* [PATCH 5.2 000/313] 5.2.19-stable review
@ 2019-10-03 15:49 Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 001/313] arcnet: provide a buffer big enough to actually receive packets Greg Kroah-Hartman
` (316 more replies)
0 siblings, 317 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 5.2.19 release.
There are 313 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat 05 Oct 2019 03:37:47 PM UTC.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.2.19-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.2.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.2.19-rc1
Pi-Hsun Shih <pihsun@chromium.org>
platform/chrome: cros_ec_rpmsg: Fix race with host command when probe failed
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7615: fix mt7615 firmware path definitions
Lorenzo Bianconi <lorenzo@kernel.org>
mt76: mt7615: always release sem in mt7615_load_patch
NeilBrown <neilb@suse.de>
md/raid0: avoid RAID0 data corruption due to layout confusion.
Kai-Heng Feng <kai.heng.feng@canonical.com>
drm/amd/display: Restore backlight brightness after system resume
Pavel Shilovsky <pshilov@microsoft.com>
CIFS: Fix oplock handling for SMB 2.1+ protocols
Murphy Zhou <jencce.kernel@gmail.com>
CIFS: fix max ea value size
Chris Brandt <chris.brandt@renesas.com>
i2c: riic: Clear NACK in tend isr
Laurent Vivier <lvivier@redhat.com>
hwrng: core - don't wait on add_early_randomness()
Chao Yu <yuchao0@huawei.com>
quota: fix wrong condition in is_quota_modification()
Theodore Ts'o <tytso@mit.edu>
ext4: fix punch hole for inline_data file systems
Rakesh Pandit <rakesh@tuxera.com>
ext4: fix warning inside ext4_convert_unwritten_extents_endio
Christophe Kerello <christophe.kerello@st.com>
mtd: rawnand: stm32_fmc2: avoid warnings when building with W=1 option
Tony Camuso <tcamuso@redhat.com>
ipmi: move message error checking to avoid deadlock
Jan Kara <jack@suse.cz>
xfs: Fix stale data exposure when readahead races with hole punch
Jan Kara <jack@suse.cz>
mm: Handle MADV_WILLNEED through vfs_fadvise()
Jan Kara <jack@suse.cz>
fs: Export generic_fadvise()
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
/dev/mem: Bail out upon SIGKILL.
Denis Kenzior <denkenz@gmail.com>
cfg80211: Purge frame registrations on iftype change
NeilBrown <neilb@suse.com>
md: only call set_in_sync() when it is expected to succeed.
NeilBrown <neilb@suse.com>
md: don't report active array_state until after revalidate_disk() completes.
Xiao Ni <xni@redhat.com>
md/raid6: Set R5_ReadError when there is read failure on parity disk
Jarkko Nikula <jarkko.nikula@linux.intel.com>
ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint
Benjamin Coddington <bcodding@redhat.com>
SUNRPC: Fix buffer handling of GSS MIC without slack
Trond Myklebust <trondmy@gmail.com>
SUNRPC: Dequeue the request from the receive queue while we're re-encoding
Filipe Manana <fdmanana@suse.com>
Btrfs: fix race setting up and completing qgroup rescan workers
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
Dennis Zhou <dennis@kernel.org>
btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer
Nikolay Borisov <nborisov@suse.com>
btrfs: Relinquish CPUs in btrfs_compare_trees
Filipe Manana <fdmanana@suse.com>
Btrfs: fix use-after-free when using the tree modification log
Christophe Leroy <christophe.leroy@c-s.fr>
btrfs: fix allocation of free space cache v1 bitmap pages
Mark Salyzyn <salyzyn@android.com>
ovl: filter of trusted xattr results in audit
Ding Xiang <dingxiang@cmss.chinamobile.com>
ovl: Fix dereferencing possible ERR_PTR()
Steve French <stfrench@microsoft.com>
smb3: fix leak in "open on server" perf counter
Steve French <stfrench@microsoft.com>
smb3: allow disabling requesting leases
Yufen Yu <yuyufen@huawei.com>
block: fix null pointer dereference in blk_mq_rq_timed_out()
Damien Le Moal <damien.lemoal@wdc.com>
block: mq-deadline: Fix queue restart handling
Stefan Assmann <sassmann@kpanic.de>
i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
Rakesh Pillai <pillair@codeaurora.org>
ath10k: fix channel info parsing for non tlv target
Jian-Hong Pan <jian-hong@endlessm.com>
rtw88: pci: Use DMA sync instead of remapping in RX ISR
Jian-Hong Pan <jian-hong@endlessm.com>
rtw88: pci: Rearrange the memory usage for skb in RX ISR
Roberto Sassu <roberto.sassu@huawei.com>
KEYS: trusted: correctly initialize digests and fix locking issue
Felix Fietkau <nbd@nbd.name>
mt76: round up length on mt76_wr_copy
Dave Rodgman <dave.rodgman@arm.com>
lib/lzo/lzo1x_compress.c: fix alignment bug in lzo-rle
Michal Hocko <mhocko@suse.com>
memcg, kmem: do not fail __GFP_NOFAIL charges
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
Yafang Shao <laoar.shao@gmail.com>
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
Vitaly Wool <vitalywool@gmail.com>
z3fold: fix memory leak in kmem cache
Vitaly Wool <vitalywool@gmail.com>
z3fold: fix retry mechanism in page reclaim
Bob Peterson <rpeterso@redhat.com>
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
Hans de Goede <hdegoede@redhat.com>
efifb: BGRT: Improve efifb_bgrt_sanity_check
Mark Brown <broonie@kernel.org>
regulator: Defer init completion for a while after late_initcall
Nadav Amit <namit@vmware.com>
iommu/vt-d: Fix wrong analysis whether devices share the same bus
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
Will Deacon <will@kernel.org>
iommu/arm-smmu-v3: Disable detection of ATS and PRI
Shawn Lin <shawn.lin@rock-chips.com>
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
Will Deacon <will@kernel.org>
arm64: tlb: Ensure we execute an ISB following walk cache invalidation
Luis Araneda <luaraneda@gmail.com>
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
Lihua Yao <ylhuajnu@outlook.com>
ARM: samsung: Fix system restart on S3C6410
Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
ASoC: Intel: Fix use of potentially uninitialized variable
Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
ASoC: Intel: Skylake: Use correct function to access iomem space
Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
