_info *ptp,
switch (func) {
case PTP_PF_NONE:
case PTP_PF_PEROUT:
+ break;
case PTP_PF_EXTTS:
+ if (!adapter->is_pci11x1x)
+ result = -1;
break;
case PTP_PF_PHYSYNC:
default:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 340/862] bnx2x: fix potential memory leak in bnx2x_tpa_stop()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 339/862] eth: lan743x: reject extts for non-pci11x1x devices Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 341/862] eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address Greg Kroah-Hartman
` (536 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, David S. Miller, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit b43f9acbb8942b05252be83ac25a81cec70cc192 ]
bnx2x_tpa_stop() allocates a memory chunk from new_data with
bnx2x_frag_alloc(). The new_data should be freed when gets some error.
But when "pad + len > fp->rx_buf_size" is true, bnx2x_tpa_stop() returns
without releasing the new_data, which will lead to a memory leak.
We should free the new_data with bnx2x_frag_free() when "pad + len >
fp->rx_buf_size" is true.
Fixes: 07b0f00964def8af9321cfd6c4a7e84f6362f728 ("bnx2x: fix possible panic under memory stress")
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index 712b5595bc39..24bfc65e28e1 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -789,6 +789,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp,
BNX2X_ERR("skb_put is about to fail... pad %d len %d rx_buf_size %d\n",
pad, len, fp->rx_buf_size);
bnx2x_panic();
+ bnx2x_frag_free(fp, new_data);
return;
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 341/862] eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 340/862] bnx2x: fix potential memory leak in bnx2x_tpa_stop() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 342/862] net: wwan: iosm: Call mutex_init before locking it Greg Kroah-Hartman
` (535 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Wang, David S. Miller, Sasha Levin
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 12aece8b01507a2d357a1861f470e83621fbb6f2 ]
This frees "mac" and tries to display its address as part of the error
message on the next line. Swap the order.
Fixes: fd3040b9394c ("net: ethernet: Add driver for Sunplus SP7021")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sunplus/spl2sw_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sunplus/spl2sw_driver.c b/drivers/net/ethernet/sunplus/spl2sw_driver.c
index 546206640492..61d1d07dc070 100644
--- a/drivers/net/ethernet/sunplus/spl2sw_driver.c
+++ b/drivers/net/ethernet/sunplus/spl2sw_driver.c
@@ -248,8 +248,8 @@ static int spl2sw_nvmem_get_mac_address(struct device *dev, struct device_node *
/* Check if mac address is valid */
if (!is_valid_ether_addr(mac)) {
- kfree(mac);
dev_info(dev, "Invalid mac address in nvmem (%pM)!\n", mac);
+ kfree(mac);
return -EINVAL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 342/862] net: wwan: iosm: Call mutex_init before locking it
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 341/862] eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 343/862] net/ieee802154: reject zero-sized raw_sendmsg() Greg Kroah-Hartman
` (534 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Mikityanskiy, M Chetan Kumar,
David S. Miller, Sasha Levin
From: Maxim Mikityanskiy <maxtram95@gmail.com>
[ Upstream commit ba0fbdb95da5ddd8db457ce6ba09d16dd979a294 ]
wwan_register_ops calls wwan_create_default_link, which ends up in the
ipc_wwan_newlink callback that locks ipc_wwan->if_mutex. However, this
mutex is not yet initialized by that point. Fix it by moving mutex_init
above the wwan_register_ops call. This also makes the order of
operations in ipc_wwan_init symmetric to ipc_wwan_deinit.
Fixes: 83068395bbfc ("net: iosm: create default link via WWAN core")
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Reviewed-by: M Chetan Kumar <m.chetan.kumar@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wwan/iosm/iosm_ipc_wwan.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wwan/iosm/iosm_ipc_wwan.c b/drivers/net/wwan/iosm/iosm_ipc_wwan.c
index 27151148c782..4712f01a7e33 100644
--- a/drivers/net/wwan/iosm/iosm_ipc_wwan.c
+++ b/drivers/net/wwan/iosm/iosm_ipc_wwan.c
@@ -323,15 +323,16 @@ struct iosm_wwan *ipc_wwan_init(struct iosm_imem *ipc_imem, struct device *dev)
ipc_wwan->dev = dev;
ipc_wwan->ipc_imem = ipc_imem;
+ mutex_init(&ipc_wwan->if_mutex);
+
/* WWAN core will create a netdev for the default IP MUX channel */
if (wwan_register_ops(ipc_wwan->dev, &iosm_wwan_ops, ipc_wwan,
IP_MUX_SESSION_DEFAULT)) {
+ mutex_destroy(&ipc_wwan->if_mutex);
kfree(ipc_wwan);
return NULL;
}
- mutex_init(&ipc_wwan->if_mutex);
-
return ipc_wwan;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 343/862] net/ieee802154: reject zero-sized raw_sendmsg()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 342/862] net: wwan: iosm: Call mutex_init before locking it Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 344/862] once: add DO_ONCE_SLOW() for sleepable contexts Greg Kroah-Hartman
` (533 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
David S. Miller, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5 ]
syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154
socket. What commit dc633700f00f726e ("net/af_packet: check len when
min_header_len equals to 0") does also applies to ieee802154 socket.
Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4
Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@syzkaller.appspotmail.com>
Fixes: fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ieee802154/socket.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index 7889e1ef7fad..cbd0e2ac4ffe 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -251,6 +251,9 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
return -EOPNOTSUPP;
}
+ if (!size)
+ return -EINVAL;
+
lock_sock(sk);
if (!sk->sk_bound_dev_if)
dev = dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 344/862] once: add DO_ONCE_SLOW() for sleepable contexts
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 343/862] net/ieee802154: reject zero-sized raw_sendmsg() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 345/862] net: mvpp2: fix mvpp2 debugfs leak Greg Kroah-Hartman
` (532 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Eric Dumazet,
Willy Tarreau, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 62c07983bef9d3e78e71189441e1a470f0d1e653 ]
Christophe Leroy reported a ~80ms latency spike
happening at first TCP connect() time.
This is because __inet_hash_connect() uses get_random_once()
to populate a perturbation table which became quite big
after commit 4c2c8f03a5ab ("tcp: increase source port perturb table to 2^16")
get_random_once() uses DO_ONCE(), which block hard irqs for the duration
of the operation.
This patch adds DO_ONCE_SLOW() which uses a mutex instead of a spinlock
for operations where we prefer to stay in process context.
Then __inet_hash_connect() can use get_random_slow_once()
to populate its perturbation table.
Fixes: 4c2c8f03a5ab ("tcp: increase source port perturb table to 2^16")
Fixes: 190cc82489f4 ("tcp: change source port randomizarion at connect() time")
Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/netdev/CANn89iLAEYBaoYajy0Y9UmGFff5GPxDUoG-ErVB2jDdRNQ5Tug@mail.gmail.com/T/#t
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Tested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/once.h | 28 ++++++++++++++++++++++++++++
lib/once.c | 30 ++++++++++++++++++++++++++++++
net/ipv4/inet_hashtables.c | 4 ++--
3 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/include/linux/once.h b/include/linux/once.h
index b14d8b309d52..176ab75b42df 100644
--- a/include/linux/once.h
+++ b/include/linux/once.h
@@ -5,10 +5,18 @@
#include <linux/types.h>
#include <linux/jump_label.h>
+/* Helpers used from arbitrary contexts.
+ * Hard irqs are blocked, be cautious.
+ */
bool __do_once_start(bool *done, unsigned long *flags);
void __do_once_done(bool *done, struct static_key_true *once_key,
unsigned long *flags, struct module *mod);
+/* Variant for process contexts only. */
+bool __do_once_slow_start(bool *done);
+void __do_once_slow_done(bool *done, struct static_key_true *once_key,
+ struct module *mod);
+
/* Call a function exactly once. The idea of DO_ONCE() is to perform
* a function call such as initialization of random seeds, etc, only
* once, where DO_ONCE() can live in the fast-path. After @func has
@@ -52,7 +60,27 @@ void __do_once_done(bool *done, struct static_key_true *once_key,
___ret; \
})
+/* Variant of DO_ONCE() for process/sleepable contexts. */
+#define DO_ONCE_SLOW(func, ...) \
+ ({ \
+ bool ___ret = false; \
+ static bool __section(".data.once") ___done = false; \
+ static DEFINE_STATIC_KEY_TRUE(___once_key); \
+ if (static_branch_unlikely(&___once_key)) { \
+ ___ret = __do_once_slow_start(&___done); \
+ if (unlikely(___ret)) { \
+ func(__VA_ARGS__); \
+ __do_once_slow_done(&___done, &___once_key, \
+ THIS_MODULE); \
+ } \
+ } \
+ ___ret; \
+ })
+
#define get_random_once(buf, nbytes) \
DO_ONCE(get_random_bytes, (buf), (nbytes))
+#define get_random_slow_once(buf, nbytes) \
+ DO_ONCE_SLOW(get_random_bytes, (buf), (nbytes))
+
#endif /* _LINUX_ONCE_H */
diff --git a/lib/once.c b/lib/once.c
index 59149bf3bfb4..351f66aad310 100644
--- a/lib/once.c
+++ b/lib/once.c
@@ -66,3 +66,33 @@ void __do_once_done(bool *done, struct static_key_true *once_key,
once_disable_jump(once_key, mod);
}
EXPORT_SYMBOL(__do_once_done);
+
+static DEFINE_MUTEX(once_mutex);
+
+bool __do_once_slow_start(bool *done)
+ __acquires(once_mutex)
+{
+ mutex_lock(&once_mutex);
+ if (*done) {
+ mutex_unlock(&once_mutex);
+ /* Keep sparse happy by restoring an even lock count on
+ * this mutex. In case we return here, we don't call into
+ * __do_once_done but return early in the DO_ONCE_SLOW() macro.
+ */
+ __acquire(once_mutex);
+ return false;
+ }
+
+ return true;
+}
+EXPORT_SYMBOL(__do_once_slow_start);
+
+void __do_once_slow_done(bool *done, struct static_key_true *once_key,
+ struct module *mod)
+ __releases(once_mutex)
+{
+ *done = true;
+ mutex_unlock(&once_mutex);
+ once_disable_jump(once_key, mod);
+}
+EXPORT_SYMBOL(__do_once_slow_done);
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index b9d995b5ce24..f5950a7172d6 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -729,8 +729,8 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
if (likely(remaining > 1))
remaining &= ~1U;
- net_get_random_once(table_perturb,
- INET_TABLE_PERTURB_SIZE * sizeof(*table_perturb));
+ get_random_slow_once(table_perturb,
+ INET_TABLE_PERTURB_SIZE * sizeof(*table_perturb));
index = port_offset & (INET_TABLE_PERTURB_SIZE - 1);
offset = READ_ONCE(table_perturb[index]) + (port_offset >> 32);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 345/862] net: mvpp2: fix mvpp2 debugfs leak
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 344/862] once: add DO_ONCE_SLOW() for sleepable contexts Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 346/862] drm: bridge: adv7511: fix CEC power down control register offset Greg Kroah-Hartman
` (531 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King (Oracle),
Marcin Wojtas, Jakub Kicinski, Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit 0152dfee235e87660f52a117fc9f70dc55956bb4 ]
When mvpp2 is unloaded, the driver specific debugfs directory is not
removed, which technically leads to a memory leak. However, this
directory is only created when the first device is probed, so the
hardware is present. Removing the module is only something a developer
would to when e.g. testing out changes, so the module would be
reloaded. So this memory leak is minor.
The original attempt in commit fe2c9c61f668 ("net: mvpp2: debugfs: fix
memory leak when using debugfs_lookup()") that was labelled as a memory
leak fix was not, it fixed a refcount leak, but in doing so created a
problem when the module is reloaded - the directory already exists, but
mvpp2_root is NULL, so we lose all debugfs entries. This fix has been
reverted.
This is the alternative fix, where we remove the offending directory
whenever the driver is unloaded.
Fixes: 21da57a23125 ("net: mvpp2: add a debugfs interface for the Header Parser")
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Marcin Wojtas <mw@semihalf.com>
Link: https://lore.kernel.org/r/E1ofOAB-00CzkG-UO@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 1 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c | 10 ++++++++--
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 13 ++++++++++++-
3 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
index ad73a488fc5f..11e603686a27 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h
@@ -1530,6 +1530,7 @@ u32 mvpp2_read(struct mvpp2 *priv, u32 offset);
void mvpp2_dbgfs_init(struct mvpp2 *priv, const char *name);
void mvpp2_dbgfs_cleanup(struct mvpp2 *priv);
+void mvpp2_dbgfs_exit(void);
void mvpp23_rx_fifo_fc_en(struct mvpp2 *priv, int port, bool en);
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c
index 4a3baa7e0142..75e83ea2a926 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c
@@ -691,6 +691,13 @@ static int mvpp2_dbgfs_port_init(struct dentry *parent,
return 0;
}
+static struct dentry *mvpp2_root;
+
+void mvpp2_dbgfs_exit(void)
+{
+ debugfs_remove(mvpp2_root);
+}
+
void mvpp2_dbgfs_cleanup(struct mvpp2 *priv)
{
debugfs_remove_recursive(priv->dbgfs_dir);
@@ -700,10 +707,9 @@ void mvpp2_dbgfs_cleanup(struct mvpp2 *priv)
void mvpp2_dbgfs_init(struct mvpp2 *priv, const char *name)
{
- struct dentry *mvpp2_dir, *mvpp2_root;
+ struct dentry *mvpp2_dir;
int ret, i;
- mvpp2_root = debugfs_lookup(MVPP2_DRIVER_NAME, NULL);
if (!mvpp2_root)
mvpp2_root = debugfs_create_dir(MVPP2_DRIVER_NAME, NULL);
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index b84128b549b4..eaa51cd7456b 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -7706,7 +7706,18 @@ static struct platform_driver mvpp2_driver = {
},
};
-module_platform_driver(mvpp2_driver);
+static int __init mvpp2_driver_init(void)
+{
+ return platform_driver_register(&mvpp2_driver);
+}
+module_init(mvpp2_driver_init);
+
+static void __exit mvpp2_driver_exit(void)
+{
+ platform_driver_unregister(&mvpp2_driver);
+ mvpp2_dbgfs_exit();
+}
+module_exit(mvpp2_driver_exit);
MODULE_DESCRIPTION("Marvell PPv2 Ethernet Driver - www.marvell.com");
MODULE_AUTHOR("Marcin Wojtas <mw@semihalf.com>");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 346/862] drm: bridge: adv7511: fix CEC power down control register offset
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 345/862] net: mvpp2: fix mvpp2 debugfs leak Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 347/862] drm: bridge: adv7511: unregister cec i2c device after cec adapter Greg Kroah-Hartman
` (530 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alvin Šipraga, Robert Foss, Sasha Levin
From: Alvin Šipraga <alsi@bang-olufsen.dk>
[ Upstream commit 1d22b6033ea113a4c3850dfa2c0770885c81aec8 ]
The ADV7511_REG_CEC_CTRL = 0xE2 register is part of the main register
map - not the CEC register map. As such, we shouldn't apply an offset to
the register address. Doing so will cause us to address a bogus register
for chips with a CEC register map offset (e.g. ADV7533).
Fixes: 3b1b975003e4 ("drm: adv7511/33: add HDMI CEC support")
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220612144854.2223873-2-alvin@pqrs.dk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511.h | 5 +----
drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 4 ++--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511.h b/drivers/gpu/drm/bridge/adv7511/adv7511.h
index a031a0cd1f18..94de73cbeb2d 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511.h
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511.h
@@ -394,10 +394,7 @@ void adv7511_cec_irq_process(struct adv7511 *adv7511, unsigned int irq1);
#else
static inline int adv7511_cec_init(struct device *dev, struct adv7511 *adv7511)
{
- unsigned int offset = adv7511->type == ADV7533 ?
- ADV7533_REG_CEC_OFFSET : 0;
-
- regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL + offset,
+ regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL,
ADV7511_CEC_CTRL_POWER_DOWN);
return 0;
}
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c b/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c
index 0b266f28f150..99964f5a5457 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_cec.c
@@ -359,7 +359,7 @@ int adv7511_cec_init(struct device *dev, struct adv7511 *adv7511)
goto err_cec_alloc;
}
- regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL + offset, 0);
+ regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL, 0);
/* cec soft reset */
regmap_write(adv7511->regmap_cec,
ADV7511_REG_CEC_SOFT_RESET + offset, 0x01);
@@ -386,7 +386,7 @@ int adv7511_cec_init(struct device *dev, struct adv7511 *adv7511)
dev_info(dev, "Initializing CEC failed with error %d, disabling CEC\n",
ret);
err_cec_parse_dt:
- regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL + offset,
+ regmap_write(adv7511->regmap, ADV7511_REG_CEC_CTRL,
ADV7511_CEC_CTRL_POWER_DOWN);
return ret == -EPROBE_DEFER ? ret : 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 347/862] drm: bridge: adv7511: unregister cec i2c device after cec adapter
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 346/862] drm: bridge: adv7511: fix CEC power down control register offset Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 348/862] drm/bridge: Avoid uninitialized variable warning Greg Kroah-Hartman
` (529 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alvin Šipraga, Robert Foss, Sasha Levin
From: Alvin Šipraga <alsi@bang-olufsen.dk>
[ Upstream commit 40cdb02cb9f965732eb543d47f15bef8d10f0f5f ]
cec_unregister_adapter() assumes that the underlying adapter ops are
callable. For example, if the CEC adapter currently has a valid physical
address, then the unregistration procedure will invalidate the physical
address by setting it to f.f.f.f. Whence the following kernel oops
observed after removing the adv7511 module:
Unable to handle kernel execution of user memory at virtual address 0000000000000000
Internal error: Oops: 86000004 [#1] PREEMPT_RT SMP
Call trace:
0x0
adv7511_cec_adap_log_addr+0x1ac/0x1c8 [adv7511]
cec_adap_unconfigure+0x44/0x90 [cec]
__cec_s_phys_addr.part.0+0x68/0x230 [cec]
__cec_s_phys_addr+0x40/0x50 [cec]
cec_unregister_adapter+0xb4/0x118 [cec]
adv7511_remove+0x60/0x90 [adv7511]
i2c_device_remove+0x34/0xe0
device_release_driver_internal+0x114/0x1f0
driver_detach+0x54/0xe0
bus_remove_driver+0x60/0xd8
driver_unregister+0x34/0x60
i2c_del_driver+0x2c/0x68
adv7511_exit+0x1c/0x67c [adv7511]
__arm64_sys_delete_module+0x154/0x288
invoke_syscall+0x48/0x100
el0_svc_common.constprop.0+0x48/0xe8
do_el0_svc+0x28/0x88
el0_svc+0x1c/0x50
el0t_64_sync_handler+0xa8/0xb0
el0t_64_sync+0x15c/0x160
Code: bad PC value
---[ end trace 0000000000000000 ]---
Protect against this scenario by unregistering i2c_cec after
unregistering the CEC adapter. Duly disable the CEC clock afterwards
too.
Fixes: 3b1b975003e4 ("drm: adv7511/33: add HDMI CEC support")
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220612144854.2223873-3-alvin@pqrs.dk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
index 38bf28720f3a..6031bdd92342 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
@@ -1340,9 +1340,6 @@ static int adv7511_remove(struct i2c_client *i2c)
{
struct adv7511 *adv7511 = i2c_get_clientdata(i2c);
- i2c_unregister_device(adv7511->i2c_cec);
- clk_disable_unprepare(adv7511->cec_clk);
-
adv7511_uninit_regulators(adv7511);
drm_bridge_remove(&adv7511->bridge);
@@ -1350,6 +1347,8 @@ static int adv7511_remove(struct i2c_client *i2c)
adv7511_audio_exit(adv7511);
cec_unregister_adapter(adv7511->cec_adap);
+ i2c_unregister_device(adv7511->i2c_cec);
+ clk_disable_unprepare(adv7511->cec_clk);
i2c_unregister_device(adv7511->i2c_packet);
i2c_unregister_device(adv7511->i2c_edid);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 348/862] drm/bridge: Avoid uninitialized variable warning
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 347/862] drm: bridge: adv7511: unregister cec i2c device after cec adapter Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 349/862] drm/mipi-dsi: Detach devices when removing the host Greg Kroah-Hartman
` (528 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Maxime Ripard, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 7d1202738efda60155d98b370b3c70d336be0eea ]
This code works, but technically it uses "num_in_bus_fmts" before it
has been initialized so it leads to static checker warnings and probably
KMEMsan warnings at run time. Initialize the variable to zero to
silence the warning.
Fixes: f32df58acc68 ("drm/bridge: Add the necessary bits to support bus format negotiation")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/YrrIs3hoGcPVmXc5@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_bridge.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_bridge.c b/drivers/gpu/drm/drm_bridge.c
index 6abf7a2407e9..1545c50fd1c8 100644
--- a/drivers/gpu/drm/drm_bridge.c
+++ b/drivers/gpu/drm/drm_bridge.c
@@ -847,8 +847,8 @@ static int select_bus_fmt_recursive(struct drm_bridge *first_bridge,
struct drm_connector_state *conn_state,
u32 out_bus_fmt)
{
+ unsigned int i, num_in_bus_fmts = 0;
struct drm_bridge_state *cur_state;
- unsigned int num_in_bus_fmts, i;
struct drm_bridge *prev_bridge;
u32 *in_bus_fmts;
int ret;
@@ -969,7 +969,7 @@ drm_atomic_bridge_chain_select_bus_fmts(struct drm_bridge *bridge,
struct drm_connector *conn = conn_state->connector;
struct drm_encoder *encoder = bridge->encoder;
struct drm_bridge_state *last_bridge_state;
- unsigned int i, num_out_bus_fmts;
+ unsigned int i, num_out_bus_fmts = 0;
struct drm_bridge *last_bridge;
u32 *out_bus_fmts;
int ret = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 349/862] drm/mipi-dsi: Detach devices when removing the host
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 348/862] drm/bridge: Avoid uninitialized variable warning Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 350/862] drm/vc4: drv: Call component_unbind_all() Greg Kroah-Hartman
` (527 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Zimmermann, Maxime Ripard,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 668a8f17b5290d04ef7343636a5588a0692731a1 ]
Whenever the MIPI-DSI host is unregistered, the code of
mipi_dsi_host_unregister() loops over every device currently found on that
bus and will unregister it.
However, it doesn't detach it from the bus first, which leads to all kind
of resource leaks if the host wants to perform some clean up whenever a
device is detached.
Fixes: 068a00233969 ("drm: Add MIPI DSI bus support")
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://lore.kernel.org/r/20220711173939.1132294-2-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_mipi_dsi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/drm_mipi_dsi.c b/drivers/gpu/drm/drm_mipi_dsi.c
index c40bde96cfdf..c317ee9fa445 100644
--- a/drivers/gpu/drm/drm_mipi_dsi.c
+++ b/drivers/gpu/drm/drm_mipi_dsi.c
@@ -346,6 +346,7 @@ static int mipi_dsi_remove_device_fn(struct device *dev, void *priv)
{
struct mipi_dsi_device *dsi = to_mipi_dsi_device(dev);
+ mipi_dsi_detach(dsi);
mipi_dsi_device_unregister(dsi);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 350/862] drm/vc4: drv: Call component_unbind_all()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 349/862] drm/mipi-dsi: Detach devices when removing the host Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 351/862] drm/bridge: it6505: Power on downstream device in .atomic_enable Greg Kroah-Hartman
` (526 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Zimmermann, Dave Stevenson,
Maxime Ripard, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 6cf61bf49c9bdb9ba2d33be812d90dd406326c6c ]
While we were using the component framework to deal with all the DRM
subdevices, we were not calling component_unbind_all().
This leads to none of the subdevices freeing up their resources as part of
their unbind() or device managed hooks.
Fixes: c8b75bca92cb ("drm/vc4: Add KMS support for Raspberry Pi.")
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://lore.kernel.org/r/20220711173939.1132294-13-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_drv.c | 14 ++++++++++++--
drivers/gpu/drm/vc4/vc4_drv.h | 1 +
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_drv.c b/drivers/gpu/drm/vc4/vc4_drv.c
index 292d1b6a01b6..6b8dfa1e7650 100644
--- a/drivers/gpu/drm/vc4/vc4_drv.c
+++ b/drivers/gpu/drm/vc4/vc4_drv.c
@@ -267,6 +267,13 @@ static void vc4_match_add_drivers(struct device *dev,
}
}
+static void vc4_component_unbind_all(void *ptr)
+{
+ struct vc4_dev *vc4 = ptr;
+
+ component_unbind_all(vc4->dev, &vc4->base);
+}
+
static const struct of_device_id vc4_dma_range_matches[] = {
{ .compatible = "brcm,bcm2711-hvs" },
{ .compatible = "brcm,bcm2835-hvs" },
@@ -310,6 +317,7 @@ static int vc4_drm_bind(struct device *dev)
if (IS_ERR(vc4))
return PTR_ERR(vc4);
vc4->is_vc5 = is_vc5;
+ vc4->dev = dev;
drm = &vc4->base;
platform_set_drvdata(pdev, drm);
@@ -360,6 +368,10 @@ static int vc4_drm_bind(struct device *dev)
if (ret)
return ret;
+ ret = devm_add_action_or_reset(dev, vc4_component_unbind_all, vc4);
+ if (ret)
+ return ret;
+
ret = vc4_plane_create_additional_planes(drm);
if (ret)
goto unbind_all;
@@ -380,8 +392,6 @@ static int vc4_drm_bind(struct device *dev)
return 0;
unbind_all:
- component_unbind_all(dev, drm);
-
return ret;
}
diff --git a/drivers/gpu/drm/vc4/vc4_drv.h b/drivers/gpu/drm/vc4/vc4_drv.h
index 1beb96b77b8c..950056b83843 100644
--- a/drivers/gpu/drm/vc4/vc4_drv.h
+++ b/drivers/gpu/drm/vc4/vc4_drv.h
@@ -76,6 +76,7 @@ struct vc4_perfmon {
struct vc4_dev {
struct drm_device base;
+ struct device *dev;
bool is_vc5;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 351/862] drm/bridge: it6505: Power on downstream device in .atomic_enable
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 350/862] drm/vc4: drv: Call component_unbind_all() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 352/862] video/aperture: Disable and unregister sysfb devices via aperture helpers Greg Kroah-Hartman
` (525 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pin-Yen Lin, Allen Chen, Robert Foss,
Sasha Levin
From: Pin-Yen Lin <treapking@chromium.org>
[ Upstream commit fbc1fdaa8338ec4ebd862d918a0ce3e12033e8a3 ]
Send DPCD DP_SET_POWER_D0 command to the monitor in .atomic_enable
callback. Without this command, some monitors won't show up again after
changing the resolution.
Fixes: 46ca7da7f1e8 ("drm/bridge: it6505: Send DPCD SET_POWER to downstream")
Signed-off-by: Pin-Yen Lin <treapking@chromium.org>
Reviewed-by: Allen Chen <allen.chen@ite.com.tw>
Fixes: 46ca7da7f1e8 ("drm/bridge: it6505: Send DPCD SET_POWER to downstream")
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220714173715.v2.1.I85af54e9ceda74ec69f661852825845f983fc343@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index 4b673c4792d7..e5626035f311 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -2945,6 +2945,9 @@ static void it6505_bridge_atomic_enable(struct drm_bridge *bridge,
if (ret)
dev_err(dev, "Failed to setup AVI infoframe: %d", ret);
+ it6505_drm_dp_link_set_power(&it6505->aux, &it6505->link,
+ DP_SET_POWER_D0);
+
it6505_update_video_parameter(it6505, mode);
ret = it6505_send_video_infoframe(it6505, &frame);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 352/862] video/aperture: Disable and unregister sysfb devices via aperture helpers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 351/862] drm/bridge: it6505: Power on downstream device in .atomic_enable Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 353/862] drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling Greg Kroah-Hartman
` (524 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Zimmermann,
Javier Martinez Canillas, Zack Rusin, Daniel Vetter,
Daniel Vetter, Sam Ravnborg, Helge Deller, Alex Deucher,
Zhen Lei, Changcheng Deng, Maarten Lankhorst, Maxime Ripard,
dri-devel, Sasha Levin
From: Thomas Zimmermann <tzimmermann@suse.de>
[ Upstream commit 5e01376124309b4dbd30d413f43c0d9c2f60edea ]
Call sysfb_disable() before removing conflicting devices in aperture
helpers. Fixes sysfb state if fbdev has been disabled.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Fixes: fb84efa28a48 ("drm/aperture: Run fbdev removal before internal helpers")
Cc: Zack Rusin <zackr@vmware.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Helge Deller <deller@gmx.de>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Cc: Changcheng Deng <deng.changcheng@zte.com.cn>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: dri-devel@lists.freedesktop.org
Link: https://patchwork.freedesktop.org/patch/msgid/20220718072322.8927-8-tzimmermann@suse.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/aperture.c | 14 ++++++++++++++
drivers/video/fbdev/core/fbmem.c | 12 ------------
2 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/video/aperture.c b/drivers/video/aperture.c
index 538f2d40acda..d245826a9324 100644
--- a/drivers/video/aperture.c
+++ b/drivers/video/aperture.c
@@ -8,6 +8,7 @@
#include <linux/pci.h>
#include <linux/platform_device.h>
#include <linux/slab.h>
+#include <linux/sysfb.h>
#include <linux/types.h>
#include <linux/vgaarb.h>
@@ -286,7 +287,20 @@ int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t si
#if IS_REACHABLE(CONFIG_FB)
struct apertures_struct *a;
int ret;
+#endif
+
+ /*
+ * If a driver asked to unregister a platform device registered by
+ * sysfb, then can be assumed that this is a driver for a display
+ * that is set up by the system firmware and has a generic driver.
+ *
+ * Drivers for devices that don't have a generic driver will never
+ * ask for this, so let's assume that a real driver for the display
+ * was already probed and prevent sysfb to register devices later.
+ */
+ sysfb_disable();
+#if IS_REACHABLE(CONFIG_FB)
a = alloc_apertures(1);
if (!a)
return -ENOMEM;
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index 02b0cf2cfafe..bda4d304feb6 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -19,7 +19,6 @@
#include <linux/kernel.h>
#include <linux/major.h>
#include <linux/slab.h>
-#include <linux/sysfb.h>
#include <linux/mm.h>
#include <linux/mman.h>
#include <linux/vt.h>
@@ -1777,17 +1776,6 @@ int remove_conflicting_framebuffers(struct apertures_struct *a,
do_free = true;
}
- /*
- * If a driver asked to unregister a platform device registered by
- * sysfb, then can be assumed that this is a driver for a display
- * that is set up by the system firmware and has a generic driver.
- *
- * Drivers for devices that don't have a generic driver will never
- * ask for this, so let's assume that a real driver for the display
- * was already probed and prevent sysfb to register devices later.
- */
- sysfb_disable();
-
mutex_lock(®istration_lock);
do_remove_conflicting_framebuffers(a, name, primary);
mutex_unlock(®istration_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 353/862] drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 352/862] video/aperture: Disable and unregister sysfb devices via aperture helpers Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 354/862] drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() Greg Kroah-Hartman
` (523 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emil Velikov, Dmitry Osipenko,
Gerd Hoffmann, Sasha Levin
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
[ Upstream commit 64b88afbd92fbf434759d1896a7cf705e1c00e79 ]
Previous commit fixed checking of the ERR_PTR value returned by
drm_gem_shmem_get_sg_table(), but it missed to zero out the shmem->pages,
which will crash virtio_gpu_cleanup_object(). Add the missing zeroing of
the shmem->pages.
Fixes: c24968734abf ("drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init")
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220630200726.1884320-2-dmitry.osipenko@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_object.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
index b38c338211aa..75a159df0af6 100644
--- a/drivers/gpu/drm/virtio/virtgpu_object.c
+++ b/drivers/gpu/drm/virtio/virtgpu_object.c
@@ -170,6 +170,7 @@ static int virtio_gpu_object_shmem_init(struct virtio_gpu_device *vgdev,
shmem->pages = drm_gem_shmem_get_sg_table(&bo->base);
if (IS_ERR(shmem->pages)) {
drm_gem_shmem_unpin(&bo->base);
+ shmem->pages = NULL;
return PTR_ERR(shmem->pages);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 354/862] drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 353/862] drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 355/862] drm/bridge: tc358767: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
` (522 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Robert Foss, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 1d43a5120ab49f22ba6c5901ad3994e254510303 ]
In anx7625_parse_dt(), 'pdata->mipi_host_node' will be assigned a
new reference with of_graph_get_remote_node() which will increase
the refcount of the object, correspondingly, we should call
of_node_put() for the old reference stored in the 'pdata->mipi_host_node'.
Fixes: 8bdfc5dae4e3 ("drm/bridge: anx7625: Add anx7625 MIPI DSI/DPI to DP")
Signed-off-by: Liang He <windhl@126.com>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220719065447.1080817-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/analogix/anx7625.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/bridge/analogix/anx7625.c b/drivers/gpu/drm/bridge/analogix/anx7625.c
index d1f1d525aeb6..79fc7a50b497 100644
--- a/drivers/gpu/drm/bridge/analogix/anx7625.c
+++ b/drivers/gpu/drm/bridge/analogix/anx7625.c
@@ -1642,6 +1642,7 @@ static int anx7625_parse_dt(struct device *dev,
anx7625_get_swing_setting(dev, pdata);
pdata->is_dpi = 0; /* default dsi mode */
+ of_node_put(pdata->mipi_host_node);
pdata->mipi_host_node = of_graph_get_remote_node(np, 0, 0);
if (!pdata->mipi_host_node) {
DRM_DEV_ERROR(dev, "fail to get internal panel.\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 355/862] drm/bridge: tc358767: Add of_node_put() when breaking out of loop
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 354/862] drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 356/862] drm/bridge: parade-ps8640: Fix regulator supply order Greg Kroah-Hartman
` (521 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Robert Foss, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 14e7157afb055248ed34901fcd6fbf54201cfea1 ]
In tc_probe_bridge_endpoint(), we should call of_node_put() when
breaking out of the for_each_endpoint_of_node() which will automatically
increase and decrease the refcount.
Fixes: 71f7d9c03118 ("drm/bridge: tc358767: Detect bridge mode from connected endpoints in DT")
Signed-off-by: Liang He <windhl@126.com>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220719065447.1080817-2-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/tc358767.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
index 02bd757a8987..1dc107f13645 100644
--- a/drivers/gpu/drm/bridge/tc358767.c
+++ b/drivers/gpu/drm/bridge/tc358767.c
@@ -2010,9 +2010,10 @@ static int tc_probe_bridge_endpoint(struct tc_data *tc)
for_each_endpoint_of_node(dev->of_node, node) {
of_graph_parse_endpoint(node, &endpoint);
- if (endpoint.port > 2)
+ if (endpoint.port > 2) {
+ of_node_put(node);
return -EINVAL;
-
+ }
mode |= BIT(endpoint.port);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 356/862] drm/bridge: parade-ps8640: Fix regulator supply order
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 355/862] drm/bridge: tc358767: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 357/862] drm/format-helper: Fix test on big endian architectures Greg Kroah-Hartman
` (520 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Neil Armstrong,
Robert Foss, Sasha Levin
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit fc94224c2e0ae8d83ac511a3ef4962178505469d ]
The datasheet says that VDD12 must be enabled and at full voltage before
VDD33 is enabled.
Reorder the bulk regulator supply names so that VDD12 is enabled before
VDD33. Any enable ramp delays should be handled by setting proper
constraints on the regulators.
Fixes: bc1aee7fc8f0 ("drm/bridge: Add I2C based driver for ps8640 bridge")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220721092258.3397461-1-wenst@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/parade-ps8640.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/parade-ps8640.c b/drivers/gpu/drm/bridge/parade-ps8640.c
index 31e88cb39f8a..49107a6cdac1 100644
--- a/drivers/gpu/drm/bridge/parade-ps8640.c
+++ b/drivers/gpu/drm/bridge/parade-ps8640.c
@@ -631,8 +631,8 @@ static int ps8640_probe(struct i2c_client *client)
if (!ps_bridge)
return -ENOMEM;
- ps_bridge->supplies[0].supply = "vdd33";
- ps_bridge->supplies[1].supply = "vdd12";
+ ps_bridge->supplies[0].supply = "vdd12";
+ ps_bridge->supplies[1].supply = "vdd33";
ret = devm_regulator_bulk_get(dev, ARRAY_SIZE(ps_bridge->supplies),
ps_bridge->supplies);
if (ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 357/862] drm/format-helper: Fix test on big endian architectures
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 356/862] drm/bridge: parade-ps8640: Fix regulator supply order Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 358/862] drm/dp_mst: fix drm_dp_dpcd_read return value checks Greg Kroah-Hartman
` (519 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Gow, José Expósito,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit 18c8485236a5e3f491b670c018ae391c9cb84dfa ]
The tests fail on big endian architectures, like PowerPC:
$ ./tools/testing/kunit/kunit.py run \
--kunitconfig=drivers/gpu/drm/tests \
--arch=powerpc --cross_compile=powerpc64-linux-gnu-
Transform the XRGB8888 buffer from little endian to the CPU endian
before calling the conversion function to avoid this error.
Fixes: 8f456104915f ("drm/format-helper: Add KUnit tests for drm_fb_xrgb8888_to_rgb332()")
Reported-by: David Gow <davidgow@google.com>
Reviewed-by: David Gow <davidgow@google.com>
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220726230916.390575-2-jose.exposito89@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/tests/drm_format_helper_test.c | 23 +++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/tests/drm_format_helper_test.c b/drivers/gpu/drm/tests/drm_format_helper_test.c
index 98583bf56044..eefaba3aaea2 100644
--- a/drivers/gpu/drm/tests/drm_format_helper_test.c
+++ b/drivers/gpu/drm/tests/drm_format_helper_test.c
@@ -111,6 +111,21 @@ static size_t conversion_buf_size(u32 dst_format, unsigned int dst_pitch,
return dst_pitch * drm_rect_height(clip);
}
+static u32 *le32buf_to_cpu(struct kunit *test, const u32 *buf, size_t buf_size)
+{
+ u32 *dst = NULL;
+ int n;
+
+ dst = kunit_kzalloc(test, sizeof(*dst) * buf_size, GFP_KERNEL);
+ if (!dst)
+ return NULL;
+
+ for (n = 0; n < buf_size; n++)
+ dst[n] = le32_to_cpu((__force __le32)buf[n]);
+
+ return dst;
+}
+
static void xrgb8888_to_rgb332_case_desc(struct xrgb8888_to_rgb332_case *t,
char *desc)
{
@@ -125,6 +140,7 @@ static void xrgb8888_to_rgb332_test(struct kunit *test)
const struct xrgb8888_to_rgb332_case *params = test->param_value;
size_t dst_size;
__u8 *dst = NULL;
+ __u32 *src = NULL;
struct drm_framebuffer fb = {
.format = drm_format_info(DRM_FORMAT_XRGB8888),
@@ -138,8 +154,11 @@ static void xrgb8888_to_rgb332_test(struct kunit *test)
dst = kunit_kzalloc(test, dst_size, GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, dst);
- drm_fb_xrgb8888_to_rgb332(dst, params->dst_pitch, params->xrgb8888,
- &fb, ¶ms->clip);
+ src = le32buf_to_cpu(test, params->xrgb8888, TEST_BUF_SIZE);
+ KUNIT_ASSERT_NOT_ERR_OR_NULL(test, src);
+
+ drm_fb_xrgb8888_to_rgb332(dst, params->dst_pitch, src, &fb,
+ ¶ms->clip);
KUNIT_EXPECT_EQ(test, memcmp(dst, params->expected, dst_size), 0);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 358/862] drm/dp_mst: fix drm_dp_dpcd_read return value checks
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 357/862] drm/format-helper: Fix test on big endian architectures Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 359/862] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Greg Kroah-Hartman
` (518 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Simon Ser, Lyude Paul,
Benjamin Gaignard, Jani Nikula, Sasha Levin
From: Simon Ser <contact@emersion.fr>
[ Upstream commit 2ac6cdd581f48c8f68747156fde5868486a44985 ]
drm_dp_dpcd_read returns the number of bytes read. The previous code
would print garbage on DPCD error, and would exit with on error on
success.
Signed-off-by: Simon Ser <contact@emersion.fr>
Fixes: cb897542c6d2 ("drm/dp_mst: Fix W=1 warnings")
Cc: Lyude Paul <lyude@redhat.com>
Cc: Benjamin Gaignard <benjamin.gaignard@st.com>
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/473500/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/display/drm_dp_mst_topology.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c
index 57e65423e50d..7a94a5288e8d 100644
--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c
@@ -4907,14 +4907,14 @@ void drm_dp_mst_dump_topology(struct seq_file *m,
seq_printf(m, "dpcd: %*ph\n", DP_RECEIVER_CAP_SIZE, buf);
ret = drm_dp_dpcd_read(mgr->aux, DP_FAUX_CAP, buf, 2);
- if (ret) {
+ if (ret != 2) {
seq_printf(m, "faux/mst read failed\n");
goto out;
}
seq_printf(m, "faux/mst: %*ph\n", 2, buf);
ret = drm_dp_dpcd_read(mgr->aux, DP_MSTM_CTRL, buf, 1);
- if (ret) {
+ if (ret != 1) {
seq_printf(m, "mst ctrl read failed\n");
goto out;
}
@@ -4922,7 +4922,7 @@ void drm_dp_mst_dump_topology(struct seq_file *m,
/* dump the standard OUI branch header */
ret = drm_dp_dpcd_read(mgr->aux, DP_BRANCH_OUI, buf, DP_BRANCH_OUI_HEADER_SIZE);
- if (ret) {
+ if (ret != DP_BRANCH_OUI_HEADER_SIZE) {
seq_printf(m, "branch oui read failed\n");
goto out;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 359/862] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 358/862] drm/dp_mst: fix drm_dp_dpcd_read return value checks Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 360/862] ASoC: mt6359: fix tests for platform_get_irq() failure Greg Kroah-Hartman
` (517 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Rob Herring, Daniel Vetter,
Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit e0686dc6f2252e009c455fe99e2ce9d62a60eb47 ]
The reference 'child' in the iteration of for_each_available_child_of_node()
is only escaped out into a local variable which is only used to check
its value. So we still need to the of_node_put() when breaking of the
for_each_available_child_of_node() which will automatically increase
and decrease the refcount.
Fixes: ca454bd42dc2 ("drm/pl111: Support the Versatile Express")
Signed-off-by: Liang He <windhl@126.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20220711131550.361350-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/pl111/pl111_versatile.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/pl111/pl111_versatile.c b/drivers/gpu/drm/pl111/pl111_versatile.c
index efb01a554574..1b436b75fd39 100644
--- a/drivers/gpu/drm/pl111/pl111_versatile.c
+++ b/drivers/gpu/drm/pl111/pl111_versatile.c
@@ -404,6 +404,7 @@ static int pl111_vexpress_clcd_init(struct device *dev, struct device_node *np,
if (of_device_is_compatible(child, "arm,pl111")) {
has_coretile_clcd = true;
ct_clcd = child;
+ of_node_put(child);
break;
}
if (of_device_is_compatible(child, "arm,hdlcd")) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 360/862] ASoC: mt6359: fix tests for platform_get_irq() failure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 359/862] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 361/862] ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe() Greg Kroah-Hartman
` (516 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Mark Brown, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 51eea3a6fb4d39c2cc71824e6eee5949d7ae4d1c ]
The platform_get_irq() returns negative error codes. It can't actually
return zero, but if it did that should be treated as success.
Fixes: eef07b9e0925 ("ASoC: mediatek: mt6359: add MT6359 accdet jack driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YvThhr86N3qQM2EO@kili
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/mt6359-accdet.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/mt6359-accdet.c b/sound/soc/codecs/mt6359-accdet.c
index c190628e2905..7f624854948c 100644
--- a/sound/soc/codecs/mt6359-accdet.c
+++ b/sound/soc/codecs/mt6359-accdet.c
@@ -965,7 +965,7 @@ static int mt6359_accdet_probe(struct platform_device *pdev)
mutex_init(&priv->res_lock);
priv->accdet_irq = platform_get_irq(pdev, 0);
- if (priv->accdet_irq) {
+ if (priv->accdet_irq >= 0) {
ret = devm_request_threaded_irq(&pdev->dev, priv->accdet_irq,
NULL, mt6359_accdet_irq,
IRQF_TRIGGER_HIGH | IRQF_ONESHOT,
@@ -979,7 +979,7 @@ static int mt6359_accdet_probe(struct platform_device *pdev)
if (priv->caps & ACCDET_PMIC_EINT0) {
priv->accdet_eint0 = platform_get_irq(pdev, 1);
- if (priv->accdet_eint0) {
+ if (priv->accdet_eint0 >= 0) {
ret = devm_request_threaded_irq(&pdev->dev,
priv->accdet_eint0,
NULL, mt6359_accdet_irq,
@@ -994,7 +994,7 @@ static int mt6359_accdet_probe(struct platform_device *pdev)
}
} else if (priv->caps & ACCDET_PMIC_EINT1) {
priv->accdet_eint1 = platform_get_irq(pdev, 2);
- if (priv->accdet_eint1) {
+ if (priv->accdet_eint1 >= 0) {
ret = devm_request_threaded_irq(&pdev->dev,
priv->accdet_eint1,
NULL, mt6359_accdet_irq,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 361/862] ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 360/862] ASoC: mt6359: fix tests for platform_get_irq() failure Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 362/862] drm/msm: Make .remove and .shutdown HW shutdown consistent Greg Kroah-Hartman
` (515 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 6a4ce20fd776d2fd19ffaf85cf34a53761e2c888 ]
Add missing platform_device_unregister() in error path in acp_pci_probe().
Fixes: c49f5e74a11e ("ASoC: amd: acp: Add error handling cases")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20220819073758.1273160-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/acp/acp-pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/amd/acp/acp-pci.c b/sound/soc/amd/acp/acp-pci.c
index 2c8e960cc9a6..5bb23ebe1216 100644
--- a/sound/soc/amd/acp/acp-pci.c
+++ b/sound/soc/amd/acp/acp-pci.c
@@ -104,6 +104,7 @@ static int acp_pci_probe(struct pci_dev *pci, const struct pci_device_id *pci_id
addr = pci_resource_start(pci, 0);
chip->base = devm_ioremap(&pci->dev, addr, pci_resource_len(pci, 0));
if (!chip->base) {
+ platform_device_unregister(dmic_dev);
ret = -ENOMEM;
goto release_regions;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 362/862] drm/msm: Make .remove and .shutdown HW shutdown consistent
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 361/862] ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 363/862] platform/chrome: fix double-free in chromeos_laptop_prepare() Greg Kroah-Hartman
` (514 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Javier Martinez Canillas,
Abhinav Kumar, Sasha Levin
From: Javier Martinez Canillas <javierm@redhat.com>
[ Upstream commit 0a58d2ae572adaec8d046f8d35b40c2c32ac7468 ]
Drivers' .remove and .shutdown callbacks are executed on different code
paths. The former is called when a device is removed from the bus, while
the latter is called at system shutdown time to quiesce the device.
This means that some overlap exists between the two, because both have to
take care of properly shutting down the hardware. But currently the logic
used in these two callbacks isn't consistent in msm drivers, which could
lead to kernel panic.
For example, on .remove the component is deleted and its .unbind callback
leads to the hardware being shutdown but only if the DRM device has been
marked as registered.
That check doesn't exist in the .shutdown logic and this can lead to the
driver calling drm_atomic_helper_shutdown() for a DRM device that hasn't
been properly initialized.
A situation like this can happen if drivers for expected sub-devices fail
to probe, since the .bind callback will never be executed. If that is the
case, drm_atomic_helper_shutdown() will attempt to take mutexes that are
only initialized if drm_mode_config_init() is called during a device bind.
This bug was attempted to be fixed in commit 623f279c7781 ("drm/msm: fix
shutdown hook in case GPU components failed to bind"), but unfortunately
it still happens in some cases as the one mentioned above, i.e:
systemd-shutdown[1]: Powering off.
kvm: exiting hardware virtualization
platform wifi-firmware.0: Removing from iommu group 12
platform video-firmware.0: Removing from iommu group 10
------------[ cut here ]------------
WARNING: CPU: 6 PID: 1 at drivers/gpu/drm/drm_modeset_lock.c:317 drm_modeset_lock_all_ctx+0x3c4/0x3d0
...
Hardware name: Google CoachZ (rev3+) (DT)
pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drm_modeset_lock_all_ctx+0x3c4/0x3d0
lr : drm_modeset_lock_all_ctx+0x48/0x3d0
sp : ffff80000805bb80
x29: ffff80000805bb80 x28: ffff327c00128000 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000001 x24: ffffc95d820ec030
x23: ffff327c00bbd090 x22: ffffc95d8215eca0 x21: ffff327c039c5800
x20: ffff327c039c5988 x19: ffff80000805bbe8 x18: 0000000000000034
x17: 000000040044ffff x16: ffffc95d80cac920 x15: 0000000000000000
x14: 0000000000000315 x13: 0000000000000315 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : ffff80000805bc28 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffff327c00128000 x1 : 0000000000000000 x0 : ffff327c039c59b0
Call trace:
drm_modeset_lock_all_ctx+0x3c4/0x3d0
drm_atomic_helper_shutdown+0x70/0x134
msm_drv_shutdown+0x30/0x40
platform_shutdown+0x28/0x40
device_shutdown+0x148/0x350
kernel_power_off+0x38/0x80
__do_sys_reboot+0x288/0x2c0
__arm64_sys_reboot+0x28/0x34
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0x44/0xec
do_el0_svc+0x2c/0xc0
el0_svc+0x2c/0x84
el0t_64_sync_handler+0x11c/0x150
el0t_64_sync+0x18c/0x190
---[ end trace 0000000000000000 ]---
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010eab1000
[0000000000000018] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
...
Hardware name: Google CoachZ (rev3+) (DT)
pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ww_mutex_lock+0x28/0x32c
lr : drm_modeset_lock_all_ctx+0x1b0/0x3d0
sp : ffff80000805bb50
x29: ffff80000805bb50 x28: ffff327c00128000 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000018
x23: ffff80000805bc10 x22: ffff327c039c5ad8 x21: ffff327c039c5800
x20: ffff80000805bbe8 x19: 0000000000000018 x18: 0000000000000034
x17: 000000040044ffff x16: ffffc95d80cac920 x15: 0000000000000000
x14: 0000000000000315 x13: 0000000000000315 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : ffff80000805bc28 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffff327c00128000 x1 : 0000000000000000 x0 : 0000000000000018
Call trace:
ww_mutex_lock+0x28/0x32c
drm_modeset_lock_all_ctx+0x1b0/0x3d0
drm_atomic_helper_shutdown+0x70/0x134
msm_drv_shutdown+0x30/0x40
platform_shutdown+0x28/0x40
device_shutdown+0x148/0x350
kernel_power_off+0x38/0x80
__do_sys_reboot+0x288/0x2c0
__arm64_sys_reboot+0x28/0x34
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0x44/0xec
do_el0_svc+0x2c/0xc0
el0_svc+0x2c/0x84
el0t_64_sync_handler+0x11c/0x150
el0t_64_sync+0x18c/0x190
Code: aa0103f4 d503201f d2800001 aa0103e3 (c8e37c02)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
Kernel Offset: 0x495d77c00000 from 0xffff800008000000
PHYS_OFFSET: 0xffffcd8500000000
CPU features: 0x800,00c2a015,19801c82
Memory Limit: none
---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
Fixes: 9d5cbf5fe46e ("drm/msm: add shutdown support for display platform_driver")
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220816134612.916527-1-javierm@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/msm_drv.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index 16884db272de..0759e2d99f59 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -1244,10 +1244,15 @@ void msm_drv_shutdown(struct platform_device *pdev)
struct msm_drm_private *priv = platform_get_drvdata(pdev);
struct drm_device *drm = priv ? priv->dev : NULL;
- if (!priv || !priv->kms)
- return;
-
- drm_atomic_helper_shutdown(drm);
+ /*
+ * Shutdown the hw if we're far enough along where things might be on.
+ * If we run this too early, we'll end up panicking in any variety of
+ * places. Since we don't register the drm device until late in
+ * msm_drm_init, drm_dev->registered is used as an indicator that the
+ * shutdown will be successful.
+ */
+ if (drm && drm->registered)
+ drm_atomic_helper_shutdown(drm);
}
static struct platform_driver msm_platform_driver = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 363/862] platform/chrome: fix double-free in chromeos_laptop_prepare()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 362/862] drm/msm: Make .remove and .shutdown HW shutdown consistent Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 364/862] platform/chrome: fix memory corruption in ioctl Greg Kroah-Hartman
` (513 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rustam Subkhankulov, Dmitry Torokhov,
Tzung-Bi Shih, Sasha Levin
From: Rustam Subkhankulov <subkhankulov@ispras.ru>
[ Upstream commit 6ad4194d6a1e1d11b285989cd648ef695b4a93c0 ]
If chromeos_laptop_prepare_i2c_peripherals() fails after allocating memory
for 'cros_laptop->i2c_peripherals', this memory is freed at 'err_out' label
and nonzero value is returned. Then chromeos_laptop_destroy() is called,
resulting in double-free error.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Rustam Subkhankulov <subkhankulov@ispras.ru>
Fixes: 5020cd29d8bf ("platform/chrome: chromeos_laptop - supply properties for ACPI devices")
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220813220843.2373004-1-subkhankulov@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/chromeos_laptop.c | 24 ++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c
index 4e14b4d6635d..a2cdbfbaeae6 100644
--- a/drivers/platform/chrome/chromeos_laptop.c
+++ b/drivers/platform/chrome/chromeos_laptop.c
@@ -740,6 +740,7 @@ static int __init
chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
const struct chromeos_laptop *src)
{
+ struct i2c_peripheral *i2c_peripherals;
struct i2c_peripheral *i2c_dev;
struct i2c_board_info *info;
int i;
@@ -748,17 +749,15 @@ chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
if (!src->num_i2c_peripherals)
return 0;
- cros_laptop->i2c_peripherals = kmemdup(src->i2c_peripherals,
- src->num_i2c_peripherals *
- sizeof(*src->i2c_peripherals),
- GFP_KERNEL);
- if (!cros_laptop->i2c_peripherals)
+ i2c_peripherals = kmemdup(src->i2c_peripherals,
+ src->num_i2c_peripherals *
+ sizeof(*src->i2c_peripherals),
+ GFP_KERNEL);
+ if (!i2c_peripherals)
return -ENOMEM;
- cros_laptop->num_i2c_peripherals = src->num_i2c_peripherals;
-
- for (i = 0; i < cros_laptop->num_i2c_peripherals; i++) {
- i2c_dev = &cros_laptop->i2c_peripherals[i];
+ for (i = 0; i < src->num_i2c_peripherals; i++) {
+ i2c_dev = &i2c_peripherals[i];
info = &i2c_dev->board_info;
error = chromeos_laptop_setup_irq(i2c_dev);
@@ -775,16 +774,19 @@ chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
}
}
+ cros_laptop->i2c_peripherals = i2c_peripherals;
+ cros_laptop->num_i2c_peripherals = src->num_i2c_peripherals;
+
return 0;
err_out:
while (--i >= 0) {
- i2c_dev = &cros_laptop->i2c_peripherals[i];
+ i2c_dev = &i2c_peripherals[i];
info = &i2c_dev->board_info;
if (!IS_ERR_OR_NULL(info->fwnode))
fwnode_remove_software_node(info->fwnode);
}
- kfree(cros_laptop->i2c_peripherals);
+ kfree(i2c_peripherals);
return error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 364/862] platform/chrome: fix memory corruption in ioctl
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 363/862] platform/chrome: fix double-free in chromeos_laptop_prepare() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 365/862] drm/i915/dg2: Bump up CDCLK for DG2 Greg Kroah-Hartman
` (512 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Guenter Roeck,
Tzung-Bi Shih, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 8a07b45fd3c2dda24fad43639be5335a4595196a ]
If "s_mem.bytes" is larger than the buffer size it leads to memory
corruption.
Fixes: eda2e30c6684 ("mfd / platform: cros_ec: Miscellaneous character device to talk with the EC")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/Yv8dpCFZJdbUT5ye@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec_chardev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/chrome/cros_ec_chardev.c b/drivers/platform/chrome/cros_ec_chardev.c
index fd33de546aee..0de7c255254e 100644
--- a/drivers/platform/chrome/cros_ec_chardev.c
+++ b/drivers/platform/chrome/cros_ec_chardev.c
@@ -327,6 +327,9 @@ static long cros_ec_chardev_ioctl_readmem(struct cros_ec_dev *ec,
if (copy_from_user(&s_mem, arg, sizeof(s_mem)))
return -EFAULT;
+ if (s_mem.bytes > sizeof(s_mem.buffer))
+ return -EINVAL;
+
num = ec_dev->cmd_readmem(ec_dev, s_mem.offset, s_mem.bytes,
s_mem.buffer);
if (num <= 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 365/862] drm/i915/dg2: Bump up CDCLK for DG2
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 364/862] platform/chrome: fix memory corruption in ioctl Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 366/862] drm/virtio: Fix same-context optimization Greg Kroah-Hartman
` (511 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stanislav Lisovskiy, Uma Shankar,
Sasha Levin
From: Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
[ Upstream commit 859161b952a453b86362f168fadef72a8ba31a05 ]
We seem to need this W/A same way as for TGL, in order
to fix some of the underruns, which we currently have and
those not related to PSR.
Signed-off-by: Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
Reviewed-by: Uma Shankar <uma.shankar@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220614123049.16183-2-stanislav.lisovskiy@intel.com
Stable-dep-of: 4234ea300512 ("drm/i915/display: avoid warnings when registering dual panel backlight")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/i915/display/intel_cdclk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/intel_cdclk.c b/drivers/gpu/drm/i915/display/intel_cdclk.c
index 6e80162632dd..86a22c3766e5 100644
--- a/drivers/gpu/drm/i915/display/intel_cdclk.c
+++ b/drivers/gpu/drm/i915/display/intel_cdclk.c
@@ -2300,7 +2300,7 @@ int intel_crtc_compute_min_cdclk(const struct intel_crtc_state *crtc_state)
min_cdclk = max(min_cdclk, (int)crtc_state->pixel_rate);
/*
- * HACK. Currently for TGL platforms we calculate
+ * HACK. Currently for TGL/DG2 platforms we calculate
* min_cdclk initially based on pixel_rate divided
* by 2, accounting for also plane requirements,
* however in some cases the lowest possible CDCLK
@@ -2308,7 +2308,7 @@ int intel_crtc_compute_min_cdclk(const struct intel_crtc_state *crtc_state)
* Explicitly stating here that this seems to be currently
* rather a Hack, than final solution.
*/
- if (IS_TIGERLAKE(dev_priv)) {
+ if (IS_TIGERLAKE(dev_priv) || IS_DG2(dev_priv)) {
/*
* Clamp to max_cdclk_freq in case pixel rate is higher,
* in order not to break an 8K, but still leave W/A at place.
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 366/862] drm/virtio: Fix same-context optimization
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 365/862] drm/i915/dg2: Bump up CDCLK for DG2 Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 367/862] ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close() Greg Kroah-Hartman
` (510 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Clark, Gerd Hoffmann, Sasha Levin
From: Rob Clark <robdclark@chromium.org>
[ Upstream commit 3007dc2af6e86ac00b4daf7414142637fdf50bfa ]
When VIRTGPU_EXECBUF_RING_IDX is used, we should be considering the
timeline that the EB if running on rather than the global driver fence
context.
Fixes: 85c83ea915ed ("drm/virtio: implement context init: allocate an array of fence contexts")
Signed-off-by: Rob Clark <robdclark@chromium.org>
Link: http://patchwork.freedesktop.org/patch/msgid/20220812224001.2806463-1-robdclark@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index 9b2702116f93..3b1701607aae 100644
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -168,7 +168,7 @@ static int virtio_gpu_execbuffer_ioctl(struct drm_device *dev, void *data,
* array contains any fence from a foreign context.
*/
ret = 0;
- if (!dma_fence_match_context(in_fence, vgdev->fence_drv.context))
+ if (!dma_fence_match_context(in_fence, fence_ctx + ring_idx))
ret = dma_fence_wait(in_fence, true);
dma_fence_put(in_fence);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 367/862] ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 366/862] drm/virtio: Fix same-context optimization Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 368/862] ASoC: tas2764: Allow mono streams Greg Kroah-Hartman
` (509 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Kuninori Morimoto,
Mark Brown, Sasha Levin
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
[ Upstream commit 6bbabd28805f36baf6d0f3eb082db032a638f612 ]
commit b7898396f4bbe16 ("ASoC: soc-pcm: Fix and cleanup DPCM locking")
added __soc_pcm_close() for non-lock version of soc_pcm_close().
But soc_pcm_close() is not using it. It is no problem, but confusable.
static int __soc_pcm_close(...)
{
=> return soc_pcm_clean(rtd, substream, 0);
}
static int soc_pcm_close(...)
{
...
snd_soc_dpcm_mutex_lock(rtd);
=> soc_pcm_clean(rtd, substream, 0);
snd_soc_dpcm_mutex_unlock(rtd);
return 0;
}
This patch use it.
Fixes: b7898396f4bbe16 ("ASoC: soc-pcm: Fix and cleanup DPCM locking")
Cc: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/87czctgg3w.wl-kuninori.morimoto.gx@renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-pcm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
index 4f60c0a83311..4d9b91e7e14f 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
@@ -723,7 +723,7 @@ static int soc_pcm_close(struct snd_pcm_substream *substream)
struct snd_soc_pcm_runtime *rtd = asoc_substream_to_rtd(substream);
snd_soc_dpcm_mutex_lock(rtd);
- soc_pcm_clean(rtd, substream, 0);
+ __soc_pcm_close(rtd, substream);
snd_soc_dpcm_mutex_unlock(rtd);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 368/862] ASoC: tas2764: Allow mono streams
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 367/862] ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 369/862] ASoC: tas2764: Drop conflicting set_bias_level power setting Greg Kroah-Hartman
` (508 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Povišer, Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit 23204d928a27146d13e11c9383632775345ecca8 ]
The part is a mono speaker amp, but it can do downmix and switch between
left and right channel, so the right channel range is 1 to 2.
(This mirrors commit bf54d97a835d ("ASoC: tas2770: Allow mono streams")
which was a fix to the tas2770 driver.)
Fixes: 827ed8a0fa50 ("ASoC: tas2764: Add the driver for the TAS2764")
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20220825140241.53963-2-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2764.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/tas2764.c b/sound/soc/codecs/tas2764.c
index 846d9d3ecc9d..0df5d975c3c9 100644
--- a/sound/soc/codecs/tas2764.c
+++ b/sound/soc/codecs/tas2764.c
@@ -485,7 +485,7 @@ static struct snd_soc_dai_driver tas2764_dai_driver[] = {
.id = 0,
.playback = {
.stream_name = "ASI1 Playback",
- .channels_min = 2,
+ .channels_min = 1,
.channels_max = 2,
.rates = TAS2764_RATES,
.formats = TAS2764_FORMATS,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 369/862] ASoC: tas2764: Drop conflicting set_bias_level power setting
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 368/862] ASoC: tas2764: Allow mono streams Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 370/862] ASoC: tas2764: Fix mute/unmute Greg Kroah-Hartman
` (507 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Povišer, Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit 09273f38832406db19a8907a934687cc10660a6b ]
The driver is setting the PWR_CTRL field in both the set_bias_level
callback and on DAPM events of the DAC widget (and also in the
mute_stream method). Drop the set_bias_level callback altogether as the
power setting it does is in conflict with the other code paths.
(This mirrors commit c8a6ae3fe1c8 ("ASoC: tas2770: Drop conflicting
set_bias_level power setting") which was a fix to the tas2770 driver.)
Fixes: 827ed8a0fa50 ("ASoC: tas2764: Add the driver for the TAS2764")
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20220825140241.53963-3-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2764.c | 33 ---------------------------------
1 file changed, 33 deletions(-)
diff --git a/sound/soc/codecs/tas2764.c b/sound/soc/codecs/tas2764.c
index 0df5d975c3c9..f4ac6edefdc0 100644
--- a/sound/soc/codecs/tas2764.c
+++ b/sound/soc/codecs/tas2764.c
@@ -50,38 +50,6 @@ static void tas2764_reset(struct tas2764_priv *tas2764)
usleep_range(1000, 2000);
}
-static int tas2764_set_bias_level(struct snd_soc_component *component,
- enum snd_soc_bias_level level)
-{
- struct tas2764_priv *tas2764 = snd_soc_component_get_drvdata(component);
-
- switch (level) {
- case SND_SOC_BIAS_ON:
- snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_ACTIVE);
- break;
- case SND_SOC_BIAS_STANDBY:
- case SND_SOC_BIAS_PREPARE:
- snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_MUTE);
- break;
- case SND_SOC_BIAS_OFF:
- snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_SHUTDOWN);
- break;
-
- default:
- dev_err(tas2764->dev,
- "wrong power level setting %d\n", level);
- return -EINVAL;
- }
-
- return 0;
-}
-
#ifdef CONFIG_PM
static int tas2764_codec_suspend(struct snd_soc_component *component)
{
@@ -549,7 +517,6 @@ static const struct snd_soc_component_driver soc_component_driver_tas2764 = {
.probe = tas2764_codec_probe,
.suspend = tas2764_codec_suspend,
.resume = tas2764_codec_resume,
- .set_bias_level = tas2764_set_bias_level,
.controls = tas2764_snd_controls,
.num_controls = ARRAY_SIZE(tas2764_snd_controls),
.dapm_widgets = tas2764_dapm_widgets,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 370/862] ASoC: tas2764: Fix mute/unmute
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 369/862] ASoC: tas2764: Drop conflicting set_bias_level power setting Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 371/862] platform/x86: msi-laptop: Fix old-ec check for backlight registering Greg Kroah-Hartman
` (506 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Povišer, Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit f5ad67f13623548e5aff847f89700c178aaf2a98 ]
Because the PWR_CTRL field is modeled as the power state of the DAC
widget, and at the same time it is used to implement mute/unmute, we
need some additional book-keeping to have the right end result no matter
the sequence of calls. Without this fix, one permanently mutes an
ongoing stream by toggling the associated speaker pin control.
(This mirrors commit 1e5907bcb3a3 ("ASoC: tas2770: Fix handling of
mute/unmute") which was a fix to the tas2770 driver.)
Fixes: 827ed8a0fa50 ("ASoC: tas2764: Add the driver for the TAS2764")
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20220825140241.53963-4-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2764.c | 57 +++++++++++++++++++++-----------------
1 file changed, 32 insertions(+), 25 deletions(-)
diff --git a/sound/soc/codecs/tas2764.c b/sound/soc/codecs/tas2764.c
index f4ac6edefdc0..39902f77a2e0 100644
--- a/sound/soc/codecs/tas2764.c
+++ b/sound/soc/codecs/tas2764.c
@@ -34,6 +34,9 @@ struct tas2764_priv {
int v_sense_slot;
int i_sense_slot;
+
+ bool dac_powered;
+ bool unmuted;
};
static void tas2764_reset(struct tas2764_priv *tas2764)
@@ -50,6 +53,26 @@ static void tas2764_reset(struct tas2764_priv *tas2764)
usleep_range(1000, 2000);
}
+static int tas2764_update_pwr_ctrl(struct tas2764_priv *tas2764)
+{
+ struct snd_soc_component *component = tas2764->component;
+ unsigned int val;
+ int ret;
+
+ if (tas2764->dac_powered)
+ val = tas2764->unmuted ?
+ TAS2764_PWR_CTRL_ACTIVE : TAS2764_PWR_CTRL_MUTE;
+ else
+ val = TAS2764_PWR_CTRL_SHUTDOWN;
+
+ ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
+ TAS2764_PWR_CTRL_MASK, val);
+ if (ret < 0)
+ return ret;
+
+ return 0;
+}
+
#ifdef CONFIG_PM
static int tas2764_codec_suspend(struct snd_soc_component *component)
{
@@ -82,9 +105,7 @@ static int tas2764_codec_resume(struct snd_soc_component *component)
usleep_range(1000, 2000);
}
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_ACTIVE);
+ ret = tas2764_update_pwr_ctrl(tas2764);
if (ret < 0)
return ret;
@@ -118,14 +139,12 @@ static int tas2764_dac_event(struct snd_soc_dapm_widget *w,
switch (event) {
case SND_SOC_DAPM_POST_PMU:
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_MUTE);
+ tas2764->dac_powered = true;
+ ret = tas2764_update_pwr_ctrl(tas2764);
break;
case SND_SOC_DAPM_PRE_PMD:
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_SHUTDOWN);
+ tas2764->dac_powered = false;
+ ret = tas2764_update_pwr_ctrl(tas2764);
break;
default:
dev_err(tas2764->dev, "Unsupported event\n");
@@ -170,17 +189,11 @@ static const struct snd_soc_dapm_route tas2764_audio_map[] = {
static int tas2764_mute(struct snd_soc_dai *dai, int mute, int direction)
{
- struct snd_soc_component *component = dai->component;
- int ret;
-
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- mute ? TAS2764_PWR_CTRL_MUTE : 0);
+ struct tas2764_priv *tas2764 =
+ snd_soc_component_get_drvdata(dai->component);
- if (ret < 0)
- return ret;
-
- return 0;
+ tas2764->unmuted = !mute;
+ return tas2764_update_pwr_ctrl(tas2764);
}
static int tas2764_set_bitwidth(struct tas2764_priv *tas2764, int bitwidth)
@@ -494,12 +507,6 @@ static int tas2764_codec_probe(struct snd_soc_component *component)
if (ret < 0)
return ret;
- ret = snd_soc_component_update_bits(component, TAS2764_PWR_CTRL,
- TAS2764_PWR_CTRL_MASK,
- TAS2764_PWR_CTRL_MUTE);
- if (ret < 0)
- return ret;
-
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 371/862] platform/x86: msi-laptop: Fix old-ec check for backlight registering
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 370/862] ASoC: tas2764: Fix mute/unmute Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 372/862] platform/x86: msi-laptop: Fix resource cleanup Greg Kroah-Hartman
` (505 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 83ac7a1c2ed5f17caa07cbbc84bad3c05dc3bf22 ]
Commit 2cc6c717799f ("msi-laptop: Port to new backlight interface
selection API") replaced this check:
if (!quirks->old_ec_model || acpi_video_backlight_support())
pr_info("Brightness ignored, ...");
else
do_register();
With:
if (quirks->old_ec_model ||
acpi_video_get_backlight_type() == acpi_backlight_vendor)
do_register();
But since the do_register() part was part of the else branch, the entire
condition should be inverted. So not only the 2 statements on either
side of the || should be inverted, but the || itself should be replaced
with a &&.
In practice this has likely not been an issue because the new-ec models
(old_ec_model==false) likely all support ACPI video backlight control,
making acpi_video_get_backlight_type() return acpi_backlight_video
turning the second part of the || also false when old_ec_model == false.
Fixes: 2cc6c717799f ("msi-laptop: Port to new backlight interface selection API")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220825141336.208597-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/msi-laptop.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
index 24ffc8e2d2d1..0960205ee49f 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -1048,8 +1048,7 @@ static int __init msi_init(void)
return -EINVAL;
/* Register backlight stuff */
-
- if (quirks->old_ec_model ||
+ if (quirks->old_ec_model &&
acpi_video_get_backlight_type() == acpi_backlight_vendor) {
struct backlight_properties props;
memset(&props, 0, sizeof(struct backlight_properties));
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 372/862] platform/x86: msi-laptop: Fix resource cleanup
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 371/862] platform/x86: msi-laptop: Fix old-ec check for backlight registering Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 373/862] drm/panel: use select for Ili9341 panel driver helpers Greg Kroah-Hartman
` (504 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 5523632aa10f906dfe2eb714ee748590dc7fc6b1 ]
Fix the input-device not getting free-ed on probe-errors and
fix the msi_touchpad_dwork not getting cancelled on neither
probe-errors nor on remove.
Fixes: 143a4c0284dc ("msi-laptop: send out touchpad on/off key")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220825141336.208597-3-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/msi-laptop.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
index 0960205ee49f..3e935303b143 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -1116,6 +1116,8 @@ static int __init msi_init(void)
fail_create_group:
if (quirks->load_scm_model) {
i8042_remove_filter(msi_laptop_i8042_filter);
+ cancel_delayed_work_sync(&msi_touchpad_dwork);
+ input_unregister_device(msi_laptop_input_dev);
cancel_delayed_work_sync(&msi_rfkill_dwork);
cancel_work_sync(&msi_rfkill_work);
rfkill_cleanup();
@@ -1136,6 +1138,7 @@ static void __exit msi_cleanup(void)
{
if (quirks->load_scm_model) {
i8042_remove_filter(msi_laptop_i8042_filter);
+ cancel_delayed_work_sync(&msi_touchpad_dwork);
input_unregister_device(msi_laptop_input_dev);
cancel_delayed_work_sync(&msi_rfkill_dwork);
cancel_work_sync(&msi_rfkill_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 373/862] drm/panel: use select for Ili9341 panel driver helpers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 372/862] platform/x86: msi-laptop: Fix resource cleanup Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 374/862] drm: fix drm_mipi_dbi build errors Greg Kroah-Hartman
` (503 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Dillon Min,
Linus Walleij, Sam Ravnborg, Noralf Trønnes,
Thomas Zimmermann, Thierry Reding, dri-devel, David Airlie,
Daniel Vetter, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 84dfc46594b0167e5d3736273b0e0e05365da641 ]
Use 'select' instead of 'depends on' for DRM helpers for the
Ilitek ILI9341 panel driver.
This is what is done in the vast majority of other cases and
this makes it possible to fix a build error with drm_mipi_dbi.
Fixes: 5a04227326b0 ("drm/panel: Add ilitek ili9341 panel driver")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Dillon Min <dillon.minfei@gmail.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Noralf Trønnes <noralf@tronnes.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: dri-devel@lists.freedesktop.org
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220823004227.10820-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/panel/Kconfig b/drivers/gpu/drm/panel/Kconfig
index a9043eacce97..a582ddd583c2 100644
--- a/drivers/gpu/drm/panel/Kconfig
+++ b/drivers/gpu/drm/panel/Kconfig
@@ -165,8 +165,8 @@ config DRM_PANEL_ILITEK_IL9322
config DRM_PANEL_ILITEK_ILI9341
tristate "Ilitek ILI9341 240x320 QVGA panels"
depends on OF && SPI
- depends on DRM_KMS_HELPER
- depends on DRM_GEM_CMA_HELPER
+ select DRM_KMS_HELPER
+ select DRM_GEM_DMA_HELPER
depends on BACKLIGHT_CLASS_DEVICE
select DRM_MIPI_DBI
help
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 374/862] drm: fix drm_mipi_dbi build errors
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 373/862] drm/panel: use select for Ili9341 panel driver helpers Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 375/862] platform/chrome: cros_ec_typec: Add bit offset for DP VDO Greg Kroah-Hartman
` (502 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Dillon Min, Linus Walleij, Sam Ravnborg, Noralf Trønnes,
Thomas Zimmermann, Thierry Reding, dri-devel, David Airlie,
Daniel Vetter, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit eb7de496451bd969e203f02f66585131228ba4ae ]
drm_mipi_dbi needs lots of DRM_KMS_HELPER support, so select
that Kconfig symbol like it is done is most other uses, and
the way that it was before MIPS_DBI was moved from tinydrm
to its core location.
Fixes these build errors:
ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_buf_copy':
drivers/gpu/drm/drm_mipi_dbi.c:205: undefined reference to `drm_gem_fb_get_obj'
ld: drivers/gpu/drm/drm_mipi_dbi.c:211: undefined reference to `drm_gem_fb_begin_cpu_access'
ld: drivers/gpu/drm/drm_mipi_dbi.c:215: undefined reference to `drm_gem_fb_vmap'
ld: drivers/gpu/drm/drm_mipi_dbi.c:222: undefined reference to `drm_fb_swab'
ld: drivers/gpu/drm/drm_mipi_dbi.c:224: undefined reference to `drm_fb_memcpy'
ld: drivers/gpu/drm/drm_mipi_dbi.c:227: undefined reference to `drm_fb_xrgb8888_to_rgb565'
ld: drivers/gpu/drm/drm_mipi_dbi.c:235: undefined reference to `drm_gem_fb_vunmap'
ld: drivers/gpu/drm/drm_mipi_dbi.c:237: undefined reference to `drm_gem_fb_end_cpu_access'
ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_dev_init_with_formats':
ld: drivers/gpu/drm/drm_mipi_dbi.o:/X64/../drivers/gpu/drm/drm_mipi_dbi.c:469: undefined reference to `drm_gem_fb_create_with_dirty'
Fixes: 174102f4de23 ("drm/tinydrm: Move mipi-dbi")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Dillon Min <dillon.minfei@gmail.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Noralf Trønnes <noralf@tronnes.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: dri-devel@lists.freedesktop.org
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220823004243.11596-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig
index 6c2256e8474b..679ad054ea4b 100644
--- a/drivers/gpu/drm/Kconfig
+++ b/drivers/gpu/drm/Kconfig
@@ -31,6 +31,7 @@ menuconfig DRM
config DRM_MIPI_DBI
tristate
depends on DRM
+ select DRM_KMS_HELPER
config DRM_MIPI_DSI
bool
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 375/862] platform/chrome: cros_ec_typec: Add bit offset for DP VDO
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 374/862] drm: fix drm_mipi_dbi build errors Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 376/862] platform/chrome: cros_ec_typec: Correct alt mode index Greg Kroah-Hartman
` (501 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Prashant Malani, Heikki Krogerus,
Tzung-Bi Shih, Sasha Levin
From: Prashant Malani <pmalani@chromium.org>
[ Upstream commit 1903adae0464c1e1c36b132db474cb3aff7bc727 ]
Use the right macro while constructing the DP_PORT_VDO to ensure the Pin
Assignment offsets are correct.
Fixes: 1ff5d97f070c ("platform/chrome: cros_ec_typec: Register port altmodes")
Signed-off-by: Prashant Malani <pmalani@chromium.org>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220819190807.1275937-2-pmalani@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec_typec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/chrome/cros_ec_typec.c b/drivers/platform/chrome/cros_ec_typec.c
index de6ee0f926a6..4d81d8d45b73 100644
--- a/drivers/platform/chrome/cros_ec_typec.c
+++ b/drivers/platform/chrome/cros_ec_typec.c
@@ -25,7 +25,8 @@
#define DRV_NAME "cros-ec-typec"
-#define DP_PORT_VDO (BIT(DP_PIN_ASSIGN_C) | BIT(DP_PIN_ASSIGN_D) | DP_CAP_DFP_D)
+#define DP_PORT_VDO (DP_CONF_SET_PIN_ASSIGN(BIT(DP_PIN_ASSIGN_C) | BIT(DP_PIN_ASSIGN_D)) | \
+ DP_CAP_DFP_D)
/* Supported alt modes. */
enum {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 376/862] platform/chrome: cros_ec_typec: Correct alt mode index
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 375/862] platform/chrome: cros_ec_typec: Add bit offset for DP VDO Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 377/862] drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() Greg Kroah-Hartman
` (500 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Prashant Malani, Heikki Krogerus,
Tzung-Bi Shih, Sasha Levin
From: Prashant Malani <pmalani@chromium.org>
[ Upstream commit 4e477663e396f48c5cfc5f2d75d4b514f409516a ]
Alt mode indices used by USB PD (Power Delivery) start with 1, not 0.
Update the alt mdoe registration code to factor this in to the alt mode
descriptor.
Fixes: de0f49487db3 ("platform/chrome: cros_ec_typec: Register partner altmodes")
Signed-off-by: Prashant Malani <pmalani@chromium.org>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220819190807.1275937-3-pmalani@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec_typec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/platform/chrome/cros_ec_typec.c b/drivers/platform/chrome/cros_ec_typec.c
index 4d81d8d45b73..dc5722db2066 100644
--- a/drivers/platform/chrome/cros_ec_typec.c
+++ b/drivers/platform/chrome/cros_ec_typec.c
@@ -698,7 +698,7 @@ static int cros_typec_register_altmodes(struct cros_typec_data *typec, int port_
for (j = 0; j < sop_disc->svids[i].mode_count; j++) {
memset(&desc, 0, sizeof(desc));
desc.svid = sop_disc->svids[i].svid;
- desc.mode = j;
+ desc.mode = j + 1;
desc.vdo = sop_disc->svids[i].mode_vdo[j];
if (is_partner)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 377/862] drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 376/862] platform/chrome: cros_ec_typec: Correct alt mode index Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 378/862] drm/bridge: megachips: Fix a null pointer dereference bug Greg Kroah-Hartman
` (499 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Alex Deucher, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 6b11af6d1c8f5d4135332bb932baaa06e511173d ]
Add missing pci_disable_device() if amdgpu_device_resume() fails.
Fixes: 8e4d5d43cc6c ("drm/amdgpu: Handling of amdgpu_device_resume return value for graceful teardown")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
index 429fcdf28836..de7144b06e93 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
@@ -2563,8 +2563,11 @@ static int amdgpu_pmops_runtime_resume(struct device *dev)
amdgpu_device_baco_exit(drm_dev);
}
ret = amdgpu_device_resume(drm_dev, false);
- if (ret)
+ if (ret) {
+ if (amdgpu_device_supports_px(drm_dev))
+ pci_disable_device(pdev);
return ret;
+ }
if (amdgpu_device_supports_px(drm_dev))
drm_dev->switch_power_state = DRM_SWITCH_POWER_ON;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 378/862] drm/bridge: megachips: Fix a null pointer dereference bug
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 377/862] drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 379/862] drm/bridge: it6505: Fix the order of DP_SET_POWER commands Greg Kroah-Hartman
` (498 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Robert Foss, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 1ff673333d46d2c1b053ebd0c1c7c7c79e36943e ]
When removing the module we will get the following warning:
[ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered
[ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
[ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x130
[ 31.921825] Call Trace:
[ 31.922533] stdp4028_ge_b850v3_fw_remove+0x34/0x60 [megachips_stdpxxxx_ge_b850v3_fw]
[ 31.923139] i2c_device_remove+0x181/0x1f0
The two bridges (stdp2690, stdp4028) do not probe at the same time, so
the driver does not call ge_b850v3_resgiter() when probing, causing the
driver to try to remove the object that has not been initialized.
Fix this by checking whether both the bridges are probed.
Fixes: 11632d4aa2b3 ("drm/bridge: megachips: Ensure both bridges are probed before registration")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220830073450.1897020-1-zheyuma97@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c b/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
index cce98bf2a4e7..72248a565579 100644
--- a/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
+++ b/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
@@ -296,7 +296,9 @@ static void ge_b850v3_lvds_remove(void)
* This check is to avoid both the drivers
* removing the bridge in their remove() function
*/
- if (!ge_b850v3_lvds_ptr)
+ if (!ge_b850v3_lvds_ptr ||
+ !ge_b850v3_lvds_ptr->stdp2690_i2c ||
+ !ge_b850v3_lvds_ptr->stdp4028_i2c)
goto out;
drm_bridge_remove(&ge_b850v3_lvds_ptr->bridge);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 379/862] drm/bridge: it6505: Fix the order of DP_SET_POWER commands
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 378/862] drm/bridge: megachips: Fix a null pointer dereference bug Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 380/862] ASoC: rsnd: Add check for rsnd_mod_power_on Greg Kroah-Hartman
` (497 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pin-yen Lin, Robert Foss, Sasha Levin
From: Pin-yen Lin <treapking@chromium.org>
[ Upstream commit 7c1dceaffd99247bf443606730515b54d6285969 ]
Send DP_SET_POWER_D3 command to the downstream before stopping DP, so the
suspend process will not be interrupted by the HPD interrupt. Also modify
the order in .atomic_enable callback to make the callbacks symmetric.
Fixes: 46ca7da7f1e8 ("drm/bridge: it6505: Send DPCD SET_POWER to downstream")
Signed-off-by: Pin-yen Lin <treapking@chromium.org>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220830045756.1655954-1-treapking@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ite-it6505.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c
index e5626035f311..a09d1a39ab0a 100644
--- a/drivers/gpu/drm/bridge/ite-it6505.c
+++ b/drivers/gpu/drm/bridge/ite-it6505.c
@@ -2945,9 +2945,6 @@ static void it6505_bridge_atomic_enable(struct drm_bridge *bridge,
if (ret)
dev_err(dev, "Failed to setup AVI infoframe: %d", ret);
- it6505_drm_dp_link_set_power(&it6505->aux, &it6505->link,
- DP_SET_POWER_D0);
-
it6505_update_video_parameter(it6505, mode);
ret = it6505_send_video_infoframe(it6505, &frame);
@@ -2957,6 +2954,9 @@ static void it6505_bridge_atomic_enable(struct drm_bridge *bridge,
it6505_int_mask_enable(it6505);
it6505_video_reset(it6505);
+
+ it6505_drm_dp_link_set_power(&it6505->aux, &it6505->link,
+ DP_SET_POWER_D0);
}
static void it6505_bridge_atomic_disable(struct drm_bridge *bridge,
@@ -2968,9 +2968,9 @@ static void it6505_bridge_atomic_disable(struct drm_bridge *bridge,
DRM_DEV_DEBUG_DRIVER(dev, "start");
if (it6505->powered) {
- it6505_video_disable(it6505);
it6505_drm_dp_link_set_power(&it6505->aux, &it6505->link,
DP_SET_POWER_D3);
+ it6505_video_disable(it6505);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 380/862] ASoC: rsnd: Add check for rsnd_mod_power_on
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 379/862] drm/bridge: it6505: Fix the order of DP_SET_POWER commands Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 381/862] ASoC: wm_adsp: Handle optional legacy support Greg Kroah-Hartman
` (496 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Kuninori Morimoto,
Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 376be51caf8871419bbcbb755e1e615d30dc3153 ]
As rsnd_mod_power_on() can return negative numbers,
it should be better to check the return value and
deal with the exception.
Fixes: e7d850dd10f4 ("ASoC: rsnd: use mod base common method on SSI-parent")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/20220902013030.3691266-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sh/rcar/ctu.c | 6 +++++-
sound/soc/sh/rcar/dvc.c | 6 +++++-
sound/soc/sh/rcar/mix.c | 6 +++++-
sound/soc/sh/rcar/src.c | 5 ++++-
sound/soc/sh/rcar/ssi.c | 4 +++-
5 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/sound/soc/sh/rcar/ctu.c b/sound/soc/sh/rcar/ctu.c
index 6156445bcb69..e39eb2ac7e95 100644
--- a/sound/soc/sh/rcar/ctu.c
+++ b/sound/soc/sh/rcar/ctu.c
@@ -171,7 +171,11 @@ static int rsnd_ctu_init(struct rsnd_mod *mod,
struct rsnd_dai_stream *io,
struct rsnd_priv *priv)
{
- rsnd_mod_power_on(mod);
+ int ret;
+
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_ctu_activation(mod);
diff --git a/sound/soc/sh/rcar/dvc.c b/sound/soc/sh/rcar/dvc.c
index 5137e03a9d7c..16befcbc312c 100644
--- a/sound/soc/sh/rcar/dvc.c
+++ b/sound/soc/sh/rcar/dvc.c
@@ -186,7 +186,11 @@ static int rsnd_dvc_init(struct rsnd_mod *mod,
struct rsnd_dai_stream *io,
struct rsnd_priv *priv)
{
- rsnd_mod_power_on(mod);
+ int ret;
+
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_dvc_activation(mod);
diff --git a/sound/soc/sh/rcar/mix.c b/sound/soc/sh/rcar/mix.c
index 3572c2c5686c..1de0e085804c 100644
--- a/sound/soc/sh/rcar/mix.c
+++ b/sound/soc/sh/rcar/mix.c
@@ -146,7 +146,11 @@ static int rsnd_mix_init(struct rsnd_mod *mod,
struct rsnd_dai_stream *io,
struct rsnd_priv *priv)
{
- rsnd_mod_power_on(mod);
+ int ret;
+
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_mix_activation(mod);
diff --git a/sound/soc/sh/rcar/src.c b/sound/soc/sh/rcar/src.c
index 0ea84ae57c6a..f832165e46bc 100644
--- a/sound/soc/sh/rcar/src.c
+++ b/sound/soc/sh/rcar/src.c
@@ -463,11 +463,14 @@ static int rsnd_src_init(struct rsnd_mod *mod,
struct rsnd_priv *priv)
{
struct rsnd_src *src = rsnd_mod_to_src(mod);
+ int ret;
/* reset sync convert_rate */
src->sync.val = 0;
- rsnd_mod_power_on(mod);
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_src_activation(mod);
diff --git a/sound/soc/sh/rcar/ssi.c b/sound/soc/sh/rcar/ssi.c
index 43c5e27dc5c8..7ade6c5ed96f 100644
--- a/sound/soc/sh/rcar/ssi.c
+++ b/sound/soc/sh/rcar/ssi.c
@@ -480,7 +480,9 @@ static int rsnd_ssi_init(struct rsnd_mod *mod,
ssi->usrcnt++;
- rsnd_mod_power_on(mod);
+ ret = rsnd_mod_power_on(mod);
+ if (ret < 0)
+ return ret;
rsnd_ssi_config_init(mod, io);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 381/862] ASoC: wm_adsp: Handle optional legacy support
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 380/862] ASoC: rsnd: Add check for rsnd_mod_power_on Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 382/862] ALSA: hda: beep: Simplify keep-power-at-enable behavior Greg Kroah-Hartman
` (495 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cristian Ciocaltea, Charles Keepax,
Mark Brown, Sasha Levin
From: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
[ Upstream commit 35c8ae25c4fdeabf490e005692795a3be17ca5f6 ]
The tracing capabilities for the speaker protection fw enabled via
commit c55b3e46cb99 ("ASoC: wm_adsp: Add trace caps to speaker
protection FW") are not be available on all platforms, such as the
Valve's Steam Deck which is based on the Halo Core DSP.
As a consequence, whenever the firmware is loaded, a rather misleading
'Failed to parse legacy: -19' error message is written to the kernel
ring buffer:
[ 288.977412] steamdeck kernel: cs35l41 spi-VLV1776:01: DSP1: Firmware version: 3
[ 288.978002] steamdeck kernel: cs35l41 spi-VLV1776:01: DSP1: cs35l41-dsp1-spk-prot.wmfw: Fri 02 Apr 2021 21:03:50 W. Europe Daylight Time
[ 289.094065] steamdeck kernel: cs35l41 spi-VLV1776:01: DSP1: Firmware: 400a4 vendor: 0x2 v0.33.0, 2 algorithms
[ 289.095073] steamdeck kernel: cs35l41 spi-VLV1776:01: DSP1: 0: ID cd v29.53.0 XM@94 YM@e
[ 289.095665] steamdeck kernel: cs35l41 spi-VLV1776:01: DSP1: 1: ID f20b v0.0.1 XM@170 YM@0
[ 289.096275] steamdeck kernel: cs35l41 spi-VLV1776:01: DSP1: Protection: C:\Users\ocanavan\Desktop\cirrusTune_july2021.bin
[ 291.172383] steamdeck kernel: cs35l41 spi-VLV1776:01: DSP1: Failed to parse legacy: -19
Update wm_adsp_buffer_init() to print a more descriptive info message
when wm_adsp_buffer_parse_legacy() returns -ENODEV.
Fixes: c55b3e46cb99 ("ASoC: wm_adsp: Add trace caps to speaker protection FW")
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220825220530.1205141-1-cristian.ciocaltea@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm_adsp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/wm_adsp.c b/sound/soc/codecs/wm_adsp.c
index cfaa45ede916..8a2e9771bb50 100644
--- a/sound/soc/codecs/wm_adsp.c
+++ b/sound/soc/codecs/wm_adsp.c
@@ -1602,7 +1602,9 @@ static int wm_adsp_buffer_init(struct wm_adsp *dsp)
if (list_empty(&dsp->buffer_list)) {
/* Fall back to legacy support */
ret = wm_adsp_buffer_parse_legacy(dsp);
- if (ret)
+ if (ret == -ENODEV)
+ adsp_info(dsp, "Legacy support not available\n");
+ else if (ret)
adsp_warn(dsp, "Failed to parse legacy: %d\n", ret);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 382/862] ALSA: hda: beep: Simplify keep-power-at-enable behavior
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 381/862] ASoC: wm_adsp: Handle optional legacy support Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 383/862] drm/virtio: set fb_modifiers_not_supported Greg Kroah-Hartman
` (494 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 4c8d695cb9bc5f6fd298a586602947b2fc099a64 ]
The recent fix for IDT codecs to keep the power up while the beep is
enabled can be better integrated into the beep helper code.
This patch cleans up the code with refactoring.
Fixes: 414d38ba8710 ("ALSA: hda/sigmatel: Keep power up while beep is enabled")
Link: https://lore.kernel.org/r/20220906092306.26183-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_beep.c | 15 +++++++++++++--
sound/pci/hda/hda_beep.h | 1 +
sound/pci/hda/patch_sigmatel.c | 25 ++-----------------------
3 files changed, 16 insertions(+), 25 deletions(-)
diff --git a/sound/pci/hda/hda_beep.c b/sound/pci/hda/hda_beep.c
index 53a2b89f8983..e63621bcb214 100644
--- a/sound/pci/hda/hda_beep.c
+++ b/sound/pci/hda/hda_beep.c
@@ -118,6 +118,12 @@ static int snd_hda_beep_event(struct input_dev *dev, unsigned int type,
return 0;
}
+static void turn_on_beep(struct hda_beep *beep)
+{
+ if (beep->keep_power_at_enable)
+ snd_hda_power_up_pm(beep->codec);
+}
+
static void turn_off_beep(struct hda_beep *beep)
{
cancel_work_sync(&beep->beep_work);
@@ -125,6 +131,8 @@ static void turn_off_beep(struct hda_beep *beep)
/* turn off beep */
generate_tone(beep, 0);
}
+ if (beep->keep_power_at_enable)
+ snd_hda_power_down_pm(beep->codec);
}
/**
@@ -140,7 +148,9 @@ int snd_hda_enable_beep_device(struct hda_codec *codec, int enable)
enable = !!enable;
if (beep->enabled != enable) {
beep->enabled = enable;
- if (!enable)
+ if (enable)
+ turn_on_beep(beep);
+ else
turn_off_beep(beep);
return 1;
}
@@ -167,7 +177,8 @@ static int beep_dev_disconnect(struct snd_device *device)
input_unregister_device(beep->dev);
else
input_free_device(beep->dev);
- turn_off_beep(beep);
+ if (beep->enabled)
+ turn_off_beep(beep);
return 0;
}
diff --git a/sound/pci/hda/hda_beep.h b/sound/pci/hda/hda_beep.h
index a25358a4807a..db76e3ddba65 100644
--- a/sound/pci/hda/hda_beep.h
+++ b/sound/pci/hda/hda_beep.h
@@ -25,6 +25,7 @@ struct hda_beep {
unsigned int enabled:1;
unsigned int linear_tone:1; /* linear tone for IDT/STAC codec */
unsigned int playing:1;
+ unsigned int keep_power_at_enable:1; /* set by driver */
struct work_struct beep_work; /* scheduled task for beep event */
struct mutex mutex;
void (*power_hook)(struct hda_beep *beep, bool on);
diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
index 7f340f18599c..a794a01a68ca 100644
--- a/sound/pci/hda/patch_sigmatel.c
+++ b/sound/pci/hda/patch_sigmatel.c
@@ -4311,6 +4311,8 @@ static int stac_parse_auto_config(struct hda_codec *codec)
if (codec->beep) {
/* IDT/STAC codecs have linear beep tone parameter */
codec->beep->linear_tone = spec->linear_tone_beep;
+ /* keep power up while beep is enabled */
+ codec->beep->keep_power_at_enable = 1;
/* if no beep switch is available, make its own one */
caps = query_amp_caps(codec, nid, HDA_OUTPUT);
if (!(caps & AC_AMPCAP_MUTE)) {
@@ -4444,28 +4446,6 @@ static int stac_suspend(struct hda_codec *codec)
return 0;
}
-
-static int stac_check_power_status(struct hda_codec *codec, hda_nid_t nid)
-{
-#ifdef CONFIG_SND_HDA_INPUT_BEEP
- struct sigmatel_spec *spec = codec->spec;
-#endif
- int ret = snd_hda_gen_check_power_status(codec, nid);
-
-#ifdef CONFIG_SND_HDA_INPUT_BEEP
- if (nid == spec->gen.beep_nid && codec->beep) {
- if (codec->beep->enabled != spec->beep_power_on) {
- spec->beep_power_on = codec->beep->enabled;
- if (spec->beep_power_on)
- snd_hda_power_up_pm(codec);
- else
- snd_hda_power_down_pm(codec);
- }
- ret |= spec->beep_power_on;
- }
-#endif
- return ret;
-}
#else
#define stac_suspend NULL
#endif /* CONFIG_PM */
@@ -4478,7 +4458,6 @@ static const struct hda_codec_ops stac_patch_ops = {
.unsol_event = snd_hda_jack_unsol_event,
#ifdef CONFIG_PM
.suspend = stac_suspend,
- .check_power_status = stac_check_power_status,
#endif
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 383/862] drm/virtio: set fb_modifiers_not_supported
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 382/862] ALSA: hda: beep: Simplify keep-power-at-enable behavior Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 384/862] drm/bochs: fix blanking Greg Kroah-Hartman
` (493 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shao-Chuan Lee, Chia-I Wu,
Gerd Hoffmann, Sasha Levin
From: Chia-I Wu <olvaffe@gmail.com>
[ Upstream commit 85faca8ca0f659263b5fb2385e4c231cc075bd84 ]
Without this, the drm core advertises LINEAR modifier which is
incorrect.
Also userspace virgl does not support modifiers. For example, it causes
chrome on ozone/drm to fail with "Failed to create scanout buffer".
Fixes: 2af104290da5 ("drm: introduce fb_modifiers_not_supported flag in mode_config")
Suggested-by: Shao-Chuan Lee <shaochuan@chromium.org>
Signed-off-by: Chia-I Wu <olvaffe@gmail.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220831190601.1295129-1-olvaffe@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_display.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/virtio/virtgpu_display.c b/drivers/gpu/drm/virtio/virtgpu_display.c
index 5c7f198c0712..9ea7611a9e0f 100644
--- a/drivers/gpu/drm/virtio/virtgpu_display.c
+++ b/drivers/gpu/drm/virtio/virtgpu_display.c
@@ -349,6 +349,8 @@ int virtio_gpu_modeset_init(struct virtio_gpu_device *vgdev)
vgdev->ddev->mode_config.max_width = XRES_MAX;
vgdev->ddev->mode_config.max_height = YRES_MAX;
+ vgdev->ddev->mode_config.fb_modifiers_not_supported = true;
+
for (i = 0 ; i < vgdev->num_scanouts; ++i)
vgdev_output_init(vgdev, i);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 384/862] drm/bochs: fix blanking
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 383/862] drm/virtio: set fb_modifiers_not_supported Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 385/862] ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF Greg Kroah-Hartman
` (492 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gerd Hoffmann, Thomas Zimmermann,
Sasha Levin
From: Gerd Hoffmann <kraxel@redhat.com>
[ Upstream commit e740ceb53e4579a7a4063712cebecac3c343b189 ]
VGA_IS1_RC is the color mode register (VGA_IS1_RM the one for monochrome
mode, note C vs. M at the end). So when using VGA_IS1_RC make sure the
vga device is actually in color mode and set the corresponding bit in the
misc register.
Reproducible when booting VMs in UEFI mode with some edk2 versions (edk2
fix is on the way too). Doesn't happen in BIOS mode because in that
case the vgabios already flips the bit.
Fixes: 250e743915d4 ("drm/bochs: Add screen blanking support")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: http://patchwork.freedesktop.org/patch/msgid/20220906142957.2763577-1-kraxel@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/tiny/bochs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/tiny/bochs.c b/drivers/gpu/drm/tiny/bochs.c
index 82364a0a7b18..490fa92a4dce 100644
--- a/drivers/gpu/drm/tiny/bochs.c
+++ b/drivers/gpu/drm/tiny/bochs.c
@@ -309,6 +309,8 @@ static void bochs_hw_fini(struct drm_device *dev)
static void bochs_hw_blank(struct bochs_device *bochs, bool blank)
{
DRM_DEBUG_DRIVER("hw_blank %d\n", blank);
+ /* enable color bit (so VGA_IS1_RC access works) */
+ bochs_vga_writeb(bochs, VGA_MIS_W, VGA_MIS_COLOR);
/* discard ar_flip_flop */
(void)bochs_vga_readb(bochs, VGA_IS1_RC);
/* blank or unblank; we need only update index and set 0x20 */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 385/862] ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 384/862] drm/bochs: fix blanking Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 386/862] ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON Greg Kroah-Hartman
` (491 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Mark Brown, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 64ec924c781ee846bd469be8d1d6bbed78c0f439 ]
Adding a probe callback on this snd_soc_card is required when
Sound Open Firmware support is desired, as we need to appropriately
populate the stream_name for SOF to be able to bind widgets.
Failing to do so will produce errors when applying the SOF topology
leading to card registration failure (so, no sound).
While at it, also make sure to fill the topology_shortname as required.
Fixes: 0caf1120c583 ("ASoC: mediatek: mt8195: extract SOF common code")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220906092727.37324-2-angelogioacchino.delregno@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8195/mt8195-mt6359.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sound/soc/mediatek/mt8195/mt8195-mt6359.c b/sound/soc/mediatek/mt8195/mt8195-mt6359.c
index c530e3fc27e4..961e769602d6 100644
--- a/sound/soc/mediatek/mt8195/mt8195-mt6359.c
+++ b/sound/soc/mediatek/mt8195/mt8195-mt6359.c
@@ -1383,7 +1383,13 @@ static int mt8195_mt6359_dev_probe(struct platform_device *pdev)
sof_priv->num_streams = ARRAY_SIZE(g_sof_conn_streams);
sof_priv->sof_dai_link_fixup = mt8195_dai_link_fixup;
soc_card_data->sof_priv = sof_priv;
+ card->probe = mtk_sof_card_probe;
card->late_probe = mtk_sof_card_late_probe;
+ if (!card->topology_shortname_created) {
+ snprintf(card->topology_shortname, 32, "sof-%s", card->name);
+ card->topology_shortname_created = true;
+ }
+ card->name = card->topology_shortname;
sof_on = 1;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 386/862] ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 385/862] ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 387/862] drm/omap: dss: Fix refcount leak bugs Greg Kroah-Hartman
` (490 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Mark Brown, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 404bec4c8f6c38ae5fa208344f1086d38026e93d ]
Here we're using function mtk_adsp_dump() from mtk-adsp-common:
explicitly import its namespace.
Fixes: 3a054f90e955 ("ASoC: SOF: mediatek: Add mt8195 debug dump")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220906092727.37324-3-angelogioacchino.delregno@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/mediatek/mt8195/mt8195.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/sof/mediatek/mt8195/mt8195.c b/sound/soc/sof/mediatek/mt8195/mt8195.c
index 9c146015cd1b..ff575de7e46a 100644
--- a/sound/soc/sof/mediatek/mt8195/mt8195.c
+++ b/sound/soc/sof/mediatek/mt8195/mt8195.c
@@ -652,4 +652,5 @@ static struct platform_driver snd_sof_of_mt8195_driver = {
module_platform_driver(snd_sof_of_mt8195_driver);
MODULE_IMPORT_NS(SND_SOC_SOF_XTENSA);
+MODULE_IMPORT_NS(SND_SOC_SOF_MTK_COMMON);
MODULE_LICENSE("Dual BSD/GPL");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 387/862] drm/omap: dss: Fix refcount leak bugs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 386/862] ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 388/862] drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() Greg Kroah-Hartman
` (489 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Tomi Valkeinen, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 8b42057e62120813ebe9274f508fa785b7cab33a ]
In dss_init_ports() and __dss_uninit_ports(), we should call
of_node_put() for the reference returned by of_graph_get_port_by_id()
in fail path or when it is not used anymore.
Fixes: 09bffa6e5192 ("drm: omap: use common OF graph helpers")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220722144348.1306569-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/omapdrm/dss/dss.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/omapdrm/dss/dss.c b/drivers/gpu/drm/omapdrm/dss/dss.c
index 0399f3390a0a..c4febb861910 100644
--- a/drivers/gpu/drm/omapdrm/dss/dss.c
+++ b/drivers/gpu/drm/omapdrm/dss/dss.c
@@ -1176,6 +1176,7 @@ static void __dss_uninit_ports(struct dss_device *dss, unsigned int num_ports)
default:
break;
}
+ of_node_put(port);
}
}
@@ -1208,11 +1209,13 @@ static int dss_init_ports(struct dss_device *dss)
default:
break;
}
+ of_node_put(port);
}
return 0;
error:
+ of_node_put(port);
__dss_uninit_ports(dss, i);
return r;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 388/862] drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 387/862] drm/omap: dss: Fix refcount leak bugs Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 389/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR Greg Kroah-Hartman
` (488 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafael Mendonca, Alex Deucher, Sasha Levin
From: Rafael Mendonca <rafaelmendsr@gmail.com>
[ Upstream commit 7136f956c73c4ba50bfeb61653dfd6a9669ea915 ]
If construction of the array of work queues to handle hpd_rx_irq offload
work fails, we need to unwind. Destroy all the created workqueues and
the allocated memory for the hpd_rx_irq_offload_work_queue struct array.
Fixes: 8e794421bc98 ("drm/amd/display: Fork thread to offload work of hpd_rx_irq")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 6e36427aab46..194142c581c8 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1296,13 +1296,21 @@ static struct hpd_rx_irq_offload_work_queue *hpd_rx_irq_create_workqueue(struct
if (hpd_rx_offload_wq[i].wq == NULL) {
DRM_ERROR("create amdgpu_dm_hpd_rx_offload_wq fail!");
- return NULL;
+ goto out_err;
}
spin_lock_init(&hpd_rx_offload_wq[i].offload_lock);
}
return hpd_rx_offload_wq;
+
+out_err:
+ for (i = 0; i < max_caps; i++) {
+ if (hpd_rx_offload_wq[i].wq)
+ destroy_workqueue(hpd_rx_offload_wq[i].wq);
+ }
+ kfree(hpd_rx_offload_wq);
+ return NULL;
}
struct amdgpu_stutter_quirk {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 389/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 388/862] drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 390/862] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Greg Kroah-Hartman
` (487 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Judy Hsiao, Brian Norris, Mark Brown,
Sasha Levin
From: Judy Hsiao <judyhsiao@chromium.org>
[ Upstream commit fbb0ec656ee5ee43b4b3022fd8290707265c52df ]
Use regmap_read_poll_timeout to poll I2S_CLR.
It also fixes the 'rockchip-i2s ff070000.i2s; fail to clear' when
the read of I2S_CLR exceeds the retry limit.
Fixes: 0ff9f8b9f592 ("ASoC: rockchip: i2s: Fix error code when fail to read I2S_CLR")
Signed-off-by: Judy Hsiao <judyhsiao@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Link: https://lore.kernel.org/r/20220914031234.2250298-1-judyhsiao@chromium.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/rockchip/rockchip_i2s.c | 41 ++++++++++++-------------------
1 file changed, 16 insertions(+), 25 deletions(-)
diff --git a/sound/soc/rockchip/rockchip_i2s.c b/sound/soc/rockchip/rockchip_i2s.c
index f5f3540a9e18..28c86f5e435e 100644
--- a/sound/soc/rockchip/rockchip_i2s.c
+++ b/sound/soc/rockchip/rockchip_i2s.c
@@ -126,7 +126,6 @@ static inline struct rk_i2s_dev *to_info(struct snd_soc_dai *dai)
static int rockchip_snd_txctrl(struct rk_i2s_dev *i2s, int on)
{
unsigned int val = 0;
- int retry = 10;
int ret = 0;
spin_lock(&i2s->lock);
@@ -163,18 +162,14 @@ static int rockchip_snd_txctrl(struct rk_i2s_dev *i2s, int on)
I2S_CLR_TXC | I2S_CLR_RXC);
if (ret < 0)
goto end;
- regmap_read(i2s->regmap, I2S_CLR, &val);
-
- /* Should wait for clear operation to finish */
- while (val) {
- regmap_read(i2s->regmap, I2S_CLR, &val);
- retry--;
- if (!retry) {
- dev_warn(i2s->dev, "fail to clear\n");
- ret = -EBUSY;
- break;
- }
- }
+ ret = regmap_read_poll_timeout(i2s->regmap,
+ I2S_CLR,
+ val,
+ val != 0,
+ 20,
+ 200);
+ if (ret < 0)
+ dev_warn(i2s->dev, "fail to clear: %d\n", ret);
}
}
end:
@@ -188,7 +183,6 @@ static int rockchip_snd_txctrl(struct rk_i2s_dev *i2s, int on)
static int rockchip_snd_rxctrl(struct rk_i2s_dev *i2s, int on)
{
unsigned int val = 0;
- int retry = 10;
int ret = 0;
spin_lock(&i2s->lock);
@@ -226,17 +220,14 @@ static int rockchip_snd_rxctrl(struct rk_i2s_dev *i2s, int on)
I2S_CLR_TXC | I2S_CLR_RXC);
if (ret < 0)
goto end;
- regmap_read(i2s->regmap, I2S_CLR, &val);
- /* Should wait for clear operation to finish */
- while (val) {
- regmap_read(i2s->regmap, I2S_CLR, &val);
- retry--;
- if (!retry) {
- dev_warn(i2s->dev, "fail to clear\n");
- ret = -EBUSY;
- break;
- }
- }
+ ret = regmap_read_poll_timeout(i2s->regmap,
+ I2S_CLR,
+ val,
+ val != 0,
+ 20,
+ 200);
+ if (ret < 0)
+ dev_warn(i2s->dev, "fail to clear: %d\n", ret);
}
}
end:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 390/862] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 389/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 391/862] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Greg Kroah-Hartman
` (486 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Ulf Hansson, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 5cbedf52608cc3cbc1c2a9a861fb671620427a20 ]
If clk_prepare_enable() fails, there is no point in calling
clk_disable_unprepare() in the error handling path.
Move the out_clk label at the right place.
Fixes: b6507596dfd6 ("MIPS: Alchemy: au1xmmc: use clk framework")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/21d99886d07fa7fcbec74992657dabad98c935c4.1661412818.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/au1xmmc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/au1xmmc.c b/drivers/mmc/host/au1xmmc.c
index a9a0837153d8..c88b039dc9fb 100644
--- a/drivers/mmc/host/au1xmmc.c
+++ b/drivers/mmc/host/au1xmmc.c
@@ -1097,8 +1097,9 @@ static int au1xmmc_probe(struct platform_device *pdev)
if (host->platdata && host->platdata->cd_setup &&
!(mmc->caps & MMC_CAP_NEEDS_POLL))
host->platdata->cd_setup(mmc, 0);
-out_clk:
+
clk_disable_unprepare(host->clk);
+out_clk:
clk_put(host->clk);
out_irq:
free_irq(host->irq, host);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 391/862] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 390/862] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 392/862] drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices Greg Kroah-Hartman
` (485 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Mark Brown, Sasha Levin,
Kelin Wang
From: Liang He <windhl@126.com>
[ Upstream commit bfb735a3ceff0bab6473bac275da96f9b2a06dec ]
In eukrea_tlv320_probe(), we need to hold the reference returned
from of_find_compatible_node() which has increased the refcount
and then call of_node_put() with it when done.
Fixes: 66f232908de2 ("ASoC: eukrea-tlv320: Add DT support.")
Co-authored-by: Kelin Wang <wangkelin2023@163.com>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220914134354.3995587-1-windhl@126.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/eukrea-tlv320.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sound/soc/fsl/eukrea-tlv320.c b/sound/soc/fsl/eukrea-tlv320.c
index 8b61582753c8..9af4c4a35eb1 100644
--- a/sound/soc/fsl/eukrea-tlv320.c
+++ b/sound/soc/fsl/eukrea-tlv320.c
@@ -86,7 +86,7 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
int ret;
int int_port = 0, ext_port;
struct device_node *np = pdev->dev.of_node;
- struct device_node *ssi_np = NULL, *codec_np = NULL;
+ struct device_node *ssi_np = NULL, *codec_np = NULL, *tmp_np = NULL;
eukrea_tlv320.dev = &pdev->dev;
if (np) {
@@ -143,7 +143,7 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
}
if (machine_is_eukrea_cpuimx27() ||
- of_find_compatible_node(NULL, NULL, "fsl,imx21-audmux")) {
+ (tmp_np = of_find_compatible_node(NULL, NULL, "fsl,imx21-audmux"))) {
imx_audmux_v1_configure_port(MX27_AUDMUX_HPCR1_SSI0,
IMX_AUDMUX_V1_PCR_SYN |
IMX_AUDMUX_V1_PCR_TFSDIR |
@@ -158,10 +158,11 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
IMX_AUDMUX_V1_PCR_SYN |
IMX_AUDMUX_V1_PCR_RXDSEL(MX27_AUDMUX_HPCR1_SSI0)
);
+ of_node_put(tmp_np);
} else if (machine_is_eukrea_cpuimx25sd() ||
machine_is_eukrea_cpuimx35sd() ||
machine_is_eukrea_cpuimx51sd() ||
- of_find_compatible_node(NULL, NULL, "fsl,imx31-audmux")) {
+ (tmp_np = of_find_compatible_node(NULL, NULL, "fsl,imx31-audmux"))) {
if (!np)
ext_port = machine_is_eukrea_cpuimx25sd() ?
4 : 3;
@@ -178,6 +179,7 @@ static int eukrea_tlv320_probe(struct platform_device *pdev)
IMX_AUDMUX_V2_PTCR_SYN,
IMX_AUDMUX_V2_PDCR_RXDSEL(int_port)
);
+ of_node_put(tmp_np);
} else {
if (np) {
/* The eukrea,asoc-tlv320 driver was explicitly
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 392/862] drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 391/862] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Greg Kroah-Hartman
@ 2022-10-19 8:27 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 393/862] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Greg Kroah-Hartman
` (484 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marijn Suijten, Yassine Oudjana,
Dmitry Baryshkov, Rob Clark, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 5ccdcecaf8f732f593e359ebfb65de96b11bae66 ]
The commit 6874f48bb8b0 ("drm/msm: make mdp5/dpu devices master
components") changed the MDP5 driver to look for the interconnect paths
in the MDSS device rather than in the MDP5 device itself. This was left
unnoticed since on my testing devices the interconnects probably didn't
reach the sync state.
Rather than just using the MDP5 device for ICC path lookups for the MDP5
devices, introduce an additional helper to check both MDP5/DPU and MDSS
nodes. This will be helpful for the MDP5->DPU conversion, since the
driver will have to check both nodes.
Fixes: 6874f48bb8b0 ("drm/msm: make mdp5/dpu devices master components")
Reported-by: Marijn Suijten <marijn.suijten@somainline.org>
Reported-by: Yassine Oudjana <y.oudjana@protonmail.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Tested-by: Marijn Suijten <marijn.suijten@somainline.org> # On sdm630
Tested-by: Yassine Oudjana <y.oudjana@protonmail.com> # msm8996
Patchwork: https://patchwork.freedesktop.org/patch/496488/
Link: https://lore.kernel.org/r/20220805115630.506391-1-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 7 ++-----
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 9 +++------
drivers/gpu/drm/msm/msm_drv.h | 2 ++
drivers/gpu/drm/msm/msm_io_utils.c | 22 ++++++++++++++++++++++
4 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 008e1420e6e5..8646fd0603cb 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -384,12 +384,9 @@ static int dpu_kms_parse_data_bus_icc_path(struct dpu_kms *dpu_kms)
struct icc_path *path1;
struct drm_device *dev = dpu_kms->dev;
struct device *dpu_dev = dev->dev;
- struct device *mdss_dev = dpu_dev->parent;
- /* Interconnects are a part of MDSS device tree binding, not the
- * MDP/DPU device. */
- path0 = of_icc_get(mdss_dev, "mdp0-mem");
- path1 = of_icc_get(mdss_dev, "mdp1-mem");
+ path0 = msm_icc_get(dpu_dev, "mdp0-mem");
+ path1 = msm_icc_get(dpu_dev, "mdp1-mem");
if (IS_ERR_OR_NULL(path0))
return PTR_ERR_OR_ZERO(path0);
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
index d2a48caf9d27..b0d21838a134 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
@@ -902,12 +902,9 @@ static int mdp5_init(struct platform_device *pdev, struct drm_device *dev)
static int mdp5_setup_interconnect(struct platform_device *pdev)
{
- /* Interconnects are a part of MDSS device tree binding, not the
- * MDP5 device. */
- struct device *mdss_dev = pdev->dev.parent;
- struct icc_path *path0 = of_icc_get(mdss_dev, "mdp0-mem");
- struct icc_path *path1 = of_icc_get(mdss_dev, "mdp1-mem");
- struct icc_path *path_rot = of_icc_get(mdss_dev, "rotator-mem");
+ struct icc_path *path0 = msm_icc_get(&pdev->dev, "mdp0-mem");
+ struct icc_path *path1 = msm_icc_get(&pdev->dev, "mdp1-mem");
+ struct icc_path *path_rot = msm_icc_get(&pdev->dev, "rotator-mem");
if (IS_ERR(path0))
return PTR_ERR(path0);
diff --git a/drivers/gpu/drm/msm/msm_drv.h b/drivers/gpu/drm/msm/msm_drv.h
index b3689a2d27d7..80da0d3cfdc1 100644
--- a/drivers/gpu/drm/msm/msm_drv.h
+++ b/drivers/gpu/drm/msm/msm_drv.h
@@ -433,6 +433,8 @@ void __iomem *msm_ioremap_size(struct platform_device *pdev, const char *name,
phys_addr_t *size);
void __iomem *msm_ioremap_quiet(struct platform_device *pdev, const char *name);
+struct icc_path *msm_icc_get(struct device *dev, const char *name);
+
#define msm_writel(data, addr) writel((data), (addr))
#define msm_readl(addr) readl((addr))
diff --git a/drivers/gpu/drm/msm/msm_io_utils.c b/drivers/gpu/drm/msm/msm_io_utils.c
index 7b504617833a..d02cd29ce829 100644
--- a/drivers/gpu/drm/msm/msm_io_utils.c
+++ b/drivers/gpu/drm/msm/msm_io_utils.c
@@ -5,6 +5,8 @@
* Author: Rob Clark <robdclark@gmail.com>
*/
+#include <linux/interconnect.h>
+
#include "msm_drv.h"
/*
@@ -124,3 +126,23 @@ void msm_hrtimer_work_init(struct msm_hrtimer_work *work,
work->worker = worker;
kthread_init_work(&work->work, fn);
}
+
+struct icc_path *msm_icc_get(struct device *dev, const char *name)
+{
+ struct device *mdss_dev = dev->parent;
+ struct icc_path *path;
+
+ path = of_icc_get(dev, name);
+ if (path)
+ return path;
+
+ /*
+ * If there are no interconnects attached to the corresponding device
+ * node, of_icc_get() will return NULL.
+ *
+ * If the MDP5/DPU device node doesn't have interconnects, lookup the
+ * path in the parent (MDSS) device.
+ */
+ return of_icc_get(mdss_dev, name);
+
+}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 393/862] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2022-10-19 8:27 ` [PATCH 6.0 392/862] drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 394/862] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Greg Kroah-Hartman
` (483 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Abhinav Kumar,
Rob Clark, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 7538f80ae0d98bf51eb89eee5344aec219902d42 ]
Remove loops over hw_vbif. Instead always VBIF's idx as an index in the
array. This fixes an error in dpu_kms_hw_init(), where we fill
dpu_kms->hw_vbif[i], but check for an error pointer at
dpu_kms->hw_vbif[vbif_idx].
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/489569/
Link: https://lore.kernel.org/r/20220615125703.24647-1-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 12 ++++------
drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c | 29 +++++++++++-------------
2 files changed, 18 insertions(+), 23 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 8646fd0603cb..c99c7a218ddb 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -823,12 +823,10 @@ static void _dpu_kms_hw_destroy(struct dpu_kms *dpu_kms)
_dpu_kms_mmu_destroy(dpu_kms);
if (dpu_kms->catalog) {
- for (i = 0; i < dpu_kms->catalog->vbif_count; i++) {
- u32 vbif_idx = dpu_kms->catalog->vbif[i].id;
-
- if ((vbif_idx < VBIF_MAX) && dpu_kms->hw_vbif[vbif_idx]) {
- dpu_hw_vbif_destroy(dpu_kms->hw_vbif[vbif_idx]);
- dpu_kms->hw_vbif[vbif_idx] = NULL;
+ for (i = 0; i < ARRAY_SIZE(dpu_kms->hw_vbif); i++) {
+ if (dpu_kms->hw_vbif[i]) {
+ dpu_hw_vbif_destroy(dpu_kms->hw_vbif[i]);
+ dpu_kms->hw_vbif[i] = NULL;
}
}
}
@@ -1110,7 +1108,7 @@ static int dpu_kms_hw_init(struct msm_kms *kms)
for (i = 0; i < dpu_kms->catalog->vbif_count; i++) {
u32 vbif_idx = dpu_kms->catalog->vbif[i].id;
- dpu_kms->hw_vbif[i] = dpu_hw_vbif_init(vbif_idx,
+ dpu_kms->hw_vbif[vbif_idx] = dpu_hw_vbif_init(vbif_idx,
dpu_kms->vbif[vbif_idx], dpu_kms->catalog);
if (IS_ERR_OR_NULL(dpu_kms->hw_vbif[vbif_idx])) {
rc = PTR_ERR(dpu_kms->hw_vbif[vbif_idx]);
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c
index 21d20373eb8b..a18fb649301c 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c
@@ -11,6 +11,14 @@
#include "dpu_hw_vbif.h"
#include "dpu_trace.h"
+static struct dpu_hw_vbif *dpu_get_vbif(struct dpu_kms *dpu_kms, enum dpu_vbif vbif_idx)
+{
+ if (vbif_idx < ARRAY_SIZE(dpu_kms->hw_vbif))
+ return dpu_kms->hw_vbif[vbif_idx];
+
+ return NULL;
+}
+
/**
* _dpu_vbif_wait_for_xin_halt - wait for the xin to halt
* @vbif: Pointer to hardware vbif driver
@@ -148,20 +156,15 @@ static u32 _dpu_vbif_get_ot_limit(struct dpu_hw_vbif *vbif,
void dpu_vbif_set_ot_limit(struct dpu_kms *dpu_kms,
struct dpu_vbif_set_ot_params *params)
{
- struct dpu_hw_vbif *vbif = NULL;
+ struct dpu_hw_vbif *vbif;
struct dpu_hw_mdp *mdp;
bool forced_on = false;
u32 ot_lim;
- int ret, i;
+ int ret;
mdp = dpu_kms->hw_mdp;
- for (i = 0; i < ARRAY_SIZE(dpu_kms->hw_vbif); i++) {
- if (dpu_kms->hw_vbif[i] &&
- dpu_kms->hw_vbif[i]->idx == params->vbif_idx)
- vbif = dpu_kms->hw_vbif[i];
- }
-
+ vbif = dpu_get_vbif(dpu_kms, params->vbif_idx);
if (!vbif || !mdp) {
DRM_DEBUG_ATOMIC("invalid arguments vbif %d mdp %d\n",
vbif != NULL, mdp != NULL);
@@ -204,7 +207,7 @@ void dpu_vbif_set_ot_limit(struct dpu_kms *dpu_kms,
void dpu_vbif_set_qos_remap(struct dpu_kms *dpu_kms,
struct dpu_vbif_set_qos_params *params)
{
- struct dpu_hw_vbif *vbif = NULL;
+ struct dpu_hw_vbif *vbif;
struct dpu_hw_mdp *mdp;
bool forced_on = false;
const struct dpu_vbif_qos_tbl *qos_tbl;
@@ -216,13 +219,7 @@ void dpu_vbif_set_qos_remap(struct dpu_kms *dpu_kms,
}
mdp = dpu_kms->hw_mdp;
- for (i = 0; i < ARRAY_SIZE(dpu_kms->hw_vbif); i++) {
- if (dpu_kms->hw_vbif[i] &&
- dpu_kms->hw_vbif[i]->idx == params->vbif_idx) {
- vbif = dpu_kms->hw_vbif[i];
- break;
- }
- }
+ vbif = dpu_get_vbif(dpu_kms, params->vbif_idx);
if (!vbif || !vbif->cap) {
DPU_ERROR("invalid vbif %d\n", params->vbif_idx);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 394/862] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 393/862] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 395/862] ALSA: hda/hdmi: change type for the assigned variable Greg Kroah-Hartman
` (482 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuogee Hsieh, Stephen Boyd,
Abhinav Kumar, Dmitry Baryshkov, Rob Clark, Sasha Levin
From: Kuogee Hsieh <quic_khsieh@quicinc.com>
[ Upstream commit aa0bff10af1c4b92e6b56e3e1b7f81c660d3ba78 ]
At current implementation there is an extra 0 at 1.62G link rate which
cause no correct pixel_div selected for 1.62G link rate to calculate
mvid and nvid. This patch delete the extra 0 to have mvid and nvid be
calculated correctly.
Changes in v2:
-- fix Fixes tag's text
Changes in v3:
-- fix misspelling of "Reviewed-by"
Fixes: 937f941ca06f ("drm/msm/dp: Use qmp phy for DP PLL and PHY")
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/499328/
Link: https://lore.kernel.org/r/1661372150-3764-1-git-send-email-quic_khsieh@quicinc.com
[DB: rewrapped commit message]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_catalog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_catalog.c b/drivers/gpu/drm/msm/dp/dp_catalog.c
index 7257515871a9..676279d0ca8d 100644
--- a/drivers/gpu/drm/msm/dp/dp_catalog.c
+++ b/drivers/gpu/drm/msm/dp/dp_catalog.c
@@ -431,7 +431,7 @@ void dp_catalog_ctrl_config_msa(struct dp_catalog *dp_catalog,
if (rate == link_rate_hbr3)
pixel_div = 6;
- else if (rate == 1620000 || rate == 270000)
+ else if (rate == 162000 || rate == 270000)
pixel_div = 2;
else if (rate == link_rate_hbr2)
pixel_div = 4;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 395/862] ALSA: hda/hdmi: change type for the assigned variable
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 394/862] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 396/862] ALSA: hda/hdmi: Fix the converter allocation for the silent stream Greg Kroah-Hartman
` (481 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jaroslav Kysela, Takashi Iwai, Sasha Levin
From: Jaroslav Kysela <perex@perex.cz>
[ Upstream commit 4053a41282f8aae290d3fe7b8daef4c8c53a4ab8 ]
This change converts the assigned value from int type to
the bool type to retain consistency with other structure
members like 'setup', 'non_pcm' etc.
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220913070307.3234038-1-perex@perex.cz
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Stable-dep-of: fc6f923ecfa2 ("ALSA: hda/hdmi: Fix the converter allocation for the silent stream")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_hdmi.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
index c239d9dbbaef..69afea67bf3e 100644
--- a/sound/pci/hda/patch_hdmi.c
+++ b/sound/pci/hda/patch_hdmi.c
@@ -53,7 +53,7 @@ MODULE_PARM_DESC(enable_all_pins, "Forcibly enable all pins");
struct hdmi_spec_per_cvt {
hda_nid_t cvt_nid;
- int assigned;
+ bool assigned; /* the stream has been assigned */
unsigned int channels_min;
unsigned int channels_max;
u32 rates;
@@ -1204,7 +1204,7 @@ static int hdmi_pcm_open_no_pin(struct hda_pcm_stream *hinfo,
return err;
per_cvt = get_cvt(spec, cvt_idx);
- per_cvt->assigned = 1;
+ per_cvt->assigned = true;
hinfo->nid = per_cvt->cvt_nid;
pin_cvt_fixup(codec, NULL, per_cvt->cvt_nid);
@@ -1273,7 +1273,7 @@ static int hdmi_pcm_open(struct hda_pcm_stream *hinfo,
per_cvt = get_cvt(spec, cvt_idx);
/* Claim converter */
- per_cvt->assigned = 1;
+ per_cvt->assigned = true;
set_bit(pcm_idx, &spec->pcm_in_use);
per_pin = get_pin(spec, pin_idx);
@@ -1308,7 +1308,7 @@ static int hdmi_pcm_open(struct hda_pcm_stream *hinfo,
snd_hdmi_eld_update_pcm_info(&eld->info, hinfo);
if (hinfo->channels_min > hinfo->channels_max ||
!hinfo->rates || !hinfo->formats) {
- per_cvt->assigned = 0;
+ per_cvt->assigned = false;
hinfo->nid = 0;
snd_hda_spdif_ctls_unassign(codec, pcm_idx);
err = -ENODEV;
@@ -1767,7 +1767,7 @@ static void silent_stream_enable(struct hda_codec *codec,
}
per_cvt = get_cvt(spec, cvt_idx);
- per_cvt->assigned = 1;
+ per_cvt->assigned = true;
per_pin->cvt_nid = per_cvt->cvt_nid;
per_pin->silent_stream = true;
@@ -1827,7 +1827,7 @@ static void silent_stream_disable(struct hda_codec *codec,
cvt_idx = cvt_nid_to_cvt_index(codec, per_pin->cvt_nid);
if (cvt_idx >= 0 && cvt_idx < spec->num_cvts) {
per_cvt = get_cvt(spec, cvt_idx);
- per_cvt->assigned = 0;
+ per_cvt->assigned = false;
}
if (spec->silent_stream_type == SILENT_STREAM_I915) {
@@ -2223,7 +2223,7 @@ static int hdmi_pcm_close(struct hda_pcm_stream *hinfo,
goto unlock;
}
per_cvt = get_cvt(spec, cvt_idx);
- per_cvt->assigned = 0;
+ per_cvt->assigned = false;
hinfo->nid = 0;
azx_stream(get_azx_dev(substream))->stripe = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 396/862] ALSA: hda/hdmi: Fix the converter allocation for the silent stream
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 395/862] ALSA: hda/hdmi: change type for the assigned variable Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 397/862] ALSA: usb-audio: Properly refcounting clock rate Greg Kroah-Hartman
` (480 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jaroslav Kysela, Kai Vehmanen,
Takashi Iwai, Sasha Levin
From: Jaroslav Kysela <perex@perex.cz>
[ Upstream commit fc6f923ecfa2fafd0600f1b7e2de09baf29865e2 ]
Track the converters handling the silent stream using a new
variable to avoid mixing of the open/close and silent stream
use. This change ensures the proper allocation of the converters.
Fixes: 5f80d6bd2b01 ("ALSA: hda/hdmi: Fix the converter reuse for the silent stream")
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Link: https://lore.kernel.org/r/20220919135444.3554982-1-perex@perex.cz
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_hdmi.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
index 69afea67bf3e..d463c968b3a4 100644
--- a/sound/pci/hda/patch_hdmi.c
+++ b/sound/pci/hda/patch_hdmi.c
@@ -54,6 +54,7 @@ MODULE_PARM_DESC(enable_all_pins, "Forcibly enable all pins");
struct hdmi_spec_per_cvt {
hda_nid_t cvt_nid;
bool assigned; /* the stream has been assigned */
+ bool silent_stream; /* silent stream activated */
unsigned int channels_min;
unsigned int channels_max;
u32 rates;
@@ -988,7 +989,8 @@ static int hdmi_setup_stream(struct hda_codec *codec, hda_nid_t cvt_nid,
* of the pin.
*/
static int hdmi_choose_cvt(struct hda_codec *codec,
- int pin_idx, int *cvt_id)
+ int pin_idx, int *cvt_id,
+ bool silent)
{
struct hdmi_spec *spec = codec->spec;
struct hdmi_spec_per_pin *per_pin;
@@ -1003,6 +1005,9 @@ static int hdmi_choose_cvt(struct hda_codec *codec,
if (per_pin && per_pin->silent_stream) {
cvt_idx = cvt_nid_to_cvt_index(codec, per_pin->cvt_nid);
+ per_cvt = get_cvt(spec, cvt_idx);
+ if (per_cvt->assigned && !silent)
+ return -EBUSY;
if (cvt_id)
*cvt_id = cvt_idx;
return 0;
@@ -1013,7 +1018,7 @@ static int hdmi_choose_cvt(struct hda_codec *codec,
per_cvt = get_cvt(spec, cvt_idx);
/* Must not already be assigned */
- if (per_cvt->assigned)
+ if (per_cvt->assigned || per_cvt->silent_stream)
continue;
if (per_pin == NULL)
break;
@@ -1199,7 +1204,7 @@ static int hdmi_pcm_open_no_pin(struct hda_pcm_stream *hinfo,
if (pcm_idx < 0)
return -EINVAL;
- err = hdmi_choose_cvt(codec, -1, &cvt_idx);
+ err = hdmi_choose_cvt(codec, -1, &cvt_idx, false);
if (err)
return err;
@@ -1267,7 +1272,7 @@ static int hdmi_pcm_open(struct hda_pcm_stream *hinfo,
}
}
- err = hdmi_choose_cvt(codec, pin_idx, &cvt_idx);
+ err = hdmi_choose_cvt(codec, pin_idx, &cvt_idx, false);
if (err < 0)
goto unlock;
@@ -1278,7 +1283,6 @@ static int hdmi_pcm_open(struct hda_pcm_stream *hinfo,
set_bit(pcm_idx, &spec->pcm_in_use);
per_pin = get_pin(spec, pin_idx);
per_pin->cvt_nid = per_cvt->cvt_nid;
- per_pin->silent_stream = false;
hinfo->nid = per_cvt->cvt_nid;
/* flip stripe flag for the assigned stream if supported */
@@ -1760,14 +1764,14 @@ static void silent_stream_enable(struct hda_codec *codec,
}
pin_idx = pin_id_to_pin_index(codec, per_pin->pin_nid, per_pin->dev_id);
- err = hdmi_choose_cvt(codec, pin_idx, &cvt_idx);
+ err = hdmi_choose_cvt(codec, pin_idx, &cvt_idx, true);
if (err) {
codec_err(codec, "hdmi: no free converter to enable silent mode\n");
goto unlock_out;
}
per_cvt = get_cvt(spec, cvt_idx);
- per_cvt->assigned = true;
+ per_cvt->silent_stream = true;
per_pin->cvt_nid = per_cvt->cvt_nid;
per_pin->silent_stream = true;
@@ -1827,7 +1831,7 @@ static void silent_stream_disable(struct hda_codec *codec,
cvt_idx = cvt_nid_to_cvt_index(codec, per_pin->cvt_nid);
if (cvt_idx >= 0 && cvt_idx < spec->num_cvts) {
per_cvt = get_cvt(spec, cvt_idx);
- per_cvt->assigned = false;
+ per_cvt->silent_stream = false;
}
if (spec->silent_stream_type == SILENT_STREAM_I915) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 397/862] ALSA: usb-audio: Properly refcounting clock rate
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 396/862] ALSA: hda/hdmi: Fix the converter allocation for the silent stream Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 398/862] ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup() Greg Kroah-Hartman
` (479 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 9a737e7f8b371e97eb649904276407cee2c9cf30 ]
We fixed the bug introduced by the patch for managing the shared
clocks at the commit 809f44a0cc5a ("ALSA: usb-audio: Clear fixed clock
rate at closing EP"), but it was merely a workaround. By this change,
the clock reference rate is cleared at each EP close, hence the still
remaining EP may need a re-setup of rate unnecessarily.
This patch introduces the proper refcounting for the clock reference
object so that the clock setup is done only when needed.
Fixes: 809f44a0cc5a ("ALSA: usb-audio: Clear fixed clock rate at closing EP")
Fixes: c11117b634f4 ("ALSA: usb-audio: Refcount multiple accesses on the single clock")
Link: https://lore.kernel.org/r/20220920181126.4912-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/endpoint.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -39,6 +39,7 @@ struct snd_usb_iface_ref {
struct snd_usb_clock_ref {
unsigned char clock;
atomic_t locked;
+ int opened;
int rate;
struct list_head list;
};
@@ -802,6 +803,7 @@ snd_usb_endpoint_open(struct snd_usb_aud
ep = NULL;
goto unlock;
}
+ ep->clock_ref->opened++;
}
ep->cur_audiofmt = fp;
@@ -925,8 +927,10 @@ void snd_usb_endpoint_close(struct snd_u
endpoint_set_interface(chip, ep, false);
if (!--ep->opened) {
- if (ep->clock_ref && !atomic_read(&ep->clock_ref->locked))
- ep->clock_ref->rate = 0;
+ if (ep->clock_ref) {
+ if (!--ep->clock_ref->opened)
+ ep->clock_ref->rate = 0;
+ }
ep->iface = 0;
ep->altsetting = 0;
ep->cur_audiofmt = NULL;
@@ -1633,8 +1637,7 @@ void snd_usb_endpoint_stop(struct snd_us
WRITE_ONCE(ep->sync_source->sync_sink, NULL);
stop_urbs(ep, false, keep_pending);
if (ep->clock_ref)
- if (!atomic_dec_return(&ep->clock_ref->locked))
- ep->clock_ref->rate = 0;
+ atomic_dec(&ep->clock_ref->locked);
}
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 398/862] ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 397/862] ALSA: usb-audio: Properly refcounting clock rate Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 399/862] drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() Greg Kroah-Hartman
` (478 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Ujfalusi, Ranjani Sridharan,
Bard Liao, Pierre-Louis Bossart, Mark Brown, Sasha Levin
From: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
[ Upstream commit 61eb0add28023119773d6aab8f402e149473920c ]
The allocated ida needs to be freed up if the IPC message fails since
next time when we try again to set up the widget we are going to try to
allocate another ID and given enough tries, we are going to run out of
unique IDs.
Fixes: 711d0427c713 ("ASoC: SOF: ipc4-topology: move ida allocate/free to widget_setup/free")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220921112751.9253-1-peter.ujfalusi@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/ipc4-topology.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c
index 64929dc9af39..340d92452d7c 100644
--- a/sound/soc/sof/ipc4-topology.c
+++ b/sound/soc/sof/ipc4-topology.c
@@ -1544,9 +1544,16 @@ static int sof_ipc4_widget_setup(struct snd_sof_dev *sdev, struct snd_sof_widget
msg->data_ptr = ipc_data;
ret = sof_ipc_tx_message(sdev->ipc, msg, ipc_size, NULL, 0);
- if (ret < 0)
+ if (ret < 0) {
dev_err(sdev->dev, "failed to create module %s\n", swidget->widget->name);
+ if (swidget->id != snd_soc_dapm_scheduler) {
+ struct sof_ipc4_fw_module *fw_module = swidget->module_info;
+
+ ida_free(&fw_module->m_ida, swidget->instance_id);
+ }
+ }
+
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 399/862] drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 398/862] ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 400/862] virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create() Greg Kroah-Hartman
` (477 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafael Mendonca, Martin Krastev,
Zack Rusin, Sasha Levin
From: Rafael Mendonca <rafaelmendsr@gmail.com>
[ Upstream commit a40c7f61d12fbd1e785e59140b9efd57127c0c33 ]
If the copy of the description string from userspace fails, then the page
for the instance descriptor doesn't get freed before returning -EFAULT,
which leads to a memleak.
Fixes: 7a7a933edd6c ("drm/vmwgfx: Introduce VMware mks-guest-stats")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Reviewed-by: Martin Krastev <krastevm@vmware.com>
Signed-off-by: Zack Rusin <zackr@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220916204751.720716-1-rafaelmendsr@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
index 2aceac7856e2..089046fa21be 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
@@ -1076,6 +1076,7 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, void *data,
if (desc_len < 0) {
atomic_set(&dev_priv->mksstat_user_pids[slot], 0);
+ __free_page(page);
return -EFAULT;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 400/862] virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 399/862] drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 401/862] ASoC: codecs: tx-macro: fix kcontrol put Greg Kroah-Hartman
` (476 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Chia-I Wu,
Gerd Hoffmann, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 37a78445763a5921bb54e9bad01937d0dfa521c1 ]
The ->ring_idx_mask variable is a u64 so static checkers, Smatch in
this case, complain if the BIT() is not also a u64.
drivers/gpu/drm/virtio/virtgpu_ioctl.c:50 virtio_gpu_fence_event_create()
warn: should '(1 << ring_idx)' be a 64 bit type?
Fixes: cd7f5ca33585 ("drm/virtio: implement context init: add virtio_gpu_fence_event")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
Link: http://patchwork.freedesktop.org/patch/msgid/YygN7jY0GdUSQSy0@kili
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index 3b1701607aae..5d05093014ac 100644
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -47,7 +47,7 @@ static int virtio_gpu_fence_event_create(struct drm_device *dev,
struct virtio_gpu_fence_event *e = NULL;
int ret;
- if (!(vfpriv->ring_idx_mask & (1 << ring_idx)))
+ if (!(vfpriv->ring_idx_mask & BIT_ULL(ring_idx)))
return 0;
e = kzalloc(sizeof(*e), GFP_KERNEL);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 401/862] ASoC: codecs: tx-macro: fix kcontrol put
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 400/862] virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 402/862] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Greg Kroah-Hartman
` (475 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla, Mark Brown, Sasha Levin
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit c1057a08af438e0cf5450c1d977a3011198ed2f8 ]
tx_macro_tx_mixer_put() and tx_macro_dec_mode_put() currently returns zero
eventhough it changes the value.
Fix this, so that change notifications are sent correctly.
Fixes: d207bdea0ca9 ("ASoC: codecs: lpass-tx-macro: add dapm widgets and route")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220906170112.1984-6-srinivas.kandagatla@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/lpass-tx-macro.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/lpass-tx-macro.c b/sound/soc/codecs/lpass-tx-macro.c
index 55503ba480bb..e162a08d9945 100644
--- a/sound/soc/codecs/lpass-tx-macro.c
+++ b/sound/soc/codecs/lpass-tx-macro.c
@@ -823,17 +823,23 @@ static int tx_macro_tx_mixer_put(struct snd_kcontrol *kcontrol,
struct tx_macro *tx = snd_soc_component_get_drvdata(component);
if (enable) {
+ if (tx->active_decimator[dai_id] == dec_id)
+ return 0;
+
set_bit(dec_id, &tx->active_ch_mask[dai_id]);
tx->active_ch_cnt[dai_id]++;
tx->active_decimator[dai_id] = dec_id;
} else {
+ if (tx->active_decimator[dai_id] == -1)
+ return 0;
+
tx->active_ch_cnt[dai_id]--;
clear_bit(dec_id, &tx->active_ch_mask[dai_id]);
tx->active_decimator[dai_id] = -1;
}
snd_soc_dapm_mixer_update_power(widget->dapm, kcontrol, enable, update);
- return 0;
+ return 1;
}
static int tx_macro_enable_dec(struct snd_soc_dapm_widget *w,
@@ -1019,9 +1025,12 @@ static int tx_macro_dec_mode_put(struct snd_kcontrol *kcontrol,
int path = e->shift_l;
struct tx_macro *tx = snd_soc_component_get_drvdata(component);
+ if (tx->dec_mode[path] == value)
+ return 0;
+
tx->dec_mode[path] = value;
- return 0;
+ return 1;
}
static int tx_macro_get_bcs(struct snd_kcontrol *kcontrol,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 402/862] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 401/862] ASoC: codecs: tx-macro: fix kcontrol put Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 403/862] ALSA: dmaengine: increment buffer pointer atomically Greg Kroah-Hartman
` (474 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Christophe JAILLET,
Mark Brown, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit abb4e4349afe7eecdb0499582f1c777031e3a7c8 ]
If clk_hw_register() fails, the corresponding clk should not be
unregistered.
To handle errors from loops, clean up partial iterations before doing the
goto. So add a clk_hw_unregister().
Then use a while (--i >= 0) loop in the unwind section.
Fixes: 78013a1cf297 ("ASoC: da7219: Fix clock handling around codec level probe")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/e4acceab57a0d9e477a8d5890a45c5309e553e7c.1663875789.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/da7219.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/da7219.c b/sound/soc/codecs/da7219.c
index 50ecf30e6136..4746c8700451 100644
--- a/sound/soc/codecs/da7219.c
+++ b/sound/soc/codecs/da7219.c
@@ -2196,6 +2196,7 @@ static int da7219_register_dai_clks(struct snd_soc_component *component)
dai_clk_lookup = clkdev_hw_create(dai_clk_hw, init.name,
"%s", dev_name(dev));
if (!dai_clk_lookup) {
+ clk_hw_unregister(dai_clk_hw);
ret = -ENOMEM;
goto err;
} else {
@@ -2217,12 +2218,12 @@ static int da7219_register_dai_clks(struct snd_soc_component *component)
return 0;
err:
- do {
+ while (--i >= 0) {
if (da7219->dai_clks_lookup[i])
clkdev_drop(da7219->dai_clks_lookup[i]);
clk_hw_unregister(&da7219->dai_clks_hw[i]);
- } while (i-- > 0);
+ }
if (np)
kfree(da7219->clk_hw_data);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 403/862] ALSA: dmaengine: increment buffer pointer atomically
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 402/862] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 404/862] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Greg Kroah-Hartman
` (473 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Pape, Eugeniu Rosca,
Takashi Iwai, Sasha Levin
From: Andreas Pape <apape@de.adit-jv.com>
[ Upstream commit d1c442019594692c64a70a86ad88eb5b6db92216 ]
Setting pointer and afterwards checking for wraparound leads
to the possibility of returning the inconsistent pointer position.
This patch increments buffer pointer atomically to avoid this issue.
Fixes: e7f73a1613567a ("ASoC: Add dmaengine PCM helper functions")
Signed-off-by: Andreas Pape <apape@de.adit-jv.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Link: https://lore.kernel.org/r/1664211493-11789-1-git-send-email-erosca@de.adit-jv.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/pcm_dmaengine.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sound/core/pcm_dmaengine.c b/sound/core/pcm_dmaengine.c
index 5b2ca028f5aa..494ec0c207fa 100644
--- a/sound/core/pcm_dmaengine.c
+++ b/sound/core/pcm_dmaengine.c
@@ -133,12 +133,14 @@ EXPORT_SYMBOL_GPL(snd_dmaengine_pcm_set_config_from_dai_data);
static void dmaengine_pcm_dma_complete(void *arg)
{
+ unsigned int new_pos;
struct snd_pcm_substream *substream = arg;
struct dmaengine_pcm_runtime_data *prtd = substream_to_prtd(substream);
- prtd->pos += snd_pcm_lib_period_bytes(substream);
- if (prtd->pos >= snd_pcm_lib_buffer_bytes(substream))
- prtd->pos = 0;
+ new_pos = prtd->pos + snd_pcm_lib_period_bytes(substream);
+ if (new_pos >= snd_pcm_lib_buffer_bytes(substream))
+ new_pos = 0;
+ prtd->pos = new_pos;
snd_pcm_period_elapsed(substream);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 404/862] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 403/862] ALSA: dmaengine: increment buffer pointer atomically Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 405/862] ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe Greg Kroah-Hartman
` (472 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Dan Carpenter,
Ulf Hansson, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit cb58188ad90a61784a56a64f5107faaf2ad323e7 ]
A dma_free_coherent() call is missing in the error handling path of the
probe, as already done in the remove function.
Fixes: 3a96dff0f828 ("mmc: SD/MMC Host Controller for Wondermedia WM8505/WM8650")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/53fc6ffa5d1c428fefeae7d313cf4a669c3a1e98.1663873255.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/wmt-sdmmc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/wmt-sdmmc.c b/drivers/mmc/host/wmt-sdmmc.c
index 163ac9df8cca..9b5c503e3a3f 100644
--- a/drivers/mmc/host/wmt-sdmmc.c
+++ b/drivers/mmc/host/wmt-sdmmc.c
@@ -846,7 +846,7 @@ static int wmt_mci_probe(struct platform_device *pdev)
if (IS_ERR(priv->clk_sdmmc)) {
dev_err(&pdev->dev, "Error getting clock\n");
ret = PTR_ERR(priv->clk_sdmmc);
- goto fail5;
+ goto fail5_and_a_half;
}
ret = clk_prepare_enable(priv->clk_sdmmc);
@@ -863,6 +863,9 @@ static int wmt_mci_probe(struct platform_device *pdev)
return 0;
fail6:
clk_put(priv->clk_sdmmc);
+fail5_and_a_half:
+ dma_free_coherent(&pdev->dev, mmc->max_blk_count * 16,
+ priv->dma_desc_buffer, priv->dma_desc_device_addr);
fail5:
free_irq(dma_irq, priv);
fail4:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 405/862] ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 404/862] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 406/862] ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe Greg Kroah-Hartman
` (471 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Olivier Moysan,
Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit b9a0da5b2edcae2a901b85c8cc42efc5bec4bd7b ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of stm32_adfsdm_probe.
Fixes:98e500a12f934 ("ASoC: stm32: dfsdm: add pm_runtime support for audio")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Reviewed-by: Olivier Moysan <olivier.moysan@foss.st.com>
Link: https://lore.kernel.org/r/20220927142601.64266-2-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/stm/stm32_adfsdm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sound/soc/stm/stm32_adfsdm.c b/sound/soc/stm/stm32_adfsdm.c
index 04f2912e1418..643fc8a17018 100644
--- a/sound/soc/stm/stm32_adfsdm.c
+++ b/sound/soc/stm/stm32_adfsdm.c
@@ -335,8 +335,6 @@ static int stm32_adfsdm_probe(struct platform_device *pdev)
dev_set_drvdata(&pdev->dev, priv);
- pm_runtime_enable(&pdev->dev);
-
ret = devm_snd_soc_register_component(&pdev->dev,
&stm32_adfsdm_dai_component,
&priv->dai_drv, 1);
@@ -366,9 +364,13 @@ static int stm32_adfsdm_probe(struct platform_device *pdev)
#endif
ret = snd_soc_add_component(component, NULL, 0);
- if (ret < 0)
+ if (ret < 0) {
dev_err(&pdev->dev, "%s: Failed to register PCM platform\n",
__func__);
+ return ret;
+ }
+
+ pm_runtime_enable(&pdev->dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 406/862] ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 405/862] ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 407/862] ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe Greg Kroah-Hartman
` (470 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Olivier Moysan,
Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 0325cc0ac7980e1c7b744aab8df59afab6daeb43 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of stm32_spdifrx_probe.
Fixes:ac5e3efd55868 ("ASoC: stm32: spdifrx: add pm_runtime support")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Reviewed-by: Olivier Moysan <olivier.moysan@foss.st.com>
Link: https://lore.kernel.org/r/20220927142601.64266-3-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/stm/stm32_spdifrx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/stm/stm32_spdifrx.c b/sound/soc/stm/stm32_spdifrx.c
index 0f7146756717..d399c906bb92 100644
--- a/sound/soc/stm/stm32_spdifrx.c
+++ b/sound/soc/stm/stm32_spdifrx.c
@@ -1002,8 +1002,6 @@ static int stm32_spdifrx_probe(struct platform_device *pdev)
udelay(2);
reset_control_deassert(rst);
- pm_runtime_enable(&pdev->dev);
-
pcm_config = &stm32_spdifrx_pcm_config;
ret = snd_dmaengine_pcm_register(&pdev->dev, pcm_config, 0);
if (ret)
@@ -1036,6 +1034,8 @@ static int stm32_spdifrx_probe(struct platform_device *pdev)
FIELD_GET(SPDIFRX_VERR_MIN_MASK, ver));
}
+ pm_runtime_enable(&pdev->dev);
+
return ret;
error:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 407/862] ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 406/862] ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 408/862] ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()" Greg Kroah-Hartman
` (469 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Olivier Moysan,
Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 93618e5e05a3ce4aa6750268c5025bdb4cb7dc6e ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of stm32_i2s_probe.
Fixes:32a956a1fadf ("ASoC: stm32: i2s: add pm_runtime support")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Reviewed-by: Olivier Moysan <olivier.moysan@foss.st.com>
Link: https://lore.kernel.org/r/20220927142640.64647-1-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/stm/stm32_i2s.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/stm/stm32_i2s.c b/sound/soc/stm/stm32_i2s.c
index 6aafe793eec4..ce7f6942308f 100644
--- a/sound/soc/stm/stm32_i2s.c
+++ b/sound/soc/stm/stm32_i2s.c
@@ -1136,8 +1136,6 @@ static int stm32_i2s_probe(struct platform_device *pdev)
return dev_err_probe(&pdev->dev, PTR_ERR(i2s->regmap),
"Regmap init error\n");
- pm_runtime_enable(&pdev->dev);
-
ret = snd_dmaengine_pcm_register(&pdev->dev, &stm32_i2s_pcm_config, 0);
if (ret)
return dev_err_probe(&pdev->dev, ret, "PCM DMA register error\n");
@@ -1180,6 +1178,8 @@ static int stm32_i2s_probe(struct platform_device *pdev)
FIELD_GET(I2S_VERR_MIN_MASK, val));
}
+ pm_runtime_enable(&pdev->dev);
+
return ret;
error:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 408/862] ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()"
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 407/862] ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 409/862] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Greg Kroah-Hartman
` (468 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Mark Brown, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit e18f6bcf8e864ea0e9690691d0d749c662b6a2c7 ]
This reverts commit ddea4bbf287b6028eaa15a185d0693856956ecf2 ("ASoC:
wcd-mbhc-v2: use pm_runtime_resume_and_get()"), because it introduced
double runtime PM put if pm_runtime_get_sync() returns -EACCES:
wcd934x-codec wcd934x-codec.3.auto: WCD934X Minor:0x1 Version:0x401
wcd934x-codec wcd934x-codec.3.auto: Runtime PM usage count underflow!
The commit claimed no changes in functionality except dropping the
reference on -EACCESS. This is exactly the change introducing bug
because function calls unconditionally pm_runtime_put_autosuspend() at
the end.
Fixes: ddea4bbf287b ("ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220929131528.217502-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wcd-mbhc-v2.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/sound/soc/codecs/wcd-mbhc-v2.c b/sound/soc/codecs/wcd-mbhc-v2.c
index 98baef594bf3..31009283e7d4 100644
--- a/sound/soc/codecs/wcd-mbhc-v2.c
+++ b/sound/soc/codecs/wcd-mbhc-v2.c
@@ -714,11 +714,12 @@ static int wcd_mbhc_initialise(struct wcd_mbhc *mbhc)
struct snd_soc_component *component = mbhc->component;
int ret;
- ret = pm_runtime_resume_and_get(component->dev);
+ ret = pm_runtime_get_sync(component->dev);
if (ret < 0 && ret != -EACCES) {
dev_err_ratelimited(component->dev,
- "pm_runtime_resume_and_get failed in %s, ret %d\n",
+ "pm_runtime_get_sync failed in %s, ret %d\n",
__func__, ret);
+ pm_runtime_put_noidle(component->dev);
return ret;
}
@@ -1096,11 +1097,12 @@ static void wcd_correct_swch_plug(struct work_struct *work)
mbhc = container_of(work, struct wcd_mbhc, correct_plug_swch);
component = mbhc->component;
- ret = pm_runtime_resume_and_get(component->dev);
+ ret = pm_runtime_get_sync(component->dev);
if (ret < 0 && ret != -EACCES) {
dev_err_ratelimited(component->dev,
- "pm_runtime_resume_and_get failed in %s, ret %d\n",
+ "pm_runtime_get_sync failed in %s, ret %d\n",
__func__, ret);
+ pm_runtime_put_noidle(component->dev);
return;
}
micbias_mv = wcd_mbhc_get_micbias(mbhc);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 409/862] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (407 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 408/862] ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()" Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 410/862] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Greg Kroah-Hartman
` (467 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 41a736ac20602f64773e80f0f5b32cde1830a44a ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of wm8997_probe
Fixes:40843aea5a9bd ("ASoC: wm8997: Initial CODEC driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-2-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm8997.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm8997.c b/sound/soc/codecs/wm8997.c
index 210ad662fc26..77136a521605 100644
--- a/sound/soc/codecs/wm8997.c
+++ b/sound/soc/codecs/wm8997.c
@@ -1161,9 +1161,6 @@ static int wm8997_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm8997_digital_vu[i],
WM8997_DIG_VU, WM8997_DIG_VU);
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
arizona_init_common(arizona);
ret = arizona_init_vol_limit(arizona);
@@ -1182,6 +1179,9 @@ static int wm8997_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 410/862] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (408 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 409/862] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 411/862] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Greg Kroah-Hartman
` (466 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 86b46bf1feb83898d89a2b4a8d08d21e9ea277a7 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of wm5110_probe.
Fixes:5c6af635fd772 ("ASoC: wm5110: Add audio CODEC driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-3-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm5110.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm5110.c b/sound/soc/codecs/wm5110.c
index f3f4a10bf0f7..fc634c995834 100644
--- a/sound/soc/codecs/wm5110.c
+++ b/sound/soc/codecs/wm5110.c
@@ -2457,9 +2457,6 @@ static int wm5110_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm5110_digital_vu[i],
WM5110_DIG_VU, WM5110_DIG_VU);
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
ret = arizona_request_irq(arizona, ARIZONA_IRQ_DSP_IRQ1,
"ADSP2 Compressed IRQ", wm5110_adsp2_irq,
wm5110);
@@ -2492,6 +2489,9 @@ static int wm5110_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 411/862] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (409 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 410/862] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 412/862] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Greg Kroah-Hartman
` (465 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit fcbb60820cd3008bb44334a0395e5e57ccb77329 ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of wm5102_probe.
Fixes:93e8791dd34ca ("ASoC: wm5102: Initial driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-4-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm5102.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm5102.c b/sound/soc/codecs/wm5102.c
index af7d324e3352..c09c9ac51b3e 100644
--- a/sound/soc/codecs/wm5102.c
+++ b/sound/soc/codecs/wm5102.c
@@ -2099,9 +2099,6 @@ static int wm5102_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm5102_digital_vu[i],
WM5102_DIG_VU, WM5102_DIG_VU);
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
ret = arizona_request_irq(arizona, ARIZONA_IRQ_DSP_IRQ1,
"ADSP2 Compressed IRQ", wm5102_adsp2_irq,
wm5102);
@@ -2134,6 +2131,9 @@ static int wm5102_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 412/862] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (410 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 411/862] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 413/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR Greg Kroah-Hartman
` (464 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit b73f11e895e140537e7f8c7251211ccd3ce0782b ]
The pm_runtime_enable will increase power disable depth. Thus
a pairing decrement is needed on the error handling path to
keep it balanced according to context. We fix it by moving
pm_runtime_enable to the endding of mt6660_i2c_probe.
Fixes:f289e55c6eeb4 ("ASoC: Add MediaTek MT6660 Speaker Amp Driver")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20220928160116.125020-5-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/mt6660.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/mt6660.c b/sound/soc/codecs/mt6660.c
index ba11555796ad..45e0df13afb9 100644
--- a/sound/soc/codecs/mt6660.c
+++ b/sound/soc/codecs/mt6660.c
@@ -503,13 +503,17 @@ static int mt6660_i2c_probe(struct i2c_client *client)
dev_err(chip->dev, "read chip revision fail\n");
goto probe_fail;
}
- pm_runtime_set_active(chip->dev);
- pm_runtime_enable(chip->dev);
ret = devm_snd_soc_register_component(chip->dev,
&mt6660_component_driver,
&mt6660_codec_dai, 1);
+ if (!ret) {
+ pm_runtime_set_active(chip->dev);
+ pm_runtime_enable(chip->dev);
+ }
+
return ret;
+
probe_fail:
_mt6660_chip_power_on(chip, 0);
mutex_destroy(&chip->io_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 413/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (411 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 412/862] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 414/862] ALSA: hda/hdmi: Dont skip notification handling during PM operation Greg Kroah-Hartman
` (463 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Judy Hsiao, Mark Brown, Sasha Levin
From: Judy Hsiao <judyhsiao@chromium.org>
[ Upstream commit f0c8d7468af0001b80b0c86802ee28063f800987 ]
1. Uses regmap_read_poll_timeout_atomic to poll I2S_CLR as it is called
within a spin lock.
2. Fixes the typo of break condition in regmap_read_poll_timeout_atomic.
Fixes: fbb0ec656ee5 ("ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR")
Signed-off-by: Judy Hsiao <judyhsiao@chromium.org>
Link: https://lore.kernel.org/r/20220930151546.2017667-1-judyhsiao@chromium.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/rockchip/rockchip_i2s.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/sound/soc/rockchip/rockchip_i2s.c b/sound/soc/rockchip/rockchip_i2s.c
index 28c86f5e435e..a8758ad68442 100644
--- a/sound/soc/rockchip/rockchip_i2s.c
+++ b/sound/soc/rockchip/rockchip_i2s.c
@@ -162,12 +162,12 @@ static int rockchip_snd_txctrl(struct rk_i2s_dev *i2s, int on)
I2S_CLR_TXC | I2S_CLR_RXC);
if (ret < 0)
goto end;
- ret = regmap_read_poll_timeout(i2s->regmap,
- I2S_CLR,
- val,
- val != 0,
- 20,
- 200);
+ ret = regmap_read_poll_timeout_atomic(i2s->regmap,
+ I2S_CLR,
+ val,
+ val == 0,
+ 20,
+ 200);
if (ret < 0)
dev_warn(i2s->dev, "fail to clear: %d\n", ret);
}
@@ -220,12 +220,12 @@ static int rockchip_snd_rxctrl(struct rk_i2s_dev *i2s, int on)
I2S_CLR_TXC | I2S_CLR_RXC);
if (ret < 0)
goto end;
- ret = regmap_read_poll_timeout(i2s->regmap,
- I2S_CLR,
- val,
- val != 0,
- 20,
- 200);
+ ret = regmap_read_poll_timeout_atomic(i2s->regmap,
+ I2S_CLR,
+ val,
+ val == 0,
+ 20,
+ 200);
if (ret < 0)
dev_warn(i2s->dev, "fail to clear: %d\n", ret);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 414/862] ALSA: hda/hdmi: Dont skip notification handling during PM operation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (412 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 413/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 415/862] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Greg Kroah-Hartman
` (462 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brent Lu, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 5226c7b9784eee215e3914f440b3c2e1764f67a8 ]
The HDMI driver skips the notification handling from the graphics
driver when the codec driver is being in the PM operation. This
behavior was introduced by the commit eb399d3c99d8 ("ALSA: hda - Skip
ELD notification during PM process"). This skip may cause a problem,
as we may miss the ELD update when the connection/disconnection
happens right at the runtime-PM operation of the audio codec.
Although this workaround was valid at that time, it's no longer true;
the fix was required just because the ELD update procedure needed to
wake up the audio codec, which had lead to a runtime-resume during a
runtime-suspend. Meanwhile, the ELD update procedure doesn't need a
codec wake up any longer since the commit 788d441a164c ("ALSA: hda -
Use component ops for i915 HDMI/DP audio jack handling"); i.e. there
is no much reason for skipping the notification.
Let's drop those checks for addressing the missing notification.
Fixes: 788d441a164c ("ALSA: hda - Use component ops for i915 HDMI/DP audio jack handling")
Reported-by: Brent Lu <brent.lu@intel.com>
Link: https://lore.kernel.org/r/20220927135807.4097052-1-brent.lu@intel.com
Link: https://lore.kernel.org/r/20221001074809.7461-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_hdmi.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
index d463c968b3a4..287f4f78e7b1 100644
--- a/sound/pci/hda/patch_hdmi.c
+++ b/sound/pci/hda/patch_hdmi.c
@@ -2751,9 +2751,6 @@ static void generic_acomp_pin_eld_notify(void *audio_ptr, int port, int dev_id)
*/
if (codec->core.dev.power.power_state.event == PM_EVENT_SUSPEND)
return;
- /* ditto during suspend/resume process itself */
- if (snd_hdac_is_in_pm(&codec->core))
- return;
check_presence_and_report(codec, pin_nid, dev_id);
}
@@ -2937,9 +2934,6 @@ static void intel_pin_eld_notify(void *audio_ptr, int port, int pipe)
*/
if (codec->core.dev.power.power_state.event == PM_EVENT_SUSPEND)
return;
- /* ditto during suspend/resume process itself */
- if (snd_hdac_is_in_pm(&codec->core))
- return;
snd_hdac_i915_set_bclk(&codec->bus->core);
check_presence_and_report(codec, pin_nid, dev_id);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 415/862] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (413 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 414/862] ALSA: hda/hdmi: Dont skip notification handling during PM operation Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 416/862] memory: of: Fix refcount leak bug in of_get_ddr_timings() Greg Kroah-Hartman
` (461 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Krzysztof Kozlowski, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 61b3c876c1cbdb1efd1f52a1f348580e6e14efb6 ]
The break of for_each_available_child_of_node() needs a
corresponding of_node_put() when the reference 'child' is not
used anymore. Here we do not need to call of_node_put() in
fail path as '!match' means no break.
While the of_platform_device_create() will created a new
reference by 'child' but it has considered the refcounting.
Fixes: fee10bd22678 ("memory: pl353: Add driver for arm pl353 static memory controller")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220716031324.447680-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/pl353-smc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/memory/pl353-smc.c b/drivers/memory/pl353-smc.c
index f84b98278745..d39ee7d06665 100644
--- a/drivers/memory/pl353-smc.c
+++ b/drivers/memory/pl353-smc.c
@@ -122,6 +122,7 @@ static int pl353_smc_probe(struct amba_device *adev, const struct amba_id *id)
}
of_platform_device_create(child, NULL, &adev->dev);
+ of_node_put(child);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 416/862] memory: of: Fix refcount leak bug in of_get_ddr_timings()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (414 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 415/862] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 417/862] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Greg Kroah-Hartman
` (460 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Krzysztof Kozlowski, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 05215fb32010d4afb68fbdbb4d237df6e2d4567b ]
We should add the of_node_put() when breaking out of
for_each_child_of_node() as it will automatically increase
and decrease the refcount.
Fixes: e6b42eb6a66c ("memory: emif: add device tree support to emif driver")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220719085640.1210583-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/of_memory.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/memory/of_memory.c b/drivers/memory/of_memory.c
index dbdf87bc0b78..8e2ef4bf6b17 100644
--- a/drivers/memory/of_memory.c
+++ b/drivers/memory/of_memory.c
@@ -134,6 +134,7 @@ const struct lpddr2_timings *of_get_ddr_timings(struct device_node *np_ddr,
for_each_child_of_node(np_ddr, np_tim) {
if (of_device_is_compatible(np_tim, tim_compat)) {
if (of_do_get_timings(np_tim, &timings[i])) {
+ of_node_put(np_tim);
devm_kfree(dev, timings);
goto default_timings;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 417/862] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (415 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 416/862] memory: of: Fix refcount leak bug in of_get_ddr_timings() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 418/862] locks: fix TOCTOU race when granting write lease Greg Kroah-Hartman
` (459 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Krzysztof Kozlowski, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 48af14fb0eaa63d9aa68f59fb0b205ec55a95636 ]
We should add the of_node_put() when breaking out of
for_each_child_of_node() as it will automatically increase
and decrease the refcount.
Fixes: 976897dd96db ("memory: Extend of_memory with LPDDR3 support")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220719085640.1210583-2-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/of_memory.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/memory/of_memory.c b/drivers/memory/of_memory.c
index 8e2ef4bf6b17..fcd20d85d385 100644
--- a/drivers/memory/of_memory.c
+++ b/drivers/memory/of_memory.c
@@ -285,6 +285,7 @@ const struct lpddr3_timings
if (of_device_is_compatible(np_tim, tim_compat)) {
if (of_lpddr3_do_get_timings(np_tim, &timings[i])) {
devm_kfree(dev, timings);
+ of_node_put(np_tim);
goto default_timings;
}
i++;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 418/862] locks: fix TOCTOU race when granting write lease
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (416 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 417/862] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 419/862] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Greg Kroah-Hartman
` (458 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Layton, Amir Goldstein, Al Viro,
Sasha Levin
From: Amir Goldstein <amir73il@gmail.com>
[ Upstream commit d6da19c9cace63290ccfccb1fc35151ffefc0bec ]
Thread A trying to acquire a write lease checks the value of i_readcount
and i_writecount in check_conflicting_open() to verify that its own fd
is the only fd referencing the file.
Thread B trying to open the file for read will call break_lease() in
do_dentry_open() before incrementing i_readcount, which leaves a small
window where thread A can acquire the write lease and then thread B
completes the open of the file for read without breaking the write lease
that was acquired by thread A.
Fix this race by incrementing i_readcount before checking for existing
leases, same as the case with i_writecount.
Use a helper put_file_access() to decrement i_readcount or i_writecount
in do_dentry_open() and __fput().
Fixes: 387e3746d01c ("locks: eliminate false positive conflicts for write lease")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/file_table.c | 7 +------
fs/internal.h | 10 ++++++++++
fs/open.c | 11 ++++-------
3 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/fs/file_table.c b/fs/file_table.c
index 99c6796c9f28..dd88701e54a9 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -324,12 +324,7 @@ static void __fput(struct file *file)
}
fops_put(file->f_op);
put_pid(file->f_owner.pid);
- if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
- i_readcount_dec(inode);
- if (mode & FMODE_WRITER) {
- put_write_access(inode);
- __mnt_drop_write(mnt);
- }
+ put_file_access(file);
dput(dentry);
if (unlikely(mode & FMODE_NEED_UNMOUNT))
dissolve_on_fput(mnt);
diff --git a/fs/internal.h b/fs/internal.h
index 3e206d3e317c..4372d67a3753 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -102,6 +102,16 @@ extern void chroot_fs_refs(const struct path *, const struct path *);
extern struct file *alloc_empty_file(int, const struct cred *);
extern struct file *alloc_empty_file_noaccount(int, const struct cred *);
+static inline void put_file_access(struct file *file)
+{
+ if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
+ i_readcount_dec(file->f_inode);
+ } else if (file->f_mode & FMODE_WRITER) {
+ put_write_access(file->f_inode);
+ __mnt_drop_write(file->f_path.mnt);
+ }
+}
+
/*
* super.c
*/
diff --git a/fs/open.c b/fs/open.c
index cf7e5c350a54..a81319b6177f 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -842,7 +842,9 @@ static int do_dentry_open(struct file *f,
return 0;
}
- if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
+ if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
+ i_readcount_inc(inode);
+ } else if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
error = get_write_access(inode);
if (unlikely(error))
goto cleanup_file;
@@ -882,8 +884,6 @@ static int do_dentry_open(struct file *f,
goto cleanup_all;
}
f->f_mode |= FMODE_OPENED;
- if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
- i_readcount_inc(inode);
if ((f->f_mode & FMODE_READ) &&
likely(f->f_op->read || f->f_op->read_iter))
f->f_mode |= FMODE_CAN_READ;
@@ -937,10 +937,7 @@ static int do_dentry_open(struct file *f,
if (WARN_ON_ONCE(error > 0))
error = -EINVAL;
fops_put(f->f_op);
- if (f->f_mode & FMODE_WRITER) {
- put_write_access(inode);
- __mnt_drop_write(f->f_path.mnt);
- }
+ put_file_access(f);
cleanup_file:
path_put(&f->f_path);
f->f_path.mnt = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 419/862] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (417 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 418/862] locks: fix TOCTOU race when granting write lease Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 420/862] soc: qcom: smem_state: Add refcounting for the state->of_node Greg Kroah-Hartman
` (457 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Bjorn Andersson, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit af8f6f39b8afd772fda4f8e61823ef8c021bf382 ]
There are two refcount leak bugs in qcom_smsm_probe():
(1) The 'local_node' is escaped out from for_each_child_of_node() as
the break of iteration, we should call of_node_put() for it in error
path or when it is not used anymore.
(2) The 'node' is escaped out from for_each_available_child_of_node()
as the 'goto', we should call of_node_put() for it in goto target.
Fixes: c97c4090ff72 ("soc: qcom: smsm: Add driver for Qualcomm SMSM")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220721135217.1301039-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smsm.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/drivers/soc/qcom/smsm.c b/drivers/soc/qcom/smsm.c
index 9df9bba242f3..3e8994d6110e 100644
--- a/drivers/soc/qcom/smsm.c
+++ b/drivers/soc/qcom/smsm.c
@@ -526,7 +526,7 @@ static int qcom_smsm_probe(struct platform_device *pdev)
for (id = 0; id < smsm->num_hosts; id++) {
ret = smsm_parse_ipc(smsm, id);
if (ret < 0)
- return ret;
+ goto out_put;
}
/* Acquire the main SMSM state vector */
@@ -534,13 +534,14 @@ static int qcom_smsm_probe(struct platform_device *pdev)
smsm->num_entries * sizeof(u32));
if (ret < 0 && ret != -EEXIST) {
dev_err(&pdev->dev, "unable to allocate shared state entry\n");
- return ret;
+ goto out_put;
}
states = qcom_smem_get(QCOM_SMEM_HOST_ANY, SMEM_SMSM_SHARED_STATE, NULL);
if (IS_ERR(states)) {
dev_err(&pdev->dev, "Unable to acquire shared state entry\n");
- return PTR_ERR(states);
+ ret = PTR_ERR(states);
+ goto out_put;
}
/* Acquire the list of interrupt mask vectors */
@@ -548,13 +549,14 @@ static int qcom_smsm_probe(struct platform_device *pdev)
ret = qcom_smem_alloc(QCOM_SMEM_HOST_ANY, SMEM_SMSM_CPU_INTR_MASK, size);
if (ret < 0 && ret != -EEXIST) {
dev_err(&pdev->dev, "unable to allocate smsm interrupt mask\n");
- return ret;
+ goto out_put;
}
intr_mask = qcom_smem_get(QCOM_SMEM_HOST_ANY, SMEM_SMSM_CPU_INTR_MASK, NULL);
if (IS_ERR(intr_mask)) {
dev_err(&pdev->dev, "unable to acquire shared memory interrupt mask\n");
- return PTR_ERR(intr_mask);
+ ret = PTR_ERR(intr_mask);
+ goto out_put;
}
/* Setup the reference to the local state bits */
@@ -565,7 +567,8 @@ static int qcom_smsm_probe(struct platform_device *pdev)
smsm->state = qcom_smem_state_register(local_node, &smsm_state_ops, smsm);
if (IS_ERR(smsm->state)) {
dev_err(smsm->dev, "failed to register qcom_smem_state\n");
- return PTR_ERR(smsm->state);
+ ret = PTR_ERR(smsm->state);
+ goto out_put;
}
/* Register handlers for remote processor entries of interest. */
@@ -595,16 +598,19 @@ static int qcom_smsm_probe(struct platform_device *pdev)
}
platform_set_drvdata(pdev, smsm);
+ of_node_put(local_node);
return 0;
unwind_interfaces:
+ of_node_put(node);
for (id = 0; id < smsm->num_entries; id++)
if (smsm->entries[id].domain)
irq_domain_remove(smsm->entries[id].domain);
qcom_smem_state_unregister(smsm->state);
-
+out_put:
+ of_node_put(local_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 420/862] soc: qcom: smem_state: Add refcounting for the state->of_node
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (418 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 419/862] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 421/862] ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus Greg Kroah-Hartman
` (456 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Bjorn Andersson, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 90681f53b9381c23ff7762a3b13826d620c272de ]
In qcom_smem_state_register() and qcom_smem_state_release(), we
should better use of_node_get() and of_node_put() for the reference
creation and destruction of 'device_node'.
Fixes: 9460ae2ff308 ("soc: qcom: Introduce common SMEM state machine code")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220721135217.1301039-2-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smem_state.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/smem_state.c b/drivers/soc/qcom/smem_state.c
index 31faf4aa868e..e848cc9a3cf8 100644
--- a/drivers/soc/qcom/smem_state.c
+++ b/drivers/soc/qcom/smem_state.c
@@ -136,6 +136,7 @@ static void qcom_smem_state_release(struct kref *ref)
struct qcom_smem_state *state = container_of(ref, struct qcom_smem_state, refcount);
list_del(&state->list);
+ of_node_put(state->of_node);
kfree(state);
}
@@ -205,7 +206,7 @@ struct qcom_smem_state *qcom_smem_state_register(struct device_node *of_node,
kref_init(&state->refcount);
- state->of_node = of_node;
+ state->of_node = of_node_get(of_node);
state->ops = *ops;
state->priv = priv;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 421/862] ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (419 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 420/862] soc: qcom: smem_state: Add refcounting for the state->of_node Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 422/862] arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types Greg Kroah-Hartman
` (455 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Marco Felsch, Shawn Guo,
Sasha Levin
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit afd8f77957e3e83adf21d9229c61ff37f44a177a ]
i2c2 is routed to the pins dedicated as DDC in the module standard.
Reduce clock rate to 100kHz to be in line with VESA standard and hook
this bus up to the HDMI node.
Fixes: 708ed2649ad8 ("ARM: dts: imx6qdl-kontron-samx6i: increase i2c-frequency")
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
[m.felsch@pengutronix.de: add fixes line]
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi b/arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi
index 6b791d515e29..683f6e58ab23 100644
--- a/arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi
@@ -263,6 +263,10 @@
phy-reset-gpios = <&gpio1 25 GPIO_ACTIVE_LOW>;
};
+&hdmi {
+ ddc-i2c-bus = <&i2c2>;
+};
+
&i2c_intern {
pmic@8 {
compatible = "fsl,pfuze100";
@@ -387,7 +391,7 @@
/* HDMI_CTRL */
&i2c2 {
- clock-frequency = <375000>;
+ clock-frequency = <100000>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_i2c2>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 422/862] arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (420 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 421/862] ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 423/862] arm64: dts: renesas: r9a07g054: " Greg Kroah-Hartman
` (454 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit f3b7bc89c97b98aa6f157d5f296695af8940a5ac ]
As per the latest RZ/G2L Hardware User's Manual (Rev.1.10 Apr, 2022),
the interrupt type of SCI{Rx,Tx} is edge triggered.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Fixes: f9a2adcc9e908907 ("arm64: dts: renesas: r9a07g044: Add SCI[0-1] nodes")
Link: https://lore.kernel.org/r/20220802101534.1401342-1-biju.das.jz@bp.renesas.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/renesas/r9a07g044.dtsi b/arch/arm64/boot/dts/renesas/r9a07g044.dtsi
index 3652e511160f..265140b20dad 100644
--- a/arch/arm64/boot/dts/renesas/r9a07g044.dtsi
+++ b/arch/arm64/boot/dts/renesas/r9a07g044.dtsi
@@ -394,8 +394,8 @@
compatible = "renesas,r9a07g044-sci", "renesas,sci";
reg = <0 0x1004d000 0 0x400>;
interrupts = <GIC_SPI 405 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 406 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 407 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 406 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 407 IRQ_TYPE_EDGE_RISING>,
<GIC_SPI 408 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "eri", "rxi", "txi", "tei";
clocks = <&cpg CPG_MOD R9A07G044_SCI0_CLKP>;
@@ -409,8 +409,8 @@
compatible = "renesas,r9a07g044-sci", "renesas,sci";
reg = <0 0x1004d400 0 0x400>;
interrupts = <GIC_SPI 409 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 410 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 411 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 410 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 411 IRQ_TYPE_EDGE_RISING>,
<GIC_SPI 412 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "eri", "rxi", "txi", "tei";
clocks = <&cpg CPG_MOD R9A07G044_SCI1_CLKP>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 423/862] arm64: dts: renesas: r9a07g054: Fix SCI{Rx,Tx} interrupt types
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (421 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 422/862] arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 424/862] arm64: dts: renesas: r9a07g043: " Greg Kroah-Hartman
` (453 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 13dec051c7f139eef345c55a60941843e72128f1 ]
As per the RZ/V2L Hardware User's Manual (Rev.1.00 Nov, 2021),
the interrupt type of SCI{Rx,Tx} is edge triggered.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Fixes: 7c2b8198f4f321df ("arm64: dts: renesas: Add initial DTSI for RZ/V2L SoC")
Link: https://lore.kernel.org/r/20220802101534.1401342-2-biju.das.jz@bp.renesas.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/renesas/r9a07g054.dtsi b/arch/arm64/boot/dts/renesas/r9a07g054.dtsi
index 4d6b9d7684c9..d0eeca4f6aa1 100644
--- a/arch/arm64/boot/dts/renesas/r9a07g054.dtsi
+++ b/arch/arm64/boot/dts/renesas/r9a07g054.dtsi
@@ -399,8 +399,8 @@
compatible = "renesas,r9a07g054-sci", "renesas,sci";
reg = <0 0x1004d000 0 0x400>;
interrupts = <GIC_SPI 405 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 406 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 407 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 406 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 407 IRQ_TYPE_EDGE_RISING>,
<GIC_SPI 408 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "eri", "rxi", "txi", "tei";
clocks = <&cpg CPG_MOD R9A07G054_SCI0_CLKP>;
@@ -414,8 +414,8 @@
compatible = "renesas,r9a07g054-sci", "renesas,sci";
reg = <0 0x1004d400 0 0x400>;
interrupts = <GIC_SPI 409 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 410 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 411 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 410 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 411 IRQ_TYPE_EDGE_RISING>,
<GIC_SPI 412 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "eri", "rxi", "txi", "tei";
clocks = <&cpg CPG_MOD R9A07G054_SCI1_CLKP>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 424/862] arm64: dts: renesas: r9a07g043: Fix SCI{Rx,Tx} interrupt types
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (422 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 423/862] arm64: dts: renesas: r9a07g054: " Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 425/862] dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1 Greg Kroah-Hartman
` (452 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 72a482dbaec4b9e4d54b81be6bdb8c016fd2f4bd ]
As per the RZ/G2UL Hardware User's Manual (Rev.1.00 Apr, 2022),
the interrupt type of SCI{Rx,Tx} is edge triggered.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Fixes: cf40c9689e5109bf ("arm64: dts: renesas: Add initial DTSI for RZ/G2UL SoC")
Link: https://lore.kernel.org/r/20220802101534.1401342-3-biju.das.jz@bp.renesas.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/r9a07g043.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/renesas/r9a07g043.dtsi b/arch/arm64/boot/dts/renesas/r9a07g043.dtsi
index 40201a16d653..af84d4797972 100644
--- a/arch/arm64/boot/dts/renesas/r9a07g043.dtsi
+++ b/arch/arm64/boot/dts/renesas/r9a07g043.dtsi
@@ -334,8 +334,8 @@
compatible = "renesas,r9a07g043-sci", "renesas,sci";
reg = <0 0x1004d000 0 0x400>;
interrupts = <GIC_SPI 405 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 406 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 407 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 406 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 407 IRQ_TYPE_EDGE_RISING>,
<GIC_SPI 408 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "eri", "rxi", "txi", "tei";
clocks = <&cpg CPG_MOD R9A07G043_SCI0_CLKP>;
@@ -349,8 +349,8 @@
compatible = "renesas,r9a07g043-sci", "renesas,sci";
reg = <0 0x1004d400 0 0x400>;
interrupts = <GIC_SPI 409 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 410 IRQ_TYPE_LEVEL_HIGH>,
- <GIC_SPI 411 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 410 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 411 IRQ_TYPE_EDGE_RISING>,
<GIC_SPI 412 IRQ_TYPE_LEVEL_HIGH>;
interrupt-names = "eri", "rxi", "txi", "tei";
clocks = <&cpg CPG_MOD R9A07G043_SCI1_CLKP>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 425/862] dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (423 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 424/862] arm64: dts: renesas: r9a07g043: " Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 426/862] arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl Greg Kroah-Hartman
` (451 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chanho Park, Krzysztof Kozlowski,
Chanwoo Choi, Sasha Levin
From: Chanho Park <chanho61.park@samsung.com>
[ Upstream commit b6740089b740b842d5e6ff55b4b2c3bf5961c69a ]
There are duplicated definitions of peric0 and peric1 cmu blocks. Thus,
they should be defined correctly as numerical order.
Fixes: 680e1c8370a2 ("dt-bindings: clock: add clock binding definitions for Exynos Auto v9")
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Acked-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220727021357.152421-2-chanho61.park@samsung.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../dt-bindings/clock/samsung,exynosautov9.h | 56 +++++++++----------
1 file changed, 28 insertions(+), 28 deletions(-)
diff --git a/include/dt-bindings/clock/samsung,exynosautov9.h b/include/dt-bindings/clock/samsung,exynosautov9.h
index ea9f91b4eb1a..a7db6516593f 100644
--- a/include/dt-bindings/clock/samsung,exynosautov9.h
+++ b/include/dt-bindings/clock/samsung,exynosautov9.h
@@ -226,21 +226,21 @@
#define CLK_GOUT_PERIC0_IPCLK_8 28
#define CLK_GOUT_PERIC0_IPCLK_9 29
#define CLK_GOUT_PERIC0_IPCLK_10 30
-#define CLK_GOUT_PERIC0_IPCLK_11 30
-#define CLK_GOUT_PERIC0_PCLK_0 31
-#define CLK_GOUT_PERIC0_PCLK_1 32
-#define CLK_GOUT_PERIC0_PCLK_2 33
-#define CLK_GOUT_PERIC0_PCLK_3 34
-#define CLK_GOUT_PERIC0_PCLK_4 35
-#define CLK_GOUT_PERIC0_PCLK_5 36
-#define CLK_GOUT_PERIC0_PCLK_6 37
-#define CLK_GOUT_PERIC0_PCLK_7 38
-#define CLK_GOUT_PERIC0_PCLK_8 39
-#define CLK_GOUT_PERIC0_PCLK_9 40
-#define CLK_GOUT_PERIC0_PCLK_10 41
-#define CLK_GOUT_PERIC0_PCLK_11 42
+#define CLK_GOUT_PERIC0_IPCLK_11 31
+#define CLK_GOUT_PERIC0_PCLK_0 32
+#define CLK_GOUT_PERIC0_PCLK_1 33
+#define CLK_GOUT_PERIC0_PCLK_2 34
+#define CLK_GOUT_PERIC0_PCLK_3 35
+#define CLK_GOUT_PERIC0_PCLK_4 36
+#define CLK_GOUT_PERIC0_PCLK_5 37
+#define CLK_GOUT_PERIC0_PCLK_6 38
+#define CLK_GOUT_PERIC0_PCLK_7 39
+#define CLK_GOUT_PERIC0_PCLK_8 40
+#define CLK_GOUT_PERIC0_PCLK_9 41
+#define CLK_GOUT_PERIC0_PCLK_10 42
+#define CLK_GOUT_PERIC0_PCLK_11 43
-#define PERIC0_NR_CLK 43
+#define PERIC0_NR_CLK 44
/* CMU_PERIC1 */
#define CLK_MOUT_PERIC1_BUS_USER 1
@@ -272,21 +272,21 @@
#define CLK_GOUT_PERIC1_IPCLK_8 28
#define CLK_GOUT_PERIC1_IPCLK_9 29
#define CLK_GOUT_PERIC1_IPCLK_10 30
-#define CLK_GOUT_PERIC1_IPCLK_11 30
-#define CLK_GOUT_PERIC1_PCLK_0 31
-#define CLK_GOUT_PERIC1_PCLK_1 32
-#define CLK_GOUT_PERIC1_PCLK_2 33
-#define CLK_GOUT_PERIC1_PCLK_3 34
-#define CLK_GOUT_PERIC1_PCLK_4 35
-#define CLK_GOUT_PERIC1_PCLK_5 36
-#define CLK_GOUT_PERIC1_PCLK_6 37
-#define CLK_GOUT_PERIC1_PCLK_7 38
-#define CLK_GOUT_PERIC1_PCLK_8 39
-#define CLK_GOUT_PERIC1_PCLK_9 40
-#define CLK_GOUT_PERIC1_PCLK_10 41
-#define CLK_GOUT_PERIC1_PCLK_11 42
+#define CLK_GOUT_PERIC1_IPCLK_11 31
+#define CLK_GOUT_PERIC1_PCLK_0 32
+#define CLK_GOUT_PERIC1_PCLK_1 33
+#define CLK_GOUT_PERIC1_PCLK_2 34
+#define CLK_GOUT_PERIC1_PCLK_3 35
+#define CLK_GOUT_PERIC1_PCLK_4 36
+#define CLK_GOUT_PERIC1_PCLK_5 37
+#define CLK_GOUT_PERIC1_PCLK_6 38
+#define CLK_GOUT_PERIC1_PCLK_7 39
+#define CLK_GOUT_PERIC1_PCLK_8 40
+#define CLK_GOUT_PERIC1_PCLK_9 41
+#define CLK_GOUT_PERIC1_PCLK_10 42
+#define CLK_GOUT_PERIC1_PCLK_11 43
-#define PERIC1_NR_CLK 43
+#define PERIC1_NR_CLK 44
/* CMU_PERIS */
#define CLK_MOUT_PERIS_BUS_USER 1
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 426/862] arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (424 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 425/862] dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1 Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 427/862] arm64: dts: qcom: sc7280: Cleanup the lpasscc node Greg Kroah-Hartman
` (450 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Caleb Connolly,
Bjorn Andersson, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 5a0504945878b4af7534c1ce668a5678dc0201cf ]
"make dtbs_check" says:
bias-disable: boolean property with value b'\x00\x00\x00\x00'
Fix this by dropping the offending value.
Fixes: be497abe19bf08fb ("arm64: dts: qcom: Add support for Xiaomi Mi Mix2s")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Caleb Connolly <caleb@connolly.tech>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/629afd26008c2b1ba5822799ea7ea5b5271895e8.1660903997.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts b/arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts
index 7747081b9887..dba7c2693ff5 100644
--- a/arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts
+++ b/arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts
@@ -617,7 +617,7 @@
pins = "gpio6", "gpio10";
function = "gpio";
drive-strength = <8>;
- bias-disable = <0>;
+ bias-disable;
};
sde_dsi_suspend: sde-dsi-suspend {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 427/862] arm64: dts: qcom: sc7280: Cleanup the lpasscc node
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (425 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 426/862] arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 428/862] arm64: dts: qcom: sc7280: Update lpasscore node Greg Kroah-Hartman
` (449 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Satya Priya, Taniya Das,
Stephen Boyd, Bjorn Andersson, Sasha Levin
From: Satya Priya <quic_c_skakit@quicinc.com>
[ Upstream commit 8c7ebabd2e3f33ef24378d3cac00d3e59886cecb ]
Remove "cc" regmap from lpasscc node which is overlapping
with the lpass_aon regmap.
Fixes: 422a295221bb ("arm64: dts: qcom: sc7280: Add clock controller nodes")
Signed-off-by: Satya Priya <quic_c_skakit@quicinc.com>
Signed-off-by: Taniya Das <quic_tdas@quicinc.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/1660107909-27947-2-git-send-email-quic_c_skakit@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7280.dtsi | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi
index dac3b69e314f..1d48f92a2982 100644
--- a/arch/arm64/boot/dts/qcom/sc7280.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi
@@ -2168,9 +2168,8 @@
lpasscc: lpasscc@3000000 {
compatible = "qcom,sc7280-lpasscc";
reg = <0 0x03000000 0 0x40>,
- <0 0x03c04000 0 0x4>,
- <0 0x03389000 0 0x24>;
- reg-names = "qdsp6ss", "top_cc", "cc";
+ <0 0x03c04000 0 0x4>;
+ reg-names = "qdsp6ss", "top_cc";
clocks = <&gcc GCC_CFG_NOC_LPASS_CLK>;
clock-names = "iface";
#clock-cells = <1>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 428/862] arm64: dts: qcom: sc7280: Update lpasscore node
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (426 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 427/862] arm64: dts: qcom: sc7280: Cleanup the lpasscc node Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 429/862] arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches Greg Kroah-Hartman
` (448 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Taniya Das, Satya Priya,
Stephen Boyd, Bjorn Andersson, Sasha Levin
From: Satya Priya <quic_c_skakit@quicinc.com>
[ Upstream commit d9a1e922730389afc425f2250de361b7f07acdbc ]
To maintain consistency with other lpass nodes(lpass_audiocc,
lpass_aon and lpass_hm), update lpasscore to lpass_core.
Fixes: 9499240d15f2 ("arm64: dts: qcom: sc7280: Add lpasscore & lpassaudio clock controllers")
Signed-off-by: Taniya Das <quic_tdas@quicinc.com>
Signed-off-by: Satya Priya <quic_c_skakit@quicinc.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/1660107909-27947-4-git-send-email-quic_c_skakit@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7280.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi
index 1d48f92a2982..51ed691075ad 100644
--- a/arch/arm64/boot/dts/qcom/sc7280.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi
@@ -2191,13 +2191,13 @@
reg = <0 0x03380000 0 0x30000>;
clocks = <&rpmhcc RPMH_CXO_CLK>,
<&rpmhcc RPMH_CXO_CLK_A>,
- <&lpasscore LPASS_CORE_CC_CORE_CLK>;
+ <&lpass_core LPASS_CORE_CC_CORE_CLK>;
clock-names = "bi_tcxo", "bi_tcxo_ao", "iface";
#clock-cells = <1>;
#power-domain-cells = <1>;
};
- lpasscore: clock-controller@3900000 {
+ lpass_core: clock-controller@3900000 {
compatible = "qcom,sc7280-lpasscorecc";
reg = <0 0x03900000 0 0x50000>;
clocks = <&rpmhcc RPMH_CXO_CLK>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 429/862] arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (427 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 428/862] arm64: dts: qcom: sc7280: Update lpasscore node Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 430/862] arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: " Greg Kroah-Hartman
` (447 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Manivannan Sadhasivam,
Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 412737a60c846a6adb7f7571905c200da036815e ]
Do not allow the RPMh regulators to switch to low-power mode with an
exception for the UFS regulators (l7c and l3d) as UFS supports an idle
mode.
This specifically avoids having regulators be but in low-power mode when
only some consumers specify loads while the actual total load really
warrants high-power mode.
Fixes: ccd3517faf18 ("arm64: dts: qcom: sc8280xp: Add reference device")
Link: https://lore.kernel.org/all/YtkrDcjTGhpaU1e0@hovoldconsulting.com
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220803121942.30236-2-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts
index 45058ad0a1c8..6792e88b2c6c 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts
+++ b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts
@@ -87,7 +87,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
regulator-boot-on;
regulator-always-on;
};
@@ -97,7 +96,6 @@
regulator-min-microvolt = <912000>;
regulator-max-microvolt = <912000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l6b: ldo6 {
@@ -105,7 +103,6 @@
regulator-min-microvolt = <880000>;
regulator-max-microvolt = <880000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
regulator-boot-on;
};
};
@@ -119,7 +116,6 @@
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l7c: ldo7 {
@@ -135,7 +131,6 @@
regulator-min-microvolt = <3072000>;
regulator-max-microvolt = <3072000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
};
@@ -158,7 +153,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l6d: ldo6 {
@@ -166,7 +160,6 @@
regulator-min-microvolt = <880000>;
regulator-max-microvolt = <880000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l7d: ldo7 {
@@ -174,7 +167,6 @@
regulator-min-microvolt = <3072000>;
regulator-max-microvolt = <3072000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l9d: ldo9 {
@@ -182,7 +174,6 @@
regulator-min-microvolt = <912000>;
regulator-max-microvolt = <912000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 430/862] arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: disallow regulator mode switches
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (428 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 429/862] arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 431/862] arm64: dts: qcom: sa8295p-adp: " Greg Kroah-Hartman
` (446 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Manivannan Sadhasivam,
Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 648ec2f2ddc05346287e308fbc31a6b8117a1edd ]
Do not allow the RPMh regulators to switch to low-power mode.
This specifically avoids having regulators be but in low-power mode when
only some consumers specify loads while the actual total load really
warrants high-power mode.
Fixes: 32c231385ed4 ("arm64: dts: qcom: sc8280xp: add Lenovo Thinkpad X13s devicetree")
Link: https://lore.kernel.org/all/YtkrDcjTGhpaU1e0@hovoldconsulting.com
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220803121942.30236-3-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts
index 4c404e2eafba..f0ab207cc8e9 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts
+++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts
@@ -79,7 +79,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
regulator-boot-on;
};
@@ -88,7 +87,6 @@
regulator-min-microvolt = <912000>;
regulator-max-microvolt = <912000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l6b: ldo6 {
@@ -96,7 +94,6 @@
regulator-min-microvolt = <880000>;
regulator-max-microvolt = <880000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
regulator-boot-on;
regulator-always-on; // FIXME: VDD_A_EDP_0_0P9
};
@@ -111,7 +108,6 @@
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l12c: ldo12 {
@@ -119,7 +115,6 @@
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l13c: ldo13 {
@@ -127,7 +122,6 @@
regulator-min-microvolt = <3072000>;
regulator-max-microvolt = <3072000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
};
@@ -142,7 +136,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l4d: ldo4 {
@@ -150,7 +143,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l7d: ldo7 {
@@ -158,7 +150,6 @@
regulator-min-microvolt = <3072000>;
regulator-max-microvolt = <3072000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l9d: ldo9 {
@@ -166,7 +157,6 @@
regulator-min-microvolt = <912000>;
regulator-max-microvolt = <912000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 431/862] arm64: dts: qcom: sa8295p-adp: disallow regulator mode switches
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (429 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 430/862] arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: " Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 432/862] arm64: dts: qcom: pm8350c: Drop PWM reg declaration Greg Kroah-Hartman
` (445 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Manivannan Sadhasivam,
Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 2a6164cef63cae77edbd9deef844b1774886fcb7 ]
Do not allow the RPMh regulators to switch to low-power mode with an
exception for the UFS regulators (l3c, l6c, l10c and l17c) as UFS
supports an idle mode.
This specifically avoids having regulators be but in low-power mode when
only some consumers specify loads while the actual total load really
warrants high-power mode.
Fixes: 519183af39b2 ("arm64: dts: qcom: add SA8540P and ADP")
Link: https://lore.kernel.org/all/YtkrDcjTGhpaU1e0@hovoldconsulting.com
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220803121942.30236-4-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sa8295p-adp.dts | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sa8295p-adp.dts b/arch/arm64/boot/dts/qcom/sa8295p-adp.dts
index 9398f0349944..ca5f5ad32ce5 100644
--- a/arch/arm64/boot/dts/qcom/sa8295p-adp.dts
+++ b/arch/arm64/boot/dts/qcom/sa8295p-adp.dts
@@ -35,7 +35,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1208000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l5a: ldo5 {
@@ -43,7 +42,6 @@
regulator-min-microvolt = <912000>;
regulator-max-microvolt = <912000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l7a: ldo7 {
@@ -51,7 +49,6 @@
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l13a: ldo13 {
@@ -59,7 +56,6 @@
regulator-min-microvolt = <3072000>;
regulator-max-microvolt = <3072000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
};
@@ -72,7 +68,6 @@
regulator-min-microvolt = <912000>;
regulator-max-microvolt = <912000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l2c: ldo2 {
@@ -80,7 +75,6 @@
regulator-min-microvolt = <3072000>;
regulator-max-microvolt = <3072000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l3c: ldo3 {
@@ -96,7 +90,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1208000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l6c: ldo6 {
@@ -112,7 +105,6 @@
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l10c: ldo10 {
@@ -141,7 +133,6 @@
regulator-min-microvolt = <1200000>;
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l7g: ldo7 {
@@ -149,7 +140,6 @@
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
vreg_l8g: ldo8 {
@@ -157,7 +147,6 @@
regulator-min-microvolt = <880000>;
regulator-max-microvolt = <880000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
- regulator-allow-set-load;
};
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 432/862] arm64: dts: qcom: pm8350c: Drop PWM reg declaration
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (430 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 431/862] arm64: dts: qcom: sa8295p-adp: " Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 433/862] arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ Greg Kroah-Hartman
` (444 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bryan ODonoghue,
Bjorn Andersson, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit eeca7d46217ccfe9289530e959c0fb29190af0d6 ]
The PWM is a part of the SPMI PMIC block and maps several different
addresses within the SPMI block. It is not accurate to describe as pwm@reg
as a result.
Fixes: 5be66d2dc887 ("arm64: dts: qcom: pm8350c: Add pwm support")
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220828132648.3624126-3-bryan.odonoghue@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/pm8350c.dtsi | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/pm8350c.dtsi b/arch/arm64/boot/dts/qcom/pm8350c.dtsi
index e0bbb67717fe..f28e71487d5c 100644
--- a/arch/arm64/boot/dts/qcom/pm8350c.dtsi
+++ b/arch/arm64/boot/dts/qcom/pm8350c.dtsi
@@ -30,9 +30,8 @@
#interrupt-cells = <2>;
};
- pm8350c_pwm: pwm@e800 {
+ pm8350c_pwm: pwm {
compatible = "qcom,pm8350c-pwm";
- reg = <0xe800>;
#pwm-cells = <2>;
status = "disabled";
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 433/862] arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (431 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 432/862] arm64: dts: qcom: pm8350c: Drop PWM reg declaration Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 434/862] ARM: dts: turris-omnia: Fix mpp26 pin name and comment Greg Kroah-Hartman
` (443 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Kaehlcke, Stephen Boyd,
Bjorn Andersson, Sasha Levin
From: Stephen Boyd <swboyd@chromium.org>
[ Upstream commit 144fbd028fdec2deeb3b99d5e60dbf3167950ebe ]
There's still a thermal zone using pm6150_adc in the pm6150.dtsi file,
pm6150_thermal. It's not super obvious because it indirectly uses the
adc through an iio channel in pm6150_temp. Let's keep this enabled on
lazor and coachz so that reading the temperature of the pm6150_thermal
zone continues to work. Otherwise we get -EINVAL when reading the zone,
and I suspect the PMIC temperature trip doesn't work properly so we
don't shutdown when the PMIC overheats.
Cc: Matthias Kaehlcke <mka@chromium.org>
Fixes: b8d1e3d33487 ("arm64: dts: qcom: sc7180-trogdor: Delete ADC config for unused thermistors")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220827004901.511543-1-swboyd@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz-r1.dts | 2 --
arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor.dtsi | 2 --
2 files changed, 4 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz-r1.dts b/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz-r1.dts
index 8290d036044a..edfcd47e1a00 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz-r1.dts
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-coachz-r1.dts
@@ -24,8 +24,6 @@
};
&pm6150_adc {
- status = "disabled";
-
/delete-node/ skin-temp-thermistor@4e;
/delete-node/ charger-thermistor@4f;
};
diff --git a/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor.dtsi b/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor.dtsi
index 2cf7d5212c61..002663d752da 100644
--- a/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor.dtsi
@@ -55,8 +55,6 @@ ap_ts_pen_1v8: &i2c4 {
};
&pm6150_adc {
- status = "disabled";
-
/delete-node/ charger-thermistor@4f;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 434/862] ARM: dts: turris-omnia: Fix mpp26 pin name and comment
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (432 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 433/862] arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 435/862] ARM: dts: kirkwood: lsxl: fix serial line Greg Kroah-Hartman
` (442 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún, Gregory CLEMENT,
Sasha Levin
From: Marek Behún <kabel@kernel.org>
[ Upstream commit 49e93898f0dc177e645c22d0664813567fd9ec00 ]
There is a bug in Turris Omnia's schematics, whereupon the MPP[26] pin,
which is routed to CN11 pin header, is documented as SPI CS1, but
MPP[26] pin does not support this function. Instead it controls chip
select 2 if in "spi0" mode.
Fix the name of the pin node in pinctrl node and fix the comment in SPI
node.
Fixes: 26ca8b52d6e1 ("ARM: dts: add support for Turris Omnia")
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-385-turris-omnia.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/armada-385-turris-omnia.dts b/arch/arm/boot/dts/armada-385-turris-omnia.dts
index d1e0db6e5730..a41902e3815c 100644
--- a/arch/arm/boot/dts/armada-385-turris-omnia.dts
+++ b/arch/arm/boot/dts/armada-385-turris-omnia.dts
@@ -476,7 +476,7 @@
marvell,function = "spi0";
};
- spi0cs1_pins: spi0cs1-pins {
+ spi0cs2_pins: spi0cs2-pins {
marvell,pins = "mpp26";
marvell,function = "spi0";
};
@@ -511,7 +511,7 @@
};
};
- /* MISO, MOSI, SCLK and CS1 are routed to pin header CN11 */
+ /* MISO, MOSI, SCLK and CS2 are routed to pin header CN11 */
};
&uart0 {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 435/862] ARM: dts: kirkwood: lsxl: fix serial line
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (433 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 434/862] ARM: dts: turris-omnia: Fix mpp26 pin name and comment Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 436/862] ARM: dts: kirkwood: lsxl: remove first ethernet port Greg Kroah-Hartman
` (441 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Andrew Lunn,
Gregory CLEMENT, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 04eabc6ac10fda9424606d9a7ab6ab9a5d95350a ]
Commit 327e15428977 ("ARM: dts: kirkwood: consolidate common pinctrl
settings") unknowingly broke the serial output on this board. Before
this commit, the pinmux was still configured by the bootloader and the
kernel didn't reconfigured it again. This was an oversight by the
initial board support where the pinmux for the serial line was never
configured by the kernel. But with this commit, the serial line will be
reconfigured to the wrong pins. This is especially confusing, because
the output still works, but the input doesn't. Presumingly, the input is
reconfigured to MPP10, but the output is connected to both MPP11 and
MPP5.
Override the pinmux in the board device tree.
Fixes: 327e15428977 ("ARM: dts: kirkwood: consolidate common pinctrl settings")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/kirkwood-lsxl.dtsi | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/arm/boot/dts/kirkwood-lsxl.dtsi b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
index 7b151acb9984..321a40a98ed2 100644
--- a/arch/arm/boot/dts/kirkwood-lsxl.dtsi
+++ b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
@@ -10,6 +10,11 @@
ocp@f1000000 {
pinctrl: pin-controller@10000 {
+ /* Non-default UART pins */
+ pmx_uart0: pmx-uart0 {
+ marvell,pins = "mpp4", "mpp5";
+ };
+
pmx_power_hdd: pmx-power-hdd {
marvell,pins = "mpp10";
marvell,function = "gpo";
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 436/862] ARM: dts: kirkwood: lsxl: remove first ethernet port
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (434 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 435/862] ARM: dts: kirkwood: lsxl: fix serial line Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 437/862] arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios Greg Kroah-Hartman
` (440 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Andrew Lunn,
Gregory CLEMENT, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 2d528eda7c96ce5c70f895854ecd5684bd5d80b9 ]
Both the Linkstation LS-CHLv2 and the LS-XHL have only one ethernet
port. This has always been wrong, i.e. the board code used to set up
both ports, but the driver will play nice and return -ENODEV if the
assiciated PHY is not found. Nevertheless, it is wrong. Remove it.
Fixes: 876e23333511 ("ARM: kirkwood: add gigabit ethernet and mvmdio device tree nodes")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/kirkwood-lsxl.dtsi | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/arch/arm/boot/dts/kirkwood-lsxl.dtsi b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
index 321a40a98ed2..88b70ba1c8fe 100644
--- a/arch/arm/boot/dts/kirkwood-lsxl.dtsi
+++ b/arch/arm/boot/dts/kirkwood-lsxl.dtsi
@@ -218,22 +218,11 @@
&mdio {
status = "okay";
- ethphy0: ethernet-phy@0 {
- reg = <0>;
- };
-
ethphy1: ethernet-phy@8 {
reg = <8>;
};
};
-ð0 {
- status = "okay";
- ethernet0-port@0 {
- phy-handle = <ðphy0>;
- };
-};
-
ð1 {
status = "okay";
ethernet1-port@0 {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 437/862] arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (435 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 436/862] ARM: dts: kirkwood: lsxl: remove first ethernet port Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node Greg Kroah-Hartman
` (439 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Packham, Gregory CLEMENT, Sasha Levin
From: Chris Packham <chris.packham@alliedtelesis.co.nz>
[ Upstream commit 2b14d382ec97ca5b420239ee6e16da390fab476c ]
Use the correct names for scl-gpios and sda-gpios so that the generic
i2c recovery code will find them. While we're here set the
GPIO_OPEN_DRAIN flag on the gpios.