ASoC: Intel: NHLT: Fix debug print format
Kees Cook <keescook@chromium.org>
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
Vladimir Oltean <olteanv@gmail.com>
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
Alexander Sverdlin <alexander.sverdlin@gmail.com>
spi: ep93xx: Repair SPI CS lookup tables
Arnd Bergmann <arnd@arndb.de>
media: don't drop front-end reference count for ->detach
Hans de Goede <hdegoede@redhat.com>
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: videobuf-core.c: poll_wait needs a non-NULL buf pointer
Sean Christopherson <sean.j.christopherson@intel.com>
KVM: x86/mmu: Use fast invalidate mechanism to zap MMIO sptes
Alexander Graf <graf@amazon.com>
KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
Sean Christopherson <sean.j.christopherson@intel.com>
KVM: x86: Manually calculate reserved bits when loading PDPTRS
Jan Dakinevich <jan.dakinevich@virtuozzo.com>
KVM: x86: set ctxt->have_exception in x86_decode_insn()
Jan Dakinevich <jan.dakinevich@virtuozzo.com>
KVM: x86: always stop emulation on page fault
Hans de Goede <hdegoede@redhat.com>
platform/x86: intel_int0002_vgpio: Fix wakeups not working on Cherry Trail
Helge Deller <deller@gmx.de>
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
Tejun Heo <tj@kernel.org>
fuse: fix beyond-end-of-page access in fuse_parse_cache()
Vasily Averin <vvs@virtuozzo.com>
fuse: fix missing unlock_page in fuse_writepage()
Eric Biggers <ebiggers@google.com>
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
tpm: Wrap the buffer from the caller to tpm_buf in tpm_send()
Stefan Berger <stefanb@linux.ibm.com>
tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts
Stefan Berger <stefanb@linux.ibm.com>
tpm_tis_core: Turn on the TPM before probing IRQ's
Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
powerpc/imc: Dont create debugfs files for cpu-less nodes
Ming Lei <ming.lei@redhat.com>
scsi: implement .cleanup_rq callback
Ming Lei <ming.lei@redhat.com>
blk-mq: add callback of .cleanup_rq
Jan-Marek Glogowski <glogow@fbihome.de>
ALSA: hda/realtek - PCI quirk for Medion E4254
Peter Zijlstra <peterz@infradead.org>
rcu/tree: Fix SCHED_FIFO params
Adam Ford <aford173@gmail.com>
ARM: dts: am3517-evm: Fix missing video
Joonwon Kang <kjw1627@gmail.com>
randstruct: Check member structs in is_pure_ops_struct()
Jack Morgenstein <jackm@dev.mellanox.co.il>
RDMA: Fix double-free in srq creation error flow
Kaike Wan <kaike.wan@intel.com>
IB/hfi1: Do not update hcrc for a KDETH packet during fault injection
Ira Weiny <ira.weiny@intel.com>
IB/hfi1: Define variables as unsigned long to fix KASAN warning
Danit Goldberg <danitg@mellanox.com>
IB/mlx5: Free mpi in mp_slave mode
Vincent Whitchurch <vincent.whitchurch@axis.com>
printk: Do not lose last line in kmsg buffer dump
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
Martin Wilck <Martin.Wilck@suse.com>
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
Takashi Sakamoto <o-takashi@sakamocchi.jp>
ALSA: firewire-tascam: check intermediate state of clock status and retry
Takashi Sakamoto <o-takashi@sakamocchi.jp>
ALSA: firewire-tascam: handle error code when getting current source of clock
Luca Coelho <luciano.coelho@intel.com>
iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
Adam Ford <aford173@gmail.com>
ARM: omap2plus_defconfig: Fix missing video
Adam Ford <aford173@gmail.com>
ARM: dts: logicpd-torpedo-baseboard: Fix missing video
MyungJoo Ham <myungjoo.ham@samsung.com>
PM / devfreq: passive: fix compiler warning
Sakari Ailus <sakari.ailus@linux.intel.com>
media: omap3isp: Set device on omap3isp subdevs
Jiří Paleček <jpalecek@web.de>
kvm: Nested KVM MMUs need PAE root too
Qu Wenruo <wqu@suse.com>
btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
Qu Wenruo <wqu@suse.com>
btrfs: tree-checker: Add ROOT_ITEM check
Qu Wenruo <wqu@suse.com>
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
Qu Wenruo <wqu@suse.com>
btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index()
Oliver Neukum <oneukum@suse.com>
zd1211rw: remove false assertion from zd_mac_clear()
Kai-Heng Feng <kai.heng.feng@canonical.com>
iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
Jani Nikula <jani.nikula@intel.com>
drm: fix module name in edid_firmware log message
Tomas Bortoli <tomasbortoli@gmail.com>
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
Ahzo <Ahzo@tutanota.com>
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
Tomas Espeleta <tomas.espeleta@gmail.com>
ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker
Kai-Heng Feng <kai.heng.feng@canonical.com>
e1000e: add workaround for possible stalled packet
Kevin Easton <kevin@guarana.org>
libertas: Add missing sentinel at end of if_usb.c fw_table
Ulf Hansson <ulf.hansson@linaro.org>
mmc: mtk-sd: Re-store SDIO IRQs mask at system resume
Nigel Croxon <ncroxon@redhat.com>
raid5: don't increment read_errors on EILSEQ return
Ulf Hansson <ulf.hansson@linaro.org>
mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Add helper function to indicate if SDIO IRQs is enabled
Al Cooper <alcooperx@gmail.com>
mmc: sdhci: Fix incorrect switch to HS mode
Miles Chen <miles.chen@mediatek.com>
sched/psi: Correct overly pessimistic size calculation
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
Hou Tao <houtao1@huawei.com>
block: make rq sector size accessible for block stats
Jackie Liu <liuyun01@kylinos.cn>
io_uring: fix wrong sequence setting logic
Peter Ujfalusi <peter.ujfalusi@ti.com>
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
Katsuhiro Suzuki <katsuhiro@katsuster.net>
SoC: simple-card-utils: set 0Hz to sysclk when shutdown
M. Vefa Bicakci <m.v.b@runbox.com>
platform/x86: intel_pmc_core: Do not ioremap RAM
Gayatri Kammela <gayatri.kammela@intel.com>
x86/cpu: Add Tiger Lake to Intel family
Marc Zyngier <maz@kernel.org>
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
Harald Freudenberger <freude@linux.ibm.com>
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
Christoph Hellwig <hch@lst.de>
irqchip/sifive-plic: set max threshold for ignored handlers
Peter Zijlstra <peterz@infradead.org>
x86/mm: Fix cpumask_of_node() error condition
Masami Hiramatsu <mhiramat@kernel.org>
kprobes: Prohibit probing on BUG() and WARN() address
Peter Ujfalusi <peter.ujfalusi@ti.com>
dmaengine: ti: edma: Do not reset reserved paRAM slots
Yufen Yu <yuyufen@huawei.com>
md/raid1: fail run raid1 array when active disk less than one
Wang Shenran <shenran268@gmail.com>
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
Marcel Bocu <marcel.p.bocu@gmail.com>
hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs
Kent Overstreet <kent.overstreet@gmail.com>
closures: fix a race on wakeup from closure_sync
Wenwen Wang <wenwen@cs.uga.edu>
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
Wenwen Wang <wenwen@cs.uga.edu>
ACPI: custom_method: fix memory leaks
Marcel Bocu <marcel.p.bocu@gmail.com>
x86/amd_nb: Add PCI device IDs for family 17h, model 70h
Marek Szyprowski <m.szyprowski@samsung.com>
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
Tzvetomir Stoyanov <tstoyanov@vmware.com>
libtraceevent: Change users plugin directory
Eric Dumazet <edumazet@google.com>
iommu/iova: Avoid false sharing on fq_timer_on
Dan Williams <dan.j.williams@intel.com>
libata/ahci: Drop PCS quirk for Denverton and beyond
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: Intel: Haswell: Adjust machine device private context
Qian Cai <cai@lca.pw>
iommu/amd: Silence warnings under memory pressure
Takashi Sakamoto <o-takashi@sakamocchi.jp>
ALSA: firewire-motu: add support for MOTU 4pre
Anton Eidelman <anton@lightbitslabs.com>
nvme-multipath: fix ana log nsid lookup when nsid is not found
Tom Wu <tomwu@mellanox.com>
nvmet: fix data units read and written counters in SMART log
Song Liu <songliubraving@fb.com>
x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: fsl_ssi: Fix clock control issue in master mode
Thomas Gleixner <tglx@linutronix.de>
x86/mm/pti: Do not invoke PTI functions when PTI is disabled
Arnaldo Carvalho de Melo <acme@redhat.com>
perf evlist: Use unshare(CLONE_FS) in sb threads to let setns(CLONE_NEWNS) work
Mark Rutland <mark.rutland@arm.com>
arm64: kpti: ensure patched kernel text is fetched from PoU
Neil Horman <nhorman@tuxdriver.com>
x86/apic/vector: Warn when vector space exhaustion breaks affinity
Douglas RAILLARD <douglas.raillard@arm.com>
sched/cpufreq: Align trace event behavior of fast switching
Al Stone <ahs3@redhat.com>
ACPI / CPPC: do not require the _PSD method
Katsuhiro Suzuki <katsuhiro@katsuster.net>
ASoC: es8316: fix headphone mixer volume table
Dan Murphy <dmurphy@ti.com>
leds: lm3532: Fixes for the driver for stability
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
media: ov9650: add a sanity check
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
media: aspeed-video: address a protential usage of an unitialized var
Gustavo A. R. Silva <gustavo@embeddedor.com>
perf script: Fix memory leaks in list_scripts()
Andi Kleen <ak@linux.intel.com>
perf report: Fix --ns time sort key output
Benjamin Peterson <benjamin@python.org>
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
Maciej S. Szmigiero <mail@maciej.szmigiero.name>
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
Wenwen Wang <wenwen@cs.uga.edu>
media: cpia2_usb: fix memory leaks
Wenwen Wang <wenwen@cs.uga.edu>
media: saa7146: add cleanup in hexium_attach()
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: cec-notifier: clear cec_adap in cec_notifier_unregister
Kamil Konieczny <k.konieczny@partner.samsung.com>
PM / devfreq: exynos-bus: Correct clock enable sequence
Leonard Crestez <leonard.crestez@nxp.com>
PM / devfreq: passive: Use non-devm notifiers
Masahiro Yamada <yamada.masahiro@socionext.com>
ARM: OMAP2+: move platform-specific asm-offset.h to arch/arm/mach-omap2
Ezequiel Garcia <ezequiel@collabora.com>
PM / devfreq: Fix kernel oops on governor module load
Geert Uytterhoeven <geert+renesas@glider.be>
soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9
Geert Uytterhoeven <geert+renesas@glider.be>
soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain
Masahiro Yamada <yamada.masahiro@socionext.com>
ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91
Yazen Ghannam <yazen.ghannam@amd.com>
EDAC/amd64: Decode syndrome before translating address
Yazen Ghannam <yazen.ghannam@amd.com>
EDAC/amd64: Recognize DRAM device type ECC capability
Gerald BAEZA <gerald.baeza@st.com>
libperf: Fix alignment trap with xyarray contents in 'perf stat'
Yazen Ghannam <yazen.ghannam@amd.com>
EDAC/amd64: Support more than two controllers for chip selects handling
Wenwen Wang <wenwen@cs.uga.edu>
media: dvb-core: fix a memory leak bug
Thomas Gleixner <tglx@linutronix.de>
posix-cpu-timers: Sanitize bogus WARNONS
Sean Young <sean@mess.org>
media: dvb-frontends: use ida for pll number
A Sun <as1033x@comcast.net>
media: mceusb: fix (eliminate) TX IR signal length limit
Vasily Gorbik <gor@linux.ibm.com>
s390/kasan: provide uninstrumented __strlen
James Morse <james.morse@arm.com>
arm64: entry: Move ct_user_exit before any other exception
Liguang Zhang <zhangliguang@linux.alibaba.com>
ACPI / APEI: Release resources if gen_pool_add() fails
Mike Christie <mchristi@redhat.com>
nbd: add missing config put
Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
ASoC: mchp-i2s-mcc: Fix unprepare of GCLK
Wenwen Wang <wenwen@cs.uga.edu>
led: triggers: Fix a memory leak bug
Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
ASoC: mchp-i2s-mcc: Wait for RX/TX RDY only if controller is running
Maxime Ripard <maxime.ripard@bootlin.com>
ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
Arnaldo Carvalho de Melo <acme@redhat.com>
tools headers: Fixup bitsperlong per arch includes
Michael Ellerman <mpe@ellerman.id.au>
powerpc/Makefile: Always pass --synthetic to nm if supported
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
ASoC: uniphier: Fix double reset assersion when transitioning to suspend state
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: hdpvr: add terminating 0 at end of string