Fixes: b795fadfc46b ("arm64: dts: marvell: Add Armada 98DX2530 SoC and RD-AC5X board")
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/marvell/ac5-98dx25xx.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/boot/dts/marvell/ac5-98dx25xx.dtsi b/arch/arm64/boot/dts/marvell/ac5-98dx25xx.dtsi
index 80b44c7df56a..881bf948d1df 100644
--- a/arch/arm64/boot/dts/marvell/ac5-98dx25xx.dtsi
+++ b/arch/arm64/boot/dts/marvell/ac5-98dx25xx.dtsi
@@ -117,8 +117,8 @@
pinctrl-names = "default", "gpio";
pinctrl-0 = <&i2c0_pins>;
pinctrl-1 = <&i2c0_gpio>;
- scl_gpio = <&gpio0 26 GPIO_ACTIVE_HIGH>;
- sda_gpio = <&gpio0 27 GPIO_ACTIVE_HIGH>;
+ scl-gpios = <&gpio0 26 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
+ sda-gpios = <&gpio0 27 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -136,8 +136,8 @@
pinctrl-names = "default", "gpio";
pinctrl-0 = <&i2c1_pins>;
pinctrl-1 = <&i2c1_gpio>;
- scl_gpio = <&gpio0 20 GPIO_ACTIVE_HIGH>;
- sda_gpio = <&gpio0 21 GPIO_ACTIVE_HIGH>;
+ scl-gpios = <&gpio0 20 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
+ sda-gpios = <&gpio0 21 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (436 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 437/862] arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 15:33 ` Johan Hovold
2022-10-19 8:28 ` [PATCH 6.0 439/862] ia64: export memory_add_physaddr_to_nid to fix cxl build error Greg Kroah-Hartman
` (438 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bryan ODonoghue,
Bjorn Andersson, Bhupesh Sharma, Sasha Levin
From: Bhupesh Sharma <bhupesh.sharma@linaro.org>
[ Upstream commit 7dac7991408f77b0b33ee5e6b729baa683889277 ]
Commit eeca7d46217c ("arm64: dts: qcom: pm8350c: Drop PWM reg declaration")
dropped PWM reg declaration for pm8350c pwm(s), but there is a leftover
'reg' entry inside the lpg/pwm node in sc8280xp dts file. Remove the same.
While at it, also remove the unused unit address in the node
label.
Also, since dt-bindings expect LPG/PWM node name to be "pwm",
use correct node name as well, to fix the following
error reported by 'make dtbs_check':
'lpg' does not match any of the regexes
Fixes: eeca7d46217c ("arm64: dts: qcom: pm8350c: Drop PWM reg declaration")
Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Cc: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220905070240.1634997-1-bhupesh.sharma@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi
index ae90b97aecb8..24836b6b9bbc 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi
@@ -60,9 +60,8 @@
#interrupt-cells = <2>;
};
- pmc8280c_lpg: lpg@e800 {
+ pmc8280c_lpg: pwm {
compatible = "qcom,pm8350c-pwm";
- reg = <0xe800>;
#address-cells = <1>;
#size-cells = <0>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 439/862] ia64: export memory_add_physaddr_to_nid to fix cxl build error
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (437 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 440/862] arm64: dts: qcom: sm8350-sagami: correct TS pin property Greg Kroah-Hartman
` (437 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Randy Dunlap,
Dan Williams, Ben Widawsky, Jonathan Cameron, linux-ia64,
Arnd Bergmann, Keith Mannthey, Andrew Morton, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 97c318bfbe84efded246e80428054f300042f110 ]
cxl_pmem.ko uses memory_add_physaddr_to_nid() but ia64 does not export it,
so this causes a build error:
ERROR: modpost: "memory_add_physaddr_to_nid" [drivers/cxl/cxl_pmem.ko] undefined!
Fix this by exporting that function.
Fixes: 8c2676a5870a ("hot-add-mem x86_64: memory_add_physaddr_to_nid node fixup")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Ben Widawsky <bwidawsk@kernel.org>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: linux-ia64@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Keith Mannthey <kmannth@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/mm/numa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/ia64/mm/numa.c b/arch/ia64/mm/numa.c
index d6579ec3ea32..4c7b1f50e3b7 100644
--- a/arch/ia64/mm/numa.c
+++ b/arch/ia64/mm/numa.c
@@ -75,5 +75,6 @@ int memory_add_physaddr_to_nid(u64 addr)
return 0;
return nid;
}
+EXPORT_SYMBOL(memory_add_physaddr_to_nid);
#endif
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 440/862] arm64: dts: qcom: sm8350-sagami: correct TS pin property
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (438 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 439/862] ia64: export memory_add_physaddr_to_nid to fix cxl build error Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 441/862] soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse() Greg Kroah-Hartman
` (436 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bjorn Andersson,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit c9c53d1f4329564f98ed0decfe3c377c6639ec5d ]
The pin configuration is selected with "pins", not "pin" property.
Fixes: 1209e9246632 ("arm64: dts: qcom: sm8350-sagami: Enable and populate I2C/SPI nodes")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220912061746.6311-37-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8350-sony-xperia-sagami.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8350-sony-xperia-sagami.dtsi b/arch/arm64/boot/dts/qcom/sm8350-sony-xperia-sagami.dtsi
index cb9bbd234b7b..b702ab1605bb 100644
--- a/arch/arm64/boot/dts/qcom/sm8350-sony-xperia-sagami.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8350-sony-xperia-sagami.dtsi
@@ -223,7 +223,7 @@
gpio-reserved-ranges = <44 4>;
ts_int_default: ts-int-default {
- pin = "gpio23";
+ pins = "gpio23";
function = "gpio";
drive-strength = <2>;
bias-disable;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 441/862] soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (439 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 440/862] arm64: dts: qcom: sm8350-sagami: correct TS pin property Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 442/862] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA Greg Kroah-Hartman
` (435 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Thierry Reding, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit e941712cccab8a96f03b5d3274159c1ed338efee ]
In this function, of_find_matching_node() will return a node pointer
with refcount incremented. We should use of_node_put() when the "np"
pointer is not used anymore.
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/soc/tegra/fuse/fuse-tegra.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/soc/tegra/fuse/fuse-tegra.c
+++ b/drivers/soc/tegra/fuse/fuse-tegra.c
@@ -568,6 +568,7 @@ static int __init tegra_init_fuse(void)
np = of_find_matching_node(NULL, car_match);
if (np) {
void __iomem *base = of_iomap(np, 0);
+ of_node_put(np);
if (base) {
tegra_enable_fuse_clk(base);
iounmap(base);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 442/862] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (440 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 441/862] soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse() Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 443/862] arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size Greg Kroah-Hartman
` (434 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Necip Fazil Yildiran,
Dmitry Osipenko, Sasha Levin
From: Dmitry Osipenko <digetx@gmail.com>
[ Upstream commit 2254182807fc09ba9dec9a42ef239e373796f1b2 ]
The DMA subsystem could be entirely disabled in Kconfig and then the
TEGRA20_APB_DMA option isn't available too. Hence kernel configuration
fails if DMADEVICES Kconfig option is disabled due to the unsatisfiable
dependency.
The FUSE driver isn't a critical driver and currently it only provides
NVMEM interface to userspace which isn't known to be widely used, and
thus, it's fine if FUSE driver fails to load.
Let's remove the erroneous Kconfig dependency and let the FUSE driver to
fail the probing if DMA is unavailable.
Fixes: 19d41e5e9c68 ("soc/tegra: fuse: Add APB DMA dependency for Tegra20")
Reported-by: Necip Fazil Yildiran <fazilyildiran@gmail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=209301
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/tegra/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/soc/tegra/Kconfig b/drivers/soc/tegra/Kconfig
index 5725c8ef0406..6f601227da3c 100644
--- a/drivers/soc/tegra/Kconfig
+++ b/drivers/soc/tegra/Kconfig
@@ -136,7 +136,6 @@ config SOC_TEGRA_FUSE
def_bool y
depends on ARCH_TEGRA
select SOC_BUS
- select TEGRA20_APB_DMA if ARCH_TEGRA_2x_SOC
config SOC_TEGRA_FLOWCTRL
bool
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 443/862] arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (441 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 442/862] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 444/862] arm64: dts: qcom: sm8450: fix UFS " Greg Kroah-Hartman
` (433 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit ed22cc93abae68f9d3fc4957c20a1d902cf28882 ]
The size of the PCIe PHY serdes register region is 0x1c4 and the
corresponding 'reg' property should specifically not include the
adjacent regions that are defined in the child node (e.g. tx and rx).
Fixes: 33057e1672fe ("ARM: dts: ipq8074: Add pcie nodes")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220915143431.19842-1-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
index d53675fc1595..b9bf43215ada 100644
--- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
@@ -199,7 +199,7 @@
pcie_qmp0: phy@86000 {
compatible = "qcom,ipq8074-qmp-pcie-phy";
- reg = <0x00086000 0x1000>;
+ reg = <0x00086000 0x1c4>;
#address-cells = <1>;
#size-cells = <1>;
ranges;
@@ -227,7 +227,7 @@
pcie_qmp1: phy@8e000 {
compatible = "qcom,ipq8074-qmp-pcie-phy";
- reg = <0x0008e000 0x1000>;
+ reg = <0x0008e000 0x1c4>;
#address-cells = <1>;
#size-cells = <1>;
ranges;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 444/862] arm64: dts: qcom: sm8450: fix UFS PHY serdes size
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (442 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 443/862] arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 445/862] arm64: dts: ti: k3-j7200: fix main pinmux range Greg Kroah-Hartman
` (432 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 677920072e9d757ae158d66b8fdb695992bb3f1a ]
The size of the UFS PHY serdes register region is 0x1c4 and the
corresponding 'reg' property should specifically not include the
adjacent regions that are defined in the child node (e.g. tx and rx).
Fixes: 07fa917a335e ("arm64: dts: qcom: sm8450: add ufs nodes")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220915143431.19842-2-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8450.dtsi b/arch/arm64/boot/dts/qcom/sm8450.dtsi
index 4978c5ba5dd0..8a6c0f3e7bb7 100644
--- a/arch/arm64/boot/dts/qcom/sm8450.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8450.dtsi
@@ -3117,7 +3117,7 @@
ufs_mem_phy: phy@1d87000 {
compatible = "qcom,sm8450-qmp-ufs-phy";
- reg = <0 0x01d87000 0 0xe10>;
+ reg = <0 0x01d87000 0 0x1c4>;
#address-cells = <2>;
#size-cells = <2>;
ranges;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 445/862] arm64: dts: ti: k3-j7200: fix main pinmux range
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (443 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 444/862] arm64: dts: qcom: sm8450: fix UFS " Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 446/862] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Greg Kroah-Hartman
` (431 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matt Ranostay, Vignesh Raghavendra,
Vaishnav Achath, Sasha Levin
From: Matt Ranostay <mranostay@ti.com>
[ Upstream commit 0d0a0b4413460383331088b2203ba09a6971bc3a ]
Range size of 0x2b4 was incorrect since there isn't 173 configurable
pins for muxing. Additionally there is a non-addressable region in the
mapping which requires splitting into two ranges.
main_pmx0 -> 67 pins
main_pmx1 -> 3 pins
Fixes: d361ed88455f ("arm64: dts: ti: Add support for J7200 SoC")
Signed-off-by: Matt Ranostay <mranostay@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Tested-by: Vaishnav Achath <vaishnav.a@ti.com>
Link: https://lore.kernel.org/r/20220919205723.8342-1-mranostay@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts | 10 ++++++----
arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 11 ++++++++++-
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts b/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts
index 121975dc8239..7e8552fd2b6a 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts
+++ b/arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts
@@ -134,15 +134,17 @@
>;
};
- main_usbss0_pins_default: main-usbss0-pins-default {
+ vdd_sd_dv_pins_default: vdd-sd-dv-pins-default {
pinctrl-single,pins = <
- J721E_IOPAD(0x120, PIN_OUTPUT, 0) /* (T4) USB0_DRVVBUS */
+ J721E_IOPAD(0xd0, PIN_OUTPUT, 7) /* (T5) SPI0_D1.GPIO0_55 */
>;
};
+};
- vdd_sd_dv_pins_default: vdd-sd-dv-pins-default {
+&main_pmx1 {
+ main_usbss0_pins_default: main-usbss0-pins-default {
pinctrl-single,pins = <
- J721E_IOPAD(0xd0, PIN_OUTPUT, 7) /* (T5) SPI0_D1.GPIO0_55 */
+ J721E_IOPAD(0x04, PIN_OUTPUT, 0) /* (T4) USB0_DRVVBUS */
>;
};
};
diff --git a/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi b/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
index 16684a2f054d..e12a53f1857f 100644
--- a/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j7200-main.dtsi
@@ -295,7 +295,16 @@
main_pmx0: pinctrl@11c000 {
compatible = "pinctrl-single";
/* Proxy 0 addressing */
- reg = <0x00 0x11c000 0x00 0x2b4>;
+ reg = <0x00 0x11c000 0x00 0x10c>;
+ #pinctrl-cells = <1>;
+ pinctrl-single,register-width = <32>;
+ pinctrl-single,function-mask = <0xffffffff>;
+ };
+
+ main_pmx1: pinctrl@11c11c {
+ compatible = "pinctrl-single";
+ /* Proxy 0 addressing */
+ reg = <0x00 0x11c11c 0x00 0xc>;
#pinctrl-cells = <1>;
pinctrl-single,register-width = <32>;
pinctrl-single,function-mask = <0xffffffff>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 446/862] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (444 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 445/862] arm64: dts: ti: k3-j7200: fix main pinmux range Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 447/862] ARM: Drop CMDLINE_* dependency on ATAGS Greg Kroah-Hartman
` (430 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Torokhov, Krzysztof Kozlowski,
Linus Walleij, Arnd Bergmann, Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 3ba2d4bb9592bf7a6a3fe3dbe711ecfc3d004bab ]
According to s5k6a3 driver code, the reset line for the chip appears to
be active low. This also matches the typical polarity of reset lines in
general. Let's fix it up as having correct polarity in DTS is important
when the driver will be switched over to gpiod API.
Fixes: b4fec64758ab ("ARM: dts: Add camera device nodes for Exynos4412 TRATS2 board")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220913164104.203957-1-dmitry.torokhov@gmail.com
Link: https://lore.kernel.org/r/20220926104354.118578-2-krzysztof.kozlowski@linaro.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-midas.dtsi b/arch/arm/boot/dts/exynos4412-midas.dtsi
index b967397a46c5..8e1c19a8ad06 100644
--- a/arch/arm/boot/dts/exynos4412-midas.dtsi
+++ b/arch/arm/boot/dts/exynos4412-midas.dtsi
@@ -586,7 +586,7 @@
clocks = <&camera 1>;
clock-names = "extclk";
samsung,camclk-out = <1>;
- gpios = <&gpm1 6 GPIO_ACTIVE_HIGH>;
+ gpios = <&gpm1 6 GPIO_ACTIVE_LOW>;
port {
is_s5k6a3_ep: endpoint {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 447/862] ARM: Drop CMDLINE_* dependency on ATAGS
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (445 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 446/862] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 448/862] ext4: continue to expand file system when the target size doesnt reach Greg Kroah-Hartman
` (429 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Ard Biesheuvel,
Arnd Bergmann, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 136f4b1ec7c962ee37a787e095fd37b058d72bd3 ]
On arm32, the configuration options to specify the kernel command line
type depend on ATAGS. However, the actual CMDLINE cofiguration option
does not depend on ATAGS, and the code that handles this is not specific
to ATAGS (see drivers/of/fdt.c:early_init_dt_scan_chosen()).
Hence users who desire to override the kernel command line on arm32 must
enable support for ATAGS, even on a pure-DT system. Other architectures
(arm64, loongarch, microblaze, nios2, powerpc, and riscv) do not impose
such a restriction.
Hence drop the dependency on ATAGS.
Fixes: bd51e2f595580fb6 ("ARM: 7506/1: allow for ATAGS to be configured out when DT support is selected")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 87badeae3181..11ecf09aadc8 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1671,7 +1671,6 @@ config CMDLINE
choice
prompt "Kernel command line type" if CMDLINE != ""
default CMDLINE_FROM_BOOTLOADER
- depends on ATAGS
config CMDLINE_FROM_BOOTLOADER
bool "Use bootloader kernel arguments if available"
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 448/862] ext4: continue to expand file system when the target size doesnt reach
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (446 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 447/862] ARM: Drop CMDLINE_* dependency on ATAGS Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 449/862] ext4: dont run ext4lazyinit for read-only filesystems Greg Kroah-Hartman
` (428 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jerry Lee, Theodore Tso
From: Jerry Lee 李修賢 <jerrylee@qnap.com>
commit df3cb754d13d2cd5490db9b8d536311f8413a92e upstream.
When expanding a file system from (16TiB-2MiB) to 18TiB, the operation
exits early which leads to result inconsistency between resize2fs and
Ext4 kernel driver.
=== before ===
○ → resize2fs /dev/mapper/thin
resize2fs 1.45.5 (07-Jan-2020)
Filesystem at /dev/mapper/thin is mounted on /mnt/test; on-line resizing required
old_desc_blocks = 2048, new_desc_blocks = 2304
The filesystem on /dev/mapper/thin is now 4831837696 (4k) blocks long.
[ 865.186308] EXT4-fs (dm-5): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
[ 912.091502] dm-4: detected capacity change from 34359738368 to 38654705664
[ 970.030550] dm-5: detected capacity change from 34359734272 to 38654701568
[ 1000.012751] EXT4-fs (dm-5): resizing filesystem from 4294966784 to 4831837696 blocks
[ 1000.012878] EXT4-fs (dm-5): resized filesystem to 4294967296
=== after ===
[ 129.104898] EXT4-fs (dm-5): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
[ 143.773630] dm-4: detected capacity change from 34359738368 to 38654705664
[ 198.203246] dm-5: detected capacity change from 34359734272 to 38654701568
[ 207.918603] EXT4-fs (dm-5): resizing filesystem from 4294966784 to 4831837696 blocks
[ 207.918754] EXT4-fs (dm-5): resizing filesystem from 4294967296 to 4831837696 blocks
[ 207.918758] EXT4-fs (dm-5): Converting file system to meta_bg
[ 207.918790] EXT4-fs (dm-5): resizing filesystem from 4294967296 to 4831837696 blocks
[ 221.454050] EXT4-fs (dm-5): resized to 4658298880 blocks
[ 227.634613] EXT4-fs (dm-5): resized filesystem to 4831837696
Signed-off-by: Jerry Lee <jerrylee@qnap.com>
Link: https://lore.kernel.org/r/PU1PR04MB22635E739BD21150DC182AC6A18C9@PU1PR04MB2263.apcprd04.prod.outlook.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/resize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -2122,7 +2122,7 @@ retry:
goto out;
}
- if (ext4_blocks_count(es) == n_blocks_count)
+ if (ext4_blocks_count(es) == n_blocks_count && n_blocks_count_retry == 0)
goto out;
err = ext4_alloc_flex_bg_array(sb, n_group + 1);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 449/862] ext4: dont run ext4lazyinit for read-only filesystems
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (447 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 448/862] ext4: continue to expand file system when the target size doesnt reach Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 450/862] arm64: ftrace: fix module PLTs with mcount Greg Kroah-Hartman
` (427 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josh Triplett, Lukas Czerner,
Theodore Tso, Sasha Levin
From: Josh Triplett <josh@joshtriplett.org>
[ Upstream commit 426d15ad11419066f7042ffa8fbf1b5c21a1ecbe ]
On a read-only filesystem, we won't invoke the block allocator, so we
don't need to prefetch the block bitmaps.
This avoids starting and running the ext4lazyinit thread at all on a
system with no read-write ext4 filesystems (for instance, a container VM
with read-only filesystems underneath an overlayfs).
Fixes: 21175ca434c5 ("ext4: make prefetch_block_bitmaps default")
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Link: https://lore.kernel.org/r/48b41da1498fcac3287e2e06b660680646c1c050.1659323972.git.josh@joshtriplett.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 323dbcfd285c..091db733834e 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3962,9 +3962,9 @@ int ext4_register_li_request(struct super_block *sb,
goto out;
}
- if (test_opt(sb, NO_PREFETCH_BLOCK_BITMAPS) &&
- (first_not_zeroed == ngroups || sb_rdonly(sb) ||
- !test_opt(sb, INIT_INODE_TABLE)))
+ if (sb_rdonly(sb) ||
+ (test_opt(sb, NO_PREFETCH_BLOCK_BITMAPS) &&
+ (first_not_zeroed == ngroups || !test_opt(sb, INIT_INODE_TABLE))))
goto out;
elr = ext4_li_request_new(sb, first_not_zeroed);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 450/862] arm64: ftrace: fix module PLTs with mcount
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (448 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 449/862] ext4: dont run ext4lazyinit for read-only filesystems Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 451/862] arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2 Greg Kroah-Hartman
` (426 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Rutland, Li Huafei,
Ard Biesheuvel, Will Deacon, Catalin Marinas, Sasha Levin
From: Mark Rutland <mark.rutland@arm.com>
[ Upstream commit 8cfb08575c6d4585f1ce0deeb189e5c824776b04 ]
Li Huafei reports that mcount-based ftrace with module PLTs was broken
by commit:
a6253579977e4c6f ("arm64: ftrace: consistently handle PLTs.")
When a module PLTs are used and a module is loaded sufficiently far away
from the kernel, we'll create PLTs for any branches which are
out-of-range. These are separate from the special ftrace trampoline
PLTs, which the module PLT code doesn't directly manipulate.
When mcount is in use this is a problem, as each mcount callsite in a
module will be initialized to point to a module PLT, but since commit
a6253579977e4c6f ftrace_make_nop() will assume that the callsite has
been initialized to point to the special ftrace trampoline PLT, and
ftrace_find_callable_addr() rejects other cases.
This means that when ftrace tries to initialize a callsite via
ftrace_make_nop(), the call to ftrace_find_callable_addr() will find
that the `_mcount` stub is out-of-range and is not handled by the ftrace
PLT, resulting in a splat:
| ftrace_test: loading out-of-tree module taints kernel.
| ftrace: no module PLT for _mcount
| ------------[ ftrace bug ]------------
| ftrace failed to modify
| [<ffff800029180014>] 0xffff800029180014
| actual: 44:00:00:94
| Initializing ftrace call sites
| ftrace record flags: 2000000
| (0)
| expected tramp: ffff80000802eb3c
| ------------[ cut here ]------------
| WARNING: CPU: 3 PID: 157 at kernel/trace/ftrace.c:2120 ftrace_bug+0x94/0x270
| Modules linked in:
| CPU: 3 PID: 157 Comm: insmod Tainted: G O 6.0.0-rc6-00151-gcd722513a189-dirty #22
| Hardware name: linux,dummy-virt (DT)
| pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : ftrace_bug+0x94/0x270
| lr : ftrace_bug+0x21c/0x270
| sp : ffff80000b2bbaf0
| x29: ffff80000b2bbaf0 x28: 0000000000000000 x27: ffff0000c4d38000
| x26: 0000000000000001 x25: ffff800009d7e000 x24: ffff0000c4d86e00
| x23: 0000000002000000 x22: ffff80000a62b000 x21: ffff8000098ebea8
| x20: ffff0000c4d38000 x19: ffff80000aa24158 x18: ffffffffffffffff
| x17: 0000000000000000 x16: 0a0d2d2d2d2d2d2d x15: ffff800009aa9118
| x14: 0000000000000000 x13: 6333626532303830 x12: 3030303866666666
| x11: 203a706d61727420 x10: 6465746365707865 x9 : 3362653230383030
| x8 : c0000000ffffefff x7 : 0000000000017fe8 x6 : 000000000000bff4
| x5 : 0000000000057fa8 x4 : 0000000000000000 x3 : 0000000000000001
| x2 : ad2cb14bb5438900 x1 : 0000000000000000 x0 : 0000000000000022
| Call trace:
| ftrace_bug+0x94/0x270
| ftrace_process_locs+0x308/0x430
| ftrace_module_init+0x44/0x60
| load_module+0x15b4/0x1ce8
| __do_sys_init_module+0x1ec/0x238
| __arm64_sys_init_module+0x24/0x30
| invoke_syscall+0x54/0x118
| el0_svc_common.constprop.4+0x84/0x100
| do_el0_svc+0x3c/0xd0
| el0_svc+0x1c/0x50
| el0t_64_sync_handler+0x90/0xb8
| el0t_64_sync+0x15c/0x160
| ---[ end trace 0000000000000000 ]---
| ---------test_init-----------
Fix this by reverting to the old behaviour of ignoring the old
instruction when initialising an mcount callsite in a module, which was
the behaviour prior to commit a6253579977e4c6f.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Fixes: a6253579977e ("arm64: ftrace: consistently handle PLTs.")
Reported-by: Li Huafei <lihuafei1@huawei.com>
Link: https://lore.kernel.org/linux-arm-kernel/20220929094134.99512-1-lihuafei1@huawei.com
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20220929134525.798593-1-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/ftrace.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c
index ea5dc7c90f46..b49ba9a24bcc 100644
--- a/arch/arm64/kernel/ftrace.c
+++ b/arch/arm64/kernel/ftrace.c
@@ -217,11 +217,26 @@ int ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec,
unsigned long pc = rec->ip;
u32 old = 0, new;
+ new = aarch64_insn_gen_nop();
+
+ /*
+ * When using mcount, callsites in modules may have been initalized to
+ * call an arbitrary module PLT (which redirects to the _mcount stub)
+ * rather than the ftrace PLT we'll use at runtime (which redirects to
+ * the ftrace trampoline). We can ignore the old PLT when initializing
+ * the callsite.
+ *
+ * Note: 'mod' is only set at module load time.
+ */
+ if (!IS_ENABLED(CONFIG_DYNAMIC_FTRACE_WITH_REGS) &&
+ IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) && mod) {
+ return aarch64_insn_patch_text_nosync((void *)pc, new);
+ }
+
if (!ftrace_find_callable_addr(rec, mod, &addr))
return -EINVAL;
old = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK);
- new = aarch64_insn_gen_nop();
return ftrace_modify_code(pc, old, new, true);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 451/862] arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (449 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 450/862] arm64: ftrace: fix module PLTs with mcount Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 452/862] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Greg Kroah-Hartman
` (425 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Torokhov, Krzysztof Kozlowski,
Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit bd1a665a01b4d65fd8dc6fece4b376fa5c8c55bb ]
According to s3fwrn5 driver code the "enable" GPIO line is driven "high"
when chip is not in use (mode is S3FWRN5_MODE_COLD), and is driven "low"
when chip is in use.
s3fwrn5_phy_power_ctrl():
...
gpio_set_value(phy->gpio_en, 1);
...
if (mode != S3FWRN5_MODE_COLD) {
msleep(S3FWRN5_EN_WAIT_TIME);
gpio_set_value(phy->gpio_en, 0);
msleep(S3FWRN5_EN_WAIT_TIME);
}
Therefore the line described by "en-gpios" property should be annotated
as "active low".
The wakeup gpio appears to have correct polarity (active high).
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://lore.kernel.org/r/20220929011557.4165216-1-dmitry.torokhov@gmail.com
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/exynos/exynos5433-tm2-common.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/exynos/exynos5433-tm2-common.dtsi
+++ b/arch/arm64/boot/dts/exynos/exynos5433-tm2-common.dtsi
@@ -795,7 +795,7 @@
reg = <0x27>;
interrupt-parent = <&gpa1>;
interrupts = <3 IRQ_TYPE_EDGE_RISING>;
- en-gpios = <&gpf1 4 GPIO_ACTIVE_HIGH>;
+ en-gpios = <&gpf1 4 GPIO_ACTIVE_LOW>;
wake-gpios = <&gpj0 2 GPIO_ACTIVE_HIGH>;
};
};
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 452/862] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (450 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 451/862] arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2 Greg Kroah-Hartman
@ 2022-10-19 8:28 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 453/862] iomap: iomap: fix memory corruption when recording errors during writeback Greg Kroah-Hartman
` (424 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:28 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Torokhov, Krzysztof Kozlowski,
Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit a08137bd1e0a7ce951dce9ce4a83e39d379b6e1b ]
EHCI Oxynos (drivers/usb/host/ehci-exynos.c) drives VBUS GPIO high when
trying to power up the bus, therefore the GPIO in DTS must be marked as
"active high". This will be important when EHCI driver is converted to
gpiod API that respects declared polarities.
Fixes: 4e8991def565 ("ARM: dts: exynos: Enable AX88760 USB hub on Origen board")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://lore.kernel.org/r/20220927220504.3744878-1-dmitry.torokhov@gmail.com
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos4412-origen.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/exynos4412-origen.dts b/arch/arm/boot/dts/exynos4412-origen.dts
index 6db09dba07ff..a3905e27b9cd 100644
--- a/arch/arm/boot/dts/exynos4412-origen.dts
+++ b/arch/arm/boot/dts/exynos4412-origen.dts
@@ -95,7 +95,7 @@
};
&ehci {
- samsung,vbus-gpio = <&gpx3 5 1>;
+ samsung,vbus-gpio = <&gpx3 5 GPIO_ACTIVE_HIGH>;
status = "okay";
phys = <&exynos_usbphy 2>, <&exynos_usbphy 3>;
phy-names = "hsic0", "hsic1";
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 453/862] iomap: iomap: fix memory corruption when recording errors during writeback
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (451 preceding siblings ...)
2022-10-19 8:28 ` [PATCH 6.0 452/862] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 454/862] selftests/cpu-hotplug: Use return instead of exit Greg Kroah-Hartman
` (423 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong,
Matthew Wilcox (Oracle),
Sasha Levin
From: Darrick J. Wong <djwong@kernel.org>
[ Upstream commit 3d5f3ba1ac28059bdf7000cae2403e4e984308d2 ]
Every now and then I see this crash on arm64:
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000f8
Buffer I/O error on dev dm-0, logical block 8733687, async page read
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
user pgtable: 64k pages, 42-bit VAs, pgdp=0000000139750000
[00000000000000f8] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000, pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Buffer I/O error on dev dm-0, logical block 8733688, async page read
Dumping ftrace buffer:
Buffer I/O error on dev dm-0, logical block 8733689, async page read
(ftrace buffer empty)
XFS (dm-0): log I/O error -5
Modules linked in: dm_thin_pool dm_persistent_data
XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ec/0x590 [xfs] (fs/xfs/xfs_trans_buf.c:296).
dm_bio_prison
XFS (dm-0): Please unmount the filesystem and rectify the problem(s)
XFS (dm-0): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -5, agno 0
dm_bufio dm_log_writes xfs nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_REJECT
potentially unexpected fatal signal 6.
nf_reject_ipv6
potentially unexpected fatal signal 6.
ipt_REJECT nf_reject_ipv4
CPU: 1 PID: 122166 Comm: fsstress Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7
rpcsec_gss_krb5 auth_rpcgss xt_tcpudp ip_set_hash_ip ip_set_hash_net xt_set nft_compat ip_set_hash_mac ip_set nf_tables
Hardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021
pstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)
ip_tables
pc : 000003fd6d7df200
x_tables
lr : 000003fd6d7df1ec
overlay nfsv4
CPU: 0 PID: 54031 Comm: u4:3 Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7405
Hardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021
Workqueue: writeback wb_workfn
sp : 000003ffd9522fd0
(flush-253:0)
pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : errseq_set+0x1c/0x100
x29: 000003ffd9522fd0 x28: 0000000000000023 x27: 000002acefeb6780
x26: 0000000000000005 x25: 0000000000000001 x24: 0000000000000000
x23: 00000000ffffffff x22: 0000000000000005
lr : __filemap_set_wb_err+0x24/0xe0
x21: 0000000000000006
sp : fffffe000f80f760
x29: fffffe000f80f760 x28: 0000000000000003 x27: fffffe000f80f9f8
x26: 0000000002523000 x25: 00000000fffffffb x24: fffffe000f80f868
x23: fffffe000f80fbb0 x22: fffffc0180c26a78 x21: 0000000002530000
x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000001 x13: 0000000000470af3 x12: fffffc0058f70000
x11: 0000000000000040 x10: 0000000000001b20 x9 : fffffe000836b288
x8 : fffffc00eb9fd480 x7 : 0000000000f83659 x6 : 0000000000000000
x5 : 0000000000000869 x4 : 0000000000000005 x3 : 00000000000000f8
x20: 000003fd6d740020 x19: 000000000001dd36 x18: 0000000000000001
x17: 000003fd6d78704c x16: 0000000000000001 x15: 000002acfac87668
x2 : 0000000000000ffa x1 : 00000000fffffffb x0 : 00000000000000f8
Call trace:
errseq_set+0x1c/0x100
__filemap_set_wb_err+0x24/0xe0
iomap_do_writepage+0x5e4/0xd5c
write_cache_pages+0x208/0x674
iomap_writepages+0x34/0x60
xfs_vm_writepages+0x8c/0xcc [xfs 7a861f39c43631f15d3a5884246ba5035d4ca78b]
x14: 0000000000000000 x13: 2064656e72757465 x12: 0000000000002180
x11: 000003fd6d8a82d0 x10: 0000000000000000 x9 : 000003fd6d8ae288
x8 : 0000000000000083 x7 : 00000000ffffffff x6 : 00000000ffffffee
x5 : 00000000fbad2887 x4 : 000003fd6d9abb58 x3 : 000003fd6d740020
x2 : 0000000000000006 x1 : 000000000001dd36 x0 : 0000000000000000
CPU: 1 PID: 122167 Comm: fsstress Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7
do_writepages+0x90/0x1c4
__writeback_single_inode+0x4c/0x4ac
Hardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021
writeback_sb_inodes+0x214/0x4ac
wb_writeback+0xf4/0x3b0
pstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)
wb_workfn+0xfc/0x580
process_one_work+0x1e8/0x480
pc : 000003fd6d7df200
worker_thread+0x78/0x430
This crash is a result of iomap_writepage_map encountering some sort of
error during writeback and wanting to set that error code in the file
mapping so that fsync will report it. Unfortunately, the code
dereferences folio->mapping after unlocking the folio, which means that
another thread could have removed the page from the page cache
(writeback doesn't hold the invalidation lock) and give it to somebody
else.
At best we crash the system like above; at worst, we corrupt memory or
set an error on some other unsuspecting file while failing to record the
problems with *this* file. Regardless, fix the problem by reporting the
error to the inode mapping.
NOTE: Commit 598ecfbaa742 lifted the XFS writeback code to iomap, so
this fix should be backported to XFS in the 4.6-5.4 kernels in addition
to iomap in the 5.5-5.19 kernels.
Fixes: e735c0079465 ("iomap: Convert iomap_add_to_ioend() to take a folio") # 5.17 onward
Fixes: 598ecfbaa742 ("iomap: lift the xfs writeback code to iomap") # 5.5-5.16, needs backporting
Fixes: 150d5be09ce4 ("xfs: remove xfs_cancel_ioend") # 4.6-5.4, needs backporting
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/iomap/buffered-io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index ca5c62901541..77d59c159248 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -1421,7 +1421,7 @@ iomap_writepage_map(struct iomap_writepage_ctx *wpc,
if (!count)
folio_end_writeback(folio);
done:
- mapping_set_error(folio->mapping, error);
+ mapping_set_error(inode->i_mapping, error);
return error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 454/862] selftests/cpu-hotplug: Use return instead of exit
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (452 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 453/862] iomap: iomap: fix memory corruption when recording errors during writeback Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 455/862] selftests/cpu-hotplug: Delete fault injection related code Greg Kroah-Hartman
` (422 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhao Gongyi, Shuah Khan, Sasha Levin
From: Zhao Gongyi <zhaogongyi@huawei.com>
[ Upstream commit 972cf4ce51ef5532d56822af17defb148aac0ccb ]
Some cpus will be left in offline state when online
function exits in some error conditions. Use return
instead of exit to fix it.
Signed-off-by: Zhao Gongyi <zhaogongyi@huawei.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Stable-dep-of: 51d4c851465c ("selftests/cpu-hotplug: Reserve one cpu online at least")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/cpu-hotplug/cpu-on-off-test.sh | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
index 0d26b5e3f966..940b68c940bb 100755
--- a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
+++ b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
@@ -4,6 +4,7 @@
SYSFS=
# Kselftest framework requirement - SKIP code is 4.
ksft_skip=4
+retval=0
prerequisite()
{
@@ -102,10 +103,10 @@ online_cpu_expect_success()
if ! online_cpu $cpu; then
echo $FUNCNAME $cpu: unexpected fail >&2
- exit 1
+ retval=1
elif ! cpu_is_online $cpu; then
echo $FUNCNAME $cpu: unexpected offline >&2
- exit 1
+ retval=1
fi
}
@@ -128,10 +129,10 @@ offline_cpu_expect_success()
if ! offline_cpu $cpu; then
echo $FUNCNAME $cpu: unexpected fail >&2
- exit 1
+ retval=1
elif ! cpu_is_offline $cpu; then
echo $FUNCNAME $cpu: unexpected offline >&2
- exit 1
+ retval=1
fi
}
@@ -201,7 +202,7 @@ if [ $allcpus -eq 0 ]; then
offline_cpu_expect_success $present_max
online_cpu $present_max
fi
- exit 0
+ exit $retval
else
echo "Full scope test: all hotplug cpus"
echo -e "\t online all offline cpus"
@@ -291,3 +292,5 @@ done
echo 0 > $NOTIFIER_ERR_INJECT_DIR/actions/CPU_DOWN_PREPARE/error
/sbin/modprobe -q -r cpu-notifier-error-inject
+
+exit $retval
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 455/862] selftests/cpu-hotplug: Delete fault injection related code
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (453 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 454/862] selftests/cpu-hotplug: Use return instead of exit Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 456/862] selftests/cpu-hotplug: Reserve one cpu online at least Greg Kroah-Hartman
` (421 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhao Gongyi, Shuah Khan, Sasha Levin
From: Zhao Gongyi <zhaogongyi@huawei.com>
[ Upstream commit 195d74be717af14e5991f818f73f067367bfc1ed ]
Delete fault injection related code since the module has been deleted.
Signed-off-by: Zhao Gongyi <zhaogongyi@huawei.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Stable-dep-of: 51d4c851465c ("selftests/cpu-hotplug: Reserve one cpu online at least")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/cpu-hotplug/config | 1 -
.../selftests/cpu-hotplug/cpu-on-off-test.sh | 87 ++-----------------
2 files changed, 6 insertions(+), 82 deletions(-)
delete mode 100644 tools/testing/selftests/cpu-hotplug/config
diff --git a/tools/testing/selftests/cpu-hotplug/config b/tools/testing/selftests/cpu-hotplug/config
deleted file mode 100644
index d4aca2ad5069..000000000000
--- a/tools/testing/selftests/cpu-hotplug/config
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_NOTIFIER_ERROR_INJECTION=y
diff --git a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
index 940b68c940bb..32ec7e4489ee 100755
--- a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
+++ b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
@@ -116,10 +116,10 @@ online_cpu_expect_fail()
if online_cpu $cpu 2> /dev/null; then
echo $FUNCNAME $cpu: unexpected success >&2
- exit 1
+ retval=1
elif ! cpu_is_offline $cpu; then
echo $FUNCNAME $cpu: unexpected online >&2
- exit 1
+ retval=1
fi
}
@@ -142,16 +142,14 @@ offline_cpu_expect_fail()
if offline_cpu $cpu 2> /dev/null; then
echo $FUNCNAME $cpu: unexpected success >&2
- exit 1
+ retval=1
elif ! cpu_is_online $cpu; then
echo $FUNCNAME $cpu: unexpected offline >&2
- exit 1
+ retval=1
fi
}
-error=-12
allcpus=0
-priority=0
online_cpus=0
online_max=0
offline_cpus=0
@@ -159,31 +157,20 @@ offline_max=0
present_cpus=0
present_max=0
-while getopts e:ahp: opt; do
+while getopts ah opt; do
case $opt in
- e)
- error=$OPTARG
- ;;
a)
allcpus=1
;;
h)
- echo "Usage $0 [ -a ] [ -e errno ] [ -p notifier-priority ]"
+ echo "Usage $0 [ -a ]"
echo -e "\t default offline one cpu"
echo -e "\t run with -a option to offline all cpus"
exit
;;
- p)
- priority=$OPTARG
- ;;
esac
done
-if ! [ "$error" -ge -4095 -a "$error" -lt 0 ]; then
- echo "error code must be -4095 <= errno < 0" >&2
- exit 1
-fi
-
prerequisite
#
@@ -231,66 +218,4 @@ for cpu in `hotplaggable_offline_cpus`; do
online_cpu_expect_success $cpu
done
-#
-# Test with cpu notifier error injection
-#
-
-DEBUGFS=`mount -t debugfs | head -1 | awk '{ print $3 }'`
-NOTIFIER_ERR_INJECT_DIR=$DEBUGFS/notifier-error-inject/cpu
-
-prerequisite_extra()
-{
- msg="skip extra tests:"
-
- /sbin/modprobe -q -r cpu-notifier-error-inject
- /sbin/modprobe -q cpu-notifier-error-inject priority=$priority
-
- if [ ! -d "$DEBUGFS" ]; then
- echo $msg debugfs is not mounted >&2
- exit $ksft_skip
- fi
-
- if [ ! -d $NOTIFIER_ERR_INJECT_DIR ]; then
- echo $msg cpu-notifier-error-inject module is not available >&2
- exit $ksft_skip
- fi
-}
-
-prerequisite_extra
-
-#
-# Offline all hot-pluggable CPUs
-#
-echo 0 > $NOTIFIER_ERR_INJECT_DIR/actions/CPU_DOWN_PREPARE/error
-for cpu in `hotpluggable_online_cpus`; do
- offline_cpu_expect_success $cpu
-done
-
-#
-# Test CPU hot-add error handling (offline => online)
-#
-echo $error > $NOTIFIER_ERR_INJECT_DIR/actions/CPU_UP_PREPARE/error
-for cpu in `hotplaggable_offline_cpus`; do
- online_cpu_expect_fail $cpu
-done
-
-#
-# Online all hot-pluggable CPUs
-#
-echo 0 > $NOTIFIER_ERR_INJECT_DIR/actions/CPU_UP_PREPARE/error
-for cpu in `hotplaggable_offline_cpus`; do
- online_cpu_expect_success $cpu
-done
-
-#
-# Test CPU hot-remove error handling (online => offline)
-#
-echo $error > $NOTIFIER_ERR_INJECT_DIR/actions/CPU_DOWN_PREPARE/error
-for cpu in `hotpluggable_online_cpus`; do
- offline_cpu_expect_fail $cpu
-done
-
-echo 0 > $NOTIFIER_ERR_INJECT_DIR/actions/CPU_DOWN_PREPARE/error
-/sbin/modprobe -q -r cpu-notifier-error-inject
-
exit $retval
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 456/862] selftests/cpu-hotplug: Reserve one cpu online at least
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (454 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 455/862] selftests/cpu-hotplug: Delete fault injection related code Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 457/862] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Greg Kroah-Hartman
` (420 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhao Gongyi, Shuah Khan, Sasha Levin
From: Zhao Gongyi <zhaogongyi@huawei.com>
[ Upstream commit 51d4c851465c32143d9c7b1cfb46fc581922b116 ]
Considering that we can not offline all cpus in any cases,
we need to reserve one cpu online when the test offline all
hotpluggable online cpus, otherwise the test will fail forever.
Fixes: d89dffa976bc ("fault-injection: add selftests for cpu and memory hotplug")
Signed-off-by: Zhao Gongyi <zhaogongyi@huawei.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/cpu-hotplug/cpu-on-off-test.sh | 40 ++++++++++---------
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
index 32ec7e4489ee..4c1d6d9abecc 100755
--- a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
+++ b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
@@ -149,6 +149,25 @@ offline_cpu_expect_fail()
fi
}
+online_all_hot_pluggable_cpus()
+{
+ for cpu in `hotplaggable_offline_cpus`; do
+ online_cpu_expect_success $cpu
+ done
+}
+
+offline_all_hot_pluggable_cpus()
+{
+ local reserve_cpu=$online_max
+ for cpu in `hotpluggable_online_cpus`; do
+ # Reserve one cpu oneline at least.
+ if [ $cpu -eq $reserve_cpu ];then
+ continue
+ fi
+ offline_cpu_expect_success $cpu
+ done
+}
+
allcpus=0
online_cpus=0
online_max=0
@@ -197,25 +216,10 @@ else
echo -e "\t online all offline cpus"
fi
-#
-# Online all hot-pluggable CPUs
-#
-for cpu in `hotplaggable_offline_cpus`; do
- online_cpu_expect_success $cpu
-done
+online_all_hot_pluggable_cpus
-#
-# Offline all hot-pluggable CPUs
-#
-for cpu in `hotpluggable_online_cpus`; do
- offline_cpu_expect_success $cpu
-done
+offline_all_hot_pluggable_cpus
-#
-# Online all hot-pluggable CPUs again
-#
-for cpu in `hotplaggable_offline_cpus`; do
- online_cpu_expect_success $cpu
-done
+online_all_hot_pluggable_cpus
exit $retval
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 457/862] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (455 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 456/862] selftests/cpu-hotplug: Reserve one cpu online at least Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 458/862] iio: adc: at91-sama5d2_adc: check return status for pressure and touch Greg Kroah-Hartman
` (419 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit bb73d5d9164c57c4bb916739a98e5cd8e0a5ed8c ]
All ADC HW versions handled by this driver (SAMA5D2, SAM9X60, SAMA7G5)
have MR.TRACKTIM on 4 bits. Fix AT91_SAMA5D2_MR_TRACKTIM_MAX to reflect
this.
Fixes: 27e177190891 ("iio:adc:at91_adc8xx: introduce new atmel adc driver")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-2-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index 279430c1d88c..ac9ef89fba17 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -77,7 +77,7 @@ struct at91_adc_reg_layout {
#define AT91_SAMA5D2_MR_ANACH BIT(23)
/* Tracking Time */
#define AT91_SAMA5D2_MR_TRACKTIM(v) ((v) << 24)
-#define AT91_SAMA5D2_MR_TRACKTIM_MAX 0xff
+#define AT91_SAMA5D2_MR_TRACKTIM_MAX 0xf
/* Transfer Time */
#define AT91_SAMA5D2_MR_TRANSFER(v) ((v) << 28)
#define AT91_SAMA5D2_MR_TRANSFER_MAX 0x3
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 458/862] iio: adc: at91-sama5d2_adc: check return status for pressure and touch
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (456 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 457/862] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 459/862] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Greg Kroah-Hartman
` (418 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit d84ace944a3b24529798dbae1340dea098473155 ]
Check return status of at91_adc_read_position() and
at91_adc_read_pressure() in at91_adc_read_info_raw().
Fixes: 6794e23fa3fe ("iio: adc: at91-sama5d2_adc: add support for oversampling resolution")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-3-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index ac9ef89fba17..08d1f806c839 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -1544,8 +1544,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
*val = tmp_val;
mutex_unlock(&st->lock);
iio_device_release_direct_mode(indio_dev);
+ if (ret > 0)
+ ret = at91_adc_adjust_val_osr(st, val);
- return at91_adc_adjust_val_osr(st, val);
+ return ret;
}
if (chan->type == IIO_PRESSURE) {
ret = iio_device_claim_direct_mode(indio_dev);
@@ -1558,8 +1560,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
*val = tmp_val;
mutex_unlock(&st->lock);
iio_device_release_direct_mode(indio_dev);
+ if (ret > 0)
+ ret = at91_adc_adjust_val_osr(st, val);
- return at91_adc_adjust_val_osr(st, val);
+ return ret;
}
/* in this case we have a voltage channel */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 459/862] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (457 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 458/862] iio: adc: at91-sama5d2_adc: check return status for pressure and touch Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 460/862] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Greg Kroah-Hartman
` (417 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit 9780a23ed5a0a0a63683e078f576719a98d4fb70 ]
.read_raw()/.write_raw() could be called asynchronously from user space
or other in kernel drivers. Without locking on st->lock these could be
called asynchronously while there is a conversion in progress. Read will
be harmless but changing registers while conversion is in progress may
lead to inconsistent results. Thus, to avoid this lock st->lock.
Fixes: 27e177190891 ("iio:adc:at91_adc8xx: introduce new atmel adc driver")
Fixes: 6794e23fa3fe ("iio: adc: at91-sama5d2_adc: add support for oversampling resolution")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-4-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index 08d1f806c839..3734ddc82952 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -1542,10 +1542,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
ret = at91_adc_read_position(st, chan->channel,
&tmp_val);
*val = tmp_val;
- mutex_unlock(&st->lock);
- iio_device_release_direct_mode(indio_dev);
if (ret > 0)
ret = at91_adc_adjust_val_osr(st, val);
+ mutex_unlock(&st->lock);
+ iio_device_release_direct_mode(indio_dev);
return ret;
}
@@ -1558,10 +1558,10 @@ static int at91_adc_read_info_raw(struct iio_dev *indio_dev,
ret = at91_adc_read_pressure(st, chan->channel,
&tmp_val);
*val = tmp_val;
- mutex_unlock(&st->lock);
- iio_device_release_direct_mode(indio_dev);
if (ret > 0)
ret = at91_adc_adjust_val_osr(st, val);
+ mutex_unlock(&st->lock);
+ iio_device_release_direct_mode(indio_dev);
return ret;
}
@@ -1650,16 +1650,20 @@ static int at91_adc_write_raw(struct iio_dev *indio_dev,
/* if no change, optimize out */
if (val == st->oversampling_ratio)
return 0;
+ mutex_lock(&st->lock);
st->oversampling_ratio = val;
/* update ratio */
at91_adc_config_emr(st);
+ mutex_unlock(&st->lock);
return 0;
case IIO_CHAN_INFO_SAMP_FREQ:
if (val < st->soc_info.min_sample_rate ||
val > st->soc_info.max_sample_rate)
return -EINVAL;
+ mutex_lock(&st->lock);
at91_adc_setup_samp_freq(indio_dev, val);
+ mutex_unlock(&st->lock);
return 0;
default:
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 460/862] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (458 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 459/862] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 461/862] iio: inkern: only release the device node when done with it Greg Kroah-Hartman
` (416 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Jonathan Cameron,
Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit 808175e21d9b7f866eda742e8970f27b78afe5db ]
In case triggered buffers are enabled while system is suspended they will
not work anymore after resume. For this call at91_adc_buffer_postdisable()
on suspend and at91_adc_buffer_prepare() on resume. On tests it has been
seen that at91_adc_buffer_postdisable() call is not necessary but it has
been kept because it also does the book keeping for DMA. On resume path
there is no need to call at91_adc_configure_touch() as it is embedded in
at91_adc_buffer_prepare().
Fixes: 073c662017f2f ("iio: adc: at91-sama5d2_adc: add support for DMA")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20220803102855.2191070-5-claudiu.beznea@microchip.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/at91-sama5d2_adc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c
index 3734ddc82952..e2c82c5a2fac 100644
--- a/drivers/iio/adc/at91-sama5d2_adc.c
+++ b/drivers/iio/adc/at91-sama5d2_adc.c
@@ -2116,6 +2116,9 @@ static int at91_adc_suspend(struct device *dev)
struct iio_dev *indio_dev = dev_get_drvdata(dev);
struct at91_adc_state *st = iio_priv(indio_dev);
+ if (iio_buffer_enabled(indio_dev))
+ at91_adc_buffer_postdisable(indio_dev);
+
/*
* Do a sofware reset of the ADC before we go to suspend.
* this will ensure that all pins are free from being muxed by the ADC
@@ -2159,14 +2162,11 @@ static int at91_adc_resume(struct device *dev)
if (!iio_buffer_enabled(indio_dev))
return 0;
- /* check if we are enabling triggered buffer or the touchscreen */
- if (at91_adc_current_chan_is_touch(indio_dev))
- return at91_adc_configure_touch(st, true);
- else
- return at91_adc_configure_trigger(st->trig, true);
+ ret = at91_adc_buffer_prepare(indio_dev);
+ if (ret)
+ goto vref_disable_resume;
- /* not needed but more explicit */
- return 0;
+ return at91_adc_configure_trigger(st->trig, true);
vref_disable_resume:
regulator_disable(st->vref);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 461/862] iio: inkern: only release the device node when done with it
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (459 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 460/862] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 462/862] iio: inkern: fix return value in devm_of_iio_channel_get_by_name() Greg Kroah-Hartman
` (415 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nuno Sá, Jonathan Cameron, Sasha Levin
From: Nuno Sá <nuno.sa@analog.com>
[ Upstream commit 79c3e84874c7d14f04ad58313b64955a0d2e9437 ]
'of_node_put()' can potentially release the memory pointed to by
'iiospec.np' which would leave us with an invalid pointer (and we would
still pass it in 'of_xlate()'). Note that it is not guaranteed for the
of_node lifespan to be attached to the device (to which is attached)
lifespan so that there is (even though very unlikely) the possibility
for the node to be freed while the device is still around. Thus, as there
are indeed some of_xlate users which do access the node, a race is indeed
possible.
As such, we can only release the node after we are done with it.
Fixes: 17d82b47a215d ("iio: Add OF support")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20220715122903.332535-2-nuno.sa@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/inkern.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/inkern.c b/drivers/iio/inkern.c
index df74765d33dc..9d87057794fc 100644
--- a/drivers/iio/inkern.c
+++ b/drivers/iio/inkern.c
@@ -165,9 +165,10 @@ static int __of_iio_channel_get(struct iio_channel *channel,
idev = bus_find_device(&iio_bus_type, NULL, iiospec.np,
iio_dev_node_match);
- of_node_put(iiospec.np);
- if (idev == NULL)
+ if (idev == NULL) {
+ of_node_put(iiospec.np);
return -EPROBE_DEFER;
+ }
indio_dev = dev_to_iio_dev(idev);
channel->indio_dev = indio_dev;
@@ -175,6 +176,7 @@ static int __of_iio_channel_get(struct iio_channel *channel,
index = indio_dev->info->of_xlate(indio_dev, &iiospec);
else
index = __of_iio_simple_xlate(indio_dev, &iiospec);
+ of_node_put(iiospec.np);
if (index < 0)
goto err_put;
channel->channel = &indio_dev->channels[index];
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 462/862] iio: inkern: fix return value in devm_of_iio_channel_get_by_name()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (460 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 461/862] iio: inkern: only release the device node when done with it Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 463/862] iio: ABI: Fix wrong format of differential capacitance channel ABI Greg Kroah-Hartman
` (414 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nuno Sá,
Andy Shevchenko, Jonathan Cameron, Sasha Levin
From: Nuno Sá <nuno.sa@analog.com>
[ Upstream commit 9e878dbc0e8322f8b2f5ab0093c1e89926362dbe ]
of_iio_channel_get_by_name() can either return NULL or an error pointer
so that only doing IS_ERR() is not enough. Fix it by checking the NULL
pointer case and return -ENODEV in that case. Note this is done like this
so that users of the function (which only check for error pointers) do
not need to be changed. This is not ideal since we are losing error codes
and as such, in a follow up change, things will be unified so that
of_iio_channel_get_by_name() only returns error codes.
Fixes: 6e39b145cef7 ("iio: provide of_iio_channel_get_by_name() and devm_ version it")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220715122903.332535-3-nuno.sa@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/inkern.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iio/inkern.c b/drivers/iio/inkern.c
index 9d87057794fc..87fd2a0d44f2 100644
--- a/drivers/iio/inkern.c
+++ b/drivers/iio/inkern.c
@@ -412,6 +412,8 @@ struct iio_channel *devm_of_iio_channel_get_by_name(struct device *dev,
channel = of_iio_channel_get_by_name(np, channel_name);
if (IS_ERR(channel))
return channel;
+ if (!channel)
+ return ERR_PTR(-ENODEV);
ret = devm_add_action_or_reset(dev, devm_iio_channel_free, channel);
if (ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 463/862] iio: ABI: Fix wrong format of differential capacitance channel ABI.
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (461 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 462/862] iio: inkern: fix return value in devm_of_iio_channel_get_by_name() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 464/862] iio: magnetometer: yas530: Change data type of hard_offsets to signed Greg Kroah-Hartman
` (413 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Cameron, Andy Shevchenko,
Sasha Levin
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[ Upstream commit 1efc41035f1841acf0af2bab153158e27ce94f10 ]
in_ only occurs once in these attributes.
Fixes: 0baf29d658c7 ("staging:iio:documentation Add abi docs for capacitance adcs.")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220626122938.582107-3-jic23@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/ABI/testing/sysfs-bus-iio | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/ABI/testing/sysfs-bus-iio b/Documentation/ABI/testing/sysfs-bus-iio
index e81ba6f5e1c8..6e1b925f30bf 100644
--- a/Documentation/ABI/testing/sysfs-bus-iio
+++ b/Documentation/ABI/testing/sysfs-bus-iio
@@ -196,7 +196,7 @@ Description:
Raw capacitance measurement from channel Y. Units after
application of scale and offset are nanofarads.
-What: /sys/.../iio:deviceX/in_capacitanceY-in_capacitanceZ_raw
+What: /sys/.../iio:deviceX/in_capacitanceY-capacitanceZ_raw
KernelVersion: 3.2
Contact: linux-iio@vger.kernel.org
Description:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 464/862] iio: magnetometer: yas530: Change data type of hard_offsets to signed
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (462 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 463/862] iio: ABI: Fix wrong format of differential capacitance channel ABI Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 465/862] RDMA/mlx5: Dont compare mkey tags in DEVX indirect mkey Greg Kroah-Hartman
` (412 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakob Hauser, Linus Walleij,
Andy Shevchenko, Jonathan Cameron, Sasha Levin
From: Jakob Hauser <jahau@rocketmail.com>
[ Upstream commit e137fafc8985cf152a4bb6f18ae83ebb06816df1 ]
The "hard_offsets" are currently unsigned u8 but they should be signed as they
can get negative. They are signed in function yas5xx_meaure_offsets() and in the
Yamaha drivers [1][2].
[1] https://github.com/NovaFusion/android_kernel_samsung_golden/blob/cm-12.1/drivers/sensor/compass/yas.h#L156
[2] https://github.com/msm8916-mainline/android_kernel_qcom_msm8916/blob/GT-I9195I/drivers/iio/magnetometer/yas_mag_drv-yas532.c#L91
Fixes: de8860b1ed47 ("iio: magnetometer: Add driver for Yamaha YAS530")
Signed-off-by: Jakob Hauser <jahau@rocketmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/40f052bf6491457d0c5c0ed4c3534dc6fa251c3c.1660337264.git.jahau@rocketmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/magnetometer/yamaha-yas530.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/magnetometer/yamaha-yas530.c b/drivers/iio/magnetometer/yamaha-yas530.c
index aeaa4da6923b..d1f16729c60e 100644
--- a/drivers/iio/magnetometer/yamaha-yas530.c
+++ b/drivers/iio/magnetometer/yamaha-yas530.c
@@ -132,7 +132,7 @@ struct yas5xx {
unsigned int version;
char name[16];
struct yas5xx_calibration calibration;
- u8 hard_offsets[3];
+ s8 hard_offsets[3];
struct iio_mount_matrix orientation;
struct regmap *map;
struct regulator_bulk_data regs[2];
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 465/862] RDMA/mlx5: Dont compare mkey tags in DEVX indirect mkey
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (463 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 464/862] iio: magnetometer: yas530: Change data type of hard_offsets to signed Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 466/862] usb: common: usb-conn-gpio: Simplify some error message Greg Kroah-Hartman
` (411 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aharon Landau, Leon Romanovsky, Sasha Levin
From: Aharon Landau <aharonl@nvidia.com>
[ Upstream commit 13ad1125b941a5f257d9d3ae70485773abd34792 ]
According to the ib spec:
If the CI supports the Base Memory Management Extensions defined in this
specification, the L_Key format must consist of:
24 bit index in the most significant bits of the R_Key, and
8 bit key in the least significant bits of the R_Key
Through a successful Allocate L_Key verb invocation, the CI must let the
consumer own the key portion of the returned R_Key
Therefore, when creating a mkey using DEVX, the consumer is allowed to
change the key part. The kernel should compare only the index part of a
R_Key to determine equality with another R_Key.
Adding capability in order not to break backward compatibility.
Fixes: 534fd7aac56a ("IB/mlx5: Manage indirection mkey upon DEVX flow for ODP")
Link: https://lore.kernel.org/r/3d669aacea85a3a15c3b3b953b3eaba3f80ef9be.1659255945.git.leonro@nvidia.com
Signed-off-by: Aharon Landau <aharonl@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx5/main.c | 3 +++
drivers/infiniband/hw/mlx5/odp.c | 3 ++-
include/uapi/rdma/mlx5-abi.h | 1 +
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index 883d7c60143e..1aa0c772b44d 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -1826,6 +1826,9 @@ static int set_ucontext_resp(struct ib_ucontext *uctx,
if (MLX5_CAP_GEN(dev->mdev, drain_sigerr))
resp->comp_mask |= MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_SQD2RTS;
+ resp->comp_mask |=
+ MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_MKEY_UPDATE_TAG;
+
return 0;
}
diff --git a/drivers/infiniband/hw/mlx5/odp.c b/drivers/infiniband/hw/mlx5/odp.c
index e305bf1dc6c2..901a8b030236 100644
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -795,7 +795,8 @@ static bool mkey_is_eq(struct mlx5_ib_mkey *mmkey, u32 key)
{
if (!mmkey)
return false;
- if (mmkey->type == MLX5_MKEY_MW)
+ if (mmkey->type == MLX5_MKEY_MW ||
+ mmkey->type == MLX5_MKEY_INDIRECT_DEVX)
return mlx5_base_mkey(mmkey->key) == mlx5_base_mkey(key);
return mmkey->key == key;
}
diff --git a/include/uapi/rdma/mlx5-abi.h b/include/uapi/rdma/mlx5-abi.h
index 86be4a92b67b..a96b7d2770e1 100644
--- a/include/uapi/rdma/mlx5-abi.h
+++ b/include/uapi/rdma/mlx5-abi.h
@@ -104,6 +104,7 @@ enum mlx5_ib_alloc_ucontext_resp_mask {
MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_ECE = 1UL << 2,
MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_SQD2RTS = 1UL << 3,
MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_REAL_TIME_TS = 1UL << 4,
+ MLX5_IB_ALLOC_UCONTEXT_RESP_MASK_MKEY_UPDATE_TAG = 1UL << 5,
};
enum mlx5_user_cmds_supp_uhw {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 466/862] usb: common: usb-conn-gpio: Simplify some error message
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (464 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 465/862] RDMA/mlx5: Dont compare mkey tags in DEVX indirect mkey Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 467/862] usb: common: debug: Check non-standard control requests Greg Kroah-Hartman
` (410 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chunfeng Yun, Christophe JAILLET,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit d80f4ecb95270d0ecd6646aca44f4c180d3140b0 ]
dev_err_probe() already prints the error code in a human readable way, so
there is no need to duplicate it as a numerical value at the end of the
message.
Reviewed-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/7505a9dfa1e097070c492d6f6f84afa2a490b040.1659763173.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: b6155eaf6b05 ("usb: common: debug: Check non-standard control requests")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/common/usb-conn-gpio.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/common/usb-conn-gpio.c b/drivers/usb/common/usb-conn-gpio.c
index b39c9f1c375d..e20874caba36 100644
--- a/drivers/usb/common/usb-conn-gpio.c
+++ b/drivers/usb/common/usb-conn-gpio.c
@@ -208,10 +208,8 @@ static int usb_conn_probe(struct platform_device *pdev)
if (PTR_ERR(info->vbus) == -ENODEV)
info->vbus = NULL;
- if (IS_ERR(info->vbus)) {
- ret = PTR_ERR(info->vbus);
- return dev_err_probe(dev, ret, "failed to get vbus :%d\n", ret);
- }
+ if (IS_ERR(info->vbus))
+ return dev_err_probe(dev, PTR_ERR(info->vbus), "failed to get vbus\n");
info->role_sw = usb_role_switch_get(dev);
if (IS_ERR(info->role_sw))
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 467/862] usb: common: debug: Check non-standard control requests
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (465 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 466/862] usb: common: usb-conn-gpio: Simplify some error message Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 468/862] clk: meson: Hold reference returned by of_get_parent() Greg Kroah-Hartman
` (409 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit b6155eaf6b05e558218b44b88a6cad03f15a586c ]
Previously usb_decode_ctrl() only decodes standard control requests, but
it was used for non-standard requests also. If it's non-standard or
unknown standard bRequest, print the Setup data values.
Fixes: af32423a2d86 ("usb: dwc3: trace: decode ctrl request")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/8d6a30f2f2f953eff833a5bc5aac640a4cc2fc9f.1658971571.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/common/debug.c | 96 +++++++++++++++++++++++++-------------
1 file changed, 64 insertions(+), 32 deletions(-)
diff --git a/drivers/usb/common/debug.c b/drivers/usb/common/debug.c
index 075f6b1b2a1a..f204cec8d380 100644
--- a/drivers/usb/common/debug.c
+++ b/drivers/usb/common/debug.c
@@ -208,30 +208,28 @@ static void usb_decode_set_isoch_delay(__u8 wValue, char *str, size_t size)
snprintf(str, size, "Set Isochronous Delay(Delay = %d ns)", wValue);
}
-/**
- * usb_decode_ctrl - Returns human readable representation of control request.
- * @str: buffer to return a human-readable representation of control request.
- * This buffer should have about 200 bytes.
- * @size: size of str buffer.
- * @bRequestType: matches the USB bmRequestType field
- * @bRequest: matches the USB bRequest field
- * @wValue: matches the USB wValue field (CPU byte order)
- * @wIndex: matches the USB wIndex field (CPU byte order)
- * @wLength: matches the USB wLength field (CPU byte order)
- *
- * Function returns decoded, formatted and human-readable description of
- * control request packet.
- *
- * The usage scenario for this is for tracepoints, so function as a return
- * use the same value as in parameters. This approach allows to use this
- * function in TP_printk
- *
- * Important: wValue, wIndex, wLength parameters before invoking this function
- * should be processed by le16_to_cpu macro.
- */
-const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
- __u8 bRequest, __u16 wValue, __u16 wIndex,
- __u16 wLength)
+static void usb_decode_ctrl_generic(char *str, size_t size, __u8 bRequestType,
+ __u8 bRequest, __u16 wValue, __u16 wIndex,
+ __u16 wLength)
+{
+ u8 recip = bRequestType & USB_RECIP_MASK;
+ u8 type = bRequestType & USB_TYPE_MASK;
+
+ snprintf(str, size,
+ "Type=%s Recipient=%s Dir=%s bRequest=%u wValue=%u wIndex=%u wLength=%u",
+ (type == USB_TYPE_STANDARD) ? "Standard" :
+ (type == USB_TYPE_VENDOR) ? "Vendor" :
+ (type == USB_TYPE_CLASS) ? "Class" : "Unknown",
+ (recip == USB_RECIP_DEVICE) ? "Device" :
+ (recip == USB_RECIP_INTERFACE) ? "Interface" :
+ (recip == USB_RECIP_ENDPOINT) ? "Endpoint" : "Unknown",
+ (bRequestType & USB_DIR_IN) ? "IN" : "OUT",
+ bRequest, wValue, wIndex, wLength);
+}
+
+static void usb_decode_ctrl_standard(char *str, size_t size, __u8 bRequestType,
+ __u8 bRequest, __u16 wValue, __u16 wIndex,
+ __u16 wLength)
{
switch (bRequest) {
case USB_REQ_GET_STATUS:
@@ -272,14 +270,48 @@ const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
usb_decode_set_isoch_delay(wValue, str, size);
break;
default:
- snprintf(str, size, "%02x %02x %02x %02x %02x %02x %02x %02x",
- bRequestType, bRequest,
- (u8)(cpu_to_le16(wValue) & 0xff),
- (u8)(cpu_to_le16(wValue) >> 8),
- (u8)(cpu_to_le16(wIndex) & 0xff),
- (u8)(cpu_to_le16(wIndex) >> 8),
- (u8)(cpu_to_le16(wLength) & 0xff),
- (u8)(cpu_to_le16(wLength) >> 8));
+ usb_decode_ctrl_generic(str, size, bRequestType, bRequest,
+ wValue, wIndex, wLength);
+ break;
+ }
+}
+
+/**
+ * usb_decode_ctrl - Returns human readable representation of control request.
+ * @str: buffer to return a human-readable representation of control request.
+ * This buffer should have about 200 bytes.
+ * @size: size of str buffer.
+ * @bRequestType: matches the USB bmRequestType field
+ * @bRequest: matches the USB bRequest field
+ * @wValue: matches the USB wValue field (CPU byte order)
+ * @wIndex: matches the USB wIndex field (CPU byte order)
+ * @wLength: matches the USB wLength field (CPU byte order)
+ *
+ * Function returns decoded, formatted and human-readable description of
+ * control request packet.
+ *
+ * The usage scenario for this is for tracepoints, so function as a return
+ * use the same value as in parameters. This approach allows to use this
+ * function in TP_printk
+ *
+ * Important: wValue, wIndex, wLength parameters before invoking this function
+ * should be processed by le16_to_cpu macro.
+ */
+const char *usb_decode_ctrl(char *str, size_t size, __u8 bRequestType,
+ __u8 bRequest, __u16 wValue, __u16 wIndex,
+ __u16 wLength)
+{
+ switch (bRequestType & USB_TYPE_MASK) {
+ case USB_TYPE_STANDARD:
+ usb_decode_ctrl_standard(str, size, bRequestType, bRequest,
+ wValue, wIndex, wLength);
+ break;
+ case USB_TYPE_VENDOR:
+ case USB_TYPE_CLASS:
+ default:
+ usb_decode_ctrl_generic(str, size, bRequestType, bRequest,
+ wValue, wIndex, wLength);
+ break;
}
return str;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 468/862] clk: meson: Hold reference returned by of_get_parent()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (466 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 467/862] usb: common: debug: Check non-standard control requests Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 469/862] clk: st: " Greg Kroah-Hartman
` (408 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Neil Armstrong,
Martin Blumenstingl, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 89ab396d712f7c91fe94f55cff23460426f5fc81 ]
We should hold the reference returned by of_get_parent() and use it
to call of_node_put() for refcount balance.
Fixes: 88e2da81241e ("clk: meson: aoclk: refactor common code into dedicated file")
Fixes: 6682bd4d443f ("clk: meson: factorise meson64 peripheral clock controller drivers")
Fixes: bb6eddd1d28c ("clk: meson: meson8b: use the HHI syscon if available")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220628141038.168383-1-windhl@126.com
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/meson/meson-aoclk.c | 5 ++++-
drivers/clk/meson/meson-eeclk.c | 5 ++++-
drivers/clk/meson/meson8b.c | 5 ++++-
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/meson/meson-aoclk.c b/drivers/clk/meson/meson-aoclk.c
index 27cd2c1f3f61..434cd8f9de82 100644
--- a/drivers/clk/meson/meson-aoclk.c
+++ b/drivers/clk/meson/meson-aoclk.c
@@ -38,6 +38,7 @@ int meson_aoclkc_probe(struct platform_device *pdev)
struct meson_aoclk_reset_controller *rstc;
struct meson_aoclk_data *data;
struct device *dev = &pdev->dev;
+ struct device_node *np;
struct regmap *regmap;
int ret, clkid;
@@ -49,7 +50,9 @@ int meson_aoclkc_probe(struct platform_device *pdev)
if (!rstc)
return -ENOMEM;
- regmap = syscon_node_to_regmap(of_get_parent(dev->of_node));
+ np = of_get_parent(dev->of_node);
+ regmap = syscon_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(regmap)) {
dev_err(dev, "failed to get regmap\n");
return PTR_ERR(regmap);
diff --git a/drivers/clk/meson/meson-eeclk.c b/drivers/clk/meson/meson-eeclk.c
index 8d5a5dab955a..0e5e6b57eb20 100644
--- a/drivers/clk/meson/meson-eeclk.c
+++ b/drivers/clk/meson/meson-eeclk.c
@@ -18,6 +18,7 @@ int meson_eeclkc_probe(struct platform_device *pdev)
{
const struct meson_eeclkc_data *data;
struct device *dev = &pdev->dev;
+ struct device_node *np;
struct regmap *map;
int ret, i;
@@ -26,7 +27,9 @@ int meson_eeclkc_probe(struct platform_device *pdev)
return -EINVAL;
/* Get the hhi system controller node */
- map = syscon_node_to_regmap(of_get_parent(dev->of_node));
+ np = of_get_parent(dev->of_node);
+ map = syscon_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(map)) {
dev_err(dev,
"failed to get HHI regmap\n");
diff --git a/drivers/clk/meson/meson8b.c b/drivers/clk/meson/meson8b.c
index 8f3b7a94a667..827e78fb16a8 100644
--- a/drivers/clk/meson/meson8b.c
+++ b/drivers/clk/meson/meson8b.c
@@ -3792,12 +3792,15 @@ static void __init meson8b_clkc_init_common(struct device_node *np,
struct clk_hw_onecell_data *clk_hw_onecell_data)
{
struct meson8b_clk_reset *rstc;
+ struct device_node *parent_np;
const char *notifier_clk_name;
struct clk *notifier_clk;
struct regmap *map;
int i, ret;
- map = syscon_node_to_regmap(of_get_parent(np));
+ parent_np = of_get_parent(np);
+ map = syscon_node_to_regmap(parent_np);
+ of_node_put(parent_np);
if (IS_ERR(map)) {
pr_err("failed to get HHI regmap - Trying obsolete regs\n");
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 469/862] clk: st: Hold reference returned by of_get_parent()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (467 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 468/862] clk: meson: Hold reference returned by of_get_parent() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 470/862] clk: oxnas: " Greg Kroah-Hartman
` (407 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 429973306f860470cbbb8402c8c53143b450faba ]
We should hold the reference returned by of_get_parent() and use it
to call of_node_put() for refcount balance.
Fixes: 3efe64ef5186 ("clk: st: clkgen-fsyn: search reg within node or parent")
Fixes: 810251b0d36a ("clk: st: clkgen-mux: search reg within node or parent")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220628142416.169808-1-windhl@126.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/st/clkgen-fsyn.c | 5 ++++-
drivers/clk/st/clkgen-mux.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/st/clkgen-fsyn.c b/drivers/clk/st/clkgen-fsyn.c
index 582a22c04919..d820292a381d 100644
--- a/drivers/clk/st/clkgen-fsyn.c
+++ b/drivers/clk/st/clkgen-fsyn.c
@@ -987,6 +987,7 @@ static void __init st_of_quadfs_setup(struct device_node *np,
const char *pll_name, *clk_parent_name;
void __iomem *reg;
spinlock_t *lock;
+ struct device_node *parent_np;
/*
* First check for reg property within the node to keep backward
@@ -994,7 +995,9 @@ static void __init st_of_quadfs_setup(struct device_node *np,
*/
reg = of_iomap(np, 0);
if (!reg) {
- reg = of_iomap(of_get_parent(np), 0);
+ parent_np = of_get_parent(np);
+ reg = of_iomap(parent_np, 0);
+ of_node_put(parent_np);
if (!reg) {
pr_err("%s: Failed to get base address\n", __func__);
return;
diff --git a/drivers/clk/st/clkgen-mux.c b/drivers/clk/st/clkgen-mux.c
index ee39af7a0b72..596e939ad905 100644
--- a/drivers/clk/st/clkgen-mux.c
+++ b/drivers/clk/st/clkgen-mux.c
@@ -56,6 +56,7 @@ static void __init st_of_clkgen_mux_setup(struct device_node *np,
void __iomem *reg;
const char **parents;
int num_parents = 0;
+ struct device_node *parent_np;
/*
* First check for reg property within the node to keep backward
@@ -63,7 +64,9 @@ static void __init st_of_clkgen_mux_setup(struct device_node *np,
*/
reg = of_iomap(np, 0);
if (!reg) {
- reg = of_iomap(of_get_parent(np), 0);
+ parent_np = of_get_parent(np);
+ reg = of_iomap(parent_np, 0);
+ of_node_put(parent_np);
if (!reg) {
pr_err("%s: Failed to get base address\n", __func__);
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 470/862] clk: oxnas: Hold reference returned by of_get_parent()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (468 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 469/862] clk: st: " Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 471/862] clk: qoriq: " Greg Kroah-Hartman
` (406 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 1d6aa08c54cd0e005210ab8e3b1e92ede70f8a4f ]
In oxnas_stdclk_probe(), we need to hold the reference returned by
of_get_parent() and use it to call of_node_put() for refcount
balance.
Fixes: 0bbd72b4c64f ("clk: Add Oxford Semiconductor OXNAS Standard Clocks")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220628143155.170550-1-windhl@126.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-oxnas.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clk-oxnas.c b/drivers/clk/clk-oxnas.c
index cda5e258355b..584e293156ad 100644
--- a/drivers/clk/clk-oxnas.c
+++ b/drivers/clk/clk-oxnas.c
@@ -207,7 +207,7 @@ static const struct of_device_id oxnas_stdclk_dt_ids[] = {
static int oxnas_stdclk_probe(struct platform_device *pdev)
{
- struct device_node *np = pdev->dev.of_node;
+ struct device_node *np = pdev->dev.of_node, *parent_np;
const struct oxnas_stdclk_data *data;
struct regmap *regmap;
int ret;
@@ -215,7 +215,9 @@ static int oxnas_stdclk_probe(struct platform_device *pdev)
data = of_device_get_match_data(&pdev->dev);
- regmap = syscon_node_to_regmap(of_get_parent(np));
+ parent_np = of_get_parent(np);
+ regmap = syscon_node_to_regmap(parent_np);
+ of_node_put(parent_np);
if (IS_ERR(regmap)) {
dev_err(&pdev->dev, "failed to have parent regmap\n");
return PTR_ERR(regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 471/862] clk: qoriq: Hold reference returned by of_get_parent()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (469 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 470/862] clk: oxnas: " Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 472/862] clk: berlin: Add of_node_put() for of_get_parent() Greg Kroah-Hartman
` (405 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit a8ea4273bc26256ce3cce83164f0f51c5bf6e127 ]
In legacy_init_clockgen(), we need to hold the reference returned
by of_get_parent() and use it to call of_node_put() for refcount
balance.
Beside, in create_sysclk(), we need to call of_node_put() on 'sysclk'
also for refcount balance.
Fixes: 0dfc86b3173f ("clk: qoriq: Move chip-specific knowledge into driver")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220628143851.171299-1-windhl@126.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-qoriq.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/clk-qoriq.c b/drivers/clk/clk-qoriq.c
index 88898b97a443..5eddb9f0d6bd 100644
--- a/drivers/clk/clk-qoriq.c
+++ b/drivers/clk/clk-qoriq.c
@@ -1063,8 +1063,13 @@ static void __init _clockgen_init(struct device_node *np, bool legacy);
*/
static void __init legacy_init_clockgen(struct device_node *np)
{
- if (!clockgen.node)
- _clockgen_init(of_get_parent(np), true);
+ if (!clockgen.node) {
+ struct device_node *parent_np;
+
+ parent_np = of_get_parent(np);
+ _clockgen_init(parent_np, true);
+ of_node_put(parent_np);
+ }
}
/* Legacy node */
@@ -1159,6 +1164,7 @@ static struct clk * __init create_sysclk(const char *name)
sysclk = of_get_child_by_name(clockgen.node, "sysclk");
if (sysclk) {
clk = sysclk_from_fixed(sysclk, name);
+ of_node_put(sysclk);
if (!IS_ERR(clk))
return clk;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 472/862] clk: berlin: Add of_node_put() for of_get_parent()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (470 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 471/862] clk: qoriq: " Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 473/862] clk: sprd: Hold reference returned by of_get_parent() Greg Kroah-Hartman
` (404 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 37c381b812dcbfde9c3f1f3d3e75fdfc1b40d5bc ]
In berlin2_clock_setup() and berlin2q_clock_setup(), we need to
call of_node_put() for the reference returned by of_get_parent()
which has increased the refcount. We should call *_put() in fail
path or when it is not used anymore.
Fixes: 26b3b6b959b2 ("clk: berlin: prepare simple-mfd conversion")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220708084900.311684-1-windhl@126.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/berlin/bg2.c | 5 ++++-
drivers/clk/berlin/bg2q.c | 6 +++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/berlin/bg2.c b/drivers/clk/berlin/bg2.c
index bccdfa00fd37..67a9edbba29c 100644
--- a/drivers/clk/berlin/bg2.c
+++ b/drivers/clk/berlin/bg2.c
@@ -500,12 +500,15 @@ static void __init berlin2_clock_setup(struct device_node *np)
int n, ret;
clk_data = kzalloc(struct_size(clk_data, hws, MAX_CLKS), GFP_KERNEL);
- if (!clk_data)
+ if (!clk_data) {
+ of_node_put(parent_np);
return;
+ }
clk_data->num = MAX_CLKS;
hws = clk_data->hws;
gbase = of_iomap(parent_np, 0);
+ of_node_put(parent_np);
if (!gbase)
return;
diff --git a/drivers/clk/berlin/bg2q.c b/drivers/clk/berlin/bg2q.c
index e9518d35f262..dd2784bb75b6 100644
--- a/drivers/clk/berlin/bg2q.c
+++ b/drivers/clk/berlin/bg2q.c
@@ -286,19 +286,23 @@ static void __init berlin2q_clock_setup(struct device_node *np)
int n, ret;
clk_data = kzalloc(struct_size(clk_data, hws, MAX_CLKS), GFP_KERNEL);
- if (!clk_data)
+ if (!clk_data) {
+ of_node_put(parent_np);
return;
+ }
clk_data->num = MAX_CLKS;
hws = clk_data->hws;
gbase = of_iomap(parent_np, 0);
if (!gbase) {
+ of_node_put(parent_np);
pr_err("%pOF: Unable to map global base\n", np);
return;
}
/* BG2Q CPU PLL is not part of global registers */
cpupll_base = of_iomap(parent_np, 1);
+ of_node_put(parent_np);
if (!cpupll_base) {
pr_err("%pOF: Unable to map cpupll base\n", np);
iounmap(gbase);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 473/862] clk: sprd: Hold reference returned by of_get_parent()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (471 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 472/862] clk: berlin: Add of_node_put() for of_get_parent() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 474/862] coresight: docs: Fix a broken reference Greg Kroah-Hartman
` (403 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Orson Zhai, Stephen Boyd,
Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 91e6455bf715fb1558a0bf8f645ec1c131254a3c ]
We should hold the reference returned by of_get_parent() and use it
to call of_node_put() for refcount balance.
Fixes: f95e8c7923d1 ("clk: sprd: support to get regmap from parent node")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220704004729.272481-1-windhl@126.com
Reviewed-by: Orson Zhai <orsonzhai@gmail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/sprd/common.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/clk/sprd/common.c b/drivers/clk/sprd/common.c
index d620bbbcdfc8..ce81e4087a8f 100644
--- a/drivers/clk/sprd/common.c
+++ b/drivers/clk/sprd/common.c
@@ -41,7 +41,7 @@ int sprd_clk_regmap_init(struct platform_device *pdev,
{
void __iomem *base;
struct device *dev = &pdev->dev;
- struct device_node *node = dev->of_node;
+ struct device_node *node = dev->of_node, *np;
struct regmap *regmap;
if (of_find_property(node, "sprd,syscon", NULL)) {
@@ -50,9 +50,10 @@ int sprd_clk_regmap_init(struct platform_device *pdev,
pr_err("%s: failed to get syscon regmap\n", __func__);
return PTR_ERR(regmap);
}
- } else if (of_device_is_compatible(of_get_parent(dev->of_node),
- "syscon")) {
- regmap = device_node_to_regmap(of_get_parent(dev->of_node));
+ } else if (of_device_is_compatible(np = of_get_parent(node), "syscon") ||
+ (of_node_put(np), 0)) {
+ regmap = device_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(regmap)) {
dev_err(dev, "failed to get regmap from its parent.\n");
return PTR_ERR(regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 474/862] coresight: docs: Fix a broken reference
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (472 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 473/862] clk: sprd: Hold reference returned by of_get_parent() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 475/862] clk: tegra: Fix refcount leak in tegra210_clock_init Greg Kroah-Hartman
` (402 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, James Clark,
Mathieu Poirier, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit b99ee26a1a98a8ac0d8241224c40e6c047091d4d ]
Since the commit in Fixes: tag, "coresight-cpu-debug.txt" has been turned
into "arm,coresight-cpu-debug.yaml".
Update the doc accordingly to avoid a 'make htmldocs' warning
Fixes: 66d052047ca8 ("dt-bindings: arm: Convert CoreSight CPU debug to DT schema")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: James Clark <james.clark@arm.com>
Link: https://lore.kernel.org/r/c7f864854e9e03916017712017ff59132c51c338.1659251193.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/trace/coresight/coresight-cpu-debug.rst | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Documentation/trace/coresight/coresight-cpu-debug.rst b/Documentation/trace/coresight/coresight-cpu-debug.rst
index 993dd294b81b..836b35532667 100644
--- a/Documentation/trace/coresight/coresight-cpu-debug.rst
+++ b/Documentation/trace/coresight/coresight-cpu-debug.rst
@@ -117,7 +117,8 @@ divide into below cases:
Device Tree Bindings
--------------------
-See Documentation/devicetree/bindings/arm/coresight-cpu-debug.txt for details.
+See Documentation/devicetree/bindings/arm/arm,coresight-cpu-debug.yaml for
+details.
How to use the module
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 475/862] clk: tegra: Fix refcount leak in tegra210_clock_init
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (473 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 474/862] coresight: docs: Fix a broken reference Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 476/862] clk: tegra: Fix refcount leak in tegra114_clock_init Greg Kroah-Hartman
` (401 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 56c78cb1f00a9dde8cd762131ce8f4c5eb046fbb ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 6b301a059eb2 ("clk: tegra: Add support for Tegra210 clocks")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220523142608.65074-1-linmq006@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/tegra/clk-tegra210.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/tegra/clk-tegra210.c b/drivers/clk/tegra/clk-tegra210.c
index b9099012dc7b..499f999e91e1 100644
--- a/drivers/clk/tegra/clk-tegra210.c
+++ b/drivers/clk/tegra/clk-tegra210.c
@@ -3748,6 +3748,7 @@ static void __init tegra210_clock_init(struct device_node *np)
}
pmc_base = of_iomap(node, 0);
+ of_node_put(node);
if (!pmc_base) {
pr_err("Can't map pmc registers\n");
WARN_ON(1);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 476/862] clk: tegra: Fix refcount leak in tegra114_clock_init
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (474 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 475/862] clk: tegra: Fix refcount leak in tegra210_clock_init Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 477/862] clk: tegra20: Fix refcount leak in tegra20_clock_init Greg Kroah-Hartman
` (400 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit db16a80c76ea395766913082b1e3f939dde29b2c ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 2cb5efefd6f7 ("clk: tegra: Implement clocks for Tegra114")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220523143834.7587-1-linmq006@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/tegra/clk-tegra114.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/tegra/clk-tegra114.c b/drivers/clk/tegra/clk-tegra114.c
index ef718c4b3826..f7405a58877e 100644
--- a/drivers/clk/tegra/clk-tegra114.c
+++ b/drivers/clk/tegra/clk-tegra114.c
@@ -1317,6 +1317,7 @@ static void __init tegra114_clock_init(struct device_node *np)
}
pmc_base = of_iomap(node, 0);
+ of_node_put(node);
if (!pmc_base) {
pr_err("Can't map pmc registers\n");
WARN_ON(1);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 477/862] clk: tegra20: Fix refcount leak in tegra20_clock_init
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (475 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 476/862] clk: tegra: Fix refcount leak in tegra114_clock_init Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 478/862] clk: samsung: exynosautov9: correct register offsets of peric0/c1 Greg Kroah-Hartman
` (399 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 4e343bafe03ff68a62f48f8235cf98f2c685468b ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 37c26a906527 ("clk: tegra: add clock support for Tegra20")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220523152811.19692-1-linmq006@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/tegra/clk-tegra20.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/tegra/clk-tegra20.c b/drivers/clk/tegra/clk-tegra20.c
index be3c33441cfc..8a4514f6d503 100644
--- a/drivers/clk/tegra/clk-tegra20.c
+++ b/drivers/clk/tegra/clk-tegra20.c
@@ -1131,6 +1131,7 @@ static void __init tegra20_clock_init(struct device_node *np)
}
pmc_base = of_iomap(node, 0);
+ of_node_put(node);
if (!pmc_base) {
pr_err("Can't map pmc registers\n");
BUG();
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 478/862] clk: samsung: exynosautov9: correct register offsets of peric0/c1
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (476 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 477/862] clk: tegra20: Fix refcount leak in tegra20_clock_init Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup Greg Kroah-Hartman
` (398 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chanho Park, Krzysztof Kozlowski,
Chanwoo Choi, Sasha Levin
From: Chanho Park <chanho61.park@samsung.com>
[ Upstream commit 67d98943408bce835185688cb75ebbb45b91e572 ]
Some register offsets of peric0 and peric1 cmu blocks need to be
corrected and re-ordered by numerical order.
Fixes: f2dd366992d0 ("clk: samsung: exynosautov9: add cmu_peric0 clock support")
Fixes: b35f27fe73d8 ("clk: samsung: exynosautov9: add cmu_peric1 clock support")
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Acked-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220727021357.152421-4-chanho61.park@samsung.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/samsung/clk-exynosautov9.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/clk/samsung/clk-exynosautov9.c b/drivers/clk/samsung/clk-exynosautov9.c
index d9e1f8e4a7b4..487a71b32a00 100644
--- a/drivers/clk/samsung/clk-exynosautov9.c
+++ b/drivers/clk/samsung/clk-exynosautov9.c
@@ -1170,9 +1170,9 @@ static const struct samsung_cmu_info fsys2_cmu_info __initconst = {
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_2 0x2058
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_3 0x205c
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_4 0x2060
-#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_7 0x206c
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_5 0x2064
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_6 0x2068
+#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_7 0x206c
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_8 0x2070
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_9 0x2074
#define CLK_CON_GAT_GOUT_BLK_PERIC0_UID_PERIC0_TOP0_IPCLKPORT_PCLK_10 0x204c
@@ -1418,14 +1418,14 @@ static const struct samsung_cmu_info peric0_cmu_info __initconst = {
#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_IPCLK_11 0x2020
#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_0 0x2044
#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_1 0x2048
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_2 0x2058
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_3 0x205c
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_4 0x2060
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_7 0x206c
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_5 0x2064
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_6 0x2068
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_8 0x2070
-#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_9 0x2074
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_2 0x2054
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_3 0x2058
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_4 0x205c
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_5 0x2060
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_6 0x2064
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_7 0x2068
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_8 0x206c
+#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_9 0x2070
#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_10 0x204c
#define CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_11 0x2050
@@ -1463,9 +1463,9 @@ static const unsigned long peric1_clk_regs[] __initconst = {
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_2,
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_3,
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_4,
- CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_7,
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_5,
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_6,
+ CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_7,
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_8,
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_9,
CLK_CON_GAT_GOUT_BLK_PERIC1_UID_PERIC1_TOP0_IPCLKPORT_PCLK_10,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (477 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 478/862] clk: samsung: exynosautov9: correct register offsets of peric0/c1 Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 15:06 ` Hugh Dickins
2022-10-19 8:29 ` [PATCH 6.0 480/862] HID: uclogic: Add missing suffix for digitalizers Greg Kroah-Hartman
` (397 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Kuai, Jan Kara, Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 040b83fcecfb86f3225d3a5de7fd9b3fbccf83b4 ]
There are two problems can lead to lost wakeup:
1) invalid wakeup on the wrong waitqueue:
For example, 2 * wake_batch tags are put, while only wake_batch threads
are woken:
__sbq_wake_up
atomic_cmpxchg -> reset wait_cnt
__sbq_wake_up -> decrease wait_cnt
...
__sbq_wake_up -> wait_cnt is decreased to 0 again
atomic_cmpxchg
sbq_index_atomic_inc -> increase wake_index
wake_up_nr -> wake up and waitqueue might be empty
sbq_index_atomic_inc -> increase again, one waitqueue is skipped
wake_up_nr -> invalid wake up because old wakequeue might be empty
To fix the problem, increasing 'wake_index' before resetting 'wait_cnt'.
2) 'wait_cnt' can be decreased while waitqueue is empty
As pointed out by Jan Kara, following race is possible:
CPU1 CPU2
__sbq_wake_up __sbq_wake_up
sbq_wake_ptr() sbq_wake_ptr() -> the same
wait_cnt = atomic_dec_return()
/* decreased to 0 */
sbq_index_atomic_inc()
/* move to next waitqueue */
atomic_set()
/* reset wait_cnt */
wake_up_nr()
/* wake up on the old waitqueue */
wait_cnt = atomic_dec_return()
/*
* decrease wait_cnt in the old
* waitqueue, while it can be
* empty.
*/
Fix the problem by waking up before updating 'wake_index' and
'wait_cnt'.
With this patch, noted that 'wait_cnt' is still decreased in the old
empty waitqueue, however, the wakeup is redirected to a active waitqueue,
and the extra decrement on the old empty waitqueue is not handled.
Fixes: 88459642cba4 ("blk-mq: abstract tag allocation out into sbitmap library")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220803121504.212071-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/sbitmap.c | 55 ++++++++++++++++++++++++++++++---------------------
1 file changed, 33 insertions(+), 22 deletions(-)
diff --git a/lib/sbitmap.c b/lib/sbitmap.c
index 29eb0484215a..1f31147872e6 100644
--- a/lib/sbitmap.c
+++ b/lib/sbitmap.c
@@ -611,32 +611,43 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
return false;
wait_cnt = atomic_dec_return(&ws->wait_cnt);
- if (wait_cnt <= 0) {
- int ret;
+ /*
+ * For concurrent callers of this, callers should call this function
+ * again to wakeup a new batch on a different 'ws'.
+ */
+ if (wait_cnt < 0 || !waitqueue_active(&ws->wait))
+ return true;
- wake_batch = READ_ONCE(sbq->wake_batch);
+ if (wait_cnt > 0)
+ return false;
- /*
- * Pairs with the memory barrier in sbitmap_queue_resize() to
- * ensure that we see the batch size update before the wait
- * count is reset.
- */
- smp_mb__before_atomic();
+ wake_batch = READ_ONCE(sbq->wake_batch);
- /*
- * For concurrent callers of this, the one that failed the
- * atomic_cmpxhcg() race should call this function again
- * to wakeup a new batch on a different 'ws'.
- */
- ret = atomic_cmpxchg(&ws->wait_cnt, wait_cnt, wake_batch);
- if (ret == wait_cnt) {
- sbq_index_atomic_inc(&sbq->wake_index);
- wake_up_nr(&ws->wait, wake_batch);
- return false;
- }
+ /*
+ * Wake up first in case that concurrent callers decrease wait_cnt
+ * while waitqueue is empty.
+ */
+ wake_up_nr(&ws->wait, wake_batch);
- return true;
- }
+ /*
+ * Pairs with the memory barrier in sbitmap_queue_resize() to
+ * ensure that we see the batch size update before the wait
+ * count is reset.
+ *
+ * Also pairs with the implicit barrier between decrementing wait_cnt
+ * and checking for waitqueue_active() to make sure waitqueue_active()
+ * sees result of the wakeup if atomic_dec_return() has seen the result
+ * of atomic_set().
+ */
+ smp_mb__before_atomic();
+
+ /*
+ * Increase wake_index before updating wait_cnt, otherwise concurrent
+ * callers can see valid wait_cnt in old waitqueue, which can cause
+ * invalid wakeup on the old waitqueue.
+ */
+ sbq_index_atomic_inc(&sbq->wake_index);
+ atomic_set(&ws->wait_cnt, wake_batch);
return false;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 480/862] HID: uclogic: Add missing suffix for digitalizers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (478 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 481/862] HID: uclogic: Fix warning in uclogic_rdesc_template_apply Greg Kroah-Hartman
` (396 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito, Jiri Kosina,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit 0977fda0587cbc5403651ba169e264aa01e8a026 ]
The Pen (0x02) application usage was changed to Digitalizer (0x01) in
commit f7d8e387d9ae ("HID: uclogic: Switch to Digitizer usage for
styluses"). However, a suffix was not selected for the new usage.
Handle the digitalizer application usage in uclogic_input_configured()
and add the required suffix.
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Fixes: f7d8e387d9ae ("HID: uclogic: Switch to Digitizer usage for styluses")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/hid-uclogic-core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/hid/hid-uclogic-core.c
+++ b/drivers/hid/hid-uclogic-core.c
@@ -153,6 +153,7 @@ static int uclogic_input_configured(stru
suffix = "Pad";
break;
case HID_DG_PEN:
+ case HID_DG_DIGITIZER:
suffix = "Pen";
break;
case HID_CP_CONSUMER_CONTROL:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 481/862] HID: uclogic: Fix warning in uclogic_rdesc_template_apply
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (479 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 480/862] HID: uclogic: Add missing suffix for digitalizers Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 482/862] HSI: omap_ssi: Fix refcount leak in ssi_probe Greg Kroah-Hartman
` (395 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito, Jiri Kosina,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit 609174edeb758d1e2d713e7ab4e09ea8d45aa4f7 ]
Building with Sparse enabled prints this warning:
warning: incorrect type in assignment (different base types)
expected signed int x
got restricted __le32 [usertype]
Cast the return value of cpu_to_le32() to fix the warning.
Fixes: 08177f4 ("HID: uclogic: merge hid-huion driver in hid-uclogic")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-uclogic-rdesc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-uclogic-rdesc.c b/drivers/hid/hid-uclogic-rdesc.c
index 3d68e8b0784d..81ca22398ed5 100644
--- a/drivers/hid/hid-uclogic-rdesc.c
+++ b/drivers/hid/hid-uclogic-rdesc.c
@@ -1113,7 +1113,7 @@ __u8 *uclogic_rdesc_template_apply(const __u8 *template_ptr,
memcmp(p, pen_head, sizeof(pen_head)) == 0 &&
p[sizeof(pen_head)] < param_num) {
v = param_list[p[sizeof(pen_head)]];
- put_unaligned(cpu_to_le32(v), (s32 *)p);
+ put_unaligned((__force u32)cpu_to_le32(v), (s32 *)p);
p += sizeof(pen_head) + 1;
} else if (memcmp(p, btn_head, sizeof(btn_head)) == 0 &&
p[sizeof(btn_head)] < param_num) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 482/862] HSI: omap_ssi: Fix refcount leak in ssi_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (480 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 481/862] HID: uclogic: Fix warning in uclogic_rdesc_template_apply Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 483/862] HSI: omap_ssi_port: Fix dma_map_sg error check Greg Kroah-Hartman
` (394 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sebastian Reichel, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9a2ea132df860177b33c9fd421b26c4e9a0a9396 ]
When returning or breaking early from a
for_each_available_child_of_node() loop, we need to explicitly call
of_node_put() on the child node to possibly release the node.
Fixes: b209e047bc74 ("HSI: Introduce OMAP SSI driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/controllers/omap_ssi_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hsi/controllers/omap_ssi_core.c b/drivers/hsi/controllers/omap_ssi_core.c
index 44a3f5660c10..eb9820158318 100644
--- a/drivers/hsi/controllers/omap_ssi_core.c
+++ b/drivers/hsi/controllers/omap_ssi_core.c
@@ -524,6 +524,7 @@ static int ssi_probe(struct platform_device *pd)
if (!childpdev) {
err = -ENODEV;
dev_err(&pd->dev, "failed to create ssi controller port\n");
+ of_node_put(child);
goto out3;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 483/862] HSI: omap_ssi_port: Fix dma_map_sg error check
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (481 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 482/862] HSI: omap_ssi: Fix refcount leak in ssi_probe Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 484/862] clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock Greg Kroah-Hartman
` (393 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Reichel, Jack Wang,
Sebastian Reichel, Sasha Levin
From: Jack Wang <jinpu.wang@ionos.com>
[ Upstream commit 551e325bbd3fb8b5a686ac1e6cf76e5641461cf2 ]
dma_map_sg return 0 on error, in case of error return -EIO
to caller.
Cc: Sebastian Reichel <sre@kernel.org>
Cc: linux-kernel@vger.kernel.org (open list)
Fixes: b209e047bc74 ("HSI: Introduce OMAP SSI driver")
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/controllers/omap_ssi_port.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/hsi/controllers/omap_ssi_port.c b/drivers/hsi/controllers/omap_ssi_port.c
index a0cb5be246e1..b9495b720f1b 100644
--- a/drivers/hsi/controllers/omap_ssi_port.c
+++ b/drivers/hsi/controllers/omap_ssi_port.c
@@ -230,10 +230,10 @@ static int ssi_start_dma(struct hsi_msg *msg, int lch)
if (msg->ttype == HSI_MSG_READ) {
err = dma_map_sg(&ssi->device, msg->sgt.sgl, msg->sgt.nents,
DMA_FROM_DEVICE);
- if (err < 0) {
+ if (!err) {
dev_dbg(&ssi->device, "DMA map SG failed !\n");
pm_runtime_put_autosuspend(omap_port->pdev);
- return err;
+ return -EIO;
}
csdp = SSI_DST_BURST_4x32_BIT | SSI_DST_MEMORY_PORT |
SSI_SRC_SINGLE_ACCESS0 | SSI_SRC_PERIPHERAL_PORT |
@@ -247,10 +247,10 @@ static int ssi_start_dma(struct hsi_msg *msg, int lch)
} else {
err = dma_map_sg(&ssi->device, msg->sgt.sgl, msg->sgt.nents,
DMA_TO_DEVICE);
- if (err < 0) {
+ if (!err) {
dev_dbg(&ssi->device, "DMA map SG failed !\n");
pm_runtime_put_autosuspend(omap_port->pdev);
- return err;
+ return -EIO;
}
csdp = SSI_SRC_BURST_4x32_BIT | SSI_SRC_MEMORY_PORT |
SSI_DST_SINGLE_ACCESS0 | SSI_DST_PERIPHERAL_PORT |
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 484/862] clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (482 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 483/862] HSI: omap_ssi_port: Fix dma_map_sg error check Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 485/862] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
` (392 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marijn Suijten, Alexey Minnekhanov,
Stephen Boyd, Bjorn Andersson, Sasha Levin
From: Marijn Suijten <marijn.suijten@somainline.org>
[ Upstream commit 6956c18f4ad9200aa945f7ea37d65a05afc49d51 ]
In commit 3f905469c8ce ("clk: qcom: gcc: Use floor ops for SDCC clocks")
floor ops were applied to SDCC2 only, but flooring is also required on
the SDCC1 apps clock which is used by the eMMC card on Sony's Nile
platform, and otherwise result in the typicial "Card appears
overclocked" warnings observed on many other platforms before:
mmc0: Card appears overclocked; req 52000000 Hz, actual 100000000 Hz
mmc0: Card appears overclocked; req 52000000 Hz, actual 100000000 Hz
mmc0: Card appears overclocked; req 104000000 Hz, actual 192000000 Hz
Fixes: f2a76a2955c0 ("clk: qcom: Add Global Clock controller (GCC) driver for SDM660")
Signed-off-by: Marijn Suijten <marijn.suijten@somainline.org>
Tested-by: Alexey Minnekhanov <alexeymin@postmarketos.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220714203822.186448-1-marijn.suijten@somainline.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-sdm660.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/qcom/gcc-sdm660.c b/drivers/clk/qcom/gcc-sdm660.c
index 9b97425008ce..db918c92a522 100644
--- a/drivers/clk/qcom/gcc-sdm660.c
+++ b/drivers/clk/qcom/gcc-sdm660.c
@@ -757,7 +757,7 @@ static struct clk_rcg2 sdcc1_apps_clk_src = {
.name = "sdcc1_apps_clk_src",
.parent_data = gcc_parent_data_xo_gpll0_gpll4_gpll0_early_div,
.num_parents = ARRAY_SIZE(gcc_parent_data_xo_gpll0_gpll4_gpll0_early_div),
- .ops = &clk_rcg2_ops,
+ .ops = &clk_rcg2_floor_ops,
},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 485/862] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (483 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 484/862] clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 486/862] media: airspy: fix memory leak in airspy probe Greg Kroah-Hartman
` (391 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 211f8304fa21aaedc2c247f0c9d6c7f1aaa61ad7 ]
In fimc_is_register_subdevs(), we need to call of_node_put() for
the reference 'i2c_bus' when breaking out of the
for_each_compatible_node() which has increased the refcount.
Fixes: 9a761e436843 ("[media] exynos4-is: Add Exynos4x12 FIMC-IS driver")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/samsung/exynos4-is/fimc-is.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/samsung/exynos4-is/fimc-is.c b/drivers/media/platform/samsung/exynos4-is/fimc-is.c
index e3072d69c49f..a7704ff069d6 100644
--- a/drivers/media/platform/samsung/exynos4-is/fimc-is.c
+++ b/drivers/media/platform/samsung/exynos4-is/fimc-is.c
@@ -213,6 +213,7 @@ static int fimc_is_register_subdevs(struct fimc_is *is)
if (ret < 0 || index >= FIMC_IS_SENSORS_NUM) {
of_node_put(child);
+ of_node_put(i2c_bus);
return ret;
}
index++;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 486/862] media: airspy: fix memory leak in airspy probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (484 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 485/862] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 487/862] tty: xilinx_uartps: Check clk_enable return value Greg Kroah-Hartman
` (390 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+bb25f85e5aa482864dc0,
Dongliang Mu, Tommaso Merciai, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 23bc5eb55f8c9607965c20d9ddcc13cb1ae59568 ]
The commit ca9dc8d06ab6 ("media: airspy: respect the DMA coherency
rules") moves variable buf from stack to heap, however, it only frees
buf in the error handling code, missing deallocation in the success
path.
Fix this by freeing buf in the success path since this variable does not
have any references in other code.
Fixes: ca9dc8d06ab6 ("media: airspy: respect the DMA coherency rules")
Reported-by: syzbot+bb25f85e5aa482864dc0@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Reviewed-by: Tommaso Merciai <tommaso.merciai@amarulasolution.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/airspy/airspy.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/media/usb/airspy/airspy.c b/drivers/media/usb/airspy/airspy.c
index 240a7cc56777..7b1c40132555 100644
--- a/drivers/media/usb/airspy/airspy.c
+++ b/drivers/media/usb/airspy/airspy.c
@@ -1070,6 +1070,10 @@ static int airspy_probe(struct usb_interface *intf,
ret);
goto err_free_controls;
}
+
+ /* Free buf if success*/
+ kfree(buf);
+
dev_info(s->dev, "Registered as %s\n",
video_device_node_name(&s->vdev));
dev_notice(s->dev, "SDR API is still slightly experimental and functionality changes may follow\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 487/862] tty: xilinx_uartps: Check clk_enable return value
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (485 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 486/862] media: airspy: fix memory leak in airspy probe Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 488/862] tty: xilinx_uartps: Fix the ignore_status Greg Kroah-Hartman
` (389 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shubhrajyoti Datta, Sasha Levin
From: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
[ Upstream commit 957e8c047bf25bd24271ab049f06dc47f382973f ]
If clocks are not enabled the register access may hang the system.
Check for the clock enable return value and bail out if not enabled.
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Link: https://lore.kernel.org/r/20220729114748.18332-2-shubhrajyoti.datta@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: b8a6c3b3d465 ("tty: xilinx_uartps: Fix the ignore_status")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/xilinx_uartps.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index 9e01fe6c0ab8..51fd09e14eda 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -1329,12 +1329,20 @@ static int cdns_uart_resume(struct device *device)
unsigned long flags;
u32 ctrl_reg;
int may_wake;
+ int ret;
may_wake = device_may_wakeup(device);
if (console_suspend_enabled && uart_console(port) && !may_wake) {
- clk_enable(cdns_uart->pclk);
- clk_enable(cdns_uart->uartclk);
+ ret = clk_enable(cdns_uart->pclk);
+ if (ret)
+ return ret;
+
+ ret = clk_enable(cdns_uart->uartclk);
+ if (ret) {
+ clk_disable(cdns_uart->pclk);
+ return ret;
+ }
spin_lock_irqsave(&port->lock, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 488/862] tty: xilinx_uartps: Fix the ignore_status
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (486 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 487/862] tty: xilinx_uartps: Check clk_enable return value Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 489/862] media: mediatek: vcodec: Skip non CBR bitrate mode Greg Kroah-Hartman
` (388 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shubhrajyoti Datta, Sasha Levin
From: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
[ Upstream commit b8a6c3b3d4654fba19881cc77da61eac29f57cae ]
Currently the ignore_status is not considered in the isr.
Add a check to add the ignore_status.
Fixes: 61ec9016988f ("tty/serial: add support for Xilinx PS UART")
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Link: https://lore.kernel.org/r/20220729114748.18332-5-shubhrajyoti.datta@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/xilinx_uartps.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index 51fd09e14eda..769044dfe990 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -361,6 +361,8 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id)
isrstatus &= ~CDNS_UART_IXR_TXEMPTY;
}
+ isrstatus &= port->read_status_mask;
+ isrstatus &= ~port->ignore_status_mask;
/*
* Skip RX processing if RX is disabled as RXEMPTY will never be set
* as read bytes will not be removed from the FIFO.
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 489/862] media: mediatek: vcodec: Skip non CBR bitrate mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (487 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 488/862] tty: xilinx_uartps: Fix the ignore_status Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 490/862] media: amphion: insert picture startcode after seek for vc1g format Greg Kroah-Hartman
` (387 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hirokazu Honda, Chen-Yu Tsai,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Hirokazu Honda <hiroh@chromium.org>
[ Upstream commit e7bfdf0a854037e8c0597f1f44f72651869c424d ]
V4L2_MPEG_VIDEO_BITRATE_MODE_CBR is the only bitrate mode supported
by the mediatek driver. The other bitrates must be skipped in
QUERY_MENU.
Fixes: d8e8aa866ed8 ("media: mediatek: vcodec: Report supported bitrate modes")
Signed-off-by: Hirokazu Honda <hiroh@chromium.org>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
index 25e816863597..27c5fdaabed4 100644
--- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
+++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c
@@ -1403,7 +1403,8 @@ int mtk_vcodec_enc_ctrls_setup(struct mtk_vcodec_ctx *ctx)
V4L2_MPEG_VIDEO_VP8_PROFILE_0, 0, V4L2_MPEG_VIDEO_VP8_PROFILE_0);
v4l2_ctrl_new_std_menu(handler, ops, V4L2_CID_MPEG_VIDEO_BITRATE_MODE,
V4L2_MPEG_VIDEO_BITRATE_MODE_CBR,
- 0, V4L2_MPEG_VIDEO_BITRATE_MODE_CBR);
+ ~(1 << V4L2_MPEG_VIDEO_BITRATE_MODE_CBR),
+ V4L2_MPEG_VIDEO_BITRATE_MODE_CBR);
if (handler->error) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 490/862] media: amphion: insert picture startcode after seek for vc1g format
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (488 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 489/862] media: mediatek: vcodec: Skip non CBR bitrate mode Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 491/862] media: amphion: adjust the encoders value range of gop size Greg Kroah-Hartman
` (386 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ming Qian, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Ming Qian <ming.qian@nxp.com>
[ Upstream commit f7fd6c318c8a5d06bf3fe611f30763d62eaaf7f0 ]
For format vc1, the amphion vpu requires driver to
help insert some custom startcode before sequence and frame.
the startcode is different for vc1l and vc1g format.
But the sequence startcode is only needed at the beginning,
and it's not expected after seek.
driver need to treat the codec header and the first frame after seek
as a normal frame, and insert picture startcode for it.
In previous patch, I just fix it for vc1l format,
and should fix the similar issue for vc1g too.
Fixes: e670f5d672ef (media: amphion: only insert the first sequence startcode for vc1l format)
Signed-off-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/amphion/vpu_malone.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/amphion/vpu_malone.c b/drivers/media/platform/amphion/vpu_malone.c
index f4a488bf9880..51e0702f9ae1 100644
--- a/drivers/media/platform/amphion/vpu_malone.c
+++ b/drivers/media/platform/amphion/vpu_malone.c
@@ -1293,7 +1293,7 @@ static int vpu_malone_insert_scode_vc1_g_pic(struct malone_scode_t *scode)
vbuf = to_vb2_v4l2_buffer(scode->vb);
data = vb2_plane_vaddr(scode->vb, 0);
- if (vbuf->sequence == 0 || vpu_vb_is_codecconfig(vbuf))
+ if (scode->inst->total_input_count == 0 || vpu_vb_is_codecconfig(vbuf))
return 0;
if (MALONE_VC1_CONTAIN_NAL(*data))
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 491/862] media: amphion: adjust the encoders value range of gop size
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (489 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 490/862] media: amphion: insert picture startcode after seek for vc1g format Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 492/862] media: amphion: dont change the colorspace reported by decoder Greg Kroah-Hartman
` (385 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ming Qian, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Ming Qian <ming.qian@nxp.com>
[ Upstream commit 996f4e89fabe44ab9ac0aabb0697aeecbe717eca ]
adjust the value range of gop size from [0, 65535] to [1, 8000].
when the gop size is set to a too large value,
it may affect the encoded picture quality.
so constrain it to a reasonable range.
Fixes: 0401e659c1f92 ("media: amphion: add v4l2 m2m vpu encoder stateful driver")
Signed-off-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/amphion/venc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/amphion/venc.c b/drivers/media/platform/amphion/venc.c
index 461524dd1e44..37212f087fdd 100644
--- a/drivers/media/platform/amphion/venc.c
+++ b/drivers/media/platform/amphion/venc.c
@@ -644,7 +644,7 @@ static int venc_ctrl_init(struct vpu_inst *inst)
BITRATE_DEFAULT_PEAK);
v4l2_ctrl_new_std(&inst->ctrl_handler, &venc_ctrl_ops,
- V4L2_CID_MPEG_VIDEO_GOP_SIZE, 0, (1 << 16) - 1, 1, 30);
+ V4L2_CID_MPEG_VIDEO_GOP_SIZE, 1, 8000, 1, 30);
v4l2_ctrl_new_std(&inst->ctrl_handler, &venc_ctrl_ops,
V4L2_CID_MPEG_VIDEO_B_FRAMES, 0, 4, 1, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 492/862] media: amphion: dont change the colorspace reported by decoder.
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (490 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 491/862] media: amphion: adjust the encoders value range of gop size Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 493/862] media: amphion: fix a bug that vpu core may not resume after suspend Greg Kroah-Hartman
` (384 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ming Qian, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Ming Qian <ming.qian@nxp.com>
[ Upstream commit 61c2698ee60630c6a7d2e99850fa81ff6450270a ]
decoder will report the colorspace information
which is parsed from the sequence header,
if they are unspecified, just let application to determine it,
don't change it in driver.
Fixes: 6de8d628df6ef ("media: amphion: add v4l2 m2m vpu decoder stateful driver")
Signed-off-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/amphion/vdec.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/media/platform/amphion/vdec.c b/drivers/media/platform/amphion/vdec.c
index 9e64041cc1c1..feb75dc204de 100644
--- a/drivers/media/platform/amphion/vdec.c
+++ b/drivers/media/platform/amphion/vdec.c
@@ -808,14 +808,6 @@ static void vdec_init_fmt(struct vpu_inst *inst)
inst->cap_format.field = V4L2_FIELD_NONE;
else
inst->cap_format.field = V4L2_FIELD_SEQ_TB;
- if (vdec->codec_info.color_primaries == V4L2_COLORSPACE_DEFAULT)
- vdec->codec_info.color_primaries = V4L2_COLORSPACE_REC709;
- if (vdec->codec_info.transfer_chars == V4L2_XFER_FUNC_DEFAULT)
- vdec->codec_info.transfer_chars = V4L2_XFER_FUNC_709;
- if (vdec->codec_info.matrix_coeffs == V4L2_YCBCR_ENC_DEFAULT)
- vdec->codec_info.matrix_coeffs = V4L2_YCBCR_ENC_709;
- if (vdec->codec_info.full_range == V4L2_QUANTIZATION_DEFAULT)
- vdec->codec_info.full_range = V4L2_QUANTIZATION_LIM_RANGE;
}
static void vdec_init_crop(struct vpu_inst *inst)
@@ -1555,6 +1547,14 @@ static int vdec_get_debug_info(struct vpu_inst *inst, char *str, u32 size, u32 i
vdec->codec_info.frame_rate.numerator,
vdec->codec_info.frame_rate.denominator);
break;
+ case 9:
+ num = scnprintf(str, size, "colorspace: %d, %d, %d, %d (%d)\n",
+ vdec->codec_info.color_primaries,
+ vdec->codec_info.transfer_chars,
+ vdec->codec_info.matrix_coeffs,
+ vdec->codec_info.full_range,
+ vdec->codec_info.vui_present);
+ break;
default:
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 493/862] media: amphion: fix a bug that vpu core may not resume after suspend
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (491 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 492/862] media: amphion: dont change the colorspace reported by decoder Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 494/862] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Greg Kroah-Hartman
` (383 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ming Qian, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Ming Qian <ming.qian@nxp.com>
[ Upstream commit 0202a665bf17fbe98fed954944aabbcb4f14a4cc ]
driver will enable the vpu core when request the first instance
on the core.
one vpu core can only support 8 streaming instances in the same
time, the instance won't be added to core's list before streamon.
so the actual instance count may be greater then the number in
the core's list.
in pm resume callback, driver will resume the core immediately if
core's list is not empty.
but this check is not accurate,
if suspend during one instance is requested, but not streamon,
then after suspend, the core won't be resume, and led to instance failure.
use the request_count instead of the core's list to check
whether is the core needed to resume immediately after suspend.
And it can make the pm suspend and resume callback more clear.
Fixes: 9f599f351e86 ("media: amphion: add vpu core driver")
Signed-off-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/amphion/vpu.h | 1 -
drivers/media/platform/amphion/vpu_core.c | 84 ++++++++++++-----------
drivers/media/platform/amphion/vpu_core.h | 1 +
drivers/media/platform/amphion/vpu_dbg.c | 9 ++-
4 files changed, 51 insertions(+), 44 deletions(-)
diff --git a/drivers/media/platform/amphion/vpu.h b/drivers/media/platform/amphion/vpu.h
index f914de6ed81e..beac0309ca8d 100644
--- a/drivers/media/platform/amphion/vpu.h
+++ b/drivers/media/platform/amphion/vpu.h
@@ -119,7 +119,6 @@ struct vpu_mbox {
enum vpu_core_state {
VPU_CORE_DEINIT = 0,
VPU_CORE_ACTIVE,
- VPU_CORE_SNAPSHOT,
VPU_CORE_HANG
};
diff --git a/drivers/media/platform/amphion/vpu_core.c b/drivers/media/platform/amphion/vpu_core.c
index 73faa50d2865..f9ec1753f7c8 100644
--- a/drivers/media/platform/amphion/vpu_core.c
+++ b/drivers/media/platform/amphion/vpu_core.c
@@ -89,7 +89,7 @@ static int vpu_core_boot_done(struct vpu_core *core)
core->supported_instance_count = min(core->supported_instance_count, count);
}
core->fw_version = fw_version;
- core->state = VPU_CORE_ACTIVE;
+ vpu_core_set_state(core, VPU_CORE_ACTIVE);
return 0;
}
@@ -172,10 +172,26 @@ int vpu_alloc_dma(struct vpu_core *core, struct vpu_buffer *buf)
return __vpu_alloc_dma(core->dev, buf);
}
-static void vpu_core_check_hang(struct vpu_core *core)
+void vpu_core_set_state(struct vpu_core *core, enum vpu_core_state state)
{
- if (core->hang_mask)
- core->state = VPU_CORE_HANG;
+ if (state != core->state)
+ vpu_trace(core->dev, "vpu core state change from %d to %d\n", core->state, state);
+ core->state = state;
+ if (core->state == VPU_CORE_DEINIT)
+ core->hang_mask = 0;
+}
+
+static void vpu_core_update_state(struct vpu_core *core)
+{
+ if (!vpu_iface_get_power_state(core)) {
+ if (core->request_count)
+ vpu_core_set_state(core, VPU_CORE_HANG);
+ else
+ vpu_core_set_state(core, VPU_CORE_DEINIT);
+
+ } else if (core->state == VPU_CORE_ACTIVE && core->hang_mask) {
+ vpu_core_set_state(core, VPU_CORE_HANG);
+ }
}
static struct vpu_core *vpu_core_find_proper_by_type(struct vpu_dev *vpu, u32 type)
@@ -188,11 +204,13 @@ static struct vpu_core *vpu_core_find_proper_by_type(struct vpu_dev *vpu, u32 ty
dev_dbg(c->dev, "instance_mask = 0x%lx, state = %d\n", c->instance_mask, c->state);
if (c->type != type)
continue;
+ mutex_lock(&c->lock);
+ vpu_core_update_state(c);
+ mutex_unlock(&c->lock);
if (c->state == VPU_CORE_DEINIT) {
core = c;
break;
}
- vpu_core_check_hang(c);
if (c->state != VPU_CORE_ACTIVE)
continue;
if (c->request_count < request_count) {
@@ -409,6 +427,12 @@ int vpu_inst_register(struct vpu_inst *inst)
}
mutex_lock(&core->lock);
+ if (core->state != VPU_CORE_ACTIVE) {
+ dev_err(core->dev, "vpu core is not active, state = %d\n", core->state);
+ ret = -EINVAL;
+ goto exit;
+ }
+
if (inst->id >= 0 && inst->id < core->supported_instance_count)
goto exit;
@@ -450,7 +474,7 @@ int vpu_inst_unregister(struct vpu_inst *inst)
vpu_core_release_instance(core, inst->id);
inst->id = VPU_INST_NULL_ID;
}
- vpu_core_check_hang(core);
+ vpu_core_update_state(core);
if (core->state == VPU_CORE_HANG && !core->instance_mask) {
int err;
@@ -459,7 +483,7 @@ int vpu_inst_unregister(struct vpu_inst *inst)
err = vpu_core_sw_reset(core);
mutex_lock(&core->lock);
if (!err) {
- core->state = VPU_CORE_ACTIVE;
+ vpu_core_set_state(core, VPU_CORE_ACTIVE);
core->hang_mask = 0;
}
}
@@ -609,7 +633,7 @@ static int vpu_core_probe(struct platform_device *pdev)
mutex_init(&core->cmd_lock);
init_completion(&core->cmp);
init_waitqueue_head(&core->ack_wq);
- core->state = VPU_CORE_DEINIT;
+ vpu_core_set_state(core, VPU_CORE_DEINIT);
core->res = of_device_get_match_data(dev);
if (!core->res)
@@ -758,33 +782,18 @@ static int __maybe_unused vpu_core_resume(struct device *dev)
mutex_lock(&core->lock);
pm_runtime_resume_and_get(dev);
vpu_core_get_vpu(core);
- if (core->state != VPU_CORE_SNAPSHOT)
- goto exit;
- if (!vpu_iface_get_power_state(core)) {
- if (!list_empty(&core->instances)) {
+ if (core->request_count) {
+ if (!vpu_iface_get_power_state(core))
ret = vpu_core_boot(core, false);
- if (ret) {
- dev_err(core->dev, "%s boot fail\n", __func__);
- core->state = VPU_CORE_DEINIT;
- goto exit;
- }
- } else {
- core->state = VPU_CORE_DEINIT;
- }
- } else {
- if (!list_empty(&core->instances)) {
+ else
ret = vpu_core_sw_reset(core);
- if (ret) {
- dev_err(core->dev, "%s sw_reset fail\n", __func__);
- core->state = VPU_CORE_HANG;
- goto exit;
- }
+ if (ret) {
+ dev_err(core->dev, "resume fail\n");
+ vpu_core_set_state(core, VPU_CORE_HANG);
}
- core->state = VPU_CORE_ACTIVE;
}
-
-exit:
+ vpu_core_update_state(core);
pm_runtime_put_sync(dev);
mutex_unlock(&core->lock);
@@ -798,18 +807,11 @@ static int __maybe_unused vpu_core_suspend(struct device *dev)
int ret = 0;
mutex_lock(&core->lock);
- if (core->state == VPU_CORE_ACTIVE) {
- if (!list_empty(&core->instances)) {
- ret = vpu_core_snapshot(core);
- if (ret) {
- mutex_unlock(&core->lock);
- return ret;
- }
- }
-
- core->state = VPU_CORE_SNAPSHOT;
- }
+ if (core->request_count)
+ ret = vpu_core_snapshot(core);
mutex_unlock(&core->lock);
+ if (ret)
+ return ret;
vpu_core_cancel_work(core);
diff --git a/drivers/media/platform/amphion/vpu_core.h b/drivers/media/platform/amphion/vpu_core.h
index 00a662997da4..65b562642603 100644
--- a/drivers/media/platform/amphion/vpu_core.h
+++ b/drivers/media/platform/amphion/vpu_core.h
@@ -11,5 +11,6 @@ u32 csr_readl(struct vpu_core *core, u32 reg);
int vpu_alloc_dma(struct vpu_core *core, struct vpu_buffer *buf);
void vpu_free_dma(struct vpu_buffer *buf);
struct vpu_inst *vpu_core_find_instance(struct vpu_core *core, u32 index);
+void vpu_core_set_state(struct vpu_core *core, enum vpu_core_state state);
#endif
diff --git a/drivers/media/platform/amphion/vpu_dbg.c b/drivers/media/platform/amphion/vpu_dbg.c
index f72c8a506b22..260f1c4b8f8d 100644
--- a/drivers/media/platform/amphion/vpu_dbg.c
+++ b/drivers/media/platform/amphion/vpu_dbg.c
@@ -15,6 +15,7 @@
#include <linux/debugfs.h>
#include "vpu.h"
#include "vpu_defs.h"
+#include "vpu_core.h"
#include "vpu_helpers.h"
#include "vpu_cmds.h"
#include "vpu_rpc.h"
@@ -233,6 +234,10 @@ static int vpu_dbg_core(struct seq_file *s, void *data)
if (seq_write(s, str, num))
return 0;
+ num = scnprintf(str, sizeof(str), "power %s\n",
+ vpu_iface_get_power_state(core) ? "on" : "off");
+ if (seq_write(s, str, num))
+ return 0;
num = scnprintf(str, sizeof(str), "state = %d\n", core->state);
if (seq_write(s, str, num))
return 0;
@@ -346,10 +351,10 @@ static ssize_t vpu_dbg_core_write(struct file *file,
pm_runtime_resume_and_get(core->dev);
mutex_lock(&core->lock);
- if (core->state != VPU_CORE_DEINIT && !core->instance_mask) {
+ if (vpu_iface_get_power_state(core) && !core->request_count) {
dev_info(core->dev, "reset\n");
if (!vpu_core_sw_reset(core)) {
- core->state = VPU_CORE_ACTIVE;
+ vpu_core_set_state(core, VPU_CORE_ACTIVE);
core->hang_mask = 0;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 494/862] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (492 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 493/862] media: amphion: fix a bug that vpu core may not resume after suspend Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 495/862] media: uvcvideo: Fix memory leak in uvc_gpio_parse Greg Kroah-Hartman
` (382 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Qiang, Neil Armstrong,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Xu Qiang <xuqiang36@huawei.com>
[ Upstream commit 4029372233e13e281f8c387f279f9f064ced3810 ]
Add the missing clk_disable_unprepare() before return
from vdec_hevc_start() in the error handling case.
Fixes: 823a7300340e (“media: meson: vdec: add common HEVC decoder support”)
Signed-off-by: Xu Qiang <xuqiang36@huawei.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/meson/vdec/vdec_hevc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/media/meson/vdec/vdec_hevc.c b/drivers/staging/media/meson/vdec/vdec_hevc.c
index 9530e580e57a..afced435c907 100644
--- a/drivers/staging/media/meson/vdec/vdec_hevc.c
+++ b/drivers/staging/media/meson/vdec/vdec_hevc.c
@@ -167,8 +167,12 @@ static int vdec_hevc_start(struct amvdec_session *sess)
clk_set_rate(core->vdec_hevc_clk, 666666666);
ret = clk_prepare_enable(core->vdec_hevc_clk);
- if (ret)
+ if (ret) {
+ if (core->platform->revision == VDEC_REVISION_G12A ||
+ core->platform->revision == VDEC_REVISION_SM1)
+ clk_disable_unprepare(core->vdec_hevcf_clk);
return ret;
+ }
if (core->platform->revision == VDEC_REVISION_SM1)
regmap_update_bits(core->regmap_ao, AO_RTI_GEN_PWR_SLEEP0,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 495/862] media: uvcvideo: Fix memory leak in uvc_gpio_parse
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (493 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 494/862] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 496/862] media: uvcvideo: Use entity get_cur in uvc_ctrl_set Greg Kroah-Hartman
` (381 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito,
Ricardo Ribalda, Laurent Pinchart, Mauro Carvalho Chehab,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit f0f078457f18f10696888f8d0e6aba9deb9cde92 ]
Previously the unit buffer was allocated before checking the IRQ for
privacy GPIO. In case of error, the unit buffer was leaked.
Allocate the unit buffer after the IRQ to avoid it.
Addresses-Coverity-ID: 1474639 ("Resource leak")
Fixes: 2886477ff987 ("media: uvcvideo: Implement UVC_EXT_GPIO_UNIT")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Reviewed-by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/uvc/uvc_driver.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
index d509a4a2f08e..822e9694f092 100644
--- a/drivers/media/usb/uvc/uvc_driver.c
+++ b/drivers/media/usb/uvc/uvc_driver.c
@@ -1553,10 +1553,6 @@ static int uvc_gpio_parse(struct uvc_device *dev)
if (IS_ERR_OR_NULL(gpio_privacy))
return PTR_ERR_OR_ZERO(gpio_privacy);
- unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1);
- if (!unit)
- return -ENOMEM;
-
irq = gpiod_to_irq(gpio_privacy);
if (irq < 0) {
if (irq != EPROBE_DEFER)
@@ -1565,6 +1561,10 @@ static int uvc_gpio_parse(struct uvc_device *dev)
return irq;
}
+ unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1);
+ if (!unit)
+ return -ENOMEM;
+
unit->gpio.gpio_privacy = gpio_privacy;
unit->gpio.irq = irq;
unit->gpio.bControlSize = 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 496/862] media: uvcvideo: Use entity get_cur in uvc_ctrl_set
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (494 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 495/862] media: uvcvideo: Fix memory leak in uvc_gpio_parse Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 497/862] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Greg Kroah-Hartman
` (380 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunke Cao, Ricardo Ribalda,
Laurent Pinchart, Mauro Carvalho Chehab, Sasha Levin
From: Yunke Cao <yunkec@google.com>
[ Upstream commit 5f36851c36b30f713f588ed2b60aa7b4512e2c76 ]
Entity controls should get_cur using an entity-defined function
instead of via a query. Fix this in uvc_ctrl_set.
Fixes: 65900c581d01 ("media: uvcvideo: Allow entity-defined get_info and get_cur")
Signed-off-by: Yunke Cao <yunkec@google.com>
Reviewed-by: Ricardo Ribalda <ribalda@chromium.org>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/uvc/uvc_ctrl.c | 83 ++++++++++++++++++--------------
1 file changed, 46 insertions(+), 37 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
index 8c208db9600b..53250ea75dfb 100644
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -985,36 +985,56 @@ static s32 __uvc_ctrl_get_value(struct uvc_control_mapping *mapping,
return value;
}
-static int __uvc_ctrl_get(struct uvc_video_chain *chain,
- struct uvc_control *ctrl, struct uvc_control_mapping *mapping,
- s32 *value)
+static int __uvc_ctrl_load_cur(struct uvc_video_chain *chain,
+ struct uvc_control *ctrl)
{
+ u8 *data;
int ret;
- if ((ctrl->info.flags & UVC_CTRL_FLAG_GET_CUR) == 0)
- return -EACCES;
+ if (ctrl->loaded)
+ return 0;
- if (!ctrl->loaded) {
- if (ctrl->entity->get_cur) {
- ret = ctrl->entity->get_cur(chain->dev,
- ctrl->entity,
- ctrl->info.selector,
- uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
- ctrl->info.size);
- } else {
- ret = uvc_query_ctrl(chain->dev, UVC_GET_CUR,
- ctrl->entity->id,
- chain->dev->intfnum,
- ctrl->info.selector,
- uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
- ctrl->info.size);
- }
- if (ret < 0)
- return ret;
+ data = uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT);
+ if ((ctrl->info.flags & UVC_CTRL_FLAG_GET_CUR) == 0) {
+ memset(data, 0, ctrl->info.size);
ctrl->loaded = 1;
+
+ return 0;
}
+ if (ctrl->entity->get_cur)
+ ret = ctrl->entity->get_cur(chain->dev, ctrl->entity,
+ ctrl->info.selector, data,
+ ctrl->info.size);
+ else
+ ret = uvc_query_ctrl(chain->dev, UVC_GET_CUR,
+ ctrl->entity->id, chain->dev->intfnum,
+ ctrl->info.selector, data,
+ ctrl->info.size);
+
+ if (ret < 0)
+ return ret;
+
+ ctrl->loaded = 1;
+
+ return ret;
+}
+
+static int __uvc_ctrl_get(struct uvc_video_chain *chain,
+ struct uvc_control *ctrl,
+ struct uvc_control_mapping *mapping,
+ s32 *value)
+{
+ int ret;
+
+ if ((ctrl->info.flags & UVC_CTRL_FLAG_GET_CUR) == 0)
+ return -EACCES;
+
+ ret = __uvc_ctrl_load_cur(chain, ctrl);
+ if (ret < 0)
+ return ret;
+
*value = __uvc_ctrl_get_value(mapping,
uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT));
@@ -1810,21 +1830,10 @@ int uvc_ctrl_set(struct uvc_fh *handle,
* needs to be loaded from the device to perform the read-modify-write
* operation.
*/
- if (!ctrl->loaded && (ctrl->info.size * 8) != mapping->size) {
- if ((ctrl->info.flags & UVC_CTRL_FLAG_GET_CUR) == 0) {
- memset(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
- 0, ctrl->info.size);
- } else {
- ret = uvc_query_ctrl(chain->dev, UVC_GET_CUR,
- ctrl->entity->id, chain->dev->intfnum,
- ctrl->info.selector,
- uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
- ctrl->info.size);
- if (ret < 0)
- return ret;
- }
-
- ctrl->loaded = 1;
+ if ((ctrl->info.size * 8) != mapping->size) {
+ ret = __uvc_ctrl_load_cur(chain, ctrl);
+ if (ret < 0)
+ return ret;
}
/* Backup the current value in case we need to rollback later. */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 497/862] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (495 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 496/862] media: uvcvideo: Use entity get_cur in uvc_ctrl_set Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 498/862] RDMA/rxe: Fix "kernel NULL pointer dereference" error Greg Kroah-Hartman
` (379 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 1c78f19c3a0ea312a8178a6bfd8934eb93e9b10a ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: df3305156f98 ("[media] v4l: xilinx: Add Xilinx Video IP core")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/xilinx/xilinx-vipp.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/xilinx/xilinx-vipp.c b/drivers/media/platform/xilinx/xilinx-vipp.c
index f34f8b077e03..0a16c218a50a 100644
--- a/drivers/media/platform/xilinx/xilinx-vipp.c
+++ b/drivers/media/platform/xilinx/xilinx-vipp.c
@@ -471,7 +471,7 @@ static int xvip_graph_dma_init(struct xvip_composite_device *xdev)
{
struct device_node *ports;
struct device_node *port;
- int ret;
+ int ret = 0;
ports = of_get_child_by_name(xdev->dev->of_node, "ports");
if (ports == NULL) {
@@ -481,13 +481,14 @@ static int xvip_graph_dma_init(struct xvip_composite_device *xdev)
for_each_child_of_node(ports, port) {
ret = xvip_graph_dma_init_one(xdev, port);
- if (ret < 0) {
+ if (ret) {
of_node_put(port);
- return ret;
+ break;
}
}
- return 0;
+ of_node_put(ports);
+ return ret;
}
static void xvip_graph_cleanup(struct xvip_composite_device *xdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 498/862] RDMA/rxe: Fix "kernel NULL pointer dereference" error
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (496 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 497/862] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 499/862] RDMA/rxe: Fix the error caused by qp->sk Greg Kroah-Hartman
` (378 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+ab99dc4c6e961eed8b8e,
Zhu Yanjun, Li Zhijian, Bob Pearson, Leon Romanovsky,
Sasha Levin
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit a625ca30eff806395175ebad3ac1399014bdb280 ]
When rxe_queue_init in the function rxe_qp_init_req fails,
both qp->req.task.func and qp->req.task.arg are not initialized.
Because of creation of qp fails, the function rxe_create_qp will
call rxe_qp_do_cleanup to handle allocated resource.
Before calling __rxe_do_task, both qp->req.task.func and
qp->req.task.arg should be checked.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20220822011615.805603-2-yanjun.zhu@linux.dev
Reported-by: syzbot+ab99dc4c6e961eed8b8e@syzkaller.appspotmail.com
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index 516bf9b95e48..fda03f9f03ed 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -797,7 +797,9 @@ static void rxe_qp_do_cleanup(struct work_struct *work)
rxe_cleanup_task(&qp->comp.task);
/* flush out any receive wr's or pending requests */
- __rxe_do_task(&qp->req.task);
+ if (qp->req.task.func)
+ __rxe_do_task(&qp->req.task);
+
if (qp->sq.queue) {
__rxe_do_task(&qp->comp.task);
__rxe_do_task(&qp->req.task);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 499/862] RDMA/rxe: Fix the error caused by qp->sk
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (497 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 498/862] RDMA/rxe: Fix "kernel NULL pointer dereference" error Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 500/862] clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intfs parent Greg Kroah-Hartman
` (377 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhu Yanjun, Li Zhijian, Bob Pearson,
Leon Romanovsky, Sasha Levin
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit 548ce2e66725dcba4e27d1e8ac468d5dd17fd509 ]
When sock_create_kern in the function rxe_qp_init_req fails,
qp->sk is set to NULL.
Then the function rxe_create_qp will call rxe_qp_do_cleanup
to handle allocated resource.
Before handling qp->sk, this variable should be checked.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20220822011615.805603-3-yanjun.zhu@linux.dev
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index fda03f9f03ed..d776dfda43b1 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -835,8 +835,10 @@ static void rxe_qp_do_cleanup(struct work_struct *work)
free_rd_atomic_resources(qp);
- kernel_sock_shutdown(qp->sk, SHUT_RDWR);
- sock_release(qp->sk);
+ if (qp->sk) {
+ kernel_sock_shutdown(qp->sk, SHUT_RDWR);
+ sock_release(qp->sk);
+ }
}
/* called when the last reference to the qp is dropped */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 500/862] clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intfs parent
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (498 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 499/862] RDMA/rxe: Fix the error caused by qp->sk Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 501/862] clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintfs parent Greg Kroah-Hartman
` (376 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Bo-Chen Chen, Nícolas F . R . A . Prado, Stephen Boyd,
Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 3f0dadd230cc2630202a977fe52cd1dd7a7579a7 ]
Add the CLK_SET_RATE_PARENT flag to the CLK_VDO0_DP_INTF0_DP_INTF
clock: this is required to trigger clock source selection on
CLK_TOP_EDP, while avoiding to manage the enablement of the former
separately from the latter in the displayport driver.
Fixes: 70282c90d4a2 ("clk: mediatek: Add MT8195 vdosys0 clock support")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Tested-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Reviewed-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Signed-off-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Link: https://lore.kernel.org/r/20220816193257.658487-2-nfraprado@collabora.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mt8195-vdo0.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/mediatek/clk-mt8195-vdo0.c b/drivers/clk/mediatek/clk-mt8195-vdo0.c
index 261a7f76dd3c..07b46bfd5040 100644
--- a/drivers/clk/mediatek/clk-mt8195-vdo0.c
+++ b/drivers/clk/mediatek/clk-mt8195-vdo0.c
@@ -37,6 +37,10 @@ static const struct mtk_gate_regs vdo0_2_cg_regs = {
#define GATE_VDO0_2(_id, _name, _parent, _shift) \
GATE_MTK(_id, _name, _parent, &vdo0_2_cg_regs, _shift, &mtk_clk_gate_ops_setclr)
+#define GATE_VDO0_2_FLAGS(_id, _name, _parent, _shift, _flags) \
+ GATE_MTK_FLAGS(_id, _name, _parent, &vdo0_2_cg_regs, _shift, \
+ &mtk_clk_gate_ops_setclr, _flags)
+
static const struct mtk_gate vdo0_clks[] = {
/* VDO0_0 */
GATE_VDO0_0(CLK_VDO0_DISP_OVL0, "vdo0_disp_ovl0", "top_vpp", 0),
@@ -85,7 +89,8 @@ static const struct mtk_gate vdo0_clks[] = {
/* VDO0_2 */
GATE_VDO0_2(CLK_VDO0_DSI0_DSI, "vdo0_dsi0_dsi", "top_dsi_occ", 0),
GATE_VDO0_2(CLK_VDO0_DSI1_DSI, "vdo0_dsi1_dsi", "top_dsi_occ", 8),
- GATE_VDO0_2(CLK_VDO0_DP_INTF0_DP_INTF, "vdo0_dp_intf0_dp_intf", "top_edp", 16),
+ GATE_VDO0_2_FLAGS(CLK_VDO0_DP_INTF0_DP_INTF, "vdo0_dp_intf0_dp_intf",
+ "top_edp", 16, CLK_SET_RATE_PARENT),
};
static int clk_mt8195_vdo0_probe(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 501/862] clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintfs parent
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (499 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 500/862] clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intfs parent Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 502/862] clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical Greg Kroah-Hartman
` (375 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Bo-Chen Chen, Nícolas F . R . A . Prado, Stephen Boyd,
Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit f24d71feb206631116ff9adaa6d43650c5dd8849 ]
Like it was done for the vdo0_dp_intf0_dp_intf clock (used for eDP),
add the CLK_SET_RATE_PARENT flag to CLK_VDO1_DPINTF (used for DP)
and also fix its parent clock name as it has to be "top_dp" for two
reasons:
- This is its real parent!
- Likewise to eDP/VDO0 counterpart, we need clock source
selection on CLK_TOP_DP.
Fixes: 269987505ba9 ("clk: mediatek: Add MT8195 vdosys1 clock support")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Tested-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Reviewed-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Signed-off-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Link: https://lore.kernel.org/r/20220816193257.658487-3-nfraprado@collabora.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mt8195-vdo1.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/mediatek/clk-mt8195-vdo1.c b/drivers/clk/mediatek/clk-mt8195-vdo1.c
index 3378487d2c90..d54d7726d186 100644
--- a/drivers/clk/mediatek/clk-mt8195-vdo1.c
+++ b/drivers/clk/mediatek/clk-mt8195-vdo1.c
@@ -43,6 +43,10 @@ static const struct mtk_gate_regs vdo1_3_cg_regs = {
#define GATE_VDO1_2(_id, _name, _parent, _shift) \
GATE_MTK(_id, _name, _parent, &vdo1_2_cg_regs, _shift, &mtk_clk_gate_ops_setclr)
+#define GATE_VDO1_2_FLAGS(_id, _name, _parent, _shift, _flags) \
+ GATE_MTK_FLAGS(_id, _name, _parent, &vdo1_2_cg_regs, _shift, \
+ &mtk_clk_gate_ops_setclr, _flags)
+
#define GATE_VDO1_3(_id, _name, _parent, _shift) \
GATE_MTK(_id, _name, _parent, &vdo1_3_cg_regs, _shift, &mtk_clk_gate_ops_setclr)
@@ -99,7 +103,7 @@ static const struct mtk_gate vdo1_clks[] = {
GATE_VDO1_2(CLK_VDO1_DISP_MONITOR_DPI0, "vdo1_disp_monitor_dpi0", "top_vpp", 1),
GATE_VDO1_2(CLK_VDO1_DPI1, "vdo1_dpi1", "top_vpp", 8),
GATE_VDO1_2(CLK_VDO1_DISP_MONITOR_DPI1, "vdo1_disp_monitor_dpi1", "top_vpp", 9),
- GATE_VDO1_2(CLK_VDO1_DPINTF, "vdo1_dpintf", "top_vpp", 16),
+ GATE_VDO1_2_FLAGS(CLK_VDO1_DPINTF, "vdo1_dpintf", "top_dp", 16, CLK_SET_RATE_PARENT),
GATE_VDO1_2(CLK_VDO1_DISP_MONITOR_DPINTF, "vdo1_disp_monitor_dpintf", "top_vpp", 17),
/* VDO1_3 */
GATE_VDO1_3(CLK_VDO1_26M_SLOW, "vdo1_26m_slow", "clk26m", 8),
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 502/862] clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (500 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 501/862] clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintfs parent Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 503/862] misc: ocxl: fix possible refcount leak in afu_ioctl() Greg Kroah-Hartman
` (374 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Matthias Brugger, Stephen Boyd, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 3f10f49cd9f8ab6471639d4ca2c6db9451121779 ]
The pwrmcu is responsible for power management and idle states in SSPM:
on older SoCs this was managed in Linux drivers like sspm/mcupm/eemgpu
but, at least on MT8195, this functionality was transferred to the ATF
firmware.
For this reason, turning off the pwrmcu related clocks from the kernel
will lead to unability to resume the platform after suspend and other
currently unknown PM related side-effects.
Set the PWRMCU and PWRMCU_BUS_H clocks as critical to prevent the
kernel from turning them off, fixing the aforementioned issue.
Fixes: e2edf59dec0b ("clk: mediatek: Add MT8195 infrastructure clock support")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220719093316.37253-1-angelogioacchino.delregno@collabora.com
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mt8195-infra_ao.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/mediatek/clk-mt8195-infra_ao.c b/drivers/clk/mediatek/clk-mt8195-infra_ao.c
index 97657f255618..832160c92996 100644
--- a/drivers/clk/mediatek/clk-mt8195-infra_ao.c
+++ b/drivers/clk/mediatek/clk-mt8195-infra_ao.c
@@ -55,8 +55,12 @@ static const struct mtk_gate_regs infra_ao4_cg_regs = {
#define GATE_INFRA_AO1(_id, _name, _parent, _shift) \
GATE_INFRA_AO1_FLAGS(_id, _name, _parent, _shift, 0)
+#define GATE_INFRA_AO2_FLAGS(_id, _name, _parent, _shift, _flag) \
+ GATE_MTK_FLAGS(_id, _name, _parent, &infra_ao2_cg_regs, _shift, \
+ &mtk_clk_gate_ops_setclr, _flag)
+
#define GATE_INFRA_AO2(_id, _name, _parent, _shift) \
- GATE_MTK(_id, _name, _parent, &infra_ao2_cg_regs, _shift, &mtk_clk_gate_ops_setclr)
+ GATE_INFRA_AO2_FLAGS(_id, _name, _parent, _shift, 0)
#define GATE_INFRA_AO3_FLAGS(_id, _name, _parent, _shift, _flag) \
GATE_MTK_FLAGS(_id, _name, _parent, &infra_ao3_cg_regs, _shift, \
@@ -136,8 +140,11 @@ static const struct mtk_gate infra_ao_clks[] = {
GATE_INFRA_AO2(CLK_INFRA_AO_UNIPRO_SYS, "infra_ao_unipro_sys", "top_ufs", 11),
GATE_INFRA_AO2(CLK_INFRA_AO_UNIPRO_TICK, "infra_ao_unipro_tick", "top_ufs_tick1us", 12),
GATE_INFRA_AO2(CLK_INFRA_AO_UFS_MP_SAP_B, "infra_ao_ufs_mp_sap_b", "top_ufs_mp_sap_cfg", 13),
- GATE_INFRA_AO2(CLK_INFRA_AO_PWRMCU, "infra_ao_pwrmcu", "top_pwrmcu", 15),
- GATE_INFRA_AO2(CLK_INFRA_AO_PWRMCU_BUS_H, "infra_ao_pwrmcu_bus_h", "top_axi", 17),
+ /* pwrmcu is used by ATF for platform PM: clocks must never be disabled by the kernel */
+ GATE_INFRA_AO2_FLAGS(CLK_INFRA_AO_PWRMCU, "infra_ao_pwrmcu", "top_pwrmcu", 15,
+ CLK_IS_CRITICAL),
+ GATE_INFRA_AO2_FLAGS(CLK_INFRA_AO_PWRMCU_BUS_H, "infra_ao_pwrmcu_bus_h", "top_axi", 17,
+ CLK_IS_CRITICAL),
GATE_INFRA_AO2(CLK_INFRA_AO_APDMA_B, "infra_ao_apdma_b", "top_axi", 18),
GATE_INFRA_AO2(CLK_INFRA_AO_SPI4, "infra_ao_spi4", "top_spi", 25),
GATE_INFRA_AO2(CLK_INFRA_AO_SPI5, "infra_ao_spi5", "top_spi", 26),
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 503/862] misc: ocxl: fix possible refcount leak in afu_ioctl()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (501 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 502/862] clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 504/862] fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards Greg Kroah-Hartman
` (373 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frederic Barrat, Hangyu Hua, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit c3b69ba5114c860d730870c03ab4ee45276e5e35 ]
eventfd_ctx_put need to be called to put the refcount that gotten by
eventfd_ctx_fdget when ocxl_irq_set_handler fails.
Fixes: 060146614643 ("ocxl: move event_fd handling to frontend")
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220824082600.36159-1-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/ocxl/file.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/misc/ocxl/file.c b/drivers/misc/ocxl/file.c
index 6777c419a8da..d46dba2df5a1 100644
--- a/drivers/misc/ocxl/file.c
+++ b/drivers/misc/ocxl/file.c
@@ -257,6 +257,8 @@ static long afu_ioctl(struct file *file, unsigned int cmd,
if (IS_ERR(ev_ctx))
return PTR_ERR(ev_ctx);
rc = ocxl_irq_set_handler(ctx, irq_id, irq_handler, irq_free, ev_ctx);
+ if (rc)
+ eventfd_ctx_put(ev_ctx);
break;
case OCXL_IOCTL_GET_METADATA:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 504/862] fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (502 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 503/862] misc: ocxl: fix possible refcount leak in afu_ioctl() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 505/862] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Greg Kroah-Hartman
` (372 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthew Gerlach, Tianfei Zhang,
Marco Pagani, Tom Rix, Wu Hao, Xu Yilun, Sasha Levin
From: Matthew Gerlach <matthew.gerlach@linux.intel.com>
[ Upstream commit 65f5c01033ab85f8d385d65c4b51fe31459da603 ]
Add pci_dev_table entries supporting the Intel N6000, N6001
and C6100 cards to the dfl-pci driver.
Signed-off-by: Matthew Gerlach <matthew.gerlach@linux.intel.com>
Signed-off-by: Tianfei Zhang <tianfei.zhang@intel.com>
Tested-by: Marco Pagani <marpagan@redhat.com>
Reviewed-by: Tom Rix <trix@redhat.com>
Acked-by: Wu Hao <hao.wu@intel.com>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Link: https://lore.kernel.org/r/20220719145644.242481-1-matthew.gerlach@linux.intel.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/fpga/dfl-pci.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--- a/drivers/fpga/dfl-pci.c
+++ b/drivers/fpga/dfl-pci.c
@@ -77,12 +77,18 @@ static void cci_pci_free_irq(struct pci_
#define PCIE_DEVICE_ID_INTEL_PAC_D5005 0x0B2B
#define PCIE_DEVICE_ID_SILICOM_PAC_N5010 0x1000
#define PCIE_DEVICE_ID_SILICOM_PAC_N5011 0x1001
+#define PCIE_DEVICE_ID_INTEL_DFL 0xbcce
+/* PCI Subdevice ID for PCIE_DEVICE_ID_INTEL_DFL */
+#define PCIE_SUBDEVICE_ID_INTEL_N6000 0x1770
+#define PCIE_SUBDEVICE_ID_INTEL_N6001 0x1771
+#define PCIE_SUBDEVICE_ID_INTEL_C6100 0x17d4
/* VF Device */
#define PCIE_DEVICE_ID_VF_INT_5_X 0xBCBF
#define PCIE_DEVICE_ID_VF_INT_6_X 0xBCC1
#define PCIE_DEVICE_ID_VF_DSC_1_X 0x09C5
#define PCIE_DEVICE_ID_INTEL_PAC_D5005_VF 0x0B2C
+#define PCIE_DEVICE_ID_INTEL_DFL_VF 0xbccf
static struct pci_device_id cci_pcie_id_tbl[] = {
{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_PF_INT_5_X),},
@@ -96,6 +102,18 @@ static struct pci_device_id cci_pcie_id_
{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_INTEL_PAC_D5005_VF),},
{PCI_DEVICE(PCI_VENDOR_ID_SILICOM_DENMARK, PCIE_DEVICE_ID_SILICOM_PAC_N5010),},
{PCI_DEVICE(PCI_VENDOR_ID_SILICOM_DENMARK, PCIE_DEVICE_ID_SILICOM_PAC_N5011),},
+ {PCI_DEVICE_SUB(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_INTEL_DFL,
+ PCI_VENDOR_ID_INTEL, PCIE_SUBDEVICE_ID_INTEL_N6000),},
+ {PCI_DEVICE_SUB(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_INTEL_DFL_VF,
+ PCI_VENDOR_ID_INTEL, PCIE_SUBDEVICE_ID_INTEL_N6000),},
+ {PCI_DEVICE_SUB(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_INTEL_DFL,
+ PCI_VENDOR_ID_INTEL, PCIE_SUBDEVICE_ID_INTEL_N6001),},
+ {PCI_DEVICE_SUB(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_INTEL_DFL_VF,
+ PCI_VENDOR_ID_INTEL, PCIE_SUBDEVICE_ID_INTEL_N6001),},
+ {PCI_DEVICE_SUB(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_INTEL_DFL,
+ PCI_VENDOR_ID_INTEL, PCIE_SUBDEVICE_ID_INTEL_C6100),},
+ {PCI_DEVICE_SUB(PCI_VENDOR_ID_INTEL, PCIE_DEVICE_ID_INTEL_DFL_VF,
+ PCI_VENDOR_ID_INTEL, PCIE_SUBDEVICE_ID_INTEL_C6100),},
{0,}
};
MODULE_DEVICE_TABLE(pci, cci_pcie_id_tbl);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 505/862] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (503 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 504/862] fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 506/862] phy: rockchip-inno-usb2: Return zero after otg sync Greg Kroah-Hartman
` (371 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Xu Yilun, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 939bc5453b8cbdde9f1e5110ce8309aedb1b501a ]
The "hdr.count * sizeof(s32)" multiplication can overflow on 32 bit
systems leading to memory corruption. Use array_size() to fix that.
Fixes: 322b598be4d9 ("fpga: dfl: introduce interrupt trigger setting API")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Link: https://lore.kernel.org/r/YxBAtYCM38dM7yzI@kili
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fpga/dfl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/fpga/dfl.c b/drivers/fpga/dfl.c
index 5498bc337f8b..b9aae85ba930 100644
--- a/drivers/fpga/dfl.c
+++ b/drivers/fpga/dfl.c
@@ -1866,7 +1866,7 @@ long dfl_feature_ioctl_set_irq(struct platform_device *pdev,
return -EINVAL;
fds = memdup_user((void __user *)(arg + sizeof(hdr)),
- hdr.count * sizeof(s32));
+ array_size(hdr.count, sizeof(s32)));
if (IS_ERR(fds))
return PTR_ERR(fds);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 506/862] phy: rockchip-inno-usb2: Return zero after otg sync
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (504 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 505/862] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 507/862] dmaengine: idxd: avoid deadlock in process_misc_interrupts() Greg Kroah-Hartman
` (370 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markus Reichl, Michael Riesch,
Peter Geis, Samuel Holland, Vinod Koul, Sasha Levin
From: Peter Geis <pgwipeout@gmail.com>
[ Upstream commit f340ed8664a55a467850ec1689996e63d9ee971a ]
The otg sync state patch reuses the ret variable, but fails to set it to
zero after use. This leads to a situation when the otg port is in
peripheral mode where the otg phy aborts halfway through setup. It also
fails to account for a failure to register the extcon notifier. Fix this
by using our own variable and skipping otg sync in case of failure.
Fixes: 8dc60f8da22f ("phy: rockchip-inno-usb2: Sync initial otg state")
Reported-by: Markus Reichl <m.reichl@fivetechno.de>
Reported-by: Michael Riesch <michael.riesch@wolfvision.net>
Signed-off-by: Peter Geis <pgwipeout@gmail.com>
Tested-by: Michael Riesch <michael.riesch@wolfvision.net>
Tested-by: Markus Reichl <m.reichl@fivetechno.de>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Link: https://lore.kernel.org/r/20220902184543.1234835-1-pgwipeout@gmail.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
index 0b1e9337ee8e..e6ededc51523 100644
--- a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
+++ b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
@@ -1124,7 +1124,7 @@ static int rockchip_usb2phy_otg_port_init(struct rockchip_usb2phy *rphy,
struct rockchip_usb2phy_port *rport,
struct device_node *child_np)
{
- int ret;
+ int ret, id;
rport->port_id = USB2PHY_PORT_OTG;
rport->port_cfg = &rphy->phy_cfg->port_cfgs[USB2PHY_PORT_OTG];
@@ -1162,13 +1162,15 @@ static int rockchip_usb2phy_otg_port_init(struct rockchip_usb2phy *rphy,
ret = devm_extcon_register_notifier(rphy->dev, rphy->edev,
EXTCON_USB_HOST, &rport->event_nb);
- if (ret)
+ if (ret) {
dev_err(rphy->dev, "register USB HOST notifier failed\n");
+ goto out;
+ }
if (!of_property_read_bool(rphy->dev->of_node, "extcon")) {
/* do initial sync of usb state */
- ret = property_enabled(rphy->grf, &rport->port_cfg->utmi_id);
- extcon_set_state_sync(rphy->edev, EXTCON_USB_HOST, !ret);
+ id = property_enabled(rphy->grf, &rport->port_cfg->utmi_id);
+ extcon_set_state_sync(rphy->edev, EXTCON_USB_HOST, !id);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 507/862] dmaengine: idxd: avoid deadlock in process_misc_interrupts()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (505 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 506/862] phy: rockchip-inno-usb2: Return zero after otg sync Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 508/862] dmaengine: hisilicon: Disable channels when unregister hisi_dma Greg Kroah-Hartman
` (369 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fenghua Yu, Dave Jiang, Vinod Koul,
dmaengine, Jerry Snitselaar, Sasha Levin
From: Jerry Snitselaar <jsnitsel@redhat.com>
[ Upstream commit 407171717a4f4d2d80825584643374a2dfdb0540 ]
idxd_device_clear_state() now grabs the idxd->dev_lock
itself, so don't grab the lock prior to calling it.
This was seen in testing after dmar fault occurred on system,
resulting in lockup stack traces.
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Vinod Koul <vkoul@kernel.org>
Cc: dmaengine@vger.kernel.org
Fixes: cf4ac3fef338 ("dmaengine: idxd: fix lockdep warning on device driver removal")
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/20220823163709.2102468-1-jsnitsel@redhat.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/idxd/irq.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/dma/idxd/irq.c b/drivers/dma/idxd/irq.c
index 743ead5ebc57..5b9921475be6 100644
--- a/drivers/dma/idxd/irq.c
+++ b/drivers/dma/idxd/irq.c
@@ -324,13 +324,11 @@ static int process_misc_interrupts(struct idxd_device *idxd, u32 cause)
idxd->state = IDXD_DEV_HALTED;
idxd_wqs_quiesce(idxd);
idxd_wqs_unmap_portal(idxd);
- spin_lock(&idxd->dev_lock);
idxd_device_clear_state(idxd);
dev_err(&idxd->pdev->dev,
"idxd halted, need %s.\n",
gensts.reset_type == IDXD_DEVICE_RESET_FLR ?
"FLR" : "system reset");
- spin_unlock(&idxd->dev_lock);
return -ENXIO;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 508/862] dmaengine: hisilicon: Disable channels when unregister hisi_dma
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (506 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 507/862] dmaengine: idxd: avoid deadlock in process_misc_interrupts() Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 509/862] dmaengine: hisilicon: Fix CQ head update Greg Kroah-Hartman
` (368 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jie Hai, Zhou Wang, Vinod Koul, Sasha Levin
From: Jie Hai <haijie1@huawei.com>
[ Upstream commit e3bdaa04ada31f46d0586df83a2789b8913053c5 ]
When hisi_dma is unloaded or unbinded, all of channels should be
disabled. This patch disables DMA channels when driver is unloaded
or unbinded.
Fixes: e9f08b65250d ("dmaengine: hisilicon: Add Kunpeng DMA engine support")
Signed-off-by: Jie Hai <haijie1@huawei.com>
Acked-by: Zhou Wang <wangzhou1@hisilicon.com>
Link: https://lore.kernel.org/r/20220830062251.52993-2-haijie1@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/hisi_dma.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/dma/hisi_dma.c b/drivers/dma/hisi_dma.c
index 43817ced3a3e..98bc488893cc 100644
--- a/drivers/dma/hisi_dma.c
+++ b/drivers/dma/hisi_dma.c
@@ -180,7 +180,8 @@ static void hisi_dma_reset_qp_point(struct hisi_dma_dev *hdma_dev, u32 index)
hisi_dma_chan_write(hdma_dev->base, HISI_DMA_CQ_HEAD_PTR, index, 0);
}
-static void hisi_dma_reset_hw_chan(struct hisi_dma_chan *chan)
+static void hisi_dma_reset_or_disable_hw_chan(struct hisi_dma_chan *chan,
+ bool disable)
{
struct hisi_dma_dev *hdma_dev = chan->hdma_dev;
u32 index = chan->qp_num, tmp;
@@ -201,8 +202,11 @@ static void hisi_dma_reset_hw_chan(struct hisi_dma_chan *chan)
hisi_dma_do_reset(hdma_dev, index);
hisi_dma_reset_qp_point(hdma_dev, index);
hisi_dma_pause_dma(hdma_dev, index, false);
- hisi_dma_enable_dma(hdma_dev, index, true);
- hisi_dma_unmask_irq(hdma_dev, index);
+
+ if (!disable) {
+ hisi_dma_enable_dma(hdma_dev, index, true);
+ hisi_dma_unmask_irq(hdma_dev, index);
+ }
ret = readl_relaxed_poll_timeout(hdma_dev->base +
HISI_DMA_Q_FSM_STS + index * HISI_DMA_OFFSET, tmp,
@@ -218,7 +222,7 @@ static void hisi_dma_free_chan_resources(struct dma_chan *c)
struct hisi_dma_chan *chan = to_hisi_dma_chan(c);
struct hisi_dma_dev *hdma_dev = chan->hdma_dev;
- hisi_dma_reset_hw_chan(chan);
+ hisi_dma_reset_or_disable_hw_chan(chan, false);
vchan_free_chan_resources(&chan->vc);
memset(chan->sq, 0, sizeof(struct hisi_dma_sqe) * hdma_dev->chan_depth);
@@ -394,7 +398,7 @@ static void hisi_dma_enable_qp(struct hisi_dma_dev *hdma_dev, u32 qp_index)
static void hisi_dma_disable_qp(struct hisi_dma_dev *hdma_dev, u32 qp_index)
{
- hisi_dma_reset_hw_chan(&hdma_dev->chan[qp_index]);
+ hisi_dma_reset_or_disable_hw_chan(&hdma_dev->chan[qp_index], true);
}
static void hisi_dma_enable_qps(struct hisi_dma_dev *hdma_dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 509/862] dmaengine: hisilicon: Fix CQ head update
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (507 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 508/862] dmaengine: hisilicon: Disable channels when unregister hisi_dma Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 510/862] dmaengine: hisilicon: Add multi-thread support for a DMA channel Greg Kroah-Hartman
` (367 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jie Hai, Zhou Wang, Vinod Koul, Sasha Levin
From: Jie Hai <haijie1@huawei.com>
[ Upstream commit 94477a79cf80e8ab55b68f14bc579a12ddea1e0b ]
After completion of data transfer of one or multiple descriptors,
the completion status and the current head pointer to submission
queue are written into the CQ and interrupt can be generated to
inform the software. In interrupt process CQ is read and cq_head
is updated.
hisi_dma_irq updates cq_head only when the completion status is
success. When an abnormal interrupt reports, cq_head will not update
which will cause subsequent interrupt processes read the error CQ
and never report the correct status.
This patch updates cq_head whenever CQ is accessed.
Fixes: e9f08b65250d ("dmaengine: hisilicon: Add Kunpeng DMA engine support")
Signed-off-by: Jie Hai <haijie1@huawei.com>
Acked-by: Zhou Wang <wangzhou1@hisilicon.com>
Link: https://lore.kernel.org/r/20220830062251.52993-3-haijie1@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/hisi_dma.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/dma/hisi_dma.c b/drivers/dma/hisi_dma.c
index 98bc488893cc..837f7e4adfa6 100644
--- a/drivers/dma/hisi_dma.c
+++ b/drivers/dma/hisi_dma.c
@@ -436,12 +436,10 @@ static irqreturn_t hisi_dma_irq(int irq, void *data)
desc = chan->desc;
cqe = chan->cq + chan->cq_head;
if (desc) {
+ chan->cq_head = (chan->cq_head + 1) % hdma_dev->chan_depth;
+ hisi_dma_chan_write(hdma_dev->base, HISI_DMA_CQ_HEAD_PTR,
+ chan->qp_num, chan->cq_head);
if (FIELD_GET(STATUS_MASK, cqe->w0) == STATUS_SUCC) {
- chan->cq_head = (chan->cq_head + 1) %
- hdma_dev->chan_depth;
- hisi_dma_chan_write(hdma_dev->base,
- HISI_DMA_CQ_HEAD_PTR, chan->qp_num,
- chan->cq_head);
vchan_cookie_complete(&desc->vd);
} else {
dev_err(&hdma_dev->pdev->dev, "task error!\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 510/862] dmaengine: hisilicon: Add multi-thread support for a DMA channel
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (508 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 509/862] dmaengine: hisilicon: Fix CQ head update Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 511/862] iio: Use per-device lockdep class for mlock Greg Kroah-Hartman
` (366 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jie Hai, Zhou Wang, Vinod Koul, Sasha Levin
From: Jie Hai <haijie1@huawei.com>
[ Upstream commit 2cbb95883c990d0002a77e13d3278913ab26ad79 ]
When we get a DMA channel and try to use it in multiple threads it
will cause oops and hanging the system.
% echo 100 > /sys/module/dmatest/parameters/threads_per_chan
% echo 100 > /sys/module/dmatest/parameters/iterations
% echo 1 > /sys/module/dmatest/parameters/run
[383493.327077] Unable to handle kernel paging request at virtual
address dead000000000108
[383493.335103] Mem abort info:
[383493.335103] ESR = 0x96000044
[383493.335105] EC = 0x25: DABT (current EL), IL = 32 bits
[383493.335107] SET = 0, FnV = 0
[383493.335108] EA = 0, S1PTW = 0
[383493.335109] FSC = 0x04: level 0 translation fault
[383493.335110] Data abort info:
[383493.335111] ISV = 0, ISS = 0x00000044
[383493.364739] CM = 0, WnR = 1
[383493.367793] [dead000000000108] address between user and kernel
address ranges
[383493.375021] Internal error: Oops: 96000044 [#1] PREEMPT SMP
[383493.437574] CPU: 63 PID: 27895 Comm: dma0chan0-copy2 Kdump:
loaded Tainted: GO 5.17.0-rc4+ #2
[383493.457851] pstate: 204000c9 (nzCv daIF +PAN -UAO -TCO -DIT
-SSBS BTYPE=--)
[383493.465331] pc : vchan_tx_submit+0x64/0xa0
[383493.469957] lr : vchan_tx_submit+0x34/0xa0
This occurs because the transmission timed out, and that's due
to data race. Each thread rewrite channels's descriptor as soon as
device_issue_pending is called. It leads to the situation that
the driver thinks that it uses the right descriptor in interrupt
handler while channels's descriptor has been changed by other
thread. The descriptor which in fact reported interrupt will not
be handled any more, as well as its tx->callback.
That's why timeout reports.
With current fixes channels' descriptor changes it's value only
when it has been used. A new descriptor is acquired from
vc->desc_issued queue that is already filled with descriptors
that are ready to be sent. Threads have no direct access to DMA
channel descriptor. In case of channel's descriptor is busy, try
to submit to HW again when a descriptor is completed. In this case,
vc->desc_issued may be empty when hisi_dma_start_transfer is called,
so delete error reporting on this. Now it is just possible to queue
a descriptor for further processing.
Fixes: e9f08b65250d ("dmaengine: hisilicon: Add Kunpeng DMA engine support")
Signed-off-by: Jie Hai <haijie1@huawei.com>
Acked-by: Zhou Wang <wangzhou1@hisilicon.com>
Link: https://lore.kernel.org/r/20220830062251.52993-4-haijie1@huawei.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/hisi_dma.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/dma/hisi_dma.c b/drivers/dma/hisi_dma.c
index 837f7e4adfa6..0233b42143c7 100644
--- a/drivers/dma/hisi_dma.c
+++ b/drivers/dma/hisi_dma.c
@@ -271,7 +271,6 @@ static void hisi_dma_start_transfer(struct hisi_dma_chan *chan)
vd = vchan_next_desc(&chan->vc);
if (!vd) {
- dev_err(&hdma_dev->pdev->dev, "no issued task!\n");
chan->desc = NULL;
return;
}
@@ -303,7 +302,7 @@ static void hisi_dma_issue_pending(struct dma_chan *c)
spin_lock_irqsave(&chan->vc.lock, flags);
- if (vchan_issue_pending(&chan->vc))
+ if (vchan_issue_pending(&chan->vc) && !chan->desc)
hisi_dma_start_transfer(chan);
spin_unlock_irqrestore(&chan->vc.lock, flags);
@@ -441,11 +440,10 @@ static irqreturn_t hisi_dma_irq(int irq, void *data)
chan->qp_num, chan->cq_head);
if (FIELD_GET(STATUS_MASK, cqe->w0) == STATUS_SUCC) {
vchan_cookie_complete(&desc->vd);
+ hisi_dma_start_transfer(chan);
} else {
dev_err(&hdma_dev->pdev->dev, "task error!\n");
}
-
- chan->desc = NULL;
}
spin_unlock(&chan->vc.lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 511/862] iio: Use per-device lockdep class for mlock
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (509 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 510/862] dmaengine: hisilicon: Add multi-thread support for a DMA channel Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 512/862] usb: gadget: f_fs: stricter integer overflow checks Greg Kroah-Hartman
` (365 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Whitchurch, Andy Shevchenko,
Jonathan Cameron, Sasha Levin
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
[ Upstream commit 2bc9cd66eb25d0fefbb081421d6586495e25840e ]
If an IIO driver uses callbacks from another IIO driver and calls
iio_channel_start_all_cb() from one of its buffer setup ops, then
lockdep complains due to the lock nesting, as in the below example with
lmp91000.
Since the locks are being taken on different IIO devices, there is no
actual deadlock. Fix the warning by telling lockdep to use a different
class for each iio_device.
============================================
WARNING: possible recursive locking detected
--------------------------------------------
python3/23 is trying to acquire lock:
(&indio_dev->mlock){+.+.}-{3:3}, at: iio_update_buffers
but task is already holding lock:
(&indio_dev->mlock){+.+.}-{3:3}, at: enable_store
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&indio_dev->mlock);
lock(&indio_dev->mlock);
*** DEADLOCK ***
May be due to missing lock nesting notation
5 locks held by python3/23:
#0: (sb_writers#5){.+.+}-{0:0}, at: ksys_write
#1: (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter
#2: (kn->active#14){.+.+}-{0:0}, at: kernfs_fop_write_iter
#3: (&indio_dev->mlock){+.+.}-{3:3}, at: enable_store
#4: (&iio_dev_opaque->info_exist_lock){+.+.}-{3:3}, at: iio_update_buffers
Call Trace:
__mutex_lock
iio_update_buffers
iio_channel_start_all_cb
lmp91000_buffer_postenable
__iio_update_buffers
enable_store
Fixes: 67e17300dc1d76 ("iio: potentiostat: add LMP91000 support")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220829091840.2791846-1-vincent.whitchurch@axis.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/industrialio-core.c | 5 +++++
include/linux/iio/iio-opaque.h | 2 ++
2 files changed, 7 insertions(+)
diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
index 0f4dbda3b9d3..921d8e8643a2 100644
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -1621,6 +1621,8 @@ static void iio_dev_release(struct device *device)
iio_device_detach_buffers(indio_dev);
+ lockdep_unregister_key(&iio_dev_opaque->mlock_key);
+
ida_free(&iio_ida, iio_dev_opaque->id);
kfree(iio_dev_opaque);
}
@@ -1680,6 +1682,9 @@ struct iio_dev *iio_device_alloc(struct device *parent, int sizeof_priv)
INIT_LIST_HEAD(&iio_dev_opaque->buffer_list);
INIT_LIST_HEAD(&iio_dev_opaque->ioctl_handlers);
+ lockdep_register_key(&iio_dev_opaque->mlock_key);
+ lockdep_set_class(&indio_dev->mlock, &iio_dev_opaque->mlock_key);
+
return indio_dev;
}
EXPORT_SYMBOL(iio_device_alloc);
diff --git a/include/linux/iio/iio-opaque.h b/include/linux/iio/iio-opaque.h
index 6b3586b3f952..d1f8b30a7c8b 100644
--- a/include/linux/iio/iio-opaque.h
+++ b/include/linux/iio/iio-opaque.h
@@ -11,6 +11,7 @@
* checked by device drivers but should be considered
* read-only as this is a core internal bit
* @driver_module: used to make it harder to undercut users
+ * @mlock_key: lockdep class for iio_dev lock
* @info_exist_lock: lock to prevent use during removal
* @trig_readonly: mark the current trigger immutable
* @event_interface: event chrdevs associated with interrupt lines
@@ -42,6 +43,7 @@ struct iio_dev_opaque {
int currentmode;
int id;
struct module *driver_module;
+ struct lock_class_key mlock_key;
struct mutex info_exist_lock;
bool trig_readonly;
struct iio_event_interface *event_interface;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 512/862] usb: gadget: f_fs: stricter integer overflow checks
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (510 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 511/862] iio: Use per-device lockdep class for mlock Greg Kroah-Hartman
@ 2022-10-19 8:29 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 513/862] dyndbg: fix static_branch manipulation Greg Kroah-Hartman
` (364 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit f57004b9d96755cd6a243b51c267be4016b4563c ]
This from static analysis. The vla_item() takes a size and adds it to
the total. It has a built in integer overflow check so if it encounters
an integer overflow anywhere then it records the total as SIZE_MAX.
However there is an issue here because the "lang_count*(needed_count+1)"
multiplication can overflow. Technically the "lang_count + 1" addition
could overflow too, but that would be detected and is harmless. Fix
both using the new size_add() and size_mul() functions.
Fixes: e6f3862fa1ec ("usb: gadget: FunctionFS: Remove VLAIS usage from gadget code")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YxDI3lMYomE7WCjn@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_fs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index e0fa4b186ec6..36184a762527 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -2645,10 +2645,10 @@ static int __ffs_data_got_strings(struct ffs_data *ffs,
unsigned i = 0;
vla_group(d);
vla_item(d, struct usb_gadget_strings *, stringtabs,
- lang_count + 1);
+ size_add(lang_count, 1));
vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
vla_item(d, struct usb_string, strings,
- lang_count*(needed_count+1));
+ size_mul(lang_count, (needed_count + 1)));
char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 513/862] dyndbg: fix static_branch manipulation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (511 preceding siblings ...)
2022-10-19 8:29 ` [PATCH 6.0 512/862] usb: gadget: f_fs: stricter integer overflow checks Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 514/862] dyndbg: fix module.dyndbg handling Greg Kroah-Hartman
` (363 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, vincent.whitchurch, Jason Baron,
Daniel Vetter, Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit ee879be38bc87f8cedc79ae2742958db6533ca59 ]
In https://lore.kernel.org/lkml/20211209150910.GA23668@axis.com/
Vincent's patch commented on, and worked around, a bug toggling
static_branch's, when a 2nd PRINTK-ish flag was added. The bug
results in a premature static_branch_disable when the 1st of 2 flags
was disabled.
The cited commit computed newflags, but then in the JUMP_LABEL block,
failed to use that result, instead using just one of the terms in it.
Using newflags instead made the code work properly.
This is Vincents test-case, reduced. It needs the 2nd flag to
demonstrate the bug, but it's explanatory here.
pt_test() {
echo 5 > /sys/module/dynamic_debug/verbose
site="module tcp" # just one callsite
echo " $site =_ " > /proc/dynamic_debug/control # clear it
# A B ~A ~B
for flg in +T +p "-T #broke here" -p; do
echo " $site $flg " > /proc/dynamic_debug/control
done;
# A B ~B ~A
for flg in +T +p "-p #broke here" -T; do
echo " $site $flg " > /proc/dynamic_debug/control
done
}
pt_test
Fixes: 84da83a6ffc0 dyndbg: combine flags & mask into a struct, simplify with it
CC: vincent.whitchurch@axis.com
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-2-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/dynamic_debug.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index dd7f56af9aed..a56c1286ffa4 100644
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -211,10 +211,11 @@ static int ddebug_change(const struct ddebug_query *query,
continue;
#ifdef CONFIG_JUMP_LABEL
if (dp->flags & _DPRINTK_FLAGS_PRINT) {
- if (!(modifiers->flags & _DPRINTK_FLAGS_PRINT))
+ if (!(newflags & _DPRINTK_FLAGS_PRINT))
static_branch_disable(&dp->key.dd_key_true);
- } else if (modifiers->flags & _DPRINTK_FLAGS_PRINT)
+ } else if (newflags & _DPRINTK_FLAGS_PRINT) {
static_branch_enable(&dp->key.dd_key_true);
+ }
#endif
dp->flags = newflags;
v4pr_info("changed %s:%d [%s]%s =%s\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 514/862] dyndbg: fix module.dyndbg handling
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (512 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 513/862] dyndbg: fix static_branch manipulation Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 515/862] dyndbg: let query-modname override actual module name Greg Kroah-Hartman
` (362 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rasmus Villemoes, Jason Baron,
Daniel Vetter, Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit 85d6b66d31c35158364058ee98fb69ab5bb6a6b1 ]
For CONFIG_DYNAMIC_DEBUG=N, the ddebug_dyndbg_module_param_cb()
stub-fn is too permissive:
bash-5.1# modprobe drm JUNKdyndbg
bash-5.1# modprobe drm dyndbgJUNK
[ 42.933220] dyndbg param is supported only in CONFIG_DYNAMIC_DEBUG builds
[ 42.937484] ACPI: bus type drm_connector registered
This caused no ill effects, because unknown parameters are either
ignored by default with an "unknown parameter" warning, or ignored
because dyndbg allows its no-effect use on non-dyndbg builds.
But since the code has an explicit feedback message, it should be
issued accurately. Fix with strcmp for exact param-name match.
Fixes: b48420c1d301 dynamic_debug: make dynamic-debug work for module initialization
Reported-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-3-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/dynamic_debug.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/dynamic_debug.h b/include/linux/dynamic_debug.h
index dce631e678dd..f30b01aa9fa4 100644
--- a/include/linux/dynamic_debug.h
+++ b/include/linux/dynamic_debug.h
@@ -201,7 +201,7 @@ static inline int ddebug_remove_module(const char *mod)
static inline int ddebug_dyndbg_module_param_cb(char *param, char *val,
const char *modname)
{
- if (strstr(param, "dyndbg")) {
+ if (!strcmp(param, "dyndbg")) {
/* avoid pr_warn(), which wants pr_fmt() fully defined */
printk(KERN_WARNING "dyndbg param is supported only in "
"CONFIG_DYNAMIC_DEBUG builds\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 515/862] dyndbg: let query-modname override actual module name
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (513 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 514/862] dyndbg: fix module.dyndbg handling Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 516/862] dyndbg: drop EXPORTed dynamic_debug_exec_queries Greg Kroah-Hartman
` (361 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Baron, Daniel Vetter,
Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit e75ef56f74965f426dd819a41336b640ffdd8fbc ]
dyndbg's control-parser: ddebug_parse_query(), requires that search
terms: module, func, file, lineno, are used only once in a query; a
thing cannot be named both foo and bar.
The cited commit added an overriding module modname, taken from the
module loader, which is authoritative. So it set query.module 1st,
which disallowed its use in the query-string.
But now, its useful to allow a module-load to enable classes across a
whole (or part of) a subsystem at once.
# enable (dynamic-debug in) drm only
modprobe drm dyndbg="class DRM_UT_CORE +p"
# get drm_helper too
modprobe drm dyndbg="class DRM_UT_CORE module drm* +p"
# get everything that knows DRM_UT_CORE
modprobe drm dyndbg="class DRM_UT_CORE module * +p"
# also for boot-args:
drm.dyndbg="class DRM_UT_CORE module * +p"
So convert the override into a default, by filling it only when/after
the query-string omitted the module.
NB: the query class FOO handling is forthcoming.
Fixes: 8e59b5cfb9a6 dynamic_debug: add modname arg to exec_query callchain
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-8-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/dynamic_debug.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index a56c1286ffa4..4d168efcf779 100644
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -384,10 +384,6 @@ static int ddebug_parse_query(char *words[], int nwords,
return -EINVAL;
}
- if (modname)
- /* support $modname.dyndbg=<multiple queries> */
- query->module = modname;
-
for (i = 0; i < nwords; i += 2) {
char *keyword = words[i];
char *arg = words[i+1];
@@ -428,6 +424,13 @@ static int ddebug_parse_query(char *words[], int nwords,
if (rc)
return rc;
}
+ if (!query->module && modname)
+ /*
+ * support $modname.dyndbg=<multiple queries>, when
+ * not given in the query itself
+ */
+ query->module = modname;
+
vpr_info_dq(query, "parsed");
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 516/862] dyndbg: drop EXPORTed dynamic_debug_exec_queries
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (514 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 515/862] dyndbg: let query-modname override actual module name Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 517/862] sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() Greg Kroah-Hartman
` (360 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Baron, Daniel Vetter,
Jim Cromie, Sasha Levin
From: Jim Cromie <jim.cromie@gmail.com>
[ Upstream commit e26ef3af964acfea311403126acee8c56c89e26b ]
This exported fn is unused, and will not be needed. Lets dump it.
The export was added to let drm control pr_debugs, as part of using
them to avoid drm_debug_enabled overheads. But its better to just
implement the drm.debug bitmap interface, then its available for
everyone.
Fixes: a2d375eda771 ("dyndbg: refine export, rename to dynamic_debug_exec_queries()")
Fixes: 4c0d77828d4f ("dyndbg: export ddebug_exec_queries")
Acked-by: Jason Baron <jbaron@akamai.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Link: https://lore.kernel.org/r/20220904214134.408619-10-jim.cromie@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/dynamic_debug.h | 9 ---------
lib/dynamic_debug.c | 29 -----------------------------
2 files changed, 38 deletions(-)
diff --git a/include/linux/dynamic_debug.h b/include/linux/dynamic_debug.h
index f30b01aa9fa4..8d9eec5f6d8b 100644
--- a/include/linux/dynamic_debug.h
+++ b/include/linux/dynamic_debug.h
@@ -55,9 +55,6 @@ struct _ddebug {
#if defined(CONFIG_DYNAMIC_DEBUG_CORE)
-/* exported for module authors to exercise >control */
-int dynamic_debug_exec_queries(const char *query, const char *modname);
-
int ddebug_add_module(struct _ddebug *tab, unsigned int n,
const char *modname);
extern int ddebug_remove_module(const char *mod_name);
@@ -221,12 +218,6 @@ static inline int ddebug_dyndbg_module_param_cb(char *param, char *val,
rowsize, groupsize, buf, len, ascii); \
} while (0)
-static inline int dynamic_debug_exec_queries(const char *query, const char *modname)
-{
- pr_warn("kernel not built with CONFIG_DYNAMIC_DEBUG_CORE\n");
- return 0;
-}
-
#endif /* !CONFIG_DYNAMIC_DEBUG_CORE */
#endif
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index 4d168efcf779..c9b3d9e5d470 100644
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -557,35 +557,6 @@ static int ddebug_exec_queries(char *query, const char *modname)
return nfound;
}
-/**
- * dynamic_debug_exec_queries - select and change dynamic-debug prints
- * @query: query-string described in admin-guide/dynamic-debug-howto
- * @modname: string containing module name, usually &module.mod_name
- *
- * This uses the >/proc/dynamic_debug/control reader, allowing module
- * authors to modify their dynamic-debug callsites. The modname is
- * canonically struct module.mod_name, but can also be null or a
- * module-wildcard, for example: "drm*".
- */
-int dynamic_debug_exec_queries(const char *query, const char *modname)
-{
- int rc;
- char *qry; /* writable copy of query */
-
- if (!query) {
- pr_err("non-null query/command string expected\n");
- return -EINVAL;
- }
- qry = kstrndup(query, PAGE_SIZE, GFP_KERNEL);
- if (!qry)
- return -ENOMEM;
-
- rc = ddebug_exec_queries(qry, modname);
- kfree(qry);
- return rc;
-}
-EXPORT_SYMBOL_GPL(dynamic_debug_exec_queries);
-
#define PREFIX_SIZE 64
static int remaining(int wrote)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 517/862] sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (515 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 516/862] dyndbg: drop EXPORTed dynamic_debug_exec_queries Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 15:08 ` Hugh Dickins
2022-10-19 8:30 ` [PATCH 6.0 518/862] clk: qcom: sm6115: Select QCOM_GDSC Greg Kroah-Hartman
` (359 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keith Busch, Jan Kara, Jens Axboe,
Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit 48c033314f372478548203c583529f53080fd078 ]
When __sbq_wake_up() decrements wait_cnt to 0 but races with someone
else waking the waiter on the waitqueue (so the waitqueue becomes
empty), it exits without reseting wait_cnt to wake_batch number. Once
wait_cnt is 0, nobody will ever reset the wait_cnt or wake the new
waiters resulting in possible deadlocks or busyloops. Fix the problem by
making sure we reset wait_cnt even if we didn't wake up anybody in the
end.
Fixes: 040b83fcecfb ("sbitmap: fix possible io hung due to lost wakeup")
Reported-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220908130937.2795-1-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/sbitmap.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/lib/sbitmap.c b/lib/sbitmap.c
index 1f31147872e6..bb1970ad4875 100644
--- a/lib/sbitmap.c
+++ b/lib/sbitmap.c
@@ -605,6 +605,7 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
struct sbq_wait_state *ws;
unsigned int wake_batch;
int wait_cnt;
+ bool ret;
ws = sbq_wake_ptr(sbq);
if (!ws)
@@ -615,12 +616,23 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
* For concurrent callers of this, callers should call this function
* again to wakeup a new batch on a different 'ws'.
*/
- if (wait_cnt < 0 || !waitqueue_active(&ws->wait))
+ if (wait_cnt < 0)
return true;
+ /*
+ * If we decremented queue without waiters, retry to avoid lost
+ * wakeups.
+ */
if (wait_cnt > 0)
- return false;
+ return !waitqueue_active(&ws->wait);
+ /*
+ * When wait_cnt == 0, we have to be particularly careful as we are
+ * responsible to reset wait_cnt regardless whether we've actually
+ * woken up anybody. But in case we didn't wakeup anybody, we still
+ * need to retry.
+ */
+ ret = !waitqueue_active(&ws->wait);
wake_batch = READ_ONCE(sbq->wake_batch);
/*
@@ -649,7 +661,7 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
sbq_index_atomic_inc(&sbq->wake_index);
atomic_set(&ws->wait_cnt, wake_batch);
- return false;
+ return ret;
}
void sbitmap_queue_wake_up(struct sbitmap_queue *sbq)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 518/862] clk: qcom: sm6115: Select QCOM_GDSC
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (516 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 517/862] sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 519/862] scsi: lpfc: Fix various issues reported by tools Greg Kroah-Hartman
` (358 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dang Huynh, Dmitry Baryshkov,
Bjorn Andersson, Sasha Levin
From: Dang Huynh <danct12@riseup.net>
[ Upstream commit 50ee65dc512b9b5c4de354cf3b4dded34f46c571 ]
While working on the Fxtec Pro1X device, this error shows up with
my own minimal configuration:
gcc-sm6115: probe of 1400000.clock-controller failed with error -38
The clock driver depends on CONFIG_QCOM_GDSC and after enabling
that, the driver probes successfully.
Signed-off-by: Dang Huynh <danct12@riseup.net>
Fixes: cbe63bfdc54f ("clk: qcom: Add Global Clock controller (GCC)
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220910170207.1592220-1-danct12@riseup.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/qcom/Kconfig b/drivers/clk/qcom/Kconfig
index 1cf1ef70e347..d566fbdebdf9 100644
--- a/drivers/clk/qcom/Kconfig
+++ b/drivers/clk/qcom/Kconfig
@@ -645,6 +645,7 @@ config SM_DISPCC_6350
config SM_GCC_6115
tristate "SM6115 and SM4250 Global Clock Controller"
+ select QCOM_GDSC
help
Support for the global clock controller on SM6115 and SM4250 devices.
Say Y if you want to use peripheral devices such as UART, SPI,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 519/862] scsi: lpfc: Fix various issues reported by tools
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (517 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 518/862] clk: qcom: sm6115: Select QCOM_GDSC Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 520/862] mtd: devices: docg3: check the return value of devm_ioremap() in the probe Greg Kroah-Hartman
` (357 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit a4de8356b68e54149ebdbe6e748e2726152b650c ]
This patch fixes below Smatch reported issues:
1. lpfc_hbadisc.c:3020 lpfc_mbx_cmpl_fcf_rr_read_fcf_rec()
error: uninitialized symbol 'vlan_id'.
2. lpfc_hbadisc.c:3121 lpfc_mbx_cmpl_read_fcf_rec()
error: uninitialized symbol 'vlan_id'.
3. lpfc_init.c:335 lpfc_dump_wakeup_param_cmpl()
warn: always true condition '(prg->dist < 4) => (0-3 < 4)'
4. lpfc_init.c:2419 lpfc_parse_vpd()
warn: inconsistent indenting.
5. lpfc_init.c:13248 lpfc_sli4_enable_msi()
warn: 'phba->pcidev->irq' 2147483648 can't fit into 65535
'eqhdl->irq'
6. lpfc_debugfs.c:5300 lpfc_idiag_extacc_avail_get()
error: uninitialized symbol 'ext_cnt'
7. lpfc_debugfs.c:5300 lpfc_idiag_extacc_avail_get()
error: uninitialized symbol 'ext_size'
8. lpfc_vmid.c:248 lpfc_vmid_get_appid()
warn: sleeping in atomic context.
9. lpfc_init.c:8342 lpfc_sli4_driver_resource_setup()
warn: missing error code 'rc'.
10. lpfc_init.c:13573 lpfc_sli4_hba_unset()
warn: variable dereferenced before check 'phba->pport' (see
line 13546)
11. lpfc_auth.c:1923 lpfc_auth_handle_dhchap_reply()
error: double free of 'hash_value'
Fixes:
1. Initialize vlan_id to LPFC_FCOE_NULL_VID.
2. Initialize vlan_id to LPFC_FCOE_NULL_VID.
3. prg->dist is a 2 bit field. Its value can only be between 0-3.
Remove redundent check 'if (prg->dist < 4)'.
4. Fix inconsistent indenting. Moved logic into helper function
lpfc_fill_vpd().
5. Define 'eqhdl->irq' as int value as pci_irq_vector() returns int.
Also, check for return value of pci_irq_vector() and log message in
case of failure.
6. Initialize 'ext_cnt' to 0.
7. Initialize 'ext_size' to 0.
8. Use alloc_percpu_gfp() with GFP_ATOMIC flag.
9. 'rc' was not updated when dma_pool_create() fails. Update 'rc =
-ENOMEM' when dma_pool_create() fails before calling goto statement.
10. Add check for 'phba->pport' in lpfc_cpuhp_remove().
11. Initialize 'hash_value' to NULL, same like 'aug_chal' variable.
Link: https://lore.kernel.org/r/20220911221505.117655-13-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_debugfs.c | 2 +-
drivers/scsi/lpfc/lpfc_hbadisc.c | 4 +-
drivers/scsi/lpfc/lpfc_init.c | 249 +++++++++++++++++--------------
drivers/scsi/lpfc/lpfc_sli.c | 3 +
drivers/scsi/lpfc/lpfc_sli4.h | 4 +-
drivers/scsi/lpfc/lpfc_vmid.c | 4 +-
6 files changed, 148 insertions(+), 118 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c
index e37b028eae5f..f5252e45a48a 100644
--- a/drivers/scsi/lpfc/lpfc_debugfs.c
+++ b/drivers/scsi/lpfc/lpfc_debugfs.c
@@ -5156,7 +5156,7 @@ lpfc_idiag_mbxacc_write(struct file *file, const char __user *buf,
static int
lpfc_idiag_extacc_avail_get(struct lpfc_hba *phba, char *pbuffer, int len)
{
- uint16_t ext_cnt, ext_size;
+ uint16_t ext_cnt = 0, ext_size = 0;
len += scnprintf(pbuffer+len, LPFC_EXT_ACC_BUF_SIZE-len,
"\nAvailable Extents Information:\n");
diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c
index 2645def612e6..a488d00894ae 100644
--- a/drivers/scsi/lpfc/lpfc_hbadisc.c
+++ b/drivers/scsi/lpfc/lpfc_hbadisc.c
@@ -2964,7 +2964,7 @@ lpfc_mbx_cmpl_fcf_rr_read_fcf_rec(struct lpfc_hba *phba, LPFC_MBOXQ_t *mboxq)
uint32_t boot_flag, addr_mode;
uint16_t next_fcf_index, fcf_index;
uint16_t current_fcf_index;
- uint16_t vlan_id;
+ uint16_t vlan_id = LPFC_FCOE_NULL_VID;
int rc;
/* If link state is not up, stop the roundrobin failover process */
@@ -3069,7 +3069,7 @@ lpfc_mbx_cmpl_read_fcf_rec(struct lpfc_hba *phba, LPFC_MBOXQ_t *mboxq)
struct fcf_record *new_fcf_record;
uint32_t boot_flag, addr_mode;
uint16_t fcf_index, next_fcf_index;
- uint16_t vlan_id;
+ uint16_t vlan_id = LPFC_FCOE_NULL_VID;
int rc;
/* If link state is not up, no need to proceed */
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index a76f2a120d9d..1a02134438fc 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -325,8 +325,7 @@ lpfc_dump_wakeup_param_cmpl(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmboxq)
prog_id_word = pmboxq->u.mb.un.varWords[7];
/* Decode the Option rom version word to a readable string */
- if (prg->dist < 4)
- dist = dist_char[prg->dist];
+ dist = dist_char[prg->dist];
if ((prg->dist == 3) && (prg->num == 0))
snprintf(phba->OptionROMVersion, 32, "%d.%d%d",
@@ -2258,6 +2257,101 @@ lpfc_handle_latt(struct lpfc_hba *phba)
return;
}
+static void
+lpfc_fill_vpd(struct lpfc_hba *phba, uint8_t *vpd, int length, int *pindex)
+{
+ int i, j;
+
+ while (length > 0) {
+ /* Look for Serial Number */
+ if ((vpd[*pindex] == 'S') && (vpd[*pindex + 1] == 'N')) {
+ *pindex += 2;
+ i = vpd[*pindex];
+ *pindex += 1;
+ j = 0;
+ length -= (3+i);
+ while (i--) {
+ phba->SerialNumber[j++] = vpd[(*pindex)++];
+ if (j == 31)
+ break;
+ }
+ phba->SerialNumber[j] = 0;
+ continue;
+ } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '1')) {
+ phba->vpd_flag |= VPD_MODEL_DESC;
+ *pindex += 2;
+ i = vpd[*pindex];
+ *pindex += 1;
+ j = 0;
+ length -= (3+i);
+ while (i--) {
+ phba->ModelDesc[j++] = vpd[(*pindex)++];
+ if (j == 255)
+ break;
+ }
+ phba->ModelDesc[j] = 0;
+ continue;
+ } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '2')) {
+ phba->vpd_flag |= VPD_MODEL_NAME;
+ *pindex += 2;
+ i = vpd[*pindex];
+ *pindex += 1;
+ j = 0;
+ length -= (3+i);
+ while (i--) {
+ phba->ModelName[j++] = vpd[(*pindex)++];
+ if (j == 79)
+ break;
+ }
+ phba->ModelName[j] = 0;
+ continue;
+ } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '3')) {
+ phba->vpd_flag |= VPD_PROGRAM_TYPE;
+ *pindex += 2;
+ i = vpd[*pindex];
+ *pindex += 1;
+ j = 0;
+ length -= (3+i);
+ while (i--) {
+ phba->ProgramType[j++] = vpd[(*pindex)++];
+ if (j == 255)
+ break;
+ }
+ phba->ProgramType[j] = 0;
+ continue;
+ } else if ((vpd[*pindex] == 'V') && (vpd[*pindex + 1] == '4')) {
+ phba->vpd_flag |= VPD_PORT;
+ *pindex += 2;
+ i = vpd[*pindex];
+ *pindex += 1;
+ j = 0;
+ length -= (3 + i);
+ while (i--) {
+ if ((phba->sli_rev == LPFC_SLI_REV4) &&
+ (phba->sli4_hba.pport_name_sta ==
+ LPFC_SLI4_PPNAME_GET)) {
+ j++;
+ (*pindex)++;
+ } else
+ phba->Port[j++] = vpd[(*pindex)++];
+ if (j == 19)
+ break;
+ }
+ if ((phba->sli_rev != LPFC_SLI_REV4) ||
+ (phba->sli4_hba.pport_name_sta ==
+ LPFC_SLI4_PPNAME_NON))
+ phba->Port[j] = 0;
+ continue;
+ } else {
+ *pindex += 2;
+ i = vpd[*pindex];
+ *pindex += 1;
+ *pindex += i;
+ length -= (3 + i);
+ }
+ }
+}
+
/**
* lpfc_parse_vpd - Parse VPD (Vital Product Data)
* @phba: pointer to lpfc hba data structure.
@@ -2277,7 +2371,7 @@ lpfc_parse_vpd(struct lpfc_hba *phba, uint8_t *vpd, int len)
{
uint8_t lenlo, lenhi;
int Length;
- int i, j;
+ int i;
int finished = 0;
int index = 0;
@@ -2310,101 +2404,10 @@ lpfc_parse_vpd(struct lpfc_hba *phba, uint8_t *vpd, int len)
Length = ((((unsigned short)lenhi) << 8) + lenlo);
if (Length > len - index)
Length = len - index;
- while (Length > 0) {
- /* Look for Serial Number */
- if ((vpd[index] == 'S') && (vpd[index+1] == 'N')) {
- index += 2;
- i = vpd[index];
- index += 1;
- j = 0;
- Length -= (3+i);
- while(i--) {
- phba->SerialNumber[j++] = vpd[index++];
- if (j == 31)
- break;
- }
- phba->SerialNumber[j] = 0;
- continue;
- }
- else if ((vpd[index] == 'V') && (vpd[index+1] == '1')) {
- phba->vpd_flag |= VPD_MODEL_DESC;
- index += 2;
- i = vpd[index];
- index += 1;
- j = 0;
- Length -= (3+i);
- while(i--) {
- phba->ModelDesc[j++] = vpd[index++];
- if (j == 255)
- break;
- }
- phba->ModelDesc[j] = 0;
- continue;
- }
- else if ((vpd[index] == 'V') && (vpd[index+1] == '2')) {
- phba->vpd_flag |= VPD_MODEL_NAME;
- index += 2;
- i = vpd[index];
- index += 1;
- j = 0;
- Length -= (3+i);
- while(i--) {
- phba->ModelName[j++] = vpd[index++];
- if (j == 79)
- break;
- }
- phba->ModelName[j] = 0;
- continue;
- }
- else if ((vpd[index] == 'V') && (vpd[index+1] == '3')) {
- phba->vpd_flag |= VPD_PROGRAM_TYPE;
- index += 2;
- i = vpd[index];
- index += 1;
- j = 0;
- Length -= (3+i);
- while(i--) {
- phba->ProgramType[j++] = vpd[index++];
- if (j == 255)
- break;
- }
- phba->ProgramType[j] = 0;
- continue;
- }
- else if ((vpd[index] == 'V') && (vpd[index+1] == '4')) {
- phba->vpd_flag |= VPD_PORT;
- index += 2;
- i = vpd[index];
- index += 1;
- j = 0;
- Length -= (3+i);
- while(i--) {
- if ((phba->sli_rev == LPFC_SLI_REV4) &&
- (phba->sli4_hba.pport_name_sta ==
- LPFC_SLI4_PPNAME_GET)) {
- j++;
- index++;
- } else
- phba->Port[j++] = vpd[index++];
- if (j == 19)
- break;
- }
- if ((phba->sli_rev != LPFC_SLI_REV4) ||
- (phba->sli4_hba.pport_name_sta ==
- LPFC_SLI4_PPNAME_NON))
- phba->Port[j] = 0;
- continue;
- }
- else {
- index += 2;
- i = vpd[index];
- index += 1;
- index += i;
- Length -= (3 + i);
- }
- }
- finished = 0;
- break;
+
+ lpfc_fill_vpd(phba, vpd, Length, &index);
+ finished = 0;
+ break;
case 0x78:
finished = 1;
break;
@@ -8278,8 +8281,10 @@ lpfc_sli4_driver_resource_setup(struct lpfc_hba *phba)
&phba->pcidev->dev,
phba->cfg_sg_dma_buf_size,
i, 0);
- if (!phba->lpfc_sg_dma_buf_pool)
+ if (!phba->lpfc_sg_dma_buf_pool) {
+ rc = -ENOMEM;
goto out_free_bsmbx;
+ }
phba->lpfc_cmd_rsp_buf_pool =
dma_pool_create("lpfc_cmd_rsp_buf_pool",
@@ -8287,8 +8292,10 @@ lpfc_sli4_driver_resource_setup(struct lpfc_hba *phba)
sizeof(struct fcp_cmnd) +
sizeof(struct fcp_rsp),
i, 0);
- if (!phba->lpfc_cmd_rsp_buf_pool)
+ if (!phba->lpfc_cmd_rsp_buf_pool) {
+ rc = -ENOMEM;
goto out_free_sg_dma_buf;
+ }
mempool_free(mboxq, phba->mbox_mem_pool);
@@ -12379,7 +12386,7 @@ lpfc_hba_eq_hdl_array_init(struct lpfc_hba *phba)
for (i = 0; i < phba->cfg_irq_chann; i++) {
eqhdl = lpfc_get_eq_hdl(i);
- eqhdl->irq = LPFC_VECTOR_MAP_EMPTY;
+ eqhdl->irq = LPFC_IRQ_EMPTY;
eqhdl->phba = phba;
}
}
@@ -12752,7 +12759,7 @@ static void __lpfc_cpuhp_remove(struct lpfc_hba *phba)
static void lpfc_cpuhp_remove(struct lpfc_hba *phba)
{
- if (phba->pport->fc_flag & FC_OFFLINE_MODE)
+ if (phba->pport && (phba->pport->fc_flag & FC_OFFLINE_MODE))
return;
__lpfc_cpuhp_remove(phba);
@@ -13016,9 +13023,17 @@ lpfc_sli4_enable_msix(struct lpfc_hba *phba)
LPFC_DRIVER_HANDLER_NAME"%d", index);
eqhdl->idx = index;
- rc = request_irq(pci_irq_vector(phba->pcidev, index),
- &lpfc_sli4_hba_intr_handler, 0,
- name, eqhdl);
+ rc = pci_irq_vector(phba->pcidev, index);
+ if (rc < 0) {
+ lpfc_printf_log(phba, KERN_WARNING, LOG_INIT,
+ "0489 MSI-X fast-path (%d) "
+ "pci_irq_vec failed (%d)\n", index, rc);
+ goto cfg_fail_out;
+ }
+ eqhdl->irq = rc;
+
+ rc = request_irq(eqhdl->irq, &lpfc_sli4_hba_intr_handler, 0,
+ name, eqhdl);
if (rc) {
lpfc_printf_log(phba, KERN_WARNING, LOG_INIT,
"0486 MSI-X fast-path (%d) "
@@ -13026,8 +13041,6 @@ lpfc_sli4_enable_msix(struct lpfc_hba *phba)
goto cfg_fail_out;
}
- eqhdl->irq = pci_irq_vector(phba->pcidev, index);
-
if (aff_mask) {
/* If found a neighboring online cpu, set affinity */
if (cpu_select < nr_cpu_ids)
@@ -13144,7 +13157,14 @@ lpfc_sli4_enable_msi(struct lpfc_hba *phba)
}
eqhdl = lpfc_get_eq_hdl(0);
- eqhdl->irq = pci_irq_vector(phba->pcidev, 0);
+ rc = pci_irq_vector(phba->pcidev, 0);
+ if (rc < 0) {
+ pci_free_irq_vectors(phba->pcidev);
+ lpfc_printf_log(phba, KERN_WARNING, LOG_INIT,
+ "0496 MSI pci_irq_vec failed (%d)\n", rc);
+ return rc;
+ }
+ eqhdl->irq = rc;
cpu = cpumask_first(cpu_present_mask);
lpfc_assign_eq_map_info(phba, 0, LPFC_CPU_FIRST_IRQ, cpu);
@@ -13171,8 +13191,8 @@ lpfc_sli4_enable_msi(struct lpfc_hba *phba)
* MSI-X -> MSI -> IRQ.
*
* Return codes
- * 0 - successful
- * other values - error
+ * Interrupt mode (2, 1, 0) - successful
+ * LPFC_INTR_ERROR - error
**/
static uint32_t
lpfc_sli4_enable_intr(struct lpfc_hba *phba, uint32_t cfg_mode)
@@ -13217,7 +13237,14 @@ lpfc_sli4_enable_intr(struct lpfc_hba *phba, uint32_t cfg_mode)
intr_mode = 0;
eqhdl = lpfc_get_eq_hdl(0);
- eqhdl->irq = pci_irq_vector(phba->pcidev, 0);
+ retval = pci_irq_vector(phba->pcidev, 0);
+ if (retval < 0) {
+ lpfc_printf_log(phba, KERN_WARNING, LOG_INIT,
+ "0502 INTR pci_irq_vec failed (%d)\n",
+ retval);
+ return LPFC_INTR_ERROR;
+ }
+ eqhdl->irq = retval;
cpu = cpumask_first(cpu_present_mask);
lpfc_assign_eq_map_info(phba, 0, LPFC_CPU_FIRST_IRQ,
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 55c9eb39ea19..03c21167fc85 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -6202,6 +6202,9 @@ lpfc_sli4_get_avail_extnt_rsrc(struct lpfc_hba *phba, uint16_t type,
struct lpfc_mbx_get_rsrc_extent_info *rsrc_info;
LPFC_MBOXQ_t *mbox;
+ *extnt_count = 0;
+ *extnt_size = 0;
+
mbox = (LPFC_MBOXQ_t *) mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
if (!mbox)
return -ENOMEM;
diff --git a/drivers/scsi/lpfc/lpfc_sli4.h b/drivers/scsi/lpfc/lpfc_sli4.h
index 1ddad5b170a6..cbb1aa1cf025 100644
--- a/drivers/scsi/lpfc/lpfc_sli4.h
+++ b/drivers/scsi/lpfc/lpfc_sli4.h
@@ -489,7 +489,7 @@ struct lpfc_hba;
#define LPFC_SLI4_HANDLER_NAME_SZ 16
struct lpfc_hba_eq_hdl {
uint32_t idx;
- uint16_t irq;
+ int irq;
char handler_name[LPFC_SLI4_HANDLER_NAME_SZ];
struct lpfc_hba *phba;
struct lpfc_queue *eq;
@@ -611,6 +611,8 @@ struct lpfc_vector_map_info {
};
#define LPFC_VECTOR_MAP_EMPTY 0xffff
+#define LPFC_IRQ_EMPTY 0xffffffff
+
/* Multi-XRI pool */
#define XRI_BATCH 8
diff --git a/drivers/scsi/lpfc/lpfc_vmid.c b/drivers/scsi/lpfc/lpfc_vmid.c
index f64ced04b912..ed1d7f7b88a3 100644
--- a/drivers/scsi/lpfc/lpfc_vmid.c
+++ b/drivers/scsi/lpfc/lpfc_vmid.c
@@ -245,9 +245,7 @@ int lpfc_vmid_get_appid(struct lpfc_vport *vport, char *uuid,
/* allocate the per cpu variable for holding */
/* the last access time stamp only if VMID is enabled */
if (!vmp->last_io_time)
- vmp->last_io_time = __alloc_percpu(sizeof(u64),
- __alignof__(struct
- lpfc_vmid));
+ vmp->last_io_time = alloc_percpu_gfp(u64, GFP_ATOMIC);
if (!vmp->last_io_time) {
hash_del(&vmp->hnode);
vmp->flag = LPFC_VMID_SLOT_FREE;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 520/862] mtd: devices: docg3: check the return value of devm_ioremap() in the probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (518 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 519/862] scsi: lpfc: Fix various issues reported by tools Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 521/862] remoteproc: Harden rproc_handle_vdev() against integer overflow Greg Kroah-Hartman
` (356 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hacash Robot, William Dean,
Miquel Raynal, Sasha Levin
From: William Dean <williamsukatube@gmail.com>
[ Upstream commit 26e784433e6c65735cd6d93a8db52531970d9a60 ]
The function devm_ioremap() in docg3_probe() can fail, so
its return value should be checked.
Fixes: 82402aeb8c81e ("mtd: docg3: Use devm_*() functions")
Reported-by: Hacash Robot <hacashRobot@santino.com>
Signed-off-by: William Dean <williamsukatube@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220722091644.2937953-1-williamsukatube@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/devices/docg3.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/devices/docg3.c b/drivers/mtd/devices/docg3.c
index 5b0ae5ddad74..27c08f22dec8 100644
--- a/drivers/mtd/devices/docg3.c
+++ b/drivers/mtd/devices/docg3.c
@@ -1974,9 +1974,14 @@ static int __init docg3_probe(struct platform_device *pdev)
dev_err(dev, "No I/O memory resource defined\n");
return ret;
}
- base = devm_ioremap(dev, ress->start, DOC_IOSPACE_SIZE);
ret = -ENOMEM;
+ base = devm_ioremap(dev, ress->start, DOC_IOSPACE_SIZE);
+ if (!base) {
+ dev_err(dev, "devm_ioremap dev failed\n");
+ return ret;
+ }
+
cascade = devm_kcalloc(dev, DOC_MAX_NBFLOORS, sizeof(*cascade),
GFP_KERNEL);
if (!cascade)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 521/862] remoteproc: Harden rproc_handle_vdev() against integer overflow
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (519 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 520/862] mtd: devices: docg3: check the return value of devm_ioremap() in the probe Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 522/862] phy: qcom-qmp-usb: disable runtime PM on unbind Greg Kroah-Hartman
` (355 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Gustavo A. R. Silva,
Mukesh Ojha, Mathieu Poirier, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 7d7f8fe4e399519cc9ac68a475fec6d3a996341b ]
The struct_size() macro protects against integer overflows but adding
"+ rsc->config_len" introduces the risk of integer overflows again.
Use size_add() to be safe.
Fixes: c87846571587 ("remoteproc: use struct_size() helper")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Mukesh Ojha <quic_mojha@quicinc.com>
Link: https://lore.kernel.org/r/YyMyoPoGOJUcEpZT@kili
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/remoteproc_core.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c
index e5279ed9a8d7..4fc5ce2187ac 100644
--- a/drivers/remoteproc/remoteproc_core.c
+++ b/drivers/remoteproc/remoteproc_core.c
@@ -520,12 +520,13 @@ static int rproc_handle_vdev(struct rproc *rproc, void *ptr,
struct fw_rsc_vdev *rsc = ptr;
struct device *dev = &rproc->dev;
struct rproc_vdev *rvdev;
+ size_t rsc_size;
int i, ret;
char name[16];
/* make sure resource isn't truncated */
- if (struct_size(rsc, vring, rsc->num_of_vrings) + rsc->config_len >
- avail) {
+ rsc_size = struct_size(rsc, vring, rsc->num_of_vrings);
+ if (size_add(rsc_size, rsc->config_len) > avail) {
dev_err(dev, "vdev rsc is truncated\n");
return -EINVAL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 522/862] phy: qcom-qmp-usb: disable runtime PM on unbind
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (520 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 521/862] remoteproc: Harden rproc_handle_vdev() against integer overflow Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check Greg Kroah-Hartman
` (354 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Dmitry Baryshkov,
Vinod Koul, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit e57655e66806750785f9121c98a962404d02395b ]
Make sure to disable runtime PM also on driver unbind.
Fixes: ac0d239936bd ("phy: qcom-qmp: Add support for runtime PM").
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20220907110728.19092-10-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
index 1d270356a97f..1eb4ec576361 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
@@ -2704,7 +2704,9 @@ static int qcom_qmp_phy_usb_probe(struct platform_device *pdev)
return -ENOMEM;
pm_runtime_set_active(dev);
- pm_runtime_enable(dev);
+ ret = devm_pm_runtime_enable(dev);
+ if (ret)
+ return ret;
/*
* Prevent runtime pm from being ON by default. Users can enable
* it using power/control in sysfs.
@@ -2738,13 +2740,10 @@ static int qcom_qmp_phy_usb_probe(struct platform_device *pdev)
phy_provider = devm_of_phy_provider_register(dev, of_phy_simple_xlate);
if (!IS_ERR(phy_provider))
dev_info(dev, "Registered Qcom-QMP phy\n");
- else
- pm_runtime_disable(dev);
return PTR_ERR_OR_ZERO(phy_provider);
err_node_put:
- pm_runtime_disable(dev);
of_node_put(child);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (521 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 522/862] phy: qcom-qmp-usb: disable runtime PM on unbind Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 9:15 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 524/862] phy: qcom-qmp-pcie: fix memleak on probe deferral Greg Kroah-Hartman
` (353 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Vinod Koul, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit ecd5507e72ea03659dc2cc3e4393fbf8f4e2e02a ]
Make sure that the (otherwise) optional pcs_misc IO region has been
provided in case the configuration specifies a corresponding
initialisation table to avoid crashing with malformed device trees.
Note that the related debug message is now superfluous as the region is
only used when the configuration has a pcs_misc table.
Fixes: 421c9a0e9731 ("phy: qcom: qmp: Add SDM845 PCIe QMP PHY support")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220916102340.11520-2-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
index 2d65e1f56bfc..0e0f2482827a 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
@@ -2371,8 +2371,10 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
of_device_is_compatible(dev->of_node, "qcom,ipq6018-qmp-pcie-phy"))
qphy->pcs_misc = qphy->pcs + 0x400;
- if (!qphy->pcs_misc)
- dev_vdbg(dev, "PHY pcs_misc-reg not used\n");
+ if (!qphy->pcs_misc) {
+ if (cfg->pcs_misc_tbl || cfg->pcs_misc_tbl_sec)
+ return -EINVAL;
+ }
snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
qphy->pipe_clk = devm_get_clk_from_child(dev, np, prop_name);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 524/862] phy: qcom-qmp-pcie: fix memleak on probe deferral
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (522 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 9:17 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 525/862] phy: qcom-qmp-pcie-msm8996: " Greg Kroah-Hartman
` (352 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Vinod Koul, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 4be26f695ffa458b065b7942dbff9393bf0836ea ]
Switch to using the device-managed of_iomap helper to avoid leaking
memory on probe deferral and driver unbind.
Note that this helper checks for already reserved regions and may fail
if there are multiple devices claiming the same memory.
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220916102340.11520-3-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 34 ++++++++++++------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
index 0e0f2482827a..819bcd975ba4 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
@@ -2329,17 +2329,17 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
* For dual lane PHYs: tx2 -> 3, rx2 -> 4, pcs_misc (optional) -> 5
* For single lane PHYs: pcs_misc (optional) -> 3.
*/
- qphy->tx = of_iomap(np, 0);
- if (!qphy->tx)
- return -ENOMEM;
+ qphy->tx = devm_of_iomap(dev, np, 0, NULL);
+ if (IS_ERR(qphy->tx))
+ return PTR_ERR(qphy->tx);
- qphy->rx = of_iomap(np, 1);
- if (!qphy->rx)
- return -ENOMEM;
+ qphy->rx = devm_of_iomap(dev, np, 1, NULL);
+ if (IS_ERR(qphy->rx))
+ return PTR_ERR(qphy->rx);
- qphy->pcs = of_iomap(np, 2);
- if (!qphy->pcs)
- return -ENOMEM;
+ qphy->pcs = devm_of_iomap(dev, np, 2, NULL);
+ if (IS_ERR(qphy->pcs))
+ return PTR_ERR(qphy->pcs);
/*
* If this is a dual-lane PHY, then there should be registers for the
@@ -2348,9 +2348,9 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
* offset from the first lane.
*/
if (cfg->is_dual_lane_phy) {
- qphy->tx2 = of_iomap(np, 3);
- qphy->rx2 = of_iomap(np, 4);
- if (!qphy->tx2 || !qphy->rx2) {
+ qphy->tx2 = devm_of_iomap(dev, np, 3, NULL);
+ qphy->rx2 = devm_of_iomap(dev, np, 4, NULL);
+ if (IS_ERR(qphy->tx2) || IS_ERR(qphy->rx2)) {
dev_warn(dev,
"Underspecified device tree, falling back to legacy register regions\n");
@@ -2360,20 +2360,20 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
qphy->rx2 = qphy->rx + QMP_PHY_LEGACY_LANE_STRIDE;
} else {
- qphy->pcs_misc = of_iomap(np, 5);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 5, NULL);
}
} else {
- qphy->pcs_misc = of_iomap(np, 3);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 3, NULL);
}
- if (!qphy->pcs_misc &&
+ if (IS_ERR(qphy->pcs_misc) &&
of_device_is_compatible(dev->of_node, "qcom,ipq6018-qmp-pcie-phy"))
qphy->pcs_misc = qphy->pcs + 0x400;
- if (!qphy->pcs_misc) {
+ if (IS_ERR(qphy->pcs_misc)) {
if (cfg->pcs_misc_tbl || cfg->pcs_misc_tbl_sec)
- return -EINVAL;
+ return PTR_ERR(qphy->pcs_misc);
}
snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 525/862] phy: qcom-qmp-pcie-msm8996: fix memleak on probe deferral
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (523 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 524/862] phy: qcom-qmp-pcie: fix memleak on probe deferral Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 9:18 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 526/862] phy: qcom-qmp-combo: " Greg Kroah-Hartman
` (351 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Vinod Koul, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 1f69ededf8e80c42352e7f1c165a003614de9cc2 ]
Switch to using the device-managed of_iomap helper to avoid leaking
memory on probe deferral and driver unbind.
Note that this helper checks for already reserved regions and may fail
if there are multiple devices claiming the same memory.
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220916102340.11520-4-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../phy/qualcomm/phy-qcom-qmp-pcie-msm8996.c | 23 +++++++++----------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-pcie-msm8996.c b/drivers/phy/qualcomm/phy-qcom-qmp-pcie-msm8996.c
index be6a94439b6c..14ea4ae95861 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-pcie-msm8996.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-pcie-msm8996.c
@@ -875,21 +875,20 @@ int qcom_qmp_phy_pcie_msm8996_create(struct device *dev, struct device_node *np,
* For dual lane PHYs: tx2 -> 3, rx2 -> 4, pcs_misc (optional) -> 5
* For single lane PHYs: pcs_misc (optional) -> 3.
*/
- qphy->tx = of_iomap(np, 0);
- if (!qphy->tx)
- return -ENOMEM;
-
- qphy->rx = of_iomap(np, 1);
- if (!qphy->rx)
- return -ENOMEM;
+ qphy->tx = devm_of_iomap(dev, np, 0, NULL);
+ if (IS_ERR(qphy->tx))
+ return PTR_ERR(qphy->tx);
- qphy->pcs = of_iomap(np, 2);
- if (!qphy->pcs)
- return -ENOMEM;
+ qphy->rx = devm_of_iomap(dev, np, 1, NULL);
+ if (IS_ERR(qphy->rx))
+ return PTR_ERR(qphy->rx);
- qphy->pcs_misc = of_iomap(np, 3);
+ qphy->pcs = devm_of_iomap(dev, np, 2, NULL);
+ if (IS_ERR(qphy->pcs))
+ return PTR_ERR(qphy->pcs);
- if (!qphy->pcs_misc)
+ qphy->pcs_misc = devm_of_iomap(dev, np, 3, NULL);
+ if (IS_ERR(qphy->pcs_misc))
dev_vdbg(dev, "PHY pcs_misc-reg not used\n");
snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 526/862] phy: qcom-qmp-combo: fix memleak on probe deferral
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (524 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 525/862] phy: qcom-qmp-pcie-msm8996: " Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 9:18 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 527/862] phy: qcom-qmp-ufs: " Greg Kroah-Hartman
` (350 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Vinod Koul, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 2de8a325b1084330ae500380cc27edc39f488c30 ]
Switch to using the device-managed of_iomap helper to avoid leaking
memory on probe deferral and driver unbind.
Note that this helper checks for already reserved regions and may fail
if there are multiple devices claiming the same memory.
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220916102340.11520-5-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 32 ++++++++++++-----------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c
index bbdca263058c..f089977c85bb 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-combo.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-combo.c
@@ -2350,17 +2350,17 @@ int qcom_qmp_phy_combo_create(struct device *dev, struct device_node *np, int id
* For dual lane PHYs: tx2 -> 3, rx2 -> 4, pcs_misc (optional) -> 5
* For single lane PHYs: pcs_misc (optional) -> 3.
*/
- qphy->tx = of_iomap(np, 0);
- if (!qphy->tx)
- return -ENOMEM;
+ qphy->tx = devm_of_iomap(dev, np, 0, NULL);
+ if (IS_ERR(qphy->tx))
+ return PTR_ERR(qphy->tx);
- qphy->rx = of_iomap(np, 1);
- if (!qphy->rx)
- return -ENOMEM;
+ qphy->rx = devm_of_iomap(dev, np, 1, NULL);
+ if (IS_ERR(qphy->rx))
+ return PTR_ERR(qphy->rx);
- qphy->pcs = of_iomap(np, 2);
- if (!qphy->pcs)
- return -ENOMEM;
+ qphy->pcs = devm_of_iomap(dev, np, 2, NULL);
+ if (IS_ERR(qphy->pcs))
+ return PTR_ERR(qphy->pcs);
if (cfg->pcs_usb_offset)
qphy->pcs_usb = qphy->pcs + cfg->pcs_usb_offset;
@@ -2372,9 +2372,9 @@ int qcom_qmp_phy_combo_create(struct device *dev, struct device_node *np, int id
* offset from the first lane.
*/
if (cfg->is_dual_lane_phy) {
- qphy->tx2 = of_iomap(np, 3);
- qphy->rx2 = of_iomap(np, 4);
- if (!qphy->tx2 || !qphy->rx2) {
+ qphy->tx2 = devm_of_iomap(dev, np, 3, NULL);
+ qphy->rx2 = devm_of_iomap(dev, np, 4, NULL);
+ if (IS_ERR(qphy->tx2) || IS_ERR(qphy->rx2)) {
dev_warn(dev,
"Underspecified device tree, falling back to legacy register regions\n");
@@ -2384,15 +2384,17 @@ int qcom_qmp_phy_combo_create(struct device *dev, struct device_node *np, int id
qphy->rx2 = qphy->rx + QMP_PHY_LEGACY_LANE_STRIDE;
} else {
- qphy->pcs_misc = of_iomap(np, 5);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 5, NULL);
}
} else {
- qphy->pcs_misc = of_iomap(np, 3);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 3, NULL);
}
- if (!qphy->pcs_misc)
+ if (IS_ERR(qphy->pcs_misc)) {
dev_vdbg(dev, "PHY pcs_misc-reg not used\n");
+ qphy->pcs_misc = NULL;
+ }
/*
* Get PHY's Pipe clock, if any. USB3 and PCIe are PIPE3
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 527/862] phy: qcom-qmp-ufs: fix memleak on probe deferral
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (525 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 526/862] phy: qcom-qmp-combo: " Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 9:18 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 528/862] phy: qcom-qmp-usb: " Greg Kroah-Hartman
` (349 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Vinod Koul, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit ef74a97f0df8758efe4476b4645961286aa86f0d ]
Switch to using the device-managed of_iomap helper to avoid leaking
memory on probe deferral and driver unbind.
Note that this helper checks for already reserved regions and may fail
if there are multiple devices claiming the same memory.
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220916102340.11520-6-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-ufs.c | 30 ++++++++++++-------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-ufs.c b/drivers/phy/qualcomm/phy-qcom-qmp-ufs.c
index c8583f5a54bd..f586e5260856 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-ufs.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-ufs.c
@@ -1188,17 +1188,17 @@ int qcom_qmp_phy_ufs_create(struct device *dev, struct device_node *np, int id,
* For dual lane PHYs: tx2 -> 3, rx2 -> 4, pcs_misc (optional) -> 5
* For single lane PHYs: pcs_misc (optional) -> 3.
*/
- qphy->tx = of_iomap(np, 0);
- if (!qphy->tx)
- return -ENOMEM;
+ qphy->tx = devm_of_iomap(dev, np, 0, NULL);
+ if (IS_ERR(qphy->tx))
+ return PTR_ERR(qphy->tx);
- qphy->rx = of_iomap(np, 1);
- if (!qphy->rx)
- return -ENOMEM;
+ qphy->rx = devm_of_iomap(dev, np, 1, NULL);
+ if (IS_ERR(qphy->rx))
+ return PTR_ERR(qphy->rx);
- qphy->pcs = of_iomap(np, 2);
- if (!qphy->pcs)
- return -ENOMEM;
+ qphy->pcs = devm_of_iomap(dev, np, 2, NULL);
+ if (IS_ERR(qphy->pcs))
+ return PTR_ERR(qphy->pcs);
/*
* If this is a dual-lane PHY, then there should be registers for the
@@ -1207,9 +1207,9 @@ int qcom_qmp_phy_ufs_create(struct device *dev, struct device_node *np, int id,
* offset from the first lane.
*/
if (cfg->is_dual_lane_phy) {
- qphy->tx2 = of_iomap(np, 3);
- qphy->rx2 = of_iomap(np, 4);
- if (!qphy->tx2 || !qphy->rx2) {
+ qphy->tx2 = devm_of_iomap(dev, np, 3, NULL);
+ qphy->rx2 = devm_of_iomap(dev, np, 4, NULL);
+ if (IS_ERR(qphy->tx2) || IS_ERR(qphy->rx2)) {
dev_warn(dev,
"Underspecified device tree, falling back to legacy register regions\n");
@@ -1219,14 +1219,14 @@ int qcom_qmp_phy_ufs_create(struct device *dev, struct device_node *np, int id,
qphy->rx2 = qphy->rx + QMP_PHY_LEGACY_LANE_STRIDE;
} else {
- qphy->pcs_misc = of_iomap(np, 5);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 5, NULL);
}
} else {
- qphy->pcs_misc = of_iomap(np, 3);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 3, NULL);
}
- if (!qphy->pcs_misc)
+ if (IS_ERR(qphy->pcs_misc))
dev_vdbg(dev, "PHY pcs_misc-reg not used\n");
generic_phy = devm_phy_create(dev, np, &qcom_qmp_ufs_ops);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 528/862] phy: qcom-qmp-usb: fix memleak on probe deferral
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (526 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 527/862] phy: qcom-qmp-ufs: " Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 9:19 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 529/862] phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() Greg Kroah-Hartman
` (348 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Vinod Koul, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd ]
Switch to using the device-managed of_iomap helper to avoid leaking
memory on probe deferral and driver unbind.
Note that this helper checks for already reserved regions and may fail
if there are multiple devices claiming the same memory.
Two bindings currently rely on overlapping mappings for the PCS region
so fallback to non-exclusive mappings for those for now.
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220916102340.11520-7-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 61 +++++++++++++++++++++++---------
1 file changed, 44 insertions(+), 17 deletions(-)
--- a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c
@@ -2489,6 +2489,21 @@ static const struct phy_ops qcom_qmp_phy
.owner = THIS_MODULE,
};
+static void __iomem *qmp_usb_iomap(struct device *dev, struct device_node *np,
+ int index, bool exclusive)
+{
+ struct resource res;
+
+ if (!exclusive) {
+ if (of_address_to_resource(np, index, &res))
+ return IOMEM_ERR_PTR(-EINVAL);
+
+ return devm_ioremap(dev, res.start, resource_size(&res));
+ }
+
+ return devm_of_iomap(dev, np, index, NULL);
+}
+
static
int qcom_qmp_phy_usb_create(struct device *dev, struct device_node *np, int id,
void __iomem *serdes, const struct qmp_phy_cfg *cfg)
@@ -2497,8 +2512,18 @@ int qcom_qmp_phy_usb_create(struct devic
struct phy *generic_phy;
struct qmp_phy *qphy;
char prop_name[MAX_PROP_NAME];
+ bool exclusive = true;
int ret;
+ /*
+ * FIXME: These bindings should be fixed to not rely on overlapping
+ * mappings for PCS.
+ */
+ if (of_device_is_compatible(dev->of_node, "qcom,sdx65-qmp-usb3-uni-phy"))
+ exclusive = false;
+ if (of_device_is_compatible(dev->of_node, "qcom,sm8350-qmp-usb3-uni-phy"))
+ exclusive = false;
+
qphy = devm_kzalloc(dev, sizeof(*qphy), GFP_KERNEL);
if (!qphy)
return -ENOMEM;
@@ -2511,17 +2536,17 @@ int qcom_qmp_phy_usb_create(struct devic
* For dual lane PHYs: tx2 -> 3, rx2 -> 4, pcs_misc (optional) -> 5
* For single lane PHYs: pcs_misc (optional) -> 3.
*/
- qphy->tx = of_iomap(np, 0);
- if (!qphy->tx)
- return -ENOMEM;
-
- qphy->rx = of_iomap(np, 1);
- if (!qphy->rx)
- return -ENOMEM;
-
- qphy->pcs = of_iomap(np, 2);
- if (!qphy->pcs)
- return -ENOMEM;
+ qphy->tx = devm_of_iomap(dev, np, 0, NULL);
+ if (IS_ERR(qphy->tx))
+ return PTR_ERR(qphy->tx);
+
+ qphy->rx = devm_of_iomap(dev, np, 1, NULL);
+ if (IS_ERR(qphy->rx))
+ return PTR_ERR(qphy->rx);
+
+ qphy->pcs = qmp_usb_iomap(dev, np, 2, exclusive);
+ if (IS_ERR(qphy->pcs))
+ return PTR_ERR(qphy->pcs);
if (cfg->pcs_usb_offset)
qphy->pcs_usb = qphy->pcs + cfg->pcs_usb_offset;
@@ -2533,9 +2558,9 @@ int qcom_qmp_phy_usb_create(struct devic
* offset from the first lane.
*/
if (cfg->is_dual_lane_phy) {
- qphy->tx2 = of_iomap(np, 3);
- qphy->rx2 = of_iomap(np, 4);
- if (!qphy->tx2 || !qphy->rx2) {
+ qphy->tx2 = devm_of_iomap(dev, np, 3, NULL);
+ qphy->rx2 = devm_of_iomap(dev, np, 4, NULL);
+ if (IS_ERR(qphy->tx2) || IS_ERR(qphy->rx2)) {
dev_warn(dev,
"Underspecified device tree, falling back to legacy register regions\n");
@@ -2545,15 +2570,17 @@ int qcom_qmp_phy_usb_create(struct devic
qphy->rx2 = qphy->rx + QMP_PHY_LEGACY_LANE_STRIDE;
} else {
- qphy->pcs_misc = of_iomap(np, 5);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 5, NULL);
}
} else {
- qphy->pcs_misc = of_iomap(np, 3);
+ qphy->pcs_misc = devm_of_iomap(dev, np, 3, NULL);
}
- if (!qphy->pcs_misc)
+ if (IS_ERR(qphy->pcs_misc)) {
dev_vdbg(dev, "PHY pcs_misc-reg not used\n");
+ qphy->pcs_misc = NULL;
+ }
snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
qphy->pipe_clk = devm_get_clk_from_child(dev, np, prop_name);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 529/862] phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (527 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 528/862] phy: qcom-qmp-usb: " Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 530/862] phy: phy-mtk-tphy: fix the phy type setting issue Greg Kroah-Hartman
` (347 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Vinod Koul, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit c4c349be07aeec5f397a349046dc5fc0f2657691 ]
As the of_get_parent() will increase the refcount of the node->parent
and the reference will be discarded, so we should hold the reference
with which we can decrease the refcount when done.
Fixes: 8eff8b4e22d9 ("phy: amlogic: phy-meson-axg-mipi-pcie-analog: add support for MIPI DSI analog")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220915093506.4009456-1-windhl@126.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/amlogic/phy-meson-axg-mipi-pcie-analog.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/amlogic/phy-meson-axg-mipi-pcie-analog.c b/drivers/phy/amlogic/phy-meson-axg-mipi-pcie-analog.c
index 1027ece6ca12..a3e1108b736d 100644
--- a/drivers/phy/amlogic/phy-meson-axg-mipi-pcie-analog.c
+++ b/drivers/phy/amlogic/phy-meson-axg-mipi-pcie-analog.c
@@ -197,7 +197,7 @@ static int phy_axg_mipi_pcie_analog_probe(struct platform_device *pdev)
struct phy_provider *phy;
struct device *dev = &pdev->dev;
struct phy_axg_mipi_pcie_analog_priv *priv;
- struct device_node *np = dev->of_node;
+ struct device_node *np = dev->of_node, *parent_np;
struct regmap *map;
int ret;
@@ -206,7 +206,9 @@ static int phy_axg_mipi_pcie_analog_probe(struct platform_device *pdev)
return -ENOMEM;
/* Get the hhi system controller node */
- map = syscon_node_to_regmap(of_get_parent(dev->of_node));
+ parent_np = of_get_parent(dev->of_node);
+ map = syscon_node_to_regmap(parent_np);
+ of_node_put(parent_np);
if (IS_ERR(map)) {
dev_err(dev,
"failed to get HHI regmap\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 530/862] phy: phy-mtk-tphy: fix the phy type setting issue
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (528 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 529/862] phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 531/862] mtd: rawnand: intel: Read the chip-select line from the correct OF node Greg Kroah-Hartman
` (346 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chunfeng Yun,
AngeloGioacchino Del Regno, Vinod Koul, Sasha Levin
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
[ Upstream commit 931c05a8cb1be029ef2fbc1e4af313d4cb297c47 ]
The PHY type is not set if the index is non zero, prepare type
value according to the index, like as mask value.
Fixes: 39099a443358 ("phy: phy-mtk-tphy: support type switch by pericfg")
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220914060746.10004-7-chunfeng.yun@mediatek.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/mediatek/phy-mtk-tphy.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/phy/mediatek/phy-mtk-tphy.c b/drivers/phy/mediatek/phy-mtk-tphy.c
index 8ee7682b8e93..bdffc21858f6 100644
--- a/drivers/phy/mediatek/phy-mtk-tphy.c
+++ b/drivers/phy/mediatek/phy-mtk-tphy.c
@@ -906,7 +906,7 @@ static int phy_type_syscon_get(struct mtk_phy_instance *instance,
static int phy_type_set(struct mtk_phy_instance *instance)
{
int type;
- u32 mask;
+ u32 offset;
if (!instance->type_sw)
return 0;
@@ -929,8 +929,9 @@ static int phy_type_set(struct mtk_phy_instance *instance)
return 0;
}
- mask = RG_PHY_SW_TYPE << (instance->type_sw_index * BITS_PER_BYTE);
- regmap_update_bits(instance->type_sw, instance->type_sw_reg, mask, type);
+ offset = instance->type_sw_index * BITS_PER_BYTE;
+ regmap_update_bits(instance->type_sw, instance->type_sw_reg,
+ RG_PHY_SW_TYPE << offset, type << offset);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 531/862] mtd: rawnand: intel: Read the chip-select line from the correct OF node
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (529 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 530/862] phy: phy-mtk-tphy: fix the phy type setting issue Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 532/862] mtd: rawnand: intel: Remove undocumented compatible string Greg Kroah-Hartman
` (345 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Blumenstingl, Miquel Raynal,
Sasha Levin
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit bfc618fcc3f167ad082053e81e9d664e724c6288 ]
The chip select has to be read from the flash node which is a child node
of the NAND controller.
Fixes: 0b1039f016e8a3 ("mtd: rawnand: Add NAND controller support on Intel LGM SoC")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220702231227.1579176-4-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/intel-nand-controller.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/nand/raw/intel-nand-controller.c b/drivers/mtd/nand/raw/intel-nand-controller.c
index e91b879b32bd..3df3f32423f9 100644
--- a/drivers/mtd/nand/raw/intel-nand-controller.c
+++ b/drivers/mtd/nand/raw/intel-nand-controller.c
@@ -16,6 +16,7 @@
#include <linux/mtd/rawnand.h>
#include <linux/mtd/nand.h>
+#include <linux/of.h>
#include <linux/platform_device.h>
#include <linux/sched.h>
#include <linux/slab.h>
@@ -580,6 +581,7 @@ static int ebu_nand_probe(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
struct ebu_nand_controller *ebu_host;
+ struct device_node *chip_np;
struct nand_chip *nand;
struct mtd_info *mtd;
struct resource *res;
@@ -604,7 +606,12 @@ static int ebu_nand_probe(struct platform_device *pdev)
if (IS_ERR(ebu_host->hsnand))
return PTR_ERR(ebu_host->hsnand);
- ret = device_property_read_u32(dev, "reg", &cs);
+ chip_np = of_get_next_child(dev->of_node, NULL);
+ if (!chip_np)
+ return dev_err_probe(dev, -EINVAL,
+ "Could not find child node for the NAND chip\n");
+
+ ret = of_property_read_u32(chip_np, "reg", &cs);
if (ret) {
dev_err(dev, "failed to get chip select: %d\n", ret);
return ret;
@@ -660,7 +667,7 @@ static int ebu_nand_probe(struct platform_device *pdev)
writel(ebu_host->cs[cs].addr_sel | EBU_ADDR_MASK(5) | EBU_ADDR_SEL_REGEN,
ebu_host->ebu + EBU_ADDR_SEL(cs));
- nand_set_flash_node(&ebu_host->chip, dev->of_node);
+ nand_set_flash_node(&ebu_host->chip, chip_np);
mtd = nand_to_mtd(&ebu_host->chip);
if (!mtd->name) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 532/862] mtd: rawnand: intel: Remove undocumented compatible string
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (530 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 531/862] mtd: rawnand: intel: Read the chip-select line from the correct OF node Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 533/862] mtd: rawnand: fsl_elbc: Fix none ECC mode Greg Kroah-Hartman
` (344 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Blumenstingl, Miquel Raynal,
Sasha Levin
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit 68c02ebaa34d41063ccbbc789a352537ddc3cd8a ]
The "intel,nand-controller" compatible string is not part of the
dt-bindings. Remove it from the driver as it's not supposed to be used
without any documentation for it.
Fixes: 0b1039f016e8a3 ("mtd: rawnand: Add NAND controller support on Intel LGM SoC")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220702231227.1579176-5-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/intel-nand-controller.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/intel-nand-controller.c b/drivers/mtd/nand/raw/intel-nand-controller.c
index 3df3f32423f9..056835fd4562 100644
--- a/drivers/mtd/nand/raw/intel-nand-controller.c
+++ b/drivers/mtd/nand/raw/intel-nand-controller.c
@@ -723,7 +723,6 @@ static int ebu_nand_remove(struct platform_device *pdev)
}
static const struct of_device_id ebu_nand_match[] = {
- { .compatible = "intel,nand-controller" },
{ .compatible = "intel,lgm-ebunand" },
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 533/862] mtd: rawnand: fsl_elbc: Fix none ECC mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (531 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 532/862] mtd: rawnand: intel: Remove undocumented compatible string Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 534/862] RDMA/irdma: Align AE id codes to correct flush code and event Greg Kroah-Hartman
` (343 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Marek Behún,
Miquel Raynal, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 049e43b9fd8fd2966940485da163d67e96ee3fea ]
Commit f6424c22aa36 ("mtd: rawnand: fsl_elbc: Make SW ECC work") added
support for specifying ECC mode via DTS and skipping autodetection.
But it broke explicit specification of HW ECC mode in DTS as correct
settings for HW ECC mode are applied only when NONE mode or nothing was
specified in DTS file.
Also it started aliasing NONE mode to be same as when ECC mode was not
specified and disallowed usage of ON_DIE mode.
Fix all these issues. Use autodetection of ECC mode only in case when mode
was really not specified in DTS file by checking that ecc value is invalid.
Set HW ECC settings either when HW ECC was specified in DTS or it was
autodetected. And do not fail when ON_DIE mode is set.
Fixes: f6424c22aa36 ("mtd: rawnand: fsl_elbc: Make SW ECC work")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220707184328.3845-1-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/fsl_elbc_nand.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/drivers/mtd/nand/raw/fsl_elbc_nand.c b/drivers/mtd/nand/raw/fsl_elbc_nand.c
index aab93b9e6052..a18d121396aa 100644
--- a/drivers/mtd/nand/raw/fsl_elbc_nand.c
+++ b/drivers/mtd/nand/raw/fsl_elbc_nand.c
@@ -726,36 +726,40 @@ static int fsl_elbc_attach_chip(struct nand_chip *chip)
struct fsl_lbc_regs __iomem *lbc = ctrl->regs;
unsigned int al;
- switch (chip->ecc.engine_type) {
/*
* if ECC was not chosen in DT, decide whether to use HW or SW ECC from
* CS Base Register
*/
- case NAND_ECC_ENGINE_TYPE_NONE:
+ if (chip->ecc.engine_type == NAND_ECC_ENGINE_TYPE_INVALID) {
/* If CS Base Register selects full hardware ECC then use it */
if ((in_be32(&lbc->bank[priv->bank].br) & BR_DECC) ==
BR_DECC_CHK_GEN) {
- chip->ecc.read_page = fsl_elbc_read_page;
- chip->ecc.write_page = fsl_elbc_write_page;
- chip->ecc.write_subpage = fsl_elbc_write_subpage;
-
chip->ecc.engine_type = NAND_ECC_ENGINE_TYPE_ON_HOST;
- mtd_set_ooblayout(mtd, &fsl_elbc_ooblayout_ops);
- chip->ecc.size = 512;
- chip->ecc.bytes = 3;
- chip->ecc.strength = 1;
} else {
/* otherwise fall back to default software ECC */
chip->ecc.engine_type = NAND_ECC_ENGINE_TYPE_SOFT;
chip->ecc.algo = NAND_ECC_ALGO_HAMMING;
}
+ }
+
+ switch (chip->ecc.engine_type) {
+ /* if HW ECC was chosen, setup ecc and oob layout */
+ case NAND_ECC_ENGINE_TYPE_ON_HOST:
+ chip->ecc.read_page = fsl_elbc_read_page;
+ chip->ecc.write_page = fsl_elbc_write_page;
+ chip->ecc.write_subpage = fsl_elbc_write_subpage;
+ mtd_set_ooblayout(mtd, &fsl_elbc_ooblayout_ops);
+ chip->ecc.size = 512;
+ chip->ecc.bytes = 3;
+ chip->ecc.strength = 1;
break;
- /* if SW ECC was chosen in DT, we do not need to set anything here */
+ /* if none or SW ECC was chosen, we do not need to set anything here */
+ case NAND_ECC_ENGINE_TYPE_NONE:
case NAND_ECC_ENGINE_TYPE_SOFT:
+ case NAND_ECC_ENGINE_TYPE_ON_DIE:
break;
- /* should we also implement *_ECC_ENGINE_CONTROLLER to do as above? */
default:
return -EINVAL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 534/862] RDMA/irdma: Align AE id codes to correct flush code and event
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (532 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 533/862] mtd: rawnand: fsl_elbc: Fix none ECC mode Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 535/862] RDMA/irdma: Validate udata inlen and outlen Greg Kroah-Hartman
` (342 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sindhu-Devale, Shiraz Saleem,
Leon Romanovsky, Sasha Levin
From: Sindhu-Devale <sindhu.devale@intel.com>
[ Upstream commit 7f51a961f8c6b84752a48e950074a8c4a0808d91 ]
A number of asynchronous event (AE) ids were not aligned to the
correct flush_code and event_type. Fix these up so that the
correct IBV error and event codes are returned to application.
Also, add handling for new AE ids like IRDMA_AE_INVALID_REQUEST to
return the correct WC error code.
Fixes: 44d9e52977a1 ("RDMA/irdma: Implement device initialization definitions")
Signed-off-by: Sindhu-Devale <sindhu.devale@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Link: https://lore.kernel.org/r/20220907191324.1173-2-shiraz.saleem@intel.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/irdma/defs.h | 1 +
drivers/infiniband/hw/irdma/hw.c | 51 +++++++++++++++++------------
drivers/infiniband/hw/irdma/type.h | 1 +
drivers/infiniband/hw/irdma/user.h | 1 +
drivers/infiniband/hw/irdma/utils.c | 3 ++
drivers/infiniband/hw/irdma/verbs.c | 2 ++
6 files changed, 38 insertions(+), 21 deletions(-)
diff --git a/drivers/infiniband/hw/irdma/defs.h b/drivers/infiniband/hw/irdma/defs.h
index e03e03082a5f..c1906cab5c8a 100644
--- a/drivers/infiniband/hw/irdma/defs.h
+++ b/drivers/infiniband/hw/irdma/defs.h
@@ -314,6 +314,7 @@ enum irdma_cqp_op_type {
#define IRDMA_AE_IB_REMOTE_ACCESS_ERROR 0x020d
#define IRDMA_AE_IB_REMOTE_OP_ERROR 0x020e
#define IRDMA_AE_WQE_LSMM_TOO_LONG 0x0220
+#define IRDMA_AE_INVALID_REQUEST 0x0223
#define IRDMA_AE_DDP_INVALID_MSN_GAP_IN_MSN 0x0301
#define IRDMA_AE_DDP_UBE_DDP_MESSAGE_TOO_LONG_FOR_AVAILABLE_BUFFER 0x0303
#define IRDMA_AE_DDP_UBE_INVALID_DDP_VERSION 0x0304
diff --git a/drivers/infiniband/hw/irdma/hw.c b/drivers/infiniband/hw/irdma/hw.c
index 4f132c6fb653..ab246447520b 100644
--- a/drivers/infiniband/hw/irdma/hw.c
+++ b/drivers/infiniband/hw/irdma/hw.c
@@ -138,59 +138,68 @@ static void irdma_set_flush_fields(struct irdma_sc_qp *qp,
qp->event_type = IRDMA_QP_EVENT_CATASTROPHIC;
switch (info->ae_id) {
- case IRDMA_AE_AMP_UNALLOCATED_STAG:
case IRDMA_AE_AMP_BOUNDS_VIOLATION:
case IRDMA_AE_AMP_INVALID_STAG:
- qp->event_type = IRDMA_QP_EVENT_ACCESS_ERR;
- fallthrough;
+ case IRDMA_AE_AMP_RIGHTS_VIOLATION:
+ case IRDMA_AE_AMP_UNALLOCATED_STAG:
case IRDMA_AE_AMP_BAD_PD:
- case IRDMA_AE_UDA_XMIT_BAD_PD:
+ case IRDMA_AE_AMP_BAD_QP:
+ case IRDMA_AE_AMP_BAD_STAG_KEY:
+ case IRDMA_AE_AMP_BAD_STAG_INDEX:
+ case IRDMA_AE_AMP_TO_WRAP:
+ case IRDMA_AE_PRIV_OPERATION_DENIED:
qp->flush_code = FLUSH_PROT_ERR;
+ qp->event_type = IRDMA_QP_EVENT_ACCESS_ERR;
break;
- case IRDMA_AE_AMP_BAD_QP:
+ case IRDMA_AE_UDA_XMIT_BAD_PD:
case IRDMA_AE_WQE_UNEXPECTED_OPCODE:
qp->flush_code = FLUSH_LOC_QP_OP_ERR;
+ qp->event_type = IRDMA_QP_EVENT_CATASTROPHIC;
+ break;
+ case IRDMA_AE_UDA_XMIT_DGRAM_TOO_LONG:
+ case IRDMA_AE_UDA_XMIT_DGRAM_TOO_SHORT:
+ case IRDMA_AE_UDA_L4LEN_INVALID:
+ case IRDMA_AE_DDP_UBE_INVALID_MO:
+ case IRDMA_AE_DDP_UBE_DDP_MESSAGE_TOO_LONG_FOR_AVAILABLE_BUFFER:
+ qp->flush_code = FLUSH_LOC_LEN_ERR;
+ qp->event_type = IRDMA_QP_EVENT_CATASTROPHIC;
break;
- case IRDMA_AE_AMP_BAD_STAG_KEY:
- case IRDMA_AE_AMP_BAD_STAG_INDEX:
- case IRDMA_AE_AMP_TO_WRAP:
- case IRDMA_AE_AMP_RIGHTS_VIOLATION:
case IRDMA_AE_AMP_INVALIDATE_NO_REMOTE_ACCESS_RIGHTS:
- case IRDMA_AE_PRIV_OPERATION_DENIED:
- case IRDMA_AE_IB_INVALID_REQUEST:
case IRDMA_AE_IB_REMOTE_ACCESS_ERROR:
qp->flush_code = FLUSH_REM_ACCESS_ERR;
qp->event_type = IRDMA_QP_EVENT_ACCESS_ERR;
break;
case IRDMA_AE_LLP_SEGMENT_TOO_SMALL:
- case IRDMA_AE_DDP_UBE_DDP_MESSAGE_TOO_LONG_FOR_AVAILABLE_BUFFER:
- case IRDMA_AE_UDA_XMIT_DGRAM_TOO_LONG:
- case IRDMA_AE_UDA_XMIT_DGRAM_TOO_SHORT:
- case IRDMA_AE_UDA_L4LEN_INVALID:
+ case IRDMA_AE_LLP_RECEIVED_MPA_CRC_ERROR:
case IRDMA_AE_ROCE_RSP_LENGTH_ERROR:
- qp->flush_code = FLUSH_LOC_LEN_ERR;
+ case IRDMA_AE_IB_REMOTE_OP_ERROR:
+ qp->flush_code = FLUSH_REM_OP_ERR;
+ qp->event_type = IRDMA_QP_EVENT_CATASTROPHIC;
break;
case IRDMA_AE_LCE_QP_CATASTROPHIC:
qp->flush_code = FLUSH_FATAL_ERR;
+ qp->event_type = IRDMA_QP_EVENT_CATASTROPHIC;
break;
- case IRDMA_AE_DDP_UBE_INVALID_MO:
case IRDMA_AE_IB_RREQ_AND_Q1_FULL:
- case IRDMA_AE_LLP_RECEIVED_MPA_CRC_ERROR:
qp->flush_code = FLUSH_GENERAL_ERR;
break;
case IRDMA_AE_LLP_TOO_MANY_RETRIES:
qp->flush_code = FLUSH_RETRY_EXC_ERR;
+ qp->event_type = IRDMA_QP_EVENT_CATASTROPHIC;
break;
case IRDMA_AE_AMP_MWBIND_INVALID_RIGHTS:
case IRDMA_AE_AMP_MWBIND_BIND_DISABLED:
case IRDMA_AE_AMP_MWBIND_INVALID_BOUNDS:
qp->flush_code = FLUSH_MW_BIND_ERR;
+ qp->event_type = IRDMA_QP_EVENT_ACCESS_ERR;
break;
- case IRDMA_AE_IB_REMOTE_OP_ERROR:
- qp->flush_code = FLUSH_REM_OP_ERR;
+ case IRDMA_AE_IB_INVALID_REQUEST:
+ qp->flush_code = FLUSH_REM_INV_REQ_ERR;
+ qp->event_type = IRDMA_QP_EVENT_REQ_ERR;
break;
default:
- qp->flush_code = FLUSH_FATAL_ERR;
+ qp->flush_code = FLUSH_GENERAL_ERR;
+ qp->event_type = IRDMA_QP_EVENT_CATASTROPHIC;
break;
}
}
diff --git a/drivers/infiniband/hw/irdma/type.h b/drivers/infiniband/hw/irdma/type.h
index 9e7b8ecb137a..517d41a1c289 100644
--- a/drivers/infiniband/hw/irdma/type.h
+++ b/drivers/infiniband/hw/irdma/type.h
@@ -98,6 +98,7 @@ enum irdma_term_mpa_errors {
enum irdma_qp_event_type {
IRDMA_QP_EVENT_CATASTROPHIC,
IRDMA_QP_EVENT_ACCESS_ERR,
+ IRDMA_QP_EVENT_REQ_ERR,
};
enum irdma_hw_stats_index_32b {
diff --git a/drivers/infiniband/hw/irdma/user.h b/drivers/infiniband/hw/irdma/user.h
index ddd0ebbdd7d5..2ef61923c926 100644
--- a/drivers/infiniband/hw/irdma/user.h
+++ b/drivers/infiniband/hw/irdma/user.h
@@ -103,6 +103,7 @@ enum irdma_flush_opcode {
FLUSH_FATAL_ERR,
FLUSH_RETRY_EXC_ERR,
FLUSH_MW_BIND_ERR,
+ FLUSH_REM_INV_REQ_ERR,
};
enum irdma_cmpl_status {
diff --git a/drivers/infiniband/hw/irdma/utils.c b/drivers/infiniband/hw/irdma/utils.c
index 075defaabee5..8dfc9e154d73 100644
--- a/drivers/infiniband/hw/irdma/utils.c
+++ b/drivers/infiniband/hw/irdma/utils.c
@@ -2479,6 +2479,9 @@ void irdma_ib_qp_event(struct irdma_qp *iwqp, enum irdma_qp_event_type event)
case IRDMA_QP_EVENT_ACCESS_ERR:
ibevent.event = IB_EVENT_QP_ACCESS_ERR;
break;
+ case IRDMA_QP_EVENT_REQ_ERR:
+ ibevent.event = IB_EVENT_QP_REQ_ERR;
+ break;
}
ibevent.device = iwqp->ibqp.device;
ibevent.element.qp = &iwqp->ibqp;
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index 9b207f5084eb..6f07a913ef88 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -3315,6 +3315,8 @@ static enum ib_wc_status irdma_flush_err_to_ib_wc_status(enum irdma_flush_opcode
return IB_WC_RETRY_EXC_ERR;
case FLUSH_MW_BIND_ERR:
return IB_WC_MW_BIND_ERR;
+ case FLUSH_REM_INV_REQ_ERR:
+ return IB_WC_REM_INV_REQ_ERR;
case FLUSH_FATAL_ERR:
default:
return IB_WC_FATAL_ERR;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 535/862] RDMA/irdma: Validate udata inlen and outlen
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (533 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 534/862] RDMA/irdma: Align AE id codes to correct flush code and event Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 536/862] RDMA/srp: Fix srp_abort() Greg Kroah-Hartman
` (341 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Shiraz Saleem,
Leon Romanovsky, Sasha Levin
From: Shiraz Saleem <shiraz.saleem@intel.com>
[ Upstream commit 34acb833cc83bdea912a160ff99b537e62bb4cf3 ]
Currently ib_copy_from_udata and ib_copy_to_udata could underfill
the request and response buffer if the user-space passes an undersized
value for udata->inlen or udata->outlen respectively [1]
This could lead to undesirable behavior.
Zero initing the buffer only goes as far as preventing using the buffer
uninitialized.
Validate udata->inlen and udata->outlen passed from user-space to ensure
they are at least the required minimum size.
[1] https://lore.kernel.org/linux-rdma/MWHPR11MB0029F37D40D9D4A993F8F549E9D79@MWHPR11MB0029.namprd11.prod.outlook.com/
Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Link: https://lore.kernel.org/r/20220907191324.1173-3-shiraz.saleem@intel.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/irdma/verbs.c | 67 ++++++++++++++++++++++++++---
1 file changed, 60 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c
index 6f07a913ef88..a22afbb25bc5 100644
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -299,13 +299,19 @@ static void irdma_alloc_push_page(struct irdma_qp *iwqp)
static int irdma_alloc_ucontext(struct ib_ucontext *uctx,
struct ib_udata *udata)
{
+#define IRDMA_ALLOC_UCTX_MIN_REQ_LEN offsetofend(struct irdma_alloc_ucontext_req, rsvd8)
+#define IRDMA_ALLOC_UCTX_MIN_RESP_LEN offsetofend(struct irdma_alloc_ucontext_resp, rsvd)
struct ib_device *ibdev = uctx->device;
struct irdma_device *iwdev = to_iwdev(ibdev);
- struct irdma_alloc_ucontext_req req;
+ struct irdma_alloc_ucontext_req req = {};
struct irdma_alloc_ucontext_resp uresp = {};
struct irdma_ucontext *ucontext = to_ucontext(uctx);
struct irdma_uk_attrs *uk_attrs;
+ if (udata->inlen < IRDMA_ALLOC_UCTX_MIN_REQ_LEN ||
+ udata->outlen < IRDMA_ALLOC_UCTX_MIN_RESP_LEN)
+ return -EINVAL;
+
if (ib_copy_from_udata(&req, udata, min(sizeof(req), udata->inlen)))
return -EINVAL;
@@ -317,7 +323,7 @@ static int irdma_alloc_ucontext(struct ib_ucontext *uctx,
uk_attrs = &iwdev->rf->sc_dev.hw_attrs.uk_attrs;
/* GEN_1 legacy support with libi40iw */
- if (udata->outlen < sizeof(uresp)) {
+ if (udata->outlen == IRDMA_ALLOC_UCTX_MIN_RESP_LEN) {
if (uk_attrs->hw_rev != IRDMA_GEN_1)
return -EOPNOTSUPP;
@@ -389,6 +395,7 @@ static void irdma_dealloc_ucontext(struct ib_ucontext *context)
*/
static int irdma_alloc_pd(struct ib_pd *pd, struct ib_udata *udata)
{
+#define IRDMA_ALLOC_PD_MIN_RESP_LEN offsetofend(struct irdma_alloc_pd_resp, rsvd)
struct irdma_pd *iwpd = to_iwpd(pd);
struct irdma_device *iwdev = to_iwdev(pd->device);
struct irdma_sc_dev *dev = &iwdev->rf->sc_dev;
@@ -398,6 +405,9 @@ static int irdma_alloc_pd(struct ib_pd *pd, struct ib_udata *udata)
u32 pd_id = 0;
int err;
+ if (udata && udata->outlen < IRDMA_ALLOC_PD_MIN_RESP_LEN)
+ return -EINVAL;
+
err = irdma_alloc_rsrc(rf, rf->allocated_pds, rf->max_pd, &pd_id,
&rf->next_pd);
if (err)
@@ -814,12 +824,14 @@ static int irdma_create_qp(struct ib_qp *ibqp,
struct ib_qp_init_attr *init_attr,
struct ib_udata *udata)
{
+#define IRDMA_CREATE_QP_MIN_REQ_LEN offsetofend(struct irdma_create_qp_req, user_compl_ctx)
+#define IRDMA_CREATE_QP_MIN_RESP_LEN offsetofend(struct irdma_create_qp_resp, rsvd)
struct ib_pd *ibpd = ibqp->pd;
struct irdma_pd *iwpd = to_iwpd(ibpd);
struct irdma_device *iwdev = to_iwdev(ibpd->device);
struct irdma_pci_f *rf = iwdev->rf;
struct irdma_qp *iwqp = to_iwqp(ibqp);
- struct irdma_create_qp_req req;
+ struct irdma_create_qp_req req = {};
struct irdma_create_qp_resp uresp = {};
u32 qp_num = 0;
int err_code;
@@ -836,6 +848,10 @@ static int irdma_create_qp(struct ib_qp *ibqp,
if (err_code)
return err_code;
+ if (udata && (udata->inlen < IRDMA_CREATE_QP_MIN_REQ_LEN ||
+ udata->outlen < IRDMA_CREATE_QP_MIN_RESP_LEN))
+ return -EINVAL;
+
sq_size = init_attr->cap.max_send_wr;
rq_size = init_attr->cap.max_recv_wr;
@@ -1120,6 +1136,8 @@ static int irdma_query_pkey(struct ib_device *ibdev, u32 port, u16 index,
int irdma_modify_qp_roce(struct ib_qp *ibqp, struct ib_qp_attr *attr,
int attr_mask, struct ib_udata *udata)
{
+#define IRDMA_MODIFY_QP_MIN_REQ_LEN offsetofend(struct irdma_modify_qp_req, rq_flush)
+#define IRDMA_MODIFY_QP_MIN_RESP_LEN offsetofend(struct irdma_modify_qp_resp, push_valid)
struct irdma_pd *iwpd = to_iwpd(ibqp->pd);
struct irdma_qp *iwqp = to_iwqp(ibqp);
struct irdma_device *iwdev = iwqp->iwdev;
@@ -1138,6 +1156,13 @@ int irdma_modify_qp_roce(struct ib_qp *ibqp, struct ib_qp_attr *attr,
roce_info = &iwqp->roce_info;
udp_info = &iwqp->udp_info;
+ if (udata) {
+ /* udata inlen/outlen can be 0 when supporting legacy libi40iw */
+ if ((udata->inlen && udata->inlen < IRDMA_MODIFY_QP_MIN_REQ_LEN) ||
+ (udata->outlen && udata->outlen < IRDMA_MODIFY_QP_MIN_RESP_LEN))
+ return -EINVAL;
+ }
+
if (attr_mask & ~IB_QP_ATTR_STANDARD_BITS)
return -EOPNOTSUPP;
@@ -1374,7 +1399,7 @@ int irdma_modify_qp_roce(struct ib_qp *ibqp, struct ib_qp_attr *attr,
if (iwqp->iwarp_state == IRDMA_QP_STATE_ERROR) {
spin_unlock_irqrestore(&iwqp->lock, flags);
- if (udata) {
+ if (udata && udata->inlen) {
if (ib_copy_from_udata(&ureq, udata,
min(sizeof(ureq), udata->inlen)))
return -EINVAL;
@@ -1426,7 +1451,7 @@ int irdma_modify_qp_roce(struct ib_qp *ibqp, struct ib_qp_attr *attr,
} else {
iwqp->ibqp_state = attr->qp_state;
}
- if (udata && dev->hw_attrs.uk_attrs.hw_rev >= IRDMA_GEN_2) {
+ if (udata && udata->outlen && dev->hw_attrs.uk_attrs.hw_rev >= IRDMA_GEN_2) {
struct irdma_ucontext *ucontext;
ucontext = rdma_udata_to_drv_context(udata,
@@ -1466,6 +1491,8 @@ int irdma_modify_qp_roce(struct ib_qp *ibqp, struct ib_qp_attr *attr,
int irdma_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask,
struct ib_udata *udata)
{
+#define IRDMA_MODIFY_QP_MIN_REQ_LEN offsetofend(struct irdma_modify_qp_req, rq_flush)
+#define IRDMA_MODIFY_QP_MIN_RESP_LEN offsetofend(struct irdma_modify_qp_resp, push_valid)
struct irdma_qp *iwqp = to_iwqp(ibqp);
struct irdma_device *iwdev = iwqp->iwdev;
struct irdma_sc_dev *dev = &iwdev->rf->sc_dev;
@@ -1480,6 +1507,13 @@ int irdma_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask,
int err;
unsigned long flags;
+ if (udata) {
+ /* udata inlen/outlen can be 0 when supporting legacy libi40iw */
+ if ((udata->inlen && udata->inlen < IRDMA_MODIFY_QP_MIN_REQ_LEN) ||
+ (udata->outlen && udata->outlen < IRDMA_MODIFY_QP_MIN_RESP_LEN))
+ return -EINVAL;
+ }
+
if (attr_mask & ~IB_QP_ATTR_STANDARD_BITS)
return -EOPNOTSUPP;
@@ -1565,7 +1599,7 @@ int irdma_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask,
case IB_QPS_RESET:
if (iwqp->iwarp_state == IRDMA_QP_STATE_ERROR) {
spin_unlock_irqrestore(&iwqp->lock, flags);
- if (udata) {
+ if (udata && udata->inlen) {
if (ib_copy_from_udata(&ureq, udata,
min(sizeof(ureq), udata->inlen)))
return -EINVAL;
@@ -1662,7 +1696,7 @@ int irdma_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, int attr_mask,
}
}
}
- if (attr_mask & IB_QP_STATE && udata &&
+ if (attr_mask & IB_QP_STATE && udata && udata->outlen &&
dev->hw_attrs.uk_attrs.hw_rev >= IRDMA_GEN_2) {
struct irdma_ucontext *ucontext;
@@ -1797,6 +1831,7 @@ static int irdma_destroy_cq(struct ib_cq *ib_cq, struct ib_udata *udata)
static int irdma_resize_cq(struct ib_cq *ibcq, int entries,
struct ib_udata *udata)
{
+#define IRDMA_RESIZE_CQ_MIN_REQ_LEN offsetofend(struct irdma_resize_cq_req, user_cq_buffer)
struct irdma_cq *iwcq = to_iwcq(ibcq);
struct irdma_sc_dev *dev = iwcq->sc_cq.dev;
struct irdma_cqp_request *cqp_request;
@@ -1819,6 +1854,9 @@ static int irdma_resize_cq(struct ib_cq *ibcq, int entries,
IRDMA_FEATURE_CQ_RESIZE))
return -EOPNOTSUPP;
+ if (udata && udata->inlen < IRDMA_RESIZE_CQ_MIN_REQ_LEN)
+ return -EINVAL;
+
if (entries > rf->max_cqe)
return -EINVAL;
@@ -1951,6 +1989,8 @@ static int irdma_create_cq(struct ib_cq *ibcq,
const struct ib_cq_init_attr *attr,
struct ib_udata *udata)
{
+#define IRDMA_CREATE_CQ_MIN_REQ_LEN offsetofend(struct irdma_create_cq_req, user_cq_buf)
+#define IRDMA_CREATE_CQ_MIN_RESP_LEN offsetofend(struct irdma_create_cq_resp, cq_size)
struct ib_device *ibdev = ibcq->device;
struct irdma_device *iwdev = to_iwdev(ibdev);
struct irdma_pci_f *rf = iwdev->rf;
@@ -1969,6 +2009,11 @@ static int irdma_create_cq(struct ib_cq *ibcq,
err_code = cq_validate_flags(attr->flags, dev->hw_attrs.uk_attrs.hw_rev);
if (err_code)
return err_code;
+
+ if (udata && (udata->inlen < IRDMA_CREATE_CQ_MIN_REQ_LEN ||
+ udata->outlen < IRDMA_CREATE_CQ_MIN_RESP_LEN))
+ return -EINVAL;
+
err_code = irdma_alloc_rsrc(rf, rf->allocated_cqs, rf->max_cq, &cq_num,
&rf->next_cq);
if (err_code)
@@ -2746,6 +2791,7 @@ static struct ib_mr *irdma_reg_user_mr(struct ib_pd *pd, u64 start, u64 len,
u64 virt, int access,
struct ib_udata *udata)
{
+#define IRDMA_MEM_REG_MIN_REQ_LEN offsetofend(struct irdma_mem_reg_req, sq_pages)
struct irdma_device *iwdev = to_iwdev(pd->device);
struct irdma_ucontext *ucontext;
struct irdma_pble_alloc *palloc;
@@ -2763,6 +2809,9 @@ static struct ib_mr *irdma_reg_user_mr(struct ib_pd *pd, u64 start, u64 len,
if (len > iwdev->rf->sc_dev.hw_attrs.max_mr_size)
return ERR_PTR(-EINVAL);
+ if (udata->inlen < IRDMA_MEM_REG_MIN_REQ_LEN)
+ return ERR_PTR(-EINVAL);
+
region = ib_umem_get(pd->device, start, len, access);
if (IS_ERR(region)) {
@@ -4298,12 +4347,16 @@ static int irdma_create_user_ah(struct ib_ah *ibah,
struct rdma_ah_init_attr *attr,
struct ib_udata *udata)
{
+#define IRDMA_CREATE_AH_MIN_RESP_LEN offsetofend(struct irdma_create_ah_resp, rsvd)
struct irdma_ah *ah = container_of(ibah, struct irdma_ah, ibah);
struct irdma_device *iwdev = to_iwdev(ibah->pd->device);
struct irdma_create_ah_resp uresp;
struct irdma_ah *parent_ah;
int err;
+ if (udata && udata->outlen < IRDMA_CREATE_AH_MIN_RESP_LEN)
+ return -EINVAL;
+
err = irdma_setup_ah(ibah, attr);
if (err)
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 536/862] RDMA/srp: Fix srp_abort()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (534 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 535/862] RDMA/irdma: Validate udata inlen and outlen Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 537/862] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall Greg Kroah-Hartman
` (340 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiao Yang, Bart Van Assche,
Leon Romanovsky, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 6dbe4a8dead84de474483910b02ec9e6a10fc1a9 ]
Fix the code for converting a SCSI command pointer into an SRP request
pointer.
Cc: Xiao Yang <yangx.jy@fujitsu.com>
Fixes: ad215aaea4f9 ("RDMA/srp: Make struct scsi_cmnd and struct srp_request adjacent")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20220908233139.3042628-1-bvanassche@acm.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/ulp/srp/ib_srp.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index d7f69e593a63..9c9872868aee 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -2789,7 +2789,7 @@ static int srp_send_tsk_mgmt(struct srp_rdma_ch *ch, u64 req_tag, u64 lun,
static int srp_abort(struct scsi_cmnd *scmnd)
{
struct srp_target_port *target = host_to_target(scmnd->device->host);
- struct srp_request *req = (struct srp_request *) scmnd->host_scribble;
+ struct srp_request *req = scsi_cmd_priv(scmnd);
u32 tag;
u16 ch_idx;
struct srp_rdma_ch *ch;
@@ -2797,8 +2797,6 @@ static int srp_abort(struct scsi_cmnd *scmnd)
shost_printk(KERN_ERR, target->scsi_host, "SRP abort called\n");
- if (!req)
- return SUCCESS;
tag = blk_mq_unique_tag(scsi_cmd_to_rq(scmnd));
ch_idx = blk_mq_unique_tag_to_hwq(tag);
if (WARN_ON_ONCE(ch_idx >= target->ch_count))
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 537/862] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (535 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 536/862] RDMA/srp: Fix srp_abort() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 538/862] RDMA/siw: Fix QP destroy to wait for all references dropped Greg Kroah-Hartman
` (339 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Olga Kornievskaia, Bernard Metzler,
Leon Romanovsky, Sasha Levin
From: Bernard Metzler <bmt@zurich.ibm.com>
[ Upstream commit 754209850df8367c954ac1de7671c7430b1f342c ]
For header and trailer/padding processing, siw did not consume new
skb data until minimum amount present to fill current header or trailer
structure, including potential payload padding. Not consuming any
data during upcall may cause a receive stall, since tcp_read_sock()
is not upcalling again if no new data arrive.
A NFSoRDMA client got stuck at RDMA Write reception of unaligned
payload, if the current skb did contain only the expected 3 padding
bytes, but not the 4 bytes CRC trailer. Expecting 4 more bytes already
arrived in another skb, and not consuming those 3 bytes in the current
upcall left the Write incomplete, waiting for the CRC forever.
Fixes: 8b6a361b8c48 ("rdma/siw: receive path")
Reported-by: Olga Kornievskaia <kolga@netapp.com>
Tested-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
Link: https://lore.kernel.org/r/20220920081202.223629-1-bmt@zurich.ibm.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw_qp_rx.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/drivers/infiniband/sw/siw/siw_qp_rx.c b/drivers/infiniband/sw/siw/siw_qp_rx.c
index 875ea6f1b04a..fd721cc19682 100644
--- a/drivers/infiniband/sw/siw/siw_qp_rx.c
+++ b/drivers/infiniband/sw/siw/siw_qp_rx.c
@@ -961,27 +961,28 @@ int siw_proc_terminate(struct siw_qp *qp)
static int siw_get_trailer(struct siw_qp *qp, struct siw_rx_stream *srx)
{
struct sk_buff *skb = srx->skb;
+ int avail = min(srx->skb_new, srx->fpdu_part_rem);
u8 *tbuf = (u8 *)&srx->trailer.crc - srx->pad;
__wsum crc_in, crc_own = 0;
siw_dbg_qp(qp, "expected %d, available %d, pad %u\n",
srx->fpdu_part_rem, srx->skb_new, srx->pad);
- if (srx->skb_new < srx->fpdu_part_rem)
- return -EAGAIN;
-
- skb_copy_bits(skb, srx->skb_offset, tbuf, srx->fpdu_part_rem);
+ skb_copy_bits(skb, srx->skb_offset, tbuf, avail);
- if (srx->mpa_crc_hd && srx->pad)
- crypto_shash_update(srx->mpa_crc_hd, tbuf, srx->pad);
+ srx->skb_new -= avail;
+ srx->skb_offset += avail;
+ srx->skb_copied += avail;
+ srx->fpdu_part_rem -= avail;
- srx->skb_new -= srx->fpdu_part_rem;
- srx->skb_offset += srx->fpdu_part_rem;
- srx->skb_copied += srx->fpdu_part_rem;
+ if (srx->fpdu_part_rem)
+ return -EAGAIN;
if (!srx->mpa_crc_hd)
return 0;
+ if (srx->pad)
+ crypto_shash_update(srx->mpa_crc_hd, tbuf, srx->pad);
/*
* CRC32 is computed, transmitted and received directly in NBO,
* so there's never a reason to convert byte order.
@@ -1083,10 +1084,9 @@ static int siw_get_hdr(struct siw_rx_stream *srx)
* completely received.
*/
if (iwarp_pktinfo[opcode].hdr_len > sizeof(struct iwarp_ctrl_tagged)) {
- bytes = iwarp_pktinfo[opcode].hdr_len - MIN_DDP_HDR;
+ int hdrlen = iwarp_pktinfo[opcode].hdr_len;
- if (srx->skb_new < bytes)
- return -EAGAIN;
+ bytes = min_t(int, hdrlen - MIN_DDP_HDR, srx->skb_new);
skb_copy_bits(skb, srx->skb_offset,
(char *)c_hdr + srx->fpdu_part_rcvd, bytes);
@@ -1096,6 +1096,9 @@ static int siw_get_hdr(struct siw_rx_stream *srx)
srx->skb_new -= bytes;
srx->skb_offset += bytes;
srx->skb_copied += bytes;
+
+ if (srx->fpdu_part_rcvd < hdrlen)
+ return -EAGAIN;
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 538/862] RDMA/siw: Fix QP destroy to wait for all references dropped.
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (536 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 537/862] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 539/862] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Greg Kroah-Hartman
` (338 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Olga Kornievskaia, Bernard Metzler,
Leon Romanovsky, Sasha Levin
From: Bernard Metzler <bmt@zurich.ibm.com>
[ Upstream commit a3c278807a459e6f50afee6971cabe74cccfb490 ]
Delay QP destroy completion until all siw references to QP are
dropped. The calling RDMA core will free QP structure after
successful return from siw_qp_destroy() call, so siw must not
hold any remaining reference to the QP upon return.
A use-after-free was encountered in xfstest generic/460, while
testing NFSoRDMA. Here, after a TCP connection drop by peer,
the triggered siw_cm_work_handler got delayed until after
QP destroy call, referencing a QP which has already freed.
Fixes: 303ae1cdfdf7 ("rdma/siw: application interface")
Reported-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
Link: https://lore.kernel.org/r/20220920082503.224189-1-bmt@zurich.ibm.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw.h | 1 +
drivers/infiniband/sw/siw/siw_qp.c | 2 +-
drivers/infiniband/sw/siw/siw_verbs.c | 3 +++
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/siw/siw.h b/drivers/infiniband/sw/siw/siw.h
index df03d84c6868..2f3a9cda3850 100644
--- a/drivers/infiniband/sw/siw/siw.h
+++ b/drivers/infiniband/sw/siw/siw.h
@@ -418,6 +418,7 @@ struct siw_qp {
struct ib_qp base_qp;
struct siw_device *sdev;
struct kref ref;
+ struct completion qp_free;
struct list_head devq;
int tx_cpu;
struct siw_qp_attrs attrs;
diff --git a/drivers/infiniband/sw/siw/siw_qp.c b/drivers/infiniband/sw/siw/siw_qp.c
index 7e01f2438afc..e6f634971228 100644
--- a/drivers/infiniband/sw/siw/siw_qp.c
+++ b/drivers/infiniband/sw/siw/siw_qp.c
@@ -1342,6 +1342,6 @@ void siw_free_qp(struct kref *ref)
vfree(qp->orq);
siw_put_tx_cpu(qp->tx_cpu);
-
+ complete(&qp->qp_free);
atomic_dec(&sdev->num_qp);
}
diff --git a/drivers/infiniband/sw/siw/siw_verbs.c b/drivers/infiniband/sw/siw/siw_verbs.c
index 8dedae7ae79e..3e814cfb298c 100644
--- a/drivers/infiniband/sw/siw/siw_verbs.c
+++ b/drivers/infiniband/sw/siw/siw_verbs.c
@@ -480,6 +480,8 @@ int siw_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *attrs,
list_add_tail(&qp->devq, &sdev->qp_list);
spin_unlock_irqrestore(&sdev->lock, flags);
+ init_completion(&qp->qp_free);
+
return 0;
err_out_xa:
@@ -624,6 +626,7 @@ int siw_destroy_qp(struct ib_qp *base_qp, struct ib_udata *udata)
qp->scq = qp->rcq = NULL;
siw_qp_put(qp);
+ wait_for_completion(&qp->qp_free);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 539/862] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (537 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 538/862] RDMA/siw: Fix QP destroy to wait for all references dropped Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 540/862] ata: fix ata_id_has_devslp() Greg Kroah-Hartman
` (337 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit 690aa8c3ae308bc696ec8b1b357b995193927083 ]
ACS-5 section
7.13.6.41 Words 85..87, 120: Commands and feature sets supported or enabled
states that:
If bit 15 of word 86 is set to one, bit 14 of word 119 is set to one,
and bit 15 of word 119 is cleared to zero, then word 119 is valid.
If bit 15 of word 86 is set to one, bit 14 of word 120 is set to one,
and bit 15 of word 120 is cleared to zero, then word 120 is valid.
(This text also exists in really old ACS standards, e.g. ACS-3.)
Currently, ata_id_sense_reporting_enabled() and
ata_id_has_sense_reporting() both check bit 15 of word 86,
but neither of them check that bit 14 of word 119 is set to one,
or that bit 15 of word 119 is cleared to zero.
Additionally, make ata_id_sense_reporting_enabled() return false
if !ata_id_has_sense_reporting(), similar to how e.g.
ata_id_flush_ext_enabled() returns false if !ata_id_has_flush_ext().
Fixes: e87fd28cf9a2 ("libata: Implement support for sense data reporting")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index 21292b5bbb55..868bfd503aee 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -771,16 +771,21 @@ static inline bool ata_id_has_read_log_dma_ext(const u16 *id)
static inline bool ata_id_has_sense_reporting(const u16 *id)
{
- if (!(id[ATA_ID_CFS_ENABLE_2] & (1 << 15)))
+ if (!(id[ATA_ID_CFS_ENABLE_2] & BIT(15)))
+ return false;
+ if ((id[ATA_ID_COMMAND_SET_3] & (BIT(15) | BIT(14))) != BIT(14))
return false;
- return id[ATA_ID_COMMAND_SET_3] & (1 << 6);
+ return id[ATA_ID_COMMAND_SET_3] & BIT(6);
}
static inline bool ata_id_sense_reporting_enabled(const u16 *id)
{
- if (!(id[ATA_ID_CFS_ENABLE_2] & (1 << 15)))
+ if (!ata_id_has_sense_reporting(id))
+ return false;
+ /* ata_id_has_sense_reporting() == true, word 86 must have bit 15 set */
+ if ((id[ATA_ID_COMMAND_SET_4] & (BIT(15) | BIT(14))) != BIT(14))
return false;
- return id[ATA_ID_COMMAND_SET_4] & (1 << 6);
+ return id[ATA_ID_COMMAND_SET_4] & BIT(6);
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 540/862] ata: fix ata_id_has_devslp()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (538 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 539/862] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 541/862] ata: fix ata_id_has_ncq_autosense() Greg Kroah-Hartman
` (336 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit 9c6e09a434e1317e09b78b3b69cd384022ec9a03 ]
ACS-5 section
7.13.6.36 Word 78: Serial ATA features supported
states that:
If word 76 is not 0000h or FFFFh, word 78 reports the features supported
by the device. If this word is not supported, the word shall be cleared
to zero.
(This text also exists in really old ACS standards, e.g. ACS-3.)
Additionally, move the macro to the other ATA_ID_FEATURE_SUPP macros
(which already have this check), thus making it more likely that the
next ATA_ID_FEATURE_SUPP macro that is added will include this check.
Fixes: 65fe1f0f66a5 ("ahci: implement aggressive SATA device sleep support")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index 868bfd503aee..bc136a43689f 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -566,6 +566,10 @@ struct ata_bmdma_prd {
((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 2)))
+#define ata_id_has_devslp(id) \
+ ((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
+ ((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
+ ((id)[ATA_ID_FEATURE_SUPP] & (1 << 8)))
#define ata_id_iordy_disable(id) ((id)[ATA_ID_CAPABILITY] & (1 << 10))
#define ata_id_has_iordy(id) ((id)[ATA_ID_CAPABILITY] & (1 << 11))
#define ata_id_u32(id,n) \
@@ -578,7 +582,6 @@ struct ata_bmdma_prd {
#define ata_id_cdb_intr(id) (((id)[ATA_ID_CONFIG] & 0x60) == 0x20)
#define ata_id_has_da(id) ((id)[ATA_ID_SATA_CAPABILITY_2] & (1 << 4))
-#define ata_id_has_devslp(id) ((id)[ATA_ID_FEATURE_SUPP] & (1 << 8))
#define ata_id_has_ncq_autosense(id) \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 7))
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 541/862] ata: fix ata_id_has_ncq_autosense()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (539 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 540/862] ata: fix ata_id_has_devslp() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 542/862] ata: fix ata_id_has_dipm() Greg Kroah-Hartman
` (335 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit a5fb6bf853148974dbde092ec1bde553bea5e49f ]
ACS-5 section
7.13.6.36 Word 78: Serial ATA features supported
states that:
If word 76 is not 0000h or FFFFh, word 78 reports the features supported
by the device. If this word is not supported, the word shall be cleared
to zero.
(This text also exists in really old ACS standards, e.g. ACS-3.)
Additionally, move the macro to the other ATA_ID_FEATURE_SUPP macros
(which already have this check), thus making it more likely that the
next ATA_ID_FEATURE_SUPP macro that is added will include this check.
Fixes: 5b01e4b9efa0 ("libata: Implement NCQ autosense")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index bc136a43689f..4845443e0f08 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -570,6 +570,10 @@ struct ata_bmdma_prd {
((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 8)))
+#define ata_id_has_ncq_autosense(id) \
+ ((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
+ ((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
+ ((id)[ATA_ID_FEATURE_SUPP] & (1 << 7)))
#define ata_id_iordy_disable(id) ((id)[ATA_ID_CAPABILITY] & (1 << 10))
#define ata_id_has_iordy(id) ((id)[ATA_ID_CAPABILITY] & (1 << 11))
#define ata_id_u32(id,n) \
@@ -582,8 +586,6 @@ struct ata_bmdma_prd {
#define ata_id_cdb_intr(id) (((id)[ATA_ID_CONFIG] & 0x60) == 0x20)
#define ata_id_has_da(id) ((id)[ATA_ID_SATA_CAPABILITY_2] & (1 << 4))
-#define ata_id_has_ncq_autosense(id) \
- ((id)[ATA_ID_FEATURE_SUPP] & (1 << 7))
static inline bool ata_id_has_hipm(const u16 *id)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 542/862] ata: fix ata_id_has_dipm()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (540 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 541/862] ata: fix ata_id_has_ncq_autosense() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 543/862] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Greg Kroah-Hartman
` (334 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit 630624cb1b5826d753ac8e01a0e42de43d66dedf ]
ACS-5 section
7.13.6.36 Word 78: Serial ATA features supported
states that:
If word 76 is not 0000h or FFFFh, word 78 reports the features supported
by the device. If this word is not supported, the word shall be cleared
to zero.
(This text also exists in really old ACS standards, e.g. ACS-3.)
The problem with ata_id_has_dipm() is that the while it performs a
check against 0 and 0xffff, it performs the check against
ATA_ID_FEATURE_SUPP (word 78), the same word where the feature bit
is stored.
Fix this by performing the check against ATA_ID_SATA_CAPABILITY
(word 76), like required by the spec. The feature bit check itself
is of course still performed against ATA_ID_FEATURE_SUPP (word 78).
Additionally, move the macro to the other ATA_ID_FEATURE_SUPP macros
(which already have this check), thus making it more likely that the
next ATA_ID_FEATURE_SUPP macro that is added will include this check.
Fixes: ca77329fb713 ("[libata] Link power management infrastructure")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ata.h | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/include/linux/ata.h b/include/linux/ata.h
index 4845443e0f08..e3050e153a71 100644
--- a/include/linux/ata.h
+++ b/include/linux/ata.h
@@ -574,6 +574,10 @@ struct ata_bmdma_prd {
((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
((id)[ATA_ID_FEATURE_SUPP] & (1 << 7)))
+#define ata_id_has_dipm(id) \
+ ((((id)[ATA_ID_SATA_CAPABILITY] != 0x0000) && \
+ ((id)[ATA_ID_SATA_CAPABILITY] != 0xffff)) && \
+ ((id)[ATA_ID_FEATURE_SUPP] & (1 << 3)))
#define ata_id_iordy_disable(id) ((id)[ATA_ID_CAPABILITY] & (1 << 10))
#define ata_id_has_iordy(id) ((id)[ATA_ID_CAPABILITY] & (1 << 11))
#define ata_id_u32(id,n) \
@@ -597,17 +601,6 @@ static inline bool ata_id_has_hipm(const u16 *id)
return val & (1 << 9);
}
-static inline bool ata_id_has_dipm(const u16 *id)
-{
- u16 val = id[ATA_ID_FEATURE_SUPP];
-
- if (val == 0 || val == 0xffff)
- return false;
-
- return val & (1 << 3);
-}
-
-
static inline bool ata_id_has_fua(const u16 *id)
{
if ((id[ATA_ID_CFSSE] & 0xC000) != 0x4000)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 543/862] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (541 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 542/862] ata: fix ata_id_has_dipm() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 544/862] block: Fix the enum blk_eh_timer_return documentation Greg Kroah-Hartman
` (333 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Liang Yang,
Miquel Raynal, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 3e4ad3212cf22687410b1e8f4e68feec50646113 ]
The meson_nfc_ecc_correct() function accidentally does a right shift
instead of a left shift so it only works for BIT(0). Also use
BIT_ULL() because "correct_bitmap" is a u64 and we want to avoid
shift wrapping bugs.
Fixes: 8fae856c5350 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Liang Yang <liang.yang@amlogic.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/YuI2zF1hP65+LE7r@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/meson_nand.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
index 829b76b303aa..ad2ffd0ca800 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -454,7 +454,7 @@ static int meson_nfc_ecc_correct(struct nand_chip *nand, u32 *bitflips,
if (ECC_ERR_CNT(*info) != ECC_UNCORRECTABLE) {
mtd->ecc_stats.corrected += ECC_ERR_CNT(*info);
*bitflips = max_t(u32, *bitflips, ECC_ERR_CNT(*info));
- *correct_bitmap |= 1 >> i;
+ *correct_bitmap |= BIT_ULL(i);
continue;
}
if ((nand->options & NAND_NEED_SCRAMBLING) &&
@@ -800,7 +800,7 @@ static int meson_nfc_read_page_hwecc(struct nand_chip *nand, u8 *buf,
u8 *data = buf + i * ecc->size;
u8 *oob = nand->oob_poi + i * (ecc->bytes + 2);
- if (correct_bitmap & (1 << i))
+ if (correct_bitmap & BIT_ULL(i))
continue;
ret = nand_check_erased_ecc_chunk(data, ecc->size,
oob, ecc->bytes + 2,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 544/862] block: Fix the enum blk_eh_timer_return documentation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (542 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 543/862] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 545/862] eventfd: guard wake_up in eventfd fs calls as well Greg Kroah-Hartman
` (332 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Ming Lei,
Hannes Reinecke, Damien Le Moal, Johannes Thumshirn,
Bart Van Assche, Damien Le Moal, Jens Axboe, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit b2bed51a5261f4266ecb857bba680a7f668d3ddf ]
The documentation of the blk_eh_timer_return enumeration values does not
reflect correctly how e.g. the SCSI core uses these values. Fix the
documentation.
Cc: Christoph Hellwig <hch@lst.de>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Damien Le Moal <damien.lemoal@wdc.com>
Cc: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Fixes: 88b0cfad2888 ("block: document the blk_eh_timer_return values")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Link: https://lore.kernel.org/r/20220920200626.3422296-1-bvanassche@acm.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/blk-mq.h | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h
index 92294a5fb083..1532cd07a597 100644
--- a/include/linux/blk-mq.h
+++ b/include/linux/blk-mq.h
@@ -268,9 +268,16 @@ static inline void rq_list_move(struct request **src, struct request **dst,
rq_list_add(dst, rq);
}
+/**
+ * enum blk_eh_timer_return - How the timeout handler should proceed
+ * @BLK_EH_DONE: The block driver completed the command or will complete it at
+ * a later time.
+ * @BLK_EH_RESET_TIMER: Reset the request timer and continue waiting for the
+ * request to complete.
+ */
enum blk_eh_timer_return {
- BLK_EH_DONE, /* drivers has completed the command */
- BLK_EH_RESET_TIMER, /* reset timer and try again */
+ BLK_EH_DONE,
+ BLK_EH_RESET_TIMER,
};
#define BLK_TAG_ALLOC_FIFO 0 /* allocate starting from 0 */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 545/862] eventfd: guard wake_up in eventfd fs calls as well
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (543 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 544/862] block: Fix the enum blk_eh_timer_return documentation Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 546/862] io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 Greg Kroah-Hartman
` (331 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dylan Yudaken, Jens Axboe, Sasha Levin
From: Dylan Yudaken <dylany@fb.com>
[ Upstream commit 9f0deaa12d832f488500a5afe9b912e9b3cfc432 ]
Guard wakeups that the user can trigger, and that may end up triggering a
call back into eventfd_signal. This is in addition to the current approach
that only guards in eventfd_signal.
Rename in_eventfd_signal -> in_eventfd at the same time to reflect this.
Without this there would be a deadlock in the following code using libaio:
int main()
{
struct io_context *ctx = NULL;
struct iocb iocb;
struct iocb *iocbs[] = { &iocb };
int evfd;
uint64_t val = 1;
evfd = eventfd(0, EFD_CLOEXEC);
assert(!io_setup(2, &ctx));
io_prep_poll(&iocb, evfd, POLLIN);
io_set_eventfd(&iocb, evfd);
assert(1 == io_submit(ctx, 1, iocbs));
write(evfd, &val, 8);
}
Signed-off-by: Dylan Yudaken <dylany@fb.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Link: https://lore.kernel.org/r/20220816135959.1490641-1-dylany@fb.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/eventfd.c | 10 +++++++---
include/linux/eventfd.h | 2 +-
include/linux/sched.h | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)
--- a/fs/eventfd.c
+++ b/fs/eventfd.c
@@ -69,17 +69,17 @@ __u64 eventfd_signal(struct eventfd_ctx
* it returns false, the eventfd_signal() call should be deferred to a
* safe context.
*/
- if (WARN_ON_ONCE(current->in_eventfd_signal))
+ if (WARN_ON_ONCE(current->in_eventfd))
return 0;
spin_lock_irqsave(&ctx->wqh.lock, flags);
- current->in_eventfd_signal = 1;
+ current->in_eventfd = 1;
if (ULLONG_MAX - ctx->count < n)
n = ULLONG_MAX - ctx->count;
ctx->count += n;
if (waitqueue_active(&ctx->wqh))
wake_up_locked_poll(&ctx->wqh, EPOLLIN);
- current->in_eventfd_signal = 0;
+ current->in_eventfd = 0;
spin_unlock_irqrestore(&ctx->wqh.lock, flags);
return n;
@@ -253,8 +253,10 @@ static ssize_t eventfd_read(struct kiocb
__set_current_state(TASK_RUNNING);
}
eventfd_ctx_do_read(ctx, &ucnt);
+ current->in_eventfd = 1;
if (waitqueue_active(&ctx->wqh))
wake_up_locked_poll(&ctx->wqh, EPOLLOUT);
+ current->in_eventfd = 0;
spin_unlock_irq(&ctx->wqh.lock);
if (unlikely(copy_to_iter(&ucnt, sizeof(ucnt), to) != sizeof(ucnt)))
return -EFAULT;
@@ -301,8 +303,10 @@ static ssize_t eventfd_write(struct file
}
if (likely(res > 0)) {
ctx->count += ucnt;
+ current->in_eventfd = 1;
if (waitqueue_active(&ctx->wqh))
wake_up_locked_poll(&ctx->wqh, EPOLLIN);
+ current->in_eventfd = 0;
}
spin_unlock_irq(&ctx->wqh.lock);
--- a/include/linux/eventfd.h
+++ b/include/linux/eventfd.h
@@ -46,7 +46,7 @@ void eventfd_ctx_do_read(struct eventfd_
static inline bool eventfd_signal_allowed(void)
{
- return !current->in_eventfd_signal;
+ return !current->in_eventfd;
}
#else /* CONFIG_EVENTFD */
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -936,7 +936,7 @@ struct task_struct {
#endif
#ifdef CONFIG_EVENTFD
/* Recursion prevention for eventfd_signal() */
- unsigned in_eventfd_signal:1;
+ unsigned in_eventfd:1;
#endif
#ifdef CONFIG_IOMMU_SVA
unsigned pasid_activated:1;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 546/862] io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (544 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 545/862] eventfd: guard wake_up in eventfd fs calls as well Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 547/862] md: Replace snprintf with scnprintf Greg Kroah-Hartman
` (330 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jens Axboe, Sasha Levin
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit 3b8fdd1dc35e395d19efbc8391a809a5b954ecf4 ]
If we have doubly sized SQEs, then we need to shift the sq index by 1
to account for using two entries for a single request. The CQE dumping
gets this right, but the SQE one does not.
Improve the SQE dumping in general, the information dumped is pretty
sparse and doesn't even cover the whole basic part of the SQE. Include
information on the extended part of the SQE, if doubly sized SQEs are
in use. A typical dump now looks like the following:
[...]
SQEs: 32
32: opcode:URING_CMD, fd:0, flags:1, off:3225964160, addr:0x0, rw_flags:0x0, buf_index:0 user_data:2721, e0:0x0, e1:0xffffb8041000, e2:0x100000000000, e3:0x5500, e4:0x7, e5:0x0, e6:0x0, e7:0x0
33: opcode:URING_CMD, fd:0, flags:1, off:3225964160, addr:0x0, rw_flags:0x0, buf_index:0 user_data:2722, e0:0x0, e1:0xffffb8043000, e2:0x100000000000, e3:0x5508, e4:0x7, e5:0x0, e6:0x0, e7:0x0
34: opcode:URING_CMD, fd:0, flags:1, off:3225964160, addr:0x0, rw_flags:0x0, buf_index:0 user_data:2723, e0:0x0, e1:0xffffb8045000, e2:0x100000000000, e3:0x5510, e4:0x7, e5:0x0, e6:0x0, e7:0x0
[...]
Fixes: ebdeb7c01d02 ("io_uring: add support for 128-byte SQEs")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/fdinfo.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/io_uring/fdinfo.c b/io_uring/fdinfo.c
index b29e2d02216f..6d4cc7a92724 100644
--- a/io_uring/fdinfo.c
+++ b/io_uring/fdinfo.c
@@ -60,6 +60,7 @@ static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx,
unsigned int cq_head = READ_ONCE(r->cq.head);
unsigned int cq_tail = READ_ONCE(r->cq.tail);
unsigned int cq_shift = 0;
+ unsigned int sq_shift = 0;
unsigned int sq_entries, cq_entries;
bool has_lock;
bool is_cqe32 = (ctx->flags & IORING_SETUP_CQE32);
@@ -67,6 +68,8 @@ static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx,
if (is_cqe32)
cq_shift = 1;
+ if (ctx->flags & IORING_SETUP_SQE128)
+ sq_shift = 1;
/*
* we may get imprecise sqe and cqe info if uring is actively running
@@ -82,19 +85,36 @@ static __cold void __io_uring_show_fdinfo(struct io_ring_ctx *ctx,
seq_printf(m, "CqHead:\t%u\n", cq_head);
seq_printf(m, "CqTail:\t%u\n", cq_tail);
seq_printf(m, "CachedCqTail:\t%u\n", ctx->cached_cq_tail);
- seq_printf(m, "SQEs:\t%u\n", sq_tail - ctx->cached_sq_head);
+ seq_printf(m, "SQEs:\t%u\n", sq_tail - sq_head);
sq_entries = min(sq_tail - sq_head, ctx->sq_entries);
for (i = 0; i < sq_entries; i++) {
unsigned int entry = i + sq_head;
- unsigned int sq_idx = READ_ONCE(ctx->sq_array[entry & sq_mask]);
struct io_uring_sqe *sqe;
+ unsigned int sq_idx;
+ sq_idx = READ_ONCE(ctx->sq_array[entry & sq_mask]);
if (sq_idx > sq_mask)
continue;
- sqe = &ctx->sq_sqes[sq_idx];
- seq_printf(m, "%5u: opcode:%d, fd:%d, flags:%x, user_data:%llu\n",
- sq_idx, sqe->opcode, sqe->fd, sqe->flags,
- sqe->user_data);
+ sqe = &ctx->sq_sqes[sq_idx << 1];
+ seq_printf(m, "%5u: opcode:%s, fd:%d, flags:%x, off:%llu, "
+ "addr:0x%llx, rw_flags:0x%x, buf_index:%d "
+ "user_data:%llu",
+ sq_idx, io_uring_get_opcode(sqe->opcode), sqe->fd,
+ sqe->flags, (unsigned long long) sqe->off,
+ (unsigned long long) sqe->addr, sqe->rw_flags,
+ sqe->buf_index, sqe->user_data);
+ if (sq_shift) {
+ u64 *sqeb = (void *) (sqe + 1);
+ int size = sizeof(struct io_uring_sqe) / sizeof(u64);
+ int j;
+
+ for (j = 0; j < size; j++) {
+ seq_printf(m, ", e%d:0x%llx", j,
+ (unsigned long long) *sqeb);
+ sqeb++;
+ }
+ }
+ seq_printf(m, "\n");
}
seq_printf(m, "CQEs:\t%u\n", cq_tail - cq_head);
cq_entries = min(cq_tail - cq_head, ctx->cq_entries);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 547/862] md: Replace snprintf with scnprintf
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (545 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 546/862] io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 548/862] md/raid5: Ensure stripe_fill happens on non-read IO with journal Greg Kroah-Hartman
` (329 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Kelley, Guoqing Jiang,
Saurabh Sengar, Song Liu, Sasha Levin
From: Saurabh Sengar <ssengar@linux.microsoft.com>
[ Upstream commit 1727fd5015d8f93474148f94e34cda5aa6ad4a43 ]
Current code produces a warning as shown below when total characters
in the constituent block device names plus the slashes exceeds 200.
snprintf() returns the number of characters generated from the given
input, which could cause the expression “200 – len” to wrap around
to a large positive number. Fix this by using scnprintf() instead,
which returns the actual number of characters written into the buffer.
[ 1513.267938] ------------[ cut here ]------------
[ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510
[ 1513.267944] Modules linked in: <snip>
[ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu
[ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022
[ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510
<-snip->
[ 1513.267982] Call Trace:
[ 1513.267986] snprintf+0x45/0x70
[ 1513.267990] ? disk_name+0x71/0xa0
[ 1513.267993] dump_zones+0x114/0x240 [raid0]
[ 1513.267996] ? _cond_resched+0x19/0x40
[ 1513.267998] raid0_run+0x19e/0x270 [raid0]
[ 1513.268000] md_run+0x5e0/0xc50
[ 1513.268003] ? security_capable+0x3f/0x60
[ 1513.268005] do_md_run+0x19/0x110
[ 1513.268006] md_ioctl+0x195e/0x1f90
[ 1513.268007] blkdev_ioctl+0x91f/0x9f0
[ 1513.268010] block_ioctl+0x3d/0x50
[ 1513.268012] do_vfs_ioctl+0xa9/0x640
[ 1513.268014] ? __fput+0x162/0x260
[ 1513.268016] ksys_ioctl+0x75/0x80
[ 1513.268017] __x64_sys_ioctl+0x1a/0x20
[ 1513.268019] do_syscall_64+0x5e/0x200
[ 1513.268021] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 766038846e875 ("md/raid0: replace printk() with pr_*()")
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid0.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index 78addfe4a0c9..857c49399c28 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -47,7 +47,7 @@ static void dump_zones(struct mddev *mddev)
int len = 0;
for (k = 0; k < conf->strip_zone[j].nb_dev; k++)
- len += snprintf(line+len, 200-len, "%s%pg", k?"/":"",
+ len += scnprintf(line+len, 200-len, "%s%pg", k?"/":"",
conf->devlist[j * raid_disks + k]->bdev);
pr_debug("md: zone%d=[%s]\n", j, line);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 548/862] md/raid5: Ensure stripe_fill happens on non-read IO with journal
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (546 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 547/862] md: Replace snprintf with scnprintf Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 549/862] md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() Greg Kroah-Hartman
` (328 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Song Liu, Logan Gunthorpe, Sasha Levin
From: Logan Gunthorpe <logang@deltatee.com>
[ Upstream commit e2eed85bc75138a9eeb63863d20f8904ac42a577 ]
When doing degrade/recover tests using the journal a kernel BUG
is hit at drivers/md/raid5.c:4381 in handle_parity_checks5():
BUG_ON(!test_bit(R5_UPTODATE, &dev->flags));
This was found to occur because handle_stripe_fill() was skipped
for stripes in the journal due to a condition in that function.
Thus blocks were not fetched and R5_UPTODATE was not set when
the code reached handle_parity_checks5().
To fix this, don't skip handle_stripe_fill() unless the stripe is
for read.
Fixes: 07e83364845e ("md/r5cache: shift complex rmw from read path to write path")
Link: https://lore.kernel.org/linux-raid/e05c4239-41a9-d2f7-3cfa-4aa9d2cea8c1@deltatee.com/
Suggested-by: Song Liu <song@kernel.org>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 31a0cbf63384..4ec33fd62018 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -4047,7 +4047,7 @@ static void handle_stripe_fill(struct stripe_head *sh,
* back cache (prexor with orig_page, and then xor with
* page) in the read path
*/
- if (s->injournal && s->failed) {
+ if (s->to_read && s->injournal && s->failed) {
if (test_bit(STRIPE_R5C_CACHING, &sh->state))
r5c_make_stripe_write_out(sh);
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 549/862] md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (547 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 548/862] md/raid5: Ensure stripe_fill happens on non-read IO with journal Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 550/862] md: Remove extra mddev_get() in md_seq_start() Greg Kroah-Hartman
` (327 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Sloan, Logan Gunthorpe,
Christoph Hellwig, Guoqing Jiang, Song Liu, Sasha Levin
From: David Sloan <david.sloan@eideticom.com>
[ Upstream commit c66a6f41e09ad386fd2cce22b9cded837bbbc704 ]
When running chunk-sized reads on disks with badblocks duplicate bio
free/puts are observed:
=============================================================================
BUG bio-200 (Not tainted): Object already free
-----------------------------------------------------------------------------
Allocated in mempool_alloc_slab+0x17/0x20 age=3 cpu=2 pid=7504
__slab_alloc.constprop.0+0x5a/0xb0
kmem_cache_alloc+0x31e/0x330
mempool_alloc_slab+0x17/0x20
mempool_alloc+0x100/0x2b0
bio_alloc_bioset+0x181/0x460
do_mpage_readpage+0x776/0xd00
mpage_readahead+0x166/0x320
blkdev_readahead+0x15/0x20
read_pages+0x13f/0x5f0
page_cache_ra_unbounded+0x18d/0x220
force_page_cache_ra+0x181/0x1c0
page_cache_sync_ra+0x65/0xb0
filemap_get_pages+0x1df/0xaf0
filemap_read+0x1e1/0x700
blkdev_read_iter+0x1e5/0x330
vfs_read+0x42a/0x570
Freed in mempool_free_slab+0x17/0x20 age=3 cpu=2 pid=7504
kmem_cache_free+0x46d/0x490
mempool_free_slab+0x17/0x20
mempool_free+0x66/0x190
bio_free+0x78/0x90
bio_put+0x100/0x1a0
raid5_make_request+0x2259/0x2450
md_handle_request+0x402/0x600
md_submit_bio+0xd9/0x120
__submit_bio+0x11f/0x1b0
submit_bio_noacct_nocheck+0x204/0x480
submit_bio_noacct+0x32e/0xc70
submit_bio+0x98/0x1a0
mpage_readahead+0x250/0x320
blkdev_readahead+0x15/0x20
read_pages+0x13f/0x5f0
page_cache_ra_unbounded+0x18d/0x220
Slab 0xffffea000481b600 objects=21 used=0 fp=0xffff8881206d8940 flags=0x17ffffc0010201(locked|slab|head|node=0|zone=2|lastcpupid=0x1fffff)
CPU: 0 PID: 34525 Comm: kworker/u24:2 Not tainted 6.0.0-rc2-localyes-265166-gf11c5343fa3f #143
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Workqueue: raid5wq raid5_do_work
Call Trace:
<TASK>
dump_stack_lvl+0x5a/0x78
dump_stack+0x10/0x16
print_trailer+0x158/0x165
object_err+0x35/0x50
free_debug_processing.cold+0xb7/0xbe
__slab_free+0x1ae/0x330
kmem_cache_free+0x46d/0x490
mempool_free_slab+0x17/0x20
mempool_free+0x66/0x190
bio_free+0x78/0x90
bio_put+0x100/0x1a0
mpage_end_io+0x36/0x150
bio_endio+0x2fd/0x360
md_end_io_acct+0x7e/0x90
bio_endio+0x2fd/0x360
handle_failed_stripe+0x960/0xb80
handle_stripe+0x1348/0x3760
handle_active_stripes.constprop.0+0x72a/0xaf0
raid5_do_work+0x177/0x330
process_one_work+0x616/0xb20
worker_thread+0x2bd/0x6f0
kthread+0x179/0x1b0
ret_from_fork+0x22/0x30
</TASK>
The double free is caused by an unnecessary bio_put() in the
if(is_badblock(...)) error path in raid5_read_one_chunk().
The error path was moved ahead of bio_alloc_clone() in c82aa1b76787c
("md/raid5: move checking badblock before clone bio in
raid5_read_one_chunk"). The previous code checked and freed align_bio
which required a bio_put. After the move that is no longer needed as
raid_bio is returned to the control of the common io path which
performs its own endio resulting in a double free on bad device blocks.
Fixes: c82aa1b76787c ("md/raid5: move checking badblock before clone bio in raid5_read_one_chunk")
Signed-off-by: David Sloan <david.sloan@eideticom.com>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Guoqing Jiang <Guoqing.jiang@linux.dev>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 4ec33fd62018..db149d28f639 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -5542,7 +5542,6 @@ static int raid5_read_one_chunk(struct mddev *mddev, struct bio *raid_bio)
if (is_badblock(rdev, sector, bio_sectors(raid_bio), &first_bad,
&bad_sectors)) {
- bio_put(raid_bio);
rdev_dec_pending(rdev, mddev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 550/862] md: Remove extra mddev_get() in md_seq_start()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (548 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 549/862] md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 551/862] RDMA/cm: Use SLID in the work completion as the DLID in responder side Greg Kroah-Hartman
` (326 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Logan Gunthorpe, Christoph Hellwig,
Guoqing Jiang, Song Liu, Sasha Levin
From: Logan Gunthorpe <logang@deltatee.com>
[ Upstream commit 3bfc3bcd787c48aa31e4fde4a6dfcef4cd7ee2c2 ]
A regression is seen where mddev devices stay permanently after they
are stopped due to an elevated reference count.
This was tracked down to an extra mddev_get() in md_seq_start().
It only happened rarely because most of the time the md_seq_start()
is called with a zero offset. The path with an extra mddev_get() only
happens when it starts with a non-zero offset.
The commit noted below changed an mddev_get() to check its success
but inadvertently left the original call in. Remove the extra call.
Fixes: 12a6caf27324 ("md: only delete entries from all_mddevs when the disk is freed")
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Guoqing Jiang <Guoqing.jiang@linux.dev>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 729be2c5296c..470a975e4be9 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8156,7 +8156,6 @@ static void *md_seq_start(struct seq_file *seq, loff_t *pos)
list_for_each(tmp,&all_mddevs)
if (!l--) {
mddev = list_entry(tmp, struct mddev, all_mddevs);
- mddev_get(mddev);
if (!mddev_get(mddev))
continue;
spin_unlock(&all_mddevs_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 551/862] RDMA/cm: Use SLID in the work completion as the DLID in responder side
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (549 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 550/862] md: Remove extra mddev_get() in md_seq_start() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 552/862] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Greg Kroah-Hartman
` (325 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Zhang, Mark Bloch,
Leon Romanovsky, Sasha Levin
From: Mark Zhang <markzhang@nvidia.com>
[ Upstream commit b7d95040c13f61a4a6a859c5355faf583eff9658 ]
The responder should always use WC's SLID as the dlid, to follow the
IB SPEC section "13.5.4.2 COMMON RESPONSE ACTIONS":
A responder always takes the following actions in constructing a
response packet:
- The SLID of the received packet is used as the DLID in the response
packet.
Fixes: ac3a949fb2ff ("IB/CM: Set appropriate slid and dlid when handling CM request")
Signed-off-by: Mark Zhang <markzhang@nvidia.com>
Reviewed-by: Mark Bloch <mbloch@nvidia.com>
Link: https://lore.kernel.org/r/cd17c240231e059d2fc07c17dfe555d548b917eb.1662631201.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cm.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
index b985e0d9bc05..5c910f5c01b3 100644
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -1632,14 +1632,13 @@ static void cm_path_set_rec_type(struct ib_device *ib_device, u32 port_num,
static void cm_format_path_lid_from_req(struct cm_req_msg *req_msg,
struct sa_path_rec *primary_path,
- struct sa_path_rec *alt_path)
+ struct sa_path_rec *alt_path,
+ struct ib_wc *wc)
{
u32 lid;
if (primary_path->rec_type != SA_PATH_REC_TYPE_OPA) {
- sa_path_set_dlid(primary_path,
- IBA_GET(CM_REQ_PRIMARY_LOCAL_PORT_LID,
- req_msg));
+ sa_path_set_dlid(primary_path, wc->slid);
sa_path_set_slid(primary_path,
IBA_GET(CM_REQ_PRIMARY_REMOTE_PORT_LID,
req_msg));
@@ -1676,7 +1675,8 @@ static void cm_format_path_lid_from_req(struct cm_req_msg *req_msg,
static void cm_format_paths_from_req(struct cm_req_msg *req_msg,
struct sa_path_rec *primary_path,
- struct sa_path_rec *alt_path)
+ struct sa_path_rec *alt_path,
+ struct ib_wc *wc)
{
primary_path->dgid =
*IBA_GET_MEM_PTR(CM_REQ_PRIMARY_LOCAL_PORT_GID, req_msg);
@@ -1734,7 +1734,7 @@ static void cm_format_paths_from_req(struct cm_req_msg *req_msg,
if (sa_path_is_roce(alt_path))
alt_path->roce.route_resolved = false;
}
- cm_format_path_lid_from_req(req_msg, primary_path, alt_path);
+ cm_format_path_lid_from_req(req_msg, primary_path, alt_path, wc);
}
static u16 cm_get_bth_pkey(struct cm_work *work)
@@ -2148,7 +2148,7 @@ static int cm_req_handler(struct cm_work *work)
if (cm_req_has_alt_path(req_msg))
work->path[1].rec_type = work->path[0].rec_type;
cm_format_paths_from_req(req_msg, &work->path[0],
- &work->path[1]);
+ &work->path[1], work->mad_recv_wc->wc);
if (cm_id_priv->av.ah_attr.type == RDMA_AH_ATTR_TYPE_ROCE)
sa_path_set_dmac(&work->path[0],
cm_id_priv->av.ah_attr.roce.dmac);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 552/862] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (550 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 551/862] RDMA/cm: Use SLID in the work completion as the DLID in responder side Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 553/862] xhci: Dont show warning for reinit on known broken suspend Greg Kroah-Hartman
` (324 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daisuke Matsuda, Leon Romanovsky,
Sasha Levin
From: Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
[ Upstream commit 241f9a27e0fc0eaf23e3d52c8450f10648cd11f1 ]
Set 'iova' and 'length' on ib_mr in ib_uverbs and ib_core layers to let all
drivers have the members filled. Also, this commit removes redundancy in
the respective drivers.
Previously, commit 04c0a5fcfcf65 ("IB/uverbs: Set IOVA on IB MR in uverbs
layer") changed to set 'iova', but seems to have missed 'length' and the
ib_core layer at that time.
Fixes: 04c0a5fcfcf65 ("IB/uverbs: Set IOVA on IB MR in uverbs layer")
Signed-off-by: Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
Link: https://lore.kernel.org/r/20220921080844.1616883-1-matsuda-daisuke@fujitsu.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/uverbs_cmd.c | 5 ++++-
drivers/infiniband/core/verbs.c | 2 ++
drivers/infiniband/hw/hns/hns_roce_mr.c | 1 -
drivers/infiniband/hw/mlx4/mr.c | 1 -
4 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index 046376bd68e2..4796f6a8828c 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -739,6 +739,7 @@ static int ib_uverbs_reg_mr(struct uverbs_attr_bundle *attrs)
mr->uobject = uobj;
atomic_inc(&pd->usecnt);
mr->iova = cmd.hca_va;
+ mr->length = cmd.length;
rdma_restrack_new(&mr->res, RDMA_RESTRACK_MR);
rdma_restrack_set_name(&mr->res, NULL);
@@ -861,8 +862,10 @@ static int ib_uverbs_rereg_mr(struct uverbs_attr_bundle *attrs)
mr->pd = new_pd;
atomic_inc(&new_pd->usecnt);
}
- if (cmd.flags & IB_MR_REREG_TRANS)
+ if (cmd.flags & IB_MR_REREG_TRANS) {
mr->iova = cmd.hca_va;
+ mr->length = cmd.length;
+ }
}
memset(&resp, 0, sizeof(resp));
diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c
index e54b3f1b730e..f8964c8cf0ad 100644
--- a/drivers/infiniband/core/verbs.c
+++ b/drivers/infiniband/core/verbs.c
@@ -2149,6 +2149,8 @@ struct ib_mr *ib_reg_user_mr(struct ib_pd *pd, u64 start, u64 length,
mr->pd = pd;
mr->dm = NULL;
atomic_inc(&pd->usecnt);
+ mr->iova = virt_addr;
+ mr->length = length;
rdma_restrack_new(&mr->res, RDMA_RESTRACK_MR);
rdma_restrack_parent_name(&mr->res, &pd->res);
diff --git a/drivers/infiniband/hw/hns/hns_roce_mr.c b/drivers/infiniband/hw/hns/hns_roce_mr.c
index 867972c2a894..dedfa56f5773 100644
--- a/drivers/infiniband/hw/hns/hns_roce_mr.c
+++ b/drivers/infiniband/hw/hns/hns_roce_mr.c
@@ -249,7 +249,6 @@ struct ib_mr *hns_roce_reg_user_mr(struct ib_pd *pd, u64 start, u64 length,
goto err_alloc_pbl;
mr->ibmr.rkey = mr->ibmr.lkey = mr->key;
- mr->ibmr.length = length;
return &mr->ibmr;
diff --git a/drivers/infiniband/hw/mlx4/mr.c b/drivers/infiniband/hw/mlx4/mr.c
index 04a67b481608..a40bf58bcdd3 100644
--- a/drivers/infiniband/hw/mlx4/mr.c
+++ b/drivers/infiniband/hw/mlx4/mr.c
@@ -439,7 +439,6 @@ struct ib_mr *mlx4_ib_reg_user_mr(struct ib_pd *pd, u64 start, u64 length,
goto err_mr;
mr->ibmr.rkey = mr->ibmr.lkey = mr->mmr.key;
- mr->ibmr.length = length;
mr->ibmr.page_size = 1U << shift;
return &mr->ibmr;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 553/862] xhci: Dont show warning for reinit on known broken suspend
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (551 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 552/862] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 554/862] usb: gadget: function: fix dangling pnp_string in f_printer.c Greg Kroah-Hartman
` (323 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artem S. Tashkinov,
Mario Limonciello, Mathias Nyman, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 484d6f7aa3283d082c87654b7fe7a7f725423dfb ]
commit 8b328f8002bc ("xhci: re-initialize the HC during resume if HCE was
set") introduced a new warning message when the host controller error
was set and re-initializing.
This is expected behavior on some designs which already set
`xhci->broken_suspend` so the new warning is alarming to some users.
Modify the code to only show the warning if this was a surprising behavior
to the XHCI driver.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216470
Fixes: 8b328f8002bc ("xhci: re-initialize the HC during resume if HCE was set")
Reported-by: Artem S. Tashkinov <aros@gmx.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220921123450.671459-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 38649284ff88..a7ef675f00fd 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1183,7 +1183,8 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
/* re-initialize the HC on Restore Error, or Host Controller Error */
if (temp & (STS_SRE | STS_HCE)) {
reinit_xhc = true;
- xhci_warn(xhci, "xHC error in resume, USBSTS 0x%x, Reinit\n", temp);
+ if (!xhci->broken_suspend)
+ xhci_warn(xhci, "xHC error in resume, USBSTS 0x%x, Reinit\n", temp);
}
if (reinit_xhc) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 554/862] usb: gadget: function: fix dangling pnp_string in f_printer.c
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (552 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 553/862] xhci: Dont show warning for reinit on known broken suspend Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 555/862] usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name() Greg Kroah-Hartman
` (322 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Albert Briscoe, Sasha Levin
From: Albert Briscoe <albertsbriscoe@gmail.com>
[ Upstream commit 24b7ba2f88e04800b54d462f376512e8c41b8a3c ]
When opts->pnp_string is changed with configfs, new memory is allocated for
the string. It does not, however, update dev->pnp_string, even though the
memory is freed. When rquesting the string, the host then gets old or
corrupted data rather than the new string. The ieee 1284 id string should
be allowed to change while the device is connected.
The bug was introduced in commit fdc01cc286be ("usb: gadget: printer:
Remove pnp_string static buffer"), which changed opts->pnp_string from a
char[] to a char*.
This patch changes dev->pnp_string from a char* to a char** pointing to
opts->pnp_string.
Fixes: fdc01cc286be ("usb: gadget: printer: Remove pnp_string static buffer")
Signed-off-by: Albert Briscoe <albertsbriscoe@gmail.com>
Link: https://lore.kernel.org/r/20220911223753.20417-1-albertsbriscoe@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_printer.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/usb/gadget/function/f_printer.c b/drivers/usb/gadget/function/f_printer.c
index abec5c58f525..a881c69b1f2b 100644
--- a/drivers/usb/gadget/function/f_printer.c
+++ b/drivers/usb/gadget/function/f_printer.c
@@ -89,7 +89,7 @@ struct printer_dev {
u8 printer_cdev_open;
wait_queue_head_t wait;
unsigned q_len;
- char *pnp_string; /* We don't own memory! */
+ char **pnp_string; /* We don't own memory! */
struct usb_function function;
};
@@ -1000,16 +1000,16 @@ static int printer_func_setup(struct usb_function *f,
if ((wIndex>>8) != dev->interface)
break;
- if (!dev->pnp_string) {
+ if (!*dev->pnp_string) {
value = 0;
break;
}
- value = strlen(dev->pnp_string);
+ value = strlen(*dev->pnp_string);
buf[0] = (value >> 8) & 0xFF;
buf[1] = value & 0xFF;
- memcpy(buf + 2, dev->pnp_string, value);
+ memcpy(buf + 2, *dev->pnp_string, value);
DBG(dev, "1284 PNP String: %x %s\n", value,
- dev->pnp_string);
+ *dev->pnp_string);
break;
case GET_PORT_STATUS: /* Get Port Status */
@@ -1475,7 +1475,7 @@ static struct usb_function *gprinter_alloc(struct usb_function_instance *fi)
kref_init(&dev->kref);
++opts->refcnt;
dev->minor = opts->minor;
- dev->pnp_string = opts->pnp_string;
+ dev->pnp_string = &opts->pnp_string;
dev->q_len = opts->q_len;
mutex_unlock(&opts->lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 555/862] usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (553 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 554/862] usb: gadget: function: fix dangling pnp_string in f_printer.c Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 556/862] usb: dwc3: core: fix some leaks in probe Greg Kroah-Hartman
` (321 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heikki Krogerus, Liang He, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit e45d7337dc0e4f7f1c2876e1b22c71a544ad12fd ]
In anx7411_typec_switch_probe(), we should call of_get_child_by_name()
instead of of_find_node_by_name() as of_find_xxx API will decrease the
refcount of the 'from' argument.
Fixes: fe6d8a9c8e64 ("usb: typec: anx7411: Add Analogix PD ANX7411 support")
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220915092209.4009273-1-windhl@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/anx7411.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/typec/anx7411.c b/drivers/usb/typec/anx7411.c
index c0f0842d443c..f178d0eb47b1 100644
--- a/drivers/usb/typec/anx7411.c
+++ b/drivers/usb/typec/anx7411.c
@@ -1105,7 +1105,7 @@ static int anx7411_typec_switch_probe(struct anx7411_data *ctx,
int ret;
struct device_node *node;
- node = of_find_node_by_name(dev->of_node, "orientation_switch");
+ node = of_get_child_by_name(dev->of_node, "orientation_switch");
if (!node)
return 0;
@@ -1115,7 +1115,7 @@ static int anx7411_typec_switch_probe(struct anx7411_data *ctx,
return ret;
}
- node = of_find_node_by_name(dev->of_node, "mode_switch");
+ node = of_get_child_by_name(dev->of_node, "mode_switch");
if (!node) {
dev_err(dev, "no typec mux exist");
ret = -ENODEV;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 556/862] usb: dwc3: core: fix some leaks in probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (554 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 555/862] usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 557/862] drivers: serial: jsm: " Greg Kroah-Hartman
` (320 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 2a735e4b5580a2a6bbd6572109b4c4f163c57462 ]
The dwc3_get_properties() function calls:
dwc->usb_psy = power_supply_get_by_name(usb_psy_name);
so there is some additional clean up required on these error paths.
Fixes: 6f0764b5adea ("usb: dwc3: add a power supply for current control")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YyxFYFnP53j9sCg+@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/core.c | 58 +++++++++++++++++++++++++----------------
1 file changed, 36 insertions(+), 22 deletions(-)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index 219d797e2230..919d36fd0298 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1712,8 +1712,10 @@ static int dwc3_probe(struct platform_device *pdev)
dwc3_get_properties(dwc);
dwc->reset = devm_reset_control_array_get_optional_shared(dev);
- if (IS_ERR(dwc->reset))
- return PTR_ERR(dwc->reset);
+ if (IS_ERR(dwc->reset)) {
+ ret = PTR_ERR(dwc->reset);
+ goto put_usb_psy;
+ }
if (dev->of_node) {
/*
@@ -1723,45 +1725,57 @@ static int dwc3_probe(struct platform_device *pdev)
* check for them to retain backwards compatibility.
*/
dwc->bus_clk = devm_clk_get_optional(dev, "bus_early");
- if (IS_ERR(dwc->bus_clk))
- return dev_err_probe(dev, PTR_ERR(dwc->bus_clk),
- "could not get bus clock\n");
+ if (IS_ERR(dwc->bus_clk)) {
+ ret = dev_err_probe(dev, PTR_ERR(dwc->bus_clk),
+ "could not get bus clock\n");
+ goto put_usb_psy;
+ }
if (dwc->bus_clk == NULL) {
dwc->bus_clk = devm_clk_get_optional(dev, "bus_clk");
- if (IS_ERR(dwc->bus_clk))
- return dev_err_probe(dev, PTR_ERR(dwc->bus_clk),
- "could not get bus clock\n");
+ if (IS_ERR(dwc->bus_clk)) {
+ ret = dev_err_probe(dev, PTR_ERR(dwc->bus_clk),
+ "could not get bus clock\n");
+ goto put_usb_psy;
+ }
}
dwc->ref_clk = devm_clk_get_optional(dev, "ref");
- if (IS_ERR(dwc->ref_clk))
- return dev_err_probe(dev, PTR_ERR(dwc->ref_clk),
- "could not get ref clock\n");
+ if (IS_ERR(dwc->ref_clk)) {
+ ret = dev_err_probe(dev, PTR_ERR(dwc->ref_clk),
+ "could not get ref clock\n");
+ goto put_usb_psy;
+ }
if (dwc->ref_clk == NULL) {
dwc->ref_clk = devm_clk_get_optional(dev, "ref_clk");
- if (IS_ERR(dwc->ref_clk))
- return dev_err_probe(dev, PTR_ERR(dwc->ref_clk),
- "could not get ref clock\n");
+ if (IS_ERR(dwc->ref_clk)) {
+ ret = dev_err_probe(dev, PTR_ERR(dwc->ref_clk),
+ "could not get ref clock\n");
+ goto put_usb_psy;
+ }
}
dwc->susp_clk = devm_clk_get_optional(dev, "suspend");
- if (IS_ERR(dwc->susp_clk))
- return dev_err_probe(dev, PTR_ERR(dwc->susp_clk),
- "could not get suspend clock\n");
+ if (IS_ERR(dwc->susp_clk)) {
+ ret = dev_err_probe(dev, PTR_ERR(dwc->susp_clk),
+ "could not get suspend clock\n");
+ goto put_usb_psy;
+ }
if (dwc->susp_clk == NULL) {
dwc->susp_clk = devm_clk_get_optional(dev, "suspend_clk");
- if (IS_ERR(dwc->susp_clk))
- return dev_err_probe(dev, PTR_ERR(dwc->susp_clk),
- "could not get suspend clock\n");
+ if (IS_ERR(dwc->susp_clk)) {
+ ret = dev_err_probe(dev, PTR_ERR(dwc->susp_clk),
+ "could not get suspend clock\n");
+ goto put_usb_psy;
+ }
}
}
ret = reset_control_deassert(dwc->reset);
if (ret)
- return ret;
+ goto put_usb_psy;
ret = dwc3_clk_enable(dwc);
if (ret)
@@ -1861,7 +1875,7 @@ static int dwc3_probe(struct platform_device *pdev)
dwc3_clk_disable(dwc);
assert_reset:
reset_control_assert(dwc->reset);
-
+put_usb_psy:
if (dwc->usb_psy)
power_supply_put(dwc->usb_psy);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 557/862] drivers: serial: jsm: fix some leaks in probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (555 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 556/862] usb: dwc3: core: fix some leaks in probe Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 558/862] serial: 8250: Toggle IER bits on only after irq has been set up Greg Kroah-Hartman
` (319 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 1d5859ef229e381f4db38dce8ed58e4bf862006b ]
This error path needs to unwind instead of just returning directly.
Fixes: 03a8482c17dd ("drivers: serial: jsm: Enable support for Digi Classic adapters")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YyxFh1+lOeZ9WfKO@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/jsm/jsm_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/jsm/jsm_driver.c b/drivers/tty/serial/jsm/jsm_driver.c
index 0ea799bf8dbb..417a5b6bffc3 100644
--- a/drivers/tty/serial/jsm/jsm_driver.c
+++ b/drivers/tty/serial/jsm/jsm_driver.c
@@ -211,7 +211,8 @@ static int jsm_probe_one(struct pci_dev *pdev, const struct pci_device_id *ent)
break;
default:
- return -ENXIO;
+ rc = -ENXIO;
+ goto out_kfree_brd;
}
rc = request_irq(brd->irq, brd->bd_ops->intr, IRQF_SHARED, "JSM", brd);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 558/862] serial: 8250: Toggle IER bits on only after irq has been set up
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (556 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 557/862] drivers: serial: jsm: " Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 559/862] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Greg Kroah-Hartman
` (318 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lennert Buytenhek, Andy Shevchenko,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 039d4926379b1d1c17b51cf21c500a5eed86899e ]
Invoking TIOCVHANGUP on 8250_mid port on Ice Lake-D and then reopening
the port triggers these faults during serial8250_do_startup():
DMAR: DRHD: handling fault status reg 3
DMAR: [DMA Write NO_PASID] Request device [00:1a.0] fault addr 0x0 [fault reason 0x05] PTE Write access is not set
If the IRQ hasn't been set up yet, the UART will have zeroes in its MSI
address/data registers. Disabling the IRQ at the interrupt controller
won't stop the UART from performing a DMA write to the address programmed
in its MSI address register (zero) when it wants to signal an interrupt.
The UARTs (in Ice Lake-D) implement PCI 2.1 style MSI without masking
capability, so there is no way to mask the interrupt at the source PCI
function level, except disabling the MSI capability entirely, but that
would cause it to fall back to INTx# assertion, and the PCI specification
prohibits disabling the MSI capability as a way to mask a function's
interrupt service request.
The MSI address register is zeroed by the hangup as the irq is freed.
The interrupt is signalled during serial8250_do_startup() performing a
THRE test that temporarily toggles THRI in IER. The THRE test currently
occurs before UART's irq (and MSI address) is properly set up.
Refactor serial8250_do_startup() such that irq is set up before the
THRE test. The current irq setup code is intermixed with the timer
setup code. As THRE test must be performed prior to the timer setup,
extract it into own function and call it only after the THRE test.
The ->setup_timer() needs to be part of the struct uart_8250_ops in
order to not create circular dependency between 8250 and 8250_base
modules.
Fixes: 40b36daad0ac ("[PATCH] 8250 UART backup timer")
Reported-by: Lennert Buytenhek <buytenh@arista.com>
Tested-by: Lennert Buytenhek <buytenh@arista.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220922070005.2965-1-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_core.c | 16 +++++++++++-----
drivers/tty/serial/8250/8250_port.c | 8 +++++---
include/linux/serial_8250.h | 1 +
3 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
index 2e83e7367441..94fbf0add2ce 100644
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -298,10 +298,9 @@ static void serial8250_backup_timeout(struct timer_list *t)
jiffies + uart_poll_timeout(&up->port) + HZ / 5);
}
-static int univ8250_setup_irq(struct uart_8250_port *up)
+static void univ8250_setup_timer(struct uart_8250_port *up)
{
struct uart_port *port = &up->port;
- int retval = 0;
/*
* The above check will only give an accurate result the first time
@@ -322,10 +321,16 @@ static int univ8250_setup_irq(struct uart_8250_port *up)
*/
if (!port->irq)
mod_timer(&up->timer, jiffies + uart_poll_timeout(port));
- else
- retval = serial_link_irq_chain(up);
+}
- return retval;
+static int univ8250_setup_irq(struct uart_8250_port *up)
+{
+ struct uart_port *port = &up->port;
+
+ if (port->irq)
+ return serial_link_irq_chain(up);
+
+ return 0;
}
static void univ8250_release_irq(struct uart_8250_port *up)
@@ -381,6 +386,7 @@ static struct uart_ops univ8250_port_ops;
static const struct uart_8250_ops univ8250_driver_ops = {
.setup_irq = univ8250_setup_irq,
.release_irq = univ8250_release_irq,
+ .setup_timer = univ8250_setup_timer,
};
static struct uart_8250_port serial8250_ports[UART_NR];
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index 6a9d3c8ffa56..ec7dca43619f 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2300,6 +2300,10 @@ int serial8250_do_startup(struct uart_port *port)
if (port->irq && (up->port.flags & UPF_SHARE_IRQ))
up->port.irqflags |= IRQF_SHARED;
+ retval = up->ops->setup_irq(up);
+ if (retval)
+ goto out;
+
if (port->irq && !(up->port.flags & UPF_NO_THRE_TEST)) {
unsigned char iir1;
@@ -2342,9 +2346,7 @@ int serial8250_do_startup(struct uart_port *port)
}
}
- retval = up->ops->setup_irq(up);
- if (retval)
- goto out;
+ up->ops->setup_timer(up);
/*
* Now, initialize the UART
diff --git a/include/linux/serial_8250.h b/include/linux/serial_8250.h
index 8c7b793aa4d7..16e3d75a324c 100644
--- a/include/linux/serial_8250.h
+++ b/include/linux/serial_8250.h
@@ -74,6 +74,7 @@ struct uart_8250_port;
struct uart_8250_ops {
int (*setup_irq)(struct uart_8250_port *);
void (*release_irq)(struct uart_8250_port *);
+ void (*setup_timer)(struct uart_8250_port *);
};
struct uart_8250_em485 {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 559/862] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (557 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 558/862] serial: 8250: Toggle IER bits on only after irq has been set up Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 560/862] phy: qualcomm: call clk_disable_unprepare in the error handling Greg Kroah-Hartman
` (317 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilpo Järvinen, Thara Gopinath,
Sherry Sun, Sasha Levin
From: Sherry Sun <sherry.sun@nxp.com>
[ Upstream commit 316ae95c175a7d770d1bfe4c011192712f57aa4a ]
lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can
still occur which in turn tries to access dma apis if lpuart_dma_tx_use
flag is true. At this point since dma is torn down, these dma apis can
abort. Set lpuart_dma_tx_use and the corresponding rx flag
lpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not
accessed after they are relinquished.
Otherwise, when try to kill btattach, kernel may panic. This patch may
fix this issue.
root@imx8ulpevk:~# btattach -B /dev/ttyLP2 -S 115200
^C[ 90.182296] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
[ 90.189806] Modules linked in: moal(O) mlan(O)
[ 90.194258] CPU: 0 PID: 503 Comm: btattach Tainted: G O 5.15.32-06136-g34eecdf2f9e4 #37
[ 90.203554] Hardware name: NXP i.MX8ULP 9X9 EVK (DT)
[ 90.208513] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 90.215470] pc : fsl_edma3_disable_request+0x8/0x60
[ 90.220358] lr : fsl_edma3_terminate_all+0x34/0x20c
[ 90.225237] sp : ffff800013f0bac0
[ 90.228548] x29: ffff800013f0bac0 x28: 0000000000000001 x27: ffff000008404800
[ 90.235681] x26: ffff000008404960 x25: ffff000008404a08 x24: ffff000008404a00
[ 90.242813] x23: ffff000008404a60 x22: 0000000000000002 x21: 0000000000000000
[ 90.249946] x20: ffff800013f0baf8 x19: ffff00000559c800 x18: 0000000000000000
[ 90.257078] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 90.264211] x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000040
[ 90.271344] x11: ffff00000600c248 x10: ffff800013f0bb10 x9 : ffff000057bcb090
[ 90.278477] x8 : fffffc0000241a08 x7 : ffff00000534ee00 x6 : ffff000008404804
[ 90.285609] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff0000055b3480
[ 90.292742] x2 : ffff8000135c0000 x1 : ffff00000534ee00 x0 : ffff00000559c800
[ 90.299876] Call trace:
[ 90.302321] fsl_edma3_disable_request+0x8/0x60
[ 90.306851] lpuart_flush_buffer+0x40/0x160
[ 90.311037] uart_flush_buffer+0x88/0x120
[ 90.315050] tty_driver_flush_buffer+0x20/0x30
[ 90.319496] hci_uart_flush+0x44/0x90
[ 90.323162] +0x34/0x12c
[ 90.327253] tty_ldisc_close+0x38/0x70
[ 90.331005] tty_ldisc_release+0xa8/0x190
[ 90.335018] tty_release_struct+0x24/0x8c
[ 90.339022] tty_release+0x3ec/0x4c0
[ 90.342593] __fput+0x70/0x234
[ 90.345652] ____fput+0x14/0x20
[ 90.348790] task_work_run+0x84/0x17c
[ 90.352455] do_exit+0x310/0x96c
[ 90.355688] do_group_exit+0x3c/0xa0
[ 90.359259] __arm64_sys_exit_group+0x1c/0x20
[ 90.363609] invoke_syscall+0x48/0x114
[ 90.367362] el0_svc_common.constprop.0+0xd4/0xfc
[ 90.372068] do_el0_svc+0x2c/0x94
[ 90.375379] el0_svc+0x28/0x80
[ 90.378438] el0t_64_sync_handler+0xa8/0x130
[ 90.382711] el0t_64_sync+0x1a0/0x1a4
[ 90.386376] Code: 17ffffda d503201f d503233f f9409802 (b9400041)
[ 90.392467] ---[ end trace 2f60524b4a43f1f6 ]---
[ 90.397073] note: btattach[503] exited with preempt_count 1
[ 90.402636] Fixing recursive fault but reboot is needed!
Fixes: 6250cc30c4c4 ("tty: serial: fsl_lpuart: Use scatter/gather DMA for Tx")
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Thara Gopinath <tgopinath@microsoft.com>
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Link: https://lore.kernel.org/r/20220920111703.1532-1-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 6eb3d6c62458..34990901c805 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -1776,6 +1776,7 @@ static void lpuart_dma_shutdown(struct lpuart_port *sport)
if (sport->lpuart_dma_rx_use) {
del_timer_sync(&sport->lpuart_timer);
lpuart_dma_rx_free(&sport->port);
+ sport->lpuart_dma_rx_use = false;
}
if (sport->lpuart_dma_tx_use) {
@@ -1784,6 +1785,7 @@ static void lpuart_dma_shutdown(struct lpuart_port *sport)
sport->dma_tx_in_progress = false;
dmaengine_terminate_all(sport->dma_tx_chan);
}
+ sport->lpuart_dma_tx_use = false;
}
if (sport->dma_tx_chan)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 560/862] phy: qualcomm: call clk_disable_unprepare in the error handling
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (558 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 559/862] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 561/862] staging: vt6655: fix some erroneous memory clean-up loops Greg Kroah-Hartman
` (316 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dongliang Mu, Neil Armstrong,
Vinod Koul, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit c3966ced8eb8dc53b6c8d7f97d32cc8a2107d83e ]
Smatch reports the following error:
drivers/phy/qualcomm/phy-qcom-usb-hsic.c:82 qcom_usb_hsic_phy_power_on()
warn: 'uphy->cal_clk' from clk_prepare_enable() not released on lines:
58.
drivers/phy/qualcomm/phy-qcom-usb-hsic.c:82 qcom_usb_hsic_phy_power_on()
warn: 'uphy->cal_sleep_clk' from clk_prepare_enable() not released on
lines: 58.
drivers/phy/qualcomm/phy-qcom-usb-hsic.c:82 qcom_usb_hsic_phy_power_on()
warn: 'uphy->phy_clk' from clk_prepare_enable() not released on lines:
58.
Fix this by calling proper clk_disable_unprepare calls.
Fixes: 0b56e9a7e835 ("phy: Group vendor specific phy drivers")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/20220914051334.69282-1-dzm91@hust.edu.cn
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-usb-hsic.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-usb-hsic.c b/drivers/phy/qualcomm/phy-qcom-usb-hsic.c
index 716a77748ed8..20f6dd37c7c1 100644
--- a/drivers/phy/qualcomm/phy-qcom-usb-hsic.c
+++ b/drivers/phy/qualcomm/phy-qcom-usb-hsic.c
@@ -54,8 +54,10 @@ static int qcom_usb_hsic_phy_power_on(struct phy *phy)
/* Configure pins for HSIC functionality */
pins_default = pinctrl_lookup_state(uphy->pctl, PINCTRL_STATE_DEFAULT);
- if (IS_ERR(pins_default))
- return PTR_ERR(pins_default);
+ if (IS_ERR(pins_default)) {
+ ret = PTR_ERR(pins_default);
+ goto err_ulpi;
+ }
ret = pinctrl_select_state(uphy->pctl, pins_default);
if (ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 561/862] staging: vt6655: fix some erroneous memory clean-up loops
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (559 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 560/862] phy: qualcomm: call clk_disable_unprepare in the error handling Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 562/862] slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register Greg Kroah-Hartman
` (315 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Philipp Hortmann,
Nam Cao, Sasha Levin
From: Nam Cao <namcaov@gmail.com>
[ Upstream commit 2a2db520e3ca5aafba7c211abfd397666c9b5f9d ]
In some initialization functions of this driver, memory is allocated with
'i' acting as an index variable and increasing from 0. The commit in
"Fixes" introduces some clean-up codes in case of allocation failure,
which free memory in reverse order with 'i' decreasing to 0. However,
there are some problems:
- The case i=0 is left out. Thus memory is leaked.
- In case memory allocation fails right from the start, the memory
freeing loops will start with i=-1 and invalid memory locations will
be accessed.
One of these loops has been fixed in commit c8ff91535880 ("staging:
vt6655: fix potential memory leak"). Fix the remaining erroneous loops.
Link: https://lore.kernel.org/linux-staging/Yx9H1zSpxmNqx6Xc@kadam/
Fixes: 5341ee0adb17 ("staging: vt6655: check for memory allocation failures")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com>
Signed-off-by: Nam Cao <namcaov@gmail.com>
Link: https://lore.kernel.org/r/20220912170429.29852-1-namcaov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/vt6655/device_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
index bab08a40fe66..d76f65756db8 100644
--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -583,7 +583,7 @@ static int device_init_rd0_ring(struct vnt_private *priv)
kfree(desc->rd_info);
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->aRD0Ring[i];
device_free_rx_buf(priv, desc);
kfree(desc->rd_info);
@@ -629,7 +629,7 @@ static int device_init_rd1_ring(struct vnt_private *priv)
kfree(desc->rd_info);
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->aRD1Ring[i];
device_free_rx_buf(priv, desc);
kfree(desc->rd_info);
@@ -734,7 +734,7 @@ static int device_init_td1_ring(struct vnt_private *priv)
return 0;
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->apTD1Rings[i];
kfree(desc->td_info);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 562/862] slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (560 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 561/862] staging: vt6655: fix some erroneous memory clean-up loops Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 563/862] firmware: google: Test spinlock on panic path to avoid lockups Greg Kroah-Hartman
` (314 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neil Armstrong, Lin Yujun, Sasha Levin
From: Lin Yujun <linyujun809@huawei.com>
[ Upstream commit 42992cf187e4e4bcfe3c58f8fc7b1832c5652d9f ]
No error handling is performed when platform_device_add()
return fails. Refer to the error handling of driver_set_override(),
add error handling for platform_device_add().
Fixes: 917809e2280b ("slimbus: ngd: Add qcom SLIMBus NGD driver")
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Link: https://lore.kernel.org/r/20220914031953.94061-1-linyujun809@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/slimbus/qcom-ngd-ctrl.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c
index bacc6af1d51e..d29a1a9cf12f 100644
--- a/drivers/slimbus/qcom-ngd-ctrl.c
+++ b/drivers/slimbus/qcom-ngd-ctrl.c
@@ -1470,7 +1470,13 @@ static int of_qcom_slim_ngd_register(struct device *parent,
ngd->pdev->dev.of_node = node;
ctrl->ngd = ngd;
- platform_device_add(ngd->pdev);
+ ret = platform_device_add(ngd->pdev);
+ if (ret) {
+ platform_device_put(ngd->pdev);
+ kfree(ngd);
+ of_node_put(node);
+ return ret;
+ }
ngd->base = ctrl->base + ngd->id * data->offset +
(ngd->id - 1) * data->size;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 563/862] firmware: google: Test spinlock on panic path to avoid lockups
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (561 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 562/862] slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 564/862] serial: 8250: Fix restoring termios speed after suspend Greg Kroah-Hartman
` (313 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Morton, Ard Biesheuvel,
David Gow, Julius Werner, Petr Mladek, Evan Green,
Guilherme G. Piccoli, Sasha Levin
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
[ Upstream commit 3e081438b8e639cc76ef1a5ce0c1bd8a154082c7 ]
Currently the gsmi driver registers a panic notifier as well as
reboot and die notifiers. The callbacks registered are called in
atomic and very limited context - for instance, panic disables
preemption and local IRQs, also all secondary CPUs (not executing
the panic path) are shutdown.
With that said, taking a spinlock in this scenario is a dangerous
invitation for lockup scenarios. So, fix that by checking if the
spinlock is free to acquire in the panic notifier callback - if not,
bail-out and avoid a potential hang.
Fixes: 74c5b31c6618 ("driver: Google EFI SMI")
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: David Gow <davidgow@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Julius Werner <jwerner@chromium.org>
Cc: Petr Mladek <pmladek@suse.com>
Reviewed-by: Evan Green <evgreen@chromium.org>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Link: https://lore.kernel.org/r/20220909200755.189679-1-gpiccoli@igalia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/google/gsmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/firmware/google/gsmi.c b/drivers/firmware/google/gsmi.c
index adaa492c3d2d..4e2575dfeb90 100644
--- a/drivers/firmware/google/gsmi.c
+++ b/drivers/firmware/google/gsmi.c
@@ -681,6 +681,15 @@ static struct notifier_block gsmi_die_notifier = {
static int gsmi_panic_callback(struct notifier_block *nb,
unsigned long reason, void *arg)
{
+
+ /*
+ * Panic callbacks are executed with all other CPUs stopped,
+ * so we must not attempt to spin waiting for gsmi_dev.lock
+ * to be released.
+ */
+ if (spin_is_locked(&gsmi_dev.lock))
+ return NOTIFY_DONE;
+
gsmi_shutdown_reason(GSMI_SHUTDOWN_PANIC);
return NOTIFY_DONE;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 564/862] serial: 8250: Fix restoring termios speed after suspend
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (562 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 563/862] firmware: google: Test spinlock on panic path to avoid lockups Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 565/862] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Greg Kroah-Hartman
` (312 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pali Rohár, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 379a33786d489ab81885ff0b3935cfeb36137fea ]
Since commit edc6afc54968 ("tty: switch to ktermios and new framework")
termios speed is no longer stored only in c_cflag member but also in new
additional c_ispeed and c_ospeed members. If BOTHER flag is set in c_cflag
then termios speed is stored only in these new members.
Since commit 027b57170bf8 ("serial: core: Fix initializing and restoring
termios speed") termios speed is available also in struct console.
So properly restore also c_ispeed and c_ospeed members after suspend to fix
restoring termios speed which is not represented by Bnnn constant.
Fixes: 4516d50aabed ("serial: 8250: Use canary to restart console after suspend")
Signed-off-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20220924104324.4035-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_port.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index ec7dca43619f..2030a92ac66e 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -3319,8 +3319,13 @@ static void serial8250_console_restore(struct uart_8250_port *up)
unsigned int baud, quot, frac = 0;
termios.c_cflag = port->cons->cflag;
- if (port->state->port.tty && termios.c_cflag == 0)
+ termios.c_ispeed = port->cons->ispeed;
+ termios.c_ospeed = port->cons->ospeed;
+ if (port->state->port.tty && termios.c_cflag == 0) {
termios.c_cflag = port->state->port.tty->termios.c_cflag;
+ termios.c_ispeed = port->state->port.tty->termios.c_ispeed;
+ termios.c_ospeed = port->state->port.tty->termios.c_ospeed;
+ }
baud = serial8250_get_baud_rate(port, &termios, NULL);
quot = serial8250_get_divisor(port, baud, &frac);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 565/862] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (563 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 564/862] serial: 8250: Fix restoring termios speed after suspend Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 566/862] scsi: pm8001: Fix running_req for internal abort commands Greg Kroah-Hartman
` (311 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Yan, Duoming Zhou,
Martin K. Petersen, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 46ba53c30666717cb06c2b3c5d896301cd00d0c0 ]
When executing SMP task failed, the smp_execute_task_sg() calls del_timer()
to delete "slow_task->timer". However, if the timer handler
sas_task_internal_timedout() is running, the del_timer() in
smp_execute_task_sg() will not stop it and a UAF will happen. The process
is shown below:
(thread 1) | (thread 2)
smp_execute_task_sg() | sas_task_internal_timedout()
... |
del_timer() |
... | ...
sas_free_task(task) |
kfree(task->slow_task) //FREE|
| task->slow_task->... //USE
Fix by calling del_timer_sync() in smp_execute_task_sg(), which makes sure
the timer handler have finished before the "task->slow_task" is
deallocated.
Link: https://lore.kernel.org/r/20220920144213.10536-1-duoming@zju.edu.cn
Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver")
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/libsas/sas_expander.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
index fa2209080cc2..5ce251830104 100644
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -67,7 +67,7 @@ static int smp_execute_task_sg(struct domain_device *dev,
res = i->dft->lldd_execute_task(task, GFP_KERNEL);
if (res) {
- del_timer(&task->slow_task->timer);
+ del_timer_sync(&task->slow_task->timer);
pr_notice("executing SMP task failed:%d\n", res);
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 566/862] scsi: pm8001: Fix running_req for internal abort commands
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (564 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 565/862] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 567/862] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Greg Kroah-Hartman
` (310 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Wang, John Garry,
Martin K. Petersen, Sasha Levin
From: John Garry <john.garry@huawei.com>
[ Upstream commit d8c22c4697c11ed28062afe3c2b377025be11a23 ]
Disabling the remote phy for a SATA disk causes a hang:
root@(none)$ more /sys/class/sas_phy/phy-0:0:8/target_port_protocols
sata
root@(none)$ echo 0 > sys/class/sas_phy/phy-0:0:8/enable
root@(none)$ [ 67.855950] sas: ex 500e004aaaaaaa1f phy08 change count has changed
[ 67.920585] sd 0:0:2:0: [sdc] Synchronizing SCSI cache
[ 67.925780] sd 0:0:2:0: [sdc] Synchronize Cache(10) failed: Result: hostbyte=0x04 driverbyte=DRIVER_OK
[ 67.935094] sd 0:0:2:0: [sdc] Stopping disk
[ 67.939305] sd 0:0:2:0: [sdc] Start/Stop Unit failed: Result: hostbyte=0x04 driverbyte=DRIVER_OK
...
[ 123.998998] INFO: task kworker/u192:1:642 blocked for more than 30 seconds.
[ 124.005960] Not tainted 6.0.0-rc1-205202-gf26f8f761e83 #218
[ 124.012049] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 124.019872] task:kworker/u192:1 state:D stack:0 pid: 642 ppid: 2 flags:0x00000008
[ 124.028223] Workqueue: 0000:04:00.0_event_q sas_port_event_worker
[ 124.034319] Call trace:
[ 124.036758] __switch_to+0x128/0x278
[ 124.040333] __schedule+0x434/0xa58
[ 124.043820] schedule+0x94/0x138
[ 124.047045] schedule_timeout+0x2fc/0x368
[ 124.051052] wait_for_completion+0xdc/0x200
[ 124.055234] __flush_workqueue+0x1a8/0x708
[ 124.059328] sas_porte_broadcast_rcvd+0xa8/0xc0
[ 124.063858] sas_port_event_worker+0x60/0x98
[ 124.068126] process_one_work+0x3f8/0x660
[ 124.072134] worker_thread+0x70/0x700
[ 124.075793] kthread+0x1a4/0x1b8
[ 124.079014] ret_from_fork+0x10/0x20
The issue is that the per-device running_req read in
pm8001_dev_gone_notify() never goes to zero and we never make progress.
This is caused by missing accounting for running_req for when an internal
abort command completes.
In commit 2cbbf489778e ("scsi: pm8001: Use libsas internal abort support")
we started to send internal abort commands as a proper sas_task. In this
when we deliver a sas_task to HW the per-device running_req is incremented
in pm8001_queue_command(). However it is never decremented for internal
abort commnds, so decrement in pm8001_mpi_task_abort_resp().
Link: https://lore.kernel.org/r/1663854664-76165-1-git-send-email-john.garry@huawei.com
Fixes: 2cbbf489778e ("scsi: pm8001: Use libsas internal abort support")
Acked-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/pm8001/pm8001_hwi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c
index 91d78d0a38fe..628b08ba6770 100644
--- a/drivers/scsi/pm8001/pm8001_hwi.c
+++ b/drivers/scsi/pm8001/pm8001_hwi.c
@@ -3612,6 +3612,10 @@ int pm8001_mpi_task_abort_resp(struct pm8001_hba_info *pm8001_ha, void *piomb)
pm8001_dbg(pm8001_ha, FAIL, " TASK NULL. RETURNING !!!\n");
return -1;
}
+
+ if (t->task_proto == SAS_PROTOCOL_INTERNAL_ABORT)
+ atomic_dec(&pm8001_dev->running_req);
+
ts = &t->task_status;
if (status != 0)
pm8001_dbg(pm8001_ha, FAIL, "task abort failed status 0x%x ,tag = 0x%x, scp= 0x%x\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 567/862] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (565 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 566/862] scsi: pm8001: Fix running_req for internal abort commands Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 568/862] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Greg Kroah-Hartman
` (309 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Christie, Martin K. Petersen,
Sasha Levin
From: Mike Christie <michael.christie@oracle.com>
[ Upstream commit 57569c37f0add1b6489e1a1563c71519daf732cf ]
Fix a NULL pointer crash that occurs when we are freeing the socket at the
same time we access it via sysfs.
The problem is that:
1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take
the frwd_lock and do sock_hold() then drop the frwd_lock. sock_hold()
does a get on the "struct sock".
2. iscsi_sw_tcp_release_conn() does sockfd_put() which does the last put
on the "struct socket" and that does __sock_release() which sets the
sock->ops to NULL.
3. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() then
call kernel_getpeername() which accesses the NULL sock->ops.
Above we do a get on the "struct sock", but we needed a get on the "struct
socket". Originally, we just held the frwd_lock the entire time but in
commit bcf3a2953d36 ("scsi: iscsi: iscsi_tcp: Avoid holding spinlock while
calling getpeername()") we switched to refcount based because the network
layer changed and started taking a mutex in that path, so we could no
longer hold the frwd_lock.
Instead of trying to maintain multiple refcounts, this just has us use a
mutex for accessing the socket in the interface code paths.
Link: https://lore.kernel.org/r/20220907221700.10302-1-michael.christie@oracle.com
Fixes: bcf3a2953d36 ("scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername()")
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/iscsi_tcp.c | 73 ++++++++++++++++++++++++++++------------
drivers/scsi/iscsi_tcp.h | 3 ++
2 files changed, 55 insertions(+), 21 deletions(-)
diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index 29b1bd755afe..5fb1f364e815 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -595,6 +595,8 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session *cls_session,
INIT_WORK(&conn->recvwork, iscsi_sw_tcp_recv_data_work);
tcp_sw_conn->queue_recv = iscsi_recv_from_iscsi_q;
+ mutex_init(&tcp_sw_conn->sock_lock);
+
tfm = crypto_alloc_ahash("crc32c", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm))
goto free_conn;
@@ -629,11 +631,15 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session *cls_session,
static void iscsi_sw_tcp_release_conn(struct iscsi_conn *conn)
{
- struct iscsi_session *session = conn->session;
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
struct socket *sock = tcp_sw_conn->sock;
+ /*
+ * The iscsi transport class will make sure we are not called in
+ * parallel with start, stop, bind and destroys. However, this can be
+ * called twice if userspace does a stop then a destroy.
+ */
if (!sock)
return;
@@ -649,9 +655,9 @@ static void iscsi_sw_tcp_release_conn(struct iscsi_conn *conn)
iscsi_suspend_rx(conn);
- spin_lock_bh(&session->frwd_lock);
+ mutex_lock(&tcp_sw_conn->sock_lock);
tcp_sw_conn->sock = NULL;
- spin_unlock_bh(&session->frwd_lock);
+ mutex_unlock(&tcp_sw_conn->sock_lock);
sockfd_put(sock);
}
@@ -703,7 +709,6 @@ iscsi_sw_tcp_conn_bind(struct iscsi_cls_session *cls_session,
struct iscsi_cls_conn *cls_conn, uint64_t transport_eph,
int is_leading)
{
- struct iscsi_session *session = cls_session->dd_data;
struct iscsi_conn *conn = cls_conn->dd_data;
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
@@ -723,10 +728,10 @@ iscsi_sw_tcp_conn_bind(struct iscsi_cls_session *cls_session,
if (err)
goto free_socket;
- spin_lock_bh(&session->frwd_lock);
+ mutex_lock(&tcp_sw_conn->sock_lock);
/* bind iSCSI connection and socket */
tcp_sw_conn->sock = sock;
- spin_unlock_bh(&session->frwd_lock);
+ mutex_unlock(&tcp_sw_conn->sock_lock);
/* setup Socket parameters */
sk = sock->sk;
@@ -763,8 +768,15 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn,
break;
case ISCSI_PARAM_DATADGST_EN:
iscsi_set_param(cls_conn, param, buf, buflen);
+
+ mutex_lock(&tcp_sw_conn->sock_lock);
+ if (!tcp_sw_conn->sock) {
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+ return -ENOTCONN;
+ }
tcp_sw_conn->sendpage = conn->datadgst_en ?
sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage;
+ mutex_unlock(&tcp_sw_conn->sock_lock);
break;
case ISCSI_PARAM_MAX_R2T:
return iscsi_tcp_set_max_r2t(conn, buf);
@@ -779,8 +791,8 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
enum iscsi_param param, char *buf)
{
struct iscsi_conn *conn = cls_conn->dd_data;
- struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
- struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
+ struct iscsi_sw_tcp_conn *tcp_sw_conn;
+ struct iscsi_tcp_conn *tcp_conn;
struct sockaddr_in6 addr;
struct socket *sock;
int rc;
@@ -790,21 +802,36 @@ static int iscsi_sw_tcp_conn_get_param(struct iscsi_cls_conn *cls_conn,
case ISCSI_PARAM_CONN_ADDRESS:
case ISCSI_PARAM_LOCAL_PORT:
spin_lock_bh(&conn->session->frwd_lock);
- if (!tcp_sw_conn || !tcp_sw_conn->sock) {
+ if (!conn->session->leadconn) {
spin_unlock_bh(&conn->session->frwd_lock);
return -ENOTCONN;
}
- sock = tcp_sw_conn->sock;
- sock_hold(sock->sk);
+ /*
+ * The conn has been setup and bound, so just grab a ref
+ * incase a destroy runs while we are in the net layer.
+ */
+ iscsi_get_conn(conn->cls_conn);
spin_unlock_bh(&conn->session->frwd_lock);
+ tcp_conn = conn->dd_data;
+ tcp_sw_conn = tcp_conn->dd_data;
+
+ mutex_lock(&tcp_sw_conn->sock_lock);
+ sock = tcp_sw_conn->sock;
+ if (!sock) {
+ rc = -ENOTCONN;
+ goto sock_unlock;
+ }
+
if (param == ISCSI_PARAM_LOCAL_PORT)
rc = kernel_getsockname(sock,
(struct sockaddr *)&addr);
else
rc = kernel_getpeername(sock,
(struct sockaddr *)&addr);
- sock_put(sock->sk);
+sock_unlock:
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+ iscsi_put_conn(conn->cls_conn);
if (rc < 0)
return rc;
@@ -842,17 +869,21 @@ static int iscsi_sw_tcp_host_get_param(struct Scsi_Host *shost,
}
tcp_conn = conn->dd_data;
tcp_sw_conn = tcp_conn->dd_data;
- sock = tcp_sw_conn->sock;
- if (!sock) {
- spin_unlock_bh(&session->frwd_lock);
- return -ENOTCONN;
- }
- sock_hold(sock->sk);
+ /*
+ * The conn has been setup and bound, so just grab a ref
+ * incase a destroy runs while we are in the net layer.
+ */
+ iscsi_get_conn(conn->cls_conn);
spin_unlock_bh(&session->frwd_lock);
- rc = kernel_getsockname(sock,
- (struct sockaddr *)&addr);
- sock_put(sock->sk);
+ mutex_lock(&tcp_sw_conn->sock_lock);
+ sock = tcp_sw_conn->sock;
+ if (!sock)
+ rc = -ENOTCONN;
+ else
+ rc = kernel_getsockname(sock, (struct sockaddr *)&addr);
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+ iscsi_put_conn(conn->cls_conn);
if (rc < 0)
return rc;
diff --git a/drivers/scsi/iscsi_tcp.h b/drivers/scsi/iscsi_tcp.h
index 850a018aefb9..68e14a344904 100644
--- a/drivers/scsi/iscsi_tcp.h
+++ b/drivers/scsi/iscsi_tcp.h
@@ -28,6 +28,9 @@ struct iscsi_sw_tcp_send {
struct iscsi_sw_tcp_conn {
struct socket *sock;
+ /* Taken when accessing the sock from the netlink/sysfs interface */
+ struct mutex sock_lock;
+
struct work_struct recvwork;
bool queue_recv;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 568/862] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (566 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 567/862] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 569/862] clk: qcom: gcc-sm6115: Override default Alpha PLL regs Greg Kroah-Hartman
` (308 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Marko, Dmitry Baryshkov,
Bjorn Andersson, Sasha Levin
From: Robert Marko <robimarko@gmail.com>
[ Upstream commit 86e78995c93ee182433f965babfccd48417d4dcf ]
While fixing up the driver I noticed that my IPQ8074 board was hanging
after CPUFreq switched the frequency during boot, WDT would eventually
reset it.
So mark apcs_alias0_core_clk as critical since its the clock feeding the
CPU cluster and must never be disabled.
Fixes: 5e77b4ef1b19 ("clk: qcom: Add ipq6018 apss clock controller")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220818220628.339366-3-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/apss-ipq6018.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/qcom/apss-ipq6018.c b/drivers/clk/qcom/apss-ipq6018.c
index d78ff2f310bf..b5d93657e1ee 100644
--- a/drivers/clk/qcom/apss-ipq6018.c
+++ b/drivers/clk/qcom/apss-ipq6018.c
@@ -57,7 +57,7 @@ static struct clk_branch apcs_alias0_core_clk = {
.parent_hws = (const struct clk_hw *[]){
&apcs_alias0_clk_src.clkr.hw },
.num_parents = 1,
- .flags = CLK_SET_RATE_PARENT,
+ .flags = CLK_SET_RATE_PARENT | CLK_IS_CRITICAL,
.ops = &clk_branch2_ops,
},
},
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 569/862] clk: qcom: gcc-sm6115: Override default Alpha PLL regs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (567 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 568/862] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 570/862] nvmet-auth: dont try to cancel a non-initialized work_struct Greg Kroah-Hartman
` (307 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Skladowski, Iskren Chernev,
Bjorn Andersson, Sasha Levin
From: Adam Skladowski <a_skl39@protonmail.com>
[ Upstream commit 068a0605ef5a6b430e7278c169bfcd25b680b28f ]
The DEFAULT and BRAMMO PLL offsets are non-standard in downstream, but
currently only BRAMMO ones are overridden. Override DEFAULT ones too.
A very similar thing is happening in gcc-qcm2290 driver.
Fixes: cbe63bfdc54f ("clk: qcom: Add Global Clock controller (GCC) driver for SM6115")
Signed-off-by: Adam Skladowski <a_skl39@protonmail.com>
Signed-off-by: Iskren Chernev <iskren.chernev@gmail.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220830075620.974009-2-iskren.chernev@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-sm6115.c | 46 +++++++++++++++++++++++------------
1 file changed, 30 insertions(+), 16 deletions(-)
diff --git a/drivers/clk/qcom/gcc-sm6115.c b/drivers/clk/qcom/gcc-sm6115.c
index 68fe9f6f0d2f..e24a977c2580 100644
--- a/drivers/clk/qcom/gcc-sm6115.c
+++ b/drivers/clk/qcom/gcc-sm6115.c
@@ -53,11 +53,25 @@ static struct pll_vco gpll10_vco[] = {
{ 750000000, 1500000000, 1 },
};
+static const u8 clk_alpha_pll_regs_offset[][PLL_OFF_MAX_REGS] = {
+ [CLK_ALPHA_PLL_TYPE_DEFAULT] = {
+ [PLL_OFF_L_VAL] = 0x04,
+ [PLL_OFF_ALPHA_VAL] = 0x08,
+ [PLL_OFF_ALPHA_VAL_U] = 0x0c,
+ [PLL_OFF_TEST_CTL] = 0x10,
+ [PLL_OFF_TEST_CTL_U] = 0x14,
+ [PLL_OFF_USER_CTL] = 0x18,
+ [PLL_OFF_USER_CTL_U] = 0x1c,
+ [PLL_OFF_CONFIG_CTL] = 0x20,
+ [PLL_OFF_STATUS] = 0x24,
+ },
+};
+
static struct clk_alpha_pll gpll0 = {
.offset = 0x0,
.vco_table = default_vco,
.num_vco = ARRAY_SIZE(default_vco),
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr = {
.enable_reg = 0x79000,
.enable_mask = BIT(0),
@@ -83,7 +97,7 @@ static struct clk_alpha_pll_postdiv gpll0_out_aux2 = {
.post_div_table = post_div_table_gpll0_out_aux2,
.num_post_div = ARRAY_SIZE(post_div_table_gpll0_out_aux2),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll0_out_aux2",
.parent_hws = (const struct clk_hw *[]){ &gpll0.clkr.hw },
@@ -115,7 +129,7 @@ static struct clk_alpha_pll_postdiv gpll0_out_main = {
.post_div_table = post_div_table_gpll0_out_main,
.num_post_div = ARRAY_SIZE(post_div_table_gpll0_out_main),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll0_out_main",
.parent_hws = (const struct clk_hw *[]){ &gpll0.clkr.hw },
@@ -137,7 +151,7 @@ static struct clk_alpha_pll gpll10 = {
.offset = 0xa000,
.vco_table = gpll10_vco,
.num_vco = ARRAY_SIZE(gpll10_vco),
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr = {
.enable_reg = 0x79000,
.enable_mask = BIT(10),
@@ -163,7 +177,7 @@ static struct clk_alpha_pll_postdiv gpll10_out_main = {
.post_div_table = post_div_table_gpll10_out_main,
.num_post_div = ARRAY_SIZE(post_div_table_gpll10_out_main),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll10_out_main",
.parent_hws = (const struct clk_hw *[]){ &gpll10.clkr.hw },
@@ -189,7 +203,7 @@ static struct clk_alpha_pll gpll11 = {
.vco_table = default_vco,
.num_vco = ARRAY_SIZE(default_vco),
.flags = SUPPORTS_DYNAMIC_UPDATE,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr = {
.enable_reg = 0x79000,
.enable_mask = BIT(11),
@@ -215,7 +229,7 @@ static struct clk_alpha_pll_postdiv gpll11_out_main = {
.post_div_table = post_div_table_gpll11_out_main,
.num_post_div = ARRAY_SIZE(post_div_table_gpll11_out_main),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll11_out_main",
.parent_hws = (const struct clk_hw *[]){ &gpll11.clkr.hw },
@@ -229,7 +243,7 @@ static struct clk_alpha_pll gpll3 = {
.offset = 0x3000,
.vco_table = default_vco,
.num_vco = ARRAY_SIZE(default_vco),
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr = {
.enable_reg = 0x79000,
.enable_mask = BIT(3),
@@ -248,7 +262,7 @@ static struct clk_alpha_pll gpll4 = {
.offset = 0x4000,
.vco_table = default_vco,
.num_vco = ARRAY_SIZE(default_vco),
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr = {
.enable_reg = 0x79000,
.enable_mask = BIT(4),
@@ -274,7 +288,7 @@ static struct clk_alpha_pll_postdiv gpll4_out_main = {
.post_div_table = post_div_table_gpll4_out_main,
.num_post_div = ARRAY_SIZE(post_div_table_gpll4_out_main),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll4_out_main",
.parent_hws = (const struct clk_hw *[]){ &gpll4.clkr.hw },
@@ -287,7 +301,7 @@ static struct clk_alpha_pll gpll6 = {
.offset = 0x6000,
.vco_table = default_vco,
.num_vco = ARRAY_SIZE(default_vco),
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr = {
.enable_reg = 0x79000,
.enable_mask = BIT(6),
@@ -313,7 +327,7 @@ static struct clk_alpha_pll_postdiv gpll6_out_main = {
.post_div_table = post_div_table_gpll6_out_main,
.num_post_div = ARRAY_SIZE(post_div_table_gpll6_out_main),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll6_out_main",
.parent_hws = (const struct clk_hw *[]){ &gpll6.clkr.hw },
@@ -326,7 +340,7 @@ static struct clk_alpha_pll gpll7 = {
.offset = 0x7000,
.vco_table = default_vco,
.num_vco = ARRAY_SIZE(default_vco),
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr = {
.enable_reg = 0x79000,
.enable_mask = BIT(7),
@@ -352,7 +366,7 @@ static struct clk_alpha_pll_postdiv gpll7_out_main = {
.post_div_table = post_div_table_gpll7_out_main,
.num_post_div = ARRAY_SIZE(post_div_table_gpll7_out_main),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll7_out_main",
.parent_hws = (const struct clk_hw *[]){ &gpll7.clkr.hw },
@@ -380,7 +394,7 @@ static struct clk_alpha_pll gpll8 = {
.offset = 0x8000,
.vco_table = default_vco,
.num_vco = ARRAY_SIZE(default_vco),
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.flags = SUPPORTS_DYNAMIC_UPDATE,
.clkr = {
.enable_reg = 0x79000,
@@ -407,7 +421,7 @@ static struct clk_alpha_pll_postdiv gpll8_out_main = {
.post_div_table = post_div_table_gpll8_out_main,
.num_post_div = ARRAY_SIZE(post_div_table_gpll8_out_main),
.width = 4,
- .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_DEFAULT],
+ .regs = clk_alpha_pll_regs_offset[CLK_ALPHA_PLL_TYPE_DEFAULT],
.clkr.hw.init = &(struct clk_init_data){
.name = "gpll8_out_main",
.parent_hws = (const struct clk_hw *[]){ &gpll8.clkr.hw },
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 570/862] nvmet-auth: dont try to cancel a non-initialized work_struct
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (568 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 569/862] clk: qcom: gcc-sm6115: Override default Alpha PLL regs Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 571/862] RDMA/rxe: Set pd early in mr alloc routines Greg Kroah-Hartman
` (306 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Sagi Grimberg,
Hannes Reinecke, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 1befd944e05050d76950014f3dc04ed47faba2c3 ]
Currently blktests nvme/002 trips up debugobjects if CONFIG_NVME_AUTH is
enabled, but authentication is not on a queue. This is because
nvmet_auth_sq_free cancels sq->auth_expired_work unconditionaly, while
auth_expired_work is only ever initialized if authentication is enabled
for a given controller.
Fix this by calling most of what is nvmet_init_auth unconditionally
when initializing the SQ, and just do the setting of the result
field in the connect command handler.
Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/core.c | 1 +
drivers/nvme/target/fabrics-cmd-auth.c | 13 ++++---------
drivers/nvme/target/fabrics-cmd.c | 6 ++++--
drivers/nvme/target/nvmet.h | 7 ++++---
4 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c
index 7f4083cf953a..14677145bbba 100644
--- a/drivers/nvme/target/core.c
+++ b/drivers/nvme/target/core.c
@@ -832,6 +832,7 @@ int nvmet_sq_init(struct nvmet_sq *sq)
}
init_completion(&sq->free_done);
init_completion(&sq->confirm_done);
+ nvmet_auth_sq_init(sq);
return 0;
}
diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
index ebdf9aa81041..0c078b6b1447 100644
--- a/drivers/nvme/target/fabrics-cmd-auth.c
+++ b/drivers/nvme/target/fabrics-cmd-auth.c
@@ -23,17 +23,12 @@ static void nvmet_auth_expired_work(struct work_struct *work)
sq->dhchap_tid = -1;
}
-void nvmet_init_auth(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
+void nvmet_auth_sq_init(struct nvmet_sq *sq)
{
- u32 result = le32_to_cpu(req->cqe->result.u32);
-
/* Initialize in-band authentication */
- INIT_DELAYED_WORK(&req->sq->auth_expired_work,
- nvmet_auth_expired_work);
- req->sq->authenticated = false;
- req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE;
- result |= (u32)NVME_CONNECT_AUTHREQ_ATR << 16;
- req->cqe->result.u32 = cpu_to_le32(result);
+ INIT_DELAYED_WORK(&sq->auth_expired_work, nvmet_auth_expired_work);
+ sq->authenticated = false;
+ sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE;
}
static u16 nvmet_auth_negotiate(struct nvmet_req *req, void *d)
diff --git a/drivers/nvme/target/fabrics-cmd.c b/drivers/nvme/target/fabrics-cmd.c
index f91a56180d3d..bd739d8b6991 100644
--- a/drivers/nvme/target/fabrics-cmd.c
+++ b/drivers/nvme/target/fabrics-cmd.c
@@ -272,7 +272,8 @@ static void nvmet_execute_admin_connect(struct nvmet_req *req)
req->cqe->result.u16 = cpu_to_le16(ctrl->cntlid);
if (nvmet_has_auth(ctrl))
- nvmet_init_auth(ctrl, req);
+ req->cqe->result.u32 |=
+ cpu_to_le32((u32)NVME_CONNECT_AUTHREQ_ATR << 16);
out:
kfree(d);
complete:
@@ -334,7 +335,8 @@ static void nvmet_execute_io_connect(struct nvmet_req *req)
pr_debug("adding queue %d to ctrl %d.\n", qid, ctrl->cntlid);
req->cqe->result.u16 = cpu_to_le16(ctrl->cntlid);
if (nvmet_has_auth(ctrl))
- nvmet_init_auth(ctrl, req);
+ req->cqe->result.u32 |=
+ cpu_to_le32((u32)NVME_CONNECT_AUTHREQ_ATR << 16);
out:
kfree(d);
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index 6ffeeb0a1c49..dfe3894205aa 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -704,7 +704,7 @@ int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
bool set_ctrl);
int nvmet_auth_set_host_hash(struct nvmet_host *host, const char *hash);
int nvmet_setup_auth(struct nvmet_ctrl *ctrl);
-void nvmet_init_auth(struct nvmet_ctrl *ctrl, struct nvmet_req *req);
+void nvmet_auth_sq_init(struct nvmet_sq *sq);
void nvmet_destroy_auth(struct nvmet_ctrl *ctrl);
void nvmet_auth_sq_free(struct nvmet_sq *sq);
int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id);
@@ -726,8 +726,9 @@ static inline int nvmet_setup_auth(struct nvmet_ctrl *ctrl)
{
return 0;
}
-static inline void nvmet_init_auth(struct nvmet_ctrl *ctrl,
- struct nvmet_req *req) {};
+static inline void nvmet_auth_sq_init(struct nvmet_sq *sq)
+{
+}
static inline void nvmet_destroy_auth(struct nvmet_ctrl *ctrl) {};
static inline void nvmet_auth_sq_free(struct nvmet_sq *sq) {};
static inline bool nvmet_check_auth_status(struct nvmet_req *req)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 571/862] RDMA/rxe: Set pd early in mr alloc routines
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (569 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 570/862] nvmet-auth: dont try to cancel a non-initialized work_struct Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 572/862] RDMA/rxe: Fix resize_finish() in rxe_queue.c Greg Kroah-Hartman
` (305 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bob Pearson, Li Zhijian,
Jason Gunthorpe, Sasha Levin
From: Bob Pearson <rpearsonhpe@gmail.com>
[ Upstream commit 58651bbb30f87dab474eff31ab564391aa6ea1f3 ]
Move setting of pd in mr objects ahead of any possible errors so that it
will always be set in rxe_mr_cleanup() to avoid seg faults when
rxe_put(mr_pd(mr)) is called.
Fixes: cf40367961d8 ("RDMA/rxe: Move mr cleanup code to rxe_mr_cleanup()")
Link: https://lore.kernel.org/r/20220805183153.32007-2-rpearsonhpe@gmail.com
Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_loc.h | 6 +++---
drivers/infiniband/sw/rxe/rxe_mr.c | 11 ++++-------
drivers/infiniband/sw/rxe/rxe_verbs.c | 12 +++++++-----
3 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_loc.h b/drivers/infiniband/sw/rxe/rxe_loc.h
index 22f6cc31d1d6..c2a5c8814a48 100644
--- a/drivers/infiniband/sw/rxe/rxe_loc.h
+++ b/drivers/infiniband/sw/rxe/rxe_loc.h
@@ -64,10 +64,10 @@ int rxe_mmap(struct ib_ucontext *context, struct vm_area_struct *vma);
/* rxe_mr.c */
u8 rxe_get_next_key(u32 last_key);
-void rxe_mr_init_dma(struct rxe_pd *pd, int access, struct rxe_mr *mr);
-int rxe_mr_init_user(struct rxe_pd *pd, u64 start, u64 length, u64 iova,
+void rxe_mr_init_dma(int access, struct rxe_mr *mr);
+int rxe_mr_init_user(struct rxe_dev *rxe, u64 start, u64 length, u64 iova,
int access, struct rxe_mr *mr);
-int rxe_mr_init_fast(struct rxe_pd *pd, int max_pages, struct rxe_mr *mr);
+int rxe_mr_init_fast(int max_pages, struct rxe_mr *mr);
int rxe_mr_copy(struct rxe_mr *mr, u64 iova, void *addr, int length,
enum rxe_mr_copy_dir dir);
int copy_data(struct rxe_pd *pd, int access, struct rxe_dma_info *dma,
diff --git a/drivers/infiniband/sw/rxe/rxe_mr.c b/drivers/infiniband/sw/rxe/rxe_mr.c
index 850b80f5ad8b..af34f198e645 100644
--- a/drivers/infiniband/sw/rxe/rxe_mr.c
+++ b/drivers/infiniband/sw/rxe/rxe_mr.c
@@ -103,17 +103,16 @@ static int rxe_mr_alloc(struct rxe_mr *mr, int num_buf)
return -ENOMEM;
}
-void rxe_mr_init_dma(struct rxe_pd *pd, int access, struct rxe_mr *mr)
+void rxe_mr_init_dma(int access, struct rxe_mr *mr)
{
rxe_mr_init(access, mr);
- mr->ibmr.pd = &pd->ibpd;
mr->access = access;
mr->state = RXE_MR_STATE_VALID;
mr->type = IB_MR_TYPE_DMA;
}
-int rxe_mr_init_user(struct rxe_pd *pd, u64 start, u64 length, u64 iova,
+int rxe_mr_init_user(struct rxe_dev *rxe, u64 start, u64 length, u64 iova,
int access, struct rxe_mr *mr)
{
struct rxe_map **map;
@@ -125,7 +124,7 @@ int rxe_mr_init_user(struct rxe_pd *pd, u64 start, u64 length, u64 iova,
int err;
int i;
- umem = ib_umem_get(pd->ibpd.device, start, length, access);
+ umem = ib_umem_get(&rxe->ib_dev, start, length, access);
if (IS_ERR(umem)) {
pr_warn("%s: Unable to pin memory region err = %d\n",
__func__, (int)PTR_ERR(umem));
@@ -175,7 +174,6 @@ int rxe_mr_init_user(struct rxe_pd *pd, u64 start, u64 length, u64 iova,
}
}
- mr->ibmr.pd = &pd->ibpd;
mr->umem = umem;
mr->access = access;
mr->length = length;
@@ -197,7 +195,7 @@ int rxe_mr_init_user(struct rxe_pd *pd, u64 start, u64 length, u64 iova,
return err;
}
-int rxe_mr_init_fast(struct rxe_pd *pd, int max_pages, struct rxe_mr *mr)
+int rxe_mr_init_fast(int max_pages, struct rxe_mr *mr)
{
int err;
@@ -208,7 +206,6 @@ int rxe_mr_init_fast(struct rxe_pd *pd, int max_pages, struct rxe_mr *mr)
if (err)
goto err1;
- mr->ibmr.pd = &pd->ibpd;
mr->max_buf = max_pages;
mr->state = RXE_MR_STATE_FREE;
mr->type = IB_MR_TYPE_MEM_REG;
diff --git a/drivers/infiniband/sw/rxe/rxe_verbs.c b/drivers/infiniband/sw/rxe/rxe_verbs.c
index e264cf69bf55..f54a3eba652f 100644
--- a/drivers/infiniband/sw/rxe/rxe_verbs.c
+++ b/drivers/infiniband/sw/rxe/rxe_verbs.c
@@ -903,7 +903,9 @@ static struct ib_mr *rxe_get_dma_mr(struct ib_pd *ibpd, int access)
return ERR_PTR(-ENOMEM);
rxe_get(pd);
- rxe_mr_init_dma(pd, access, mr);
+ mr->ibmr.pd = ibpd;
+
+ rxe_mr_init_dma(access, mr);
rxe_finalize(mr);
return &mr->ibmr;
@@ -928,8 +930,9 @@ static struct ib_mr *rxe_reg_user_mr(struct ib_pd *ibpd,
rxe_get(pd);
+ mr->ibmr.pd = ibpd;
- err = rxe_mr_init_user(pd, start, length, iova, access, mr);
+ err = rxe_mr_init_user(rxe, start, length, iova, access, mr);
if (err)
goto err3;
@@ -938,7 +941,6 @@ static struct ib_mr *rxe_reg_user_mr(struct ib_pd *ibpd,
return &mr->ibmr;
err3:
- rxe_put(pd);
rxe_cleanup(mr);
err2:
return ERR_PTR(err);
@@ -962,8 +964,9 @@ static struct ib_mr *rxe_alloc_mr(struct ib_pd *ibpd, enum ib_mr_type mr_type,
}
rxe_get(pd);
+ mr->ibmr.pd = ibpd;
- err = rxe_mr_init_fast(pd, max_num_sg, mr);
+ err = rxe_mr_init_fast(max_num_sg, mr);
if (err)
goto err2;
@@ -972,7 +975,6 @@ static struct ib_mr *rxe_alloc_mr(struct ib_pd *ibpd, enum ib_mr_type mr_type,
return &mr->ibmr;
err2:
- rxe_put(pd);
rxe_cleanup(mr);
err1:
return ERR_PTR(err);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 572/862] RDMA/rxe: Fix resize_finish() in rxe_queue.c
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (570 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 571/862] RDMA/rxe: Set pd early in mr alloc routines Greg Kroah-Hartman
@ 2022-10-19 8:30 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 573/862] fsi: core: Check error number after calling ida_simple_get Greg Kroah-Hartman
` (304 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bob Pearson, Li Zhijian,
Jason Gunthorpe, Sasha Levin
From: Bob Pearson <rpearsonhpe@gmail.com>
[ Upstream commit fda5d0cf8aef12f0a4f714a96a4b2fce039a3e55 ]
Currently in resize_finish() in rxe_queue.c there is a loop which copies
the entries in the original queue into a newly allocated queue. The
termination logic for this loop is incorrect. The call to
queue_next_index() updates cons but has no effect on whether the queue is
empty. So if the queue starts out empty nothing is copied but if it is not
then the loop will run forever. This patch changes the loop to compare the
value of cons to the original producer index.
Fixes: ae6e843fe08d0 ("RDMA/rxe: Add memory barriers to kernel queues")
Link: https://lore.kernel.org/r/20220825221446.6512-1-rpearsonhpe@gmail.com
Signed-off-by: Bob Pearson <rpearsonhpe@gmail.com>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_queue.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_queue.c b/drivers/infiniband/sw/rxe/rxe_queue.c
index dbd4971039c0..d6dbf5a0058d 100644
--- a/drivers/infiniband/sw/rxe/rxe_queue.c
+++ b/drivers/infiniband/sw/rxe/rxe_queue.c
@@ -112,23 +112,25 @@ static int resize_finish(struct rxe_queue *q, struct rxe_queue *new_q,
unsigned int num_elem)
{
enum queue_type type = q->type;
+ u32 new_prod;
u32 prod;
u32 cons;
if (!queue_empty(q, q->type) && (num_elem < queue_count(q, type)))
return -EINVAL;
- prod = queue_get_producer(new_q, type);
+ new_prod = queue_get_producer(new_q, type);
+ prod = queue_get_producer(q, type);
cons = queue_get_consumer(q, type);
- while (!queue_empty(q, type)) {
- memcpy(queue_addr_from_index(new_q, prod),
+ while ((prod - cons) & q->index_mask) {
+ memcpy(queue_addr_from_index(new_q, new_prod),
queue_addr_from_index(q, cons), new_q->elem_size);
- prod = queue_next_index(new_q, prod);
+ new_prod = queue_next_index(new_q, new_prod);
cons = queue_next_index(q, cons);
}
- new_q->buf->producer_index = prod;
+ new_q->buf->producer_index = new_prod;
q->buf->consumer_index = cons;
/* update private index copies */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 573/862] fsi: core: Check error number after calling ida_simple_get
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (571 preceding siblings ...)
2022-10-19 8:30 ` [PATCH 6.0 572/862] RDMA/rxe: Fix resize_finish() in rxe_queue.c Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 574/862] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Greg Kroah-Hartman
` (303 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Eddie James,
Joel Stanley, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 35af9fb49bc5c6d61ef70b501c3a56fe161cce3e ]
If allocation fails, the ida_simple_get() will return error number.
So master->idx could be error number and be used in dev_set_name().
Therefore, it should be better to check it and return error if fails,
like the ida_simple_get() in __fsi_get_new_minor().
Fixes: 09aecfab93b8 ("drivers/fsi: Add fsi master definition")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Eddie James <eajames@linux.ibm.com>
Link: https://lore.kernel.org/r/20220111073411.614138-1-jiasheng@iscas.ac.cn
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fsi/fsi-core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c
index 3a7b78e36701..5858e6339a10 100644
--- a/drivers/fsi/fsi-core.c
+++ b/drivers/fsi/fsi-core.c
@@ -1314,6 +1314,9 @@ int fsi_master_register(struct fsi_master *master)
mutex_init(&master->scan_lock);
master->idx = ida_simple_get(&master_ida, 0, INT_MAX, GFP_KERNEL);
+ if (master->idx < 0)
+ return master->idx;
+
dev_set_name(&master->dev, "fsi%d", master->idx);
master->dev.class = &fsi_master_class;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 574/862] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (572 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 573/862] fsi: core: Check error number after calling ida_simple_get Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 575/862] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Greg Kroah-Hartman
` (302 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Andy Shevchenko,
Hans de Goede, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 48749cabba109397b4e7dd556e85718ec0ec114d ]
The commit in Fixes: has added a pwm_add_table() call in the probe() and
a pwm_remove_table() call in the remove(), but forget to update the error
handling path of the probe.
Add the missing pwm_remove_table() call.
Fixes: a3aa9a93df9f ("mfd: intel_soc_pmic_core: ADD PWM lookup table for CRC PMIC based PWM")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20220801114211.36267-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/intel_soc_pmic_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mfd/intel_soc_pmic_core.c b/drivers/mfd/intel_soc_pmic_core.c
index 5e8c94e008ed..85d070bce0e2 100644
--- a/drivers/mfd/intel_soc_pmic_core.c
+++ b/drivers/mfd/intel_soc_pmic_core.c
@@ -77,6 +77,7 @@ static int intel_soc_pmic_i2c_probe(struct i2c_client *i2c,
return 0;
err_del_irq_chip:
+ pwm_remove_table(crc_pwm_lookup, ARRAY_SIZE(crc_pwm_lookup));
regmap_del_irq_chip(pmic->irq, pmic->irq_chip_data);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 575/862] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (573 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 574/862] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 576/862] mfd: lp8788: Fix an error handling path in lp8788_probe() Greg Kroah-Hartman
` (301 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 3fa9e4cfb55da512ebfd57336fde468830719298 ]
If devm_of_platform_populate() fails, some resources need to be
released.
Introduce a mx25_tsadc_unset_irq() function that undoes
mx25_tsadc_setup_irq() and call it both from the new error handling path
of the probe and in the remove function.
Fixes: a55196eff6d6 ("mfd: fsl-imx25: Use devm_of_platform_populate()")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/d404e04828fc06bcfddf81f9f3e9b4babbe35415.1659269156.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/fsl-imx25-tsadc.c | 32 ++++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/drivers/mfd/fsl-imx25-tsadc.c b/drivers/mfd/fsl-imx25-tsadc.c
index 37e5e02a1d05..85f7982d26d2 100644
--- a/drivers/mfd/fsl-imx25-tsadc.c
+++ b/drivers/mfd/fsl-imx25-tsadc.c
@@ -84,6 +84,19 @@ static int mx25_tsadc_setup_irq(struct platform_device *pdev,
return 0;
}
+static int mx25_tsadc_unset_irq(struct platform_device *pdev)
+{
+ struct mx25_tsadc *tsadc = platform_get_drvdata(pdev);
+ int irq = platform_get_irq(pdev, 0);
+
+ if (irq) {
+ irq_set_chained_handler_and_data(irq, NULL, NULL);
+ irq_domain_remove(tsadc->domain);
+ }
+
+ return 0;
+}
+
static void mx25_tsadc_setup_clk(struct platform_device *pdev,
struct mx25_tsadc *tsadc)
{
@@ -171,18 +184,21 @@ static int mx25_tsadc_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, tsadc);
- return devm_of_platform_populate(dev);
+ ret = devm_of_platform_populate(dev);
+ if (ret)
+ goto err_irq;
+
+ return 0;
+
+err_irq:
+ mx25_tsadc_unset_irq(pdev);
+
+ return ret;
}
static int mx25_tsadc_remove(struct platform_device *pdev)
{
- struct mx25_tsadc *tsadc = platform_get_drvdata(pdev);
- int irq = platform_get_irq(pdev, 0);
-
- if (irq) {
- irq_set_chained_handler_and_data(irq, NULL, NULL);
- irq_domain_remove(tsadc->domain);
- }
+ mx25_tsadc_unset_irq(pdev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 576/862] mfd: lp8788: Fix an error handling path in lp8788_probe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (574 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 575/862] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 577/862] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Greg Kroah-Hartman
` (300 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit becfdcd75126b20b8ec10066c5e85b34f8994ad5 ]
Should an error occurs in mfd_add_devices(), some resources need to be
released, as already done in the .remove() function.
Add an error handling path and a lp8788_irq_exit() call to undo a previous
lp8788_irq_init().
Fixes: eea6b7cc53aa ("mfd: Add lp8788 mfd driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/18398722da9df9490722d853e4797350189ae79b.1659261275.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/lp8788.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/mfd/lp8788.c b/drivers/mfd/lp8788.c
index c223d2c6a363..998e8cc408a0 100644
--- a/drivers/mfd/lp8788.c
+++ b/drivers/mfd/lp8788.c
@@ -195,8 +195,16 @@ static int lp8788_probe(struct i2c_client *cl, const struct i2c_device_id *id)
if (ret)
return ret;
- return mfd_add_devices(lp->dev, -1, lp8788_devs,
- ARRAY_SIZE(lp8788_devs), NULL, 0, NULL);
+ ret = mfd_add_devices(lp->dev, -1, lp8788_devs,
+ ARRAY_SIZE(lp8788_devs), NULL, 0, NULL);
+ if (ret)
+ goto err_exit_irq;
+
+ return 0;
+
+err_exit_irq:
+ lp8788_irq_exit(lp);
+ return ret;
}
static int lp8788_remove(struct i2c_client *cl)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 577/862] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (575 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 576/862] mfd: lp8788: Fix an error handling path in lp8788_probe() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 578/862] mfd: fsl-imx25: Fix check for platform_get_irq() errors Greg Kroah-Hartman
` (299 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 557244f6284f30613f2d61f14b579303165876c3 ]
In lp8788_irq_init(), if an error occurs after a successful
irq_domain_add_linear() call, it must be undone by a corresponding
irq_domain_remove() call.
irq_domain_remove() should also be called in lp8788_irq_exit() for the same
reason.
Fixes: eea6b7cc53aa ("mfd: Add lp8788 mfd driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/bcd5a72c9c1c383dd6324680116426e32737655a.1659261275.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/lp8788-irq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mfd/lp8788-irq.c b/drivers/mfd/lp8788-irq.c
index 348439a3fbbd..39006297f3d2 100644
--- a/drivers/mfd/lp8788-irq.c
+++ b/drivers/mfd/lp8788-irq.c
@@ -175,6 +175,7 @@ int lp8788_irq_init(struct lp8788 *lp, int irq)
IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
"lp8788-irq", irqd);
if (ret) {
+ irq_domain_remove(lp->irqdm);
dev_err(lp->dev, "failed to create a thread for IRQ_N\n");
return ret;
}
@@ -188,4 +189,6 @@ void lp8788_irq_exit(struct lp8788 *lp)
{
if (lp->irq)
free_irq(lp->irq, lp->irqdm);
+ if (lp->irqdm)
+ irq_domain_remove(lp->irqdm);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 578/862] mfd: fsl-imx25: Fix check for platform_get_irq() errors
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (576 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 577/862] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 579/862] mfd: sm501: Add check for platform_driver_register() Greg Kroah-Hartman
` (298 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Martin Kaiser,
Lee Jones, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 75db7907355ca5e2ff606e9dd3e86b6c3a455fe2 ]
The mx25_tsadc_remove() function assumes all non-zero returns are success
but the platform_get_irq() function returns negative on error and
positive non-zero values on success. It never returns zero, but if it
did then treat that as a success.
Fixes: 18f773937968 ("mfd: fsl-imx25: Clean up irq settings during removal")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/YvTfkbVQWYKMKS/t@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/fsl-imx25-tsadc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mfd/fsl-imx25-tsadc.c b/drivers/mfd/fsl-imx25-tsadc.c
index 85f7982d26d2..823595bcc9b7 100644
--- a/drivers/mfd/fsl-imx25-tsadc.c
+++ b/drivers/mfd/fsl-imx25-tsadc.c
@@ -69,7 +69,7 @@ static int mx25_tsadc_setup_irq(struct platform_device *pdev,
int irq;
irq = platform_get_irq(pdev, 0);
- if (irq <= 0)
+ if (irq < 0)
return irq;
tsadc->domain = irq_domain_add_simple(np, 2, 0, &mx25_tsadc_domain_ops,
@@ -89,7 +89,7 @@ static int mx25_tsadc_unset_irq(struct platform_device *pdev)
struct mx25_tsadc *tsadc = platform_get_drvdata(pdev);
int irq = platform_get_irq(pdev, 0);
- if (irq) {
+ if (irq >= 0) {
irq_set_chained_handler_and_data(irq, NULL, NULL);
irq_domain_remove(tsadc->domain);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 579/862] mfd: sm501: Add check for platform_driver_register()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (577 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 578/862] mfd: fsl-imx25: Fix check for platform_get_irq() errors Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 580/862] mfd: da9061: Fix Failed to set Two-Wire Bus Mode Greg Kroah-Hartman
` (297 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Lee Jones, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 8325a6c24ad78b8c1acc3c42b098ee24105d68e5 ]
As platform_driver_register() can return error numbers,
it should be better to check platform_driver_register()
and deal with the exception.
Fixes: b6d6454fdb66 ("[PATCH] mfd: SM501 core driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20220913091112.1739138-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/sm501.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/sm501.c b/drivers/mfd/sm501.c
index bc0a2c38653e..3ac4508a6742 100644
--- a/drivers/mfd/sm501.c
+++ b/drivers/mfd/sm501.c
@@ -1720,7 +1720,12 @@ static struct platform_driver sm501_plat_driver = {
static int __init sm501_base_init(void)
{
- platform_driver_register(&sm501_plat_driver);
+ int ret;
+
+ ret = platform_driver_register(&sm501_plat_driver);
+ if (ret < 0)
+ return ret;
+
return pci_register_driver(&sm501_pci_driver);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 580/862] mfd: da9061: Fix Failed to set Two-Wire Bus Mode.
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (578 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 579/862] mfd: sm501: Add check for platform_driver_register() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 581/862] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Greg Kroah-Hartman
` (296 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jens Hillenstedt, Adam Ward,
Lee Jones, Sasha Levin
From: Jens Hillenstedt <jens.hillenstedt@ise.de>
[ Upstream commit 834382ea32865a4bdeae83ec2dcb9321dc9489f2 ]
In da9062_i2c_probe() regmap_clear_bits() tries to access CONFIG_J
register. As CONFIG_J is not present in da9061_aa_writeable_ranges[] probe
of da9061 fails:
da9062 2-0058: Entering I2C mode!
da9062 2-0058: Failed to set Two-Wire Bus Mode.
da9062: probe of 2-0058 failed with error -5
Add CONFIG_J register to da9061_aa_writeable_ranges[].
Fixes: 5c6f0f456351 ("mfd: da9062: Support SMBus and I2C mode")
Signed-off-by: Jens Hillenstedt <jens.hillenstedt@ise.de>
Reviewed-by: Adam Ward <DLG-Adam.Ward.opensource@dm.renesas.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20220915092004.168744-1-jens.hillenstedt@ise.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/da9062-core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mfd/da9062-core.c b/drivers/mfd/da9062-core.c
index 2774b2cbaea6..c2acdbcd5d6b 100644
--- a/drivers/mfd/da9062-core.c
+++ b/drivers/mfd/da9062-core.c
@@ -453,6 +453,7 @@ static const struct regmap_range da9061_aa_writeable_ranges[] = {
regmap_reg_range(DA9062AA_VBUCK1_B, DA9062AA_VBUCK4_B),
regmap_reg_range(DA9062AA_VBUCK3_B, DA9062AA_VBUCK3_B),
regmap_reg_range(DA9062AA_VLDO1_B, DA9062AA_VLDO4_B),
+ regmap_reg_range(DA9062AA_CONFIG_J, DA9062AA_CONFIG_J),
regmap_reg_range(DA9062AA_GP_ID_0, DA9062AA_GP_ID_19),
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 581/862] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (579 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 580/862] mfd: da9061: Fix Failed to set Two-Wire Bus Mode Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 582/862] clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes Greg Kroah-Hartman
` (295 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Sasha Levin
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 9f94f545f258b15bfa6357eb62e1e307b712851e ]
The only clock in the MT8183 MFGCFG block feeds the GPU. Propagate its
rate change requests to its parent, so that DVFS for the GPU can work
properly.
Fixes: acddfc2c261b ("clk: mediatek: Add MT8183 clock support")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220927101128.44758-3-angelogioacchino.delregno@collabora.com
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/mediatek/clk-mt8183-mfgcfg.c b/drivers/clk/mediatek/clk-mt8183-mfgcfg.c
index d774edaf760b..230299728859 100644
--- a/drivers/clk/mediatek/clk-mt8183-mfgcfg.c
+++ b/drivers/clk/mediatek/clk-mt8183-mfgcfg.c
@@ -18,9 +18,9 @@ static const struct mtk_gate_regs mfg_cg_regs = {
.sta_ofs = 0x0,
};
-#define GATE_MFG(_id, _name, _parent, _shift) \
- GATE_MTK(_id, _name, _parent, &mfg_cg_regs, _shift, \
- &mtk_clk_gate_ops_setclr)
+#define GATE_MFG(_id, _name, _parent, _shift) \
+ GATE_MTK_FLAGS(_id, _name, _parent, &mfg_cg_regs, _shift, \
+ &mtk_clk_gate_ops_setclr, CLK_SET_RATE_PARENT)
static const struct mtk_gate mfg_clks[] = {
GATE_MFG(CLK_MFG_BG3D, "mfg_bg3d", "mfg_sel", 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 582/862] clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (580 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 581/862] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 583/862] clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup Greg Kroah-Hartman
` (294 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Chen-Yu Tsai, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit a5f7bf5458c2cf6730106e16a6373638a0e5ed1e ]
The MFG_BG3D is a gate to enable/disable clock output to the GPU,
but the actual output is decided by multiple muxes; in particular:
mfg_ck_fast_ref muxes between "slow" (top_mfg_core_tmp) and
"fast" (MFGPLL) clock, while top_mfg_core_tmp muxes between the
26MHz clock and various system PLLs.
The clock gate comes after all the muxes, so its parent is
mfg_ck_fast_reg, not top_mfg_core_tmp.
Reparent MFG_BG3D to the latter to match the hardware and add the
CLK_SET_RATE_PARENT flag to it: this way we ensure propagating
rate changes that are requested on MFG_BG3D along its entire clock
tree.
Fixes: 35016f10c0e5 ("clk: mediatek: Add MT8195 mfgcfg clock support")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Link: https://lore.kernel.org/r/20220927101128.44758-6-angelogioacchino.delregno@collabora.com
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mt8195-mfg.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/mediatek/clk-mt8195-mfg.c b/drivers/clk/mediatek/clk-mt8195-mfg.c
index 9411c556a5a9..c94cb71bd9b9 100644
--- a/drivers/clk/mediatek/clk-mt8195-mfg.c
+++ b/drivers/clk/mediatek/clk-mt8195-mfg.c
@@ -17,10 +17,12 @@ static const struct mtk_gate_regs mfg_cg_regs = {
};
#define GATE_MFG(_id, _name, _parent, _shift) \
- GATE_MTK(_id, _name, _parent, &mfg_cg_regs, _shift, &mtk_clk_gate_ops_setclr)
+ GATE_MTK_FLAGS(_id, _name, _parent, &mfg_cg_regs, \
+ _shift, &mtk_clk_gate_ops_setclr, \
+ CLK_SET_RATE_PARENT)
static const struct mtk_gate mfg_clks[] = {
- GATE_MFG(CLK_MFG_BG3D, "mfg_bg3d", "top_mfg_core_tmp", 0),
+ GATE_MFG(CLK_MFG_BG3D, "mfg_bg3d", "mfg_ck_fast_ref", 0),
};
static const struct mtk_clk_desc mfg_desc = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 583/862] clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (581 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 582/862] clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 584/862] clk: mediatek: Migrate remaining clk_unregister_*() to clk_hw_unregister_*() Greg Kroah-Hartman
` (293 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Chen-Yu Tsai, Sasha Levin
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 20f7a0dba9075fb0e3d645495bc24d7025b58de1 ]
When the cleanup paths for the various clk register APIs in the MediaTek
clk library were added, the one in the dividers type used the wrong type
of unregister function. This would result in incorrect dereferencing of
the clk pointer and freeing of invalid pointers.
Fix this by switching to the correct type of clk unregistration call.
Fixes: 3c3ba2ab0226 ("clk: mediatek: mtk: Implement error handling in register APIs")
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220926102523.2367530-2-wenst@chromium.org
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mtk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/mediatek/clk-mtk.c b/drivers/clk/mediatek/clk-mtk.c
index 05a188c62119..9b82956260d3 100644
--- a/drivers/clk/mediatek/clk-mtk.c
+++ b/drivers/clk/mediatek/clk-mtk.c
@@ -393,7 +393,7 @@ int mtk_clk_register_dividers(const struct mtk_clk_divider *mcds, int num,
if (IS_ERR_OR_NULL(clk_data->hws[mcd->id]))
continue;
- mtk_clk_unregister_composite(clk_data->hws[mcd->id]);
+ clk_hw_unregister_divider(clk_data->hws[mcd->id]);
clk_data->hws[mcd->id] = ERR_PTR(-ENOENT);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 584/862] clk: mediatek: Migrate remaining clk_unregister_*() to clk_hw_unregister_*()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (582 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 583/862] clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 585/862] phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY Greg Kroah-Hartman
` (292 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Chen-Yu Tsai, Sasha Levin
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit fef14676fc4be40b8441745a3c96b7e7d7d8592d ]
During the previous |struct clk| to |struct clk_hw| clk provider API
migration in commit 6f691a586296 ("clk: mediatek: Switch to clk_hw
provider APIs"), a few clk_unregister_*() calls were missed.
Migrate the remaining ones to the |struct clk_hw| provider API, i.e.
change clk_unregister_*() to clk_hw_unregister_*().
Fixes: 6f691a586296 ("clk: mediatek: Switch to clk_hw provider APIs")
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220926102523.2367530-3-wenst@chromium.org
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/clk-mtk.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/clk/mediatek/clk-mtk.c b/drivers/clk/mediatek/clk-mtk.c
index 9b82956260d3..e1b445f2c5c5 100644
--- a/drivers/clk/mediatek/clk-mtk.c
+++ b/drivers/clk/mediatek/clk-mtk.c
@@ -80,7 +80,7 @@ int mtk_clk_register_fixed_clks(const struct mtk_fixed_clk *clks, int num,
if (IS_ERR_OR_NULL(clk_data->hws[rc->id]))
continue;
- clk_unregister_fixed_rate(clk_data->hws[rc->id]->clk);
+ clk_hw_unregister_fixed_rate(clk_data->hws[rc->id]);
clk_data->hws[rc->id] = ERR_PTR(-ENOENT);
}
@@ -102,7 +102,7 @@ void mtk_clk_unregister_fixed_clks(const struct mtk_fixed_clk *clks, int num,
if (IS_ERR_OR_NULL(clk_data->hws[rc->id]))
continue;
- clk_unregister_fixed_rate(clk_data->hws[rc->id]->clk);
+ clk_hw_unregister_fixed_rate(clk_data->hws[rc->id]);
clk_data->hws[rc->id] = ERR_PTR(-ENOENT);
}
}
@@ -146,7 +146,7 @@ int mtk_clk_register_factors(const struct mtk_fixed_factor *clks, int num,
if (IS_ERR_OR_NULL(clk_data->hws[ff->id]))
continue;
- clk_unregister_fixed_factor(clk_data->hws[ff->id]->clk);
+ clk_hw_unregister_fixed_factor(clk_data->hws[ff->id]);
clk_data->hws[ff->id] = ERR_PTR(-ENOENT);
}
@@ -168,7 +168,7 @@ void mtk_clk_unregister_factors(const struct mtk_fixed_factor *clks, int num,
if (IS_ERR_OR_NULL(clk_data->hws[ff->id]))
continue;
- clk_unregister_fixed_factor(clk_data->hws[ff->id]->clk);
+ clk_hw_unregister_fixed_factor(clk_data->hws[ff->id]);
clk_data->hws[ff->id] = ERR_PTR(-ENOENT);
}
}
@@ -414,7 +414,7 @@ void mtk_clk_unregister_dividers(const struct mtk_clk_divider *mcds, int num,
if (IS_ERR_OR_NULL(clk_data->hws[mcd->id]))
continue;
- clk_unregister_divider(clk_data->hws[mcd->id]->clk);
+ clk_hw_unregister_divider(clk_data->hws[mcd->id]);
clk_data->hws[mcd->id] = ERR_PTR(-ENOENT);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 585/862] phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (583 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 584/862] clk: mediatek: Migrate remaining clk_unregister_*() to clk_hw_unregister_*() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 9:20 ` Johan Hovold
2022-10-19 8:31 ` [PATCH 6.0 586/862] io_uring/rw: defer fsnotify calls to task context Greg Kroah-Hartman
` (291 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Johan Hovold,
Vinod Koul, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 0a40891b83f257b25a2b983758f72f6813f361cb ]
On SDM845 one of PCIe PHYs (the QHP one) has the same region for TX and
RX registers. Since the commit 4be26f695ffa ("phy: qcom-qmp-pcie: fix
memleak on probe deferral") added checking that resources are not
allocated beforehand, this PHY can not be probed anymore. Fix this by
skipping the map of ->rx resource on the QHP PHY and assign it manually.
Fixes: 4be26f695ffa ("phy: qcom-qmp-pcie: fix memleak on probe deferral")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220926172514.880776-1-dmitry.baryshkov@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
index 819bcd975ba4..0baf62d80214 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
@@ -2333,7 +2333,10 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
if (IS_ERR(qphy->tx))
return PTR_ERR(qphy->tx);
- qphy->rx = devm_of_iomap(dev, np, 1, NULL);
+ if (of_device_is_compatible(dev->of_node, "qcom,sdm845-qhp-pcie-phy"))
+ qphy->rx = qphy->tx;
+ else
+ qphy->rx = devm_of_iomap(dev, np, 1, NULL);
if (IS_ERR(qphy->rx))
return PTR_ERR(qphy->rx);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 586/862] io_uring/rw: defer fsnotify calls to task context
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (584 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 585/862] phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 587/862] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Greg Kroah-Hartman
` (290 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+dfcc5f4da15868df7d4d,
Jan Kara, Jens Axboe, Sasha Levin
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit b000145e9907809406d8164c3b2b8861d95aecd1 ]
We can't call these off the kiocb completion as that might be off
soft/hard irq context. Defer the calls to when we process the
task_work for this request. That avoids valid complaints like:
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_usage_bug kernel/locking/lockdep.c:3961 [inline]
valid_state kernel/locking/lockdep.c:3973 [inline]
mark_lock_irq kernel/locking/lockdep.c:4176 [inline]
mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632
mark_lock kernel/locking/lockdep.c:4596 [inline]
mark_usage kernel/locking/lockdep.c:4527 [inline]
__lock_acquire+0x11d9/0x56d0 kernel/locking/lockdep.c:5007
lock_acquire kernel/locking/lockdep.c:5666 [inline]
lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
__fs_reclaim_acquire mm/page_alloc.c:4674 [inline]
fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4688
might_alloc include/linux/sched/mm.h:271 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc mm/slab.c:3278 [inline]
__kmem_cache_alloc_lru mm/slab.c:3471 [inline]
kmem_cache_alloc+0x39/0x520 mm/slab.c:3491
fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline]
fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline]
fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948
send_to_group fs/notify/fsnotify.c:360 [inline]
fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570
__fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230
fsnotify_parent include/linux/fsnotify.h:77 [inline]
fsnotify_file include/linux/fsnotify.h:99 [inline]
fsnotify_access include/linux/fsnotify.h:309 [inline]
__io_complete_rw_common+0x485/0x720 io_uring/rw.c:195
io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228
iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline]
iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178
bio_endio+0x5f9/0x780 block/bio.c:1564
req_bio_endio block/blk-mq.c:695 [inline]
blk_update_request+0x3fc/0x1300 block/blk-mq.c:825
scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541
scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971
scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438
blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022
__do_softirq+0x1d3/0x9c6 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240
Fixes: f63cf5192fe3 ("io_uring: ensure that fsnotify is always called")
Link: https://lore.kernel.org/all/20220929135627.ykivmdks2w5vzrwg@quack3/
Reported-by: syzbot+dfcc5f4da15868df7d4d@syzkaller.appspotmail.com
Reported-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/rw.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/io_uring/rw.c b/io_uring/rw.c
index 295e3456d68e..eda14e8ec009 100644
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -186,14 +186,6 @@ static void kiocb_end_write(struct io_kiocb *req)
static bool __io_complete_rw_common(struct io_kiocb *req, long res)
{
- struct io_rw *rw = io_kiocb_to_cmd(req, struct io_rw);
-
- if (rw->kiocb.ki_flags & IOCB_WRITE) {
- kiocb_end_write(req);
- fsnotify_modify(req->file);
- } else {
- fsnotify_access(req->file);
- }
if (unlikely(res != req->cqe.res)) {
if ((res == -EAGAIN || res == -EOPNOTSUPP) &&
io_rw_should_reissue(req)) {
@@ -220,6 +212,20 @@ static inline int io_fixup_rw_res(struct io_kiocb *req, long res)
return res;
}
+static void io_req_rw_complete(struct io_kiocb *req, bool *locked)
+{
+ struct io_rw *rw = io_kiocb_to_cmd(req, struct io_rw);
+
+ if (rw->kiocb.ki_flags & IOCB_WRITE) {
+ kiocb_end_write(req);
+ fsnotify_modify(req->file);
+ } else {
+ fsnotify_access(req->file);
+ }
+
+ io_req_task_complete(req, locked);
+}
+
static void io_complete_rw(struct kiocb *kiocb, long res)
{
struct io_rw *rw = container_of(kiocb, struct io_rw, kiocb);
@@ -228,7 +234,7 @@ static void io_complete_rw(struct kiocb *kiocb, long res)
if (__io_complete_rw_common(req, res))
return;
io_req_set_res(req, io_fixup_rw_res(req, res), 0);
- req->io_task_work.func = io_req_task_complete;
+ req->io_task_work.func = io_req_rw_complete;
io_req_task_work_add(req);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 587/862] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (585 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 586/862] io_uring/rw: defer fsnotify calls to task context Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 588/862] HID: amd_sfh: Handle condition of "no sensors" for SFH1.1 Greg Kroah-Hartman
` (289 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Jiang, Vinod Koul, Sasha Levin
From: Dave Jiang <dave.jiang@intel.com>
[ Upstream commit 898ec89dbb55b8294695ad71694a0684e62b2a73 ]
User reports observing timer event report channel halted but no error
observed in CHANERR register. The driver finished self-test and released
channel resources. Debug shows that __cleanup() can call
mod_timer() after the timer has been deleted and thus resurrect the
timer. While harmless, it causes suprious error message to be emitted.
Use mod_timer_pending() call to prevent deleted timer from being
resurrected.
Fixes: 3372de5813e4 ("dmaengine: ioatdma: removal of dma_v3.c and relevant ioat3 references")
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/166360672197.3851724.17040290563764838369.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/ioat/dma.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/dma/ioat/dma.c b/drivers/dma/ioat/dma.c
index 37ff4ec7db76..e2070df6cad2 100644
--- a/drivers/dma/ioat/dma.c
+++ b/drivers/dma/ioat/dma.c
@@ -656,7 +656,7 @@ static void __cleanup(struct ioatdma_chan *ioat_chan, dma_addr_t phys_complete)
if (active - i == 0) {
dev_dbg(to_dev(ioat_chan), "%s: cancel completion timeout\n",
__func__);
- mod_timer(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
+ mod_timer_pending(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
}
/* microsecond delay by sysfs variable per pending descriptor */
@@ -682,7 +682,7 @@ static void ioat_cleanup(struct ioatdma_chan *ioat_chan)
if (chanerr &
(IOAT_CHANERR_HANDLE_MASK | IOAT_CHANERR_RECOVER_MASK)) {
- mod_timer(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
+ mod_timer_pending(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
ioat_eh(ioat_chan);
}
}
@@ -879,7 +879,7 @@ static void check_active(struct ioatdma_chan *ioat_chan)
}
if (test_and_clear_bit(IOAT_CHAN_ACTIVE, &ioat_chan->state))
- mod_timer(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
+ mod_timer_pending(&ioat_chan->timer, jiffies + IDLE_TIMEOUT);
}
static void ioat_reboot_chan(struct ioatdma_chan *ioat_chan)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 588/862] HID: amd_sfh: Handle condition of "no sensors" for SFH1.1
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (586 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 587/862] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 589/862] usb: mtu3: fix failed runtime suspend in host only mode Greg Kroah-Hartman
` (288 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Basavaraj Natikar, Jiri Kosina, Sasha Levin
From: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
[ Upstream commit 68266bdcceec10ea364e62c63732cd6fe5a256a8 ]
Based on num_hid_devices, each sensor device registers to HID. If
"no sensors" then amd_sfh work initialization and scheduling
doesn’t make sense and return ENODEV to stop driver probe.
Hence add a check for num_hid_devices to handle special
case in the situation of "no sensors" for SFH1.1.
Fixes: 93ce5e0231d7 ("HID: amd_sfh: Implement SFH1.1 functionality")
Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c
+++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c
@@ -110,6 +110,8 @@ static int amd_sfh1_1_hid_client_init(st
amd_sfh1_1_set_desc_ops(mp2_ops);
cl_data->num_hid_devices = amd_sfh_get_sensor_num(privdata, &cl_data->sensor_idx[0]);
+ if (cl_data->num_hid_devices == 0)
+ return -ENODEV;
INIT_DELAYED_WORK(&cl_data->work, amd_sfh_work);
INIT_DELAYED_WORK(&cl_data->work_buffer, amd_sfh_work_buffer);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 589/862] usb: mtu3: fix failed runtime suspend in host only mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (587 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 588/862] HID: amd_sfh: Handle condition of "no sensors" for SFH1.1 Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 590/862] spmi: pmic-arb: correct duplicate APID to PPID mapping logic Greg Kroah-Hartman
` (287 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Tianping Fang, Chunfeng Yun, Sasha Levin
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
[ Upstream commit 1c703e29da5efac6180e4c189029fa34b7e48e97 ]
When the dr_mode is "host", after the host enter runtime suspend,
the mtu3 can't do it, because the mtu3's device wakeup function is
not enabled, instead it's enabled in gadget init function, to fix
the issue, init wakeup early in mtu3's probe()
Fixes: 6b587394c65c ("usb: mtu3: support suspend/resume for dual-role mode")
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reported-by: Tianping Fang <tianping.fang@mediatek.com>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Link: https://lore.kernel.org/r/20220929064459.32522-1-chunfeng.yun@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/mtu3/mtu3_core.c | 2 --
drivers/usb/mtu3/mtu3_plat.c | 2 ++
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/mtu3/mtu3_core.c b/drivers/usb/mtu3/mtu3_core.c
index 0ca173af87bb..a3a6282893d0 100644
--- a/drivers/usb/mtu3/mtu3_core.c
+++ b/drivers/usb/mtu3/mtu3_core.c
@@ -978,8 +978,6 @@ int ssusb_gadget_init(struct ssusb_mtk *ssusb)
goto irq_err;
}
- device_init_wakeup(dev, true);
-
/* power down device IP for power saving by default */
mtu3_stop(mtu);
diff --git a/drivers/usb/mtu3/mtu3_plat.c b/drivers/usb/mtu3/mtu3_plat.c
index 4cb65346789d..d78ae52b4e26 100644
--- a/drivers/usb/mtu3/mtu3_plat.c
+++ b/drivers/usb/mtu3/mtu3_plat.c
@@ -356,6 +356,8 @@ static int mtu3_probe(struct platform_device *pdev)
pm_runtime_enable(dev);
pm_runtime_get_sync(dev);
+ device_init_wakeup(dev, true);
+
ret = ssusb_rscs_init(ssusb);
if (ret)
goto comm_init_err;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 590/862] spmi: pmic-arb: correct duplicate APID to PPID mapping logic
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (588 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 589/862] usb: mtu3: fix failed runtime suspend in host only mode Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 591/862] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD Greg Kroah-Hartman
` (286 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Collins, Fenglin Wu,
Stephen Boyd, Sasha Levin
From: David Collins <collinsd@codeaurora.org>
[ Upstream commit 1f1693118c2476cb1666ad357edcf3cf48bf9b16 ]
Correct the way that duplicate PPID mappings are handled for PMIC
arbiter v5. The final APID mapped to a given PPID should be the
one which has write owner = APPS EE, if it exists, or if not
that, then the first APID mapped to the PPID, if it exists.