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: radio/si470x: kill urb on error
Hans de Goede <hdegoede@redhat.com>
x86/platform/intel/iosf_mbi Rewrite locking
Stefan Agner <stefan.agner@toradex.com>
ARM: dts: imx7-colibri: disable HS400
André Draszik <git@andred.net>
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
Finn Thain <fthain@telegraphics.com.au>
m68k: Prevent some compiler warnings in Coldfire builds
Arnd Bergmann <arnd@arndb.de>
net: lpc-enet: fix printk format strings
Mark Rutland <mark.rutland@arm.com>
kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE
Ezequiel Garcia <ezequiel@collabora.com>
media: imx: mipi csi-2: Don't fail if initial state times-out
Sakari Ailus <sakari.ailus@linux.intel.com>
media: omap3isp: Don't set streaming state on random subdevs
Ezequiel Garcia <ezequiel@collabora.com>
media: i2c: ov5645: Fix power sequence
Colin Ian King <colin.king@canonical.com>
media: vsp1: fix memory leak of dl on error return path
Tan Xiaojun <tanxiaojun@huawei.com>
perf record: Support aarch64 random socket_id assignment
Arnd Bergmann <arnd@arndb.de>
ARM: xscale: fix multi-cpu compilation
Arnd Bergmann <arnd@arndb.de>
dmaengine: iop-adma: use correct printk format strings
Darius Rad <alpha@area49.net>
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
John Keeping <john@metanate.com>
perf unwind: Fix libunwind when tid != pid
Kees Cook <keescook@chromium.org>
arm64/efi: Move variable assignments after SECTIONS
Sean Young <sean@mess.org>
media: em28xx: modules workqueue not inited for 2nd device
Geert Uytterhoeven <geert+renesas@glider.be>
media: fdp1: Reduce FCP not found message level to debug
Wolfram Sang <wsa+renesas@sang-engineering.com>
media: i2c: tda1997x: prevent potential NULL pointer access
Matthias Brugger <matthias.bgg@gmail.com>
media: mtk-mdp: fix reference count on old device tree
Arnaldo Carvalho de Melo <acme@redhat.com>
perf test vfs_getname: Disable ~/.perfconfig to get default output
Arnaldo Carvalho de Melo <acme@redhat.com>
perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: gspca: zero usb_buf on error
zhengbin <zhengbin13@huawei.com>
blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling
Peter Zijlstra <peterz@infradead.org>
idle: Prevent late-arriving interrupts from disrupting offline
Phil Auld <pauld@redhat.com>
sched/fair: Use rq_lock/unlock in online_fair_sched_group
Sudeep Holla <sudeep.holla@arm.com>
firmware: arm_scmi: Check if platform has released shmem before using
Xiaofei Tan <tanxiaofei@huawei.com>
efi: cper: print AER info of PCIe fatal error
Stephen Douthit <stephend@silicom-usa.com>
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
Luke Mujica <lukemujica@google.com>
perf tools: Fix paths in include statements
Alessio Balsini <balsini@android.com>
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
Jiri Slaby <jslaby@suse.cz>
ACPI / processor: don't print errors for processorIDs == 0xff
Keyon Jie <yang.jie@linux.intel.com>
ASoC: hdac_hda: fix page fault issue by removing race
Valdis Kletnieks <valdis.kletnieks@vt.edu>
RAS: Build debugfs.o only when enabled in Kconfig
Valdis Kletnieks <valdis.kletnieks@vt.edu>
RAS: Fix prototype warnings
Randy Dunlap <rdunlap@infradead.org>
media: media/platform: fsl-viu.c: fix build for MICROBLAZE
Guoqing Jiang <jgq516@gmail.com>
md: don't set In_sync if array is frozen
Guoqing Jiang <jgq516@gmail.com>
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
Yufen Yu <yuyufen@huawei.com>
md/raid1: end bio when the device faulty
Qian Cai <cai@lca.pw>
arm64/prefetch: fix a -Wtype-limits warning
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
ASoC: rsnd: don't call clk_get_rate() under atomic context
Dan Carpenter <dan.carpenter@oracle.com>
EDAC/altera: Use the proper type for the IRQ status bits
chenzefeng <chenzefeng2@huawei.com>
ia64:unwind: fix double free for mod->arch.init_unw_table
Ard van Breemen <ard@kwaak.net>
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
Vinod Koul <vkoul@kernel.org>
base: soc: Export soc_device_register/unregister APIs
Neil Armstrong <narmstrong@baylibre.com>
soc: amlogic: meson-clk-measure: protect measure with a mutex
Junhua Huang <huang.junhua@zte.com.cn>
arm64: mm: free the initrd reserved memblock in a aligned manner
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
cpuidle: teo: Allow tick to be stopped if PM QoS is used
Oliver Neukum <oneukum@suse.com>
media: iguanair: add sanity checks
Robert Richter <rrichter@marvell.com>
EDAC/mc: Fix grain_bits calculation
Jia-Ju Bai <baijiaju1990@gmail.com>
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
Takashi Iwai <tiwai@suse.de>
ALSA: hda - Show the fatal CORB/RIRB error more clearly
Thomas Gleixner <tglx@linutronix.de>
x86/apic: Soft disable APIC before initializing it
Juri Lelli <juri.lelli@redhat.com>
rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region
Grzegorz Halat <ghalat@redhat.com>
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
Juri Lelli <juri.lelli@redhat.com>
sched/deadline: Fix bandwidth accounting at all levels after offline migration
Thomas Gleixner <tglx@linutronix.de>
x86/apic: Make apic_pending_intr_clear() more robust
Juri Lelli <juri.lelli@redhat.com>
sched/core: Fix CPU controller for !RT_GROUP_SCHED
Vincent Guittot <vincent.guittot@linaro.org>
sched/fair: Fix imbalance due to CPU affinity
Paul E. McKenney <paulmck@linux.ibm.com>
time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
Fabio Estevam <festevam@gmail.com>
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
Luke Nowakowski-Krijger <lnowakow@eng.ucsd.edu>
media: hdpvr: Add device num check and handling
Arnd Bergmann <arnd@arndb.de>
media: vivid: work around high stack usage with clang
Michael Tretter <m.tretter@pengutronix.de>
media: vb2: reorder checks in vb2_poll()
Vandana BN <bnvandana@gmail.com>
media: vivid:add sanity check to avoid divide error and set value to 1 if 0.
Wen Yang <wen.yang99@zte.com.cn>
media: exynos4-is: fix leaked of_node references