Fixes: 40f318f0ed67 ("spmi: pmic-arb: add support for HW version 5")
Signed-off-by: David Collins <collinsd@codeaurora.org>
Signed-off-by: Fenglin Wu <quic_fenglinw@quicinc.com>
Link: https://lore.kernel.org/r/1655004286-11493-7-git-send-email-quic_fenglinw@quicinc.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20220930005019.2663064-8-sboyd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spmi/spmi-pmic-arb.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/spmi/spmi-pmic-arb.c b/drivers/spmi/spmi-pmic-arb.c
index 2113be40b5a9..58f580e7aacc 100644
--- a/drivers/spmi/spmi-pmic-arb.c
+++ b/drivers/spmi/spmi-pmic-arb.c
@@ -992,7 +992,8 @@ static int pmic_arb_read_apid_map_v5(struct spmi_pmic_arb *pmic_arb)
* version 5, there is more than one APID mapped to each PPID.
* The owner field for each of these mappings specifies the EE which is
* allowed to write to the APID. The owner of the last (highest) APID
- * for a given PPID will receive interrupts from the PPID.
+ * which has the IRQ owner bit set for a given PPID will receive
+ * interrupts from the PPID.
*/
for (i = 0; ; i++, apidd++) {
offset = pmic_arb->ver_ops->apid_map_offset(i);
@@ -1015,16 +1016,16 @@ static int pmic_arb_read_apid_map_v5(struct spmi_pmic_arb *pmic_arb)
apid = pmic_arb->ppid_to_apid[ppid] & ~PMIC_ARB_APID_VALID;
prev_apidd = &pmic_arb->apid_data[apid];
- if (valid && is_irq_ee &&
- prev_apidd->write_ee == pmic_arb->ee) {
+ if (!valid || apidd->write_ee == pmic_arb->ee) {
+ /* First PPID mapping or one for this EE */
+ pmic_arb->ppid_to_apid[ppid] = i | PMIC_ARB_APID_VALID;
+ } else if (valid && is_irq_ee &&
+ prev_apidd->write_ee == pmic_arb->ee) {
/*
* Duplicate PPID mapping after the one for this EE;
* override the irq owner
*/
prev_apidd->irq_ee = apidd->irq_ee;
- } else if (!valid || is_irq_ee) {
- /* First PPID mapping or duplicate for another EE */
- pmic_arb->ppid_to_apid[ppid] = i | PMIC_ARB_APID_VALID;
}
apidd->ppid = ppid;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 591/862] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (589 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 590/862] spmi: pmic-arb: correct duplicate APID to PPID mapping logic Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 592/862] clk: baikal-t1: Fix invalid xGMAC PTP clock divider Greg Kroah-Hartman
` (285 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Luca Ceresoli,
Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit c388cc804016cf0f65afdc2362b120aa594ff3e6 ]
We have discovered random glitches during the system boot up procedure.
The problem investigation led us to the weird outcomes: when none of the
Renesas 5P49V6901 ports are explicitly enabled by the kernel driver, the
glitches disappeared. It was a mystery since the SoC external clock
domains were fed with different 5P49V6901 outputs. The driver code didn't
seem like bogus either. We almost despaired to find out a root cause when
the solution has been found for a more modern revision of the chip. It
turned out the 5P49V6901 clock generator stopped its output for a short
period of time during the VC5_OUT_DIV_CONTROL register writing. The same
problem was found for the 5P49V6965 revision of the chip and was
successfully fixed in commit fc336ae622df ("clk: vc5: fix output disabling
when enabling a FOD") by enabling the "bypass_sync" flag hidden inside
"Unused Factory Reserved Register". Even though the 5P49V6901 registers
description and programming guide doesn't provide any intel regarding that
flag, setting it up anyway in the officially unused register completely
eliminated the denoted glitches. Thus let's activate the functionality
submitted in commit fc336ae622df ("clk: vc5: fix output disabling when
enabling a FOD") for the Renesas 5P49V6901 chip too in order to remove the
ports implicit inter-dependency.
Fixes: dbf6b16f5683 ("clk: vc5: Add support for IDT VersaClock 5P49V6901")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Reviewed-by: Luca Ceresoli <luca@lucaceresoli.net>
Link: https://lore.kernel.org/r/20220929225402.9696-2-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-versaclock5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/clk-versaclock5.c b/drivers/clk/clk-versaclock5.c
index e7be3e54b9be..03cfef494b49 100644
--- a/drivers/clk/clk-versaclock5.c
+++ b/drivers/clk/clk-versaclock5.c
@@ -1204,7 +1204,7 @@ static const struct vc5_chip_info idt_5p49v6901_info = {
.model = IDT_VC6_5P49V6901,
.clk_fod_cnt = 4,
.clk_out_cnt = 5,
- .flags = VC5_HAS_PFD_FREQ_DBL,
+ .flags = VC5_HAS_PFD_FREQ_DBL | VC5_HAS_BYPASS_SYNC_BIT,
};
static const struct vc5_chip_info idt_5p49v6965_info = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 592/862] clk: baikal-t1: Fix invalid xGMAC PTP clock divider
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (590 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 591/862] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 593/862] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Greg Kroah-Hartman
` (284 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 3c742088686ce922704aec5b11d09bcc5a396589 ]
Most likely due to copy-paste mistake the divider has been set to 10 while
according to the SoC reference manual it's supposed to be 8 thus having
PTP clock frequency of 156.25 MHz.
Fixes: 353afa3a8d2e ("clk: Add Baikal-T1 CCU Dividers driver")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Link: https://lore.kernel.org/r/20220929225402.9696-3-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/baikal-t1/clk-ccu-div.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/baikal-t1/clk-ccu-div.c b/drivers/clk/baikal-t1/clk-ccu-div.c
index f141fda12b09..ea77eec40ddd 100644
--- a/drivers/clk/baikal-t1/clk-ccu-div.c
+++ b/drivers/clk/baikal-t1/clk-ccu-div.c
@@ -207,7 +207,7 @@ static const struct ccu_div_info sys_info[] = {
CCU_DIV_GATE_INFO(CCU_SYS_XGMAC_REF_CLK, "sys_xgmac_ref_clk",
"eth_clk", CCU_SYS_XGMAC_BASE, 8),
CCU_DIV_FIXED_INFO(CCU_SYS_XGMAC_PTP_CLK, "sys_xgmac_ptp_clk",
- "eth_clk", 10),
+ "eth_clk", 8),
CCU_DIV_GATE_INFO(CCU_SYS_USB_CLK, "sys_usb_clk",
"eth_clk", CCU_SYS_USB_BASE, 10),
CCU_DIV_VAR_INFO(CCU_SYS_PVT_CLK, "sys_pvt_clk",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 593/862] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (591 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 592/862] clk: baikal-t1: Fix invalid xGMAC PTP clock divider Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 594/862] clk: baikal-t1: Add SATA internal ref clock buffer Greg Kroah-Hartman
` (283 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit e2eef312762e0b5a5a70d29fe59a245c0a3cffa0 ]
Baikal-T1 CCU reference manual says that both xGMAC reference and xGMAC
PTP clocks are generated by two different wrappers with the same constant
divider thus each producing a 156.25 MHz signal. But for some reason both
of these clock sources are gated by a single switch-flag in the CCU
registers space - CCU_SYS_XGMAC_BASE.BIT(0). In order to make the clocks
handled independently we need to define a shared parental gate so the base
clock signal would be switched off only if both of the child-clocks are
disabled.
Note the ID is intentionally set to -2 since we are going to add a one
more internal clock identifier in the next commit.
Fixes: 353afa3a8d2e ("clk: Add Baikal-T1 CCU Dividers driver")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Link: https://lore.kernel.org/r/20220929225402.9696-4-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/baikal-t1/ccu-div.c | 1 +
drivers/clk/baikal-t1/ccu-div.h | 6 ++++++
drivers/clk/baikal-t1/clk-ccu-div.c | 8 +++++---
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/baikal-t1/ccu-div.c b/drivers/clk/baikal-t1/ccu-div.c
index 4062092d67f9..bbfa3526ee10 100644
--- a/drivers/clk/baikal-t1/ccu-div.c
+++ b/drivers/clk/baikal-t1/ccu-div.c
@@ -579,6 +579,7 @@ struct ccu_div *ccu_div_hw_register(const struct ccu_div_init_data *div_init)
goto err_free_div;
}
parent_data.fw_name = div_init->parent_name;
+ parent_data.name = div_init->parent_name;
hw_init.parent_data = &parent_data;
hw_init.num_parents = 1;
diff --git a/drivers/clk/baikal-t1/ccu-div.h b/drivers/clk/baikal-t1/ccu-div.h
index 795665caefbd..b6a9c8e45318 100644
--- a/drivers/clk/baikal-t1/ccu-div.h
+++ b/drivers/clk/baikal-t1/ccu-div.h
@@ -13,6 +13,12 @@
#include <linux/bits.h>
#include <linux/of.h>
+/*
+ * CCU Divider private clock IDs
+ * @CCU_SYS_XGMAC_CLK: CCU XGMAC internal clock
+ */
+#define CCU_SYS_XGMAC_CLK -2
+
/*
* CCU Divider private flags
* @CCU_DIV_SKIP_ONE: Due to some reason divider can't be set to 1.
diff --git a/drivers/clk/baikal-t1/clk-ccu-div.c b/drivers/clk/baikal-t1/clk-ccu-div.c
index ea77eec40ddd..3953ae5664be 100644
--- a/drivers/clk/baikal-t1/clk-ccu-div.c
+++ b/drivers/clk/baikal-t1/clk-ccu-div.c
@@ -204,10 +204,12 @@ static const struct ccu_div_info sys_info[] = {
"eth_clk", CCU_SYS_GMAC1_BASE, 5),
CCU_DIV_FIXED_INFO(CCU_SYS_GMAC1_PTP_CLK, "sys_gmac1_ptp_clk",
"eth_clk", 10),
- CCU_DIV_GATE_INFO(CCU_SYS_XGMAC_REF_CLK, "sys_xgmac_ref_clk",
- "eth_clk", CCU_SYS_XGMAC_BASE, 8),
+ CCU_DIV_GATE_INFO(CCU_SYS_XGMAC_CLK, "sys_xgmac_clk",
+ "eth_clk", CCU_SYS_XGMAC_BASE, 1),
+ CCU_DIV_FIXED_INFO(CCU_SYS_XGMAC_REF_CLK, "sys_xgmac_ref_clk",
+ "sys_xgmac_clk", 8),
CCU_DIV_FIXED_INFO(CCU_SYS_XGMAC_PTP_CLK, "sys_xgmac_ptp_clk",
- "eth_clk", 8),
+ "sys_xgmac_clk", 8),
CCU_DIV_GATE_INFO(CCU_SYS_USB_CLK, "sys_usb_clk",
"eth_clk", CCU_SYS_USB_BASE, 10),
CCU_DIV_VAR_INFO(CCU_SYS_PVT_CLK, "sys_pvt_clk",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 594/862] clk: baikal-t1: Add SATA internal ref clock buffer
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (592 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 593/862] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 595/862] clk: bcm2835: Make peripheral PLLC critical Greg Kroah-Hartman
` (282 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Stephen Boyd, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 081a9b7c74eae4e12b2cb1b86720f836a8f29247 ]
It turns out the internal SATA reference clock signal will stay
unavailable for the SATA interface consumer until the buffer on it's way
is ungated. So aside with having the actual clock divider enabled we need
to ungate a buffer placed on the signal way to the SATA controller (most
likely some rudiment from the initial SoC release). Seeing the switch flag
is placed in the same register as the SATA-ref clock divider at a
non-standard ffset, let's implement it as a separate clock controller with
the set-rate propagation to the parental clock divider wrapper. As such
we'll be able to disable/enable and still change the original clock source
rate.
Fixes: 353afa3a8d2e ("clk: Add Baikal-T1 CCU Dividers driver")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Link: https://lore.kernel.org/r/20220929225402.9696-5-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/baikal-t1/ccu-div.c | 64 +++++++++++++++++++++++++++++
drivers/clk/baikal-t1/ccu-div.h | 4 ++
drivers/clk/baikal-t1/clk-ccu-div.c | 18 +++++++-
3 files changed, 85 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/baikal-t1/ccu-div.c b/drivers/clk/baikal-t1/ccu-div.c
index bbfa3526ee10..a6642f3d33d4 100644
--- a/drivers/clk/baikal-t1/ccu-div.c
+++ b/drivers/clk/baikal-t1/ccu-div.c
@@ -34,6 +34,7 @@
#define CCU_DIV_CTL_CLKDIV_MASK(_width) \
GENMASK((_width) + CCU_DIV_CTL_CLKDIV_FLD - 1, CCU_DIV_CTL_CLKDIV_FLD)
#define CCU_DIV_CTL_LOCK_SHIFTED BIT(27)
+#define CCU_DIV_CTL_GATE_REF_BUF BIT(28)
#define CCU_DIV_CTL_LOCK_NORMAL BIT(31)
#define CCU_DIV_RST_DELAY_US 1
@@ -170,6 +171,40 @@ static int ccu_div_gate_is_enabled(struct clk_hw *hw)
return !!(val & CCU_DIV_CTL_EN);
}
+static int ccu_div_buf_enable(struct clk_hw *hw)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ unsigned long flags;
+
+ spin_lock_irqsave(&div->lock, flags);
+ regmap_update_bits(div->sys_regs, div->reg_ctl,
+ CCU_DIV_CTL_GATE_REF_BUF, 0);
+ spin_unlock_irqrestore(&div->lock, flags);
+
+ return 0;
+}
+
+static void ccu_div_buf_disable(struct clk_hw *hw)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ unsigned long flags;
+
+ spin_lock_irqsave(&div->lock, flags);
+ regmap_update_bits(div->sys_regs, div->reg_ctl,
+ CCU_DIV_CTL_GATE_REF_BUF, CCU_DIV_CTL_GATE_REF_BUF);
+ spin_unlock_irqrestore(&div->lock, flags);
+}
+
+static int ccu_div_buf_is_enabled(struct clk_hw *hw)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ u32 val = 0;
+
+ regmap_read(div->sys_regs, div->reg_ctl, &val);
+
+ return !(val & CCU_DIV_CTL_GATE_REF_BUF);
+}
+
static unsigned long ccu_div_var_recalc_rate(struct clk_hw *hw,
unsigned long parent_rate)
{
@@ -323,6 +358,7 @@ static const struct ccu_div_dbgfs_bit ccu_div_bits[] = {
CCU_DIV_DBGFS_BIT_ATTR("div_en", CCU_DIV_CTL_EN),
CCU_DIV_DBGFS_BIT_ATTR("div_rst", CCU_DIV_CTL_RST),
CCU_DIV_DBGFS_BIT_ATTR("div_bypass", CCU_DIV_CTL_SET_CLKDIV),
+ CCU_DIV_DBGFS_BIT_ATTR("div_buf", CCU_DIV_CTL_GATE_REF_BUF),
CCU_DIV_DBGFS_BIT_ATTR("div_lock", CCU_DIV_CTL_LOCK_NORMAL)
};
@@ -441,6 +477,9 @@ static void ccu_div_var_debug_init(struct clk_hw *hw, struct dentry *dentry)
continue;
}
+ if (!strcmp("div_buf", name))
+ continue;
+
bits[didx] = ccu_div_bits[bidx];
bits[didx].div = div;
@@ -477,6 +516,21 @@ static void ccu_div_gate_debug_init(struct clk_hw *hw, struct dentry *dentry)
&ccu_div_dbgfs_fixed_clkdiv_fops);
}
+static void ccu_div_buf_debug_init(struct clk_hw *hw, struct dentry *dentry)
+{
+ struct ccu_div *div = to_ccu_div(hw);
+ struct ccu_div_dbgfs_bit *bit;
+
+ bit = kmalloc(sizeof(*bit), GFP_KERNEL);
+ if (!bit)
+ return;
+
+ *bit = ccu_div_bits[3];
+ bit->div = div;
+ debugfs_create_file_unsafe(bit->name, ccu_div_dbgfs_mode, dentry, bit,
+ &ccu_div_dbgfs_bit_fops);
+}
+
static void ccu_div_fixed_debug_init(struct clk_hw *hw, struct dentry *dentry)
{
struct ccu_div *div = to_ccu_div(hw);
@@ -489,6 +543,7 @@ static void ccu_div_fixed_debug_init(struct clk_hw *hw, struct dentry *dentry)
#define ccu_div_var_debug_init NULL
#define ccu_div_gate_debug_init NULL
+#define ccu_div_buf_debug_init NULL
#define ccu_div_fixed_debug_init NULL
#endif /* !CONFIG_DEBUG_FS */
@@ -520,6 +575,13 @@ static const struct clk_ops ccu_div_gate_ops = {
.debug_init = ccu_div_gate_debug_init
};
+static const struct clk_ops ccu_div_buf_ops = {
+ .enable = ccu_div_buf_enable,
+ .disable = ccu_div_buf_disable,
+ .is_enabled = ccu_div_buf_is_enabled,
+ .debug_init = ccu_div_buf_debug_init
+};
+
static const struct clk_ops ccu_div_fixed_ops = {
.recalc_rate = ccu_div_fixed_recalc_rate,
.round_rate = ccu_div_fixed_round_rate,
@@ -566,6 +628,8 @@ struct ccu_div *ccu_div_hw_register(const struct ccu_div_init_data *div_init)
} else if (div_init->type == CCU_DIV_GATE) {
hw_init.ops = &ccu_div_gate_ops;
div->divider = div_init->divider;
+ } else if (div_init->type == CCU_DIV_BUF) {
+ hw_init.ops = &ccu_div_buf_ops;
} else if (div_init->type == CCU_DIV_FIXED) {
hw_init.ops = &ccu_div_fixed_ops;
div->divider = div_init->divider;
diff --git a/drivers/clk/baikal-t1/ccu-div.h b/drivers/clk/baikal-t1/ccu-div.h
index b6a9c8e45318..4eb49ff4803c 100644
--- a/drivers/clk/baikal-t1/ccu-div.h
+++ b/drivers/clk/baikal-t1/ccu-div.h
@@ -15,8 +15,10 @@
/*
* CCU Divider private clock IDs
+ * @CCU_SYS_SATA_CLK: CCU SATA internal clock
* @CCU_SYS_XGMAC_CLK: CCU XGMAC internal clock
*/
+#define CCU_SYS_SATA_CLK -1
#define CCU_SYS_XGMAC_CLK -2
/*
@@ -37,11 +39,13 @@
* enum ccu_div_type - CCU Divider types
* @CCU_DIV_VAR: Clocks gate with variable divider.
* @CCU_DIV_GATE: Clocks gate with fixed divider.
+ * @CCU_DIV_BUF: Clock gate with no divider.
* @CCU_DIV_FIXED: Ungateable clock with fixed divider.
*/
enum ccu_div_type {
CCU_DIV_VAR,
CCU_DIV_GATE,
+ CCU_DIV_BUF,
CCU_DIV_FIXED
};
diff --git a/drivers/clk/baikal-t1/clk-ccu-div.c b/drivers/clk/baikal-t1/clk-ccu-div.c
index 3953ae5664be..90f4fda406ee 100644
--- a/drivers/clk/baikal-t1/clk-ccu-div.c
+++ b/drivers/clk/baikal-t1/clk-ccu-div.c
@@ -76,6 +76,16 @@
.divider = _divider \
}
+#define CCU_DIV_BUF_INFO(_id, _name, _pname, _base, _flags) \
+ { \
+ .id = _id, \
+ .name = _name, \
+ .parent_name = _pname, \
+ .base = _base, \
+ .type = CCU_DIV_BUF, \
+ .flags = _flags \
+ }
+
#define CCU_DIV_FIXED_INFO(_id, _name, _pname, _divider) \
{ \
.id = _id, \
@@ -188,11 +198,14 @@ static const struct ccu_div_rst_map axi_rst_map[] = {
* for the SoC devices registers IO-operations.
*/
static const struct ccu_div_info sys_info[] = {
- CCU_DIV_VAR_INFO(CCU_SYS_SATA_REF_CLK, "sys_sata_ref_clk",
+ CCU_DIV_VAR_INFO(CCU_SYS_SATA_CLK, "sys_sata_clk",
"sata_clk", CCU_SYS_SATA_REF_BASE, 4,
CLK_SET_RATE_GATE,
CCU_DIV_SKIP_ONE | CCU_DIV_LOCK_SHIFTED |
CCU_DIV_RESET_DOMAIN),
+ CCU_DIV_BUF_INFO(CCU_SYS_SATA_REF_CLK, "sys_sata_ref_clk",
+ "sys_sata_clk", CCU_SYS_SATA_REF_BASE,
+ CLK_SET_RATE_PARENT),
CCU_DIV_VAR_INFO(CCU_SYS_APB_CLK, "sys_apb_clk",
"pcie_clk", CCU_SYS_APB_BASE, 5,
CLK_IS_CRITICAL, CCU_DIV_RESET_DOMAIN),
@@ -398,6 +411,9 @@ static int ccu_div_clk_register(struct ccu_div_data *data)
init.base = info->base;
init.sys_regs = data->sys_regs;
init.divider = info->divider;
+ } else if (init.type == CCU_DIV_BUF) {
+ init.base = info->base;
+ init.sys_regs = data->sys_regs;
} else {
init.divider = info->divider;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 595/862] clk: bcm2835: Make peripheral PLLC critical
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (593 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 594/862] clk: baikal-t1: Add SATA internal ref clock buffer Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 596/862] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Greg Kroah-Hartman
` (281 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noralf Trønnes, Maxime Ripard,
Stefan Wahren, Stephen Boyd, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 6c5422851d8be8c7451e968fd2e6da41b6109e17 ]
When testing for a series affecting the VEC, it was discovered that
turning off and on the VEC clock is crashing the system.
It turns out that, when disabling the VEC clock, it's the only child of
the PLLC-per clock which will also get disabled. The source of the crash
is PLLC-per being disabled.
It's likely that some other device might not take a clock reference that
it actually needs, but it's unclear which at this point. Let's make
PLLC-per critical so that we don't have that crash.
Reported-by: Noralf Trønnes <noralf@tronnes.org>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://lore.kernel.org/r/20220926084509.12233-1-maxime@cerno.tech
Reviewed-by: Stefan Wahren <stefan.wahren@i2se.com>
Acked-by: Noralf Trønnes <noralf@tronnes.org>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Stable-dep-of: 0b919a372869 ("clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index 48a1eb9f2d55..19de0e83b65d 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -1784,7 +1784,7 @@ static const struct bcm2835_clk_desc clk_desc_array[] = {
.load_mask = CM_PLLC_LOADPER,
.hold_mask = CM_PLLC_HOLDPER,
.fixed_divider = 1,
- .flags = CLK_SET_RATE_PARENT),
+ .flags = CLK_IS_CRITICAL | CLK_SET_RATE_PARENT),
/*
* PLLD is the display PLL, used to drive DSI display panels.
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 596/862] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (594 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 595/862] clk: bcm2835: Make peripheral PLLC critical Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 597/862] clk: imx8mp: tune the order of enet_qos_root_clk Greg Kroah-Hartman
` (280 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Ivan T. Ivanov,
Florian Fainelli, Stephen Boyd, Sasha Levin
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 0b919a3728691c172312dee99ba654055ccd8c84 ]
The return value of bcm2835_clock_rate_from_divisor is always unsigned
and also all caller expect this. So fix the declaration accordingly.
Fixes: 41691b8862e2 ("clk: bcm2835: Add support for programming the audio domain clocks")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Link: https://lore.kernel.org/r/20220904141037.38816-1-stefan.wahren@i2se.com
Reviewed-by: Ivan T. Ivanov <iivanov@suse.de>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index 19de0e83b65d..f1102b4c7e88 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -966,9 +966,9 @@ static u32 bcm2835_clock_choose_div(struct clk_hw *hw,
return div;
}
-static long bcm2835_clock_rate_from_divisor(struct bcm2835_clock *clock,
- unsigned long parent_rate,
- u32 div)
+static unsigned long bcm2835_clock_rate_from_divisor(struct bcm2835_clock *clock,
+ unsigned long parent_rate,
+ u32 div)
{
const struct bcm2835_clock_data *data = clock->data;
u64 temp;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 597/862] clk: imx8mp: tune the order of enet_qos_root_clk
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (595 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 596/862] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 598/862] clk: imx: scu: fix memleak on platform_device_add() fails Greg Kroah-Hartman
` (279 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Li, Peng Fan, Abel Vesa, Sasha Levin
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit c68cd258a67730c24566b9688d7c134e67459ac6 ]
The enet_qos_root_clk takes sim_enet_root_clk as parent. When
registering enet_qos_root_clk, it will be put into clk orphan list,
because sim_enet_root_clk is not ready.
When sim_enet_root_clk is ready, clk_core_reparent_orphans_nolock will
set enet_qos_root_clk parent to sim_enet_root_clk.
Because CLK_OPS_PARENT_ENABLE is set, sim_enet_root_clk will be
enabled and disabled during the enet_qos_root_clk reparent phase.
All the above are correct. But with M7 booted early and using
enet, M7 enet feature will be broken, because clk driver probe phase
disable the needed clks, in case M7 firmware not configure
sim_enet_root_clk.
And tune the order would also save cpu cycles.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Abel Vesa <abel.vesa@linaro.org>
Signed-off-by: Abel Vesa <abel.vesa@linaro.org>
Link: https://lore.kernel.org/r/20220815013428.476015-1-peng.fan@oss.nxp.com
Stable-dep-of: 855ae87a2073 ("clk: imx: scu: fix memleak on platform_device_add() fails")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-imx8mp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/imx/clk-imx8mp.c b/drivers/clk/imx/clk-imx8mp.c
index e89db568f5a8..652ae58c2735 100644
--- a/drivers/clk/imx/clk-imx8mp.c
+++ b/drivers/clk/imx/clk-imx8mp.c
@@ -665,8 +665,8 @@ static int imx8mp_clocks_probe(struct platform_device *pdev)
hws[IMX8MP_CLK_CAN1_ROOT] = imx_clk_hw_gate2("can1_root_clk", "can1", ccm_base + 0x4350, 0);
hws[IMX8MP_CLK_CAN2_ROOT] = imx_clk_hw_gate2("can2_root_clk", "can2", ccm_base + 0x4360, 0);
hws[IMX8MP_CLK_SDMA1_ROOT] = imx_clk_hw_gate4("sdma1_root_clk", "ipg_root", ccm_base + 0x43a0, 0);
- hws[IMX8MP_CLK_ENET_QOS_ROOT] = imx_clk_hw_gate4("enet_qos_root_clk", "sim_enet_root_clk", ccm_base + 0x43b0, 0);
hws[IMX8MP_CLK_SIM_ENET_ROOT] = imx_clk_hw_gate4("sim_enet_root_clk", "enet_axi", ccm_base + 0x4400, 0);
+ hws[IMX8MP_CLK_ENET_QOS_ROOT] = imx_clk_hw_gate4("enet_qos_root_clk", "sim_enet_root_clk", ccm_base + 0x43b0, 0);
hws[IMX8MP_CLK_GPU2D_ROOT] = imx_clk_hw_gate4("gpu2d_root_clk", "gpu2d_core", ccm_base + 0x4450, 0);
hws[IMX8MP_CLK_GPU3D_ROOT] = imx_clk_hw_gate4("gpu3d_root_clk", "gpu3d_core", ccm_base + 0x4460, 0);
hws[IMX8MP_CLK_UART1_ROOT] = imx_clk_hw_gate4("uart1_root_clk", "uart1", ccm_base + 0x4490, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 598/862] clk: imx: scu: fix memleak on platform_device_add() fails
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (596 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 597/862] clk: imx8mp: tune the order of enet_qos_root_clk Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 599/862] clk: ti: Balance of_node_get() calls for of_find_node_by_name() Greg Kroah-Hartman
` (278 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Yujun, Stephen Boyd, Sasha Levin
From: Lin Yujun <linyujun809@huawei.com>
[ Upstream commit 855ae87a2073ebf1b395e020de54fdf9ce7d166f ]
No error handling is performed when platform_device_add()
fails. Add error processing before return, and modified
the return value.
Fixes: 77d8f3068c63 ("clk: imx: scu: add two cells binding support")
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Link: https://lore.kernel.org/r/20220914033206.98046-1-linyujun809@huawei.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-scu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/imx/clk-scu.c b/drivers/clk/imx/clk-scu.c
index c56e406138db..1e6870f3671f 100644
--- a/drivers/clk/imx/clk-scu.c
+++ b/drivers/clk/imx/clk-scu.c
@@ -695,7 +695,11 @@ struct clk_hw *imx_clk_scu_alloc_dev(const char *name,
pr_warn("%s: failed to attached the power domain %d\n",
name, ret);
- platform_device_add(pdev);
+ ret = platform_device_add(pdev);
+ if (ret) {
+ platform_device_put(pdev);
+ return ERR_PTR(ret);
+ }
/* For API backwards compatiblilty, simply return NULL for success */
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 599/862] clk: ti: Balance of_node_get() calls for of_find_node_by_name()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (597 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 598/862] clk: imx: scu: fix memleak on platform_device_add() fails Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 600/862] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Greg Kroah-Hartman
` (277 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Stephen Boyd, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 058a3996b888ab60eb1857fb4fd28f1b89a9a95a ]
In ti_find_clock_provider(), of_find_node_by_name() will call
of_node_put() for the 'from' argument, possibly putting the node one too
many times. Let's maintain the of_node_get() from the previous search
and only put when we're exiting the function early. This should avoid a
misbalanced reference count on the node.
Fixes: 51f661ef9a10 ("clk: ti: Add ti_find_clock_provider() to use clock-output-names")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220915031121.4003589-1-windhl@126.com
[sboyd@kernel.org: Rewrite commit text, maintain reference instead of
get again]
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/ti/clk.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/ti/clk.c b/drivers/clk/ti/clk.c
index 373e9438b57a..1dc2f15fb75b 100644
--- a/drivers/clk/ti/clk.c
+++ b/drivers/clk/ti/clk.c
@@ -140,11 +140,12 @@ static struct device_node *ti_find_clock_provider(struct device_node *from,
break;
}
}
- of_node_put(from);
kfree(tmp);
- if (found)
+ if (found) {
+ of_node_put(from);
return np;
+ }
/* Fall back to using old node name base provider name */
return of_find_node_by_name(from, name);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 600/862] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (598 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 599/862] clk: ti: Balance of_node_get() calls for of_find_node_by_name() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 601/862] clk: ast2600: BCLK comes from EPLL Greg Kroah-Hartman
` (276 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Tony Lindgren,
Stephen Boyd, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9c59a01caba26ec06fefd6ca1f22d5fd1de57d63 ]
pm_runtime_get_sync() will increment pm usage counter.
Forgetting to putting operation will result in reference leak.
Add missing pm_runtime_put_sync in some error paths.
Fixes: 9ac33b0ce81f ("CLK: TI: Driver for DRA7 ATL (Audio Tracking Logic)")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220602030838.52057-1-linmq006@gmail.com
Reviewed-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/ti/clk-dra7-atl.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/ti/clk-dra7-atl.c b/drivers/clk/ti/clk-dra7-atl.c
index f0f5bf68b6d2..ff4d6a951681 100644
--- a/drivers/clk/ti/clk-dra7-atl.c
+++ b/drivers/clk/ti/clk-dra7-atl.c
@@ -245,14 +245,16 @@ static int of_dra7_atl_clk_probe(struct platform_device *pdev)
if (rc) {
pr_err("%s: failed to lookup atl clock %d\n", __func__,
i);
- return -EINVAL;
+ ret = -EINVAL;
+ goto pm_put;
}
clk = of_clk_get_from_provider(&clkspec);
if (IS_ERR(clk)) {
pr_err("%s: failed to get atl clock %d from provider\n",
__func__, i);
- return PTR_ERR(clk);
+ ret = PTR_ERR(clk);
+ goto pm_put;
}
cdesc = to_atl_desc(__clk_get_hw(clk));
@@ -285,8 +287,9 @@ static int of_dra7_atl_clk_probe(struct platform_device *pdev)
if (cdesc->enabled)
atl_clk_enable(__clk_get_hw(clk));
}
- pm_runtime_put_sync(cinfo->dev);
+pm_put:
+ pm_runtime_put_sync(cinfo->dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 601/862] clk: ast2600: BCLK comes from EPLL
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (599 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 600/862] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 602/862] mailbox: imx: fix RST channel support Greg Kroah-Hartman
` (275 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joel Stanley, Stephen Boyd, Sasha Levin
From: Joel Stanley <joel@jms.id.au>
[ Upstream commit b8c1dc9c00b252b3be853720a71b05ed451ddd9f ]
This correction was made in the u-boot SDK recently. There are no
in-tree users of this clock so the impact is minimal.
Fixes: d3d04f6c330a ("clk: Add support for AST2600 SoC")
Link: https://github.com/AspeedTech-BMC/u-boot/commit/8ad54a5ae15f27fea5e894cc2539a20d90019717
Signed-off-by: Joel Stanley <joel@jms.id.au>
Link: https://lore.kernel.org/r/20220421040426.171256-1-joel@jms.id.au
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-ast2600.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/clk-ast2600.c b/drivers/clk/clk-ast2600.c
index 24dab2312bc6..9c3305bcb27a 100644
--- a/drivers/clk/clk-ast2600.c
+++ b/drivers/clk/clk-ast2600.c
@@ -622,7 +622,7 @@ static int aspeed_g6_clk_probe(struct platform_device *pdev)
regmap_write(map, 0x308, 0x12000); /* 3x3 = 9 */
/* P-Bus (BCLK) clock divider */
- hw = clk_hw_register_divider_table(dev, "bclk", "hpll", 0,
+ hw = clk_hw_register_divider_table(dev, "bclk", "epll", 0,
scu_g6_base + ASPEED_G6_CLK_SELECTION1, 20, 3, 0,
ast2600_div_table,
&aspeed_g6_clk_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 602/862] mailbox: imx: fix RST channel support
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (600 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 601/862] clk: ast2600: BCLK comes from EPLL Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 603/862] mailbox: mpfs: fix handling of the reg property Greg Kroah-Hartman
` (274 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Ying, Peng Fan, Jassi Brar, Sasha Levin
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 7e5cd064f73ccecd2ac1aadca078394bd25ea3ce ]
Because IMX_MU_xCR_MAX was increased to 5, some mu cfgs were not updated
to include the CR register. Add the missed CR register to xcr array.
Fixes: 82ab513baed5 ("mailbox: imx: support RST channel")
Reported-by: Liu Ying <victor.liu@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Tested-by: Liu Ying <victor.liu@nxp.com> # i.MX8qm/qxp MEK boards boot
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/imx-mailbox.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c
index 02922073c9ef..20f2ec880ad6 100644
--- a/drivers/mailbox/imx-mailbox.c
+++ b/drivers/mailbox/imx-mailbox.c
@@ -904,7 +904,7 @@ static const struct imx_mu_dcfg imx_mu_cfg_imx7ulp = {
.xTR = 0x20,
.xRR = 0x40,
.xSR = {0x60, 0x60, 0x60, 0x60},
- .xCR = {0x64, 0x64, 0x64, 0x64},
+ .xCR = {0x64, 0x64, 0x64, 0x64, 0x64},
};
static const struct imx_mu_dcfg imx_mu_cfg_imx8ulp = {
@@ -927,7 +927,7 @@ static const struct imx_mu_dcfg imx_mu_cfg_imx8ulp_s4 = {
.xTR = 0x200,
.xRR = 0x280,
.xSR = {0xC, 0x118, 0x124, 0x12C},
- .xCR = {0x110, 0x114, 0x120, 0x128},
+ .xCR = {0x8, 0x110, 0x114, 0x120, 0x128},
};
static const struct imx_mu_dcfg imx_mu_cfg_imx93_s4 = {
@@ -938,7 +938,7 @@ static const struct imx_mu_dcfg imx_mu_cfg_imx93_s4 = {
.xTR = 0x200,
.xRR = 0x280,
.xSR = {0xC, 0x118, 0x124, 0x12C},
- .xCR = {0x110, 0x114, 0x120, 0x128},
+ .xCR = {0x8, 0x110, 0x114, 0x120, 0x128},
};
static const struct imx_mu_dcfg imx_mu_cfg_imx8_scu = {
@@ -949,7 +949,7 @@ static const struct imx_mu_dcfg imx_mu_cfg_imx8_scu = {
.xTR = 0x0,
.xRR = 0x10,
.xSR = {0x20, 0x20, 0x20, 0x20},
- .xCR = {0x24, 0x24, 0x24, 0x24},
+ .xCR = {0x24, 0x24, 0x24, 0x24, 0x24},
};
static const struct imx_mu_dcfg imx_mu_cfg_imx8_seco = {
@@ -960,7 +960,7 @@ static const struct imx_mu_dcfg imx_mu_cfg_imx8_seco = {
.xTR = 0x0,
.xRR = 0x10,
.xSR = {0x20, 0x20, 0x20, 0x20},
- .xCR = {0x24, 0x24, 0x24, 0x24},
+ .xCR = {0x24, 0x24, 0x24, 0x24, 0x24},
};
static const struct of_device_id imx_mu_dt_ids[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 603/862] mailbox: mpfs: fix handling of the reg property
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (601 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 602/862] mailbox: imx: fix RST channel support Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 604/862] mailbox: mpfs: account for mbox offsets while sending Greg Kroah-Hartman
` (273 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Conor Dooley, Jassi Brar, Sasha Levin
From: Conor Dooley <conor.dooley@microchip.com>
[ Upstream commit 2e10289d1f304f5082a4dda55a677b72b3bdb581 ]
The "data" region of the PolarFire SoC's system controller mailbox is
not one continuous register space - the system controller's QSPI sits
between the control and data registers. Split the "data" reg into two
parts: "data" & "control". Optionally get the "data" register address
from the 3rd reg property in the devicetree & fall back to using the
old base + MAILBOX_REG_OFFSET that the current code uses.
Fixes: 83d7b1560810 ("mbox: add polarfire soc system controller mailbox")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/mailbox-mpfs.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/drivers/mailbox/mailbox-mpfs.c b/drivers/mailbox/mailbox-mpfs.c
index 4e34854d1238..e432a8f0d148 100644
--- a/drivers/mailbox/mailbox-mpfs.c
+++ b/drivers/mailbox/mailbox-mpfs.c
@@ -62,6 +62,7 @@ struct mpfs_mbox {
struct mbox_controller controller;
struct device *dev;
int irq;
+ void __iomem *ctrl_base;
void __iomem *mbox_base;
void __iomem *int_reg;
struct mbox_chan chans[1];
@@ -73,7 +74,7 @@ static bool mpfs_mbox_busy(struct mpfs_mbox *mbox)
{
u32 status;
- status = readl_relaxed(mbox->mbox_base + SERVICES_SR_OFFSET);
+ status = readl_relaxed(mbox->ctrl_base + SERVICES_SR_OFFSET);
return status & SCB_STATUS_BUSY_MASK;
}
@@ -99,14 +100,13 @@ static int mpfs_mbox_send_data(struct mbox_chan *chan, void *data)
for (index = 0; index < (msg->cmd_data_size / 4); index++)
writel_relaxed(word_buf[index],
- mbox->mbox_base + MAILBOX_REG_OFFSET + index * 0x4);
+ mbox->mbox_base + index * 0x4);
if (extra_bits) {
u8 i;
u8 byte_off = ALIGN_DOWN(msg->cmd_data_size, 4);
u8 *byte_buf = msg->cmd_data + byte_off;
- val = readl_relaxed(mbox->mbox_base +
- MAILBOX_REG_OFFSET + index * 0x4);
+ val = readl_relaxed(mbox->mbox_base + index * 0x4);
for (i = 0u; i < extra_bits; i++) {
val &= ~(0xffu << (i * 8u));
@@ -114,14 +114,14 @@ static int mpfs_mbox_send_data(struct mbox_chan *chan, void *data)
}
writel_relaxed(val,
- mbox->mbox_base + MAILBOX_REG_OFFSET + index * 0x4);
+ mbox->mbox_base + index * 0x4);
}
}
opt_sel = ((msg->mbox_offset << 7u) | (msg->cmd_opcode & 0x7fu));
tx_trigger = (opt_sel << SCB_CTRL_POS) & SCB_CTRL_MASK;
tx_trigger |= SCB_CTRL_REQ_MASK | SCB_STATUS_NOTIFY_MASK;
- writel_relaxed(tx_trigger, mbox->mbox_base + SERVICES_CR_OFFSET);
+ writel_relaxed(tx_trigger, mbox->ctrl_base + SERVICES_CR_OFFSET);
return 0;
}
@@ -141,7 +141,7 @@ static void mpfs_mbox_rx_data(struct mbox_chan *chan)
if (!mpfs_mbox_busy(mbox)) {
for (i = 0; i < num_words; i++) {
response->resp_msg[i] =
- readl_relaxed(mbox->mbox_base + MAILBOX_REG_OFFSET
+ readl_relaxed(mbox->mbox_base
+ mbox->resp_offset + i * 0x4);
}
}
@@ -200,14 +200,18 @@ static int mpfs_mbox_probe(struct platform_device *pdev)
if (!mbox)
return -ENOMEM;
- mbox->mbox_base = devm_platform_get_and_ioremap_resource(pdev, 0, ®s);
- if (IS_ERR(mbox->mbox_base))
- return PTR_ERR(mbox->mbox_base);
+ mbox->ctrl_base = devm_platform_get_and_ioremap_resource(pdev, 0, ®s);
+ if (IS_ERR(mbox->ctrl_base))
+ return PTR_ERR(mbox->ctrl_base);
mbox->int_reg = devm_platform_get_and_ioremap_resource(pdev, 1, ®s);
if (IS_ERR(mbox->int_reg))
return PTR_ERR(mbox->int_reg);
+ mbox->mbox_base = devm_platform_get_and_ioremap_resource(pdev, 2, ®s);
+ if (IS_ERR(mbox->mbox_base)) // account for the old dt-binding w/ 2 regs
+ mbox->mbox_base = mbox->ctrl_base + MAILBOX_REG_OFFSET;
+
mbox->irq = platform_get_irq(pdev, 0);
if (mbox->irq < 0)
return mbox->irq;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 604/862] mailbox: mpfs: account for mbox offsets while sending
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (602 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 603/862] mailbox: mpfs: fix handling of the reg property Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 605/862] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Greg Kroah-Hartman
` (272 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Conor Dooley, Jassi Brar, Sasha Levin
From: Conor Dooley <conor.dooley@microchip.com>
[ Upstream commit 0d1aadfe10ba17ebdeb96abb9638eb0f623f9b55 ]
The mailbox offset is not only used for receiving messages, but it is
also used by messages sent to the system controller by Linux that have a
payload, such as the "digital signature service". It is also overloaded
by certain other services (reprogramming of the FPGA fabric, see Link:)
to have a meaning other than the offset the system controller should
read from.
When the driver was written, no such services of the latter type were
in use & those of the former used an offset of zero so this has gone
un-noticed.
Link: https://www.microsemi.com/document-portal/doc_download/1245815-polarfire-fpga-and-polarfire-soc-fpga-system-services-user-guide # Section 5.2
Fixes: 83d7b1560810 ("mbox: add polarfire soc system controller mailbox")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/mailbox-mpfs.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/mailbox/mailbox-mpfs.c b/drivers/mailbox/mailbox-mpfs.c
index e432a8f0d148..cfacb3f320a6 100644
--- a/drivers/mailbox/mailbox-mpfs.c
+++ b/drivers/mailbox/mailbox-mpfs.c
@@ -100,21 +100,20 @@ static int mpfs_mbox_send_data(struct mbox_chan *chan, void *data)
for (index = 0; index < (msg->cmd_data_size / 4); index++)
writel_relaxed(word_buf[index],
- mbox->mbox_base + index * 0x4);
+ mbox->mbox_base + msg->mbox_offset + index * 0x4);
if (extra_bits) {
u8 i;
u8 byte_off = ALIGN_DOWN(msg->cmd_data_size, 4);
u8 *byte_buf = msg->cmd_data + byte_off;
- val = readl_relaxed(mbox->mbox_base + index * 0x4);
+ val = readl_relaxed(mbox->mbox_base + msg->mbox_offset + index * 0x4);
for (i = 0u; i < extra_bits; i++) {
val &= ~(0xffu << (i * 8u));
val |= (byte_buf[i] << (i * 8u));
}
- writel_relaxed(val,
- mbox->mbox_base + index * 0x4);
+ writel_relaxed(val, mbox->mbox_base + msg->mbox_offset + index * 0x4);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 605/862] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (603 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 604/862] mailbox: mpfs: account for mbox offsets while sending Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 606/862] ipc: mqueue: fix possible memory leak in init_mqueue_fs() Greg Kroah-Hartman
` (271 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Wang, Jassi Brar, Sasha Levin
From: Jack Wang <jinpu.wang@ionos.com>
[ Upstream commit 6b207ce8a96a71e966831e3a13c38143ba9a73c1 ]
dma_map_sg return 0 on error, fix the error check, and return -EIO
to caller.
Fixes: dbc049eee730 ("mailbox: Add driver for Broadcom FlexRM ring manager")
Signed-off-by: Jack Wang <jinpu.wang@ionos.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/bcm-flexrm-mailbox.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/mailbox/bcm-flexrm-mailbox.c b/drivers/mailbox/bcm-flexrm-mailbox.c
index fda16f76401e..bf6e86b0ed09 100644
--- a/drivers/mailbox/bcm-flexrm-mailbox.c
+++ b/drivers/mailbox/bcm-flexrm-mailbox.c
@@ -622,15 +622,15 @@ static int flexrm_spu_dma_map(struct device *dev, struct brcm_message *msg)
rc = dma_map_sg(dev, msg->spu.src, sg_nents(msg->spu.src),
DMA_TO_DEVICE);
- if (rc < 0)
- return rc;
+ if (!rc)
+ return -EIO;
rc = dma_map_sg(dev, msg->spu.dst, sg_nents(msg->spu.dst),
DMA_FROM_DEVICE);
- if (rc < 0) {
+ if (!rc) {
dma_unmap_sg(dev, msg->spu.src, sg_nents(msg->spu.src),
DMA_TO_DEVICE);
- return rc;
+ return -EIO;
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 606/862] ipc: mqueue: fix possible memory leak in init_mqueue_fs()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (604 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 605/862] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 607/862] powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig Greg Kroah-Hartman
` (270 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Eric W. Biederman, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit c579d60f0d0cd87552f64fdebe68b5d941d20309 ]
commit db7cfc380900 ("ipc: Free mq_sysctls if ipc namespace creation
failed")
Here's a similar memory leak to the one fixed by the patch above.
retire_mq_sysctls need to be called when init_mqueue_fs fails after
setup_mq_sysctls.
Fixes: dc55e35f9e81 ("ipc: Store mqueue sysctls in the ipc namespace")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lkml.kernel.org/r/20220715062301.19311-1-hbh25y@gmail.com
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
ipc/mqueue.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index f98de32aeea1..9cf314b3f079 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -1746,6 +1746,7 @@ static int __init init_mqueue_fs(void)
unregister_filesystem(&mqueue_fs_type);
out_sysctl:
kmem_cache_destroy(mqueue_inode_cachep);
+ retire_mq_sysctls(&init_ipc_ns);
return error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 607/862] powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (605 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 606/862] ipc: mqueue: fix possible memory leak in init_mqueue_fs() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 608/862] powerpc/math_emu/efp: Include module.h Greg Kroah-Hartman
` (269 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit aa398d88aea4ec863bd7aea35d5035a37096dc59 ]
My commit to add PAPR_SCM to pseries_defconfig failed to add the
required dependencies, meaning the driver doesn't get built.
Add the required LIBNVDIMM=m.
Fixes: d6481a7195df ("powerpc/configs: Add PAPR_SCM to pseries_defconfig")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220901014253.252927-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/configs/pseries_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/configs/pseries_defconfig b/arch/powerpc/configs/pseries_defconfig
index b571d084c148..c05e37af9f1e 100644
--- a/arch/powerpc/configs/pseries_defconfig
+++ b/arch/powerpc/configs/pseries_defconfig
@@ -40,6 +40,7 @@ CONFIG_PPC_SPLPAR=y
CONFIG_DTL=y
CONFIG_PPC_SMLPAR=y
CONFIG_IBMEBUS=y
+CONFIG_LIBNVDIMM=m
CONFIG_PAPR_SCM=m
CONFIG_PPC_SVM=y
# CONFIG_PPC_PMAC is not set
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 608/862] powerpc/math_emu/efp: Include module.h
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (606 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 607/862] powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 609/862] powerpc/sysdev/fsl_msi: Add missing of_node_put() Greg Kroah-Hartman
` (268 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Nathan Chancellor,
Christophe Leroy, Michael Ellerman, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit cfe0d370e0788625ce0df3239aad07a2506c1796 ]
When building with a recent version of clang, there are a couple of
errors around the call to module_init():
arch/powerpc/math-emu/math_efp.c:927:1: error: type specifier missing, defaults to 'int'; ISO C99 and later do not support implicit int [-Wimplicit-int]
module_init(spe_mathemu_init);
^
int
arch/powerpc/math-emu/math_efp.c:927:13: error: a parameter list without types is only allowed in a function definition
module_init(spe_mathemu_init);
^
2 errors generated.
module_init() is a macro, which is not getting expanded because module.h
is not included in this file. Add the include so that the macro can
expand properly, clearing up the build failure.
Fixes: ac6f120369ff ("powerpc/85xx: Workaroudn e500 CPU erratum A005")
[chleroy: added fixes tag]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/r/8403854a4c187459b2f4da3537f51227b70b9223.1662134272.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/math-emu/math_efp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/math-emu/math_efp.c b/arch/powerpc/math-emu/math_efp.c
index 39b84e7452e1..aa3bb8da1cb9 100644
--- a/arch/powerpc/math-emu/math_efp.c
+++ b/arch/powerpc/math-emu/math_efp.c
@@ -17,6 +17,7 @@
#include <linux/types.h>
#include <linux/prctl.h>
+#include <linux/module.h>
#include <linux/uaccess.h>
#include <asm/reg.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 609/862] powerpc/sysdev/fsl_msi: Add missing of_node_put()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (607 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 608/862] powerpc/math_emu/efp: Include module.h Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 610/862] powerpc/pci_dn: " Greg Kroah-Hartman
` (267 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Michael Ellerman,
Sasha Levin, Miaoqian Lin
From: Liang He <windhl@126.com>
[ Upstream commit def435c04ee984a5f9ed2711b2bfe946936c6a21 ]
In fsl_setup_msi_irqs(), use of_node_put() to drop the reference
returned by of_parse_phandle().
Fixes: 895d603f945ba ("powerpc/fsl_msi: add support for the fsl, msi property in PCI nodes")
Co-authored-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220704145233.278539-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/fsl_msi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/sysdev/fsl_msi.c b/arch/powerpc/sysdev/fsl_msi.c
index ef9a5999fa93..73c2d70706c0 100644
--- a/arch/powerpc/sysdev/fsl_msi.c
+++ b/arch/powerpc/sysdev/fsl_msi.c
@@ -209,8 +209,10 @@ static int fsl_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type)
dev_err(&pdev->dev,
"node %pOF has an invalid fsl,msi phandle %u\n",
hose->dn, np->phandle);
+ of_node_put(np);
return -EINVAL;
}
+ of_node_put(np);
}
msi_for_each_desc(entry, &pdev->dev, MSI_DESC_NOTASSOCIATED) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 610/862] powerpc/pci_dn: Add missing of_node_put()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (608 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 609/862] powerpc/sysdev/fsl_msi: Add missing of_node_put() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 611/862] powerpc/powernv: add missing of_node_put() in opal_export_attrs() Greg Kroah-Hartman
` (266 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Michael Ellerman,
Tyrel Datwyler, Sasha Levin, Miaoqian Lin
From: Liang He <windhl@126.com>
[ Upstream commit 110a1fcb6c4d55144d8179983a475f17a1d6f832 ]
In pci_add_device_node_info(), use of_node_put() to drop the reference
to 'parent' returned by of_get_parent() to keep refcount balance.
Fixes: cca87d303c85 ("powerpc/pci: Refactor pci_dn")
Co-authored-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>
Link: https://lore.kernel.org/r/20220701131750.240170-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/pci_dn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/kernel/pci_dn.c b/arch/powerpc/kernel/pci_dn.c
index 7a35fc25a304..38561d6a2079 100644
--- a/arch/powerpc/kernel/pci_dn.c
+++ b/arch/powerpc/kernel/pci_dn.c
@@ -330,6 +330,7 @@ struct pci_dn *pci_add_device_node_info(struct pci_controller *hose,
INIT_LIST_HEAD(&pdn->list);
parent = of_get_parent(dn);
pdn->parent = parent ? PCI_DN(parent) : NULL;
+ of_node_put(parent);
if (pdn->parent)
list_add_tail(&pdn->list, &pdn->parent->child_list);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 611/862] powerpc/powernv: add missing of_node_put() in opal_export_attrs()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (609 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 610/862] powerpc/pci_dn: " Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 612/862] cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage Greg Kroah-Hartman
` (265 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Michael Ellerman, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit 71a92e99c47900cc164620948b3863382cec4f1a ]
After using 'np' returned by of_find_node_by_path(), of_node_put()
need be called to decrease the refcount.
Fixes: 11fe909d2362 ("powerpc/powernv: Add OPAL exports attributes to sysfs")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220906141703.118192-1-zhengyongjun3@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/opal.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
index 55a8fbfdb5b2..3510b55b36f8 100644
--- a/arch/powerpc/platforms/powernv/opal.c
+++ b/arch/powerpc/platforms/powernv/opal.c
@@ -892,6 +892,7 @@ static void opal_export_attrs(void)
kobj = kobject_create_and_add("exports", opal_kobj);
if (!kobj) {
pr_warn("kobject_create_and_add() of exports failed\n");
+ of_node_put(np);
return;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 612/862] cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (610 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 611/862] powerpc/powernv: add missing of_node_put() in opal_export_attrs() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 613/862] powerpc: dts: turris1x.dts: Fix NOR partitions labels Greg Kroah-Hartman
` (264 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anup Patel, Andrew Jones,
Palmer Dabbelt, Sasha Levin
From: Anup Patel <apatel@ventanamicro.com>
[ Upstream commit cfadbb9df8c4dc917787da4458327e5ec14743d4 ]
Currently, we are using CPU_PM_CPU_IDLE_ENTER_PARAM() for all SBI HSM
suspend types so retentive suspend types are also treated non-retentive
and kernel will do redundant additional work for these states.
The BIT[31] of SBI HSM suspend types allows us to differentiate between
retentive and non-retentive suspend types so we should use this BIT
to call appropriate CPU_PM_CPU_IDLE_ENTER_xyz() macro.
Fixes: 6abf32f1d9c5 ("cpuidle: Add RISC-V SBI CPU idle driver")
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Link: https://lore.kernel.org/r/20220718084553.2056169-1-apatel@ventanamicro.com/
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpuidle/cpuidle-riscv-sbi.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/cpuidle/cpuidle-riscv-sbi.c b/drivers/cpuidle/cpuidle-riscv-sbi.c
index 862a2876f1c9..05fe2902df9a 100644
--- a/drivers/cpuidle/cpuidle-riscv-sbi.c
+++ b/drivers/cpuidle/cpuidle-riscv-sbi.c
@@ -97,8 +97,13 @@ static int sbi_cpuidle_enter_state(struct cpuidle_device *dev,
struct cpuidle_driver *drv, int idx)
{
u32 *states = __this_cpu_read(sbi_cpuidle_data.states);
+ u32 state = states[idx];
- return CPU_PM_CPU_IDLE_ENTER_PARAM(sbi_suspend, idx, states[idx]);
+ if (state & SBI_HSM_SUSP_NON_RET_BIT)
+ return CPU_PM_CPU_IDLE_ENTER_PARAM(sbi_suspend, idx, state);
+ else
+ return CPU_PM_CPU_IDLE_ENTER_RETENTION_PARAM(sbi_suspend,
+ idx, state);
}
static int __sbi_enter_domain_idle_state(struct cpuidle_device *dev,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 613/862] powerpc: dts: turris1x.dts: Fix NOR partitions labels
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (611 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 612/862] cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 614/862] powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes Greg Kroah-Hartman
` (263 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit c9986f0aefd1ae22fe9cf794d49699643f1e268b ]
Partition partition@20000 contains generic kernel image and it does not
have to be used only for rescue purposes. Partition partition@1c0000
contains bootable rescue system and partition partition@340000 contains
factory image/data for restoring to NAND. So change partition labels to
better fit their purpose by removing possible misleading substring "rootfs"
from these labels.
Fixes: 54c15ec3b738 ("powerpc: dts: Add DTS file for CZ.NIC Turris 1.x routers")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220830225500.8856-1-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/boot/dts/turris1x.dts | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/boot/dts/turris1x.dts b/arch/powerpc/boot/dts/turris1x.dts
index 12e08271e61f..47027b4cebb3 100644
--- a/arch/powerpc/boot/dts/turris1x.dts
+++ b/arch/powerpc/boot/dts/turris1x.dts
@@ -263,21 +263,21 @@
};
partition@20000 {
- /* 1.7 MB for Rescue Linux Kernel Image */
+ /* 1.7 MB for Linux Kernel Image */
reg = <0x00020000 0x001a0000>;
- label = "rescue-kernel";
+ label = "kernel";
};
partition@1c0000 {
/* 1.5 MB for Rescue JFFS2 Root File System */
reg = <0x001c0000 0x00180000>;
- label = "rescue-rootfs";
+ label = "rescue";
};
partition@340000 {
- /* 11 MB for TAR.XZ Backup with content of NAND Root File System */
+ /* 11 MB for TAR.XZ Archive with Factory content of NAND Root File System */
reg = <0x00340000 0x00b00000>;
- label = "backup-rootfs";
+ label = "factory";
};
partition@e40000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 614/862] powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (612 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 613/862] powerpc: dts: turris1x.dts: Fix NOR partitions labels Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 615/862] powerpc: Fix fallocate and fadvise64_64 compat parameter combination Greg Kroah-Hartman
` (262 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 8bf056f57f1d16c561e43f9af37301f23990cd21 ]
DSA cpu port node has to be marked with "cpu" label.
So fix it for both cpu port nodes.
Fixes: 54c15ec3b738 ("powerpc: dts: Add DTS file for CZ.NIC Turris 1.x routers")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220827131538.14577-1-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/boot/dts/turris1x.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/boot/dts/turris1x.dts b/arch/powerpc/boot/dts/turris1x.dts
index 47027b4cebb3..045af668e928 100644
--- a/arch/powerpc/boot/dts/turris1x.dts
+++ b/arch/powerpc/boot/dts/turris1x.dts
@@ -147,7 +147,7 @@
port@0 {
reg = <0>;
- label = "cpu1";
+ label = "cpu";
ethernet = <&enet1>;
phy-mode = "rgmii-id";
@@ -184,7 +184,7 @@
port@6 {
reg = <6>;
- label = "cpu0";
+ label = "cpu";
ethernet = <&enet0>;
phy-mode = "rgmii-id";
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 615/862] powerpc: Fix fallocate and fadvise64_64 compat parameter combination
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (613 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 614/862] powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 616/862] x86/hyperv: Fix struct hv_enlightened_vmcs definition Greg Kroah-Hartman
` (261 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Rohan McLure,
Nicholas Piggin, Michael Ellerman, Sasha Levin
From: Rohan McLure <rmclure@linux.ibm.com>
[ Upstream commit 016ff72bd2090903715c0f9422a44afbb966f4ee ]
As reported[1] by Arnd, the arch-specific fadvise64_64 and fallocate
compatibility handlers assume parameters are passed with 32-bit
big-endian ABI. This affects the assignment of odd-even parameter pairs
to the high or low words of a 64-bit syscall parameter.
Fix fadvise64_64 fallocate compat handlers to correctly swap upper/lower
32 bits conditioned on endianness.
A future patch will replace the arch-specific compat fallocate with an
asm-generic implementation. This patch is intended for ease of
back-port.
[1]: https://lore.kernel.org/all/be29926f-226e-48dc-871a-e29a54e80583@www.fastmail.com/
Fixes: 57f48b4b74e7 ("powerpc/compat_sys: swap hi/lo parts of 64-bit syscall args in LE mode")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Rohan McLure <rmclure@linux.ibm.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220921065605.1051927-9-rmclure@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/syscalls.h | 12 ++++++++++++
arch/powerpc/kernel/sys_ppc32.c | 14 +-------------
arch/powerpc/kernel/syscalls.c | 4 ++--
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/powerpc/include/asm/syscalls.h b/arch/powerpc/include/asm/syscalls.h
index a2b13e55254f..da40219b303a 100644
--- a/arch/powerpc/include/asm/syscalls.h
+++ b/arch/powerpc/include/asm/syscalls.h
@@ -8,6 +8,18 @@
#include <linux/types.h>
#include <linux/compat.h>
+/*
+ * long long munging:
+ * The 32 bit ABI passes long longs in an odd even register pair.
+ * High and low parts are swapped depending on endian mode,
+ * so define a macro (similar to mips linux32) to handle that.
+ */
+#ifdef __LITTLE_ENDIAN__
+#define merge_64(low, high) (((u64)high << 32) | low)
+#else
+#define merge_64(high, low) (((u64)high << 32) | low)
+#endif
+
struct rtas_args;
asmlinkage long sys_mmap(unsigned long addr, size_t len,
diff --git a/arch/powerpc/kernel/sys_ppc32.c b/arch/powerpc/kernel/sys_ppc32.c
index 16ff0399a257..719bfc6d1e3f 100644
--- a/arch/powerpc/kernel/sys_ppc32.c
+++ b/arch/powerpc/kernel/sys_ppc32.c
@@ -56,18 +56,6 @@ unsigned long compat_sys_mmap2(unsigned long addr, size_t len,
return sys_mmap(addr, len, prot, flags, fd, pgoff << 12);
}
-/*
- * long long munging:
- * The 32 bit ABI passes long longs in an odd even register pair.
- * High and low parts are swapped depending on endian mode,
- * so define a macro (similar to mips linux32) to handle that.
- */
-#ifdef __LITTLE_ENDIAN__
-#define merge_64(low, high) ((u64)high << 32) | low
-#else
-#define merge_64(high, low) ((u64)high << 32) | low
-#endif
-
compat_ssize_t compat_sys_pread64(unsigned int fd, char __user *ubuf, compat_size_t count,
u32 reg6, u32 pos1, u32 pos2)
{
@@ -94,7 +82,7 @@ asmlinkage int compat_sys_truncate64(const char __user * path, u32 reg4,
asmlinkage long compat_sys_fallocate(int fd, int mode, u32 offset1, u32 offset2,
u32 len1, u32 len2)
{
- return ksys_fallocate(fd, mode, ((loff_t)offset1 << 32) | offset2,
+ return ksys_fallocate(fd, mode, merge_64(offset1, offset2),
merge_64(len1, len2));
}
diff --git a/arch/powerpc/kernel/syscalls.c b/arch/powerpc/kernel/syscalls.c
index fc999140bc27..abc3fbb3c490 100644
--- a/arch/powerpc/kernel/syscalls.c
+++ b/arch/powerpc/kernel/syscalls.c
@@ -98,8 +98,8 @@ long ppc64_personality(unsigned long personality)
long ppc_fadvise64_64(int fd, int advice, u32 offset_high, u32 offset_low,
u32 len_high, u32 len_low)
{
- return ksys_fadvise64_64(fd, (u64)offset_high << 32 | offset_low,
- (u64)len_high << 32 | len_low, advice);
+ return ksys_fadvise64_64(fd, merge_64(offset_high, offset_low),
+ merge_64(len_high, len_low), advice);
}
SYSCALL_DEFINE0(switch_endian)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 616/862] x86/hyperv: Fix struct hv_enlightened_vmcs definition
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (614 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 615/862] powerpc: Fix fallocate and fadvise64_64 compat parameter combination Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 617/862] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Greg Kroah-Hartman
` (260 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Levitsky, Michael Kelley,
Vitaly Kuznetsov, Sean Christopherson, Paolo Bonzini,
Sasha Levin
From: Vitaly Kuznetsov <vkuznets@redhat.com>
[ Upstream commit ea9da788a61e47e7ab9cbad397453e51cd82ac0d ]
Section 1.9 of TLFS v6.0b says:
"All structures are padded in such a way that fields are aligned
naturally (that is, an 8-byte field is aligned to an offset of 8 bytes
and so on)".
'struct enlightened_vmcs' has a glitch:
...
struct {
u32 nested_flush_hypercall:1; /* 836: 0 4 */
u32 msr_bitmap:1; /* 836: 1 4 */
u32 reserved:30; /* 836: 2 4 */
} hv_enlightenments_control; /* 836 4 */
u32 hv_vp_id; /* 840 4 */
u64 hv_vm_id; /* 844 8 */
u64 partition_assist_page; /* 852 8 */
...
And the observed values in 'partition_assist_page' make no sense at
all. Fix the layout by padding the structure properly.
Fixes: 68d1eb72ee99 ("x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits")
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220830133737.1539624-2-vkuznets@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/hyperv-tlfs.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/hyperv-tlfs.h b/arch/x86/include/asm/hyperv-tlfs.h
index 0a9407dc0859..6f0acc45e67a 100644
--- a/arch/x86/include/asm/hyperv-tlfs.h
+++ b/arch/x86/include/asm/hyperv-tlfs.h
@@ -546,7 +546,7 @@ struct hv_enlightened_vmcs {
u64 guest_rip;
u32 hv_clean_fields;
- u32 hv_padding_32;
+ u32 padding32_1;
u32 hv_synthetic_controls;
struct {
u32 nested_flush_hypercall:1;
@@ -554,7 +554,7 @@ struct hv_enlightened_vmcs {
u32 reserved:30;
} __packed hv_enlightenments_control;
u32 hv_vp_id;
-
+ u32 padding32_2;
u64 hv_vm_id;
u64 partition_assist_page;
u64 padding64_4[4];
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 617/862] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (615 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 616/862] x86/hyperv: Fix struct hv_enlightened_vmcs definition Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 618/862] powerpc/64/interrupt: Fix false warning in context tracking due to idle state Greg Kroah-Hartman
` (259 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Segher Boessenkool,
Michael Ellerman, Sasha Levin
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 58ec7f06b74e0d6e76c4110afce367c8b5f0837d ]
Big-endian GENERIC_CPU supports 970, but builds with -mcpu=power5.
POWER5 is ISA v2.02 whereas 970 is v2.01 plus Altivec. 2.02 added
the popcntb instruction which a compiler might use.
Use -mcpu=power4.
Fixes: 471d7ff8b51b ("powerpc/64s: Remove POWER4 support")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220921014103.587954-1-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index 02742facf895..140a5e6471fe 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -152,7 +152,7 @@ CFLAGS-$(CONFIG_GENERIC_CPU) += -mcpu=power8
CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mtune=power9,-mtune=power8)
else
CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mtune=power7,$(call cc-option,-mtune=power5))
-CFLAGS-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mcpu=power5,-mcpu=power4)
+CFLAGS-$(CONFIG_GENERIC_CPU) += -mcpu=power4
endif
else ifdef CONFIG_PPC_BOOK3E_64
CFLAGS-$(CONFIG_GENERIC_CPU) += -mcpu=powerpc64
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 618/862] powerpc/64/interrupt: Fix false warning in context tracking due to idle state
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (616 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 617/862] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 619/862] powerpc/64: mark irqs hard disabled in boot paca Greg Kroah-Hartman
` (258 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Michael Ellerman,
Sasha Levin
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 56adbb7a8b6cc7fc9b940829c38494e53c9e57d1 ]
Commit 171476775d32 ("context_tracking: Convert state to atomic_t")
added a CONTEXT_IDLE state which can be encountered by interrupts from
kernel mode in the idle thread, causing a false positive warning.
Fixes: 171476775d32 ("context_tracking: Convert state to atomic_t")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220926054305.2671436-2-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/interrupt.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/interrupt.h b/arch/powerpc/include/asm/interrupt.h
index 8069dbc4b8d1..b61555e30c7c 100644
--- a/arch/powerpc/include/asm/interrupt.h
+++ b/arch/powerpc/include/asm/interrupt.h
@@ -195,7 +195,8 @@ static inline void interrupt_enter_prepare(struct pt_regs *regs)
* so avoid recursion.
*/
if (TRAP(regs) != INTERRUPT_PROGRAM) {
- CT_WARN_ON(ct_state() != CONTEXT_KERNEL);
+ CT_WARN_ON(ct_state() != CONTEXT_KERNEL &&
+ ct_state() != CONTEXT_IDLE);
if (IS_ENABLED(CONFIG_PPC_IRQ_SOFT_MASK_DEBUG))
BUG_ON(is_implicit_soft_masked(regs));
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 619/862] powerpc/64: mark irqs hard disabled in boot paca
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (617 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 618/862] powerpc/64/interrupt: Fix false warning in context tracking due to idle state Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 620/862] powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending Greg Kroah-Hartman
` (257 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Michael Ellerman,
Sasha Levin
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 799f7063c7645f9a751d17f5dfd73b952f962cd2 ]
This prevents interrupts in early boot (e.g., program check) from
enabling MSR[EE], potentially causing endian mismatch or other
crashes when reporting early boot traps.
Fixes: 4423eb5ae32ec ("powerpc/64/interrupt: make normal synchronous interrupts enable MSR[EE] if possible")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220926054305.2671436-3-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/setup_64.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 2b2d0b0fbb30..ce8fc6575eaa 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -182,8 +182,10 @@ static void __init fixup_boot_paca(void)
get_paca()->cpu_start = 1;
/* Allow percpu accesses to work until we setup percpu data */
get_paca()->data_offset = 0;
- /* Mark interrupts disabled in PACA */
+ /* Mark interrupts soft and hard disabled in PACA */
irq_soft_mask_set(IRQS_DISABLED);
+ get_paca()->irq_happened = PACA_IRQ_HARD_DIS;
+ WARN_ON(mfmsr() & MSR_EE);
}
static void __init configure_exceptions(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 620/862] powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (618 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 619/862] powerpc/64: mark irqs hard disabled in boot paca Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 621/862] powerpc: Fix SPE Power ISA properties for e500v1 platforms Greg Kroah-Hartman
` (256 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Michael Ellerman,
Sasha Levin
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit e485f6c751e0a969327336c635ca602feea117f0 ]
If a synchronous interrupt (e.g., hash fault) is taken inside an
irqs-disabled region which has MSR[EE]=1, then an asynchronous interrupt
that is PACA_IRQ_MUST_HARD_MASK (e.g., PMI) is taken inside the
synchronous interrupt handler, then the synchronous interrupt will
return with MSR[EE]=1 and the asynchronous interrupt fires again.
If the asynchronous interrupt is a PMI and the original context does not
have PMIs disabled (only Linux IRQs), the asynchronous interrupt will
fire despite having the PMI marked soft pending. This can confuse the
perf code and cause warnings.
This patch changes the interrupt return so that irqs-disabled MSR[EE]=1
contexts will be returned to with MSR[EE]=0 if a PACA_IRQ_MUST_HARD_MASK
interrupt has become pending in the meantime.
The longer explanation for what happens:
1. local_irq_disable()
2. Hash fault interrupt fires, do_hash_fault handler runs
3. interrupt_enter_prepare() sets IRQS_ALL_DISABLED
4. interrupt_enter_prepare() sets MSR[EE]=1
5. PMU interrupt fires, masked handler runs
6. Masked handler marks PMI pending
7. Masked handler returns with PACA_IRQ_HARD_DIS set, MSR[EE]=0
8. do_hash_fault interrupt return handler runs
9. interrupt_exit_kernel_prepare() clears PACA_IRQ_HARD_DIS
10. interrupt returns with MSR[EE]=1
11. PMU interrupt fires, perf handler runs
Fixes: 4423eb5ae32e ("powerpc/64/interrupt: make normal synchronous interrupts enable MSR[EE] if possible")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220926054305.2671436-4-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/interrupt.c | 10 ---------
arch/powerpc/kernel/interrupt_64.S | 34 +++++++++++++++++++++++++++---
2 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/arch/powerpc/kernel/interrupt.c b/arch/powerpc/kernel/interrupt.c
index 0e75cb03244a..f9db0a172401 100644
--- a/arch/powerpc/kernel/interrupt.c
+++ b/arch/powerpc/kernel/interrupt.c
@@ -431,16 +431,6 @@ notrace unsigned long interrupt_exit_kernel_prepare(struct pt_regs *regs)
if (unlikely(stack_store))
__hard_EE_RI_disable();
- /*
- * Returning to a kernel context with local irqs disabled.
- * Here, if EE was enabled in the interrupted context, enable
- * it on return as well. A problem exists here where a soft
- * masked interrupt may have cleared MSR[EE] and set HARD_DIS
- * here, and it will still exist on return to the caller. This
- * will be resolved by the masked interrupt firing again.
- */
- if (regs->msr & MSR_EE)
- local_paca->irq_happened &= ~PACA_IRQ_HARD_DIS;
#endif /* CONFIG_PPC64 */
}
diff --git a/arch/powerpc/kernel/interrupt_64.S b/arch/powerpc/kernel/interrupt_64.S
index ce25b28cf418..d76376ce7291 100644
--- a/arch/powerpc/kernel/interrupt_64.S
+++ b/arch/powerpc/kernel/interrupt_64.S
@@ -559,15 +559,43 @@ _ASM_NOKPROBE_SYMBOL(interrupt_return_\srr\()_kernel)
ld r11,SOFTE(r1)
cmpwi r11,IRQS_ENABLED
stb r11,PACAIRQSOFTMASK(r13)
- bne 1f
+ beq .Linterrupt_return_\srr\()_soft_enabled
+
+ /*
+ * Returning to soft-disabled context.
+ * Check if a MUST_HARD_MASK interrupt has become pending, in which
+ * case we need to disable MSR[EE] in the return context.
+ */
+ ld r12,_MSR(r1)
+ andi. r10,r12,MSR_EE
+ beq .Lfast_kernel_interrupt_return_\srr\() // EE already disabled
+ lbz r11,PACAIRQHAPPENED(r13)
+ andi. r10,r11,PACA_IRQ_MUST_HARD_MASK
+ beq 1f // No HARD_MASK pending
+
+ /* Must clear MSR_EE from _MSR */
+#ifdef CONFIG_PPC_BOOK3S
+ li r10,0
+ /* Clear valid before changing _MSR */
+ .ifc \srr,srr
+ stb r10,PACASRR_VALID(r13)
+ .else
+ stb r10,PACAHSRR_VALID(r13)
+ .endif
+#endif
+ xori r12,r12,MSR_EE
+ std r12,_MSR(r1)
+ b .Lfast_kernel_interrupt_return_\srr\()
+
+.Linterrupt_return_\srr\()_soft_enabled:
#ifdef CONFIG_PPC_BOOK3S
lbz r11,PACAIRQHAPPENED(r13)
andi. r11,r11,(~PACA_IRQ_HARD_DIS)@l
bne- interrupt_return_\srr\()_kernel_restart
#endif
- li r11,0
- stb r11,PACAIRQHAPPENED(r13) # clear out possible HARD_DIS
1:
+ li r11,0
+ stb r11,PACAIRQHAPPENED(r13) // clear the possible HARD_DIS
.Lfast_kernel_interrupt_return_\srr\():
cmpdi cr1,r3,0
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 621/862] powerpc: Fix SPE Power ISA properties for e500v1 platforms
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (619 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 620/862] powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 622/862] powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() Greg Kroah-Hartman
` (255 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 37b9345ce7f4ab17538ea62def6f6d430f091355 ]
Commit 2eb28006431c ("powerpc/e500v2: Add Power ISA properties to comply
with ePAPR 1.1") introduced new include file e500v2_power_isa.dtsi and
should have used it for all e500v2 platforms. But apparently it was used
also for e500v1 platforms mpc8540, mpc8541, mpc8555 and mpc8560.
e500v1 cores compared to e500v2 do not support double precision floating
point SPE instructions. Hence power-isa-sp.fd should not be set on e500v1
platforms, which is in e500v2_power_isa.dtsi include file.
Fix this issue by introducing a new e500v1_power_isa.dtsi include file and
use it in all e500v1 device tree files.
Fixes: 2eb28006431c ("powerpc/e500v2: Add Power ISA properties to comply with ePAPR 1.1")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220902212103.22534-1-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../boot/dts/fsl/e500v1_power_isa.dtsi | 51 +++++++++++++++++++
arch/powerpc/boot/dts/fsl/mpc8540ads.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8541cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8555cds.dts | 2 +-
arch/powerpc/boot/dts/fsl/mpc8560ads.dts | 2 +-
5 files changed, 55 insertions(+), 4 deletions(-)
create mode 100644 arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi
diff --git a/arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi b/arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi
new file mode 100644
index 000000000000..7e2a90cde72e
--- /dev/null
+++ b/arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi
@@ -0,0 +1,51 @@
+/*
+ * e500v1 Power ISA Device Tree Source (include)
+ *
+ * Copyright 2012 Freescale Semiconductor Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of Freescale Semiconductor nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ *
+ * ALTERNATIVELY, this software may be distributed under the terms of the
+ * GNU General Public License ("GPL") as published by the Free Software
+ * Foundation, either version 2 of that License or (at your option) any
+ * later version.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Freescale Semiconductor "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Freescale Semiconductor BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/ {
+ cpus {
+ power-isa-version = "2.03";
+ power-isa-b; // Base
+ power-isa-e; // Embedded
+ power-isa-atb; // Alternate Time Base
+ power-isa-cs; // Cache Specification
+ power-isa-e.le; // Embedded.Little-Endian
+ power-isa-e.pm; // Embedded.Performance Monitor
+ power-isa-ecl; // Embedded Cache Locking
+ power-isa-mmc; // Memory Coherence
+ power-isa-sp; // Signal Processing Engine
+ power-isa-sp.fs; // SPE.Embedded Float Scalar Single
+ power-isa-sp.fv; // SPE.Embedded Float Vector
+ mmu-type = "power-embedded";
+ };
+};
diff --git a/arch/powerpc/boot/dts/fsl/mpc8540ads.dts b/arch/powerpc/boot/dts/fsl/mpc8540ads.dts
index 18a885130538..e03ae130162b 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8540ads.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8540ads.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8540ADS";
diff --git a/arch/powerpc/boot/dts/fsl/mpc8541cds.dts b/arch/powerpc/boot/dts/fsl/mpc8541cds.dts
index ac381e7b1c60..a2a6c5cf852e 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8541cds.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8541cds.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8541CDS";
diff --git a/arch/powerpc/boot/dts/fsl/mpc8555cds.dts b/arch/powerpc/boot/dts/fsl/mpc8555cds.dts
index 9f58db2a7e66..901b6ff06dfb 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8555cds.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8555cds.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8555CDS";
diff --git a/arch/powerpc/boot/dts/fsl/mpc8560ads.dts b/arch/powerpc/boot/dts/fsl/mpc8560ads.dts
index a24722ccaebf..c2f9aea78b29 100644
--- a/arch/powerpc/boot/dts/fsl/mpc8560ads.dts
+++ b/arch/powerpc/boot/dts/fsl/mpc8560ads.dts
@@ -7,7 +7,7 @@
/dts-v1/;
-/include/ "e500v2_power_isa.dtsi"
+/include/ "e500v1_power_isa.dtsi"
/ {
model = "MPC8560ADS";
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 622/862] powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (620 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 621/862] powerpc: Fix SPE Power ISA properties for e500v1 platforms Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 623/862] powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL Greg Kroah-Hartman
` (254 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Huafei, Michael Ellerman, Sasha Levin
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit 97f88a3d723162781d6cbfdc7b9617eefab55b19 ]
I found a null pointer reference in arch_prepare_kprobe():
# echo 'p cmdline_proc_show' > kprobe_events
# echo 'p cmdline_proc_show+16' >> kprobe_events
Kernel attempted to read user page (0) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000000
Faulting instruction address: 0xc000000000050bfc
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV
Modules linked in:
CPU: 0 PID: 122 Comm: sh Not tainted 6.0.0-rc3-00007-gdcf8e5633e2e #10
NIP: c000000000050bfc LR: c000000000050bec CTR: 0000000000005bdc
REGS: c0000000348475b0 TRAP: 0300 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)
MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 88002444 XER: 20040006
CFAR: c00000000022d100 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 0
...
NIP arch_prepare_kprobe+0x10c/0x2d0
LR arch_prepare_kprobe+0xfc/0x2d0
Call Trace:
0xc0000000012f77a0 (unreliable)
register_kprobe+0x3c0/0x7a0
__register_trace_kprobe+0x140/0x1a0
__trace_kprobe_create+0x794/0x1040
trace_probe_create+0xc4/0xe0
create_or_delete_trace_kprobe+0x2c/0x80
trace_parse_run_command+0xf0/0x210
probes_write+0x20/0x40
vfs_write+0xfc/0x450
ksys_write+0x84/0x140
system_call_exception+0x17c/0x3a0
system_call_vectored_common+0xe8/0x278
--- interrupt: 3000 at 0x7fffa5682de0
NIP: 00007fffa5682de0 LR: 0000000000000000 CTR: 0000000000000000
REGS: c000000034847e80 TRAP: 3000 Not tainted (6.0.0-rc3-00007-gdcf8e5633e2e)
MSR: 900000000280f033 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 44002408 XER: 00000000
The address being probed has some special:
cmdline_proc_show: Probe based on ftrace
cmdline_proc_show+16: Probe for the next instruction at the ftrace location
The ftrace-based kprobe does not generate kprobe::ainsn::insn, it gets
set to NULL. In arch_prepare_kprobe() it will check for:
...
prev = get_kprobe(p->addr - 1);
preempt_enable_no_resched();
if (prev && ppc_inst_prefixed(ppc_inst_read(prev->ainsn.insn))) {
...
If prev is based on ftrace, 'ppc_inst_read(prev->ainsn.insn)' will occur
with a null pointer reference. At this point prev->addr will not be a
prefixed instruction, so the check can be skipped.
Check if prev is ftrace-based kprobe before reading 'prev->ainsn.insn'
to fix this problem.
Fixes: b4657f7650ba ("powerpc/kprobes: Don't allow breakpoints on suffixes")
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
[mpe: Trim oops]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220923093253.177298-1-lihuafei1@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/kprobes.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/kprobes.c b/arch/powerpc/kernel/kprobes.c
index 912d4f8a13be..bd7b1a035459 100644
--- a/arch/powerpc/kernel/kprobes.c
+++ b/arch/powerpc/kernel/kprobes.c
@@ -161,7 +161,13 @@ int arch_prepare_kprobe(struct kprobe *p)
preempt_disable();
prev = get_kprobe(p->addr - 1);
preempt_enable_no_resched();
- if (prev && ppc_inst_prefixed(ppc_inst_read(prev->ainsn.insn))) {
+
+ /*
+ * When prev is a ftrace-based kprobe, we don't have an insn, and it
+ * doesn't probe for prefixed instruction.
+ */
+ if (prev && !kprobe_ftrace(prev) &&
+ ppc_inst_prefixed(ppc_inst_read(prev->ainsn.insn))) {
printk("Cannot register a kprobe on the second word of prefixed instruction\n");
ret = -EINVAL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 623/862] powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (621 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 622/862] powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 624/862] crypto: sahara - dont sleep when in softirq Greg Kroah-Hartman
` (253 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Lynch, Haren Myneni,
Michael Ellerman, Sasha Levin
From: Haren Myneni <haren@linux.ibm.com>
[ Upstream commit f3e5d9e53e74d77e711a2c90a91a8b0836a9e0b3 ]
Generally the hypervisor decides to allocate a window on different
VAS instances. But if user space wishes to allocate on the current VAS
instance where the process is executing, the kernel has to pass
associativity domain IDs to allocate VAS window HCALL.
To determine the associativity domain IDs for the current CPU,
smp_processor_id() is passed to node associativity HCALL which may
return H_P2 (-55) error during DLPAR CPU event. This is because Linux
CPU numbers (smp_processor_id()) are not the same as the hypervisor's
view of CPU numbers.
Fix the issue by passing hard_smp_processor_id() with
VPHN_FLAG_VCPU flag (PAPR 14.11.6.1 H_HOME_NODE_ASSOCIATIVITY).
Fixes: b22f2d88e435 ("powerpc/pseries/vas: Integrate API with open/close windows")
Reviewed-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
[mpe: Update change log to mention Linux vs HV CPU numbers]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/55380253ea0c11341824cd4c0fc6bbcfc5752689.camel@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/vas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/vas.c b/arch/powerpc/platforms/pseries/vas.c
index 7e6e6dd2e33e..1a2cbc156e8f 100644
--- a/arch/powerpc/platforms/pseries/vas.c
+++ b/arch/powerpc/platforms/pseries/vas.c
@@ -333,7 +333,7 @@ static struct vas_window *vas_allocate_window(int vas_id, u64 flags,
* So no unpacking needs to be done.
*/
rc = plpar_hcall9(H_HOME_NODE_ASSOCIATIVITY, domain,
- VPHN_FLAG_VCPU, smp_processor_id());
+ VPHN_FLAG_VCPU, hard_smp_processor_id());
if (rc != H_SUCCESS) {
pr_err("H_HOME_NODE_ASSOCIATIVITY error: %d\n", rc);
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 624/862] crypto: sahara - dont sleep when in softirq
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (622 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 623/862] powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 625/862] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Greg Kroah-Hartman
` (252 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhengchao Shao, Herbert Xu, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 108586eba094b318e6a831f977f4ddcc403a15da ]
Function of sahara_aes_crypt maybe could be called by function
of crypto_skcipher_encrypt during the rx softirq, so it is not
allowed to use mutex lock.
Fixes: c0c3c89ae347 ("crypto: sahara - replace tasklets with...")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/sahara.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index 457084b344c1..b07ae4ba165e 100644
--- a/drivers/crypto/sahara.c
+++ b/drivers/crypto/sahara.c
@@ -26,10 +26,10 @@
#include <linux/kernel.h>
#include <linux/kthread.h>
#include <linux/module.h>
-#include <linux/mutex.h>
#include <linux/of.h>
#include <linux/of_device.h>
#include <linux/platform_device.h>
+#include <linux/spinlock.h>
#define SHA_BUFFER_LEN PAGE_SIZE
#define SAHARA_MAX_SHA_BLOCK_SIZE SHA256_BLOCK_SIZE
@@ -196,7 +196,7 @@ struct sahara_dev {
void __iomem *regs_base;
struct clk *clk_ipg;
struct clk *clk_ahb;
- struct mutex queue_mutex;
+ spinlock_t queue_spinlock;
struct task_struct *kthread;
struct completion dma_completion;
@@ -642,9 +642,9 @@ static int sahara_aes_crypt(struct skcipher_request *req, unsigned long mode)
rctx->mode = mode;
- mutex_lock(&dev->queue_mutex);
+ spin_lock_bh(&dev->queue_spinlock);
err = crypto_enqueue_request(&dev->queue, &req->base);
- mutex_unlock(&dev->queue_mutex);
+ spin_unlock_bh(&dev->queue_spinlock);
wake_up_process(dev->kthread);
@@ -1043,10 +1043,10 @@ static int sahara_queue_manage(void *data)
do {
__set_current_state(TASK_INTERRUPTIBLE);
- mutex_lock(&dev->queue_mutex);
+ spin_lock_bh(&dev->queue_spinlock);
backlog = crypto_get_backlog(&dev->queue);
async_req = crypto_dequeue_request(&dev->queue);
- mutex_unlock(&dev->queue_mutex);
+ spin_unlock_bh(&dev->queue_spinlock);
if (backlog)
backlog->complete(backlog, -EINPROGRESS);
@@ -1092,9 +1092,9 @@ static int sahara_sha_enqueue(struct ahash_request *req, int last)
rctx->first = 1;
}
- mutex_lock(&dev->queue_mutex);
+ spin_lock_bh(&dev->queue_spinlock);
ret = crypto_enqueue_request(&dev->queue, &req->base);
- mutex_unlock(&dev->queue_mutex);
+ spin_unlock_bh(&dev->queue_spinlock);
wake_up_process(dev->kthread);
@@ -1449,7 +1449,7 @@ static int sahara_probe(struct platform_device *pdev)
crypto_init_queue(&dev->queue, SAHARA_QUEUE_LENGTH);
- mutex_init(&dev->queue_mutex);
+ spin_lock_init(&dev->queue_spinlock);
dev_ptr = dev;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 625/862] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (623 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 624/862] crypto: sahara - dont sleep when in softirq Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 626/862] hwrng: arm-smccc-trng - fix NO_ENTROPY handling Greg Kroah-Hartman
` (251 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Weihua, Herbert Xu, Sasha Levin
From: Ye Weihua <yeweihua4@huawei.com>
[ Upstream commit d74f9340097a881869c4c22ca376654cc2516ecc ]
KASAN reported this Bug:
[17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60
[17619.673193] Read of size 4 at addr fffff01332d7ed00 by task read_all/1507958
...
[17619.698934] The buggy address belongs to the variable:
[17619.708371] sgl_sge_nr+0x0/0xffffffffffffa300 [hisi_zip]
There is a mismatch in hisi_zip when get/set the variable sgl_sge_nr.
The type of sgl_sge_nr is u16, and get/set sgl_sge_nr by
param_get/set_int.
Replacing param_get/set_int to param_get/set_ushort can fix this bug.
Fixes: f081fda293ffb ("crypto: hisilicon - add sgl_sge_nr module param for zip")
Signed-off-by: Ye Weihua <yeweihua4@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/zip/zip_crypto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/hisilicon/zip/zip_crypto.c b/drivers/crypto/hisilicon/zip/zip_crypto.c
index ad35434a3fdb..06a2d6e81ae9 100644
--- a/drivers/crypto/hisilicon/zip/zip_crypto.c
+++ b/drivers/crypto/hisilicon/zip/zip_crypto.c
@@ -123,12 +123,12 @@ static int sgl_sge_nr_set(const char *val, const struct kernel_param *kp)
if (ret || n == 0 || n > HISI_ACC_SGL_SGE_NR_MAX)
return -EINVAL;
- return param_set_int(val, kp);
+ return param_set_ushort(val, kp);
}
static const struct kernel_param_ops sgl_sge_nr_ops = {
.set = sgl_sge_nr_set,
- .get = param_get_int,
+ .get = param_get_ushort,
};
static u16 sgl_sge_nr = HZIP_SGL_SGE_NR;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 626/862] hwrng: arm-smccc-trng - fix NO_ENTROPY handling
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (624 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 625/862] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 627/862] crypto: ccp - Fail the PSP initialization when writing psp data file failed Greg Kroah-Hartman
` (250 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Cowgill, Herbert Xu, Sasha Levin
From: James Cowgill <james.cowgill@blaize.com>
[ Upstream commit 042b4b169c6fb9d4df268d66282d7302dd73d37b ]
The SMCCC_RET_TRNG_NO_ENTROPY switch arm is never used because the
NO_ENTROPY return value is negative and negative values are handled
above the switch by immediately returning.
Fix by handling errors using a default arm in the switch.
Fixes: 0888d04b47a1 ("hwrng: Add Arm SMCCC TRNG based driver")
Signed-off-by: James Cowgill <james.cowgill@blaize.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/arm_smccc_trng.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/hw_random/arm_smccc_trng.c b/drivers/char/hw_random/arm_smccc_trng.c
index b24ac39a903b..e34c3ea692b6 100644
--- a/drivers/char/hw_random/arm_smccc_trng.c
+++ b/drivers/char/hw_random/arm_smccc_trng.c
@@ -71,8 +71,6 @@ static int smccc_trng_read(struct hwrng *rng, void *data, size_t max, bool wait)
MAX_BITS_PER_CALL);
arm_smccc_1_1_invoke(ARM_SMCCC_TRNG_RND, bits, &res);
- if ((int)res.a0 < 0)
- return (int)res.a0;
switch ((int)res.a0) {
case SMCCC_RET_SUCCESS:
@@ -88,6 +86,8 @@ static int smccc_trng_read(struct hwrng *rng, void *data, size_t max, bool wait)
return copied;
cond_resched();
break;
+ default:
+ return -EIO;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 627/862] crypto: ccp - Fail the PSP initialization when writing psp data file failed
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (625 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 626/862] hwrng: arm-smccc-trng - fix NO_ENTROPY handling Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 628/862] cgroup: Honor callers cgroup NS when resolving path Greg Kroah-Hartman
` (249 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Gonda, kernel test robot,
Jacky Li, David Rientjes, Tom Lendacky, Herbert Xu, Sasha Levin
From: Jacky Li <jackyli@google.com>
[ Upstream commit efb4b01c1c993d245e6608076684ff2162cf9dc6 ]
Currently the OS continues the PSP initialization when there is a write
failure to the init_ex_file. Therefore, the userspace would be told that
SEV is properly INIT'd even though the psp data file is not updated.
This is problematic because later when asked for the SEV data, the OS
won't be able to provide it.
Fixes: 3d725965f836 ("crypto: ccp - Add SEV_INIT_EX support")
Reported-by: Peter Gonda <pgonda@google.com>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Jacky Li <jackyli@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ccp/sev-dev.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 9f588c9728f8..6c49e6d06114 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -231,7 +231,7 @@ static int sev_read_init_ex_file(void)
return 0;
}
-static void sev_write_init_ex_file(void)
+static int sev_write_init_ex_file(void)
{
struct sev_device *sev = psp_master->sev_data;
struct file *fp;
@@ -241,14 +241,16 @@ static void sev_write_init_ex_file(void)
lockdep_assert_held(&sev_cmd_mutex);
if (!sev_init_ex_buffer)
- return;
+ return 0;
fp = open_file_as_root(init_ex_path, O_CREAT | O_WRONLY, 0600);
if (IS_ERR(fp)) {
+ int ret = PTR_ERR(fp);
+
dev_err(sev->dev,
- "SEV: could not open file for write, error %ld\n",
- PTR_ERR(fp));
- return;
+ "SEV: could not open file for write, error %d\n",
+ ret);
+ return ret;
}
nwrite = kernel_write(fp, sev_init_ex_buffer, NV_LENGTH, &offset);
@@ -259,18 +261,20 @@ static void sev_write_init_ex_file(void)
dev_err(sev->dev,
"SEV: failed to write %u bytes to non volatile memory area, ret %ld\n",
NV_LENGTH, nwrite);
- return;
+ return -EIO;
}
dev_dbg(sev->dev, "SEV: write successful to NV file\n");
+
+ return 0;
}
-static void sev_write_init_ex_file_if_required(int cmd_id)
+static int sev_write_init_ex_file_if_required(int cmd_id)
{
lockdep_assert_held(&sev_cmd_mutex);
if (!sev_init_ex_buffer)
- return;
+ return 0;
/*
* Only a few platform commands modify the SPI/NV area, but none of the
@@ -285,10 +289,10 @@ static void sev_write_init_ex_file_if_required(int cmd_id)
case SEV_CMD_PEK_GEN:
break;
default:
- return;
+ return 0;
}
- sev_write_init_ex_file();
+ return sev_write_init_ex_file();
}
static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
@@ -361,7 +365,7 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
cmd, reg & PSP_CMDRESP_ERR_MASK);
ret = -EIO;
} else {
- sev_write_init_ex_file_if_required(cmd);
+ ret = sev_write_init_ex_file_if_required(cmd);
}
print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 628/862] cgroup: Honor callers cgroup NS when resolving path
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (626 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 627/862] crypto: ccp - Fail the PSP initialization when writing psp data file failed Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 629/862] hwrng: imx-rngc - use devm_clk_get_enabled Greg Kroah-Hartman
` (248 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Koutný, Tejun Heo, Sasha Levin
From: Michal Koutný <mkoutny@suse.com>
[ Upstream commit 74e4b956eb1cac0e4c10c240339b1bbfbc9a4c48 ]
cgroup_get_from_path() is not widely used function. Its callers presume
the path is resolved under cgroup namespace. (There is one caller
currently and resolving in init NS won't make harm (netfilter). However,
future users may be subject to different effects when resolving
globally.)
Since, there's currently no use for the global resolution, modify the
existing function to take cgroup NS into account.
Fixes: a79a908fd2b0 ("cgroup: introduce cgroup namespaces")
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cgroup.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 5f2090d051ac..29296a6374ef 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -6638,8 +6638,12 @@ struct cgroup *cgroup_get_from_path(const char *path)
{
struct kernfs_node *kn;
struct cgroup *cgrp = ERR_PTR(-ENOENT);
+ struct cgroup *root_cgrp;
- kn = kernfs_walk_and_get(cgrp_dfl_root.cgrp.kn, path);
+ spin_lock_irq(&css_set_lock);
+ root_cgrp = current_cgns_cgroup_from_root(&cgrp_dfl_root);
+ kn = kernfs_walk_and_get(root_cgrp->kn, path);
+ spin_unlock_irq(&css_set_lock);
if (!kn)
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 629/862] hwrng: imx-rngc - use devm_clk_get_enabled
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (627 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 628/862] cgroup: Honor callers cgroup NS when resolving path Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 630/862] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Greg Kroah-Hartman
` (247 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Kaiser, Herbert Xu, Sasha Levin
From: Martin Kaiser <martin@kaiser.cx>
[ Upstream commit 6a2bc448423cea44e7dba0f72d7c82ae04ab201e ]
Use the new devm_clk_get_enabled function to get our clock.
We don't have to disable and unprepare the clock ourselves any more in
error paths and in the remove function.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 10a2199caf43 ("hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/imx-rngc.c | 25 ++++++-------------------
1 file changed, 6 insertions(+), 19 deletions(-)
diff --git a/drivers/char/hw_random/imx-rngc.c b/drivers/char/hw_random/imx-rngc.c
index b05d676ca814..e32c52c10d4d 100644
--- a/drivers/char/hw_random/imx-rngc.c
+++ b/drivers/char/hw_random/imx-rngc.c
@@ -245,7 +245,7 @@ static int imx_rngc_probe(struct platform_device *pdev)
if (IS_ERR(rngc->base))
return PTR_ERR(rngc->base);
- rngc->clk = devm_clk_get(&pdev->dev, NULL);
+ rngc->clk = devm_clk_get_enabled(&pdev->dev, NULL);
if (IS_ERR(rngc->clk)) {
dev_err(&pdev->dev, "Can not get rng_clk\n");
return PTR_ERR(rngc->clk);
@@ -255,26 +255,20 @@ static int imx_rngc_probe(struct platform_device *pdev)
if (irq < 0)
return irq;
- ret = clk_prepare_enable(rngc->clk);
- if (ret)
- return ret;
-
ver_id = readl(rngc->base + RNGC_VER_ID);
rng_type = ver_id >> RNGC_TYPE_SHIFT;
/*
* This driver supports only RNGC and RNGB. (There's a different
* driver for RNGA.)
*/
- if (rng_type != RNGC_TYPE_RNGC && rng_type != RNGC_TYPE_RNGB) {
- ret = -ENODEV;
- goto err;
- }
+ if (rng_type != RNGC_TYPE_RNGC && rng_type != RNGC_TYPE_RNGB)
+ return -ENODEV;
ret = devm_request_irq(&pdev->dev,
irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
if (ret) {
dev_err(rngc->dev, "Can't get interrupt working.\n");
- goto err;
+ return ret;
}
init_completion(&rngc->rng_op_done);
@@ -294,14 +288,14 @@ static int imx_rngc_probe(struct platform_device *pdev)
ret = imx_rngc_self_test(rngc);
if (ret) {
dev_err(rngc->dev, "self test failed\n");
- goto err;
+ return ret;
}
}
ret = hwrng_register(&rngc->rng);
if (ret) {
dev_err(&pdev->dev, "hwrng registration failed\n");
- goto err;
+ return ret;
}
dev_info(&pdev->dev,
@@ -309,11 +303,6 @@ static int imx_rngc_probe(struct platform_device *pdev)
rng_type == RNGC_TYPE_RNGB ? 'B' : 'C',
(ver_id >> RNGC_VER_MAJ_SHIFT) & 0xff, ver_id & 0xff);
return 0;
-
-err:
- clk_disable_unprepare(rngc->clk);
-
- return ret;
}
static int __exit imx_rngc_remove(struct platform_device *pdev)
@@ -322,8 +311,6 @@ static int __exit imx_rngc_remove(struct platform_device *pdev)
hwrng_unregister(&rngc->rng);
- clk_disable_unprepare(rngc->clk);
-
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 630/862] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (628 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 629/862] hwrng: imx-rngc - use devm_clk_get_enabled Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 631/862] crypto: qat - fix default value of WDT timer Greg Kroah-Hartman
` (246 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kshitiz Varshney, Herbert Xu, Sasha Levin
From: Kshitiz Varshney <kshitiz.varshney@nxp.com>
[ Upstream commit 10a2199caf437e893d9027d97700b3c6010048b7 ]
Issue:
While servicing interrupt, if the IRQ happens to be because of a SEED_DONE
due to a previous boot stage, you end up completing the completion
prematurely, hence causing kernel to crash while booting.
Fix:
Moving IRQ handler registering after imx_rngc_irq_mask_clear()
Fixes: 1d5449445bd0 (hwrng: mx-rngc - add a driver for Freescale RNGC)
Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/imx-rngc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/char/hw_random/imx-rngc.c b/drivers/char/hw_random/imx-rngc.c
index e32c52c10d4d..1d7ce7443586 100644
--- a/drivers/char/hw_random/imx-rngc.c
+++ b/drivers/char/hw_random/imx-rngc.c
@@ -264,13 +264,6 @@ static int imx_rngc_probe(struct platform_device *pdev)
if (rng_type != RNGC_TYPE_RNGC && rng_type != RNGC_TYPE_RNGB)
return -ENODEV;
- ret = devm_request_irq(&pdev->dev,
- irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
- if (ret) {
- dev_err(rngc->dev, "Can't get interrupt working.\n");
- return ret;
- }
-
init_completion(&rngc->rng_op_done);
rngc->rng.name = pdev->name;
@@ -284,6 +277,13 @@ static int imx_rngc_probe(struct platform_device *pdev)
imx_rngc_irq_mask_clear(rngc);
+ ret = devm_request_irq(&pdev->dev,
+ irq, imx_rngc_irq, 0, pdev->name, (void *)rngc);
+ if (ret) {
+ dev_err(rngc->dev, "Can't get interrupt working.\n");
+ return ret;
+ }
+
if (self_test) {
ret = imx_rngc_self_test(rngc);
if (ret) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 631/862] crypto: qat - fix default value of WDT timer
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (629 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 630/862] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 632/862] crypto: hisilicon/qm - fix missing put dfx access Greg Kroah-Hartman
` (245 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Giovanni Cabiddu,
Lucas Segarra Fernandez, Herbert Xu, Sasha Levin
From: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
[ Upstream commit cc40b04c08400d86d2d6ea0159e0617e717f729c ]
The QAT HW supports an hardware mechanism to detect an accelerator hang.
The reporting of a hang occurs after a watchdog timer (WDT) expires.
The value of the WDT set previously was too small and was causing false
positives.
Change the default value of the WDT to 0x7000000ULL to avoid this.
Fixes: 1c4d9d5bbb5a ("crypto: qat - enable detection of accelerators hang")
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/qat/qat_common/adf_gen4_hw_data.h b/drivers/crypto/qat/qat_common/adf_gen4_hw_data.h
index 43b8f864806b..4fb4b3df5a18 100644
--- a/drivers/crypto/qat/qat_common/adf_gen4_hw_data.h
+++ b/drivers/crypto/qat/qat_common/adf_gen4_hw_data.h
@@ -107,7 +107,7 @@ do { \
* Timeout is in cycles. Clock speed may vary across products but this
* value should be a few milli-seconds.
*/
-#define ADF_SSM_WDT_DEFAULT_VALUE 0x200000
+#define ADF_SSM_WDT_DEFAULT_VALUE 0x7000000ULL
#define ADF_SSM_WDT_PKE_DEFAULT_VALUE 0x8000000
#define ADF_SSMWDTL_OFFSET 0x54
#define ADF_SSMWDTH_OFFSET 0x5C
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 632/862] crypto: hisilicon/qm - fix missing put dfx access
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (630 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 631/862] crypto: qat - fix default value of WDT timer Greg Kroah-Hartman
@ 2022-10-19 8:31 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 633/862] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Greg Kroah-Hartman
` (244 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Weili Qian, Herbert Xu, Sasha Levin
From: Weili Qian <qianweili@huawei.com>
[ Upstream commit 5afc904f443de2afd31c4e0686ba178beede86fe ]
In function qm_cmd_write(), if function returns from
branch 'atomic_read(&qm->status.flags) == QM_STOP',
the got dfx access is forgotten to put.
Fixes: 607c191b371d ("crypto: hisilicon - support runtime PM for accelerator device")
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/qm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index ad83c194d664..9fa2efe60153 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -2245,8 +2245,10 @@ static ssize_t qm_cmd_write(struct file *filp, const char __user *buffer,
return ret;
/* Judge if the instance is being reset. */
- if (unlikely(atomic_read(&qm->status.flags) == QM_STOP))
- return 0;
+ if (unlikely(atomic_read(&qm->status.flags) == QM_STOP)) {
+ ret = 0;
+ goto put_dfx_access;
+ }
if (count > QM_DBG_WRITE_LEN) {
ret = -ENOSPC;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 633/862] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (631 preceding siblings ...)
2022-10-19 8:31 ` [PATCH 6.0 632/862] crypto: hisilicon/qm - fix missing put dfx access Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 634/862] iommu/omap: Fix buffer overflow in debugfs Greg Kroah-Hartman
` (243 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Tejun Heo, Sasha Levin
From: Waiman Long <longman@redhat.com>
[ Upstream commit ec5fbdfb99d18482619ac42605cb80fbb56068ee ]
Previously, update_tasks_cpumask() is not supposed to be called with
top cpuset. With cpuset partition that takes CPUs away from the top
cpuset, adjusting the cpus_mask of the tasks in the top cpuset is
necessary. Percpu kthreads, however, are ignored.
Fixes: ee8dde0cd2ce ("cpuset: Add new v2 cpuset.sched.partition flag")
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/cgroup/cpuset.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c
index 1f3a55297f39..50bf837571ac 100644
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -33,6 +33,7 @@
#include <linux/interrupt.h>
#include <linux/kernel.h>
#include <linux/kmod.h>
+#include <linux/kthread.h>
#include <linux/list.h>
#include <linux/mempolicy.h>
#include <linux/mm.h>
@@ -1127,10 +1128,18 @@ static void update_tasks_cpumask(struct cpuset *cs)
{
struct css_task_iter it;
struct task_struct *task;
+ bool top_cs = cs == &top_cpuset;
css_task_iter_start(&cs->css, 0, &it);
- while ((task = css_task_iter_next(&it)))
+ while ((task = css_task_iter_next(&it))) {
+ /*
+ * Percpu kthreads in top_cpuset are ignored
+ */
+ if (top_cs && (task->flags & PF_KTHREAD) &&
+ kthread_is_per_cpu(task))
+ continue;
set_cpus_allowed_ptr(task, cs->effective_cpus);
+ }
css_task_iter_end(&it);
}
@@ -2092,12 +2101,7 @@ static int update_prstate(struct cpuset *cs, int new_prs)
update_flag(CS_CPU_EXCLUSIVE, cs, 0);
}
- /*
- * Update cpumask of parent's tasks except when it is the top
- * cpuset as some system daemons cannot be mapped to other CPUs.
- */
- if (parent != &top_cpuset)
- update_tasks_cpumask(parent);
+ update_tasks_cpumask(parent);
if (parent->child_ecpus_count)
update_sibling_cpumasks(parent, cs, &tmpmask);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 634/862] iommu/omap: Fix buffer overflow in debugfs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (632 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 633/862] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 635/862] crypto: akcipher - default implementation for setting a private key Greg Kroah-Hartman
` (242 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Robin Murphy,
Laurent Pinchart, Joerg Roedel, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 184233a5202786b20220acd2d04ddf909ef18f29 ]
There are two issues here:
1) The "len" variable needs to be checked before the very first write.
Otherwise if omap2_iommu_dump_ctx() with "bytes" less than 32 it is a
buffer overflow.
2) The snprintf() function returns the number of bytes that *would* have
been copied if there were enough space. But we want to know the
number of bytes which were *actually* copied so use scnprintf()
instead.
Fixes: bd4396f09a4a ("iommu/omap: Consolidate OMAP IOMMU modules")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/YuvYh1JbE3v+abd5@kili
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/omap-iommu-debug.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/iommu/omap-iommu-debug.c b/drivers/iommu/omap-iommu-debug.c
index a99afb5d9011..259f65291d90 100644
--- a/drivers/iommu/omap-iommu-debug.c
+++ b/drivers/iommu/omap-iommu-debug.c
@@ -32,12 +32,12 @@ static inline bool is_omap_iommu_detached(struct omap_iommu *obj)
ssize_t bytes; \
const char *str = "%20s: %08x\n"; \
const int maxcol = 32; \
- bytes = snprintf(p, maxcol, str, __stringify(name), \
+ if (len < maxcol) \
+ goto out; \
+ bytes = scnprintf(p, maxcol, str, __stringify(name), \
iommu_read_reg(obj, MMU_##name)); \
p += bytes; \
len -= bytes; \
- if (len < maxcol) \
- goto out; \
} while (0)
static ssize_t
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 635/862] crypto: akcipher - default implementation for setting a private key
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (633 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 634/862] iommu/omap: Fix buffer overflow in debugfs Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 636/862] crypto: ccp - Release dma channels before dmaengine unrgister Greg Kroah-Hartman
` (241 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ignat Korchagin, Herbert Xu, Sasha Levin
From: Ignat Korchagin <ignat@cloudflare.com>
[ Upstream commit bc155c6c188c2f0c5749993b1405673d25a80389 ]
Changes from v1:
* removed the default implementation from set_pub_key: it is assumed that
an implementation must always have this callback defined as there are
no use case for an algorithm, which doesn't need a public key
Many akcipher implementations (like ECDSA) support only signature
verifications, so they don't have all callbacks defined.
Commit 78a0324f4a53 ("crypto: akcipher - default implementations for
request callbacks") introduced default callbacks for sign/verify
operations, which just return an error code.
However, these are not enough, because before calling sign the caller would
likely call set_priv_key first on the instantiated transform (as the
in-kernel testmgr does). This function does not have a default stub, so the
kernel crashes, when trying to set a private key on an akcipher, which
doesn't support signature generation.
I've noticed this, when trying to add a KAT vector for ECDSA signature to
the testmgr.
With this patch the testmgr returns an error in dmesg (as it should)
instead of crashing the kernel NULL ptr dereference.
Fixes: 78a0324f4a53 ("crypto: akcipher - default implementations for request callbacks")
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/akcipher.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index f866085c8a4a..ab975a420e1e 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -120,6 +120,12 @@ static int akcipher_default_op(struct akcipher_request *req)
return -ENOSYS;
}
+static int akcipher_default_set_key(struct crypto_akcipher *tfm,
+ const void *key, unsigned int keylen)
+{
+ return -ENOSYS;
+}
+
int crypto_register_akcipher(struct akcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
@@ -132,6 +138,8 @@ int crypto_register_akcipher(struct akcipher_alg *alg)
alg->encrypt = akcipher_default_op;
if (!alg->decrypt)
alg->decrypt = akcipher_default_op;
+ if (!alg->set_priv_key)
+ alg->set_priv_key = akcipher_default_set_key;
akcipher_prepare_alg(alg);
return crypto_register_alg(base);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 636/862] crypto: ccp - Release dma channels before dmaengine unrgister
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (634 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 635/862] crypto: akcipher - default implementation for setting a private key Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 637/862] crypto: inside-secure - Change swab to swab32 Greg Kroah-Hartman
` (240 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Koba Ko,
Tom Lendacky, Herbert Xu, Sasha Levin
From: Koba Ko <koba.ko@canonical.com>
[ Upstream commit 68dbe80f5b510c66c800b9e8055235c5b07e37d1 ]
A warning is shown during shutdown,
__dma_async_device_channel_unregister called while 2 clients hold a reference
WARNING: CPU: 15 PID: 1 at drivers/dma/dmaengine.c:1110 __dma_async_device_channel_unregister+0xb7/0xc0
Call dma_release_channel for occupied channles before dma_async_device_unregister.
Fixes: 54cce8ecb925 ("crypto: ccp - ccp_dmaengine_unregister release dma channels")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Koba Ko <koba.ko@canonical.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ccp/ccp-dmaengine.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/ccp-dmaengine.c b/drivers/crypto/ccp/ccp-dmaengine.c
index 7d4b4ad1db1f..9f753cb4f5f1 100644
--- a/drivers/crypto/ccp/ccp-dmaengine.c
+++ b/drivers/crypto/ccp/ccp-dmaengine.c
@@ -641,6 +641,10 @@ static void ccp_dma_release(struct ccp_device *ccp)
for (i = 0; i < ccp->cmd_q_count; i++) {
chan = ccp->ccp_dma_chan + i;
dma_chan = &chan->dma_chan;
+
+ if (dma_chan->client_count)
+ dma_release_channel(dma_chan);
+
tasklet_kill(&chan->cleanup_tasklet);
list_del_rcu(&dma_chan->device_node);
}
@@ -766,8 +770,8 @@ void ccp_dmaengine_unregister(struct ccp_device *ccp)
if (!dmaengine)
return;
- dma_async_device_unregister(dma_dev);
ccp_dma_release(ccp);
+ dma_async_device_unregister(dma_dev);
kmem_cache_destroy(ccp->dma_desc_cache);
kmem_cache_destroy(ccp->dma_cmd_cache);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 637/862] crypto: inside-secure - Change swab to swab32
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (635 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 636/862] crypto: ccp - Release dma channels before dmaengine unrgister Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 638/862] crypto: qat - fix DMA transfer direction Greg Kroah-Hartman
` (239 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Harliman Liem, Antoine Tenart,
Herbert Xu, Sasha Levin
From: Peter Harliman Liem <pliem@maxlinear.com>
[ Upstream commit 664593407e936b6438fbfaaf98876910fd31cf9a ]
The use of swab() is causing failures in 64-bit arch, as it
translates to __swab64() instead of the intended __swab32().
It eventually causes wrong results in xcbcmac & cmac algo.
Fixes: 78cf1c8bfcb8 ("crypto: inside-secure - Move ipad/opad into safexcel_context")
Signed-off-by: Peter Harliman Liem <pliem@maxlinear.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/inside-secure/safexcel_hash.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
index bc60b5802256..2124416742f8 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -383,7 +383,7 @@ static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
u32 x;
x = ipad[i] ^ ipad[i + 4];
- cache[i] ^= swab(x);
+ cache[i] ^= swab32(x);
}
}
cache_len = AES_BLOCK_SIZE;
@@ -821,7 +821,7 @@ static int safexcel_ahash_final(struct ahash_request *areq)
u32 *result = (void *)areq->result;
/* K3 */
- result[i] = swab(ctx->base.ipad.word[i + 4]);
+ result[i] = swab32(ctx->base.ipad.word[i + 4]);
}
areq->result[0] ^= 0x80; // 10- padding
crypto_cipher_encrypt_one(ctx->kaes, areq->result, areq->result);
@@ -2106,7 +2106,7 @@ static int safexcel_xcbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
crypto_cipher_encrypt_one(ctx->kaes, (u8 *)key_tmp + AES_BLOCK_SIZE,
"\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3");
for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++)
- ctx->base.ipad.word[i] = swab(key_tmp[i]);
+ ctx->base.ipad.word[i] = swab32(key_tmp[i]);
crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
crypto_cipher_set_flags(ctx->kaes, crypto_ahash_get_flags(tfm) &
@@ -2189,7 +2189,7 @@ static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
return ret;
for (i = 0; i < len / sizeof(u32); i++)
- ctx->base.ipad.word[i + 8] = swab(aes.key_enc[i]);
+ ctx->base.ipad.word[i + 8] = swab32(aes.key_enc[i]);
/* precompute the CMAC key material */
crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 638/862] crypto: qat - fix DMA transfer direction
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (636 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 637/862] crypto: inside-secure - Change swab to swab32 Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 639/862] clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 Greg Kroah-Hartman
` (238 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Damian Muszynski, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
From: Damian Muszynski <damian.muszynski@intel.com>
[ Upstream commit cf5bb835b7c8a5fee7f26455099cca7feb57f5e9 ]
When CONFIG_DMA_API_DEBUG is selected, while running the crypto self
test on the QAT crypto algorithms, the function add_dma_entry() reports
a warning similar to the one below, saying that overlapping mappings
are not supported. This occurs in tests where the input and the output
scatter list point to the same buffers (i.e. two different scatter lists
which point to the same chunks of memory).
The logic that implements the mapping uses the flag DMA_BIDIRECTIONAL
for both the input and the output scatter lists which leads to
overlapped write mappings. These are not supported by the DMA layer.
Fix by specifying the correct DMA transfer directions when mapping
buffers. For in-place operations where the input scatter list
matches the output scatter list, buffers are mapped once with
DMA_BIDIRECTIONAL, otherwise input buffers are mapped using the flag
DMA_TO_DEVICE and output buffers are mapped with DMA_FROM_DEVICE.
Overlapping a read mapping with a write mapping is a valid case in
dma-coherent devices like QAT.
The function that frees and unmaps the buffers, qat_alg_free_bufl()
has been changed accordingly to the changes to the mapping function.
DMA-API: 4xxx 0000:06:00.0: cacheline tracking EEXIST, overlapping mappings aren't supported
WARNING: CPU: 53 PID: 4362 at kernel/dma/debug.c:570 add_dma_entry+0x1e9/0x270
...
Call Trace:
dma_map_page_attrs+0x82/0x2d0
? preempt_count_add+0x6a/0xa0
qat_alg_sgl_to_bufl+0x45b/0x990 [intel_qat]
qat_alg_aead_dec+0x71/0x250 [intel_qat]
crypto_aead_decrypt+0x3d/0x70
test_aead_vec_cfg+0x649/0x810
? number+0x310/0x3a0
? vsnprintf+0x2a3/0x550
? scnprintf+0x42/0x70
? valid_sg_divisions.constprop.0+0x86/0xa0
? test_aead_vec+0xdf/0x120
test_aead_vec+0xdf/0x120
alg_test_aead+0x185/0x400
alg_test+0x3d8/0x500
? crypto_acomp_scomp_free_ctx+0x30/0x30
? __schedule+0x32a/0x12a0
? ttwu_queue_wakelist+0xbf/0x110
? _raw_spin_unlock_irqrestore+0x23/0x40
? try_to_wake_up+0x83/0x570
? _raw_spin_unlock_irqrestore+0x23/0x40
? __set_cpus_allowed_ptr_locked+0xea/0x1b0
? crypto_acomp_scomp_free_ctx+0x30/0x30
cryptomgr_test+0x27/0x50
kthread+0xe6/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
Fixes: d370cec ("crypto: qat - Intel(R) QAT crypto interface")
Link: https://lore.kernel.org/linux-crypto/20220223080400.139367-1-gilad@benyossef.com/
Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qat/qat_common/qat_algs.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index fb45fa83841c..cad9c58caab1 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -673,11 +673,14 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
dma_addr_t blpout = qat_req->buf.bloutp;
size_t sz = qat_req->buf.sz;
size_t sz_out = qat_req->buf.sz_out;
+ int bl_dma_dir;
int i;
+ bl_dma_dir = blp != blpout ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+
for (i = 0; i < bl->num_bufs; i++)
dma_unmap_single(dev, bl->bufers[i].addr,
- bl->bufers[i].len, DMA_BIDIRECTIONAL);
+ bl->bufers[i].len, bl_dma_dir);
dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE);
@@ -691,7 +694,7 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
for (i = bufless; i < blout->num_bufs; i++) {
dma_unmap_single(dev, blout->bufers[i].addr,
blout->bufers[i].len,
- DMA_BIDIRECTIONAL);
+ DMA_FROM_DEVICE);
}
dma_unmap_single(dev, blpout, sz_out, DMA_TO_DEVICE);
@@ -716,6 +719,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
struct scatterlist *sg;
size_t sz_out, sz = struct_size(bufl, bufers, n);
int node = dev_to_node(&GET_DEV(inst->accel_dev));
+ int bufl_dma_dir;
if (unlikely(!n))
return -EINVAL;
@@ -733,6 +737,8 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
qat_req->buf.sgl_src_valid = true;
}
+ bufl_dma_dir = sgl != sglout ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+
for_each_sg(sgl, sg, n, i)
bufl->bufers[i].addr = DMA_MAPPING_ERROR;
@@ -744,7 +750,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
bufl->bufers[y].addr = dma_map_single(dev, sg_virt(sg),
sg->length,
- DMA_BIDIRECTIONAL);
+ bufl_dma_dir);
bufl->bufers[y].len = sg->length;
if (unlikely(dma_mapping_error(dev, bufl->bufers[y].addr)))
goto err_in;
@@ -787,7 +793,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
bufers[y].addr = dma_map_single(dev, sg_virt(sg),
sg->length,
- DMA_BIDIRECTIONAL);
+ DMA_FROM_DEVICE);
if (unlikely(dma_mapping_error(dev, bufers[y].addr)))
goto err_out;
bufers[y].len = sg->length;
@@ -817,7 +823,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
if (!dma_mapping_error(dev, buflout->bufers[i].addr))
dma_unmap_single(dev, buflout->bufers[i].addr,
buflout->bufers[i].len,
- DMA_BIDIRECTIONAL);
+ DMA_FROM_DEVICE);
if (!qat_req->buf.sgl_dst_valid)
kfree(buflout);
@@ -831,7 +837,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
if (!dma_mapping_error(dev, bufl->bufers[i].addr))
dma_unmap_single(dev, bufl->bufers[i].addr,
bufl->bufers[i].len,
- DMA_BIDIRECTIONAL);
+ bufl_dma_dir);
if (!qat_req->buf.sgl_src_valid)
kfree(bufl);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 639/862] clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (637 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 638/862] crypto: qat - fix DMA transfer direction Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 640/862] clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe Greg Kroah-Hartman
` (237 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kunkun Jiang, Marc Zyngier,
Oliver Upton, Daniel Lezcano, Sasha Levin
From: Kunkun Jiang <jiangkunkun@huawei.com>
[ Upstream commit 6c3b62d93e195f78c1437c8fa7581e9b2f00886e ]
The commit a38b71b0833e ("clocksource/drivers/arm_arch_timer:
Move system register timer programming over to CVAL") moves the
programming of the timers from the countdown timer (TVAL) over
to the comparator (CVAL). This makes it necessary to read the
counter when programming next event. However, the workaround of
Cortex-A73 erratum 858921 does not set the corresponding
set_next_event_phys and set_next_event_virt.
Add the appropriate hooks to apply the erratum mitigation when
programming the next timer event.
Fixes: a38b71b0833e ("clocksource/drivers/arm_arch_timer: Move system register timer programming over to CVAL")
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Oliver Upton <oliver.upton@linux.dev>
Link: https://lore.kernel.org/r/20220914061424.1260-1-jiangkunkun@huawei.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/arm_arch_timer.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c
index 8122a1646925..a7ff77550e17 100644
--- a/drivers/clocksource/arm_arch_timer.c
+++ b/drivers/clocksource/arm_arch_timer.c
@@ -473,6 +473,8 @@ static const struct arch_timer_erratum_workaround ool_workarounds[] = {
.desc = "ARM erratum 858921",
.read_cntpct_el0 = arm64_858921_read_cntpct_el0,
.read_cntvct_el0 = arm64_858921_read_cntvct_el0,
+ .set_next_event_phys = erratum_set_next_event_phys,
+ .set_next_event_virt = erratum_set_next_event_virt,
},
#endif
#ifdef CONFIG_SUN50I_ERRATUM_UNKNOWN1
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 640/862] clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (638 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 639/862] clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 641/862] cifs: return correct error in ->calc_signature() Greg Kroah-Hartman
` (236 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Yujun, Daniel Lezcano, Sasha Levin
From: Lin Yujun <linyujun809@huawei.com>
[ Upstream commit 0e2c8e6d769bcdc4f6634a02c545356282275e68 ]
Add platform_device_put() to make sure to free the platform
device in the event platform_device_add() fails.
Fixes: 5184f4bf151b ("clocksource/drivers/timer-gxp: Add HPE GXP Timer")
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Link: https://lore.kernel.org/r/20220914033018.97484-1-linyujun809@huawei.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-gxp.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/clocksource/timer-gxp.c b/drivers/clocksource/timer-gxp.c
index 8b38b3212388..fe4fa8d7b3f1 100644
--- a/drivers/clocksource/timer-gxp.c
+++ b/drivers/clocksource/timer-gxp.c
@@ -171,6 +171,7 @@ static int gxp_timer_probe(struct platform_device *pdev)
{
struct platform_device *gxp_watchdog_device;
struct device *dev = &pdev->dev;
+ int ret;
if (!gxp_timer) {
pr_err("Gxp Timer not initialized, cannot create watchdog");
@@ -187,7 +188,11 @@ static int gxp_timer_probe(struct platform_device *pdev)
gxp_watchdog_device->dev.platform_data = gxp_timer->counter;
gxp_watchdog_device->dev.parent = dev;
- return platform_device_add(gxp_watchdog_device);
+ ret = platform_device_add(gxp_watchdog_device);
+ if (ret)
+ platform_device_put(gxp_watchdog_device);
+
+ return ret;
}
static const struct of_device_id gxp_timer_of_match[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 641/862] cifs: return correct error in ->calc_signature()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (639 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 640/862] clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 642/862] iommu/iova: Fix module config properly Greg Kroah-Hartman
` (235 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Enzo Matsumiya,
Steve French, Sasha Levin
From: Enzo Matsumiya <ematsumiya@suse.de>
[ Upstream commit 09a1f9a168ae1f69f701689429871793174417d2 ]
If an error happens while getting the key or session in the
->calc_signature implementations, 0 (success) is returned. Fix it by
returning a proper error code.
Since it seems to be highly unlikely to happen wrap the rc check in
unlikely() too.
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Fixes: 32811d242ff6 ("cifs: Start using per session key for smb2/3 for signature generation")
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2transport.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 1a5fc3314dbf..4640fc4a8b13 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -225,9 +225,9 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
struct smb_rqst drqst;
ses = smb2_find_smb_ses(server, le64_to_cpu(shdr->SessionId));
- if (!ses) {
+ if (unlikely(!ses)) {
cifs_server_dbg(VFS, "%s: Could not find session\n", __func__);
- return 0;
+ return -ENOENT;
}
memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
@@ -557,8 +557,10 @@ smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server,
u8 key[SMB3_SIGN_KEY_SIZE];
rc = smb2_get_sign_key(le64_to_cpu(shdr->SessionId), server, key);
- if (rc)
- return 0;
+ if (unlikely(rc)) {
+ cifs_server_dbg(VFS, "%s: Could not get signing key\n", __func__);
+ return rc;
+ }
if (allocate_crypto) {
rc = cifs_alloc_hash("cmac(aes)", &hash, &sdesc);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 642/862] iommu/iova: Fix module config properly
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (640 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 641/862] cifs: return correct error in ->calc_signature() Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 643/862] tracing: kprobe: Fix kprobe event gen test module on exit Greg Kroah-Hartman
` (234 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thierry Reding, John Garry,
Robin Murphy, Thierry Reding, Joerg Roedel, Sasha Levin
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit 4f58330fcc8482aa90674e1f40f601e82f18ed4a ]
IOMMU_IOVA is intended to be an optional library for users to select as
and when they desire. Since it can be a module now, this means that
built-in code which has chosen not to select it should not fail to link
if it happens to have selected as a module by someone else. Replace
IS_ENABLED() with IS_REACHABLE() to do the right thing.
CC: Thierry Reding <thierry.reding@gmail.com>
Reported-by: John Garry <john.garry@huawei.com>
Fixes: 15bbdec3931e ("iommu: Make the iova library a module")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/548c2f683ca379aface59639a8f0cccc3a1ac050.1663069227.git.robin.murphy@arm.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/iova.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/iova.h b/include/linux/iova.h
index c6ba6d95d79c..83c00fac2acb 100644
--- a/include/linux/iova.h
+++ b/include/linux/iova.h
@@ -75,7 +75,7 @@ static inline unsigned long iova_pfn(struct iova_domain *iovad, dma_addr_t iova)
return iova >> iova_shift(iovad);
}
-#if IS_ENABLED(CONFIG_IOMMU_IOVA)
+#if IS_REACHABLE(CONFIG_IOMMU_IOVA)
int iova_cache_get(void);
void iova_cache_put(void);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 643/862] tracing: kprobe: Fix kprobe event gen test module on exit
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (641 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 642/862] iommu/iova: Fix module config properly Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 644/862] tracing: kprobe: Make gen test module work in arm and riscv Greg Kroah-Hartman
` (233 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-riscv, mingo, paul.walmsley,
palmer, aou, zanussi, liaochang1, chris.zjh, Yipeng Zou,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
From: Yipeng Zou <zouyipeng@huawei.com>
[ Upstream commit ac48e189527fae87253ef2bf58892e782fb36874 ]
Correct gen_kretprobe_test clr event para on module exit.
This will make it can't to delete.
Link: https://lkml.kernel.org/r/20220919125629.238242-2-zouyipeng@huawei.com
Cc: <linux-riscv@lists.infradead.org>
Cc: <mingo@redhat.com>
Cc: <paul.walmsley@sifive.com>
Cc: <palmer@dabbelt.com>
Cc: <aou@eecs.berkeley.edu>
Cc: <zanussi@kernel.org>
Cc: <liaochang1@huawei.com>
Cc: <chris.zjh@huawei.com>
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/kprobe_event_gen_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c
index 18b0f1cbb947..e023154be0f8 100644
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -206,7 +206,7 @@ static void __exit kprobe_event_gen_test_exit(void)
WARN_ON(kprobe_event_delete("gen_kprobe_test"));
/* Disable the event or you can't remove it */
- WARN_ON(trace_array_set_clr_event(gen_kprobe_test->tr,
+ WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr,
"kprobes",
"gen_kretprobe_test", false));
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 644/862] tracing: kprobe: Make gen test module work in arm and riscv
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (642 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 643/862] tracing: kprobe: Fix kprobe event gen test module on exit Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 645/862] tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads Greg Kroah-Hartman
` (232 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-riscv, mingo, paul.walmsley,
palmer, aou, zanussi, liaochang1, chris.zjh, Yipeng Zou,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
From: Yipeng Zou <zouyipeng@huawei.com>
[ Upstream commit d8ef45d66c01425ff748e13ef7dd1da7a91cc93c ]
For now, this selftest module can only work in x86 because of the
kprobe cmd was fixed use of x86 registers.
This patch adapted to register names under arm and riscv, So that
this module can be worked on those platform.
Link: https://lkml.kernel.org/r/20220919125629.238242-3-zouyipeng@huawei.com
Cc: <linux-riscv@lists.infradead.org>
Cc: <mingo@redhat.com>
Cc: <paul.walmsley@sifive.com>
Cc: <palmer@dabbelt.com>
Cc: <aou@eecs.berkeley.edu>
Cc: <zanussi@kernel.org>
Cc: <liaochang1@huawei.com>
Cc: <chris.zjh@huawei.com>
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/kprobe_event_gen_test.c | 47 +++++++++++++++++++++++++---
1 file changed, 43 insertions(+), 4 deletions(-)
diff --git a/kernel/trace/kprobe_event_gen_test.c b/kernel/trace/kprobe_event_gen_test.c
index e023154be0f8..80e04a1e1977 100644
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -35,6 +35,45 @@
static struct trace_event_file *gen_kprobe_test;
static struct trace_event_file *gen_kretprobe_test;
+#define KPROBE_GEN_TEST_FUNC "do_sys_open"
+
+/* X86 */
+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_32)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%ax"
+#define KPROBE_GEN_TEST_ARG1 "filename=%dx"
+#define KPROBE_GEN_TEST_ARG2 "flags=%cx"
+#define KPROBE_GEN_TEST_ARG3 "mode=+4($stack)"
+
+/* ARM64 */
+#elif defined(CONFIG_ARM64)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%x0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%x1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%x2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%x3"
+
+/* ARM */
+#elif defined(CONFIG_ARM)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%r0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%r1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%r2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%r3"
+
+/* RISCV */
+#elif defined(CONFIG_RISCV)
+#define KPROBE_GEN_TEST_ARG0 "dfd=%a0"
+#define KPROBE_GEN_TEST_ARG1 "filename=%a1"
+#define KPROBE_GEN_TEST_ARG2 "flags=%a2"
+#define KPROBE_GEN_TEST_ARG3 "mode=%a3"
+
+/* others */
+#else
+#define KPROBE_GEN_TEST_ARG0 NULL
+#define KPROBE_GEN_TEST_ARG1 NULL
+#define KPROBE_GEN_TEST_ARG2 NULL
+#define KPROBE_GEN_TEST_ARG3 NULL
+#endif
+
+
/*
* Test to make sure we can create a kprobe event, then add more
* fields.
@@ -58,14 +97,14 @@ static int __init test_gen_kprobe_cmd(void)
* fields.
*/
ret = kprobe_event_gen_cmd_start(&cmd, "gen_kprobe_test",
- "do_sys_open",
- "dfd=%ax", "filename=%dx");
+ KPROBE_GEN_TEST_FUNC,
+ KPROBE_GEN_TEST_ARG0, KPROBE_GEN_TEST_ARG1);
if (ret)
goto free;
/* Use kprobe_event_add_fields to add the rest of the fields */
- ret = kprobe_event_add_fields(&cmd, "flags=%cx", "mode=+4($stack)");
+ ret = kprobe_event_add_fields(&cmd, KPROBE_GEN_TEST_ARG2, KPROBE_GEN_TEST_ARG3);
if (ret)
goto free;
@@ -128,7 +167,7 @@ static int __init test_gen_kretprobe_cmd(void)
* Define the kretprobe event.
*/
ret = kretprobe_event_gen_cmd_start(&cmd, "gen_kretprobe_test",
- "do_sys_open",
+ KPROBE_GEN_TEST_FUNC,
"$retval");
if (ret)
goto free;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 645/862] tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (643 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 644/862] tracing: kprobe: Make gen test module work in arm and riscv Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 646/862] ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller Greg Kroah-Hartman
` (231 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nico Pache,
Daniel Bristot de Oliveira, Steven Rostedt (Google),
Sasha Levin
From: Nico Pache <npache@redhat.com>
[ Upstream commit 99ee9317a1305cd5626736785c8cb38b0e47686c ]
There is a recursive lock on the cpu_hotplug_lock.
In kernel/trace/trace_osnoise.c:<start/stop>_per_cpu_kthreads:
- start_per_cpu_kthreads calls cpus_read_lock() and if
start_kthreads returns a error it will call stop_per_cpu_kthreads.
- stop_per_cpu_kthreads then calls cpus_read_lock() again causing
deadlock.
Fix this by calling cpus_read_unlock() before calling
stop_per_cpu_kthreads. This behavior can also be seen in commit
f46b16520a08 ("trace/hwlat: Implement the per-cpu mode").
This error was noticed during the LTP ftrace-stress-test:
WARNING: possible recursive locking detected
--------------------------------------------
sh/275006 is trying to acquire lock:
ffffffffb02f5400 (cpu_hotplug_lock){++++}-{0:0}, at: stop_per_cpu_kthreads
but task is already holding lock:
ffffffffb02f5400 (cpu_hotplug_lock){++++}-{0:0}, at: start_per_cpu_kthreads
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(cpu_hotplug_lock);
lock(cpu_hotplug_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by sh/275006:
#0: ffff8881023f0470 (sb_writers#24){.+.+}-{0:0}, at: ksys_write
#1: ffffffffb084f430 (trace_types_lock){+.+.}-{3:3}, at: rb_simple_write
#2: ffffffffb02f5400 (cpu_hotplug_lock){++++}-{0:0}, at: start_per_cpu_kthreads
Link: https://lkml.kernel.org/r/20220919144932.3064014-1-npache@redhat.com
Fixes: c8895e271f79 ("trace/osnoise: Support hotplug operations")
Signed-off-by: Nico Pache <npache@redhat.com>
Acked-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_osnoise.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c
index 313439920a8c..78d536d3ff3d 100644
--- a/kernel/trace/trace_osnoise.c
+++ b/kernel/trace/trace_osnoise.c
@@ -1786,8 +1786,9 @@ static int start_per_cpu_kthreads(void)
for_each_cpu(cpu, current_mask) {
retval = start_kthread(cpu);
if (retval) {
+ cpus_read_unlock();
stop_per_cpu_kthreads();
- break;
+ return retval;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 646/862] ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (644 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 645/862] tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 647/862] kbuild: remove the target in signal traps when interrupted Greg Kroah-Hartman
` (230 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Song Liu, Steven Rostedt (Google),
Sasha Levin, Naveen N . Rao
From: Song Liu <song@kernel.org>
[ Upstream commit 9d2ce78ddcee159eb6a97449e9c68b6d60b9cec4 ]
Naveen reported recursive locking of direct_mutex with sample
ftrace-direct-modify.ko:
[ 74.762406] WARNING: possible recursive locking detected
[ 74.762887] 6.0.0-rc6+ #33 Not tainted
[ 74.763216] --------------------------------------------
[ 74.763672] event-sample-fn/1084 is trying to acquire lock:
[ 74.764152] ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \
register_ftrace_function+0x1f/0x180
[ 74.764922]
[ 74.764922] but task is already holding lock:
[ 74.765421] ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \
modify_ftrace_direct+0x34/0x1f0
[ 74.766142]
[ 74.766142] other info that might help us debug this:
[ 74.766701] Possible unsafe locking scenario:
[ 74.766701]
[ 74.767216] CPU0
[ 74.767437] ----
[ 74.767656] lock(direct_mutex);
[ 74.767952] lock(direct_mutex);
[ 74.768245]
[ 74.768245] *** DEADLOCK ***
[ 74.768245]
[ 74.768750] May be due to missing lock nesting notation
[ 74.768750]
[ 74.769332] 1 lock held by event-sample-fn/1084:
[ 74.769731] #0: ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \
modify_ftrace_direct+0x34/0x1f0
[ 74.770496]
[ 74.770496] stack backtrace:
[ 74.770884] CPU: 4 PID: 1084 Comm: event-sample-fn Not tainted ...
[ 74.771498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...
[ 74.772474] Call Trace:
[ 74.772696] <TASK>
[ 74.772896] dump_stack_lvl+0x44/0x5b
[ 74.773223] __lock_acquire.cold.74+0xac/0x2b7
[ 74.773616] lock_acquire+0xd2/0x310
[ 74.773936] ? register_ftrace_function+0x1f/0x180
[ 74.774357] ? lock_is_held_type+0xd8/0x130
[ 74.774744] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]
[ 74.775213] __mutex_lock+0x99/0x1010
[ 74.775536] ? register_ftrace_function+0x1f/0x180
[ 74.775954] ? slab_free_freelist_hook.isra.43+0x115/0x160
[ 74.776424] ? ftrace_set_hash+0x195/0x220
[ 74.776779] ? register_ftrace_function+0x1f/0x180
[ 74.777194] ? kfree+0x3e1/0x440
[ 74.777482] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]
[ 74.777941] ? __schedule+0xb40/0xb40
[ 74.778258] ? register_ftrace_function+0x1f/0x180
[ 74.778672] ? my_tramp1+0xf/0xf [ftrace_direct_modify]
[ 74.779128] register_ftrace_function+0x1f/0x180
[ 74.779527] ? ftrace_set_filter_ip+0x33/0x70
[ 74.779910] ? __schedule+0xb40/0xb40
[ 74.780231] ? my_tramp1+0xf/0xf [ftrace_direct_modify]
[ 74.780678] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]
[ 74.781147] ftrace_modify_direct_caller+0x5b/0x90
[ 74.781563] ? 0xffffffffa0201000
[ 74.781859] ? my_tramp1+0xf/0xf [ftrace_direct_modify]
[ 74.782309] modify_ftrace_direct+0x1b2/0x1f0
[ 74.782690] ? __schedule+0xb40/0xb40
[ 74.783014] ? simple_thread+0x2a/0xb0 [ftrace_direct_modify]
[ 74.783508] ? __schedule+0xb40/0xb40
[ 74.783832] ? my_tramp2+0x11/0x11 [ftrace_direct_modify]
[ 74.784294] simple_thread+0x76/0xb0 [ftrace_direct_modify]
[ 74.784766] kthread+0xf5/0x120
[ 74.785052] ? kthread_complete_and_exit+0x20/0x20
[ 74.785464] ret_from_fork+0x22/0x30
[ 74.785781] </TASK>
Fix this by using register_ftrace_function_nolock in
ftrace_modify_direct_caller.
Link: https://lkml.kernel.org/r/20220927004146.1215303-1-song@kernel.org
Fixes: 53cd885bc5c3 ("ftrace: Allow IPMODIFY and DIRECT ops on the same function")
Reported-and-tested-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ftrace.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 2edda4962367..83362a155791 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -5439,6 +5439,8 @@ static struct ftrace_ops stub_ops = {
* it is safe to modify the ftrace record, where it should be
* currently calling @old_addr directly, to call @new_addr.
*
+ * This is called with direct_mutex locked.
+ *
* Safety checks should be made to make sure that the code at
* @rec->ip is currently calling @old_addr. And this must
* also update entry->direct to @new_addr.
@@ -5451,6 +5453,8 @@ int __weak ftrace_modify_direct_caller(struct ftrace_func_entry *entry,
unsigned long ip = rec->ip;
int ret;
+ lockdep_assert_held(&direct_mutex);
+
/*
* The ftrace_lock was used to determine if the record
* had more than one registered user to it. If it did,
@@ -5473,7 +5477,7 @@ int __weak ftrace_modify_direct_caller(struct ftrace_func_entry *entry,
if (ret)
goto out_lock;
- ret = register_ftrace_function(&stub_ops);
+ ret = register_ftrace_function_nolock(&stub_ops);
if (ret) {
ftrace_set_filter_ip(&stub_ops, ip, 1, 0);
goto out_lock;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 647/862] kbuild: remove the target in signal traps when interrupted
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (645 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 646/862] ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 648/862] linux/export: use inline assembler to populate symbol CRCs Greg Kroah-Hartman
` (229 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Rob Herring,
Masahiro Yamada, Nicolas Schier, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit a7f3257da8a86b96fb9bf1bba40ae0bbd7f1885a ]
When receiving some signal, GNU Make automatically deletes the target if
it has already been changed by the interrupted recipe.
If the target is possibly incomplete due to interruption, it must be
deleted so that it will be remade from scratch on the next run of make.
Otherwise, the target would remain corrupted permanently because its
timestamp had already been updated.
Thanks to this behavior of Make, you can stop the build any time by
pressing Ctrl-C, and just run 'make' to resume it.
Kbuild also relies on this feature, but it is equivalently important
for any build systems that make decisions based on timestamps (if you
want to support Ctrl-C reliably).
However, this does not always work as claimed; Make immediately dies
with Ctrl-C if its stderr goes into a pipe.
[Test Makefile]
foo:
echo hello > $@
sleep 3
echo world >> $@
[Test Result]
$ make # hit Ctrl-C
echo hello > foo
sleep 3
^Cmake: *** Deleting file 'foo'
make: *** [Makefile:3: foo] Interrupt
$ make 2>&1 | cat # hit Ctrl-C
echo hello > foo
sleep 3
^C$ # 'foo' is often left-over
The reason is because SIGINT is sent to the entire process group.
In this example, SIGINT kills 'cat', and 'make' writes the message to
the closed pipe, then dies with SIGPIPE before cleaning the target.
A typical bad scenario (as reported by [1], [2]) is to save build log
by using the 'tee' command:
$ make 2>&1 | tee log
This can be problematic for any build systems based on Make, so I hope
it will be fixed in GNU Make. The maintainer of GNU Make stated this is
a long-standing issue and difficult to fix [3]. It has not been fixed
yet as of writing.
So, we cannot rely on Make cleaning the target. We can do it by
ourselves, in signal traps.
As far as I understand, Make takes care of SIGHUP, SIGINT, SIGQUIT, and
SITERM for the target removal. I added the traps for them, and also for
SIGPIPE just in case cmd_* rule prints something to stdout or stderr
(but I did not observe an actual case where SIGPIPE was triggered).
[Note 1]
The trap handler might be worth explaining.
rm -f $@; trap - $(sig); kill -s $(sig) $$
This lets the shell kill itself by the signal it caught, so the parent
process can tell the child has exited on the signal. Generally, this is
a proper manner for handling signals, in case the calling program (like
Bash) may monitor WIFSIGNALED() and WTERMSIG() for WCE although this may
not be a big deal here because GNU Make handles SIGHUP, SIGINT, SIGQUIT
in WUE and SIGTERM in IUE.
IUE - Immediate Unconditional Exit
WUE - Wait and Unconditional Exit
WCE - Wait and Cooperative Exit
For details, see "Proper handling of SIGINT/SIGQUIT" [4].
[Note 2]
Reverting 392885ee82d3 ("kbuild: let fixdep directly write to .*.cmd
files") would directly address [1], but it only saves if_changed_dep.
As reported in [2], all commands that use redirection can potentially
leave an empty (i.e. broken) target.
[Note 3]
Another (even safer) approach might be to always write to a temporary
file, and rename it to $@ at the end of the recipe.
<command> > $(tmp-target)
mv $(tmp-target) $@
It would require a lot of Makefile changes, and result in ugly code,
so I did not take it.
[Note 4]
A little more thoughts about a pattern rule with multiple targets (or
a grouped target).
%.x %.y: %.z
<recipe>
When interrupted, GNU Make deletes both %.x and %.y, while this solution
only deletes $@. Probably, this is not a big deal. The next run of make
will execute the rule again to create $@ along with the other files.
[1]: https://lore.kernel.org/all/YLeot94yAaM4xbMY@gmail.com/
[2]: https://lore.kernel.org/all/20220510221333.2770571-1-robh@kernel.org/
[3]: https://lists.gnu.org/archive/html/help-make/2021-06/msg00001.html
[4]: https://www.cons.org/cracauer/sigint.html
Fixes: 392885ee82d3 ("kbuild: let fixdep directly write to .*.cmd files")
Reported-by: Ingo Molnar <mingo@kernel.org>
Reported-by: Rob Herring <robh@kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Nicolas Schier <nicolas@fjasle.eu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/Kbuild.include | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
index ece44b735061..2bc08ace38a3 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
@@ -100,8 +100,29 @@ echo-cmd = $(if $($(quiet)cmd_$(1)),\
quiet_redirect :=
silent_redirect := exec >/dev/null;
+# Delete the target on interruption
+#
+# GNU Make automatically deletes the target if it has already been changed by
+# the interrupted recipe. So, you can safely stop the build by Ctrl-C (Make
+# will delete incomplete targets), and resume it later.
+#
+# However, this does not work when the stderr is piped to another program, like
+# $ make >&2 | tee log
+# Make dies with SIGPIPE before cleaning the targets.
+#
+# To address it, we clean the target in signal traps.
+#
+# Make deletes the target when it catches SIGHUP, SIGINT, SIGQUIT, SIGTERM.
+# So, we cover them, and also SIGPIPE just in case.
+#
+# Of course, this is unneeded for phony targets.
+delete-on-interrupt = \
+ $(if $(filter-out $(PHONY), $@), \
+ $(foreach sig, HUP INT QUIT TERM PIPE, \
+ trap 'rm -f $@; trap - $(sig); kill -s $(sig) $$$$' $(sig);))
+
# printing commands
-cmd = @set -e; $(echo-cmd) $($(quiet)redirect) $(cmd_$(1))
+cmd = @set -e; $(echo-cmd) $($(quiet)redirect) $(delete-on-interrupt) $(cmd_$(1))
###
# if_changed - execute command if any prerequisite is newer than
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 648/862] linux/export: use inline assembler to populate symbol CRCs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (646 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 647/862] kbuild: remove the target in signal traps when interrupted Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 649/862] kbuild: rpm-pkg: fix breakage when V=1 is used Greg Kroah-Hartman
` (228 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yann Sionneau, Masahiro Yamada, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit f3304ecd7f060db1d4197fbdce5a503259f770d3 ]
Since commit 7b4537199a4a ("kbuild: link symbol CRCs at final link,
removing CONFIG_MODULE_REL_CRCS"), the module versioning on the
(non-upstreamed-yet) kvx Linux port is broken due to unexpected padding
for __crc_* symbols. The kvx GCC adds padding so u32 gets 8-byte
alignment instead of 4.
I do not know if this happens for upstream architectures in general,
but any compiler has the freedom to insert padding for faster access.
Use the inline assembler to directly specify the wanted data layout.
This is how we previously did before the breakage.
Link: https://lore.kernel.org/lkml/20220817161438.32039-1-ysionneau@kalray.eu/
Link: https://lore.kernel.org/linux-kbuild/31ce5305-a76b-13d7-ea55-afca82c46cf2@kalray.eu/
Fixes: 7b4537199a4a ("kbuild: link symbol CRCs at final link, removing CONFIG_MODULE_REL_CRCS")
Reported-by: Yann Sionneau <ysionneau@kalray.eu>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Yann Sionneau <ysionneau@kalray.eu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/export-internal.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/linux/export-internal.h b/include/linux/export-internal.h
index c2b1d4fd5987..fe7e6ba918f1 100644
--- a/include/linux/export-internal.h
+++ b/include/linux/export-internal.h
@@ -10,8 +10,10 @@
#include <linux/compiler.h>
#include <linux/types.h>
-/* __used is needed to keep __crc_* for LTO */
#define SYMBOL_CRC(sym, crc, sec) \
- u32 __section("___kcrctab" sec "+" #sym) __used __crc_##sym = crc
+ asm(".section \"___kcrctab" sec "+" #sym "\",\"a\"" "\n" \
+ "__crc_" #sym ":" "\n" \
+ ".long " #crc "\n" \
+ ".previous" "\n")
#endif /* __LINUX_EXPORT_INTERNAL_H__ */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 649/862] kbuild: rpm-pkg: fix breakage when V=1 is used
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (647 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 648/862] linux/export: use inline assembler to populate symbol CRCs Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 650/862] crypto: marvell/octeontx - prevent integer overflows Greg Kroah-Hartman
` (227 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Janis Schoetterl-Glausch,
Masahiro Yamada, Sasha Levin
From: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
[ Upstream commit 2e07005f4813a9ff6e895787e0c2d1fea859b033 ]
Doing make V=1 binrpm-pkg results in:
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.EgV6qJ
+ umask 022
+ cd .
+ /bin/rm -rf /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x
+ /bin/mkdir -p /home/scgl/rpmbuild/BUILDROOT
+ /bin/mkdir /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x
+ mkdir -p /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x/boot
+ make -f ./Makefile image_name
+ cp test -e include/generated/autoconf.h -a -e include/config/auto.conf || ( \ echo >&2; \ echo >&2 " ERROR: Kernel configuration is invalid."; \ echo >&2 " include/generated/autoconf.h or include/config/auto.conf are missing.";\ echo >&2 " Run 'make oldconfig && make prepare' on kernel src to fix it."; \ echo >&2 ; \ /bin/false) arch/s390/boot/bzImage /home/scgl/rpmbuild/BUILDROOT/kernel-6.0.0_rc5+-1.s390x/boot/vmlinuz-6.0.0-rc5+
cp: invalid option -- 'e'
Try 'cp --help' for more information.
error: Bad exit status from /var/tmp/rpm-tmp.EgV6qJ (%install)
Because the make call to get the image name is verbose and prints
additional information.
Fixes: 993bdde94547 ("kbuild: add image_name to no-sync-config-targets")
Signed-off-by: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/package/mkspec | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/package/mkspec b/scripts/package/mkspec
index 8fa7c5b8a1a1..c920c1b18e7a 100755
--- a/scripts/package/mkspec
+++ b/scripts/package/mkspec
@@ -88,10 +88,10 @@ $S
mkdir -p %{buildroot}/boot
%ifarch ia64
mkdir -p %{buildroot}/boot/efi
- cp \$($MAKE image_name) %{buildroot}/boot/efi/vmlinuz-$KERNELRELEASE
+ cp \$($MAKE -s image_name) %{buildroot}/boot/efi/vmlinuz-$KERNELRELEASE
ln -s efi/vmlinuz-$KERNELRELEASE %{buildroot}/boot/
%else
- cp \$($MAKE image_name) %{buildroot}/boot/vmlinuz-$KERNELRELEASE
+ cp \$($MAKE -s image_name) %{buildroot}/boot/vmlinuz-$KERNELRELEASE
%endif
$M $MAKE %{?_smp_mflags} INSTALL_MOD_PATH=%{buildroot} modules_install
$MAKE %{?_smp_mflags} INSTALL_HDR_PATH=%{buildroot}/usr headers_install
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 650/862] crypto: marvell/octeontx - prevent integer overflows
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (648 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 649/862] kbuild: rpm-pkg: fix breakage when V=1 is used Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 651/862] crypto: cavium - prevent integer overflow loading firmware Greg Kroah-Hartman
` (226 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Herbert Xu, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit caca37cf6c749ff0303f68418cfe7b757a4e0697 ]
The "code_length" value comes from the firmware file. If your firmware
is untrusted realistically there is probably very little you can do to
protect yourself. Still we try to limit the damage as much as possible.
Also Smatch marks any data read from the filesystem as untrusted and
prints warnings if it not capped correctly.
The "code_length * 2" can overflow. The round_up(ucode_size, 16) +
sizeof() expression can overflow too. Prevent these overflows.
Fixes: d9110b0b01ff ("crypto: marvell - add support for OCTEON TX CPT engine")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../crypto/marvell/octeontx/otx_cptpf_ucode.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
index 40b482198ebc..a765eefb18c2 100644
--- a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
+++ b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
@@ -286,6 +286,7 @@ static int process_tar_file(struct device *dev,
struct tar_ucode_info_t *tar_info;
struct otx_cpt_ucode_hdr *ucode_hdr;
int ucode_type, ucode_size;
+ unsigned int code_length;
/*
* If size is less than microcode header size then don't report
@@ -303,7 +304,13 @@ static int process_tar_file(struct device *dev,
if (get_ucode_type(ucode_hdr, &ucode_type))
return 0;
- ucode_size = ntohl(ucode_hdr->code_length) * 2;
+ code_length = ntohl(ucode_hdr->code_length);
+ if (code_length >= INT_MAX / 2) {
+ dev_err(dev, "Invalid code_length %u\n", code_length);
+ return -EINVAL;
+ }
+
+ ucode_size = code_length * 2;
if (!ucode_size || (size < round_up(ucode_size, 16) +
sizeof(struct otx_cpt_ucode_hdr) + OTX_CPT_UCODE_SIGN_LEN)) {
dev_err(dev, "Ucode %s invalid size\n", filename);
@@ -886,6 +893,7 @@ static int ucode_load(struct device *dev, struct otx_cpt_ucode *ucode,
{
struct otx_cpt_ucode_hdr *ucode_hdr;
const struct firmware *fw;
+ unsigned int code_length;
int ret;
set_ucode_filename(ucode, ucode_filename);
@@ -896,7 +904,13 @@ static int ucode_load(struct device *dev, struct otx_cpt_ucode *ucode,
ucode_hdr = (struct otx_cpt_ucode_hdr *) fw->data;
memcpy(ucode->ver_str, ucode_hdr->ver_str, OTX_CPT_UCODE_VER_STR_SZ);
ucode->ver_num = ucode_hdr->ver_num;
- ucode->size = ntohl(ucode_hdr->code_length) * 2;
+ code_length = ntohl(ucode_hdr->code_length);
+ if (code_length >= INT_MAX / 2) {
+ dev_err(dev, "Ucode invalid code_length %u\n", code_length);
+ ret = -EINVAL;
+ goto release_fw;
+ }
+ ucode->size = code_length * 2;
if (!ucode->size || (fw->size < round_up(ucode->size, 16)
+ sizeof(struct otx_cpt_ucode_hdr) + OTX_CPT_UCODE_SIGN_LEN)) {
dev_err(dev, "Ucode %s invalid size\n", ucode_filename);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 651/862] crypto: cavium - prevent integer overflow loading firmware
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (649 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 650/862] crypto: marvell/octeontx - prevent integer overflows Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 652/862] random: schedule jitter credit for next jiffy, not in two jiffies Greg Kroah-Hartman
` (225 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Herbert Xu, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 2526d6bf27d15054bb0778b2f7bc6625fd934905 ]
The "code_length" value comes from the firmware file. If your firmware
is untrusted realistically there is probably very little you can do to
protect yourself. Still we try to limit the damage as much as possible.
Also Smatch marks any data read from the filesystem as untrusted and
prints warnings if it not capped correctly.
The "ntohl(ucode->code_length) * 2" multiplication can have an
integer overflow.
Fixes: 9e2c7d99941d ("crypto: cavium - Add Support for Octeon-tx CPT Engine")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/cavium/cpt/cptpf_main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/cavium/cpt/cptpf_main.c b/drivers/crypto/cavium/cpt/cptpf_main.c
index 8c32d0eb8fcf..6872ac344001 100644
--- a/drivers/crypto/cavium/cpt/cptpf_main.c
+++ b/drivers/crypto/cavium/cpt/cptpf_main.c
@@ -253,6 +253,7 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, const u8 *fw, bool is_ae)
const struct firmware *fw_entry;
struct device *dev = &cpt->pdev->dev;
struct ucode_header *ucode;
+ unsigned int code_length;
struct microcode *mcode;
int j, ret = 0;
@@ -263,11 +264,12 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, const u8 *fw, bool is_ae)
ucode = (struct ucode_header *)fw_entry->data;
mcode = &cpt->mcode[cpt->next_mc_idx];
memcpy(mcode->version, (u8 *)fw_entry->data, CPT_UCODE_VERSION_SZ);
- mcode->code_size = ntohl(ucode->code_length) * 2;
- if (!mcode->code_size) {
+ code_length = ntohl(ucode->code_length);
+ if (code_length == 0 || code_length >= INT_MAX / 2) {
ret = -EINVAL;
goto fw_release;
}
+ mcode->code_size = code_length * 2;
mcode->is_ae = is_ae;
mcode->core_mask = 0ULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 652/862] random: schedule jitter credit for next jiffy, not in two jiffies
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (650 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 651/862] crypto: cavium - prevent integer overflow loading firmware Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 653/862] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Greg Kroah-Hartman
` (224 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dominik Brodowski,
Sebastian Andrzej Siewior, Sultan Alsawaf, Jason A. Donenfeld,
Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 122733471384be8c23f019fbbd46bdf7be561dcd ]
Counterintuitively, mod_timer(..., jiffies + 1) will cause the timer to
fire not in the next jiffy, but in two jiffies. The way to cause
the timer to fire in the next jiffy is with mod_timer(..., jiffies).
Doing so then lets us bump the upper bound back up again.
Fixes: 50ee7529ec45 ("random: try to actively add entropy rather than passively wait for it")
Fixes: 829d680e82a9 ("random: cap jitter samples per bit to factor of HZ")
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Sultan Alsawaf <sultan@kerneltoast.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/random.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 060f999dcffb..46d6100fa3a7 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -1195,7 +1195,7 @@ static void __cold entropy_timer(struct timer_list *timer)
*/
static void __cold try_to_generate_entropy(void)
{
- enum { NUM_TRIAL_SAMPLES = 8192, MAX_SAMPLES_PER_BIT = HZ / 30 };
+ enum { NUM_TRIAL_SAMPLES = 8192, MAX_SAMPLES_PER_BIT = HZ / 15 };
struct entropy_timer_state stack;
unsigned int i, num_different = 0;
unsigned long last = random_get_entropy();
@@ -1214,7 +1214,7 @@ static void __cold try_to_generate_entropy(void)
timer_setup_on_stack(&stack.timer, entropy_timer, 0);
while (!crng_ready() && !signal_pending(current)) {
if (!timer_pending(&stack.timer))
- mod_timer(&stack.timer, jiffies + 1);
+ mod_timer(&stack.timer, jiffies);
mix_pool_bytes(&stack.entropy, sizeof(stack.entropy));
schedule();
stack.entropy = random_get_entropy();
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 653/862] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (651 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 652/862] random: schedule jitter credit for next jiffy, not in two jiffies Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 654/862] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Greg Kroah-Hartman
` (223 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Knecht, Dmitry Baryshkov,
Bjorn Andersson, Bryan ODonoghue, Daniel Lezcano, Sasha Levin
From: Vincent Knecht <vincent.knecht@mailoo.org>
[ Upstream commit b0c883e900702f408d62cf92b0ef01303ed69be9 ]
Reading temperature from this sensor fails with 'Invalid argument'.
Looking at old vendor dts [1], its hw_id should be 3 instead of 4.
Change this hw_id accordingly.
[1] https://github.com/msm8916-mainline/android_kernel_qcom_msm8916/blob/master/arch/arm/boot/dts/qcom/msm8939-common.dtsi#L511
Fixes: 332bc8ebab2c ("thermal: qcom: tsens-v0_1: Add support for MSM8939")
Signed-off-by: Vincent Knecht <vincent.knecht@mailoo.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Bjorn Andersson <andersson@kernel.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Link: https://lore.kernel.org/r/20220811105014.7194-1-vincent.knecht@mailoo.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/qcom/tsens-v0_1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/thermal/qcom/tsens-v0_1.c b/drivers/thermal/qcom/tsens-v0_1.c
index f136cb350238..327f37202c69 100644
--- a/drivers/thermal/qcom/tsens-v0_1.c
+++ b/drivers/thermal/qcom/tsens-v0_1.c
@@ -604,7 +604,7 @@ static const struct tsens_ops ops_8939 = {
struct tsens_plat_data data_8939 = {
.num_sensors = 10,
.ops = &ops_8939,
- .hw_ids = (unsigned int []){ 0, 1, 2, 4, 5, 6, 7, 8, 9, 10 },
+ .hw_ids = (unsigned int []){ 0, 1, 2, 3, 5, 6, 7, 8, 9, 10 },
.feat = &tsens_v0_1_feat,
.fields = tsens_v0_1_regfields,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 654/862] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (652 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 653/862] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 655/862] f2fs: fix race condition on setting FI_NO_EXTENT flag Greg Kroah-Hartman
` (222 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuai Xue, Tony Luck,
Rafael J. Wysocki, Sasha Levin
From: Shuai Xue <xueshuai@linux.alibaba.com>
[ Upstream commit 415fed694fe11395df56e05022d6e7cee1d39dd3 ]
If an error is detected as a result of user-space process accessing a
corrupt memory location, the CPU may take an abort. Then the platform
firmware reports kernel via NMI like notifications, e.g. NOTIFY_SEA,
NOTIFY_SOFTWARE_DELEGATED, etc.
For NMI like notifications, commit 7f17b4a121d0 ("ACPI: APEI: Kick the
memory_failure() queue for synchronous errors") keep track of whether
memory_failure() work was queued, and make task_work pending to flush out
the queue so that the work is processed before return to user-space.
The code use init_mm to check whether the error occurs in user space:
if (current->mm != &init_mm)
The condition is always true, becase _nobody_ ever has "init_mm" as a real
VM any more.
In addition to abort, errors can also be signaled as asynchronous
exceptions, such as interrupt and SError. In such case, the interrupted
current process could be any kind of thread. When a kernel thread is
interrupted, the work ghes_kick_task_work deferred to task_work will never
be processed because entry_handler returns to call ret_to_kernel() instead
of ret_to_user(). Consequently, the estatus_node alloced from
ghes_estatus_pool in ghes_in_nmi_queue_one_entry() will not be freed.
After around 200 allocations in our platform, the ghes_estatus_pool will
run of memory and ghes_in_nmi_queue_one_entry() returns ENOMEM. As a
result, the event failed to be processed.
sdei: event 805 on CPU 113 failed with error: -2
Finally, a lot of unhandled events may cause platform firmware to exceed
some threshold and reboot.
The condition should generally just do
if (current->mm)
as described in active_mm.rst documentation.
Then if an asynchronous error is detected when a kernel thread is running,
(e.g. when detected by a background scrubber), do not add task_work to it
as the original patch intends to do.
Fixes: 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for synchronous errors")
Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/apei/ghes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
index d91ad378c00d..80ad530583c9 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
@@ -985,7 +985,7 @@ static void ghes_proc_in_irq(struct irq_work *irq_work)
ghes_estatus_cache_add(generic, estatus);
}
- if (task_work_pending && current->mm != &init_mm) {
+ if (task_work_pending && current->mm) {
estatus_node->task_work.func = ghes_kick_task_work;
estatus_node->task_work_cpu = smp_processor_id();
ret = task_work_add(current, &estatus_node->task_work,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 655/862] f2fs: fix race condition on setting FI_NO_EXTENT flag
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (653 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 654/862] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 656/862] f2fs: fix to account FS_CP_DATA_IO correctly Greg Kroah-Hartman
` (221 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Qilong, Chao Yu, Jaegeuk Kim,
Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 07725adc55c0a414c10acb5c8c86cea34b95ddef ]
The following scenarios exist.
process A: process B:
->f2fs_drop_extent_tree ->f2fs_update_extent_cache_range
->f2fs_update_extent_tree_range
->write_lock
->set_inode_flag
->is_inode_flag_set
->__free_extent_tree // Shouldn't
// have been
// cleaned up
// here
->write_lock
In this case, the "FI_NO_EXTENT" flag is set between
f2fs_update_extent_tree_range and is_inode_flag_set
by other process. it leads to clearing the whole exten
tree which should not have happened. And we fix it by
move the setting it to the range of write_lock.
Fixes:5f281fab9b9a3 ("f2fs: disable extent_cache for fcollapse/finsert inodes")
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/extent_cache.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
index 866e72b29bd5..761fd42c93f2 100644
--- a/fs/f2fs/extent_cache.c
+++ b/fs/f2fs/extent_cache.c
@@ -804,9 +804,8 @@ void f2fs_drop_extent_tree(struct inode *inode)
if (!f2fs_may_extent_tree(inode))
return;
- set_inode_flag(inode, FI_NO_EXTENT);
-
write_lock(&et->lock);
+ set_inode_flag(inode, FI_NO_EXTENT);
__free_extent_tree(sbi, et);
if (et->largest.len) {
et->largest.len = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 656/862] f2fs: fix to account FS_CP_DATA_IO correctly
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (654 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 655/862] f2fs: fix race condition on setting FI_NO_EXTENT flag Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 657/862] tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
` (220 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <chao@kernel.org>
[ Upstream commit d80afefb17e01aa0c46a8eebc01882e0ebd8b0f6 ]
f2fs_inode_info.cp_task was introduced for FS_CP_DATA_IO accounting
since commit b0af6d491a6b ("f2fs: add app/fs io stat").
However, cp_task usage coverage has been increased due to below
commits:
commit 040d2bb318d1 ("f2fs: fix to avoid deadloop if data_flush is on")
commit 186857c5a14a ("f2fs: fix potential recursive call when enabling data_flush")
So that, if data_flush mountoption is on, when data flush was
triggered from background, the IO from data flush will be accounted
as checkpoint IO type incorrectly.
In order to fix this issue, this patch splits cp_task into two:
a) cp_task: used for IO accounting
b) wb_task: used to avoid deadlock
Fixes: 040d2bb318d1 ("f2fs: fix to avoid deadloop if data_flush is on")
Fixes: 186857c5a14a ("f2fs: fix potential recursive call when enabling data_flush")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/checkpoint.c | 13 +++++++++----
fs/f2fs/data.c | 4 ++--
fs/f2fs/f2fs.h | 4 +++-
fs/f2fs/segment.c | 2 +-
4 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index f051a73e464a..e04ed60cc9e2 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -1061,7 +1061,8 @@ void f2fs_remove_dirty_inode(struct inode *inode)
spin_unlock(&sbi->inode_lock[type]);
}
-int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type)
+int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type,
+ bool from_cp)
{
struct list_head *head;
struct inode *inode;
@@ -1096,11 +1097,15 @@ int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type)
if (inode) {
unsigned long cur_ino = inode->i_ino;
- F2FS_I(inode)->cp_task = current;
+ if (from_cp)
+ F2FS_I(inode)->cp_task = current;
+ F2FS_I(inode)->wb_task = current;
filemap_fdatawrite(inode->i_mapping);
- F2FS_I(inode)->cp_task = NULL;
+ F2FS_I(inode)->wb_task = NULL;
+ if (from_cp)
+ F2FS_I(inode)->cp_task = NULL;
iput(inode);
/* We need to give cpu to another writers. */
@@ -1229,7 +1234,7 @@ static int block_operations(struct f2fs_sb_info *sbi)
/* write all the dirty dentry pages */
if (get_pages(sbi, F2FS_DIRTY_DENTS)) {
f2fs_unlock_all(sbi);
- err = f2fs_sync_dirty_inodes(sbi, DIR_INODE);
+ err = f2fs_sync_dirty_inodes(sbi, DIR_INODE, true);
if (err)
return err;
cond_resched();
diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index aa3ccddfa037..5e88272d94e4 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2856,7 +2856,7 @@ int f2fs_write_single_data_page(struct page *page, int *submitted,
}
unlock_page(page);
if (!S_ISDIR(inode->i_mode) && !IS_NOQUOTA(inode) &&
- !F2FS_I(inode)->cp_task && allow_balance)
+ !F2FS_I(inode)->wb_task && allow_balance)
f2fs_balance_fs(sbi, need_balance_fs);
if (unlikely(f2fs_cp_error(sbi))) {
@@ -3156,7 +3156,7 @@ static inline bool __should_serialize_io(struct inode *inode,
struct writeback_control *wbc)
{
/* to avoid deadlock in path of data flush */
- if (F2FS_I(inode)->cp_task)
+ if (F2FS_I(inode)->wb_task)
return false;
if (!S_ISREG(inode->i_mode))
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 30fdda714e95..1e57b11ffe2a 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -786,6 +786,7 @@ struct f2fs_inode_info {
unsigned int clevel; /* maximum level of given file name */
struct task_struct *task; /* lookup and create consistency */
struct task_struct *cp_task; /* separate cp/wb IO stats*/
+ struct task_struct *wb_task; /* indicate inode is in context of writeback */
nid_t i_xattr_nid; /* node id that contains xattrs */
loff_t last_disk_size; /* lastly written file size */
spinlock_t i_size_lock; /* protect last_disk_size */
@@ -3741,7 +3742,8 @@ int f2fs_recover_orphan_inodes(struct f2fs_sb_info *sbi);
int f2fs_get_valid_checkpoint(struct f2fs_sb_info *sbi);
void f2fs_update_dirty_folio(struct inode *inode, struct folio *folio);
void f2fs_remove_dirty_inode(struct inode *inode);
-int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type);
+int f2fs_sync_dirty_inodes(struct f2fs_sb_info *sbi, enum inode_type type,
+ bool from_cp);
void f2fs_wait_on_all_pages(struct f2fs_sb_info *sbi, int type);
u64 f2fs_get_sectors_written(struct f2fs_sb_info *sbi);
int f2fs_write_checkpoint(struct f2fs_sb_info *sbi, struct cp_control *cpc);
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 0de21f82d7bc..84bad18ce13d 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -476,7 +476,7 @@ void f2fs_balance_fs_bg(struct f2fs_sb_info *sbi, bool from_bg)
mutex_lock(&sbi->flush_lock);
blk_start_plug(&plug);
- f2fs_sync_dirty_inodes(sbi, FILE_INODE);
+ f2fs_sync_dirty_inodes(sbi, FILE_INODE, false);
blk_finish_plug(&plug);
mutex_unlock(&sbi->flush_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 657/862] tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (655 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 656/862] f2fs: fix to account FS_CP_DATA_IO correctly Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 658/862] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Greg Kroah-Hartman
` (219 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Rui, Wang Wendy, Len Brown,
Sasha Levin
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit b2d433ae637626d44c9d4a75dd3330cf68fed9de ]
Intel Xeon servers used to use a fixed energy resolution (15.3uj) for
Dram RAPL domain. But on SPR, Dram RAPL domain follows the standard
energy resolution as described in MSR_RAPL_POWER_UNIT.
Remove the SPR rapl_dram_energy_units quirk.
Fixes: e7af1ed3fa47 ("tools/power turbostat: Support additional CPU model numbers")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Tested-by: Wang Wendy <wendy.wang@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/turbostat/turbostat.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
index 831dc32d45fa..b7d2a0cd0ac2 100644
--- a/tools/power/x86/turbostat/turbostat.c
+++ b/tools/power/x86/turbostat/turbostat.c
@@ -4560,7 +4560,6 @@ static double rapl_dram_energy_units_probe(int model, double rapl_energy_units)
case INTEL_FAM6_SKYLAKE_X: /* SKX */
case INTEL_FAM6_XEON_PHI_KNL: /* KNL */
case INTEL_FAM6_ICELAKE_X: /* ICX */
- case INTEL_FAM6_SAPPHIRERAPIDS_X: /* SPR */
return (rapl_dram_energy_units = 15.3 / 1000000);
default:
return (rapl_energy_units);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 658/862] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (656 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 657/862] tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?= Greg Kroah-Hartman
` (218 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, linux-kselftest,
Jarkko Sakkinen, Stefan Berger, Sasha Levin
From: Stefan Berger <stefanb@linux.ibm.com>
[ Upstream commit 2d869f0b458547386fbcd8cf3004b271b7347b7f ]
The following output can bee seen when the test is executed:
test_flush_context (tpm2_tests.SpaceTest) ... \
/usr/lib64/python3.6/unittest/case.py:605: ResourceWarning: \
unclosed file <_io.FileIO name='/dev/tpmrm0' mode='rb+' closefd=True>
An instance of Client does not implicitly close /dev/tpm* handle, once it
gets destroyed. Close the file handle in the class destructor
Client.__del__().
Fixes: 6ea3dfe1e0732 ("selftests: add TPM 2.0 tests")
Cc: Shuah Khan <shuah@kernel.org>
Cc: linux-kselftest@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/tpm2/tpm2.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/tpm2/tpm2.py b/tools/testing/selftests/tpm2/tpm2.py
index 057a4f49c79d..c7363c6764fc 100644
--- a/tools/testing/selftests/tpm2/tpm2.py
+++ b/tools/testing/selftests/tpm2/tpm2.py
@@ -371,6 +371,10 @@ class Client:
fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags)
self.tpm_poll = select.poll()
+ def __del__(self):
+ if self.tpm:
+ self.tpm.close()
+
def close(self):
self.tpm.close()
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?=
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (657 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 658/862] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 9:14 ` Russell King (Oracle)
2022-10-20 1:46 ` [PATCH 6.0 659/862] ARM/dma-mappіng: dont override ->dma_coherent when set from a bus notifier Bagas Sanjaya
2022-10-19 8:32 ` [PATCH 6.0 660/862] module: tracking: Keep a record of tainted unloaded modules only Greg Kroah-Hartman
` (217 subsequent siblings)
876 siblings, 2 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún, Christoph Hellwig,
Russell King (Oracle),
Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 49bc8bebae79c8516cb12f91818f3a7907e3ebce ]
Commit ae626eb97376 ("ARM/dma-mapping: use dma-direct unconditionally")
caused a regression on the mvebu platform, wherein devices that are
dma-coherent are marked as dma-noncoherent, because although
mvebu_hwcc_notifier() after that commit still marks then as coherent,
the arm_coherent_dma_ops() function, which is called later, overwrites
this setting, since it is being called from drivers/of/device.c with
coherency parameter determined by of_dma_is_coherent(), and the
device-trees do not declare the 'dma-coherent' property.
Fix this by defaulting never clearing the dma_coherent flag in
arm_coherent_dma_ops().
Fixes: ae626eb97376 ("ARM/dma-mapping: use dma-direct unconditionally")
Reported-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Tested-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/dma-mapping.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
index 089c9c644cce..bfc7476f1411 100644
--- a/arch/arm/mm/dma-mapping.c
+++ b/arch/arm/mm/dma-mapping.c
@@ -1769,8 +1769,16 @@ static void arm_teardown_iommu_dma_ops(struct device *dev) { }
void arch_setup_dma_ops(struct device *dev, u64 dma_base, u64 size,
const struct iommu_ops *iommu, bool coherent)
{
- dev->archdata.dma_coherent = coherent;
- dev->dma_coherent = coherent;
+ /*
+ * Due to legacy code that sets the ->dma_coherent flag from a bus
+ * notifier we can't just assign coherent to the ->dma_coherent flag
+ * here, but instead have to make sure we only set but never clear it
+ * for now.
+ */
+ if (coherent) {
+ dev->archdata.dma_coherent = true;
+ dev->dma_coherent = true;
+ }
/*
* Don't override the dma_ops if they have already been set. Ideally
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 660/862] module: tracking: Keep a record of tainted unloaded modules only
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (658 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?= Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 661/862] fs: dlm: fix race in lowcomms Greg Kroah-Hartman
` (216 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Dobriyan, Aaron Tomlin,
Luis Chamberlain, Linus Torvalds, Sasha Levin
From: Aaron Tomlin <atomlin@redhat.com>
[ Upstream commit 47cc75aa92837a9d3f15157d6272ff285585d75d ]
This ensures that no module record/or entry is added to the
unloaded_tainted_modules list if it does not carry a taint.
Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
Fixes: 99bd9956551b ("module: Introduce module unload taint tracking")
Signed-off-by: Aaron Tomlin <atomlin@redhat.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/module/tracking.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/module/tracking.c b/kernel/module/tracking.c
index 7f8133044d09..af52cabfe632 100644
--- a/kernel/module/tracking.c
+++ b/kernel/module/tracking.c
@@ -21,6 +21,9 @@ int try_add_tainted_module(struct module *mod)
module_assert_mutex_or_preempt();
+ if (!mod->taints)
+ goto out;
+
list_for_each_entry_rcu(mod_taint, &unloaded_tainted_modules, list,
lockdep_is_held(&module_mutex)) {
if (!strcmp(mod_taint->name, mod->name) &&
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 661/862] fs: dlm: fix race in lowcomms
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (659 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 660/862] module: tracking: Keep a record of tainted unloaded modules only Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 662/862] rcu: Avoid triggering strict-GP irq-work when RCU is idle Greg Kroah-Hartman
` (215 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 30ea3257e8766027c4d8d609dcbd256ff9a76073 ]
This patch fixes a race between queue_work() in
_dlm_lowcomms_commit_msg() and srcu_read_unlock(). The queue_work() can
take the final reference of a dlm_msg and so msg->idx can contain
garbage which is signaled by the following warning:
[ 676.237050] ------------[ cut here ]------------
[ 676.237052] WARNING: CPU: 0 PID: 1060 at include/linux/srcu.h:189 dlm_lowcomms_commit_msg+0x41/0x50
[ 676.238945] Modules linked in: dlm_locktorture torture rpcsec_gss_krb5 intel_rapl_msr intel_rapl_common iTCO_wdt iTCO_vendor_support qxl kvm_intel drm_ttm_helper vmw_vsock_virtio_transport kvm vmw_vsock_virtio_transport_common ttm irqbypass crc32_pclmul joydev crc32c_intel serio_raw drm_kms_helper vsock virtio_scsi virtio_console virtio_balloon snd_pcm drm syscopyarea sysfillrect sysimgblt snd_timer fb_sys_fops i2c_i801 lpc_ich snd i2c_smbus soundcore pcspkr
[ 676.244227] CPU: 0 PID: 1060 Comm: lock_torture_wr Not tainted 5.19.0-rc3+ #1546
[ 676.245216] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-2.module+el8.7.0+15506+033991b0 04/01/2014
[ 676.246460] RIP: 0010:dlm_lowcomms_commit_msg+0x41/0x50
[ 676.247132] Code: fe ff ff ff 75 24 48 c7 c6 bd 0f 49 bb 48 c7 c7 38 7c 01 bd e8 00 e7 ca ff 89 de 48 c7 c7 60 78 01 bd e8 42 3d cd ff 5b 5d c3 <0f> 0b eb d8 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48
[ 676.249253] RSP: 0018:ffffa401c18ffc68 EFLAGS: 00010282
[ 676.249855] RAX: 0000000000000001 RBX: 00000000ffff8b76 RCX: 0000000000000006
[ 676.250713] RDX: 0000000000000000 RSI: ffffffffbccf3a10 RDI: ffffffffbcc7b62e
[ 676.251610] RBP: ffffa401c18ffc70 R08: 0000000000000001 R09: 0000000000000001
[ 676.252481] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000005
[ 676.253421] R13: ffff8b76786ec370 R14: ffff8b76786ec370 R15: ffff8b76786ec480
[ 676.254257] FS: 0000000000000000(0000) GS:ffff8b7777800000(0000) knlGS:0000000000000000
[ 676.255239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 676.255897] CR2: 00005590205d88b8 CR3: 000000017656c003 CR4: 0000000000770ee0
[ 676.256734] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 676.257567] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 676.258397] PKRU: 55555554
[ 676.258729] Call Trace:
[ 676.259063] <TASK>
[ 676.259354] dlm_midcomms_commit_mhandle+0xcc/0x110
[ 676.259964] queue_bast+0x8b/0xb0
[ 676.260423] grant_pending_locks+0x166/0x1b0
[ 676.261007] _unlock_lock+0x75/0x90
[ 676.261469] unlock_lock.isra.57+0x62/0xa0
[ 676.262009] dlm_unlock+0x21e/0x330
[ 676.262457] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]
[ 676.263183] torture_unlock+0x5a/0x90 [dlm_locktorture]
[ 676.263815] ? preempt_count_sub+0xba/0x100
[ 676.264361] ? complete+0x1d/0x60
[ 676.264777] lock_torture_writer+0xb8/0x150 [dlm_locktorture]
[ 676.265555] kthread+0x10a/0x130
[ 676.266007] ? kthread_complete_and_exit+0x20/0x20
[ 676.266616] ret_from_fork+0x22/0x30
[ 676.267097] </TASK>
[ 676.267381] irq event stamp: 9579855
[ 676.267824] hardirqs last enabled at (9579863): [<ffffffffbb14e6f8>] __up_console_sem+0x58/0x60
[ 676.268896] hardirqs last disabled at (9579872): [<ffffffffbb14e6dd>] __up_console_sem+0x3d/0x60
[ 676.270008] softirqs last enabled at (9579798): [<ffffffffbc200349>] __do_softirq+0x349/0x4c7
[ 676.271438] softirqs last disabled at (9579897): [<ffffffffbb0d54c0>] irq_exit_rcu+0xb0/0xf0
[ 676.272796] ---[ end trace 0000000000000000 ]---
I reproduced this warning with dlm_locktorture test which is currently
not upstream. However this patch fix the issue by make a additional
refcount between dlm_lowcomms_new_msg() and dlm_lowcomms_commit_msg().
In case of the race the kref_put() in dlm_lowcomms_commit_msg() will be
the final put.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/lowcomms.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
index a4e84e8d94c8..59f64c596233 100644
--- a/fs/dlm/lowcomms.c
+++ b/fs/dlm/lowcomms.c
@@ -1336,6 +1336,8 @@ struct dlm_msg *dlm_lowcomms_new_msg(int nodeid, int len, gfp_t allocation,
return NULL;
}
+ /* for dlm_lowcomms_commit_msg() */
+ kref_get(&msg->ref);
/* we assume if successful commit must called */
msg->idx = idx;
return msg;
@@ -1375,6 +1377,8 @@ void dlm_lowcomms_commit_msg(struct dlm_msg *msg)
{
_dlm_lowcomms_commit_msg(msg);
srcu_read_unlock(&connections_srcu, msg->idx);
+ /* because dlm_lowcomms_new_msg() */
+ kref_put(&msg->ref, dlm_msg_release);
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 662/862] rcu: Avoid triggering strict-GP irq-work when RCU is idle
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (660 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 661/862] fs: dlm: fix race in lowcomms Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 663/862] rcu: Back off upon fill_page_cache_func() allocation failure Greg Kroah-Hartman
` (214 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zqiang, Paul E. McKenney, Sasha Levin
From: Zqiang <qiang1.zhang@intel.com>
[ Upstream commit 621189a1fe93cb2b34d62c5cdb9e258bca044813 ]
Kernels built with PREEMPT_RCU=y and RCU_STRICT_GRACE_PERIOD=y trigger
irq-work from rcu_read_unlock(), and the resulting irq-work handler
invokes rcu_preempt_deferred_qs_handle(). The point of this triggering
is to force grace periods to end quickly in order to give tools like KASAN
a better chance of detecting RCU usage bugs such as leaking RCU-protected
pointers out of an RCU read-side critical section.
However, this irq-work triggering is unconditional. This works, but
there is no point in doing this irq-work unless the current grace period
is waiting on the running CPU or task, which is not the common case.
After all, in the common case there are many rcu_read_unlock() calls
per CPU per grace period.
This commit therefore triggers the irq-work only when the current grace
period is waiting on the running CPU or task.
This change was tested as follows on a four-CPU system:
echo rcu_preempt_deferred_qs_handler > /sys/kernel/debug/tracing/set_ftrace_filter
echo 1 > /sys/kernel/debug/tracing/function_profile_enabled
insmod rcutorture.ko
sleep 20
rmmod rcutorture.ko
echo 0 > /sys/kernel/debug/tracing/function_profile_enabled
echo > /sys/kernel/debug/tracing/set_ftrace_filter
This procedure produces results in this per-CPU set of files:
/sys/kernel/debug/tracing/trace_stat/function*
Sample output from one of these files is as follows:
Function Hit Time Avg s^2
-------- --- ---- --- ---
rcu_preempt_deferred_qs_handle 838746 182650.3 us 0.217 us 0.004 us
The baseline sum of the "Hit" values (the number of calls to this
function) was 3,319,015. With this commit, that sum was 1,140,359,
for a 2.9x reduction. The worst-case variance across the CPUs was less
than 25%, so this large effect size is statistically significant.
The raw data is available in the Link: URL.
Link: https://lore.kernel.org/all/20220808022626.12825-1-qiang1.zhang@intel.com/
Signed-off-by: Zqiang <qiang1.zhang@intel.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree_plugin.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
index 438ecae6bd7e..49468b4d1b43 100644
--- a/kernel/rcu/tree_plugin.h
+++ b/kernel/rcu/tree_plugin.h
@@ -641,7 +641,8 @@ static void rcu_read_unlock_special(struct task_struct *t)
expboost = (t->rcu_blocked_node && READ_ONCE(t->rcu_blocked_node->exp_tasks)) ||
(rdp->grpmask & READ_ONCE(rnp->expmask)) ||
- IS_ENABLED(CONFIG_RCU_STRICT_GRACE_PERIOD) ||
+ (IS_ENABLED(CONFIG_RCU_STRICT_GRACE_PERIOD) &&
+ ((rdp->grpmask & READ_ONCE(rnp->qsmask)) || t->rcu_blocked_node)) ||
(IS_ENABLED(CONFIG_RCU_BOOST) && irqs_were_disabled &&
t->rcu_blocked_node);
// Need to defer quiescent state until everything is enabled.
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 663/862] rcu: Back off upon fill_page_cache_func() allocation failure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (661 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 662/862] rcu: Avoid triggering strict-GP irq-work when RCU is idle Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 664/862] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Greg Kroah-Hartman
` (213 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uladzislau Rezki (Sony),
Paul E. McKenney, Frederic Weisbecker, Neeraj Upadhyay,
Josh Triplett, Steven Rostedt, Mathieu Desnoyers, Lai Jiangshan,
Joel Fernandes, Michal Hocko, Sasha Levin
From: Michal Hocko <mhocko@suse.com>
[ Upstream commit 093590c16b447f53e66771c8579ae66c96f6ef61 ]
The fill_page_cache_func() function allocates couple of pages to store
kvfree_rcu_bulk_data structures. This is a lightweight (GFP_NORETRY)
allocation which can fail under memory pressure. The function will,
however keep retrying even when the previous attempt has failed.
This retrying is in theory correct, but in practice the allocation is
invoked from workqueue context, which means that if the memory reclaim
gets stuck, these retries can hog the worker for quite some time.
Although the workqueues subsystem automatically adjusts concurrency, such
adjustment is not guaranteed to happen until the worker context sleeps.
And the fill_page_cache_func() function's retry loop is not guaranteed
to sleep (see the should_reclaim_retry() function).
And we have seen this function cause workqueue lockups:
kernel: BUG: workqueue lockup - pool cpus=93 node=1 flags=0x1 nice=0 stuck for 32s!
[...]
kernel: pool 74: cpus=37 node=0 flags=0x1 nice=0 hung=32s workers=2 manager: 2146
kernel: pwq 498: cpus=249 node=1 flags=0x1 nice=0 active=4/256 refcnt=5
kernel: in-flight: 1917:fill_page_cache_func
kernel: pending: dbs_work_handler, free_work, kfree_rcu_monitor
Originally, we thought that the root cause of this lockup was several
retries with direct reclaim, but this is not yet confirmed. Furthermore,
we have seen similar lockups without any heavy memory pressure. This
suggests that there are other factors contributing to these lockups.
However, it is not really clear that endless retries are desireable.
So let's make the fill_page_cache_func() function back off after
allocation failure.
Cc: Uladzislau Rezki (Sony) <urezki@gmail.com>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index 79aea7df4345..eb435941e92f 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3183,15 +3183,16 @@ static void fill_page_cache_func(struct work_struct *work)
bnode = (struct kvfree_rcu_bulk_data *)
__get_free_page(GFP_KERNEL | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN);
- if (bnode) {
- raw_spin_lock_irqsave(&krcp->lock, flags);
- pushed = put_cached_bnode(krcp, bnode);
- raw_spin_unlock_irqrestore(&krcp->lock, flags);
+ if (!bnode)
+ break;
- if (!pushed) {
- free_page((unsigned long) bnode);
- break;
- }
+ raw_spin_lock_irqsave(&krcp->lock, flags);
+ pushed = put_cached_bnode(krcp, bnode);
+ raw_spin_unlock_irqrestore(&krcp->lock, flags);
+
+ if (!pushed) {
+ free_page((unsigned long) bnode);
+ break;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 664/862] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (662 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 663/862] rcu: Back off upon fill_page_cache_func() allocation failure Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 665/862] rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states Greg Kroah-Hartman
` (212 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zqiang, Paul E. McKenney, Sasha Levin
From: Zqiang <qiang1.zhang@intel.com>
[ Upstream commit fcd53c8a4dfa38bafb89efdd0b0f718f3a03f884 ]
Kernels built with CONFIG_PROVE_RCU=y and CONFIG_DEBUG_LOCK_ALLOC=y
attempt to emit a warning when the synchronize_rcu_tasks_generic()
function is called during early boot while the rcu_scheduler_active
variable is RCU_SCHEDULER_INACTIVE. However the warnings is not
actually be printed because the debug_lockdep_rcu_enabled() returns
false, exactly because the rcu_scheduler_active variable is still equal
to RCU_SCHEDULER_INACTIVE.
This commit therefore replaces RCU_LOCKDEP_WARN() with WARN_ONCE()
to force these warnings to actually be printed.
Signed-off-by: Zqiang <qiang1.zhang@intel.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tasks.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h
index 83c7e6620d40..469bf2a3b505 100644
--- a/kernel/rcu/tasks.h
+++ b/kernel/rcu/tasks.h
@@ -560,7 +560,7 @@ static int __noreturn rcu_tasks_kthread(void *arg)
static void synchronize_rcu_tasks_generic(struct rcu_tasks *rtp)
{
/* Complain if the scheduler has not started. */
- RCU_LOCKDEP_WARN(rcu_scheduler_active == RCU_SCHEDULER_INACTIVE,
+ WARN_ONCE(rcu_scheduler_active == RCU_SCHEDULER_INACTIVE,
"synchronize_rcu_tasks called too soon");
// If the grace-period kthread is running, use it.
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 665/862] rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (663 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 664/862] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 666/862] cpufreq: amd_pstate: fix wrong lowest perf fetch Greg Kroah-Hartman
` (211 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul E. McKenney, Sasha Levin
From: Paul E. McKenney <paulmck@kernel.org>
[ Upstream commit d6ad60635cafe900bcd11ad588d8accb36c36b1b ]
The RCU Tasks Trace grace-period kthread loops across all CPUs, and
there can be quite a few CPUs, with some commercially available systems
sporting well over a thousand of them. Some of these loops can feature
IPIs, which can take some time. This commit therefore places a call to
cond_resched_tasks_rcu_qs() in each such loop.
Link: https://docs.google.com/document/d/1V0YnG1HTWMt9WHJjroiJL9lf-hMrud4v8Fn3fhyY0cI/edit?usp=sharing
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tasks.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h
index 469bf2a3b505..f5bf6fb430da 100644
--- a/kernel/rcu/tasks.h
+++ b/kernel/rcu/tasks.h
@@ -1500,6 +1500,7 @@ static void rcu_tasks_trace_pregp_step(struct list_head *hop)
if (rcu_tasks_trace_pertask_prep(t, true))
trc_add_holdout(t, hop);
rcu_read_unlock();
+ cond_resched_tasks_rcu_qs();
}
// Only after all running tasks have been accounted for is it
@@ -1520,6 +1521,7 @@ static void rcu_tasks_trace_pregp_step(struct list_head *hop)
raw_spin_lock_irqsave_rcu_node(rtpcp, flags);
}
raw_spin_unlock_irqrestore_rcu_node(rtpcp, flags);
+ cond_resched_tasks_rcu_qs();
}
// Re-enable CPU hotplug now that the holdout list is populated.
@@ -1619,6 +1621,7 @@ static void check_all_holdout_tasks_trace(struct list_head *hop,
trc_del_holdout(t);
else if (needreport)
show_stalled_task_trace(t, firstreport);
+ cond_resched_tasks_rcu_qs();
}
// Re-enable CPU hotplug now that the holdout list scan has completed.
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 666/862] cpufreq: amd_pstate: fix wrong lowest perf fetch
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (664 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 665/862] rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 667/862] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Greg Kroah-Hartman
` (210 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huang Rui, Viresh Kumar, Perry Yuan,
Su Jinzhou, Rafael J. Wysocki, Sasha Levin
From: Perry Yuan <Perry.Yuan@amd.com>
[ Upstream commit b185c5053c65b7704ead4537e4d4d9b33dc398dc ]
Fix the wrong lowest perf value reading which is used for new
des_perf calculation by governor requested, the incorrect min_perf will
get incorrect des_perf to be set , that will cause the system frequency
changing unexpectedly.
Reviewed-by: Huang Rui <ray.huang@amd.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Perry Yuan <Perry.Yuan@amd.com>
Signed-off-by: Su Jinzhou <jinzhou.su@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/amd-pstate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c
index 365f3ad166a7..d63a28c5f95a 100644
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -322,7 +322,7 @@ static int amd_pstate_target(struct cpufreq_policy *policy,
return -ENODEV;
cap_perf = READ_ONCE(cpudata->highest_perf);
- min_perf = READ_ONCE(cpudata->lowest_nonlinear_perf);
+ min_perf = READ_ONCE(cpudata->lowest_perf);
max_perf = cap_perf;
freqs.old = policy->cur;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 667/862] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (665 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 666/862] cpufreq: amd_pstate: fix wrong lowest perf fetch Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 668/862] fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL Greg Kroah-Hartman
` (209 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Arvid Norlander,
Rafael J. Wysocki, Sasha Levin
From: Arvid Norlander <lkml@vorpal.se>
[ Upstream commit 574160b8548deff8b80b174f03201e94ab8431e2 ]
Toshiba Satellite Z830 needs the quirk video_disable_backlight_sysfs_if
for proper backlight control after suspend/resume cycles.
Toshiba Portege Z830 is simply the same laptop rebranded for certain
markets (I looked through the manual to other language sections to confirm
this) and thus also needs this quirk.
Thanks to Hans de Goede for suggesting this fix.
Link: https://www.spinics.net/lists/platform-driver-x86/msg34394.html
Suggested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Arvid Norlander <lkml@vorpal.se>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Arvid Norlander <lkml@vorpal.se>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_video.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c
index 5cbe2196176d..2a4990733cf0 100644
--- a/drivers/acpi/acpi_video.c
+++ b/drivers/acpi/acpi_video.c
@@ -496,6 +496,22 @@ static const struct dmi_system_id video_dmi_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "SATELLITE R830"),
},
},
+ {
+ .callback = video_disable_backlight_sysfs_if,
+ .ident = "Toshiba Satellite Z830",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "SATELLITE Z830"),
+ },
+ },
+ {
+ .callback = video_disable_backlight_sysfs_if,
+ .ident = "Toshiba Portege Z830",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE Z830"),
+ },
+ },
/*
* Some machine's _DOD IDs don't have bit 31(Device ID Scheme) set
* but the IDs actually follow the Device ID Scheme.
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 668/862] fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (666 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 667/862] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 669/862] ACPI: tables: FPDT: Dont call acpi_os_map_memory() on invalid phys address Greg Kroah-Hartman
` (208 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Tom Rix,
Andrew Morton, Vlastimil Babka, Steven Rostedt (Google),
David Gow, Yury Norov, Masami Hiramatsu, Sander Vanheule,
linux-hardening, llvm, Nick Desaulniers, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit d07c0acb4f41cc42a0d97530946965b3e4fa68c1 ]
With CONFIG_FORTIFY=y and CONFIG_UBSAN_LOCAL_BOUNDS=y enabled, we observe
a runtime panic while running Android's Compatibility Test Suite's (CTS)
android.hardware.input.cts.tests. This is stemming from a strlen()
call in hidinput_allocate().
__compiletime_strlen() is implemented in terms of __builtin_object_size(),
then does an array access to check for NUL-termination. A quirk of
__builtin_object_size() is that for strings whose values are runtime
dependent, __builtin_object_size(str, 1 or 0) returns the maximum size
of possible values when those sizes are determinable at compile time.
Example:
static const char *v = "FOO BAR";
static const char *y = "FOO BA";
unsigned long x (int z) {
// Returns 8, which is:
// max(__builtin_object_size(v, 1), __builtin_object_size(y, 1))
return __builtin_object_size(z ? v : y, 1);
}
So when FORTIFY_SOURCE is enabled, the current implementation of
__compiletime_strlen() will try to access beyond the end of y at runtime
using the size of v. Mixed with UBSAN_LOCAL_BOUNDS we get a fault.
hidinput_allocate() has a local C string whose value is control flow
dependent on a switch statement, so __builtin_object_size(str, 1)
evaluates to the maximum string length, making all other cases fault on
the last character check. hidinput_allocate() could be cleaned up to
avoid runtime calls to strlen() since the local variable can only have
literal values, so there's no benefit to trying to fortify the strlen
call site there.
Perform a __builtin_constant_p() check against index 0 earlier in the
macro to filter out the control-flow-dependant case. Add a KUnit test
for checking the expected behavioral characteristics of FORTIFY_SOURCE
internals.
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Tom Rix <trix@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: "Steven Rostedt (Google)" <rostedt@goodmis.org>
Cc: David Gow <davidgow@google.com>
Cc: Yury Norov <yury.norov@gmail.com>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Sander Vanheule <sander@svanheule.net>
Cc: linux-hardening@vger.kernel.org
Cc: llvm@lists.linux.dev
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Android Treehugger Robot
Link: https://android-review.googlesource.com/c/kernel/common/+/2206839
Co-developed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/fortify-string.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
index 3b401fa0f374..fce2fb2fc962 100644
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@@ -19,7 +19,8 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("
unsigned char *__p = (unsigned char *)(p); \
size_t __ret = (size_t)-1; \
size_t __p_size = __builtin_object_size(p, 1); \
- if (__p_size != (size_t)-1) { \
+ if (__p_size != (size_t)-1 && \
+ __builtin_constant_p(*__p)) { \
size_t __p_len = __p_size - 1; \
if (__builtin_constant_p(__p[__p_len]) && \
__p[__p_len] == '\0') \
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 669/862] ACPI: tables: FPDT: Dont call acpi_os_map_memory() on invalid phys address
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (667 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 668/862] fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 670/862] cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode Greg Kroah-Hartman
` (207 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Rafael J. Wysocki,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 211391bf04b3c74e250c566eeff9cf808156c693 ]
On a Packard Bell Dot SC (Intel Atom N2600 model) there is a FPDT table
which contains invalid physical addresses, with high bits set which fall
outside the range of the CPU-s supported physical address range.
Calling acpi_os_map_memory() on such an invalid phys address leads to
the below WARN_ON in ioremap triggering resulting in an oops/stacktrace.
Add code to verify the physical address before calling acpi_os_map_memory()
to fix / avoid the oops.
[ 1.226900] ioremap: invalid physical address 3001000000000000
[ 1.226949] ------------[ cut here ]------------
[ 1.226962] WARNING: CPU: 1 PID: 1 at arch/x86/mm/ioremap.c:200 __ioremap_caller.cold+0x43/0x5f
[ 1.226996] Modules linked in:
[ 1.227016] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc3+ #490
[ 1.227029] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013
[ 1.227038] RIP: 0010:__ioremap_caller.cold+0x43/0x5f
[ 1.227054] Code: 96 00 00 e9 f8 af 24 ff 89 c6 48 c7 c7 d8 0c 84 99 e8 6a 96 00 00 e9 76 af 24 ff 48 89 fe 48 c7 c7 a8 0c 84 99 e8 56 96 00 00 <0f> 0b e9 60 af 24 ff 48 8b 34 24 48 c7 c7 40 0d 84 99 e8 3f 96 00
[ 1.227067] RSP: 0000:ffffb18c40033d60 EFLAGS: 00010286
[ 1.227084] RAX: 0000000000000032 RBX: 3001000000000000 RCX: 0000000000000000
[ 1.227095] RDX: 0000000000000001 RSI: 00000000ffffdfff RDI: 00000000ffffffff
[ 1.227105] RBP: 3001000000000000 R08: 0000000000000000 R09: ffffb18c40033c18
[ 1.227115] R10: 0000000000000003 R11: ffffffff99d62fe8 R12: 0000000000000008
[ 1.227124] R13: 0003001000000000 R14: 0000000000001000 R15: 3001000000000000
[ 1.227135] FS: 0000000000000000(0000) GS:ffff913a3c080000(0000) knlGS:0000000000000000
[ 1.227146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.227156] CR2: 0000000000000000 CR3: 0000000018c26000 CR4: 00000000000006e0
[ 1.227167] Call Trace:
[ 1.227176] <TASK>
[ 1.227185] ? acpi_os_map_iomem+0x1c9/0x1e0
[ 1.227215] ? kmem_cache_alloc_trace+0x187/0x370
[ 1.227254] acpi_os_map_iomem+0x1c9/0x1e0
[ 1.227288] acpi_init_fpdt+0xa8/0x253
[ 1.227308] ? acpi_debugfs_init+0x1f/0x1f
[ 1.227339] do_one_initcall+0x5a/0x300
[ 1.227406] ? rcu_read_lock_sched_held+0x3f/0x80
[ 1.227442] kernel_init_freeable+0x28b/0x2cc
[ 1.227512] ? rest_init+0x170/0x170
[ 1.227538] kernel_init+0x16/0x140
[ 1.227552] ret_from_fork+0x1f/0x30
[ 1.227639] </TASK>
[ 1.227647] irq event stamp: 186819
[ 1.227656] hardirqs last enabled at (186825): [<ffffffff98184a6e>] __up_console_sem+0x5e/0x70
[ 1.227672] hardirqs last disabled at (186830): [<ffffffff98184a53>] __up_console_sem+0x43/0x70
[ 1.227686] softirqs last enabled at (186576): [<ffffffff980fbc9d>] __irq_exit_rcu+0xed/0x160
[ 1.227701] softirqs last disabled at (186569): [<ffffffff980fbc9d>] __irq_exit_rcu+0xed/0x160
[ 1.227715] ---[ end trace 0000000000000000 ]---
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_fpdt.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/drivers/acpi/acpi_fpdt.c b/drivers/acpi/acpi_fpdt.c
index 6922a44b3ce7..a2056c4c8cb7 100644
--- a/drivers/acpi/acpi_fpdt.c
+++ b/drivers/acpi/acpi_fpdt.c
@@ -143,6 +143,23 @@ static const struct attribute_group boot_attr_group = {
static struct kobject *fpdt_kobj;
+#if defined CONFIG_X86 && defined CONFIG_PHYS_ADDR_T_64BIT
+#include <linux/processor.h>
+static bool fpdt_address_valid(u64 address)
+{
+ /*
+ * On some systems the table contains invalid addresses
+ * with unsuppored high address bits set, check for this.
+ */
+ return !(address >> boot_cpu_data.x86_phys_bits);
+}
+#else
+static bool fpdt_address_valid(u64 address)
+{
+ return true;
+}
+#endif
+
static int fpdt_process_subtable(u64 address, u32 subtable_type)
{
struct fpdt_subtable_header *subtable_header;
@@ -151,6 +168,11 @@ static int fpdt_process_subtable(u64 address, u32 subtable_type)
u32 length, offset;
int result;
+ if (!fpdt_address_valid(address)) {
+ pr_info(FW_BUG "invalid physical address: 0x%llx!\n", address);
+ return -EINVAL;
+ }
+
subtable_header = acpi_os_map_memory(address, sizeof(*subtable_header));
if (!subtable_header)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 670/862] cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (668 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 669/862] ACPI: tables: FPDT: Dont call acpi_os_map_memory() on invalid phys address Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 671/862] MIPS: BCM47XX: Cast memcmp() of function to (void *) Greg Kroah-Hartman
` (206 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Doug Smythies, Rafael J. Wysocki,
Sasha Levin
From: Doug Smythies <dsmythies@telus.net>
[ Upstream commit 71bb5c82aaaea007167f3ba68d3a669c74d7d55d ]
Users may disable HWP in firmware, in which case intel_pstate wouldn't load
unless the CPU model is explicitly supported.
Add TIGERLAKE to the list of CPUs that can register intel_pstate while not
advertising the HWP capability. Without this change, an TIGERLAKE in no-HWP
mode could only use the acpi_cpufreq frequency scaling driver.