Pan Xiuli <xiuli.pan@linux.intel.com>
ASoC: SOF: pci: mark last_busy value at runtime PM init
Sean Young <sean@mess.org>
media: mtk-cir: lower de-glitch counter for rc-mm protocol
Arnd Bergmann <arnd@arndb.de>
media: dib0700: fix link error for dibx000_i2c_set_speed
Nick Stoughton <nstoughton@logitech.com>
leds: leds-lp5562 allow firmware files up to the maximum length
Stefan Wahren <wahrenst@gmx.net>
dmaengine: bcm2835: Print error in case setting DMA mask fails
Stephen Boyd <swboyd@chromium.org>
firmware: qcom_scm: Use proper types for dma mappings
Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
ASoC: sgtl5000: Fix charge pump source assignment
Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
ASoC: sgtl5000: Fix of unmute outputs on probe
Lucas Stach <l.stach@pengutronix.de>
ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
spi: dw-mmio: Clock should be shut when error occurs
Axel Lin <axel.lin@ingics.com>
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
Hariprasad Kelam <hariprasad.kelam@gmail.com>
cpufreq: ap806: Add NULL check after kcalloc
Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
ASoC: SOF: Intel: hda: Make hdac_device device-managed
Chris Wilson <chris@chris-wilson.co.uk>
ALSA: hda: Flush interrupts on disabling
Ori Nimron <orinimron123@gmail.com>
nfc: enforce CAP_NET_RAW for raw sockets
Ori Nimron <orinimron123@gmail.com>
ieee802154: enforce CAP_NET_RAW for raw sockets
Ori Nimron <orinimron123@gmail.com>
ax25: enforce CAP_NET_RAW for raw sockets
Ori Nimron <orinimron123@gmail.com>
appletalk: enforce CAP_NET_RAW for raw sockets
Ori Nimron <orinimron123@gmail.com>
mISDN: enforce CAP_NET_RAW for raw sockets
Bodong Wang <bodong@mellanox.com>
net/mlx5: Add device ID of upcoming BlueField-2
Eric Dumazet <edumazet@google.com>
tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
Eric Dumazet <edumazet@google.com>
net: sched: fix possible crash in tcf_action_destroy()
Saeed Mahameed <saeedm@mellanox.com>
net/mlx5e: Fix traffic duplication in ethtool steering
David Ahern <dsahern@gmail.com>
vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
Cong Wang <xiyou.wangcong@gmail.com>
net_sched: add policy validation for action attributes
David Ahern <dsahern@gmail.com>
ipv4: Revert removal of rt_uses_gateway
Vinicius Costa Gomes <vinicius.gomes@intel.com>
net/sched: cbs: Fix not adding cbs instance to list
Hans Andersson <hans.andersson@cellavision.se>
net: phy: micrel: add Asym Pause workaround for KSZ9021
Oliver Neukum <oneukum@suse.com>
usbnet: sanity checking of packet sizes and device mtu
Bjørn Mork <bjorn@mork.no>
usbnet: ignore endpoints with invalid wMaxPacketSize
Kevin(Yudong) Yang <yyd@google.com>
tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth
Stephen Hemminger <stephen@networkplumber.org>
skge: fix checksum byte order
David Ahern <dsahern@gmail.com>
selftests: Update fib_tests to handle missing ping6
Eric Dumazet <edumazet@google.com>
sch_netem: fix a divide by zero in tabledist()
Takeshi Misawa <jeliantsurux@gmail.com>
ppp: Fix memory leak in ppp_write
Li RongQing <lirongqing@baidu.com>
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
Navid Emamdoost <navid.emamdoost@gmail.com>
nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
Navid Emamdoost <navid.emamdoost@gmail.com>
nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
Cong Wang <xiyou.wangcong@gmail.com>
net_sched: add max len check for TCA_KIND
Davide Caratti <dcaratti@redhat.com>
net/sched: act_sample: don't push mac header on ip6gre ingress
Bjorn Andersson <bjorn.andersson@linaro.org>
net: qrtr: Stop rx_worker before freeing node
Peter Mamonov <pmamonov@gmail.com>
net/phy: fix DP83865 10 Mbps HDX loopback disable function
Xin Long <lucien.xin@gmail.com>
macsec: drop skb sk before calling gro_cells_receive
Jason A. Donenfeld <Jason@zx2c4.com>
ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule
Bjørn Mork <bjorn@mork.no>
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
arcnet: provide a buffer big enough to actually receive packets
-------------
Diffstat:
Documentation/sound/hd-audio/models.rst | 3 +
Makefile | 4 +-
arch/arm/boot/dts/am3517-evm.dts | 23 +-
arch/arm/boot/dts/exynos5420-peach-pit.dts | 1 +
arch/arm/boot/dts/exynos5800-peach-pi.dts | 1 +
arch/arm/boot/dts/imx7-colibri.dtsi | 1 +
arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 4 +-
arch/arm/boot/dts/logicpd-torpedo-baseboard.dtsi | 37 +--
arch/arm/configs/omap2plus_defconfig | 1 +
arch/arm/mach-at91/.gitignore | 1 +
arch/arm/mach-at91/Makefile | 5 +-
arch/arm/mach-at91/pm_suspend.S | 2 +-
arch/arm/mach-ep93xx/edb93xx.c | 2 +-
arch/arm/mach-ep93xx/simone.c | 2 +-
arch/arm/mach-ep93xx/ts72xx.c | 4 +-
arch/arm/mach-ep93xx/vision_ep9307.c | 2 +-
arch/arm/mach-omap2/.gitignore | 1 +
arch/arm/mach-omap2/Makefile | 5 +-
arch/arm/mach-omap2/sleep33xx.S | 2 +-
arch/arm/mach-omap2/sleep43xx.S | 2 +-
arch/arm/mach-zynq/platsmp.c | 2 +-
arch/arm/mm/copypage-xscale.c | 6 +-
arch/arm/plat-samsung/watchdog-reset.c | 1 +
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 +
arch/arm64/include/asm/cputype.h | 21 +-
arch/arm64/include/asm/exception.h | 2 +
arch/arm64/include/asm/tlbflush.h | 1 +
arch/arm64/kernel/cpufeature.c | 2 +-
arch/arm64/kernel/entry.S | 36 +--
arch/arm64/kernel/image-vars.h | 51 ++++
arch/arm64/kernel/image.h | 42 ---
arch/arm64/kernel/traps.c | 9 +
arch/arm64/kernel/vmlinux.lds.S | 2 +
arch/arm64/mm/init.c | 6 +-
arch/arm64/mm/proc.S | 9 +
arch/ia64/kernel/module.c | 8 +-
arch/m68k/include/asm/atarihw.h | 9 -
arch/m68k/include/asm/io_mm.h | 6 +-
arch/m68k/include/asm/macintosh.h | 1 +
arch/powerpc/Makefile | 2 -
arch/powerpc/platforms/powernv/opal-imc.c | 12 +-
arch/s390/crypto/aes_s390.c | 6 +
arch/s390/include/asm/string.h | 9 +-
arch/x86/include/asm/intel-family.h | 3 +
arch/x86/include/asm/kvm_host.h | 7 +
arch/x86/kernel/amd_nb.c | 3 +
arch/x86/kernel/apic/apic.c | 115 ++++---
arch/x86/kernel/apic/vector.c | 11 +
arch/x86/kernel/smp.c | 46 +--
arch/x86/kvm/emulate.c | 2 +
arch/x86/kvm/mmu.c | 47 +--
arch/x86/kvm/svm.c | 4 +-
arch/x86/kvm/vmx/vmx.c | 6 +-
arch/x86/kvm/x86.c | 21 +-
arch/x86/mm/numa.c | 4 +-
arch/x86/mm/pti.c | 8 +-
arch/x86/platform/intel/iosf_mbi.c | 100 +++---
block/blk-flush.c | 10 +
block/blk-mq.c | 25 +-
block/blk-throttle.c | 3 +-
block/blk.h | 7 +
block/mq-deadline.c | 19 +-
drivers/acpi/acpi_lpss.c | 8 +-
drivers/acpi/acpi_processor.c | 10 +-
drivers/acpi/apei/ghes.c | 17 +-
drivers/acpi/cppc_acpi.c | 6 +-
drivers/acpi/custom_method.c | 5 +-
drivers/acpi/pci_irq.c | 4 +-
drivers/ata/ahci.c | 116 ++++---
drivers/ata/ahci.h | 2 +
drivers/base/soc.c | 2 +
drivers/block/loop.c | 1 +
drivers/block/nbd.c | 4 +-
drivers/char/hw_random/core.c | 2 +-
drivers/char/ipmi/ipmi_msghandler.c | 114 +++----
drivers/char/mem.c | 21 ++
drivers/char/tpm/tpm-interface.c | 23 +-
drivers/char/tpm/tpm_tis_core.c | 3 +
drivers/cpufreq/armada-8k-cpufreq.c | 2 +
drivers/cpuidle/governors/teo.c | 32 +-
drivers/devfreq/devfreq.c | 2 +-
drivers/devfreq/exynos-bus.c | 31 +-
drivers/devfreq/governor_passive.c | 7 +-
drivers/dma/bcm2835-dma.c | 4 +-
drivers/dma/iop-adma.c | 18 +-
drivers/dma/ti/edma.c | 9 +-
drivers/edac/altera_edac.c | 4 +-
drivers/edac/amd64_edac.c | 151 ++++++----
drivers/edac/amd64_edac.h | 5 +-
drivers/edac/edac_mc.c | 8 +-
drivers/edac/pnd2_edac.c | 7 +-
drivers/firmware/arm_scmi/driver.c | 8 +
drivers/firmware/efi/cper.c | 15 +
drivers/firmware/qcom_scm.c | 7 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 +
drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 5 +
drivers/gpu/drm/drm_kms_helper_common.c | 2 +-
drivers/hwmon/acpi_power_meter.c | 4 +-
drivers/hwmon/k10temp.c | 1 +
drivers/i2c/busses/i2c-riic.c | 1 +
drivers/infiniband/core/addr.c | 2 +-
drivers/infiniband/core/uverbs_cmd.c | 3 +-
drivers/infiniband/hw/hfi1/mad.c | 45 ++-
drivers/infiniband/hw/hfi1/verbs.c | 17 +-
drivers/infiniband/hw/mlx5/main.c | 1 +
drivers/iommu/Makefile | 2 +-
drivers/iommu/amd_iommu.c | 4 +-
drivers/iommu/amd_iommu.h | 14 +
drivers/iommu/amd_iommu_init.c | 5 +-
drivers/iommu/amd_iommu_quirks.c | 92 ++++++
drivers/iommu/arm-smmu-v3.c | 2 +
drivers/iommu/intel_irq_remapping.c | 6 +-
drivers/iommu/iova.c | 4 +-
drivers/irqchip/irq-gic-v3-its.c | 9 +-
drivers/irqchip/irq-sifive-plic.c | 12 +-
drivers/isdn/mISDN/socket.c | 2 +
drivers/leds/led-triggers.c | 1 +
drivers/leds/leds-lm3532.c | 17 +-
drivers/leds/leds-lp5562.c | 6 +-
drivers/md/bcache/closure.c | 10 +-
drivers/md/dm-rq.c | 1 +
drivers/md/md.c | 28 +-
drivers/md/md.h | 3 +
drivers/md/raid0.c | 33 +-
drivers/md/raid0.h | 14 +
drivers/md/raid1.c | 39 ++-
drivers/md/raid5.c | 10 +-
drivers/media/cec/cec-notifier.c | 2 +
drivers/media/common/videobuf2/videobuf2-v4l2.c | 8 +-
drivers/media/dvb-core/dvb_frontend.c | 4 +-
drivers/media/dvb-core/dvbdev.c | 4 +-
drivers/media/dvb-frontends/dvb-pll.c | 40 ++-
drivers/media/i2c/ov5640.c | 5 +
drivers/media/i2c/ov5645.c | 26 +-
drivers/media/i2c/ov9650.c | 5 +
drivers/media/i2c/tda1997x.c | 9 +-
drivers/media/pci/saa7134/saa7134-i2c.c | 12 +-
drivers/media/pci/saa7146/hexium_gemini.c | 3 +
drivers/media/platform/aspeed-video.c | 5 +-
drivers/media/platform/exynos4-is/fimc-is.c | 1 +
drivers/media/platform/exynos4-is/media-dev.c | 2 +
drivers/media/platform/fsl-viu.c | 2 +-
drivers/media/platform/mtk-mdp/mtk_mdp_core.c | 4 +-
drivers/media/platform/omap3isp/isp.c | 8 +
drivers/media/platform/omap3isp/ispccdc.c | 1 +
drivers/media/platform/omap3isp/ispccp2.c | 1 +
drivers/media/platform/omap3isp/ispcsi2.c | 1 +
drivers/media/platform/omap3isp/isppreview.c | 1 +
drivers/media/platform/omap3isp/ispresizer.c | 1 +
drivers/media/platform/omap3isp/ispstat.c | 2 +
drivers/media/platform/rcar_fdp1.c | 2 +-
drivers/media/platform/vivid/vivid-kthread-cap.c | 9 +-
drivers/media/platform/vsp1/vsp1_dl.c | 4 +-
drivers/media/radio/si470x/radio-si470x-usb.c | 5 +-
drivers/media/rc/iguanair.c | 15 +-
drivers/media/rc/imon.c | 7 +-
drivers/media/rc/mceusb.c | 334 ++++++++++++---------
drivers/media/rc/mtk-cir.c | 8 +
drivers/media/usb/cpia2/cpia2_usb.c | 4 +
drivers/media/usb/dvb-usb/dib0700_devices.c | 8 +
drivers/media/usb/dvb-usb/pctv452e.c | 8 -
drivers/media/usb/em28xx/em28xx-cards.c | 1 -
drivers/media/usb/gspca/konica.c | 5 +
drivers/media/usb/gspca/nw80x.c | 5 +
drivers/media/usb/gspca/ov519.c | 10 +
drivers/media/usb/gspca/ov534.c | 5 +
drivers/media/usb/gspca/ov534_9.c | 1 +
drivers/media/usb/gspca/se401.c | 5 +
drivers/media/usb/gspca/sn9c20x.c | 12 +
drivers/media/usb/gspca/sonixb.c | 5 +
drivers/media/usb/gspca/sonixj.c | 5 +
drivers/media/usb/gspca/spca1528.c | 5 +
drivers/media/usb/gspca/sq930x.c | 5 +
drivers/media/usb/gspca/sunplus.c | 5 +
drivers/media/usb/gspca/vc032x.c | 5 +
drivers/media/usb/gspca/w996Xcf.c | 5 +
drivers/media/usb/hdpvr/hdpvr-core.c | 13 +-
drivers/media/usb/ttusb-dec/ttusb_dec.c | 2 +-
drivers/media/v4l2-core/videobuf-core.c | 5 +-
drivers/mmc/core/sdio_irq.c | 9 +-
drivers/mmc/host/dw_mmc.c | 4 +
drivers/mmc/host/mtk-sd.c | 3 +
drivers/mmc/host/sdhci.c | 4 +-
drivers/mtd/nand/raw/stm32_fmc2_nand.c | 90 ++----
drivers/net/arcnet/arcnet.c | 31 +-
drivers/net/ethernet/intel/e1000e/ich8lan.c | 10 +
drivers/net/ethernet/intel/e1000e/ich8lan.h | 2 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 5 +
drivers/net/ethernet/marvell/skge.c | 2 +-
.../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 +
drivers/net/ethernet/netronome/nfp/flower/main.c | 7 +
drivers/net/ethernet/nxp/lpc_eth.c | 13 +-
drivers/net/macsec.c | 1 +
drivers/net/phy/micrel.c | 3 +
drivers/net/phy/national.c | 9 +-
drivers/net/ppp/ppp_generic.c | 2 +
drivers/net/usb/cdc_ncm.c | 6 +-
drivers/net/usb/usbnet.c | 8 +
drivers/net/vrf.c | 3 +-
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 2 +-
drivers/net/wireless/ath/ath10k/wmi-tlv.h | 16 +
drivers/net/wireless/ath/ath10k/wmi.h | 8 -
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +-
drivers/net/wireless/marvell/libertas/if_usb.c | 3 +-
drivers/net/wireless/mediatek/mt76/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 15 +-
drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 6 +-