See also commits:
d8de7a44e11f: cpufreq: intel_pstate: Add Skylake servers support
fbdc21e9b038: cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode
706c5328851d: cpufreq: intel_pstate: Add Cometlake support in no-HWP mode
Reported by: M. Cargi Ari <cagriari@pm.me>
Signed-off-by: Doug Smythies <dsmythies@telus.net>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/intel_pstate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
index 57cdb3679885..fc3ebeb0bbe5 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -2416,6 +2416,7 @@ static const struct x86_cpu_id intel_pstate_cpu_ids[] = {
X86_MATCH(SKYLAKE_X, core_funcs),
X86_MATCH(COMETLAKE, core_funcs),
X86_MATCH(ICELAKE_X, core_funcs),
+ X86_MATCH(TIGERLAKE, core_funcs),
{}
};
MODULE_DEVICE_TABLE(x86cpu, intel_pstate_cpu_ids);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 671/862] MIPS: BCM47XX: Cast memcmp() of function to (void *)
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (669 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 670/862] cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 672/862] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Greg Kroah-Hartman
` (205 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hauke Mehrtens,
Rafał Miłecki, Thomas Bogendoerfer, linux-mips,
Nathan Chancellor, Nick Desaulniers, llvm, kernel test robot,
Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 0dedcf6e3301836eb70cfa649052e7ce4fcd13ba ]
Clang is especially sensitive about argument type matching when using
__overloaded functions (like memcmp(), etc). Help it see that function
pointers are just "void *". Avoids this error:
arch/mips/bcm47xx/prom.c:89:8: error: no matching function for call to 'memcmp'
if (!memcmp(prom_init, prom_init + mem, 32))
^~~~~~
include/linux/string.h:156:12: note: candidate function not viable: no known conversion from 'void (void)' to 'const void *' for 1st argument extern int memcmp(const void *,const void *,__kernel_size_t);
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: "Rafał Miłecki" <zajec5@gmail.com>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: linux-mips@vger.kernel.org
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: llvm@lists.linux.dev
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/202209080652.sz2d68e5-lkp@intel.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/bcm47xx/prom.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/bcm47xx/prom.c b/arch/mips/bcm47xx/prom.c
index ab203e66ba0d..a9bea411d928 100644
--- a/arch/mips/bcm47xx/prom.c
+++ b/arch/mips/bcm47xx/prom.c
@@ -86,7 +86,7 @@ static __init void prom_init_mem(void)
pr_debug("Assume 128MB RAM\n");
break;
}
- if (!memcmp(prom_init, prom_init + mem, 32))
+ if (!memcmp((void *)prom_init, (void *)prom_init + mem, 32))
break;
}
lowmem = mem;
@@ -159,7 +159,7 @@ void __init bcm47xx_prom_highmem_init(void)
off = EXTVBASE + __pa(off);
for (extmem = 128 << 20; extmem < 512 << 20; extmem <<= 1) {
- if (!memcmp(prom_init, (void *)(off + extmem), 16))
+ if (!memcmp((void *)prom_init, (void *)(off + extmem), 16))
break;
}
extmem -= lowmem;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 672/862] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (670 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 671/862] MIPS: BCM47XX: Cast memcmp() of function to (void *) Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 673/862] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash Greg Kroah-Hartman
` (204 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Qin, Zhang Rui,
Rafael J. Wysocki, Sasha Levin
From: Chao Qin <chao.qin@intel.com>
[ Upstream commit 2d93540014387d1c73b9ccc4d7895320df66d01b ]
When value < time_unit, the parameter of ilog2() will be zero and
the return value is -1. u64(-1) is too large for shift exponent
and then will trigger shift-out-of-bounds:
shift exponent 18446744073709551615 is too large for 32-bit type 'int'
Call Trace:
rapl_compute_time_window_core
rapl_write_data_raw
set_time_window
store_constraint_time_window_us
Signed-off-by: Chao Qin <chao.qin@intel.com>
Acked-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/powercap/intel_rapl_common.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c
index a2a2f4351463..33a3ca35cda0 100644
--- a/drivers/powercap/intel_rapl_common.c
+++ b/drivers/powercap/intel_rapl_common.c
@@ -994,6 +994,9 @@ static u64 rapl_compute_time_window_core(struct rapl_package *rp, u64 value,
y = value & 0x1f;
value = (1 << y) * (4 + f) * rp->time_unit / 4;
} else {
+ if (value < rp->time_unit)
+ return 0;
+
do_div(value, rp->time_unit);
y = ilog2(value);
f = div64_u64(4 * (value - (1 << y)), 1 << y);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 673/862] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (671 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 672/862] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 674/862] ARM: decompressor: Include .data.rel.ro.local Greg Kroah-Hartman
` (203 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Yu, Srinivas Pandruvada,
Rafael J. Wysocki, Sasha Levin
From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
[ Upstream commit 68b99e94a4a2db6ba9b31fe0485e057b9354a640 ]
When CPU 0 is offline and intel_powerclamp is used to inject
idle, it generates kernel BUG:
BUG: using smp_processor_id() in preemptible [00000000] code: bash/15687
caller is debug_smp_processor_id+0x17/0x20
CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57
Call Trace:
<TASK>
dump_stack_lvl+0x49/0x63
dump_stack+0x10/0x16
check_preemption_disabled+0xdd/0xe0
debug_smp_processor_id+0x17/0x20
powerclamp_set_cur_state+0x7f/0xf9 [intel_powerclamp]
...
...
Here CPU 0 is the control CPU by default and changed to the current CPU,
if CPU 0 offlined. This check has to be performed under cpus_read_lock(),
hence the above warning.
Use get_cpu() instead of smp_processor_id() to avoid this BUG.
Suggested-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
[ rjw: Subject edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/intel/intel_powerclamp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/intel/intel_powerclamp.c b/drivers/thermal/intel/intel_powerclamp.c
index c841ab37e7c6..46cd799af148 100644
--- a/drivers/thermal/intel/intel_powerclamp.c
+++ b/drivers/thermal/intel/intel_powerclamp.c
@@ -532,8 +532,10 @@ static int start_power_clamp(void)
/* prefer BSP */
control_cpu = 0;
- if (!cpu_online(control_cpu))
- control_cpu = smp_processor_id();
+ if (!cpu_online(control_cpu)) {
+ control_cpu = get_cpu();
+ put_cpu();
+ }
clamping = true;
schedule_delayed_work(&poll_pkg_cstate_work, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 674/862] ARM: decompressor: Include .data.rel.ro.local
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (672 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 673/862] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 675/862] ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Greg Kroah-Hartman
` (202 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Russell King,
linux-arm-kernel, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 1b64daf413acd86c2c13f5443f6b4ef3690c8061 ]
The .data.rel.ro.local section has the same semantics as .data.rel.ro
here, so include it in the .rodata section of the decompressor.
Additionally since the .printk_index section isn't usable outside of
the core kernel, discard it in the decompressor. Avoids these warnings:
arm-linux-gnueabi-ld: warning: orphan section `.data.rel.ro.local' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.data.rel.ro.local'
arm-linux-gnueabi-ld: warning: orphan section `.printk_index' from `arch/arm/boot/compressed/fdt_rw.o' being placed in section `.printk_index'
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/linux-mm/202209080545.qMIVj7YM-lkp@intel.com
Cc: Russell King <linux@armlinux.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/compressed/vmlinux.lds.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/boot/compressed/vmlinux.lds.S b/arch/arm/boot/compressed/vmlinux.lds.S
index 1bcb68ac4b01..3fcb3e62dc56 100644
--- a/arch/arm/boot/compressed/vmlinux.lds.S
+++ b/arch/arm/boot/compressed/vmlinux.lds.S
@@ -23,6 +23,7 @@ SECTIONS
*(.ARM.extab*)
*(.note.*)
*(.rel.*)
+ *(.printk_index)
/*
* Discard any r/w data - this produces a link error if we have any,
* which is required for PIC decompression. Local data generates
@@ -57,6 +58,7 @@ SECTIONS
*(.rodata)
*(.rodata.*)
*(.data.rel.ro)
+ *(.data.rel.ro.*)
}
.piggydata : {
*(.piggydata)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 675/862] ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (673 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 674/862] ARM: decompressor: Include .data.rel.ro.local Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 676/862] x86/entry: Work around Clang __bdos() bug Greg Kroah-Hartman
` (201 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mario Limonciello, Hans de Goede,
Rafael J. Wysocki, Sasha Levin, Luya Tshimbalanga
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 018d6711c26e4bd26e20a819fcc7f8ab902608f3 ]
Dell Inspiron 14 2-in-1 has two ACPI nodes under GPP1 both with _ADR of
0, both without _HID. It's ambiguous which the kernel should take, but
it seems to take "DEV0". Unfortunately "DEV0" is missing the device
property `StorageD3Enable` which is present on "NVME".
To avoid this causing problems for suspend, add a quirk for this system
to behave like `StorageD3Enable` property was found.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216440
Reported-and-tested-by: Luya Tshimbalanga <luya@fedoraproject.org>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/x86/utils.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/x86/utils.c b/drivers/acpi/x86/utils.c
index 664070fc8349..d7cdd8406c84 100644
--- a/drivers/acpi/x86/utils.c
+++ b/drivers/acpi/x86/utils.c
@@ -207,9 +207,26 @@ static const struct x86_cpu_id storage_d3_cpu_ids[] = {
{}
};
+static const struct dmi_system_id force_storage_d3_dmi[] = {
+ {
+ /*
+ * _ADR is ambiguous between GPP1.DEV0 and GPP1.NVME
+ * but .NVME is needed to get StorageD3Enable node
+ * https://bugzilla.kernel.org/show_bug.cgi?id=216440
+ */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 14 7425 2-in-1"),
+ }
+ },
+ {}
+};
+
bool force_storage_d3(void)
{
- return x86_match_cpu(storage_d3_cpu_ids);
+ const struct dmi_system_id *dmi_id = dmi_first_match(force_storage_d3_dmi);
+
+ return dmi_id || x86_match_cpu(storage_d3_cpu_ids);
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 676/862] x86/entry: Work around Clang __bdos() bug
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (674 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 675/862] ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 677/862] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Greg Kroah-Hartman
` (200 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juergen Gross, Boris Ostrovsky,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86,
H. Peter Anvin, xen-devel, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 3e1730842f142add55dc658929221521a9ea62b6 ]
Clang produces a false positive when building with CONFIG_FORTIFY_SOURCE=y
and CONFIG_UBSAN_BOUNDS=y when operating on an array with a dynamic
offset. Work around this by using a direct assignment of an empty
instance. Avoids this warning:
../include/linux/fortify-string.h:309:4: warning: call to __write_overflow_field declared with 'warn
ing' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wat
tribute-warning]
__write_overflow_field(p_size_field, size);
^
which was isolated to the memset() call in xen_load_idt().
Note that this looks very much like another bug that was worked around:
https://github.com/ClangBuiltLinux/linux/issues/1592
Cc: Juergen Gross <jgross@suse.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: x86@kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: xen-devel@lists.xenproject.org
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/lkml/41527d69-e8ab-3f86-ff37-6b298c01d5bc@oracle.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/xen/enlighten_pv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
index 0ed2e487a693..9b1a58dda935 100644
--- a/arch/x86/xen/enlighten_pv.c
+++ b/arch/x86/xen/enlighten_pv.c
@@ -765,6 +765,7 @@ static void xen_load_idt(const struct desc_ptr *desc)
{
static DEFINE_SPINLOCK(lock);
static struct trap_info traps[257];
+ static const struct trap_info zero = { };
unsigned out;
trace_xen_cpu_load_idt(desc);
@@ -774,7 +775,7 @@ static void xen_load_idt(const struct desc_ptr *desc)
memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc));
out = xen_convert_trap_info(desc, traps, false);
- memset(&traps[out], 0, sizeof(traps[0]));
+ traps[out] = zero;
xen_mc_flush();
if (HYPERVISOR_set_trap_table(traps))
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 677/862] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (675 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 676/862] x86/entry: Work around Clang __bdos() bug Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 678/862] NFSD: fix use-after-free on source server when doing inter-server copy Greg Kroah-Hartman
` (199 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anna Schumaker, Chuck Lever, Sasha Levin
From: Anna Schumaker <Anna.Schumaker@Netapp.com>
[ Upstream commit 06981d560606ac48d61e5f4fff6738b925c93173 ]
This was discussed with Chuck as part of this patch set. Returning
nfserr_resource was decided to not be the best error message here, and
he suggested changing to nfserr_serverfault instead.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Link: https://lore.kernel.org/linux-nfs/20220907195259.926736-1-anna@kernel.org/T/#t
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4xdr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index ac1b03cf05a5..2960d0a8e8f9 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3988,7 +3988,7 @@ nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr,
}
if (resp->xdr->buf->page_len && splice_ok) {
WARN_ON_ONCE(1);
- return nfserr_resource;
+ return nfserr_serverfault;
}
xdr_commit_encode(xdr);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 678/862] NFSD: fix use-after-free on source server when doing inter-server copy
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (676 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 677/862] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 679/862] libbpf: Ensure functions with always_inline attribute are inline Greg Kroah-Hartman
` (198 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dai Ngo, Chuck Lever, Sasha Levin
From: Dai Ngo <dai.ngo@oracle.com>
[ Upstream commit 019805fea91599b22dfa62ffb29c022f35abeb06 ]
Use-after-free occurred when the laundromat tried to free expired
cpntf_state entry on the s2s_cp_stateids list after inter-server
copy completed. The sc_cp_list that the expired copy state was
inserted on was already freed.
When COPY completes, the Linux client normally sends LOCKU(lock_state x),
FREE_STATEID(lock_state x) and CLOSE(open_state y) to the source server.
The nfs4_put_stid call from nfsd4_free_stateid cleans up the copy state
from the s2s_cp_stateids list before freeing the lock state's stid.
However, sometimes the CLOSE was sent before the FREE_STATEID request.
When this happens, the nfsd4_close_open_stateid call from nfsd4_close
frees all lock states on its st_locks list without cleaning up the copy
state on the sc_cp_list list. When the time the FREE_STATEID arrives the
server returns BAD_STATEID since the lock state was freed. This causes
the use-after-free error to occur when the laundromat tries to free
the expired cpntf_state.
This patch adds a call to nfs4_free_cpntf_statelist in
nfsd4_close_open_stateid to clean up the copy state before calling
free_ol_stateid_reaplist to free the lock state's stid on the reaplist.
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4state.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index c5d199d7e6b4..0bc36472f8b7 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1049,6 +1049,7 @@ static struct nfs4_ol_stateid * nfs4_alloc_open_stateid(struct nfs4_client *clp)
static void nfs4_free_deleg(struct nfs4_stid *stid)
{
+ WARN_ON(!list_empty(&stid->sc_cp_list));
kmem_cache_free(deleg_slab, stid);
atomic_long_dec(&num_delegations);
}
@@ -1462,6 +1463,7 @@ static void nfs4_free_ol_stateid(struct nfs4_stid *stid)
release_all_access(stp);
if (stp->st_stateowner)
nfs4_put_stateowner(stp->st_stateowner);
+ WARN_ON(!list_empty(&stid->sc_cp_list));
kmem_cache_free(stateid_slab, stid);
}
@@ -6684,6 +6686,7 @@ static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
struct nfs4_client *clp = s->st_stid.sc_client;
bool unhashed;
LIST_HEAD(reaplist);
+ struct nfs4_ol_stateid *stp;
spin_lock(&clp->cl_lock);
unhashed = unhash_open_stateid(s, &reaplist);
@@ -6692,6 +6695,8 @@ static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
if (unhashed)
put_ol_stateid_locked(s, &reaplist);
spin_unlock(&clp->cl_lock);
+ list_for_each_entry(stp, &reaplist, st_locks)
+ nfs4_free_cpntf_statelist(clp->net, &stp->st_stid);
free_ol_stateid_reaplist(&reaplist);
} else {
spin_unlock(&clp->cl_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 679/862] libbpf: Ensure functions with always_inline attribute are inline
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (677 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 678/862] NFSD: fix use-after-free on source server when doing inter-server copy Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 680/862] libbpf: Do not require executable permission for shared libraries Greg Kroah-Hartman
` (197 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hilliard, Andrii Nakryiko,
Jiri Olsa, Sasha Levin
From: James Hilliard <james.hilliard1@gmail.com>
[ Upstream commit d25f40ff68aa61c838947bb9adee6c6b36e77453 ]
GCC expects the always_inline attribute to only be set on inline
functions, as such we should make all functions with this attribute
use the __always_inline macro which makes the function inline and
sets the attribute.
Fixes errors like:
/home/buildroot/bpf-next/tools/testing/selftests/bpf/tools/include/bpf/bpf_tracing.h:439:1: error: ‘always_inline’ function might not be inlinable [-Werror=attributes]
439 | ____##name(unsigned long long *ctx, ##args)
| ^~~~
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/bpf/20220803151403.793024-1-james.hilliard1@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/bpf_tracing.h | 14 +++++++-------
tools/lib/bpf/usdt.bpf.h | 4 ++--
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
index 43ca3aff2292..5fdb93da423b 100644
--- a/tools/lib/bpf/bpf_tracing.h
+++ b/tools/lib/bpf/bpf_tracing.h
@@ -426,7 +426,7 @@ struct pt_regs;
*/
#define BPF_PROG(name, args...) \
name(unsigned long long *ctx); \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(unsigned long long *ctx, ##args); \
typeof(name(0)) name(unsigned long long *ctx) \
{ \
@@ -435,7 +435,7 @@ typeof(name(0)) name(unsigned long long *ctx) \
return ____##name(___bpf_ctx_cast(args)); \
_Pragma("GCC diagnostic pop") \
} \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(unsigned long long *ctx, ##args)
struct pt_regs;
@@ -460,7 +460,7 @@ struct pt_regs;
*/
#define BPF_KPROBE(name, args...) \
name(struct pt_regs *ctx); \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(struct pt_regs *ctx, ##args); \
typeof(name(0)) name(struct pt_regs *ctx) \
{ \
@@ -469,7 +469,7 @@ typeof(name(0)) name(struct pt_regs *ctx) \
return ____##name(___bpf_kprobe_args(args)); \
_Pragma("GCC diagnostic pop") \
} \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(struct pt_regs *ctx, ##args)
#define ___bpf_kretprobe_args0() ctx
@@ -484,7 +484,7 @@ ____##name(struct pt_regs *ctx, ##args)
*/
#define BPF_KRETPROBE(name, args...) \
name(struct pt_regs *ctx); \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(struct pt_regs *ctx, ##args); \
typeof(name(0)) name(struct pt_regs *ctx) \
{ \
@@ -540,7 +540,7 @@ static __always_inline typeof(name(0)) ____##name(struct pt_regs *ctx, ##args)
#define BPF_KSYSCALL(name, args...) \
name(struct pt_regs *ctx); \
extern _Bool LINUX_HAS_SYSCALL_WRAPPER __kconfig; \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(struct pt_regs *ctx, ##args); \
typeof(name(0)) name(struct pt_regs *ctx) \
{ \
@@ -555,7 +555,7 @@ typeof(name(0)) name(struct pt_regs *ctx) \
return ____##name(___bpf_syscall_args(args)); \
_Pragma("GCC diagnostic pop") \
} \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(struct pt_regs *ctx, ##args)
#define BPF_KPROBE_SYSCALL BPF_KSYSCALL
diff --git a/tools/lib/bpf/usdt.bpf.h b/tools/lib/bpf/usdt.bpf.h
index 4f2adc0bd6ca..fdfd235e52c4 100644
--- a/tools/lib/bpf/usdt.bpf.h
+++ b/tools/lib/bpf/usdt.bpf.h
@@ -232,7 +232,7 @@ long bpf_usdt_cookie(struct pt_regs *ctx)
*/
#define BPF_USDT(name, args...) \
name(struct pt_regs *ctx); \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(struct pt_regs *ctx, ##args); \
typeof(name(0)) name(struct pt_regs *ctx) \
{ \
@@ -241,7 +241,7 @@ typeof(name(0)) name(struct pt_regs *ctx) \
return ____##name(___bpf_usdt_args(args)); \
_Pragma("GCC diagnostic pop") \
} \
-static __attribute__((always_inline)) typeof(name(0)) \
+static __always_inline typeof(name(0)) \
____##name(struct pt_regs *ctx, ##args)
#endif /* __USDT_BPF_H__ */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 680/862] libbpf: Do not require executable permission for shared libraries
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (678 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 679/862] libbpf: Ensure functions with always_inline attribute are inline Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow Greg Kroah-Hartman
` (196 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Goro Fuji, Hengqi Chen,
Andrii Nakryiko, Sasha Levin
From: Hengqi Chen <hengqi.chen@gmail.com>
[ Upstream commit 9e32084ef1c33a87a736d6ce3fcb95b60dac9aa1 ]
Currently, resolve_full_path() requires executable permission for both
programs and shared libraries. This causes failures on distos like Debian
since the shared libraries are not installed executable and Linux is not
requiring shared libraries to have executable permissions. Let's remove
executable permission check for shared libraries.
Reported-by: Goro Fuji <goro@fastly.com>
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220806102021.3867130-1-hengqi.chen@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -10667,15 +10667,17 @@ static const char *arch_specific_lib_pat
static int resolve_full_path(const char *file, char *result, size_t result_sz)
{
const char *search_paths[3] = {};
- int i;
+ int i, perm;
if (str_has_sfx(file, ".so") || strstr(file, ".so.")) {
search_paths[0] = getenv("LD_LIBRARY_PATH");
search_paths[1] = "/usr/lib64:/usr/lib";
search_paths[2] = arch_specific_lib_paths();
+ perm = R_OK;
} else {
search_paths[0] = getenv("PATH");
search_paths[1] = "/usr/bin:/usr/sbin";
+ perm = R_OK | X_OK;
}
for (i = 0; i < ARRAY_SIZE(search_paths); i++) {
@@ -10694,8 +10696,8 @@ static int resolve_full_path(const char
if (!seg_len)
continue;
snprintf(result, result_sz, "%.*s/%s", seg_len, s, file);
- /* ensure it is an executable file/link */
- if (access(result, R_OK | X_OK) < 0)
+ /* ensure it has required permissions */
+ if (access(result, perm) < 0)
continue;
pr_debug("resolved '%s' to '%s'\n", file, result);
return 0;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (679 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 680/862] libbpf: Do not require executable permission for shared libraries Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-21 0:12 ` Ping-Ke Shih
2022-10-19 8:32 ` [PATCH 6.0 682/862] wifi: brcmfmac: fix invalid address access when enabling SCAN log level Greg Kroah-Hartman
` (195 subsequent siblings)
876 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zong-Zhe Yang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Zong-Zhe Yang <kevin_yang@realtek.com>
[ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
reported by smatch
phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]'
8 <= 8 (assuming for loop doesn't break)
However, it seems to be a false alarm because we prevent it originally via
if (linear >= db_invert_table[11][7])
return 96; /* maximum 96 dB */
Still, we adjust the code to be more readable and avoid smatch warning.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220727065003.28340-5-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++-------------
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
index 8982e0c98dac..da1efec0aa85 100644
--- a/drivers/net/wireless/realtek/rtw88/phy.c
+++ b/drivers/net/wireless/realtek/rtw88/phy.c
@@ -816,23 +816,18 @@ static u8 rtw_phy_linear_2_db(u64 linear)
u8 j;
u32 dB;
- if (linear >= db_invert_table[11][7])
- return 96; /* maximum 96 dB */
-
for (i = 0; i < 12; i++) {
- if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])
- break;
- else if (i > 2 && linear <= db_invert_table[i][7])
- break;
+ for (j = 0; j < 8; j++) {
+ if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
+ goto cnt;
+ else if (i > 2 && linear <= db_invert_table[i][j])
+ goto cnt;
+ }
}
- for (j = 0; j < 8; j++) {
- if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
- break;
- else if (i > 2 && linear <= db_invert_table[i][j])
- break;
- }
+ return 96; /* maximum 96 dB */
+cnt:
if (j == 0 && i == 0)
goto end;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 682/862] wifi: brcmfmac: fix invalid address access when enabling SCAN log level
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (680 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 683/862] bpftool: Clear errno after libcaps checks Greg Kroah-Hartman
` (194 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wright Feng, Chi-hsien Lin,
Ahmad Fatoum, Alvin Šipraga, Kalle Valo, Sasha Levin
From: Wright Feng <wright.feng@cypress.com>
[ Upstream commit aa666b68e73fc06d83c070d96180b9010cf5a960 ]
The variable i is changed when setting random MAC address and causes
invalid address access when printing the value of pi->reqs[i]->reqid.
We replace reqs index with ri to fix the issue.
[ 136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000
[ 136.737365] Mem abort info:
[ 136.740172] ESR = 0x96000004
[ 136.743359] Exception class = DABT (current EL), IL = 32 bits
[ 136.749294] SET = 0, FnV = 0
[ 136.752481] EA = 0, S1PTW = 0
[ 136.755635] Data abort info:
[ 136.758514] ISV = 0, ISS = 0x00000004
[ 136.762487] CM = 0, WnR = 0
[ 136.765522] user pgtable: 4k pages, 48-bit VAs, pgdp = 000000005c4e2577
[ 136.772265] [0000000000000000] pgd=0000000000000000
[ 136.777160] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 136.782732] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) compat(O)
[ 136.789788] Process wificond (pid: 3175, stack limit = 0x00000000053048fb)
[ 136.796664] CPU: 3 PID: 3175 Comm: wificond Tainted: G O 4.19.42-00001-g531a5f5 #1
[ 136.805532] Hardware name: Freescale i.MX8MQ EVK (DT)
[ 136.810584] pstate: 60400005 (nZCv daif +PAN -UAO)
[ 136.815429] pc : brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[ 136.821811] lr : brcmf_pno_config_sched_scans+0x67c/0xa80 [brcmfmac]
[ 136.828162] sp : ffff00000e9a3880
[ 136.831475] x29: ffff00000e9a3890 x28: ffff800020543400
[ 136.836786] x27: ffff8000b1008880 x26: ffff0000012bf6a0
[ 136.842098] x25: ffff80002054345c x24: ffff800088d22400
[ 136.847409] x23: ffff0000012bf638 x22: ffff0000012bf6d8
[ 136.852721] x21: ffff8000aced8fc0 x20: ffff8000ac164400
[ 136.858032] x19: ffff00000e9a3946 x18: 0000000000000000
[ 136.863343] x17: 0000000000000000 x16: 0000000000000000
[ 136.868655] x15: ffff0000093f3b37 x14: 0000000000000050
[ 136.873966] x13: 0000000000003135 x12: 0000000000000000
[ 136.879277] x11: 0000000000000000 x10: ffff000009a61888
[ 136.884589] x9 : 000000000000000f x8 : 0000000000000008
[ 136.889900] x7 : 303a32303d726464 x6 : ffff00000a1f957d
[ 136.895211] x5 : 0000000000000000 x4 : ffff00000e9a3942
[ 136.900523] x3 : 0000000000000000 x2 : ffff0000012cead8
[ 136.905834] x1 : ffff0000012bf6d8 x0 : 0000000000000000
[ 136.911146] Call trace:
[ 136.913623] brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]
[ 136.919658] brcmf_pno_start_sched_scan+0xa4/0x118 [brcmfmac]
[ 136.925430] brcmf_cfg80211_sched_scan_start+0x80/0xe0 [brcmfmac]
[ 136.931636] nl80211_start_sched_scan+0x140/0x308 [cfg80211]
[ 136.937298] genl_rcv_msg+0x358/0x3f4
[ 136.940960] netlink_rcv_skb+0xb4/0x118
[ 136.944795] genl_rcv+0x34/0x48
[ 136.947935] netlink_unicast+0x264/0x300
[ 136.951856] netlink_sendmsg+0x2e4/0x33c
[ 136.955781] __sys_sendto+0x120/0x19c
Signed-off-by: Wright Feng <wright.feng@cypress.com>
Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220722115632.620681-4-alvin@pqrs.dk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
index fabfbb0b40b0..d0a7465be586 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c
@@ -158,12 +158,12 @@ static int brcmf_pno_set_random(struct brcmf_if *ifp, struct brcmf_pno_info *pi)
struct brcmf_pno_macaddr_le pfn_mac;
u8 *mac_addr = NULL;
u8 *mac_mask = NULL;
- int err, i;
+ int err, i, ri;
- for (i = 0; i < pi->n_reqs; i++)
- if (pi->reqs[i]->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
- mac_addr = pi->reqs[i]->mac_addr;
- mac_mask = pi->reqs[i]->mac_addr_mask;
+ for (ri = 0; ri < pi->n_reqs; ri++)
+ if (pi->reqs[ri]->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
+ mac_addr = pi->reqs[ri]->mac_addr;
+ mac_mask = pi->reqs[ri]->mac_addr_mask;
break;
}
@@ -185,7 +185,7 @@ static int brcmf_pno_set_random(struct brcmf_if *ifp, struct brcmf_pno_info *pi)
pfn_mac.mac[0] |= 0x02;
brcmf_dbg(SCAN, "enabling random mac: reqid=%llu mac=%pM\n",
- pi->reqs[i]->reqid, pfn_mac.mac);
+ pi->reqs[ri]->reqid, pfn_mac.mac);
err = brcmf_fil_iovar_data_set(ifp, "pfn_macaddr", &pfn_mac,
sizeof(pfn_mac));
if (err)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 683/862] bpftool: Clear errno after libcaps checks
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (681 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 682/862] wifi: brcmfmac: fix invalid address access when enabling SCAN log level Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 684/862] net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 Greg Kroah-Hartman
` (193 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quentin Monnet, Daniel Borkmann, Sasha Levin
From: Quentin Monnet <quentin@isovalent.com>
[ Upstream commit cea558855c39b7f1f02ff50dcf701ca6596bc964 ]
When bpftool is linked against libcap, the library runs a "constructor"
function to compute the number of capabilities of the running kernel
[0], at the beginning of the execution of the program. As part of this,
it performs multiple calls to prctl(). Some of these may fail, and set
errno to a non-zero value:
# strace -e prctl ./bpftool version
prctl(PR_CAPBSET_READ, CAP_MAC_OVERRIDE) = 1
prctl(PR_CAPBSET_READ, 0x30 /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, CAP_CHECKPOINT_RESTORE) = 1
prctl(PR_CAPBSET_READ, 0x2c /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x2a /* CAP_??? */) = -1 EINVAL (Invalid argument)
prctl(PR_CAPBSET_READ, 0x29 /* CAP_??? */) = -1 EINVAL (Invalid argument)
** fprintf added at the top of main(): we have errno == 1
./bpftool v7.0.0
using libbpf v1.0
features: libbfd, libbpf_strict, skeletons
+++ exited with 0 +++
This has been addressed in libcap 2.63 [1], but until this version is
available everywhere, we can fix it on bpftool side.
Let's clean errno at the beginning of the main() function, to make sure
that these checks do not interfere with the batch mode, where we error
out if errno is set after a bpftool command.
[0] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/tree/libcap/cap_alloc.c?h=libcap-2.65#n20
[1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=f25a1b7e69f7b33e6afb58b3e38f3450b7d2d9a0
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220815162205.45043-1-quentin@isovalent.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/main.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tools/bpf/bpftool/main.c b/tools/bpf/bpftool/main.c
index 451cefc2d0da..ccd7457f92bf 100644
--- a/tools/bpf/bpftool/main.c
+++ b/tools/bpf/bpftool/main.c
@@ -435,6 +435,16 @@ int main(int argc, char **argv)
setlinebuf(stdout);
+#ifdef USE_LIBCAP
+ /* Libcap < 2.63 hooks before main() to compute the number of
+ * capabilities of the running kernel, and doing so it calls prctl()
+ * which may fail and set errno to non-zero.
+ * Let's reset errno to make sure this does not interfere with the
+ * batch mode.
+ */
+ errno = 0;
+#endif
+
last_do_help = do_help;
pretty_output = false;
json_output = false;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 684/862] net: ethernet: ti: davinci_mdio: Add workaround for errata i2329
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (682 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 683/862] bpftool: Clear errno after libcaps checks Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 685/862] openvswitch: Fix double reporting of drops in dropwatch Greg Kroah-Hartman
` (192 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ravi Gunasekaran, kernel test robot,
Andrew Lunn, David S. Miller, Sasha Levin
From: Ravi Gunasekaran <r-gunasekaran@ti.com>
[ Upstream commit d04807b80691c6041ca8e3dcf1870d1bf1082c22 ]
On the CPSW and ICSS peripherals, there is a possibility that the MDIO
interface returns corrupt data on MDIO reads or writes incorrect data
on MDIO writes. There is also a possibility for the MDIO interface to
become unavailable until the next peripheral reset.
The workaround is to configure the MDIO in manual mode and disable the
MDIO state machine and emulate the MDIO protocol by reading and writing
appropriate fields in MDIO_MANUAL_IF_REG register of the MDIO controller
to manipulate the MDIO clock and data pins.
More details about the errata i2329 and the workaround is available in:
https://www.ti.com/lit/er/sprz487a/sprz487a.pdf
Add implementation to disable MDIO state machine, configure MDIO in manual
mode and achieve MDIO read and writes via MDIO Bitbanging
Signed-off-by: Ravi Gunasekaran <r-gunasekaran@ti.com>
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/davinci_mdio.c | 242 +++++++++++++++++++++++--
1 file changed, 231 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/ti/davinci_mdio.c b/drivers/net/ethernet/ti/davinci_mdio.c
index ea3772618043..946b9753ccfb 100644
--- a/drivers/net/ethernet/ti/davinci_mdio.c
+++ b/drivers/net/ethernet/ti/davinci_mdio.c
@@ -26,6 +26,8 @@
#include <linux/of_device.h>
#include <linux/of_mdio.h>
#include <linux/pinctrl/consumer.h>
+#include <linux/mdio-bitbang.h>
+#include <linux/sys_soc.h>
/*
* This timeout definition is a worst-case ultra defensive measure against
@@ -41,6 +43,7 @@
struct davinci_mdio_of_param {
int autosuspend_delay_ms;
+ bool manual_mode;
};
struct davinci_mdio_regs {
@@ -49,6 +52,15 @@ struct davinci_mdio_regs {
#define CONTROL_IDLE BIT(31)
#define CONTROL_ENABLE BIT(30)
#define CONTROL_MAX_DIV (0xffff)
+#define CONTROL_CLKDIV GENMASK(15, 0)
+
+#define MDIO_MAN_MDCLK_O BIT(2)
+#define MDIO_MAN_OE BIT(1)
+#define MDIO_MAN_PIN BIT(0)
+#define MDIO_MANUALMODE BIT(31)
+
+#define MDIO_PIN 0
+
u32 alive;
u32 link;
@@ -59,7 +71,9 @@ struct davinci_mdio_regs {
u32 userintmasked;
u32 userintmaskset;
u32 userintmaskclr;
- u32 __reserved_1[20];
+ u32 manualif;
+ u32 poll;
+ u32 __reserved_1[18];
struct {
u32 access;
@@ -79,6 +93,7 @@ static const struct mdio_platform_data default_pdata = {
struct davinci_mdio_data {
struct mdio_platform_data pdata;
+ struct mdiobb_ctrl bb_ctrl;
struct davinci_mdio_regs __iomem *regs;
struct clk *clk;
struct device *dev;
@@ -90,6 +105,7 @@ struct davinci_mdio_data {
*/
bool skip_scan;
u32 clk_div;
+ bool manual_mode;
};
static void davinci_mdio_init_clk(struct davinci_mdio_data *data)
@@ -128,9 +144,122 @@ static void davinci_mdio_enable(struct davinci_mdio_data *data)
writel(data->clk_div | CONTROL_ENABLE, &data->regs->control);
}
-static int davinci_mdio_reset(struct mii_bus *bus)
+static void davinci_mdio_disable(struct davinci_mdio_data *data)
+{
+ u32 reg;
+
+ /* Disable MDIO state machine */
+ reg = readl(&data->regs->control);
+
+ reg &= ~CONTROL_CLKDIV;
+ reg |= data->clk_div;
+
+ reg &= ~CONTROL_ENABLE;
+ writel(reg, &data->regs->control);
+}
+
+static void davinci_mdio_enable_manual_mode(struct davinci_mdio_data *data)
+{
+ u32 reg;
+ /* set manual mode */
+ reg = readl(&data->regs->poll);
+ reg |= MDIO_MANUALMODE;
+ writel(reg, &data->regs->poll);
+}
+
+static void davinci_set_mdc(struct mdiobb_ctrl *ctrl, int level)
+{
+ struct davinci_mdio_data *data;
+ u32 reg;
+
+ data = container_of(ctrl, struct davinci_mdio_data, bb_ctrl);
+ reg = readl(&data->regs->manualif);
+
+ if (level)
+ reg |= MDIO_MAN_MDCLK_O;
+ else
+ reg &= ~MDIO_MAN_MDCLK_O;
+
+ writel(reg, &data->regs->manualif);
+}
+
+static void davinci_set_mdio_dir(struct mdiobb_ctrl *ctrl, int output)
+{
+ struct davinci_mdio_data *data;
+ u32 reg;
+
+ data = container_of(ctrl, struct davinci_mdio_data, bb_ctrl);
+ reg = readl(&data->regs->manualif);
+
+ if (output)
+ reg |= MDIO_MAN_OE;
+ else
+ reg &= ~MDIO_MAN_OE;
+
+ writel(reg, &data->regs->manualif);
+}
+
+static void davinci_set_mdio_data(struct mdiobb_ctrl *ctrl, int value)
+{
+ struct davinci_mdio_data *data;
+ u32 reg;
+
+ data = container_of(ctrl, struct davinci_mdio_data, bb_ctrl);
+ reg = readl(&data->regs->manualif);
+
+ if (value)
+ reg |= MDIO_MAN_PIN;
+ else
+ reg &= ~MDIO_MAN_PIN;
+
+ writel(reg, &data->regs->manualif);
+}
+
+static int davinci_get_mdio_data(struct mdiobb_ctrl *ctrl)
+{
+ struct davinci_mdio_data *data;
+ unsigned long reg;
+
+ data = container_of(ctrl, struct davinci_mdio_data, bb_ctrl);
+ reg = readl(&data->regs->manualif);
+ return test_bit(MDIO_PIN, ®);
+}
+
+static int davinci_mdiobb_read(struct mii_bus *bus, int phy, int reg)
+{
+ int ret;
+
+ ret = pm_runtime_resume_and_get(bus->parent);
+ if (ret < 0)
+ return ret;
+
+ ret = mdiobb_read(bus, phy, reg);
+
+ pm_runtime_mark_last_busy(bus->parent);
+ pm_runtime_put_autosuspend(bus->parent);
+
+ return ret;
+}
+
+static int davinci_mdiobb_write(struct mii_bus *bus, int phy, int reg,
+ u16 val)
+{
+ int ret;
+
+ ret = pm_runtime_resume_and_get(bus->parent);
+ if (ret < 0)
+ return ret;
+
+ ret = mdiobb_write(bus, phy, reg, val);
+
+ pm_runtime_mark_last_busy(bus->parent);
+ pm_runtime_put_autosuspend(bus->parent);
+
+ return ret;
+}
+
+static int davinci_mdio_common_reset(struct davinci_mdio_data *data)
{
- struct davinci_mdio_data *data = bus->priv;
u32 phy_mask, ver;
int ret;
@@ -138,6 +267,11 @@ static int davinci_mdio_reset(struct mii_bus *bus)
if (ret < 0)
return ret;
+ if (data->manual_mode) {
+ davinci_mdio_disable(data);
+ davinci_mdio_enable_manual_mode(data);
+ }
+
/* wait for scan logic to settle */
msleep(PHY_MAX_ADDR * data->access_time);
@@ -171,6 +305,23 @@ static int davinci_mdio_reset(struct mii_bus *bus)
return 0;
}
+static int davinci_mdio_reset(struct mii_bus *bus)
+{
+ struct davinci_mdio_data *data = bus->priv;
+
+ return davinci_mdio_common_reset(data);
+}
+
+static int davinci_mdiobb_reset(struct mii_bus *bus)
+{
+ struct mdiobb_ctrl *ctrl = bus->priv;
+ struct davinci_mdio_data *data;
+
+ data = container_of(ctrl, struct davinci_mdio_data, bb_ctrl);
+
+ return davinci_mdio_common_reset(data);
+}
+
/* wait until hardware is ready for another user access */
static inline int wait_for_user_access(struct davinci_mdio_data *data)
{
@@ -318,6 +469,28 @@ static int davinci_mdio_probe_dt(struct mdio_platform_data *data,
return 0;
}
+struct k3_mdio_soc_data {
+ bool manual_mode;
+};
+
+static const struct k3_mdio_soc_data am65_mdio_soc_data = {
+ .manual_mode = true,
+};
+
+static const struct soc_device_attribute k3_mdio_socinfo[] = {
+ { .family = "AM62X", .revision = "SR1.0", .data = &am65_mdio_soc_data },
+ { .family = "AM64X", .revision = "SR1.0", .data = &am65_mdio_soc_data },
+ { .family = "AM64X", .revision = "SR2.0", .data = &am65_mdio_soc_data },
+ { .family = "AM65X", .revision = "SR1.0", .data = &am65_mdio_soc_data },
+ { .family = "AM65X", .revision = "SR2.0", .data = &am65_mdio_soc_data },
+ { .family = "J7200", .revision = "SR1.0", .data = &am65_mdio_soc_data },
+ { .family = "J7200", .revision = "SR2.0", .data = &am65_mdio_soc_data },
+ { .family = "J721E", .revision = "SR1.0", .data = &am65_mdio_soc_data },
+ { .family = "J721E", .revision = "SR2.0", .data = &am65_mdio_soc_data },
+ { .family = "J721S2", .revision = "SR1.0", .data = &am65_mdio_soc_data},
+ { /* sentinel */ },
+};
+
#if IS_ENABLED(CONFIG_OF)
static const struct davinci_mdio_of_param of_cpsw_mdio_data = {
.autosuspend_delay_ms = 100,
@@ -331,6 +504,14 @@ static const struct of_device_id davinci_mdio_of_mtable[] = {
MODULE_DEVICE_TABLE(of, davinci_mdio_of_mtable);
#endif
+static const struct mdiobb_ops davinci_mdiobb_ops = {
+ .owner = THIS_MODULE,
+ .set_mdc = davinci_set_mdc,
+ .set_mdio_dir = davinci_set_mdio_dir,
+ .set_mdio_data = davinci_set_mdio_data,
+ .get_mdio_data = davinci_get_mdio_data,
+};
+
static int davinci_mdio_probe(struct platform_device *pdev)
{
struct mdio_platform_data *pdata = dev_get_platdata(&pdev->dev);
@@ -345,7 +526,26 @@ static int davinci_mdio_probe(struct platform_device *pdev)
if (!data)
return -ENOMEM;
- data->bus = devm_mdiobus_alloc(dev);
+ data->manual_mode = false;
+ data->bb_ctrl.ops = &davinci_mdiobb_ops;
+
+ if (IS_ENABLED(CONFIG_OF) && dev->of_node) {
+ const struct soc_device_attribute *soc_match_data;
+
+ soc_match_data = soc_device_match(k3_mdio_socinfo);
+ if (soc_match_data && soc_match_data->data) {
+ const struct k3_mdio_soc_data *socdata =
+ soc_match_data->data;
+
+ data->manual_mode = socdata->manual_mode;
+ }
+ }
+
+ if (data->manual_mode)
+ data->bus = alloc_mdio_bitbang(&data->bb_ctrl);
+ else
+ data->bus = devm_mdiobus_alloc(dev);
+
if (!data->bus) {
dev_err(dev, "failed to alloc mii bus\n");
return -ENOMEM;
@@ -371,11 +571,20 @@ static int davinci_mdio_probe(struct platform_device *pdev)
}
data->bus->name = dev_name(dev);
- data->bus->read = davinci_mdio_read;
- data->bus->write = davinci_mdio_write;
- data->bus->reset = davinci_mdio_reset;
+
+ if (data->manual_mode) {
+ data->bus->read = davinci_mdiobb_read;
+ data->bus->write = davinci_mdiobb_write;
+ data->bus->reset = davinci_mdiobb_reset;
+
+ dev_info(dev, "Configuring MDIO in manual mode\n");
+ } else {
+ data->bus->read = davinci_mdio_read;
+ data->bus->write = davinci_mdio_write;
+ data->bus->reset = davinci_mdio_reset;
+ data->bus->priv = data;
+ }
data->bus->parent = dev;
- data->bus->priv = data;
data->clk = devm_clk_get(dev, "fck");
if (IS_ERR(data->clk)) {
@@ -433,9 +642,13 @@ static int davinci_mdio_remove(struct platform_device *pdev)
{
struct davinci_mdio_data *data = platform_get_drvdata(pdev);
- if (data->bus)
+ if (data->bus) {
mdiobus_unregister(data->bus);
+ if (data->manual_mode)
+ free_mdio_bitbang(data->bus);
+ }
+
pm_runtime_dont_use_autosuspend(&pdev->dev);
pm_runtime_disable(&pdev->dev);
@@ -452,7 +665,9 @@ static int davinci_mdio_runtime_suspend(struct device *dev)
ctrl = readl(&data->regs->control);
ctrl &= ~CONTROL_ENABLE;
writel(ctrl, &data->regs->control);
- wait_for_idle(data);
+
+ if (!data->manual_mode)
+ wait_for_idle(data);
return 0;
}
@@ -461,7 +676,12 @@ static int davinci_mdio_runtime_resume(struct device *dev)
{
struct davinci_mdio_data *data = dev_get_drvdata(dev);
- davinci_mdio_enable(data);
+ if (data->manual_mode) {
+ davinci_mdio_disable(data);
+ davinci_mdio_enable_manual_mode(data);
+ } else {
+ davinci_mdio_enable(data);
+ }
return 0;
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 685/862] openvswitch: Fix double reporting of drops in dropwatch
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (683 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 684/862] net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 686/862] openvswitch: Fix overreporting " Greg Kroah-Hartman
` (191 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Pattrick, David S. Miller, Sasha Levin
From: Mike Pattrick <mkp@redhat.com>
[ Upstream commit 1100248a5c5ccd57059eb8d02ec077e839a23826 ]
Frames sent to userspace can be reported as dropped in
ovs_dp_process_packet, however, if they are dropped in the netlink code
then netlink_attachskb will report the same frame as dropped.
This patch checks for error codes which indicate that the frame has
already been freed.
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2109946
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/datapath.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index 6c9d153afbee..b68ba3c72519 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -252,10 +252,17 @@ void ovs_dp_process_packet(struct sk_buff *skb, struct sw_flow_key *key)
upcall.mru = OVS_CB(skb)->mru;
error = ovs_dp_upcall(dp, skb, key, &upcall, 0);
- if (unlikely(error))
- kfree_skb(skb);
- else
+ switch (error) {
+ case 0:
+ case -EAGAIN:
+ case -ERESTARTSYS:
+ case -EINTR:
consume_skb(skb);
+ break;
+ default:
+ kfree_skb(skb);
+ break;
+ }
stats_counter = &stats->n_missed;
goto out;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 686/862] openvswitch: Fix overreporting of drops in dropwatch
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (684 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 685/862] openvswitch: Fix double reporting of drops in dropwatch Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 687/862] tcp: annotate data-race around tcp_md5sig_pool_populated Greg Kroah-Hartman
` (190 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Pattrick, David S. Miller, Sasha Levin
From: Mike Pattrick <mkp@redhat.com>
[ Upstream commit c21ab2afa2c64896a7f0e3cbc6845ec63dcfad2e ]
Currently queue_userspace_packet will call kfree_skb for all frames,
whether or not an error occurred. This can result in a single dropped
frame being reported as multiple drops in dropwatch. This functions
caller may also call kfree_skb in case of an error. This patch will
consume the skbs instead and allow caller's to use kfree_skb.
Signed-off-by: Mike Pattrick <mkp@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2109957
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/datapath.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
index b68ba3c72519..93c596e3b22b 100644
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -558,8 +558,9 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
out:
if (err)
skb_tx_error(skb);
- kfree_skb(user_skb);
- kfree_skb(nskb);
+ consume_skb(user_skb);
+ consume_skb(nskb);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 687/862] tcp: annotate data-race around tcp_md5sig_pool_populated
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (685 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 686/862] openvswitch: Fix overreporting " Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 688/862] micrel: ksz8851: fixes struct pointer issue Greg Kroah-Hartman
` (189 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhishek Shah, Eric Dumazet,
David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit aacd467c0a576e5e44d2de4205855dc0fe43f6fb ]
tcp_md5sig_pool_populated can be read while another thread
changes its value.
The race has no consequence because allocations
are protected with tcp_md5sig_mutex.
This patch adds READ_ONCE() and WRITE_ONCE() to document
the race and silence KCSAN.
Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 997a80ce1e13..5f1d84d901c7 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4444,12 +4444,16 @@ static void __tcp_alloc_md5sig_pool(void)
* to memory. See smp_rmb() in tcp_get_md5sig_pool()
*/
smp_wmb();
- tcp_md5sig_pool_populated = true;
+ /* Paired with READ_ONCE() from tcp_alloc_md5sig_pool()
+ * and tcp_get_md5sig_pool().
+ */
+ WRITE_ONCE(tcp_md5sig_pool_populated, true);
}
bool tcp_alloc_md5sig_pool(void)
{
- if (unlikely(!tcp_md5sig_pool_populated)) {
+ /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+ if (unlikely(!READ_ONCE(tcp_md5sig_pool_populated))) {
mutex_lock(&tcp_md5sig_mutex);
if (!tcp_md5sig_pool_populated) {
@@ -4460,7 +4464,8 @@ bool tcp_alloc_md5sig_pool(void)
mutex_unlock(&tcp_md5sig_mutex);
}
- return tcp_md5sig_pool_populated;
+ /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+ return READ_ONCE(tcp_md5sig_pool_populated);
}
EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
@@ -4476,7 +4481,8 @@ struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
{
local_bh_disable();
- if (tcp_md5sig_pool_populated) {
+ /* Paired with WRITE_ONCE() from __tcp_alloc_md5sig_pool() */
+ if (READ_ONCE(tcp_md5sig_pool_populated)) {
/* coupled with smp_wmb() in __tcp_alloc_md5sig_pool() */
smp_rmb();
return this_cpu_ptr(&tcp_md5sig_pool);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 688/862] micrel: ksz8851: fixes struct pointer issue
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (686 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 687/862] tcp: annotate data-race around tcp_md5sig_pool_populated Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 689/862] wifi: mac80211: accept STA changes without link changes Greg Kroah-Hartman
` (188 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jerry Ray, David S. Miller, Sasha Levin
From: Jerry Ray <jerry.ray@microchip.com>
[ Upstream commit fef5de753ff01887cfa50990532c3890fccb9338 ]
Issue found during code review. This bug has no impact as long as the
ks8851_net structure is the first element of the ks8851_net_spi structure.
As long as the offset to the ks8851_net struct is zero, the container_of()
macro is subtracting 0 and therefore no damage done. But if the
ks8851_net_spi struct is ever modified such that the ks8851_net struct
within it is no longer the first element of the struct, then the bug would
manifest itself and cause problems.
struct ks8851_net is contained within ks8851_net_spi.
ks is contained within kss.
kss is the priv_data of the netdev structure.
Signed-off-by: Jerry Ray <jerry.ray@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/micrel/ks8851_spi.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/micrel/ks8851_spi.c b/drivers/net/ethernet/micrel/ks8851_spi.c
index 82d55fc27edc..70bc7253454f 100644
--- a/drivers/net/ethernet/micrel/ks8851_spi.c
+++ b/drivers/net/ethernet/micrel/ks8851_spi.c
@@ -413,7 +413,8 @@ static int ks8851_probe_spi(struct spi_device *spi)
spi->bits_per_word = 8;
- ks = netdev_priv(netdev);
+ kss = netdev_priv(netdev);
+ ks = &kss->ks8851;
ks->lock = ks8851_lock_spi;
ks->unlock = ks8851_unlock_spi;
@@ -433,8 +434,6 @@ static int ks8851_probe_spi(struct spi_device *spi)
IRQ_RXPSI) /* RX process stop */
ks->rc_ier = STD_IRQ;
- kss = to_ks8851_spi(ks);
-
kss->spidev = spi;
mutex_init(&kss->lock);
INIT_WORK(&kss->tx_work, ks8851_tx_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 689/862] wifi: mac80211: accept STA changes without link changes
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (687 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 688/862] micrel: ksz8851: fixes struct pointer issue Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 690/862] x86/mce: Retrieve poison range from hardware Greg Kroah-Hartman
` (187 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit b303835dabe0340f932ebb4e260d2229f79b0684 ]
If there's no link ID, then check that there are no changes to
the link, and if so accept them, unless a new link is created.
While at it, reject creating a new link without an address.
This fixes authorizing an MLD (peer) that has no link 0.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/cfg.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index e5239a17a875..65f34945a767 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1610,6 +1610,18 @@ static int sta_link_apply_parameters(struct ieee80211_local *local,
rcu_dereference_protected(sta->link[link_id],
lockdep_is_held(&local->sta_mtx));
+ /*
+ * If there are no changes, then accept a link that doesn't exist,
+ * unless it's a new link.
+ */
+ if (params->link_id < 0 && !new_link &&
+ !params->link_mac && !params->txpwr_set &&
+ !params->supported_rates_len &&
+ !params->ht_capa && !params->vht_capa &&
+ !params->he_capa && !params->eht_capa &&
+ !params->opmode_notif_used)
+ return 0;
+
if (!link || !link_sta)
return -EINVAL;
@@ -1625,6 +1637,8 @@ static int sta_link_apply_parameters(struct ieee80211_local *local,
params->link_mac)) {
return -EINVAL;
}
+ } else if (new_link) {
+ return -EINVAL;
}
if (params->txpwr_set) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 690/862] x86/mce: Retrieve poison range from hardware
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (688 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 689/862] wifi: mac80211: accept STA changes without link changes Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 691/862] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Greg Kroah-Hartman
` (186 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jane Chu, Borislav Petkov,
Dan Williams, Ingo Molnar, Sasha Levin
From: Jane Chu <jane.chu@oracle.com>
[ Upstream commit f9781bb18ed828e7b83b7bac4a4ad7cd497ee7d7 ]
When memory poison consumption machine checks fire, MCE notifier
handlers like nfit_handle_mce() record the impacted physical address
range which is reported by the hardware in the MCi_MISC MSR. The error
information includes data about blast radius, i.e. how many cachelines
did the hardware determine are impacted. A recent change
7917f9cdb503 ("acpi/nfit: rely on mce->misc to determine poison granularity")
updated nfit_handle_mce() to stop hard coding the blast radius value of
1 cacheline, and instead rely on the blast radius reported in 'struct
mce' which can be up to 4K (64 cachelines).
It turns out that apei_mce_report_mem_error() had a similar problem in
that it hard coded a blast radius of 4K rather than reading the blast
radius from the error information. Fix apei_mce_report_mem_error() to
convey the proper poison granularity.
Signed-off-by: Jane Chu <jane.chu@oracle.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/7ed50fd8-521e-cade-77b1-738b8bfb8502@oracle.com
Link: https://lore.kernel.org/r/20220826233851.1319100-1-jane.chu@oracle.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/apei.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/mce/apei.c b/arch/x86/kernel/cpu/mce/apei.c
index 717192915f28..8ed341714686 100644
--- a/arch/x86/kernel/cpu/mce/apei.c
+++ b/arch/x86/kernel/cpu/mce/apei.c
@@ -29,15 +29,26 @@
void apei_mce_report_mem_error(int severity, struct cper_sec_mem_err *mem_err)
{
struct mce m;
+ int lsb;
if (!(mem_err->validation_bits & CPER_MEM_VALID_PA))
return;
+ /*
+ * Even if the ->validation_bits are set for address mask,
+ * to be extra safe, check and reject an error radius '0',
+ * and fall back to the default page size.
+ */
+ if (mem_err->validation_bits & CPER_MEM_VALID_PA_MASK)
+ lsb = find_first_bit((void *)&mem_err->physical_addr_mask, PAGE_SHIFT);
+ else
+ lsb = PAGE_SHIFT;
+
mce_setup(&m);
m.bank = -1;
/* Fake a memory read error with unknown channel */
m.status = MCI_STATUS_VAL | MCI_STATUS_EN | MCI_STATUS_ADDRV | MCI_STATUS_MISCV | 0x9f;
- m.misc = (MCI_MISC_ADDR_PHYS << 6) | PAGE_SHIFT;
+ m.misc = (MCI_MISC_ADDR_PHYS << 6) | lsb;
if (severity >= GHES_SEV_RECOVERABLE)
m.status |= MCI_STATUS_UC;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 691/862] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (689 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 690/862] x86/mce: Retrieve poison range from hardware Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 692/862] thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround Greg Kroah-Hartman
` (185 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit b383e8abed41cc6ff1a3b34de75df9397fa4878c ]
syzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for
ioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with
pkt_len = 0 but ath9k_hif_usb_rx_stream() uses
__dev_alloc_skb(pkt_len + 32, GFP_ATOMIC) based on an assumption that
pkt_len is valid. As a result, ath9k_hif_usb_rx_stream() allocates skb
with uninitialized memory and ath9k_htc_rx_msg() is reading from
uninitialized memory.
Since bytes accessed by ath9k_htc_rx_msg() is not known until
ath9k_htc_rx_msg() is called, it would be difficult to check minimal valid
pkt_len at "if (pkt_len > 2 * MAX_RX_BUF_SIZE) {" line in
ath9k_hif_usb_rx_stream().
We have two choices. One is to workaround by adding __GFP_ZERO so that
ath9k_htc_rx_msg() sees 0 if pkt_len is invalid. The other is to let
ath9k_htc_rx_msg() validate pkt_len before accessing. This patch chose
the latter.
Note that I'm not sure threshold condition is correct, for I can't find
details on possible packet length used by this protocol.
Link: https://syzkaller.appspot.com/bug?extid=2ca247c2d60c7023de7f [1]
Reported-by: syzbot <syzbot+2ca247c2d60c7023de7f@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/7acfa1be-4b5c-b2ce-de43-95b0593fb3e5@I-love.SAKURA.ne.jp
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_hst.c | 43 +++++++++++++++---------
1 file changed, 28 insertions(+), 15 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
index 994ec48b2f66..ca05b07a45e6 100644
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -364,33 +364,27 @@ void ath9k_htc_txcompletion_cb(struct htc_target *htc_handle,
}
static void ath9k_htc_fw_panic_report(struct htc_target *htc_handle,
- struct sk_buff *skb)
+ struct sk_buff *skb, u32 len)
{
uint32_t *pattern = (uint32_t *)skb->data;
- switch (*pattern) {
- case 0x33221199:
- {
+ if (*pattern == 0x33221199 && len >= sizeof(struct htc_panic_bad_vaddr)) {
struct htc_panic_bad_vaddr *htc_panic;
htc_panic = (struct htc_panic_bad_vaddr *) skb->data;
dev_err(htc_handle->dev, "ath: firmware panic! "
"exccause: 0x%08x; pc: 0x%08x; badvaddr: 0x%08x.\n",
htc_panic->exccause, htc_panic->pc,
htc_panic->badvaddr);
- break;
- }
- case 0x33221299:
- {
+ return;
+ }
+ if (*pattern == 0x33221299) {
struct htc_panic_bad_epid *htc_panic;
htc_panic = (struct htc_panic_bad_epid *) skb->data;
dev_err(htc_handle->dev, "ath: firmware panic! "
"bad epid: 0x%08x\n", htc_panic->epid);
- break;
- }
- default:
- dev_err(htc_handle->dev, "ath: unknown panic pattern!\n");
- break;
+ return;
}
+ dev_err(htc_handle->dev, "ath: unknown panic pattern!\n");
}
/*
@@ -411,16 +405,26 @@ void ath9k_htc_rx_msg(struct htc_target *htc_handle,
if (!htc_handle || !skb)
return;
+ /* A valid message requires len >= 8.
+ *
+ * sizeof(struct htc_frame_hdr) == 8
+ * sizeof(struct htc_ready_msg) == 8
+ * sizeof(struct htc_panic_bad_vaddr) == 16
+ * sizeof(struct htc_panic_bad_epid) == 8
+ */
+ if (unlikely(len < sizeof(struct htc_frame_hdr)))
+ goto invalid;
htc_hdr = (struct htc_frame_hdr *) skb->data;
epid = htc_hdr->endpoint_id;
if (epid == 0x99) {
- ath9k_htc_fw_panic_report(htc_handle, skb);
+ ath9k_htc_fw_panic_report(htc_handle, skb, len);
kfree_skb(skb);
return;
}
if (epid < 0 || epid >= ENDPOINT_MAX) {
+invalid:
if (pipe_id != USB_REG_IN_PIPE)
dev_kfree_skb_any(skb);
else
@@ -432,21 +436,30 @@ void ath9k_htc_rx_msg(struct htc_target *htc_handle,
/* Handle trailer */
if (htc_hdr->flags & HTC_FLAGS_RECV_TRAILER) {
- if (be32_to_cpu(*(__be32 *) skb->data) == 0x00C60000)
+ if (be32_to_cpu(*(__be32 *) skb->data) == 0x00C60000) {
/* Move past the Watchdog pattern */
htc_hdr = (struct htc_frame_hdr *)(skb->data + 4);
+ len -= 4;
+ }
}
/* Get the message ID */
+ if (unlikely(len < sizeof(struct htc_frame_hdr) + sizeof(__be16)))
+ goto invalid;
msg_id = (__be16 *) ((void *) htc_hdr +
sizeof(struct htc_frame_hdr));
/* Now process HTC messages */
switch (be16_to_cpu(*msg_id)) {
case HTC_MSG_READY_ID:
+ if (unlikely(len < sizeof(struct htc_ready_msg)))
+ goto invalid;
htc_process_target_rdy(htc_handle, htc_hdr);
break;
case HTC_MSG_CONNECT_SERVICE_RESPONSE_ID:
+ if (unlikely(len < sizeof(struct htc_frame_hdr) +
+ sizeof(struct htc_conn_svc_rspmsg)))
+ goto invalid;
htc_process_conn_rsp(htc_handle, htc_hdr);
break;
default:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 692/862] thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (690 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 691/862] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Greg Kroah-Hartman
@ 2022-10-19 8:32 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 693/862] x86/apic: Dont disable x2APIC if locked Greg Kroah-Hartman
` (184 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mika Westerberg, David S. Miller,
Sasha Levin
From: Mika Westerberg <mika.westerberg@linux.intel.com>
[ Upstream commit 54669e2f17cb5a4c41ade89427f074dc22cecb17 ]
As we are now enabling full end-to-end flow control to the Thunderbolt
networking driver, in order for it to work properly on second generation
Thunderbolt hardware (Falcon Ridge), we need to add back the workaround
that was removed with commit 53f13319d131 ("thunderbolt: Get rid of E2E
workaround"). However, this time we only apply it for Falcon Ridge
controllers as a form of an additional quirk. For non-Falcon Ridge this
does nothing.
While there fix a typo 'reqister' -> 'register' in the comment.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/nhi.c | 49 +++++++++++++++++++++++++++++++++------
1 file changed, 42 insertions(+), 7 deletions(-)
diff --git a/drivers/thunderbolt/nhi.c b/drivers/thunderbolt/nhi.c
index cb8c9c4ae93a..b5cd9673e15d 100644
--- a/drivers/thunderbolt/nhi.c
+++ b/drivers/thunderbolt/nhi.c
@@ -28,7 +28,11 @@
#define RING_TYPE(ring) ((ring)->is_tx ? "TX ring" : "RX ring")
#define RING_FIRST_USABLE_HOPID 1
-
+/*
+ * Used with QUIRK_E2E to specify an unused HopID the Rx credits are
+ * transferred.
+ */
+#define RING_E2E_RESERVED_HOPID RING_FIRST_USABLE_HOPID
/*
* Minimal number of vectors when we use MSI-X. Two for control channel
* Rx/Tx and the rest four are for cross domain DMA paths.
@@ -38,7 +42,9 @@
#define NHI_MAILBOX_TIMEOUT 500 /* ms */
+/* Host interface quirks */
#define QUIRK_AUTO_CLEAR_INT BIT(0)
+#define QUIRK_E2E BIT(1)
static int ring_interrupt_index(struct tb_ring *ring)
{
@@ -458,8 +464,18 @@ static void ring_release_msix(struct tb_ring *ring)
static int nhi_alloc_hop(struct tb_nhi *nhi, struct tb_ring *ring)
{
+ unsigned int start_hop = RING_FIRST_USABLE_HOPID;
int ret = 0;
+ if (nhi->quirks & QUIRK_E2E) {
+ start_hop = RING_FIRST_USABLE_HOPID + 1;
+ if (ring->flags & RING_FLAG_E2E && !ring->is_tx) {
+ dev_dbg(&nhi->pdev->dev, "quirking E2E TX HopID %u -> %u\n",
+ ring->e2e_tx_hop, RING_E2E_RESERVED_HOPID);
+ ring->e2e_tx_hop = RING_E2E_RESERVED_HOPID;
+ }
+ }
+
spin_lock_irq(&nhi->lock);
if (ring->hop < 0) {
@@ -469,7 +485,7 @@ static int nhi_alloc_hop(struct tb_nhi *nhi, struct tb_ring *ring)
* Automatically allocate HopID from the non-reserved
* range 1 .. hop_count - 1.
*/
- for (i = RING_FIRST_USABLE_HOPID; i < nhi->hop_count; i++) {
+ for (i = start_hop; i < nhi->hop_count; i++) {
if (ring->is_tx) {
if (!nhi->tx_rings[i]) {
ring->hop = i;
@@ -484,6 +500,11 @@ static int nhi_alloc_hop(struct tb_nhi *nhi, struct tb_ring *ring)
}
}
+ if (ring->hop > 0 && ring->hop < start_hop) {
+ dev_warn(&nhi->pdev->dev, "invalid hop: %d\n", ring->hop);
+ ret = -EINVAL;
+ goto err_unlock;
+ }
if (ring->hop < 0 || ring->hop >= nhi->hop_count) {
dev_warn(&nhi->pdev->dev, "invalid hop: %d\n", ring->hop);
ret = -EINVAL;
@@ -1097,12 +1118,26 @@ static void nhi_shutdown(struct tb_nhi *nhi)
static void nhi_check_quirks(struct tb_nhi *nhi)
{
- /*
- * Intel hardware supports auto clear of the interrupt status
- * reqister right after interrupt is being issued.
- */
- if (nhi->pdev->vendor == PCI_VENDOR_ID_INTEL)
+ if (nhi->pdev->vendor == PCI_VENDOR_ID_INTEL) {
+ /*
+ * Intel hardware supports auto clear of the interrupt
+ * status register right after interrupt is being
+ * issued.
+ */
nhi->quirks |= QUIRK_AUTO_CLEAR_INT;
+
+ switch (nhi->pdev->device) {
+ case PCI_DEVICE_ID_INTEL_FALCON_RIDGE_2C_NHI:
+ case PCI_DEVICE_ID_INTEL_FALCON_RIDGE_4C_NHI:
+ /*
+ * Falcon Ridge controller needs the end-to-end
+ * flow control workaround to avoid losing Rx
+ * packets when RING_FLAG_E2E is set.
+ */
+ nhi->quirks |= QUIRK_E2E;
+ break;
+ }
+ }
}
static int nhi_check_iommu_pdev(struct pci_dev *pdev, void *data)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 693/862] x86/apic: Dont disable x2APIC if locked
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (691 preceding siblings ...)
2022-10-19 8:32 ` [PATCH 6.0 692/862] thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 694/862] net: axienet: Switch to 64-bit RX/TX statistics Greg Kroah-Hartman
` (183 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Sneddon, Dave Hansen,
Neelima Krishnan, Sasha Levin
From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
[ Upstream commit b8d1d163604bd1e600b062fb00de5dc42baa355f ]
The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC
(or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but
it disables the memory-mapped APIC interface in favor of one that uses
MSRs. The APIC mode is controlled by the EXT bit in the APIC MSR.
The MMIO/xAPIC interface has some problems, most notably the APIC LEAK
[1]. This bug allows an attacker to use the APIC MMIO interface to
extract data from the SGX enclave.
Introduce support for a new feature that will allow the BIOS to lock
the APIC in x2APIC mode. If the APIC is locked in x2APIC mode and the
kernel tries to disable the APIC or revert to legacy APIC mode a GP
fault will occur.
Introduce support for a new MSR (IA32_XAPIC_DISABLE_STATUS) and handle
the new locked mode when the LEGACY_XAPIC_DISABLED bit is set by
preventing the kernel from trying to disable the x2APIC.
On platforms with the IA32_XAPIC_DISABLE_STATUS MSR, if SGX or TDX are
enabled the LEGACY_XAPIC_DISABLED will be set by the BIOS. If
legacy APIC is required, then it SGX and TDX need to be disabled in the
BIOS.
[1]: https://aepicleak.com/aepicleak.pdf
Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
Link: https://lkml.kernel.org/r/20220816231943.1152579-1-daniel.sneddon@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../admin-guide/kernel-parameters.txt | 4 ++
arch/x86/Kconfig | 7 ++-
arch/x86/include/asm/cpu.h | 2 +
arch/x86/include/asm/msr-index.h | 13 ++++++
arch/x86/kernel/apic/apic.c | 44 +++++++++++++++++--
5 files changed, 65 insertions(+), 5 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 426fa892d311..2bc11a61c4d0 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3805,6 +3805,10 @@
nox2apic [X86-64,APIC] Do not enable x2APIC mode.
+ NOTE: this parameter will be ignored on systems with the
+ LEGACY_XAPIC_DISABLED bit set in the
+ IA32_XAPIC_DISABLE_STATUS MSR.
+
nps_mtm_hs_ctr= [KNL,ARC]
This parameter sets the maximum duration, in
cycles, each HW thread of the CTOP can run
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f9920f1341c8..159c025ebb03 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -448,6 +448,11 @@ config X86_X2APIC
This allows 32-bit apic IDs (so it can support very large systems),
and accesses the local apic via MSRs not via mmio.
+ Some Intel systems circa 2022 and later are locked into x2APIC mode
+ and can not fall back to the legacy APIC modes if SGX or TDX are
+ enabled in the BIOS. They will be unable to boot without enabling
+ this option.
+
If you don't know what to do here, say N.
config X86_MPPARSE
@@ -1919,7 +1924,7 @@ endchoice
config X86_SGX
bool "Software Guard eXtensions (SGX)"
- depends on X86_64 && CPU_SUP_INTEL
+ depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC
depends on CRYPTO=y
depends on CRYPTO_SHA256=y
select SRCU
diff --git a/arch/x86/include/asm/cpu.h b/arch/x86/include/asm/cpu.h
index 8cbf623f0ecf..b472ef76826a 100644
--- a/arch/x86/include/asm/cpu.h
+++ b/arch/x86/include/asm/cpu.h
@@ -94,4 +94,6 @@ static inline bool intel_cpu_signatures_match(unsigned int s1, unsigned int p1,
return p1 & p2;
}
+extern u64 x86_read_arch_cap_msr(void);
+
#endif /* _ASM_X86_CPU_H */
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 6674bdb096f3..1e086b37a307 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -155,6 +155,11 @@
* Return Stack Buffer Predictions.
*/
+#define ARCH_CAP_XAPIC_DISABLE BIT(21) /*
+ * IA32_XAPIC_DISABLE_STATUS MSR
+ * supported
+ */
+
#define MSR_IA32_FLUSH_CMD 0x0000010b
#define L1D_FLUSH BIT(0) /*
* Writeback and invalidate the
@@ -1054,4 +1059,12 @@
#define MSR_IA32_HW_FEEDBACK_PTR 0x17d0
#define MSR_IA32_HW_FEEDBACK_CONFIG 0x17d1
+/* x2APIC locked status */
+#define MSR_IA32_XAPIC_DISABLE_STATUS 0xBD
+#define LEGACY_XAPIC_DISABLED BIT(0) /*
+ * x2APIC mode is locked and
+ * disabling x2APIC will cause
+ * a #GP
+ */
+
#endif /* _ASM_X86_MSR_INDEX_H */
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 6d303d1d276c..c6876d3ea4b1 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -61,6 +61,7 @@
#include <asm/cpu_device_id.h>
#include <asm/intel-family.h>
#include <asm/irq_regs.h>
+#include <asm/cpu.h>
unsigned int num_processors;
@@ -1751,11 +1752,26 @@ EXPORT_SYMBOL_GPL(x2apic_mode);
enum {
X2APIC_OFF,
- X2APIC_ON,
X2APIC_DISABLED,
+ /* All states below here have X2APIC enabled */
+ X2APIC_ON,
+ X2APIC_ON_LOCKED
};
static int x2apic_state;
+static bool x2apic_hw_locked(void)
+{
+ u64 ia32_cap;
+ u64 msr;
+
+ ia32_cap = x86_read_arch_cap_msr();
+ if (ia32_cap & ARCH_CAP_XAPIC_DISABLE) {
+ rdmsrl(MSR_IA32_XAPIC_DISABLE_STATUS, msr);
+ return (msr & LEGACY_XAPIC_DISABLED);
+ }
+ return false;
+}
+
static void __x2apic_disable(void)
{
u64 msr;
@@ -1793,6 +1809,10 @@ static int __init setup_nox2apic(char *str)
apicid);
return 0;
}
+ if (x2apic_hw_locked()) {
+ pr_warn("APIC locked in x2apic mode, can't disable\n");
+ return 0;
+ }
pr_warn("x2apic already enabled.\n");
__x2apic_disable();
}
@@ -1807,10 +1827,18 @@ early_param("nox2apic", setup_nox2apic);
void x2apic_setup(void)
{
/*
- * If x2apic is not in ON state, disable it if already enabled
+ * Try to make the AP's APIC state match that of the BSP, but if the
+ * BSP is unlocked and the AP is locked then there is a state mismatch.
+ * Warn about the mismatch in case a GP fault occurs due to a locked AP
+ * trying to be turned off.
+ */
+ if (x2apic_state != X2APIC_ON_LOCKED && x2apic_hw_locked())
+ pr_warn("x2apic lock mismatch between BSP and AP.\n");
+ /*
+ * If x2apic is not in ON or LOCKED state, disable it if already enabled
* from BIOS.
*/
- if (x2apic_state != X2APIC_ON) {
+ if (x2apic_state < X2APIC_ON) {
__x2apic_disable();
return;
}
@@ -1831,6 +1859,11 @@ static __init void x2apic_disable(void)
if (x2apic_id >= 255)
panic("Cannot disable x2apic, id: %08x\n", x2apic_id);
+ if (x2apic_hw_locked()) {
+ pr_warn("Cannot disable locked x2apic, id: %08x\n", x2apic_id);
+ return;
+ }
+
__x2apic_disable();
register_lapic_address(mp_lapic_addr);
}
@@ -1889,7 +1922,10 @@ void __init check_x2apic(void)
if (x2apic_enabled()) {
pr_info("x2apic: enabled by BIOS, switching to x2apic ops\n");
x2apic_mode = 1;
- x2apic_state = X2APIC_ON;
+ if (x2apic_hw_locked())
+ x2apic_state = X2APIC_ON_LOCKED;
+ else
+ x2apic_state = X2APIC_ON;
} else if (!boot_cpu_has(X86_FEATURE_X2APIC)) {
x2apic_state = X2APIC_DISABLED;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 694/862] net: axienet: Switch to 64-bit RX/TX statistics
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (692 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 693/862] x86/apic: Dont disable x2APIC if locked Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 695/862] net-next: Fix IP_UNICAST_IF option behavior for connected sockets Greg Kroah-Hartman
` (182 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Hancock, Jakub Kicinski, Sasha Levin
From: Robert Hancock <robert.hancock@calian.com>
[ Upstream commit cb45a8bf4693965e89d115cd2c510f12bc127c37 ]
The RX and TX byte/packet statistics in this driver could be overflowed
relatively quickly on a 32-bit platform. Switch these stats to use the
u64_stats infrastructure to avoid this.
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Link: https://lore.kernel.org/r/20220829233901.3429419-1-robert.hancock@calian.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/xilinx/xilinx_axienet.h | 12 ++++++
.../net/ethernet/xilinx/xilinx_axienet_main.c | 37 +++++++++++++++++--
2 files changed, 45 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet.h b/drivers/net/ethernet/xilinx/xilinx_axienet.h
index f2e2261b4b7d..8ff4333de2ad 100644
--- a/drivers/net/ethernet/xilinx/xilinx_axienet.h
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet.h
@@ -402,6 +402,9 @@ struct axidma_bd {
* @rx_bd_num: Size of RX buffer descriptor ring
* @rx_bd_ci: Stores the index of the Rx buffer descriptor in the ring being
* accessed currently.
+ * @rx_packets: RX packet count for statistics
+ * @rx_bytes: RX byte count for statistics
+ * @rx_stat_sync: Synchronization object for RX stats
* @napi_tx: NAPI TX control structure
* @tx_dma_cr: Nominal content of TX DMA control register
* @tx_bd_v: Virtual address of the TX buffer descriptor ring
@@ -411,6 +414,9 @@ struct axidma_bd {
* complete. Only updated at runtime by TX NAPI poll.
* @tx_bd_tail: Stores the index of the next Tx buffer descriptor in the ring
* to be populated.
+ * @tx_packets: TX packet count for statistics
+ * @tx_bytes: TX byte count for statistics
+ * @tx_stat_sync: Synchronization object for TX stats
* @dma_err_task: Work structure to process Axi DMA errors
* @tx_irq: Axidma TX IRQ number
* @rx_irq: Axidma RX IRQ number
@@ -458,6 +464,9 @@ struct axienet_local {
dma_addr_t rx_bd_p;
u32 rx_bd_num;
u32 rx_bd_ci;
+ u64_stats_t rx_packets;
+ u64_stats_t rx_bytes;
+ struct u64_stats_sync rx_stat_sync;
struct napi_struct napi_tx;
u32 tx_dma_cr;
@@ -466,6 +475,9 @@ struct axienet_local {
u32 tx_bd_num;
u32 tx_bd_ci;
u32 tx_bd_tail;
+ u64_stats_t tx_packets;
+ u64_stats_t tx_bytes;
+ struct u64_stats_sync tx_stat_sync;
struct work_struct dma_err_task;
diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
index 1760930ec0c4..9262988d26a3 100644
--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
@@ -752,8 +752,10 @@ static int axienet_tx_poll(struct napi_struct *napi, int budget)
if (lp->tx_bd_ci >= lp->tx_bd_num)
lp->tx_bd_ci %= lp->tx_bd_num;
- ndev->stats.tx_packets += packets;
- ndev->stats.tx_bytes += size;
+ u64_stats_update_begin(&lp->tx_stat_sync);
+ u64_stats_add(&lp->tx_packets, packets);
+ u64_stats_add(&lp->tx_bytes, size);
+ u64_stats_update_end(&lp->tx_stat_sync);
/* Matches barrier in axienet_start_xmit */
smp_mb();
@@ -984,8 +986,10 @@ static int axienet_rx_poll(struct napi_struct *napi, int budget)
cur_p = &lp->rx_bd_v[lp->rx_bd_ci];
}
- lp->ndev->stats.rx_packets += packets;
- lp->ndev->stats.rx_bytes += size;
+ u64_stats_update_begin(&lp->rx_stat_sync);
+ u64_stats_add(&lp->rx_packets, packets);
+ u64_stats_add(&lp->rx_bytes, size);
+ u64_stats_update_end(&lp->rx_stat_sync);
if (tail_p)
axienet_dma_out_addr(lp, XAXIDMA_RX_TDESC_OFFSET, tail_p);
@@ -1292,10 +1296,32 @@ static int axienet_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
return phylink_mii_ioctl(lp->phylink, rq, cmd);
}
+static void
+axienet_get_stats64(struct net_device *dev, struct rtnl_link_stats64 *stats)
+{
+ struct axienet_local *lp = netdev_priv(dev);
+ unsigned int start;
+
+ netdev_stats_to_stats64(stats, &dev->stats);
+
+ do {
+ start = u64_stats_fetch_begin_irq(&lp->rx_stat_sync);
+ stats->rx_packets = u64_stats_read(&lp->rx_packets);
+ stats->rx_bytes = u64_stats_read(&lp->rx_bytes);
+ } while (u64_stats_fetch_retry_irq(&lp->rx_stat_sync, start));
+
+ do {
+ start = u64_stats_fetch_begin_irq(&lp->tx_stat_sync);
+ stats->tx_packets = u64_stats_read(&lp->tx_packets);
+ stats->tx_bytes = u64_stats_read(&lp->tx_bytes);
+ } while (u64_stats_fetch_retry_irq(&lp->tx_stat_sync, start));
+}
+
static const struct net_device_ops axienet_netdev_ops = {
.ndo_open = axienet_open,
.ndo_stop = axienet_stop,
.ndo_start_xmit = axienet_start_xmit,
+ .ndo_get_stats64 = axienet_get_stats64,
.ndo_change_mtu = axienet_change_mtu,
.ndo_set_mac_address = netdev_set_mac_address,
.ndo_validate_addr = eth_validate_addr,
@@ -1850,6 +1876,9 @@ static int axienet_probe(struct platform_device *pdev)
lp->rx_bd_num = RX_BD_NUM_DEFAULT;
lp->tx_bd_num = TX_BD_NUM_DEFAULT;
+ u64_stats_init(&lp->rx_stat_sync);
+ u64_stats_init(&lp->tx_stat_sync);
+
netif_napi_add(ndev, &lp->napi_rx, axienet_rx_poll, NAPI_POLL_WEIGHT);
netif_napi_add(ndev, &lp->napi_tx, axienet_tx_poll, NAPI_POLL_WEIGHT);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 695/862] net-next: Fix IP_UNICAST_IF option behavior for connected sockets
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (693 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 694/862] net: axienet: Switch to 64-bit RX/TX statistics Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 696/862] xfrm: Update ipcomp_scratches with NULL when freed Greg Kroah-Hartman
` (181 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Gobert, David Ahern,
Jakub Kicinski, Sasha Levin
From: Richard Gobert <richardbgobert@gmail.com>
[ Upstream commit 0e4d354762cefd3e16b4cff8988ff276e45effc4 ]
The IP_UNICAST_IF socket option is used to set the outgoing interface
for outbound packets.
The IP_UNICAST_IF socket option was added as it was needed by the
Wine project, since no other existing option (SO_BINDTODEVICE socket
option, IP_PKTINFO socket option or the bind function) provided the
needed characteristics needed by the IP_UNICAST_IF socket option. [1]
The IP_UNICAST_IF socket option works well for unconnected sockets,
that is, the interface specified by the IP_UNICAST_IF socket option
is taken into consideration in the route lookup process when a packet
is being sent. However, for connected sockets, the outbound interface
is chosen when connecting the socket, and in the route lookup process
which is done when a packet is being sent, the interface specified by
the IP_UNICAST_IF socket option is being ignored.
This inconsistent behavior was reported and discussed in an issue
opened on systemd's GitHub project [2]. Also, a bug report was
submitted in the kernel's bugzilla [3].
To understand the problem in more detail, we can look at what happens
for UDP packets over IPv4 (The same analysis was done separately in
the referenced systemd issue).
When a UDP packet is sent the udp_sendmsg function gets called and
the following happens:
1. The oif member of the struct ipcm_cookie ipc (which stores the
output interface of the packet) is initialized by the ipcm_init_sk
function to inet->sk.sk_bound_dev_if (the device set by the
SO_BINDTODEVICE socket option).
2. If the IP_PKTINFO socket option was set, the oif member gets
overridden by the call to the ip_cmsg_send function.
3. If no output interface was selected yet, the interface specified
by the IP_UNICAST_IF socket option is used.
4. If the socket is connected and no destination address is
specified in the send function, the struct ipcm_cookie ipc is not
taken into consideration and the cached route, that was calculated in
the connect function is being used.
Thus, for a connected socket, the IP_UNICAST_IF sockopt isn't taken
into consideration.
This patch corrects the behavior of the IP_UNICAST_IF socket option
for connect()ed sockets by taking into consideration the
IP_UNICAST_IF sockopt when connecting the socket.
In order to avoid reconnecting the socket, this option is still
ignored when applied on an already connected socket until connect()
is called again by the Richard Gobert.
Change the __ip4_datagram_connect function, which is called during
socket connection, to take into consideration the interface set by
the IP_UNICAST_IF socket option, in a similar way to what is done in
the udp_sendmsg function.
[1] https://lore.kernel.org/netdev/1328685717.4736.4.camel@edumazet-laptop/T/
[2] https://github.com/systemd/systemd/issues/11935#issuecomment-618691018
[3] https://bugzilla.kernel.org/show_bug.cgi?id=210255
Signed-off-by: Richard Gobert <richardbgobert@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20220829111554.GA1771@debian
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/datagram.c | 2 ++
tools/testing/selftests/net/fcnal-test.sh | 30 +++++++++++++++++++++++
tools/testing/selftests/net/nettest.c | 16 ++++++++++--
3 files changed, 46 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
index ffd57523331f..405a8c2aea64 100644
--- a/net/ipv4/datagram.c
+++ b/net/ipv4/datagram.c
@@ -42,6 +42,8 @@ int __ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len
oif = inet->mc_index;
if (!saddr)
saddr = inet->mc_addr;
+ } else if (!oif) {
+ oif = inet->uc_index;
}
fl4 = &inet->cork.fl.u.ip4;
rt = ip_route_connect(fl4, usin->sin_addr.s_addr, saddr, oif,
diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
index 03b586760164..31c3b6ebd388 100755
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -1466,6 +1466,13 @@ ipv4_udp_novrf()
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP}
log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF"
+ log_start
+ run_cmd_nsb nettest -D -s &
+ sleep 1
+ run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U
+ log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()"
+
+
log_start
show_hint "Should fail 'Connection refused'"
run_cmd nettest -D -r ${a}
@@ -1525,6 +1532,13 @@ ipv4_udp_novrf()
run_cmd nettest -D -d ${NSA_DEV} -S -r ${a}
log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection"
+ log_start
+ run_cmd nettest -s -D &
+ sleep 1
+ run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U
+ log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
+
+
# IPv4 with device bind has really weird behavior - it overrides the
# fib lookup, generates an rtable and tries to send the packet. This
# causes failures for local traffic at different places
@@ -1550,6 +1564,15 @@ ipv4_udp_novrf()
sleep 1
run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S
log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
+
+ log_start
+ show_hint "Should fail since addresses on loopback are out of device scope"
+ run_cmd nettest -D -s &
+ sleep 1
+ run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U
+ log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
+
+
done
a=${NSA_IP}
@@ -3157,6 +3180,13 @@ ipv6_udp_novrf()
sleep 1
run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S
log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection"
+
+ log_start
+ show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope"
+ run_cmd nettest -6 -D -s &
+ sleep 1
+ run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U
+ log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()"
done
a=${NSA_IP6}
diff --git a/tools/testing/selftests/net/nettest.c b/tools/testing/selftests/net/nettest.c
index d9a6fd2cd9d3..7900fa98eccb 100644
--- a/tools/testing/selftests/net/nettest.c
+++ b/tools/testing/selftests/net/nettest.c
@@ -127,6 +127,9 @@ struct sock_args {
/* ESP in UDP encap test */
int use_xfrm;
+
+ /* use send() and connect() instead of sendto */
+ int datagram_connect;
};
static int server_mode;
@@ -979,6 +982,11 @@ static int send_msg(int sd, void *addr, socklen_t alen, struct sock_args *args)
log_err_errno("write failed sending msg to peer");
return 1;
}
+ } else if (args->datagram_connect) {
+ if (send(sd, msg, msglen, 0) < 0) {
+ log_err_errno("send failed sending msg to peer");
+ return 1;
+ }
} else if (args->ifindex && args->use_cmsg) {
if (send_msg_cmsg(sd, addr, alen, args->ifindex, args->version))
return 1;
@@ -1659,7 +1667,7 @@ static int connectsock(void *addr, socklen_t alen, struct sock_args *args)
if (args->has_local_ip && bind_socket(sd, args))
goto err;
- if (args->type != SOCK_STREAM)
+ if (args->type != SOCK_STREAM && !args->datagram_connect)
goto out;
if (args->password && tcp_md5sig(sd, addr, alen, args))
@@ -1854,7 +1862,7 @@ static int ipc_parent(int cpid, int fd, struct sock_args *args)
return client_status;
}
-#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:d:I:BN:O:SCi6xL:0:1:2:3:Fbqf"
+#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:d:I:BN:O:SUCi6xL:0:1:2:3:Fbqf"
#define OPT_FORCE_BIND_KEY_IFINDEX 1001
#define OPT_NO_BIND_KEY_IFINDEX 1002
@@ -1891,6 +1899,7 @@ static void print_usage(char *prog)
" -I dev bind socket to given device name - server mode\n"
" -S use setsockopt (IP_UNICAST_IF or IP_MULTICAST_IF)\n"
" to set device binding\n"
+ " -U Use connect() and send() for datagram sockets\n"
" -f bind socket with the IP[V6]_FREEBIND option\n"
" -C use cmsg and IP_PKTINFO to specify device binding\n"
"\n"
@@ -2074,6 +2083,9 @@ int main(int argc, char *argv[])
case 'x':
args.use_xfrm = 1;
break;
+ case 'U':
+ args.datagram_connect = 1;
+ break;
default:
print_usage(argv[0]);
return 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 696/862] xfrm: Update ipcomp_scratches with NULL when freed
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (694 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 695/862] net-next: Fix IP_UNICAST_IF option behavior for connected sockets Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 697/862] wifi: ath11k: Register shutdown handler for WCN6750 Greg Kroah-Hartman
` (180 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Herbert Xu,
syzbot+5ec9bb042ddfe9644773, Khalid Masum, Steffen Klassert,
Sasha Levin
From: Khalid Masum <khalid.masum.92@gmail.com>
[ Upstream commit 8a04d2fc700f717104bfb95b0f6694e448a4537f ]
Currently if ipcomp_alloc_scratches() fails to allocate memory
ipcomp_scratches holds obsolete address. So when we try to free the
percpu scratches using ipcomp_free_scratches() it tries to vfree non
existent vm area. Described below:
static void * __percpu *ipcomp_alloc_scratches(void)
{
...
scratches = alloc_percpu(void *);
if (!scratches)
return NULL;
ipcomp_scratches does not know about this allocation failure.
Therefore holding the old obsolete address.
...
}
So when we free,
static void ipcomp_free_scratches(void)
{
...
scratches = ipcomp_scratches;
Assigning obsolete address from ipcomp_scratches
if (!scratches)
return;
for_each_possible_cpu(i)
vfree(*per_cpu_ptr(scratches, i));
Trying to free non existent page, causing warning: trying to vfree
existent vm area.
...
}
Fix this breakage by updating ipcomp_scrtches with NULL when scratches
is freed
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Reported-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com
Tested-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com
Signed-off-by: Khalid Masum <khalid.masum.92@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_ipcomp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index cb40ff0ff28d..92ad336a83ab 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -203,6 +203,7 @@ static void ipcomp_free_scratches(void)
vfree(*per_cpu_ptr(scratches, i));
free_percpu(scratches);
+ ipcomp_scratches = NULL;
}
static void * __percpu *ipcomp_alloc_scratches(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 697/862] wifi: ath11k: Register shutdown handler for WCN6750
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (695 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 696/862] xfrm: Update ipcomp_scratches with NULL when freed Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 698/862] rtw89: ser: leave lps with mutex Greg Kroah-Hartman
` (179 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manikanta Pubbisetty, Kalle Valo,
Sasha Levin
From: Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
[ Upstream commit ac41c2b642b136a1e633379fcb87a9db0ee07f5b ]
When the system shuts down, SMMU driver will be stopped and
will not assist in IOVA translations. SMMU driver expects all
of its consumers to shutdown before shutting down itself.
WCN6750 being one of the consumer device should not perform any
DMA operations after the SMMU has shutdown which will otherwise
result in SMMU faults.
SMMU driver will call the shutdown() callback of all its
consumer devices and the consumers shall stop further DMA
activity after the invocation of their respective shutdown()
callbacks.
Register the shutdown() callback to the platform core for WCN6750.
Change will not impact other AHB ath11k devices.
Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1
Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220720134710.15523-1-quic_mpubbise@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/ahb.c | 58 ++++++++++++++++++++------
drivers/net/wireless/ath/ath11k/core.c | 2 +
2 files changed, 47 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/ahb.c b/drivers/net/wireless/ath/ath11k/ahb.c
index c47414710138..911eee9646a4 100644
--- a/drivers/net/wireless/ath/ath11k/ahb.c
+++ b/drivers/net/wireless/ath/ath11k/ahb.c
@@ -1088,20 +1088,10 @@ static int ath11k_ahb_probe(struct platform_device *pdev)
return ret;
}
-static int ath11k_ahb_remove(struct platform_device *pdev)
+static void ath11k_ahb_remove_prepare(struct ath11k_base *ab)
{
- struct ath11k_base *ab = platform_get_drvdata(pdev);
unsigned long left;
- if (test_bit(ATH11K_FLAG_QMI_FAIL, &ab->dev_flags)) {
- ath11k_ahb_power_down(ab);
- ath11k_debugfs_soc_destroy(ab);
- ath11k_qmi_deinit_service(ab);
- goto qmi_fail;
- }
-
- reinit_completion(&ab->driver_recovery);
-
if (test_bit(ATH11K_FLAG_RECOVERY, &ab->dev_flags)) {
left = wait_for_completion_timeout(&ab->driver_recovery,
ATH11K_AHB_RECOVERY_TIMEOUT);
@@ -1111,19 +1101,60 @@ static int ath11k_ahb_remove(struct platform_device *pdev)
set_bit(ATH11K_FLAG_UNREGISTERING, &ab->dev_flags);
cancel_work_sync(&ab->restart_work);
+ cancel_work_sync(&ab->qmi.event_work);
+}
+
+static void ath11k_ahb_free_resources(struct ath11k_base *ab)
+{
+ struct platform_device *pdev = ab->pdev;
- ath11k_core_deinit(ab);
-qmi_fail:
ath11k_ahb_free_irq(ab);
ath11k_hal_srng_deinit(ab);
ath11k_ahb_fw_resource_deinit(ab);
ath11k_ce_free_pipes(ab);
ath11k_core_free(ab);
platform_set_drvdata(pdev, NULL);
+}
+
+static int ath11k_ahb_remove(struct platform_device *pdev)
+{
+ struct ath11k_base *ab = platform_get_drvdata(pdev);
+
+ if (test_bit(ATH11K_FLAG_QMI_FAIL, &ab->dev_flags)) {
+ ath11k_ahb_power_down(ab);
+ ath11k_debugfs_soc_destroy(ab);
+ ath11k_qmi_deinit_service(ab);
+ goto qmi_fail;
+ }
+
+ ath11k_ahb_remove_prepare(ab);
+ ath11k_core_deinit(ab);
+
+qmi_fail:
+ ath11k_ahb_free_resources(ab);
return 0;
}
+static void ath11k_ahb_shutdown(struct platform_device *pdev)
+{
+ struct ath11k_base *ab = platform_get_drvdata(pdev);
+
+ /* platform shutdown() & remove() are mutually exclusive.
+ * remove() is invoked during rmmod & shutdown() during
+ * system reboot/shutdown.
+ */
+ ath11k_ahb_remove_prepare(ab);
+
+ if (!(test_bit(ATH11K_FLAG_REGISTERED, &ab->dev_flags)))
+ goto free_resources;
+
+ ath11k_core_deinit(ab);
+
+free_resources:
+ ath11k_ahb_free_resources(ab);
+}
+
static struct platform_driver ath11k_ahb_driver = {
.driver = {
.name = "ath11k",
@@ -1131,6 +1162,7 @@ static struct platform_driver ath11k_ahb_driver = {
},
.probe = ath11k_ahb_probe,
.remove = ath11k_ahb_remove,
+ .shutdown = ath11k_ahb_shutdown,
};
static int ath11k_ahb_init(void)
diff --git a/drivers/net/wireless/ath/ath11k/core.c b/drivers/net/wireless/ath/ath11k/core.c
index c3e9e4f7bc24..9df6aaae8a44 100644
--- a/drivers/net/wireless/ath/ath11k/core.c
+++ b/drivers/net/wireless/ath/ath11k/core.c
@@ -1563,6 +1563,8 @@ static void ath11k_core_pre_reconfigure_recovery(struct ath11k_base *ab)
wake_up(&ab->wmi_ab.tx_credits_wq);
wake_up(&ab->peer_mapping_wq);
+
+ reinit_completion(&ab->driver_recovery);
}
static void ath11k_core_post_reconfigure_recovery(struct ath11k_base *ab)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 698/862] rtw89: ser: leave lps with mutex
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (696 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 697/862] wifi: ath11k: Register shutdown handler for WCN6750 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 699/862] net: ftmac100: fix endianness-related issues from sparse Greg Kroah-Hartman
` (178 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zong-Zhe Yang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Zong-Zhe Yang <kevin_yang@realtek.com>
[ Upstream commit 8676031bae1c91037d06341214f4150b33707c68 ]
Calling rtw89_leave_lps() should hold rtwdev::mutex.
So, fix it.
Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220704023453.19935-5-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/ser.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/realtek/rtw89/ser.c b/drivers/net/wireless/realtek/rtw89/ser.c
index 726223f25dc6..7240364e8f7d 100644
--- a/drivers/net/wireless/realtek/rtw89/ser.c
+++ b/drivers/net/wireless/realtek/rtw89/ser.c
@@ -152,7 +152,10 @@ static void ser_state_run(struct rtw89_ser *ser, u8 evt)
rtw89_debug(rtwdev, RTW89_DBG_SER, "ser: %s receive %s\n",
ser_st_name(ser), ser_ev_name(ser, evt));
+ mutex_lock(&rtwdev->mutex);
rtw89_leave_lps(rtwdev);
+ mutex_unlock(&rtwdev->mutex);
+
ser->st_tbl[ser->state].st_func(ser, evt);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 699/862] net: ftmac100: fix endianness-related issues from sparse
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (697 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 698/862] rtw89: ser: leave lps with mutex Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 700/862] iavf: Fix race between iavf_close and iavf_reset_task Greg Kroah-Hartman
` (177 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergei Antonov, Andrew Lunn,
Paolo Abeni, Sasha Levin
From: Sergei Antonov <saproj@gmail.com>
[ Upstream commit 9df696b3b3a4c96c3219eb87c7bf03fb50e490b8 ]
Sparse found a number of endianness-related issues of these kinds:
.../ftmac100.c:192:32: warning: restricted __le32 degrades to integer
.../ftmac100.c:208:23: warning: incorrect type in assignment (different base types)
.../ftmac100.c:208:23: expected unsigned int rxdes0
.../ftmac100.c:208:23: got restricted __le32 [usertype]
.../ftmac100.c:249:23: warning: invalid assignment: &=
.../ftmac100.c:249:23: left side has type unsigned int
.../ftmac100.c:249:23: right side has type restricted __le32
.../ftmac100.c:527:16: warning: cast to restricted __le32
Change type of some fields from 'unsigned int' to '__le32' to fix it.
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220902113749.1408562-1-saproj@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/faraday/ftmac100.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/faraday/ftmac100.h b/drivers/net/ethernet/faraday/ftmac100.h
index fe986f1673fc..8af32f9070f4 100644
--- a/drivers/net/ethernet/faraday/ftmac100.h
+++ b/drivers/net/ethernet/faraday/ftmac100.h
@@ -122,9 +122,9 @@
* Transmit descriptor, aligned to 16 bytes
*/
struct ftmac100_txdes {
- unsigned int txdes0;
- unsigned int txdes1;
- unsigned int txdes2; /* TXBUF_BADR */
+ __le32 txdes0;
+ __le32 txdes1;
+ __le32 txdes2; /* TXBUF_BADR */
unsigned int txdes3; /* not used by HW */
} __attribute__ ((aligned(16)));
@@ -143,9 +143,9 @@ struct ftmac100_txdes {
* Receive descriptor, aligned to 16 bytes
*/
struct ftmac100_rxdes {
- unsigned int rxdes0;
- unsigned int rxdes1;
- unsigned int rxdes2; /* RXBUF_BADR */
+ __le32 rxdes0;
+ __le32 rxdes1;
+ __le32 rxdes2; /* RXBUF_BADR */
unsigned int rxdes3; /* not used by HW */
} __attribute__ ((aligned(16)));
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 700/862] iavf: Fix race between iavf_close and iavf_reset_task
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (698 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 699/862] net: ftmac100: fix endianness-related issues from sparse Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 701/862] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Greg Kroah-Hartman
` (176 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Jaron, Mateusz Palczewski,
Konrad Jankowski, Tony Nguyen, Sasha Levin
From: Michal Jaron <michalx.jaron@intel.com>
[ Upstream commit 11c12adcbc1598d91e73ab6ddfa41d25a01478ed ]
During stress tests with adding VF to namespace and changing vf's
trust there was a race between iavf_reset_task and iavf_close.
Sometimes when IAVF_FLAG_AQ_DISABLE_QUEUES from iavf_close was sent
to PF after reset and before IAVF_AQ_GET_CONFIG was sent then PF
returns error IAVF_NOT_SUPPORTED to disable queues request and
following requests. There is need to get_config before other
aq_required will be send but iavf_close clears all flags, if
get_config was not sent before iavf_close, then it will not be send
at all.
In case when IAVF_FLAG_AQ_GET_OFFLOAD_VLAN_V2_CAPS was sent before
IAVF_FLAG_AQ_DISABLE_QUEUES then there was rtnl_lock deadlock
between iavf_close and iavf_adminq_task until iavf_close timeouts
and disable queues was sent after iavf_close ends.
There was also a problem with sending delete/add filters.
Sometimes when filters was not yet added to PF and in
iavf_close all filters was set to remove there might be a try
to remove nonexistent filters on PF.
Add aq_required_tmp to save aq_required flags and send them after
disable_queues will be handled. Clear flags given to iavf_down
different than IAVF_FLAG_AQ_GET_CONFIG as this flag is necessary
to sent other aq_required. Remove some flags that we don't
want to send as we are in iavf_close and we want to disable
interface. Remove filters which was not yet sent and send del
filters flags only when there are filters to remove.
Signed-off-by: Michal Jaron <michalx.jaron@intel.com>
Signed-off-by: Mateusz Palczewski <mateusz.palczewski@intel.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf_main.c | 177 ++++++++++++++++----
1 file changed, 141 insertions(+), 36 deletions(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index 0c89f16bf1e2..79fef8c59d65 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -1267,66 +1267,138 @@ static void iavf_up_complete(struct iavf_adapter *adapter)
}
/**
- * iavf_down - Shutdown the connection processing
+ * iavf_clear_mac_vlan_filters - Remove mac and vlan filters not sent to PF
+ * yet and mark other to be removed.
* @adapter: board private structure
- *
- * Expects to be called while holding the __IAVF_IN_CRITICAL_TASK bit lock.
**/
-void iavf_down(struct iavf_adapter *adapter)
+static void iavf_clear_mac_vlan_filters(struct iavf_adapter *adapter)
{
- struct net_device *netdev = adapter->netdev;
- struct iavf_vlan_filter *vlf;
- struct iavf_cloud_filter *cf;
- struct iavf_fdir_fltr *fdir;
- struct iavf_mac_filter *f;
- struct iavf_adv_rss *rss;
-
- if (adapter->state <= __IAVF_DOWN_PENDING)
- return;
-
- netif_carrier_off(netdev);
- netif_tx_disable(netdev);
- adapter->link_up = false;
- iavf_napi_disable_all(adapter);
- iavf_irq_disable(adapter);
+ struct iavf_vlan_filter *vlf, *vlftmp;
+ struct iavf_mac_filter *f, *ftmp;
spin_lock_bh(&adapter->mac_vlan_list_lock);
-
/* clear the sync flag on all filters */
__dev_uc_unsync(adapter->netdev, NULL);
__dev_mc_unsync(adapter->netdev, NULL);
/* remove all MAC filters */
- list_for_each_entry(f, &adapter->mac_filter_list, list) {
- f->remove = true;
+ list_for_each_entry_safe(f, ftmp, &adapter->mac_filter_list,
+ list) {
+ if (f->add) {
+ list_del(&f->list);
+ kfree(f);
+ } else {
+ f->remove = true;
+ }
}
/* remove all VLAN filters */
- list_for_each_entry(vlf, &adapter->vlan_filter_list, list) {
- vlf->remove = true;
+ list_for_each_entry_safe(vlf, vlftmp, &adapter->vlan_filter_list,
+ list) {
+ if (vlf->add) {
+ list_del(&vlf->list);
+ kfree(vlf);
+ } else {
+ vlf->remove = true;
+ }
}
-
spin_unlock_bh(&adapter->mac_vlan_list_lock);
+}
+
+/**
+ * iavf_clear_cloud_filters - Remove cloud filters not sent to PF yet and
+ * mark other to be removed.
+ * @adapter: board private structure
+ **/
+static void iavf_clear_cloud_filters(struct iavf_adapter *adapter)
+{
+ struct iavf_cloud_filter *cf, *cftmp;
/* remove all cloud filters */
spin_lock_bh(&adapter->cloud_filter_list_lock);
- list_for_each_entry(cf, &adapter->cloud_filter_list, list) {
- cf->del = true;
+ list_for_each_entry_safe(cf, cftmp, &adapter->cloud_filter_list,
+ list) {
+ if (cf->add) {
+ list_del(&cf->list);
+ kfree(cf);
+ adapter->num_cloud_filters--;
+ } else {
+ cf->del = true;
+ }
}
spin_unlock_bh(&adapter->cloud_filter_list_lock);
+}
+
+/**
+ * iavf_clear_fdir_filters - Remove fdir filters not sent to PF yet and mark
+ * other to be removed.
+ * @adapter: board private structure
+ **/
+static void iavf_clear_fdir_filters(struct iavf_adapter *adapter)
+{
+ struct iavf_fdir_fltr *fdir, *fdirtmp;
/* remove all Flow Director filters */
spin_lock_bh(&adapter->fdir_fltr_lock);
- list_for_each_entry(fdir, &adapter->fdir_list_head, list) {
- fdir->state = IAVF_FDIR_FLTR_DEL_REQUEST;
+ list_for_each_entry_safe(fdir, fdirtmp, &adapter->fdir_list_head,
+ list) {
+ if (fdir->state == IAVF_FDIR_FLTR_ADD_REQUEST) {
+ list_del(&fdir->list);
+ kfree(fdir);
+ adapter->fdir_active_fltr--;
+ } else {
+ fdir->state = IAVF_FDIR_FLTR_DEL_REQUEST;
+ }
}
spin_unlock_bh(&adapter->fdir_fltr_lock);
+}
+
+/**
+ * iavf_clear_adv_rss_conf - Remove adv rss conf not sent to PF yet and mark
+ * other to be removed.
+ * @adapter: board private structure
+ **/
+static void iavf_clear_adv_rss_conf(struct iavf_adapter *adapter)
+{
+ struct iavf_adv_rss *rss, *rsstmp;
/* remove all advance RSS configuration */
spin_lock_bh(&adapter->adv_rss_lock);
- list_for_each_entry(rss, &adapter->adv_rss_list_head, list)
- rss->state = IAVF_ADV_RSS_DEL_REQUEST;
+ list_for_each_entry_safe(rss, rsstmp, &adapter->adv_rss_list_head,
+ list) {
+ if (rss->state == IAVF_ADV_RSS_ADD_REQUEST) {
+ list_del(&rss->list);
+ kfree(rss);
+ } else {
+ rss->state = IAVF_ADV_RSS_DEL_REQUEST;
+ }
+ }
spin_unlock_bh(&adapter->adv_rss_lock);
+}
+
+/**
+ * iavf_down - Shutdown the connection processing
+ * @adapter: board private structure
+ *
+ * Expects to be called while holding the __IAVF_IN_CRITICAL_TASK bit lock.
+ **/
+void iavf_down(struct iavf_adapter *adapter)
+{
+ struct net_device *netdev = adapter->netdev;
+
+ if (adapter->state <= __IAVF_DOWN_PENDING)
+ return;
+
+ netif_carrier_off(netdev);
+ netif_tx_disable(netdev);
+ adapter->link_up = false;
+ iavf_napi_disable_all(adapter);
+ iavf_irq_disable(adapter);
+
+ iavf_clear_mac_vlan_filters(adapter);
+ iavf_clear_cloud_filters(adapter);
+ iavf_clear_fdir_filters(adapter);
+ iavf_clear_adv_rss_conf(adapter);
if (!(adapter->flags & IAVF_FLAG_PF_COMMS_FAILED)) {
/* cancel any current operation */
@@ -1335,11 +1407,16 @@ void iavf_down(struct iavf_adapter *adapter)
* here for this to complete. The watchdog is still running
* and it will take care of this.
*/
- adapter->aq_required = IAVF_FLAG_AQ_DEL_MAC_FILTER;
- adapter->aq_required |= IAVF_FLAG_AQ_DEL_VLAN_FILTER;
- adapter->aq_required |= IAVF_FLAG_AQ_DEL_CLOUD_FILTER;
- adapter->aq_required |= IAVF_FLAG_AQ_DEL_FDIR_FILTER;
- adapter->aq_required |= IAVF_FLAG_AQ_DEL_ADV_RSS_CFG;
+ if (!list_empty(&adapter->mac_filter_list))
+ adapter->aq_required |= IAVF_FLAG_AQ_DEL_MAC_FILTER;
+ if (!list_empty(&adapter->vlan_filter_list))
+ adapter->aq_required |= IAVF_FLAG_AQ_DEL_VLAN_FILTER;
+ if (!list_empty(&adapter->cloud_filter_list))
+ adapter->aq_required |= IAVF_FLAG_AQ_DEL_CLOUD_FILTER;
+ if (!list_empty(&adapter->fdir_list_head))
+ adapter->aq_required |= IAVF_FLAG_AQ_DEL_FDIR_FILTER;
+ if (!list_empty(&adapter->adv_rss_list_head))
+ adapter->aq_required |= IAVF_FLAG_AQ_DEL_ADV_RSS_CFG;
adapter->aq_required |= IAVF_FLAG_AQ_DISABLE_QUEUES;
}
@@ -4178,6 +4255,7 @@ static int iavf_open(struct net_device *netdev)
static int iavf_close(struct net_device *netdev)
{
struct iavf_adapter *adapter = netdev_priv(netdev);
+ u64 aq_to_restore;
int status;
mutex_lock(&adapter->crit_lock);
@@ -4190,6 +4268,29 @@ static int iavf_close(struct net_device *netdev)
set_bit(__IAVF_VSI_DOWN, adapter->vsi.state);
if (CLIENT_ENABLED(adapter))
adapter->flags |= IAVF_FLAG_CLIENT_NEEDS_CLOSE;
+ /* We cannot send IAVF_FLAG_AQ_GET_OFFLOAD_VLAN_V2_CAPS before
+ * IAVF_FLAG_AQ_DISABLE_QUEUES because in such case there is rtnl
+ * deadlock with adminq_task() until iavf_close timeouts. We must send
+ * IAVF_FLAG_AQ_GET_CONFIG before IAVF_FLAG_AQ_DISABLE_QUEUES to make
+ * disable queues possible for vf. Give only necessary flags to
+ * iavf_down and save other to set them right before iavf_close()
+ * returns, when IAVF_FLAG_AQ_DISABLE_QUEUES will be already sent and
+ * iavf will be in DOWN state.
+ */
+ aq_to_restore = adapter->aq_required;
+ adapter->aq_required &= IAVF_FLAG_AQ_GET_CONFIG;
+
+ /* Remove flags which we do not want to send after close or we want to
+ * send before disable queues.
+ */
+ aq_to_restore &= ~(IAVF_FLAG_AQ_GET_CONFIG |
+ IAVF_FLAG_AQ_ENABLE_QUEUES |
+ IAVF_FLAG_AQ_CONFIGURE_QUEUES |
+ IAVF_FLAG_AQ_ADD_VLAN_FILTER |
+ IAVF_FLAG_AQ_ADD_MAC_FILTER |
+ IAVF_FLAG_AQ_ADD_CLOUD_FILTER |
+ IAVF_FLAG_AQ_ADD_FDIR_FILTER |
+ IAVF_FLAG_AQ_ADD_ADV_RSS_CFG);
iavf_down(adapter);
iavf_change_state(adapter, __IAVF_DOWN_PENDING);
@@ -4213,6 +4314,10 @@ static int iavf_close(struct net_device *netdev)
msecs_to_jiffies(500));
if (!status)
netdev_warn(netdev, "Device resources not yet released\n");
+
+ mutex_lock(&adapter->crit_lock);
+ adapter->aq_required |= aq_to_restore;
+ mutex_unlock(&adapter->crit_lock);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 701/862] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (699 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 700/862] iavf: Fix race between iavf_close and iavf_reset_task Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 702/862] Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk Greg Kroah-Hartman
` (175 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Coffin, Kalle Valo, Sasha Levin
From: Alexander Coffin <alex.coffin@matician.com>
[ Upstream commit 3f42faf6db431e04bf942d2ebe3ae88975723478 ]
> ret = brcmf_proto_tx_queue_data(drvr, ifp->ifidx, skb);
may be schedule, and then complete before the line
> ndev->stats.tx_bytes += skb->len;
[ 46.912801] ==================================================================
[ 46.920552] BUG: KASAN: use-after-free in brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]
[ 46.928673] Read of size 4 at addr ffffff803f5882e8 by task systemd-resolve/328
[ 46.935991]
[ 46.937514] CPU: 1 PID: 328 Comm: systemd-resolve Tainted: G O 5.4.199-[REDACTED] #1
[ 46.947255] Hardware name: [REDACTED]
[ 46.954568] Call trace:
[ 46.957037] dump_backtrace+0x0/0x2b8
[ 46.960719] show_stack+0x24/0x30
[ 46.964052] dump_stack+0x128/0x194
[ 46.967557] print_address_description.isra.0+0x64/0x380
[ 46.972877] __kasan_report+0x1d4/0x240
[ 46.976723] kasan_report+0xc/0x18
[ 46.980138] __asan_report_load4_noabort+0x18/0x20
[ 46.985027] brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]
[ 46.990613] dev_hard_start_xmit+0x1bc/0xda0
[ 46.994894] sch_direct_xmit+0x198/0xd08
[ 46.998827] __qdisc_run+0x37c/0x1dc0
[ 47.002500] __dev_queue_xmit+0x1528/0x21f8
[ 47.006692] dev_queue_xmit+0x24/0x30
[ 47.010366] neigh_resolve_output+0x37c/0x678
[ 47.014734] ip_finish_output2+0x598/0x2458
[ 47.018927] __ip_finish_output+0x300/0x730
[ 47.023118] ip_output+0x2e0/0x430
[ 47.026530] ip_local_out+0x90/0x140
[ 47.030117] igmpv3_sendpack+0x14c/0x228
[ 47.034049] igmpv3_send_cr+0x384/0x6b8
[ 47.037895] igmp_ifc_timer_expire+0x4c/0x118
[ 47.042262] call_timer_fn+0x1cc/0xbe8
[ 47.046021] __run_timers+0x4d8/0xb28
[ 47.049693] run_timer_softirq+0x24/0x40
[ 47.053626] __do_softirq+0x2c0/0x117c
[ 47.057387] irq_exit+0x2dc/0x388
[ 47.060715] __handle_domain_irq+0xb4/0x158
[ 47.064908] gic_handle_irq+0x58/0xb0
[ 47.068581] el0_irq_naked+0x50/0x5c
[ 47.072162]
[ 47.073665] Allocated by task 328:
[ 47.077083] save_stack+0x24/0xb0
[ 47.080410] __kasan_kmalloc.isra.0+0xc0/0xe0
[ 47.084776] kasan_slab_alloc+0x14/0x20
[ 47.088622] kmem_cache_alloc+0x15c/0x468
[ 47.092643] __alloc_skb+0xa4/0x498
[ 47.096142] igmpv3_newpack+0x158/0xd78
[ 47.099987] add_grhead+0x210/0x288
[ 47.103485] add_grec+0x6b0/0xb70
[ 47.106811] igmpv3_send_cr+0x2e0/0x6b8
[ 47.110657] igmp_ifc_timer_expire+0x4c/0x118
[ 47.115027] call_timer_fn+0x1cc/0xbe8
[ 47.118785] __run_timers+0x4d8/0xb28
[ 47.122457] run_timer_softirq+0x24/0x40
[ 47.126389] __do_softirq+0x2c0/0x117c
[ 47.130142]
[ 47.131643] Freed by task 180:
[ 47.134712] save_stack+0x24/0xb0
[ 47.138041] __kasan_slab_free+0x108/0x180
[ 47.142146] kasan_slab_free+0x10/0x18
[ 47.145904] slab_free_freelist_hook+0xa4/0x1b0
[ 47.150444] kmem_cache_free+0x8c/0x528
[ 47.154292] kfree_skbmem+0x94/0x108
[ 47.157880] consume_skb+0x10c/0x5a8
[ 47.161466] __dev_kfree_skb_any+0x88/0xa0
[ 47.165598] brcmu_pkt_buf_free_skb+0x44/0x68 [brcmutil]
[ 47.171023] brcmf_txfinalize+0xec/0x190 [brcmfmac]
[ 47.176016] brcmf_proto_bcdc_txcomplete+0x1c0/0x210 [brcmfmac]
[ 47.182056] brcmf_sdio_sendfromq+0x8dc/0x1e80 [brcmfmac]
[ 47.187568] brcmf_sdio_dpc+0xb48/0x2108 [brcmfmac]
[ 47.192529] brcmf_sdio_dataworker+0xc8/0x238 [brcmfmac]
[ 47.197859] process_one_work+0x7fc/0x1a80
[ 47.201965] worker_thread+0x31c/0xc40
[ 47.205726] kthread+0x2d8/0x370
[ 47.208967] ret_from_fork+0x10/0x18
[ 47.212546]
[ 47.214051] The buggy address belongs to the object at ffffff803f588280
[ 47.214051] which belongs to the cache skbuff_head_cache of size 208
[ 47.227086] The buggy address is located 104 bytes inside of
[ 47.227086] 208-byte region [ffffff803f588280, ffffff803f588350)
[ 47.238814] The buggy address belongs to the page:
[ 47.243618] page:ffffffff00dd6200 refcount:1 mapcount:0 mapping:ffffff804b6bf800 index:0xffffff803f589900 compound_mapcount: 0
[ 47.255007] flags: 0x10200(slab|head)
[ 47.258689] raw: 0000000000010200 ffffffff00dfa980 0000000200000002 ffffff804b6bf800
[ 47.266439] raw: ffffff803f589900 0000000080190018 00000001ffffffff 0000000000000000
[ 47.274180] page dumped because: kasan: bad access detected
[ 47.279752]
[ 47.281251] Memory state around the buggy address:
[ 47.286051] ffffff803f588180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.293277] ffffff803f588200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 47.300502] >ffffff803f588280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.307723] ^
[ 47.314343] ffffff803f588300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc
[ 47.321569] ffffff803f588380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 47.328789] ==================================================================
Signed-off-by: Alexander Coffin <alex.coffin@matician.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220808174925.3922558-1-alex.coffin@matician.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
index bd164a0821f9..ca95b02962ef 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
@@ -292,6 +292,7 @@ static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb,
struct brcmf_pub *drvr = ifp->drvr;
struct ethhdr *eh;
int head_delta;
+ unsigned int tx_bytes = skb->len;
brcmf_dbg(DATA, "Enter, bsscfgidx=%d\n", ifp->bsscfgidx);
@@ -366,7 +367,7 @@ static netdev_tx_t brcmf_netdev_start_xmit(struct sk_buff *skb,
ndev->stats.tx_dropped++;
} else {
ndev->stats.tx_packets++;
- ndev->stats.tx_bytes += skb->len;
+ ndev->stats.tx_bytes += tx_bytes;
}
/* Return ok: we always eat the packet */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 702/862] Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (700 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 701/862] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 703/862] regulator: core: Prevent integer underflow Greg Kroah-Hartman
` (174 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kiran K, Chethan T N,
Luiz Augusto von Dentz, Sasha Levin
From: Kiran K <kiran.k@intel.com>
[ Upstream commit dd0a1794f4334ddbf9b7c5e7d642aaffff38c69b ]
HarrrisonPeak, CyclonePeak, SnowFieldPeak and SandyPeak controllers
are marked to support HCI_QUIRK_LE_STATES.
Signed-off-by: Kiran K <kiran.k@intel.com>
Signed-off-by: Chethan T N <chethan.tumkur.narayan@intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btintel.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c
index 818681c89db8..d44a96667517 100644
--- a/drivers/bluetooth/btintel.c
+++ b/drivers/bluetooth/btintel.c
@@ -2439,15 +2439,20 @@ static int btintel_setup_combined(struct hci_dev *hdev)
INTEL_ROM_LEGACY_NO_WBS_SUPPORT))
set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
&hdev->quirks);
+ if (ver.hw_variant == 0x08 && ver.fw_variant == 0x22)
+ set_bit(HCI_QUIRK_VALID_LE_STATES,
+ &hdev->quirks);
err = btintel_legacy_rom_setup(hdev, &ver);
break;
case 0x0b: /* SfP */
- case 0x0c: /* WsP */
case 0x11: /* JfP */
case 0x12: /* ThP */
case 0x13: /* HrP */
case 0x14: /* CcP */
+ set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
+ fallthrough;
+ case 0x0c: /* WsP */
/* Apply the device specific HCI quirks
*
* All Legacy bootloader devices support WBS
@@ -2455,11 +2460,6 @@ static int btintel_setup_combined(struct hci_dev *hdev)
set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
&hdev->quirks);
- /* Valid LE States quirk for JfP/ThP familiy */
- if (ver.hw_variant == 0x11 || ver.hw_variant == 0x12)
- set_bit(HCI_QUIRK_VALID_LE_STATES,
- &hdev->quirks);
-
/* Setup MSFT Extension support */
btintel_set_msft_opcode(hdev, ver.hw_variant);
@@ -2530,9 +2530,8 @@ static int btintel_setup_combined(struct hci_dev *hdev)
*/
set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks);
- /* Valid LE States quirk for JfP/ThP familiy */
- if (ver.hw_variant == 0x11 || ver.hw_variant == 0x12)
- set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
+ /* Set Valid LE States quirk */
+ set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks);
/* Setup MSFT Extension support */
btintel_set_msft_opcode(hdev, ver.hw_variant);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 703/862] regulator: core: Prevent integer underflow
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (701 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 702/862] Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 704/862] wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() Greg Kroah-Hartman
` (173 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrick Rudolph, Mark Brown, Sasha Levin
From: Patrick Rudolph <patrick.rudolph@9elements.com>
[ Upstream commit 8d8e16592022c9650df8aedfe6552ed478d7135b ]
By using a ratio of delay to poll_enabled_time that is not integer
time_remaining underflows and does not exit the loop as expected.
As delay could be derived from DT and poll_enabled_time is defined
in the driver this can easily happen.
Use a signed iterator to make sure that the loop exits once
the remaining time is negative.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Link: https://lore.kernel.org/r/20220909125954.577669-1-patrick.rudolph@9elements.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index d3e8dc32832d..c3871565fd7d 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2681,7 +2681,7 @@ static int _regulator_do_enable(struct regulator_dev *rdev)
* return -ETIMEDOUT.
*/
if (rdev->desc->poll_enabled_time) {
- unsigned int time_remaining = delay;
+ int time_remaining = delay;
while (time_remaining > 0) {
_regulator_delay_helper(rdev->desc->poll_enabled_time);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 704/862] wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (702 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 703/862] regulator: core: Prevent integer underflow Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 705/862] wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value Greg Kroah-Hartman
` (172 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Jeff Johnson,
Kalle Valo, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit 43e7c3505ec70db3d3c6458824d5fa40f62e3e7b ]
mhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets
some error, mhi_ctrl should be freed with mhi_free_controller(). But
when ath11k_mhi_read_addr_from_dt() fails, the function returns without
calling mhi_free_controller(), which will lead to a memory leak.
We can fix it by calling mhi_free_controller() when
ath11k_mhi_read_addr_from_dt() fails.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220907073704.58806-1-niejianglei2021@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mhi.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mhi.c b/drivers/net/wireless/ath/ath11k/mhi.c
index c44df17719f6..86995e8dc913 100644
--- a/drivers/net/wireless/ath/ath11k/mhi.c
+++ b/drivers/net/wireless/ath/ath11k/mhi.c
@@ -402,8 +402,7 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci)
ret = ath11k_mhi_get_msi(ab_pci);
if (ret) {
ath11k_err(ab, "failed to get msi for mhi\n");
- mhi_free_controller(mhi_ctrl);
- return ret;
+ goto free_controller;
}
if (!test_bit(ATH11K_FLAG_MULTI_MSI_VECTORS, &ab->dev_flags))
@@ -412,7 +411,7 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci)
if (test_bit(ATH11K_FLAG_FIXED_MEM_RGN, &ab->dev_flags)) {
ret = ath11k_mhi_read_addr_from_dt(mhi_ctrl);
if (ret < 0)
- return ret;
+ goto free_controller;
} else {
mhi_ctrl->iova_start = 0;
mhi_ctrl->iova_stop = 0xFFFFFFFF;
@@ -440,18 +439,22 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci)
default:
ath11k_err(ab, "failed assign mhi_config for unknown hw rev %d\n",
ab->hw_rev);
- mhi_free_controller(mhi_ctrl);
- return -EINVAL;
+ ret = -EINVAL;
+ goto free_controller;
}
ret = mhi_register_controller(mhi_ctrl, ath11k_mhi_config);
if (ret) {
ath11k_err(ab, "failed to register to mhi bus, err = %d\n", ret);
- mhi_free_controller(mhi_ctrl);
- return ret;
+ goto free_controller;
}
return 0;
+
+free_controller:
+ mhi_free_controller(mhi_ctrl);
+ ab_pci->mhi_ctrl = NULL;
+ return ret;
}
void ath11k_mhi_unregister(struct ath11k_pci *ab_pci)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 705/862] wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (703 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 704/862] wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 706/862] wifi: rtw89: free unused skb to prevent memory leak Greg Kroah-Hartman
` (171 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YN Chen, Sean Wang, Felix Fietkau,
Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit 1bf66dc31032ff5292f4d5b76436653f269fcfbd ]
We should reset mstat->airtime_ac along with clear up the entries in the
hardware WLAN table for the Rx and Rx accumulative airtime. Otherwsie, the
value msta->airtime_ac - [tx, rx]_last may be a negative and that is not
the actual airtime the device took in the last run.
Reported-by: YN Chen <YN.Chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
index 7214735011d0..c9e9a533289f 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c
@@ -752,6 +752,7 @@ void mt7921_mac_sta_assoc(struct mt76_dev *mdev, struct ieee80211_vif *vif,
mt7921_mac_wtbl_update(dev, msta->wcid.idx,
MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
+ memset(msta->airtime_ac, 0, sizeof(msta->airtime_ac));
mt7921_mcu_sta_update(dev, sta, vif, true, MT76_STA_INFO_STATE_ASSOC);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 706/862] wifi: rtw89: free unused skb to prevent memory leak
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (704 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 705/862] wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 707/862] wifi: rtw89: fix rx filter after scan Greg Kroah-Hartman
` (170 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Po-Hao Huang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Po-Hao Huang <phhuang@realtek.com>
[ Upstream commit eae672f386049146058b9e5d3d33e9e4af9dca1d ]
This avoid potential memory leak under power saving mode.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220916033811.13862-6-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c
index a5880a54812e..8b338e5ce364 100644
--- a/drivers/net/wireless/realtek/rtw89/core.c
+++ b/drivers/net/wireless/realtek/rtw89/core.c
@@ -872,6 +872,7 @@ int rtw89_h2c_tx(struct rtw89_dev *rtwdev,
rtw89_debug(rtwdev, RTW89_DBG_FW,
"ignore h2c due to power is off with firmware state=%d\n",
test_bit(RTW89_FLAG_FW_RDY, rtwdev->flags));
+ dev_kfree_skb(skb);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 707/862] wifi: rtw89: fix rx filter after scan
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (705 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 706/862] wifi: rtw89: free unused skb to prevent memory leak Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 708/862] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Greg Kroah-Hartman
` (169 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Po-Hao Huang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
From: Po-Hao Huang <phhuang@realtek.com>
[ Upstream commit 812825c2b204c491f1a5586c602e4ac75060493a ]
In monitor mode we should be able to received all packets even if it's not
destined to us. But after scan, the configuration was wrongly set, so we
fix it.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220916033811.13862-7-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/fw.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index 6473015a6b2a..c993fe9cf6b4 100644
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -2289,6 +2289,7 @@ void rtw89_hw_scan_start(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
{
struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
struct cfg80211_scan_request *req = &scan_req->req;
+ u32 rx_fltr = rtwdev->hal.rx_fltr;
u8 mac_addr[ETH_ALEN];
rtwdev->scan_info.scanning_vif = vif;
@@ -2303,13 +2304,13 @@ void rtw89_hw_scan_start(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
ether_addr_copy(mac_addr, vif->addr);
rtw89_core_scan_start(rtwdev, rtwvif, mac_addr, true);
- rtwdev->hal.rx_fltr &= ~B_AX_A_BCN_CHK_EN;
- rtwdev->hal.rx_fltr &= ~B_AX_A_BC;
- rtwdev->hal.rx_fltr &= ~B_AX_A_A1_MATCH;
+ rx_fltr &= ~B_AX_A_BCN_CHK_EN;
+ rx_fltr &= ~B_AX_A_BC;
+ rx_fltr &= ~B_AX_A_A1_MATCH;
rtw89_write32_mask(rtwdev,
rtw89_mac_reg_by_idx(R_AX_RX_FLTR_OPT, RTW89_MAC_0),
B_AX_RX_FLTR_CFG_MASK,
- rtwdev->hal.rx_fltr);
+ rx_fltr);
}
void rtw89_hw_scan_complete(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
@@ -2323,9 +2324,6 @@ void rtw89_hw_scan_complete(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
if (!vif)
return;
- rtwdev->hal.rx_fltr |= B_AX_A_BCN_CHK_EN;
- rtwdev->hal.rx_fltr |= B_AX_A_BC;
- rtwdev->hal.rx_fltr |= B_AX_A_A1_MATCH;
rtw89_write32_mask(rtwdev,
rtw89_mac_reg_by_idx(R_AX_RX_FLTR_OPT, RTW89_MAC_0),
B_AX_RX_FLTR_CFG_MASK,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 708/862] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (706 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 707/862] wifi: rtw89: fix rx filter after scan Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 709/862] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Greg Kroah-Hartman
` (168 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Luiz Augusto von Dentz, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 2d2cb3066f2c90cd8ca540b36ba7a55e7f2406e0 ]
syzbot is reporting cancel_delayed_work() without INIT_DELAYED_WORK() at
l2cap_chan_del() [1], for CONF_NOT_COMPLETE flag (which meant to prevent
l2cap_chan_del() from calling cancel_delayed_work()) is cleared by timer
which fires before l2cap_chan_del() is called by closing file descriptor
created by socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_L2CAP).
l2cap_bredr_sig_cmd(L2CAP_CONF_REQ) and l2cap_bredr_sig_cmd(L2CAP_CONF_RSP)
are calling l2cap_ertm_init(chan), and they call l2cap_chan_ready() (which
clears CONF_NOT_COMPLETE flag) only when l2cap_ertm_init(chan) succeeded.
l2cap_sock_init() does not call l2cap_ertm_init(chan), and it instead sets
CONF_NOT_COMPLETE flag by calling l2cap_chan_set_defaults(). However, when
connect() is requested, "command 0x0409 tx timeout" happens after 2 seconds
from connect() request, and CONF_NOT_COMPLETE flag is cleared after 4
seconds from connect() request, for l2cap_conn_start() from
l2cap_info_timeout() callback scheduled by
schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
in l2cap_connect() is calling l2cap_chan_ready().
Fix this problem by initializing delayed works used by L2CAP_MODE_ERTM
mode as soon as l2cap_chan_create() allocates a channel, like I did in
commit be8597239379f0f5 ("Bluetooth: initialize skb_queue_head at
l2cap_chan_create()").
Link: https://syzkaller.appspot.com/bug?extid=83672956c7aa6af698b3 [1]
Reported-by: syzbot <syzbot+83672956c7aa6af698b3@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 2c9de67daadc..770891f68703 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -61,6 +61,9 @@ static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
struct sk_buff_head *skbs, u8 event);
+static void l2cap_retrans_timeout(struct work_struct *work);
+static void l2cap_monitor_timeout(struct work_struct *work);
+static void l2cap_ack_timeout(struct work_struct *work);
static inline u8 bdaddr_type(u8 link_type, u8 bdaddr_type)
{
@@ -476,6 +479,9 @@ struct l2cap_chan *l2cap_chan_create(void)
write_unlock(&chan_list_lock);
INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
+ INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
+ INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
+ INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
chan->state = BT_OPEN;
@@ -3320,10 +3326,6 @@ int l2cap_ertm_init(struct l2cap_chan *chan)
chan->rx_state = L2CAP_RX_STATE_RECV;
chan->tx_state = L2CAP_TX_STATE_XMIT;
- INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
- INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
- INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
-
skb_queue_head_init(&chan->srej_q);
err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 709/862] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (707 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 708/862] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 710/862] Bluetooth: hci_event: Make sure ISO events dont affect non-ISO connections Greg Kroah-Hartman
` (167 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
Hawkins Jiawei, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 448a496f760664d3e2e79466aa1787e6abc922b5 ]
device_add shall not be called multiple times as stated in its
documentation:
'Do not call this routine or device_register() more than once for
any device structure'
Syzkaller reports a bug as follows [1]:
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:33!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[...]
Call Trace:
<TASK>
__list_add include/linux/list.h:69 [inline]
list_add_tail include/linux/list.h:102 [inline]
kobj_kset_join lib/kobject.c:164 [inline]
kobject_add_internal+0x18f/0x8f0 lib/kobject.c:214
kobject_add_varg lib/kobject.c:358 [inline]
kobject_add+0x150/0x1c0 lib/kobject.c:410
device_add+0x368/0x1e90 drivers/base/core.c:3452
hci_conn_add_sysfs+0x9b/0x1b0 net/bluetooth/hci_sysfs.c:53
hci_le_cis_estabilished_evt+0x57c/0xae0 net/bluetooth/hci_event.c:6799
hci_le_meta_evt+0x2b8/0x510 net/bluetooth/hci_event.c:7110
hci_event_func net/bluetooth/hci_event.c:7440 [inline]
hci_event_packet+0x63d/0xfd0 net/bluetooth/hci_event.c:7495
hci_rx_work+0xae7/0x1230 net/bluetooth/hci_core.c:4007
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Link: https://syzkaller.appspot.com/bug?id=da3246e2d33afdb92d66bc166a0934c5b146404a
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: Hawkins Jiawei <yin31149@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_sysfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 4e3e0451b08c..08542dfc2dc5 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -48,6 +48,9 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
BT_DBG("conn %p", conn);
+ if (device_is_registered(&conn->dev))
+ return;
+
dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle);
if (device_add(&conn->dev) < 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 710/862] Bluetooth: hci_event: Make sure ISO events dont affect non-ISO connections
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (708 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 709/862] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 711/862] bnxt_en: replace reset with config timestamps Greg Kroah-Hartman
` (166 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit ed680f925aea76ac666f34d9923cb40558f4e97b ]
ISO events (CIS/BIS) shall only be relevant for connection with link
type of ISO_LINK, otherwise the controller is probably buggy or it is
the result of fuzzer tools such as syzkaller.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_event.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d6f0e6ca0e7e..ab79a978deb5 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6778,6 +6778,13 @@ static void hci_le_cis_estabilished_evt(struct hci_dev *hdev, void *data,
goto unlock;
}
+ if (conn->type != ISO_LINK) {
+ bt_dev_err(hdev,
+ "Invalid connection link type handle 0x%4.4x",
+ handle);
+ goto unlock;
+ }
+
if (conn->role == HCI_ROLE_SLAVE) {
__le32 interval;
@@ -6898,6 +6905,13 @@ static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
if (!conn)
goto unlock;
+ if (conn->type != ISO_LINK) {
+ bt_dev_err(hdev,
+ "Invalid connection link type handle 0x%2.2x",
+ ev->handle);
+ goto unlock;
+ }
+
if (ev->num_bis)
conn->handle = __le16_to_cpu(ev->bis_handle[0]);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 711/862] bnxt_en: replace reset with config timestamps
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (709 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 710/862] Bluetooth: hci_event: Make sure ISO events dont affect non-ISO connections Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 712/862] selftests/bpf: Free the allocated resources after test case succeeds Greg Kroah-Hartman
` (165 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Cochran, Vadim Fedorenko,
Michael Chan, Jakub Kicinski, Sasha Levin
From: Vadim Fedorenko <vfedorenko@novek.ru>
[ Upstream commit 8db3d514e96715c897fe793c4d5fc0fd86aca517 ]
Any change to the hardware timestamps configuration triggers nic restart,
which breaks transmition and reception of network packets for a while.
But there is no need to fully restart the device because while configuring
hardware timestamps. The code for changing configuration runs after all
of the initialisation, when the NIC is actually up and running. This patch
changes the code that ioctl will only update configuration registers and
will not trigger carrier status change, but in case of timestamps for
all rx packetes it fallbacks to close()/open() sequnce because of
synchronization issues in the hardware. Tested on BCM57504.
Cc: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20220922191038.29921-1-vfedorenko@novek.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c
index 8e316367f6ce..2132ce63193c 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c
@@ -505,9 +505,13 @@ static int bnxt_hwrm_ptp_cfg(struct bnxt *bp)
ptp->tstamp_filters = flags;
if (netif_running(bp->dev)) {
- rc = bnxt_close_nic(bp, false, false);
- if (!rc)
- rc = bnxt_open_nic(bp, false, false);
+ if (ptp->rx_filter == HWTSTAMP_FILTER_ALL) {
+ rc = bnxt_close_nic(bp, false, false);
+ if (!rc)
+ rc = bnxt_open_nic(bp, false, false);
+ } else {
+ bnxt_ptp_cfg_tstamp_filters(bp);
+ }
if (!rc && !ptp->tstamp_filters)
rc = -EIO;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 712/862] selftests/bpf: Free the allocated resources after test case succeeds
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (710 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 711/862] bnxt_en: replace reset with config timestamps Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 713/862] can: bcm: check the result of can_send() in bcm_can_tx() Greg Kroah-Hartman
` (164 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Martin KaFai Lau, Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit 103d002fb7d548fb1187e350f2b73788558128b9 ]
Free the created fd or allocated bpf_object after test case succeeds,
else there will be resource leaks.
Spotted by using address sanitizer and checking the content of
/proc/$pid/fd directory.
Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20220921070035.2016413-3-houtao@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../bpf/map_tests/array_map_batch_ops.c | 2 ++
.../bpf/map_tests/htab_map_batch_ops.c | 2 ++
.../bpf/map_tests/lpm_trie_map_batch_ops.c | 2 ++
tools/testing/selftests/bpf/test_maps.c | 24 ++++++++++++-------
4 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/tools/testing/selftests/bpf/map_tests/array_map_batch_ops.c b/tools/testing/selftests/bpf/map_tests/array_map_batch_ops.c
index 78c76496b14a..b595556315bc 100644
--- a/tools/testing/selftests/bpf/map_tests/array_map_batch_ops.c
+++ b/tools/testing/selftests/bpf/map_tests/array_map_batch_ops.c
@@ -3,6 +3,7 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
+#include <unistd.h>
#include <bpf/bpf.h>
#include <bpf/libbpf.h>
@@ -137,6 +138,7 @@ static void __test_map_lookup_and_update_batch(bool is_pcpu)
free(keys);
free(values);
free(visited);
+ close(map_fd);
}
static void array_map_batch_ops(void)
diff --git a/tools/testing/selftests/bpf/map_tests/htab_map_batch_ops.c b/tools/testing/selftests/bpf/map_tests/htab_map_batch_ops.c
index f807d53fd8dd..1230ccf90128 100644
--- a/tools/testing/selftests/bpf/map_tests/htab_map_batch_ops.c
+++ b/tools/testing/selftests/bpf/map_tests/htab_map_batch_ops.c
@@ -3,6 +3,7 @@
#include <stdio.h>
#include <errno.h>
#include <string.h>
+#include <unistd.h>
#include <bpf/bpf.h>
#include <bpf/libbpf.h>
@@ -255,6 +256,7 @@ void __test_map_lookup_and_delete_batch(bool is_pcpu)
free(visited);
if (!is_pcpu)
free(values);
+ close(map_fd);
}
void htab_map_batch_ops(void)
diff --git a/tools/testing/selftests/bpf/map_tests/lpm_trie_map_batch_ops.c b/tools/testing/selftests/bpf/map_tests/lpm_trie_map_batch_ops.c
index 87d07b596e17..b66d56ddb7ef 100644
--- a/tools/testing/selftests/bpf/map_tests/lpm_trie_map_batch_ops.c
+++ b/tools/testing/selftests/bpf/map_tests/lpm_trie_map_batch_ops.c
@@ -7,6 +7,7 @@
#include <errno.h>
#include <string.h>
#include <stdlib.h>
+#include <unistd.h>
#include <bpf/bpf.h>
#include <bpf/libbpf.h>
@@ -150,4 +151,5 @@ void test_lpm_trie_map_batch_ops(void)
free(keys);
free(values);
free(visited);
+ close(map_fd);
}
diff --git a/tools/testing/selftests/bpf/test_maps.c b/tools/testing/selftests/bpf/test_maps.c
index cbebfaa7c1e8..4d42ffea0038 100644
--- a/tools/testing/selftests/bpf/test_maps.c
+++ b/tools/testing/selftests/bpf/test_maps.c
@@ -658,13 +658,13 @@ static void test_sockmap(unsigned int tasks, void *data)
{
struct bpf_map *bpf_map_rx, *bpf_map_tx, *bpf_map_msg, *bpf_map_break;
int map_fd_msg = 0, map_fd_rx = 0, map_fd_tx = 0, map_fd_break;
+ struct bpf_object *parse_obj, *verdict_obj, *msg_obj;
int ports[] = {50200, 50201, 50202, 50204};
int err, i, fd, udp, sfd[6] = {0xdeadbeef};
u8 buf[20] = {0x0, 0x5, 0x3, 0x2, 0x1, 0x0};
int parse_prog, verdict_prog, msg_prog;
struct sockaddr_in addr;
int one = 1, s, sc, rc;
- struct bpf_object *obj;
struct timeval to;
__u32 key, value;
pid_t pid[tasks];
@@ -760,6 +760,7 @@ static void test_sockmap(unsigned int tasks, void *data)
i, udp);
goto out_sockmap;
}
+ close(udp);
/* Test update without programs */
for (i = 0; i < 6; i++) {
@@ -822,27 +823,27 @@ static void test_sockmap(unsigned int tasks, void *data)
/* Load SK_SKB program and Attach */
err = bpf_prog_test_load(SOCKMAP_PARSE_PROG,
- BPF_PROG_TYPE_SK_SKB, &obj, &parse_prog);
+ BPF_PROG_TYPE_SK_SKB, &parse_obj, &parse_prog);
if (err) {
printf("Failed to load SK_SKB parse prog\n");
goto out_sockmap;
}
err = bpf_prog_test_load(SOCKMAP_TCP_MSG_PROG,
- BPF_PROG_TYPE_SK_MSG, &obj, &msg_prog);
+ BPF_PROG_TYPE_SK_MSG, &msg_obj, &msg_prog);
if (err) {
printf("Failed to load SK_SKB msg prog\n");
goto out_sockmap;
}
err = bpf_prog_test_load(SOCKMAP_VERDICT_PROG,
- BPF_PROG_TYPE_SK_SKB, &obj, &verdict_prog);
+ BPF_PROG_TYPE_SK_SKB, &verdict_obj, &verdict_prog);
if (err) {
printf("Failed to load SK_SKB verdict prog\n");
goto out_sockmap;
}
- bpf_map_rx = bpf_object__find_map_by_name(obj, "sock_map_rx");
+ bpf_map_rx = bpf_object__find_map_by_name(verdict_obj, "sock_map_rx");
if (!bpf_map_rx) {
printf("Failed to load map rx from verdict prog\n");
goto out_sockmap;
@@ -854,7 +855,7 @@ static void test_sockmap(unsigned int tasks, void *data)
goto out_sockmap;
}
- bpf_map_tx = bpf_object__find_map_by_name(obj, "sock_map_tx");
+ bpf_map_tx = bpf_object__find_map_by_name(verdict_obj, "sock_map_tx");
if (!bpf_map_tx) {
printf("Failed to load map tx from verdict prog\n");
goto out_sockmap;
@@ -866,7 +867,7 @@ static void test_sockmap(unsigned int tasks, void *data)
goto out_sockmap;
}
- bpf_map_msg = bpf_object__find_map_by_name(obj, "sock_map_msg");
+ bpf_map_msg = bpf_object__find_map_by_name(verdict_obj, "sock_map_msg");
if (!bpf_map_msg) {
printf("Failed to load map msg from msg_verdict prog\n");
goto out_sockmap;
@@ -878,7 +879,7 @@ static void test_sockmap(unsigned int tasks, void *data)
goto out_sockmap;
}
- bpf_map_break = bpf_object__find_map_by_name(obj, "sock_map_break");
+ bpf_map_break = bpf_object__find_map_by_name(verdict_obj, "sock_map_break");
if (!bpf_map_break) {
printf("Failed to load map tx from verdict prog\n");
goto out_sockmap;
@@ -1124,7 +1125,9 @@ static void test_sockmap(unsigned int tasks, void *data)
}
close(fd);
close(map_fd_rx);
- bpf_object__close(obj);
+ bpf_object__close(parse_obj);
+ bpf_object__close(msg_obj);
+ bpf_object__close(verdict_obj);
return;
out:
for (i = 0; i < 6; i++)
@@ -1282,8 +1285,11 @@ static void test_map_in_map(void)
printf("Inner map mim.inner was not destroyed\n");
goto out_map_in_map;
}
+
+ close(fd);
}
+ bpf_object__close(obj);
return;
out_map_in_map:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 713/862] can: bcm: check the result of can_send() in bcm_can_tx()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (711 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 712/862] selftests/bpf: Free the allocated resources after test case succeeds Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 714/862] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620 Greg Kroah-Hartman
` (163 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Kleine-Budde, Oliver Hartkopp,
Ziyang Xuan, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 3fd7bfd28cfd68ae80a2fe92ea1615722cc2ee6e ]
If can_send() fail, it should not update frames_abs counter
in bcm_can_tx(). Add the result check for can_send() in bcm_can_tx().
Suggested-by: Marc Kleine-Budde <mkl@pengutronix.de>
Suggested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Link: https://lore.kernel.org/all/9851878e74d6d37aee2f1ee76d68361a46f89458.1663206163.git.william.xuanziyang@huawei.com
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/can/bcm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/can/bcm.c b/net/can/bcm.c
index e60161bec850..f16271a7ae2e 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -274,6 +274,7 @@ static void bcm_can_tx(struct bcm_op *op)
struct sk_buff *skb;
struct net_device *dev;
struct canfd_frame *cf = op->frames + op->cfsiz * op->currframe;
+ int err;
/* no target device? => exit */
if (!op->ifindex)
@@ -298,11 +299,11 @@ static void bcm_can_tx(struct bcm_op *op)
/* send with loopback */
skb->dev = dev;
can_skb_set_owner(skb, op->sk);
- can_send(skb, 1);
+ err = can_send(skb, 1);
+ if (!err)
+ op->frames_abs++;
- /* update statistics */
op->currframe++;
- op->frames_abs++;
/* reached last frame? */
if (op->currframe >= op->nframes)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 714/862] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (712 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 713/862] can: bcm: check the result of can_send() in bcm_can_tx() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 715/862] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Greg Kroah-Hartman
` (162 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit d3aad83d05aec0cfd7670cf0028f2ad4b81de92e ]
The function rt2800_iq_calibrate is intended for Rt5592 only.
Don't call it for MT7620 which has it's own calibration functions.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/31a1c34ddbd296b82f38c18c9ae7339059215fdc.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index 18102fbe36d6..de81b6060359 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -4365,7 +4365,8 @@ static void rt2800_config_channel(struct rt2x00_dev *rt2x00dev,
reg = (rf->channel <= 14 ? 0x1c : 0x24) + 2*rt2x00dev->lna_gain;
rt2800_bbp_write_with_rx_chain(rt2x00dev, 66, reg);
- rt2800_iq_calibrate(rt2x00dev, rf->channel);
+ if (rt2x00_rt(rt2x00dev, RT5592))
+ rt2800_iq_calibrate(rt2x00dev, rf->channel);
}
bbp = rt2800_bbp_read(rt2x00dev, 4);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 715/862] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (713 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 714/862] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 716/862] wifi: rt2x00: set VGC gain for both chains of MT7620 Greg Kroah-Hartman
` (161 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit eeb50acf15762b61921f9df18663f839f387c054 ]
Set correct TX_SW_CFG1 MAC register as it is done also in v3 of the
vendor driver[1].
[1]: https://gitlab.com/dm38/padavan-ng/-/blob/master/trunk/proprietary/rt_wifi/rtpci/3.0.X.X/mt76x2/chips/rt6352.c#L531
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/4be38975ce600a34249e12d09a3cb758c6e71071.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index de81b6060359..5e7bca935dd4 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -5868,7 +5868,7 @@ static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
rt2800_register_write(rt2x00dev, TX_SW_CFG0, 0x00000404);
} else if (rt2x00_rt(rt2x00dev, RT6352)) {
rt2800_register_write(rt2x00dev, TX_SW_CFG0, 0x00000401);
- rt2800_register_write(rt2x00dev, TX_SW_CFG1, 0x000C0000);
+ rt2800_register_write(rt2x00dev, TX_SW_CFG1, 0x000C0001);
rt2800_register_write(rt2x00dev, TX_SW_CFG2, 0x00000000);
rt2800_register_write(rt2x00dev, TX_ALC_VGA3, 0x00000000);
rt2800_register_write(rt2x00dev, TX0_BB_GAIN_ATTEN, 0x0);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 716/862] wifi: rt2x00: set VGC gain for both chains of MT7620
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (714 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 715/862] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 717/862] wifi: rt2x00: set SoC wmac clock register Greg Kroah-Hartman
` (160 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit 0e09768c085709e10ece3b68f6ac921d3f6a9caa ]
Set bbp66 for all chains of the MT7620.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/29e161397e5c9d9399da0fe87d44458aa2b90a78.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index 5e7bca935dd4..fec85db7dbc7 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -5645,7 +5645,8 @@ static inline void rt2800_set_vgc(struct rt2x00_dev *rt2x00dev,
if (qual->vgc_level != vgc_level) {
if (rt2x00_rt(rt2x00dev, RT3572) ||
rt2x00_rt(rt2x00dev, RT3593) ||
- rt2x00_rt(rt2x00dev, RT3883)) {
+ rt2x00_rt(rt2x00dev, RT3883) ||
+ rt2x00_rt(rt2x00dev, RT6352)) {
rt2800_bbp_write_with_rx_chain(rt2x00dev, 66,
vgc_level);
} else if (rt2x00_rt(rt2x00dev, RT5592)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 717/862] wifi: rt2x00: set SoC wmac clock register
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (715 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 716/862] wifi: rt2x00: set VGC gain for both chains of MT7620 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 718/862] wifi: rt2x00: correctly set BBP register 86 for MT7620 Greg Kroah-Hartman
` (159 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit cbde6ed406a51092d9e8a2df058f5f8490f27443 ]
Instead of using the default value 33 (pci), set US_CYC_CNT init based
on Programming guide:
If available, set chipset bus clock with fallback to cpu clock/3.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/3e275d259f476f597dab91a9c395015ef3fe3284.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/ralink/rt2x00/rt2800lib.c | 21 +++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index fec85db7dbc7..b30b062243bb 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -6131,6 +6131,27 @@ static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
reg = rt2800_register_read(rt2x00dev, US_CYC_CNT);
rt2x00_set_field32(®, US_CYC_CNT_CLOCK_CYCLE, 125);
rt2800_register_write(rt2x00dev, US_CYC_CNT, reg);
+ } else if (rt2x00_is_soc(rt2x00dev)) {
+ struct clk *clk = clk_get_sys("bus", NULL);
+ int rate;
+
+ if (IS_ERR(clk)) {
+ clk = clk_get_sys("cpu", NULL);
+
+ if (IS_ERR(clk)) {
+ rate = 125;
+ } else {
+ rate = clk_get_rate(clk) / 3000000;
+ clk_put(clk);
+ }
+ } else {
+ rate = clk_get_rate(clk) / 1000000;
+ clk_put(clk);
+ }
+
+ reg = rt2800_register_read(rt2x00dev, US_CYC_CNT);
+ rt2x00_set_field32(®, US_CYC_CNT_CLOCK_CYCLE, rate);
+ rt2800_register_write(rt2x00dev, US_CYC_CNT, reg);
}
reg = rt2800_register_read(rt2x00dev, HT_FBK_CFG0);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 718/862] wifi: rt2x00: correctly set BBP register 86 for MT7620
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (716 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 717/862] wifi: rt2x00: set SoC wmac clock register Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 719/862] hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms Greg Kroah-Hartman
` (158 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Vasilugin, Daniel Golle,
Stanislaw Gruszka, Kalle Valo, Sasha Levin
From: Daniel Golle <daniel@makrotopia.org>
[ Upstream commit c9aada64fe6493461127f1522d7e2f01792d2424 ]
Instead of 0 set the correct value for BBP register 86 for MT7620.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/257267247ee4fa7ebc6a5d0c4948b3f8119c0d77.1663445157.git.daniel@makrotopia.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index b30b062243bb..1a9e27a6d636 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -4164,7 +4164,10 @@ static void rt2800_config_channel(struct rt2x00_dev *rt2x00dev,
rt2800_bbp_write(rt2x00dev, 62, 0x37 - rt2x00dev->lna_gain);
rt2800_bbp_write(rt2x00dev, 63, 0x37 - rt2x00dev->lna_gain);
rt2800_bbp_write(rt2x00dev, 64, 0x37 - rt2x00dev->lna_gain);
- rt2800_bbp_write(rt2x00dev, 86, 0);
+ if (rt2x00_rt(rt2x00dev, RT6352))
+ rt2800_bbp_write(rt2x00dev, 86, 0x38);
+ else
+ rt2800_bbp_write(rt2x00dev, 86, 0);
}
if (rf->channel <= 14) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 719/862] hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (717 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 718/862] wifi: rt2x00: correctly set BBP register 86 for MT7620 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 720/862] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory Greg Kroah-Hartman
` (157 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld, Guenter Roeck,
Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit f9c0cf8f26de367c58e48b02b1cdb9c377626e6f ]
On 32-bit platforms, long is 32 bits, so (long)UINT_MAX is less than
(long)SHT4X_MIN_POLL_INTERVAL, which means the clamping operation is
bogus. Fix this by clamping at INT_MAX, so that the upperbound is the
same on all platforms.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20220924101151.4168414-1-Jason@zx2c4.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/sht4x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwmon/sht4x.c b/drivers/hwmon/sht4x.c
index c19df3ade48e..13ac2d8f22c7 100644
--- a/drivers/hwmon/sht4x.c
+++ b/drivers/hwmon/sht4x.c
@@ -129,7 +129,7 @@ static int sht4x_read_values(struct sht4x_data *data)
static ssize_t sht4x_interval_write(struct sht4x_data *data, long val)
{
- data->update_interval = clamp_val(val, SHT4X_MIN_POLL_INTERVAL, UINT_MAX);
+ data->update_interval = clamp_val(val, SHT4X_MIN_POLL_INTERVAL, INT_MAX);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 720/862] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (718 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 719/862] hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 721/862] bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT Greg Kroah-Hartman
` (156 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Sitnicki, Liu Jian,
Daniel Borkmann, John Fastabend, Eric Dumazet, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit 3f8ef65af927db247418d4e1db49164d7a158fc5 ]
Fixes the below NULL pointer dereference:
[...]
[ 14.471200] Call Trace:
[ 14.471562] <TASK>
[ 14.471882] lock_acquire+0x245/0x2e0
[ 14.472416] ? remove_wait_queue+0x12/0x50
[ 14.473014] ? _raw_spin_lock_irqsave+0x17/0x50
[ 14.473681] _raw_spin_lock_irqsave+0x3d/0x50
[ 14.474318] ? remove_wait_queue+0x12/0x50
[ 14.474907] remove_wait_queue+0x12/0x50
[ 14.475480] sk_stream_wait_memory+0x20d/0x340
[ 14.476127] ? do_wait_intr_irq+0x80/0x80
[ 14.476704] do_tcp_sendpages+0x287/0x600
[ 14.477283] tcp_bpf_push+0xab/0x260
[ 14.477817] tcp_bpf_sendmsg_redir+0x297/0x500
[ 14.478461] ? __local_bh_enable_ip+0x77/0xe0
[ 14.479096] tcp_bpf_send_verdict+0x105/0x470
[ 14.479729] tcp_bpf_sendmsg+0x318/0x4f0
[ 14.480311] sock_sendmsg+0x2d/0x40
[ 14.480822] ____sys_sendmsg+0x1b4/0x1c0
[ 14.481390] ? copy_msghdr_from_user+0x62/0x80
[ 14.482048] ___sys_sendmsg+0x78/0xb0
[ 14.482580] ? vmf_insert_pfn_prot+0x91/0x150
[ 14.483215] ? __do_fault+0x2a/0x1a0
[ 14.483738] ? do_fault+0x15e/0x5d0
[ 14.484246] ? __handle_mm_fault+0x56b/0x1040
[ 14.484874] ? lock_is_held_type+0xdf/0x130
[ 14.485474] ? find_held_lock+0x2d/0x90
[ 14.486046] ? __sys_sendmsg+0x41/0x70
[ 14.486587] __sys_sendmsg+0x41/0x70
[ 14.487105] ? intel_pmu_drain_pebs_core+0x350/0x350
[ 14.487822] do_syscall_64+0x34/0x80
[ 14.488345] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
The test scenario has the following flow:
thread1 thread2
----------- ---------------
tcp_bpf_sendmsg
tcp_bpf_send_verdict
tcp_bpf_sendmsg_redir sock_close
tcp_bpf_push_locked __sock_release
tcp_bpf_push //inet_release
do_tcp_sendpages sock->ops->release
sk_stream_wait_memory // tcp_close
sk_wait_event sk->sk_prot->close
release_sock(__sk);
***
lock_sock(sk);
__tcp_close
sock_orphan(sk)
sk->sk_wq = NULL
release_sock
****
lock_sock(__sk);
remove_wait_queue(sk_sleep(sk), &wait);
sk_sleep(sk)
//NULL pointer dereference
&rcu_dereference_raw(sk->sk_wq)->wait
While waiting for memory in thread1, the socket is released with its wait
queue because thread2 has closed it. This caused by tcp_bpf_send_verdict
didn't increase the f_count of psock->sk_redir->sk_socket->file in thread1.
We should check if SOCK_DEAD flag is set on wakeup in sk_stream_wait_memory
before accessing the wait queue.
Suggested-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/bpf/20220823133755.314697-2-liujian56@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/stream.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/stream.c b/net/core/stream.c
index ccc083cdef23..1105057ce00a 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -159,7 +159,8 @@ int sk_stream_wait_memory(struct sock *sk, long *timeo_p)
*timeo_p = current_timeo;
}
out:
- remove_wait_queue(sk_sleep(sk), &wait);
+ if (!sock_flag(sk, SOCK_DEAD))
+ remove_wait_queue(sk_sleep(sk), &wait);
return err;
do_error:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 721/862] bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (719 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 720/862] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 722/862] bpf: use bpf_prog_pack for bpf_dispatcher Greg Kroah-Hartman
` (155 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Martynas Pumputis,
Andrii Nakryiko, Jiri Olsa, Alexei Starovoitov, Sasha Levin
From: Jiri Olsa <jolsa@kernel.org>
[ Upstream commit c09eb2e578eb1668bbc84dc07e8d8bd6f04b9a02 ]
Martynas reported bpf_get_func_ip returning +4 address when
CONFIG_X86_KERNEL_IBT option is enabled.
When CONFIG_X86_KERNEL_IBT is enabled we'll have endbr instruction
at the function entry, which screws return value of bpf_get_func_ip()
helper that should return the function address.
There's short term workaround for kprobe_multi bpf program made by
Alexei [1], but we need this fixup also for bpf_get_attach_cookie,
that returns cookie based on the entry_ip value.
Moving the fixup in the fprobe handler, so both bpf_get_func_ip
and bpf_get_attach_cookie get expected function address when
CONFIG_X86_KERNEL_IBT option is enabled.
Also renaming kprobe_multi_link_handler entry_ip argument to fentry_ip
so it's clearer this is an ftrace __fentry__ ip.
[1] commit 7f0059b58f02 ("selftests/bpf: Fix kprobe_multi test.")
Cc: Peter Zijlstra <peterz@infradead.org>
Reported-by: Martynas Pumputis <m@lambda.lt>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/r/20220926153340.1621984-5-jolsa@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/bpf_trace.c | 20 +++++++++++++++++--
.../selftests/bpf/progs/kprobe_multi.c | 4 +---
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 68e5cdd24cef..b1daf7c9b895 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -1026,6 +1026,22 @@ static const struct bpf_func_proto bpf_get_func_ip_proto_tracing = {
.arg1_type = ARG_PTR_TO_CTX,
};
+#ifdef CONFIG_X86_KERNEL_IBT
+static unsigned long get_entry_ip(unsigned long fentry_ip)
+{
+ u32 instr;
+
+ /* Being extra safe in here in case entry ip is on the page-edge. */
+ if (get_kernel_nofault(instr, (u32 *) fentry_ip - 1))
+ return fentry_ip;
+ if (is_endbr(instr))
+ fentry_ip -= ENDBR_INSN_SIZE;
+ return fentry_ip;
+}
+#else
+#define get_entry_ip(fentry_ip) fentry_ip
+#endif
+
BPF_CALL_1(bpf_get_func_ip_kprobe, struct pt_regs *, regs)
{
struct kprobe *kp = kprobe_running();
@@ -2414,13 +2430,13 @@ kprobe_multi_link_prog_run(struct bpf_kprobe_multi_link *link,
}
static void
-kprobe_multi_link_handler(struct fprobe *fp, unsigned long entry_ip,
+kprobe_multi_link_handler(struct fprobe *fp, unsigned long fentry_ip,
struct pt_regs *regs)
{
struct bpf_kprobe_multi_link *link;
link = container_of(fp, struct bpf_kprobe_multi_link, fp);
- kprobe_multi_link_prog_run(link, entry_ip, regs);
+ kprobe_multi_link_prog_run(link, get_entry_ip(fentry_ip), regs);
}
static int symbols_cmp_r(const void *a, const void *b, const void *priv)
diff --git a/tools/testing/selftests/bpf/progs/kprobe_multi.c b/tools/testing/selftests/bpf/progs/kprobe_multi.c
index 08f95a8155d1..98c3399e15c0 100644
--- a/tools/testing/selftests/bpf/progs/kprobe_multi.c
+++ b/tools/testing/selftests/bpf/progs/kprobe_multi.c
@@ -36,15 +36,13 @@ __u64 kretprobe_test6_result = 0;
__u64 kretprobe_test7_result = 0;
__u64 kretprobe_test8_result = 0;
-extern bool CONFIG_X86_KERNEL_IBT __kconfig __weak;
-
static void kprobe_multi_check(void *ctx, bool is_return)
{
if (bpf_get_current_pid_tgid() >> 32 != pid)
return;
__u64 cookie = test_cookie ? bpf_get_attach_cookie(ctx) : 0;
- __u64 addr = bpf_get_func_ip(ctx) - (CONFIG_X86_KERNEL_IBT ? 4 : 0);
+ __u64 addr = bpf_get_func_ip(ctx);
#define SET(__var, __addr, __cookie) ({ \
if (((const void *) addr == __addr) && \
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 722/862] bpf: use bpf_prog_pack for bpf_dispatcher
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (720 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 721/862] bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 723/862] Bluetooth: L2CAP: Fix user-after-free Greg Kroah-Hartman
` (154 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Song Liu, Alexei Starovoitov, Sasha Levin
From: Song Liu <song@kernel.org>
[ Upstream commit 19c02415da2345d0dda2b5c4495bc17cc14b18b5 ]
Allocate bpf_dispatcher with bpf_prog_pack_alloc so that bpf_dispatcher
can share pages with bpf programs.
arch_prepare_bpf_dispatcher() is updated to provide a RW buffer as working
area for arch code to write to.
This also fixes CPA W^X warnning like:
CPA refuse W^X violation: 8000000000000163 -> 0000000000000163 range: ...
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20220926184739.3512547-2-song@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/net/bpf_jit_comp.c | 16 ++++++++--------
include/linux/bpf.h | 3 ++-
include/linux/filter.h | 5 +++++
kernel/bpf/core.c | 9 +++++++--
kernel/bpf/dispatcher.c | 27 +++++++++++++++++++++------
5 files changed, 43 insertions(+), 17 deletions(-)
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index c1f6c1c51d99..362562c832e6 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -2209,7 +2209,7 @@ int arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *image, void *i
return ret;
}
-static int emit_bpf_dispatcher(u8 **pprog, int a, int b, s64 *progs)
+static int emit_bpf_dispatcher(u8 **pprog, int a, int b, s64 *progs, u8 *image, u8 *buf)
{
u8 *jg_reloc, *prog = *pprog;
int pivot, err, jg_bytes = 1;
@@ -2225,12 +2225,12 @@ static int emit_bpf_dispatcher(u8 **pprog, int a, int b, s64 *progs)
EMIT2_off32(0x81, add_1reg(0xF8, BPF_REG_3),
progs[a]);
err = emit_cond_near_jump(&prog, /* je func */
- (void *)progs[a], prog,
+ (void *)progs[a], image + (prog - buf),
X86_JE);
if (err)
return err;
- emit_indirect_jump(&prog, 2 /* rdx */, prog);
+ emit_indirect_jump(&prog, 2 /* rdx */, image + (prog - buf));
*pprog = prog;
return 0;
@@ -2255,7 +2255,7 @@ static int emit_bpf_dispatcher(u8 **pprog, int a, int b, s64 *progs)
jg_reloc = prog;
err = emit_bpf_dispatcher(&prog, a, a + pivot, /* emit lower_part */
- progs);
+ progs, image, buf);
if (err)
return err;
@@ -2269,7 +2269,7 @@ static int emit_bpf_dispatcher(u8 **pprog, int a, int b, s64 *progs)
emit_code(jg_reloc - jg_bytes, jg_offset, jg_bytes);
err = emit_bpf_dispatcher(&prog, a + pivot + 1, /* emit upper_part */
- b, progs);
+ b, progs, image, buf);
if (err)
return err;
@@ -2289,12 +2289,12 @@ static int cmp_ips(const void *a, const void *b)
return 0;
}
-int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs)
+int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_funcs)
{
- u8 *prog = image;
+ u8 *prog = buf;
sort(funcs, num_funcs, sizeof(funcs[0]), cmp_ips, NULL);
- return emit_bpf_dispatcher(&prog, 0, num_funcs - 1, funcs);
+ return emit_bpf_dispatcher(&prog, 0, num_funcs - 1, funcs, image, buf);
}
struct x64_jit_data {
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 20c26aed7896..80fc8a88c610 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -891,6 +891,7 @@ struct bpf_dispatcher {
struct bpf_dispatcher_prog progs[BPF_DISPATCHER_MAX];
int num_progs;
void *image;
+ void *rw_image;
u32 image_off;
struct bpf_ksym ksym;
};
@@ -909,7 +910,7 @@ int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_trampolin
struct bpf_trampoline *bpf_trampoline_get(u64 key,
struct bpf_attach_target_info *tgt_info);
void bpf_trampoline_put(struct bpf_trampoline *tr);
-int arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs);
+int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_funcs);
#define BPF_DISPATCHER_INIT(_name) { \
.mutex = __MUTEX_INITIALIZER(_name.mutex), \
.func = &_name##_func, \
diff --git a/include/linux/filter.h b/include/linux/filter.h
index a5f21dc3c432..f2c47df5ad2a 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -1018,6 +1018,8 @@ extern long bpf_jit_limit_max;
typedef void (*bpf_jit_fill_hole_t)(void *area, unsigned int size);
+void bpf_jit_fill_hole_with_zero(void *area, unsigned int size);
+
struct bpf_binary_header *
bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
unsigned int alignment,
@@ -1030,6 +1032,9 @@ void bpf_jit_free(struct bpf_prog *fp);
struct bpf_binary_header *
bpf_jit_binary_pack_hdr(const struct bpf_prog *fp);
+void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insns);
+void bpf_prog_pack_free(struct bpf_binary_header *hdr);
+
static inline bool bpf_prog_kallsyms_verify_off(const struct bpf_prog *fp)
{
return list_empty(&fp->aux->ksym.lnode) ||
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 3d9eb3ae334c..c4600a5781de 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -825,6 +825,11 @@ struct bpf_prog_pack {
unsigned long bitmap[];
};
+void bpf_jit_fill_hole_with_zero(void *area, unsigned int size)
+{
+ memset(area, 0, size);
+}
+
#define BPF_PROG_SIZE_TO_NBITS(size) (round_up(size, BPF_PROG_CHUNK_SIZE) / BPF_PROG_CHUNK_SIZE)
static DEFINE_MUTEX(pack_mutex);
@@ -864,7 +869,7 @@ static struct bpf_prog_pack *alloc_new_pack(bpf_jit_fill_hole_t bpf_fill_ill_ins
return pack;
}
-static void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insns)
+void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insns)
{
unsigned int nbits = BPF_PROG_SIZE_TO_NBITS(size);
struct bpf_prog_pack *pack;
@@ -905,7 +910,7 @@ static void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insn
return ptr;
}
-static void bpf_prog_pack_free(struct bpf_binary_header *hdr)
+void bpf_prog_pack_free(struct bpf_binary_header *hdr)
{
struct bpf_prog_pack *pack = NULL, *tmp;
unsigned int nbits;
diff --git a/kernel/bpf/dispatcher.c b/kernel/bpf/dispatcher.c
index 2444bd15cc2d..fa64b80b8bca 100644
--- a/kernel/bpf/dispatcher.c
+++ b/kernel/bpf/dispatcher.c
@@ -85,12 +85,12 @@ static bool bpf_dispatcher_remove_prog(struct bpf_dispatcher *d,
return false;
}
-int __weak arch_prepare_bpf_dispatcher(void *image, s64 *funcs, int num_funcs)
+int __weak arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_funcs)
{
return -ENOTSUPP;
}
-static int bpf_dispatcher_prepare(struct bpf_dispatcher *d, void *image)
+static int bpf_dispatcher_prepare(struct bpf_dispatcher *d, void *image, void *buf)
{
s64 ips[BPF_DISPATCHER_MAX] = {}, *ipsp = &ips[0];
int i;
@@ -99,12 +99,12 @@ static int bpf_dispatcher_prepare(struct bpf_dispatcher *d, void *image)
if (d->progs[i].prog)
*ipsp++ = (s64)(uintptr_t)d->progs[i].prog->bpf_func;
}
- return arch_prepare_bpf_dispatcher(image, &ips[0], d->num_progs);
+ return arch_prepare_bpf_dispatcher(image, buf, &ips[0], d->num_progs);
}
static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs)
{
- void *old, *new;
+ void *old, *new, *tmp;
u32 noff;
int err;
@@ -117,8 +117,14 @@ static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs)
}
new = d->num_progs ? d->image + noff : NULL;
+ tmp = d->num_progs ? d->rw_image + noff : NULL;
if (new) {
- if (bpf_dispatcher_prepare(d, new))
+ /* Prepare the dispatcher in d->rw_image. Then use
+ * bpf_arch_text_copy to update d->image, which is RO+X.
+ */
+ if (bpf_dispatcher_prepare(d, new, tmp))
+ return;
+ if (IS_ERR(bpf_arch_text_copy(new, tmp, PAGE_SIZE / 2)))
return;
}
@@ -140,9 +146,18 @@ void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from,
mutex_lock(&d->mutex);
if (!d->image) {
- d->image = bpf_jit_alloc_exec_page();
+ d->image = bpf_prog_pack_alloc(PAGE_SIZE, bpf_jit_fill_hole_with_zero);
if (!d->image)
goto out;
+ d->rw_image = bpf_jit_alloc_exec(PAGE_SIZE);
+ if (!d->rw_image) {
+ u32 size = PAGE_SIZE;
+
+ bpf_arch_text_copy(d->image, &size, sizeof(size));
+ bpf_prog_pack_free((struct bpf_binary_header *)d->image);
+ d->image = NULL;
+ goto out;
+ }
bpf_image_ksym_add(d->image, &d->ksym);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 723/862] Bluetooth: L2CAP: Fix user-after-free
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (721 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 722/862] bpf: use bpf_prog_pack for bpf_dispatcher Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 724/862] net: sched: cls_u32: Avoid memcpy() false-positive warning Greg Kroah-Hartman
` (153 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz, Sungwoo Kim,
Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 35fcbc4243aad7e7d020b7c1dfb14bb888b20a4f ]
This uses l2cap_chan_hold_unless_zero() after calling
__l2cap_get_chan_blah() to prevent the following trace:
Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref
*kref)
Bluetooth: chan 0000000023c4974d
Bluetooth: parent 00000000ae861c08
==================================================================
BUG: KASAN: use-after-free in __mutex_waiter_is_first
kernel/locking/mutex.c:191 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common
kernel/locking/mutex.c:671 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0x278/0x400
kernel/locking/mutex.c:729
Read of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389
Link: https://lore.kernel.org/lkml/20220622082716.478486-1-lee.jones@linaro.org
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 770891f68703..1f34b82ca0ec 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4309,6 +4309,12 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
}
}
+ chan = l2cap_chan_hold_unless_zero(chan);
+ if (!chan) {
+ err = -EBADSLT;
+ goto unlock;
+ }
+
err = 0;
l2cap_chan_lock(chan);
@@ -4338,6 +4344,7 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
}
l2cap_chan_unlock(chan);
+ l2cap_chan_put(chan);
unlock:
mutex_unlock(&conn->chan_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 724/862] net: sched: cls_u32: Avoid memcpy() false-positive warning
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (722 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 723/862] Bluetooth: L2CAP: Fix user-after-free Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 725/862] libbpf: Fix overrun in netlink attribute iteration Greg Kroah-Hartman
` (152 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cong Wang, Jiri Pirko,
syzbot+a2c4601efc75848ba321, Kees Cook, Jamal Hadi Salim,
Jakub Kicinski, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 7cba18332e3635aaae60e4e7d4e52849de50d91b ]
To work around a misbehavior of the compiler's ability to see into
composite flexible array structs (as detailed in the coming memcpy()
hardening series[1]), use unsafe_memcpy(), as the sizing,
bounds-checking, and allocation are all very tightly coupled here.
This silences the false-positive reported by syzbot:
memcpy: detected field-spanning write (size 80) of single field "&n->sel" at net/sched/cls_u32.c:1043 (size 16)
[1] https://lore.kernel.org/linux-hardening/20220901065914.1417829-2-keescook@chromium.org
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Reported-by: syzbot+a2c4601efc75848ba321@syzkaller.appspotmail.com
Link: https://lore.kernel.org/lkml/000000000000a96c0b05e97f0444@google.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20220927153700.3071688-1-keescook@chromium.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/cls_u32.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 4d27300c287c..5f33472aad36 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -1040,7 +1040,11 @@ static int u32_change(struct net *net, struct sk_buff *in_skb,
}
#endif
- memcpy(&n->sel, s, sel_size);
+ unsafe_memcpy(&n->sel, s, sel_size,
+ /* A composite flex-array structure destination,
+ * which was correctly sized with struct_size(),
+ * bounds-checked against nla_len(), and allocated
+ * above. */);
RCU_INIT_POINTER(n->ht_up, ht);
n->handle = handle;
n->fshift = s->hmask ? ffs(ntohl(s->hmask)) - 1 : 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 725/862] libbpf: Fix overrun in netlink attribute iteration
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (723 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 724/862] net: sched: cls_u32: Avoid memcpy() false-positive warning Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 726/862] i2c: designware-pci: Group AMD NAVI quirk parts together Greg Kroah-Hartman
` (151 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xin Liu, Andrii Nakryiko, Sasha Levin
From: Xin Liu <liuxin350@huawei.com>
[ Upstream commit 51e05a8cf8eb34da7473823b7f236a77adfef0b4 ]
I accidentally found that a change in commit 1045b03e07d8 ("netlink: fix
overrun in attribute iteration") was not synchronized to the function
`nla_ok` in tools/lib/bpf/nlattr.c, I think it is necessary to modify,
this patch will do it.
Signed-off-by: Xin Liu <liuxin350@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220930090708.62394-1-liuxin350@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/nlattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/nlattr.c b/tools/lib/bpf/nlattr.c
index f57e77a6e40f..3900d052ed19 100644
--- a/tools/lib/bpf/nlattr.c
+++ b/tools/lib/bpf/nlattr.c
@@ -32,7 +32,7 @@ static struct nlattr *nla_next(const struct nlattr *nla, int *remaining)
static int nla_ok(const struct nlattr *nla, int remaining)
{
- return remaining >= sizeof(*nla) &&
+ return remaining >= (int)sizeof(*nla) &&
nla->nla_len >= sizeof(*nla) &&
nla->nla_len <= remaining;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 726/862] i2c: designware-pci: Group AMD NAVI quirk parts together
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (724 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 725/862] libbpf: Fix overrun in netlink attribute iteration Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 727/862] r8152: Rate limit overflow messages Greg Kroah-Hartman
` (150 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Jarkko Nikula,
Wolfram Sang, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 65769162ae4b7f2d82e54998be446226b05fcd8f ]
The code is ogranized in a way that all related parts
to the certain platform quirk go together. This is not
the case for AMD NAVI. Shuffle code to make it happen.
While at it, drop the frequency definition and use
hard coded value as it's done for other platforms and
add a comment to the PCI ID list.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-designware-pcidrv.c | 30 +++++++++++-----------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c
index 608e61209455..ca368482b246 100644
--- a/drivers/i2c/busses/i2c-designware-pcidrv.c
+++ b/drivers/i2c/busses/i2c-designware-pcidrv.c
@@ -27,7 +27,6 @@
#include "i2c-ccgx-ucsi.h"
#define DRIVER_NAME "i2c-designware-pci"
-#define AMD_CLK_RATE_HZ 100000
enum dw_pci_ctl_id_t {
medfield,
@@ -100,11 +99,6 @@ static u32 mfld_get_clk_rate_khz(struct dw_i2c_dev *dev)
return 25000;
}
-static u32 navi_amd_get_clk_rate_khz(struct dw_i2c_dev *dev)
-{
- return AMD_CLK_RATE_HZ;
-}
-
static int mfld_setup(struct pci_dev *pdev, struct dw_pci_controller *c)
{
struct dw_i2c_dev *dev = dev_get_drvdata(&pdev->dev);
@@ -126,15 +120,6 @@ static int mfld_setup(struct pci_dev *pdev, struct dw_pci_controller *c)
return -ENODEV;
}
-static int navi_amd_setup(struct pci_dev *pdev, struct dw_pci_controller *c)
-{
- struct dw_i2c_dev *dev = dev_get_drvdata(&pdev->dev);
-
- dev->flags |= MODEL_AMD_NAVI_GPU;
- dev->timings.bus_freq_hz = I2C_MAX_STANDARD_MODE_FREQ;
- return 0;
-}
-
static int mrfld_setup(struct pci_dev *pdev, struct dw_pci_controller *c)
{
/*
@@ -159,6 +144,20 @@ static u32 ehl_get_clk_rate_khz(struct dw_i2c_dev *dev)
return 100000;
}
+static u32 navi_amd_get_clk_rate_khz(struct dw_i2c_dev *dev)
+{
+ return 100000;
+}
+
+static int navi_amd_setup(struct pci_dev *pdev, struct dw_pci_controller *c)
+{
+ struct dw_i2c_dev *dev = dev_get_drvdata(&pdev->dev);
+
+ dev->flags |= MODEL_AMD_NAVI_GPU;
+ dev->timings.bus_freq_hz = I2C_MAX_STANDARD_MODE_FREQ;
+ return 0;
+}
+
static struct dw_pci_controller dw_pci_controllers[] = {
[medfield] = {
.bus_num = -1,
@@ -389,6 +388,7 @@ static const struct pci_device_id i2_designware_pci_ids[] = {
{ PCI_VDEVICE(INTEL, 0x4bbe), elkhartlake },
{ PCI_VDEVICE(INTEL, 0x4bbf), elkhartlake },
{ PCI_VDEVICE(INTEL, 0x4bc0), elkhartlake },
+ /* AMD NAVI */
{ PCI_VDEVICE(ATI, 0x7314), navi_amd },
{ PCI_VDEVICE(ATI, 0x73a4), navi_amd },
{ PCI_VDEVICE(ATI, 0x73e4), navi_amd },
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 727/862] r8152: Rate limit overflow messages
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (725 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 726/862] i2c: designware-pci: Group AMD NAVI quirk parts together Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 728/862] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Greg Kroah-Hartman
` (149 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Gaul, Jakub Kicinski, Sasha Levin
From: Andrew Gaul <gaul@gaul.org>
[ Upstream commit 93e2be344a7db169b7119de21ac1bf253b8c6907 ]
My system shows almost 10 million of these messages over a 24-hour
period which pollutes my logs.
Signed-off-by: Andrew Gaul <gaul@google.com>
Link: https://lore.kernel.org/r/20221002034128.2026653-1-gaul@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/r8152.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index 688905ea0a6d..e7b0b59e2bc8 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -1874,7 +1874,9 @@ static void intr_callback(struct urb *urb)
"Stop submitting intr, status %d\n", status);
return;
case -EOVERFLOW:
- netif_info(tp, intr, tp->netdev, "intr status -EOVERFLOW\n");
+ if (net_ratelimit())
+ netif_info(tp, intr, tp->netdev,
+ "intr status -EOVERFLOW\n");
goto resubmit;
/* -EPIPE: should clear the halt */
default:
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 728/862] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (726 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 727/862] r8152: Rate limit overflow messages Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 729/862] drm: Use size_t type for len variable in drm_copy_field() Greg Kroah-Hartman
` (148 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Lyude Paul, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit 6dc548745d5b5102e3c53dc5097296ac270b6c69 ]
nouveau_bo_alloc() allocates a memory chunk for "nvbo" with kzalloc().
When some error occurs, "nvbo" should be released. But when
WARN_ON(pi < 0)) equals true, the function return ERR_PTR without
releasing the "nvbo", which will lead to a memory leak.
We should release the "nvbo" with kfree() if WARN_ON(pi < 0)) equals true.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220705094306.2244103-1-niejianglei2021@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nouveau_bo.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c
index e29175e4b44c..07a327ad5e2a 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
@@ -281,8 +281,10 @@ nouveau_bo_alloc(struct nouveau_cli *cli, u64 *size, int *align, u32 domain,
break;
}
- if (WARN_ON(pi < 0))
+ if (WARN_ON(pi < 0)) {
+ kfree(nvbo);
return ERR_PTR(-EINVAL);
+ }
/* Disable compression if suitable settings couldn't be found. */
if (nvbo->comp && !vmm->page[pi].comp) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 729/862] drm: Use size_t type for len variable in drm_copy_field()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (727 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 728/862] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 730/862] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Greg Kroah-Hartman
` (147 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Javier Martinez Canillas,
Peter Robinson, Thomas Zimmermann, Sasha Levin
From: Javier Martinez Canillas <javierm@redhat.com>
[ Upstream commit 94dc3471d1b2b58b3728558d0e3f264e9ce6ff59 ]
The strlen() function returns a size_t which is an unsigned int on 32-bit
arches and an unsigned long on 64-bit arches. But in the drm_copy_field()
function, the strlen() return value is assigned to an 'int len' variable.
Later, the len variable is passed as copy_from_user() third argument that
is an unsigned long parameter as well.
In theory, this can lead to an integer overflow via type conversion. Since
the assignment happens to a signed int lvalue instead of a size_t lvalue.
In practice though, that's unlikely since the values copied are set by DRM
drivers and not controlled by userspace. But using a size_t for len is the
correct thing to do anyways.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220705100215.572498-2-javierm@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
index 8faad23dc1d8..e1b9a03e619c 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -472,7 +472,7 @@ EXPORT_SYMBOL(drm_invalid_op);
*/
static int drm_copy_field(char __user *buf, size_t *buf_len, const char *value)
{
- int len;
+ size_t len;
/* don't overflow userbuf */
len = strlen(value);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 730/862] drm: Prevent drm_copy_field() to attempt copying a NULL pointer
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (728 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 729/862] drm: Use size_t type for len variable in drm_copy_field() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 731/862] drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook Greg Kroah-Hartman
` (146 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Robinson,
Javier Martinez Canillas, Thomas Zimmermann, Sasha Levin
From: Javier Martinez Canillas <javierm@redhat.com>
[ Upstream commit f6ee30407e883042482ad4ad30da5eaba47872ee ]
There are some struct drm_driver fields that are required by drivers since
drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION.
But it can be possible that a driver has a bug and did not set some of the
fields, which leads to drm_copy_field() attempting to copy a NULL pointer:
[ +10.395966] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000
[ +0.010955] Mem abort info:
[ +0.002835] ESR = 0x0000000096000004
[ +0.003872] EC = 0x25: DABT (current EL), IL = 32 bits
[ +0.005395] SET = 0, FnV = 0
[ +0.003113] EA = 0, S1PTW = 0
[ +0.003182] FSC = 0x04: level 0 translation fault
[ +0.004964] Data abort info:
[ +0.002919] ISV = 0, ISS = 0x00000004
[ +0.003886] CM = 0, WnR = 0
[ +0.003040] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000115dad000
[ +0.006536] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ +0.006925] Internal error: Oops: 96000004 [#1] SMP
...
[ +0.011113] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ +0.007061] pc : __pi_strlen+0x14/0x150
[ +0.003895] lr : drm_copy_field+0x30/0x1a4
[ +0.004156] sp : ffff8000094b3a50
[ +0.003355] x29: ffff8000094b3a50 x28: ffff8000094b3b70 x27: 0000000000000040
[ +0.007242] x26: ffff443743c2ba00 x25: 0000000000000000 x24: 0000000000000040
[ +0.007243] x23: ffff443743c2ba00 x22: ffff8000094b3b70 x21: 0000000000000000
[ +0.007241] x20: 0000000000000000 x19: ffff8000094b3b90 x18: 0000000000000000
[ +0.007241] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaab14b9af40
[ +0.007241] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
[ +0.007239] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa524ad67d4d8
[ +0.007242] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 6c6e6263606e7141
[ +0.007239] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
[ +0.007241] x2 : 0000000000000000 x1 : ffff8000094b3b90 x0 : 0000000000000000
[ +0.007240] Call trace:
[ +0.002475] __pi_strlen+0x14/0x150
[ +0.003537] drm_version+0x84/0xac
[ +0.003448] drm_ioctl_kernel+0xa8/0x16c
[ +0.003975] drm_ioctl+0x270/0x580
[ +0.003448] __arm64_sys_ioctl+0xb8/0xfc
[ +0.003978] invoke_syscall+0x78/0x100
[ +0.003799] el0_svc_common.constprop.0+0x4c/0xf4
[ +0.004767] do_el0_svc+0x38/0x4c
[ +0.003357] el0_svc+0x34/0x100
[ +0.003185] el0t_64_sync_handler+0x11c/0x150
[ +0.004418] el0t_64_sync+0x190/0x194
[ +0.003716] Code: 92402c04 b200c3e8 f13fc09f 5400088c (a9400c02)
[ +0.006180] ---[ end trace 0000000000000000 ]---
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220705100215.572498-3-javierm@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_ioctl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
index e1b9a03e619c..ca2a6e6101dc 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -474,6 +474,12 @@ static int drm_copy_field(char __user *buf, size_t *buf_len, const char *value)
{
size_t len;
+ /* don't attempt to copy a NULL pointer */
+ if (WARN_ONCE(!value, "BUG: the value to copy was not set!")) {
+ *buf_len = 0;
+ return 0;
+ }
+
/* don't overflow userbuf */
len = strlen(value);
if (len > *buf_len)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 731/862] drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (729 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 730/862] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 732/862] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Greg Kroah-Hartman
` (145 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Carsten Haitzler, Liviu Dudau, Sasha Levin
From: Liviu Dudau <liviu.dudau@arm.com>
[ Upstream commit eaa225b6b52233d45457fd33730e1528c604d92d ]
Komeda driver relies on the generic DRM atomic helper functions to handle
commits. It only implements an atomic_commit_tail hook for the
mode_config_helper_funcs and even that one is pretty close to the generic
implementation with the exception of additional dma_fence signalling.
What the generic helper framework doesn't do is waiting for the actual
hardware to signal that the commit parameters have been written into the
appropriate registers. As we signal CRTC events only on the irq handlers,
we need to flush the configuration and wait for the hardware to respond.
Add the Komeda specific implementation for atomic_commit_hw_done() that
flushes and waits for flip done before calling drm_atomic_helper_commit_hw_done().
The fix was prompted by a patch from Carsten Haitzler where he was trying to
solve the same issue but in a different way that I think can lead to wrong
event signaling to userspace.
Reported-by: Carsten Haitzler <carsten.haitzler@arm.com>
Tested-by: Carsten Haitzler <carsten.haitzler@arm.com>
Reviewed-by: Carsten Haitzler <carsten.haitzler@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220722122139.288486-1-liviu.dudau@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/arm/display/komeda/komeda_crtc.c | 4 ++--
.../gpu/drm/arm/display/komeda/komeda_kms.c | 21 ++++++++++++++++++-
.../gpu/drm/arm/display/komeda/komeda_kms.h | 2 ++
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c
index 59172acb9738..292f533d8cf0 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c
@@ -235,7 +235,7 @@ void komeda_crtc_handle_event(struct komeda_crtc *kcrtc,
crtc->state->event = NULL;
drm_crtc_send_vblank_event(crtc, event);
} else {
- DRM_WARN("CRTC[%d]: FLIP happen but no pending commit.\n",
+ DRM_WARN("CRTC[%d]: FLIP happened but no pending commit.\n",
drm_crtc_index(&kcrtc->base));
}
spin_unlock_irqrestore(&crtc->dev->event_lock, flags);
@@ -286,7 +286,7 @@ komeda_crtc_atomic_enable(struct drm_crtc *crtc,
komeda_crtc_do_flush(crtc, old);
}
-static void
+void
komeda_crtc_flush_and_wait_for_flip_done(struct komeda_crtc *kcrtc,
struct completion *input_flip_done)
{
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_kms.c b/drivers/gpu/drm/arm/display/komeda/komeda_kms.c
index 93b7f09b96ca..327051bba5b6 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_kms.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_kms.c
@@ -69,6 +69,25 @@ static const struct drm_driver komeda_kms_driver = {
.minor = 1,
};
+static void komeda_kms_atomic_commit_hw_done(struct drm_atomic_state *state)
+{
+ struct drm_device *dev = state->dev;
+ struct komeda_kms_dev *kms = to_kdev(dev);
+ int i;
+
+ for (i = 0; i < kms->n_crtcs; i++) {
+ struct komeda_crtc *kcrtc = &kms->crtcs[i];
+
+ if (kcrtc->base.state->active) {
+ struct completion *flip_done = NULL;
+ if (kcrtc->base.state->event)
+ flip_done = kcrtc->base.state->event->base.completion;
+ komeda_crtc_flush_and_wait_for_flip_done(kcrtc, flip_done);
+ }
+ }
+ drm_atomic_helper_commit_hw_done(state);
+}
+
static void komeda_kms_commit_tail(struct drm_atomic_state *old_state)
{
struct drm_device *dev = old_state->dev;
@@ -81,7 +100,7 @@ static void komeda_kms_commit_tail(struct drm_atomic_state *old_state)
drm_atomic_helper_commit_modeset_enables(dev, old_state);
- drm_atomic_helper_commit_hw_done(old_state);
+ komeda_kms_atomic_commit_hw_done(old_state);
drm_atomic_helper_wait_for_flip_done(dev, old_state);
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_kms.h b/drivers/gpu/drm/arm/display/komeda/komeda_kms.h
index 7889e380ab23..7339339ef6b8 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_kms.h
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_kms.h
@@ -183,6 +183,8 @@ void komeda_kms_cleanup_private_objs(struct komeda_kms_dev *kms);
void komeda_crtc_handle_event(struct komeda_crtc *kcrtc,
struct komeda_events *evts);
+void komeda_crtc_flush_and_wait_for_flip_done(struct komeda_crtc *kcrtc,
+ struct completion *input_flip_done);
struct komeda_kms_dev *komeda_kms_attach(struct komeda_dev *mdev);
void komeda_kms_detach(struct komeda_kms_dev *kms);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 732/862] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (730 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 731/862] drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 733/862] drm/amd/display: fix overflow on MIN_I64 definition Greg Kroah-Hartman
` (144 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeng Jingxiang, Robert Foss, Sasha Levin
From: Zeng Jingxiang <linuszeng@tencent.com>
[ Upstream commit ef8886f321c5dab8124b9153d25afa2a71d05323 ]
A NULL check for bridge->encoder shows that it may be NULL, but it
already been dereferenced on all paths leading to the check.
812 if (!bridge->encoder) {
Dereference the pointer bridge->encoder.
810 drm_connector_attach_encoder(<9611->connector, bridge->encoder);
Signed-off-by: Zeng Jingxiang <linuszeng@tencent.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220727073119.1578972-1-zengjx95@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/lontium-lt9611.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/lontium-lt9611.c b/drivers/gpu/drm/bridge/lontium-lt9611.c
index 8a60e83482a0..5fccacc159f0 100644
--- a/drivers/gpu/drm/bridge/lontium-lt9611.c
+++ b/drivers/gpu/drm/bridge/lontium-lt9611.c
@@ -813,13 +813,14 @@ static int lt9611_connector_init(struct drm_bridge *bridge, struct lt9611 *lt961
drm_connector_helper_add(<9611->connector,
<9611_bridge_connector_helper_funcs);
- drm_connector_attach_encoder(<9611->connector, bridge->encoder);
if (!bridge->encoder) {
DRM_ERROR("Parent encoder object not found");
return -ENODEV;
}
+ drm_connector_attach_encoder(<9611->connector, bridge->encoder);
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 733/862] drm/amd/display: fix overflow on MIN_I64 definition
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (731 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 732/862] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 734/862] ALSA: hda: Fix page fault in snd_hda_codec_shutdown() Greg Kroah-Hartman
` (143 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Gow, Tales Aparecida,
Alex Deucher, Sasha Levin
From: David Gow <davidgow@google.com>
[ Upstream commit 6ae0632d17759852c07e2d1e0a31c728eb6ba246 ]
The definition of MIN_I64 in bw_fixed.c can cause gcc to whinge about
integer overflow, because it is treated as a positive value, which is
then negated. The temporary positive value is not necessarily
representable.
This causes the following warning:
../drivers/gpu/drm/amd/amdgpu/../display/dc/dml/calcs/bw_fixed.c:30:19:
warning: integer overflow in expression ‘-9223372036854775808’ of type
‘long long int’ results in ‘-9223372036854775808’ [-Woverflow]
30 | (int64_t)(-(1LL << 63))
| ^
Writing out (-MAX_I64 - 1) works instead.
Signed-off-by: David Gow <davidgow@google.com>
Signed-off-by: Tales Aparecida <tales.aparecida@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dml/calcs/bw_fixed.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/calcs/bw_fixed.c b/drivers/gpu/drm/amd/display/dc/dml/calcs/bw_fixed.c
index 6ca288fb5fb9..2d46bc527b21 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/calcs/bw_fixed.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/calcs/bw_fixed.c
@@ -26,12 +26,12 @@
#include "bw_fixed.h"
-#define MIN_I64 \
- (int64_t)(-(1LL << 63))
-
#define MAX_I64 \
(int64_t)((1ULL << 63) - 1)
+#define MIN_I64 \
+ (-MAX_I64 - 1)
+
#define FRACTIONAL_PART_MASK \
((1ULL << BW_FIXED_BITS_PER_FRACTIONAL_PART) - 1)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 734/862] ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (732 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 733/862] drm/amd/display: fix overflow on MIN_I64 definition Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 735/862] ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support Greg Kroah-Hartman
` (142 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai Vehmanen, Pierre-Louis Bossart,
Cezary Rojewski, Takashi Iwai, Sasha Levin
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit f2bd1c5ae2cb0cf9525c9bffc0038c12dd7e1338 ]
If early probe of HDAudio bus driver fails e.g.: due to missing
firmware file, snd_hda_codec_shutdown() ends in manipulating
uninitialized codec->pcm_list_head causing page fault.
Initialization of HDAudio codec in ASoC is split in two:
- snd_hda_codec_device_init()
- snd_hda_codec_device_new()
snd_hda_codec_device_init() is called during probe_codecs() by HDAudio
bus driver while snd_hda_codec_device_new() is called by
codec-component's ->probe(). The second call will not happen until all
components required by related sound card are present within the ASoC
framework. With firmware failing to load during the PCI's deferred
initialization i.e.: probe_work(), no platform components are ever
registered. HDAudio codec enumeration is done at that point though, so
the codec components became registered to ASoC framework, calling
snd_hda_codec_device_init() in the process.
Now, during platform reboot snd_hda_codec_shutdown() is called for every
codec found on the HDAudio bus causing oops if any of them has not
completed both of their initialization steps. Relocating field
initialization fixes the issue.
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20220816111727.3218543-7-cezary.rojewski@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_codec.c | 41 +++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 21 deletions(-)
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 384426d7e9dd..4ae8b9574778 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -931,8 +931,28 @@ snd_hda_codec_device_init(struct hda_bus *bus, unsigned int codec_addr,
}
codec->bus = bus;
+ codec->depop_delay = -1;
+ codec->fixup_id = HDA_FIXUP_ID_NOT_SET;
+ codec->core.dev.release = snd_hda_codec_dev_release;
+ codec->core.exec_verb = codec_exec_verb;
codec->core.type = HDA_DEV_LEGACY;
+ mutex_init(&codec->spdif_mutex);
+ mutex_init(&codec->control_mutex);
+ snd_array_init(&codec->mixers, sizeof(struct hda_nid_item), 32);
+ snd_array_init(&codec->nids, sizeof(struct hda_nid_item), 32);
+ snd_array_init(&codec->init_pins, sizeof(struct hda_pincfg), 16);
+ snd_array_init(&codec->driver_pins, sizeof(struct hda_pincfg), 16);
+ snd_array_init(&codec->cvt_setups, sizeof(struct hda_cvt_setup), 8);
+ snd_array_init(&codec->spdif_out, sizeof(struct hda_spdif_out), 16);
+ snd_array_init(&codec->jacktbl, sizeof(struct hda_jack_tbl), 16);
+ snd_array_init(&codec->verbs, sizeof(struct hda_verb *), 8);
+ INIT_LIST_HEAD(&codec->conn_list);
+ INIT_LIST_HEAD(&codec->pcm_list_head);
+ INIT_DELAYED_WORK(&codec->jackpoll_work, hda_jackpoll_work);
+ refcount_set(&codec->pcm_ref, 1);
+ init_waitqueue_head(&codec->remove_sleep);
+
return codec;
}
EXPORT_SYMBOL_GPL(snd_hda_codec_device_init);
@@ -985,29 +1005,8 @@ int snd_hda_codec_device_new(struct hda_bus *bus, struct snd_card *card,
if (snd_BUG_ON(codec_addr > HDA_MAX_CODEC_ADDRESS))
return -EINVAL;
- codec->core.dev.release = snd_hda_codec_dev_release;
- codec->core.exec_verb = codec_exec_verb;
-
codec->card = card;
codec->addr = codec_addr;
- mutex_init(&codec->spdif_mutex);
- mutex_init(&codec->control_mutex);
- snd_array_init(&codec->mixers, sizeof(struct hda_nid_item), 32);
- snd_array_init(&codec->nids, sizeof(struct hda_nid_item), 32);
- snd_array_init(&codec->init_pins, sizeof(struct hda_pincfg), 16);
- snd_array_init(&codec->driver_pins, sizeof(struct hda_pincfg), 16);
- snd_array_init(&codec->cvt_setups, sizeof(struct hda_cvt_setup), 8);
- snd_array_init(&codec->spdif_out, sizeof(struct hda_spdif_out), 16);
- snd_array_init(&codec->jacktbl, sizeof(struct hda_jack_tbl), 16);
- snd_array_init(&codec->verbs, sizeof(struct hda_verb *), 8);
- INIT_LIST_HEAD(&codec->conn_list);
- INIT_LIST_HEAD(&codec->pcm_list_head);
- refcount_set(&codec->pcm_ref, 1);
- init_waitqueue_head(&codec->remove_sleep);
-
- INIT_DELAYED_WORK(&codec->jackpoll_work, hda_jackpoll_work);
- codec->depop_delay = -1;
- codec->fixup_id = HDA_FIXUP_ID_NOT_SET;
#ifdef CONFIG_PM
codec->power_jiffies = jiffies;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 735/862] ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (733 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 734/862] ALSA: hda: Fix page fault in snd_hda_codec_shutdown() Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 736/862] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Greg Kroah-Hartman
` (141 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Conner Knox, Takashi Iwai, Sasha Levin
From: Conner Knox <connerknoxpublic@gmail.com>
[ Upstream commit b01104fc62b6194c852124f6c6df1c0a5c031fc1 ]
Add support for Avid Mbox3 USB audio interface at 48kHz
Signed-off-by: Conner Knox <connerknoxpublic@gmail.com>
Link: https://lore.kernel.org/r/20220818201433.16360-1-mbarriolinares@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/quirks-table.h | 76 ++++++++++
sound/usb/quirks.c | 302 +++++++++++++++++++++++++++++++++++++++
2 files changed, 378 insertions(+)
diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
index f93201a830b5..06dfdd45cff8 100644
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -2985,6 +2985,82 @@ YAMAHA_DEVICE(0x7010, "UB99"),
}
}
},
+/* DIGIDESIGN MBOX 3 */
+{
+ USB_DEVICE(0x0dba, 0x5000),
+ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) {
+ .vendor_name = "Digidesign",
+ .product_name = "Mbox 3",
+ .ifnum = QUIRK_ANY_INTERFACE,
+ .type = QUIRK_COMPOSITE,
+ .data = (const struct snd_usb_audio_quirk[]) {
+ {
+ .ifnum = 0,
+ .type = QUIRK_IGNORE_INTERFACE
+ },
+ {
+ .ifnum = 1,
+ .type = QUIRK_IGNORE_INTERFACE
+ },
+ {
+ .ifnum = 2,
+ .type = QUIRK_AUDIO_FIXED_ENDPOINT,
+ .data = &(const struct audioformat) {
+ .formats = SNDRV_PCM_FMTBIT_S24_3LE,
+ .channels = 4,
+ .iface = 2,
+ .altsetting = 1,
+ .altset_idx = 1,
+ .attributes = 0x00,
+ .endpoint = 0x01,
+ .ep_attr = USB_ENDPOINT_XFER_ISOC |
+ USB_ENDPOINT_SYNC_ASYNC,
+ .rates = SNDRV_PCM_RATE_48000,
+ .rate_min = 48000,
+ .rate_max = 48000,
+ .nr_rates = 1,
+ .rate_table = (unsigned int[]) {
+ 48000
+ }
+ }
+ },
+ {
+ .ifnum = 3,
+ .type = QUIRK_AUDIO_FIXED_ENDPOINT,
+ .data = &(const struct audioformat) {
+ .formats = SNDRV_PCM_FMTBIT_S24_3LE,
+ .channels = 4,
+ .iface = 3,
+ .altsetting = 1,
+ .altset_idx = 1,
+ .endpoint = 0x81,
+ .attributes = 0x00,
+ .ep_attr = USB_ENDPOINT_XFER_ISOC |
+ USB_ENDPOINT_SYNC_ASYNC,
+ .maxpacksize = 0x009c,
+ .rates = SNDRV_PCM_RATE_48000,
+ .rate_min = 48000,
+ .rate_max = 48000,
+ .nr_rates = 1,
+ .rate_table = (unsigned int[]) {
+ 48000
+ }
+ }
+ },
+ {
+ .ifnum = 4,
+ .type = QUIRK_MIDI_FIXED_ENDPOINT,
+ .data = &(const struct snd_usb_midi_endpoint_info) {
+ .out_cables = 0x0001,
+ .in_cables = 0x0001
+ }
+ },
+ {
+ .ifnum = -1
+ }
+ }
+ }
+},
{
/* Tascam US122 MKII - playback-only support */
USB_DEVICE_VENDOR_SPEC(0x0644, 0x8021),
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 5b4d8f5eade2..194c75c45628 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1020,6 +1020,304 @@ static int snd_usb_axefx3_boot_quirk(struct usb_device *dev)
return 0;
}
+static void mbox3_setup_48_24_magic(struct usb_device *dev)
+{
+ /* The Mbox 3 is "little endian" */
+ /* max volume is: 0x0000. */
+ /* min volume is: 0x0080 (shown in little endian form) */
+
+
+ /* Load 48000Hz rate into buffer */
+ u8 com_buff[4] = {0x80, 0xbb, 0x00, 0x00};
+
+ /* Set 48000Hz sample rate */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 0x01, 0x21, 0x0100, 0x0001, &com_buff, 4); //Is this really needed?
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 0x01, 0x21, 0x0100, 0x8101, &com_buff, 4);
+
+ /* Deactivate Tuner */
+ /* on = 0x01*/
+ /* off = 0x00*/
+ com_buff[0] = 0x00;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 0x01, 0x21, 0x0003, 0x2001, &com_buff, 1);
+
+ /* Set clock source to Internal (as opposed to S/PDIF) */
+ com_buff[0] = 0x01;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0100, 0x8001, &com_buff, 1);
+
+ /* Mute the hardware loopbacks to start the device in a known state. */
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* Analogue input 1 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0110, 0x4001, &com_buff, 2);
+ /* Analogue input 1 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0111, 0x4001, &com_buff, 2);
+ /* Analogue input 2 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0114, 0x4001, &com_buff, 2);
+ /* Analogue input 2 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0115, 0x4001, &com_buff, 2);
+ /* Analogue input 3 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0118, 0x4001, &com_buff, 2);
+ /* Analogue input 3 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0119, 0x4001, &com_buff, 2);
+ /* Analogue input 4 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x011c, 0x4001, &com_buff, 2);
+ /* Analogue input 4 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x011d, 0x4001, &com_buff, 2);
+
+ /* Set software sends to output */
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x00;
+ /* Analogue software return 1 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0100, 0x4001, &com_buff, 2);
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* Analogue software return 1 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0101, 0x4001, &com_buff, 2);
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* Analogue software return 2 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0104, 0x4001, &com_buff, 2);
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x00;
+ /* Analogue software return 2 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0105, 0x4001, &com_buff, 2);
+
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* Analogue software return 3 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0108, 0x4001, &com_buff, 2);
+ /* Analogue software return 3 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0109, 0x4001, &com_buff, 2);
+ /* Analogue software return 4 left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x010c, 0x4001, &com_buff, 2);
+ /* Analogue software return 4 right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x010d, 0x4001, &com_buff, 2);
+
+ /* Return to muting sends */
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* Analogue fx return left channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0120, 0x4001, &com_buff, 2);
+ /* Analogue fx return right channel: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0121, 0x4001, &com_buff, 2);
+
+ /* Analogue software input 1 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0100, 0x4201, &com_buff, 2);
+ /* Analogue software input 2 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0101, 0x4201, &com_buff, 2);
+ /* Analogue software input 3 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0102, 0x4201, &com_buff, 2);
+ /* Analogue software input 4 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0103, 0x4201, &com_buff, 2);
+ /* Analogue input 1 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0104, 0x4201, &com_buff, 2);
+ /* Analogue input 2 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0105, 0x4201, &com_buff, 2);
+ /* Analogue input 3 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0106, 0x4201, &com_buff, 2);
+ /* Analogue input 4 fx send: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0107, 0x4201, &com_buff, 2);
+
+ /* Toggle allowing host control */
+ com_buff[0] = 0x02;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 3, 0x21, 0x0000, 0x2001, &com_buff, 1);
+
+ /* Do not dim fx returns */
+ com_buff[0] = 0x00;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 3, 0x21, 0x0002, 0x2001, &com_buff, 1);
+
+ /* Do not set fx returns to mono */
+ com_buff[0] = 0x00;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 3, 0x21, 0x0001, 0x2001, &com_buff, 1);
+
+ /* Mute the S/PDIF hardware loopback
+ * same odd volume logic here as above
+ */
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* S/PDIF hardware input 1 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0112, 0x4001, &com_buff, 2);
+ /* S/PDIF hardware input 1 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0113, 0x4001, &com_buff, 2);
+ /* S/PDIF hardware input 2 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0116, 0x4001, &com_buff, 2);
+ /* S/PDIF hardware input 2 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0117, 0x4001, &com_buff, 2);
+ /* S/PDIF hardware input 3 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x011a, 0x4001, &com_buff, 2);
+ /* S/PDIF hardware input 3 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x011b, 0x4001, &com_buff, 2);
+ /* S/PDIF hardware input 4 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x011e, 0x4001, &com_buff, 2);
+ /* S/PDIF hardware input 4 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x011f, 0x4001, &com_buff, 2);
+ /* S/PDIF software return 1 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0102, 0x4001, &com_buff, 2);
+ /* S/PDIF software return 1 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0103, 0x4001, &com_buff, 2);
+ /* S/PDIF software return 2 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0106, 0x4001, &com_buff, 2);
+ /* S/PDIF software return 2 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0107, 0x4001, &com_buff, 2);
+
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x00;
+ /* S/PDIF software return 3 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x010a, 0x4001, &com_buff, 2);
+
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* S/PDIF software return 3 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x010b, 0x4001, &com_buff, 2);
+ /* S/PDIF software return 4 left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x010e, 0x4001, &com_buff, 2);
+
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x00;
+ /* S/PDIF software return 4 right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x010f, 0x4001, &com_buff, 2);
+
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x80;
+ /* S/PDIF fx returns left channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0122, 0x4001, &com_buff, 2);
+ /* S/PDIF fx returns right channel */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0123, 0x4001, &com_buff, 2);
+
+ /* Set the dropdown "Effect" to the first option */
+ /* Room1 = 0x00 */
+ /* Room2 = 0x01 */
+ /* Room3 = 0x02 */
+ /* Hall 1 = 0x03 */
+ /* Hall 2 = 0x04 */
+ /* Plate = 0x05 */
+ /* Delay = 0x06 */
+ /* Echo = 0x07 */
+ com_buff[0] = 0x00;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0200, 0x4301, &com_buff, 1); /* max is 0xff */
+ /* min is 0x00 */
+
+
+ /* Set the effect duration to 0 */
+ /* max is 0xffff */
+ /* min is 0x0000 */
+ com_buff[0] = 0x00;
+ com_buff[1] = 0x00;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0400, 0x4301, &com_buff, 2);
+
+ /* Set the effect volume and feedback to 0 */
+ /* max is 0xff */
+ /* min is 0x00 */
+ com_buff[0] = 0x00;
+ /* feedback: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0500, 0x4301, &com_buff, 1);
+ /* volume: */
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 1, 0x21, 0x0300, 0x4301, &com_buff, 1);
+
+ /* Set soft button hold duration */
+ /* 0x03 = 250ms */
+ /* 0x05 = 500ms DEFAULT */
+ /* 0x08 = 750ms */
+ /* 0x0a = 1sec */
+ com_buff[0] = 0x05;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 3, 0x21, 0x0005, 0x2001, &com_buff, 1);
+
+ /* Use dim LEDs for button of state */
+ com_buff[0] = 0x00;
+ snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0),
+ 3, 0x21, 0x0004, 0x2001, &com_buff, 1);
+}
+
+#define MBOX3_DESCRIPTOR_SIZE 464
+
+static int snd_usb_mbox3_boot_quirk(struct usb_device *dev)
+{
+ struct usb_host_config *config = dev->actconfig;
+ int err;
+ int descriptor_size;
+
+ descriptor_size = le16_to_cpu(get_cfg_desc(config)->wTotalLength);
+
+ if (descriptor_size != MBOX3_DESCRIPTOR_SIZE) {
+ dev_err(&dev->dev, "Invalid descriptor size=%d.\n", descriptor_size);
+ return -ENODEV;
+ }
+
+ dev_dbg(&dev->dev, "device initialised!\n");
+
+ err = usb_get_descriptor(dev, USB_DT_DEVICE, 0,
+ &dev->descriptor, sizeof(dev->descriptor));
+ config = dev->actconfig;
+ if (err < 0)
+ dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err);
+
+ err = usb_reset_configuration(dev);
+ if (err < 0)
+ dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err);
+ dev_dbg(&dev->dev, "mbox3_boot: new boot length = %d\n",
+ le16_to_cpu(get_cfg_desc(config)->wTotalLength));
+
+ mbox3_setup_48_24_magic(dev);
+ dev_info(&dev->dev, "Digidesign Mbox 3: 24bit 48kHz");
+
+ return 0; /* Successful boot */
+}
#define MICROBOOK_BUF_SIZE 128
@@ -1324,6 +1622,10 @@ int snd_usb_apply_boot_quirk(struct usb_device *dev,
case USB_ID(0x0dba, 0x3000):
/* Digidesign Mbox 2 */
return snd_usb_mbox2_boot_quirk(dev);
+ case USB_ID(0x0dba, 0x5000):
+ /* Digidesign Mbox 3 */
+ return snd_usb_mbox3_boot_quirk(dev);
+
case USB_ID(0x1235, 0x0010): /* Focusrite Novation Saffire 6 USB */
case USB_ID(0x1235, 0x0018): /* Focusrite Novation Twitch */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 736/862] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (734 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 735/862] ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 737/862] platform/x86: pmc_atom: Improve quirk message to be less cryptic Greg Kroah-Hartman
` (140 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+c80e9ef5d8bb45894db0,
Gerd Hoffmann, Vivek Kasireddy, Sasha Levin
From: Vivek Kasireddy <vivek.kasireddy@intel.com>
[ Upstream commit d9c04a1b7a15b5e74b2977461d9511e497f05d8f ]
When userspace tries to map the dmabuf and if for some reason
(e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be
set to NULL. Otherwise, when the userspace subsequently closes the
dmabuf fd, we'd try to erroneously free the invalid sg table from
release_udmabuf resulting in the following crash reported by syzbot:
general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 3609 Comm: syz-executor487 Not tainted
5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 07/22/2022
RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline]
RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline]
RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c
8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14
02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2
RSP: 0018:ffffc900037efd30 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffff8cb67800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff84ad27e0 RDI: 0000000000000000
RBP: fffffffffffffff4 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000008c07c R12: ffff88801fa05000
R13: ffff888073db07e8 R14: ffff888025c25440 R15: 0000000000000000
FS: 0000555555fc4300(0000) GS:ffff8880b9a00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc1c0ce06e4 CR3: 00000000715e6000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
dma_buf_release+0x157/0x2d0 drivers/dma-buf/dma-buf.c:78
__dentry_kill+0x42b/0x640 fs/dcache.c:612
dentry_kill fs/dcache.c:733 [inline]
dput+0x806/0xdb0 fs/dcache.c:913
__fput+0x39c/0x9d0 fs/file_table.c:333
task_work_run+0xdd/0x1a0 kernel/task_work.c:177
ptrace_notify+0x114/0x140 kernel/signal.c:2353
ptrace_report_syscall include/linux/ptrace.h:420 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline]
syscall_exit_work kernel/entry/common.c:249 [inline]
syscall_exit_to_user_mode_prepare+0x129/0x280 kernel/entry/common.c:276
__syscall_exit_to_user_mode_work kernel/entry/common.c:281 [inline]
syscall_exit_to_user_mode+0x9/0x50 kernel/entry/common.c:294
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc1c0c35b6b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24
0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007ffd78a06090 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007fc1c0c35b6b
RDX: 0000000020000280 RSI: 0000000040086200 RDI: 0000000000000006
RBP: 0000000000000007 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c
R13: 0000000000000003 R14: 00007fc1c0cfe4a0 R15: 00007ffd78a06140
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline]
RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline]
RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114
Reported-by: syzbot+c80e9ef5d8bb45894db0@syzkaller.appspotmail.com
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220825063522.801264-1-vivek.kasireddy@intel.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma-buf/udmabuf.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
index 38e8767ec371..bf11d32205f3 100644
--- a/drivers/dma-buf/udmabuf.c
+++ b/drivers/dma-buf/udmabuf.c
@@ -124,17 +124,20 @@ static int begin_cpu_udmabuf(struct dma_buf *buf,
{
struct udmabuf *ubuf = buf->priv;
struct device *dev = ubuf->device->this_device;
+ int ret = 0;
if (!ubuf->sg) {
ubuf->sg = get_sg_table(dev, buf, direction);
- if (IS_ERR(ubuf->sg))
- return PTR_ERR(ubuf->sg);
+ if (IS_ERR(ubuf->sg)) {
+ ret = PTR_ERR(ubuf->sg);
+ ubuf->sg = NULL;
+ }
} else {
dma_sync_sg_for_cpu(dev, ubuf->sg->sgl, ubuf->sg->nents,
direction);
}
- return 0;
+ return ret;
}
static int end_cpu_udmabuf(struct dma_buf *buf,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 737/862] platform/x86: pmc_atom: Improve quirk message to be less cryptic
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (735 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 736/862] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 738/862] drm/amd: fix potential memory leak Greg Kroah-Hartman
` (139 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Hans de Goede, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 32c9b75640aeb1b144f9e2963c1640f4cef7c6f2 ]
Not everyone can get what "critclks" means in the message, improve
it to make less cryptic.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20220801113734.36131-2-andriy.shevchenko@linux.intel.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/pmc_atom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/platform/x86/pmc_atom.c b/drivers/platform/x86/pmc_atom.c
index 5c757c7f64de..f4046572a9fe 100644
--- a/drivers/platform/x86/pmc_atom.c
+++ b/drivers/platform/x86/pmc_atom.c
@@ -354,7 +354,7 @@ static bool pmc_clk_is_critical = true;
static int dmi_callback(const struct dmi_system_id *d)
{
- pr_info("%s critclks quirk enabled\n", d->ident);
+ pr_info("%s: PMC critical clocks quirk enabled\n", d->ident);
return 1;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 738/862] drm/amd: fix potential memory leak
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (736 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 737/862] platform/x86: pmc_atom: Improve quirk message to be less cryptic Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 739/862] drm: bridge: dw_hdmi: only trigger hotplug event on link change Greg Kroah-Hartman
` (138 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bernard Zhao, Alex Deucher, Sasha Levin
From: Bernard Zhao <bernard@vivo.com>
[ Upstream commit 6160216fd2c97107e8a9ab39863b056d677fcd85 ]
This patch fix potential memory leak (clk_src) when function run
into last return NULL.
s/free/kfree/ - Alex
Signed-off-by: Bernard Zhao <bernard@vivo.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c b/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c
index 3cd7c91655c5..6d721fadcbee 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_resource.c
@@ -1720,6 +1720,7 @@ static struct clock_source *dcn30_clock_source_create(
}
BREAK_TO_DEBUGGER();
+ kfree(clk_src);
return NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 739/862] drm: bridge: dw_hdmi: only trigger hotplug event on link change
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (737 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 738/862] drm/amd: fix potential memory leak Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 740/862] drm/amd/display: Fix variable dereferenced before check Greg Kroah-Hartman
` (137 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Robert Foss,
Sasha Levin, Neil Armstrong
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit da09daf881082266e4075657fac53c7966de8e4d ]
There are two events that signal a real change of the link state: HPD going
high means the sink is newly connected or wants the source to re-read the
EDID, RX sense going low is a indication that the link has been disconnected.
Ignore the other two events that also trigger interrupts, but don't need
immediate attention: HPD going low does not necessarily mean the link has
been lost and should not trigger a immediate read of the status. RX sense
going high also does not require a detect cycle, as HPD going high is the
right point in time to read the EDID.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com> (v1)
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220826185733.3213248-1-l.stach@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
index 25a60eb4d67c..40d8ca37f5bc 100644
--- a/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
+++ b/drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
@@ -3096,6 +3096,7 @@ static irqreturn_t dw_hdmi_irq(int irq, void *dev_id)
{
struct dw_hdmi *hdmi = dev_id;
u8 intr_stat, phy_int_pol, phy_pol_mask, phy_stat;
+ enum drm_connector_status status = connector_status_unknown;
intr_stat = hdmi_readb(hdmi, HDMI_IH_PHY_STAT0);
phy_int_pol = hdmi_readb(hdmi, HDMI_PHY_POL0);
@@ -3134,13 +3135,15 @@ static irqreturn_t dw_hdmi_irq(int irq, void *dev_id)
cec_notifier_phys_addr_invalidate(hdmi->cec_notifier);
mutex_unlock(&hdmi->cec_notifier_mutex);
}
- }
- if (intr_stat & HDMI_IH_PHY_STAT0_HPD) {
- enum drm_connector_status status = phy_int_pol & HDMI_PHY_HPD
- ? connector_status_connected
- : connector_status_disconnected;
+ if (phy_stat & HDMI_PHY_HPD)
+ status = connector_status_connected;
+
+ if (!(phy_stat & (HDMI_PHY_HPD | HDMI_PHY_RX_SENSE)))
+ status = connector_status_disconnected;
+ }
+ if (status != connector_status_unknown) {
dev_dbg(hdmi->dev, "EVENT=%s\n",
status == connector_status_connected ?
"plugin" : "plugout");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 740/862] drm/amd/display: Fix variable dereferenced before check
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (738 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 739/862] drm: bridge: dw_hdmi: only trigger hotplug event on link change Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 741/862] drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0 Greg Kroah-Hartman
` (136 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
sunliming, Alex Deucher, Sasha Levin
From: sunliming <sunliming@kylinos.cn>
[ Upstream commit 45a92f45f4578ff89da7dc5ef50bab4ef870f3b7 ]
Fixes the following smatch warning:
drivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:311 dc_dmub_srv_p_state_delegate()
warn: variable dereferenced before check 'dc' (see line 309)
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: sunliming <sunliming@kylinos.cn>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c
index 76c05ff12e95..755c4f9de6da 100644
--- a/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c
+++ b/drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c
@@ -323,11 +323,13 @@ bool dc_dmub_srv_p_state_delegate(struct dc *dc, bool should_manage_pstate, stru
struct dmub_cmd_fw_assisted_mclk_switch_config *config_data = &cmd.fw_assisted_mclk_switch.config_data;
int i = 0;
int ramp_up_num_steps = 1; // TODO: Ramp is currently disabled. Reenable it.
- uint8_t visual_confirm_enabled = dc->debug.visual_confirm == VISUAL_CONFIRM_FAMS;
+ uint8_t visual_confirm_enabled;
if (dc == NULL)
return false;
+ visual_confirm_enabled = dc->debug.visual_confirm == VISUAL_CONFIRM_FAMS;
+
// Format command.
cmd.fw_assisted_mclk_switch.header.type = DMUB_CMD__FW_ASSISTED_MCLK_SWITCH;
cmd.fw_assisted_mclk_switch.header.sub_type = DMUB_CMD__FAMS_SETUP_FW_CTRL;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 741/862] drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (739 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 740/862] drm/amd/display: Fix variable dereferenced before check Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 742/862] drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF Greg Kroah-Hartman
` (135 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Yifan Zha,
Horace Chen, Hawking Zhang, Alex Deucher, Sasha Levin
From: Yifan Zha <Yifan.Zha@amd.com>
[ Upstream commit c1026c6f319724dc88fc08d9d9d35bcbdf492b42 ]
[Why]
VF should not program these registers, the value were defined in the host.
[How]
Skip writing them in SRIOV environment and program them on host side.
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Yifan Zha <Yifan.Zha@amd.com>
Signed-off-by: Horace Chen <horace.chen@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/mmhub_v3_0.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/mmhub_v3_0.c b/drivers/gpu/drm/amd/amdgpu/mmhub_v3_0.c
index bc11b2de37ae..a1d26c4d80b8 100644
--- a/drivers/gpu/drm/amd/amdgpu/mmhub_v3_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/mmhub_v3_0.c
@@ -169,17 +169,17 @@ static void mmhub_v3_0_init_system_aperture_regs(struct amdgpu_device *adev)
uint64_t value;
uint32_t tmp;
- /* Disable AGP. */
- WREG32_SOC15(MMHUB, 0, regMMMC_VM_AGP_BASE, 0);
- WREG32_SOC15(MMHUB, 0, regMMMC_VM_AGP_TOP, 0);
- WREG32_SOC15(MMHUB, 0, regMMMC_VM_AGP_BOT, 0x00FFFFFF);
-
if (!amdgpu_sriov_vf(adev)) {
/*
* the new L1 policy will block SRIOV guest from writing
* these regs, and they will be programed at host.
* so skip programing these regs.
*/
+ /* Disable AGP. */
+ WREG32_SOC15(MMHUB, 0, regMMMC_VM_AGP_BASE, 0);
+ WREG32_SOC15(MMHUB, 0, regMMMC_VM_AGP_TOP, 0);
+ WREG32_SOC15(MMHUB, 0, regMMMC_VM_AGP_BOT, 0x00FFFFFF);
+
/* Program the system aperture low logical page number. */
WREG32_SOC15(MMHUB, 0, regMMMC_VM_SYSTEM_APERTURE_LOW_ADDR,
adev->gmc.vram_start >> 18);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 742/862] drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (740 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 741/862] drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 743/862] ALSA: usb-audio: Register card at the last interface Greg Kroah-Hartman
` (134 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Yifan Zha,
Hawking Zhang, Alex Deucher, Sasha Levin
From: Yifan Zha <Yifan.Zha@amd.com>
[ Upstream commit 828418259254863e0af5805bd712284e2bd88e3b ]
[Why]
There is no CG(Clock Gating)/PG(Power Gating) requirement on SRIOV VF.
For multi VF, VF should not enable any CG/PG features.
For one VF, PF will program CG/PG related registers.
[How]
Do not set any cg/pg flag bit at early init under sriov.
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Yifan Zha <Yifan.Zha@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/soc21.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/soc21.c b/drivers/gpu/drm/amd/amdgpu/soc21.c
index 276ff6709881..9c3463b48139 100644
--- a/drivers/gpu/drm/amd/amdgpu/soc21.c
+++ b/drivers/gpu/drm/amd/amdgpu/soc21.c
@@ -583,6 +583,10 @@ static int soc21_common_early_init(void *handle)
AMD_PG_SUPPORT_JPEG |
AMD_PG_SUPPORT_ATHUB |
AMD_PG_SUPPORT_MMHUB;
+ if (amdgpu_sriov_vf(adev)) {
+ adev->cg_flags = 0;
+ adev->pg_flags = 0;
+ }
adev->external_rev_id = adev->rev_id + 0x1; // TODO: need update
break;
case IP_VERSION(11, 0, 2):
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 743/862] ALSA: usb-audio: Register card at the last interface
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (741 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 742/862] drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 744/862] drm/vc4: vec: Fix timings for VEC modes Greg Kroah-Hartman
` (133 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 6392dcd1d0c7034ccf630ec55fc9e5810ecadf3b ]
The USB-audio driver matches per interface, and as default, it
registers the card instance at the very first instance. This can be a
problem for the devices that have multiple interfaces to be probed, as
the udev rule isn't applied properly for the later appearing
interfaces. Although we introduced the delayed_register option and
the quirks for covering those shortcomings, it's nothing but a
workaround for specific devices.
This patch is an another attempt to fix the problem in a more generic
way. Now the driver checks the whole USB device descriptor at the
very first time when an interface is attached to a sound card. It
looks at each matching interface in the descriptor and remembers the
last matching one. The snd_card_register() is invoked only when this
last interface is probed.
After this change, the quirks for the delayed registration become
superfluous, hence they are removed along with the patch. OTOH, the
delayed_register option is still kept, as it might be useful for some
corner cases (e.g. a special driver overtakes the interface probe from
the standard driver, and the last interface probe may miss).
Link: https://lore.kernel.org/r/20220904161247.16461-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/card.c | 32 +++++++++++++++++++++++++-------
sound/usb/quirks.c | 42 ------------------------------------------
sound/usb/quirks.h | 2 --
sound/usb/usbaudio.h | 1 +
4 files changed, 26 insertions(+), 51 deletions(-)
diff --git a/sound/usb/card.c b/sound/usb/card.c
index 706d249a9ad6..3aea241435fb 100644
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -690,7 +690,7 @@ static bool get_alias_id(struct usb_device *dev, unsigned int *id)
return false;
}
-static bool check_delayed_register_option(struct snd_usb_audio *chip, int iface)
+static int check_delayed_register_option(struct snd_usb_audio *chip)
{
int i;
unsigned int id, inum;
@@ -699,14 +699,31 @@ static bool check_delayed_register_option(struct snd_usb_audio *chip, int iface)
if (delayed_register[i] &&
sscanf(delayed_register[i], "%x:%x", &id, &inum) == 2 &&
id == chip->usb_id)
- return iface < inum;
+ return inum;
}
- return false;
+ return -1;
}
static const struct usb_device_id usb_audio_ids[]; /* defined below */
+/* look for the last interface that matches with our ids and remember it */
+static void find_last_interface(struct snd_usb_audio *chip)
+{
+ struct usb_host_config *config = chip->dev->actconfig;
+ struct usb_interface *intf;
+ int i;
+
+ if (!config)
+ return;
+ for (i = 0; i < config->desc.bNumInterfaces; i++) {
+ intf = config->interface[i];
+ if (usb_match_id(intf, usb_audio_ids))
+ chip->last_iface = intf->altsetting[0].desc.bInterfaceNumber;
+ }
+ usb_audio_dbg(chip, "Found last interface = %d\n", chip->last_iface);
+}
+
/* look for the corresponding quirk */
static const struct snd_usb_audio_quirk *
get_alias_quirk(struct usb_device *dev, unsigned int id)
@@ -813,6 +830,7 @@ static int usb_audio_probe(struct usb_interface *intf,
err = -ENODEV;
goto __error;
}
+ find_last_interface(chip);
}
if (chip->num_interfaces >= MAX_CARD_INTERFACES) {
@@ -862,11 +880,11 @@ static int usb_audio_probe(struct usb_interface *intf,
chip->need_delayed_register = false; /* clear again */
}
- /* we are allowed to call snd_card_register() many times, but first
- * check to see if a device needs to skip it or do anything special
+ /* register card if we reach to the last interface or to the specified
+ * one given via option
*/
- if (!snd_usb_registration_quirk(chip, ifnum) &&
- !check_delayed_register_option(chip, ifnum)) {
+ if (check_delayed_register_option(chip) == ifnum ||
+ chip->last_iface == ifnum) {
err = snd_card_register(chip->card);
if (err < 0)
goto __error;
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 194c75c45628..eadac586bcc8 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -2030,48 +2030,6 @@ void snd_usb_audioformat_attributes_quirk(struct snd_usb_audio *chip,
}
}
-/*
- * registration quirk:
- * the registration is skipped if a device matches with the given ID,
- * unless the interface reaches to the defined one. This is for delaying
- * the registration until the last known interface, so that the card and
- * devices appear at the same time.
- */
-
-struct registration_quirk {
- unsigned int usb_id; /* composed via USB_ID() */
- unsigned int interface; /* the interface to trigger register */
-};
-
-#define REG_QUIRK_ENTRY(vendor, product, iface) \
- { .usb_id = USB_ID(vendor, product), .interface = (iface) }
-
-static const struct registration_quirk registration_quirks[] = {
- REG_QUIRK_ENTRY(0x0951, 0x16d8, 2), /* Kingston HyperX AMP */
- REG_QUIRK_ENTRY(0x0951, 0x16ed, 2), /* Kingston HyperX Cloud Alpha S */
- REG_QUIRK_ENTRY(0x0951, 0x16ea, 2), /* Kingston HyperX Cloud Flight S */
- REG_QUIRK_ENTRY(0x0ecb, 0x1f46, 2), /* JBL Quantum 600 */
- REG_QUIRK_ENTRY(0x0ecb, 0x1f47, 2), /* JBL Quantum 800 */
- REG_QUIRK_ENTRY(0x0ecb, 0x1f4c, 2), /* JBL Quantum 400 */
- REG_QUIRK_ENTRY(0x0ecb, 0x2039, 2), /* JBL Quantum 400 */
- REG_QUIRK_ENTRY(0x0ecb, 0x203c, 2), /* JBL Quantum 600 */
- REG_QUIRK_ENTRY(0x0ecb, 0x203e, 2), /* JBL Quantum 800 */
- { 0 } /* terminator */
-};
-
-/* return true if skipping registration */
-bool snd_usb_registration_quirk(struct snd_usb_audio *chip, int iface)
-{
- const struct registration_quirk *q;
-
- for (q = registration_quirks; q->usb_id; q++)
- if (chip->usb_id == q->usb_id)
- return iface < q->interface;
-
- /* Register as normal */
- return false;
-}
-
/*
* driver behavior quirk flags
*/
diff --git a/sound/usb/quirks.h b/sound/usb/quirks.h
index 31abb7cb01a5..f9bfd5ac7bab 100644
--- a/sound/usb/quirks.h
+++ b/sound/usb/quirks.h
@@ -48,8 +48,6 @@ void snd_usb_audioformat_attributes_quirk(struct snd_usb_audio *chip,
struct audioformat *fp,
int stream);
-bool snd_usb_registration_quirk(struct snd_usb_audio *chip, int iface);
-
void snd_usb_init_quirk_flags(struct snd_usb_audio *chip);
#endif /* __USBAUDIO_QUIRKS_H */
diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h
index ffbb4b0d09a0..2c6575029b1c 100644
--- a/sound/usb/usbaudio.h
+++ b/sound/usb/usbaudio.h
@@ -37,6 +37,7 @@ struct snd_usb_audio {
unsigned int quirk_flags;
unsigned int need_delayed_register:1; /* warn for delayed registration */
int num_interfaces;
+ int last_iface;
int num_suspended_intf;
int sample_rate_read_error;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 744/862] drm/vc4: vec: Fix timings for VEC modes
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (742 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 743/862] ALSA: usb-audio: Register card at the last interface Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 745/862] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Greg Kroah-Hartman
` (132 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mateusz Kwiatkowski,
Noralf Trønnes, Maxime Ripard, Sasha Levin
From: Mateusz Kwiatkowski <kfyatek+publicgit@gmail.com>
[ Upstream commit 30d7565be96b3946c18a1ce3fd538f7946839092 ]
This commit fixes vertical timings of the VEC (composite output) modes
to accurately represent the 525-line ("NTSC") and 625-line ("PAL") ITU-R
standards.
Previous timings were actually defined as 502 and 601 lines, resulting
in non-standard 62.69 Hz and 52 Hz signals being generated,
respectively.
Signed-off-by: Mateusz Kwiatkowski <kfyatek+publicgit@gmail.com>
Acked-by: Noralf Trønnes <noralf@tronnes.org>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20220728-rpi-analog-tv-properties-v2-28-459522d653a7@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_vec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_vec.c b/drivers/gpu/drm/vc4/vc4_vec.c
index 11fc3d6f66b1..4e2250b8fa23 100644
--- a/drivers/gpu/drm/vc4/vc4_vec.c
+++ b/drivers/gpu/drm/vc4/vc4_vec.c
@@ -256,7 +256,7 @@ static void vc4_vec_ntsc_j_mode_set(struct vc4_vec *vec)
static const struct drm_display_mode ntsc_mode = {
DRM_MODE("720x480", DRM_MODE_TYPE_DRIVER, 13500,
720, 720 + 14, 720 + 14 + 64, 720 + 14 + 64 + 60, 0,
- 480, 480 + 3, 480 + 3 + 3, 480 + 3 + 3 + 16, 0,
+ 480, 480 + 7, 480 + 7 + 6, 525, 0,
DRM_MODE_FLAG_INTERLACE)
};
@@ -278,7 +278,7 @@ static void vc4_vec_pal_m_mode_set(struct vc4_vec *vec)
static const struct drm_display_mode pal_mode = {
DRM_MODE("720x576", DRM_MODE_TYPE_DRIVER, 13500,
720, 720 + 20, 720 + 20 + 64, 720 + 20 + 64 + 60, 0,
- 576, 576 + 2, 576 + 2 + 3, 576 + 2 + 3 + 20, 0,
+ 576, 576 + 4, 576 + 4 + 6, 625, 0,
DRM_MODE_FLAG_INTERLACE)
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 745/862] drm: panel-orientation-quirks: Add quirk for Anbernic Win600
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (743 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 744/862] drm/vc4: vec: Fix timings for VEC modes Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 746/862] drm: panel-orientation-quirks: Add quirk for Aya Neo Air Greg Kroah-Hartman
` (131 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maya Matuszczyk, Hans de Goede, Sasha Levin
From: Maya Matuszczyk <maccraft123mc@gmail.com>
[ Upstream commit 770e19076065e079a32f33eb11be2057c87f1cde ]
This device is another x86 gaming handheld, and as (hopefully) there is
only one set of DMI IDs it's using DMI_EXACT_MATCH
Signed-off-by: Maya Matuszczyk <maccraft123mc@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220803182402.1217293-1-maccraft123mc@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index fc1728d46ac2..64b194af003c 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -128,6 +128,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "One S1003"),
},
.driver_data = (void *)&lcd800x1280_rightside_up,
+ }, { /* Anbernic Win600 */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "Anbernic"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Win600"),
+ },
+ .driver_data = (void *)&lcd720x1280_rightside_up,
}, { /* Asus T100HA */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 746/862] drm: panel-orientation-quirks: Add quirk for Aya Neo Air
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (744 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 745/862] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 747/862] platform/chrome: cros_ec: Notify the PM of wake events during resume Greg Kroah-Hartman
` (130 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maya Matuszczyk, Hans de Goede, Sasha Levin
From: Maya Matuszczyk <maccraft123mc@gmail.com>
[ Upstream commit e10ea7b9b90219da305a16b3c1252169715a807b ]
Yet another x86 gaming handheld.
This one has many SKUs with quite a few of DMI strings,
so let's just use a catchall, just as with Aya Neo Next.
Signed-off-by: Maya Matuszczyk <maccraft123mc@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220825191946.1678798-1-maccraft123mc@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index 64b194af003c..8a0c0e0bb5bd 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -103,6 +103,12 @@ static const struct drm_dmi_panel_orientation_data lcd800x1280_rightside_up = {
.orientation = DRM_MODE_PANEL_ORIENTATION_RIGHT_UP,
};
+static const struct drm_dmi_panel_orientation_data lcd1080x1920_leftside_up = {
+ .width = 1080,
+ .height = 1920,
+ .orientation = DRM_MODE_PANEL_ORIENTATION_LEFT_UP,
+};
+
static const struct drm_dmi_panel_orientation_data lcd1200x1920_rightside_up = {
.width = 1200,
.height = 1920,
@@ -158,6 +164,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "AYA NEO 2021"),
},
.driver_data = (void *)&lcd800x1280_rightside_up,
+ }, { /* AYA NEO AIR */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "AYANEO"),
+ DMI_MATCH(DMI_BOARD_NAME, "AIR"),
+ },
+ .driver_data = (void *)&lcd1080x1920_leftside_up,
}, { /* AYA NEO NEXT */
.matches = {
DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "AYANEO"),
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 747/862] platform/chrome: cros_ec: Notify the PM of wake events during resume
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (745 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 746/862] drm: panel-orientation-quirks: Add quirk for Aya Neo Air Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 748/862] platform/x86: hp-wmi: Setting thermal profile fails with 0x06 Greg Kroah-Hartman
` (129 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jameson Thies, Prashant Malani,
Benson Leung, Tzung-Bi Shih, Sasha Levin
From: Jameson Thies <jthies@google.com>
[ Upstream commit 8edd2752b0aa498b3a61f3caee8f79f7e0567fad ]
cros_ec_handle_event in the cros_ec driver can notify the PM of wake
events. When a device is suspended, cros_ec_handle_event will not check
MKBP events. Instead, received MKBP events are checked during resume by
cros_ec_report_events_during_suspend. But
cros_ec_report_events_during_suspend cannot notify the PM if received
events are wake events, causing wake events to not be reported if
received while the device is suspended.
Update cros_ec_report_events_during_suspend to notify the PM of wake
events during resume by calling pm_wakeup_event.
Signed-off-by: Jameson Thies <jthies@google.com>
Reviewed-by: Prashant Malani <pmalani@chromium.org>
Reviewed-by: Benson Leung <bleung@chromium.org>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Link: https://lore.kernel.org/r/20220913204954.2931042-1-jthies@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c
index 8aace50d446d..110df0fd4b00 100644
--- a/drivers/platform/chrome/cros_ec.c
+++ b/drivers/platform/chrome/cros_ec.c
@@ -349,10 +349,16 @@ EXPORT_SYMBOL(cros_ec_suspend);
static void cros_ec_report_events_during_suspend(struct cros_ec_device *ec_dev)
{
+ bool wake_event;
+
while (ec_dev->mkbp_event_supported &&
- cros_ec_get_next_event(ec_dev, NULL, NULL) > 0)
+ cros_ec_get_next_event(ec_dev, &wake_event, NULL) > 0) {
blocking_notifier_call_chain(&ec_dev->event_notifier,
1, ec_dev);
+
+ if (wake_event && device_may_wakeup(ec_dev->dev))
+ pm_wakeup_event(ec_dev->dev, 0);
+ }
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 748/862] platform/x86: hp-wmi: Setting thermal profile fails with 0x06
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (746 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 747/862] platform/chrome: cros_ec: Notify the PM of wake events during resume Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 749/862] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Greg Kroah-Hartman
` (128 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jorge Lopez, Hans de Goede, Sasha Levin
From: Jorge Lopez <jorge.lopez2@hp.com>
[ Upstream commit 00b1829294b7c88ecba92c661fbe6fe347b364d2 ]
Error 0x06 (invalid command parameter) is reported by hp-wmi module
when reading the current thermal profile and then proceed to set it
back. The failing condition occurs in Linux NixOS after user
configures the thermal profile to ‘quiet mode’ in Windows. Quiet Fan
Mode is supported in Windows but was not supported in hp-wmi module.
This fix adds support for PLATFORM_PROFILE_QUIET in hp-wmi module for
HP notebooks other than HP Omen series. Quiet thermal profile is not
supported in HP Omen series notebooks.
Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
Link: https://lore.kernel.org/r/20220912192603.4001-1-jorge.lopez2@hp.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/hp-wmi.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
index bc7020e9df9e..fc8dbbd6fc7c 100644
--- a/drivers/platform/x86/hp-wmi.c
+++ b/drivers/platform/x86/hp-wmi.c
@@ -177,7 +177,8 @@ enum hp_thermal_profile_omen_v1 {
enum hp_thermal_profile {
HP_THERMAL_PROFILE_PERFORMANCE = 0x00,
HP_THERMAL_PROFILE_DEFAULT = 0x01,
- HP_THERMAL_PROFILE_COOL = 0x02
+ HP_THERMAL_PROFILE_COOL = 0x02,
+ HP_THERMAL_PROFILE_QUIET = 0x03,
};
#define IS_HWBLOCKED(x) ((x & HPWMI_POWER_FW_OR_HW) != HPWMI_POWER_FW_OR_HW)
@@ -1194,6 +1195,9 @@ static int hp_wmi_platform_profile_get(struct platform_profile_handler *pprof,
case HP_THERMAL_PROFILE_COOL:
*profile = PLATFORM_PROFILE_COOL;
break;
+ case HP_THERMAL_PROFILE_QUIET:
+ *profile = PLATFORM_PROFILE_QUIET;
+ break;
default:
return -EINVAL;
}
@@ -1216,6 +1220,9 @@ static int hp_wmi_platform_profile_set(struct platform_profile_handler *pprof,
case PLATFORM_PROFILE_COOL:
tp = HP_THERMAL_PROFILE_COOL;
break;
+ case PLATFORM_PROFILE_QUIET:
+ tp = HP_THERMAL_PROFILE_QUIET;
+ break;
default:
return -EOPNOTSUPP;
}
@@ -1263,6 +1270,8 @@ static int thermal_profile_setup(void)
platform_profile_handler.profile_get = hp_wmi_platform_profile_get;
platform_profile_handler.profile_set = hp_wmi_platform_profile_set;
+
+ set_bit(PLATFORM_PROFILE_QUIET, platform_profile_handler.choices);
}
set_bit(PLATFORM_PROFILE_COOL, platform_profile_handler.choices);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 749/862] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (747 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 748/862] platform/x86: hp-wmi: Setting thermal profile fails with 0x06 Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 750/862] ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS Greg Kroah-Hartman
` (127 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 2a2565272a3628e45d61625e36ef17af7af4e3de ]
On a MSI S270 with Fedora 37 x86_64 / systemd-251.4 the module does not
properly autoload.
This is likely caused by issues with how systemd-udevd handles the single
quote char (') which is part of the sys_vendor / chassis_vendor strings
on this laptop. As a workaround remove the single quote char + everything
behind it from the sys_vendor + chassis_vendor matches. This fixes
the module not autoloading.
Link: https://github.com/systemd/systemd/issues/24715
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220917210407.647432-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/msi-laptop.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
index 3e935303b143..0e804b6c2d24 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -596,11 +596,10 @@ static const struct dmi_system_id msi_dmi_table[] __initconst = {
{
.ident = "MSI S270",
.matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "MICRO-STAR INT'L CO.,LTD"),
+ DMI_MATCH(DMI_SYS_VENDOR, "MICRO-STAR INT"),
DMI_MATCH(DMI_PRODUCT_NAME, "MS-1013"),
DMI_MATCH(DMI_PRODUCT_VERSION, "0131"),
- DMI_MATCH(DMI_CHASSIS_VENDOR,
- "MICRO-STAR INT'L CO.,LTD")
+ DMI_MATCH(DMI_CHASSIS_VENDOR, "MICRO-STAR INT")
},
.driver_data = &quirk_old_ec_model,
.callback = dmi_check_cb
@@ -633,8 +632,7 @@ static const struct dmi_system_id msi_dmi_table[] __initconst = {
DMI_MATCH(DMI_SYS_VENDOR, "NOTEBOOK"),
DMI_MATCH(DMI_PRODUCT_NAME, "SAM2000"),
DMI_MATCH(DMI_PRODUCT_VERSION, "0131"),
- DMI_MATCH(DMI_CHASSIS_VENDOR,
- "MICRO-STAR INT'L CO.,LTD")
+ DMI_MATCH(DMI_CHASSIS_VENDOR, "MICRO-STAR INT")
},
.driver_data = &quirk_old_ec_model,
.callback = dmi_check_cb
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 750/862] ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (748 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 749/862] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 751/862] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Greg Kroah-Hartman
` (126 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ranjani Sridharan, Muralidhar Reddy,
Pierre-Louis Bossart, Mark Brown, Sasha Levin
From: Muralidhar Reddy <muralidhar.reddy@intel.com>
[ Upstream commit 9db1c9fa214ef41d098633ff40a87284ca6e1870 ]
added quirks for ESS8336 for AlderLake-PS
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Signed-off-by: Muralidhar Reddy <muralidhar.reddy@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220919114548.42769-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/hda/intel-dsp-config.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sound/hda/intel-dsp-config.c b/sound/hda/intel-dsp-config.c
index 5a478649f338..b9eb3208f288 100644
--- a/sound/hda/intel-dsp-config.c
+++ b/sound/hda/intel-dsp-config.c
@@ -427,6 +427,11 @@ static const struct config_entry config_table[] = {
.device = 0x51cd,
},
/* Alderlake-PS */
+ {
+ .flags = FLAG_SOF,
+ .device = 0x51c9,
+ .codec_hid = &essx_83x6,
+ },
{
.flags = FLAG_SOF | FLAG_SOF_ONLY_IF_DMIC_OR_SOUNDWIRE,
.device = 0x51c9,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 751/862] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (749 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 750/862] ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 752/862] ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component Greg Kroah-Hartman
` (125 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ranjani Sridharan, Chao Song,
Curtis Malainey, Jairaj Arava, Curtis Malainey,
Sathyanarayana Nujella, Pierre-Louis Bossart, Mark Brown,
Sasha Levin
From: Jairaj Arava <jairaj.arava@intel.com>
[ Upstream commit c1c1fc8103f794a10c5c15e3c17879caf4f42c8f ]
In some Chrome platforms if OEM's use their own string as SYS_VENDOR than
"Google", it leads to firmware load failure from intel/sof/community path.
Hence, changing SYS_VENDOR to PRODUCT_FAMILY in which "Google" is used
as common prefix and is supported in all Chrome platforms.
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Chao Song <chao.song@intel.com>
Reviewed-by: Curtis Malainey <curtis@malainey.com>
Signed-off-by: Jairaj Arava <jairaj.arava@intel.com>
Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
Signed-off-by: Sathyanarayana Nujella <sathyanarayana.nujella@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220919114429.42700-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/sof-pci-dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/sof/sof-pci-dev.c b/sound/soc/sof/sof-pci-dev.c
index d627092b399d..643fd1036d60 100644
--- a/sound/soc/sof/sof-pci-dev.c
+++ b/sound/soc/sof/sof-pci-dev.c
@@ -138,7 +138,7 @@ static const struct dmi_system_id community_key_platforms[] = {
.ident = "Google Chromebooks",
.callback = chromebook_use_community_key,
.matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "Google"),
+ DMI_MATCH(DMI_PRODUCT_FAMILY, "Google"),
}
},
{},
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 752/862] ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (750 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 751/862] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Greg Kroah-Hartman
@ 2022-10-19 8:33 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 753/862] ASoC: SOF: add quirk to override topology mclk_id Greg Kroah-Hartman
` (124 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikhail Rudenko, Mark Brown, Sasha Levin
From: Mikhail Rudenko <mike.rudenko@gmail.com>
[ Upstream commit 717a8ff20f32792d6a94f2883e771482c37d844b ]
At present, succesfull probing of H3 Codec results in an error
debugfs: Directory '1c22c00.codec' with parent 'H3 Audio Codec' already present!
This is caused by a directory name conflict between codec
components. Fix it by setting debugfs_prefix for the CPU DAI
component.
Signed-off-by: Mikhail Rudenko <mike.rudenko@gmail.com>
Link: https://lore.kernel.org/r/20220913212256.151799-2-mike.rudenko@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sunxi/sun4i-codec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/sunxi/sun4i-codec.c b/sound/soc/sunxi/sun4i-codec.c
index 830beb38bf15..fdf3165acd70 100644
--- a/sound/soc/sunxi/sun4i-codec.c
+++ b/sound/soc/sunxi/sun4i-codec.c
@@ -1232,6 +1232,9 @@ static const struct snd_soc_component_driver sun8i_a23_codec_codec = {
static const struct snd_soc_component_driver sun4i_codec_component = {
.name = "sun4i-codec",
.legacy_dai_naming = 1,
+#ifdef CONFIG_DEBUG_FS
+ .debugfs_prefix = "cpu",
+#endif
};
#define SUN4I_CODEC_RATES SNDRV_PCM_RATE_CONTINUOUS
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 753/862] ASoC: SOF: add quirk to override topology mclk_id
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (751 preceding siblings ...)
2022-10-19 8:33 ` [PATCH 6.0 752/862] ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 754/862] drm/amdgpu: SDMA update use unlocked iterator Greg Kroah-Hartman
` (123 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart, Kai Vehmanen,
Bard Liao, Mark Brown, Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit d136949dd8e2e309dc2f186507486b71cbe9acdb ]
Some Intel-based platforms rely on a topology file that hard-codes the
use of MCLK0. This is incorrect in 10% of the cases. Rather than
generating yet another set of topology files, this patch adds a kernel
module parameter to override the topology value.
In hindsight, we should never have allowed mclks to be specified in
topology, this is a hardware-level information that should not have
been visible in the topology.
Future patches will try to set this value automagically, e.g. by
parsing the NHLT content.
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20220919115350.43104-3-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/intel/hda.c | 11 +++++++++++
sound/soc/sof/ipc3-topology.c | 7 +++++++
sound/soc/sof/sof-priv.h | 4 ++++
3 files changed, 22 insertions(+)
diff --git a/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c
index 6d4ecbe14adf..ada2e6775749 100644
--- a/sound/soc/sof/intel/hda.c
+++ b/sound/soc/sof/intel/hda.c
@@ -376,6 +376,10 @@ static int dmic_num_override = -1;
module_param_named(dmic_num, dmic_num_override, int, 0444);
MODULE_PARM_DESC(dmic_num, "SOF HDA DMIC number");
+static int mclk_id_override = -1;
+module_param_named(mclk_id, mclk_id_override, int, 0444);
+MODULE_PARM_DESC(mclk_id, "SOF SSP mclk_id");
+
#if IS_ENABLED(CONFIG_SND_SOC_SOF_HDA)
static bool hda_codec_use_common_hdmi = IS_ENABLED(CONFIG_SND_HDA_CODEC_HDMI);
module_param_named(use_common_hdmi, hda_codec_use_common_hdmi, bool, 0444);
@@ -1565,6 +1569,13 @@ struct snd_soc_acpi_mach *hda_machine_select(struct snd_sof_dev *sdev)
sof_pdata->tplg_filename = tplg_filename;
}
+
+ /* check if mclk_id should be modified from topology defaults */
+ if (mclk_id_override >= 0) {
+ dev_info(sdev->dev, "Overriding topology with MCLK %d from kernel_parameter\n", mclk_id_override);
+ sdev->mclk_id_override = true;
+ sdev->mclk_id_quirk = mclk_id_override;
+ }
}
/*
diff --git a/sound/soc/sof/ipc3-topology.c b/sound/soc/sof/ipc3-topology.c
index 65923e7a5976..a39b43850f0e 100644
--- a/sound/soc/sof/ipc3-topology.c
+++ b/sound/soc/sof/ipc3-topology.c
@@ -1249,6 +1249,7 @@ static int sof_link_afe_load(struct snd_soc_component *scomp, struct snd_sof_dai
static int sof_link_ssp_load(struct snd_soc_component *scomp, struct snd_sof_dai_link *slink,
struct sof_ipc_dai_config *config, struct snd_sof_dai *dai)
{
+ struct snd_sof_dev *sdev = snd_soc_component_get_drvdata(scomp);
struct snd_soc_tplg_hw_config *hw_config = slink->hw_configs;
struct sof_dai_private_data *private = dai->private;
u32 size = sizeof(*config);
@@ -1273,6 +1274,12 @@ static int sof_link_ssp_load(struct snd_soc_component *scomp, struct snd_sof_dai
config[i].hdr.size = size;
+ if (sdev->mclk_id_override) {
+ dev_dbg(scomp->dev, "tplg: overriding topology mclk_id %d by quirk %d\n",
+ config[i].ssp.mclk_id, sdev->mclk_id_quirk);
+ config[i].ssp.mclk_id = sdev->mclk_id_quirk;
+ }
+
/* copy differentiating hw configs to ipc structs */
config[i].ssp.mclk_rate = le32_to_cpu(hw_config[i].mclk_rate);
config[i].ssp.bclk_rate = le32_to_cpu(hw_config[i].bclk_rate);
diff --git a/sound/soc/sof/sof-priv.h b/sound/soc/sof/sof-priv.h
index 823583086279..828c74bb75f8 100644
--- a/sound/soc/sof/sof-priv.h
+++ b/sound/soc/sof/sof-priv.h
@@ -594,6 +594,10 @@ struct snd_sof_dev {
/* to protect the ipc_rx_handler_list and dsp_state_handler_list list */
struct mutex client_event_handler_mutex;
+ /* quirks to override topology values */
+ bool mclk_id_override;
+ u16 mclk_id_quirk; /* same size as in IPC3 definitions */
+
void *private; /* core does not touch this */
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 754/862] drm/amdgpu: SDMA update use unlocked iterator
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (752 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 753/862] ASoC: SOF: add quirk to override topology mclk_id Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 755/862] drm/amd/display: Fix urgent latency override for DCN32/DCN321 Greg Kroah-Hartman
` (122 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philip Yang, Felix Kuehling,
Christian König, Alex Deucher, Sasha Levin
From: Philip Yang <Philip.Yang@amd.com>
[ Upstream commit 3913f0179ba366f7d7d160c506ce00de1602bbc4 ]
SDMA update page table may be called from unlocked context, this
generate below warning. Use unlocked iterator to handle this case.
WARNING: CPU: 0 PID: 1475 at
drivers/dma-buf/dma-resv.c:483 dma_resv_iter_next
Call Trace:
dma_resv_iter_first+0x43/0xa0
amdgpu_vm_sdma_update+0x69/0x2d0 [amdgpu]
amdgpu_vm_ptes_update+0x29c/0x870 [amdgpu]
amdgpu_vm_update_range+0x2f6/0x6c0 [amdgpu]
svm_range_unmap_from_gpus+0x115/0x300 [amdgpu]
svm_range_cpu_invalidate_pagetables+0x510/0x5e0 [amdgpu]
__mmu_notifier_invalidate_range_start+0x1d3/0x230
unmap_vmas+0x140/0x150
unmap_region+0xa8/0x110
Signed-off-by: Philip Yang <Philip.Yang@amd.com>
Suggested-by: Felix Kuehling <felix.kuehling@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c
index 1fd3cbca20a2..718db7d98e5a 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c
@@ -211,12 +211,15 @@ static int amdgpu_vm_sdma_update(struct amdgpu_vm_update_params *p,
int r;
/* Wait for PD/PT moves to be completed */
- dma_resv_for_each_fence(&cursor, bo->tbo.base.resv,
- DMA_RESV_USAGE_KERNEL, fence) {
+ dma_resv_iter_begin(&cursor, bo->tbo.base.resv, DMA_RESV_USAGE_KERNEL);
+ dma_resv_for_each_fence_unlocked(&cursor, fence) {
r = amdgpu_sync_fence(&p->job->sync, fence);
- if (r)
+ if (r) {
+ dma_resv_iter_end(&cursor);
return r;
+ }
}
+ dma_resv_iter_end(&cursor);
do {
ndw = p->num_dw_left;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 755/862] drm/amd/display: Fix urgent latency override for DCN32/DCN321
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (753 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 754/862] drm/amdgpu: SDMA update use unlocked iterator Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 756/862] drm/amd/display: correct hostvm flag Greg Kroah-Hartman
` (121 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alvin Lee, Nevenko Stupar, Wayne Lin,
George Shen, Daniel Wheeler, Alex Deucher, Sasha Levin
From: George Shen <george.shen@amd.com>
[ Upstream commit e7f2f4cd67443ce308480ca461806fcc3456e0ba ]
[Why]
The urgent latency override is useful when debugging issues
relating to underflow.
Current overridden variable is not correct and has no effect
on DCN3.2 and DCN3.21 DML calculations.
[How]
For DCN3.2 and DCN3.21, override the correct urgent latency
variable when bounding box override is present.
Reviewed-by: Alvin Lee <alvin.lee2@amd.com>
Reviewed-by: Nevenko Stupar <Nevenko.Stupar@amd.com>
Acked-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: George Shen <george.shen@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 1 +
drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
index e573e706430d..b9d3a4000c3d 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c
@@ -2199,6 +2199,7 @@ void dcn32_update_bw_bounding_box_fpu(struct dc *dc, struct clk_bw_params *bw_pa
if ((int)(dcn3_2_soc.urgent_latency_us * 1000) != dc->bb_overrides.urgent_latency_ns
&& dc->bb_overrides.urgent_latency_ns) {
dcn3_2_soc.urgent_latency_us = dc->bb_overrides.urgent_latency_ns / 1000.0;
+ dcn3_2_soc.urgent_latency_pixel_data_only_us = dc->bb_overrides.urgent_latency_ns / 1000.0;
}
if ((int)(dcn3_2_soc.dram_clock_change_latency_us * 1000)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c
index c87091683b5d..b6369758b491 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c
@@ -489,6 +489,7 @@ void dcn321_update_bw_bounding_box_fpu(struct dc *dc, struct clk_bw_params *bw_p
if ((int)(dcn3_21_soc.urgent_latency_us * 1000) != dc->bb_overrides.urgent_latency_ns
&& dc->bb_overrides.urgent_latency_ns) {
dcn3_21_soc.urgent_latency_us = dc->bb_overrides.urgent_latency_ns / 1000.0;
+ dcn3_21_soc.urgent_latency_pixel_data_only_us = dc->bb_overrides.urgent_latency_ns / 1000.0;
}
if ((int)(dcn3_21_soc.dram_clock_change_latency_us * 1000)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 756/862] drm/amd/display: correct hostvm flag
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (754 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 755/862] drm/amd/display: Fix urgent latency override for DCN32/DCN321 Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 757/862] drm/amdgpu: fix initial connector audio value Greg Kroah-Hartman
` (120 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charlene Liu, Wayne Lin, Sherry Wang,
Daniel Wheeler, Alex Deucher, Sasha Levin
From: Sherry Wang <Yao.Wang1@amd.com>
[ Upstream commit 796d6a37ff5ffaf9f2dc0f3f4bf9f4a1034c00de ]
[Why]
Hostvm should be enabled/disabled accordding to
the status of riommu_active, but hostvm always
be disabled on DCN31 which causes underflow
[How]
Set correct hostvm flag on DCN31
Reviewed-by: Charlene Liu <Charlene.Liu@amd.com>
Acked-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: Sherry Wang <Yao.Wang1@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
index aedff18aff56..2e5a21856eee 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
@@ -891,7 +891,7 @@ static const struct dc_debug_options debug_defaults_drv = {
.optimize_edp_link_rate = true,
.enable_sw_cntl_psr = true,
.enable_z9_disable_interface = true, /* Allow support for the PMFW interface for disable Z9*/
- .dml_hostvm_override = DML_HOSTVM_OVERRIDE_FALSE,
+ .dml_hostvm_override = DML_HOSTVM_NO_OVERRIDE,
};
static const struct dc_debug_options debug_defaults_diags = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 757/862] drm/amdgpu: fix initial connector audio value
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (755 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 756/862] drm/amd/display: correct hostvm flag Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 758/862] ASoC: amd: yc: Add ASUS UM5302TA into DMI table Greg Kroah-Hartman
` (119 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, hongao, Alex Deucher, Sasha Levin
From: hongao <hongao@uniontech.com>
[ Upstream commit 4bb71fce58f30df3f251118291d6b0187ce531e6 ]
This got lost somewhere along the way, This fixes
audio not working until set_property was called.
Signed-off-by: hongao <hongao@uniontech.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
index b7933c2ce765..491d4846fc02 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
@@ -1674,10 +1674,12 @@ amdgpu_connector_add(struct amdgpu_device *adev,
adev->mode_info.dither_property,
AMDGPU_FMT_DITHER_DISABLE);
- if (amdgpu_audio != 0)
+ if (amdgpu_audio != 0) {
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
+ }
subpixel_order = SubPixelHorizontalRGB;
connector->interlace_allowed = true;
@@ -1799,6 +1801,7 @@ amdgpu_connector_add(struct amdgpu_device *adev,
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
}
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.dither_property,
@@ -1852,6 +1855,7 @@ amdgpu_connector_add(struct amdgpu_device *adev,
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
}
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.dither_property,
@@ -1902,6 +1906,7 @@ amdgpu_connector_add(struct amdgpu_device *adev,
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.audio_property,
AMDGPU_AUDIO_AUTO);
+ amdgpu_connector->audio = AMDGPU_AUDIO_AUTO;
}
drm_object_attach_property(&amdgpu_connector->base.base,
adev->mode_info.dither_property,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 758/862] ASoC: amd: yc: Add ASUS UM5302TA into DMI table
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (756 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 757/862] drm/amdgpu: fix initial connector audio value Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 759/862] ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table Greg Kroah-Hartman
` (118 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaoyan Li, Mario Limonciello,
Mark Brown, Sasha Levin
From: Xiaoyan Li <lxy.lixiaoyan@gmail.com>
[ Upstream commit 4df5b13dec9e1b5a12db47ee92eb3f7da5c3deb5 ]
ASUS Zenbook S 13 OLED (UM5302TA) needs this quirk to get the built-in
microphone working properly.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216270
Signed-off-by: Xiaoyan Li <lxy.lixiaoyan@gmail.com>
Suggested-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20220920201436.19734-2-mario.limonciello@amd.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index e0b24e1daef3..5eab3baf3573 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -171,6 +171,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "21J6"),
}
},
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "UM5302TA"),
+ }
+ },
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 759/862] ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (757 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 758/862] ASoC: amd: yc: Add ASUS UM5302TA into DMI table Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 760/862] drm/meson: reorder driver deinit sequence to fix use-after-free bug Greg Kroah-Hartman
` (117 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian S, Mario Limonciello,
Mark Brown, Sasha Levin, Travis Glenn Hansen
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 2232b2dd8cd4f1e6d554b2c3f6899ce36f791b67 ]
Lenovo Yoga Slim 7 Pro X has an ACP DMIC that isn't specified in the
ASL or existing quirk list. Add it to the quirk table to let DMIC
work on these systems.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216299
Tested-by: Sebastian S <iam@decentr.al>
Reported-and-tested-by: Travis Glenn Hansen <travisghansen@yahoo.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20220920201436.19734-3-mario.limonciello@amd.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index 5eab3baf3573..2cb50d5cf1a9 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -171,6 +171,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "21J6"),
}
},
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "82"),
+ }
+ },
{
.driver_data = &acp6x_card,
.matches = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 760/862] drm/meson: reorder driver deinit sequence to fix use-after-free bug
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (758 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 759/862] ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 761/862] drm/meson: explicitly remove aggregate driver at module unload time Greg Kroah-Hartman
` (116 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrián Larumbe, Neil Armstrong,
Sasha Levin
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit 31c519981eb141c7ec39bfd5be25d35f02edb868 ]
Unloading the driver triggers the following KASAN warning:
[ +0.006275] =============================================================
[ +0.000029] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0x1a0
[ +0.000026] Read of size 8 at addr ffff000020c395e0 by task rmmod/2695
[ +0.000019] CPU: 5 PID: 2695 Comm: rmmod Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1
[ +0.000013] Hardware name: Hardkernel ODROID-N2Plus (DT)
[ +0.000008] Call trace:
[ +0.000007] dump_backtrace+0x1ec/0x280
[ +0.000013] show_stack+0x24/0x80
[ +0.000008] dump_stack_lvl+0x98/0xd4
[ +0.000011] print_address_description.constprop.0+0x80/0x520
[ +0.000011] print_report+0x128/0x260
[ +0.000007] kasan_report+0xb8/0xfc
[ +0.000008] __asan_report_load8_noabort+0x3c/0x50
[ +0.000010] __list_del_entry_valid+0xe0/0x1a0
[ +0.000009] drm_atomic_private_obj_fini+0x30/0x200 [drm]
[ +0.000172] drm_bridge_detach+0x94/0x260 [drm]
[ +0.000145] drm_encoder_cleanup+0xa4/0x290 [drm]
[ +0.000144] drm_mode_config_cleanup+0x118/0x740 [drm]
[ +0.000143] drm_mode_config_init_release+0x1c/0x2c [drm]
[ +0.000144] drm_managed_release+0x170/0x414 [drm]
[ +0.000142] drm_dev_put.part.0+0xc0/0x124 [drm]
[ +0.000143] drm_dev_put+0x20/0x30 [drm]
[ +0.000142] meson_drv_unbind+0x1d8/0x2ac [meson_drm]
[ +0.000028] take_down_aggregate_device+0xb0/0x160
[ +0.000016] component_del+0x18c/0x360
[ +0.000009] meson_dw_hdmi_remove+0x28/0x40 [meson_dw_hdmi]
[ +0.000015] platform_remove+0x64/0xb0
[ +0.000009] device_remove+0xb8/0x154
[ +0.000009] device_release_driver_internal+0x398/0x5b0
[ +0.000009] driver_detach+0xac/0x1b0
[ +0.000009] bus_remove_driver+0x158/0x29c
[ +0.000009] driver_unregister+0x70/0xb0
[ +0.000008] platform_driver_unregister+0x20/0x2c
[ +0.000008] meson_dw_hdmi_platform_driver_exit+0x1c/0x30 [meson_dw_hdmi]
[ +0.000012] __do_sys_delete_module+0x288/0x400
[ +0.000011] __arm64_sys_delete_module+0x5c/0x80
[ +0.000009] invoke_syscall+0x74/0x260
[ +0.000009] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000009] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000012] el0t_64_sync_handler+0x11c/0x150
[ +0.000008] el0t_64_sync+0x18c/0x190
[ +0.000018] Allocated by task 0:
[ +0.000007] (stack is not available)
[ +0.000011] Freed by task 2695:
[ +0.000008] kasan_save_stack+0x2c/0x5c
[ +0.000011] kasan_set_track+0x2c/0x40
[ +0.000008] kasan_set_free_info+0x28/0x50
[ +0.000009] ____kasan_slab_free+0x128/0x1d4
[ +0.000008] __kasan_slab_free+0x18/0x24
[ +0.000007] slab_free_freelist_hook+0x108/0x230
[ +0.000011] kfree+0x110/0x35c
[ +0.000008] release_nodes+0xf0/0x16c
[ +0.000009] devres_release_group+0x180/0x270
[ +0.000008] component_unbind+0x128/0x1e0
[ +0.000010] component_unbind_all+0x1b8/0x264
[ +0.000009] meson_drv_unbind+0x1a0/0x2ac [meson_drm]
[ +0.000025] take_down_aggregate_device+0xb0/0x160
[ +0.000009] component_del+0x18c/0x360
[ +0.000009] meson_dw_hdmi_remove+0x28/0x40 [meson_dw_hdmi]
[ +0.000012] platform_remove+0x64/0xb0
[ +0.000008] device_remove+0xb8/0x154
[ +0.000009] device_release_driver_internal+0x398/0x5b0
[ +0.000009] driver_detach+0xac/0x1b0
[ +0.000009] bus_remove_driver+0x158/0x29c
[ +0.000008] driver_unregister+0x70/0xb0
[ +0.000008] platform_driver_unregister+0x20/0x2c
[ +0.000008] meson_dw_hdmi_platform_driver_exit+0x1c/0x30 [meson_dw_hdmi]
[ +0.000011] __do_sys_delete_module+0x288/0x400
[ +0.000010] __arm64_sys_delete_module+0x5c/0x80
[ +0.000008] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000008] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000009] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000014] The buggy address belongs to the object at ffff000020c39000
which belongs to the cache kmalloc-4k of size 4096
[ +0.000008] The buggy address is located 1504 bytes inside of
4096-byte region [ffff000020c39000, ffff000020c3a000)
[ +0.000016] The buggy address belongs to the physical page:
[ +0.000009] page:fffffc0000830e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20c38
[ +0.000013] head:fffffc0000830e00 order:3 compound_mapcount:0 compound_pincount:0
[ +0.000008] flags: 0xffff00000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
[ +0.000019] raw: 0ffff00000010200 fffffc0000fd4808 fffffc0000126208 ffff000000002e80
[ +0.000009] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ +0.000008] page dumped because: kasan: bad access detected
[ +0.000011] Memory state around the buggy address:
[ +0.000008] ffff000020c39480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ffff000020c39500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] >ffff000020c39580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ^
[ +0.000007] ffff000020c39600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ffff000020c39680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000006] ==================================================================
The reason this is happening is unloading meson-dw-hdmi will cause the
component API to take down the aggregate device, which in turn will cause
all devres-managed memory to be freed, including the struct dw_hdmi
allocated in dw_hdmi_probe. This struct embeds a struct drm_bridge that is
added at the end of the function, and which is later on picked up in
meson_encoder_hdmi_init.
However, when attaching the bridge to the encoder created in
meson_encoder_hdmi_init, it's linked to the encoder's bridge chain, from
where it never leaves, even after devres_release_group is called when the
driver's components are unbound and the embedding structure freed.
Then, when calling drm_dev_put in the aggregate driver's unbind function,
drm_bridge_detach is called for every single bridge linked to the encoder,
including the one whose memory had already been deallocated.
Fix by calling component_unbind_all after drm_dev_put.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220919010940.419893-2-adrian.larumbe@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/meson/meson_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
index bd4ca11d3ff5..7df149d42728 100644
--- a/drivers/gpu/drm/meson/meson_drv.c
+++ b/drivers/gpu/drm/meson/meson_drv.c
@@ -388,9 +388,9 @@ static void meson_drv_unbind(struct device *dev)
drm_dev_unregister(drm);
drm_kms_helper_poll_fini(drm);
drm_atomic_helper_shutdown(drm);
- component_unbind_all(dev, drm);
free_irq(priv->vsync_irq, drm);
drm_dev_put(drm);
+ component_unbind_all(dev, drm);
if (priv->afbcd.ops)
priv->afbcd.ops->exit(priv);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 761/862] drm/meson: explicitly remove aggregate driver at module unload time
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (759 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 760/862] drm/meson: reorder driver deinit sequence to fix use-after-free bug Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 762/862] drm/meson: remove drm bridges at aggregate driver unbind time Greg Kroah-Hartman
` (115 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrián Larumbe, Neil Armstrong,
Sasha Levin
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit 8616f2a0589a80e08434212324250eb22f6a66ce ]
Because component_master_del wasn't being called when unloading the
meson_drm module, the aggregate device would linger forever in the global
aggregate_devices list. That means when unloading and reloading the
meson_dw_hdmi module, component_add would call into
try_to_bring_up_aggregate_device and find the unbound meson_drm aggregate
device.
This would in turn dereference some of the aggregate_device's struct
entries which point to memory automatically freed by the devres API when
unbinding the aggregate device from meson_drv_unbind, and trigger an
use-after-free bug:
[ +0.000014] =============================================================
[ +0.000007] BUG: KASAN: use-after-free in find_components+0x468/0x500
[ +0.000017] Read of size 8 at addr ffff000006731688 by task modprobe/2536
[ +0.000018] CPU: 4 PID: 2536 Comm: modprobe Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1
[ +0.000010] Hardware name: Hardkernel ODROID-N2Plus (DT)
[ +0.000008] Call trace:
[ +0.000005] dump_backtrace+0x1ec/0x280
[ +0.000011] show_stack+0x24/0x80
[ +0.000007] dump_stack_lvl+0x98/0xd4
[ +0.000010] print_address_description.constprop.0+0x80/0x520
[ +0.000011] print_report+0x128/0x260
[ +0.000007] kasan_report+0xb8/0xfc
[ +0.000007] __asan_report_load8_noabort+0x3c/0x50
[ +0.000009] find_components+0x468/0x500
[ +0.000008] try_to_bring_up_aggregate_device+0x64/0x390
[ +0.000009] __component_add+0x1dc/0x49c
[ +0.000009] component_add+0x20/0x30
[ +0.000008] meson_dw_hdmi_probe+0x28/0x34 [meson_dw_hdmi]
[ +0.000013] platform_probe+0xd0/0x220
[ +0.000008] really_probe+0x3ac/0xa80
[ +0.000008] __driver_probe_device+0x1f8/0x400
[ +0.000008] driver_probe_device+0x68/0x1b0
[ +0.000008] __driver_attach+0x20c/0x480
[ +0.000009] bus_for_each_dev+0x114/0x1b0
[ +0.000007] driver_attach+0x48/0x64
[ +0.000009] bus_add_driver+0x390/0x564
[ +0.000007] driver_register+0x1a8/0x3e4
[ +0.000009] __platform_driver_register+0x6c/0x94
[ +0.000007] meson_dw_hdmi_platform_driver_init+0x30/0x1000 [meson_dw_hdmi]
[ +0.000014] do_one_initcall+0xc4/0x2b0
[ +0.000008] do_init_module+0x154/0x570
[ +0.000010] load_module+0x1a78/0x1ea4
[ +0.000008] __do_sys_init_module+0x184/0x1cc
[ +0.000008] __arm64_sys_init_module+0x78/0xb0
[ +0.000008] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000009] do_el0_svc+0x50/0x70
[ +0.000008] el0_svc+0x68/0x1a0
[ +0.000009] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000014] Allocated by task 902:
[ +0.000007] kasan_save_stack+0x2c/0x5c
[ +0.000009] __kasan_kmalloc+0x90/0xd0
[ +0.000007] __kmalloc_node+0x240/0x580
[ +0.000010] memcg_alloc_slab_cgroups+0xa4/0x1ac
[ +0.000010] memcg_slab_post_alloc_hook+0xbc/0x4c0
[ +0.000008] kmem_cache_alloc_node+0x1d0/0x490
[ +0.000009] __alloc_skb+0x1d4/0x310
[ +0.000010] alloc_skb_with_frags+0x8c/0x620
[ +0.000008] sock_alloc_send_pskb+0x5ac/0x6d0
[ +0.000010] unix_dgram_sendmsg+0x2e0/0x12f0
[ +0.000010] sock_sendmsg+0xcc/0x110
[ +0.000007] sock_write_iter+0x1d0/0x304
[ +0.000008] new_sync_write+0x364/0x460
[ +0.000007] vfs_write+0x420/0x5ac
[ +0.000008] ksys_write+0x19c/0x1f0
[ +0.000008] __arm64_sys_write+0x78/0xb0
[ +0.000007] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0x1a8/0x260
[ +0.000009] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000008] el0t_64_sync_handler+0x11c/0x150
[ +0.000008] el0t_64_sync+0x18c/0x190
[ +0.000013] Freed by task 2509:
[ +0.000008] kasan_save_stack+0x2c/0x5c
[ +0.000007] kasan_set_track+0x2c/0x40
[ +0.000008] kasan_set_free_info+0x28/0x50
[ +0.000008] ____kasan_slab_free+0x128/0x1d4
[ +0.000008] __kasan_slab_free+0x18/0x24
[ +0.000007] slab_free_freelist_hook+0x108/0x230
[ +0.000010] kfree+0x110/0x35c
[ +0.000008] release_nodes+0xf0/0x16c
[ +0.000008] devres_release_all+0xfc/0x180
[ +0.000008] device_unbind_cleanup+0x24/0x164
[ +0.000008] device_release_driver_internal+0x3e8/0x5b0
[ +0.000010] driver_detach+0xac/0x1b0
[ +0.000008] bus_remove_driver+0x158/0x29c
[ +0.000008] driver_unregister+0x70/0xb0
[ +0.000009] platform_driver_unregister+0x20/0x2c
[ +0.000007] 0xffff800003722d98
[ +0.000012] __do_sys_delete_module+0x288/0x400
[ +0.000009] __arm64_sys_delete_module+0x5c/0x80
[ +0.000008] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000008] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000008] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000013] Last potentially related work creation:
[ +0.000007] kasan_save_stack+0x2c/0x5c
[ +0.000007] __kasan_record_aux_stack+0xb8/0xf0
[ +0.000009] kasan_record_aux_stack_noalloc+0x14/0x20
[ +0.000008] insert_work+0x54/0x290
[ +0.000009] __queue_work+0x48c/0xd24
[ +0.000008] queue_work_on+0x90/0x11c
[ +0.000008] call_usermodehelper_exec+0x188/0x404
[ +0.000010] kobject_uevent_env+0x5a8/0x794
[ +0.000010] kobject_uevent+0x14/0x20
[ +0.000008] driver_register+0x230/0x3e4
[ +0.000009] __platform_driver_register+0x6c/0x94
[ +0.000007] gxbb_driver_init+0x28/0x34
[ +0.000010] do_one_initcall+0xc4/0x2b0
[ +0.000008] do_initcalls+0x20c/0x24c
[ +0.000010] kernel_init_freeable+0x22c/0x278
[ +0.000009] kernel_init+0x3c/0x170
[ +0.000008] ret_from_fork+0x10/0x20
[ +0.000013] The buggy address belongs to the object at ffff000006731600
which belongs to the cache kmalloc-256 of size 256
[ +0.000009] The buggy address is located 136 bytes inside of
256-byte region [ffff000006731600, ffff000006731700)
[ +0.000015] The buggy address belongs to the physical page:
[ +0.000008] page:fffffc000019cc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff000006730a00 pfn:0x6730
[ +0.000011] head:fffffc000019cc00 order:2 compound_mapcount:0 compound_pincount:0
[ +0.000008] flags: 0xffff00000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
[ +0.000016] raw: 0ffff00000010200 fffffc00000c3d08 fffffc0000ef2b08 ffff000000002680
[ +0.000009] raw: ffff000006730a00 0000000000150014 00000001ffffffff 0000000000000000
[ +0.000006] page dumped because: kasan: bad access detected
[ +0.000011] Memory state around the buggy address:
[ +0.000007] ffff000006731580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ +0.000007] ffff000006731600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] >ffff000006731680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ^
[ +0.000006] ffff000006731700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ +0.000007] ffff000006731780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ +0.000006] ==================================================================
Fix by adding 'remove' driver callback for meson-drm, and explicitly deleting the
aggregate device.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220919010940.419893-3-adrian.larumbe@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/meson/meson_drv.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
index 7df149d42728..8444d90165fb 100644
--- a/drivers/gpu/drm/meson/meson_drv.c
+++ b/drivers/gpu/drm/meson/meson_drv.c
@@ -493,6 +493,13 @@ static int meson_drv_probe(struct platform_device *pdev)
return 0;
};
+static int meson_drv_remove(struct platform_device *pdev)
+{
+ component_master_del(&pdev->dev, &meson_drv_master_ops);
+
+ return 0;
+}
+
static struct meson_drm_match_data meson_drm_gxbb_data = {
.compat = VPU_COMPATIBLE_GXBB,
};
@@ -530,6 +537,7 @@ static const struct dev_pm_ops meson_drv_pm_ops = {
static struct platform_driver meson_drm_platform_driver = {
.probe = meson_drv_probe,
+ .remove = meson_drv_remove,
.shutdown = meson_drv_shutdown,
.driver = {
.name = "meson-drm",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 762/862] drm/meson: remove drm bridges at aggregate driver unbind time
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (760 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 761/862] drm/meson: explicitly remove aggregate driver at module unload time Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 763/862] mmc: sdhci-msm: add compatible string check for sdm670 Greg Kroah-Hartman
` (114 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrián Larumbe, Neil Armstrong,
Sasha Levin
From: Adrián Larumbe <adrian.larumbe@collabora.com>
[ Upstream commit 09847723c12fc2753749cec3939a02ee92dac468 ]
drm bridges added by meson_encoder_hdmi_init and meson_encoder_cvbs_init
were not manually removed at module unload time, which caused dangling
references to freed memory to remain linked in the global bridge_list.
When loading the driver modules back in, the same functions would again
call drm_bridge_add, and when traversing the global bridge_list, would
end up peeking into freed memory.
Once again KASAN revealed the problem:
[ +0.000095] =============================================================
[ +0.000008] BUG: KASAN: use-after-free in __list_add_valid+0x9c/0x120
[ +0.000018] Read of size 8 at addr ffff00003da291f0 by task modprobe/2483
[ +0.000018] CPU: 3 PID: 2483 Comm: modprobe Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1
[ +0.000011] Hardware name: Hardkernel ODROID-N2Plus (DT)
[ +0.000008] Call trace:
[ +0.000006] dump_backtrace+0x1ec/0x280
[ +0.000012] show_stack+0x24/0x80
[ +0.000008] dump_stack_lvl+0x98/0xd4
[ +0.000011] print_address_description.constprop.0+0x80/0x520
[ +0.000011] print_report+0x128/0x260
[ +0.000008] kasan_report+0xb8/0xfc
[ +0.000008] __asan_report_load8_noabort+0x3c/0x50
[ +0.000009] __list_add_valid+0x9c/0x120
[ +0.000009] drm_bridge_add+0x6c/0x104 [drm]
[ +0.000165] dw_hdmi_probe+0x1900/0x2360 [dw_hdmi]
[ +0.000022] meson_dw_hdmi_bind+0x520/0x814 [meson_dw_hdmi]
[ +0.000014] component_bind+0x174/0x520
[ +0.000012] component_bind_all+0x1a8/0x38c
[ +0.000010] meson_drv_bind_master+0x5e8/0xb74 [meson_drm]
[ +0.000032] meson_drv_bind+0x20/0x2c [meson_drm]
[ +0.000027] try_to_bring_up_aggregate_device+0x19c/0x390
[ +0.000010] component_master_add_with_match+0x1c8/0x284
[ +0.000009] meson_drv_probe+0x274/0x280 [meson_drm]
[ +0.000026] platform_probe+0xd0/0x220
[ +0.000009] really_probe+0x3ac/0xa80
[ +0.000009] __driver_probe_device+0x1f8/0x400
[ +0.000009] driver_probe_device+0x68/0x1b0
[ +0.000009] __driver_attach+0x20c/0x480
[ +0.000008] bus_for_each_dev+0x114/0x1b0
[ +0.000009] driver_attach+0x48/0x64
[ +0.000008] bus_add_driver+0x390/0x564
[ +0.000009] driver_register+0x1a8/0x3e4
[ +0.000009] __platform_driver_register+0x6c/0x94
[ +0.000008] meson_drm_platform_driver_init+0x3c/0x1000 [meson_drm]
[ +0.000027] do_one_initcall+0xc4/0x2b0
[ +0.000011] do_init_module+0x154/0x570
[ +0.000011] load_module+0x1a78/0x1ea4
[ +0.000008] __do_sys_init_module+0x184/0x1cc
[ +0.000009] __arm64_sys_init_module+0x78/0xb0
[ +0.000009] invoke_syscall+0x74/0x260
[ +0.000009] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000008] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000012] el0t_64_sync_handler+0x11c/0x150
[ +0.000008] el0t_64_sync+0x18c/0x190
[ +0.000016] Allocated by task 879:
[ +0.000008] kasan_save_stack+0x2c/0x5c
[ +0.000011] __kasan_kmalloc+0x90/0xd0
[ +0.000007] __kmalloc+0x278/0x4a0
[ +0.000011] mpi_resize+0x13c/0x1d0
[ +0.000011] mpi_powm+0xd24/0x1570
[ +0.000009] rsa_enc+0x1a4/0x30c
[ +0.000009] pkcs1pad_verify+0x3f0/0x580
[ +0.000009] public_key_verify_signature+0x7a8/0xba4
[ +0.000010] public_key_verify_signature_2+0x40/0x60
[ +0.000008] verify_signature+0xb4/0x114
[ +0.000008] pkcs7_validate_trust_one.constprop.0+0x3b8/0x574
[ +0.000009] pkcs7_validate_trust+0xb8/0x15c
[ +0.000008] verify_pkcs7_message_sig+0xec/0x1b0
[ +0.000012] verify_pkcs7_signature+0x78/0xac
[ +0.000007] mod_verify_sig+0x110/0x190
[ +0.000009] module_sig_check+0x114/0x1e0
[ +0.000009] load_module+0xa0/0x1ea4
[ +0.000008] __do_sys_init_module+0x184/0x1cc
[ +0.000008] __arm64_sys_init_module+0x78/0xb0
[ +0.000008] invoke_syscall+0x74/0x260
[ +0.000009] el0_svc_common.constprop.0+0x1a8/0x260
[ +0.000008] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000009] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000013] Freed by task 2422:
[ +0.000008] kasan_save_stack+0x2c/0x5c
[ +0.000009] kasan_set_track+0x2c/0x40
[ +0.000007] kasan_set_free_info+0x28/0x50
[ +0.000009] ____kasan_slab_free+0x128/0x1d4
[ +0.000008] __kasan_slab_free+0x18/0x24
[ +0.000007] slab_free_freelist_hook+0x108/0x230
[ +0.000010] kfree+0x110/0x35c
[ +0.000008] release_nodes+0xf0/0x16c
[ +0.000009] devres_release_group+0x180/0x270
[ +0.000008] take_down_aggregate_device+0xcc/0x160
[ +0.000010] component_del+0x18c/0x360
[ +0.000009] meson_dw_hdmi_remove+0x28/0x40 [meson_dw_hdmi]
[ +0.000013] platform_remove+0x64/0xb0
[ +0.000008] device_remove+0xb8/0x154
[ +0.000009] device_release_driver_internal+0x398/0x5b0
[ +0.000009] driver_detach+0xac/0x1b0
[ +0.000009] bus_remove_driver+0x158/0x29c
[ +0.000008] driver_unregister+0x70/0xb0
[ +0.000009] platform_driver_unregister+0x20/0x2c
[ +0.000007] meson_dw_hdmi_platform_driver_exit+0x1c/0x30 [meson_dw_hdmi]
[ +0.000012] __do_sys_delete_module+0x288/0x400
[ +0.000009] __arm64_sys_delete_module+0x5c/0x80
[ +0.000009] invoke_syscall+0x74/0x260
[ +0.000008] el0_svc_common.constprop.0+0xcc/0x260
[ +0.000008] do_el0_svc+0x50/0x70
[ +0.000007] el0_svc+0x68/0x1a0
[ +0.000008] el0t_64_sync_handler+0x11c/0x150
[ +0.000009] el0t_64_sync+0x18c/0x190
[ +0.000013] The buggy address belongs to the object at ffff00003da29000
which belongs to the cache kmalloc-1k of size 1024
[ +0.000008] The buggy address is located 496 bytes inside of
1024-byte region [ffff00003da29000, ffff00003da29400)
[ +0.000015] The buggy address belongs to the physical page:
[ +0.000009] page:fffffc0000f68a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3da28
[ +0.000012] head:fffffc0000f68a00 order:3 compound_mapcount:0 compound_pincount:0
[ +0.000009] flags: 0xffff00000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
[ +0.000019] raw: 0ffff00000010200 fffffc0000eb5c08 fffffc0000d96608 ffff000000002a80
[ +0.000008] raw: 0000000000000000 00000000000a000a 00000001ffffffff 0000000000000000
[ +0.000008] page dumped because: kasan: bad access detected
[ +0.000011] Memory state around the buggy address:
[ +0.000009] ffff00003da29080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ffff00003da29100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] >ffff00003da29180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ^
[ +0.000008] ffff00003da29200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000006] ffff00003da29280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ +0.000007] ==================================================================
Fix by keeping track of which encoders were initialised in the meson_drm
structure and manually removing their bridges at aggregate driver's unbind
time.
Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220920222842.1053234-1-adrian.larumbe@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/meson/meson_drv.c | 4 ++++
drivers/gpu/drm/meson/meson_drv.h | 7 +++++++
drivers/gpu/drm/meson/meson_encoder_cvbs.c | 13 +++++++++++++
drivers/gpu/drm/meson/meson_encoder_cvbs.h | 1 +
drivers/gpu/drm/meson/meson_encoder_hdmi.c | 13 +++++++++++++
drivers/gpu/drm/meson/meson_encoder_hdmi.h | 1 +
6 files changed, 39 insertions(+)
diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
index 8444d90165fb..86b90d0f5780 100644
--- a/drivers/gpu/drm/meson/meson_drv.c
+++ b/drivers/gpu/drm/meson/meson_drv.c
@@ -390,6 +390,10 @@ static void meson_drv_unbind(struct device *dev)
drm_atomic_helper_shutdown(drm);
free_irq(priv->vsync_irq, drm);
drm_dev_put(drm);
+
+ meson_encoder_hdmi_remove(priv);
+ meson_encoder_cvbs_remove(priv);
+
component_unbind_all(dev, drm);
if (priv->afbcd.ops)
diff --git a/drivers/gpu/drm/meson/meson_drv.h b/drivers/gpu/drm/meson/meson_drv.h
index 177dac3ca3be..c62ee358456f 100644
--- a/drivers/gpu/drm/meson/meson_drv.h
+++ b/drivers/gpu/drm/meson/meson_drv.h
@@ -25,6 +25,12 @@ enum vpu_compatible {
VPU_COMPATIBLE_G12A = 3,
};
+enum {
+ MESON_ENC_CVBS = 0,
+ MESON_ENC_HDMI,
+ MESON_ENC_LAST,
+};
+
struct meson_drm_match_data {
enum vpu_compatible compat;
struct meson_afbcd_ops *afbcd_ops;
@@ -51,6 +57,7 @@ struct meson_drm {
struct drm_crtc *crtc;
struct drm_plane *primary_plane;
struct drm_plane *overlay_plane;
+ void *encoders[MESON_ENC_LAST];
const struct meson_drm_soc_limits *limits;
diff --git a/drivers/gpu/drm/meson/meson_encoder_cvbs.c b/drivers/gpu/drm/meson/meson_encoder_cvbs.c
index 8110a6e39320..5675bc2a92cf 100644
--- a/drivers/gpu/drm/meson/meson_encoder_cvbs.c
+++ b/drivers/gpu/drm/meson/meson_encoder_cvbs.c
@@ -281,5 +281,18 @@ int meson_encoder_cvbs_init(struct meson_drm *priv)
}
drm_connector_attach_encoder(connector, &meson_encoder_cvbs->encoder);
+ priv->encoders[MESON_ENC_CVBS] = meson_encoder_cvbs;
+
return 0;
}
+
+void meson_encoder_cvbs_remove(struct meson_drm *priv)
+{
+ struct meson_encoder_cvbs *meson_encoder_cvbs;
+
+ if (priv->encoders[MESON_ENC_CVBS]) {
+ meson_encoder_cvbs = priv->encoders[MESON_ENC_CVBS];
+ drm_bridge_remove(&meson_encoder_cvbs->bridge);
+ drm_bridge_remove(meson_encoder_cvbs->next_bridge);
+ }
+}
diff --git a/drivers/gpu/drm/meson/meson_encoder_cvbs.h b/drivers/gpu/drm/meson/meson_encoder_cvbs.h
index 61d9d183ce7f..09710fec3c66 100644
--- a/drivers/gpu/drm/meson/meson_encoder_cvbs.h
+++ b/drivers/gpu/drm/meson/meson_encoder_cvbs.h
@@ -25,5 +25,6 @@ struct meson_cvbs_mode {
extern struct meson_cvbs_mode meson_cvbs_modes[MESON_CVBS_MODES_COUNT];
int meson_encoder_cvbs_init(struct meson_drm *priv);
+void meson_encoder_cvbs_remove(struct meson_drm *priv);
#endif /* __MESON_VENC_CVBS_H */
diff --git a/drivers/gpu/drm/meson/meson_encoder_hdmi.c b/drivers/gpu/drm/meson/meson_encoder_hdmi.c
index 2f616c55c271..53231bfdf7e2 100644
--- a/drivers/gpu/drm/meson/meson_encoder_hdmi.c
+++ b/drivers/gpu/drm/meson/meson_encoder_hdmi.c
@@ -452,6 +452,8 @@ int meson_encoder_hdmi_init(struct meson_drm *priv)
meson_encoder_hdmi->cec_notifier = notifier;
}
+ priv->encoders[MESON_ENC_HDMI] = meson_encoder_hdmi;
+
dev_dbg(priv->dev, "HDMI encoder initialized\n");
return 0;
@@ -460,3 +462,14 @@ int meson_encoder_hdmi_init(struct meson_drm *priv)
of_node_put(remote);
return ret;
}
+
+void meson_encoder_hdmi_remove(struct meson_drm *priv)
+{
+ struct meson_encoder_hdmi *meson_encoder_hdmi;
+
+ if (priv->encoders[MESON_ENC_HDMI]) {
+ meson_encoder_hdmi = priv->encoders[MESON_ENC_HDMI];
+ drm_bridge_remove(&meson_encoder_hdmi->bridge);
+ drm_bridge_remove(meson_encoder_hdmi->next_bridge);
+ }
+}
diff --git a/drivers/gpu/drm/meson/meson_encoder_hdmi.h b/drivers/gpu/drm/meson/meson_encoder_hdmi.h
index ed19494f0956..a6cd38eb5f71 100644
--- a/drivers/gpu/drm/meson/meson_encoder_hdmi.h
+++ b/drivers/gpu/drm/meson/meson_encoder_hdmi.h
@@ -8,5 +8,6 @@
#define __MESON_ENCODER_HDMI_H
int meson_encoder_hdmi_init(struct meson_drm *priv);
+void meson_encoder_hdmi_remove(struct meson_drm *priv);
#endif /* __MESON_ENCODER_HDMI_H */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 763/862] mmc: sdhci-msm: add compatible string check for sdm670
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (761 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 762/862] drm/meson: remove drm bridges at aggregate driver unbind time Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 764/862] drm/dp: Dont rewrite link config when setting phy test pattern Greg Kroah-Hartman
` (113 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Acayan, Bhupesh Sharma,
Krzysztof Kozlowski, Ulf Hansson, Sasha Levin
From: Richard Acayan <mailingradian@gmail.com>
[ Upstream commit 4de95950d970c71a9e82a24573bb7a44fd95baa1 ]
The Snapdragon 670 has the same quirk as Snapdragon 845 (needing to
restore the dll config). Add a compatible string check to detect the need
for this.
Signed-off-by: Richard Acayan <mailingradian@gmail.com>
Reviewed-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220923014322.33620-3-mailingradian@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-msm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
index dc2991422a87..3a091a387ecb 100644
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -2441,6 +2441,7 @@ static const struct of_device_id sdhci_msm_dt_match[] = {
*/
{.compatible = "qcom,sdhci-msm-v4", .data = &sdhci_msm_mci_var},
{.compatible = "qcom,sdhci-msm-v5", .data = &sdhci_msm_v5_var},
+ {.compatible = "qcom,sdm670-sdhci", .data = &sdm845_sdhci_var},
{.compatible = "qcom,sdm845-sdhci", .data = &sdm845_sdhci_var},
{.compatible = "qcom,sc7180-sdhci", .data = &sdm845_sdhci_var},
{},
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 764/862] drm/dp: Dont rewrite link config when setting phy test pattern
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (762 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 763/862] mmc: sdhci-msm: add compatible string check for sdm670 Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 765/862] drm/amd/display: Remove interface for periodic interrupt 1 Greg Kroah-Hartman
` (112 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Imre Deak, Jani Nikula, Or Cochvi,
Khaled Almahallawy, Sasha Levin
From: Khaled Almahallawy <khaled.almahallawy@intel.com>
[ Upstream commit 7b4d8db657192066bc6f1f6635d348413dac1e18 ]
The sequence for Source DP PHY CTS automation is [2][1]:
1- Emulate successful Link Training(LT)
2- Short HPD and change link rates and number of lanes by LT.
(This is same flow for Link Layer CTS)
3- Short HPD and change PHY test pattern and swing/pre-emphasis
levels (This step should not trigger LT)
The problem is with DP PHY compliance setup as follow:
[DPTX + on board LTTPR]------Main Link--->[Scope]
^ |
| |
| |
----------Aux Ch------>[Aux Emulator]
At step 3, before writing TRAINING_LANEx_SET/LINK_QUAL_PATTERN_SET
to declare the pattern/swing requested by scope, we write link
config in LINK_BW_SET/LANE_COUNT_SET on a port that has LTTPR.
As LTTPR snoops aux transaction, LINK_BW_SET/LANE_COUNT_SET writes
indicate a LT will start [Check DP 2.0 E11 -Sec 3.6.8.2 & 3.6.8.6.3],
and LTTPR will reset the link and stop sending DP signals to
DPTX/Scope causing the measurements to fail. Note that step 3 will
not trigger LT and DP link will never recovered by the
Aux Emulator/Scope.
The reset of link can be tested with a monitor connected to LTTPR
port simply by writing to LINK_BW_SET or LANE_COUNT_SET as follow
igt/tools/dpcd_reg write --offset=0x100 --value 0x14 --device=2
OR
printf '\x14' | sudo dd of=/dev/drm_dp_aux2 bs=1 count=1 conv=notrunc
seek=$((0x100))
This single aux write causes the screen to blank, sending short HPD to
DPTX, setting LINK_STATUS_UPDATE = 1 in DPCD 0x204, and triggering LT.
As stated in [1]:
"Before any TX electrical testing can be performed, the link between a
DPTX and DPRX (in this case, a piece of test equipment), including all
LTTPRs within the path, shall be trained as defined in this Standard."
In addition, changing Phy pattern/Swing/Pre-emphasis (Step 3) uses the
same link rate and lane count applied on step 2, so no need to redo LT.
The fix is to not rewrite link config in step 3, and just writes
TRAINING_LANEx_SET and LINK_QUAL_PATTERN_SET
[1]: DP 2.0 E11 - 3.6.11.1 LTTPR DPTX_PHY Electrical Compliance
[2]: Configuring UnigrafDPTC Controller - Automation Test Sequence
https://www.keysight.com/us/en/assets/9922-01244/help-files/
D9040DPPC-DisplayPort-Test-Software-Online-Help-latest.chm
Cc: Imre Deak <imre.deak@intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Or Cochvi <or.cochvi@intel.com>
Signed-off-by: Khaled Almahallawy <khaled.almahallawy@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220916054900.415804-1-khaled.almahallawy@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/display/drm_dp_helper.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index e5bab236b3ae..4c0c4e3d1e20 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -2638,17 +2638,8 @@ int drm_dp_set_phy_test_pattern(struct drm_dp_aux *aux,
struct drm_dp_phy_test_params *data, u8 dp_rev)
{
int err, i;
- u8 link_config[2];
u8 test_pattern;
- link_config[0] = drm_dp_link_rate_to_bw_code(data->link_rate);
- link_config[1] = data->num_lanes;
- if (data->enhanced_frame_cap)
- link_config[1] |= DP_LANE_COUNT_ENHANCED_FRAME_EN;
- err = drm_dp_dpcd_write(aux, DP_LINK_BW_SET, link_config, 2);
- if (err < 0)
- return err;
-
test_pattern = data->phy_pattern;
if (dp_rev < 0x12) {
test_pattern = (test_pattern << 2) &
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 765/862] drm/amd/display: Remove interface for periodic interrupt 1
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (763 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 764/862] drm/dp: Dont rewrite link config when setting phy test pattern Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 766/862] drm/amd/display: polling vid stream status in hpo dp blank Greg Kroah-Hartman
` (111 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jaehyun Chung, Jasdeep Dhillon,
Aric Cyr, Daniel Wheeler, Alex Deucher, Sasha Levin
From: Aric Cyr <aric.cyr@amd.com>
[ Upstream commit 97d8d6f075bd8f988589be02b91f6fa644d0b0b8 ]
[why]
Only a single VLINE interrupt is available so interface should not
expose the second one which is used by DMU firmware.
[how]
Remove references to periodic_interrupt1 and VLINE1 from DC interfaces.
Reviewed-by: Jaehyun Chung <jaehyun.chung@amd.com>
Acked-by: Jasdeep Dhillon <jdhillon@amd.com>
Signed-off-by: Aric Cyr <aric.cyr@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/core/dc.c | 16 +++------
drivers/gpu/drm/amd/display/dc/dc_stream.h | 6 ++--
.../amd/display/dc/dcn10/dcn10_hw_sequencer.c | 35 ++++++-------------
.../amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 +-
.../gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 +----
5 files changed, 18 insertions(+), 50 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c
index fb22c3d70528..18d6ee666297 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc.c
@@ -2753,11 +2753,8 @@ static void copy_stream_update_to_stream(struct dc *dc,
if (update->abm_level)
stream->abm_level = *update->abm_level;
- if (update->periodic_interrupt0)
- stream->periodic_interrupt0 = *update->periodic_interrupt0;
-
- if (update->periodic_interrupt1)
- stream->periodic_interrupt1 = *update->periodic_interrupt1;
+ if (update->periodic_interrupt)
+ stream->periodic_interrupt = *update->periodic_interrupt;
if (update->gamut_remap)
stream->gamut_remap_matrix = *update->gamut_remap;
@@ -2987,13 +2984,8 @@ static void commit_planes_do_stream_update(struct dc *dc,
if (!pipe_ctx->top_pipe && !pipe_ctx->prev_odm_pipe && pipe_ctx->stream == stream) {
- if (stream_update->periodic_interrupt0 &&
- dc->hwss.setup_periodic_interrupt)
- dc->hwss.setup_periodic_interrupt(dc, pipe_ctx, VLINE0);
-
- if (stream_update->periodic_interrupt1 &&
- dc->hwss.setup_periodic_interrupt)
- dc->hwss.setup_periodic_interrupt(dc, pipe_ctx, VLINE1);
+ if (stream_update->periodic_interrupt && dc->hwss.setup_periodic_interrupt)
+ dc->hwss.setup_periodic_interrupt(dc, pipe_ctx);
if ((stream_update->hdr_static_metadata && !stream->use_dynamic_meta) ||
stream_update->vrr_infopacket ||
diff --git a/drivers/gpu/drm/amd/display/dc/dc_stream.h b/drivers/gpu/drm/amd/display/dc/dc_stream.h
index f87f852d4829..ae0922e98ef7 100644
--- a/drivers/gpu/drm/amd/display/dc/dc_stream.h
+++ b/drivers/gpu/drm/amd/display/dc/dc_stream.h
@@ -212,8 +212,7 @@ struct dc_stream_state {
/* DMCU info */
unsigned int abm_level;
- struct periodic_interrupt_config periodic_interrupt0;
- struct periodic_interrupt_config periodic_interrupt1;
+ struct periodic_interrupt_config periodic_interrupt;
/* from core_stream struct */
struct dc_context *ctx;
@@ -283,8 +282,7 @@ struct dc_stream_update {
struct dc_info_packet *hdr_static_metadata;
unsigned int *abm_level;
- struct periodic_interrupt_config *periodic_interrupt0;
- struct periodic_interrupt_config *periodic_interrupt1;
+ struct periodic_interrupt_config *periodic_interrupt;
struct dc_info_packet *vrr_infopacket;
struct dc_info_packet *vsc_infopacket;
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 5b5d952b2b8c..bc9b92838ea9 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -3768,7 +3768,7 @@ void dcn10_calc_vupdate_position(
{
const struct dc_crtc_timing *dc_crtc_timing = &pipe_ctx->stream->timing;
int vline_int_offset_from_vupdate =
- pipe_ctx->stream->periodic_interrupt0.lines_offset;
+ pipe_ctx->stream->periodic_interrupt.lines_offset;
int vupdate_offset_from_vsync = dc->hwss.get_vupdate_offset_from_vsync(pipe_ctx);
int start_position;
@@ -3793,18 +3793,10 @@ void dcn10_calc_vupdate_position(
static void dcn10_cal_vline_position(
struct dc *dc,
struct pipe_ctx *pipe_ctx,
- enum vline_select vline,
uint32_t *start_line,
uint32_t *end_line)
{
- enum vertical_interrupt_ref_point ref_point = INVALID_POINT;
-
- if (vline == VLINE0)
- ref_point = pipe_ctx->stream->periodic_interrupt0.ref_point;
- else if (vline == VLINE1)
- ref_point = pipe_ctx->stream->periodic_interrupt1.ref_point;
-
- switch (ref_point) {
+ switch (pipe_ctx->stream->periodic_interrupt.ref_point) {
case START_V_UPDATE:
dcn10_calc_vupdate_position(
dc,
@@ -3813,7 +3805,9 @@ static void dcn10_cal_vline_position(
end_line);
break;
case START_V_SYNC:
- // Suppose to do nothing because vsync is 0;
+ // vsync is line 0 so start_line is just the requested line offset
+ *start_line = pipe_ctx->stream->periodic_interrupt.lines_offset;
+ *end_line = *start_line + 2;
break;
default:
ASSERT(0);
@@ -3823,24 +3817,15 @@ static void dcn10_cal_vline_position(
void dcn10_setup_periodic_interrupt(
struct dc *dc,
- struct pipe_ctx *pipe_ctx,
- enum vline_select vline)
+ struct pipe_ctx *pipe_ctx)
{
struct timing_generator *tg = pipe_ctx->stream_res.tg;
+ uint32_t start_line = 0;
+ uint32_t end_line = 0;
- if (vline == VLINE0) {
- uint32_t start_line = 0;
- uint32_t end_line = 0;
+ dcn10_cal_vline_position(dc, pipe_ctx, &start_line, &end_line);
- dcn10_cal_vline_position(dc, pipe_ctx, vline, &start_line, &end_line);
-
- tg->funcs->setup_vertical_interrupt0(tg, start_line, end_line);
-
- } else if (vline == VLINE1) {
- pipe_ctx->stream_res.tg->funcs->setup_vertical_interrupt1(
- tg,
- pipe_ctx->stream->periodic_interrupt1.lines_offset);
- }
+ tg->funcs->setup_vertical_interrupt0(tg, start_line, end_line);
}
void dcn10_setup_vupdate_interrupt(struct dc *dc, struct pipe_ctx *pipe_ctx)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
index 9ae07c77fdc0..0ef7bf7ddb75 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h
@@ -175,8 +175,7 @@ void dcn10_set_cursor_attribute(struct pipe_ctx *pipe_ctx);
void dcn10_set_cursor_sdr_white_level(struct pipe_ctx *pipe_ctx);
void dcn10_setup_periodic_interrupt(
struct dc *dc,
- struct pipe_ctx *pipe_ctx,
- enum vline_select vline);
+ struct pipe_ctx *pipe_ctx);
enum dc_status dcn10_set_clock(struct dc *dc,
enum dc_clock_type clock_type,
uint32_t clk_khz,
diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
index ccb3c719fc4d..ac94dba72c18 100644
--- a/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
+++ b/drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h
@@ -32,11 +32,6 @@
#include "inc/hw/link_encoder.h"
#include "core_status.h"
-enum vline_select {
- VLINE0,
- VLINE1
-};
-
struct pipe_ctx;
struct dc_state;
struct dc_stream_status;
@@ -116,8 +111,7 @@ struct hw_sequencer_funcs {
int group_index, int group_size,
struct pipe_ctx *grouped_pipes[]);
void (*setup_periodic_interrupt)(struct dc *dc,
- struct pipe_ctx *pipe_ctx,
- enum vline_select vline);
+ struct pipe_ctx *pipe_ctx);
void (*set_drr)(struct pipe_ctx **pipe_ctx, int num_pipes,
struct dc_crtc_timing_adjust adjust);
void (*set_static_screen_control)(struct pipe_ctx **pipe_ctx,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 766/862] drm/amd/display: polling vid stream status in hpo dp blank
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (764 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 765/862] drm/amd/display: Remove interface for periodic interrupt 1 Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 767/862] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning Greg Kroah-Hartman
` (110 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ariel Bernstein, Jasdeep Dhillon,
Wenjing Liu, Daniel Wheeler, Alex Deucher, Sasha Levin
From: Wenjing Liu <wenjing.liu@amd.com>
[ Upstream commit e32df0c7ecead95d70ca89f39b1b2b02a59ff691 ]
[why]
vid stream control is double bufferred, if we don't wait for video
stream enable set to 0, we may get temporary image corruption
showing on the stream when setting PIXEL_TO_SYMBOL_FIFO_ENABLE to 0.
Reviewed-by: Ariel Bernstein <Eric.Bernstein@amd.com>
Acked-by: Jasdeep Dhillon <jdhillon@amd.com>
Signed-off-by: Wenjing Liu <wenjing.liu@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../drm/amd/display/dc/dcn31/dcn31_hpo_dp_stream_encoder.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_stream_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_stream_encoder.c
index 23621ff08c90..52fb2bf3d578 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_stream_encoder.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_stream_encoder.c
@@ -150,9 +150,9 @@ static void dcn31_hpo_dp_stream_enc_dp_blank(
* 10us*5000=50ms. This covers 41.7ms of minimum 24 Hz mode +
* a little more because we may not trust delay accuracy.
*/
- //REG_WAIT(DP_SYM32_ENC_VID_STREAM_CONTROL,
- // VID_STREAM_STATUS, 0,
- // 10, 5000);
+ REG_WAIT(DP_SYM32_ENC_VID_STREAM_CONTROL,
+ VID_STREAM_STATUS, 0,
+ 10, 5000);
/* Disable SDP tranmission */
REG_UPDATE(DP_SYM32_ENC_SDP_CONTROL,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 767/862] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (765 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 766/862] drm/amd/display: polling vid stream status in hpo dp blank Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 768/862] ARM: dts: imx6: delete interrupts property if interrupts-extended is set Greg Kroah-Hartman
` (109 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ellis Michael, Felix Kuehling,
Graham Sider, Alex Deucher, Sasha Levin
From: Felix Kuehling <Felix.Kuehling@amd.com>
[ Upstream commit b292cafe2dd02d96a07147e4b160927e8399d5cc ]
This was fixed in initialize_cpsch before, but not in initialize_nocpsch.
Factor sdma bitmap initialization into a helper function to apply the
correct implementation in both cases without duplicating it.
v2: Added a range check
Reported-by: Ellis Michael <ellis@ellismichael.com>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Graham Sider <Graham.Sider@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../drm/amd/amdkfd/kfd_device_queue_manager.c | 45 +++++++++----------
1 file changed, 21 insertions(+), 24 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
index 007a3db69df1..ecb4c3abc629 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
@@ -1242,6 +1242,24 @@ static void init_interrupts(struct device_queue_manager *dqm)
dqm->dev->kfd2kgd->init_interrupts(dqm->dev->adev, i);
}
+static void init_sdma_bitmaps(struct device_queue_manager *dqm)
+{
+ unsigned int num_sdma_queues =
+ min_t(unsigned int, sizeof(dqm->sdma_bitmap)*8,
+ get_num_sdma_queues(dqm));
+ unsigned int num_xgmi_sdma_queues =
+ min_t(unsigned int, sizeof(dqm->xgmi_sdma_bitmap)*8,
+ get_num_xgmi_sdma_queues(dqm));
+
+ if (num_sdma_queues)
+ dqm->sdma_bitmap = GENMASK_ULL(num_sdma_queues-1, 0);
+ if (num_xgmi_sdma_queues)
+ dqm->xgmi_sdma_bitmap = GENMASK_ULL(num_xgmi_sdma_queues-1, 0);
+
+ dqm->sdma_bitmap &= ~get_reserved_sdma_queues_bitmap(dqm);
+ pr_info("sdma_bitmap: %llx\n", dqm->sdma_bitmap);
+}
+
static int initialize_nocpsch(struct device_queue_manager *dqm)
{
int pipe, queue;
@@ -1270,11 +1288,7 @@ static int initialize_nocpsch(struct device_queue_manager *dqm)
memset(dqm->vmid_pasid, 0, sizeof(dqm->vmid_pasid));
- dqm->sdma_bitmap = ~0ULL >> (64 - get_num_sdma_queues(dqm));
- dqm->sdma_bitmap &= ~(get_reserved_sdma_queues_bitmap(dqm));
- pr_info("sdma_bitmap: %llx\n", dqm->sdma_bitmap);
-
- dqm->xgmi_sdma_bitmap = ~0ULL >> (64 - get_num_xgmi_sdma_queues(dqm));
+ init_sdma_bitmaps(dqm);
return 0;
}
@@ -1452,9 +1466,6 @@ static int set_sched_resources(struct device_queue_manager *dqm)
static int initialize_cpsch(struct device_queue_manager *dqm)
{
- uint64_t num_sdma_queues;
- uint64_t num_xgmi_sdma_queues;
-
pr_debug("num of pipes: %d\n", get_pipes_per_mec(dqm));
mutex_init(&dqm->lock_hidden);
@@ -1463,24 +1474,10 @@ static int initialize_cpsch(struct device_queue_manager *dqm)
dqm->active_cp_queue_count = 0;
dqm->gws_queue_count = 0;
dqm->active_runlist = false;
-
- num_sdma_queues = get_num_sdma_queues(dqm);
- if (num_sdma_queues >= BITS_PER_TYPE(dqm->sdma_bitmap))
- dqm->sdma_bitmap = ULLONG_MAX;
- else
- dqm->sdma_bitmap = (BIT_ULL(num_sdma_queues) - 1);
-
- dqm->sdma_bitmap &= ~(get_reserved_sdma_queues_bitmap(dqm));
- pr_info("sdma_bitmap: %llx\n", dqm->sdma_bitmap);
-
- num_xgmi_sdma_queues = get_num_xgmi_sdma_queues(dqm);
- if (num_xgmi_sdma_queues >= BITS_PER_TYPE(dqm->xgmi_sdma_bitmap))
- dqm->xgmi_sdma_bitmap = ULLONG_MAX;
- else
- dqm->xgmi_sdma_bitmap = (BIT_ULL(num_xgmi_sdma_queues) - 1);
-
INIT_WORK(&dqm->hw_exception_work, kfd_process_hw_exception);
+ init_sdma_bitmaps(dqm);
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 768/862] ARM: dts: imx6: delete interrupts property if interrupts-extended is set
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (766 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 767/862] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 769/862] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Greg Kroah-Hartman
` (108 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit c9d38ff7080b2c4fa6786b82210fa13115895aae ]
In most cases this is related to fsl,err006687-workaround-present, which
requires a GPIO interrupt next a GIC interrupt.
This fixes the dtbs_check warning:
imx6dl-mba6a.dtb: ethernet@2188000: More than one condition true in oneOf schema:
{'$filename': 'Documentation/devicetree/bindings/net/fsl,fec.yaml',
[...]
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6dl-riotboard.dts | 1 +
arch/arm/boot/dts/imx6q-arm2.dts | 1 +
arch/arm/boot/dts/imx6q-evi.dts | 1 +
arch/arm/boot/dts/imx6q-mccmon6.dts | 1 +
arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-sabreauto.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-tqma6a.dtsi | 1 +
arch/arm/boot/dts/imx6qdl-ts7970.dtsi | 1 +
11 files changed, 11 insertions(+)
diff --git a/arch/arm/boot/dts/imx6dl-riotboard.dts b/arch/arm/boot/dts/imx6dl-riotboard.dts
index e7d9bfbfd0e4..e7be05f205d3 100644
--- a/arch/arm/boot/dts/imx6dl-riotboard.dts
+++ b/arch/arm/boot/dts/imx6dl-riotboard.dts
@@ -90,6 +90,7 @@
pinctrl-0 = <&pinctrl_enet>;
phy-mode = "rgmii-id";
phy-handle = <&rgmii_phy>;
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6q-arm2.dts b/arch/arm/boot/dts/imx6q-arm2.dts
index 0b40f52268b3..75586299d9ca 100644
--- a/arch/arm/boot/dts/imx6q-arm2.dts
+++ b/arch/arm/boot/dts/imx6q-arm2.dts
@@ -178,6 +178,7 @@
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
phy-mode = "rgmii";
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6q-evi.dts b/arch/arm/boot/dts/imx6q-evi.dts
index c63f371ede8b..78d941fef5df 100644
--- a/arch/arm/boot/dts/imx6q-evi.dts
+++ b/arch/arm/boot/dts/imx6q-evi.dts
@@ -146,6 +146,7 @@
pinctrl-0 = <&pinctrl_enet>;
phy-mode = "rgmii";
phy-reset-gpios = <&gpio1 25 GPIO_ACTIVE_LOW>;
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6q-mccmon6.dts b/arch/arm/boot/dts/imx6q-mccmon6.dts
index 55692c73943d..64ab01018b71 100644
--- a/arch/arm/boot/dts/imx6q-mccmon6.dts
+++ b/arch/arm/boot/dts/imx6q-mccmon6.dts
@@ -100,6 +100,7 @@
pinctrl-0 = <&pinctrl_enet>;
phy-mode = "rgmii";
phy-reset-gpios = <&gpio1 27 GPIO_ACTIVE_LOW>;
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
status = "okay";
diff --git a/arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi b/arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi
index 0ad4cb4f1e82..a53a5d0766a5 100644
--- a/arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi
@@ -192,6 +192,7 @@
phy-mode = "rgmii";
phy-handle = <ðphy>;
phy-reset-gpios = <&gpio1 27 GPIO_ACTIVE_LOW>;
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi b/arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi
index beaa2dcd436c..57c21a01f126 100644
--- a/arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi
@@ -334,6 +334,7 @@
phy-mode = "rgmii";
phy-handle = <ðphy>;
phy-reset-gpios = <&gpio1 27 GPIO_ACTIVE_LOW>;
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi b/arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi
index ee7e2371f94b..000e9dc97b1a 100644
--- a/arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi
@@ -263,6 +263,7 @@
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
phy-mode = "rgmii";
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi b/arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi
index 904d5d051d63..731759bdd7f5 100644
--- a/arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi
@@ -267,6 +267,7 @@
phy-mode = "rgmii";
phy-handle = <ðphy>;
phy-reset-gpios = <&gpio1 27 GPIO_ACTIVE_LOW>;
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6qdl-sabreauto.dtsi b/arch/arm/boot/dts/imx6qdl-sabreauto.dtsi
index 1368a4762037..3dbb460ef102 100644
--- a/arch/arm/boot/dts/imx6qdl-sabreauto.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-sabreauto.dtsi
@@ -295,6 +295,7 @@
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
phy-mode = "rgmii-id";
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6qdl-tqma6a.dtsi b/arch/arm/boot/dts/imx6qdl-tqma6a.dtsi
index 7dc3f0005b0f..0a36e1bce375 100644
--- a/arch/arm/boot/dts/imx6qdl-tqma6a.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-tqma6a.dtsi
@@ -7,6 +7,7 @@
#include <dt-bindings/gpio/gpio.h>
&fec {
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
diff --git a/arch/arm/boot/dts/imx6qdl-ts7970.dtsi b/arch/arm/boot/dts/imx6qdl-ts7970.dtsi
index d6ba4b2a60f6..c096d25a6f5b 100644
--- a/arch/arm/boot/dts/imx6qdl-ts7970.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-ts7970.dtsi
@@ -192,6 +192,7 @@
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enet>;
phy-mode = "rgmii";
+ /delete-property/ interrupts;
interrupts-extended = <&gpio1 6 IRQ_TYPE_LEVEL_HIGH>,
<&intc 0 119 IRQ_TYPE_LEVEL_HIGH>;
fsl,err006687-workaround-present;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 769/862] ARM: dts: imx7d-sdb: config the max pressure for tsc2046
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (767 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 768/862] ARM: dts: imx6: delete interrupts property if interrupts-extended is set Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 770/862] arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address Greg Kroah-Hartman
` (107 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haibo Chen, Shawn Guo, Sasha Levin
From: Haibo Chen <haibo.chen@nxp.com>
[ Upstream commit e7c4ebe2f9cd68588eb24ba4ed122e696e2d5272 ]
Use the general touchscreen method to config the max pressure for
touch tsc2046(data sheet suggest 8 bit pressure), otherwise, for
ABS_PRESSURE, when config the same max and min value, weston will
meet the following issue,
[17:19:39.183] event1 - ADS7846 Touchscreen: is tagged by udev as: Touchscreen
[17:19:39.183] event1 - ADS7846 Touchscreen: kernel bug: device has min == max on ABS_PRESSURE
[17:19:39.183] event1 - ADS7846 Touchscreen: was rejected
[17:19:39.183] event1 - not using input device '/dev/input/event1'
This will then cause the APP weston-touch-calibrator can't list touch devices.
root@imx6ul7d:~# weston-touch-calibrator
could not load cursor 'dnd-move'
could not load cursor 'dnd-copy'
could not load cursor 'dnd-none'
No devices listed.
And accroding to binding Doc, "ti,x-max", "ti,y-max", "ti,pressure-max"
belong to the deprecated properties, so remove them. Also for "ti,x-min",
"ti,y-min", "ti,x-plate-ohms", the value set in dts equal to the default
value in driver, so are redundant, also remove here.
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx7d-sdb.dts | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/arch/arm/boot/dts/imx7d-sdb.dts b/arch/arm/boot/dts/imx7d-sdb.dts
index 78f4224a9bf4..e93b9cd9c27b 100644
--- a/arch/arm/boot/dts/imx7d-sdb.dts
+++ b/arch/arm/boot/dts/imx7d-sdb.dts
@@ -206,12 +206,7 @@
interrupt-parent = <&gpio2>;
interrupts = <29 0>;
pendown-gpio = <&gpio2 29 GPIO_ACTIVE_HIGH>;
- ti,x-min = /bits/ 16 <0>;
- ti,x-max = /bits/ 16 <0>;
- ti,y-min = /bits/ 16 <0>;
- ti,y-max = /bits/ 16 <0>;
- ti,pressure-max = /bits/ 16 <0>;
- ti,x-plate-ohms = /bits/ 16 <400>;
+ touchscreen-max-pressure = <255>;
wakeup-source;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 770/862] arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (768 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 769/862] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 771/862] ARM: dts: imx6q: add missing properties for sram Greg Kroah-Hartman
` (106 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Stephen Boyd,
Vinod Koul, David Heidelberg, Bjorn Andersson, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 5589ffb2da2a66988ab3a68334dad3e68b42e3a9 ]
Correct SPMI PMIC VADC channel node name:
1. Use hyphens instead of underscores,
2. Add missing unit address.
This fixes `make dtbs_check` warnings like:
qcom/sc7280-idp.dtb: pmic@0: adc@3100: 'pmk8350_die_temp', 'pmr735a_die_temp' do not match any of the regexes: '^.*@[0-9a-f]+$', 'pinctrl-[0-9]+'
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: David Heidelberg <david@ixit.cz>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220828084341.112146-12-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7280-idp.dts | 2 +-
arch/arm64/boot/dts/qcom/sc7280-idp.dtsi | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7280-idp.dts b/arch/arm64/boot/dts/qcom/sc7280-idp.dts
index 6d3ff80582ae..e2e37a0292ad 100644
--- a/arch/arm64/boot/dts/qcom/sc7280-idp.dts
+++ b/arch/arm64/boot/dts/qcom/sc7280-idp.dts
@@ -78,7 +78,7 @@
};
&pmk8350_vadc {
- pmr735a_die_temp {
+ pmr735a-die-temp@403 {
reg = <PMR735A_ADC7_DIE_TEMP>;
label = "pmr735a_die_temp";
qcom,pre-scaling = <1 1>;
diff --git a/arch/arm64/boot/dts/qcom/sc7280-idp.dtsi b/arch/arm64/boot/dts/qcom/sc7280-idp.dtsi
index a74e0b730db6..27c47ddbdf02 100644
--- a/arch/arm64/boot/dts/qcom/sc7280-idp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7280-idp.dtsi
@@ -264,7 +264,7 @@
};
&pmk8350_vadc {
- pmk8350_die_temp {
+ pmk8350-die-temp@3 {
reg = <PMK8350_ADC7_DIE_TEMP>;
label = "pmk8350_die_temp";
qcom,pre-scaling = <1 1>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 771/862] ARM: dts: imx6q: add missing properties for sram
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (769 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 770/862] arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 772/862] ARM: dts: imx6dl: " Greg Kroah-Hartman
` (105 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit b11d083c5dcec7c42fe982c854706d404ddd3a5f ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6q.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6q.dtsi b/arch/arm/boot/dts/imx6q.dtsi
index 3b77eae40e39..df86049a695b 100644
--- a/arch/arm/boot/dts/imx6q.dtsi
+++ b/arch/arm/boot/dts/imx6q.dtsi
@@ -163,6 +163,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x40000>;
+ ranges = <0 0x00900000 0x40000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 772/862] ARM: dts: imx6dl: add missing properties for sram
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (770 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 771/862] ARM: dts: imx6q: add missing properties for sram Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 773/862] ARM: dts: imx6qp: " Greg Kroah-Hartman
` (104 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit f5848b95633d598bacf0500e0108dc5961af88c0 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6dl.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6dl.dtsi b/arch/arm/boot/dts/imx6dl.dtsi
index 8e0ed209ede0..dc919e09a505 100644
--- a/arch/arm/boot/dts/imx6dl.dtsi
+++ b/arch/arm/boot/dts/imx6dl.dtsi
@@ -84,6 +84,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 773/862] ARM: dts: imx6qp: add missing properties for sram
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (771 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 772/862] ARM: dts: imx6dl: " Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 774/862] ARM: dts: imx6sl: " Greg Kroah-Hartman
` (103 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 088fe5237435ee2f7ed4450519b2ef58b94c832f ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@940000: '#address-cells' is a required property
sram@940000: '#size-cells' is a required property
sram@940000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6qp.dtsi | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm/boot/dts/imx6qp.dtsi b/arch/arm/boot/dts/imx6qp.dtsi
index 050365513836..fc164991d2ae 100644
--- a/arch/arm/boot/dts/imx6qp.dtsi
+++ b/arch/arm/boot/dts/imx6qp.dtsi
@@ -9,12 +9,18 @@
ocram2: sram@940000 {
compatible = "mmio-sram";
reg = <0x00940000 0x20000>;
+ ranges = <0 0x00940000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
ocram3: sram@960000 {
compatible = "mmio-sram";
reg = <0x00960000 0x20000>;
+ ranges = <0 0x00960000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6QDL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 774/862] ARM: dts: imx6sl: add missing properties for sram
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (772 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 773/862] ARM: dts: imx6qp: " Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 775/862] ARM: dts: imx6sll: " Greg Kroah-Hartman
` (102 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 60c9213a1d9941a8b33db570796c3f9be8984974 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sl.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6sl.dtsi b/arch/arm/boot/dts/imx6sl.dtsi
index 06a515121dfc..cfd6b4972ae7 100644
--- a/arch/arm/boot/dts/imx6sl.dtsi
+++ b/arch/arm/boot/dts/imx6sl.dtsi
@@ -115,6 +115,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6SL_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 775/862] ARM: dts: imx6sll: add missing properties for sram
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (773 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 774/862] ARM: dts: imx6sl: " Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 776/862] ARM: dts: imx6sx: " Greg Kroah-Hartman
` (101 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 7492a83ed9b7a151e2dd11d64b06da7a7f0fa7f9 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sll.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6sll.dtsi b/arch/arm/boot/dts/imx6sll.dtsi
index d4a000c3dde7..2873369a57c0 100644
--- a/arch/arm/boot/dts/imx6sll.dtsi
+++ b/arch/arm/boot/dts/imx6sll.dtsi
@@ -115,6 +115,9 @@
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
};
intc: interrupt-controller@a01000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 776/862] ARM: dts: imx6sx: add missing properties for sram
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (774 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 775/862] ARM: dts: imx6sll: " Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 777/862] ARM: dts: imx6sl: use tabs for code indent Greg Kroah-Hartman
` (100 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 415432c008b2bce8138841356ba444631cabaa50 ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sx.dtsi | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm/boot/dts/imx6sx.dtsi b/arch/arm/boot/dts/imx6sx.dtsi
index 4d075e2bf749..2611eef3b2a2 100644
--- a/arch/arm/boot/dts/imx6sx.dtsi
+++ b/arch/arm/boot/dts/imx6sx.dtsi
@@ -164,12 +164,18 @@
ocram_s: sram@8f8000 {
compatible = "mmio-sram";
reg = <0x008f8000 0x4000>;
+ ranges = <0 0x008f8000 0x4000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6SX_CLK_OCRAM_S>;
};
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
clocks = <&clks IMX6SX_CLK_OCRAM>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 777/862] ARM: dts: imx6sl: use tabs for code indent
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (775 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 776/862] ARM: dts: imx6sx: " Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 778/862] ARM: dts: imx6sx-udoo-neo: dont use multiple blank lines Greg Kroah-Hartman
` (99 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marcel Ziswiler, Shawn Guo, Sasha Levin
From: Marcel Ziswiler <marcel.ziswiler@toradex.com>
[ Upstream commit 218db824a7519856d0eaaeb5c41ca504ed550210 ]
This fixes the following error:
arch/arm/boot/dts/imx6sl.dtsi:714: error: code indent should use tabs
where possible
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sl.dtsi | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/arm/boot/dts/imx6sl.dtsi b/arch/arm/boot/dts/imx6sl.dtsi
index cfd6b4972ae7..01122ddfdc0d 100644
--- a/arch/arm/boot/dts/imx6sl.dtsi
+++ b/arch/arm/boot/dts/imx6sl.dtsi
@@ -61,10 +61,10 @@
<792000 1175000>,
<396000 975000>;
fsl,soc-operating-points =
- /* ARM kHz SOC-PU uV */
- <996000 1225000>,
- <792000 1175000>,
- <396000 1175000>;
+ /* ARM kHz SOC-PU uV */
+ <996000 1225000>,
+ <792000 1175000>,
+ <396000 1175000>;
clock-latency = <61036>; /* two CLK32 periods */
#cooling-cells = <2>;
clocks = <&clks IMX6SL_CLK_ARM>, <&clks IMX6SL_CLK_PLL2_PFD2>,
@@ -225,7 +225,7 @@
uart5: serial@2018000 {
compatible = "fsl,imx6sl-uart",
- "fsl,imx6q-uart", "fsl,imx21-uart";
+ "fsl,imx6q-uart", "fsl,imx21-uart";
reg = <0x02018000 0x4000>;
interrupts = <0 30 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6SL_CLK_UART>,
@@ -238,7 +238,7 @@
uart1: serial@2020000 {
compatible = "fsl,imx6sl-uart",
- "fsl,imx6q-uart", "fsl,imx21-uart";
+ "fsl,imx6q-uart", "fsl,imx21-uart";
reg = <0x02020000 0x4000>;
interrupts = <0 26 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6SL_CLK_UART>,
@@ -251,7 +251,7 @@
uart2: serial@2024000 {
compatible = "fsl,imx6sl-uart",
- "fsl,imx6q-uart", "fsl,imx21-uart";
+ "fsl,imx6q-uart", "fsl,imx21-uart";
reg = <0x02024000 0x4000>;
interrupts = <0 27 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6SL_CLK_UART>,
@@ -312,7 +312,7 @@
uart3: serial@2034000 {
compatible = "fsl,imx6sl-uart",
- "fsl,imx6q-uart", "fsl,imx21-uart";
+ "fsl,imx6q-uart", "fsl,imx21-uart";
reg = <0x02034000 0x4000>;
interrupts = <0 28 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6SL_CLK_UART>,
@@ -325,7 +325,7 @@
uart4: serial@2038000 {
compatible = "fsl,imx6sl-uart",
- "fsl,imx6q-uart", "fsl,imx21-uart";
+ "fsl,imx6q-uart", "fsl,imx21-uart";
reg = <0x02038000 0x4000>;
interrupts = <0 29 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6SL_CLK_UART>,
@@ -714,7 +714,7 @@
#power-domain-cells = <0>;
power-supply = <®_pu>;
clocks = <&clks IMX6SL_CLK_GPU2D_OVG>,
- <&clks IMX6SL_CLK_GPU2D_PODF>;
+ <&clks IMX6SL_CLK_GPU2D_PODF>;
};
pd_disp: power-domain@2 {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 778/862] ARM: dts: imx6sx-udoo-neo: dont use multiple blank lines
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (776 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 777/862] ARM: dts: imx6sl: use tabs for code indent Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 779/862] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Greg Kroah-Hartman
` (98 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marcel Ziswiler, Shawn Guo, Sasha Levin
From: Marcel Ziswiler <marcel.ziswiler@toradex.com>
[ Upstream commit fd2dd7077c7498765e7326c1b7f34bde85f1a975 ]
This fixes the following warning:
arch/arm/boot/dts/imx6sx-udoo-neo.dtsi:309: check: Please don't use multiple
blank lines
While at it, use tabs indent for some pinctrl entries.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sx-udoo-neo.dtsi | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/arch/arm/boot/dts/imx6sx-udoo-neo.dtsi b/arch/arm/boot/dts/imx6sx-udoo-neo.dtsi
index 35861bbea94e..c84ea1fac5e9 100644
--- a/arch/arm/boot/dts/imx6sx-udoo-neo.dtsi
+++ b/arch/arm/boot/dts/imx6sx-udoo-neo.dtsi
@@ -226,7 +226,7 @@
&iomuxc {
pinctrl_bt_reg: btreggrp {
fsl,pins =
- <MX6SX_PAD_KEY_ROW2__GPIO2_IO_17 0x15059>;
+ <MX6SX_PAD_KEY_ROW2__GPIO2_IO_17 0x15059>;
};
pinctrl_enet1: enet1grp {
@@ -306,7 +306,6 @@
>;
};
-
pinctrl_uart1: uart1grp {
fsl,pins =
<MX6SX_PAD_GPIO1_IO04__UART1_DCE_TX 0x1b0b1>,
@@ -347,24 +346,23 @@
pinctrl_otg1_reg: otg1grp {
fsl,pins =
- <MX6SX_PAD_GPIO1_IO09__GPIO1_IO_9 0x10b0>;
+ <MX6SX_PAD_GPIO1_IO09__GPIO1_IO_9 0x10b0>;
};
-
pinctrl_otg2_reg: otg2grp {
fsl,pins =
- <MX6SX_PAD_NAND_RE_B__GPIO4_IO_12 0x10b0>;
+ <MX6SX_PAD_NAND_RE_B__GPIO4_IO_12 0x10b0>;
};
pinctrl_usb_otg1: usbotg1grp {
fsl,pins =
- <MX6SX_PAD_GPIO1_IO10__ANATOP_OTG1_ID 0x17059>,
- <MX6SX_PAD_GPIO1_IO08__USB_OTG1_OC 0x10b0>;
+ <MX6SX_PAD_GPIO1_IO10__ANATOP_OTG1_ID 0x17059>,
+ <MX6SX_PAD_GPIO1_IO08__USB_OTG1_OC 0x10b0>;
};
pinctrl_usb_otg2: usbot2ggrp {
fsl,pins =
- <MX6SX_PAD_QSPI1A_DATA0__USB_OTG2_OC 0x10b0>;
+ <MX6SX_PAD_QSPI1A_DATA0__USB_OTG2_OC 0x10b0>;
};
pinctrl_usdhc2: usdhc2grp {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 779/862] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (777 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 778/862] ARM: dts: imx6sx-udoo-neo: dont use multiple blank lines Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 780/862] arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage Greg Kroah-Hartman
` (97 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Brown, Catalin Marinas, Sasha Levin
From: Mark Brown <broonie@kernel.org>
[ Upstream commit 5c152c2f66f9368394b89ac90dc7483476ef7b88 ]
When arm64 signal context data overflows the base struct sigcontext it gets
placed in an extra buffer pointed to by a record of type EXTRA_CONTEXT in
the base struct sigcontext which is required to be the last record in the
base struct sigframe. The current validation code attempts to check this
by using GET_RESV_NEXT_HEAD() to step forward from the current record to
the next but that is a macro which assumes it is being provided with a
struct _aarch64_ctx and uses the size there to skip forward to the next
record. Instead validate_extra_context() passes it a struct extra_context
which has a separate size field. This compiles but results in us trying
to validate a termination record in completely the wrong place, at best
failing validation and at worst just segfaulting. Fix this by passing
the struct _aarch64_ctx we meant to into the macro.
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220829160703.874492-4-broonie@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/arm64/signal/testcases/testcases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c
index 84c36bee4d82..d98828cb542b 100644
--- a/tools/testing/selftests/arm64/signal/testcases/testcases.c
+++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c
@@ -33,7 +33,7 @@ bool validate_extra_context(struct extra_context *extra, char **err)
return false;
fprintf(stderr, "Validating EXTRA...\n");
- term = GET_RESV_NEXT_HEAD(extra);
+ term = GET_RESV_NEXT_HEAD(&extra->head);
if (!term || term->magic || term->size) {
*err = "Missing terminator after EXTRA context";
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 780/862] arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (778 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 779/862] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 781/862] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply Greg Kroah-Hartman
` (96 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiko Thiery, Frieder Schrempf,
Shawn Guo, Sasha Levin
From: Frieder Schrempf <frieder.schrempf@kontron.de>
[ Upstream commit eef2c0217e02b6c7ed5b10b82ea944127145e113 ]
It turns out that it is not necessary to declare the VSELECT signal as
GPIO and let the PMIC driver set it to a fixed high level. This switches
the voltage between 3.3V and 1.8V by setting the PMIC register for LDO5
accordingly.
Instead we can do it like other boards already do and simply mux the
VSELECT signal of the USDHC interface to the pin. This makes sure that
the correct voltage is selected by setting the PMIC's SD_VSEL input
to high or low accordingly.
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-s.dts | 3 +++
arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-som.dtsi | 2 --
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-s.dts b/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-s.dts
index 23be1ec538ba..c54536c0a2ba 100644
--- a/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-s.dts
+++ b/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-s.dts
@@ -321,6 +321,7 @@
MX8MM_IOMUXC_SD2_DATA2_USDHC2_DATA2 0x1d0
MX8MM_IOMUXC_SD2_DATA3_USDHC2_DATA3 0x1d0
MX8MM_IOMUXC_SD2_CD_B_GPIO2_IO12 0x019
+ MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x1d0
>;
};
@@ -333,6 +334,7 @@
MX8MM_IOMUXC_SD2_DATA2_USDHC2_DATA2 0x1d4
MX8MM_IOMUXC_SD2_DATA3_USDHC2_DATA3 0x1d4
MX8MM_IOMUXC_SD2_CD_B_GPIO2_IO12 0x019
+ MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x1d0
>;
};
@@ -345,6 +347,7 @@
MX8MM_IOMUXC_SD2_DATA2_USDHC2_DATA2 0x1d6
MX8MM_IOMUXC_SD2_DATA3_USDHC2_DATA3 0x1d6
MX8MM_IOMUXC_SD2_CD_B_GPIO2_IO12 0x019
+ MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x1d0
>;
};
};
diff --git a/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-som.dtsi b/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-som.dtsi
index 8f90eb02550d..6307af803429 100644
--- a/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-som.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mm-kontron-n801x-som.dtsi
@@ -86,7 +86,6 @@
pinctrl-0 = <&pinctrl_pmic>;
interrupt-parent = <&gpio1>;
interrupts = <0 IRQ_TYPE_LEVEL_LOW>;
- sd-vsel-gpios = <&gpio1 4 GPIO_ACTIVE_HIGH>;
regulators {
reg_vdd_soc: BUCK1 {
@@ -229,7 +228,6 @@
pinctrl_pmic: pmicgrp {
fsl,pins = <
MX8MM_IOMUXC_GPIO1_IO00_GPIO1_IO0 0x141
- MX8MM_IOMUXC_GPIO1_IO04_GPIO1_IO4 0x141
>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 781/862] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (779 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 780/862] arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 782/862] ARM: orion: fix include path Greg Kroah-Hartman
` (95 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Krzyszkowiak,
Martin Kepplinger, Shawn Guo, Sasha Levin
From: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
[ Upstream commit 6effe295e1a87408033c29dbcea9d5a5c8b937d5 ]
This allows the userspace to notice that there's not enough
current provided to charge the battery, and also fixes issues
with 0% SOC values being considered invalid.
Signed-off-by: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
Signed-off-by: Martin Kepplinger <martin.kepplinger@puri.sm>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi b/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi
index 9eec8a7eecfc..127fc7f904c8 100644
--- a/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi
@@ -1077,6 +1077,7 @@
interrupts = <20 IRQ_TYPE_LEVEL_LOW>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_gauge>;
+ power-supplies = <&bq25895>;
maxim,over-heat-temp = <700>;
maxim,over-volt = <4500>;
maxim,rsns-microohm = <5000>;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 782/862] ARM: orion: fix include path
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (780 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 781/862] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 783/862] btrfs: dump extra info if one free space cache has more bitmaps than it should Greg Kroah-Hartman
` (94 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Arnd Bergmann,
Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 63872304bdb3decd5454f4dd210c25395278ed13 ]
Now that CONFIG_ARCH_MULTIPLATFORM can be disabled anywhere,
there is a build failure for plat-orion:
arch/arm/plat-orion/irq.c:19:10: fatal error: plat/irq.h: No such file or directory
Make the include path unconditional.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/plat-orion/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/plat-orion/Makefile b/arch/arm/plat-orion/Makefile
index 4e3f25de13c1..830b0be038c6 100644
--- a/arch/arm/plat-orion/Makefile
+++ b/arch/arm/plat-orion/Makefile
@@ -2,7 +2,7 @@
#
# Makefile for the linux kernel.
#
-ccflags-$(CONFIG_ARCH_MULTIPLATFORM) := -I$(srctree)/$(src)/include
+ccflags-y := -I$(srctree)/$(src)/include
orion-gpio-$(CONFIG_GPIOLIB) += gpio.o
obj-$(CONFIG_PLAT_ORION_LEGACY) += irq.o pcie.o time.o common.o mpp.o
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 783/862] btrfs: dump extra info if one free space cache has more bitmaps than it should
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (781 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 782/862] ARM: orion: fix include path Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 784/862] btrfs: scrub: properly report super block errors in system log Greg Kroah-Hartman
` (93 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anand Jain, Qu Wenruo, David Sterba,
Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 62cd9d4474282a1eb84f945955c56cbfc42e1ffe ]
There is an internal report on hitting the following ASSERT() in
recalculate_thresholds():
ASSERT(ctl->total_bitmaps <= max_bitmaps);
Above @max_bitmaps is calculated using the following variables:
- bytes_per_bg
8 * 4096 * 4096 (128M) for x86_64/x86.
- block_group->length
The length of the block group.
@max_bitmaps is the rounded up value of block_group->length / 128M.
Normally one free space cache should not have more bitmaps than above
value, but when it happens the ASSERT() can be triggered if
CONFIG_BTRFS_ASSERT is also enabled.
But the ASSERT() itself won't provide enough info to know which is going
wrong.
Is the bg too small thus it only allows one bitmap?
Or is there something else wrong?
So although I haven't found extra reports or crash dump to do further
investigation, add the extra info to make it more helpful to debug.
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/free-space-cache.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c
index 996da650ecdc..85404c62a1c2 100644
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -693,6 +693,12 @@ static void recalculate_thresholds(struct btrfs_free_space_ctl *ctl)
max_bitmaps = max_t(u64, max_bitmaps, 1);
+ if (ctl->total_bitmaps > max_bitmaps)
+ btrfs_err(block_group->fs_info,
+"invalid free space control: bg start=%llu len=%llu total_bitmaps=%u unit=%u max_bitmaps=%llu bytes_per_bg=%llu",
+ block_group->start, block_group->length,
+ ctl->total_bitmaps, ctl->unit, max_bitmaps,
+ bytes_per_bg);
ASSERT(ctl->total_bitmaps <= max_bitmaps);
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 784/862] btrfs: scrub: properly report super block errors in system log
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (782 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 783/862] btrfs: dump extra info if one free space cache has more bitmaps than it should Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 785/862] btrfs: scrub: try to fix super block errors Greg Kroah-Hartman
` (92 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit e69bf81c9a339f1b2c041b112a6fbb9f60fc9340 ]
[PROBLEM]
Unlike data/metadata corruption, if scrub detected some error in the
super block, the only error message is from the updated device status:
BTRFS info (device dm-1): scrub: started on devid 2
BTRFS error (device dm-1): bdev /dev/mapper/test-scratch2 errs: wr 0, rd 0, flush 0, corrupt 1, gen 0
BTRFS info (device dm-1): scrub: finished on devid 2 with status: 0
This is not helpful at all.
[CAUSE]
Unlike data/metadata error reporting, there is no visible report in
kernel dmesg to report supper block errors.
In fact, return value of scrub_checksum_super() is intentionally
skipped, thus scrub_handle_errored_block() will never be called for
super blocks.
[FIX]
Make super block errors to output an error message, now the full
dmesg would looks like this:
BTRFS info (device dm-1): scrub: started on devid 2
BTRFS warning (device dm-1): super block error on device /dev/mapper/test-scratch2, physical 67108864
BTRFS error (device dm-1): bdev /dev/mapper/test-scratch2 errs: wr 0, rd 0, flush 0, corrupt 1, gen 0
BTRFS info (device dm-1): scrub: finished on devid 2 with status: 0
BTRFS info (device dm-1): scrub: started on devid 2
This fix involves:
- Move the super_errors reporting to scrub_handle_errored_block()
This allows the device status message to show after the super block
error message.
But now we no longer distinguish super block corruption and generation
mismatch, now all counted as corruption.
- Properly check the return value from scrub_checksum_super()
- Add extra super block error reporting for scrub_print_warning().
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/scrub.c | 33 ++++++++++++---------------------
1 file changed, 12 insertions(+), 21 deletions(-)
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 3afe5fa50a63..0fe7c4882e1f 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -729,6 +729,13 @@ static void scrub_print_warning(const char *errstr, struct scrub_block *sblock)
dev = sblock->sectors[0]->dev;
fs_info = sblock->sctx->fs_info;
+ /* Super block error, no need to search extent tree. */
+ if (sblock->sectors[0]->flags & BTRFS_EXTENT_FLAG_SUPER) {
+ btrfs_warn_in_rcu(fs_info, "%s on device %s, physical %llu",
+ errstr, rcu_str_deref(dev->name),
+ sblock->sectors[0]->physical);
+ return;
+ }
path = btrfs_alloc_path();
if (!path)
return;
@@ -804,7 +811,7 @@ static inline void scrub_put_recover(struct btrfs_fs_info *fs_info,
static int scrub_handle_errored_block(struct scrub_block *sblock_to_check)
{
struct scrub_ctx *sctx = sblock_to_check->sctx;
- struct btrfs_device *dev;
+ struct btrfs_device *dev = sblock_to_check->sectors[0]->dev;
struct btrfs_fs_info *fs_info;
u64 logical;
unsigned int failed_mirror_index;
@@ -825,13 +832,15 @@ static int scrub_handle_errored_block(struct scrub_block *sblock_to_check)
fs_info = sctx->fs_info;
if (sblock_to_check->sectors[0]->flags & BTRFS_EXTENT_FLAG_SUPER) {
/*
- * if we find an error in a super block, we just report it.
+ * If we find an error in a super block, we just report it.
* They will get written with the next transaction commit
* anyway
*/
+ scrub_print_warning("super block error", sblock_to_check);
spin_lock(&sctx->stat_lock);
++sctx->stat.super_errors;
spin_unlock(&sctx->stat_lock);
+ btrfs_dev_stat_inc_and_print(dev, BTRFS_DEV_STAT_CORRUPTION_ERRS);
return 0;
}
logical = sblock_to_check->sectors[0]->logical;
@@ -840,7 +849,6 @@ static int scrub_handle_errored_block(struct scrub_block *sblock_to_check)
is_metadata = !(sblock_to_check->sectors[0]->flags &
BTRFS_EXTENT_FLAG_DATA);
have_csum = sblock_to_check->sectors[0]->have_csum;
- dev = sblock_to_check->sectors[0]->dev;
if (!sctx->is_dev_replace && btrfs_repair_one_zone(fs_info, logical))
return 0;
@@ -1762,7 +1770,7 @@ static int scrub_checksum(struct scrub_block *sblock)
else if (flags & BTRFS_EXTENT_FLAG_TREE_BLOCK)
ret = scrub_checksum_tree_block(sblock);
else if (flags & BTRFS_EXTENT_FLAG_SUPER)
- (void)scrub_checksum_super(sblock);
+ ret = scrub_checksum_super(sblock);
else
WARN_ON(1);
if (ret)
@@ -1901,23 +1909,6 @@ static int scrub_checksum_super(struct scrub_block *sblock)
if (memcmp(calculated_csum, s->csum, sctx->fs_info->csum_size))
++fail_cor;
- if (fail_cor + fail_gen) {
- /*
- * if we find an error in a super block, we just report it.
- * They will get written with the next transaction commit
- * anyway
- */
- spin_lock(&sctx->stat_lock);
- ++sctx->stat.super_errors;
- spin_unlock(&sctx->stat_lock);
- if (fail_cor)
- btrfs_dev_stat_inc_and_print(sector->dev,
- BTRFS_DEV_STAT_CORRUPTION_ERRS);
- else
- btrfs_dev_stat_inc_and_print(sector->dev,
- BTRFS_DEV_STAT_GENERATION_ERRS);
- }
-
return fail_cor + fail_gen;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 785/862] btrfs: scrub: try to fix super block errors
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (783 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 784/862] btrfs: scrub: properly report super block errors in system log Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 786/862] btrfs: dont print information about space cache or tree every remount Greg Kroah-Hartman
` (91 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit f9eab5f0bba76742af654f33d517bf62a0db8f12 ]
[BUG]
The following script shows that, although scrub can detect super block
errors, it never tries to fix it:
mkfs.btrfs -f -d raid1 -m raid1 $dev1 $dev2
xfs_io -c "pwrite 67108864 4k" $dev2
mount $dev1 $mnt
btrfs scrub start -B $dev2
btrfs scrub start -Br $dev2
umount $mnt
The first scrub reports the super error correctly:
scrub done for f3289218-abd3-41ac-a630-202f766c0859
Scrub started: Tue Aug 2 14:44:11 2022
Status: finished
Duration: 0:00:00
Total to scrub: 1.26GiB
Rate: 0.00B/s
Error summary: super=1
Corrected: 0
Uncorrectable: 0
Unverified: 0
But the second read-only scrub still reports the same super error:
Scrub started: Tue Aug 2 14:44:11 2022
Status: finished
Duration: 0:00:00
Total to scrub: 1.26GiB
Rate: 0.00B/s
Error summary: super=1
Corrected: 0
Uncorrectable: 0
Unverified: 0
[CAUSE]
The comments already shows that super block can be easily fixed by
committing a transaction:
/*
* If we find an error in a super block, we just report it.
* They will get written with the next transaction commit
* anyway
*/
But the truth is, such assumption is not always true, and since scrub
should try to repair every error it found (except for read-only scrub),
we should really actively commit a transaction to fix this.
[FIX]
Just commit a transaction if we found any super block errors, after
everything else is done.
We cannot do this just after scrub_supers(), as
btrfs_commit_transaction() will try to pause and wait for the running
scrub, thus we can not call it with scrub_lock hold.
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/scrub.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 0fe7c4882e1f..7d9b09e3ca70 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -4093,6 +4093,7 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
int ret;
struct btrfs_device *dev;
unsigned int nofs_flag;
+ bool need_commit = false;
if (btrfs_fs_closing(fs_info))
return -EAGAIN;
@@ -4196,6 +4197,12 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
*/
nofs_flag = memalloc_nofs_save();
if (!is_dev_replace) {
+ u64 old_super_errors;
+
+ spin_lock(&sctx->stat_lock);
+ old_super_errors = sctx->stat.super_errors;
+ spin_unlock(&sctx->stat_lock);
+
btrfs_info(fs_info, "scrub: started on devid %llu", devid);
/*
* by holding device list mutex, we can
@@ -4204,6 +4211,16 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
mutex_lock(&fs_info->fs_devices->device_list_mutex);
ret = scrub_supers(sctx, dev);
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
+
+ spin_lock(&sctx->stat_lock);
+ /*
+ * Super block errors found, but we can not commit transaction
+ * at current context, since btrfs_commit_transaction() needs
+ * to pause the current running scrub (hold by ourselves).
+ */
+ if (sctx->stat.super_errors > old_super_errors && !sctx->readonly)
+ need_commit = true;
+ spin_unlock(&sctx->stat_lock);
}
if (!ret)
@@ -4230,6 +4247,25 @@ int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start,
scrub_workers_put(fs_info);
scrub_put_ctx(sctx);
+ /*
+ * We found some super block errors before, now try to force a
+ * transaction commit, as scrub has finished.
+ */
+ if (need_commit) {
+ struct btrfs_trans_handle *trans;
+
+ trans = btrfs_start_transaction(fs_info->tree_root, 0);
+ if (IS_ERR(trans)) {
+ ret = PTR_ERR(trans);
+ btrfs_err(fs_info,
+ "scrub: failed to start transaction to fix super block errors: %d", ret);
+ return ret;
+ }
+ ret = btrfs_commit_transaction(trans);
+ if (ret < 0)
+ btrfs_err(fs_info,
+ "scrub: failed to commit transaction to fix super block errors: %d", ret);
+ }
return ret;
out:
scrub_workers_put(fs_info);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 786/862] btrfs: dont print information about space cache or tree every remount
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (784 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 785/862] btrfs: scrub: try to fix super block errors Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 787/862] btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure Greg Kroah-Hartman
` (90 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej S. Szmigiero, David Sterba,
Sasha Levin
From: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
[ Upstream commit dbecac26630014d336a8e5ea67096ff18210fb9c ]
btrfs currently prints information about space cache or free space tree
being in use on every remount, regardless whether such remount actually
enabled or disabled one of these features.
This is actually unnecessary since providing remount options changing the
state of these features will explicitly print the appropriate notice.
Let's instead print such unconditional information just on an initial mount
to avoid filling the kernel log when, for example, laptop-mode-tools
remount the fs on some events.
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/super.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 6eeb3402b4a2..ad3ce9700eaf 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -626,6 +626,7 @@ int btrfs_parse_options(struct btrfs_fs_info *info, char *options,
int saved_compress_level;
bool saved_compress_force;
int no_compress = 0;
+ const bool remounting = test_bit(BTRFS_FS_STATE_REMOUNTING, &info->fs_state);
if (btrfs_fs_compat_ro(info, FREE_SPACE_TREE))
btrfs_set_opt(info->mount_opt, FREE_SPACE_TREE);
@@ -1137,10 +1138,12 @@ int btrfs_parse_options(struct btrfs_fs_info *info, char *options,
}
if (!ret)
ret = btrfs_check_mountopts_zoned(info);
- if (!ret && btrfs_test_opt(info, SPACE_CACHE))
- btrfs_info(info, "disk space caching is enabled");
- if (!ret && btrfs_test_opt(info, FREE_SPACE_TREE))
- btrfs_info(info, "using free space tree");
+ if (!ret && !remounting) {
+ if (btrfs_test_opt(info, SPACE_CACHE))
+ btrfs_info(info, "disk space caching is enabled");
+ if (btrfs_test_opt(info, FREE_SPACE_TREE))
+ btrfs_info(info, "using free space tree");
+ }
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 787/862] btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (785 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 786/862] btrfs: dont print information about space cache or tree every remount Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 788/862] arm64: dts: uniphier: Add USB-device support for PXs3 reference board Greg Kroah-Hartman
` (89 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, David Sterba, Sasha Levin
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit 8a1ae2781dee9fc21ca82db682d37bea4bd074ad ]
Now that lockdep is staying enabled through our entire CI runs I started
seeing the following stack in generic/475
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2171864 at fs/btrfs/discard.c:604 btrfs_discard_update_discardable+0x98/0xb0
CPU: 1 PID: 2171864 Comm: kworker/u4:0 Not tainted 5.19.0-rc8+ #789
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014
Workqueue: btrfs-cache btrfs_work_helper
RIP: 0010:btrfs_discard_update_discardable+0x98/0xb0
RSP: 0018:ffffb857c2f7bad0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8c85c605c200 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff86807c5b RDI: ffffffff868a831e
RBP: ffff8c85c4c54000 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8c85c66932f0 R11: 0000000000000001 R12: ffff8c85c3899010
R13: ffff8c85d5be4f40 R14: ffff8c85c4c54000 R15: ffff8c86114bfa80
FS: 0000000000000000(0000) GS:ffff8c863bd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2e7f168160 CR3: 000000010289a004 CR4: 0000000000370ee0
Call Trace:
__btrfs_remove_free_space_cache+0x27/0x30
load_free_space_cache+0xad2/0xaf0
caching_thread+0x40b/0x650
? lock_release+0x137/0x2d0
btrfs_work_helper+0xf2/0x3e0
? lock_is_held_type+0xe2/0x140
process_one_work+0x271/0x590
? process_one_work+0x590/0x590
worker_thread+0x52/0x3b0
? process_one_work+0x590/0x590
kthread+0xf0/0x120
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
This is the code
ctl = block_group->free_space_ctl;
discard_ctl = &block_group->fs_info->discard_ctl;
lockdep_assert_held(&ctl->tree_lock);
We have a temporary free space ctl for loading the free space cache in
order to avoid having allocations happening while we're loading the
cache. When we hit an error we free it all up, however this also calls
btrfs_discard_update_discardable, which requires
block_group->free_space_ctl->tree_lock to be held. However this is our
temporary ctl so this lock isn't held. Fix this by calling
__btrfs_remove_free_space_cache_locked instead so that we only clean up
the entries and do not mess with the discardable stats.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/free-space-cache.c | 53 +++++++++++++++++++++++++++-----------------
1 file changed, 33 insertions(+), 20 deletions(-)
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -48,6 +48,25 @@ static void bitmap_clear_bits(struct btr
struct btrfs_free_space *info, u64 offset,
u64 bytes, bool update_stats);
+static void __btrfs_remove_free_space_cache_locked(
+ struct btrfs_free_space_ctl *ctl)
+{
+ struct btrfs_free_space *info;
+ struct rb_node *node;
+
+ while ((node = rb_last(&ctl->free_space_offset)) != NULL) {
+ info = rb_entry(node, struct btrfs_free_space, offset_index);
+ if (!info->bitmap) {
+ unlink_free_space(ctl, info, true);
+ kmem_cache_free(btrfs_free_space_cachep, info);
+ } else {
+ free_bitmap(ctl, info);
+ }
+
+ cond_resched_lock(&ctl->tree_lock);
+ }
+}
+
static struct inode *__lookup_free_space_inode(struct btrfs_root *root,
struct btrfs_path *path,
u64 offset)
@@ -881,7 +900,14 @@ out:
return ret;
free_cache:
io_ctl_drop_pages(&io_ctl);
- __btrfs_remove_free_space_cache(ctl);
+
+ /*
+ * We need to call the _locked variant so we don't try to update the
+ * discard counters.
+ */
+ spin_lock(&ctl->tree_lock);
+ __btrfs_remove_free_space_cache_locked(ctl);
+ spin_unlock(&ctl->tree_lock);
goto out;
}
@@ -1007,7 +1033,13 @@ int load_free_space_cache(struct btrfs_b
if (ret == 0)
ret = 1;
} else {
+ /*
+ * We need to call the _locked variant so we don't try to update
+ * the discard counters.
+ */
+ spin_lock(&tmp_ctl.tree_lock);
__btrfs_remove_free_space_cache(&tmp_ctl);
+ spin_unlock(&tmp_ctl.tree_lock);
btrfs_warn(fs_info,
"block group %llu has wrong amount of free space",
block_group->start);
@@ -2970,25 +3002,6 @@ static void __btrfs_return_cluster_to_fr
btrfs_put_block_group(block_group);
}
-static void __btrfs_remove_free_space_cache_locked(
- struct btrfs_free_space_ctl *ctl)
-{
- struct btrfs_free_space *info;
- struct rb_node *node;
-
- while ((node = rb_last(&ctl->free_space_offset)) != NULL) {
- info = rb_entry(node, struct btrfs_free_space, offset_index);
- if (!info->bitmap) {
- unlink_free_space(ctl, info, true);
- kmem_cache_free(btrfs_free_space_cachep, info);
- } else {
- free_bitmap(ctl, info);
- }
-
- cond_resched_lock(&ctl->tree_lock);
- }
-}
-
void __btrfs_remove_free_space_cache(struct btrfs_free_space_ctl *ctl)
{
spin_lock(&ctl->tree_lock);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 788/862] arm64: dts: uniphier: Add USB-device support for PXs3 reference board
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (786 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 787/862] btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 789/862] ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack() Greg Kroah-Hartman
` (88 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kunihiko Hayashi, Arnd Bergmann, Sasha Levin
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
[ Upstream commit 19fee1a1096d21ab1f1e712148b5417bda2939a2 ]
PXs3 reference board can change each USB port 0 and 1 to device mode
with jumpers. Prepare devicetree sources for USB port 0 and 1.
This specifies dr_mode, pinctrl, and some quirks and removes nodes for
unused phys and vbus-supply properties.
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/20220913042321.4817-8-hayashi.kunihiko@socionext.com'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/uniphier-pinctrl.dtsi | 10 +++++
arch/arm64/boot/dts/socionext/Makefile | 4 +-
.../socionext/uniphier-pxs3-ref-gadget0.dts | 41 +++++++++++++++++++
.../socionext/uniphier-pxs3-ref-gadget1.dts | 40 ++++++++++++++++++
4 files changed, 94 insertions(+), 1 deletion(-)
create mode 100644 arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget0.dts
create mode 100644 arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget1.dts
diff --git a/arch/arm/boot/dts/uniphier-pinctrl.dtsi b/arch/arm/boot/dts/uniphier-pinctrl.dtsi
index c0fd029b37e5..f909ec2e5333 100644
--- a/arch/arm/boot/dts/uniphier-pinctrl.dtsi
+++ b/arch/arm/boot/dts/uniphier-pinctrl.dtsi
@@ -196,11 +196,21 @@
function = "usb0";
};
+ pinctrl_usb0_device: usb0-device {
+ groups = "usb0_device";
+ function = "usb0";
+ };
+
pinctrl_usb1: usb1 {
groups = "usb1";
function = "usb1";
};
+ pinctrl_usb1_device: usb1-device {
+ groups = "usb1_device";
+ function = "usb1";
+ };
+
pinctrl_usb2: usb2 {
groups = "usb2";
function = "usb2";
diff --git a/arch/arm64/boot/dts/socionext/Makefile b/arch/arm64/boot/dts/socionext/Makefile
index dda3da33614b..33989a9643ac 100644
--- a/arch/arm64/boot/dts/socionext/Makefile
+++ b/arch/arm64/boot/dts/socionext/Makefile
@@ -5,4 +5,6 @@ dtb-$(CONFIG_ARCH_UNIPHIER) += \
uniphier-ld20-akebi96.dtb \
uniphier-ld20-global.dtb \
uniphier-ld20-ref.dtb \
- uniphier-pxs3-ref.dtb
+ uniphier-pxs3-ref.dtb \
+ uniphier-pxs3-ref-gadget0.dtb \
+ uniphier-pxs3-ref-gadget1.dtb
diff --git a/arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget0.dts b/arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget0.dts
new file mode 100644
index 000000000000..7069f51bc120
--- /dev/null
+++ b/arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget0.dts
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+//
+// Device Tree Source for UniPhier PXs3 Reference Board (for USB-Device #0)
+//
+// Copyright (C) 2021 Socionext Inc.
+// Author: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
+
+/dts-v1/;
+#include "uniphier-pxs3-ref.dts"
+
+/ {
+ model = "UniPhier PXs3 Reference Board (USB-Device #0)";
+};
+
+/* I2C3 pinctrl is shared with USB*VBUSIN */
+&i2c3 {
+ status = "disabled";
+};
+
+&usb0 {
+ status = "okay";
+ dr_mode = "peripheral";
+ pinctrl-0 = <&pinctrl_usb0_device>;
+ snps,dis_enblslpm_quirk;
+ snps,dis_u2_susphy_quirk;
+ snps,dis_u3_susphy_quirk;
+ snps,usb2_gadget_lpm_disable;
+ phy-names = "usb2-phy", "usb3-phy";
+ phys = <&usb0_hsphy0>, <&usb0_ssphy0>;
+};
+
+&usb0_hsphy0 {
+ /delete-property/ vbus-supply;
+};
+
+&usb0_ssphy0 {
+ /delete-property/ vbus-supply;
+};
+
+/delete-node/ &usb0_hsphy1;
+/delete-node/ &usb0_ssphy1;
diff --git a/arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget1.dts b/arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget1.dts
new file mode 100644
index 000000000000..a3cfa8113ffb
--- /dev/null
+++ b/arch/arm64/boot/dts/socionext/uniphier-pxs3-ref-gadget1.dts
@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+//
+// Device Tree Source for UniPhier PXs3 Reference Board (for USB-Device #1)
+//
+// Copyright (C) 2021 Socionext Inc.
+// Author: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
+
+/dts-v1/;
+#include "uniphier-pxs3-ref.dts"
+
+/ {
+ model = "UniPhier PXs3 Reference Board (USB-Device #1)";
+};
+
+/* I2C3 pinctrl is shared with USB*VBUSIN */
+&i2c3 {
+ status = "disabled";
+};
+
+&usb1 {
+ status = "okay";
+ dr_mode = "peripheral";
+ pinctrl-0 = <&pinctrl_usb1_device>;
+ snps,dis_enblslpm_quirk;
+ snps,dis_u2_susphy_quirk;
+ snps,dis_u3_susphy_quirk;
+ snps,usb2_gadget_lpm_disable;
+ phy-names = "usb2-phy", "usb3-phy";
+ phys = <&usb1_hsphy0>, <&usb1_ssphy0>;
+};
+
+&usb1_hsphy0 {
+ /delete-property/ vbus-supply;
+};
+
+&usb1_ssphy0 {
+ /delete-property/ vbus-supply;
+};
+
+/delete-node/ &usb1_hsphy1;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 789/862] ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (787 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 788/862] arm64: dts: uniphier: Add USB-device support for PXs3 reference board Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 790/862] ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value Greg Kroah-Hartman
` (87 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Huafei, Linus Waleij,
Russell King (Oracle),
Sasha Levin
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit 5854e4d8530e6ed4c2532a71a6b0474e199d44dd ]
When using the frame pointer unwinder, it was found that the stack trace
output of stack_trace_save() is incomplete if the stack contains
call_with_stack():
[0x7f00002c] dump_stack_task+0x2c/0x90 [hrtimer]
[0x7f0000a0] hrtimer_hander+0x10/0x18 [hrtimer]
[0x801a67f0] __hrtimer_run_queues+0x1b0/0x3b4
[0x801a7350] hrtimer_run_queues+0xc4/0xd8
[0x801a597c] update_process_times+0x3c/0x88
[0x801b5a98] tick_periodic+0x50/0xd8
[0x801b5bf4] tick_handle_periodic+0x24/0x84
[0x8010ffc4] twd_handler+0x38/0x48
[0x8017d220] handle_percpu_devid_irq+0xa8/0x244
[0x80176e9c] generic_handle_domain_irq+0x2c/0x3c
[0x8052e3a8] gic_handle_irq+0x7c/0x90
[0x808ab15c] generic_handle_arch_irq+0x60/0x80
[0x8051191c] call_with_stack+0x1c/0x20
For the frame pointer unwinder, unwind_frame() checks stackframe::fp by
stackframe::sp. Since call_with_stack() switches the SP from one stack
to another, stackframe::fp and stackframe: :sp will point to different
stacks, so we can no longer check stackframe::fp by stackframe::sp. Skip
checking stackframe::fp at this point to avoid this problem.
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Reviewed-by: Linus Waleij <linus.walleij@linaro.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/stacktrace.c | 40 ++++++++++++++++++++++++++++------
arch/arm/lib/call_with_stack.S | 2 ++
2 files changed, 35 insertions(+), 7 deletions(-)
diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c
index d0fa2037460a..af87040b0353 100644
--- a/arch/arm/kernel/stacktrace.c
+++ b/arch/arm/kernel/stacktrace.c
@@ -9,6 +9,8 @@
#include <asm/stacktrace.h>
#include <asm/traps.h>
+#include "reboot.h"
+
#if defined(CONFIG_FRAME_POINTER) && !defined(CONFIG_ARM_UNWIND)
/*
* Unwind the current stack frame and store the new register values in the
@@ -39,29 +41,53 @@
* Note that with framepointer enabled, even the leaf functions have the same
* prologue and epilogue, therefore we can ignore the LR value in this case.
*/
-int notrace unwind_frame(struct stackframe *frame)
+
+extern unsigned long call_with_stack_end;
+
+static int frame_pointer_check(struct stackframe *frame)
{
unsigned long high, low;
unsigned long fp = frame->fp;
+ unsigned long pc = frame->pc;
+
+ /*
+ * call_with_stack() is the only place we allow SP to jump from one
+ * stack to another, with FP and SP pointing to different stacks,
+ * skipping the FP boundary check at this point.
+ */
+ if (pc >= (unsigned long)&call_with_stack &&
+ pc < (unsigned long)&call_with_stack_end)
+ return 0;
/* only go to a higher address on the stack */
low = frame->sp;
high = ALIGN(low, THREAD_SIZE);
-#ifdef CONFIG_CC_IS_CLANG
/* check current frame pointer is within bounds */
+#ifdef CONFIG_CC_IS_CLANG
if (fp < low + 4 || fp > high - 4)
return -EINVAL;
-
- frame->sp = frame->fp;
- frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));
- frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp + 4));
#else
- /* check current frame pointer is within bounds */
if (fp < low + 12 || fp > high - 4)
return -EINVAL;
+#endif
+
+ return 0;
+}
+
+int notrace unwind_frame(struct stackframe *frame)
+{
+ unsigned long fp = frame->fp;
+
+ if (frame_pointer_check(frame))
+ return -EINVAL;
/* restore the registers from the stack frame */
+#ifdef CONFIG_CC_IS_CLANG
+ frame->sp = frame->fp;
+ frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));
+ frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp + 4));
+#else
frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 12));
frame->sp = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 8));
frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 4));
diff --git a/arch/arm/lib/call_with_stack.S b/arch/arm/lib/call_with_stack.S
index 0a268a6c513c..5030d4e8d126 100644
--- a/arch/arm/lib/call_with_stack.S
+++ b/arch/arm/lib/call_with_stack.S
@@ -46,4 +46,6 @@ UNWIND( .setfp fpreg, sp )
pop {fpreg, pc}
UNWIND( .fnend )
#endif
+ .globl call_with_stack_end
+call_with_stack_end:
ENDPROC(call_with_stack)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 790/862] ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (788 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 789/862] ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack() Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 791/862] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n Greg Kroah-Hartman
` (86 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Huafei, Linus Waleij,
Russell King (Oracle),
Sasha Levin
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit 752ec621ef5c30777958cc5eb5f1cf394f7733f4 ]
Because an exception stack frame is not created in the exception entry,
save_trace() does special handling for the exception PC, but this is
only needed when CONFIG_FRAME_POINTER_UNWIND=y. When
CONFIG_ARM_UNWIND=y, unwind annotations have been added to the exception
entry and save_trace() will repeatedly save the exception PC:
[0x7f000090] hrtimer_hander+0x8/0x10 [hrtimer]
[0x8019ec50] __hrtimer_run_queues+0x18c/0x394
[0x8019f760] hrtimer_run_queues+0xbc/0xd0
[0x8019def0] update_process_times+0x34/0x80
[0x801ad2a4] tick_periodic+0x48/0xd0
[0x801ad3dc] tick_handle_periodic+0x1c/0x7c
[0x8010f2e0] twd_handler+0x30/0x40
[0x80177620] handle_percpu_devid_irq+0xa0/0x23c
[0x801718d0] generic_handle_domain_irq+0x24/0x34
[0x80502d28] gic_handle_irq+0x74/0x88
[0x8085817c] generic_handle_arch_irq+0x58/0x78
[0x80100ba8] __irq_svc+0x88/0xc8
[0x80108114] arch_cpu_idle+0x38/0x3c
[0x80108114] arch_cpu_idle+0x38/0x3c <==== duplicate saved exception PC
[0x80861bf8] default_idle_call+0x38/0x130
[0x8015d5cc] do_idle+0x150/0x214
[0x8015d978] cpu_startup_entry+0x18/0x1c
[0x808589c0] rest_init+0xd8/0xdc
[0x80c00a44] arch_post_acpi_subsys_init+0x0/0x8
We can move the special handling of the exception PC in save_trace() to
the unwind_frame() of the frame pointer unwinder.
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Reviewed-by: Linus Waleij <linus.walleij@linaro.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/include/asm/stacktrace.h | 6 +++++
arch/arm/kernel/return_address.c | 1 +
arch/arm/kernel/stacktrace.c | 44 +++++++++++++++++++++----------
3 files changed, 37 insertions(+), 14 deletions(-)
diff --git a/arch/arm/include/asm/stacktrace.h b/arch/arm/include/asm/stacktrace.h
index 3e78f921b8b2..39be2d1aa27b 100644
--- a/arch/arm/include/asm/stacktrace.h
+++ b/arch/arm/include/asm/stacktrace.h
@@ -21,6 +21,9 @@ struct stackframe {
struct llist_node *kr_cur;
struct task_struct *tsk;
#endif
+#ifdef CONFIG_UNWINDER_FRAME_POINTER
+ bool ex_frame;
+#endif
};
static __always_inline
@@ -34,6 +37,9 @@ void arm_get_current_stackframe(struct pt_regs *regs, struct stackframe *frame)
frame->kr_cur = NULL;
frame->tsk = current;
#endif
+#ifdef CONFIG_UNWINDER_FRAME_POINTER
+ frame->ex_frame = in_entry_text(frame->pc);
+#endif
}
extern int unwind_frame(struct stackframe *frame);
diff --git a/arch/arm/kernel/return_address.c b/arch/arm/kernel/return_address.c
index 8aac1e10b117..38f1ea9c724d 100644
--- a/arch/arm/kernel/return_address.c
+++ b/arch/arm/kernel/return_address.c
@@ -47,6 +47,7 @@ void *return_address(unsigned int level)
frame.kr_cur = NULL;
frame.tsk = current;
#endif
+ frame.ex_frame = false;
walk_stackframe(&frame, save_return_addr, &data);
diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c
index af87040b0353..85443b5d1922 100644
--- a/arch/arm/kernel/stacktrace.c
+++ b/arch/arm/kernel/stacktrace.c
@@ -82,6 +82,27 @@ int notrace unwind_frame(struct stackframe *frame)
if (frame_pointer_check(frame))
return -EINVAL;
+ /*
+ * When we unwind through an exception stack, include the saved PC
+ * value into the stack trace.
+ */
+ if (frame->ex_frame) {
+ struct pt_regs *regs = (struct pt_regs *)frame->sp;
+
+ /*
+ * We check that 'regs + sizeof(struct pt_regs)' (that is,
+ * ®s[1]) does not exceed the bottom of the stack to avoid
+ * accessing data outside the task's stack. This may happen
+ * when frame->ex_frame is a false positive.
+ */
+ if ((unsigned long)®s[1] > ALIGN(frame->sp, THREAD_SIZE))
+ return -EINVAL;
+
+ frame->pc = regs->ARM_pc;
+ frame->ex_frame = false;
+ return 0;
+ }
+
/* restore the registers from the stack frame */
#ifdef CONFIG_CC_IS_CLANG
frame->sp = frame->fp;
@@ -98,6 +119,9 @@ int notrace unwind_frame(struct stackframe *frame)
(void *)frame->fp, &frame->kr_cur);
#endif
+ if (in_entry_text(frame->pc))
+ frame->ex_frame = true;
+
return 0;
}
#endif
@@ -128,7 +152,6 @@ static int save_trace(struct stackframe *frame, void *d)
{
struct stack_trace_data *data = d;
struct stack_trace *trace = data->trace;
- struct pt_regs *regs;
unsigned long addr = frame->pc;
if (data->no_sched_functions && in_sched_functions(addr))
@@ -139,19 +162,6 @@ static int save_trace(struct stackframe *frame, void *d)
}
trace->entries[trace->nr_entries++] = addr;
-
- if (trace->nr_entries >= trace->max_entries)
- return 1;
-
- if (!in_entry_text(frame->pc))
- return 0;
-
- regs = (struct pt_regs *)frame->sp;
- if ((unsigned long)®s[1] > ALIGN(frame->sp, THREAD_SIZE))
- return 0;
-
- trace->entries[trace->nr_entries++] = regs->ARM_pc;
-
return trace->nr_entries >= trace->max_entries;
}
@@ -193,6 +203,9 @@ static noinline void __save_stack_trace(struct task_struct *tsk,
frame.kr_cur = NULL;
frame.tsk = tsk;
#endif
+#ifdef CONFIG_UNWINDER_FRAME_POINTER
+ frame.ex_frame = false;
+#endif
walk_stackframe(&frame, save_trace, &data);
}
@@ -214,6 +227,9 @@ void save_stack_trace_regs(struct pt_regs *regs, struct stack_trace *trace)
frame.kr_cur = NULL;
frame.tsk = current;
#endif
+#ifdef CONFIG_UNWINDER_FRAME_POINTER
+ frame.ex_frame = in_entry_text(frame.pc);
+#endif
walk_stackframe(&frame, save_trace, &data);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 791/862] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (789 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 790/862] ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 792/862] clk: zynqmp: Fix stack-out-of-bounds in strncpy` Greg Kroah-Hartman
` (85 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Walleij, Alexander Sverdlin,
Russell King (Oracle),
Sasha Levin
From: Alex Sverdlin <alexander.sverdlin@nokia.com>
[ Upstream commit 823f606ab6b4759a1faf0388abcf4fb0776710d2 ]
In case CONFIG_KASAN_VMALLOC=y kasan_populate_vmalloc() allocates the
shadow pages dynamically. But even worse is that kasan_release_vmalloc()
releases them, which is not compatible with create_mapping() of
MODULES_VADDR..MODULES_END range:
BUG: Bad page state in process kworker/9:1 pfn:2068b
page:e5e06160 refcount:0 mapcount:0 mapping:00000000 index:0x0
flags: 0x1000(reserved)
raw: 00001000 e5e06164 e5e06164 00000000 00000000 00000000 ffffffff 00000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
bad because of flags: 0x1000(reserved)
Modules linked in: ip_tables
CPU: 9 PID: 154 Comm: kworker/9:1 Not tainted 5.4.188-... #1
Hardware name: LSI Axxia AXM55XX
Workqueue: events do_free_init
unwind_backtrace
show_stack
dump_stack
bad_page
free_pcp_prepare
free_unref_page
kasan_depopulate_vmalloc_pte
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
do_free_init
process_one_work
worker_thread
kthread
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/kasan_init.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mm/kasan_init.c b/arch/arm/mm/kasan_init.c
index 29caee9c79ce..46d9f4a622cb 100644
--- a/arch/arm/mm/kasan_init.c
+++ b/arch/arm/mm/kasan_init.c
@@ -268,12 +268,17 @@ void __init kasan_init(void)
/*
* 1. The module global variables are in MODULES_VADDR ~ MODULES_END,
- * so we need to map this area.
+ * so we need to map this area if CONFIG_KASAN_VMALLOC=n. With
+ * VMALLOC support KASAN will manage this region dynamically,
+ * refer to kasan_populate_vmalloc() and ARM's implementation of
+ * module_alloc().
* 2. PKMAP_BASE ~ PKMAP_BASE+PMD_SIZE's shadow and MODULES_VADDR
* ~ MODULES_END's shadow is in the same PMD_SIZE, so we can't
* use kasan_populate_zero_shadow.
*/
- create_mapping((void *)MODULES_VADDR, (void *)(PKMAP_BASE + PMD_SIZE));
+ if (!IS_ENABLED(CONFIG_KASAN_VMALLOC) && IS_ENABLED(CONFIG_MODULES))
+ create_mapping((void *)MODULES_VADDR, (void *)(MODULES_END));
+ create_mapping((void *)PKMAP_BASE, (void *)(PKMAP_BASE + PMD_SIZE));
/*
* KAsan may reuse the contents of kasan_early_shadow_pte directly, so
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 792/862] clk: zynqmp: Fix stack-out-of-bounds in strncpy`
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (790 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 791/862] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 793/862] media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Greg Kroah-Hartman
` (84 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Nam, Shubhrajyoti Datta,
Michal Simek, Stephen Boyd, Sasha Levin
From: Ian Nam <young.kwan.nam@xilinx.com>
[ Upstream commit dd80fb2dbf1cd8751efbe4e53e54056f56a9b115 ]
"BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68"
Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is
longer than 15 bytes, string terminated NULL character will not be received
by Linux. Add explicit NULL character at last byte to fix issues when clock
name is longer.
This fixes below bug reported by KASAN:
==================================================================
BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68
Read of size 1 at addr ffff0008c89a7410 by task swapper/0/1
CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.4.0-00396-g81ef9e7-dirty #3
Hardware name: Xilinx Versal vck190 Eval board revA (QSPI) (DT)
Call trace:
dump_backtrace+0x0/0x1e8
show_stack+0x14/0x20
dump_stack+0xd4/0x108
print_address_description.isra.0+0xbc/0x37c
__kasan_report+0x144/0x198
kasan_report+0xc/0x18
__asan_load1+0x5c/0x68
strncpy+0x30/0x68
zynqmp_clock_probe+0x238/0x7b8
platform_drv_probe+0x6c/0xc8
really_probe+0x14c/0x418
driver_probe_device+0x74/0x130
__device_attach_driver+0xc4/0xe8
bus_for_each_drv+0xec/0x150
__device_attach+0x160/0x1d8
device_initial_probe+0x10/0x18
bus_probe_device+0xe0/0xf0
device_add+0x528/0x950
of_device_add+0x5c/0x80
of_platform_device_create_pdata+0x120/0x168
of_platform_bus_create+0x244/0x4e0
of_platform_populate+0x50/0xe8
zynqmp_firmware_probe+0x370/0x3a8
platform_drv_probe+0x6c/0xc8
really_probe+0x14c/0x418
driver_probe_device+0x74/0x130
device_driver_attach+0x94/0xa0
__driver_attach+0x70/0x108
bus_for_each_dev+0xe4/0x158
driver_attach+0x30/0x40
bus_add_driver+0x21c/0x2b8
driver_register+0xbc/0x1d0
__platform_driver_register+0x7c/0x88
zynqmp_firmware_driver_init+0x1c/0x24
do_one_initcall+0xa4/0x234
kernel_init_freeable+0x1b0/0x24c
kernel_init+0x10/0x110
ret_from_fork+0x10/0x18
The buggy address belongs to the page:
page:ffff0008f9be1c88 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
raw: 0008d00000000000 ffff0008f9be1c90 ffff0008f9be1c90 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff
page dumped because: kasan: bad access detected
addr ffff0008c89a7410 is located in stack of task swapper/0/1 at offset 112 in frame:
zynqmp_clock_probe+0x0/0x7b8
this frame has 3 objects:
[32, 44) 'response'
[64, 80) 'ret_payload'
[96, 112) 'name'
Memory state around the buggy address:
ffff0008c89a7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0008c89a7380: 00 00 00 00 f1 f1 f1 f1 00 04 f2 f2 00 00 f2 f2
>ffff0008c89a7400: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
^
ffff0008c89a7480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0008c89a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Signed-off-by: Ian Nam <young.kwan.nam@xilinx.com>
Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Link: https://lore.kernel.org/r/20220510070154.29528-3-shubhrajyoti.datta@xilinx.com
Acked-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/zynqmp/clkc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/clk/zynqmp/clkc.c b/drivers/clk/zynqmp/clkc.c
index eb25303eefed..2c9da6623b84 100644
--- a/drivers/clk/zynqmp/clkc.c
+++ b/drivers/clk/zynqmp/clkc.c
@@ -710,6 +710,13 @@ static void zynqmp_get_clock_info(void)
FIELD_PREP(CLK_ATTR_NODE_INDEX, i);
zynqmp_pm_clock_get_name(clock[i].clk_id, &name);
+
+ /*
+ * Terminate with NULL character in case name provided by firmware
+ * is longer and truncated due to size limit.
+ */
+ name.name[sizeof(name.name) - 1] = '\0';
+
if (!strcmp(name.name, RESERVED_CLK_NAME))
continue;
strncpy(clock[i].clk_name, name.name, MAX_NAME_LEN);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 793/862] media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (791 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 792/862] clk: zynqmp: Fix stack-out-of-bounds in strncpy` Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 794/862] media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc Greg Kroah-Hartman
` (83 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 2b064d91440b33fba5b452f2d1b31f13ae911d71 ]
When the driver calls cx88_risc_buffer() to prepare the buffer, the
function call may fail, resulting in a empty buffer and null-ptr-deref
later in buffer_queue().
The following log can reveal it:
[ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
[ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 41.828027] RIP: 0010:buffer_queue+0xc2/0x500
[ 41.836311] Call Trace:
[ 41.836945] __enqueue_in_driver+0x141/0x360
[ 41.837262] vb2_start_streaming+0x62/0x4a0
[ 41.838216] vb2_core_streamon+0x1da/0x2c0
[ 41.838516] __vb2_init_fileio+0x981/0xbc0
[ 41.839141] __vb2_perform_fileio+0xbf9/0x1120
[ 41.840072] vb2_fop_read+0x20e/0x400
[ 41.840346] v4l2_read+0x215/0x290
[ 41.840603] vfs_read+0x162/0x4c0
Fix this by checking the return value of cx88_risc_buffer()
[hverkuil: fix coding style issues]
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx88/cx88-vbi.c | 9 +++---
drivers/media/pci/cx88/cx88-video.c | 43 +++++++++++++++--------------
2 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/drivers/media/pci/cx88/cx88-vbi.c b/drivers/media/pci/cx88/cx88-vbi.c
index a075788c64d4..469aeaa725ad 100644
--- a/drivers/media/pci/cx88/cx88-vbi.c
+++ b/drivers/media/pci/cx88/cx88-vbi.c
@@ -144,11 +144,10 @@ static int buffer_prepare(struct vb2_buffer *vb)
return -EINVAL;
vb2_set_plane_payload(vb, 0, size);
- cx88_risc_buffer(dev->pci, &buf->risc, sgt->sgl,
- 0, VBI_LINE_LENGTH * lines,
- VBI_LINE_LENGTH, 0,
- lines);
- return 0;
+ return cx88_risc_buffer(dev->pci, &buf->risc, sgt->sgl,
+ 0, VBI_LINE_LENGTH * lines,
+ VBI_LINE_LENGTH, 0,
+ lines);
}
static void buffer_finish(struct vb2_buffer *vb)
diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c
index d3729be89252..b509c2a03852 100644
--- a/drivers/media/pci/cx88/cx88-video.c
+++ b/drivers/media/pci/cx88/cx88-video.c
@@ -431,6 +431,7 @@ static int queue_setup(struct vb2_queue *q,
static int buffer_prepare(struct vb2_buffer *vb)
{
+ int ret;
struct vb2_v4l2_buffer *vbuf = to_vb2_v4l2_buffer(vb);
struct cx8800_dev *dev = vb->vb2_queue->drv_priv;
struct cx88_core *core = dev->core;
@@ -445,35 +446,35 @@ static int buffer_prepare(struct vb2_buffer *vb)
switch (core->field) {
case V4L2_FIELD_TOP:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl, 0, UNSET,
- buf->bpl, 0, core->height);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl, 0, UNSET,
+ buf->bpl, 0, core->height);
break;
case V4L2_FIELD_BOTTOM:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl, UNSET, 0,
- buf->bpl, 0, core->height);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl, UNSET, 0,
+ buf->bpl, 0, core->height);
break;
case V4L2_FIELD_SEQ_TB:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl,
- 0, buf->bpl * (core->height >> 1),
- buf->bpl, 0,
- core->height >> 1);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl,
+ 0, buf->bpl * (core->height >> 1),
+ buf->bpl, 0,
+ core->height >> 1);
break;
case V4L2_FIELD_SEQ_BT:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl,
- buf->bpl * (core->height >> 1), 0,
- buf->bpl, 0,
- core->height >> 1);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl,
+ buf->bpl * (core->height >> 1), 0,
+ buf->bpl, 0,
+ core->height >> 1);
break;
case V4L2_FIELD_INTERLACED:
default:
- cx88_risc_buffer(dev->pci, &buf->risc,
- sgt->sgl, 0, buf->bpl,
- buf->bpl, buf->bpl,
- core->height >> 1);
+ ret = cx88_risc_buffer(dev->pci, &buf->risc,
+ sgt->sgl, 0, buf->bpl,
+ buf->bpl, buf->bpl,
+ core->height >> 1);
break;
}
dprintk(2,
@@ -481,7 +482,7 @@ static int buffer_prepare(struct vb2_buffer *vb)
buf, buf->vb.vb2_buf.index, __func__,
core->width, core->height, dev->fmt->depth, dev->fmt->fourcc,
(unsigned long)buf->risc.dma);
- return 0;
+ return ret;
}
static void buffer_finish(struct vb2_buffer *vb)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 794/862] media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (792 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 793/862] media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 795/862] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Greg Kroah-Hartman
` (82 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit c65c3f3a2cbf21ed429d9b9c725bdb5dc6abf4cf ]
video_unregister_device will release device internally. There is no need to
call video_device_release after video_unregister_device.
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/amlogic/meson-ge2d/ge2d.c | 1 -
drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c | 1 -
drivers/media/platform/samsung/s5p-mfc/s5p_mfc.c | 3 +--
3 files changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/media/platform/amlogic/meson-ge2d/ge2d.c b/drivers/media/platform/amlogic/meson-ge2d/ge2d.c
index 5e7b319f300d..142d421a8d76 100644
--- a/drivers/media/platform/amlogic/meson-ge2d/ge2d.c
+++ b/drivers/media/platform/amlogic/meson-ge2d/ge2d.c
@@ -1030,7 +1030,6 @@ static int ge2d_remove(struct platform_device *pdev)
video_unregister_device(ge2d->vfd);
v4l2_m2m_release(ge2d->m2m_dev);
- video_device_release(ge2d->vfd);
v4l2_device_unregister(&ge2d->v4l2_dev);
clk_disable_unprepare(ge2d->clk);
diff --git a/drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c b/drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c
index 87685a62a5c2..3071b61946c3 100644
--- a/drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c
+++ b/drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c
@@ -1414,7 +1414,6 @@ static int mtk_jpeg_remove(struct platform_device *pdev)
pm_runtime_disable(&pdev->dev);
video_unregister_device(jpeg->vdev);
- video_device_release(jpeg->vdev);
v4l2_m2m_release(jpeg->m2m_dev);
v4l2_device_unregister(&jpeg->v4l2_dev);
diff --git a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc.c b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc.c
index 761341934925..f85d1eebafac 100644
--- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc.c
+++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc.c
@@ -1399,6 +1399,7 @@ static int s5p_mfc_probe(struct platform_device *pdev)
/* Deinit MFC if probe had failed */
err_enc_reg:
video_unregister_device(dev->vfd_dec);
+ dev->vfd_dec = NULL;
err_dec_reg:
video_device_release(dev->vfd_enc);
err_enc_alloc:
@@ -1444,8 +1445,6 @@ static int s5p_mfc_remove(struct platform_device *pdev)
video_unregister_device(dev->vfd_enc);
video_unregister_device(dev->vfd_dec);
- video_device_release(dev->vfd_enc);
- video_device_release(dev->vfd_dec);
v4l2_device_unregister(&dev->v4l2_dev);
s5p_mfc_unconfigure_dma_memory(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 795/862] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (793 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 794/862] media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 796/862] RDMA/rxe: Delete error messages triggered by incoming Read requests Greg Kroah-Hartman
` (81 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quanyang Wang, Shubhrajyoti Datta,
Stephen Boyd, Sasha Levin
From: Quanyang Wang <quanyang.wang@windriver.com>
[ Upstream commit 30eaf02149ecc3c5815e45d27187bf09e925071d ]
The function zynqmp_pll_round_rate is used to find a most appropriate
PLL frequency which the hardware can generate according to the desired
frequency. For example, if the desired frequency is 297MHz, considering
the limited range from PS_PLL_VCO_MIN (1.5GHz) to PS_PLL_VCO_MAX (3.0GHz)
of PLL, zynqmp_pll_round_rate should return 1.872GHz (297MHz * 5).
There are two problems with the current code of zynqmp_pll_round_rate:
1) When the rate is below PS_PLL_VCO_MIN, it can't find a correct rate
when the parameter "rate" is an integer multiple of *prate, in other words,
if "f" is zero, zynqmp_pll_round_rate won't return a valid frequency which
is from PS_PLL_VCO_MIN to PS_PLL_VCO_MAX. For example, *prate is 33MHz
and the rate is 660MHz, zynqmp_pll_round_rate will not boost up rate and
just return 660MHz, and this will cause clk_calc_new_rates failure since
zynqmp_pll_round_rate returns an invalid rate out of its boundaries.
2) Even if the rate is higher than PS_PLL_VCO_MIN, there is still a risk
that zynqmp_pll_round_rate returns an invalid rate because the function
DIV_ROUND_CLOSEST makes some loss in the fractional part. If the parent
clock *prate is 33333333Hz and we want to set the PLL rate to 1.5GHz,
this function will return 1499999985Hz by using the formula below:
value = *prate * DIV_ROUND_CLOSEST(rate, *prate)).
This value is also invalid since it's slightly smaller than PS_PLL_VCO_MIN.
because DIV_ROUND_CLOSEST makes some loss in the fractional part.
Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
Link: https://lore.kernel.org/r/20220826142030.213805-1-quanyang.wang@windriver.com
Reviewed-by: Shubhrajyoti Datta <shubhrajyoti.datta@amd.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/zynqmp/pll.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/drivers/clk/zynqmp/pll.c b/drivers/clk/zynqmp/pll.c
index 91a6b4cc910e..0d3e1377b092 100644
--- a/drivers/clk/zynqmp/pll.c
+++ b/drivers/clk/zynqmp/pll.c
@@ -102,26 +102,25 @@ static long zynqmp_pll_round_rate(struct clk_hw *hw, unsigned long rate,
unsigned long *prate)
{
u32 fbdiv;
- long rate_div, f;
+ u32 mult, div;
- /* Enable the fractional mode if needed */
- rate_div = (rate * FRAC_DIV) / *prate;
- f = rate_div % FRAC_DIV;
- if (f) {
- if (rate > PS_PLL_VCO_MAX) {
- fbdiv = rate / PS_PLL_VCO_MAX;
- rate = rate / (fbdiv + 1);
- }
- if (rate < PS_PLL_VCO_MIN) {
- fbdiv = DIV_ROUND_UP(PS_PLL_VCO_MIN, rate);
- rate = rate * fbdiv;
- }
- return rate;
+ /* Let rate fall inside the range PS_PLL_VCO_MIN ~ PS_PLL_VCO_MAX */
+ if (rate > PS_PLL_VCO_MAX) {
+ div = DIV_ROUND_UP(rate, PS_PLL_VCO_MAX);
+ rate = rate / div;
+ }
+ if (rate < PS_PLL_VCO_MIN) {
+ mult = DIV_ROUND_UP(PS_PLL_VCO_MIN, rate);
+ rate = rate * mult;
}
fbdiv = DIV_ROUND_CLOSEST(rate, *prate);
- fbdiv = clamp_t(u32, fbdiv, PLL_FBDIV_MIN, PLL_FBDIV_MAX);
- return *prate * fbdiv;
+ if (fbdiv < PLL_FBDIV_MIN || fbdiv > PLL_FBDIV_MAX) {
+ fbdiv = clamp_t(u32, fbdiv, PLL_FBDIV_MIN, PLL_FBDIV_MAX);
+ rate = *prate * fbdiv;
+ }
+
+ return rate;
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 796/862] RDMA/rxe: Delete error messages triggered by incoming Read requests
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (794 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 795/862] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 797/862] usb: host: xhci-plat: suspend and resume clocks Greg Kroah-Hartman
` (80 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daisuke Matsuda, Leon Romanovsky,
Sasha Levin
From: Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
[ Upstream commit 2c02249fcbfc066bd33e2a7375c7006d4cb367f6 ]
An incoming Read request causes multiple Read responses. If a user MR to
copy data from is unavailable or responder cannot send a reply, then the
error messages can be printed for each response attempt, resulting in
message overflow.
Link: https://lore.kernel.org/r/20220829071218.1639065-1-matsuda-daisuke@fujitsu.com
Signed-off-by: Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_resp.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c
index b36ec5c4d5e0..7c336db5cb54 100644
--- a/drivers/infiniband/sw/rxe/rxe_resp.c
+++ b/drivers/infiniband/sw/rxe/rxe_resp.c
@@ -809,10 +809,8 @@ static enum resp_states read_reply(struct rxe_qp *qp,
if (!skb)
return RESPST_ERR_RNR;
- err = rxe_mr_copy(mr, res->read.va, payload_addr(&ack_pkt),
- payload, RXE_FROM_MR_OBJ);
- if (err)
- pr_err("Failed copying memory\n");
+ rxe_mr_copy(mr, res->read.va, payload_addr(&ack_pkt),
+ payload, RXE_FROM_MR_OBJ);
if (mr)
rxe_put(mr);
@@ -823,10 +821,8 @@ static enum resp_states read_reply(struct rxe_qp *qp,
}
err = rxe_xmit_packet(qp, &ack_pkt, skb);
- if (err) {
- pr_err("Failed sending RDMA reply.\n");
+ if (err)
return RESPST_ERR_RNR;
- }
res->read.va += payload;
res->read.resid -= payload;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 797/862] usb: host: xhci-plat: suspend and resume clocks
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (795 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 796/862] RDMA/rxe: Delete error messages triggered by incoming Read requests Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 798/862] usb: host: xhci-plat: suspend/resume clks for brcm Greg Kroah-Hartman
` (79 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Justin Chen, Sasha Levin
From: Justin Chen <justinpopo6@gmail.com>
[ Upstream commit 8bd954c56197caf5e3a804d989094bc3fe6329aa ]
Introduce XHCI_SUSPEND_RESUME_CLKS quirk as a means to suspend and resume
clocks if the hardware is capable of doing so. We assume that clocks will
be needed if the device may wake.
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Justin Chen <justinpopo6@gmail.com>
Link: https://lore.kernel.org/r/1660170455-15781-2-git-send-email-justinpopo6@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-plat.c | 16 +++++++++++++++-
drivers/usb/host/xhci.h | 1 +
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
index a8641b6536ee..ef10982ad482 100644
--- a/drivers/usb/host/xhci-plat.c
+++ b/drivers/usb/host/xhci-plat.c
@@ -437,7 +437,16 @@ static int __maybe_unused xhci_plat_suspend(struct device *dev)
* xhci_suspend() needs `do_wakeup` to know whether host is allowed
* to do wakeup during suspend.
*/
- return xhci_suspend(xhci, device_may_wakeup(dev));
+ ret = xhci_suspend(xhci, device_may_wakeup(dev));
+ if (ret)
+ return ret;
+
+ if (!device_may_wakeup(dev) && (xhci->quirks & XHCI_SUSPEND_RESUME_CLKS)) {
+ clk_disable_unprepare(xhci->clk);
+ clk_disable_unprepare(xhci->reg_clk);
+ }
+
+ return 0;
}
static int __maybe_unused xhci_plat_resume(struct device *dev)
@@ -446,6 +455,11 @@ static int __maybe_unused xhci_plat_resume(struct device *dev)
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
int ret;
+ if (!device_may_wakeup(dev) && (xhci->quirks & XHCI_SUSPEND_RESUME_CLKS)) {
+ clk_prepare_enable(xhci->clk);
+ clk_prepare_enable(xhci->reg_clk);
+ }
+
ret = xhci_priv_resume_quirk(hcd);
if (ret)
return ret;
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index 7caa0db5e826..6dfbf73ee840 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1899,6 +1899,7 @@ struct xhci_hcd {
#define XHCI_NO_SOFT_RETRY BIT_ULL(40)
#define XHCI_BROKEN_D3COLD BIT_ULL(41)
#define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42)
+#define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43)
unsigned int num_active_eps;
unsigned int limit_active_eps;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 798/862] usb: host: xhci-plat: suspend/resume clks for brcm
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (796 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 797/862] usb: host: xhci-plat: suspend and resume clocks Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 799/862] scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID Greg Kroah-Hartman
` (78 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Justin Chen, Sasha Levin
From: Justin Chen <justinpopo6@gmail.com>
[ Upstream commit c69400b09e471a3f1167adead55a808f0da6534a ]
The xhci_plat_brcm xhci block can enter suspend with clock disabled to save
power and re-enable them on resume. Make use of the XHCI_SUSPEND_RESUME_CLKS
quirk to do so.
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Justin Chen <justinpopo6@gmail.com>
Link: https://lore.kernel.org/r/1660170455-15781-3-git-send-email-justinpopo6@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-plat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
index ef10982ad482..5fb55bf19493 100644
--- a/drivers/usb/host/xhci-plat.c
+++ b/drivers/usb/host/xhci-plat.c
@@ -123,7 +123,7 @@ static const struct xhci_plat_priv xhci_plat_renesas_rcar_gen3 = {
};
static const struct xhci_plat_priv xhci_plat_brcm = {
- .quirks = XHCI_RESET_ON_RESUME,
+ .quirks = XHCI_RESET_ON_RESUME | XHCI_SUSPEND_RESUME_CLKS,
};
static const struct of_device_id usb_xhci_of_match[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 799/862] scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (797 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 798/862] usb: host: xhci-plat: suspend/resume clks for brcm Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 800/862] dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow Greg Kroah-Hartman
` (77 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 59b7e210a522b836a01516c71ee85d1d92c1f075 ]
An error case exit from lpfc_cmpl_ct_cmd_gft_id() results in a call to
lpfc_nlp_put() with a null pointer to a nodelist structure.
Changed lpfc_cmpl_ct_cmd_gft_id() to initialize nodelist pointer upon
entry.
Link: https://lore.kernel.org/r/20220819011736.14141-3-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_ct.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c
index 13dfe285493d..b555ccb5ae34 100644
--- a/drivers/scsi/lpfc/lpfc_ct.c
+++ b/drivers/scsi/lpfc/lpfc_ct.c
@@ -1509,7 +1509,7 @@ lpfc_cmpl_ct_cmd_gft_id(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
struct lpfc_sli_ct_request *CTrsp;
int did;
struct lpfc_nodelist *ndlp = NULL;
- struct lpfc_nodelist *ns_ndlp = NULL;
+ struct lpfc_nodelist *ns_ndlp = cmdiocb->ndlp;
uint32_t fc4_data_0, fc4_data_1;
u32 ulp_status = get_job_ulpstatus(phba, rspiocb);
u32 ulp_word4 = get_job_word4(phba, rspiocb);
@@ -1522,15 +1522,12 @@ lpfc_cmpl_ct_cmd_gft_id(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
ulp_status, ulp_word4, did);
/* Ignore response if link flipped after this request was made */
- if ((uint32_t) cmdiocb->event_tag != phba->fc_eventTag) {
+ if ((uint32_t)cmdiocb->event_tag != phba->fc_eventTag) {
lpfc_printf_vlog(vport, KERN_INFO, LOG_DISCOVERY,
"9046 Event tag mismatch. Ignoring NS rsp\n");
goto out;
}
- /* Preserve the nameserver node to release the reference. */
- ns_ndlp = cmdiocb->ndlp;
-
if (ulp_status == IOSTAT_SUCCESS) {
/* Good status, continue checking */
CTrsp = (struct lpfc_sli_ct_request *)outp->virt;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 800/862] dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (798 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 799/862] scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 801/862] scsi: 3w-9xxx: Avoid disabling device if failing to enable it Greg Kroah-Hartman
` (76 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vaishnav Achath, Peter Ujfalusi,
Vinod Koul, Sasha Levin
From: Vaishnav Achath <vaishnav.a@ti.com>
[ Upstream commit 7c94dcfa8fcff2dba53915f1dabfee49a3df8b88 ]
UDMA_CHAN_RT_*BCNT_REG stores the real-time channel bytecount statistics.
These registers are 32-bit hardware counters and the driver uses these
counters to monitor the operational progress status for a channel, when
transferring more than 4GB of data it was observed that these counters
overflow and completion calculation of a operation gets affected and the
transfer hangs indefinitely.
This commit adds changes to decrease the byte count for every complete
transaction so that these registers never overflow and the proper byte
count statistics is maintained for ongoing transaction by the RT counters.
Earlier uc->bcnt used to maintain a count of the completed bytes at driver
side, since the RT counters maintain the statistics of current transaction
now, the maintenance of uc->bcnt is not necessary.
Signed-off-by: Vaishnav Achath <vaishnav.a@ti.com>
Acked-by: Peter Ujfalusi <peter.ujfalusi@gmail.com>
Link: https://lore.kernel.org/r/20220802054835.19482-1-vaishnav.a@ti.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/ti/k3-udma.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/drivers/dma/ti/k3-udma.c b/drivers/dma/ti/k3-udma.c
index 2f0d2c68c93c..fcfcde947b30 100644
--- a/drivers/dma/ti/k3-udma.c
+++ b/drivers/dma/ti/k3-udma.c
@@ -300,8 +300,6 @@ struct udma_chan {
struct udma_tx_drain tx_drain;
- u32 bcnt; /* number of bytes completed since the start of the channel */
-
/* Channel configuration parameters */
struct udma_chan_config config;
@@ -757,6 +755,20 @@ static void udma_reset_rings(struct udma_chan *uc)
}
}
+static void udma_decrement_byte_counters(struct udma_chan *uc, u32 val)
+{
+ if (uc->desc->dir == DMA_DEV_TO_MEM) {
+ udma_rchanrt_write(uc, UDMA_CHAN_RT_BCNT_REG, val);
+ udma_rchanrt_write(uc, UDMA_CHAN_RT_SBCNT_REG, val);
+ udma_rchanrt_write(uc, UDMA_CHAN_RT_PEER_BCNT_REG, val);
+ } else {
+ udma_tchanrt_write(uc, UDMA_CHAN_RT_BCNT_REG, val);
+ udma_tchanrt_write(uc, UDMA_CHAN_RT_SBCNT_REG, val);
+ if (!uc->bchan)
+ udma_tchanrt_write(uc, UDMA_CHAN_RT_PEER_BCNT_REG, val);
+ }
+}
+
static void udma_reset_counters(struct udma_chan *uc)
{
u32 val;
@@ -790,8 +802,6 @@ static void udma_reset_counters(struct udma_chan *uc)
val = udma_rchanrt_read(uc, UDMA_CHAN_RT_PEER_BCNT_REG);
udma_rchanrt_write(uc, UDMA_CHAN_RT_PEER_BCNT_REG, val);
}
-
- uc->bcnt = 0;
}
static int udma_reset_chan(struct udma_chan *uc, bool hard)
@@ -1115,7 +1125,7 @@ static void udma_check_tx_completion(struct work_struct *work)
if (uc->desc) {
struct udma_desc *d = uc->desc;
- uc->bcnt += d->residue;
+ udma_decrement_byte_counters(uc, d->residue);
udma_start(uc);
vchan_cookie_complete(&d->vd);
break;
@@ -1168,7 +1178,7 @@ static irqreturn_t udma_ring_irq_handler(int irq, void *data)
vchan_cyclic_callback(&d->vd);
} else {
if (udma_is_desc_really_done(uc, d)) {
- uc->bcnt += d->residue;
+ udma_decrement_byte_counters(uc, d->residue);
udma_start(uc);
vchan_cookie_complete(&d->vd);
} else {
@@ -1204,7 +1214,7 @@ static irqreturn_t udma_udma_irq_handler(int irq, void *data)
vchan_cyclic_callback(&d->vd);
} else {
/* TODO: figure out the real amount of data */
- uc->bcnt += d->residue;
+ udma_decrement_byte_counters(uc, d->residue);
udma_start(uc);
vchan_cookie_complete(&d->vd);
}
@@ -3809,7 +3819,6 @@ static enum dma_status udma_tx_status(struct dma_chan *chan,
bcnt = udma_tchanrt_read(uc, UDMA_CHAN_RT_BCNT_REG);
}
- bcnt -= uc->bcnt;
if (bcnt && !(bcnt % uc->desc->residue))
residue = 0;
else
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 801/862] scsi: 3w-9xxx: Avoid disabling device if failing to enable it
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (799 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 800/862] dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 802/862] nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Greg Kroah-Hartman
` (75 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Letu Ren,
Martin K. Petersen, Sasha Levin
From: Letu Ren <fantasquex@gmail.com>
[ Upstream commit 7eff437b5ee1309b34667844361c6bbb5c97df05 ]
The original code will "goto out_disable_device" and call
pci_disable_device() if pci_enable_device() fails. The kernel will generate
a warning message like "3w-9xxx 0000:00:05.0: disabling already-disabled
device".
We shouldn't disable a device that failed to be enabled. A simple return is
fine.
Link: https://lore.kernel.org/r/20220829110115.38789-1-fantasquex@gmail.com
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Letu Ren <fantasquex@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/3w-9xxx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
index cd823ff5deab..6cb9cca9565b 100644
--- a/drivers/scsi/3w-9xxx.c
+++ b/drivers/scsi/3w-9xxx.c
@@ -2006,7 +2006,7 @@ static int twa_probe(struct pci_dev *pdev, const struct pci_device_id *dev_id)
retval = pci_enable_device(pdev);
if (retval) {
TW_PRINTK(host, TW_DRIVER, 0x34, "Failed to enable pci device");
- goto out_disable_device;
+ return -ENODEV;
}
pci_set_master(pdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 802/862] nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (800 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 801/862] scsi: 3w-9xxx: Avoid disabling device if failing to enable it Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 803/862] iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity Greg Kroah-Hartman
` (74 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+38e6c55d4969a14c1534,
Shigeru Yoshida, Josef Bacik, Jens Axboe, Sasha Levin
From: Shigeru Yoshida <syoshida@redhat.com>
[ Upstream commit 1de7c3cf48fc41cd95adb12bd1ea9033a917798a ]
syzbot reported hung task [1]. The following program is a simplified
version of the reproducer:
int main(void)
{
int sv[2], fd;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0)
return 1;
if ((fd = open("/dev/nbd0", 0)) < 0)
return 1;
if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0)
return 1;
if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0)
return 1;
if (ioctl(fd, NBD_DO_IT) < 0)
return 1;
return 0;
}
When signal interrupt nbd_start_device_ioctl() waiting the condition
atomic_read(&config->recv_threads) == 0, the task can hung because it
waits the completion of the inflight IOs.
This patch fixes the issue by clearing queue, not just shutdown, when
signal interrupt nbd_start_device_ioctl().
Link: https://syzkaller.appspot.com/bug?id=7d89a3ffacd2b83fdd39549bc4d8e0a89ef21239 [1]
Reported-by: syzbot+38e6c55d4969a14c1534@syzkaller.appspotmail.com
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220907163502.577561-1-syoshida@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 2a709daefbc4..2a2a1d996a57 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1413,10 +1413,12 @@ static int nbd_start_device_ioctl(struct nbd_device *nbd)
mutex_unlock(&nbd->config_lock);
ret = wait_event_interruptible(config->recv_wq,
atomic_read(&config->recv_threads) == 0);
- if (ret)
+ if (ret) {
sock_shutdown(nbd);
- flush_workqueue(nbd->recv_workq);
+ nbd_clear_que(nbd);
+ }
+ flush_workqueue(nbd->recv_workq);
mutex_lock(&nbd->config_lock);
nbd_bdev_reset(nbd);
/* user requested, ignore socket errors */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 803/862] iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (801 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 802/862] nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 804/862] usb: gadget: uvc: increase worker prio to WQ_HIGHPRI Greg Kroah-Hartman
` (73 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Yicong Yang, John Garry,
Mathieu Poirier, Sasha Levin
From: Yicong Yang <yangyicong@hisilicon.com>
[ Upstream commit 24b6c7798a0122012ca848ea0d25e973334266b0 ]
The DMA operations of HiSilicon PTT device can only work properly with
identical mappings. So add a quirk for the device to force the domain
as passthrough.
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Reviewed-by: John Garry <john.garry@huawei.com>
Link: https://lore.kernel.org/r/20220816114414.4092-2-yangyicong@huawei.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
index d32b02336411..71f7edded9cf 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
@@ -2817,6 +2817,26 @@ static int arm_smmu_dev_disable_feature(struct device *dev,
}
}
+/*
+ * HiSilicon PCIe tune and trace device can be used to trace TLP headers on the
+ * PCIe link and save the data to memory by DMA. The hardware is restricted to
+ * use identity mapping only.