drivers/net/wireless/mediatek/mt76/usb.c | 2 +-
drivers/net/wireless/realtek/rtw88/pci.c | 71 +++--
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 1 -
drivers/nvme/host/multipath.c | 8 +-
drivers/nvme/target/admin-cmd.c | 14 +-
drivers/parisc/dino.c | 24 ++
drivers/platform/chrome/cros_ec_rpmsg.c | 32 +-
drivers/platform/x86/intel_int0002_vgpio.c | 1 +
drivers/platform/x86/intel_pmc_core.c | 8 +-
drivers/ras/Makefile | 3 +-
drivers/ras/cec.c | 1 +
drivers/ras/debugfs.c | 2 +
drivers/regulator/core.c | 42 ++-
drivers/regulator/lm363x-regulator.c | 2 +-
drivers/scsi/device_handler/scsi_dh_rdac.c | 2 +
drivers/scsi/qla2xxx/qla_init.c | 25 +-
drivers/scsi/qla2xxx/qla_os.c | 1 +
drivers/scsi/qla2xxx/qla_target.c | 1 -
drivers/scsi/scsi_lib.c | 13 +
drivers/soc/amlogic/meson-clk-measure.c | 12 +-
drivers/soc/renesas/Kconfig | 5 +
drivers/soc/renesas/rmobile-sysc.c | 31 +-
drivers/spi/spi-dw-mmio.c | 6 +-
drivers/spi/spi-fsl-dspi.c | 4 +-
drivers/staging/media/imx/imx6-mipi-csi2.c | 12 +-
drivers/video/fbdev/efifb.c | 27 +-
fs/binfmt_elf.c | 3 +-
fs/btrfs/ctree.c | 5 +-
fs/btrfs/ctree.h | 1 +
fs/btrfs/delayed-inode.c | 13 +-
fs/btrfs/disk-io.c | 10 +
fs/btrfs/extent-tree.c | 8 +
fs/btrfs/extent_io.c | 9 +
fs/btrfs/free-space-cache.c | 20 +-
fs/btrfs/inode.c | 8 +
fs/btrfs/qgroup.c | 38 ++-
fs/btrfs/tree-checker.c | 98 ++++++
fs/cifs/cifsfs.c | 2 +
fs/cifs/cifsglob.h | 2 +
fs/cifs/connect.c | 9 +-
fs/cifs/smb2ops.c | 10 +
fs/cifs/smb2pdu.c | 3 +-
fs/cifs/xattr.c | 2 +-
fs/ext4/extents.c | 4 +-
fs/ext4/inode.c | 9 +
fs/fuse/dev.c | 93 +++---
fs/fuse/file.c | 1 +
fs/fuse/fuse_i.h | 3 +
fs/fuse/inode.c | 1 +
fs/fuse/readdir.c | 4 +-
fs/gfs2/bmap.c | 1 +
fs/io_uring.c | 4 +-
fs/overlayfs/export.c | 3 +-
fs/overlayfs/inode.c | 3 +-
fs/xfs/xfs_file.c | 26 ++
include/linux/blk-mq.h | 13 +
include/linux/blkdev.h | 15 +-
include/linux/bug.h | 5 +
include/linux/fs.h | 2 +
include/linux/mmc/host.h | 9 +
include/linux/pci_ids.h | 1 +
include/linux/quotaops.h | 2 +-
include/linux/sunrpc/xprt.h | 1 +
include/net/route.h | 3 +-
kernel/kprobes.c | 3 +-
kernel/printk/printk.c | 2 +-
kernel/rcu/tree.c | 6 +-
kernel/sched/core.c | 61 +++-
kernel/sched/cpufreq_schedutil.c | 7 +-
kernel/sched/deadline.c | 33 ++
kernel/sched/fair.c | 11 +-
kernel/sched/idle.c | 5 +-
kernel/sched/psi.c | 2 +-
kernel/time/alarmtimer.c | 4 +-
kernel/time/posix-cpu-timers.c | 20 +-
lib/lzo/lzo1x_compress.c | 14 +-
mm/compaction.c | 35 +--
mm/fadvise.c | 4 +-
mm/madvise.c | 22 +-
mm/memcontrol.c | 10 +
mm/oom_kill.c | 5 +-
mm/z3fold.c | 64 ++--
net/appletalk/ddp.c | 5 +
net/ax25/af_ax25.c | 2 +
net/ieee802154/socket.c | 3 +
net/ipv4/inet_connection_sock.c | 4 +-
net/ipv4/ip_forward.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/route.c | 34 ++-
net/ipv4/tcp_bbr.c | 8 +-
net/ipv4/tcp_timer.c | 5 +-
net/ipv4/xfrm4_policy.c | 1 +
net/ipv6/fib6_rules.c | 3 +-
net/nfc/llcp_sock.c | 7 +-
net/openvswitch/datapath.c | 2 +-
net/qrtr/qrtr.c | 1 +
net/sched/act_api.c | 34 ++-
net/sched/act_sample.c | 1 +
net/sched/cls_api.c | 6 +-
net/sched/sch_api.c | 3 +-
net/sched/sch_cbs.c | 30 +-
net/sched/sch_netem.c | 2 +-
net/sunrpc/clnt.c | 6 +-
net/sunrpc/xdr.c | 27 +-
net/sunrpc/xprt.c | 54 ++--
net/wireless/util.c | 1 +
scripts/Makefile.kasan | 11 +-
scripts/gcc-plugins/randomize_layout_plugin.c | 10 +-
security/keys/trusted.c | 5 +
sound/firewire/motu/motu.c | 12 +
sound/firewire/tascam/tascam-pcm.c | 3 +
sound/firewire/tascam/tascam-stream.c | 42 ++-
sound/hda/hdac_controller.c | 2 +
sound/i2c/other/ak4xxx-adda.c | 7 +-
sound/pci/hda/hda_codec.c | 8 +-
sound/pci/hda/hda_controller.c | 5 +-
sound/pci/hda/hda_intel.c | 2 +-
sound/pci/hda/patch_hdmi.c | 9 +-
sound/pci/hda/patch_realtek.c | 90 ++++++
sound/soc/atmel/mchp-i2s-mcc.c | 41 ++-
sound/soc/codecs/es8316.c | 7 +-
sound/soc/codecs/hdac_hda.c | 4 +
sound/soc/codecs/sgtl5000.c | 21 +-
sound/soc/codecs/tlv320aic31xx.c | 7 +-
sound/soc/fsl/fsl_ssi.c | 18 +-
sound/soc/generic/simple-card-utils.c | 7 +
sound/soc/intel/common/sst-acpi.c | 3 +-
sound/soc/intel/common/sst-ipc.c | 2 +
sound/soc/intel/skylake/skl-debug.c | 2 +-
sound/soc/intel/skylake/skl-nhlt.c | 2 +-
sound/soc/sh/rcar/adg.c | 21 +-
sound/soc/soc-generic-dmaengine-pcm.c | 6 +
sound/soc/sof/intel/hda-codec.c | 6 +-
sound/soc/sof/sof-pci-dev.c | 3 +
sound/soc/sunxi/sun4i-i2s.c | 9 +-
sound/soc/uniphier/aio-cpu.c | 31 +-
sound/soc/uniphier/aio.h | 1 +
sound/usb/pcm.c | 1 +
tools/include/uapi/asm/bitsperlong.h | 18 +-
tools/lib/traceevent/Makefile | 6 +-
tools/lib/traceevent/event-plugin.c | 2 +-
tools/perf/arch/x86/util/kvm-stat.c | 4 +-
tools/perf/arch/x86/util/tsc.c | 6 +-
tools/perf/perf.c | 3 +
tools/perf/tests/shell/trace+probe_vfs_getname.sh | 4 +
tools/perf/trace/beauty/ioctl.c | 2 +-
tools/perf/ui/browsers/scripts.c | 6 +-
tools/perf/ui/helpline.c | 4 +-
tools/perf/ui/util.c | 2 +-
tools/perf/util/evlist.c | 9 +
tools/perf/util/header.c | 4 +-
tools/perf/util/hist.c | 5 +-
tools/perf/util/map.c | 3 +-
tools/perf/util/map_groups.h | 4 +
tools/perf/util/thread.c | 7 +-
tools/perf/util/thread.h | 4 -
tools/perf/util/unwind-libunwind-local.c | 18 +-
tools/perf/util/unwind-libunwind.c | 34 +--
tools/perf/util/unwind.h | 25 +-
tools/perf/util/xyarray.h | 3 +-
tools/testing/selftests/net/fib_tests.sh | 21 +-
369 files changed, 3159 insertions(+), 1539 deletions(-)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 001/313] arcnet: provide a buffer big enough to actually receive packets
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 002/313] cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize Greg Kroah-Hartman
` (315 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König,
Michael Grzeschik, David S. Miller
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 108639aac35eb57f1d0e8333f5fc8c7ff68df938 ]
struct archdr is only big enough to hold the header of various types of
arcnet packets. So to provide enough space to hold the data read from
hardware provide a buffer large enough to hold a packet with maximal
size.