+ */
+#define IS_HISI_PTT_DEVICE(pdev) ((pdev)->vendor == PCI_VENDOR_ID_HUAWEI && \
+ (pdev)->device == 0xa12e)
+
+static int arm_smmu_def_domain_type(struct device *dev)
+{
+ if (dev_is_pci(dev)) {
+ struct pci_dev *pdev = to_pci_dev(dev);
+
+ if (IS_HISI_PTT_DEVICE(pdev))
+ return IOMMU_DOMAIN_IDENTITY;
+ }
+
+ return 0;
+}
+
static struct iommu_ops arm_smmu_ops = {
.capable = arm_smmu_capable,
.domain_alloc = arm_smmu_domain_alloc,
@@ -2831,6 +2851,7 @@ static struct iommu_ops arm_smmu_ops = {
.sva_unbind = arm_smmu_sva_unbind,
.sva_get_pasid = arm_smmu_sva_get_pasid,
.page_response = arm_smmu_page_response,
+ .def_domain_type = arm_smmu_def_domain_type,
.pgsize_bitmap = -1UL, /* Restricted during device attach */
.owner = THIS_MODULE,
.default_domain_ops = &(const struct iommu_domain_ops) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 804/862] usb: gadget: uvc: increase worker prio to WQ_HIGHPRI
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (802 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 803/862] iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 805/862] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Greg Kroah-Hartman
` (72 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Grzeschik, Sasha Levin
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit 9b91a65230784a9ef644b8bdbb82a79ba4ae9456 ]
This patch is changing the simple workqueue in the gadget driver to be
allocated as async_wq with a higher priority. The pump worker, that is
filling the usb requests, will have a higher priority and will not be
scheduled away so often while the video stream is handled. This will
lead to fewer streaming underruns.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220907215818.2670097-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_uvc.c | 4 ++++
drivers/usb/gadget/function/uvc.h | 1 +
drivers/usb/gadget/function/uvc_v4l2.c | 2 +-
drivers/usb/gadget/function/uvc_video.c | 9 +++++++--
4 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/gadget/function/f_uvc.c b/drivers/usb/gadget/function/f_uvc.c
index 86bb0098fb66..7ec223849d94 100644
--- a/drivers/usb/gadget/function/f_uvc.c
+++ b/drivers/usb/gadget/function/f_uvc.c
@@ -897,10 +897,14 @@ static void uvc_function_unbind(struct usb_configuration *c,
{
struct usb_composite_dev *cdev = c->cdev;
struct uvc_device *uvc = to_uvc(f);
+ struct uvc_video *video = &uvc->video;
long wait_ret = 1;
uvcg_info(f, "%s()\n", __func__);
+ if (video->async_wq)
+ destroy_workqueue(video->async_wq);
+
/*
* If we know we're connected via v4l2, then there should be a cleanup
* of the device from userspace either via UVC_EVENT_DISCONNECT or
diff --git a/drivers/usb/gadget/function/uvc.h b/drivers/usb/gadget/function/uvc.h
index 58e383afdd44..1a31e6c6a5ff 100644
--- a/drivers/usb/gadget/function/uvc.h
+++ b/drivers/usb/gadget/function/uvc.h
@@ -88,6 +88,7 @@ struct uvc_video {
struct usb_ep *ep;
struct work_struct pump;
+ struct workqueue_struct *async_wq;
/* Frame parameters */
u8 bpp;
diff --git a/drivers/usb/gadget/function/uvc_v4l2.c b/drivers/usb/gadget/function/uvc_v4l2.c
index fd8f73bb726d..fddc392b8ab9 100644
--- a/drivers/usb/gadget/function/uvc_v4l2.c
+++ b/drivers/usb/gadget/function/uvc_v4l2.c
@@ -170,7 +170,7 @@ uvc_v4l2_qbuf(struct file *file, void *fh, struct v4l2_buffer *b)
return ret;
if (uvc->state == UVC_STATE_STREAMING)
- schedule_work(&video->pump);
+ queue_work(video->async_wq, &video->pump);
return ret;
}
diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c
index c00ce0e91f5d..bb037fcc90e6 100644
--- a/drivers/usb/gadget/function/uvc_video.c
+++ b/drivers/usb/gadget/function/uvc_video.c
@@ -277,7 +277,7 @@ uvc_video_complete(struct usb_ep *ep, struct usb_request *req)
spin_unlock_irqrestore(&video->req_lock, flags);
if (uvc->state == UVC_STATE_STREAMING)
- schedule_work(&video->pump);
+ queue_work(video->async_wq, &video->pump);
}
static int
@@ -485,7 +485,7 @@ int uvcg_video_enable(struct uvc_video *video, int enable)
video->req_int_count = 0;
- schedule_work(&video->pump);
+ queue_work(video->async_wq, &video->pump);
return ret;
}
@@ -499,6 +499,11 @@ int uvcg_video_init(struct uvc_video *video, struct uvc_device *uvc)
spin_lock_init(&video->req_lock);
INIT_WORK(&video->pump, uvcg_video_pump);
+ /* Allocate a work queue for asynchronous video pump handler. */
+ video->async_wq = alloc_workqueue("uvcgadget", WQ_UNBOUND | WQ_HIGHPRI, 0);
+ if (!video->async_wq)
+ return -EINVAL;
+
video->uvc = uvc;
video->fcc = V4L2_PIX_FMT_YUYV;
video->bpp = 16;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 805/862] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (803 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 804/862] usb: gadget: uvc: increase worker prio to WQ_HIGHPRI Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 806/862] staging: vt6655: fix potential memory leak Greg Kroah-Hartman
` (71 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Michael Hennerich,
Sebastian Reichel, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 9d47e01b9d807808224347935562f7043a358054 ]
ADP5061_CHG_STATUS_1_CHG_STATUS is masked with 0x07, which means a length
of 8, but adp5061_chg_type array size is 4, may end up reading 4 elements
beyond the end of the adp5061_chg_type[] array.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/adp5061.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/power/supply/adp5061.c b/drivers/power/supply/adp5061.c
index 003557043ab3..daee1161c305 100644
--- a/drivers/power/supply/adp5061.c
+++ b/drivers/power/supply/adp5061.c
@@ -427,11 +427,11 @@ static int adp5061_get_chg_type(struct adp5061_state *st,
if (ret < 0)
return ret;
- chg_type = adp5061_chg_type[ADP5061_CHG_STATUS_1_CHG_STATUS(status1)];
- if (chg_type > ADP5061_CHG_FAST_CV)
+ chg_type = ADP5061_CHG_STATUS_1_CHG_STATUS(status1);
+ if (chg_type >= ARRAY_SIZE(adp5061_chg_type))
val->intval = POWER_SUPPLY_STATUS_UNKNOWN;
else
- val->intval = chg_type;
+ val->intval = adp5061_chg_type[chg_type];
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 806/862] staging: vt6655: fix potential memory leak
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (804 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 805/862] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 807/862] blk-throttle: prevent overflow while calculating wait time Greg Kroah-Hartman
` (70 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Hortmann, Nam Cao, Sasha Levin
From: Nam Cao <namcaov@gmail.com>
[ Upstream commit c8ff91535880d41b49699b3829fb6151942de29e ]
In function device_init_td0_ring, memory is allocated for member
td_info of priv->apTD0Rings[i], with i increasing from 0. In case of
allocation failure, the memory is freed in reversed order, with i
decreasing to 0. However, the case i=0 is left out and thus memory is
leaked.
Modify the memory freeing loop to include the case i=0.
Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com>
Signed-off-by: Nam Cao <namcaov@gmail.com>
Link: https://lore.kernel.org/r/20220909141338.19343-1-namcaov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/vt6655/device_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
index d76f65756db8..ec7c991e745b 100644
--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -694,7 +694,7 @@ static int device_init_td0_ring(struct vnt_private *priv)
return 0;
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->apTD0Rings[i];
kfree(desc->td_info);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 807/862] blk-throttle: prevent overflow while calculating wait time
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (805 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 806/862] staging: vt6655: fix potential memory leak Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 808/862] ata: libahci_platform: Sanity check the DT child nodes number Greg Kroah-Hartman
` (69 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Kuai, Tejun Heo, Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 8d6bbaada2e0a65f9012ac4c2506460160e7237a ]
There is a problem found by code review in tg_with_in_bps_limit() that
'bps_limit * jiffy_elapsed_rnd' might overflow. Fix the problem by
calling mul_u64_u64_div_u64() instead.
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Acked-by: Tejun Heo <tj@kernel.org>
Link: https://lore.kernel.org/r/20220829022240.3348319-3-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-throttle.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/block/blk-throttle.c b/block/blk-throttle.c
index 3c02a9b3275a..35cf744ea9d1 100644
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -806,7 +806,7 @@ static bool tg_with_in_bps_limit(struct throtl_grp *tg, struct bio *bio,
u64 bps_limit, unsigned long *wait)
{
bool rw = bio_data_dir(bio);
- u64 bytes_allowed, extra_bytes, tmp;
+ u64 bytes_allowed, extra_bytes;
unsigned long jiffy_elapsed, jiffy_wait, jiffy_elapsed_rnd;
unsigned int bio_size = throtl_bio_data_size(bio);
@@ -824,10 +824,8 @@ static bool tg_with_in_bps_limit(struct throtl_grp *tg, struct bio *bio,
jiffy_elapsed_rnd = tg->td->throtl_slice;
jiffy_elapsed_rnd = roundup(jiffy_elapsed_rnd, tg->td->throtl_slice);
-
- tmp = bps_limit * jiffy_elapsed_rnd;
- do_div(tmp, HZ);
- bytes_allowed = tmp;
+ bytes_allowed = mul_u64_u64_div_u64(bps_limit, (u64)jiffy_elapsed_rnd,
+ (u64)HZ);
if (tg->bytes_disp[rw] + bio_size <= bytes_allowed) {
if (wait)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 808/862] ata: libahci_platform: Sanity check the DT child nodes number
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (806 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 807/862] blk-throttle: prevent overflow while calculating wait time Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 809/862] bcache: fix set_at_max_writeback_rate() for multiple attached devices Greg Kroah-Hartman
` (68 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Hannes Reinecke,
Damien Le Moal, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 3c132ea6508b34956e5ed88d04936983ec230601 ]
Having greater than AHCI_MAX_PORTS (32) ports detected isn't that critical
from the further AHCI-platform initialization point of view since
exceeding the ports upper limit will cause allocating more resources than
will be used afterwards. But detecting too many child DT-nodes doesn't
seem right since it's very unlikely to have it on an ordinary platform. In
accordance with the AHCI specification there can't be more than 32 ports
implemented at least due to having the CAP.NP field of 5 bits wide and the
PI register of dword size. Thus if such situation is found the DTB must
have been corrupted and the data read from it shouldn't be reliable. Let's
consider that as an erroneous situation and halt further resources
allocation.
Note it's logically more correct to have the nports set only after the
initialization value is checked for being sane. So while at it let's make
sure nports is assigned with a correct value.
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libahci_platform.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/ata/libahci_platform.c b/drivers/ata/libahci_platform.c
index 32495ae96567..986f1923a76d 100644
--- a/drivers/ata/libahci_platform.c
+++ b/drivers/ata/libahci_platform.c
@@ -451,14 +451,24 @@ struct ahci_host_priv *ahci_platform_get_resources(struct platform_device *pdev,
}
}
- hpriv->nports = child_nodes = of_get_child_count(dev->of_node);
+ /*
+ * Too many sub-nodes most likely means having something wrong with
+ * the firmware.
+ */
+ child_nodes = of_get_child_count(dev->of_node);
+ if (child_nodes > AHCI_MAX_PORTS) {
+ rc = -EINVAL;
+ goto err_out;
+ }
/*
* If no sub-node was found, we still need to set nports to
* one in order to be able to use the
* ahci_platform_[en|dis]able_[phys|regulators] functions.
*/
- if (!child_nodes)
+ if (child_nodes)
+ hpriv->nports = child_nodes;
+ else
hpriv->nports = 1;
hpriv->phys = devm_kcalloc(dev, hpriv->nports, sizeof(*hpriv->phys), GFP_KERNEL);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 809/862] bcache: fix set_at_max_writeback_rate() for multiple attached devices
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (807 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 808/862] ata: libahci_platform: Sanity check the DT child nodes number Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 810/862] soundwire: cadence: Dont overwrite msg->buf during write commands Greg Kroah-Hartman
` (67 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mingzhe Zou, Coly Li, Jens Axboe,
Sasha Levin
From: Coly Li <colyli@suse.de>
[ Upstream commit d2d05b88035d2d51a5bb6c5afec88a0880c73df4 ]
Inside set_at_max_writeback_rate() the calculation in following if()
check is wrong,
if (atomic_inc_return(&c->idle_counter) <
atomic_read(&c->attached_dev_nr) * 6)
Because each attached backing device has its own writeback thread
running and increasing c->idle_counter, the counter increates much
faster than expected. The correct calculation should be,
(counter / dev_nr) < dev_nr * 6
which equals to,
counter < dev_nr * dev_nr * 6
This patch fixes the above mistake with correct calculation, and helper
routine idle_counter_exceeded() is added to make code be more clear.
Reported-by: Mingzhe Zou <mingzhe.zou@easystack.cn>
Signed-off-by: Coly Li <colyli@suse.de>
Acked-by: Mingzhe Zou <mingzhe.zou@easystack.cn>
Link: https://lore.kernel.org/r/20220919161647.81238-6-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/writeback.c | 73 +++++++++++++++++++++++++----------
1 file changed, 52 insertions(+), 21 deletions(-)
diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
index 3f0ff3aab6f2..9c227e4a8465 100644
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -157,6 +157,53 @@ static void __update_writeback_rate(struct cached_dev *dc)
dc->writeback_rate_target = target;
}
+static bool idle_counter_exceeded(struct cache_set *c)
+{
+ int counter, dev_nr;
+
+ /*
+ * If c->idle_counter is overflow (idel for really long time),
+ * reset as 0 and not set maximum rate this time for code
+ * simplicity.
+ */
+ counter = atomic_inc_return(&c->idle_counter);
+ if (counter <= 0) {
+ atomic_set(&c->idle_counter, 0);
+ return false;
+ }
+
+ dev_nr = atomic_read(&c->attached_dev_nr);
+ if (dev_nr == 0)
+ return false;
+
+ /*
+ * c->idle_counter is increased by writeback thread of all
+ * attached backing devices, in order to represent a rough
+ * time period, counter should be divided by dev_nr.
+ * Otherwise the idle time cannot be larger with more backing
+ * device attached.
+ * The following calculation equals to checking
+ * (counter / dev_nr) < (dev_nr * 6)
+ */
+ if (counter < (dev_nr * dev_nr * 6))
+ return false;
+
+ return true;
+}
+
+/*
+ * Idle_counter is increased every time when update_writeback_rate() is
+ * called. If all backing devices attached to the same cache set have
+ * identical dc->writeback_rate_update_seconds values, it is about 6
+ * rounds of update_writeback_rate() on each backing device before
+ * c->at_max_writeback_rate is set to 1, and then max wrteback rate set
+ * to each dc->writeback_rate.rate.
+ * In order to avoid extra locking cost for counting exact dirty cached
+ * devices number, c->attached_dev_nr is used to calculate the idle
+ * throushold. It might be bigger if not all cached device are in write-
+ * back mode, but it still works well with limited extra rounds of
+ * update_writeback_rate().
+ */
static bool set_at_max_writeback_rate(struct cache_set *c,
struct cached_dev *dc)
{
@@ -167,21 +214,8 @@ static bool set_at_max_writeback_rate(struct cache_set *c,
/* Don't set max writeback rate if gc is running */
if (!c->gc_mark_valid)
return false;
- /*
- * Idle_counter is increased everytime when update_writeback_rate() is
- * called. If all backing devices attached to the same cache set have
- * identical dc->writeback_rate_update_seconds values, it is about 6
- * rounds of update_writeback_rate() on each backing device before
- * c->at_max_writeback_rate is set to 1, and then max wrteback rate set
- * to each dc->writeback_rate.rate.
- * In order to avoid extra locking cost for counting exact dirty cached
- * devices number, c->attached_dev_nr is used to calculate the idle
- * throushold. It might be bigger if not all cached device are in write-
- * back mode, but it still works well with limited extra rounds of
- * update_writeback_rate().
- */
- if (atomic_inc_return(&c->idle_counter) <
- atomic_read(&c->attached_dev_nr) * 6)
+
+ if (!idle_counter_exceeded(c))
return false;
if (atomic_read(&c->at_max_writeback_rate) != 1)
@@ -195,13 +229,10 @@ static bool set_at_max_writeback_rate(struct cache_set *c,
dc->writeback_rate_change = 0;
/*
- * Check c->idle_counter and c->at_max_writeback_rate agagain in case
- * new I/O arrives during before set_at_max_writeback_rate() returns.
- * Then the writeback rate is set to 1, and its new value should be
- * decided via __update_writeback_rate().
+ * In case new I/O arrives during before
+ * set_at_max_writeback_rate() returns.
*/
- if ((atomic_read(&c->idle_counter) <
- atomic_read(&c->attached_dev_nr) * 6) ||
+ if (!idle_counter_exceeded(c) ||
!atomic_read(&c->at_max_writeback_rate))
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 810/862] soundwire: cadence: Dont overwrite msg->buf during write commands
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (808 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 809/862] bcache: fix set_at_max_writeback_rate() for multiple attached devices Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 811/862] soundwire: intel: fix error handling on dai registration issues Greg Kroah-Hartman
` (66 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Fitzgerald,
Pierre-Louis Bossart, Vinod Koul, Sasha Levin
From: Richard Fitzgerald <rf@opensource.cirrus.com>
[ Upstream commit ba05b39d265bdd16913f7684600d9d41e2796745 ]
The buf passed in struct sdw_msg must only be written for a READ,
in that case the RDATA part of the response is the data value of the
register.
For a write command there is no RDATA, and buf should be assumed to
be const and unmodifable. The original caller should not expect its data
buffer to be corrupted by an sdw_nwrite().
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220916103505.1562210-1-rf@opensource.cirrus.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/cadence_master.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/soundwire/cadence_master.c b/drivers/soundwire/cadence_master.c
index 4fbb19557f5e..42c5fae80efb 100644
--- a/drivers/soundwire/cadence_master.c
+++ b/drivers/soundwire/cadence_master.c
@@ -544,9 +544,12 @@ cdns_fill_msg_resp(struct sdw_cdns *cdns,
return SDW_CMD_IGNORED;
}
- /* fill response */
- for (i = 0; i < count; i++)
- msg->buf[i + offset] = FIELD_GET(CDNS_MCP_RESP_RDATA, cdns->response_buf[i]);
+ if (msg->flags == SDW_MSG_FLAG_READ) {
+ /* fill response */
+ for (i = 0; i < count; i++)
+ msg->buf[i + offset] = FIELD_GET(CDNS_MCP_RESP_RDATA,
+ cdns->response_buf[i]);
+ }
return SDW_CMD_OK;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 811/862] soundwire: intel: fix error handling on dai registration issues
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (809 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 810/862] soundwire: cadence: Dont overwrite msg->buf during write commands Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 812/862] hid: topre: Add driver fixing report descriptor Greg Kroah-Hartman
` (65 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart, Rander Wang,
Bard Liao, Vinod Koul, Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit c6867cda906aadbce5e71efde9c78a26108b2bad ]
The call to intel_register_dai() may fail because of memory allocation
issues or problems reported by the ASoC core. In all cases, when a
error is thrown the component is not registered, it's invalid to
unregister it.
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Rander Wang <rander.wang@intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20220919175721.354679-2-yung-chuan.liao@linux.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/intel.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/soundwire/intel.c b/drivers/soundwire/intel.c
index 89d1d0d021fc..af6c1a93372d 100644
--- a/drivers/soundwire/intel.c
+++ b/drivers/soundwire/intel.c
@@ -1429,7 +1429,6 @@ int intel_link_startup(struct auxiliary_device *auxdev)
ret = intel_register_dai(sdw);
if (ret) {
dev_err(dev, "DAI registration failed: %d\n", ret);
- snd_soc_unregister_component(dev);
goto err_interrupt;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 812/862] hid: topre: Add driver fixing report descriptor
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (810 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 811/862] soundwire: intel: fix error handling on dai registration issues Greg Kroah-Hartman
@ 2022-10-19 8:34 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 813/862] HID: roccat: Fix use-after-free in roccat_read() Greg Kroah-Hartman
` (64 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Harry Stern, Benjamin Tissoires, Sasha Levin
From: Harry Stern <harry@harrystern.net>
[ Upstream commit a109d5c45b3d6728b9430716b915afbe16eef27c ]
The Topre REALFORCE R2 firmware incorrectly reports that interface
descriptor number 1, input report descriptor 2's events are array events
rather than variable events. That particular report descriptor is used
to report keypresses when there are more than 6 keys held at a time.
This bug prevents events from this interface from being registered
properly, so only 6 keypresses (from a different interface) can be
registered at once, rather than full n-key rollover.
This commit fixes the bug by setting the correct value in a report_fixup
function.
The original bug report can be found here:
Link: https://gitlab.freedesktop.org/libinput/libinput/-/issues/804
Thanks to Benjamin Tissoires for diagnosing the issue with the report
descriptor.
Signed-off-by: Harry Stern <harry@harrystern.net>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20220911003614.297613-1-harry@harrystern.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/Kconfig | 6 +++++
drivers/hid/Makefile | 1 +
drivers/hid/hid-ids.h | 3 +++
drivers/hid/hid-topre.c | 49 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 59 insertions(+)
create mode 100644 drivers/hid/hid-topre.c
diff --git a/drivers/hid/Kconfig b/drivers/hid/Kconfig
index 6ce92830b5d1..c4308d4988dc 100644
--- a/drivers/hid/Kconfig
+++ b/drivers/hid/Kconfig
@@ -1141,6 +1141,12 @@ config HID_TOPSEED
Say Y if you have a TopSeed Cyberlink or BTC Emprex or Conceptronic
CLLRCMCE remote control.
+config HID_TOPRE
+ tristate "Topre REALFORCE keyboards"
+ depends on HID
+ help
+ Say Y for N-key rollover support on Topre REALFORCE R2 108 key keyboards.
+
config HID_THINGM
tristate "ThingM blink(1) USB RGB LED"
depends on HID
diff --git a/drivers/hid/Makefile b/drivers/hid/Makefile
index b0bef8098139..bccaec0d77d3 100644
--- a/drivers/hid/Makefile
+++ b/drivers/hid/Makefile
@@ -123,6 +123,7 @@ obj-$(CONFIG_HID_GREENASIA) += hid-gaff.o
obj-$(CONFIG_HID_THRUSTMASTER) += hid-tmff.o hid-thrustmaster.o
obj-$(CONFIG_HID_TIVO) += hid-tivo.o
obj-$(CONFIG_HID_TOPSEED) += hid-topseed.o
+obj-$(CONFIG_HID_TOPRE) += hid-topre.o
obj-$(CONFIG_HID_TWINHAN) += hid-twinhan.o
obj-$(CONFIG_HID_U2FZERO) += hid-u2fzero.o
hid-uclogic-objs := hid-uclogic-core.o \
diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
index f80d6193fca6..50bab12d9476 100644
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -1231,6 +1231,9 @@
#define USB_DEVICE_ID_TIVO_SLIDE 0x1201
#define USB_DEVICE_ID_TIVO_SLIDE_PRO 0x1203
+#define USB_VENDOR_ID_TOPRE 0x0853
+#define USB_DEVICE_ID_TOPRE_REALFORCE_R2_108 0x0148
+
#define USB_VENDOR_ID_TOPSEED 0x0766
#define USB_DEVICE_ID_TOPSEED_CYBERLINK 0x0204
diff --git a/drivers/hid/hid-topre.c b/drivers/hid/hid-topre.c
new file mode 100644
index 000000000000..88a91cdad5f8
--- /dev/null
+++ b/drivers/hid/hid-topre.c
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * HID driver for Topre REALFORCE Keyboards
+ *
+ * Copyright (c) 2022 Harry Stern <harry@harrystern.net>
+ *
+ * Based on the hid-macally driver
+ */
+
+#include <linux/hid.h>
+#include <linux/module.h>
+
+#include "hid-ids.h"
+
+MODULE_AUTHOR("Harry Stern <harry@harrystern.net>");
+MODULE_DESCRIPTION("REALFORCE R2 Keyboard driver");
+MODULE_LICENSE("GPL");
+
+/*
+ * Fix the REALFORCE R2's non-boot interface's report descriptor to match the
+ * events it's actually sending. It claims to send array events but is instead
+ * sending variable events.
+ */
+static __u8 *topre_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+{
+ if (*rsize >= 119 && rdesc[69] == 0x29 && rdesc[70] == 0xe7 &&
+ rdesc[71] == 0x81 && rdesc[72] == 0x00) {
+ hid_info(hdev,
+ "fixing up Topre REALFORCE keyboard report descriptor\n");
+ rdesc[72] = 0x02;
+ }
+ return rdesc;
+}
+
+static const struct hid_device_id topre_id_table[] = {
+ { HID_USB_DEVICE(USB_VENDOR_ID_TOPRE,
+ USB_DEVICE_ID_TOPRE_REALFORCE_R2_108) },
+ { }
+};
+MODULE_DEVICE_TABLE(hid, topre_id_table);
+
+static struct hid_driver topre_driver = {
+ .name = "topre",
+ .id_table = topre_id_table,
+ .report_fixup = topre_report_fixup,
+};
+
+module_hid_driver(topre_driver);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 813/862] HID: roccat: Fix use-after-free in roccat_read()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (811 preceding siblings ...)
2022-10-19 8:34 ` [PATCH 6.0 812/862] hid: topre: Add driver fixing report descriptor Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 814/862] HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() Greg Kroah-Hartman
` (63 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hyunwoo Kim, Jiri Kosina, Sasha Levin
From: Hyunwoo Kim <imv4bel@gmail.com>
[ Upstream commit cacdb14b1c8d3804a3a7d31773bc7569837b71a4 ]
roccat_report_event() is responsible for registering
roccat-related reports in struct roccat_device.
int roccat_report_event(int minor, u8 const *data)
{
struct roccat_device *device;
struct roccat_reader *reader;
struct roccat_report *report;
uint8_t *new_value;
device = devices[minor];
new_value = kmemdup(data, device->report_size, GFP_ATOMIC);
if (!new_value)
return -ENOMEM;
report = &device->cbuf[device->cbuf_end];
/* passing NULL is safe */
kfree(report->value);
...
The registered report is stored in the struct roccat_device member
"struct roccat_report cbuf[ROCCAT_CBUF_SIZE];".
If more reports are received than the "ROCCAT_CBUF_SIZE" value,
kfree() the saved report from cbuf[0] and allocates a new reprot.
Since there is no lock when this kfree() is performed,
kfree() can be performed even while reading the saved report.
static ssize_t roccat_read(struct file *file, char __user *buffer,
size_t count, loff_t *ppos)
{
struct roccat_reader *reader = file->private_data;
struct roccat_device *device = reader->device;
struct roccat_report *report;
ssize_t retval = 0, len;
DECLARE_WAITQUEUE(wait, current);
mutex_lock(&device->cbuf_lock);
...
report = &device->cbuf[reader->cbuf_start];
/*
* If report is larger than requested amount of data, rest of report
* is lost!
*/
len = device->report_size > count ? count : device->report_size;
if (copy_to_user(buffer, report->value, len)) {
retval = -EFAULT;
goto exit_unlock;
}
...
The roccat_read() function receives the device->cbuf report and
delivers it to the user through copy_to_user().
If the N+ROCCAT_CBUF_SIZE th report is received while copying of
the Nth report->value is in progress, the pointer that copy_to_user()
is working on is kfree()ed and UAF read may occur. (race condition)
Since the device node of this driver does not set separate permissions,
this is not a security vulnerability, but because it is used for
requesting screen display of profile or dpi settings,
a user using the roccat device can apply udev to this device node or
There is a possibility to use it by giving.
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-roccat.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/hid/hid-roccat.c b/drivers/hid/hid-roccat.c
index 26373b82fe81..6da80e442fdd 100644
--- a/drivers/hid/hid-roccat.c
+++ b/drivers/hid/hid-roccat.c
@@ -257,6 +257,8 @@ int roccat_report_event(int minor, u8 const *data)
if (!new_value)
return -ENOMEM;
+ mutex_lock(&device->cbuf_lock);
+
report = &device->cbuf[device->cbuf_end];
/* passing NULL is safe */
@@ -276,6 +278,8 @@ int roccat_report_event(int minor, u8 const *data)
reader->cbuf_start = (reader->cbuf_start + 1) % ROCCAT_CBUF_SIZE;
}
+ mutex_unlock(&device->cbuf_lock);
+
wake_up_interruptible(&device->wait);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 814/862] HSI: ssi_protocol: fix potential resource leak in ssip_pn_open()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (812 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 813/862] HID: roccat: Fix use-after-free in roccat_read() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 815/862] HID: nintendo: check analog user calibration for plausibility Greg Kroah-Hartman
` (62 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Sebastian Reichel, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit b28dbcb379e6a7f80262c2732a57681b1ee548ca ]
ssip_pn_open() claims the HSI client's port with hsi_claim_port(). When
hsi_register_port_event() gets some error and returns a negetive value,
the HSI client's port should be released with hsi_release_port().
Fix it by calling hsi_release_port() when hsi_register_port_event() fails.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/clients/ssi_protocol.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hsi/clients/ssi_protocol.c b/drivers/hsi/clients/ssi_protocol.c
index 21f11a5b965b..49ffd808d17f 100644
--- a/drivers/hsi/clients/ssi_protocol.c
+++ b/drivers/hsi/clients/ssi_protocol.c
@@ -931,6 +931,7 @@ static int ssip_pn_open(struct net_device *dev)
if (err < 0) {
dev_err(&cl->device, "Register HSI port event failed (%d)\n",
err);
+ hsi_release_port(cl);
return err;
}
dev_dbg(&cl->device, "Configuring SSI port\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 815/862] HID: nintendo: check analog user calibration for plausibility
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (813 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 814/862] HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 816/862] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Greg Kroah-Hartman
` (61 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johnothan King, Benjamin Tissoires,
Sasha Levin, Arne Wendt
From: Johnothan King <johnothanking@protonmail.com>
[ Upstream commit 50503e360eeb968a3d00234c9cc4057d774c3e9a ]
Arne Wendt writes:
Cheap clone controllers may (falsely) report as having a user
calibration for the analog sticks in place, but return
wrong/impossible values for the actual calibration data.
In the present case at mine, the controller reports having a
user calibration in place and successfully executes the read
commands. The reported user calibration however is
min = center = max = 0.
This pull request addresses problems of this kind by checking the
provided user calibration-data for plausibility (min < center < max)
and falling back to the default values if implausible.
I'll note that I was experiencing a crash because of this bug when using
the GuliKit KingKong 2 controller. The crash manifests as a divide by
zero error in the kernel logs:
kernel: divide error: 0000 [#1] PREEMPT SMP NOPTI
Link: https://github.com/nicman23/dkms-hid-nintendo/pull/25
Link: https://github.com/DanielOgorchock/linux/issues/36
Co-authored-by: Arne Wendt <arne.wendt@tuhh.de>
Signed-off-by: Johnothan King <johnothanking@protonmail.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/gvpL2G6VwXGJPvxX5KRiu9pVjvTivgayug_jdKDY6zfuAaAqncP9BkKLosjwUXNlgVVTMfJSKfwPF1K79cKAkwGComyC21vCV3q9B3EXNkE=@protonmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-nintendo.c | 55 +++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 25 deletions(-)
diff --git a/drivers/hid/hid-nintendo.c b/drivers/hid/hid-nintendo.c
index 6028af3c3aae..c3774a468b22 100644
--- a/drivers/hid/hid-nintendo.c
+++ b/drivers/hid/hid-nintendo.c
@@ -760,12 +760,31 @@ static int joycon_read_stick_calibration(struct joycon_ctlr *ctlr, u16 cal_addr,
cal_y->max = cal_y->center + y_max_above;
cal_y->min = cal_y->center - y_min_below;
- return 0;
+ /* check if calibration values are plausible */
+ if (cal_x->min >= cal_x->center || cal_x->center >= cal_x->max ||
+ cal_y->min >= cal_y->center || cal_y->center >= cal_y->max)
+ ret = -EINVAL;
+
+ return ret;
}
static const u16 DFLT_STICK_CAL_CEN = 2000;
static const u16 DFLT_STICK_CAL_MAX = 3500;
static const u16 DFLT_STICK_CAL_MIN = 500;
+static void joycon_use_default_calibration(struct hid_device *hdev,
+ struct joycon_stick_cal *cal_x,
+ struct joycon_stick_cal *cal_y,
+ const char *stick, int ret)
+{
+ hid_warn(hdev,
+ "Failed to read %s stick cal, using defaults; e=%d\n",
+ stick, ret);
+
+ cal_x->center = cal_y->center = DFLT_STICK_CAL_CEN;
+ cal_x->max = cal_y->max = DFLT_STICK_CAL_MAX;
+ cal_x->min = cal_y->min = DFLT_STICK_CAL_MIN;
+}
+
static int joycon_request_calibration(struct joycon_ctlr *ctlr)
{
u16 left_stick_addr = JC_CAL_FCT_DATA_LEFT_ADDR;
@@ -793,38 +812,24 @@ static int joycon_request_calibration(struct joycon_ctlr *ctlr)
&ctlr->left_stick_cal_x,
&ctlr->left_stick_cal_y,
true);
- if (ret) {
- hid_warn(ctlr->hdev,
- "Failed to read left stick cal, using dflts; e=%d\n",
- ret);
-
- ctlr->left_stick_cal_x.center = DFLT_STICK_CAL_CEN;
- ctlr->left_stick_cal_x.max = DFLT_STICK_CAL_MAX;
- ctlr->left_stick_cal_x.min = DFLT_STICK_CAL_MIN;
- ctlr->left_stick_cal_y.center = DFLT_STICK_CAL_CEN;
- ctlr->left_stick_cal_y.max = DFLT_STICK_CAL_MAX;
- ctlr->left_stick_cal_y.min = DFLT_STICK_CAL_MIN;
- }
+ if (ret)
+ joycon_use_default_calibration(ctlr->hdev,
+ &ctlr->left_stick_cal_x,
+ &ctlr->left_stick_cal_y,
+ "left", ret);
/* read the right stick calibration data */
ret = joycon_read_stick_calibration(ctlr, right_stick_addr,
&ctlr->right_stick_cal_x,
&ctlr->right_stick_cal_y,
false);
- if (ret) {
- hid_warn(ctlr->hdev,
- "Failed to read right stick cal, using dflts; e=%d\n",
- ret);
-
- ctlr->right_stick_cal_x.center = DFLT_STICK_CAL_CEN;
- ctlr->right_stick_cal_x.max = DFLT_STICK_CAL_MAX;
- ctlr->right_stick_cal_x.min = DFLT_STICK_CAL_MIN;
- ctlr->right_stick_cal_y.center = DFLT_STICK_CAL_CEN;
- ctlr->right_stick_cal_y.max = DFLT_STICK_CAL_MAX;
- ctlr->right_stick_cal_y.min = DFLT_STICK_CAL_MIN;
- }
+ if (ret)
+ joycon_use_default_calibration(ctlr->hdev,
+ &ctlr->right_stick_cal_x,
+ &ctlr->right_stick_cal_y,
+ "right", ret);
hid_dbg(ctlr->hdev, "calibration:\n"
"l_x_c=%d l_x_max=%d l_x_min=%d\n"
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 816/862] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (814 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 815/862] HID: nintendo: check analog user calibration for plausibility Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 817/862] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Greg Kroah-Hartman
` (60 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Logan Gunthorpe, Song Liu, Sasha Levin
From: Logan Gunthorpe <logang@deltatee.com>
[ Upstream commit 5e2cf333b7bd5d3e62595a44d598a254c697cd74 ]
A complicated deadlock exists when using the journal and an elevated
group_thrtead_cnt. It was found with loop devices, but its not clear
whether it can be seen with real disks. The deadlock can occur simply
by writing data with an fio script.
When the deadlock occurs, multiple threads will hang in different ways:
1) The group threads will hang in the blk-wbt code with bios waiting to
be submitted to the block layer:
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
__submit_bio+0xe6/0x100
submit_bio_noacct_nocheck+0x42e/0x470
submit_bio_noacct+0x4c2/0xbb0
ops_run_io+0x46b/0x1a30
handle_stripe+0xcd3/0x36b0
handle_active_stripes.constprop.0+0x6f6/0xa60
raid5_do_work+0x177/0x330
Or:
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
__submit_bio+0xe6/0x100
submit_bio_noacct_nocheck+0x42e/0x470
submit_bio_noacct+0x4c2/0xbb0
flush_deferred_bios+0x136/0x170
raid5_do_work+0x262/0x330
2) The r5l_reclaim thread will hang in the same way, submitting a
bio to the block layer:
io_schedule+0x70/0xb0
rq_qos_wait+0x153/0x210
wbt_wait+0x115/0x1b0
__rq_qos_throttle+0x38/0x60
blk_mq_submit_bio+0x589/0xcd0
__submit_bio+0xe6/0x100
submit_bio_noacct_nocheck+0x42e/0x470
submit_bio_noacct+0x4c2/0xbb0
submit_bio+0x3f/0xf0
md_super_write+0x12f/0x1b0
md_update_sb.part.0+0x7c6/0xff0
md_update_sb+0x30/0x60
r5l_do_reclaim+0x4f9/0x5e0
r5l_reclaim_thread+0x69/0x30b
However, before hanging, the MD_SB_CHANGE_PENDING flag will be
set for sb_flags in r5l_write_super_and_discard_space(). This
flag will never be cleared because the submit_bio() call never
returns.
3) Due to the MD_SB_CHANGE_PENDING flag being set, handle_stripe()
will do no processing on any pending stripes and re-set
STRIPE_HANDLE. This will cause the raid5d thread to enter an
infinite loop, constantly trying to handle the same stripes
stuck in the queue.
The raid5d thread has a blk_plug that holds a number of bios
that are also stuck waiting seeing the thread is in a loop
that never schedules. These bios have been accounted for by
blk-wbt thus preventing the other threads above from
continuing when they try to submit bios. --Deadlock.
To fix this, add the same wait_event() that is used in raid5_do_work()
to raid5d() such that if MD_SB_CHANGE_PENDING is set, the thread will
schedule and wait until the flag is cleared. The schedule action will
flush the plug which will allow the r5l_reclaim thread to continue,
thus preventing the deadlock.
However, md_check_recovery() calls can also clear MD_SB_CHANGE_PENDING
from the same thread and can thus deadlock if the thread is put to
sleep. So avoid waiting if md_check_recovery() is being called in the
loop.
It's not clear when the deadlock was introduced, but the similar
wait_event() call in raid5_do_work() was added in 2017 by this
commit:
16d997b78b15 ("md/raid5: simplfy delaying of writes while metadata
is updated.")
Link: https://lore.kernel.org/r/7f3b87b6-b52a-f737-51d7-a4eec5c44112@deltatee.com
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index db149d28f639..caaae10e33f8 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -36,6 +36,7 @@
*/
#include <linux/blkdev.h>
+#include <linux/delay.h>
#include <linux/kthread.h>
#include <linux/raid/pq.h>
#include <linux/async_tx.h>
@@ -6780,7 +6781,18 @@ static void raid5d(struct md_thread *thread)
spin_unlock_irq(&conf->device_lock);
md_check_recovery(mddev);
spin_lock_irq(&conf->device_lock);
+
+ /*
+ * Waiting on MD_SB_CHANGE_PENDING below may deadlock
+ * seeing md_check_recovery() is needed to clear
+ * the flag when using mdmon.
+ */
+ continue;
}
+
+ wait_event_lock_irq(mddev->sb_wait,
+ !test_bit(MD_SB_CHANGE_PENDING, &mddev->sb_flags),
+ conf->device_lock);
}
pr_debug("%d stripes handled\n", handled);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 817/862] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (815 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 816/862] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 818/862] usb: musb: Fix musb_gadget.c rxstate overflow bug Greg Kroah-Hartman
` (59 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Mathias Nyman, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit 7e271f42a5cc3768cd2622b929ba66859ae21f97 ]
xhci_alloc_stream_info() allocates stream context array for stream_info
->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,
stream_info->stream_ctx_array is not released, which will lead to a
memory leak.
We can fix it by releasing the stream_info->stream_ctx_array with
xhci_free_stream_ctx() on the error path to avoid the potential memory
leak.
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220921123450.671459-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-mem.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 8c19e151a945..9e56aa28efcd 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -641,7 +641,7 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
num_stream_ctxs, &stream_info->ctx_array_dma,
mem_flags);
if (!stream_info->stream_ctx_array)
- goto cleanup_ctx;
+ goto cleanup_ring_array;
memset(stream_info->stream_ctx_array, 0,
sizeof(struct xhci_stream_ctx)*num_stream_ctxs);
@@ -702,6 +702,11 @@ struct xhci_stream_info *xhci_alloc_stream_info(struct xhci_hcd *xhci,
}
xhci_free_command(xhci, stream_info->free_streams_command);
cleanup_ctx:
+ xhci_free_stream_ctx(xhci,
+ stream_info->num_stream_ctxs,
+ stream_info->stream_ctx_array,
+ stream_info->ctx_array_dma);
+cleanup_ring_array:
kfree(stream_info->stream_rings);
cleanup_info:
kfree(stream_info);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 818/862] usb: musb: Fix musb_gadget.c rxstate overflow bug
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (816 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 817/862] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 819/862] usb: dwc3: core: add gfladj_refclk_lpm_sel quirk Greg Kroah-Hartman
` (58 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robin Guo, Sasha Levin
From: Robin Guo <guoweibin@inspur.com>
[ Upstream commit eea4c860c3b366369eff0489d94ee4f0571d467d ]
The usb function device call musb_gadget_queue() adds the passed
request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz)
and (is_buffer_mapped(req) return false),the rxstate() will copy all data
in fifo to request->buf which may cause request->buf out of bounds.
Fix it by add the length check :
fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);
Signed-off-by: Robin Guo <guoweibin@inspur.com>
Link: https://lore.kernel.org/r/20220906102119.1b071d07a8391ff115e6d1ef@inspur.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/musb/musb_gadget.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
index daada4b66a92..6704a62a1665 100644
--- a/drivers/usb/musb/musb_gadget.c
+++ b/drivers/usb/musb/musb_gadget.c
@@ -760,6 +760,9 @@ static void rxstate(struct musb *musb, struct musb_request *req)
musb_writew(epio, MUSB_RXCSR, csr);
buffer_aint_mapped:
+ fifo_count = min_t(unsigned int,
+ request->length - request->actual,
+ (unsigned int)fifo_count);
musb_read_fifo(musb_ep->hw_ep, fifo_count, (u8 *)
(request->buf + request->actual));
request->actual += fifo_count;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 819/862] usb: dwc3: core: add gfladj_refclk_lpm_sel quirk
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (817 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 818/862] usb: musb: Fix musb_gadget.c rxstate overflow bug Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 820/862] arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes Greg Kroah-Hartman
` (57 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Jun, Alexander Stein, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit a6fc2f1b092787e9d7dbe472d720cede81680315 ]
This selects the SOF/ITP counter be running on ref_clk. As documented
U2_FREECLK_EXISTS has to be set to 0 as well.
Reviewed-by: Li Jun <jun.li@nxp.com>
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Link: https://lore.kernel.org/r/20220915062855.751881-3-alexander.stein@ew.tq-group.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/core.c | 8 +++++++-
drivers/usb/dwc3/core.h | 2 ++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index 919d36fd0298..f7f1952b2901 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -407,6 +407,10 @@ static void dwc3_ref_clk_period(struct dwc3 *dwc)
reg |= FIELD_PREP(DWC3_GFLADJ_REFCLK_FLADJ_MASK, fladj)
| FIELD_PREP(DWC3_GFLADJ_240MHZDECR, decr >> 1)
| FIELD_PREP(DWC3_GFLADJ_240MHZDECR_PLS1, decr & 1);
+
+ if (dwc->gfladj_refclk_lpm_sel)
+ reg |= DWC3_GFLADJ_REFCLK_LPM_SEL;
+
dwc3_writel(dwc->regs, DWC3_GFLADJ, reg);
}
@@ -788,7 +792,7 @@ static int dwc3_phy_setup(struct dwc3 *dwc)
else
reg |= DWC3_GUSB2PHYCFG_ENBLSLPM;
- if (dwc->dis_u2_freeclk_exists_quirk)
+ if (dwc->dis_u2_freeclk_exists_quirk || dwc->gfladj_refclk_lpm_sel)
reg &= ~DWC3_GUSB2PHYCFG_U2_FREECLK_EXISTS;
dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg);
@@ -1524,6 +1528,8 @@ static void dwc3_get_properties(struct dwc3 *dwc)
"snps,dis-tx-ipgap-linecheck-quirk");
dwc->parkmode_disable_ss_quirk = device_property_read_bool(dev,
"snps,parkmode-disable-ss-quirk");
+ dwc->gfladj_refclk_lpm_sel = device_property_read_bool(dev,
+ "snps,gfladj-refclk-lpm-sel-quirk");
dwc->tx_de_emphasis_quirk = device_property_read_bool(dev,
"snps,tx_de_emphasis_quirk");
diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
index 4fe4287dc934..11975a03316f 100644
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -391,6 +391,7 @@
#define DWC3_GFLADJ_30MHZ_SDBND_SEL BIT(7)
#define DWC3_GFLADJ_30MHZ_MASK 0x3f
#define DWC3_GFLADJ_REFCLK_FLADJ_MASK GENMASK(21, 8)
+#define DWC3_GFLADJ_REFCLK_LPM_SEL BIT(23)
#define DWC3_GFLADJ_240MHZDECR GENMASK(30, 24)
#define DWC3_GFLADJ_240MHZDECR_PLS1 BIT(31)
@@ -1312,6 +1313,7 @@ struct dwc3 {
unsigned dis_del_phy_power_chg_quirk:1;
unsigned dis_tx_ipgap_linecheck_quirk:1;
unsigned parkmode_disable_ss_quirk:1;
+ unsigned gfladj_refclk_lpm_sel:1;
unsigned tx_de_emphasis_quirk:1;
unsigned tx_de_emphasis:2;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 820/862] arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (818 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 819/862] usb: dwc3: core: add gfladj_refclk_lpm_sel quirk Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 821/862] usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug Greg Kroah-Hartman
` (56 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Stein, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 5c3d5ecf48ab06c709c012bf1e8f0c91e1fcd7ad ]
With this set the SOF/ITP counter is based on ref_clk when 2.0 ports are
suspended.
snps,dis-u2-freeclk-exists-quirk can be removed as
snps,gfladj-refclk-lpm-sel also clears the free running clock configuration
bit.
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Link: https://lore.kernel.org/r/20220915062855.751881-4-alexander.stein@ew.tq-group.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mp.dtsi b/arch/arm64/boot/dts/freescale/imx8mp.dtsi
index fe178b7d063c..522ab47426c3 100644
--- a/arch/arm64/boot/dts/freescale/imx8mp.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mp.dtsi
@@ -1189,7 +1189,7 @@
interrupts = <GIC_SPI 40 IRQ_TYPE_LEVEL_HIGH>;
phys = <&usb3_phy0>, <&usb3_phy0>;
phy-names = "usb2-phy", "usb3-phy";
- snps,dis-u2-freeclk-exists-quirk;
+ snps,gfladj-refclk-lpm-sel-quirk;
};
};
@@ -1231,7 +1231,7 @@
interrupts = <GIC_SPI 41 IRQ_TYPE_LEVEL_HIGH>;
phys = <&usb3_phy1>, <&usb3_phy1>;
phy-names = "usb2-phy", "usb3-phy";
- snps,dis-u2-freeclk-exists-quirk;
+ snps,gfladj-refclk-lpm-sel-quirk;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 821/862] usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (819 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 820/862] arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 822/862] Revert "usb: storage: Add quirk for Samsung Fit flash" Greg Kroah-Hartman
` (55 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Piyush Mehta, Sasha Levin
From: Piyush Mehta <piyush.mehta@amd.com>
[ Upstream commit 63d7f9810a38102cdb8cad214fac98682081e1a7 ]
When configured in HOST mode, after issuing U3/L2 exit controller fails
to send proper CRC checksum in CRC5 field. Because of this behavior
Transaction Error is generated, resulting in reset and re-enumeration of
usb device attached. Enabling chicken bit 10 of GUCTL1 will correct this
problem.
When this bit is set to '1', the UTMI/ULPI opmode will be changed to
"normal" along with HS terminations, term, and xcvr signals after EOR.
This option is to support certain legacy UTMI/ULPI PHYs.
Added "snps,resume-hs-terminations" quirk to resolved the above issue.
Signed-off-by: Piyush Mehta <piyush.mehta@amd.com>
Link: https://lore.kernel.org/r/20220920052235.194272-3-piyush.mehta@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/core.c | 17 +++++++++++++++++
drivers/usb/dwc3/core.h | 4 ++++
2 files changed, 21 insertions(+)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index f7f1952b2901..68d986361c49 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1183,6 +1183,21 @@ static int dwc3_core_init(struct dwc3 *dwc)
dwc3_writel(dwc->regs, DWC3_GUCTL2, reg);
}
+ /*
+ * When configured in HOST mode, after issuing U3/L2 exit controller
+ * fails to send proper CRC checksum in CRC5 feild. Because of this
+ * behaviour Transaction Error is generated, resulting in reset and
+ * re-enumeration of usb device attached. All the termsel, xcvrsel,
+ * opmode becomes 0 during end of resume. Enabling bit 10 of GUCTL1
+ * will correct this problem. This option is to support certain
+ * legacy ULPI PHYs.
+ */
+ if (dwc->resume_hs_terminations) {
+ reg = dwc3_readl(dwc->regs, DWC3_GUCTL1);
+ reg |= DWC3_GUCTL1_RESUME_OPMODE_HS_HOST;
+ dwc3_writel(dwc->regs, DWC3_GUCTL1, reg);
+ }
+
if (!DWC3_VER_IS_PRIOR(DWC3, 250A)) {
reg = dwc3_readl(dwc->regs, DWC3_GUCTL1);
@@ -1526,6 +1541,8 @@ static void dwc3_get_properties(struct dwc3 *dwc)
"snps,dis-del-phy-power-chg-quirk");
dwc->dis_tx_ipgap_linecheck_quirk = device_property_read_bool(dev,
"snps,dis-tx-ipgap-linecheck-quirk");
+ dwc->resume_hs_terminations = device_property_read_bool(dev,
+ "snps,resume-hs-terminations");
dwc->parkmode_disable_ss_quirk = device_property_read_bool(dev,
"snps,parkmode-disable-ss-quirk");
dwc->gfladj_refclk_lpm_sel = device_property_read_bool(dev,
diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
index 11975a03316f..3ac9313e66f9 100644
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -263,6 +263,7 @@
#define DWC3_GUCTL1_DEV_FORCE_20_CLK_FOR_30_CLK BIT(26)
#define DWC3_GUCTL1_DEV_L1_EXIT_BY_HW BIT(24)
#define DWC3_GUCTL1_PARKMODE_DISABLE_SS BIT(17)
+#define DWC3_GUCTL1_RESUME_OPMODE_HS_HOST BIT(10)
/* Global Status Register */
#define DWC3_GSTS_OTG_IP BIT(10)
@@ -1097,6 +1098,8 @@ struct dwc3_scratchpad_array {
* change quirk.
* @dis_tx_ipgap_linecheck_quirk: set if we disable u2mac linestate
* check during HS transmit.
+ * @resume-hs-terminations: Set if we enable quirk for fixing improper crc
+ * generation after resume from suspend.
* @parkmode_disable_ss_quirk: set if we need to disable all SuperSpeed
* instances in park mode.
* @tx_de_emphasis_quirk: set if we enable Tx de-emphasis quirk
@@ -1312,6 +1315,7 @@ struct dwc3 {
unsigned dis_u2_freeclk_exists_quirk:1;
unsigned dis_del_phy_power_chg_quirk:1;
unsigned dis_tx_ipgap_linecheck_quirk:1;
+ unsigned resume_hs_terminations:1;
unsigned parkmode_disable_ss_quirk:1;
unsigned gfladj_refclk_lpm_sel:1;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 822/862] Revert "usb: storage: Add quirk for Samsung Fit flash"
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (820 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 821/862] usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 823/862] io_uring: fix CQE reordering Greg Kroah-Hartman
` (54 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, sunghwan jung, Sasha Levin
From: sunghwan jung <onenowy@gmail.com>
[ Upstream commit ad5dbfc123e6ffbbde194e2a4603323e09f741ee ]
This reverts commit 86d92f5465958752481269348d474414dccb1552,
which fix the timeout issue for "Samsung Fit Flash".
But the commit affects not only "Samsung Fit Flash" but also other usb
storages that use the same controller and causes severe performance
regression.
# hdparm -t /dev/sda (without the quirk)
Timing buffered disk reads: 622 MB in 3.01 seconds = 206.66 MB/sec
# hdparm -t /dev/sda (with the quirk)
Timing buffered disk reads: 220 MB in 3.00 seconds = 73.32 MB/sec
The commit author mentioned that "Issue was reproduced after device has
bad block", so this quirk should be applied when we have the timeout
issue with a device that has bad blocks.
We revert the commit so that we apply this quirk by adding kernel
paramters using a bootloader or other ways when we really need it,
without the performance regression with devices that don't have the
issue.
Signed-off-by: sunghwan jung <onenowy@gmail.com>
Link: https://lore.kernel.org/r/20220913114913.3073-1-onenowy@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/storage/unusual_devs.h | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
index 4993227ab293..20dcbccb290b 100644
--- a/drivers/usb/storage/unusual_devs.h
+++ b/drivers/usb/storage/unusual_devs.h
@@ -1275,12 +1275,6 @@ UNUSUAL_DEV( 0x090a, 0x1200, 0x0000, 0x9999,
USB_SC_RBC, USB_PR_BULK, NULL,
0 ),
-UNUSUAL_DEV(0x090c, 0x1000, 0x1100, 0x1100,
- "Samsung",
- "Flash Drive FIT",
- USB_SC_DEVICE, USB_PR_DEVICE, NULL,
- US_FL_MAX_SECTORS_64),
-
/* aeb */
UNUSUAL_DEV( 0x090c, 0x1132, 0x0000, 0xffff,
"Feiya",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 823/862] io_uring: fix CQE reordering
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (821 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 822/862] Revert "usb: storage: Add quirk for Samsung Fit flash" Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 824/862] staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() Greg Kroah-Hartman
` (53 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dylan Yudaken, Pavel Begunkov,
Jens Axboe, Sasha Levin
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit aa1df3a360a0c50e0f0086a785d75c2785c29967 ]
Overflowing CQEs may result in reordering, which is buggy in case of
links, F_MORE and so on. If we guarantee that we don't reorder for
the unlikely event of a CQ ring overflow, then we can further extend
this to not have to terminate multishot requests if it happens. For
other operations, like zerocopy sends, we have no choice but to honor
CQE ordering.
Reported-by: Dylan Yudaken <dylany@fb.com>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/ec3bc55687b0768bbe20fb62d7d06cfced7d7e70.1663892031.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/io_uring.c | 12 ++++++++++--
io_uring/io_uring.h | 12 +++++++++---
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index a22a32acf590..c5dd483a7de2 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -567,7 +567,7 @@ static bool __io_cqring_overflow_flush(struct io_ring_ctx *ctx, bool force)
io_cq_lock(ctx);
while (!list_empty(&ctx->cq_overflow_list)) {
- struct io_uring_cqe *cqe = io_get_cqe(ctx);
+ struct io_uring_cqe *cqe = io_get_cqe_overflow(ctx, true);
struct io_overflow_cqe *ocqe;
if (!cqe && !force)
@@ -694,12 +694,19 @@ bool io_req_cqe_overflow(struct io_kiocb *req)
* control dependency is enough as we're using WRITE_ONCE to
* fill the cq entry
*/
-struct io_uring_cqe *__io_get_cqe(struct io_ring_ctx *ctx)
+struct io_uring_cqe *__io_get_cqe(struct io_ring_ctx *ctx, bool overflow)
{
struct io_rings *rings = ctx->rings;
unsigned int off = ctx->cached_cq_tail & (ctx->cq_entries - 1);
unsigned int free, queued, len;
+ /*
+ * Posting into the CQ when there are pending overflowed CQEs may break
+ * ordering guarantees, which will affect links, F_MORE users and more.
+ * Force overflow the completion.
+ */
+ if (!overflow && (ctx->check_cq & BIT(IO_CHECK_CQ_OVERFLOW_BIT)))
+ return NULL;
/* userspace may cheat modifying the tail, be safe and do min */
queued = min(__io_cqring_events(ctx), ctx->cq_entries);
@@ -2232,6 +2239,7 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events,
do {
io_cqring_overflow_flush(ctx);
+
if (io_cqring_events(ctx) >= min_events)
return 0;
if (!io_run_task_work())
diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h
index 2f73f83af960..45809ae6f64e 100644
--- a/io_uring/io_uring.h
+++ b/io_uring/io_uring.h
@@ -24,7 +24,7 @@ enum {
IOU_STOP_MULTISHOT = -ECANCELED,
};
-struct io_uring_cqe *__io_get_cqe(struct io_ring_ctx *ctx);
+struct io_uring_cqe *__io_get_cqe(struct io_ring_ctx *ctx, bool overflow);
bool io_req_cqe_overflow(struct io_kiocb *req);
int io_run_task_work_sig(void);
void io_req_complete_failed(struct io_kiocb *req, s32 res);
@@ -91,7 +91,8 @@ static inline void io_cq_lock(struct io_ring_ctx *ctx)
void io_cq_unlock_post(struct io_ring_ctx *ctx);
-static inline struct io_uring_cqe *io_get_cqe(struct io_ring_ctx *ctx)
+static inline struct io_uring_cqe *io_get_cqe_overflow(struct io_ring_ctx *ctx,
+ bool overflow)
{
if (likely(ctx->cqe_cached < ctx->cqe_sentinel)) {
struct io_uring_cqe *cqe = ctx->cqe_cached;
@@ -103,7 +104,12 @@ static inline struct io_uring_cqe *io_get_cqe(struct io_ring_ctx *ctx)
return cqe;
}
- return __io_get_cqe(ctx);
+ return __io_get_cqe(ctx, overflow);
+}
+
+static inline struct io_uring_cqe *io_get_cqe(struct io_ring_ctx *ctx)
+{
+ return io_get_cqe_overflow(ctx, false);
}
static inline bool __io_fill_cqe_req(struct io_ring_ctx *ctx,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 824/862] staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (822 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 823/862] io_uring: fix CQE reordering Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 825/862] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Greg Kroah-Hartman
` (52 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaoke Wang, Sasha Levin
From: Xiaoke Wang <xkernel.wang@foxmail.com>
[ Upstream commit 5a5aa9cce621e2c0e25a1e5d72d6be1749167cc0 ]
In rtw_init_drv_sw(), there are various init functions are called to
populate the padapter structure and some checks for their return value.
However, except for the first one error path, the other five error paths
do not properly release the previous allocated resources, which leads to
various memory leaks.
This patch fixes them and keeps the success and error separate.
Note that these changes keep the form of `rtw_init_drv_sw()` in
"drivers/staging/r8188eu/os_dep/os_intfs.c". As there is no proper device
to test with, no runtime testing was performed.
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_C3B899D2FC3F1BC827F3552E0B0734056006@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/os_dep/os_intfs.c | 60 +++++++++++----------
1 file changed, 31 insertions(+), 29 deletions(-)
diff --git a/drivers/staging/rtl8723bs/os_dep/os_intfs.c b/drivers/staging/rtl8723bs/os_dep/os_intfs.c
index 380d8c9e1239..68bba3c0e757 100644
--- a/drivers/staging/rtl8723bs/os_dep/os_intfs.c
+++ b/drivers/staging/rtl8723bs/os_dep/os_intfs.c
@@ -664,51 +664,36 @@ void rtw_reset_drv_sw(struct adapter *padapter)
u8 rtw_init_drv_sw(struct adapter *padapter)
{
- u8 ret8 = _SUCCESS;
-
rtw_init_default_value(padapter);
rtw_init_hal_com_default_value(padapter);
- if (rtw_init_cmd_priv(&padapter->cmdpriv)) {
- ret8 = _FAIL;
- goto exit;
- }
+ if (rtw_init_cmd_priv(&padapter->cmdpriv))
+ return _FAIL;
padapter->cmdpriv.padapter = padapter;
- if (rtw_init_evt_priv(&padapter->evtpriv)) {
- ret8 = _FAIL;
- goto exit;
- }
+ if (rtw_init_evt_priv(&padapter->evtpriv))
+ goto free_cmd_priv;
-
- if (rtw_init_mlme_priv(padapter) == _FAIL) {
- ret8 = _FAIL;
- goto exit;
- }
+ if (rtw_init_mlme_priv(padapter) == _FAIL)
+ goto free_evt_priv;
init_mlme_ext_priv(padapter);
- if (_rtw_init_xmit_priv(&padapter->xmitpriv, padapter) == _FAIL) {
- ret8 = _FAIL;
- goto exit;
- }
+ if (_rtw_init_xmit_priv(&padapter->xmitpriv, padapter) == _FAIL)
+ goto free_mlme_ext;
- if (_rtw_init_recv_priv(&padapter->recvpriv, padapter) == _FAIL) {
- ret8 = _FAIL;
- goto exit;
- }
+ if (_rtw_init_recv_priv(&padapter->recvpriv, padapter) == _FAIL)
+ goto free_xmit_priv;
/* add for CONFIG_IEEE80211W, none 11w also can use */
spin_lock_init(&padapter->security_key_mutex);
/* We don't need to memset padapter->XXX to zero, because adapter is allocated by vzalloc(). */
/* memset((unsigned char *)&padapter->securitypriv, 0, sizeof (struct security_priv)); */
- if (_rtw_init_sta_priv(&padapter->stapriv) == _FAIL) {
- ret8 = _FAIL;
- goto exit;
- }
+ if (_rtw_init_sta_priv(&padapter->stapriv) == _FAIL)
+ goto free_recv_priv;
padapter->stapriv.padapter = padapter;
padapter->setband = GHZ24_50;
@@ -719,9 +704,26 @@ u8 rtw_init_drv_sw(struct adapter *padapter)
rtw_hal_dm_init(padapter);
-exit:
+ return _SUCCESS;
+
+free_recv_priv:
+ _rtw_free_recv_priv(&padapter->recvpriv);
+
+free_xmit_priv:
+ _rtw_free_xmit_priv(&padapter->xmitpriv);
+
+free_mlme_ext:
+ free_mlme_ext_priv(&padapter->mlmeextpriv);
- return ret8;
+ rtw_free_mlme_priv(&padapter->mlmepriv);
+
+free_evt_priv:
+ rtw_free_evt_priv(&padapter->evtpriv);
+
+free_cmd_priv:
+ rtw_free_cmd_priv(&padapter->cmdpriv);
+
+ return _FAIL;
}
void rtw_cancel_all_timer(struct adapter *padapter)
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 825/862] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (823 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 824/862] staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 826/862] scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled Greg Kroah-Hartman
` (51 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaoke Wang, Sasha Levin
From: Xiaoke Wang <xkernel.wang@foxmail.com>
[ Upstream commit 708056fba733a73d926772ea4ce9a42d240345da ]
In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated
in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly
released. Besides, considering there are only two error paths and the
first one can directly return, so we do not need implicitly jump to the
`exit` tag to execute the error handler.
So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error
path to release the resource and simplified the return logic of
rtw_init_cmd_priv(). As there is no proper device to test with, no runtime
testing was performed.
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_2B7931B79BA38E22205C5A09EFDF11E48805@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_cmd.c b/drivers/staging/rtl8723bs/core/rtw_cmd.c
index b4170f64d118..03c2c66dbf66 100644
--- a/drivers/staging/rtl8723bs/core/rtw_cmd.c
+++ b/drivers/staging/rtl8723bs/core/rtw_cmd.c
@@ -161,8 +161,6 @@ static struct cmd_hdl wlancmds[] = {
int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
{
- int res = 0;
-
init_completion(&pcmdpriv->cmd_queue_comp);
init_completion(&pcmdpriv->terminate_cmdthread_comp);
@@ -175,18 +173,16 @@ int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
pcmdpriv->cmd_allocated_buf = rtw_zmalloc(MAX_CMDSZ + CMDBUFF_ALIGN_SZ);
- if (!pcmdpriv->cmd_allocated_buf) {
- res = -ENOMEM;
- goto exit;
- }
+ if (!pcmdpriv->cmd_allocated_buf)
+ return -ENOMEM;
pcmdpriv->cmd_buf = pcmdpriv->cmd_allocated_buf + CMDBUFF_ALIGN_SZ - ((SIZE_PTR)(pcmdpriv->cmd_allocated_buf) & (CMDBUFF_ALIGN_SZ-1));
pcmdpriv->rsp_allocated_buf = rtw_zmalloc(MAX_RSPSZ + 4);
if (!pcmdpriv->rsp_allocated_buf) {
- res = -ENOMEM;
- goto exit;
+ kfree(pcmdpriv->cmd_allocated_buf);
+ return -ENOMEM;
}
pcmdpriv->rsp_buf = pcmdpriv->rsp_allocated_buf + 4 - ((SIZE_PTR)(pcmdpriv->rsp_allocated_buf) & 3);
@@ -196,8 +192,8 @@ int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
pcmdpriv->rsp_cnt = 0;
mutex_init(&pcmdpriv->sctx_mutex);
-exit:
- return res;
+
+ return 0;
}
static void c2h_wk_callback(struct work_struct *work);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 826/862] scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (824 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 825/862] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 827/862] ext2: Use kvmalloc() for group descriptor array Greg Kroah-Hartman
` (50 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Steven Rostedt (Google),
Arun Easi, Martin K. Petersen, Sasha Levin
From: Arun Easi <aeasi@marvell.com>
[ Upstream commit 1a77dd1c2bb5d4a58c16d198cf593720787c02e4 ]
Fix this compilation error seen when CONFIG_TRACING is not enabled:
drivers/scsi/qla2xxx/qla_os.c: In function 'qla_trace_init':
drivers/scsi/qla2xxx/qla_os.c:2854:25: error: implicit declaration of function
'trace_array_get_by_name'; did you mean 'trace_array_set_clr_event'?
[-Werror=implicit-function-declaration]
2854 | qla_trc_array = trace_array_get_by_name("qla2xxx");
| ^~~~~~~~~~~~~~~~~~~~~~~
| trace_array_set_clr_event
drivers/scsi/qla2xxx/qla_os.c: In function 'qla_trace_uninit':
drivers/scsi/qla2xxx/qla_os.c:2869:9: error: implicit declaration of function
'trace_array_put' [-Werror=implicit-function-declaration]
2869 | trace_array_put(qla_trc_array);
| ^~~~~~~~~~~~~~~
Link: https://lore.kernel.org/r/20220907233308.4153-2-aeasi@marvell.com
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/trace.h | 36 ++++++++++++++++++++++++++++++++++--
1 file changed, 34 insertions(+), 2 deletions(-)
diff --git a/include/linux/trace.h b/include/linux/trace.h
index bf169612ffe1..b5e16e438448 100644
--- a/include/linux/trace.h
+++ b/include/linux/trace.h
@@ -2,8 +2,6 @@
#ifndef _LINUX_TRACE_H
#define _LINUX_TRACE_H
-#ifdef CONFIG_TRACING
-
#define TRACE_EXPORT_FUNCTION BIT(0)
#define TRACE_EXPORT_EVENT BIT(1)
#define TRACE_EXPORT_MARKER BIT(2)
@@ -28,6 +26,8 @@ struct trace_export {
int flags;
};
+#ifdef CONFIG_TRACING
+
int register_ftrace_export(struct trace_export *export);
int unregister_ftrace_export(struct trace_export *export);
@@ -48,6 +48,38 @@ void osnoise_arch_unregister(void);
void osnoise_trace_irq_entry(int id);
void osnoise_trace_irq_exit(int id, const char *desc);
+#else /* CONFIG_TRACING */
+static inline int register_ftrace_export(struct trace_export *export)
+{
+ return -EINVAL;
+}
+static inline int unregister_ftrace_export(struct trace_export *export)
+{
+ return 0;
+}
+static inline void trace_printk_init_buffers(void)
+{
+}
+static inline int trace_array_printk(struct trace_array *tr, unsigned long ip,
+ const char *fmt, ...)
+{
+ return 0;
+}
+static inline int trace_array_init_printk(struct trace_array *tr)
+{
+ return -EINVAL;
+}
+static inline void trace_array_put(struct trace_array *tr)
+{
+}
+static inline struct trace_array *trace_array_get_by_name(const char *name)
+{
+ return NULL;
+}
+static inline int trace_array_destroy(struct trace_array *tr)
+{
+ return 0;
+}
#endif /* CONFIG_TRACING */
#endif /* _LINUX_TRACE_H */
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 827/862] ext2: Use kvmalloc() for group descriptor array
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (825 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 826/862] scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 828/862] nvme: handle effects after freeing the request Greg Kroah-Hartman
` (49 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+0f2f7e65a3007d39539f,
Jan Kara, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit e7c7fbb9a8574ebd89cc05db49d806c7476863ad ]
Array of group descriptor block buffers can get rather large. In theory
in can reach 1MB for perfectly valid filesystem and even more for
maliciously crafted ones. Use kvmalloc() to allocate the array to avoid
straining memory allocator with large order allocations unnecessarily.
Reported-by: syzbot+0f2f7e65a3007d39539f@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext2/super.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index afb31af9302d..03f2af98b1b4 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -163,7 +163,7 @@ static void ext2_put_super (struct super_block * sb)
db_count = sbi->s_gdb_count;
for (i = 0; i < db_count; i++)
brelse(sbi->s_group_desc[i]);
- kfree(sbi->s_group_desc);
+ kvfree(sbi->s_group_desc);
kfree(sbi->s_debts);
percpu_counter_destroy(&sbi->s_freeblocks_counter);
percpu_counter_destroy(&sbi->s_freeinodes_counter);
@@ -1092,7 +1092,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
}
db_count = (sbi->s_groups_count + EXT2_DESC_PER_BLOCK(sb) - 1) /
EXT2_DESC_PER_BLOCK(sb);
- sbi->s_group_desc = kmalloc_array(db_count,
+ sbi->s_group_desc = kvmalloc_array(db_count,
sizeof(struct buffer_head *),
GFP_KERNEL);
if (sbi->s_group_desc == NULL) {
@@ -1218,7 +1218,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
for (i = 0; i < db_count; i++)
brelse(sbi->s_group_desc[i]);
failed_mount_group_desc:
- kfree(sbi->s_group_desc);
+ kvfree(sbi->s_group_desc);
kfree(sbi->s_debts);
failed_mount:
brelse(bh);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 828/862] nvme: handle effects after freeing the request
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (826 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 827/862] ext2: Use kvmalloc() for group descriptor array Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 829/862] nvme: copy firmware_rev on each init Greg Kroah-Hartman
` (48 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Derrick, Keith Busch,
Sagi Grimberg, Chao Leng, Christoph Hellwig, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit bc8fb906b0ff9339b4286698cb7cd9cd5b8c53eb ]
If a reset occurs after the scan work attempts to issue a command, the
reset may quisce the admin queue, which blocks the scan work's command
from dispatching. The scan work will not be able to complete while the
queue is quiesced.
Meanwhile, the reset work will cancel all outstanding admin tags and
wait until all requests have transitioned to idle, which includes the
passthrough request. But the passthrough request won't be set to idle
until after the scan_work flushes, so we're deadlocked.
Fix this by handling the end effects after the request has been freed.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216354
Reported-by: Jonathan Derrick <Jonathan.Derrick@solidigm.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chao Leng <lengchao@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 17 ++++++-----------
drivers/nvme/host/ioctl.c | 9 ++++++++-
drivers/nvme/host/nvme.h | 4 +++-
drivers/nvme/target/passthru.c | 7 ++++++-
4 files changed, 23 insertions(+), 14 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 8d5a7ae19844..7991d28e6a6a 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1111,8 +1111,8 @@ static u32 nvme_passthru_start(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
return effects;
}
-static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects,
- struct nvme_command *cmd, int status)
+void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects,
+ struct nvme_command *cmd, int status)
{
if (effects & NVME_CMD_EFFECTS_CSE_MASK) {
nvme_unfreeze(ctrl);
@@ -1148,21 +1148,16 @@ static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects,
break;
}
}
+EXPORT_SYMBOL_NS_GPL(nvme_passthru_end, NVME_TARGET_PASSTHRU);
-int nvme_execute_passthru_rq(struct request *rq)
+int nvme_execute_passthru_rq(struct request *rq, u32 *effects)
{
struct nvme_command *cmd = nvme_req(rq)->cmd;
struct nvme_ctrl *ctrl = nvme_req(rq)->ctrl;
struct nvme_ns *ns = rq->q->queuedata;
- u32 effects;
- int ret;
- effects = nvme_passthru_start(ctrl, ns, cmd->common.opcode);
- ret = nvme_execute_rq(rq, false);
- if (effects) /* nothing to be done for zero cmd effects */
- nvme_passthru_end(ctrl, effects, cmd, ret);
-
- return ret;
+ *effects = nvme_passthru_start(ctrl, ns, cmd->common.opcode);
+ return nvme_execute_rq(rq, false);
}
EXPORT_SYMBOL_NS_GPL(nvme_execute_passthru_rq, NVME_TARGET_PASSTHRU);
diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
index 27614bee7380..d3281f87cd6e 100644
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -136,9 +136,11 @@ static int nvme_submit_user_cmd(struct request_queue *q,
unsigned bufflen, void __user *meta_buffer, unsigned meta_len,
u32 meta_seed, u64 *result, unsigned timeout, bool vec)
{
+ struct nvme_ctrl *ctrl;
struct request *req;
void *meta = NULL;
struct bio *bio;
+ u32 effects;
int ret;
req = nvme_alloc_user_request(q, cmd, ubuffer, bufflen, meta_buffer,
@@ -147,8 +149,9 @@ static int nvme_submit_user_cmd(struct request_queue *q,
return PTR_ERR(req);
bio = req->bio;
+ ctrl = nvme_req(req)->ctrl;
- ret = nvme_execute_passthru_rq(req);
+ ret = nvme_execute_passthru_rq(req, &effects);
if (result)
*result = le64_to_cpu(nvme_req(req)->result.u64);
@@ -158,6 +161,10 @@ static int nvme_submit_user_cmd(struct request_queue *q,
if (bio)
blk_rq_unmap_user(bio);
blk_mq_free_request(req);
+
+ if (effects)
+ nvme_passthru_end(ctrl, effects, cmd, ret);
+
return ret;
}
diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h
index 1bdf714dcd9e..a0bf9560cf67 100644
--- a/drivers/nvme/host/nvme.h
+++ b/drivers/nvme/host/nvme.h
@@ -1023,7 +1023,9 @@ static inline void nvme_auth_free(struct nvme_ctrl *ctrl) {};
u32 nvme_command_effects(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
u8 opcode);
-int nvme_execute_passthru_rq(struct request *rq);
+int nvme_execute_passthru_rq(struct request *rq, u32 *effects);
+void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects,
+ struct nvme_command *cmd, int status);
struct nvme_ctrl *nvme_ctrl_from_file(struct file *file);
struct nvme_ns *nvme_find_get_ns(struct nvme_ctrl *ctrl, unsigned nsid);
void nvme_put_ns(struct nvme_ns *ns);
diff --git a/drivers/nvme/target/passthru.c b/drivers/nvme/target/passthru.c
index 6f39a29828b1..94d3153bae54 100644
--- a/drivers/nvme/target/passthru.c
+++ b/drivers/nvme/target/passthru.c
@@ -215,9 +215,11 @@ static void nvmet_passthru_execute_cmd_work(struct work_struct *w)
{
struct nvmet_req *req = container_of(w, struct nvmet_req, p.work);
struct request *rq = req->p.rq;
+ struct nvme_ctrl *ctrl = nvme_req(rq)->ctrl;
+ u32 effects;
int status;
- status = nvme_execute_passthru_rq(rq);
+ status = nvme_execute_passthru_rq(rq, &effects);
if (status == NVME_SC_SUCCESS &&
req->cmd->common.opcode == nvme_admin_identify) {
@@ -238,6 +240,9 @@ static void nvmet_passthru_execute_cmd_work(struct work_struct *w)
req->cqe->result = nvme_req(rq)->result;
nvmet_req_complete(req, status);
blk_mq_free_request(rq);
+
+ if (effects)
+ nvme_passthru_end(ctrl, effects, req->cmd, status);
}
static void nvmet_passthru_req_done(struct request *rq,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 829/862] nvme: copy firmware_rev on each init
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (827 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 828/862] nvme: handle effects after freeing the request Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 830/862] nvmet-tcp: add bounds check on Transfer Tag Greg Kroah-Hartman
` (47 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Lien, Keith Busch,
Sagi Grimberg, Chaitanya Kulkarni, Chao Leng, Christoph Hellwig,
Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit a8eb6c1ba48bddea82e8d74cbe6e119f006be97d ]
The firmware revision can change on after a reset so copy the most
recent info each time instead of just the first time, otherwise the
sysfs firmware_rev entry may contain stale data.
Reported-by: Jeff Lien <jeff.lien@wdc.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Chao Leng <lengchao@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 7991d28e6a6a..59e4b188fc71 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -2889,7 +2889,6 @@ static int nvme_init_subsystem(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id)
nvme_init_subnqn(subsys, ctrl, id);
memcpy(subsys->serial, id->sn, sizeof(subsys->serial));
memcpy(subsys->model, id->mn, sizeof(subsys->model));
- memcpy(subsys->firmware_rev, id->fr, sizeof(subsys->firmware_rev));
subsys->vendor_id = le16_to_cpu(id->vid);
subsys->cmic = id->cmic;
@@ -3108,6 +3107,8 @@ static int nvme_init_identify(struct nvme_ctrl *ctrl)
ctrl->quirks |= core_quirks[i].quirks;
}
}
+ memcpy(ctrl->subsys->firmware_rev, id->fr,
+ sizeof(ctrl->subsys->firmware_rev));
if (force_apst && (ctrl->quirks & NVME_QUIRK_NO_DEEPEST_PS)) {
dev_warn(ctrl->device, "forcibly allowing all power states due to nvme_core.force_apst -- use at your own risk\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 830/862] nvmet-tcp: add bounds check on Transfer Tag
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (828 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 829/862] nvme: copy firmware_rev on each init Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 831/862] usb: idmouse: fix an uninit-value in idmouse_open Greg Kroah-Hartman
` (46 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Varun Prakash, Sagi Grimberg,
Christoph Hellwig, Sasha Levin
From: Varun Prakash <varun@chelsio.com>
[ Upstream commit b6a545ffa2c192b1e6da4a7924edac5ba9f4ea2b ]
ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(),
add a bounds check to avoid out-of-bounds access.
Signed-off-by: Varun Prakash <varun@chelsio.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/tcp.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
index a3694a32f6d5..7dcf88cde189 100644
--- a/drivers/nvme/target/tcp.c
+++ b/drivers/nvme/target/tcp.c
@@ -935,10 +935,17 @@ static int nvmet_tcp_handle_h2c_data_pdu(struct nvmet_tcp_queue *queue)
struct nvme_tcp_data_pdu *data = &queue->pdu.data;
struct nvmet_tcp_cmd *cmd;
- if (likely(queue->nr_cmds))
+ if (likely(queue->nr_cmds)) {
+ if (unlikely(data->ttag >= queue->nr_cmds)) {
+ pr_err("queue %d: received out of bound ttag %u, nr_cmds %u\n",
+ queue->idx, data->ttag, queue->nr_cmds);
+ nvmet_tcp_fatal_error(queue);
+ return -EPROTO;
+ }
cmd = &queue->cmds[data->ttag];
- else
+ } else {
cmd = &queue->connect;
+ }
if (le32_to_cpu(data->data_offset) != cmd->rbytes_done) {
pr_err("ttag %u unexpected data offset %u (expected %u)\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 831/862] usb: idmouse: fix an uninit-value in idmouse_open
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (829 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 830/862] nvmet-tcp: add bounds check on Transfer Tag Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 832/862] blk-mq: use quiesced elevator switch when reinitializing queues Greg Kroah-Hartman
` (45 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+79832d33eb89fb3cd092,
Dongliang Mu, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit bce2b0539933e485d22d6f6f076c0fcd6f185c4c ]
In idmouse_create_image, if any ftip_command fails, it will
go to the reset label. However, this leads to the data in
bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check
for valid image incurs an uninitialized dereference.
Fix this by moving the check before reset label since this
check only be valid if the data after bulk_in_buffer[HEADER]
has concrete data.
Note that this is found by KMSAN, so only kernel compilation
is tested.
Reported-by: syzbot+79832d33eb89fb3cd092@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Link: https://lore.kernel.org/r/20220922134847.1101921-1-dzm91@hust.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/idmouse.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/misc/idmouse.c b/drivers/usb/misc/idmouse.c
index e9437a176518..ea39243efee3 100644
--- a/drivers/usb/misc/idmouse.c
+++ b/drivers/usb/misc/idmouse.c
@@ -177,10 +177,6 @@ static int idmouse_create_image(struct usb_idmouse *dev)
bytes_read += bulk_read;
}
- /* reset the device */
-reset:
- ftip_command(dev, FTIP_RELEASE, 0, 0);
-
/* check for valid image */
/* right border should be black (0x00) */
for (bytes_read = sizeof(HEADER)-1 + WIDTH-1; bytes_read < IMGSIZE; bytes_read += WIDTH)
@@ -192,6 +188,10 @@ static int idmouse_create_image(struct usb_idmouse *dev)
if (dev->bulk_in_buffer[bytes_read] != 0xFF)
return -EAGAIN;
+ /* reset the device */
+reset:
+ ftip_command(dev, FTIP_RELEASE, 0, 0);
+
/* should be IMGSIZE == 65040 */
dev_dbg(&dev->interface->dev, "read %d bytes fingerprint data\n",
bytes_read);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 832/862] blk-mq: use quiesced elevator switch when reinitializing queues
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (830 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 831/862] usb: idmouse: fix an uninit-value in idmouse_open Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 833/862] hwmon (occ): Retry for checksum failure Greg Kroah-Hartman
` (44 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keith Busch, Ming Lei,
Christoph Hellwig, Jens Axboe, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit 8237c01f1696bc53c470493bf1fe092a107648a6 ]
The hctx's run_work may be racing with the elevator switch when
reinitializing hardware queues. The queue is merely frozen in this
context, but that only prevents requests from allocating and doesn't
stop the hctx work from running. The work may get an elevator pointer
that's being torn down, and can result in use-after-free errors and
kernel panics (example below). Use the quiesced elevator switch instead,
and make the previous one static since it is now only used locally.
nvme nvme0: resetting controller
nvme nvme0: 32/0/0 default/read/poll queues
BUG: kernel NULL pointer dereference, address: 0000000000000008
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 80000020c8861067 P4D 80000020c8861067 PUD 250f8c8067 PMD 0
Oops: 0000 [#1] SMP PTI
Workqueue: kblockd blk_mq_run_work_fn
RIP: 0010:kyber_has_work+0x29/0x70
...
Call Trace:
__blk_mq_do_dispatch_sched+0x83/0x2b0
__blk_mq_sched_dispatch_requests+0x12e/0x170
blk_mq_sched_dispatch_requests+0x30/0x60
__blk_mq_run_hw_queue+0x2b/0x50
process_one_work+0x1ef/0x380
worker_thread+0x2d/0x3e0
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220927155652.3260724-1-kbusch@fb.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 6 +++---
block/blk.h | 3 +--
block/elevator.c | 4 ++--
3 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index c96c8c4f751b..887b8682eb69 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -4473,14 +4473,14 @@ static bool blk_mq_elv_switch_none(struct list_head *head,
list_add(&qe->node, head);
/*
- * After elevator_switch_mq, the previous elevator_queue will be
+ * After elevator_switch, the previous elevator_queue will be
* released by elevator_release. The reference of the io scheduler
* module get by elevator_get will also be put. So we need to get
* a reference of the io scheduler module here to prevent it to be
* removed.
*/
__module_get(qe->type->elevator_owner);
- elevator_switch_mq(q, NULL);
+ elevator_switch(q, NULL);
mutex_unlock(&q->sysfs_lock);
return true;
@@ -4512,7 +4512,7 @@ static void blk_mq_elv_switch_back(struct list_head *head,
kfree(qe);
mutex_lock(&q->sysfs_lock);
- elevator_switch_mq(q, t);
+ elevator_switch(q, t);
mutex_unlock(&q->sysfs_lock);
}
diff --git a/block/blk.h b/block/blk.h
index d7142c4d2fef..52432eab621e 100644
--- a/block/blk.h
+++ b/block/blk.h
@@ -270,8 +270,7 @@ bool blk_bio_list_merge(struct request_queue *q, struct list_head *list,
void blk_insert_flush(struct request *rq);
-int elevator_switch_mq(struct request_queue *q,
- struct elevator_type *new_e);
+int elevator_switch(struct request_queue *q, struct elevator_type *new_e);
void elevator_exit(struct request_queue *q);
int elv_register_queue(struct request_queue *q, bool uevent);
void elv_unregister_queue(struct request_queue *q);
diff --git a/block/elevator.c b/block/elevator.c
index c319765892bb..bd71f0fc4e4b 100644
--- a/block/elevator.c
+++ b/block/elevator.c
@@ -588,7 +588,7 @@ void elv_unregister(struct elevator_type *e)
}
EXPORT_SYMBOL_GPL(elv_unregister);
-int elevator_switch_mq(struct request_queue *q,
+static int elevator_switch_mq(struct request_queue *q,
struct elevator_type *new_e)
{
int ret;
@@ -723,7 +723,7 @@ void elevator_init_mq(struct request_queue *q)
* need for the new one. this way we have a chance of going back to the old
* one, if the new one fails init for some reason.
*/
-static int elevator_switch(struct request_queue *q, struct elevator_type *new_e)
+int elevator_switch(struct request_queue *q, struct elevator_type *new_e)
{
int err;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 833/862] hwmon (occ): Retry for checksum failure
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (831 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 832/862] blk-mq: use quiesced elevator switch when reinitializing queues Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 834/862] fsi: occ: Prevent use after free Greg Kroah-Hartman
` (43 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Guenter Roeck,
Joel Stanley, Sasha Levin
From: Eddie James <eajames@linux.ibm.com>
[ Upstream commit dbed963ed62c4c2b8870a02c8b7dcb0c2af3ee0b ]
Due to the OCC communication design with a shared SRAM area,
checkum errors are expected due to corrupted buffer from OCC
communications with other system components. Therefore, retry
the command twice in the event of a checksum failure.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220426154956.27205-3-eajames@linux.ibm.com
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/occ/p9_sbe.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/hwmon/occ/p9_sbe.c b/drivers/hwmon/occ/p9_sbe.c
index c1e0a1d96cd4..f3791a589b01 100644
--- a/drivers/hwmon/occ/p9_sbe.c
+++ b/drivers/hwmon/occ/p9_sbe.c
@@ -14,6 +14,8 @@
#include "common.h"
+#define OCC_CHECKSUM_RETRIES 3
+
struct p9_sbe_occ {
struct occ occ;
bool sbe_error;
@@ -80,18 +82,23 @@ static bool p9_sbe_occ_save_ffdc(struct p9_sbe_occ *ctx, const void *resp,
static int p9_sbe_occ_send_cmd(struct occ *occ, u8 *cmd, size_t len,
void *resp, size_t resp_len)
{
+ size_t original_resp_len = resp_len;
struct p9_sbe_occ *ctx = to_p9_sbe_occ(occ);
- int rc;
+ int rc, i;
- rc = fsi_occ_submit(ctx->sbe, cmd, len, resp, &resp_len);
- if (rc < 0) {
+ for (i = 0; i < OCC_CHECKSUM_RETRIES; ++i) {
+ rc = fsi_occ_submit(ctx->sbe, cmd, len, resp, &resp_len);
+ if (rc >= 0)
+ break;
if (resp_len) {
if (p9_sbe_occ_save_ffdc(ctx, resp, resp_len))
sysfs_notify(&occ->bus_dev->kobj, NULL,
bin_attr_ffdc.attr.name);
+ return rc;
}
-
- return rc;
+ if (rc != -EBADE)
+ return rc;
+ resp_len = original_resp_len;
}
switch (((struct occ_response *)resp)->return_status) {
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 834/862] fsi: occ: Prevent use after free
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (832 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 833/862] hwmon (occ): Retry for checksum failure Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 835/862] fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe Greg Kroah-Hartman
` (42 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Guenter Roeck,
Joel Stanley, Sasha Levin
From: Eddie James <eajames@linux.ibm.com>
[ Upstream commit d3e1e24604031b0d83b6c2d38f54eeea265cfcc0 ]
Use get_device and put_device in the open and close functions to
make sure the device doesn't get freed while a file descriptor is
open.
Also, lock around the freeing of the device buffer and check the
buffer before using it in the submit function.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220513194424.53468-1-eajames@linux.ibm.com
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fsi/fsi-occ.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/fsi/fsi-occ.c b/drivers/fsi/fsi-occ.c
index c9cc75fbdfb9..28c176d038a2 100644
--- a/drivers/fsi/fsi-occ.c
+++ b/drivers/fsi/fsi-occ.c
@@ -94,6 +94,7 @@ static int occ_open(struct inode *inode, struct file *file)
client->occ = occ;
mutex_init(&client->lock);
file->private_data = client;
+ get_device(occ->dev);
/* We allocate a 1-page buffer, make sure it all fits */
BUILD_BUG_ON((OCC_CMD_DATA_BYTES + 3) > PAGE_SIZE);
@@ -197,6 +198,7 @@ static int occ_release(struct inode *inode, struct file *file)
{
struct occ_client *client = file->private_data;
+ put_device(client->occ->dev);
free_page((unsigned long)client->buffer);
kfree(client);
@@ -493,12 +495,19 @@ int fsi_occ_submit(struct device *dev, const void *request, size_t req_len,
for (i = 1; i < req_len - 2; ++i)
checksum += byte_request[i];
- mutex_lock(&occ->occ_lock);
+ rc = mutex_lock_interruptible(&occ->occ_lock);
+ if (rc)
+ return rc;
occ->client_buffer = response;
occ->client_buffer_size = user_resp_len;
occ->client_response_size = 0;
+ if (!occ->buffer) {
+ rc = -ENOENT;
+ goto done;
+ }
+
/*
* Get a sequence number and update the counter. Avoid a sequence
* number of 0 which would pass the response check below even if the
@@ -671,10 +680,13 @@ static int occ_remove(struct platform_device *pdev)
{
struct occ *occ = platform_get_drvdata(pdev);
- kvfree(occ->buffer);
-
misc_deregister(&occ->mdev);
+ mutex_lock(&occ->occ_lock);
+ kvfree(occ->buffer);
+ occ->buffer = NULL;
+ mutex_unlock(&occ->occ_lock);
+
device_for_each_child(&pdev->dev, NULL, occ_unregister_child);
ida_simple_remove(&occ_ida, occ->idx);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 835/862] fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (833 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 834/862] fsi: occ: Prevent use after free Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 836/862] dmaengine: dw-edma: Remove runtime PM support Greg Kroah-Hartman
` (41 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi, Joel Stanley,
Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 182d98e00e4745fe253cb0c24c63bbac253464a2 ]
of_parse_phandle returns node pointer with refcount incremented, use
of_node_put() on it when done.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Link: https://lore.kernel.org/r/20220407085911.2491719-1-lv.ruyi@zte.com.cn
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fsi/fsi-master-ast-cf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/fsi/fsi-master-ast-cf.c b/drivers/fsi/fsi-master-ast-cf.c
index 24292acdbaf8..5f608ef8b53c 100644
--- a/drivers/fsi/fsi-master-ast-cf.c
+++ b/drivers/fsi/fsi-master-ast-cf.c
@@ -1324,12 +1324,14 @@ static int fsi_master_acf_probe(struct platform_device *pdev)
}
master->cvic = devm_of_iomap(&pdev->dev, np, 0, NULL);
if (IS_ERR(master->cvic)) {
+ of_node_put(np);
rc = PTR_ERR(master->cvic);
dev_err(&pdev->dev, "Error %d mapping CVIC\n", rc);
goto err_free;
}
rc = of_property_read_u32(np, "copro-sw-interrupts",
&master->cvic_sw_irq);
+ of_node_put(np);
if (rc) {
dev_err(&pdev->dev, "Can't find coprocessor SW interrupt\n");
goto err_free;
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 836/862] dmaengine: dw-edma: Remove runtime PM support
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (834 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 835/862] fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 837/862] usb: typec: ucsi: Dont warn on probe deferral Greg Kroah-Hartman
` (40 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Frank Li,
Manivannan Sadhasivam, Vinod Koul, Sasha Levin
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit a0188eb6e71c93ab7dd9bfa4305fac43c70db309 ]
Currently, the dw-edma driver enables the runtime_pm for parent device
(chip->dev) and increments/decrements the refcount during alloc/free
chan resources callbacks.
This leads to a problem when the eDMA driver has been probed, but the
channels were not used. This scenario can happen when the DW PCIe driver
probes eDMA driver successfully, but the PCI EPF driver decides not to
use eDMA channels and use iATU instead for PCI transfers.
In this case, the underlying device would be runtime suspended due to
pm_runtime_enable() in dw_edma_probe() and the PCI EPF driver would have
no knowledge of it.
Ideally, the eDMA driver should not be the one doing the runtime PM of
the parent device. The responsibility should instead belong to the client
drivers like PCI EPF.
So let's remove the runtime PM support from eDMA driver.
Cc: Serge Semin <fancer.lancer@gmail.com>
Cc: Frank Li <Frank.Li@nxp.com>
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20220910054700.12205-1-manivannan.sadhasivam@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/dw-edma/dw-edma-core.c | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/drivers/dma/dw-edma/dw-edma-core.c b/drivers/dma/dw-edma/dw-edma-core.c
index 07f756479663..c54b24ff5206 100644
--- a/drivers/dma/dw-edma/dw-edma-core.c
+++ b/drivers/dma/dw-edma/dw-edma-core.c
@@ -9,7 +9,6 @@
#include <linux/module.h>
#include <linux/device.h>
#include <linux/kernel.h>
-#include <linux/pm_runtime.h>
#include <linux/dmaengine.h>
#include <linux/err.h>
#include <linux/interrupt.h>
@@ -682,15 +681,12 @@ static int dw_edma_alloc_chan_resources(struct dma_chan *dchan)
if (chan->status != EDMA_ST_IDLE)
return -EBUSY;
- pm_runtime_get(chan->dw->chip->dev);
-
return 0;
}
static void dw_edma_free_chan_resources(struct dma_chan *dchan)
{
unsigned long timeout = jiffies + msecs_to_jiffies(5000);
- struct dw_edma_chan *chan = dchan2dw_edma_chan(dchan);
int ret;
while (time_before(jiffies, timeout)) {
@@ -703,8 +699,6 @@ static void dw_edma_free_chan_resources(struct dma_chan *dchan)
cpu_relax();
}
-
- pm_runtime_put(chan->dw->chip->dev);
}
static int dw_edma_channel_setup(struct dw_edma *dw, bool write,
@@ -977,9 +971,6 @@ int dw_edma_probe(struct dw_edma_chip *chip)
if (err)
goto err_irq_free;
- /* Power management */
- pm_runtime_enable(dev);
-
/* Turn debugfs on */
dw_edma_v0_core_debugfs_on(dw);
@@ -1009,9 +1000,6 @@ int dw_edma_remove(struct dw_edma_chip *chip)
for (i = (dw->nr_irqs - 1); i >= 0; i--)
free_irq(chip->ops->irq_vector(dev, i), &dw->irq[i]);
- /* Power management */
- pm_runtime_disable(dev);
-
/* Deregister eDMA device */
dma_async_device_unregister(&dw->wr_edma);
list_for_each_entry_safe(chan, _chan, &dw->wr_edma.channels,
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 837/862] usb: typec: ucsi: Dont warn on probe deferral
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (835 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 836/862] dmaengine: dw-edma: Remove runtime PM support Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 838/862] clk: bcm2835: Round UART input clock up Greg Kroah-Hartman
` (39 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wayne Chang, Heikki Krogerus, Sasha Levin
From: Wayne Chang <waynec@nvidia.com>
[ Upstream commit fce703a991b7e8c7e1371de95b9abaa832ecf9c3 ]
Deferred probe is an expected return value for fwnode_usb_role_switch_get().
Given that the driver deals with it properly, there's no need to output a
warning that may potentially confuse users.
--
V2 -> V3: remove the Fixes and Cc
V1 -> V2: adjust the coding style for better reading format.
drivers/usb/typec/ucsi/ucsi.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
Signed-off-by: Wayne Chang <waynec@nvidia.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20220927134512.2651067-1-waynec@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/ucsi/ucsi.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c
index 6364f0d467ea..74fb5a4c6f21 100644
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -1067,11 +1067,9 @@ static int ucsi_register_port(struct ucsi *ucsi, int index)
cap->fwnode = ucsi_find_fwnode(con);
con->usb_role_sw = fwnode_usb_role_switch_get(cap->fwnode);
- if (IS_ERR(con->usb_role_sw)) {
- dev_err(ucsi->dev, "con%d: failed to get usb role switch\n",
- con->num);
- return PTR_ERR(con->usb_role_sw);
- }
+ if (IS_ERR(con->usb_role_sw))
+ return dev_err_probe(ucsi->dev, PTR_ERR(con->usb_role_sw),
+ "con%d: failed to get usb role switch\n", con->num);
/* Delay other interactions with the con until registration is complete */
mutex_lock(&con->lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 838/862] clk: bcm2835: Round UART input clock up
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (836 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 837/862] usb: typec: ucsi: Dont warn on probe deferral Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 839/862] perf: Skip and warn on unknown format configN attrs Greg Kroah-Hartman
` (38 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Ivan T. Ivanov,
Stefan Wahren, Stephen Boyd, Sasha Levin
From: Ivan T. Ivanov <iivanov@suse.de>
[ Upstream commit f690a4d7a8f66430662975511c86819dc9965bcc ]
It was reported that RPi3[1] and RPi Zero 2W boards have issues with
the Bluetooth. It turns out that when switching from initial to
operation speed host and device no longer can talk each other because
host uses incorrect UART baud rate.
The UART driver used in this case is amba-pl011. Original fix, see
below Github link[2], was inside pl011 module, but somehow it didn't
look as the right place to fix. Beside that this original rounding
function is not exactly perfect for all possible clock values. So I
deiced to move the hack to the platform which actually need it.
The UART clock is initialised to be as close to the requested
frequency as possible without exceeding it. Now that there is a
clock manager that returns the actual frequencies, an expected
48MHz clock is reported as 47999625. If the requested baud rate
== requested clock/16, there is no headroom and the slight
reduction in actual clock rate results in failure.
If increasing a clock by less than 0.1% changes it from ..999..
to ..000.., round it up.
[1] https://bugzilla.suse.com/show_bug.cgi?id=1188238
[2] https://github.com/raspberrypi/linux/commit/ab3f1b39537f6d3825b8873006fbe2fc5ff057b7
Cc: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Ivan T. Ivanov <iivanov@suse.de>
Reviewed-by: Stefan Wahren <stefan.wahren@i2se.com>
Link: https://lore.kernel.org/r/20220912081306.24662-1-iivanov@suse.de
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index f1102b4c7e88..e74fe6219d14 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -30,6 +30,7 @@
#include <linux/debugfs.h>
#include <linux/delay.h>
#include <linux/io.h>
+#include <linux/math.h>
#include <linux/module.h>
#include <linux/of_device.h>
#include <linux/platform_device.h>
@@ -502,6 +503,8 @@ struct bcm2835_clock_data {
bool low_jitter;
u32 tcnt_mux;
+
+ bool round_up;
};
struct bcm2835_gate_data {
@@ -993,12 +996,34 @@ static unsigned long bcm2835_clock_rate_from_divisor(struct bcm2835_clock *clock
return temp;
}
+static unsigned long bcm2835_round_rate(unsigned long rate)
+{
+ unsigned long scaler;
+ unsigned long limit;
+
+ limit = rate / 100000;
+
+ scaler = 1;
+ while (scaler < limit)
+ scaler *= 10;
+
+ /*
+ * If increasing a clock by less than 0.1% changes it
+ * from ..999.. to ..000.., round up.
+ */
+ if ((rate + scaler - 1) / scaler % 1000 == 0)
+ rate = roundup(rate, scaler);
+
+ return rate;
+}
+
static unsigned long bcm2835_clock_get_rate(struct clk_hw *hw,
unsigned long parent_rate)
{
struct bcm2835_clock *clock = bcm2835_clock_from_hw(hw);
struct bcm2835_cprman *cprman = clock->cprman;
const struct bcm2835_clock_data *data = clock->data;
+ unsigned long rate;
u32 div;
if (data->int_bits == 0 && data->frac_bits == 0)
@@ -1006,7 +1031,12 @@ static unsigned long bcm2835_clock_get_rate(struct clk_hw *hw,
div = cprman_read(cprman, data->div_reg);
- return bcm2835_clock_rate_from_divisor(clock, parent_rate, div);
+ rate = bcm2835_clock_rate_from_divisor(clock, parent_rate, div);
+
+ if (data->round_up)
+ rate = bcm2835_round_rate(rate);
+
+ return rate;
}
static void bcm2835_clock_wait_busy(struct bcm2835_clock *clock)
@@ -2143,7 +2173,8 @@ static const struct bcm2835_clk_desc clk_desc_array[] = {
.div_reg = CM_UARTDIV,
.int_bits = 10,
.frac_bits = 12,
- .tcnt_mux = 28),
+ .tcnt_mux = 28,
+ .round_up = true),
/* TV encoder clock. Only operating frequency is 108Mhz. */
[BCM2835_CLOCK_VEC] = REGISTER_PER_CLK(
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 839/862] perf: Skip and warn on unknown format configN attrs
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (837 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 838/862] clk: bcm2835: Round UART input clock up Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 840/862] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Greg Kroah-Hartman
` (37 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Namhyung Kim, Rob Herring, Leo Yan,
Alexander Shishkin, Ingo Molnar, James Clark, Jiri Olsa,
Mark Rutland, Peter Zijlstra, Arnaldo Carvalho de Melo
From: Rob Herring <robh@kernel.org>
commit e552b7be12ed62357df84392efa525ecb01910fb upstream.
If the kernel exposes a new perf_event_attr field in a format attr, perf
will return an error stating the specified PMU can't be found. For
example, a format attr with 'config3:0-63' causes an error as config3 is
unknown to perf. This causes a compatibility issue between a newer
kernel with older perf tool.
Before this change with a kernel adding 'config3' I get:
$ perf record -e arm_spe// -- true
event syntax error: 'arm_spe//'
\___ Cannot find PMU `arm_spe'. Missing kernel support?
Run 'perf list' for a list of valid events
Usage: perf record [<options>] [<command>]
or: perf record [<options>] -- <command> [<options>]
-e, --event <event> event selector. use 'perf list' to list
available events
After this change, I get:
$ perf record -e arm_spe// -- true
WARNING: 'arm_spe_0' format 'inv_event_filter' requires 'perf_event_attr::config3' which is not supported by this version of perf!
[ perf record: Woken up 2 times to write data ]
[ perf record: Captured and wrote 0.091 MB perf.data ]
To support unknown configN formats, rework the YACC implementation to
pass any config[0-9]+ format to perf_pmu__new_format() to handle with a
warning.
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Tested-by: Leo Yan <leo.yan@linaro.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@arm.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220914-arm-perf-tool-spe1-2-v2-v4-1-83c098e6212e@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/parse-events.c | 3 +++
tools/perf/util/pmu.c | 17 +++++++++++++++++
tools/perf/util/pmu.h | 2 ++
tools/perf/util/pmu.l | 2 --
tools/perf/util/pmu.y | 15 ++++-----------
5 files changed, 26 insertions(+), 13 deletions(-)
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -254,6 +254,9 @@ __add_event(struct list_head *list, int
struct perf_cpu_map *cpus = pmu ? perf_cpu_map__get(pmu->cpus) :
cpu_list ? perf_cpu_map__new(cpu_list) : NULL;
+ if (pmu)
+ perf_pmu__warn_invalid_formats(pmu);
+
if (pmu && attr->type == PERF_TYPE_RAW)
perf_pmu__warn_invalid_config(pmu, attr->config, name);
--- a/tools/perf/util/pmu.c
+++ b/tools/perf/util/pmu.c
@@ -1005,6 +1005,23 @@ err:
return NULL;
}
+void perf_pmu__warn_invalid_formats(struct perf_pmu *pmu)
+{
+ struct perf_pmu_format *format;
+
+ /* fake pmu doesn't have format list */
+ if (pmu == &perf_pmu__fake)
+ return;
+
+ list_for_each_entry(format, &pmu->format, list)
+ if (format->value >= PERF_PMU_FORMAT_VALUE_CONFIG_END) {
+ pr_warning("WARNING: '%s' format '%s' requires 'perf_event_attr::config%d'"
+ "which is not supported by this version of perf!\n",
+ pmu->name, format->name, format->value);
+ return;
+ }
+}
+
static struct perf_pmu *pmu_find(const char *name)
{
struct perf_pmu *pmu;
--- a/tools/perf/util/pmu.h
+++ b/tools/perf/util/pmu.h
@@ -17,6 +17,7 @@ enum {
PERF_PMU_FORMAT_VALUE_CONFIG,
PERF_PMU_FORMAT_VALUE_CONFIG1,
PERF_PMU_FORMAT_VALUE_CONFIG2,
+ PERF_PMU_FORMAT_VALUE_CONFIG_END,
};
#define PERF_PMU_FORMAT_BITS 64
@@ -139,6 +140,7 @@ int perf_pmu__caps_parse(struct perf_pmu
void perf_pmu__warn_invalid_config(struct perf_pmu *pmu, __u64 config,
const char *name);
+void perf_pmu__warn_invalid_formats(struct perf_pmu *pmu);
bool perf_pmu__has_hybrid(void);
int perf_pmu__match(char *pattern, char *name, char *tok);
--- a/tools/perf/util/pmu.l
+++ b/tools/perf/util/pmu.l
@@ -27,8 +27,6 @@ num_dec [0-9]+
{num_dec} { return value(10); }
config { return PP_CONFIG; }
-config1 { return PP_CONFIG1; }
-config2 { return PP_CONFIG2; }
- { return '-'; }
: { return ':'; }
, { return ','; }
--- a/tools/perf/util/pmu.y
+++ b/tools/perf/util/pmu.y
@@ -20,7 +20,7 @@ do { \
%}
-%token PP_CONFIG PP_CONFIG1 PP_CONFIG2
+%token PP_CONFIG
%token PP_VALUE PP_ERROR
%type <num> PP_VALUE
%type <bits> bit_term
@@ -47,18 +47,11 @@ PP_CONFIG ':' bits
$3));
}
|
-PP_CONFIG1 ':' bits
+PP_CONFIG PP_VALUE ':' bits
{
ABORT_ON(perf_pmu__new_format(format, name,
- PERF_PMU_FORMAT_VALUE_CONFIG1,
- $3));
-}
-|
-PP_CONFIG2 ':' bits
-{
- ABORT_ON(perf_pmu__new_format(format, name,
- PERF_PMU_FORMAT_VALUE_CONFIG2,
- $3));
+ $2,
+ $4));
}
bits:
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 840/862] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (838 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 839/862] perf: Skip and warn on unknown format configN attrs Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 841/862] perf intel-pt: Fix system_wide dummy event for hybrid Greg Kroah-Hartman
` (36 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Namhyung Kim,
Ian Rogers, Jiri Olsa, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 5a3d47071f0ced0431ef82a5fb6bd077ed9493db upstream.
uClibc segfaulted because NULL was passed as the format to fprintf().
That happened because one of the format strings was missing and
intel_pt_print_info() didn't check that before calling fprintf().
Add the missing format string, and check format is not NULL before calling
fprintf().
Fixes: 11fa7cb86b56d361 ("perf tools: Pass Intel PT information for decoding MTC and CYC")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221012082259.22394-2-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/intel-pt.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/tools/perf/util/intel-pt.c
+++ b/tools/perf/util/intel-pt.c
@@ -4033,6 +4033,7 @@ static const char * const intel_pt_info_
[INTEL_PT_SNAPSHOT_MODE] = " Snapshot mode %"PRId64"\n",
[INTEL_PT_PER_CPU_MMAPS] = " Per-cpu maps %"PRId64"\n",
[INTEL_PT_MTC_BIT] = " MTC bit %#"PRIx64"\n",
+ [INTEL_PT_MTC_FREQ_BITS] = " MTC freq bits %#"PRIx64"\n",
[INTEL_PT_TSC_CTC_N] = " TSC:CTC numerator %"PRIu64"\n",
[INTEL_PT_TSC_CTC_D] = " TSC:CTC denominator %"PRIu64"\n",
[INTEL_PT_CYC_BIT] = " CYC bit %#"PRIx64"\n",
@@ -4047,8 +4048,12 @@ static void intel_pt_print_info(__u64 *a
if (!dump_trace)
return;
- for (i = start; i <= finish; i++)
- fprintf(stdout, intel_pt_info_fmts[i], arr[i]);
+ for (i = start; i <= finish; i++) {
+ const char *fmt = intel_pt_info_fmts[i];
+
+ if (fmt)
+ fprintf(stdout, fmt, arr[i]);
+ }
}
static void intel_pt_print_info_str(const char *name, const char *str)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 841/862] perf intel-pt: Fix system_wide dummy event for hybrid
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (839 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 840/862] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 842/862] io_uring/net: refactor io_sr_msg types Greg Kroah-Hartman
` (35 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Namhyung Kim,
Ian Rogers, Jiri Olsa, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 6cef7dab3e2e5cb23a13569c3880c0532326748c upstream.
User space tasks can migrate between CPUs, so when tracing selected CPUs,
system-wide sideband is still needed, however evlist->core.has_user_cpus
is not set in the hybrid case, so check the target cpu_list instead.
Fixes: 7d189cadbeebc778 ("perf intel-pt: Track sideband system-wide when needed")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221012082259.22394-3-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/arch/x86/util/intel-pt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/arch/x86/util/intel-pt.c
+++ b/tools/perf/arch/x86/util/intel-pt.c
@@ -871,7 +871,7 @@ static int intel_pt_recording_options(st
* User space tasks can migrate between CPUs, so when tracing
* selected CPUs, sideband for all CPUs is still needed.
*/
- need_system_wide_tracking = evlist->core.has_user_cpus &&
+ need_system_wide_tracking = opts->target.cpu_list &&
!intel_pt_evsel->core.attr.exclude_user;
tracking_evsel = evlist__add_aux_dummy(evlist, need_system_wide_tracking);
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 842/862] io_uring/net: refactor io_sr_msg types
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (840 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 841/862] perf intel-pt: Fix system_wide dummy event for hybrid Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 843/862] io_uring/net: use io_sr_msg for sendzc Greg Kroah-Hartman
` (34 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit 0b048557db761d287777360a100e1d010760d209 ]
In preparation for using struct io_sr_msg for zerocopy sends, clean up
types. First, flags can be u16 as it's provided by the userspace in u16
ioprio, as well as addr_len. This saves us 4 bytes. Also use unsigned
for size and done_io, both are as well limited to u32.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/42c2639d6385b8b2181342d2af3a42d3b1c5bcd2.1662639236.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -56,21 +56,21 @@ struct io_sr_msg {
struct user_msghdr __user *umsg;
void __user *buf;
};
+ unsigned len;
+ unsigned done_io;
unsigned msg_flags;
- unsigned flags;
- size_t len;
- size_t done_io;
+ u16 flags;
};
struct io_sendzc {
struct file *file;
void __user *buf;
- size_t len;
+ unsigned len;
+ unsigned done_io;
unsigned msg_flags;
- unsigned flags;
- unsigned addr_len;
+ u16 flags;
+ u16 addr_len;
void __user *addr;
- size_t done_io;
struct io_kiocb *notif;
};
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 843/862] io_uring/net: use io_sr_msg for sendzc
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (841 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 842/862] io_uring/net: refactor io_sr_msg types Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 844/862] io_uring/net: dont lose partial send_zc on fail Greg Kroah-Hartman
` (33 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit ac9e5784bbe72f4f603d1af84760ec09bc0b5ccd ]
Reuse struct io_sr_msg for zerocopy sends, which is handy. There is
only one zerocopy specific field, namely .notif, and we have enough
space for it.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/408c5b1b2d8869e1a12da5f5a78ed72cac112149.1662639236.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -60,15 +60,7 @@ struct io_sr_msg {
unsigned done_io;
unsigned msg_flags;
u16 flags;
-};
-
-struct io_sendzc {
- struct file *file;
- void __user *buf;
- unsigned len;
- unsigned done_io;
- unsigned msg_flags;
- u16 flags;
+ /* used only for sendzc */
u16 addr_len;
void __user *addr;
struct io_kiocb *notif;
@@ -188,7 +180,7 @@ static int io_sendmsg_copy_hdr(struct io
int io_sendzc_prep_async(struct io_kiocb *req)
{
- struct io_sendzc *zc = io_kiocb_to_cmd(req, struct io_sendzc);
+ struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
struct io_async_msghdr *io;
int ret;
@@ -885,7 +877,7 @@ out_free:
void io_sendzc_cleanup(struct io_kiocb *req)
{
- struct io_sendzc *zc = io_kiocb_to_cmd(req, struct io_sendzc);
+ struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
zc->notif->flags |= REQ_F_CQE_SKIP;
io_notif_flush(zc->notif);
@@ -894,7 +886,7 @@ void io_sendzc_cleanup(struct io_kiocb *
int io_sendzc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
- struct io_sendzc *zc = io_kiocb_to_cmd(req, struct io_sendzc);
+ struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
struct io_ring_ctx *ctx = req->ctx;
struct io_kiocb *notif;
@@ -1000,7 +992,7 @@ static int io_sg_from_iter(struct sock *
int io_sendzc(struct io_kiocb *req, unsigned int issue_flags)
{
struct sockaddr_storage __address, *addr = NULL;
- struct io_sendzc *zc = io_kiocb_to_cmd(req, struct io_sendzc);
+ struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
struct msghdr msg;
struct iovec iov;
struct socket *sock;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 844/862] io_uring/net: dont lose partial send_zc on fail
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (842 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 843/862] io_uring/net: use io_sr_msg for sendzc Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 845/862] io_uring/net: rename io_sendzc() Greg Kroah-Hartman
` (32 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit 5693bcce892d7b8b15a7a92b011d3d40a023b53c ]
Partial zc send may end up in io_req_complete_failed(), which not only
would return invalid result but also mask out the notification leading
to lifetime issues.
Cc: stable@vger.kernel.org
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/5673285b5e83e6ceca323727b4ddaa584b5cc91e.1663668091.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 16 ++++++++++++++++
io_uring/net.h | 1 +
io_uring/opdef.c | 1 +
3 files changed, 18 insertions(+)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -1093,6 +1093,22 @@ void io_sendrecv_fail(struct io_kiocb *r
io_req_set_res(req, res, req->cqe.flags);
}
+void io_send_zc_fail(struct io_kiocb *req)
+{
+ struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg);
+ int res = req->cqe.res;
+
+ if (req->flags & REQ_F_PARTIAL_IO) {
+ if (req->flags & REQ_F_NEED_CLEANUP) {
+ io_notif_flush(sr->notif);
+ sr->notif = NULL;
+ req->flags &= ~REQ_F_NEED_CLEANUP;
+ }
+ res = sr->done_io;
+ }
+ io_req_set_res(req, res, req->cqe.flags);
+}
+
int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_accept *accept = io_kiocb_to_cmd(req, struct io_accept);
--- a/io_uring/net.h
+++ b/io_uring/net.h
@@ -58,6 +58,7 @@ int io_connect(struct io_kiocb *req, uns
int io_sendzc(struct io_kiocb *req, unsigned int issue_flags);
int io_sendzc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe);
void io_sendzc_cleanup(struct io_kiocb *req);
+void io_send_zc_fail(struct io_kiocb *req);
void io_netmsg_cache_free(struct io_cache_entry *entry);
#else
--- a/io_uring/opdef.c
+++ b/io_uring/opdef.c
@@ -494,6 +494,7 @@ const struct io_op_def io_op_defs[] = {
.issue = io_sendzc,
.prep_async = io_sendzc_prep_async,
.cleanup = io_sendzc_cleanup,
+ .fail = io_send_zc_fail,
#else
.prep = io_eopnotsupp_prep,
#endif
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 845/862] io_uring/net: rename io_sendzc()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (843 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 844/862] io_uring/net: dont lose partial send_zc on fail Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 846/862] io_uring/net: dont skip notifs for failed requests Greg Kroah-Hartman
` (31 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit b0e9b5517eb12fa80c72e205fe28534c2e2f39b9 ]
Simple renaming of io_sendzc*() functions in preparatio to adding
a zerocopy sendmsg variant.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/265af46829e6076dd220011b1858dc3151969226.1663668091.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 6 +++---
io_uring/net.h | 6 +++---
io_uring/opdef.c | 6 +++---
3 files changed, 9 insertions(+), 9 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -875,7 +875,7 @@ out_free:
return ret;
}
-void io_sendzc_cleanup(struct io_kiocb *req)
+void io_send_zc_cleanup(struct io_kiocb *req)
{
struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
@@ -884,7 +884,7 @@ void io_sendzc_cleanup(struct io_kiocb *
zc->notif = NULL;
}
-int io_sendzc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
+int io_send_zc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
struct io_ring_ctx *ctx = req->ctx;
@@ -989,7 +989,7 @@ static int io_sg_from_iter(struct sock *
return ret;
}
-int io_sendzc(struct io_kiocb *req, unsigned int issue_flags)
+int io_send_zc(struct io_kiocb *req, unsigned int issue_flags)
{
struct sockaddr_storage __address, *addr = NULL;
struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
--- a/io_uring/net.h
+++ b/io_uring/net.h
@@ -55,9 +55,9 @@ int io_connect_prep_async(struct io_kioc
int io_connect_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe);
int io_connect(struct io_kiocb *req, unsigned int issue_flags);
-int io_sendzc(struct io_kiocb *req, unsigned int issue_flags);
-int io_sendzc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe);
-void io_sendzc_cleanup(struct io_kiocb *req);
+int io_send_zc(struct io_kiocb *req, unsigned int issue_flags);
+int io_send_zc_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe);
+void io_send_zc_cleanup(struct io_kiocb *req);
void io_send_zc_fail(struct io_kiocb *req);
void io_netmsg_cache_free(struct io_cache_entry *entry);
--- a/io_uring/opdef.c
+++ b/io_uring/opdef.c
@@ -490,10 +490,10 @@ const struct io_op_def io_op_defs[] = {
.manual_alloc = 1,
#if defined(CONFIG_NET)
.async_size = sizeof(struct io_async_msghdr),
- .prep = io_sendzc_prep,
- .issue = io_sendzc,
+ .prep = io_send_zc_prep,
+ .issue = io_send_zc,
.prep_async = io_sendzc_prep_async,
- .cleanup = io_sendzc_cleanup,
+ .cleanup = io_send_zc_cleanup,
.fail = io_send_zc_fail,
#else
.prep = io_eopnotsupp_prep,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 846/862] io_uring/net: dont skip notifs for failed requests
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (844 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 845/862] io_uring/net: rename io_sendzc() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 847/862] io_uring/net: fix notif cqe reordering Greg Kroah-Hartman
` (30 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Stefan Metzmacher, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit 6ae91ac9a6aa7d6005c3c6d0f4d263fbab9f377f ]
We currently only add a notification CQE when the send succeded, i.e.
cqe.res >= 0. However, it'd be more robust to do buffer notifications
for failed requests as well in case drivers decide do something fanky.
Always return a buffer notification after initial prep, don't hide it.
This behaviour is better aligned with documentation and the patch also
helps the userspace to respect it.
Cc: stable@vger.kernel.org # 6.0
Suggested-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/9c8bead87b2b980fcec441b8faef52188b4a6588.1664292100.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 22 ++++++----------------
1 file changed, 6 insertions(+), 16 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -879,7 +879,6 @@ void io_send_zc_cleanup(struct io_kiocb
{
struct io_sr_msg *zc = io_kiocb_to_cmd(req, struct io_sr_msg);
- zc->notif->flags |= REQ_F_CQE_SKIP;
io_notif_flush(zc->notif);
zc->notif = NULL;
}
@@ -996,7 +995,7 @@ int io_send_zc(struct io_kiocb *req, uns
struct msghdr msg;
struct iovec iov;
struct socket *sock;
- unsigned msg_flags, cflags;
+ unsigned msg_flags;
int ret, min_ret = 0;
sock = sock_from_file(req->file);
@@ -1064,8 +1063,6 @@ int io_send_zc(struct io_kiocb *req, uns
req->flags |= REQ_F_PARTIAL_IO;
return io_setup_async_addr(req, addr, issue_flags);
}
- if (ret < 0 && !zc->done_io)
- zc->notif->flags |= REQ_F_CQE_SKIP;
if (ret == -ERESTARTSYS)
ret = -EINTR;
req_set_fail(req);
@@ -1078,8 +1075,7 @@ int io_send_zc(struct io_kiocb *req, uns
io_notif_flush(zc->notif);
req->flags &= ~REQ_F_NEED_CLEANUP;
- cflags = ret >= 0 ? IORING_CQE_F_MORE : 0;
- io_req_set_res(req, ret, cflags);
+ io_req_set_res(req, ret, IORING_CQE_F_MORE);
return IOU_OK;
}
@@ -1096,17 +1092,11 @@ void io_sendrecv_fail(struct io_kiocb *r
void io_send_zc_fail(struct io_kiocb *req)
{
struct io_sr_msg *sr = io_kiocb_to_cmd(req, struct io_sr_msg);
- int res = req->cqe.res;
- if (req->flags & REQ_F_PARTIAL_IO) {
- if (req->flags & REQ_F_NEED_CLEANUP) {
- io_notif_flush(sr->notif);
- sr->notif = NULL;
- req->flags &= ~REQ_F_NEED_CLEANUP;
- }
- res = sr->done_io;
- }
- io_req_set_res(req, res, req->cqe.flags);
+ if (req->flags & REQ_F_PARTIAL_IO)
+ req->cqe.res = sr->done_io;
+ if (req->flags & REQ_F_NEED_CLEANUP)
+ req->cqe.flags |= IORING_CQE_F_MORE;
}
int io_accept_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 847/862] io_uring/net: fix notif cqe reordering
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (845 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 846/862] io_uring/net: dont skip notifs for failed requests Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 848/862] mm: hugetlb: fix UAF in hugetlb_handle_userfault Greg Kroah-Hartman
` (29 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
[ upstream commit 108893ddcc4d3aa0a4a02aeb02d478e997001227 ]
send zc is not restricted to !IO_URING_F_UNLOCKED anymore and so
we can't use task-tw ordering trick to order notification cqes
with requests completions. In this case leave it alone and let
io_send_zc_cleanup() flush it.
Cc: stable@vger.kernel.org
Fixes: 53bdc88aac9a2 ("io_uring/notif: order notif vs send CQEs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/0031f3a00d492e814a4a0935a2029a46d9c9ba06.1664486545.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -1073,8 +1073,14 @@ int io_send_zc(struct io_kiocb *req, uns
else if (zc->done_io)
ret = zc->done_io;
- io_notif_flush(zc->notif);
- req->flags &= ~REQ_F_NEED_CLEANUP;
+ /*
+ * If we're in io-wq we can't rely on tw ordering guarantees, defer
+ * flushing notif to io_send_zc_cleanup()
+ */
+ if (!(issue_flags & IO_URING_F_UNLOCKED)) {
+ io_notif_flush(zc->notif);
+ req->flags &= ~REQ_F_NEED_CLEANUP;
+ }
io_req_set_res(req, ret, IORING_CQE_F_MORE);
return IOU_OK;
}
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 848/862] mm: hugetlb: fix UAF in hugetlb_handle_userfault
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (846 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 847/862] io_uring/net: fix notif cqe reordering Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 849/862] net: ieee802154: return -EINVAL for unknown addr type Greg Kroah-Hartman
` (28 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Shixin, Kefeng Wang,
syzbot+193f9cee8638750b23cf, Liu Zixian, Mike Kravetz,
David Hildenbrand, John Hubbard, Muchun Song, Sidhartha Kumar,
Andrew Morton
From: Liu Shixin <liushixin2@huawei.com>
commit 958f32ce832ba781ac20e11bb2d12a9352ea28fc upstream.
The vma_lock and hugetlb_fault_mutex are dropped before handling userfault
and reacquire them again after handle_userfault(), but reacquire the
vma_lock could lead to UAF[1,2] due to the following race,
hugetlb_fault
hugetlb_no_page
/*unlock vma_lock */
hugetlb_handle_userfault
handle_userfault
/* unlock mm->mmap_lock*/
vm_mmap_pgoff
do_mmap
mmap_region
munmap_vma_range
/* clean old vma */
/* lock vma_lock again <--- UAF */
/* unlock vma_lock */
Since the vma_lock will unlock immediately after
hugetlb_handle_userfault(), let's drop the unneeded lock and unlock in
hugetlb_handle_userfault() to fix the issue.
[1] https://lore.kernel.org/linux-mm/000000000000d5e00a05e834962e@google.com/
[2] https://lore.kernel.org/linux-mm/20220921014457.1668-1-liuzixian4@huawei.com/
Link: https://lkml.kernel.org/r/20220923042113.137273-1-liushixin2@huawei.com
Fixes: 1a1aad8a9b7b ("userfaultfd: hugetlbfs: add userfaultfd hugetlb hook")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Reported-by: syzbot+193f9cee8638750b23cf@syzkaller.appspotmail.com
Reported-by: Liu Zixian <liuzixian4@huawei.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Sidhartha Kumar <sidhartha.kumar@oracle.com>
Cc: <stable@vger.kernel.org> [4.14+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 37 +++++++++++++++++--------------------
1 file changed, 17 insertions(+), 20 deletions(-)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5482,7 +5482,6 @@ static inline vm_fault_t hugetlb_handle_
unsigned long addr,
unsigned long reason)
{
- vm_fault_t ret;
u32 hash;
struct vm_fault vmf = {
.vma = vma,
@@ -5500,18 +5499,14 @@ static inline vm_fault_t hugetlb_handle_
};
/*
- * hugetlb_fault_mutex and i_mmap_rwsem must be
- * dropped before handling userfault. Reacquire
- * after handling fault to make calling code simpler.
+ * vma_lock and hugetlb_fault_mutex must be dropped before handling
+ * userfault. Also mmap_lock will be dropped during handling
+ * userfault, any vma operation should be careful from here.
*/
hash = hugetlb_fault_mutex_hash(mapping, idx);
mutex_unlock(&hugetlb_fault_mutex_table[hash]);
i_mmap_unlock_read(mapping);
- ret = handle_userfault(&vmf, reason);
- i_mmap_lock_read(mapping);
- mutex_lock(&hugetlb_fault_mutex_table[hash]);
-
- return ret;
+ return handle_userfault(&vmf, reason);
}
static vm_fault_t hugetlb_no_page(struct mm_struct *mm,
@@ -5529,6 +5524,7 @@ static vm_fault_t hugetlb_no_page(struct
spinlock_t *ptl;
unsigned long haddr = address & huge_page_mask(h);
bool new_page, new_pagecache_page = false;
+ u32 hash = hugetlb_fault_mutex_hash(mapping, idx);
/*
* Currently, we are forced to kill the process in the event the
@@ -5539,7 +5535,7 @@ static vm_fault_t hugetlb_no_page(struct
if (is_vma_resv_set(vma, HPAGE_RESV_UNMAPPED)) {
pr_warn_ratelimited("PID %d killed due to inadequate hugepage pool\n",
current->pid);
- return ret;
+ goto out;
}
/*
@@ -5556,12 +5552,10 @@ retry:
page = find_lock_page(mapping, idx);
if (!page) {
/* Check for page in userfault range */
- if (userfaultfd_missing(vma)) {
- ret = hugetlb_handle_userfault(vma, mapping, idx,
+ if (userfaultfd_missing(vma))
+ return hugetlb_handle_userfault(vma, mapping, idx,
flags, haddr, address,
VM_UFFD_MISSING);
- goto out;
- }
page = alloc_huge_page(vma, haddr, 0);
if (IS_ERR(page)) {
@@ -5621,10 +5615,9 @@ retry:
if (userfaultfd_minor(vma)) {
unlock_page(page);
put_page(page);
- ret = hugetlb_handle_userfault(vma, mapping, idx,
+ return hugetlb_handle_userfault(vma, mapping, idx,
flags, haddr, address,
VM_UFFD_MINOR);
- goto out;
}
}
@@ -5682,6 +5675,8 @@ retry:
unlock_page(page);
out:
+ mutex_unlock(&hugetlb_fault_mutex_table[hash]);
+ i_mmap_unlock_read(mapping);
return ret;
backout:
@@ -5780,11 +5775,13 @@ vm_fault_t hugetlb_fault(struct mm_struc
entry = huge_ptep_get(ptep);
/* PTE markers should be handled the same way as none pte */
- if (huge_pte_none_mostly(entry)) {
- ret = hugetlb_no_page(mm, vma, mapping, idx, address, ptep,
+ if (huge_pte_none_mostly(entry))
+ /*
+ * hugetlb_no_page will drop vma lock and hugetlb fault
+ * mutex internally, which make us return immediately.
+ */
+ return hugetlb_no_page(mm, vma, mapping, idx, address, ptep,
entry, flags);
- goto out_mutex;
- }
ret = 0;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 849/862] net: ieee802154: return -EINVAL for unknown addr type
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (847 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 848/862] mm: hugetlb: fix UAF in hugetlb_handle_userfault Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 850/862] ALSA: usb-audio: Fix last interface check for registration Greg Kroah-Hartman
` (27 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David S. Miller
From: Alexander Aring <aahringo@redhat.com>
commit 30393181fdbc1608cc683b4ee99dcce05ffcc8c7 upstream.
This patch adds handling to return -EINVAL for an unknown addr type. The
current behaviour is to return 0 as successful but the size of an
unknown addr type is not defined and should return an error like -EINVAL.
Fixes: 94160108a70c ("net/ieee802154: fix uninit value bug in dgram_sendmsg")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/ieee802154_netdev.h | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/include/net/ieee802154_netdev.h
+++ b/include/net/ieee802154_netdev.h
@@ -185,21 +185,27 @@ static inline int
ieee802154_sockaddr_check_size(struct sockaddr_ieee802154 *daddr, int len)
{
struct ieee802154_addr_sa *sa;
+ int ret = 0;
sa = &daddr->addr;
if (len < IEEE802154_MIN_NAMELEN)
return -EINVAL;
switch (sa->addr_type) {
+ case IEEE802154_ADDR_NONE:
+ break;
case IEEE802154_ADDR_SHORT:
if (len < IEEE802154_NAMELEN_SHORT)
- return -EINVAL;
+ ret = -EINVAL;
break;
case IEEE802154_ADDR_LONG:
if (len < IEEE802154_NAMELEN_LONG)
- return -EINVAL;
+ ret = -EINVAL;
+ break;
+ default:
+ ret = -EINVAL;
break;
}
- return 0;
+ return ret;
}
static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a,
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 850/862] ALSA: usb-audio: Fix last interface check for registration
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (848 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 849/862] net: ieee802154: return -EINVAL for unknown addr type Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 851/862] blk-wbt: fix that rwb->wc is always set to 1 in wbt_init() Greg Kroah-Hartman
` (26 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 39efc9c8a973ddff5918191525d1679d0fb368ea upstream.
The recent fix in commit 6392dcd1d0c7 ("ALSA: usb-audio: Register card
at the last interface") tried to delay the card registration until the
last found interface is probed. It assumed that the probe callback
gets called for those later interfaces, but it's not always true; as
the driver loops over the descriptor and probes the matching ones,
it's not separately called via multiple probe calls. This results in
the missing card registration, i.e. no sound device.
For addressing this problem, replace the check whether the last
interface is processed with usb_interface_claimed() instead of the
comparison with the probe interface number.
Fixes: 6392dcd1d0c7 ("ALSA: usb-audio: Register card at the last interface")
Link: https://lore.kernel.org/r/20220915085947.7922-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/card.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -884,7 +884,7 @@ static int usb_audio_probe(struct usb_in
* one given via option
*/
if (check_delayed_register_option(chip) == ifnum ||
- chip->last_iface == ifnum) {
+ usb_interface_claimed(usb_ifnum_to_if(dev, chip->last_iface))) {
err = snd_card_register(chip->card);
if (err < 0)
goto __error;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 851/862] blk-wbt: fix that rwb->wc is always set to 1 in wbt_init()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (849 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 850/862] ALSA: usb-audio: Fix last interface check for registration Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 852/862] net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses Greg Kroah-Hartman
` (25 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Yu Kuai, Ming Lei,
Jens Axboe
From: Yu Kuai <yukuai3@huawei.com>
commit 285febabac4a16655372d23ff43e89ff6f216691 upstream.
commit 8c5035dfbb94 ("blk-wbt: call rq_qos_add() after wb_normal is
initialized") moves wbt_set_write_cache() before rq_qos_add(), which
is wrong because wbt_rq_qos() is still NULL.
Fix the problem by removing wbt_set_write_cache() and setting 'rwb->wc'
directly. Noted that this patch also remove the redundant setting of
'rab->wc'.
Fixes: 8c5035dfbb94 ("blk-wbt: call rq_qos_add() after wb_normal is initialized")
Reported-by: kernel test robot <yujie.liu@intel.com>
Link: https://lore.kernel.org/r/202210081045.77ddf59b-yujie.liu@intel.com
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20221009101038.1692875-1-yukuai1@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-wbt.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/block/blk-wbt.c
+++ b/block/blk-wbt.c
@@ -841,12 +841,11 @@ int wbt_init(struct request_queue *q)
rwb->last_comp = rwb->last_issue = jiffies;
rwb->win_nsec = RWB_WINDOW_NSEC;
rwb->enable_state = WBT_STATE_ON_DEFAULT;
- rwb->wc = 1;
+ rwb->wc = test_bit(QUEUE_FLAG_WC, &q->queue_flags);
rwb->rq_depth.default_depth = RWB_DEF_DEPTH;
rwb->min_lat_nsec = wbt_default_latency_nsec(q);
wbt_queue_depth_changed(&rwb->rqos);
- wbt_set_write_cache(q, test_bit(QUEUE_FLAG_WC, &q->queue_flags));
/*
* Assign rwb and add the stats callback.
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 852/862] net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (850 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 851/862] blk-wbt: fix that rwb->wc is always set to 1 in wbt_init() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 853/862] Revert "drm/amd/display: correct hostvm flag" Greg Kroah-Hartman
` (24 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Grygorii Strashko,
Ravi Gunasekaran, Eric Dumazet, Paolo Abeni, Naresh Kamboju,
Sudip Mukherjee (Codethink),
Jakub Kicinski
From: Randy Dunlap <rdunlap@infradead.org>
commit 35bbe652c421037822aba29423f5f1f7d0d69f3f upstream.
davinci_mdio.c uses mdio bitbang APIs, so it should select
MDIO_BITBANG to prevent build errors.
arm-linux-gnueabi-ld: drivers/net/ethernet/ti/davinci_mdio.o: in function `davinci_mdio_remove':
drivers/net/ethernet/ti/davinci_mdio.c:649: undefined reference to `free_mdio_bitbang'
arm-linux-gnueabi-ld: drivers/net/ethernet/ti/davinci_mdio.o: in function `davinci_mdio_probe':
drivers/net/ethernet/ti/davinci_mdio.c:545: undefined reference to `alloc_mdio_bitbang'
arm-linux-gnueabi-ld: drivers/net/ethernet/ti/davinci_mdio.o: in function `davinci_mdiobb_read':
drivers/net/ethernet/ti/davinci_mdio.c:236: undefined reference to `mdiobb_read'
arm-linux-gnueabi-ld: drivers/net/ethernet/ti/davinci_mdio.o: in function `davinci_mdiobb_write':
drivers/net/ethernet/ti/davinci_mdio.c:253: undefined reference to `mdiobb_write'
Fixes: d04807b80691 ("net: ethernet: ti: davinci_mdio: Add workaround for errata i2329")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Grygorii Strashko <grygorii.strashko@ti.com>
Cc: Ravi Gunasekaran <r-gunasekaran@ti.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Naresh Kamboju <naresh.kamboju@linaro.org>
Cc: Sudip Mukherjee (Codethink) <sudipm.mukherjee@gmail.com>
Link: https://lore.kernel.org/r/20220824024216.4939-1-rdunlap@infradead.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ti/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/ti/Kconfig
+++ b/drivers/net/ethernet/ti/Kconfig
@@ -33,6 +33,7 @@ config TI_DAVINCI_MDIO
tristate "TI DaVinci MDIO Support"
depends on ARCH_DAVINCI || ARCH_OMAP2PLUS || ARCH_KEYSTONE || ARCH_K3 || COMPILE_TEST
select PHYLIB
+ select MDIO_BITBANG
help
This driver supports TI's DaVinci MDIO module.
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 853/862] Revert "drm/amd/display: correct hostvm flag"
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (851 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 852/862] net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 854/862] Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Greg Kroah-Hartman
` (23 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sherry Wang, Hamza Mahfooz, Aric Cyr,
Alex Deucher
From: Aric Cyr <aric.cyr@amd.com>
commit 96ab3cb3b0f862308a03046d01d66c7b4154846b upstream.
This reverts commit 796d6a37ff5ffaf9f2dc0f3f4bf9f4a1034c00de.
4K144 resolution isn't available on DCN31.
Reviewed-by: Sherry Wang <Yao.Wang1@amd.com>
Acked-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
Signed-off-by: Aric Cyr <aric.cyr@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_resource.c
@@ -891,7 +891,7 @@ static const struct dc_debug_options deb
.optimize_edp_link_rate = true,
.enable_sw_cntl_psr = true,
.enable_z9_disable_interface = true, /* Allow support for the PMFW interface for disable Z9*/
- .dml_hostvm_override = DML_HOSTVM_NO_OVERRIDE,
+ .dml_hostvm_override = DML_HOSTVM_OVERRIDE_FALSE,
};
static const struct dc_debug_options debug_defaults_diags = {
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 854/862] Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (852 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 853/862] Revert "drm/amd/display: correct hostvm flag" Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 855/862] net/ieee802154: dont warn zero-sized raw_sendmsg() Greg Kroah-Hartman
` (22 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Aring, Stefan Schmidt, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 2eb2756f6c9e9621e022d78321ce40a62c4520b5 ]
This reverts commit 3a4d061c699bd3eedc80dc97a4b2a2e1af83c6f5.
There is a v2 which does return zero if zero length is given.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20221005014750.3685555-1-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ieee802154/socket.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index cbd0e2ac4ffe..7889e1ef7fad 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -251,9 +251,6 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
return -EOPNOTSUPP;
}
- if (!size)
- return -EINVAL;
-
lock_sock(sk);
if (!sk->sk_bound_dev_if)
dev = dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154);
--
2.35.1
^ permalink raw reply related [flat|nested] 899+ messages in thread
* [PATCH 6.0 855/862] net/ieee802154: dont warn zero-sized raw_sendmsg()
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (853 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 854/862] Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 856/862] powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context Greg Kroah-Hartman
` (21 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Alexander Aring, Stefan Schmidt, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit b12e924a2f5b960373459c8f8a514f887adf5cac ]
syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1],
for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is hitting
__dev_queue_xmit() with skb->len == 0.
Since PF_IEEE802154 socket's zero-sized raw_sendmsg() request was
able to return 0, don't call __dev_queue_xmit() if packet length is 0.
----------
#include <sys/socket.h>
#include <netinet/in.h>
int main(int argc, char *argv[])
{
struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) };
struct iovec iov = { };
struct msghdr hdr = { .msg_name = &addr, .msg_namelen = sizeof(addr), .msg_iov = &iov, .msg_iovlen = 1 };
sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), &hdr, 0);
return 0;
}
----------
Note that this might be a sign that commit fd1894224407c484 ("bpf: Don't
redirect packets with invalid pkt_len") should be reverted, for
skb->len == 0 was acceptable for at least PF_IEEE802154 socket.
Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4 [1]
Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@syzkaller.appspotmail.com>
Fixes: fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20221005014750.3685555-2-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ieee802154/socket.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -272,6 +272,10 @@ static int raw_sendmsg(struct sock *sk,
err = -EMSGSIZE;
goto out_dev;
}
+ if (!size) {
+ err = 0;
+ goto out_dev;
+ }
hlen = LL_RESERVED_SPACE(dev);
tlen = dev->needed_tailroom;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 856/862] powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (854 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 855/862] net/ieee802154: dont warn zero-sized raw_sendmsg() Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 857/862] drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n Greg Kroah-Hartman
` (20 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sachin Sant, Guenter Roeck,
Nicholas Piggin, Michael Ellerman
From: Nicholas Piggin <npiggin@gmail.com>
commit a4cb3651a174366cc85a677da9e3681fbe97fdae upstream.
It's possible for an interrupt returning to an irqs-disabled context to
lose a pending soft-masked irq because it branches to part of the exit
code for irqs-enabled contexts, which is meant to clear only the
PACA_IRQS_HARD_DIS flag from PACAIRQHAPPENED by zeroing the byte. This
just looks like a simple thinko from a recent commit (if there was no
hard mask pending, there would be no reason to clear it anyway).
This also adds comment to the code that actually does need to clear the
flag.
Fixes: e485f6c751e0a ("powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending")
Reported-by: Sachin Sant <sachinp@linux.ibm.com>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221013064418.1311104-1-npiggin@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/interrupt_64.S | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--- a/arch/powerpc/kernel/interrupt_64.S
+++ b/arch/powerpc/kernel/interrupt_64.S
@@ -571,7 +571,7 @@ _ASM_NOKPROBE_SYMBOL(interrupt_return_\s
beq .Lfast_kernel_interrupt_return_\srr\() // EE already disabled
lbz r11,PACAIRQHAPPENED(r13)
andi. r10,r11,PACA_IRQ_MUST_HARD_MASK
- beq 1f // No HARD_MASK pending
+ beq .Lfast_kernel_interrupt_return_\srr\() // No HARD_MASK pending
/* Must clear MSR_EE from _MSR */
#ifdef CONFIG_PPC_BOOK3S
@@ -588,12 +588,23 @@ _ASM_NOKPROBE_SYMBOL(interrupt_return_\s
b .Lfast_kernel_interrupt_return_\srr\()
.Linterrupt_return_\srr\()_soft_enabled:
+ /*
+ * In the soft-enabled case, need to double-check that we have no
+ * pending interrupts that might have come in before we reached the
+ * restart section of code, and restart the exit so those can be
+ * handled.
+ *
+ * If there are none, it is be possible that the interrupt still
+ * has PACA_IRQ_HARD_DIS set, which needs to be cleared for the
+ * interrupted context. This clear will not clobber a new pending
+ * interrupt coming in, because we're in the restart section, so
+ * such would return to the restart location.
+ */
#ifdef CONFIG_PPC_BOOK3S
lbz r11,PACAIRQHAPPENED(r13)
andi. r11,r11,(~PACA_IRQ_HARD_DIS)@l
bne- interrupt_return_\srr\()_kernel_restart
#endif
-1:
li r11,0
stb r11,PACAIRQHAPPENED(r13) // clear the possible HARD_DIS
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 857/862] drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (855 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 856/862] powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 858/862] io_uring: fix fdinfo sqe offsets calculation Greg Kroah-Hartman
` (19 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Linus Torvalds
From: Nathan Chancellor <nathan@kernel.org>
commit 2130b87b2273389cafe6765bf09ef564cda01407 upstream.
After commit 8799c0be89eb ("drm/amd/display: Fix vblank refcount in vrr
transition"), a build with CONFIG_DEBUG_FS=n is broken due to a
misplaced brace, along the lines of:
In file included from drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_trace.h:39,
from drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:41:
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c: At top level:
./include/drm/drm_atomic.h:864:9: error: expected identifier or ‘(’ before ‘for’
864 | for ((__i) = 0; \
| ^~~
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8317:9: note: in expansion of macro ‘for_each_new_crtc_in_state’
8317 | for_each_new_crtc_in_state(state, crtc, new_crtc_state, j)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
Move the brace within the #ifdef so that the file can be built with or
without CONFIG_DEBUG_FS.
Fixes: 8799c0be89eb ("drm/amd/display: Fix vblank refcount in vrr transition")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -8329,8 +8329,8 @@ static void amdgpu_dm_atomic_commit_tail
crtc, dm_new_crtc_state, cur_crc_src))
DRM_DEBUG_DRIVER("Failed to configure crc source");
}
-#endif
}
+#endif
}
for_each_new_crtc_in_state(state, crtc, new_crtc_state, j)
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 858/862] io_uring: fix fdinfo sqe offsets calculation
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (856 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 857/862] drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 859/862] io_uring/rw: ensure kiocb_end_write() is always called Greg Kroah-Hartman
` (18 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Jens Axboe,
syzbot+e5198737e8a2d23d958c
From: Pavel Begunkov <asml.silence@gmail.com>
commit 00927931cb630bbf8edb6d7f4dadb25139fc5e16 upstream.
Only with the big sqe feature they take 128 bytes per entry, but we
unconditionally advance by 128B. Fix it by using sq_shift.
Fixes: 3b8fdd1dc35e3 ("io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128")
Reported-and-tested-by: syzbot+e5198737e8a2d23d958c@syzkaller.appspotmail.com
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/8b41287cb75d5efb8fcb5cccde845ddbbadd8372.1665449983.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/fdinfo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/io_uring/fdinfo.c
+++ b/io_uring/fdinfo.c
@@ -95,7 +95,7 @@ static __cold void __io_uring_show_fdinf
sq_idx = READ_ONCE(ctx->sq_array[entry & sq_mask]);
if (sq_idx > sq_mask)
continue;
- sqe = &ctx->sq_sqes[sq_idx << 1];
+ sqe = &ctx->sq_sqes[sq_idx << sq_shift];
seq_printf(m, "%5u: opcode:%s, fd:%d, flags:%x, off:%llu, "
"addr:0x%llx, rw_flags:0x%x, buf_index:%d "
"user_data:%llu",
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 859/862] io_uring/rw: ensure kiocb_end_write() is always called
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (857 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 858/862] io_uring: fix fdinfo sqe offsets calculation Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 860/862] Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 Greg Kroah-Hartman
` (17 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dave Chinner, Jens Axboe
From: Jens Axboe <axboe@kernel.dk>
commit 2ec33a6c3cca9fe2465e82050c81f5ffdc508b36 upstream.
A previous commit moved the notifications and end-write handling, but
it is now missing a few spots where we also want to call both of those.
Without that, we can potentially be missing file notifications, and
more importantly, have an imbalance in the super_block writers sem
accounting.
Fixes: b000145e9907 ("io_uring/rw: defer fsnotify calls to task context")
Reported-by: Dave Chinner <david@fromorbit.com>
Link: https://lore.kernel.org/all/20221010050319.GC2703033@dread.disaster.area/
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/rw.c | 38 +++++++++++++++++++++++++++++---------
1 file changed, 29 insertions(+), 9 deletions(-)
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -184,11 +184,34 @@ static void kiocb_end_write(struct io_ki
}
}
+/*
+ * Trigger the notifications after having done some IO, and finish the write
+ * accounting, if any.
+ */
+static void io_req_io_end(struct io_kiocb *req)
+{
+ struct io_rw *rw = io_kiocb_to_cmd(req, struct io_rw);
+
+ WARN_ON(!in_task());
+
+ if (rw->kiocb.ki_flags & IOCB_WRITE) {
+ kiocb_end_write(req);
+ fsnotify_modify(req->file);
+ } else {
+ fsnotify_access(req->file);
+ }
+}
+
static bool __io_complete_rw_common(struct io_kiocb *req, long res)
{
if (unlikely(res != req->cqe.res)) {
if ((res == -EAGAIN || res == -EOPNOTSUPP) &&
io_rw_should_reissue(req)) {
+ /*
+ * Reissue will start accounting again, finish the
+ * current cycle.
+ */
+ io_req_io_end(req);
req->flags |= REQ_F_REISSUE | REQ_F_PARTIAL_IO;
return true;
}
@@ -214,15 +237,7 @@ static inline int io_fixup_rw_res(struct
static void io_req_rw_complete(struct io_kiocb *req, bool *locked)
{
- struct io_rw *rw = io_kiocb_to_cmd(req, struct io_rw);
-
- if (rw->kiocb.ki_flags & IOCB_WRITE) {
- kiocb_end_write(req);
- fsnotify_modify(req->file);
- } else {
- fsnotify_access(req->file);
- }
-
+ io_req_io_end(req);
io_req_task_complete(req, locked);
}
@@ -267,6 +282,11 @@ static int kiocb_done(struct io_kiocb *r
req->file->f_pos = rw->kiocb.ki_pos;
if (ret >= 0 && (rw->kiocb.ki_complete == io_complete_rw)) {
if (!__io_complete_rw_common(req, ret)) {
+ /*
+ * Safe to call io_end from here as we're inline
+ * from the submission path.
+ */
+ io_req_io_end(req);
io_req_set_res(req, final_ret,
io_put_kbuf(req, issue_flags));
return IOU_OK;
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 860/862] Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (858 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 859/862] io_uring/rw: ensure kiocb_end_write() is always called Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 861/862] Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT Greg Kroah-Hartman
` (16 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Nathan Chancellor
From: Masahiro Yamada <masahiroy@kernel.org>
commit 4f001a21080ff2e2f0e1c3692f5e119aedbb3bc1 upstream.
Commit c0a5c81ca9be ("Kconfig.debug: drop GCC 5+ version check for
DWARF5") could have cleaned up the code a bit more.
"CC_IS_CLANG &&" is unneeded. No functional change is intended.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/Kconfig.debug | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -264,7 +264,7 @@ config DEBUG_INFO_DWARF_TOOLCHAIN_DEFAUL
config DEBUG_INFO_DWARF4
bool "Generate DWARF Version 4 debuginfo"
select DEBUG_INFO
- depends on !CC_IS_CLANG || (CC_IS_CLANG && (AS_IS_LLVM || (AS_IS_GNU && AS_VERSION >= 23502)))
+ depends on !CC_IS_CLANG || AS_IS_LLVM || (AS_IS_GNU && AS_VERSION >= 23502)
help
Generate DWARF v4 debug info. This requires gcc 4.5+, binutils 2.35.2
if using clang without clang's integrated assembler, and gdb 7.0+.
@@ -276,7 +276,7 @@ config DEBUG_INFO_DWARF4
config DEBUG_INFO_DWARF5
bool "Generate DWARF Version 5 debuginfo"
select DEBUG_INFO
- depends on !CC_IS_CLANG || (CC_IS_CLANG && (AS_IS_LLVM || (AS_IS_GNU && AS_VERSION >= 23502)))
+ depends on !CC_IS_CLANG || AS_IS_LLVM || (AS_IS_GNU && AS_VERSION >= 23502)
help
Generate DWARF v5 debug info. Requires binutils 2.35.2, gcc 5.0+ (gcc
5.0+ accepts the -gdwarf-5 flag but only had partial support for some
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 861/862] Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (859 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 860/862] Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 862/862] lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 Greg Kroah-Hartman
` (15 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Nathan Chancellor
From: Masahiro Yamada <masahiroy@kernel.org>
commit bb1435f3f575b5213eaf27434efa3971f51c01de upstream.
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT does not give explicit
-gdwarf-* flag. The actual DWARF version is up to the toolchain.
The combination of GCC and GAS works fine, and Clang with the integrated
assembler is good too.
The combination of Clang and GAS is tricky, but at least, the -g flag
works for Clang <=13, which defaults to DWARF v4.
Clang 14 switched its default to DWARF v5.
Now, CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT has the same issue as
addressed by commit 98cd6f521f10 ("Kconfig: allow explicit opt in to
DWARF v5").
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y for Clang >= 14 and
GAS < 2.35 produces a ton of errors like follows:
/tmp/main-c2741c.s: Assembler messages:
/tmp/main-c2741c.s:109: Error: junk at end of line, first unrecognized character is `"'
/tmp/main-c2741c.s:109: Error: file number less than one
Add 'depends on' to check toolchains.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/Kconfig.debug | 1 +
1 file changed, 1 insertion(+)
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -253,6 +253,7 @@ config DEBUG_INFO_NONE
config DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
bool "Rely on the toolchain's implicit default DWARF version"
select DEBUG_INFO
+ depends on !CC_IS_CLANG || AS_IS_LLVM || CLANG_VERSION < 140000 || (AS_IS_GNU && AS_VERSION >= 23502)
help
The implicit default version of DWARF debug info produced by a
toolchain changes over time.
^ permalink raw reply [flat|nested] 899+ messages in thread
* [PATCH 6.0 862/862] lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (860 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 861/862] Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT Greg Kroah-Hartman
@ 2022-10-19 8:35 ` Greg Kroah-Hartman
2022-10-19 12:01 ` [PATCH 6.0 000/862] 6.0.3-rc1 review Rudi Heitbaum
` (14 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 8:35 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Nick Desaulniers,
Masahiro Yamada
From: Nathan Chancellor <nathan@kernel.org>
commit 0a6de78cff600cb991f2a1b7ed376935871796a0 upstream.
When building with a RISC-V kernel with DWARF5 debug info using clang
and the GNU assembler, several instances of the following error appear:
/tmp/vgettimeofday-48aa35.s:2963: Error: non-constant .uleb128 is not supported
Dumping the .s file reveals these .uleb128 directives come from
.debug_loc and .debug_ranges:
.Ldebug_loc0:
.byte 4 # DW_LLE_offset_pair
.uleb128 .Lfunc_begin0-.Lfunc_begin0 # starting offset
.uleb128 .Ltmp1-.Lfunc_begin0 # ending offset
.byte 1 # Loc expr size
.byte 90 # DW_OP_reg10
.byte 0 # DW_LLE_end_of_list
.Ldebug_ranges0:
.byte 4 # DW_RLE_offset_pair
.uleb128 .Ltmp6-.Lfunc_begin0 # starting offset
.uleb128 .Ltmp27-.Lfunc_begin0 # ending offset
.byte 4 # DW_RLE_offset_pair
.uleb128 .Ltmp28-.Lfunc_begin0 # starting offset
.uleb128 .Ltmp30-.Lfunc_begin0 # ending offset
.byte 0 # DW_RLE_end_of_list
There is an outstanding binutils issue to support a non-constant operand
to .sleb128 and .uleb128 in GAS for RISC-V but there does not appear to
be any movement on it, due to concerns over how it would work with
linker relaxation.
To avoid these build errors, prevent DWARF5 from being selected when
using clang and an assembler that does not have support for these symbol
deltas, which can be easily checked in Kconfig with as-instr plus the
small test program from the dwz test suite from the binutils issue.
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=27215
Link: https://github.com/ClangBuiltLinux/linux/issues/1719
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/Kconfig.debug | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -231,6 +231,11 @@ config DEBUG_INFO
in the "Debug information" choice below, indicating that debug
information will be generated for build targets.
+# Clang is known to generate .{s,u}leb128 with symbol deltas with DWARF5, which
+# some targets may not support: https://sourceware.org/bugzilla/show_bug.cgi?id=27215
+config AS_HAS_NON_CONST_LEB128
+ def_bool $(as-instr,.uleb128 .Lexpr_end4 - .Lexpr_start3\n.Lexpr_start3:\n.Lexpr_end4:)
+
choice
prompt "Debug information"
depends on DEBUG_KERNEL
@@ -253,7 +258,7 @@ config DEBUG_INFO_NONE
config DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
bool "Rely on the toolchain's implicit default DWARF version"
select DEBUG_INFO
- depends on !CC_IS_CLANG || AS_IS_LLVM || CLANG_VERSION < 140000 || (AS_IS_GNU && AS_VERSION >= 23502)
+ depends on !CC_IS_CLANG || AS_IS_LLVM || CLANG_VERSION < 140000 || (AS_IS_GNU && AS_VERSION >= 23502 && AS_HAS_NON_CONST_LEB128)
help
The implicit default version of DWARF debug info produced by a
toolchain changes over time.
@@ -277,7 +282,7 @@ config DEBUG_INFO_DWARF4
config DEBUG_INFO_DWARF5
bool "Generate DWARF Version 5 debuginfo"
select DEBUG_INFO
- depends on !CC_IS_CLANG || AS_IS_LLVM || (AS_IS_GNU && AS_VERSION >= 23502)
+ depends on !CC_IS_CLANG || AS_IS_LLVM || (AS_IS_GNU && AS_VERSION >= 23502 && AS_HAS_NON_CONST_LEB128)
help
Generate DWARF v5 debug info. Requires binutils 2.35.2, gcc 5.0+ (gcc
5.0+ accepts the -gdwarf-5 flag but only had partial support for some
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?=
2022-10-19 8:32 ` [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?= Greg Kroah-Hartman
@ 2022-10-19 9:14 ` Russell King (Oracle)
2022-10-19 10:36 ` Christoph Hellwig
2022-10-19 10:39 ` Greg Kroah-Hartman
2022-10-20 1:46 ` [PATCH 6.0 659/862] ARM/dma-mappіng: dont override ->dma_coherent when set from a bus notifier Bagas Sanjaya
1 sibling, 2 replies; 899+ messages in thread
From: Russell King (Oracle) @ 2022-10-19 9:14 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Marek Behún, Christoph Hellwig, Sasha Levin
Hi Greg,
I'm seeing:
Subject: [PATCH 6.0 659/862]
=?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?=
=?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?=
in mutt, and mutt seems to be unable to decode that. Either a mutt
bug or a bug in your scripts or git...
Russell.
On Wed, Oct 19, 2022 at 10:32:26AM +0200, Greg Kroah-Hartman wrote:
> From: Christoph Hellwig <hch@lst.de>
>
> [ Upstream commit 49bc8bebae79c8516cb12f91818f3a7907e3ebce ]
>
> Commit ae626eb97376 ("ARM/dma-mapping: use dma-direct unconditionally")
> caused a regression on the mvebu platform, wherein devices that are
> dma-coherent are marked as dma-noncoherent, because although
> mvebu_hwcc_notifier() after that commit still marks then as coherent,
> the arm_coherent_dma_ops() function, which is called later, overwrites
> this setting, since it is being called from drivers/of/device.c with
> coherency parameter determined by of_dma_is_coherent(), and the
> device-trees do not declare the 'dma-coherent' property.
>
> Fix this by defaulting never clearing the dma_coherent flag in
> arm_coherent_dma_ops().
>
> Fixes: ae626eb97376 ("ARM/dma-mapping: use dma-direct unconditionally")
> Reported-by: Marek Behún <kabel@kernel.org>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
> Tested-by: Marek Behún <kabel@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> arch/arm/mm/dma-mapping.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c
> index 089c9c644cce..bfc7476f1411 100644
> --- a/arch/arm/mm/dma-mapping.c
> +++ b/arch/arm/mm/dma-mapping.c
> @@ -1769,8 +1769,16 @@ static void arm_teardown_iommu_dma_ops(struct device *dev) { }
> void arch_setup_dma_ops(struct device *dev, u64 dma_base, u64 size,
> const struct iommu_ops *iommu, bool coherent)
> {
> - dev->archdata.dma_coherent = coherent;
> - dev->dma_coherent = coherent;
> + /*
> + * Due to legacy code that sets the ->dma_coherent flag from a bus
> + * notifier we can't just assign coherent to the ->dma_coherent flag
> + * here, but instead have to make sure we only set but never clear it
> + * for now.
> + */
> + if (coherent) {
> + dev->archdata.dma_coherent = true;
> + dev->dma_coherent = true;
> + }
>
> /*
> * Don't override the dma_ops if they have already been set. Ideally
> --
> 2.35.1
>
>
>
>
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check
2022-10-19 8:30 ` [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check Greg Kroah-Hartman
@ 2022-10-19 9:15 ` Johan Hovold
2022-10-19 10:41 ` Greg Kroah-Hartman
0 siblings, 1 reply; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 9:15 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 10:30:10AM +0200, Greg Kroah-Hartman wrote:
> From: Johan Hovold <johan+linaro@kernel.org>
>
> [ Upstream commit ecd5507e72ea03659dc2cc3e4393fbf8f4e2e02a ]
>
> Make sure that the (otherwise) optional pcs_misc IO region has been
> provided in case the configuration specifies a corresponding
> initialisation table to avoid crashing with malformed device trees.
>
> Note that the related debug message is now superfluous as the region is
> only used when the configuration has a pcs_misc table.
>
> Fixes: 421c9a0e9731 ("phy: qcom: qmp: Add SDM845 PCIe QMP PHY support")
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> Link: https://lore.kernel.org/r/20220916102340.11520-2-johan+linaro@kernel.org
> Signed-off-by: Vinod Koul <vkoul@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
This was added to prevent future bugs when adding support for new
platforms and did not have a stable tag. Please drop.
> ---
> drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
> index 2d65e1f56bfc..0e0f2482827a 100644
> --- a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
> +++ b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
> @@ -2371,8 +2371,10 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
> of_device_is_compatible(dev->of_node, "qcom,ipq6018-qmp-pcie-phy"))
> qphy->pcs_misc = qphy->pcs + 0x400;
>
> - if (!qphy->pcs_misc)
> - dev_vdbg(dev, "PHY pcs_misc-reg not used\n");
> + if (!qphy->pcs_misc) {
> + if (cfg->pcs_misc_tbl || cfg->pcs_misc_tbl_sec)
> + return -EINVAL;
> + }
>
> snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
> qphy->pipe_clk = devm_get_clk_from_child(dev, np, prop_name);
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 524/862] phy: qcom-qmp-pcie: fix memleak on probe deferral
2022-10-19 8:30 ` [PATCH 6.0 524/862] phy: qcom-qmp-pcie: fix memleak on probe deferral Greg Kroah-Hartman
@ 2022-10-19 9:17 ` Johan Hovold
0 siblings, 0 replies; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 9:17 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 10:30:11AM +0200, Greg Kroah-Hartman wrote:
> From: Johan Hovold <johan+linaro@kernel.org>
>
> [ Upstream commit 4be26f695ffa458b065b7942dbff9393bf0836ea ]
>
> Switch to using the device-managed of_iomap helper to avoid leaking
> memory on probe deferral and driver unbind.
>
> Note that this helper checks for already reserved regions and may fail
> if there are multiple devices claiming the same memory.
In case of a malformed dts, the above new check can prevent the driver
from binding. Fixing tiny memory leaks on driver unbind does not
outweigh that risk and, again, the stable tag was left out on purpose.
Please drop.
> Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> Link: https://lore.kernel.org/r/20220916102340.11520-3-johan+linaro@kernel.org
> Signed-off-by: Vinod Koul <vkoul@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 34 ++++++++++++------------
> 1 file changed, 17 insertions(+), 17 deletions(-)
>
> diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
> index 0e0f2482827a..819bcd975ba4 100644
> --- a/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
> +++ b/drivers/phy/qualcomm/phy-qcom-qmp-pcie.c
> @@ -2329,17 +2329,17 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
> * For dual lane PHYs: tx2 -> 3, rx2 -> 4, pcs_misc (optional) -> 5
> * For single lane PHYs: pcs_misc (optional) -> 3.
> */
> - qphy->tx = of_iomap(np, 0);
> - if (!qphy->tx)
> - return -ENOMEM;
> + qphy->tx = devm_of_iomap(dev, np, 0, NULL);
> + if (IS_ERR(qphy->tx))
> + return PTR_ERR(qphy->tx);
>
> - qphy->rx = of_iomap(np, 1);
> - if (!qphy->rx)
> - return -ENOMEM;
> + qphy->rx = devm_of_iomap(dev, np, 1, NULL);
> + if (IS_ERR(qphy->rx))
> + return PTR_ERR(qphy->rx);
>
> - qphy->pcs = of_iomap(np, 2);
> - if (!qphy->pcs)
> - return -ENOMEM;
> + qphy->pcs = devm_of_iomap(dev, np, 2, NULL);
> + if (IS_ERR(qphy->pcs))
> + return PTR_ERR(qphy->pcs);
>
> /*
> * If this is a dual-lane PHY, then there should be registers for the
> @@ -2348,9 +2348,9 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
> * offset from the first lane.
> */
> if (cfg->is_dual_lane_phy) {
> - qphy->tx2 = of_iomap(np, 3);
> - qphy->rx2 = of_iomap(np, 4);
> - if (!qphy->tx2 || !qphy->rx2) {
> + qphy->tx2 = devm_of_iomap(dev, np, 3, NULL);
> + qphy->rx2 = devm_of_iomap(dev, np, 4, NULL);
> + if (IS_ERR(qphy->tx2) || IS_ERR(qphy->rx2)) {
> dev_warn(dev,
> "Underspecified device tree, falling back to legacy register regions\n");
>
> @@ -2360,20 +2360,20 @@ int qcom_qmp_phy_pcie_create(struct device *dev, struct device_node *np, int id,
> qphy->rx2 = qphy->rx + QMP_PHY_LEGACY_LANE_STRIDE;
>
> } else {
> - qphy->pcs_misc = of_iomap(np, 5);
> + qphy->pcs_misc = devm_of_iomap(dev, np, 5, NULL);
> }
>
> } else {
> - qphy->pcs_misc = of_iomap(np, 3);
> + qphy->pcs_misc = devm_of_iomap(dev, np, 3, NULL);
> }
>
> - if (!qphy->pcs_misc &&
> + if (IS_ERR(qphy->pcs_misc) &&
> of_device_is_compatible(dev->of_node, "qcom,ipq6018-qmp-pcie-phy"))
> qphy->pcs_misc = qphy->pcs + 0x400;
>
> - if (!qphy->pcs_misc) {
> + if (IS_ERR(qphy->pcs_misc)) {
> if (cfg->pcs_misc_tbl || cfg->pcs_misc_tbl_sec)
> - return -EINVAL;
> + return PTR_ERR(qphy->pcs_misc);
> }
>
> snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 525/862] phy: qcom-qmp-pcie-msm8996: fix memleak on probe deferral
2022-10-19 8:30 ` [PATCH 6.0 525/862] phy: qcom-qmp-pcie-msm8996: " Greg Kroah-Hartman
@ 2022-10-19 9:18 ` Johan Hovold
0 siblings, 0 replies; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 9:18 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 10:30:12AM +0200, Greg Kroah-Hartman wrote:
> From: Johan Hovold <johan+linaro@kernel.org>
>
> [ Upstream commit 1f69ededf8e80c42352e7f1c165a003614de9cc2 ]
>
> Switch to using the device-managed of_iomap helper to avoid leaking
> memory on probe deferral and driver unbind.
>
> Note that this helper checks for already reserved regions and may fail
> if there are multiple devices claiming the same memory.
Again, because of the above, this should not be backported. Please drop.
> Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> Link: https://lore.kernel.org/r/20220916102340.11520-4-johan+linaro@kernel.org
> Signed-off-by: Vinod Koul <vkoul@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 526/862] phy: qcom-qmp-combo: fix memleak on probe deferral
2022-10-19 8:30 ` [PATCH 6.0 526/862] phy: qcom-qmp-combo: " Greg Kroah-Hartman
@ 2022-10-19 9:18 ` Johan Hovold
0 siblings, 0 replies; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 9:18 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 10:30:13AM +0200, Greg Kroah-Hartman wrote:
> From: Johan Hovold <johan+linaro@kernel.org>
>
> [ Upstream commit 2de8a325b1084330ae500380cc27edc39f488c30 ]
>
> Switch to using the device-managed of_iomap helper to avoid leaking
> memory on probe deferral and driver unbind.
>
> Note that this helper checks for already reserved regions and may fail
> if there are multiple devices claiming the same memory.
Again, because of the above, this should not be backported. Please drop.
> Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> Link: https://lore.kernel.org/r/20220916102340.11520-5-johan+linaro@kernel.org
> Signed-off-by: Vinod Koul <vkoul@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 527/862] phy: qcom-qmp-ufs: fix memleak on probe deferral
2022-10-19 8:30 ` [PATCH 6.0 527/862] phy: qcom-qmp-ufs: " Greg Kroah-Hartman
@ 2022-10-19 9:18 ` Johan Hovold
0 siblings, 0 replies; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 9:18 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 10:30:14AM +0200, Greg Kroah-Hartman wrote:
> From: Johan Hovold <johan+linaro@kernel.org>
>
> [ Upstream commit ef74a97f0df8758efe4476b4645961286aa86f0d ]
>
> Switch to using the device-managed of_iomap helper to avoid leaking
> memory on probe deferral and driver unbind.
>
> Note that this helper checks for already reserved regions and may fail
> if there are multiple devices claiming the same memory.
Again, because of the above, this should not be backported. Please drop.
> Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> Link: https://lore.kernel.org/r/20220916102340.11520-6-johan+linaro@kernel.org
> Signed-off-by: Vinod Koul <vkoul@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 528/862] phy: qcom-qmp-usb: fix memleak on probe deferral
2022-10-19 8:30 ` [PATCH 6.0 528/862] phy: qcom-qmp-usb: " Greg Kroah-Hartman
@ 2022-10-19 9:19 ` Johan Hovold
0 siblings, 0 replies; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 9:19 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 10:30:15AM +0200, Greg Kroah-Hartman wrote:
> From: Johan Hovold <johan+linaro@kernel.org>
>
> [ Upstream commit a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd ]
>
> Switch to using the device-managed of_iomap helper to avoid leaking
> memory on probe deferral and driver unbind.
>
> Note that this helper checks for already reserved regions and may fail
> if there are multiple devices claiming the same memory.
Again, because of the above, this should not be backported. Please drop.
> Two bindings currently rely on overlapping mappings for the PCS region
> so fallback to non-exclusive mappings for those for now.
>
> Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
> Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> Link: https://lore.kernel.org/r/20220916102340.11520-7-johan+linaro@kernel.org
> Signed-off-by: Vinod Koul <vkoul@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 585/862] phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY
2022-10-19 8:31 ` [PATCH 6.0 585/862] phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY Greg Kroah-Hartman
@ 2022-10-19 9:20 ` Johan Hovold
0 siblings, 0 replies; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 9:20 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Dmitry Baryshkov, Johan Hovold, Vinod Koul,
Sasha Levin
On Wed, Oct 19, 2022 at 10:31:12AM +0200, Greg Kroah-Hartman wrote:
> From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
>
> [ Upstream commit 0a40891b83f257b25a2b983758f72f6813f361cb ]
>
> On SDM845 one of PCIe PHYs (the QHP one) has the same region for TX and
> RX registers. Since the commit 4be26f695ffa ("phy: qcom-qmp-pcie: fix
> memleak on probe deferral") added checking that resources are not
> allocated beforehand, this PHY can not be probed anymore. Fix this by
> skipping the map of ->rx resource on the QHP PHY and assign it manually.
>
> Fixes: 4be26f695ffa ("phy: qcom-qmp-pcie: fix memleak on probe deferral")
This one is not needed in 6.0 since the offending commit should not be
backported.
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
> Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
> Link: https://lore.kernel.org/r/20220926172514.880776-1-dmitry.baryshkov@linaro.org
> Signed-off-by: Vinod Koul <vkoul@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?=
2022-10-19 9:14 ` Russell King (Oracle)
@ 2022-10-19 10:36 ` Christoph Hellwig
2022-10-19 10:39 ` Greg Kroah-Hartman
1 sibling, 0 replies; 899+ messages in thread
From: Christoph Hellwig @ 2022-10-19 10:36 UTC (permalink / raw)
To: Russell King (Oracle)
Cc: Greg Kroah-Hartman, linux-kernel, stable, Marek Behún,
Christoph Hellwig, Sasha Levin
On Wed, Oct 19, 2022 at 10:14:11AM +0100, Russell King (Oracle) wrote:
> I'm seeing:
>
> Subject: [PATCH 6.0 659/862]
> =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?=
> =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?=
>
> in mutt, and mutt seems to be unable to decode that. Either a mutt
> bug or a bug in your scripts or git...
The real problem was me fat fingering the comments and adding a non-ASCII
"і" character instead of and "i" into the Subject. And then it somehow
went downhill from there..
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?=
2022-10-19 9:14 ` Russell King (Oracle)
2022-10-19 10:36 ` Christoph Hellwig
@ 2022-10-19 10:39 ` Greg Kroah-Hartman
1 sibling, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 10:39 UTC (permalink / raw)
To: Russell King (Oracle)
Cc: linux-kernel, stable, Marek Behún, Christoph Hellwig, Sasha Levin
On Wed, Oct 19, 2022 at 10:14:11AM +0100, Russell King (Oracle) wrote:
> Hi Greg,
>
> I'm seeing:
>
> Subject: [PATCH 6.0 659/862]
> =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?=
> =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?=
>
> in mutt, and mutt seems to be unable to decode that. Either a mutt
> bug or a bug in your scripts or git...
It's probably between git and quilt and somewhere. The issue is
that the original commit's subject line is:
ARM/dma-mappіng: don't override ->dma_coherent when set from a bus notifier
Note the 'і' character in there, which then causes git to emit a subject
line that looks like:
Subject: [PATCH] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20don't=20override=20->dm?=
=?UTF-8?q?a=5Fcoherent=20when=20set=20from=20a=20bus=20notifier?=
which is technically correct.
Then quilt comes along and adds it's own counting of the patch and
treats the whole thing as the subject and something gets confused.
Anyway, I'll go drop the funny 'і' and turn it into ascii only for the
subject line.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check
2022-10-19 9:15 ` Johan Hovold
@ 2022-10-19 10:41 ` Greg Kroah-Hartman
2022-10-19 11:28 ` Johan Hovold
0 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 10:41 UTC (permalink / raw)
To: Johan Hovold; +Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 11:15:31AM +0200, Johan Hovold wrote:
> On Wed, Oct 19, 2022 at 10:30:10AM +0200, Greg Kroah-Hartman wrote:
> > From: Johan Hovold <johan+linaro@kernel.org>
> >
> > [ Upstream commit ecd5507e72ea03659dc2cc3e4393fbf8f4e2e02a ]
> >
> > Make sure that the (otherwise) optional pcs_misc IO region has been
> > provided in case the configuration specifies a corresponding
> > initialisation table to avoid crashing with malformed device trees.
> >
> > Note that the related debug message is now superfluous as the region is
> > only used when the configuration has a pcs_misc table.
> >
> > Fixes: 421c9a0e9731 ("phy: qcom: qmp: Add SDM845 PCIe QMP PHY support")
> > Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> > Link: https://lore.kernel.org/r/20220916102340.11520-2-johan+linaro@kernel.org
> > Signed-off-by: Vinod Koul <vkoul@kernel.org>
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
>
> This was added to prevent future bugs when adding support for new
> platforms and did not have a stable tag. Please drop.
Ok, that wasn't obvious at all from the changelog :(
I'll go drop this, and the others you marked as "should not be there"
from the queue, thanks.
Maybe next time, don't use a Fixes: tag if the commit really doesn't
"fix" anything in the current kernel...
thanks,
greg k-h
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check
2022-10-19 10:41 ` Greg Kroah-Hartman
@ 2022-10-19 11:28 ` Johan Hovold
0 siblings, 0 replies; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 11:28 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Johan Hovold, Vinod Koul, Sasha Levin
On Wed, Oct 19, 2022 at 12:41:31PM +0200, Greg Kroah-Hartman wrote:
> On Wed, Oct 19, 2022 at 11:15:31AM +0200, Johan Hovold wrote:
> > On Wed, Oct 19, 2022 at 10:30:10AM +0200, Greg Kroah-Hartman wrote:
> > > From: Johan Hovold <johan+linaro@kernel.org>
> > >
> > > [ Upstream commit ecd5507e72ea03659dc2cc3e4393fbf8f4e2e02a ]
> > >
> > > Make sure that the (otherwise) optional pcs_misc IO region has been
> > > provided in case the configuration specifies a corresponding
> > > initialisation table to avoid crashing with malformed device trees.
> > >
> > > Note that the related debug message is now superfluous as the region is
> > > only used when the configuration has a pcs_misc table.
> > >
> > > Fixes: 421c9a0e9731 ("phy: qcom: qmp: Add SDM845 PCIe QMP PHY support")
> > > Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
> > > Link: https://lore.kernel.org/r/20220916102340.11520-2-johan+linaro@kernel.org
> > > Signed-off-by: Vinod Koul <vkoul@kernel.org>
> > > Signed-off-by: Sasha Levin <sashal@kernel.org>
> >
> > This was added to prevent future bugs when adding support for new
> > platforms and did not have a stable tag. Please drop.
>
> Ok, that wasn't obvious at all from the changelog :(
Ah, sorry, I misread my own patch. This one does indeed prevent a crash
with malformed devicetrees as the commit message says.
But whether that needs backporting or nor is a separate question. I'd
say either way is fine.
> I'll go drop this, and the others you marked as "should not be there"
> from the queue, thanks.
Thanks.
> Maybe next time, don't use a Fixes: tag if the commit really doesn't
> "fix" anything in the current kernel...
Sorry about the confusion. The Fixes tag is correct in this case.
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (861 preceding siblings ...)
2022-10-19 8:35 ` [PATCH 6.0 862/862] lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 Greg Kroah-Hartman
@ 2022-10-19 12:01 ` Rudi Heitbaum
2022-10-19 12:51 ` Luna Jernberg
` (13 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Rudi Heitbaum @ 2022-10-19 12:01 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On Wed, Oct 19, 2022 at 10:21:27AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
Hi Greg,
6.0.3-rc1 tested.
Run tested on:
- Intel Alder Lake x86_64 (nuc12 i7-1260P)
In addition - build tested for:
- Allwinner A64
- Allwinner H3
- Allwinner H5
- Allwinner H6
- NXP iMX6
- NXP iMX8
- Qualcomm Dragonboard
- Rockchip RK3288
- Rockchip RK3328
- Rockchip RK3399pro
- Samsung Exynos5422
Tested-by: Rudi Heitbaum <rudi@heitbaum.com>
--
Rudi
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (862 preceding siblings ...)
2022-10-19 12:01 ` [PATCH 6.0 000/862] 6.0.3-rc1 review Rudi Heitbaum
@ 2022-10-19 12:51 ` Luna Jernberg
2022-10-19 17:19 ` Fenil Jain
` (12 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Luna Jernberg @ 2022-10-19 12:51 UTC (permalink / raw)
To: Greg Kroah-Hartman, droidbittin
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
Works on my Arch Linux homeserver
with Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Tested-by: Luna Jernberg <droidbittin@gmail.com>
On 10/19/22, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
> Pseudo-Shortlog of commits:
>
> Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Linux 6.0.3-rc1
>
> Nathan Chancellor <nathan@kernel.org>
> lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to
> DWARF5
>
> Masahiro Yamada <masahiroy@kernel.org>
> Kconfig.debug: add toolchain checks for
> DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
>
> Masahiro Yamada <masahiroy@kernel.org>
> Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
>
> Jens Axboe <axboe@kernel.dk>
> io_uring/rw: ensure kiocb_end_write() is always called
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring: fix fdinfo sqe offsets calculation
>
> Nathan Chancellor <nathan@kernel.org>
> drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n
>
> Nicholas Piggin <npiggin@gmail.com>
> powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked
> context
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> net/ieee802154: don't warn zero-sized raw_sendmsg()
>
> Alexander Aring <aahringo@redhat.com>
> Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
>
> Aric Cyr <aric.cyr@amd.com>
> Revert "drm/amd/display: correct hostvm flag"
>
> Randy Dunlap <rdunlap@infradead.org>
> net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses
>
> Yu Kuai <yukuai3@huawei.com>
> blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: usb-audio: Fix last interface check for registration
>
> Alexander Aring <aahringo@redhat.com>
> net: ieee802154: return -EINVAL for unknown addr type
>
> Liu Shixin <liushixin2@huawei.com>
> mm: hugetlb: fix UAF in hugetlb_handle_userfault
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: fix notif cqe reordering
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: don't skip notifs for failed requests
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: rename io_sendzc()
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: don't lose partial send_zc on fail
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: use io_sr_msg for sendzc
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: refactor io_sr_msg types
>
> Adrian Hunter <adrian.hunter@intel.com>
> perf intel-pt: Fix system_wide dummy event for hybrid
>
> Adrian Hunter <adrian.hunter@intel.com>
> perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
>
> Rob Herring <robh@kernel.org>
> perf: Skip and warn on unknown format 'configN' attrs
>
> Ivan T. Ivanov <iivanov@suse.de>
> clk: bcm2835: Round UART input clock up
>
> Wayne Chang <waynec@nvidia.com>
> usb: typec: ucsi: Don't warn on probe deferral
>
> Manivannan Sadhasivam <mani@kernel.org>
> dmaengine: dw-edma: Remove runtime PM support
>
> Lv Ruyi <lv.ruyi@zte.com.cn>
> fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe
>
> Eddie James <eajames@linux.ibm.com>
> fsi: occ: Prevent use after free
>
> Eddie James <eajames@linux.ibm.com>
> hwmon (occ): Retry for checksum failure
>
> Keith Busch <kbusch@kernel.org>
> blk-mq: use quiesced elevator switch when reinitializing queues
>
> Dongliang Mu <mudongliangabcd@gmail.com>
> usb: idmouse: fix an uninit-value in idmouse_open
>
> Varun Prakash <varun@chelsio.com>
> nvmet-tcp: add bounds check on Transfer Tag
>
> Keith Busch <kbusch@kernel.org>
> nvme: copy firmware_rev on each init
>
> Keith Busch <kbusch@kernel.org>
> nvme: handle effects after freeing the request
>
> Jan Kara <jack@suse.cz>
> ext2: Use kvmalloc() for group descriptor array
>
> Arun Easi <aeasi@marvell.com>
> scsi: tracing: Fix compile error in trace_array calls when TRACING is
> disabled
>
> Xiaoke Wang <xkernel.wang@foxmail.com>
> staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
>
> Xiaoke Wang <xkernel.wang@foxmail.com>
> staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring: fix CQE reordering
>
> sunghwan jung <onenowy@gmail.com>
> Revert "usb: storage: Add quirk for Samsung Fit flash"
>
> Piyush Mehta <piyush.mehta@amd.com>
> usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after
> resume bug
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> usb: dwc3: core: add gfladj_refclk_lpm_sel quirk
>
> Robin Guo <guoweibin@inspur.com>
> usb: musb: Fix musb_gadget.c rxstate overflow bug
>
> Jianglei Nie <niejianglei2021@163.com>
> usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
>
> Logan Gunthorpe <logang@deltatee.com>
> md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
>
> Johnothan King <johnothanking@protonmail.com>
> HID: nintendo: check analog user calibration for plausibility
>
> Jianglei Nie <niejianglei2021@163.com>
> HSI: ssi_protocol: fix potential resource leak in ssip_pn_open()
>
> Hyunwoo Kim <imv4bel@gmail.com>
> HID: roccat: Fix use-after-free in roccat_read()
>
> Harry Stern <harry@harrystern.net>
> hid: topre: Add driver fixing report descriptor
>
> Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
> soundwire: intel: fix error handling on dai registration issues
>
> Richard Fitzgerald <rf@opensource.cirrus.com>
> soundwire: cadence: Don't overwrite msg->buf during write commands
>
> Coly Li <colyli@suse.de>
> bcache: fix set_at_max_writeback_rate() for multiple attached devices
>
> Serge Semin <Sergey.Semin@baikalelectronics.ru>
> ata: libahci_platform: Sanity check the DT child nodes number
>
> Yu Kuai <yukuai3@huawei.com>
> blk-throttle: prevent overflow while calculating wait time
>
> Nam Cao <namcaov@gmail.com>
> staging: vt6655: fix potential memory leak
>
> Wei Yongjun <weiyongjun1@huawei.com>
> power: supply: adp5061: fix out-of-bounds read in
> adp5061_get_chg_type()
>
> Michael Grzeschik <m.grzeschik@pengutronix.de>
> usb: gadget: uvc: increase worker prio to WQ_HIGHPRI
>
> Yicong Yang <yangyicong@hisilicon.com>
> iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to
> identity
>
> Shigeru Yoshida <syoshida@redhat.com>
> nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
>
> Letu Ren <fantasquex@gmail.com>
> scsi: 3w-9xxx: Avoid disabling device if failing to enable it
>
> Vaishnav Achath <vaishnav.a@ti.com>
> dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent
> overflow
>
> James Smart <jsmart2021@gmail.com>
> scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for
> GFT_ID
>
> Justin Chen <justinpopo6@gmail.com>
> usb: host: xhci-plat: suspend/resume clks for brcm
>
> Justin Chen <justinpopo6@gmail.com>
> usb: host: xhci-plat: suspend and resume clocks
>
> Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
> RDMA/rxe: Delete error messages triggered by incoming Read requests
>
> Quanyang Wang <quanyang.wang@windriver.com>
> clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
>
> Hangyu Hua <hbh25y@gmail.com>
> media: platform: fix some double free in meson-ge2d and mtk-jpeg and
> s5p-mfc
>
> Zheyu Ma <zheyuma97@gmail.com>
> media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
>
> Ian Nam <young.kwan.nam@xilinx.com>
> clk: zynqmp: Fix stack-out-of-bounds in strncpy`
>
> Alex Sverdlin <alexander.sverdlin@nokia.com>
> ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
>
> Li Huafei <lihuafei1@huawei.com>
> ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value
>
> Li Huafei <lihuafei1@huawei.com>
> ARM: 9233/1: stacktrace: Skip frame pointer boundary check for
> call_with_stack()
>
> Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
> arm64: dts: uniphier: Add USB-device support for PXs3 reference board
>
> Josef Bacik <josef@toxicpanda.com>
> btrfs: call __btrfs_remove_free_space_cache_locked on cache load
> failure
>
> Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
> btrfs: don't print information about space cache or tree every remount
>
> Qu Wenruo <wqu@suse.com>
> btrfs: scrub: try to fix super block errors
>
> Qu Wenruo <wqu@suse.com>
> btrfs: scrub: properly report super block errors in system log
>
> Qu Wenruo <wqu@suse.com>
> btrfs: dump extra info if one free space cache has more bitmaps than it
> should
>
> Arnd Bergmann <arnd@arndb.de>
> ARM: orion: fix include path
>
> Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
> arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
>
> Frieder Schrempf <frieder.schrempf@kontron.de>
> arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO
> voltage
>
> Mark Brown <broonie@kernel.org>
> kselftest/arm64: Fix validatation termination record after
> EXTRA_CONTEXT
>
> Marcel Ziswiler <marcel.ziswiler@toradex.com>
> ARM: dts: imx6sx-udoo-neo: don't use multiple blank lines
>
> Marcel Ziswiler <marcel.ziswiler@toradex.com>
> ARM: dts: imx6sl: use tabs for code indent
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> ARM: dts: imx6sx: add missing properties for sram
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> ARM: dts: imx6sll: add missing properties for sram
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> ARM: dts: imx6sl: add missing properties for sram
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> ARM: dts: imx6qp: add missing properties for sram
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> ARM: dts: imx6dl: add missing properties for sram
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> ARM: dts: imx6q: add missing properties for sram
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit
> address
>
> Haibo Chen <haibo.chen@nxp.com>
> ARM: dts: imx7d-sdb: config the max pressure for tsc2046
>
> Alexander Stein <alexander.stein@ew.tq-group.com>
> ARM: dts: imx6: delete interrupts property if interrupts-extended is
> set
>
> Felix Kuehling <Felix.Kuehling@amd.com>
> drm/amdkfd: Fix UBSAN shift-out-of-bounds warning
>
> Wenjing Liu <wenjing.liu@amd.com>
> drm/amd/display: polling vid stream status in hpo dp blank
>
> Aric Cyr <aric.cyr@amd.com>
> drm/amd/display: Remove interface for periodic interrupt 1
>
> Khaled Almahallawy <khaled.almahallawy@intel.com>
> drm/dp: Don't rewrite link config when setting phy test pattern
>
> Richard Acayan <mailingradian@gmail.com>
> mmc: sdhci-msm: add compatible string check for sdm670
>
> Adrián Larumbe <adrian.larumbe@collabora.com>
> drm/meson: remove drm bridges at aggregate driver unbind time
>
> Adrián Larumbe <adrian.larumbe@collabora.com>
> drm/meson: explicitly remove aggregate driver at module unload time
>
> Adrián Larumbe <adrian.larumbe@collabora.com>
> drm/meson: reorder driver deinit sequence to fix use-after-free bug
>
> Mario Limonciello <mario.limonciello@amd.com>
> ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table
>
> Xiaoyan Li <lxy.lixiaoyan@gmail.com>
> ASoC: amd: yc: Add ASUS UM5302TA into DMI table
>
> hongao <hongao@uniontech.com>
> drm/amdgpu: fix initial connector audio value
>
> Sherry Wang <Yao.Wang1@amd.com>
> drm/amd/display: correct hostvm flag
>
> George Shen <george.shen@amd.com>
> drm/amd/display: Fix urgent latency override for DCN32/DCN321
>
> Philip Yang <Philip.Yang@amd.com>
> drm/amdgpu: SDMA update use unlocked iterator
>
> Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
> ASoC: SOF: add quirk to override topology mclk_id
>
> Mikhail Rudenko <mike.rudenko@gmail.com>
> ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component
>
> Jairaj Arava <jairaj.arava@intel.com>
> ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
>
> Muralidhar Reddy <muralidhar.reddy@intel.com>
> ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS
>
> Hans de Goede <hdegoede@redhat.com>
> platform/x86: msi-laptop: Change DMI match / alias strings to fix module
> autoloading
>
> Jorge Lopez <jorge.lopez2@hp.com>
> platform/x86: hp-wmi: Setting thermal profile fails with 0x06
>
> Jameson Thies <jthies@google.com>
> platform/chrome: cros_ec: Notify the PM of wake events during resume
>
> Maya Matuszczyk <maccraft123mc@gmail.com>
> drm: panel-orientation-quirks: Add quirk for Aya Neo Air
>
> Maya Matuszczyk <maccraft123mc@gmail.com>
> drm: panel-orientation-quirks: Add quirk for Anbernic Win600
>
> Mateusz Kwiatkowski <kfyatek+publicgit@gmail.com>
> drm/vc4: vec: Fix timings for VEC modes
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: usb-audio: Register card at the last interface
>
> Yifan Zha <Yifan.Zha@amd.com>
> drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF
>
> Yifan Zha <Yifan.Zha@amd.com>
> drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0
>
> sunliming <sunliming@kylinos.cn>
> drm/amd/display: Fix variable dereferenced before check
>
> Lucas Stach <l.stach@pengutronix.de>
> drm: bridge: dw_hdmi: only trigger hotplug event on link change
>
> Bernard Zhao <bernard@vivo.com>
> drm/amd: fix potential memory leak
>
> Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> platform/x86: pmc_atom: Improve quirk message to be less cryptic
>
> Vivek Kasireddy <vivek.kasireddy@intel.com>
> udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
>
> Conner Knox <connerknoxpublic@gmail.com>
> ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support
>
> Cezary Rojewski <cezary.rojewski@intel.com>
> ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
>
> David Gow <davidgow@google.com>
> drm/amd/display: fix overflow on MIN_I64 definition
>
> Zeng Jingxiang <linuszeng@tencent.com>
> gpu: lontium-lt9611: Fix NULL pointer dereference in
> lt9611_connector_init()
>
> Liviu Dudau <liviu.dudau@arm.com>
> drm/komeda: Fix handling of atomic commits in the atomic_commit_tail
> hook
>
> Javier Martinez Canillas <javierm@redhat.com>
> drm: Prevent drm_copy_field() to attempt copying a NULL pointer
>
> Javier Martinez Canillas <javierm@redhat.com>
> drm: Use size_t type for len variable in drm_copy_field()
>
> Jianglei Nie <niejianglei2021@163.com>
> drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
>
> Andrew Gaul <gaul@gaul.org>
> r8152: Rate limit overflow messages
>
> Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> i2c: designware-pci: Group AMD NAVI quirk parts together
>
> Xin Liu <liuxin350@huawei.com>
> libbpf: Fix overrun in netlink attribute iteration
>
> Kees Cook <keescook@chromium.org>
> net: sched: cls_u32: Avoid memcpy() false-positive warning
>
> Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Bluetooth: L2CAP: Fix user-after-free
>
> Song Liu <song@kernel.org>
> bpf: use bpf_prog_pack for bpf_dispatcher
>
> Jiri Olsa <jolsa@kernel.org>
> bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT
>
> Liu Jian <liujian56@huawei.com>
> net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
>
> Jason A. Donenfeld <Jason@zx2c4.com>
> hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms
>
> Daniel Golle <daniel@makrotopia.org>
> wifi: rt2x00: correctly set BBP register 86 for MT7620
>
> Daniel Golle <daniel@makrotopia.org>
> wifi: rt2x00: set SoC wmac clock register
>
> Daniel Golle <daniel@makrotopia.org>
> wifi: rt2x00: set VGC gain for both chains of MT7620
>
> Daniel Golle <daniel@makrotopia.org>
> wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
>
> Daniel Golle <daniel@makrotopia.org>
> wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
>
> Ziyang Xuan <william.xuanziyang@huawei.com>
> can: bcm: check the result of can_send() in bcm_can_tx()
>
> Hou Tao <houtao1@huawei.com>
> selftests/bpf: Free the allocated resources after test case succeeds
>
> Vadim Fedorenko <vfedorenko@novek.ru>
> bnxt_en: replace reset with config timestamps
>
> Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Bluetooth: hci_event: Make sure ISO events don't affect non-ISO
> connections
>
> Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
>
> Po-Hao Huang <phhuang@realtek.com>
> wifi: rtw89: fix rx filter after scan
>
> Po-Hao Huang <phhuang@realtek.com>
> wifi: rtw89: free unused skb to prevent memory leak
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
>
> Jianglei Nie <niejianglei2021@163.com>
> wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()
>
> Patrick Rudolph <patrick.rudolph@9elements.com>
> regulator: core: Prevent integer underflow
>
> Kiran K <kiran.k@intel.com>
> Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk
>
> Alexander Coffin <alex.coffin@matician.com>
> wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
>
> Michal Jaron <michalx.jaron@intel.com>
> iavf: Fix race between iavf_close and iavf_reset_task
>
> Sergei Antonov <saproj@gmail.com>
> net: ftmac100: fix endianness-related issues from 'sparse'
>
> Zong-Zhe Yang <kevin_yang@realtek.com>
> rtw89: ser: leave lps with mutex
>
> Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
> wifi: ath11k: Register shutdown handler for WCN6750
>
> Khalid Masum <khalid.masum.92@gmail.com>
> xfrm: Update ipcomp_scratches with NULL when freed
>
> Richard Gobert <richardbgobert@gmail.com>
> net-next: Fix IP_UNICAST_IF option behavior for connected sockets
>
> Robert Hancock <robert.hancock@calian.com>
> net: axienet: Switch to 64-bit RX/TX statistics
>
> Daniel Sneddon <daniel.sneddon@linux.intel.com>
> x86/apic: Don't disable x2APIC if locked
>
> Mika Westerberg <mika.westerberg@linux.intel.com>
> thunderbolt: Add back Intel Falcon Ridge end-to-end flow control
> workaround
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
>
> Jane Chu <jane.chu@oracle.com>
> x86/mce: Retrieve poison range from hardware
>
> Johannes Berg <johannes.berg@intel.com>
> wifi: mac80211: accept STA changes without link changes
>
> Jerry Ray <jerry.ray@microchip.com>
> micrel: ksz8851: fixes struct pointer issue
>
> Eric Dumazet <edumazet@google.com>
> tcp: annotate data-race around tcp_md5sig_pool_populated
>
> Mike Pattrick <mkp@redhat.com>
> openvswitch: Fix overreporting of drops in dropwatch
>
> Mike Pattrick <mkp@redhat.com>
> openvswitch: Fix double reporting of drops in dropwatch
>
> Ravi Gunasekaran <r-gunasekaran@ti.com>
> net: ethernet: ti: davinci_mdio: Add workaround for errata i2329
>
> Quentin Monnet <quentin@isovalent.com>
> bpftool: Clear errno after libcap's checks
>
> Wright Feng <wright.feng@cypress.com>
> wifi: brcmfmac: fix invalid address access when enabling SCAN log level
>
> Zong-Zhe Yang <kevin_yang@realtek.com>
> wifi: rtw88: phy: fix warning of possible buffer overflow
>
> Hengqi Chen <hengqi.chen@gmail.com>
> libbpf: Do not require executable permission for shared libraries
>
> James Hilliard <james.hilliard1@gmail.com>
> libbpf: Ensure functions with always_inline attribute are inline
>
> Dai Ngo <dai.ngo@oracle.com>
> NFSD: fix use-after-free on source server when doing inter-server copy
>
> Anna Schumaker <Anna.Schumaker@Netapp.com>
> NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
>
> Kees Cook <keescook@chromium.org>
> x86/entry: Work around Clang __bdos() bug
>
> Mario Limonciello <mario.limonciello@amd.com>
> ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable
>
> Kees Cook <keescook@chromium.org>
> ARM: decompressor: Include .data.rel.ro.local
>
> Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
> thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id()
> to avoid crash
>
> Chao Qin <chao.qin@intel.com>
> powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
>
> Kees Cook <keescook@chromium.org>
> MIPS: BCM47XX: Cast memcmp() of function to (void *)
>
> Doug Smythies <dsmythies@telus.net>
> cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode
>
> Hans de Goede <hdegoede@redhat.com>
> ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys
> address
>
> Kees Cook <keescook@chromium.org>
> fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL
>
> Arvid Norlander <lkml@vorpal.se>
> ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
>
> Perry Yuan <Perry.Yuan@amd.com>
> cpufreq: amd_pstate: fix wrong lowest perf fetch
>
> Paul E. McKenney <paulmck@kernel.org>
> rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states
>
> Zqiang <qiang1.zhang@intel.com>
> rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
>
> Michal Hocko <mhocko@suse.com>
> rcu: Back off upon fill_page_cache_func() allocation failure
>
> Zqiang <qiang1.zhang@intel.com>
> rcu: Avoid triggering strict-GP irq-work when RCU is idle
>
> Alexander Aring <aahringo@redhat.com>
> fs: dlm: fix race in lowcomms
>
> Aaron Tomlin <atomlin@redhat.com>
> module: tracking: Keep a record of tainted unloaded modules only
>
> Christoph Hellwig <hch@lst.de>
> ARM/dma-mappіng: don't override ->dma_coherent when set from a bus
> notifier
>
> Stefan Berger <stefanb@linux.ibm.com>
> selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
>
> Zhang Rui <rui.zhang@intel.com>
> tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL
> domain
>
> Chao Yu <chao@kernel.org>
> f2fs: fix to account FS_CP_DATA_IO correctly
>
> Zhang Qilong <zhangqilong3@huawei.com>
> f2fs: fix race condition on setting FI_NO_EXTENT flag
>
> Shuai Xue <xueshuai@linux.alibaba.com>
> ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
>
> Vincent Knecht <vincent.knecht@mailoo.org>
> thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
>
> Jason A. Donenfeld <Jason@zx2c4.com>
> random: schedule jitter credit for next jiffy, not in two jiffies
>
> Dan Carpenter <dan.carpenter@oracle.com>
> crypto: cavium - prevent integer overflow loading firmware
>
> Dan Carpenter <dan.carpenter@oracle.com>
> crypto: marvell/octeontx - prevent integer overflows
>
> Janis Schoetterl-Glausch <scgl@linux.ibm.com>
> kbuild: rpm-pkg: fix breakage when V=1 is used
>
> Masahiro Yamada <masahiroy@kernel.org>
> linux/export: use inline assembler to populate symbol CRCs
>
> Masahiro Yamada <masahiroy@kernel.org>
> kbuild: remove the target in signal traps when interrupted
>
> Song Liu <song@kernel.org>
> ftrace: Fix recursive locking direct_mutex in
> ftrace_modify_direct_caller
>
> Nico Pache <npache@redhat.com>
> tracing/osnoise: Fix possible recursive locking in
> stop_per_cpu_kthreads
>
> Yipeng Zou <zouyipeng@huawei.com>
> tracing: kprobe: Make gen test module work in arm and riscv
>
> Yipeng Zou <zouyipeng@huawei.com>
> tracing: kprobe: Fix kprobe event gen test module on exit
>
> Robin Murphy <robin.murphy@arm.com>
> iommu/iova: Fix module config properly
>
> Enzo Matsumiya <ematsumiya@suse.de>
> cifs: return correct error in ->calc_signature()
>
> Lin Yujun <linyujun809@huawei.com>
> clocksource/drivers/timer-gxp: Add missing error handling in
> gxp_timer_probe
>
> Kunkun Jiang <jiangkunkun@huawei.com>
> clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921
>
> Damian Muszynski <damian.muszynski@intel.com>
> crypto: qat - fix DMA transfer direction
>
> Peter Harliman Liem <pliem@maxlinear.com>
> crypto: inside-secure - Change swab to swab32
>
> Koba Ko <koba.ko@canonical.com>
> crypto: ccp - Release dma channels before dmaengine unrgister
>
> Ignat Korchagin <ignat@cloudflare.com>
> crypto: akcipher - default implementation for setting a private key
>
> Dan Carpenter <dan.carpenter@oracle.com>
> iommu/omap: Fix buffer overflow in debugfs
>
> Waiman Long <longman@redhat.com>
> cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
>
> Weili Qian <qianweili@huawei.com>
> crypto: hisilicon/qm - fix missing put dfx access
>
> Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
> crypto: qat - fix default value of WDT timer
>
> Kshitiz Varshney <kshitiz.varshney@nxp.com>
> hwrng: imx-rngc - Moving IRQ handler registering after
> imx_rngc_irq_mask_clear()
>
> Martin Kaiser <martin@kaiser.cx>
> hwrng: imx-rngc - use devm_clk_get_enabled
>
> Michal Koutný <mkoutny@suse.com>
> cgroup: Honor caller's cgroup NS when resolving path
>
> Jacky Li <jackyli@google.com>
> crypto: ccp - Fail the PSP initialization when writing psp data file
> failed
>
> James Cowgill <james.cowgill@blaize.com>
> hwrng: arm-smccc-trng - fix NO_ENTROPY handling
>
> Ye Weihua <yeweihua4@huawei.com>
> crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
>
> Zhengchao Shao <shaozhengchao@huawei.com>
> crypto: sahara - don't sleep when in softirq
>
> Haren Myneni <haren@linux.ibm.com>
> powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
>
> Li Huafei <lihuafei1@huawei.com>
> powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()
>
> Pali Rohár <pali@kernel.org>
> powerpc: Fix SPE Power ISA properties for e500v1 platforms
>
> Nicholas Piggin <npiggin@gmail.com>
> powerpc/64/interrupt: Fix return to masked context after hard-mask irq
> becomes pending
>
> Nicholas Piggin <npiggin@gmail.com>
> powerpc/64: mark irqs hard disabled in boot paca
>
> Nicholas Piggin <npiggin@gmail.com>
> powerpc/64/interrupt: Fix false warning in context tracking due to idle
> state
>
> Nicholas Piggin <npiggin@gmail.com>
> powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
>
> Vitaly Kuznetsov <vkuznets@redhat.com>
> x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
>
> Rohan McLure <rmclure@linux.ibm.com>
> powerpc: Fix fallocate and fadvise64_64 compat parameter combination
>
> Pali Rohár <pali@kernel.org>
> powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes
>
> Pali Rohár <pali@kernel.org>
> powerpc: dts: turris1x.dts: Fix NOR partitions labels
>
> Anup Patel <apatel@ventanamicro.com>
> cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage
>
> Zheng Yongjun <zhengyongjun3@huawei.com>
> powerpc/powernv: add missing of_node_put() in opal_export_attrs()
>
> Liang He <windhl@126.com>
> powerpc/pci_dn: Add missing of_node_put()
>
> Liang He <windhl@126.com>
> powerpc/sysdev/fsl_msi: Add missing of_node_put()
>
> Nathan Chancellor <nathan@kernel.org>
> powerpc/math_emu/efp: Include module.h
>
> Michael Ellerman <mpe@ellerman.id.au>
> powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig
>
> Hangyu Hua <hbh25y@gmail.com>
> ipc: mqueue: fix possible memory leak in init_mqueue_fs()
>
> Jack Wang <jinpu.wang@ionos.com>
> mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
>
> Conor Dooley <conor.dooley@microchip.com>
> mailbox: mpfs: account for mbox offsets while sending
>
> Conor Dooley <conor.dooley@microchip.com>
> mailbox: mpfs: fix handling of the reg property
>
> Peng Fan <peng.fan@nxp.com>
> mailbox: imx: fix RST channel support
>
> Joel Stanley <joel@jms.id.au>
> clk: ast2600: BCLK comes from EPLL
>
> Miaoqian Lin <linmq006@gmail.com>
> clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
>
> Liang He <windhl@126.com>
> clk: ti: Balance of_node_get() calls for of_find_node_by_name()
>
> Lin Yujun <linyujun809@huawei.com>
> clk: imx: scu: fix memleak on platform_device_add() fails
>
> Peng Fan <peng.fan@nxp.com>
> clk: imx8mp: tune the order of enet_qos_root_clk
>
> Stefan Wahren <stefan.wahren@i2se.com>
> clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
>
> Maxime Ripard <maxime@cerno.tech>
> clk: bcm2835: Make peripheral PLLC critical
>
> Serge Semin <Sergey.Semin@baikalelectronics.ru>
> clk: baikal-t1: Add SATA internal ref clock buffer
>
> Serge Semin <Sergey.Semin@baikalelectronics.ru>
> clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
>
> Serge Semin <Sergey.Semin@baikalelectronics.ru>
> clk: baikal-t1: Fix invalid xGMAC PTP clock divider
>
> Serge Semin <Sergey.Semin@baikalelectronics.ru>
> clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
>
> David Collins <collinsd@codeaurora.org>
> spmi: pmic-arb: correct duplicate APID to PPID mapping logic
>
> Chunfeng Yun <chunfeng.yun@mediatek.com>
> usb: mtu3: fix failed runtime suspend in host only mode
>
> Basavaraj Natikar <Basavaraj.Natikar@amd.com>
> HID: amd_sfh: Handle condition of "no sensors" for SFH1.1
>
> Dave Jiang <dave.jiang@intel.com>
> dmaengine: ioat: stop mod_timer from resurrecting deleted timer in
> __cleanup()
>
> Jens Axboe <axboe@kernel.dk>
> io_uring/rw: defer fsnotify calls to task context
>
> Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
> phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY
>
> Chen-Yu Tsai <wenst@chromium.org>
> clk: mediatek: Migrate remaining clk_unregister_*() to
> clk_hw_unregister_*()
>
> Chen-Yu Tsai <wenst@chromium.org>
> clk: mediatek: fix unregister function in mtk_clk_register_dividers
> cleanup
>
> AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
> clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate
> changes
>
> Chen-Yu Tsai <wenst@chromium.org>
> clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
>
> Jens Hillenstedt <jens.hillenstedt@ise.de>
> mfd: da9061: Fix Failed to set Two-Wire Bus Mode.
>
> Jiasheng Jiang <jiasheng@iscas.ac.cn>
> mfd: sm501: Add check for platform_driver_register()
>
> Dan Carpenter <dan.carpenter@oracle.com>
> mfd: fsl-imx25: Fix check for platform_get_irq() errors
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> mfd: lp8788: Fix an error handling path in lp8788_irq_init() and
> lp8788_irq_init()
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> mfd: lp8788: Fix an error handling path in lp8788_probe()
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> mfd: intel_soc_pmic: Fix an error handling path in
> intel_soc_pmic_i2c_probe()
>
> Jiasheng Jiang <jiasheng@iscas.ac.cn>
> fsi: core: Check error number after calling ida_simple_get
>
> Bob Pearson <rpearsonhpe@gmail.com>
> RDMA/rxe: Fix resize_finish() in rxe_queue.c
>
> Bob Pearson <rpearsonhpe@gmail.com>
> RDMA/rxe: Set pd early in mr alloc routines
>
> Christoph Hellwig <hch@lst.de>
> nvmet-auth: don't try to cancel a non-initialized work_struct
>
> Adam Skladowski <a_skl39@protonmail.com>
> clk: qcom: gcc-sm6115: Override default Alpha PLL regs
>
> Robert Marko <robimarko@gmail.com>
> clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
>
> Mike Christie <michael.christie@oracle.com>
> scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
>
> John Garry <john.garry@huawei.com>
> scsi: pm8001: Fix running_req for internal abort commands
>
> Duoming Zhou <duoming@zju.edu.cn>
> scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
>
> Pali Rohár <pali@kernel.org>
> serial: 8250: Fix restoring termios speed after suspend
>
> Guilherme G. Piccoli <gpiccoli@igalia.com>
> firmware: google: Test spinlock on panic path to avoid lockups
>
> Lin Yujun <linyujun809@huawei.com>
> slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register
>
> Nam Cao <namcaov@gmail.com>
> staging: vt6655: fix some erroneous memory clean-up loops
>
> Dongliang Mu <mudongliangabcd@gmail.com>
> phy: qualcomm: call clk_disable_unprepare in the error handling
>
> Sherry Sun <sherry.sun@nxp.com>
> tty: serial: fsl_lpuart: disable dma rx/tx use flags in
> lpuart_dma_shutdown
>
> Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
> serial: 8250: Toggle IER bits on only after irq has been set up
>
> Dan Carpenter <dan.carpenter@oracle.com>
> drivers: serial: jsm: fix some leaks in probe
>
> Dan Carpenter <dan.carpenter@oracle.com>
> usb: dwc3: core: fix some leaks in probe
>
> Liang He <windhl@126.com>
> usb: typec: anx7411: Use of_get_child_by_name() instead of
> of_find_node_by_name()
>
> Albert Briscoe <albertsbriscoe@gmail.com>
> usb: gadget: function: fix dangling pnp_string in f_printer.c
>
> Mario Limonciello <mario.limonciello@amd.com>
> xhci: Don't show warning for reinit on known broken suspend
>
> Daisuke Matsuda <matsuda-daisuke@fujitsu.com>
> IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
>
> Mark Zhang <markzhang@nvidia.com>
> RDMA/cm: Use SLID in the work completion as the DLID in responder side
>
> Logan Gunthorpe <logang@deltatee.com>
> md: Remove extra mddev_get() in md_seq_start()
>
> David Sloan <david.sloan@eideticom.com>
> md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
>
> Logan Gunthorpe <logang@deltatee.com>
> md/raid5: Ensure stripe_fill happens on non-read IO with journal
>
> Saurabh Sengar <ssengar@linux.microsoft.com>
> md: Replace snprintf with scnprintf
>
> Jens Axboe <axboe@kernel.dk>
> io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128
>
> Dylan Yudaken <dylany@fb.com>
> eventfd: guard wake_up in eventfd fs calls as well
>
> Bart Van Assche <bvanassche@acm.org>
> block: Fix the enum blk_eh_timer_return documentation
>
> Dan Carpenter <dan.carpenter@oracle.com>
> mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
>
> Niklas Cassel <niklas.cassel@wdc.com>
> ata: fix ata_id_has_dipm()
>
> Niklas Cassel <niklas.cassel@wdc.com>
> ata: fix ata_id_has_ncq_autosense()
>
> Niklas Cassel <niklas.cassel@wdc.com>
> ata: fix ata_id_has_devslp()
>
> Niklas Cassel <niklas.cassel@wdc.com>
> ata: fix ata_id_sense_reporting_enabled() and
> ata_id_has_sense_reporting()
>
> Bernard Metzler <bmt@zurich.ibm.com>
> RDMA/siw: Fix QP destroy to wait for all references dropped.
>
> Bernard Metzler <bmt@zurich.ibm.com>
> RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
>
> Bart Van Assche <bvanassche@acm.org>
> RDMA/srp: Fix srp_abort()
>
> Shiraz Saleem <shiraz.saleem@intel.com>
> RDMA/irdma: Validate udata inlen and outlen
>
> Sindhu-Devale <sindhu.devale@intel.com>
> RDMA/irdma: Align AE id codes to correct flush code and event
>
> Pali Rohár <pali@kernel.org>
> mtd: rawnand: fsl_elbc: Fix none ECC mode
>
> Martin Blumenstingl <martin.blumenstingl@googlemail.com>
> mtd: rawnand: intel: Remove undocumented compatible string
>
> Martin Blumenstingl <martin.blumenstingl@googlemail.com>
> mtd: rawnand: intel: Read the chip-select line from the correct OF node
>
> Chunfeng Yun <chunfeng.yun@mediatek.com>
> phy: phy-mtk-tphy: fix the phy type setting issue
>
> Liang He <windhl@126.com>
> phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by
> of_get_parent()
>
> Johan Hovold <johan+linaro@kernel.org>
> phy: qcom-qmp-usb: fix memleak on probe deferral
>
> Johan Hovold <johan+linaro@kernel.org>
> phy: qcom-qmp-ufs: fix memleak on probe deferral
>
> Johan Hovold <johan+linaro@kernel.org>
> phy: qcom-qmp-combo: fix memleak on probe deferral
>
> Johan Hovold <johan+linaro@kernel.org>
> phy: qcom-qmp-pcie-msm8996: fix memleak on probe deferral
>
> Johan Hovold <johan+linaro@kernel.org>
> phy: qcom-qmp-pcie: fix memleak on probe deferral
>
> Johan Hovold <johan+linaro@kernel.org>
> phy: qcom-qmp-pcie: add pcs_misc sanity check
>
> Johan Hovold <johan+linaro@kernel.org>
> phy: qcom-qmp-usb: disable runtime PM on unbind
>
> Dan Carpenter <dan.carpenter@oracle.com>
> remoteproc: Harden rproc_handle_vdev() against integer overflow
>
> William Dean <williamsukatube@gmail.com>
> mtd: devices: docg3: check the return value of devm_ioremap() in the
> probe
>
> James Smart <jsmart2021@gmail.com>
> scsi: lpfc: Fix various issues reported by tools
>
> Dang Huynh <danct12@riseup.net>
> clk: qcom: sm6115: Select QCOM_GDSC
>
> Jan Kara <jack@suse.cz>
> sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up()
>
> Jim Cromie <jim.cromie@gmail.com>
> dyndbg: drop EXPORTed dynamic_debug_exec_queries
>
> Jim Cromie <jim.cromie@gmail.com>
> dyndbg: let query-modname override actual module name
>
> Jim Cromie <jim.cromie@gmail.com>
> dyndbg: fix module.dyndbg handling
>
> Jim Cromie <jim.cromie@gmail.com>
> dyndbg: fix static_branch manipulation
>
> Dan Carpenter <dan.carpenter@oracle.com>
> usb: gadget: f_fs: stricter integer overflow checks
>
> Vincent Whitchurch <vincent.whitchurch@axis.com>
> iio: Use per-device lockdep class for mlock
>
> Jie Hai <haijie1@huawei.com>
> dmaengine: hisilicon: Add multi-thread support for a DMA channel
>
> Jie Hai <haijie1@huawei.com>
> dmaengine: hisilicon: Fix CQ head update
>
> Jie Hai <haijie1@huawei.com>
> dmaengine: hisilicon: Disable channels when unregister hisi_dma
>
> Jerry Snitselaar <jsnitsel@redhat.com>
> dmaengine: idxd: avoid deadlock in process_misc_interrupts()
>
> Peter Geis <pgwipeout@gmail.com>
> phy: rockchip-inno-usb2: Return zero after otg sync
>
> Dan Carpenter <dan.carpenter@oracle.com>
> fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
>
> Matthew Gerlach <matthew.gerlach@linux.intel.com>
> fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards
>
> Hangyu Hua <hbh25y@gmail.com>
> misc: ocxl: fix possible refcount leak in afu_ioctl()
>
> AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
> clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical
>
> AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
> clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintf's
> parent
>
> AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
> clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intf's
> parent
>
> Zhu Yanjun <yanjun.zhu@linux.dev>
> RDMA/rxe: Fix the error caused by qp->sk
>
> Zhu Yanjun <yanjun.zhu@linux.dev>
> RDMA/rxe: Fix "kernel NULL pointer dereference" error
>
> Miaoqian Lin <linmq006@gmail.com>
> media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
>
> Yunke Cao <yunkec@google.com>
> media: uvcvideo: Use entity get_cur in uvc_ctrl_set
>
> José Expósito <jose.exposito89@gmail.com>
> media: uvcvideo: Fix memory leak in uvc_gpio_parse
>
> Xu Qiang <xuqiang36@huawei.com>
> media: meson: vdec: add missing clk_disable_unprepare on error in
> vdec_hevc_start()
>
> Ming Qian <ming.qian@nxp.com>
> media: amphion: fix a bug that vpu core may not resume after suspend
>
> Ming Qian <ming.qian@nxp.com>
> media: amphion: don't change the colorspace reported by decoder.
>
> Ming Qian <ming.qian@nxp.com>
> media: amphion: adjust the encoder's value range of gop size
>
> Ming Qian <ming.qian@nxp.com>
> media: amphion: insert picture startcode after seek for vc1g format
>
> Hirokazu Honda <hiroh@chromium.org>
> media: mediatek: vcodec: Skip non CBR bitrate mode
>
> Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
> tty: xilinx_uartps: Fix the ignore_status
>
> Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
> tty: xilinx_uartps: Check clk_enable return value
>
> Dongliang Mu <mudongliangabcd@gmail.com>
> media: airspy: fix memory leak in airspy probe
>
> Liang He <windhl@126.com>
> media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
>
> Marijn Suijten <marijn.suijten@somainline.org>
> clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock
>
> Jack Wang <jinpu.wang@ionos.com>
> HSI: omap_ssi_port: Fix dma_map_sg error check
>
> Miaoqian Lin <linmq006@gmail.com>
> HSI: omap_ssi: Fix refcount leak in ssi_probe
>
> José Expósito <jose.exposito89@gmail.com>
> HID: uclogic: Fix warning in uclogic_rdesc_template_apply
>
> José Expósito <jose.exposito89@gmail.com>
> HID: uclogic: Add missing suffix for digitalizers
>
> Yu Kuai <yukuai3@huawei.com>
> sbitmap: fix possible io hung due to lost wakeup
>
> Chanho Park <chanho61.park@samsung.com>
> clk: samsung: exynosautov9: correct register offsets of peric0/c1
>
> Miaoqian Lin <linmq006@gmail.com>
> clk: tegra20: Fix refcount leak in tegra20_clock_init
>
> Miaoqian Lin <linmq006@gmail.com>
> clk: tegra: Fix refcount leak in tegra114_clock_init
>
> Miaoqian Lin <linmq006@gmail.com>
> clk: tegra: Fix refcount leak in tegra210_clock_init
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> coresight: docs: Fix a broken reference
>
> Liang He <windhl@126.com>
> clk: sprd: Hold reference returned by of_get_parent()
>
> Liang He <windhl@126.com>
> clk: berlin: Add of_node_put() for of_get_parent()
>
> Liang He <windhl@126.com>
> clk: qoriq: Hold reference returned by of_get_parent()
>
> Liang He <windhl@126.com>
> clk: oxnas: Hold reference returned by of_get_parent()
>
> Liang He <windhl@126.com>
> clk: st: Hold reference returned by of_get_parent()
>
> Liang He <windhl@126.com>
> clk: meson: Hold reference returned by of_get_parent()
>
> Thinh Nguyen <Thinh.Nguyen@synopsys.com>
> usb: common: debug: Check non-standard control requests
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> usb: common: usb-conn-gpio: Simplify some error message
>
> Aharon Landau <aharonl@nvidia.com>
> RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey
>
> Jakob Hauser <jahau@rocketmail.com>
> iio: magnetometer: yas530: Change data type of hard_offsets to signed
>
> Jonathan Cameron <Jonathan.Cameron@huawei.com>
> iio: ABI: Fix wrong format of differential capacitance channel ABI.
>
> Nuno Sá <nuno.sa@analog.com>
> iio: inkern: fix return value in devm_of_iio_channel_get_by_name()
>
> Nuno Sá <nuno.sa@analog.com>
> iio: inkern: only release the device node when done with it
>
> Claudiu Beznea <claudiu.beznea@microchip.com>
> iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
>
> Claudiu Beznea <claudiu.beznea@microchip.com>
> iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
>
> Claudiu Beznea <claudiu.beznea@microchip.com>
> iio: adc: at91-sama5d2_adc: check return status for pressure and touch
>
> Claudiu Beznea <claudiu.beznea@microchip.com>
> iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
>
> Zhao Gongyi <zhaogongyi@huawei.com>
> selftests/cpu-hotplug: Reserve one cpu online at least
>
> Zhao Gongyi <zhaogongyi@huawei.com>
> selftests/cpu-hotplug: Delete fault injection related code
>
> Zhao Gongyi <zhaogongyi@huawei.com>
> selftests/cpu-hotplug: Use return instead of exit
>
> Darrick J. Wong <djwong@kernel.org>
> iomap: iomap: fix memory corruption when recording errors during
> writeback
>
> Dmitry Torokhov <dmitry.torokhov@gmail.com>
> ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
>
> Dmitry Torokhov <dmitry.torokhov@gmail.com>
> arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2
>
> Mark Rutland <mark.rutland@arm.com>
> arm64: ftrace: fix module PLTs with mcount
>
> Josh Triplett <josh@joshtriplett.org>
> ext4: don't run ext4lazyinit for read-only filesystems
>
> Jerry Lee 李修賢 <jerrylee@qnap.com>
> ext4: continue to expand file system when the target size doesn't reach
>
> Geert Uytterhoeven <geert+renesas@glider.be>
> ARM: Drop CMDLINE_* dependency on ATAGS
>
> Dmitry Torokhov <dmitry.torokhov@gmail.com>
> ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
>
> Matt Ranostay <mranostay@ti.com>
> arm64: dts: ti: k3-j7200: fix main pinmux range
>
> Johan Hovold <johan+linaro@kernel.org>
> arm64: dts: qcom: sm8450: fix UFS PHY serdes size
>
> Johan Hovold <johan+linaro@kernel.org>
> arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
>
> Dmitry Osipenko <digetx@gmail.com>
> soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
>
> Liang He <windhl@126.com>
> soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse()
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> arm64: dts: qcom: sm8350-sagami: correct TS pin property
>
> Randy Dunlap <rdunlap@infradead.org>
> ia64: export memory_add_physaddr_to_nid to fix cxl build error
>
> Bhupesh Sharma <bhupesh.sharma@linaro.org>
> arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node
> name for pmc8280c_lpg node
>
> Chris Packham <chris.packham@alliedtelesis.co.nz>
> arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios
>
> Michael Walle <michael@walle.cc>
> ARM: dts: kirkwood: lsxl: remove first ethernet port
>
> Michael Walle <michael@walle.cc>
> ARM: dts: kirkwood: lsxl: fix serial line
>
> Marek Behún <kabel@kernel.org>
> ARM: dts: turris-omnia: Fix mpp26 pin name and comment
>
> Stephen Boyd <swboyd@chromium.org>
> arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ
>
> Bryan O'Donoghue <bryan.odonoghue@linaro.org>
> arm64: dts: qcom: pm8350c: Drop PWM reg declaration
>
> Johan Hovold <johan+linaro@kernel.org>
> arm64: dts: qcom: sa8295p-adp: disallow regulator mode switches
>
> Johan Hovold <johan+linaro@kernel.org>
> arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: disallow regulator mode
> switches
>
> Johan Hovold <johan+linaro@kernel.org>
> arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches
>
> Satya Priya <quic_c_skakit@quicinc.com>
> arm64: dts: qcom: sc7280: Update lpasscore node
>
> Satya Priya <quic_c_skakit@quicinc.com>
> arm64: dts: qcom: sc7280: Cleanup the lpasscc node
>
> Geert Uytterhoeven <geert+renesas@glider.be>
> arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl
>
> Chanho Park <chanho61.park@samsung.com>
> dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1
>
> Biju Das <biju.das.jz@bp.renesas.com>
> arm64: dts: renesas: r9a07g043: Fix SCI{Rx,Tx} interrupt types
>
> Biju Das <biju.das.jz@bp.renesas.com>
> arm64: dts: renesas: r9a07g054: Fix SCI{Rx,Tx} interrupt types
>
> Biju Das <biju.das.jz@bp.renesas.com>
> arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types
>
> Lucas Stach <l.stach@pengutronix.de>
> ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus
>
> Liang He <windhl@126.com>
> soc: qcom: smem_state: Add refcounting for the 'state->of_node'
>
> Liang He <windhl@126.com>
> soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
>
> Amir Goldstein <amir73il@gmail.com>
> locks: fix TOCTOU race when granting write lease
>
> Liang He <windhl@126.com>
> memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
>
> Liang He <windhl@126.com>
> memory: of: Fix refcount leak bug in of_get_ddr_timings()
>
> Liang He <windhl@126.com>
> memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: hda/hdmi: Don't skip notification handling during PM operation
>
> Judy Hsiao <judyhsiao@chromium.org>
> ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll
> I2S_CLR
>
> Zhang Qilong <zhangqilong3@huawei.com>
> ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
>
> Zhang Qilong <zhangqilong3@huawei.com>
> ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
>
> Zhang Qilong <zhangqilong3@huawei.com>
> ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
>
> Zhang Qilong <zhangqilong3@huawei.com>
> ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use
> pm_runtime_resume_and_get()"
>
> Zhang Qilong <zhangqilong3@huawei.com>
> ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe
>
> Zhang Qilong <zhangqilong3@huawei.com>
> ASoC: stm32: spdifrx: Fix PM disable depth imbalance in
> stm32_spdifrx_probe
>
> Zhang Qilong <zhangqilong3@huawei.com>
> ASoC: stm32: dfsdm: Fix PM disable depth imbalance in
> stm32_adfsdm_probe
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
>
> Andreas Pape <apape@de.adit-jv.com>
> ALSA: dmaengine: increment buffer pointer atomically
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
>
> Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
> ASoC: codecs: tx-macro: fix kcontrol put
>
> Dan Carpenter <dan.carpenter@oracle.com>
> virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create()
>
> Rafael Mendonca <rafaelmendsr@gmail.com>
> drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
>
> Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
> ASoC: SOF: ipc4-topology: Free the ida when IPC fails in
> sof_ipc4_widget_setup()
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: usb-audio: Properly refcounting clock rate
>
> Jaroslav Kysela <perex@perex.cz>
> ALSA: hda/hdmi: Fix the converter allocation for the silent stream
>
> Jaroslav Kysela <perex@perex.cz>
> ALSA: hda/hdmi: change type for the 'assigned' variable
>
> Kuogee Hsieh <quic_khsieh@quicinc.com>
> drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
>
> Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
> drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
>
> Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
> drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices
>
> Liang He <windhl@126.com>
> ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
>
> Judy Hsiao <judyhsiao@chromium.org>
> ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR
>
> Rafael Mendonca <rafaelmendsr@gmail.com>
> drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
>
> Liang He <windhl@126.com>
> drm/omap: dss: Fix refcount leak bugs
>
> AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
> ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON
>
> AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
> ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF
>
> Gerd Hoffmann <kraxel@redhat.com>
> drm/bochs: fix blanking
>
> Chia-I Wu <olvaffe@gmail.com>
> drm/virtio: set fb_modifiers_not_supported
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: hda: beep: Simplify keep-power-at-enable behavior
>
> Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
> ASoC: wm_adsp: Handle optional legacy support
>
> Jiasheng Jiang <jiasheng@iscas.ac.cn>
> ASoC: rsnd: Add check for rsnd_mod_power_on
>
> Pin-yen Lin <treapking@chromium.org>
> drm/bridge: it6505: Fix the order of DP_SET_POWER commands
>
> Zheyu Ma <zheyuma97@gmail.com>
> drm/bridge: megachips: Fix a null pointer dereference bug
>
> Yang Yingliang <yangyingliang@huawei.com>
> drm/amdgpu: add missing pci_disable_device() in
> amdgpu_pmops_runtime_resume()
>
> Prashant Malani <pmalani@chromium.org>
> platform/chrome: cros_ec_typec: Correct alt mode index
>
> Prashant Malani <pmalani@chromium.org>
> platform/chrome: cros_ec_typec: Add bit offset for DP VDO
>
> Randy Dunlap <rdunlap@infradead.org>
> drm: fix drm_mipi_dbi build errors
>
> Randy Dunlap <rdunlap@infradead.org>
> drm/panel: use 'select' for Ili9341 panel driver helpers
>
> Hans de Goede <hdegoede@redhat.com>
> platform/x86: msi-laptop: Fix resource cleanup
>
> Hans de Goede <hdegoede@redhat.com>
> platform/x86: msi-laptop: Fix old-ec check for backlight registering
>
> Martin Povišer <povik+lin@cutebit.org>
> ASoC: tas2764: Fix mute/unmute
>
> Martin Povišer <povik+lin@cutebit.org>
> ASoC: tas2764: Drop conflicting set_bias_level power setting
>
> Martin Povišer <povik+lin@cutebit.org>
> ASoC: tas2764: Allow mono streams
>
> Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
> ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close()
>
> Rob Clark <robdclark@chromium.org>
> drm/virtio: Fix same-context optimization
>
> Stanislav Lisovskiy <stanislav.lisovskiy@intel.com>
> drm/i915/dg2: Bump up CDCLK for DG2
>
> Dan Carpenter <dan.carpenter@oracle.com>
> platform/chrome: fix memory corruption in ioctl
>
> Rustam Subkhankulov <subkhankulov@ispras.ru>
> platform/chrome: fix double-free in chromeos_laptop_prepare()
>
> Javier Martinez Canillas <javierm@redhat.com>
> drm/msm: Make .remove and .shutdown HW shutdown consistent
>
> Yang Yingliang <yangyingliang@huawei.com>
> ASoC: amd: acp: add missing platform_device_unregister() in
> acp_pci_probe()
>
> Dan Carpenter <dan.carpenter@oracle.com>
> ASoC: mt6359: fix tests for platform_get_irq() failure
>
> Liang He <windhl@126.com>
> drm:pl111: Add of_node_put() when breaking out of
> for_each_available_child_of_node()
>
> Simon Ser <contact@emersion.fr>
> drm/dp_mst: fix drm_dp_dpcd_read return value checks
>
> José Expósito <jose.exposito89@gmail.com>
> drm/format-helper: Fix test on big endian architectures
>
> Chen-Yu Tsai <wenst@chromium.org>
> drm/bridge: parade-ps8640: Fix regulator supply order
>
> Liang He <windhl@126.com>
> drm/bridge: tc358767: Add of_node_put() when breaking out of loop
>
> Liang He <windhl@126.com>
> drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt()
>
> Dmitry Osipenko <dmitry.osipenko@collabora.com>
> drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
>
> Thomas Zimmermann <tzimmermann@suse.de>
> video/aperture: Disable and unregister sysfb devices via aperture
> helpers
>
> Pin-Yen Lin <treapking@chromium.org>
> drm/bridge: it6505: Power on downstream device in .atomic_enable
>
> Maxime Ripard <maxime@cerno.tech>
> drm/vc4: drv: Call component_unbind_all()
>
> Maxime Ripard <maxime@cerno.tech>
> drm/mipi-dsi: Detach devices when removing the host
>
> Dan Carpenter <dan.carpenter@oracle.com>
> drm/bridge: Avoid uninitialized variable warning
>
> Alvin Šipraga <alsi@bang-olufsen.dk>
> drm: bridge: adv7511: unregister cec i2c device after cec adapter
>
> Alvin Šipraga <alsi@bang-olufsen.dk>
> drm: bridge: adv7511: fix CEC power down control register offset
>
> Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
> net: mvpp2: fix mvpp2 debugfs leak
>
> Eric Dumazet <edumazet@google.com>
> once: add DO_ONCE_SLOW() for sleepable contexts
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> net/ieee802154: reject zero-sized raw_sendmsg()
>
> Maxim Mikityanskiy <maxtram95@gmail.com>
> net: wwan: iosm: Call mutex_init before locking it
>
> Zheng Wang <zyytlz.wz@163.com>
> eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address
>
> Jianglei Nie <niejianglei2021@163.com>
> bnx2x: fix potential memory leak in bnx2x_tpa_stop()
>
> Raju Lakkaraju <Raju.Lakkaraju@microchip.com>
> eth: lan743x: reject extts for non-pci11x1x devices
>
> Jiasheng Jiang <jiasheng@iscas.ac.cn>
> net: prestera: acl: Add check for kmemdup
>
> Kuniyuki Iwashima <kuniyu@amazon.com>
> af_unix: Fix memory leaks of the whole sk due to OOB skb.
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> net: rds: don't hold sock lock when cancelling work from
> rds_tcp_reset_callbacks()
>
> Oleksandr Shamray <oleksandrs@nvidia.com>
> hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888
> controller
>
> Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Bluetooth: hci_sync: Fix not indicating power state
>
> Marek Szyprowski <m.szyprowski@samsung.com>
> spi: Ensure that sg_table won't be used after being freed
>
> Neal Cardwell <ncardwell@google.com>
> tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
>
> Xin Long <lucien.xin@gmail.com>
> sctp: handle the error returned from sctp_auth_asoc_init_active_key
>
> Duoming Zhou <duoming@zju.edu.cn>
> mISDN: fix use-after-free bugs in l1oip timer handlers
>
> Jakub Kicinski <kuba@kernel.org>
> eth: alx: take rtnl_lock on resume
>
> Junichi Uekawa <uekawa@chromium.org>
> vhost/vsock: Use kvmalloc/kvfree for larger packets.
>
> Bitterblue Smith <rtl8821cerfe2@gmail.com>
> wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
>
> Bitterblue Smith <rtl8821cerfe2@gmail.com>
> wifi: rtl8xxxu: gen2: Enable 40 MHz channel width
>
> Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
> Bluetooth: Prevent double register of suspend
>
> Vincent Whitchurch <vincent.whitchurch@axis.com>
> spi: s3c64xx: Fix large transfers with DMA
>
> Phil Sutter <phil@nwl.cc>
> netfilter: nft_fib: Fix for rpath check with VRF devices
>
> Liu Jian <liujian56@huawei.com>
> xfrm: Reinject transport-mode packets through workqueue
>
> Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Bluetooth: hci_core: Fix not handling link timeouts propertly
>
> Asmaa Mnebhi <asmaa@nvidia.com>
> i2c: mlxbf: support lock mechanism
>
> Andrii Nakryiko <andrii@kernel.org>
> libbpf: Don't require full struct enum64 in UAPI headers
>
> Xiaomeng Tong <xiam0nd.tong@gmail.com>
> cw1200: fix incorrect check to determine if no element is found in list
>
> Liu Jian <liujian56@huawei.com>
> skmsg: Schedule psock work if the cached skb exists on the psock
>
> Zhang Qilong <zhangqilong3@huawei.com>
> spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
>
> Zhang Qilong <zhangqilong3@huawei.com>
> spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
>
> Zhang Qilong <zhangqilong3@huawei.com>
> spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe
>
> Luciano Leão <lucianorsleao@gmail.com>
> x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
>
> Christian Marangi <ansuelsmth@gmail.com>
> wifi: ath11k: fix peer addition/deletion error on sta band migration
>
> Andrii Nakryiko <andrii@kernel.org>
> libbpf: restore memory layout of bpf_object_open_opts
>
> Kees Cook <keescook@chromium.org>
> x86/microcode/AMD: Track patch allocation size explicitly
>
> Arınç ÜNAL <arinc.unal@arinc9.com>
> mips: dts: ralink: mt7621: fix external phy on GB-PC2
>
> Jesus Fernandez Manzano <jesus.manzano@galgus.net>
> wifi: ath11k: fix number of VHT beamformee spatial streams
>
> Wen Gong <quic_wgong@quicinc.com>
> wifi: ath11k: fix failed to find the peer with peer_id 0 when
> disconnected
>
> Duoming Zhou <duoming@zju.edu.cn>
> mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
>
> Qingqing Yang <qingqing.yang@broadcom.com>
> flow_dissector: Do not count vlan tags inside tunnel payload
>
> Pu Lehui <pulehui@huawei.com>
> selftests/bpf: Adapt cgroup effective query uapi change
>
> Pu Lehui <pulehui@huawei.com>
> bpftool: Fix wrong cgroup attach flags being assigned to effective
> progs
>
> Pu Lehui <pulehui@huawei.com>
> bpf, cgroup: Reject prog_attach_flags array when effective query
>
> Antoine Tenart <atenart@kernel.org>
> netfilter: conntrack: revisit the gc initial rescheduling bias
>
> Antoine Tenart <atenart@kernel.org>
> netfilter: conntrack: fix the gc rescheduling delay
>
> Xin Liu <liuxin350@huawei.com>
> libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
>
> Baochen Qiang <quic_bqiang@quicinc.com>
> wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default
>
> Andrii Nakryiko <andrii@kernel.org>
> libbpf: Fix crash if SEC("freplace") programs don't have attach_prog_fd
> set
>
> Lee Jones <lee@kernel.org>
> bpf: Ensure correct locking around vulnerable function find_vpid()
>
> Zheng Yongjun <zhengyongjun3@huawei.com>
> net: fs_enet: Fix wrong check in do_pd_setup
>
> Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release
>
> Deren Wu <deren.wu@mediatek.com>
> wifi: mt76: mt7921e: fix rmmod crash in driver reload test
>
> Howard Hsu <howard-yh.hsu@mediatek.com>
> wifi: mt76: mt7915: do not check state before configuring implicit
> beamform
>
> Lorenzo Bianconi <lorenzo@kernel.org>
> wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx
>
> Howard Hsu <howard-yh.hsu@mediatek.com>
> wifi: mt76: mt7915: fix mcs value in ht mode
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: mt7921: fix the firmware version report
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: mt7921: add mt7921_mutex_acquire at
> mt7921_sta_set_decap_offload
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap
>
> Lorenzo Bianconi <lorenzo@kernel.org>
> wifi: mt76: connac: fix possible unaligned access in
> mt76_connac_mcu_add_nested_tlv
>
> Lorenzo Bianconi <lorenzo@kernel.org>
> wifi: mt76: mt7915: fix possible unaligned access in
> mt7915_mac_add_twt_setup
>
> Lorenzo Bianconi <lorenzo@kernel.org>
> wifi: mt76: mt7615: add mt7615_mutex_acquire/release in
> mt7615_sta_set_decap_offload
>
> YN Chen <yn.chen@mediatek.com>
> wifi: mt76: sdio: fix transmitting packet hangs
>
> Dan Carpenter <dan.carpenter@oracle.com>
> wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
>
> Dan Carpenter <dan.carpenter@oracle.com>
> wifi: mt76: mt7915: fix an uninitialized variable bug
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: sdio: poll sta stat when device transmits data
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: mt7921u: fix race issue between reset and suspend/resume
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: mt7921s: fix race issue between reset and suspend/resume
>
> Sean Wang <sean.wang@mediatek.com>
> wifi: mt76: mt7921e: fix race issue between reset and suspend/resume
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
>
> Bitterblue Smith <rtl8821cerfe2@gmail.com>
> wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
>
> Bitterblue Smith <rtl8821cerfe2@gmail.com>
> wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
>
> Lorenz Bauer <oss@lmb.io>
> bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
>
> Neil Armstrong <neil.armstrong@linaro.org>
> spi: meson-spicc: do not rely on busy flag in pow2 clk ops
>
> Bitterblue Smith <rtl8821cerfe2@gmail.com>
> wifi: rtl8xxxu: Fix skb misuse in TX queue selection
>
> Xu Qiang <xuqiang36@huawei.com>
> spi: qup: add missing clk_disable_unprepare on error in
> spi_qup_pm_resume_runtime()
>
> Xu Qiang <xuqiang36@huawei.com>
> spi: qup: add missing clk_disable_unprepare on error in
> spi_qup_resume()
>
> Johannes Berg <johannes.berg@intel.com>
> wifi: mac80211: mlme: assign link address correctly
>
> Ian Rogers <irogers@google.com>
> selftests/xsk: Avoid use-after-free on ctx
>
> Yang Yingliang <yangyingliang@huawei.com>
> wifi: rtw88: add missing destroy_workqueue() on error path in
> rtw_core_init()
>
> Dan Carpenter <dan.carpenter@oracle.com>
> wifi: wfx: prevent underflow in wfx_send_pds()
>
> Dan Carpenter <dan.carpenter@oracle.com>
> wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
>
> Ping-Ke Shih <pkshih@realtek.com>
> wifi: rtw89: pci: correct TX resource checking in low power mode
>
> Ping-Ke Shih <pkshih@realtek.com>
> wifi: rtw89: pci: fix interrupt stuck after leaving low power mode
>
> Hou Tao <houtao1@huawei.com>
> bpf: Only add BTF IDs for socket security hooks when
> CONFIG_SECURITY_NETWORK is on
>
> Sean Wang <sean.wang@mediatek.com>
> Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
>
> Hou Tao <houtao1@huawei.com>
> bpf: Use this_cpu_{inc_return|dec} for prog->active
>
> Hou Tao <houtao1@huawei.com>
> bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy
>
> Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
> wifi: ath11k: Fix incorrect QMI message ID mappings
>
> Hou Tao <houtao1@huawei.com>
> bpf: Propagate error from htab_lock_bucket() to userspace
>
> Hou Tao <houtao1@huawei.com>
> bpf: Disable preemption when increasing per-cpu map_locked
>
> Maciej Fijalkowski <maciej.fijalkowski@intel.com>
> selftests/xsk: Add missing close() on netns fd
>
> Maciej Fijalkowski <maciej.fijalkowski@intel.com>
> xsk: Fix backpressure mechanism on Tx
>
> Kohei Tarumizu <tarumizu.kohei@fujitsu.com>
> x86/resctrl: Fix to restore to original value when re-enabling hardware
> prefetch register
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> spi: mt7621: Fix an error message in mt7621_spi_probe()
>
> Sabrina Dubroca <sd@queasysnail.net>
> esp: choose the correct inner protocol for GSO on inter address family
> tunnels
>
> Richard Guy Briggs <rgb@redhat.com>
> audit: free audit_proctitle only on task exit
>
> Richard Guy Briggs <rgb@redhat.com>
> audit: explicitly check audit_context->context enum value
>
> Jacob Keller <jacob.e.keller@intel.com>
> ice: set tx_tstamps when creating new Tx rings via ethtool
>
> Lam Thai <lamthai@arista.com>
> bpftool: Fix a wrong type cast in btf_dumper_int
>
> Hari Chandrakanthan <quic_haric@quicinc.com>
> wifi: mac80211: allow bw change during channel switch in mesh
>
> Johannes Berg <johannes.berg@intel.com>
> wifi: mac80211_hwsim: fix link change handling
>
> Mordechay Goodstein <mordechay.goodstein@intel.com>
> wifi: mac80211: mlme: don't add empty EML capabilities
>
> Johannes Berg <johannes.berg@intel.com>
> wifi: mac80211: fix use-after-free
>
> Shaul Triebitz <shaul.triebitz@intel.com>
> wifi: cfg80211: get correct AP link chandef
>
> Shaul Triebitz <shaul.triebitz@intel.com>
> wifi: mac80211: properly set old_links when removing a link
>
> Kumar Kartikeya Dwivedi <memxor@gmail.com>
> bpf: Fix reference state management for synchronous callbacks
>
> Maksym Glubokiy <maksym.glubokiy@plvision.eu>
> net: prestera: cache port state for non-phylink ports too
>
> Gerhard Engleder <gerhard@engleder-embedded.com>
> tsnep: Fix TSNEP_INFO_TX_TIME register define
>
> Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
> leds: lm3601x: Don't use mutex after it was destroyed
>
> Joanne Koong <joannelkoong@gmail.com>
> bpf: Fix ref_obj_id for dynptr data slices in verifier
>
> Dave Marchevsky <davemarchevsky@fb.com>
> bpf: Cleanup check_refcount_ok
>
> Wen Gong <quic_wgong@quicinc.com>
> wifi: ath10k: add peer map clean up for peer delete in
> ath10k_sta_state()
>
> Youghandhar Chintala <quic_youghand@quicinc.com>
> wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices
>
> Ping-Ke Shih <pkshih@realtek.com>
> wifi: rtlwifi: 8192de: correct checking of IQK reload
>
> Florian Fainelli <f.fainelli@gmail.com>
> libbpf: Initialize err in probe_map_create
>
> Jason A. Donenfeld <Jason@zx2c4.com>
> m68k: Process bootinfo records before saving them
>
> Bill Wendling <morbo@google.com>
> x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled
>
> Chuck Lever <chuck.lever@oracle.com>
> NFSD: Fix handling of oversized NFSv4 COMPOUND requests
>
> Chuck Lever <chuck.lever@oracle.com>
> NFSD: Protect against send buffer overflow in NFSv2 READDIR
>
> Chuck Lever <chuck.lever@oracle.com>
> SUNRPC: Fix svcxdr_init_encode's buflen calculation
>
> Chuck Lever <chuck.lever@oracle.com>
> SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
>
> Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> nfsd: Fix a memory leak in an error handling path
>
> Sami Tolvanen <samitolvanen@google.com>
> objtool: Preserve special st_shndx indexes in elf_update_symbol
>
> Huisong Li <lihuisong@huawei.com>
> ACPI: PCC: Fix Tx acknowledge in the PCC address space handler
>
> Huisong Li <lihuisong@huawei.com>
> ACPI: PCC: replace wait_for_completion()
>
> Rafael Mendonca <rafaelmendsr@gmail.com>
> ACPI: PCC: Release resources on address space setup failure path
>
> Wang Kefeng <wangkefeng.wang@huawei.com>
> ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
>
> Wang Kefeng <wangkefeng.wang@huawei.com>
> ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
>
> Bart Van Assche <bvanassche@acm.org>
> ARM: 9243/1: riscpc: Unbreak the build
>
> Jia Zhu <zhujia.zj@bytedance.com>
> erofs: use kill_anon_super() to kill super in fscache mode
>
> Gao Xiang <xiang@kernel.org>
> erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
>
> Lin Yujun <linyujun809@huawei.com>
> MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
>
> Lin Yujun <linyujun809@huawei.com>
> MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create()
>
> Kees Cook <keescook@chromium.org>
> sh: machvec: Use char[] for section boundaries
>
> Perry Yuan <Perry.Yuan@amd.com>
> cpufreq: amd-pstate: Fix initial highest_perf value
>
> Xuewen Yan <xuewen.yan@unisoc.com>
> thermal: cpufreq_cooling: Check the policy first in
> cpufreq_cooling_register()
>
> Christian Brauner <brauner@kernel.org>
> acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
>
> Christian Brauner <brauner@kernel.org>
> ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
>
> Ondrej Mosnacek <omosnace@redhat.com>
> userfaultfd: open userfaultfds with O_RDONLY
>
> Mimi Zohar <zohar@linux.ibm.com>
> ima: fix blocking of security.ima xattrs of unsupported algorithms
>
> Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> selinux: use "grep -E" instead of "egrep"
>
> Steve French <stfrench@microsoft.com>
> smb3: must initialize two ACL struct fields to zero
>
> Ruili Ji <ruiliji2@amd.com>
> drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd
>
> Sonny Jiang <sonny.jiang@amd.com>
> drm/amdgpu: Enable VCN PG on GC11_0_1
>
> Shirish S <shirish.s@amd.com>
> drm/amd/display: explicitly disable psr_feature_enable appropriately
>
> Aurabindo Pillai <aurabindo.pillai@amd.com>
> drm/amd/display: Add HUBP surface flip interrupt handler
>
> Yunxiang Li <Yunxiang.Li@amd.com>
> drm/amd/display: Fix vblank refcount in vrr transition
>
> Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
> drm/amd/display: Enable 2 to 1 ODM policy if supported
>
> Roman Li <roman.li@amd.com>
> drm/amd/display: Enable dpia support for dcn314
>
> Fangzhi Zuo <Jerry.Zuo@amd.com>
> drm/amd/display: Validate DSC After Enable All New CRTCs
>
> Martin Leung <Martin.Leung@amd.com>
> drm/amd/display: zeromem mypipe heap struct before using it
>
> Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
> drm/amd/display: Update PMFW z-state interface for DCN314
>
> Alvin Lee <Alvin.Lee2@amd.com>
> drm/amd/display: Fix watermark calculation
>
> Thomas Hellström <thomas.hellstrom@linux.intel.com>
> drm/i915: Fix display problems after resume
>
> Ville Syrjälä <ville.syrjala@linux.intel.com>
> drm/i915: Fix watermark calculations for DG2 CCS+CC modifier
>
> Ville Syrjälä <ville.syrjala@linux.intel.com>
> drm/i915: Fix watermark calculations for DG2 CCS modifiers
>
> Ville Syrjälä <ville.syrjala@linux.intel.com>
> drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier
>
> Ville Syrjälä <ville.syrjala@linux.intel.com>
> drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
>
> Ville Syrjälä <ville.syrjala@linux.intel.com>
> drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
>
> Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> drm/i915/guc: Fix revocation of non-persistent contexts
>
> Chris Wilson <chris.p.wilson@intel.com>
> drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
>
> Jianglei Nie <niejianglei2021@163.com>
> drm/nouveau: fix a use-after-free in
> nouveau_gem_prime_import_sg_table()
>
> Lyude Paul <lyude@redhat.com>
> drm/nouveau/kms/nv140-: Disable interlacing
>
> Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> staging: greybus: audio_helper: remove unused and wrong debugfs usage
>
> Sean Christopherson <seanjc@google.com>
> KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
>
> Sean Christopherson <seanjc@google.com>
> KVM: x86: Treat #DBs from the emulator as fault-like (code and
> DR7.GD=1)
>
> Sean Christopherson <seanjc@google.com>
> KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
>
> Sean Christopherson <seanjc@google.com>
> KVM: nVMX: Unconditionally purge queued/injected events on nested
> "exit"
>
> Michal Luczaj <mhal@rbox.co>
> KVM: x86/emulator: Fix handing of POP SS to correctly set
> interruptibility
>
> Yu Kuai <yukuai3@huawei.com>
> blk-wbt: call rq_qos_add() after wb_normal is initialized
>
> Yu Kuai <yukuai3@huawei.com>
> blk-throttle: fix that io throttle can only work for single bio
>
> Dmitry Osipenko <dmitry.osipenko@collabora.com>
> media: cedrus: Fix endless loop in cedrus_h265_skip_bits()
>
> Dmitry Osipenko <dmitry.osipenko@collabora.com>
> media: cedrus: Set the platform driver data earlier
>
> Nicolas Dufresne <nicolas.dufresne@collabora.com>
> media: cedrus: Fix watchdog race condition
>
> Ard Biesheuvel <ardb@kernel.org>
> efi: libstub: drop pointless get_memory_map() call
>
> Mario Limonciello <mario.limonciello@amd.com>
> thunderbolt: Explicitly enable lane adapter hotplug events at startup
>
> Shengjiu Wang <shengjiu.wang@nxp.com>
> rpmsg: char: Avoid double destroy of default endpoint
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> tracing: Fix reading strings from synthetic events
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> tracing: Add "(fault)" name injection to kernel probes
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> tracing: Move duplicate code of trace_kprobe/eprobe.c into header
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> tracing: Do not free snapshot if tracer is on cmdline
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> tracing: Add ioctl() to force ring buffer waiters to wake up
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> tracing: Wake up waiters when tracing is disabled
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> tracing: Wake up ring buffer waiters on closing of the file
>
> Waiman Long <longman@redhat.com>
> tracing: Disable interrupt or preemption before acquiring
> arch_spinlock_t
>
> Tao Chen <chentao.kernel@linux.alibaba.com>
> tracing/eprobe: Fix alloc event dir failed when event name no set
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> ring-buffer: Fix race between reset page and reading page
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> ring-buffer: Add ring_buffer_wake_waiters()
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> ring-buffer: Check pending waiters when doing wake ups as well
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> ring-buffer: Have the shortest_full queue be the shortest not longest
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> ring-buffer: Allow splice to read previous partially read pages
>
> Steven Rostedt (Google) <rostedt@goodmis.org>
> ftrace: Still disable enabled records marked as disabled
>
> Zheng Yejian <zhengyejian1@huawei.com>
> ftrace: Properly unset FTRACE_HASH_FL_MOD
>
> Rik van Riel <riel@surriel.com>
> livepatch: fix race between fork and KLP transition
>
> Ye Bin <yebin10@huawei.com>
> ext4: update 'state->fc_regions_size' after successful memory
> allocation
>
> Ye Bin <yebin10@huawei.com>
> ext4: fix potential memory leak in ext4_fc_record_regions()
>
> Ye Bin <yebin10@huawei.com>
> ext4: fix potential memory leak in ext4_fc_record_modified_inode()
>
> Ye Bin <yebin10@huawei.com>
> ext4: fix miss release buffer head in ext4_fc_write_inode
>
> Zhihao Cheng <chengzhihao1@huawei.com>
> ext4: fix dir corruption when ext4_dx_add_entry() fails
>
> Jeff Layton <jlayton@kernel.org>
> ext4: fix i_version handling in ext4
>
> Jinke Han <hanjinke.666@bytedance.com>
> ext4: place buffer head allocation before handle start
>
> Zhang Yi <yi.zhang@huawei.com>
> ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
>
> Jeff Layton <jlayton@kernel.org>
> ext4: unconditionally enable the i_version counter
>
> Lukas Czerner <lczerner@redhat.com>
> ext4: don't increase iversion counter for ea_inodes
>
> Jan Kara <jack@suse.cz>
> ext4: fix check for block being out of directory size
>
> Lalith Rajendran <lalithkraj@google.com>
> ext4: make ext4_lazyinit_thread freezable
>
> Baokun Li <libaokun1@huawei.com>
> ext4: fix null-ptr-deref in ext4_write_info
>
> Jan Kara <jack@suse.cz>
> ext4: avoid crash when inline data creation follows DIO write
>
> Jan Kara <jack@suse.cz>
> ext2: Add sanity checks for group and filesystem size
>
> Ye Bin <yebin10@huawei.com>
> jbd2: add miss release buffer head in fc_do_one_pass()
>
> Ye Bin <yebin10@huawei.com>
> jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
>
> Ye Bin <yebin10@huawei.com>
> jbd2: fix potential buffer head reference count leak
>
> Andrew Perepechko <anserper@ya.ru>
> jbd2: wake up journal waiters in FIFO order, not LIFO
>
> Jaegeuk Kim <jaegeuk@kernel.org>
> f2fs: allow direct read for zoned device
>
> Chao Yu <chao@kernel.org>
> f2fs: fix to do sanity check on summary info
>
> Chao Yu <chao@kernel.org>
> f2fs: fix to do sanity check on destination blkaddr during recovery
>
> Jaegeuk Kim <jaegeuk@kernel.org>
> f2fs: increase the limit for reserve_root
>
> Jaegeuk Kim <jaegeuk@kernel.org>
> f2fs: flush pending checkpoints when freezing super
>
> Jaegeuk Kim <jaegeuk@kernel.org>
> f2fs: complete checkpoints during remount
>
> Jaegeuk Kim <jaegeuk@kernel.org>
> f2fs: fix wrong continue condition in GC
>
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> btrfs: set generation before calling btrfs_clean_tree_block in
> btrfs_init_new_buffer
>
> Filipe Manana <fdmanana@suse.com>
> btrfs: fix missed extent on fsync after dropping extent maps
>
> Filipe Manana <fdmanana@suse.com>
> btrfs: fix race between quota enable and quota rescan ioctl
>
> Qu Wenruo <wqu@suse.com>
> btrfs: enhance unsupported compat RO flags handling
>
> Alexander Zhu <alexlzhu@fb.com>
> btrfs: fix alignment of VMA for memory mapped files on THP
>
> Lukas Czerner <lczerner@redhat.com>
> fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
>
> Mickaël Salaün <mic@digikod.net>
> ksmbd: Fix user namespace mapping
>
> Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
> ksmbd: Fix wrong return value and message length check in smb2_ioctl()
>
> Namjae Jeon <linkinjeon@kernel.org>
> ksmbd: fix endless loop when encryption for response fails
>
> Namjae Jeon <linkinjeon@kernel.org>
> ksmbd: fix incorrect handling of iterate_dir
>
> Steve French <stfrench@microsoft.com>
> smb3: do not log confusing message when server returns no network
> interfaces
>
> Jason A. Donenfeld <Jason@zx2c4.com>
> hwrng: core - let sleep be interrupted when unregistering hwrng
>
> Hyunwoo Kim <imv4bel@gmail.com>
> fbdev: smscufx: Fix use-after-free in ufx_ops_open()
>
> Quentin Schulz <quentin.schulz@theobroma-systems.com>
> pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
>
> Quentin Schulz <quentin.schulz@theobroma-systems.com>
> gpio: rockchip: request GPIO mux to pinctrl when setting direction
>
> Saurav Kashyap <skashyap@marvell.com>
> scsi: qedf: Populate sysfs attributes for vport
>
> James Smart <jsmart2021@gmail.com>
> scsi: lpfc: Rework MIB Rx Monitor debug info logic
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> slimbus: qcom-ngd: cleanup in probe error path
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> slimbus: qcom-ngd: use correct error in message of pdr_add_lookup()
> failure
>
> Pali Rohár <pali@kernel.org>
> powerpc/boot: Explicitly disable usage of SPE instructions
>
> Christophe Leroy <christophe.leroy@csgroup.eu>
> powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE
>
> Zhang Rui <rui.zhang@intel.com>
> powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
>
> Matthias Kaehlcke <mka@chromium.org>
> LoadPin: Fix Kconfig doc about format of file with verity digests
>
> Viresh Kumar <viresh.kumar@linaro.org>
> cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning
>
> Chuck Lever <chuck.lever@oracle.com>
> NFSD: Protect against send buffer overflow in NFSv3 READ
>
> Chuck Lever <chuck.lever@oracle.com>
> NFSD: Protect against send buffer overflow in NFSv2 READ
>
> Chuck Lever <chuck.lever@oracle.com>
> NFSD: Protect against send buffer overflow in NFSv3 READDIR
>
> Maciej W. Rozycki <macro@orcam.me.uk>
> serial: 8250: Request full 16550A feature probing for OxSemi PCIe
> devices
>
> Maciej W. Rozycki <macro@orcam.me.uk>
> serial: 8250: Let drivers request full 16550A feature probing
>
> Lukas Wunner <lukas@wunner.de>
> serial: ar933x: Deassert Transmit Enable on ->rs485_config()
>
> Lukas Wunner <lukas@wunner.de>
> serial: Deassert Transmit Enable on probe in driver-specific way
>
> Lukas Wunner <lukas@wunner.de>
> serial: stm32: Deassert Transmit Enable on ->rs485_config()
>
> Christophe Leroy <christophe.leroy@csgroup.eu>
> serial: cpm_uart: Don't request IRQ too early for console port
>
> Maciej W. Rozycki <macro@orcam.me.uk>
> PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
>
> M. Vefa Bicakci <m.v.b@runbox.com>
> xen/gntdev: Accommodate VMA splitting
>
> M. Vefa Bicakci <m.v.b@runbox.com>
> xen/gntdev: Prevent leaking grants
>
> Carlos Llamas <cmllamas@google.com>
> mm/mmap: undo ->mmap() when arch_validate_flags() fails
>
> Peter Xu <peterx@redhat.com>
> mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in
>
> Baolin Wang <baolin.wang@linux.alibaba.com>
> mm/damon: validate if the pmd entry is present before accessing
>
> Baolin Wang <baolin.wang@linux.alibaba.com>
> mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
>
> Yang Guo <guoyang2@huawei.com>
> clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value
>
> James Morse <james.morse@arm.com>
> arm64: errata: Add Cortex-A55 to the repeat tlbi list
>
> Catalin Marinas <catalin.marinas@arm.com>
> arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
>
> Peter Collingbourne <pcc@google.com>
> arm64: mte: move register initialization to C
>
> Takashi Iwai <tiwai@suse.de>
> drm/udl: Restore display mode on resume
>
> Dmitry Osipenko <dmitry.osipenko@collabora.com>
> drm/virtio: Use appropriate atomic state in
> virtio_gpu_plane_cleanup_fb()
>
> Dmitry Osipenko <dmitry.osipenko@collabora.com>
> drm/virtio: Unlock reservations on dma_resv_reserve_fences() error
>
> Dmitry Osipenko <dmitry.osipenko@collabora.com>
> drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error
>
> Dmitry Osipenko <dmitry.osipenko@collabora.com>
> drm/virtio: Check whether transferred 2D BO is shmem
>
> Christian Marangi <ansuelsmth@gmail.com>
> dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg
>
> Christian Marangi <ansuelsmth@gmail.com>
> dmaengine: qcom-adm: fix wrong sizeof config in slave_config
>
> Dario Binacchi <dario.binacchi@amarulasolutions.com>
> dmaengine: mxs: use platform_driver_register
>
> Matthias Kaehlcke <mka@chromium.org>
> dm: verity-loadpin: Only trust verity targets with enforcement
>
> Hamza Mahfooz <hamza.mahfooz@amd.com>
> Revert "drm/amdgpu: use dirty framebuffer helper"
>
> Sagi Grimberg <sagi@grimberg.me>
> nvme-multipath: fix possible hang in live ns resize with ANA access
>
> Gaosheng Cui <cuigaosheng1@huawei.com>
> nvmem: core: Fix memleak in nvmem_register()
>
> Huacai Chen <chenhuacai@kernel.org>
> UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
>
> Fangrui Song <maskray@google.com>
> riscv: Pass -mno-relax only on lld < 15.0.0
>
> Wenting Zhang <zephray@outlook.com>
> riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
>
> Andrew Bresticker <abrestic@rivosinc.com>
> riscv: Make VM_WRITE imply VM_READ
>
> Andrew Bresticker <abrestic@rivosinc.com>
> riscv: Allow PROT_WRITE-only mmap()
>
> Jisheng Zhang <jszhang@kernel.org>
> riscv: vdso: fix NULL deference in vdso_join_timens() when vfork
>
> Helge Deller <deller@gmx.de>
> parisc: Fix userspace graphics card breakage due to pgtable special bit
>
> Helge Deller <deller@gmx.de>
> parisc: fbdev/stifb: Align graphics memory size to 4MB
>
> Maciej W. Rozycki <macro@orcam.me.uk>
> RISC-V: Make port I/O string accessors actually work
>
> Palmer Dabbelt <palmer@rivosinc.com>
> RISC-V: Re-enable counter access from userspace
>
> Conor Dooley <conor.dooley@microchip.com>
> riscv: topology: fix default topology reporting
>
> Conor Dooley <conor.dooley@microchip.com>
> arm64: topology: move store_cpu_topology() to shared code
>
> Linus Walleij <linus.walleij@linaro.org>
> regulator: qcom_rpm: Fix circular deferral regression
>
> Mika Westerberg <mika.westerberg@linux.intel.com>
> net: thunderbolt: Enable DMA paths only after rings are enabled
>
> Liang He <windhl@126.com>
> hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> ASoC: wcd934x: fix order of Slimbus unprepare/disable
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> ASoC: wcd9335: fix order of Slimbus unprepare/disable
>
> Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> arm64: dts: qcom: sdm845-mtp: correct ADC settle time
>
> Patryk Duda <pdk@semihalf.com>
> platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT
> failure
>
> Zhihao Cheng <chengzhihao1@huawei.com>
> quota: Check next/prev free block number after reading from quota file
>
> Andri Yngvason <andri@yngvason.is>
> HID: multitouch: Add memory barriers
>
> Jan Kara <jack@suse.cz>
> mbcache: Avoid nesting of cache->c_list_lock under bit locks
>
> Roberto Sassu <roberto.sassu@huawei.com>
> btf: Export bpf_dynptr definition
>
> Alexander Aring <aahringo@redhat.com>
> fs: dlm: fix invalid derefence of sb_lvbptr
>
> Alexander Aring <aahringo@redhat.com>
> fs: dlm: handle -EBUSY first in lock arg validation
>
> Alexander Aring <aahringo@redhat.com>
> fs: dlm: fix race between test_bit() and queue_work()
>
> Jarkko Nikula <jarkko.nikula@linux.intel.com>
> i2c: designware: Fix handling of real but unexpected device interrupts
>
> Wenchao Chen <wenchao.chen@unisoc.com>
> mmc: sdhci-sprd: Fix minimum clock limit
>
> Prathamesh Shete <pshete@nvidia.com>
> mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
>
> Biju Das <biju.das.jz@bp.renesas.com>
> mmc: renesas_sdhi: Fix rounding errors
>
> Anssi Hannula <anssi.hannula@bitwise.fi>
> can: kvaser_usb_leaf: Fix CAN state after restart
>
> Anssi Hannula <anssi.hannula@bitwise.fi>
> can: kvaser_usb_leaf: Fix TX queue out of sync after restart
>
> Anssi Hannula <anssi.hannula@bitwise.fi>
> can: kvaser_usb_leaf: Fix overread with an invalid command
>
> Anssi Hannula <anssi.hannula@bitwise.fi>
> can: kvaser_usb: Fix use of uninitialized completion
>
> Avri Altman <avri.altman@wdc.com>
> mmc: core: Add SD card quirk for broken discard
>
> Jean-Francois Le Fillatre <jflf_kernel@gmx.com>
> usb: add quirks for Lenovo OneLink+ Dock
>
> Nathan Chancellor <nathan@kernel.org>
> usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video()
>
> Rafael Mendonca <rafaelmendsr@gmail.com>
> xhci: dbc: Fix memory leak in xhci_alloc_dbc()
>
> Eddie James <eajames@linux.ibm.com>
> iio: pressure: dps310: Reset chip after timeout
>
> Eddie James <eajames@linux.ibm.com>
> iio: pressure: dps310: Refactor startup procedure
>
> Nuno Sá <nuno.sa@analog.com>
> iio: adc: ad7923: fix channel readings for some variants
>
> Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
> iio: ltc2497: Fix reading conversion results
>
> Michael Hennerich <michael.hennerich@analog.com>
> iio: dac: ad5593r: Fix i2c read protocol requirements
>
> Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
> cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
>
> Ronnie Sahlberg <lsahlber@redhat.com>
> cifs: destage dirty pages before re-reading them for cache=none
>
> Gaurav Kohli <gauravkohli@linux.microsoft.com>
> hv_netvsc: Fix race between VF offering and VF association message from
> host
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring: correct pinned_vm accounting
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/af_unix: defer registered files gc to io_uring release
>
> Jens Axboe <axboe@kernel.dk>
> io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring: limit registration w/ SINGLE_ISSUER
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: don't update msg_name if not provided
>
> Stefan Metzmacher <metze@samba.org>
> io_uring/net: fix fast_iov assignment in io_setup_async_msg()
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/rw: don't lose short results on io_setup_async_rw()
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/rw: fix unexpected link breakage
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/net: don't lose partial send/recv on fail
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring/rw: don't lose partial IO result on fail
>
> Pavel Begunkov <asml.silence@gmail.com>
> io_uring: add custom opcode hooks on fail
>
> Tudor Ambarus <tudor.ambarus@microchip.com>
> mtd: rawnand: atmel: Unmap streaming DMA mappings
>
> Saranya Gopal <saranya.gopal@intel.com>
> ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
>
> Luke D. Jones <luke@ljones.dev>
> ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
>
> Luke D. Jones <luke@ljones.dev>
> ALSA: hda/realtek: Correct pin configs for ASUS G533Z
>
> Callum Osmotherly <callum.osmotherly@gmail.com>
> ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: usb-audio: Fix NULL dererence at error path
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: usb-audio: Fix potential memory leaks
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
>
> Takashi Iwai <tiwai@suse.de>
> ALSA: oss: Fix potential deadlock at unregistration
>
>
> -------------
>
> Diffstat:
>
> Documentation/ABI/testing/sysfs-bus-iio | 2 +-
> Documentation/admin-guide/kernel-parameters.txt | 4 +
> Documentation/arm64/silicon-errata.rst | 2 +
> Documentation/filesystems/vfs.rst | 3 +
> .../trace/coresight/coresight-cpu-debug.rst | 3 +-
> Makefile | 4 +-
> arch/arm/Kconfig | 1 -
> arch/arm/boot/compressed/misc.c | 2 +
> arch/arm/boot/compressed/vmlinux.lds.S | 2 +
> arch/arm/boot/dts/armada-385-turris-omnia.dts | 4 +-
> arch/arm/boot/dts/exynos4412-midas.dtsi | 2 +-
> arch/arm/boot/dts/exynos4412-origen.dts | 2 +-
> arch/arm/boot/dts/imx6dl-riotboard.dts | 1 +
> arch/arm/boot/dts/imx6dl.dtsi | 3 +
> arch/arm/boot/dts/imx6q-arm2.dts | 1 +
> arch/arm/boot/dts/imx6q-evi.dts | 1 +
> arch/arm/boot/dts/imx6q-mccmon6.dts | 1 +
> arch/arm/boot/dts/imx6q.dtsi | 3 +
> arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 6 +-
> arch/arm/boot/dts/imx6qdl-nit6xlite.dtsi | 1 +
> arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi | 1 +
> arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi | 1 +
> arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi | 1 +
> arch/arm/boot/dts/imx6qdl-sabreauto.dtsi | 1 +
> arch/arm/boot/dts/imx6qdl-tqma6a.dtsi | 1 +
> arch/arm/boot/dts/imx6qdl-ts7970.dtsi | 1 +
> arch/arm/boot/dts/imx6qp.dtsi | 6 +
> arch/arm/boot/dts/imx6sl.dtsi | 23 +-
> arch/arm/boot/dts/imx6sll.dtsi | 3 +
> arch/arm/boot/dts/imx6sx-udoo-neo.dtsi | 14 +-
> arch/arm/boot/dts/imx6sx.dtsi | 6 +
> arch/arm/boot/dts/imx7d-sdb.dts | 7 +-
> arch/arm/boot/dts/kirkwood-lsxl.dtsi | 16 +-
> arch/arm/boot/dts/uniphier-pinctrl.dtsi | 10 +
> arch/arm/include/asm/stacktrace.h | 6 +
> arch/arm/kernel/return_address.c | 1 +
> arch/arm/kernel/stacktrace.c | 84 +++--
> arch/arm/lib/call_with_stack.S | 2 +
> arch/arm/mm/dma-mapping.c | 12 +-
> arch/arm/mm/dump.c | 2 +-
> arch/arm/mm/kasan_init.c | 9 +-
> arch/arm/mm/mmu.c | 4 +
> arch/arm/plat-orion/Makefile | 2 +-
> arch/arm64/Kconfig | 17 +
> .../boot/dts/exynos/exynos5433-tm2-common.dtsi | 2 +-
> .../boot/dts/freescale/imx8mm-kontron-n801x-s.dts | 3 +
> .../dts/freescale/imx8mm-kontron-n801x-som.dtsi | 2 -
> arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 +-
> arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi | 1 +
> arch/arm64/boot/dts/marvell/ac5-98dx25xx.dtsi | 8 +-
> arch/arm64/boot/dts/qcom/ipq8074.dtsi | 4 +-
> arch/arm64/boot/dts/qcom/pm8350c.dtsi | 3 +-
> arch/arm64/boot/dts/qcom/sa8295p-adp.dts | 11 -
> .../boot/dts/qcom/sc7180-trogdor-coachz-r1.dts | 2 -
> arch/arm64/boot/dts/qcom/sc7180-trogdor-lazor.dtsi | 2 -
> arch/arm64/boot/dts/qcom/sc7280-idp.dts | 2 +-
> arch/arm64/boot/dts/qcom/sc7280-idp.dtsi | 2 +-
> arch/arm64/boot/dts/qcom/sc7280.dtsi | 9 +-
> arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 9 -
> .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 10 -
> arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi | 3 +-
> arch/arm64/boot/dts/qcom/sdm845-mtp.dts | 12 +-
> arch/arm64/boot/dts/qcom/sdm845-xiaomi-polaris.dts | 2 +-
> .../boot/dts/qcom/sm8350-sony-xperia-sagami.dtsi | 2 +-
> arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +-
> arch/arm64/boot/dts/renesas/r9a07g043.dtsi | 8 +-
> arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 8 +-
> arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 8 +-
> arch/arm64/boot/dts/socionext/Makefile | 4 +-
> .../dts/socionext/uniphier-pxs3-ref-gadget0.dts | 41 +++
> .../dts/socionext/uniphier-pxs3-ref-gadget1.dts | 40 +++
> .../boot/dts/ti/k3-j7200-common-proc-board.dts | 10 +-
> arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 11 +-
> arch/arm64/include/asm/mte.h | 5 +
> arch/arm64/kernel/cpu_errata.c | 5 +
> arch/arm64/kernel/cpufeature.c | 3 +-
> arch/arm64/kernel/ftrace.c | 17 +-
> arch/arm64/kernel/mte.c | 60 +++-
> arch/arm64/kernel/suspend.c | 2 +
> arch/arm64/kernel/topology.c | 40 ---
> arch/arm64/mm/mteswap.c | 7 +-
> arch/arm64/mm/proc.S | 46 +--
> arch/ia64/mm/numa.c | 1 +
> arch/m68k/kernel/setup_mm.c | 5 +-
> arch/mips/bcm47xx/prom.c | 4 +-
> arch/mips/boot/dts/ralink/mt7621-gnubee-gb-pc2.dts | 6 +-
> arch/mips/sgi-ip27/ip27-xtalk.c | 70 +++--
> arch/mips/sgi-ip30/ip30-xtalk.c | 70 +++--
> arch/parisc/include/asm/pgtable.h | 7 +-
> arch/parisc/kernel/entry.S | 8 +
> arch/powerpc/Kconfig | 2 +-
> arch/powerpc/Makefile | 2 +-
> arch/powerpc/boot/Makefile | 1 +
> arch/powerpc/boot/dts/fsl/e500v1_power_isa.dtsi | 51 +++
> arch/powerpc/boot/dts/fsl/mpc8540ads.dts | 2 +-
> arch/powerpc/boot/dts/fsl/mpc8541cds.dts | 2 +-
> arch/powerpc/boot/dts/fsl/mpc8555cds.dts | 2 +-
> arch/powerpc/boot/dts/fsl/mpc8560ads.dts | 2 +-
> arch/powerpc/boot/dts/turris1x.dts | 14 +-
> arch/powerpc/configs/pseries_defconfig | 1 +
> arch/powerpc/include/asm/interrupt.h | 3 +-
> arch/powerpc/include/asm/syscalls.h | 12 +
> arch/powerpc/kernel/interrupt.c | 10 -
> arch/powerpc/kernel/interrupt_64.S | 45 ++-
> arch/powerpc/kernel/kprobes.c | 8 +-
> arch/powerpc/kernel/pci_dn.c | 1 +
> arch/powerpc/kernel/setup_64.c | 4 +-
> arch/powerpc/kernel/sys_ppc32.c | 14 +-
> arch/powerpc/kernel/syscalls.c | 4 +-
> arch/powerpc/math-emu/math_efp.c | 1 +
> arch/powerpc/platforms/powernv/opal.c | 1 +
> arch/powerpc/platforms/pseries/vas.c | 2 +-
> arch/powerpc/sysdev/fsl_msi.c | 2 +
> arch/riscv/Kconfig | 2 +-
> arch/riscv/Makefile | 2 +
> arch/riscv/include/asm/io.h | 16 +-
> arch/riscv/include/asm/mmu.h | 1 -
> arch/riscv/kernel/setup.c | 4 +-
> arch/riscv/kernel/smpboot.c | 3 +-
> arch/riscv/kernel/sys_riscv.c | 3 -
> arch/riscv/kernel/vdso.c | 13 +-
> arch/riscv/mm/fault.c | 3 +-
> arch/sh/include/asm/sections.h | 2 +-
> arch/sh/kernel/machvec.c | 10 +-
> arch/um/kernel/um_arch.c | 2 +-
> arch/x86/Kconfig | 7 +-
> arch/x86/include/asm/cpu.h | 2 +
> arch/x86/include/asm/hyperv-tlfs.h | 4 +-
> arch/x86/include/asm/microcode.h | 1 +
> arch/x86/include/asm/msr-index.h | 13 +
> arch/x86/include/asm/paravirt_types.h | 11 +-
> arch/x86/kernel/apic/apic.c | 44 ++-
> arch/x86/kernel/cpu/feat_ctl.c | 2 +-
> arch/x86/kernel/cpu/mce/apei.c | 13 +-
> arch/x86/kernel/cpu/microcode/amd.c | 3 +-
> arch/x86/kernel/cpu/resctrl/pseudo_lock.c | 12 +-
> arch/x86/kvm/emulate.c | 2 +-
> arch/x86/kvm/vmx/nested.c | 37 ++-
> arch/x86/kvm/vmx/vmx.c | 12 +-
> arch/x86/kvm/x86.c | 27 +-
> arch/x86/net/bpf_jit_comp.c | 16 +-
> arch/x86/xen/enlighten_pv.c | 3 +-
> block/bio.c | 2 -
> block/blk-mq.c | 6 +-
> block/blk-throttle.c | 28 +-
> block/blk-throttle.h | 2 +-
> block/blk-wbt.c | 10 +-
> block/blk.h | 3 +-
> block/elevator.c | 4 +-
> crypto/akcipher.c | 8 +
> drivers/acpi/acpi_fpdt.c | 22 ++
> drivers/acpi/acpi_pcc.c | 28 +-
> drivers/acpi/acpi_video.c | 16 +
> drivers/acpi/apei/ghes.c | 2 +-
> drivers/acpi/x86/utils.c | 19 +-
> drivers/ata/libahci_platform.c | 14 +-
> drivers/base/arch_topology.c | 19 ++
> drivers/block/nbd.c | 6 +-
> drivers/bluetooth/btintel.c | 17 +-
> drivers/bluetooth/btusb.c | 14 +
> drivers/bluetooth/hci_ldisc.c | 7 +-
> drivers/bluetooth/hci_serdev.c | 10 +-
> drivers/char/hw_random/arm_smccc_trng.c | 4 +-
> drivers/char/hw_random/core.c | 19 +-
> drivers/char/hw_random/imx-rngc.c | 37 +--
> drivers/char/random.c | 4 +-
> drivers/clk/baikal-t1/ccu-div.c | 65 ++++
> drivers/clk/baikal-t1/ccu-div.h | 10 +
> drivers/clk/baikal-t1/clk-ccu-div.c | 26 +-
> drivers/clk/bcm/clk-bcm2835.c | 43 ++-
> drivers/clk/berlin/bg2.c | 5 +-
> drivers/clk/berlin/bg2q.c | 6 +-
> drivers/clk/clk-ast2600.c | 2 +-
> drivers/clk/clk-oxnas.c | 6 +-
> drivers/clk/clk-qoriq.c | 10 +-
> drivers/clk/clk-versaclock5.c | 2 +-
> drivers/clk/imx/clk-imx8mp.c | 2 +-
> drivers/clk/imx/clk-scu.c | 6 +-
> drivers/clk/mediatek/clk-mt8183-mfgcfg.c | 6 +-
> drivers/clk/mediatek/clk-mt8195-infra_ao.c | 13 +-
> drivers/clk/mediatek/clk-mt8195-mfg.c | 6 +-
> drivers/clk/mediatek/clk-mt8195-vdo0.c | 7 +-
> drivers/clk/mediatek/clk-mt8195-vdo1.c | 6 +-
> drivers/clk/mediatek/clk-mtk.c | 12 +-
> drivers/clk/meson/meson-aoclk.c | 5 +-
> drivers/clk/meson/meson-eeclk.c | 5 +-
> drivers/clk/meson/meson8b.c | 5 +-
> drivers/clk/qcom/Kconfig | 1 +
> drivers/clk/qcom/apss-ipq6018.c | 2 +-
> drivers/clk/qcom/gcc-sdm660.c | 2 +-
> drivers/clk/qcom/gcc-sm6115.c | 46 ++-
> drivers/clk/samsung/clk-exynosautov9.c | 20 +-
> drivers/clk/sprd/common.c | 9 +-
> drivers/clk/st/clkgen-fsyn.c | 5 +-
> drivers/clk/st/clkgen-mux.c | 5 +-
> drivers/clk/tegra/clk-tegra114.c | 1 +
> drivers/clk/tegra/clk-tegra20.c | 1 +
> drivers/clk/tegra/clk-tegra210.c | 1 +
> drivers/clk/ti/clk-dra7-atl.c | 9 +-
> drivers/clk/ti/clk.c | 5 +-
> drivers/clk/zynqmp/clkc.c | 7 +
> drivers/clk/zynqmp/pll.c | 31 +-
> drivers/clocksource/arm_arch_timer.c | 6 +-
> drivers/clocksource/timer-gxp.c | 7 +-
> drivers/cpufreq/amd-pstate.c | 16 +-
> drivers/cpufreq/intel_pstate.c | 1 +
> drivers/cpufreq/qcom-cpufreq-hw.c | 10 +-
> drivers/cpuidle/cpuidle-riscv-sbi.c | 7 +-
> drivers/crypto/cavium/cpt/cptpf_main.c | 6 +-
> drivers/crypto/ccp/ccp-dmaengine.c | 6 +-
> drivers/crypto/ccp/sev-dev.c | 26 +-
> drivers/crypto/hisilicon/qm.c | 6 +-
> drivers/crypto/hisilicon/zip/zip_crypto.c | 4 +-
> drivers/crypto/inside-secure/safexcel_hash.c | 8 +-
> drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 18 +-
> drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 2 +-
> drivers/crypto/qat/qat_common/qat_algs.c | 18 +-
> drivers/crypto/sahara.c | 18 +-
> drivers/dma-buf/udmabuf.c | 9 +-
> drivers/dma/dw-edma/dw-edma-core.c | 12 -
> drivers/dma/hisi_dma.c | 28 +-
> drivers/dma/idxd/irq.c | 2 -
> drivers/dma/ioat/dma.c | 6 +-
> drivers/dma/mxs-dma.c | 11 +-
> drivers/dma/qcom/qcom_adm.c | 22 +-
> drivers/dma/ti/k3-udma.c | 25 +-
> drivers/firmware/efi/libstub/fdt.c | 8 -
> drivers/firmware/google/gsmi.c | 9 +
> drivers/fpga/dfl-pci.c | 18 ++
> drivers/fpga/dfl.c | 2 +-
> drivers/fsi/fsi-core.c | 3 +
> drivers/fsi/fsi-master-ast-cf.c | 2 +
> drivers/fsi/fsi-occ.c | 18 +-
> drivers/gpio/gpio-rockchip.c | 7 +
> drivers/gpu/drm/Kconfig | 1 +
> drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 7 +-
> drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 14 +-
> drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 +-
> drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 9 +-
> drivers/gpu/drm/amd/amdgpu/mmhub_v3_0.c | 10 +-
> drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c | 3 +-
> drivers/gpu/drm/amd/amdgpu/soc21.c | 5 +
> .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 45 ++-
> drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 3 +-
> drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 83 ++---
> .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 8 +-
> .../drm/amd/display/dc/clk_mgr/dcn314/dcn314_smu.c | 11 +-
> drivers/gpu/drm/amd/display/dc/core/dc.c | 16 +-
> drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 6 +-
> drivers/gpu/drm/amd/display/dc/dc_stream.h | 6 +-
> .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 35 +--
> .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.h | 3 +-
> .../display/dc/dcn31/dcn31_hpo_dp_stream_encoder.c | 6 +-
> .../drm/amd/display/dc/dcn314/dcn314_resource.c | 4 +-
> drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hubp.c | 1 +
> drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 4 +
> .../gpu/drm/amd/display/dc/dml/calcs/bw_fixed.c | 6 +-
> .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 1 +
> .../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 2 +
> .../gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 1 +
> drivers/gpu/drm/amd/display/dc/inc/hw_sequencer.h | 8 +-
> drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 4 +-
> drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 21 +-
> drivers/gpu/drm/arm/display/komeda/komeda_kms.h | 2 +
> drivers/gpu/drm/bridge/adv7511/adv7511.h | 5 +-
> drivers/gpu/drm/bridge/adv7511/adv7511_cec.c | 4 +-
> drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 5 +-
> drivers/gpu/drm/bridge/analogix/anx7625.c | 1 +
> drivers/gpu/drm/bridge/ite-it6505.c | 5 +-
> drivers/gpu/drm/bridge/lontium-lt9611.c | 3 +-
> .../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 4 +-
> drivers/gpu/drm/bridge/parade-ps8640.c | 4 +-
> drivers/gpu/drm/bridge/synopsys/dw-hdmi.c | 13 +-
> drivers/gpu/drm/bridge/tc358767.c | 5 +-
> drivers/gpu/drm/display/drm_dp_helper.c | 9 -
> drivers/gpu/drm/display/drm_dp_mst_topology.c | 6 +-
> drivers/gpu/drm/drm_bridge.c | 4 +-
> drivers/gpu/drm/drm_ioctl.c | 8 +-
> drivers/gpu/drm/drm_mipi_dsi.c | 1 +
> drivers/gpu/drm/drm_panel_orientation_quirks.c | 18 ++
> drivers/gpu/drm/i915/display/intel_cdclk.c | 4 +-
> drivers/gpu/drm/i915/gem/i915_gem_context.c | 8 +-
> drivers/gpu/drm/i915/gt/gen6_ppgtt.c | 16 +-
> drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 58 ++--
> drivers/gpu/drm/i915/gt/intel_context.c | 5 +-
> drivers/gpu/drm/i915/gt/intel_context.h | 3 +-
> drivers/gpu/drm/i915/gt/intel_ggtt.c | 8 +-
> drivers/gpu/drm/i915/gt/intel_gtt.c | 3 +
> drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 26 +-
> drivers/gpu/drm/i915/intel_pm.c | 16 +-
> drivers/gpu/drm/meson/meson_drv.c | 14 +-
> drivers/gpu/drm/meson/meson_drv.h | 7 +
> drivers/gpu/drm/meson/meson_encoder_cvbs.c | 13 +
> drivers/gpu/drm/meson/meson_encoder_cvbs.h | 1 +
> drivers/gpu/drm/meson/meson_encoder_hdmi.c | 13 +
> drivers/gpu/drm/meson/meson_encoder_hdmi.h | 1 +
> drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 19 +-
> drivers/gpu/drm/msm/disp/dpu1/dpu_vbif.c | 29 +-
> drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 9 +-
> drivers/gpu/drm/msm/dp/dp_catalog.c | 2 +-
> drivers/gpu/drm/msm/msm_drv.c | 13 +-
> drivers/gpu/drm/msm/msm_drv.h | 2 +
> drivers/gpu/drm/msm/msm_io_utils.c | 22 ++
> drivers/gpu/drm/nouveau/nouveau_bo.c | 4 +-
> drivers/gpu/drm/nouveau/nouveau_connector.c | 3 +-
> drivers/gpu/drm/nouveau/nouveau_prime.c | 1 -
> drivers/gpu/drm/omapdrm/dss/dss.c | 3 +
> drivers/gpu/drm/panel/Kconfig | 4 +-
> drivers/gpu/drm/pl111/pl111_versatile.c | 1 +
> drivers/gpu/drm/tests/drm_format_helper_test.c | 23 +-
> drivers/gpu/drm/tiny/bochs.c | 2 +
> drivers/gpu/drm/udl/udl_modeset.c | 3 -
> drivers/gpu/drm/vc4/vc4_drv.c | 14 +-
> drivers/gpu/drm/vc4/vc4_drv.h | 1 +
> drivers/gpu/drm/vc4/vc4_vec.c | 4 +-
> drivers/gpu/drm/virtio/virtgpu_display.c | 2 +
> drivers/gpu/drm/virtio/virtgpu_gem.c | 4 +-
> drivers/gpu/drm/virtio/virtgpu_ioctl.c | 4 +-
> drivers/gpu/drm/virtio/virtgpu_object.c | 3 +
> drivers/gpu/drm/virtio/virtgpu_plane.c | 6 +-
> drivers/gpu/drm/virtio/virtgpu_vq.c | 2 +-
> drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 1 +
> drivers/hid/Kconfig | 6 +
> drivers/hid/Makefile | 1 +
> drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 +
> drivers/hid/hid-ids.h | 3 +
> drivers/hid/hid-multitouch.c | 8 +-
> drivers/hid/hid-nintendo.c | 55 ++--
> drivers/hid/hid-roccat.c | 4 +
> drivers/hid/hid-topre.c | 49 +++
> drivers/hid/hid-uclogic-core.c | 1 +
> drivers/hid/hid-uclogic-rdesc.c | 2 +-
> drivers/hsi/clients/ssi_protocol.c | 1 +
> drivers/hsi/controllers/omap_ssi_core.c | 1 +
> drivers/hsi/controllers/omap_ssi_port.c | 8 +-
> drivers/hwmon/gsc-hwmon.c | 1 +
> drivers/hwmon/occ/p9_sbe.c | 17 +-
> drivers/hwmon/pmbus/mp2888.c | 13 +-
> drivers/hwmon/sht4x.c | 2 +-
> drivers/i2c/busses/i2c-designware-core.h | 7 +-
> drivers/i2c/busses/i2c-designware-master.c | 13 +
> drivers/i2c/busses/i2c-designware-pcidrv.c | 30 +-
> drivers/i2c/busses/i2c-mlxbf.c | 44 ++-
> drivers/iio/adc/ad7923.c | 4 +-
> drivers/iio/adc/at91-sama5d2_adc.c | 28 +-
> drivers/iio/adc/ltc2497.c | 13 +
> drivers/iio/dac/ad5593r.c | 46 +--
> drivers/iio/industrialio-core.c | 5 +
> drivers/iio/inkern.c | 8 +-
> drivers/iio/magnetometer/yamaha-yas530.c | 2 +-
> drivers/iio/pressure/dps310.c | 262 ++++++++++------
> drivers/infiniband/core/cm.c | 14 +-
> drivers/infiniband/core/uverbs_cmd.c | 5 +-
> drivers/infiniband/core/verbs.c | 2 +
> drivers/infiniband/hw/hns/hns_roce_mr.c | 1 -
> drivers/infiniband/hw/irdma/defs.h | 1 +
> drivers/infiniband/hw/irdma/hw.c | 51 +--
> drivers/infiniband/hw/irdma/type.h | 1 +
> drivers/infiniband/hw/irdma/user.h | 1 +
> drivers/infiniband/hw/irdma/utils.c | 3 +
> drivers/infiniband/hw/irdma/verbs.c | 69 ++++-
> drivers/infiniband/hw/mlx4/mr.c | 1 -
> drivers/infiniband/hw/mlx5/main.c | 3 +
> drivers/infiniband/hw/mlx5/odp.c | 3 +-
> drivers/infiniband/sw/rxe/rxe_loc.h | 6 +-
> drivers/infiniband/sw/rxe/rxe_mr.c | 11 +-
> drivers/infiniband/sw/rxe/rxe_qp.c | 10 +-
> drivers/infiniband/sw/rxe/rxe_queue.c | 12 +-
> drivers/infiniband/sw/rxe/rxe_resp.c | 10 +-
> drivers/infiniband/sw/rxe/rxe_verbs.c | 12 +-
> drivers/infiniband/sw/siw/siw.h | 1 +
> drivers/infiniband/sw/siw/siw_qp.c | 2 +-
> drivers/infiniband/sw/siw/siw_qp_rx.c | 27 +-
> drivers/infiniband/sw/siw/siw_verbs.c | 3 +
> drivers/infiniband/ulp/srp/ib_srp.c | 4 +-
> drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 21 ++
> drivers/iommu/omap-iommu-debug.c | 6 +-
> drivers/isdn/mISDN/l1oip.h | 1 +
> drivers/isdn/mISDN/l1oip_core.c | 13 +-
> drivers/leds/flash/leds-lm3601x.c | 2 -
> drivers/mailbox/bcm-flexrm-mailbox.c | 8 +-
> drivers/mailbox/imx-mailbox.c | 10 +-
> drivers/mailbox/mailbox-mpfs.c | 25 +-
> drivers/md/bcache/writeback.c | 73 +++--
> drivers/md/dm-verity-loadpin.c | 8 +
> drivers/md/dm-verity-target.c | 16 +
> drivers/md/dm-verity.h | 1 +
> drivers/md/md.c | 1 -
> drivers/md/raid0.c | 2 +-
> drivers/md/raid5.c | 15 +-
> drivers/media/pci/cx88/cx88-vbi.c | 9 +-
> drivers/media/pci/cx88/cx88-video.c | 43 +--
> drivers/media/platform/amlogic/meson-ge2d/ge2d.c | 1 -
> drivers/media/platform/amphion/vdec.c | 16 +-
> drivers/media/platform/amphion/venc.c | 2 +-
> drivers/media/platform/amphion/vpu.h | 1 -
> drivers/media/platform/amphion/vpu_core.c | 84 ++---
> drivers/media/platform/amphion/vpu_core.h | 1 +
> drivers/media/platform/amphion/vpu_dbg.c | 9 +-
> drivers/media/platform/amphion/vpu_malone.c | 2 +-
> .../media/platform/mediatek/jpeg/mtk_jpeg_core.c | 1 -
> .../platform/mediatek/vcodec/mtk_vcodec_enc.c | 3 +-
> .../media/platform/samsung/exynos4-is/fimc-is.c | 1 +
> drivers/media/platform/samsung/s5p-mfc/s5p_mfc.c | 3 +-
> drivers/media/platform/xilinx/xilinx-vipp.c | 9 +-
> drivers/media/usb/airspy/airspy.c | 4 +
> drivers/media/usb/uvc/uvc_ctrl.c | 83 ++---
> drivers/media/usb/uvc/uvc_driver.c | 8 +-
> drivers/memory/of_memory.c | 2 +
> drivers/memory/pl353-smc.c | 1 +
> drivers/mfd/da9062-core.c | 1 +
> drivers/mfd/fsl-imx25-tsadc.c | 34 +-
> drivers/mfd/intel_soc_pmic_core.c | 1 +
> drivers/mfd/lp8788-irq.c | 3 +
> drivers/mfd/lp8788.c | 12 +-
> drivers/mfd/sm501.c | 7 +-
> drivers/misc/ocxl/file.c | 2 +
> drivers/mmc/core/block.c | 6 +-
> drivers/mmc/core/card.h | 6 +
> drivers/mmc/core/quirks.h | 6 +
> drivers/mmc/host/au1xmmc.c | 3 +-
> drivers/mmc/host/renesas_sdhi_core.c | 21 +-
> drivers/mmc/host/sdhci-msm.c | 1 +
> drivers/mmc/host/sdhci-sprd.c | 2 +-
> drivers/mmc/host/sdhci-tegra.c | 2 +-
> drivers/mmc/host/wmt-sdmmc.c | 5 +-
> drivers/mtd/devices/docg3.c | 7 +-
> drivers/mtd/nand/raw/atmel/nand-controller.c | 1 +
> drivers/mtd/nand/raw/fsl_elbc_nand.c | 28 +-
> drivers/mtd/nand/raw/intel-nand-controller.c | 12 +-
> drivers/mtd/nand/raw/meson_nand.c | 4 +-
> drivers/net/can/usb/kvaser_usb/kvaser_usb.h | 2 +
> drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 3 +-
> drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 2 +-
> drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 79 +++++
> drivers/net/ethernet/atheros/alx/main.c | 5 +
> drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 1 +
> drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 10 +-
> drivers/net/ethernet/engleder/tsnep_hw.h | 3 +-
> drivers/net/ethernet/faraday/ftmac100.h | 12 +-
> drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +-
> drivers/net/ethernet/intel/iavf/iavf_main.c | 177 ++++++++---
> drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 +
> drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 1 +
> drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c | 10 +-
> drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 13 +-
> .../net/ethernet/marvell/prestera/prestera_acl.c | 8 +-
> .../net/ethernet/marvell/prestera/prestera_acl.h | 4 +-
> .../ethernet/marvell/prestera/prestera_flower.c | 6 +-
> .../net/ethernet/marvell/prestera/prestera_main.c | 36 +--
> drivers/net/ethernet/micrel/ks8851_spi.c | 5 +-
> drivers/net/ethernet/microchip/lan743x_ptp.c | 7 +
> drivers/net/ethernet/sunplus/spl2sw_driver.c | 2 +-
> drivers/net/ethernet/ti/Kconfig | 1 +
> drivers/net/ethernet/ti/davinci_mdio.c | 242 ++++++++++++++-
> drivers/net/ethernet/xilinx/xilinx_axienet.h | 12 +
> drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 ++-
> drivers/net/hyperv/hyperv_net.h | 3 +-
> drivers/net/hyperv/netvsc.c | 4 +
> drivers/net/hyperv/netvsc_drv.c | 19 ++
> drivers/net/thunderbolt.c | 28 +-
> drivers/net/usb/r8152.c | 4 +-
> drivers/net/wireless/ath/ath10k/core.c | 16 +
> drivers/net/wireless/ath/ath10k/htc.c | 11 +-
> drivers/net/wireless/ath/ath10k/hw.h | 2 +
> drivers/net/wireless/ath/ath10k/mac.c | 54 ++--
> drivers/net/wireless/ath/ath11k/ahb.c | 58 +++-
> drivers/net/wireless/ath/ath11k/core.c | 2 +
> drivers/net/wireless/ath/ath11k/dp_rx.c | 3 +-
> drivers/net/wireless/ath/ath11k/mac.c | 25 +-
> drivers/net/wireless/ath/ath11k/mhi.c | 17 +-
> drivers/net/wireless/ath/ath11k/peer.c | 30 +-
> drivers/net/wireless/ath/ath11k/qmi.c | 38 ++-
> drivers/net/wireless/ath/ath11k/qmi.h | 10 +-
> drivers/net/wireless/ath/ath11k/wmi.c | 9 +-
> drivers/net/wireless/ath/ath11k/wmi.h | 2 +-
> drivers/net/wireless/ath/ath9k/htc_hst.c | 43 ++-
> drivers/net/wireless/ath/ath9k/rng.c | 3 +-
> .../wireless/broadcom/brcm80211/brcmfmac/core.c | 3 +-
> .../net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 12 +-
> drivers/net/wireless/mac80211_hwsim.c | 7 +-
> drivers/net/wireless/marvell/mwifiex/init.c | 9 +-
> drivers/net/wireless/marvell/mwifiex/main.h | 3 +-
> drivers/net/wireless/marvell/mwifiex/sta_event.c | 6 +-
> drivers/net/wireless/mediatek/mt76/mt7615/main.c | 4 +
> .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +-
> .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +-
> drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 12 +-
> drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 +-
> .../net/wireless/mediatek/mt76/mt7921/acpi_sar.c | 5 +-
> drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 7 +-
> drivers/net/wireless/mediatek/mt76/mt7921/main.c | 26 +-
> drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 15 +-
> drivers/net/wireless/mediatek/mt76/mt7921/sdio.c | 13 +-
> drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 28 +-
> drivers/net/wireless/mediatek/mt76/sdio.c | 8 +-
> drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 34 +-
> drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 6 +-
> .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 96 ++++--
> .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 9 +-
> drivers/net/wireless/realtek/rtw88/main.c | 8 +-
> drivers/net/wireless/realtek/rtw88/phy.c | 21 +-
> drivers/net/wireless/realtek/rtw89/core.c | 1 +
> drivers/net/wireless/realtek/rtw89/fw.c | 12 +-
> drivers/net/wireless/realtek/rtw89/pci.c | 5 +-
> drivers/net/wireless/realtek/rtw89/ser.c | 3 +
> drivers/net/wireless/silabs/wfx/main.c | 2 +-
> drivers/net/wireless/st/cw1200/queue.c | 18 +-
> drivers/net/wwan/iosm/iosm_ipc_wwan.c | 5 +-
> drivers/nvme/host/core.c | 20 +-
> drivers/nvme/host/ioctl.c | 9 +-
> drivers/nvme/host/multipath.c | 1 +
> drivers/nvme/host/nvme.h | 4 +-
> drivers/nvme/target/core.c | 1 +
> drivers/nvme/target/fabrics-cmd-auth.c | 13 +-
> drivers/nvme/target/fabrics-cmd.c | 6 +-
> drivers/nvme/target/nvmet.h | 7 +-
> drivers/nvme/target/passthru.c | 7 +-
> drivers/nvme/target/tcp.c | 11 +-
> drivers/nvmem/core.c | 15 +-
> drivers/pci/setup-res.c | 11 +
> drivers/perf/riscv_pmu_sbi.c | 7 +-
> .../phy/amlogic/phy-meson-axg-mipi-pcie-analog.c | 6 +-
> drivers/phy/mediatek/phy-mtk-tphy.c | 7 +-
> drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 32 +-
> drivers/phy/qualcomm/phy-qcom-qmp-pcie-msm8996.c | 23 +-
> drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 39 ++-
> drivers/phy/qualcomm/phy-qcom-qmp-ufs.c | 30 +-
> drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 64 ++--
> drivers/phy/qualcomm/phy-qcom-usb-hsic.c | 6 +-
> drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 +-
> drivers/pinctrl/pinctrl-rockchip.c | 13 +
> drivers/platform/chrome/chromeos_laptop.c | 24 +-
> drivers/platform/chrome/cros_ec.c | 8 +-
> drivers/platform/chrome/cros_ec_chardev.c | 3 +
> drivers/platform/chrome/cros_ec_proto.c | 32 ++
> drivers/platform/chrome/cros_ec_typec.c | 5 +-
> drivers/platform/x86/hp-wmi.c | 11 +-
> drivers/platform/x86/msi-laptop.c | 14 +-
> drivers/platform/x86/pmc_atom.c | 2 +-
> drivers/power/supply/adp5061.c | 6 +-
> drivers/powercap/intel_rapl_common.c | 4 +-
> drivers/regulator/core.c | 2 +-
> drivers/regulator/qcom_rpm-regulator.c | 24 +-
> drivers/remoteproc/remoteproc_core.c | 5 +-
> drivers/rpmsg/rpmsg_char.c | 4 +-
> drivers/scsi/3w-9xxx.c | 2 +-
> drivers/scsi/iscsi_tcp.c | 73 +++--
> drivers/scsi/iscsi_tcp.h | 3 +
> drivers/scsi/libsas/sas_expander.c | 2 +-
> drivers/scsi/lpfc/lpfc.h | 14 +-
> drivers/scsi/lpfc/lpfc_crtn.h | 8 +
> drivers/scsi/lpfc/lpfc_ct.c | 7 +-
> drivers/scsi/lpfc/lpfc_debugfs.c | 61 +---
> drivers/scsi/lpfc/lpfc_debugfs.h | 2 +-
> drivers/scsi/lpfc/lpfc_hbadisc.c | 4 +-
> drivers/scsi/lpfc/lpfc_init.c | 332
> ++++++++++----------
> drivers/scsi/lpfc/lpfc_mem.c | 9 +-
> drivers/scsi/lpfc/lpfc_sli.c | 193 +++++++++++-
> drivers/scsi/lpfc/lpfc_sli4.h | 4 +-
> drivers/scsi/lpfc/lpfc_vmid.c | 4 +-
> drivers/scsi/pm8001/pm8001_hwi.c | 4 +
> drivers/scsi/qedf/qedf_main.c | 21 ++
> drivers/slimbus/qcom-ngd-ctrl.c | 22 +-
> drivers/soc/qcom/smem_state.c | 3 +-
> drivers/soc/qcom/smsm.c | 20 +-
> drivers/soc/tegra/Kconfig | 1 -
> drivers/soc/tegra/fuse/fuse-tegra.c | 1 +
> drivers/soundwire/cadence_master.c | 9 +-
> drivers/soundwire/intel.c | 1 -
> drivers/spi/spi-cadence-quadspi.c | 3 +-
> drivers/spi/spi-dw-bt1.c | 4 +-
> drivers/spi/spi-meson-spicc.c | 6 +-
> drivers/spi/spi-mt7621.c | 8 +-
> drivers/spi/spi-omap-100k.c | 1 +
> drivers/spi/spi-qup.c | 21 +-
> drivers/spi/spi-s3c64xx.c | 9 +
> drivers/spi/spi.c | 2 +
> drivers/spmi/spmi-pmic-arb.c | 13 +-
> drivers/staging/greybus/audio_helper.c | 11 -
> drivers/staging/media/meson/vdec/vdec_hevc.c | 6 +-
> drivers/staging/media/sunxi/cedrus/cedrus.c | 4 +-
> drivers/staging/media/sunxi/cedrus/cedrus_dec.c | 4 +-
> drivers/staging/media/sunxi/cedrus/cedrus_h265.c | 5 +-
> drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 +-
> drivers/staging/rtl8723bs/os_dep/os_intfs.c | 60 ++--
> drivers/staging/vt6655/device_main.c | 8 +-
> drivers/thermal/cpufreq_cooling.c | 10 +-
> drivers/thermal/intel/intel_powerclamp.c | 6 +-
> drivers/thermal/qcom/tsens-v0_1.c | 2 +-
> drivers/thunderbolt/nhi.c | 49 ++-
> drivers/thunderbolt/switch.c | 24 ++
> drivers/thunderbolt/tb.h | 1 +
> drivers/thunderbolt/tb_regs.h | 1 +
> drivers/thunderbolt/usb4.c | 20 ++
> drivers/tty/serial/8250/8250_core.c | 16 +-
> drivers/tty/serial/8250/8250_omap.c | 3 +
> drivers/tty/serial/8250/8250_pci.c | 14 +-
> drivers/tty/serial/8250/8250_port.c | 30 +-
> drivers/tty/serial/ar933x_uart.c | 7 +
> drivers/tty/serial/cpm_uart/cpm_uart_core.c | 22 +-
> drivers/tty/serial/fsl_lpuart.c | 12 +-
> drivers/tty/serial/imx.c | 8 +-
> drivers/tty/serial/jsm/jsm_driver.c | 3 +-
> drivers/tty/serial/serial_core.c | 36 ++-
> drivers/tty/serial/stm32-usart.c | 100 +++---
> drivers/tty/serial/xilinx_uartps.c | 14 +-
> drivers/usb/common/debug.c | 96 ++++--
> drivers/usb/common/usb-conn-gpio.c | 6 +-
> drivers/usb/core/quirks.c | 4 +
> drivers/usb/dwc3/core.c | 83 +++--
> drivers/usb/dwc3/core.h | 6 +
> drivers/usb/gadget/function/f_fs.c | 4 +-
> drivers/usb/gadget/function/f_printer.c | 12 +-
> drivers/usb/gadget/function/f_uvc.c | 6 +-
> drivers/usb/gadget/function/uvc.h | 1 +
> drivers/usb/gadget/function/uvc_v4l2.c | 2 +-
> drivers/usb/gadget/function/uvc_video.c | 9 +-
> drivers/usb/host/xhci-dbgcap.c | 2 +-
> drivers/usb/host/xhci-mem.c | 7 +-
> drivers/usb/host/xhci-plat.c | 18 +-
> drivers/usb/host/xhci.c | 3 +-
> drivers/usb/host/xhci.h | 1 +
> drivers/usb/misc/idmouse.c | 8 +-
> drivers/usb/mtu3/mtu3_core.c | 2 -
> drivers/usb/mtu3/mtu3_plat.c | 2 +
> drivers/usb/musb/musb_gadget.c | 3 +
> drivers/usb/storage/unusual_devs.h | 6 -
> drivers/usb/typec/anx7411.c | 4 +-
> drivers/usb/typec/ucsi/ucsi.c | 8 +-
> drivers/vhost/vsock.c | 2 +-
> drivers/video/aperture.c | 14 +
> drivers/video/fbdev/core/fbmem.c | 12 -
> drivers/video/fbdev/smscufx.c | 14 +-
> drivers/video/fbdev/stifb.c | 2 +-
> drivers/xen/gntdev-common.h | 3 +-
> drivers/xen/gntdev.c | 80 ++---
> fs/btrfs/block-group.c | 11 +-
> fs/btrfs/extent-tree.c | 3 +
> fs/btrfs/file.c | 59 +++-
> fs/btrfs/free-space-cache.c | 59 ++--
> fs/btrfs/qgroup.c | 15 +
> fs/btrfs/scrub.c | 69 +++--
> fs/btrfs/super.c | 20 +-
> fs/cifs/cifsproto.h | 2 +-
> fs/cifs/connect.c | 2 +-
> fs/cifs/file.c | 9 +
> fs/cifs/smb2ops.c | 23 +-
> fs/cifs/smb2pdu.c | 7 +-
> fs/cifs/smb2transport.c | 10 +-
> fs/dlm/ast.c | 6 +-
> fs/dlm/lock.c | 20 +-
> fs/dlm/lowcomms.c | 4 +
> fs/erofs/inode.c | 2 +-
> fs/erofs/super.c | 2 +-
> fs/eventfd.c | 10 +-
> fs/ext2/super.c | 22 +-
> fs/ext4/fast_commit.c | 40 ++-
> fs/ext4/file.c | 6 +
> fs/ext4/inode.c | 17 +-
> fs/ext4/ioctl.c | 4 +
> fs/ext4/namei.c | 17 +-
> fs/ext4/resize.c | 2 +-
> fs/ext4/super.c | 47 +--
> fs/ext4/xattr.c | 1 +
> fs/f2fs/checkpoint.c | 47 ++-
> fs/f2fs/data.c | 4 +-
> fs/f2fs/extent_cache.c | 3 +-
> fs/f2fs/f2fs.h | 16 +-
> fs/f2fs/gc.c | 22 +-
> fs/f2fs/recovery.c | 23 +-
> fs/f2fs/segment.c | 2 +-
> fs/f2fs/super.c | 15 +-
> fs/file_table.c | 7 +-
> fs/fs-writeback.c | 37 ++-
> fs/internal.h | 10 +
> fs/iomap/buffered-io.c | 2 +-
> fs/jbd2/commit.c | 2 +-
> fs/jbd2/journal.c | 10 +-
> fs/jbd2/recovery.c | 1 +
> fs/jbd2/transaction.c | 6 +-
> fs/ksmbd/server.c | 4 +-
> fs/ksmbd/smb2pdu.c | 27 +-
> fs/ksmbd/smb_common.c | 6 +-
> fs/mbcache.c | 17 +-
> fs/nfsd/nfs3proc.c | 11 +-
> fs/nfsd/nfs4proc.c | 19 +-
> fs/nfsd/nfs4recover.c | 4 +-
> fs/nfsd/nfs4state.c | 5 +
> fs/nfsd/nfs4xdr.c | 14 +-
> fs/nfsd/nfsproc.c | 6 +-
> fs/nfsd/xdr4.h | 3 +-
> fs/ntfs3/inode.c | 2 -
> fs/ntfs3/xattr.c | 102 +-----
> fs/open.c | 11 +-
> fs/posix_acl.c | 25 +-
> fs/quota/quota_tree.c | 38 +++
> fs/userfaultfd.c | 4 +-
> fs/xfs/xfs_super.c | 10 +-
> include/dt-bindings/clock/samsung,exynosautov9.h | 56 ++--
> include/linux/ata.h | 39 +--
> include/linux/bio.h | 2 +-
> include/linux/blk-mq.h | 11 +-
> include/linux/blk_types.h | 2 +-
> include/linux/bpf.h | 3 +-
> include/linux/bpf_verifier.h | 11 +
> include/linux/dynamic_debug.h | 11 +-
> include/linux/eventfd.h | 2 +-
> include/linux/export-internal.h | 6 +-
> include/linux/filter.h | 5 +
> include/linux/fortify-string.h | 3 +-
> include/linux/fs.h | 9 +-
> include/linux/hugetlb.h | 8 +-
> include/linux/hw_random.h | 3 +
> include/linux/iio/iio-opaque.h | 2 +
> include/linux/iova.h | 2 +-
> include/linux/mmc/card.h | 1 +
> include/linux/once.h | 28 ++
> include/linux/ring_buffer.h | 2 +-
> include/linux/sched.h | 2 +-
> include/linux/serial_8250.h | 1 +
> include/linux/serial_core.h | 4 +-
> include/linux/skbuff.h | 2 +
> include/linux/sunrpc/svc.h | 19 +-
> include/linux/tcp.h | 2 +-
> include/linux/trace.h | 36 ++-
> include/linux/trace_events.h | 1 +
> include/net/ieee802154_netdev.h | 12 +-
> include/net/tcp.h | 5 +-
> include/uapi/linux/bpf.h | 7 +-
> include/uapi/rdma/mlx5-abi.h | 1 +
> io_uring/fdinfo.c | 32 +-
> io_uring/io_uring.c | 29 +-
> io_uring/io_uring.h | 12 +-
> io_uring/net.c | 107 ++++---
> io_uring/net.h | 9 +-
> io_uring/opdef.c | 17 +-
> io_uring/opdef.h | 1 +
> io_uring/rsrc.c | 1 +
> io_uring/rw.c | 47 ++-
> io_uring/rw.h | 1 +
> ipc/mqueue.c | 1 +
> kernel/auditsc.c | 4 +-
> kernel/bpf/bpf_local_storage.c | 4 +-
> kernel/bpf/bpf_lsm.c | 6 +
> kernel/bpf/bpf_task_storage.c | 8 +-
> kernel/bpf/btf.c | 2 +-
> kernel/bpf/cgroup.c | 28 +-
> kernel/bpf/core.c | 9 +-
> kernel/bpf/dispatcher.c | 27 +-
> kernel/bpf/hashtab.c | 30 +-
> kernel/bpf/helpers.c | 2 +
> kernel/bpf/syscall.c | 2 +
> kernel/bpf/trampoline.c | 8 +-
> kernel/bpf/verifier.c | 146 +++++----
> kernel/cgroup/cgroup.c | 6 +-
> kernel/cgroup/cpuset.c | 18 +-
> kernel/livepatch/transition.c | 18 +-
> kernel/module/tracking.c | 3 +
> kernel/rcu/tasks.h | 5 +-
> kernel/rcu/tree.c | 17 +-
> kernel/rcu/tree_plugin.h | 3 +-
> kernel/trace/bpf_trace.c | 20 +-
> kernel/trace/ftrace.c | 34 +-
> kernel/trace/kprobe_event_gen_test.c | 49 ++-
> kernel/trace/ring_buffer.c | 87 +++++-
> kernel/trace/trace.c | 76 ++++-
> kernel/trace/trace_eprobe.c | 63 +---
> kernel/trace/trace_events_synth.c | 23 +-
> kernel/trace/trace_kprobe.c | 60 +---
> kernel/trace/trace_osnoise.c | 3 +-
> kernel/trace/trace_probe_kernel.h | 115 +++++++
> lib/Kconfig.debug | 10 +-
> lib/dynamic_debug.c | 45 +--
> lib/once.c | 30 ++
> lib/sbitmap.c | 69 +++--
> mm/damon/vaddr.c | 10 +
> mm/gup.c | 14 +-
> mm/hugetlb.c | 68 ++--
> mm/memory.c | 2 +
> mm/mmap.c | 5 +-
> mm/mprotect.c | 2 +
> net/bluetooth/hci_core.c | 38 ++-
> net/bluetooth/hci_event.c | 14 +
> net/bluetooth/hci_sock.c | 3 -
> net/bluetooth/hci_sync.c | 1 +
> net/bluetooth/hci_sysfs.c | 3 +
> net/bluetooth/l2cap_core.c | 17 +-
> net/bluetooth/mgmt.c | 4 +-
> net/bluetooth/rfcomm/sock.c | 3 +
> net/can/bcm.c | 7 +-
> net/core/flow_dissector.c | 4 +-
> net/core/skmsg.c | 12 +-
> net/core/stream.c | 3 +-
> net/ieee802154/socket.c | 4 +
> net/ipv4/datagram.c | 2 +
> net/ipv4/esp4_offload.c | 5 +-
> net/ipv4/inet_hashtables.c | 4 +-
> net/ipv4/netfilter/nft_fib_ipv4.c | 3 +
> net/ipv4/tcp.c | 16 +-
> net/ipv4/tcp_output.c | 19 +-
> net/ipv6/esp6_offload.c | 5 +-
> net/ipv6/netfilter/nft_fib_ipv6.c | 6 +-
> net/mac80211/cfg.c | 17 +-
> net/mac80211/mlme.c | 20 +-
> net/mac80211/sta_info.c | 4 +-
> net/netfilter/nf_conntrack_core.c | 18 +-
> net/openvswitch/datapath.c | 18 +-
> net/rds/tcp.c | 2 +-
> net/sched/cls_u32.c | 6 +-
> net/sctp/auth.c | 18 +-
> net/unix/af_unix.c | 13 +-
> net/unix/garbage.c | 20 ++
> net/vmw_vsock/virtio_transport_common.c | 2 +-
> net/wireless/reg.c | 4 +
> net/xdp/xsk.c | 22 +-
> net/xdp/xsk_queue.h | 22 +-
> net/xfrm/xfrm_input.c | 18 +-
> net/xfrm/xfrm_ipcomp.c | 1 +
> scripts/Kbuild.include | 23 +-
> scripts/package/mkspec | 4 +-
> scripts/selinux/install_policy.sh | 2 +-
> security/integrity/ima/ima_appraise.c | 12 +-
> security/loadpin/Kconfig | 2 +-
> sound/core/pcm_dmaengine.c | 8 +-
> sound/core/rawmidi.c | 2 -
> sound/core/sound_oss.c | 13 +-
> sound/hda/intel-dsp-config.c | 5 +
> sound/pci/hda/hda_beep.c | 15 +-
> sound/pci/hda/hda_beep.h | 1 +
> sound/pci/hda/hda_codec.c | 41 ++-
> sound/pci/hda/patch_hdmi.c | 36 +--
> sound/pci/hda/patch_realtek.c | 11 +-
> sound/pci/hda/patch_sigmatel.c | 25 +-
> sound/soc/amd/acp/acp-pci.c | 1 +
> sound/soc/amd/yc/acp6x-mach.c | 14 +
> sound/soc/codecs/da7219.c | 5 +-
> sound/soc/codecs/lpass-tx-macro.c | 13 +-
> sound/soc/codecs/mt6359-accdet.c | 6 +-
> sound/soc/codecs/mt6660.c | 8 +-
> sound/soc/codecs/tas2764.c | 78 ++---
> sound/soc/codecs/wcd-mbhc-v2.c | 10 +-
> sound/soc/codecs/wcd9335.c | 2 +-
> sound/soc/codecs/wcd934x.c | 2 +-
> sound/soc/codecs/wm5102.c | 6 +-
> sound/soc/codecs/wm5110.c | 6 +-
> sound/soc/codecs/wm8997.c | 6 +-
> sound/soc/codecs/wm_adsp.c | 4 +-
> sound/soc/fsl/eukrea-tlv320.c | 8 +-
> sound/soc/mediatek/mt8195/mt8195-mt6359.c | 6 +
> sound/soc/rockchip/rockchip_i2s.c | 41 +--
> sound/soc/sh/rcar/ctu.c | 6 +-
> sound/soc/sh/rcar/dvc.c | 6 +-
> sound/soc/sh/rcar/mix.c | 6 +-
> sound/soc/sh/rcar/src.c | 5 +-
> sound/soc/sh/rcar/ssi.c | 4 +-
> sound/soc/soc-pcm.c | 2 +-
> sound/soc/sof/intel/hda.c | 11 +
> sound/soc/sof/ipc3-topology.c | 7 +
> sound/soc/sof/ipc4-topology.c | 9 +-
> sound/soc/sof/mediatek/mt8195/mt8195.c | 1 +
> sound/soc/sof/sof-pci-dev.c | 2 +-
> sound/soc/sof/sof-priv.h | 4 +
> sound/soc/stm/stm32_adfsdm.c | 8 +-
> sound/soc/stm/stm32_i2s.c | 4 +-
> sound/soc/stm/stm32_spdifrx.c | 4 +-
> sound/soc/sunxi/sun4i-codec.c | 3 +
> sound/usb/card.c | 32 +-
> sound/usb/endpoint.c | 17 +-
> sound/usb/quirks-table.h | 76 +++++
> sound/usb/quirks.c | 344
> ++++++++++++++++++---
> sound/usb/quirks.h | 2 -
> sound/usb/usbaudio.h | 1 +
> tools/bpf/bpftool/btf_dumper.c | 2 +-
> tools/bpf/bpftool/cgroup.c | 54 +++-
> tools/bpf/bpftool/main.c | 10 +
> tools/include/uapi/linux/bpf.h | 7 +-
> tools/lib/bpf/bpf_tracing.h | 14 +-
> tools/lib/bpf/btf.h | 25 +-
> tools/lib/bpf/btf_dump.c | 2 +-
> tools/lib/bpf/libbpf.c | 21 +-
> tools/lib/bpf/libbpf.h | 4 +-
> tools/lib/bpf/libbpf_probes.c | 2 +-
> tools/lib/bpf/nlattr.c | 2 +-
> tools/lib/bpf/usdt.bpf.h | 4 +-
> tools/objtool/elf.c | 7 +-
> tools/perf/arch/x86/util/intel-pt.c | 2 +-
> tools/perf/util/intel-pt.c | 9 +-
> tools/perf/util/parse-events.c | 3 +
> tools/perf/util/pmu.c | 17 +
> tools/perf/util/pmu.h | 2 +
> tools/perf/util/pmu.l | 2 -
> tools/perf/util/pmu.y | 15 +-
> tools/power/x86/turbostat/turbostat.c | 1 -
> .../selftests/arm64/signal/testcases/testcases.c | 2 +-
> .../selftests/bpf/map_tests/array_map_batch_ops.c | 2 +
> .../selftests/bpf/map_tests/htab_map_batch_ops.c | 2 +
> .../bpf/map_tests/lpm_trie_map_batch_ops.c | 2 +
> .../testing/selftests/bpf/prog_tests/cgroup_link.c | 11 +-
> tools/testing/selftests/bpf/progs/kprobe_multi.c | 4 +-
> tools/testing/selftests/bpf/test_maps.c | 24 +-
> tools/testing/selftests/bpf/xsk.c | 6 +-
> tools/testing/selftests/bpf/xskxceiver.c | 4 +
> tools/testing/selftests/cpu-hotplug/config | 1 -
> .../selftests/cpu-hotplug/cpu-on-off-test.sh | 138 +++------
> tools/testing/selftests/net/fcnal-test.sh | 30 ++
> tools/testing/selftests/net/nettest.c | 16 +-
> tools/testing/selftests/tpm2/tpm2.py | 4 +
> 908 files changed, 8789 insertions(+), 4121 deletions(-)
>
>
>
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup
2022-10-19 8:29 ` [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup Greg Kroah-Hartman
@ 2022-10-19 15:06 ` Hugh Dickins
2022-10-19 17:25 ` Greg Kroah-Hartman
0 siblings, 1 reply; 899+ messages in thread
From: Hugh Dickins @ 2022-10-19 15:06 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Yu Kuai, Jan Kara, Jens Axboe, Sasha Levin,
linux-block
On Wed, 19 Oct 2022, Greg Kroah-Hartman wrote:
> From: Yu Kuai <yukuai3@huawei.com>
>
> [ Upstream commit 040b83fcecfb86f3225d3a5de7fd9b3fbccf83b4 ]
>
> There are two problems can lead to lost wakeup:
>
> 1) invalid wakeup on the wrong waitqueue:
>
> For example, 2 * wake_batch tags are put, while only wake_batch threads
> are woken:
>
> __sbq_wake_up
> atomic_cmpxchg -> reset wait_cnt
> __sbq_wake_up -> decrease wait_cnt
> ...
> __sbq_wake_up -> wait_cnt is decreased to 0 again
> atomic_cmpxchg
> sbq_index_atomic_inc -> increase wake_index
> wake_up_nr -> wake up and waitqueue might be empty
> sbq_index_atomic_inc -> increase again, one waitqueue is skipped
> wake_up_nr -> invalid wake up because old wakequeue might be empty
>
> To fix the problem, increasing 'wake_index' before resetting 'wait_cnt'.
>
> 2) 'wait_cnt' can be decreased while waitqueue is empty
>
> As pointed out by Jan Kara, following race is possible:
>
> CPU1 CPU2
> __sbq_wake_up __sbq_wake_up
> sbq_wake_ptr() sbq_wake_ptr() -> the same
> wait_cnt = atomic_dec_return()
> /* decreased to 0 */
> sbq_index_atomic_inc()
> /* move to next waitqueue */
> atomic_set()
> /* reset wait_cnt */
> wake_up_nr()
> /* wake up on the old waitqueue */
> wait_cnt = atomic_dec_return()
> /*
> * decrease wait_cnt in the old
> * waitqueue, while it can be
> * empty.
> */
>
> Fix the problem by waking up before updating 'wake_index' and
> 'wait_cnt'.
>
> With this patch, noted that 'wait_cnt' is still decreased in the old
> empty waitqueue, however, the wakeup is redirected to a active waitqueue,
> and the extra decrement on the old empty waitqueue is not handled.
>
> Fixes: 88459642cba4 ("blk-mq: abstract tag allocation out into sbitmap library")
> Signed-off-by: Yu Kuai <yukuai3@huawei.com>
> Reviewed-by: Jan Kara <jack@suse.cz>
> Link: https://lore.kernel.org/r/20220803121504.212071-1-yukuai1@huaweicloud.com
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
I have no authority on linux-block, but I'll say NAK to this one
(and 517/862), and let Jens and Jan overrule me if they disagree.
This was the first of several 6.1-rc1 commits which had given me lost
wakeups never suffered before; was not tagged Cc stable; and (unless I've
missed it on lore) never had AUTOSEL posted to linux-block or linux-kernel.
Hugh
> ---
> lib/sbitmap.c | 55 ++++++++++++++++++++++++++++++---------------------
> 1 file changed, 33 insertions(+), 22 deletions(-)
>
> diff --git a/lib/sbitmap.c b/lib/sbitmap.c
> index 29eb0484215a..1f31147872e6 100644
> --- a/lib/sbitmap.c
> +++ b/lib/sbitmap.c
> @@ -611,32 +611,43 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
> return false;
>
> wait_cnt = atomic_dec_return(&ws->wait_cnt);
> - if (wait_cnt <= 0) {
> - int ret;
> + /*
> + * For concurrent callers of this, callers should call this function
> + * again to wakeup a new batch on a different 'ws'.
> + */
> + if (wait_cnt < 0 || !waitqueue_active(&ws->wait))
> + return true;
>
> - wake_batch = READ_ONCE(sbq->wake_batch);
> + if (wait_cnt > 0)
> + return false;
>
> - /*
> - * Pairs with the memory barrier in sbitmap_queue_resize() to
> - * ensure that we see the batch size update before the wait
> - * count is reset.
> - */
> - smp_mb__before_atomic();
> + wake_batch = READ_ONCE(sbq->wake_batch);
>
> - /*
> - * For concurrent callers of this, the one that failed the
> - * atomic_cmpxhcg() race should call this function again
> - * to wakeup a new batch on a different 'ws'.
> - */
> - ret = atomic_cmpxchg(&ws->wait_cnt, wait_cnt, wake_batch);
> - if (ret == wait_cnt) {
> - sbq_index_atomic_inc(&sbq->wake_index);
> - wake_up_nr(&ws->wait, wake_batch);
> - return false;
> - }
> + /*
> + * Wake up first in case that concurrent callers decrease wait_cnt
> + * while waitqueue is empty.
> + */
> + wake_up_nr(&ws->wait, wake_batch);
>
> - return true;
> - }
> + /*
> + * Pairs with the memory barrier in sbitmap_queue_resize() to
> + * ensure that we see the batch size update before the wait
> + * count is reset.
> + *
> + * Also pairs with the implicit barrier between decrementing wait_cnt
> + * and checking for waitqueue_active() to make sure waitqueue_active()
> + * sees result of the wakeup if atomic_dec_return() has seen the result
> + * of atomic_set().
> + */
> + smp_mb__before_atomic();
> +
> + /*
> + * Increase wake_index before updating wait_cnt, otherwise concurrent
> + * callers can see valid wait_cnt in old waitqueue, which can cause
> + * invalid wakeup on the old waitqueue.
> + */
> + sbq_index_atomic_inc(&sbq->wake_index);
> + atomic_set(&ws->wait_cnt, wake_batch);
>
> return false;
> }
> --
> 2.35.1
>
>
>
>
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 517/862] sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up()
2022-10-19 8:30 ` [PATCH 6.0 517/862] sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() Greg Kroah-Hartman
@ 2022-10-19 15:08 ` Hugh Dickins
0 siblings, 0 replies; 899+ messages in thread
From: Hugh Dickins @ 2022-10-19 15:08 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Keith Busch, Jan Kara, Jens Axboe,
Sasha Levin, linux-block
On Wed, 19 Oct 2022, Greg Kroah-Hartman wrote:
> From: Jan Kara <jack@suse.cz>
>
> [ Upstream commit 48c033314f372478548203c583529f53080fd078 ]
>
> When __sbq_wake_up() decrements wait_cnt to 0 but races with someone
> else waking the waiter on the waitqueue (so the waitqueue becomes
> empty), it exits without reseting wait_cnt to wake_batch number. Once
> wait_cnt is 0, nobody will ever reset the wait_cnt or wake the new
> waiters resulting in possible deadlocks or busyloops. Fix the problem by
> making sure we reset wait_cnt even if we didn't wake up anybody in the
> end.
>
> Fixes: 040b83fcecfb ("sbitmap: fix possible io hung due to lost wakeup")
> Reported-by: Keith Busch <kbusch@kernel.org>
> Signed-off-by: Jan Kara <jack@suse.cz>
> Link: https://lore.kernel.org/r/20220908130937.2795-1-jack@suse.cz
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
I have no authority on linux-block, but I'll say NAK to this one
(and 479/862), and let Jens and Jan overrule me if they disagree.
This was another of several 6.1-rc1 commits which had given me lost
wakeups never suffered before; was not tagged Cc stable; and (unless I've
missed it on lore) never had AUTOSEL posted to linux-block or linux-kernel.
Hugh
> ---
> lib/sbitmap.c | 18 +++++++++++++++---
> 1 file changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/lib/sbitmap.c b/lib/sbitmap.c
> index 1f31147872e6..bb1970ad4875 100644
> --- a/lib/sbitmap.c
> +++ b/lib/sbitmap.c
> @@ -605,6 +605,7 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
> struct sbq_wait_state *ws;
> unsigned int wake_batch;
> int wait_cnt;
> + bool ret;
>
> ws = sbq_wake_ptr(sbq);
> if (!ws)
> @@ -615,12 +616,23 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
> * For concurrent callers of this, callers should call this function
> * again to wakeup a new batch on a different 'ws'.
> */
> - if (wait_cnt < 0 || !waitqueue_active(&ws->wait))
> + if (wait_cnt < 0)
> return true;
>
> + /*
> + * If we decremented queue without waiters, retry to avoid lost
> + * wakeups.
> + */
> if (wait_cnt > 0)
> - return false;
> + return !waitqueue_active(&ws->wait);
>
> + /*
> + * When wait_cnt == 0, we have to be particularly careful as we are
> + * responsible to reset wait_cnt regardless whether we've actually
> + * woken up anybody. But in case we didn't wakeup anybody, we still
> + * need to retry.
> + */
> + ret = !waitqueue_active(&ws->wait);
> wake_batch = READ_ONCE(sbq->wake_batch);
>
> /*
> @@ -649,7 +661,7 @@ static bool __sbq_wake_up(struct sbitmap_queue *sbq)
> sbq_index_atomic_inc(&sbq->wake_index);
> atomic_set(&ws->wait_cnt, wake_batch);
>
> - return false;
> + return ret;
> }
>
> void sbitmap_queue_wake_up(struct sbitmap_queue *sbq)
> --
> 2.35.1
>
>
>
>
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node
2022-10-19 8:28 ` [PATCH 6.0 438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node Greg Kroah-Hartman
@ 2022-10-19 15:33 ` Johan Hovold
2022-10-19 15:40 ` Greg Kroah-Hartman
0 siblings, 1 reply; 899+ messages in thread
From: Johan Hovold @ 2022-10-19 15:33 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Krzysztof Kozlowski, Bryan ODonoghue,
Bjorn Andersson, Bhupesh Sharma, Sasha Levin
On Wed, Oct 19, 2022 at 10:28:45AM +0200, Greg Kroah-Hartman wrote:
> From: Bhupesh Sharma <bhupesh.sharma@linaro.org>
>
> [ Upstream commit 7dac7991408f77b0b33ee5e6b729baa683889277 ]
>
> Commit eeca7d46217c ("arm64: dts: qcom: pm8350c: Drop PWM reg declaration")
> dropped PWM reg declaration for pm8350c pwm(s), but there is a leftover
> 'reg' entry inside the lpg/pwm node in sc8280xp dts file. Remove the same.
>
> While at it, also remove the unused unit address in the node
> label.
>
> Also, since dt-bindings expect LPG/PWM node name to be "pwm",
> use correct node name as well, to fix the following
> error reported by 'make dtbs_check':
>
> 'lpg' does not match any of the regexes
>
> Fixes: eeca7d46217c ("arm64: dts: qcom: pm8350c: Drop PWM reg declaration")
Despite the Fixes tag, this is not a bug a fix but rather a cleanup for
compliance with the DT schema (for which there are thousands of similar
warnings).
Please drop.
> Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> Cc: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
> Cc: Bjorn Andersson <andersson@kernel.org>
> Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
> Signed-off-by: Bjorn Andersson <andersson@kernel.org>
> Link: https://lore.kernel.org/r/20220905070240.1634997-1-bhupesh.sharma@linaro.org
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi
> index ae90b97aecb8..24836b6b9bbc 100644
> --- a/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi
> +++ b/arch/arm64/boot/dts/qcom/sc8280xp-pmics.dtsi
> @@ -60,9 +60,8 @@
> #interrupt-cells = <2>;
> };
>
> - pmc8280c_lpg: lpg@e800 {
> + pmc8280c_lpg: pwm {
> compatible = "qcom,pm8350c-pwm";
> - reg = <0xe800>;
>
> #address-cells = <1>;
> #size-cells = <0>;
Johan
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node
2022-10-19 15:33 ` Johan Hovold
@ 2022-10-19 15:40 ` Greg Kroah-Hartman
0 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 15:40 UTC (permalink / raw)
To: Johan Hovold
Cc: linux-kernel, stable, Krzysztof Kozlowski, Bryan ODonoghue,
Bjorn Andersson, Bhupesh Sharma, Sasha Levin
On Wed, Oct 19, 2022 at 05:33:09PM +0200, Johan Hovold wrote:
> On Wed, Oct 19, 2022 at 10:28:45AM +0200, Greg Kroah-Hartman wrote:
> > From: Bhupesh Sharma <bhupesh.sharma@linaro.org>
> >
> > [ Upstream commit 7dac7991408f77b0b33ee5e6b729baa683889277 ]
> >
> > Commit eeca7d46217c ("arm64: dts: qcom: pm8350c: Drop PWM reg declaration")
> > dropped PWM reg declaration for pm8350c pwm(s), but there is a leftover
> > 'reg' entry inside the lpg/pwm node in sc8280xp dts file. Remove the same.
> >
> > While at it, also remove the unused unit address in the node
> > label.
> >
> > Also, since dt-bindings expect LPG/PWM node name to be "pwm",
> > use correct node name as well, to fix the following
> > error reported by 'make dtbs_check':
> >
> > 'lpg' does not match any of the regexes
> >
> > Fixes: eeca7d46217c ("arm64: dts: qcom: pm8350c: Drop PWM reg declaration")
>
> Despite the Fixes tag, this is not a bug a fix but rather a cleanup for
> compliance with the DT schema (for which there are thousands of similar
> warnings).
>
> Please drop.
Now dropped, thanks.
greg k-h
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (863 preceding siblings ...)
2022-10-19 12:51 ` Luna Jernberg
@ 2022-10-19 17:19 ` Fenil Jain
2022-10-19 18:01 ` Jon Hunter
` (11 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Fenil Jain @ 2022-10-19 17:19 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable, linux-kernel
Hey Greg,
Ran tests and boot tested on my system, no regressions found
Tested-by: Fenil Jain <fkjainco@gmail.com>
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup
2022-10-19 15:06 ` Hugh Dickins
@ 2022-10-19 17:25 ` Greg Kroah-Hartman
2022-10-19 17:37 ` Jens Axboe
0 siblings, 1 reply; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-19 17:25 UTC (permalink / raw)
To: Hugh Dickins
Cc: linux-kernel, stable, Yu Kuai, Jan Kara, Jens Axboe, Sasha Levin,
linux-block
On Wed, Oct 19, 2022 at 08:06:26AM -0700, Hugh Dickins wrote:
> On Wed, 19 Oct 2022, Greg Kroah-Hartman wrote:
>
> > From: Yu Kuai <yukuai3@huawei.com>
> >
> > [ Upstream commit 040b83fcecfb86f3225d3a5de7fd9b3fbccf83b4 ]
> >
> > There are two problems can lead to lost wakeup:
> >
> > 1) invalid wakeup on the wrong waitqueue:
> >
> > For example, 2 * wake_batch tags are put, while only wake_batch threads
> > are woken:
> >
> > __sbq_wake_up
> > atomic_cmpxchg -> reset wait_cnt
> > __sbq_wake_up -> decrease wait_cnt
> > ...
> > __sbq_wake_up -> wait_cnt is decreased to 0 again
> > atomic_cmpxchg
> > sbq_index_atomic_inc -> increase wake_index
> > wake_up_nr -> wake up and waitqueue might be empty
> > sbq_index_atomic_inc -> increase again, one waitqueue is skipped
> > wake_up_nr -> invalid wake up because old wakequeue might be empty
> >
> > To fix the problem, increasing 'wake_index' before resetting 'wait_cnt'.
> >
> > 2) 'wait_cnt' can be decreased while waitqueue is empty
> >
> > As pointed out by Jan Kara, following race is possible:
> >
> > CPU1 CPU2
> > __sbq_wake_up __sbq_wake_up
> > sbq_wake_ptr() sbq_wake_ptr() -> the same
> > wait_cnt = atomic_dec_return()
> > /* decreased to 0 */
> > sbq_index_atomic_inc()
> > /* move to next waitqueue */
> > atomic_set()
> > /* reset wait_cnt */
> > wake_up_nr()
> > /* wake up on the old waitqueue */
> > wait_cnt = atomic_dec_return()
> > /*
> > * decrease wait_cnt in the old
> > * waitqueue, while it can be
> > * empty.
> > */
> >
> > Fix the problem by waking up before updating 'wake_index' and
> > 'wait_cnt'.
> >
> > With this patch, noted that 'wait_cnt' is still decreased in the old
> > empty waitqueue, however, the wakeup is redirected to a active waitqueue,
> > and the extra decrement on the old empty waitqueue is not handled.
> >
> > Fixes: 88459642cba4 ("blk-mq: abstract tag allocation out into sbitmap library")
> > Signed-off-by: Yu Kuai <yukuai3@huawei.com>
> > Reviewed-by: Jan Kara <jack@suse.cz>
> > Link: https://lore.kernel.org/r/20220803121504.212071-1-yukuai1@huaweicloud.com
> > Signed-off-by: Jens Axboe <axboe@kernel.dk>
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
>
> I have no authority on linux-block, but I'll say NAK to this one
> (and 517/862), and let Jens and Jan overrule me if they disagree.
>
> This was the first of several 6.1-rc1 commits which had given me lost
> wakeups never suffered before; was not tagged Cc stable; and (unless I've
> missed it on lore) never had AUTOSEL posted to linux-block or linux-kernel.
Ok, thanks for the review. I'll drop both of the sbitmap.c changes and
if people report issues and want them back, I'll be glad to revisit them
then.
greg k-h
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup
2022-10-19 17:25 ` Greg Kroah-Hartman
@ 2022-10-19 17:37 ` Jens Axboe
0 siblings, 0 replies; 899+ messages in thread
From: Jens Axboe @ 2022-10-19 17:37 UTC (permalink / raw)
To: Greg Kroah-Hartman, Hugh Dickins
Cc: linux-kernel, stable, Yu Kuai, Jan Kara, Sasha Levin, linux-block
On 10/19/22 10:25 AM, Greg Kroah-Hartman wrote:
> On Wed, Oct 19, 2022 at 08:06:26AM -0700, Hugh Dickins wrote:
>> On Wed, 19 Oct 2022, Greg Kroah-Hartman wrote:
>>
>>> From: Yu Kuai <yukuai3@huawei.com>
>>>
>>> [ Upstream commit 040b83fcecfb86f3225d3a5de7fd9b3fbccf83b4 ]
>>>
>>> There are two problems can lead to lost wakeup:
>>>
>>> 1) invalid wakeup on the wrong waitqueue:
>>>
>>> For example, 2 * wake_batch tags are put, while only wake_batch threads
>>> are woken:
>>>
>>> __sbq_wake_up
>>> atomic_cmpxchg -> reset wait_cnt
>>> __sbq_wake_up -> decrease wait_cnt
>>> ...
>>> __sbq_wake_up -> wait_cnt is decreased to 0 again
>>> atomic_cmpxchg
>>> sbq_index_atomic_inc -> increase wake_index
>>> wake_up_nr -> wake up and waitqueue might be empty
>>> sbq_index_atomic_inc -> increase again, one waitqueue is skipped
>>> wake_up_nr -> invalid wake up because old wakequeue might be empty
>>>
>>> To fix the problem, increasing 'wake_index' before resetting 'wait_cnt'.
>>>
>>> 2) 'wait_cnt' can be decreased while waitqueue is empty
>>>
>>> As pointed out by Jan Kara, following race is possible:
>>>
>>> CPU1 CPU2
>>> __sbq_wake_up __sbq_wake_up
>>> sbq_wake_ptr() sbq_wake_ptr() -> the same
>>> wait_cnt = atomic_dec_return()
>>> /* decreased to 0 */
>>> sbq_index_atomic_inc()
>>> /* move to next waitqueue */
>>> atomic_set()
>>> /* reset wait_cnt */
>>> wake_up_nr()
>>> /* wake up on the old waitqueue */
>>> wait_cnt = atomic_dec_return()
>>> /*
>>> * decrease wait_cnt in the old
>>> * waitqueue, while it can be
>>> * empty.
>>> */
>>>
>>> Fix the problem by waking up before updating 'wake_index' and
>>> 'wait_cnt'.
>>>
>>> With this patch, noted that 'wait_cnt' is still decreased in the old
>>> empty waitqueue, however, the wakeup is redirected to a active waitqueue,
>>> and the extra decrement on the old empty waitqueue is not handled.
>>>
>>> Fixes: 88459642cba4 ("blk-mq: abstract tag allocation out into sbitmap library")
>>> Signed-off-by: Yu Kuai <yukuai3@huawei.com>
>>> Reviewed-by: Jan Kara <jack@suse.cz>
>>> Link: https://lore.kernel.org/r/20220803121504.212071-1-yukuai1@huaweicloud.com
>>> Signed-off-by: Jens Axboe <axboe@kernel.dk>
>>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>>
>> I have no authority on linux-block, but I'll say NAK to this one
>> (and 517/862), and let Jens and Jan overrule me if they disagree.
>>
>> This was the first of several 6.1-rc1 commits which had given me lost
>> wakeups never suffered before; was not tagged Cc stable; and (unless I've
>> missed it on lore) never had AUTOSEL posted to linux-block or linux-kernel.
>
> Ok, thanks for the review. I'll drop both of the sbitmap.c changes and
> if people report issues and want them back, I'll be glad to revisit them
> then.
Sorry for being late, did see Hugh respond to the original auto-select
as well, and was surprised to see it moving forward after that. Let's
please drop them for now.
--
Jens Axboe
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (864 preceding siblings ...)
2022-10-19 17:19 ` Fenil Jain
@ 2022-10-19 18:01 ` Jon Hunter
2022-10-19 19:24 ` Ron Economos
` (10 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Jon Hunter @ 2022-10-19 18:01 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, f.fainelli, sudipm.mukherjee, srw, linux-tegra
On 19/10/2022 09:21, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
No new regressions for Tegra ...
Test results for stable-v6.0:
11 builds: 11 pass, 0 fail
28 boots: 28 pass, 0 fail
130 tests: 128 pass, 2 fail
Linux version: 6.0.3-rc1-g844297340351
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Test failures: tegra194-p2972-0000: boot.py
tegra210-p3450-0000: devices
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
--
nvpublic
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (865 preceding siblings ...)
2022-10-19 18:01 ` Jon Hunter
@ 2022-10-19 19:24 ` Ron Economos
2022-10-19 19:29 ` Allen Pais
` (9 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Ron Economos @ 2022-10-19 19:24 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On 10/19/22 1:21 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (866 preceding siblings ...)
2022-10-19 19:24 ` Ron Economos
@ 2022-10-19 19:29 ` Allen Pais
2022-10-19 19:31 ` Slade Watkins
` (8 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Allen Pais @ 2022-10-19 19:29 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Hi Greg,
Boot tested on both x86 and ARM64 test systems, no regressions found
Tested-by: Allen Pais <apais@linux.microsoft.com>
Thanks.
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (867 preceding siblings ...)
2022-10-19 19:29 ` Allen Pais
@ 2022-10-19 19:31 ` Slade Watkins
2022-10-19 19:51 ` Florian Fainelli
` (7 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Slade Watkins @ 2022-10-19 19:31 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee
On Wed, Oct 19, 2022 at 4:38 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
6.0.3-rc1 compiled and booted on my x86_64 test system. No errors or
regressions.
Tested-by: Slade Watkins <srw@sladewatkins.net>
Thanks,
-srw
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (868 preceding siblings ...)
2022-10-19 19:31 ` Slade Watkins
@ 2022-10-19 19:51 ` Florian Fainelli
2022-10-19 19:53 ` Shuah Khan
` (6 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Florian Fainelli @ 2022-10-19 19:51 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, sudipm.mukherjee, srw
On 10/19/22 01:21, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (869 preceding siblings ...)
2022-10-19 19:51 ` Florian Fainelli
@ 2022-10-19 19:53 ` Shuah Khan
2022-10-19 21:39 ` Guenter Roeck
` (5 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Shuah Khan @ 2022-10-19 19:53 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw, Shuah Khan
On 10/19/22 02:21, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (870 preceding siblings ...)
2022-10-19 19:53 ` Shuah Khan
@ 2022-10-19 21:39 ` Guenter Roeck
2022-10-20 3:56 ` Bagas Sanjaya
` (4 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Guenter Roeck @ 2022-10-19 21:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On Wed, Oct 19, 2022 at 10:21:27AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 152 pass: 152 fail: 0
Qemu test results:
total: 490 pass: 490 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 659/862] ARM/dma-mappіng: dont override ->dma_coherent when set from a bus notifier
2022-10-19 8:32 ` [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?= Greg Kroah-Hartman
2022-10-19 9:14 ` Russell King (Oracle)
@ 2022-10-20 1:46 ` Bagas Sanjaya
1 sibling, 0 replies; 899+ messages in thread
From: Bagas Sanjaya @ 2022-10-20 1:46 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, Marek Behún, Christoph Hellwig,
Russell King (Oracle),
Sasha Levin
On 10/19/22 15:32, Greg Kroah-Hartman wrote:
> From: Christoph Hellwig <hch@lst.de>
>
> [ Upstream commit 49bc8bebae79c8516cb12f91818f3a7907e3ebce ]
>
> Commit ae626eb97376 ("ARM/dma-mapping: use dma-direct unconditionally")
> caused a regression on the mvebu platform, wherein devices that are
> dma-coherent are marked as dma-noncoherent, because although
> mvebu_hwcc_notifier() after that commit still marks then as coherent,
> the arm_coherent_dma_ops() function, which is called later, overwrites
> this setting, since it is being called from drivers/of/device.c with
> coherency parameter determined by of_dma_is_coherent(), and the
> device-trees do not declare the 'dma-coherent' property.
>
> Fix this by defaulting never clearing the dma_coherent flag in
> arm_coherent_dma_ops().
>
The patch subject looks mangled, right?
--
An old man doll... just what I always wanted! - Clara
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (871 preceding siblings ...)
2022-10-19 21:39 ` Guenter Roeck
@ 2022-10-20 3:56 ` Bagas Sanjaya
2022-10-20 6:12 ` Jiri Slaby
` (3 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Bagas Sanjaya @ 2022-10-20 3:56 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
[-- Attachment #1: Type: text/plain, Size: 537 bytes --]
On Wed, Oct 19, 2022 at 10:21:27AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm64 (bcm2711_defconfig, GCC 10.2.0) and
powerpc (ps3_defconfig, GCC 12.1.0).
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (872 preceding siblings ...)
2022-10-20 3:56 ` Bagas Sanjaya
@ 2022-10-20 6:12 ` Jiri Slaby
2022-10-20 7:31 ` Naresh Kamboju
` (2 subsequent siblings)
876 siblings, 0 replies; 899+ messages in thread
From: Jiri Slaby @ 2022-10-20 6:12 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On 19. 10. 22, 10:21, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
openSUSE configs¹⁾ all green. x86_64 runs fine in qemu.
Tested-by: Jiri Slaby <jirislaby@kernel.org>
¹⁾ armv6hl armv7hl arm64 i386 ppc64 ppc64le riscv64 s390x x86_64
--
js
suse labs
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (873 preceding siblings ...)
2022-10-20 6:12 ` Jiri Slaby
@ 2022-10-20 7:31 ` Naresh Kamboju
2022-10-20 10:43 ` Sudip Mukherjee (Codethink)
2022-10-20 18:15 ` Justin Forbes
876 siblings, 0 replies; 899+ messages in thread
From: Naresh Kamboju @ 2022-10-20 7:31 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On Wed, 19 Oct 2022 at 14:08, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
No regressions on arm64, arm, x86_64, and i386.
A list of kernel warning / BUGs/ oops / invalid opcode are coming from
mainline kernel.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
NOTE:
Following kernel warning noticed on arm64 Qcom db410c device while
booting with kselftest merge configs. This is reported on mainline [1] & [2].
[ 29.638854] qcom-camss: probe of 1b0ac00.camss failed with error -17
[ 29.772896] ------------[ cut here ]------------
[ 29.773376] list_add corruption. prev->next should be next
(ffff000004771300), but was 0000000000000000. (prev=ffff000010c13e00).
[ 29.777423] WARNING: CPU: 1 PID: 283 at lib/list_debug.c:30
__list_add_valid+0xdc/0x110
[ 29.784013] NET: Registered PF_QIPCRTR protocol family
[ 29.788398] Modules linked in: qrtr(+) rtc_pm8xxx(+) qcom_pon(+)
qcom_spmi_vadc(+) qcom_vadc_common qcom_q6v5_mss(+) qcom_pil_info
qcom_q6v5 qcom_sysmon qcom_camss qcom_common videobuf2_dma_sg
qcom_glink_smem qmi_helpers venus_core(+) v4l2_fwnode qcom_stats
gpu_sched v4l2_async v4l2_mem2mem drm_dp_aux_bus qnoc_msm8916 qcom_rng
mdt_loader videobuf2_memops videobuf2_v4l2 drm_display_helper
i2c_qcom_cci videobuf2_common icc_smd_rpm display_connector
drm_kms_helper rmtfs_mem socinfo fuse drm
[ 29.823494] CPU: 1 PID: 283 Comm: systemd-udevd Not tainted 6.0.2 #1
[ 29.844890] Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
[ 29.851234] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 29.857919] pc : __list_add_valid+0xdc/0x110
[ 29.864544] lr : __list_add_valid+0xdc/0x110
ref:
[1 ] https://lore.kernel.org/all/CA+G9fYuB1-qmObe3L0A0oUDXXaWa=-UxOEGtEWWJ-=_wc791Uw@mail.gmail.com/
[2] https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.0.y/build/v6.0.2/testrun/12505842/suite/log-parser-test/test/check-kernel-exception/log
Following warning noticed on arm64 Qcom db845c device while booting with the
Kselftest merge configs enabled.
[ 20.438279] ============================================
[ 20.443648] WARNING: possible recursive locking detected
[ 20.449018] 6.0.2 #1 Not tainted
[ 20.452283] --------------------------------------------
[ 20.457649] kworker/u16:1/11 is trying to acquire lock:
[ 20.462927] cfg80211: Loading compiled-in X.509 certificates for
regulatory database
[ 20.470748] ffff6ca7c8e428f8 (&irq_desc_lock_class){-.-.}-{2:2},
at: __irq_get_desc_lock+0x64/0xac
[ 20.479825]
[ 20.479825] but task is already holding lock:
[ 20.485717] ffff6ca7cb75c0f8 (&irq_desc_lock_class){-.-.}-{2:2},
at: __irq_get_desc_lock+0x64/0xac
[ 20.494777]
[ 20.494777] other info that might help us debug this:
[ 20.501372] Possible unsafe locking scenario:
[ 20.501372]
[ 20.507351] CPU0
[ 20.509834] ----
[ 20.512314] lock(&irq_desc_lock_class);
[ 20.516374] lock(&irq_desc_lock_class);
[ 20.520448]
[ 20.520448] *** DEADLOCK ***
[3] https://lore.kernel.org/all/CA+G9fYui6--jhN1CFH6fXNK81sHNYgosTs2hyybFqPxFRvndpg@mail.gmail.com/
The following invalid opcode found while running selftests: memfd:
run_hugetlbfs_test.sh on i386 with kselftest configs enabled [4] & [5].
# selftests: memfd: run_hugetlbfs_test.sh
[ 75.841946] run_hugetlbfs_t (1296): drop_caches: 3
[ 75.890473] invalid opcode: 0000 [#1] PREEMPT SMP
[ 75.895185] CPU: 1 PID: 1300 Comm: memfd_test Tainted: G
N 6.0.3-rc1 #1
[ 75.903185] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS
2.5 11/26/2020
[ 75.910576] EIP: hugetlb_file_setup.cold+0x0/0x33
[ 75.915312] Code: b8 ea ff ff ff e9 52 8e 26 ff 0f 0b c7 04 24 70
75 63 d6 e8 a7 4a ff ff b8 ea ff ff ff e9 57 97 26 ff 0f 0b 0f 0b 0f
0b 0f 0b <0f> 0b 64 a1 58 b8 bd d6 c6 05 bd c0 a6 d6 01 8b 90 ec 03 00
00 05
[ 75.934053] EAX: c5360dd0 EBX: 00000000 ECX: 00000020 EDX: 00000000
[ 75.940311] ESI: 80000004 EDI: 00000005 EBP: c5405ea0 ESP: c5405e80
[ 75.946620] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010212
[ 75.953399] CR0: 80050033 CR2: 00000000 CR3: 06405000 CR4: 003506d0
[ 75.959665] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 75.965920] DR6: fffe0ff0 DR7: 00000400
[ 75.969753] Call Trace:
[ 75.972199] __ia32_sys_memfd_create+0x196/0x220
[ 75.976816] __do_fast_syscall_32+0x77/0xd0
[ 75.981008] do_fast_syscall_32+0x32/0x70
[ 75.985023] do_SYSENTER_32+0x15/0x20
[ 75.988680] entry_SYSENTER_32+0x98/0xf6
[ 75.992605] EIP: 0xb7f31549
[ 75.995399] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01
10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f
34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90
8d 76
[ 76.014144] EAX: ffffffda EBX: 0804b486 ECX: 80000004 EDX: 080493de
[ 76.020410] ESI: b7d10220 EDI: b7e068f0 EBP: bffad738 ESP: bffad6cc
[ 76.026668] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296
[ 76.033455] Modules linked in: x86_pkg_temp_thermal fuse configfs
[last unloaded: test_strscpy(N)]
[ 76.042444] ---[ end trace 0000000000000000 ]---
[ 76.047070] EIP: hugetlb_file_setup.cold+0x0/0x33
[ 76.051777] Code: b8 ea ff ff ff e9 52 8e 26 ff 0f 0b c7 04 24 70
75 63 d6 e8 a7 4a ff ff b8 ea ff ff ff e9 57 97 26 ff 0f 0b 0f 0b 0f
0b 0f 0b <0f> 0b 64 a1 58 b8 bd d6 c6 05 bd c0 a6 d6 01 8b 90 ec 03 00
00 05
[ 76.070550] EAX: c5360dd0 EBX: 00000000 ECX: 00000020 EDX: 00000000
[ 76.076841] ESI: 80000004 EDI: 00000005 EBP: c5405ea0 ESP: c5405e80
[ 76.083133] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010212
[ 76.089945] CR0: 80050033 CR2: 00000000 CR3: 06405000 CR4: 003506d0
[ 76.096211] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 76.102483] DR6: fffe0ff0 DR7: 00000400
# ./run_hugetlbfs_test.sh: line 60: 1300 Segmentation fault
./memfd_test hugetlbfs
# opening: ./mnt/memfd
# fuse: DONE
ok 3 selftests: memfd: run_hugetlbfs_test.sh
[4] https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.0.y/build/v6.0-916-g844297340351/testrun/12536148/suite/log-parser-test/tests/
[5] https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.0.y/build/v6.0-916-g844297340351/testrun/12536148/suite/log-parser-test/test/check-kernel-invalid-opcode/log
While running perf test cases on qemu_x86_64 this kernel BUG noticed [6].
unsupp '/usr/libexec/perf-core/tests/attr/test-record-branch-filter-ind_call'
running '/usr/libexec/perf-core/tests/attr/test-record-group'
[ 204.124863] BUG: kernel NULL pointer dereference, address: 0000000000000198
[ 204.125878] #PF: supervisor read access in kernel mode
[ 204.126482] #PF: error_code(0x0000) - not-present page
[ 204.127127] PGD 0 P4D 0
[ 204.127435] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 204.127939] CPU: 3 PID: 574 Comm: perf-exec Not tainted 6.0.3-rc1 #1
[ 204.128711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[ 204.129619] RIP: 0010:x86_pmu_enable_event+0x43/0x130
[6] https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.0.y/build/v6.0-916-g844297340351/testrun/12536939/suite/log-parser-test/test/check-kernel-bug/log
Following kernel crash log noticed while running selftests: net: pmtu.sh on
x15 device [7] with kselftest merge configs enabled.
# selftests: net: pmtu.sh
...
# TEST: IPv4 over vxlan6: PMTU exceptions [ OK ]
[ 169.299682] 8<--- cut here ---
[ 169.302764] Unable to handle kernel paging request at virtual
address 2c86c000
[ 169.310089] [2c86c000] *pgd=00000000
[ 169.313720] Internal error: Oops: 5 [#1] SMP ARM
[ 169.318359] Modules linked in: act_csum act_pedit cls_flower
sch_prio ip_tables x_tables veth tun cfg80211 bluetooth
snd_soc_simple_card snd_soc_simple_card_utils etnaviv gpu_sched
onboard_usb_hub snd_soc_davinci_mcasp snd_soc_ti_udma snd_soc_ti_edma
snd_soc_ti_sdma snd_soc_core ac97_bus snd_pcm_dmaengine snd_pcm
snd_timer snd soundcore display_connector fuse [last unloaded:
test_blackhole_dev]
[ 169.353576] CPU: 0 PID: 295 Comm: rngd Not tainted 6.0.3-rc1 #1
[ 169.359527] Hardware name: Generic DRA74X (Flattened Device Tree)
[ 169.365631] PC is at percpu_counter_add_batch+0x28/0xc4
[7] https://lore.kernel.org/all/CA+G9fYvepPVpDn5AP6bwDukpx7h++avMPEUARuHyvJqWwQ84uQ@mail.gmail.com/T/#u
## Build
* kernel: 6.0.3-rc1
* git: ['https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc',
'https://gitlab.com/mrchapp/linux']
* git branch: linux-6.0.y
* git commit: 84429734035197a6ab8e79c852d5e4e6ed744703
* git describe: v6.0-916-g844297340351
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.0.y/build/v6.0-916-g844297340351
## No Test Regressions (compared to v6.0.2)
## No Metric Regressions (compared to v6.0.2)
## No Test Fixes (compared to v6.0.2)
## No Metric Fixes (compared to v6.0.2)
## Test result summary
total: 131365, pass: 113062, fail: 4832, skip: 13064, xfail: 407
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 311 total, 307 passed, 4 failed
* arm64: 64 total, 64 passed, 0 failed
* i386: 55 total, 55 passed, 0 failed
* mips: 56 total, 55 passed, 1 failed
* parisc: 12 total, 12 passed, 0 failed
* powerpc: 69 total, 63 passed, 6 failed
* riscv: 27 total, 27 passed, 0 failed
* s390: 21 total, 21 passed, 0 failed
* sh: 24 total, 24 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x86_64: 58 total, 58 passed, 0 failed
## Test suites summary
* /
* fwts
* igt-gpu-tools
* kself0009test-sync
* kself[
* kselft[
* kselftest-android
* kselftest-arm64
* kselftest-arm64/arm64.btitest.bti_c_func
* kselftest-arm64/arm64.btitest.bti_j_func
* kselftest-arm64/arm64.btitest.bti_jc_func
* kselftest-arm64/arm64.btitest.bti_none_func
* kselftest-arm64/arm64.btitest.nohint_func
* kselftest-arm64/arm64.btitest.paciasp_func
* kselftest-arm64/arm64.nobtitest.bti_c_func
* kselftest-arm64/arm64.nobtitest.bti_j_func
* kselftest-arm64/arm64.nobtitest.bti_jc_func
* kselftest-arm64/arm64.nobtitest.bti_none_func
* kselftest-arm64/arm64.nobtitest.nohint_func
* kselftest-arm64/arm64.nobtitest.paciasp_func
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-net-forwarding
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-x86
* kselftest-zram
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-at
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ip
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-open-posix-tests
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* network-basic-tests
* packetdrill
* perf
* perf/Zstd-perf.data-compression
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (874 preceding siblings ...)
2022-10-20 7:31 ` Naresh Kamboju
@ 2022-10-20 10:43 ` Sudip Mukherjee (Codethink)
2022-10-20 18:15 ` Justin Forbes
876 siblings, 0 replies; 899+ messages in thread
From: Sudip Mukherjee (Codethink) @ 2022-10-20 10:43 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, srw
Hi Greg,
On Wed, Oct 19, 2022 at 10:21:27AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
Build test (gcc version 12.2.1 20221016):
mips: 52 configs -> no failure
arm: 100 configs -> no failure
arm64: 3 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
csky allmodconfig -> no failure
powerpc allmodconfig -> no failure
riscv allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
[1]. https://openqa.qa.codethink.co.uk/tests/2018
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 000/862] 6.0.3-rc1 review
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
` (875 preceding siblings ...)
2022-10-20 10:43 ` Sudip Mukherjee (Codethink)
@ 2022-10-20 18:15 ` Justin Forbes
876 siblings, 0 replies; 899+ messages in thread
From: Justin Forbes @ 2022-10-20 18:15 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw
On Wed, Oct 19, 2022 at 10:21:27AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.3 release.
> There are 862 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 21 Oct 2022 08:30:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.3-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Tested rc1 against the Fedora build system (aarch64, armv7, ppc64le,
s390x, x86_64), and boot tested x86_64. No regressions noted.
Tested-by: Justin M. Forbes <jforbes@fedoraproject.org>
^ permalink raw reply [flat|nested] 899+ messages in thread
* RE: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow
2022-10-19 8:32 ` [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow Greg Kroah-Hartman
@ 2022-10-21 0:12 ` Ping-Ke Shih
2022-10-21 9:08 ` Greg Kroah-Hartman
0 siblings, 1 reply; 899+ messages in thread
From: Ping-Ke Shih @ 2022-10-21 0:12 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, Kevin Yang, Kalle Valo, Sasha Levin
> -----Original Message-----
> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Sent: Wednesday, October 19, 2022 4:33 PM
> To: linux-kernel@vger.kernel.org
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>; stable@vger.kernel.org; Kevin Yang
> <kevin_yang@realtek.com>; Ping-Ke Shih <pkshih@realtek.com>; Kalle Valo <kvalo@kernel.org>; Sasha Levin
> <sashal@kernel.org>
> Subject: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow
>
> From: Zong-Zhe Yang <kevin_yang@realtek.com>
>
> [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
>
> reported by smatch
>
> phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]'
> 8 <= 8 (assuming for loop doesn't break)
>
> However, it seems to be a false alarm because we prevent it originally via
> if (linear >= db_invert_table[11][7])
> return 96; /* maximum 96 dB */
>
> Still, we adjust the code to be more readable and avoid smatch warning.
Like Pavel mentioned [1], this patch is to avoid smatch warning, not a really
bug. So, shouldn't take this patch.
[1] https://lore.kernel.org/linux-wireless/20221018093921.GD1264@duo.ucw.cz/
>
> Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
> Signed-off-by: Kalle Valo <kvalo@kernel.org>
> Link: https://lore.kernel.org/r/20220727065003.28340-5-pkshih@realtek.com
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++-------------
> 1 file changed, 8 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
> index 8982e0c98dac..da1efec0aa85 100644
> --- a/drivers/net/wireless/realtek/rtw88/phy.c
> +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> @@ -816,23 +816,18 @@ static u8 rtw_phy_linear_2_db(u64 linear)
> u8 j;
> u32 dB;
>
> - if (linear >= db_invert_table[11][7])
> - return 96; /* maximum 96 dB */
> -
> for (i = 0; i < 12; i++) {
> - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7])
> - break;
> - else if (i > 2 && linear <= db_invert_table[i][7])
> - break;
> + for (j = 0; j < 8; j++) {
> + if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> + goto cnt;
> + else if (i > 2 && linear <= db_invert_table[i][j])
> + goto cnt;
> + }
> }
>
> - for (j = 0; j < 8; j++) {
> - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j])
> - break;
> - else if (i > 2 && linear <= db_invert_table[i][j])
> - break;
> - }
> + return 96; /* maximum 96 dB */
>
> +cnt:
> if (j == 0 && i == 0)
> goto end;
>
> --
> 2.35.1
>
>
>
>
> ------Please consider the environment before printing this e-mail.
^ permalink raw reply [flat|nested] 899+ messages in thread
* Re: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow
2022-10-21 0:12 ` Ping-Ke Shih
@ 2022-10-21 9:08 ` Greg Kroah-Hartman
0 siblings, 0 replies; 899+ messages in thread
From: Greg Kroah-Hartman @ 2022-10-21 9:08 UTC (permalink / raw)
To: Ping-Ke Shih; +Cc: linux-kernel, stable, Kevin Yang, Kalle Valo, Sasha Levin
On Fri, Oct 21, 2022 at 12:12:29AM +0000, Ping-Ke Shih wrote:
>
>
> > -----Original Message-----
> > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > Sent: Wednesday, October 19, 2022 4:33 PM
> > To: linux-kernel@vger.kernel.org
> > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>; stable@vger.kernel.org; Kevin Yang
> > <kevin_yang@realtek.com>; Ping-Ke Shih <pkshih@realtek.com>; Kalle Valo <kvalo@kernel.org>; Sasha Levin
> > <sashal@kernel.org>
> > Subject: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow
> >
> > From: Zong-Zhe Yang <kevin_yang@realtek.com>
> >
> > [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ]
> >
> > reported by smatch
> >
> > phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]'
> > 8 <= 8 (assuming for loop doesn't break)
> >
> > However, it seems to be a false alarm because we prevent it originally via
> > if (linear >= db_invert_table[11][7])
> > return 96; /* maximum 96 dB */
> >
> > Still, we adjust the code to be more readable and avoid smatch warning.
>
> Like Pavel mentioned [1], this patch is to avoid smatch warning, not a really
> bug. So, shouldn't take this patch.
>
> [1] https://lore.kernel.org/linux-wireless/20221018093921.GD1264@duo.ucw.cz/
Ok, will go drop now, thanks.
greg k-h
^ permalink raw reply [flat|nested] 899+ messages in thread
end of thread, other threads:[~2022-10-21 9:09 UTC | newest]
Thread overview: 899+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-19 8:21 [PATCH 6.0 000/862] 6.0.3-rc1 review Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 001/862] ALSA: oss: Fix potential deadlock at unregistration Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 002/862] ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 003/862] ALSA: usb-audio: Fix potential memory leaks Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 004/862] ALSA: usb-audio: Fix NULL dererence at error path Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 005/862] ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 006/862] ALSA: hda/realtek: Correct pin configs for ASUS G533Z Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 007/862] ALSA: hda/realtek: Add quirk for ASUS GV601R laptop Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 008/862] ALSA: hda/realtek: Add Intel Reference SSID to support headset keys Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 009/862] mtd: rawnand: atmel: Unmap streaming DMA mappings Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 010/862] io_uring: add custom opcode hooks on fail Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 011/862] io_uring/rw: dont lose partial IO result " Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 012/862] io_uring/net: dont lose partial send/recv " Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 013/862] io_uring/rw: fix unexpected link breakage Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 014/862] io_uring/rw: dont lose short results on io_setup_async_rw() Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 015/862] io_uring/net: fix fast_iov assignment in io_setup_async_msg() Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 016/862] io_uring/net: dont update msg_name if not provided Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 017/862] io_uring: limit registration w/ SINGLE_ISSUER Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 018/862] io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 019/862] io_uring/af_unix: defer registered files gc to io_uring release Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 020/862] io_uring: correct pinned_vm accounting Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 021/862] hv_netvsc: Fix race between VF offering and VF association message from host Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 022/862] cifs: destage dirty pages before re-reading them for cache=none Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 023/862] cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 024/862] iio: dac: ad5593r: Fix i2c read protocol requirements Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 025/862] iio: ltc2497: Fix reading conversion results Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 026/862] iio: adc: ad7923: fix channel readings for some variants Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 027/862] iio: pressure: dps310: Refactor startup procedure Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 028/862] iio: pressure: dps310: Reset chip after timeout Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 029/862] xhci: dbc: Fix memory leak in xhci_alloc_dbc() Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 030/862] usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video() Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 031/862] usb: add quirks for Lenovo OneLink+ Dock Greg Kroah-Hartman
2022-10-19 8:21 ` [PATCH 6.0 032/862] mmc: core: Add SD card quirk for broken discard Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 033/862] can: kvaser_usb: Fix use of uninitialized completion Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 034/862] can: kvaser_usb_leaf: Fix overread with an invalid command Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 035/862] can: kvaser_usb_leaf: Fix TX queue out of sync after restart Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 036/862] can: kvaser_usb_leaf: Fix CAN state " Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 037/862] mmc: renesas_sdhi: Fix rounding errors Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 038/862] mmc: sdhci-tegra: Use actual clock rate for SW tuning correction Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 039/862] mmc: sdhci-sprd: Fix minimum clock limit Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 040/862] i2c: designware: Fix handling of real but unexpected device interrupts Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 041/862] fs: dlm: fix race between test_bit() and queue_work() Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 042/862] fs: dlm: handle -EBUSY first in lock arg validation Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 043/862] fs: dlm: fix invalid derefence of sb_lvbptr Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 044/862] btf: Export bpf_dynptr definition Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 045/862] mbcache: Avoid nesting of cache->c_list_lock under bit locks Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 046/862] HID: multitouch: Add memory barriers Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 047/862] quota: Check next/prev free block number after reading from quota file Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 048/862] platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 049/862] arm64: dts: qcom: sdm845-mtp: correct ADC settle time Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 050/862] ASoC: wcd9335: fix order of Slimbus unprepare/disable Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 051/862] ASoC: wcd934x: " Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 052/862] hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 053/862] net: thunderbolt: Enable DMA paths only after rings are enabled Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 054/862] regulator: qcom_rpm: Fix circular deferral regression Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 055/862] arm64: topology: move store_cpu_topology() to shared code Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 056/862] riscv: topology: fix default topology reporting Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 057/862] RISC-V: Re-enable counter access from userspace Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 058/862] RISC-V: Make port I/O string accessors actually work Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 059/862] parisc: fbdev/stifb: Align graphics memory size to 4MB Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 060/862] parisc: Fix userspace graphics card breakage due to pgtable special bit Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 061/862] riscv: vdso: fix NULL deference in vdso_join_timens() when vfork Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 062/862] riscv: Allow PROT_WRITE-only mmap() Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 063/862] riscv: Make VM_WRITE imply VM_READ Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 064/862] riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 065/862] riscv: Pass -mno-relax only on lld < 15.0.0 Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 066/862] UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 067/862] nvmem: core: Fix memleak in nvmem_register() Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 068/862] nvme-multipath: fix possible hang in live ns resize with ANA access Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 069/862] Revert "drm/amdgpu: use dirty framebuffer helper" Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 070/862] dm: verity-loadpin: Only trust verity targets with enforcement Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 071/862] dmaengine: mxs: use platform_driver_register Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 072/862] dmaengine: qcom-adm: fix wrong sizeof config in slave_config Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 073/862] dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 074/862] drm/virtio: Check whether transferred 2D BO is shmem Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 075/862] drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 076/862] drm/virtio: Unlock reservations on dma_resv_reserve_fences() error Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 077/862] drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 078/862] drm/udl: Restore display mode on resume Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 079/862] arm64: mte: move register initialization to C Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 080/862] arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 081/862] arm64: errata: Add Cortex-A55 to the repeat tlbi list Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 082/862] clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 083/862] mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 084/862] mm/damon: validate if the pmd entry is present before accessing Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 085/862] mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 086/862] mm/mmap: undo ->mmap() when arch_validate_flags() fails Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 087/862] xen/gntdev: Prevent leaking grants Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 088/862] xen/gntdev: Accommodate VMA splitting Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 089/862] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 090/862] serial: cpm_uart: Dont request IRQ too early for console port Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 091/862] serial: stm32: Deassert Transmit Enable on ->rs485_config() Greg Kroah-Hartman
2022-10-19 8:22 ` [PATCH 6.0 092/862] serial: Deassert Transmit Enable on probe in driver-specific way Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 093/862] serial: ar933x: Deassert Transmit Enable on ->rs485_config() Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 094/862] serial: 8250: Let drivers request full 16550A feature probing Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 095/862] serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 096/862] NFSD: Protect against send buffer overflow in NFSv3 READDIR Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 097/862] NFSD: Protect against send buffer overflow in NFSv2 READ Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 098/862] NFSD: Protect against send buffer overflow in NFSv3 READ Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 099/862] cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 100/862] LoadPin: Fix Kconfig doc about format of file with verity digests Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 101/862] powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 102/862] powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 103/862] powerpc/boot: Explicitly disable usage of SPE instructions Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 104/862] slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 105/862] slimbus: qcom-ngd: cleanup in probe error path Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 106/862] scsi: lpfc: Rework MIB Rx Monitor debug info logic Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 107/862] scsi: qedf: Populate sysfs attributes for vport Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 108/862] gpio: rockchip: request GPIO mux to pinctrl when setting direction Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 109/862] pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 110/862] fbdev: smscufx: Fix use-after-free in ufx_ops_open() Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 111/862] hwrng: core - let sleep be interrupted when unregistering hwrng Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 112/862] smb3: do not log confusing message when server returns no network interfaces Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 113/862] ksmbd: fix incorrect handling of iterate_dir Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 114/862] ksmbd: fix endless loop when encryption for response fails Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 115/862] ksmbd: Fix wrong return value and message length check in smb2_ioctl() Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 116/862] ksmbd: Fix user namespace mapping Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 117/862] fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 118/862] btrfs: fix alignment of VMA for memory mapped files on THP Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 119/862] btrfs: enhance unsupported compat RO flags handling Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 120/862] btrfs: fix race between quota enable and quota rescan ioctl Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 121/862] btrfs: fix missed extent on fsync after dropping extent maps Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 122/862] btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 123/862] f2fs: fix wrong continue condition in GC Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 124/862] f2fs: complete checkpoints during remount Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 125/862] f2fs: flush pending checkpoints when freezing super Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 126/862] f2fs: increase the limit for reserve_root Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 127/862] f2fs: fix to do sanity check on destination blkaddr during recovery Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 128/862] f2fs: fix to do sanity check on summary info Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 129/862] f2fs: allow direct read for zoned device Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 130/862] jbd2: wake up journal waiters in FIFO order, not LIFO Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 131/862] jbd2: fix potential buffer head reference count leak Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 132/862] jbd2: fix potential use-after-free in jbd2_fc_wait_bufs Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 133/862] jbd2: add miss release buffer head in fc_do_one_pass() Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 134/862] ext2: Add sanity checks for group and filesystem size Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 135/862] ext4: avoid crash when inline data creation follows DIO write Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 136/862] ext4: fix null-ptr-deref in ext4_write_info Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 137/862] ext4: make ext4_lazyinit_thread freezable Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 138/862] ext4: fix check for block being out of directory size Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 139/862] ext4: dont increase iversion counter for ea_inodes Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 140/862] ext4: unconditionally enable the i_version counter Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 141/862] ext4: ext4_read_bh_lock() should submit IO if the buffer isnt uptodate Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 142/862] ext4: place buffer head allocation before handle start Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 143/862] ext4: fix i_version handling in ext4 Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 144/862] ext4: fix dir corruption when ext4_dx_add_entry() fails Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 145/862] ext4: fix miss release buffer head in ext4_fc_write_inode Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 146/862] ext4: fix potential memory leak in ext4_fc_record_modified_inode() Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 147/862] ext4: fix potential memory leak in ext4_fc_record_regions() Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 148/862] ext4: update state->fc_regions_size after successful memory allocation Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 149/862] livepatch: fix race between fork and KLP transition Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 150/862] ftrace: Properly unset FTRACE_HASH_FL_MOD Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 151/862] ftrace: Still disable enabled records marked as disabled Greg Kroah-Hartman
2022-10-19 8:23 ` [PATCH 6.0 152/862] ring-buffer: Allow splice to read previous partially read pages Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 153/862] ring-buffer: Have the shortest_full queue be the shortest not longest Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 154/862] ring-buffer: Check pending waiters when doing wake ups as well Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 155/862] ring-buffer: Add ring_buffer_wake_waiters() Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 156/862] ring-buffer: Fix race between reset page and reading page Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 157/862] tracing/eprobe: Fix alloc event dir failed when event name no set Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 158/862] tracing: Disable interrupt or preemption before acquiring arch_spinlock_t Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 159/862] tracing: Wake up ring buffer waiters on closing of the file Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 160/862] tracing: Wake up waiters when tracing is disabled Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 161/862] tracing: Add ioctl() to force ring buffer waiters to wake up Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 162/862] tracing: Do not free snapshot if tracer is on cmdline Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 163/862] tracing: Move duplicate code of trace_kprobe/eprobe.c into header Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 164/862] tracing: Add "(fault)" name injection to kernel probes Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 165/862] tracing: Fix reading strings from synthetic events Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 166/862] rpmsg: char: Avoid double destroy of default endpoint Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 167/862] thunderbolt: Explicitly enable lane adapter hotplug events at startup Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 168/862] efi: libstub: drop pointless get_memory_map() call Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 169/862] media: cedrus: Fix watchdog race condition Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 170/862] media: cedrus: Set the platform driver data earlier Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 171/862] media: cedrus: Fix endless loop in cedrus_h265_skip_bits() Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 172/862] blk-throttle: fix that io throttle can only work for single bio Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 173/862] blk-wbt: call rq_qos_add() after wb_normal is initialized Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 174/862] KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 175/862] KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 176/862] KVM: nVMX: Dont propagate vmcs12s PERF_GLOBAL_CTRL settings to vmcs02 Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 177/862] KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 178/862] KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 179/862] staging: greybus: audio_helper: remove unused and wrong debugfs usage Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 180/862] drm/nouveau/kms/nv140-: Disable interlacing Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 181/862] drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 182/862] drm/i915/gt: Use i915_vm_put on ppgtt_create error paths Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 183/862] drm/i915/guc: Fix revocation of non-persistent contexts Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 184/862] drm/i915: Fix watermark calculations for gen12+ RC CCS modifier Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 185/862] drm/i915: Fix watermark calculations for gen12+ MC " Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 186/862] drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 187/862] drm/i915: Fix watermark calculations for DG2 CCS modifiers Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 188/862] drm/i915: Fix watermark calculations for DG2 CCS+CC modifier Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 189/862] drm/i915: Fix display problems after resume Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 190/862] drm/amd/display: Fix watermark calculation Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 191/862] drm/amd/display: Update PMFW z-state interface for DCN314 Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 192/862] drm/amd/display: zeromem mypipe heap struct before using it Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 193/862] drm/amd/display: Validate DSC After Enable All New CRTCs Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 194/862] drm/amd/display: Enable dpia support for dcn314 Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 195/862] drm/amd/display: Enable 2 to 1 ODM policy if supported Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 196/862] drm/amd/display: Fix vblank refcount in vrr transition Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 197/862] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 198/862] drm/amd/display: explicitly disable psr_feature_enable appropriately Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 199/862] drm/amdgpu: Enable VCN PG on GC11_0_1 Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 200/862] drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 201/862] smb3: must initialize two ACL struct fields to zero Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 202/862] selinux: use "grep -E" instead of "egrep" Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 203/862] ima: fix blocking of security.ima xattrs of unsupported algorithms Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 204/862] userfaultfd: open userfaultfds with O_RDONLY Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 205/862] ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 206/862] acl: return EOPNOTSUPP in posix_acl_fix_xattr_common() Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 207/862] thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 208/862] cpufreq: amd-pstate: Fix initial highest_perf value Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 209/862] sh: machvec: Use char[] for section boundaries Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 210/862] MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create() Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 211/862] MIPS: SGI-IP27: " Greg Kroah-Hartman
2022-10-19 8:24 ` [PATCH 6.0 212/862] erofs: fix order >= MAX_ORDER warning due to crafted negative i_size Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 213/862] erofs: use kill_anon_super() to kill super in fscache mode Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 214/862] ARM: 9243/1: riscpc: Unbreak the build Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 215/862] ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 216/862] ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 217/862] ACPI: PCC: Release resources on address space setup failure path Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 218/862] ACPI: PCC: replace wait_for_completion() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 219/862] ACPI: PCC: Fix Tx acknowledge in the PCC address space handler Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 220/862] objtool: Preserve special st_shndx indexes in elf_update_symbol Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 221/862] nfsd: Fix a memory leak in an error handling path Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 222/862] SUNRPC: Fix svcxdr_init_decodes end-of-buffer calculation Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 223/862] SUNRPC: Fix svcxdr_init_encodes buflen calculation Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 224/862] NFSD: Protect against send buffer overflow in NFSv2 READDIR Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 225/862] NFSD: Fix handling of oversized NFSv4 COMPOUND requests Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 226/862] x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 227/862] m68k: Process bootinfo records before saving them Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 228/862] libbpf: Initialize err in probe_map_create Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 229/862] wifi: rtlwifi: 8192de: correct checking of IQK reload Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 230/862] wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 231/862] wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 232/862] bpf: Cleanup check_refcount_ok Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 233/862] bpf: Fix ref_obj_id for dynptr data slices in verifier Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 234/862] leds: lm3601x: Dont use mutex after it was destroyed Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 235/862] tsnep: Fix TSNEP_INFO_TX_TIME register define Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 236/862] net: prestera: cache port state for non-phylink ports too Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 237/862] bpf: Fix reference state management for synchronous callbacks Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 238/862] wifi: mac80211: properly set old_links when removing a link Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 239/862] wifi: cfg80211: get correct AP link chandef Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 240/862] wifi: mac80211: fix use-after-free Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 241/862] wifi: mac80211: mlme: dont add empty EML capabilities Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 242/862] wifi: mac80211_hwsim: fix link change handling Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 243/862] wifi: mac80211: allow bw change during channel switch in mesh Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 244/862] bpftool: Fix a wrong type cast in btf_dumper_int Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 245/862] ice: set tx_tstamps when creating new Tx rings via ethtool Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 246/862] audit: explicitly check audit_context->context enum value Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 247/862] audit: free audit_proctitle only on task exit Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 248/862] esp: choose the correct inner protocol for GSO on inter address family tunnels Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 249/862] spi: mt7621: Fix an error message in mt7621_spi_probe() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 250/862] x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 251/862] xsk: Fix backpressure mechanism on Tx Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 252/862] selftests/xsk: Add missing close() on netns fd Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 253/862] bpf: Disable preemption when increasing per-cpu map_locked Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 254/862] bpf: Propagate error from htab_lock_bucket() to userspace Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 255/862] wifi: ath11k: Fix incorrect QMI message ID mappings Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 256/862] bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 257/862] bpf: Use this_cpu_{inc_return|dec} for prog->active Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 258/862] Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 259/862] bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 260/862] wifi: rtw89: pci: fix interrupt stuck after leaving low power mode Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 261/862] wifi: rtw89: pci: correct TX resource checking in " Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 262/862] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 263/862] wifi: wfx: prevent underflow in wfx_send_pds() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 264/862] wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 265/862] selftests/xsk: Avoid use-after-free on ctx Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 266/862] wifi: mac80211: mlme: assign link address correctly Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 267/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 268/862] spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 269/862] wifi: rtl8xxxu: Fix skb misuse in TX queue selection Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 270/862] spi: meson-spicc: do not rely on busy flag in pow2 clk ops Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 271/862] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Greg Kroah-Hartman
2022-10-19 8:25 ` [PATCH 6.0 272/862] wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 273/862] wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 274/862] Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 275/862] wifi: mt76: mt7921e: fix race issue between reset and suspend/resume Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 276/862] wifi: mt76: mt7921s: " Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 277/862] wifi: mt76: mt7921u: " Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 278/862] wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 279/862] wifi: mt76: sdio: poll sta stat when device transmits data Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 280/862] wifi: mt76: mt7915: fix an uninitialized variable bug Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 281/862] wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 282/862] wifi: mt76: sdio: fix transmitting packet hangs Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 283/862] wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 284/862] wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 285/862] wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 286/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 287/862] wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 288/862] wifi: mt76: mt7921: fix the firmware version report Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 289/862] wifi: mt76: mt7915: fix mcs value in ht mode Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 290/862] wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 291/862] wifi: mt76: mt7915: do not check state before configuring implicit beamform Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 292/862] wifi: mt76: mt7921e: fix rmmod crash in driver reload test Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 293/862] Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 294/862] net: fs_enet: Fix wrong check in do_pd_setup Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 295/862] bpf: Ensure correct locking around vulnerable function find_vpid() Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 296/862] libbpf: Fix crash if SEC("freplace") programs dont have attach_prog_fd set Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 297/862] wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 298/862] Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 299/862] libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 300/862] netfilter: conntrack: fix the gc rescheduling delay Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 301/862] netfilter: conntrack: revisit the gc initial rescheduling bias Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 302/862] bpf, cgroup: Reject prog_attach_flags array when effective query Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 303/862] bpftool: Fix wrong cgroup attach flags being assigned to effective progs Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 304/862] selftests/bpf: Adapt cgroup effective query uapi change Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 305/862] flow_dissector: Do not count vlan tags inside tunnel payload Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 306/862] mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 307/862] wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 308/862] wifi: ath11k: fix number of VHT beamformee spatial streams Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 309/862] mips: dts: ralink: mt7621: fix external phy on GB-PC2 Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 310/862] x86/microcode/AMD: Track patch allocation size explicitly Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 311/862] libbpf: restore memory layout of bpf_object_open_opts Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 312/862] wifi: ath11k: fix peer addition/deletion error on sta band migration Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 313/862] x86/cpu: Include the header of init_ia32_feat_ctl()s prototype Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 314/862] spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 315/862] spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 316/862] spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 317/862] skmsg: Schedule psock work if the cached skb exists on the psock Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 318/862] cw1200: fix incorrect check to determine if no element is found in list Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 319/862] libbpf: Dont require full struct enum64 in UAPI headers Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 320/862] i2c: mlxbf: support lock mechanism Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 321/862] Bluetooth: hci_core: Fix not handling link timeouts propertly Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 322/862] xfrm: Reinject transport-mode packets through workqueue Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 323/862] netfilter: nft_fib: Fix for rpath check with VRF devices Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 324/862] spi: s3c64xx: Fix large transfers with DMA Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 325/862] Bluetooth: Prevent double register of suspend Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 326/862] wifi: rtl8xxxu: gen2: Enable 40 MHz channel width Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 327/862] wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 328/862] vhost/vsock: Use kvmalloc/kvfree for larger packets Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 329/862] eth: alx: take rtnl_lock on resume Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 330/862] mISDN: fix use-after-free bugs in l1oip timer handlers Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 331/862] sctp: handle the error returned from sctp_auth_asoc_init_active_key Greg Kroah-Hartman
2022-10-19 8:26 ` [PATCH 6.0 332/862] tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 333/862] spi: Ensure that sg_table wont be used after being freed Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 334/862] Bluetooth: hci_sync: Fix not indicating power state Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 335/862] hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 336/862] net: rds: dont hold sock lock when cancelling work from rds_tcp_reset_callbacks() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 337/862] af_unix: Fix memory leaks of the whole sk due to OOB skb Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 338/862] net: prestera: acl: Add check for kmemdup Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 339/862] eth: lan743x: reject extts for non-pci11x1x devices Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 340/862] bnx2x: fix potential memory leak in bnx2x_tpa_stop() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 341/862] eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 342/862] net: wwan: iosm: Call mutex_init before locking it Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 343/862] net/ieee802154: reject zero-sized raw_sendmsg() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 344/862] once: add DO_ONCE_SLOW() for sleepable contexts Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 345/862] net: mvpp2: fix mvpp2 debugfs leak Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 346/862] drm: bridge: adv7511: fix CEC power down control register offset Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 347/862] drm: bridge: adv7511: unregister cec i2c device after cec adapter Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 348/862] drm/bridge: Avoid uninitialized variable warning Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 349/862] drm/mipi-dsi: Detach devices when removing the host Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 350/862] drm/vc4: drv: Call component_unbind_all() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 351/862] drm/bridge: it6505: Power on downstream device in .atomic_enable Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 352/862] video/aperture: Disable and unregister sysfb devices via aperture helpers Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 353/862] drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 354/862] drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 355/862] drm/bridge: tc358767: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 356/862] drm/bridge: parade-ps8640: Fix regulator supply order Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 357/862] drm/format-helper: Fix test on big endian architectures Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 358/862] drm/dp_mst: fix drm_dp_dpcd_read return value checks Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 359/862] drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 360/862] ASoC: mt6359: fix tests for platform_get_irq() failure Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 361/862] ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 362/862] drm/msm: Make .remove and .shutdown HW shutdown consistent Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 363/862] platform/chrome: fix double-free in chromeos_laptop_prepare() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 364/862] platform/chrome: fix memory corruption in ioctl Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 365/862] drm/i915/dg2: Bump up CDCLK for DG2 Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 366/862] drm/virtio: Fix same-context optimization Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 367/862] ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 368/862] ASoC: tas2764: Allow mono streams Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 369/862] ASoC: tas2764: Drop conflicting set_bias_level power setting Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 370/862] ASoC: tas2764: Fix mute/unmute Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 371/862] platform/x86: msi-laptop: Fix old-ec check for backlight registering Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 372/862] platform/x86: msi-laptop: Fix resource cleanup Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 373/862] drm/panel: use select for Ili9341 panel driver helpers Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 374/862] drm: fix drm_mipi_dbi build errors Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 375/862] platform/chrome: cros_ec_typec: Add bit offset for DP VDO Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 376/862] platform/chrome: cros_ec_typec: Correct alt mode index Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 377/862] drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 378/862] drm/bridge: megachips: Fix a null pointer dereference bug Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 379/862] drm/bridge: it6505: Fix the order of DP_SET_POWER commands Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 380/862] ASoC: rsnd: Add check for rsnd_mod_power_on Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 381/862] ASoC: wm_adsp: Handle optional legacy support Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 382/862] ALSA: hda: beep: Simplify keep-power-at-enable behavior Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 383/862] drm/virtio: set fb_modifiers_not_supported Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 384/862] drm/bochs: fix blanking Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 385/862] ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 386/862] ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 387/862] drm/omap: dss: Fix refcount leak bugs Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 388/862] drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 389/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 390/862] mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 391/862] ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API Greg Kroah-Hartman
2022-10-19 8:27 ` [PATCH 6.0 392/862] drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 393/862] drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 394/862] drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 395/862] ALSA: hda/hdmi: change type for the assigned variable Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 396/862] ALSA: hda/hdmi: Fix the converter allocation for the silent stream Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 397/862] ALSA: usb-audio: Properly refcounting clock rate Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 398/862] ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 399/862] drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 400/862] virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 401/862] ASoC: codecs: tx-macro: fix kcontrol put Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 402/862] ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 403/862] ALSA: dmaengine: increment buffer pointer atomically Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 404/862] mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 405/862] ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 406/862] ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 407/862] ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 408/862] ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()" Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 409/862] ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 410/862] ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 411/862] ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 412/862] ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 413/862] ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 414/862] ALSA: hda/hdmi: Dont skip notification handling during PM operation Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 415/862] memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 416/862] memory: of: Fix refcount leak bug in of_get_ddr_timings() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 417/862] memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 418/862] locks: fix TOCTOU race when granting write lease Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 419/862] soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 420/862] soc: qcom: smem_state: Add refcounting for the state->of_node Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 421/862] ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 422/862] arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 423/862] arm64: dts: renesas: r9a07g054: " Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 424/862] arm64: dts: renesas: r9a07g043: " Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 425/862] dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1 Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 426/862] arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 427/862] arm64: dts: qcom: sc7280: Cleanup the lpasscc node Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 428/862] arm64: dts: qcom: sc7280: Update lpasscore node Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 429/862] arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 430/862] arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: " Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 431/862] arm64: dts: qcom: sa8295p-adp: " Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 432/862] arm64: dts: qcom: pm8350c: Drop PWM reg declaration Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 433/862] arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 434/862] ARM: dts: turris-omnia: Fix mpp26 pin name and comment Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 435/862] ARM: dts: kirkwood: lsxl: fix serial line Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 436/862] ARM: dts: kirkwood: lsxl: remove first ethernet port Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 437/862] arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 438/862] arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node Greg Kroah-Hartman
2022-10-19 15:33 ` Johan Hovold
2022-10-19 15:40 ` Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 439/862] ia64: export memory_add_physaddr_to_nid to fix cxl build error Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 440/862] arm64: dts: qcom: sm8350-sagami: correct TS pin property Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 441/862] soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse() Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 442/862] soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 443/862] arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 444/862] arm64: dts: qcom: sm8450: fix UFS " Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 445/862] arm64: dts: ti: k3-j7200: fix main pinmux range Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 446/862] ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 447/862] ARM: Drop CMDLINE_* dependency on ATAGS Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 448/862] ext4: continue to expand file system when the target size doesnt reach Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 449/862] ext4: dont run ext4lazyinit for read-only filesystems Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 450/862] arm64: ftrace: fix module PLTs with mcount Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 451/862] arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2 Greg Kroah-Hartman
2022-10-19 8:28 ` [PATCH 6.0 452/862] ARM: dts: exynos: fix polarity of VBUS GPIO of Origen Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 453/862] iomap: iomap: fix memory corruption when recording errors during writeback Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 454/862] selftests/cpu-hotplug: Use return instead of exit Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 455/862] selftests/cpu-hotplug: Delete fault injection related code Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 456/862] selftests/cpu-hotplug: Reserve one cpu online at least Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 457/862] iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 458/862] iio: adc: at91-sama5d2_adc: check return status for pressure and touch Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 459/862] iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 460/862] iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 461/862] iio: inkern: only release the device node when done with it Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 462/862] iio: inkern: fix return value in devm_of_iio_channel_get_by_name() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 463/862] iio: ABI: Fix wrong format of differential capacitance channel ABI Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 464/862] iio: magnetometer: yas530: Change data type of hard_offsets to signed Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 465/862] RDMA/mlx5: Dont compare mkey tags in DEVX indirect mkey Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 466/862] usb: common: usb-conn-gpio: Simplify some error message Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 467/862] usb: common: debug: Check non-standard control requests Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 468/862] clk: meson: Hold reference returned by of_get_parent() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 469/862] clk: st: " Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 470/862] clk: oxnas: " Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 471/862] clk: qoriq: " Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 472/862] clk: berlin: Add of_node_put() for of_get_parent() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 473/862] clk: sprd: Hold reference returned by of_get_parent() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 474/862] coresight: docs: Fix a broken reference Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 475/862] clk: tegra: Fix refcount leak in tegra210_clock_init Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 476/862] clk: tegra: Fix refcount leak in tegra114_clock_init Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 477/862] clk: tegra20: Fix refcount leak in tegra20_clock_init Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 478/862] clk: samsung: exynosautov9: correct register offsets of peric0/c1 Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 479/862] sbitmap: fix possible io hung due to lost wakeup Greg Kroah-Hartman
2022-10-19 15:06 ` Hugh Dickins
2022-10-19 17:25 ` Greg Kroah-Hartman
2022-10-19 17:37 ` Jens Axboe
2022-10-19 8:29 ` [PATCH 6.0 480/862] HID: uclogic: Add missing suffix for digitalizers Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 481/862] HID: uclogic: Fix warning in uclogic_rdesc_template_apply Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 482/862] HSI: omap_ssi: Fix refcount leak in ssi_probe Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 483/862] HSI: omap_ssi_port: Fix dma_map_sg error check Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 484/862] clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 485/862] media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 486/862] media: airspy: fix memory leak in airspy probe Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 487/862] tty: xilinx_uartps: Check clk_enable return value Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 488/862] tty: xilinx_uartps: Fix the ignore_status Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 489/862] media: mediatek: vcodec: Skip non CBR bitrate mode Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 490/862] media: amphion: insert picture startcode after seek for vc1g format Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 491/862] media: amphion: adjust the encoders value range of gop size Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 492/862] media: amphion: dont change the colorspace reported by decoder Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 493/862] media: amphion: fix a bug that vpu core may not resume after suspend Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 494/862] media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 495/862] media: uvcvideo: Fix memory leak in uvc_gpio_parse Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 496/862] media: uvcvideo: Use entity get_cur in uvc_ctrl_set Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 497/862] media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 498/862] RDMA/rxe: Fix "kernel NULL pointer dereference" error Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 499/862] RDMA/rxe: Fix the error caused by qp->sk Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 500/862] clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intfs parent Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 501/862] clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintfs parent Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 502/862] clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 503/862] misc: ocxl: fix possible refcount leak in afu_ioctl() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 504/862] fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 505/862] fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 506/862] phy: rockchip-inno-usb2: Return zero after otg sync Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 507/862] dmaengine: idxd: avoid deadlock in process_misc_interrupts() Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 508/862] dmaengine: hisilicon: Disable channels when unregister hisi_dma Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 509/862] dmaengine: hisilicon: Fix CQ head update Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 510/862] dmaengine: hisilicon: Add multi-thread support for a DMA channel Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 511/862] iio: Use per-device lockdep class for mlock Greg Kroah-Hartman
2022-10-19 8:29 ` [PATCH 6.0 512/862] usb: gadget: f_fs: stricter integer overflow checks Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 513/862] dyndbg: fix static_branch manipulation Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 514/862] dyndbg: fix module.dyndbg handling Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 515/862] dyndbg: let query-modname override actual module name Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 516/862] dyndbg: drop EXPORTed dynamic_debug_exec_queries Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 517/862] sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() Greg Kroah-Hartman
2022-10-19 15:08 ` Hugh Dickins
2022-10-19 8:30 ` [PATCH 6.0 518/862] clk: qcom: sm6115: Select QCOM_GDSC Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 519/862] scsi: lpfc: Fix various issues reported by tools Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 520/862] mtd: devices: docg3: check the return value of devm_ioremap() in the probe Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 521/862] remoteproc: Harden rproc_handle_vdev() against integer overflow Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 522/862] phy: qcom-qmp-usb: disable runtime PM on unbind Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 523/862] phy: qcom-qmp-pcie: add pcs_misc sanity check Greg Kroah-Hartman
2022-10-19 9:15 ` Johan Hovold
2022-10-19 10:41 ` Greg Kroah-Hartman
2022-10-19 11:28 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 524/862] phy: qcom-qmp-pcie: fix memleak on probe deferral Greg Kroah-Hartman
2022-10-19 9:17 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 525/862] phy: qcom-qmp-pcie-msm8996: " Greg Kroah-Hartman
2022-10-19 9:18 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 526/862] phy: qcom-qmp-combo: " Greg Kroah-Hartman
2022-10-19 9:18 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 527/862] phy: qcom-qmp-ufs: " Greg Kroah-Hartman
2022-10-19 9:18 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 528/862] phy: qcom-qmp-usb: " Greg Kroah-Hartman
2022-10-19 9:19 ` Johan Hovold
2022-10-19 8:30 ` [PATCH 6.0 529/862] phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 530/862] phy: phy-mtk-tphy: fix the phy type setting issue Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 531/862] mtd: rawnand: intel: Read the chip-select line from the correct OF node Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 532/862] mtd: rawnand: intel: Remove undocumented compatible string Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 533/862] mtd: rawnand: fsl_elbc: Fix none ECC mode Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 534/862] RDMA/irdma: Align AE id codes to correct flush code and event Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 535/862] RDMA/irdma: Validate udata inlen and outlen Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 536/862] RDMA/srp: Fix srp_abort() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 537/862] RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 538/862] RDMA/siw: Fix QP destroy to wait for all references dropped Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 539/862] ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 540/862] ata: fix ata_id_has_devslp() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 541/862] ata: fix ata_id_has_ncq_autosense() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 542/862] ata: fix ata_id_has_dipm() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 543/862] mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 544/862] block: Fix the enum blk_eh_timer_return documentation Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 545/862] eventfd: guard wake_up in eventfd fs calls as well Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 546/862] io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 547/862] md: Replace snprintf with scnprintf Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 548/862] md/raid5: Ensure stripe_fill happens on non-read IO with journal Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 549/862] md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 550/862] md: Remove extra mddev_get() in md_seq_start() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 551/862] RDMA/cm: Use SLID in the work completion as the DLID in responder side Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 552/862] IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 553/862] xhci: Dont show warning for reinit on known broken suspend Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 554/862] usb: gadget: function: fix dangling pnp_string in f_printer.c Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 555/862] usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 556/862] usb: dwc3: core: fix some leaks in probe Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 557/862] drivers: serial: jsm: " Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 558/862] serial: 8250: Toggle IER bits on only after irq has been set up Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 559/862] tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 560/862] phy: qualcomm: call clk_disable_unprepare in the error handling Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 561/862] staging: vt6655: fix some erroneous memory clean-up loops Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 562/862] slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 563/862] firmware: google: Test spinlock on panic path to avoid lockups Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 564/862] serial: 8250: Fix restoring termios speed after suspend Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 565/862] scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 566/862] scsi: pm8001: Fix running_req for internal abort commands Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 567/862] scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 568/862] clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 569/862] clk: qcom: gcc-sm6115: Override default Alpha PLL regs Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 570/862] nvmet-auth: dont try to cancel a non-initialized work_struct Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 571/862] RDMA/rxe: Set pd early in mr alloc routines Greg Kroah-Hartman
2022-10-19 8:30 ` [PATCH 6.0 572/862] RDMA/rxe: Fix resize_finish() in rxe_queue.c Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 573/862] fsi: core: Check error number after calling ida_simple_get Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 574/862] mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 575/862] mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 576/862] mfd: lp8788: Fix an error handling path in lp8788_probe() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 577/862] mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 578/862] mfd: fsl-imx25: Fix check for platform_get_irq() errors Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 579/862] mfd: sm501: Add check for platform_driver_register() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 580/862] mfd: da9061: Fix Failed to set Two-Wire Bus Mode Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 581/862] clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 582/862] clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 583/862] clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 584/862] clk: mediatek: Migrate remaining clk_unregister_*() to clk_hw_unregister_*() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 585/862] phy: qcom-qmp-pcie: fix resource mapping for SDM845 QHP PHY Greg Kroah-Hartman
2022-10-19 9:20 ` Johan Hovold
2022-10-19 8:31 ` [PATCH 6.0 586/862] io_uring/rw: defer fsnotify calls to task context Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 587/862] dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 588/862] HID: amd_sfh: Handle condition of "no sensors" for SFH1.1 Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 589/862] usb: mtu3: fix failed runtime suspend in host only mode Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 590/862] spmi: pmic-arb: correct duplicate APID to PPID mapping logic Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 591/862] clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 592/862] clk: baikal-t1: Fix invalid xGMAC PTP clock divider Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 593/862] clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 594/862] clk: baikal-t1: Add SATA internal ref clock buffer Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 595/862] clk: bcm2835: Make peripheral PLLC critical Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 596/862] clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 597/862] clk: imx8mp: tune the order of enet_qos_root_clk Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 598/862] clk: imx: scu: fix memleak on platform_device_add() fails Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 599/862] clk: ti: Balance of_node_get() calls for of_find_node_by_name() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 600/862] clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 601/862] clk: ast2600: BCLK comes from EPLL Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 602/862] mailbox: imx: fix RST channel support Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 603/862] mailbox: mpfs: fix handling of the reg property Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 604/862] mailbox: mpfs: account for mbox offsets while sending Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 605/862] mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 606/862] ipc: mqueue: fix possible memory leak in init_mqueue_fs() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 607/862] powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 608/862] powerpc/math_emu/efp: Include module.h Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 609/862] powerpc/sysdev/fsl_msi: Add missing of_node_put() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 610/862] powerpc/pci_dn: " Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 611/862] powerpc/powernv: add missing of_node_put() in opal_export_attrs() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 612/862] cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 613/862] powerpc: dts: turris1x.dts: Fix NOR partitions labels Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 614/862] powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 615/862] powerpc: Fix fallocate and fadvise64_64 compat parameter combination Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 616/862] x86/hyperv: Fix struct hv_enlightened_vmcs definition Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 617/862] powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 618/862] powerpc/64/interrupt: Fix false warning in context tracking due to idle state Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 619/862] powerpc/64: mark irqs hard disabled in boot paca Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 620/862] powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 621/862] powerpc: Fix SPE Power ISA properties for e500v1 platforms Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 622/862] powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 623/862] powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 624/862] crypto: sahara - dont sleep when in softirq Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 625/862] crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 626/862] hwrng: arm-smccc-trng - fix NO_ENTROPY handling Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 627/862] crypto: ccp - Fail the PSP initialization when writing psp data file failed Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 628/862] cgroup: Honor callers cgroup NS when resolving path Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 629/862] hwrng: imx-rngc - use devm_clk_get_enabled Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 630/862] hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 631/862] crypto: qat - fix default value of WDT timer Greg Kroah-Hartman
2022-10-19 8:31 ` [PATCH 6.0 632/862] crypto: hisilicon/qm - fix missing put dfx access Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 633/862] cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 634/862] iommu/omap: Fix buffer overflow in debugfs Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 635/862] crypto: akcipher - default implementation for setting a private key Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 636/862] crypto: ccp - Release dma channels before dmaengine unrgister Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 637/862] crypto: inside-secure - Change swab to swab32 Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 638/862] crypto: qat - fix DMA transfer direction Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 639/862] clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 640/862] clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 641/862] cifs: return correct error in ->calc_signature() Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 642/862] iommu/iova: Fix module config properly Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 643/862] tracing: kprobe: Fix kprobe event gen test module on exit Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 644/862] tracing: kprobe: Make gen test module work in arm and riscv Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 645/862] tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 646/862] ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 647/862] kbuild: remove the target in signal traps when interrupted Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 648/862] linux/export: use inline assembler to populate symbol CRCs Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 649/862] kbuild: rpm-pkg: fix breakage when V=1 is used Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 650/862] crypto: marvell/octeontx - prevent integer overflows Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 651/862] crypto: cavium - prevent integer overflow loading firmware Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 652/862] random: schedule jitter credit for next jiffy, not in two jiffies Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 653/862] thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 654/862] ACPI: APEI: do not add task_work to kernel thread to avoid memory leak Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 655/862] f2fs: fix race condition on setting FI_NO_EXTENT flag Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 656/862] f2fs: fix to account FS_CP_DATA_IO correctly Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 657/862] tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 658/862] selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 659/862] =?UTF-8?q?ARM/dma-mapp=D1=96ng:=20dont=20override=20->dma=5Fcohe?= =?UTF-8?q?rent=20when=20set=20from=20a=20bus=20notifier?= Greg Kroah-Hartman
2022-10-19 9:14 ` Russell King (Oracle)
2022-10-19 10:36 ` Christoph Hellwig
2022-10-19 10:39 ` Greg Kroah-Hartman
2022-10-20 1:46 ` [PATCH 6.0 659/862] ARM/dma-mappіng: dont override ->dma_coherent when set from a bus notifier Bagas Sanjaya
2022-10-19 8:32 ` [PATCH 6.0 660/862] module: tracking: Keep a record of tainted unloaded modules only Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 661/862] fs: dlm: fix race in lowcomms Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 662/862] rcu: Avoid triggering strict-GP irq-work when RCU is idle Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 663/862] rcu: Back off upon fill_page_cache_func() allocation failure Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 664/862] rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 665/862] rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 666/862] cpufreq: amd_pstate: fix wrong lowest perf fetch Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 667/862] ACPI: video: Add Toshiba Satellite/Portege Z830 quirk Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 668/862] fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 669/862] ACPI: tables: FPDT: Dont call acpi_os_map_memory() on invalid phys address Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 670/862] cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 671/862] MIPS: BCM47XX: Cast memcmp() of function to (void *) Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 672/862] powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 673/862] thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 674/862] ARM: decompressor: Include .data.rel.ro.local Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 675/862] ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 676/862] x86/entry: Work around Clang __bdos() bug Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 677/862] NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 678/862] NFSD: fix use-after-free on source server when doing inter-server copy Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 679/862] libbpf: Ensure functions with always_inline attribute are inline Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 680/862] libbpf: Do not require executable permission for shared libraries Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow Greg Kroah-Hartman
2022-10-21 0:12 ` Ping-Ke Shih
2022-10-21 9:08 ` Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 682/862] wifi: brcmfmac: fix invalid address access when enabling SCAN log level Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 683/862] bpftool: Clear errno after libcaps checks Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 684/862] net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 685/862] openvswitch: Fix double reporting of drops in dropwatch Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 686/862] openvswitch: Fix overreporting " Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 687/862] tcp: annotate data-race around tcp_md5sig_pool_populated Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 688/862] micrel: ksz8851: fixes struct pointer issue Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 689/862] wifi: mac80211: accept STA changes without link changes Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 690/862] x86/mce: Retrieve poison range from hardware Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 691/862] wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() Greg Kroah-Hartman
2022-10-19 8:32 ` [PATCH 6.0 692/862] thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 693/862] x86/apic: Dont disable x2APIC if locked Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 694/862] net: axienet: Switch to 64-bit RX/TX statistics Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 695/862] net-next: Fix IP_UNICAST_IF option behavior for connected sockets Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 696/862] xfrm: Update ipcomp_scratches with NULL when freed Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 697/862] wifi: ath11k: Register shutdown handler for WCN6750 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 698/862] rtw89: ser: leave lps with mutex Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 699/862] net: ftmac100: fix endianness-related issues from sparse Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 700/862] iavf: Fix race between iavf_close and iavf_reset_task Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 701/862] wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 702/862] Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 703/862] regulator: core: Prevent integer underflow Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 704/862] wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 705/862] wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 706/862] wifi: rtw89: free unused skb to prevent memory leak Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 707/862] wifi: rtw89: fix rx filter after scan Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 708/862] Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 709/862] Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 710/862] Bluetooth: hci_event: Make sure ISO events dont affect non-ISO connections Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 711/862] bnxt_en: replace reset with config timestamps Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 712/862] selftests/bpf: Free the allocated resources after test case succeeds Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 713/862] can: bcm: check the result of can_send() in bcm_can_tx() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 714/862] wifi: rt2x00: dont run Rt5592 IQ calibration on MT7620 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 715/862] wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 716/862] wifi: rt2x00: set VGC gain for both chains of MT7620 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 717/862] wifi: rt2x00: set SoC wmac clock register Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 718/862] wifi: rt2x00: correctly set BBP register 86 for MT7620 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 719/862] hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 720/862] net: If sock is dead dont access socks sk_wq in sk_stream_wait_memory Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 721/862] bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 722/862] bpf: use bpf_prog_pack for bpf_dispatcher Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 723/862] Bluetooth: L2CAP: Fix user-after-free Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 724/862] net: sched: cls_u32: Avoid memcpy() false-positive warning Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 725/862] libbpf: Fix overrun in netlink attribute iteration Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 726/862] i2c: designware-pci: Group AMD NAVI quirk parts together Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 727/862] r8152: Rate limit overflow messages Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 728/862] drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 729/862] drm: Use size_t type for len variable in drm_copy_field() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 730/862] drm: Prevent drm_copy_field() to attempt copying a NULL pointer Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 731/862] drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 732/862] gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 733/862] drm/amd/display: fix overflow on MIN_I64 definition Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 734/862] ALSA: hda: Fix page fault in snd_hda_codec_shutdown() Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 735/862] ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 736/862] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 737/862] platform/x86: pmc_atom: Improve quirk message to be less cryptic Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 738/862] drm/amd: fix potential memory leak Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 739/862] drm: bridge: dw_hdmi: only trigger hotplug event on link change Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 740/862] drm/amd/display: Fix variable dereferenced before check Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 741/862] drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 742/862] drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 743/862] ALSA: usb-audio: Register card at the last interface Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 744/862] drm/vc4: vec: Fix timings for VEC modes Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 745/862] drm: panel-orientation-quirks: Add quirk for Anbernic Win600 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 746/862] drm: panel-orientation-quirks: Add quirk for Aya Neo Air Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 747/862] platform/chrome: cros_ec: Notify the PM of wake events during resume Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 748/862] platform/x86: hp-wmi: Setting thermal profile fails with 0x06 Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 749/862] platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 750/862] ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 751/862] ASoC: SOF: pci: Change DMI match info to support all Chrome platforms Greg Kroah-Hartman
2022-10-19 8:33 ` [PATCH 6.0 752/862] ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 753/862] ASoC: SOF: add quirk to override topology mclk_id Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 754/862] drm/amdgpu: SDMA update use unlocked iterator Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 755/862] drm/amd/display: Fix urgent latency override for DCN32/DCN321 Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 756/862] drm/amd/display: correct hostvm flag Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 757/862] drm/amdgpu: fix initial connector audio value Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 758/862] ASoC: amd: yc: Add ASUS UM5302TA into DMI table Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 759/862] ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 760/862] drm/meson: reorder driver deinit sequence to fix use-after-free bug Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 761/862] drm/meson: explicitly remove aggregate driver at module unload time Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 762/862] drm/meson: remove drm bridges at aggregate driver unbind time Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 763/862] mmc: sdhci-msm: add compatible string check for sdm670 Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 764/862] drm/dp: Dont rewrite link config when setting phy test pattern Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 765/862] drm/amd/display: Remove interface for periodic interrupt 1 Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 766/862] drm/amd/display: polling vid stream status in hpo dp blank Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 767/862] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 768/862] ARM: dts: imx6: delete interrupts property if interrupts-extended is set Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 769/862] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 770/862] arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 771/862] ARM: dts: imx6q: add missing properties for sram Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 772/862] ARM: dts: imx6dl: " Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 773/862] ARM: dts: imx6qp: " Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 774/862] ARM: dts: imx6sl: " Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 775/862] ARM: dts: imx6sll: " Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 776/862] ARM: dts: imx6sx: " Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 777/862] ARM: dts: imx6sl: use tabs for code indent Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 778/862] ARM: dts: imx6sx-udoo-neo: dont use multiple blank lines Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 779/862] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 780/862] arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 781/862] arm64: dts: imx8mq-librem5: Add bq25895 as max17055s power supply Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 782/862] ARM: orion: fix include path Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 783/862] btrfs: dump extra info if one free space cache has more bitmaps than it should Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 784/862] btrfs: scrub: properly report super block errors in system log Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 785/862] btrfs: scrub: try to fix super block errors Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 786/862] btrfs: dont print information about space cache or tree every remount Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 787/862] btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 788/862] arm64: dts: uniphier: Add USB-device support for PXs3 reference board Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 789/862] ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack() Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 790/862] ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 791/862] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 792/862] clk: zynqmp: Fix stack-out-of-bounds in strncpy` Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 793/862] media: cx88: Fix a null-ptr-deref bug in buffer_prepare() Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 794/862] media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 795/862] clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 796/862] RDMA/rxe: Delete error messages triggered by incoming Read requests Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 797/862] usb: host: xhci-plat: suspend and resume clocks Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 798/862] usb: host: xhci-plat: suspend/resume clks for brcm Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 799/862] scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 800/862] dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 801/862] scsi: 3w-9xxx: Avoid disabling device if failing to enable it Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 802/862] nbd: Fix hung when signal interrupts nbd_start_device_ioctl() Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 803/862] iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 804/862] usb: gadget: uvc: increase worker prio to WQ_HIGHPRI Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 805/862] power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 806/862] staging: vt6655: fix potential memory leak Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 807/862] blk-throttle: prevent overflow while calculating wait time Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 808/862] ata: libahci_platform: Sanity check the DT child nodes number Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 809/862] bcache: fix set_at_max_writeback_rate() for multiple attached devices Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 810/862] soundwire: cadence: Dont overwrite msg->buf during write commands Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 811/862] soundwire: intel: fix error handling on dai registration issues Greg Kroah-Hartman
2022-10-19 8:34 ` [PATCH 6.0 812/862] hid: topre: Add driver fixing report descriptor Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 813/862] HID: roccat: Fix use-after-free in roccat_read() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 814/862] HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 815/862] HID: nintendo: check analog user calibration for plausibility Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 816/862] md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 817/862] usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 818/862] usb: musb: Fix musb_gadget.c rxstate overflow bug Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 819/862] usb: dwc3: core: add gfladj_refclk_lpm_sel quirk Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 820/862] arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 821/862] usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 822/862] Revert "usb: storage: Add quirk for Samsung Fit flash" Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 823/862] io_uring: fix CQE reordering Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 824/862] staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 825/862] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 826/862] scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 827/862] ext2: Use kvmalloc() for group descriptor array Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 828/862] nvme: handle effects after freeing the request Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 829/862] nvme: copy firmware_rev on each init Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 830/862] nvmet-tcp: add bounds check on Transfer Tag Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 831/862] usb: idmouse: fix an uninit-value in idmouse_open Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 832/862] blk-mq: use quiesced elevator switch when reinitializing queues Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 833/862] hwmon (occ): Retry for checksum failure Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 834/862] fsi: occ: Prevent use after free Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 835/862] fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 836/862] dmaengine: dw-edma: Remove runtime PM support Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 837/862] usb: typec: ucsi: Dont warn on probe deferral Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 838/862] clk: bcm2835: Round UART input clock up Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 839/862] perf: Skip and warn on unknown format configN attrs Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 840/862] perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 841/862] perf intel-pt: Fix system_wide dummy event for hybrid Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 842/862] io_uring/net: refactor io_sr_msg types Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 843/862] io_uring/net: use io_sr_msg for sendzc Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 844/862] io_uring/net: dont lose partial send_zc on fail Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 845/862] io_uring/net: rename io_sendzc() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 846/862] io_uring/net: dont skip notifs for failed requests Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 847/862] io_uring/net: fix notif cqe reordering Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 848/862] mm: hugetlb: fix UAF in hugetlb_handle_userfault Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 849/862] net: ieee802154: return -EINVAL for unknown addr type Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 850/862] ALSA: usb-audio: Fix last interface check for registration Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 851/862] blk-wbt: fix that rwb->wc is always set to 1 in wbt_init() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 852/862] net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 853/862] Revert "drm/amd/display: correct hostvm flag" Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 854/862] Revert "net/ieee802154: reject zero-sized raw_sendmsg()" Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 855/862] net/ieee802154: dont warn zero-sized raw_sendmsg() Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 856/862] powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 857/862] drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 858/862] io_uring: fix fdinfo sqe offsets calculation Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 859/862] io_uring/rw: ensure kiocb_end_write() is always called Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 860/862] Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 861/862] Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT Greg Kroah-Hartman
2022-10-19 8:35 ` [PATCH 6.0 862/862] lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 Greg Kroah-Hartman
2022-10-19 12:01 ` [PATCH 6.0 000/862] 6.0.3-rc1 review Rudi Heitbaum
2022-10-19 12:51 ` Luna Jernberg
2022-10-19 17:19 ` Fenil Jain
2022-10-19 18:01 ` Jon Hunter
2022-10-19 19:24 ` Ron Economos
2022-10-19 19:29 ` Allen Pais
2022-10-19 19:31 ` Slade Watkins
2022-10-19 19:51 ` Florian Fainelli
2022-10-19 19:53 ` Shuah Khan
2022-10-19 21:39 ` Guenter Roeck
2022-10-20 3:56 ` Bagas Sanjaya
2022-10-20 6:12 ` Jiri Slaby
2022-10-20 7:31 ` Naresh Kamboju
2022-10-20 10:43 ` Sudip Mukherjee (Codethink)
2022-10-20 18:15 ` Justin Forbes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).