The problem was noticed by the stack protector which makes the kernel
oops.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/arcnet/arcnet.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
--- a/drivers/net/arcnet/arcnet.c
+++ b/drivers/net/arcnet/arcnet.c
@@ -1063,31 +1063,34 @@ EXPORT_SYMBOL(arcnet_interrupt);
static void arcnet_rx(struct net_device *dev, int bufnum)
{
struct arcnet_local *lp = netdev_priv(dev);
- struct archdr pkt;
+ union {
+ struct archdr pkt;
+ char buf[512];
+ } rxdata;
struct arc_rfc1201 *soft;
int length, ofs;
- soft = &pkt.soft.rfc1201;
+ soft = &rxdata.pkt.soft.rfc1201;
- lp->hw.copy_from_card(dev, bufnum, 0, &pkt, ARC_HDR_SIZE);
- if (pkt.hard.offset[0]) {
- ofs = pkt.hard.offset[0];
+ lp->hw.copy_from_card(dev, bufnum, 0, &rxdata.pkt, ARC_HDR_SIZE);
+ if (rxdata.pkt.hard.offset[0]) {
+ ofs = rxdata.pkt.hard.offset[0];
length = 256 - ofs;
} else {
- ofs = pkt.hard.offset[1];
+ ofs = rxdata.pkt.hard.offset[1];
length = 512 - ofs;
}
/* get the full header, if possible */
- if (sizeof(pkt.soft) <= length) {
- lp->hw.copy_from_card(dev, bufnum, ofs, soft, sizeof(pkt.soft));
+ if (sizeof(rxdata.pkt.soft) <= length) {
+ lp->hw.copy_from_card(dev, bufnum, ofs, soft, sizeof(rxdata.pkt.soft));
} else {
- memset(&pkt.soft, 0, sizeof(pkt.soft));
+ memset(&rxdata.pkt.soft, 0, sizeof(rxdata.pkt.soft));
lp->hw.copy_from_card(dev, bufnum, ofs, soft, length);
}
arc_printk(D_DURING, dev, "Buffer #%d: received packet from %02Xh to %02Xh (%d+4 bytes)\n",
- bufnum, pkt.hard.source, pkt.hard.dest, length);
+ bufnum, rxdata.pkt.hard.source, rxdata.pkt.hard.dest, length);
dev->stats.rx_packets++;
dev->stats.rx_bytes += length + ARC_HDR_SIZE;
@@ -1096,13 +1099,13 @@ static void arcnet_rx(struct net_device
if (arc_proto_map[soft->proto]->is_ip) {
if (BUGLVL(D_PROTO)) {
struct ArcProto
- *oldp = arc_proto_map[lp->default_proto[pkt.hard.source]],
+ *oldp = arc_proto_map[lp->default_proto[rxdata.pkt.hard.source]],
*newp = arc_proto_map[soft->proto];
if (oldp != newp) {
arc_printk(D_PROTO, dev,
"got protocol %02Xh; encap for host %02Xh is now '%c' (was '%c')\n",
- soft->proto, pkt.hard.source,
+ soft->proto, rxdata.pkt.hard.source,
newp->suffix, oldp->suffix);
}
}
@@ -1111,10 +1114,10 @@ static void arcnet_rx(struct net_device
lp->default_proto[0] = soft->proto;
/* in striking contrast, the following isn't a hack. */
- lp->default_proto[pkt.hard.source] = soft->proto;
+ lp->default_proto[rxdata.pkt.hard.source] = soft->proto;
}
/* call the protocol-specific receiver. */
- arc_proto_map[soft->proto]->rx(dev, bufnum, &pkt, length);
+ arc_proto_map[soft->proto]->rx(dev, bufnum, &rxdata.pkt, length);
}
static void null_rx(struct net_device *dev, int bufnum,
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 002/313] cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 001/313] arcnet: provide a buffer big enough to actually receive packets Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 003/313] ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule Greg Kroah-Hartman
` (314 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+ce366e2b8296e25d84f5,
Bjørn Mork, Jakub Kicinski
From: Bjørn Mork <bjorn@mork.no>
[ Upstream commit 3fe4b3351301660653a2bc73f2226da0ebd2b95e ]
Endpoints with zero wMaxPacketSize are not usable for transferring
data. Ignore such endpoints when looking for valid in, out and
status pipes, to make the driver more robust against invalid and
meaningless descriptors.
The wMaxPacketSize of the out pipe is used as divisor. So this change
fixes a divide-by-zero bug.
Reported-by: syzbot+ce366e2b8296e25d84f5@syzkaller.appspotmail.com
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/cdc_ncm.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/net/usb/cdc_ncm.c
+++ b/drivers/net/usb/cdc_ncm.c
@@ -681,8 +681,12 @@ cdc_ncm_find_endpoints(struct usbnet *de
u8 ep;
for (ep = 0; ep < intf->cur_altsetting->desc.bNumEndpoints; ep++) {
-
e = intf->cur_altsetting->endpoint + ep;
+
+ /* ignore endpoints which cannot transfer data */
+ if (!usb_endpoint_maxp(&e->desc))
+ continue;
+
switch (e->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) {
case USB_ENDPOINT_XFER_INT:
if (usb_endpoint_dir_in(&e->desc)) {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 003/313] ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 001/313] arcnet: provide a buffer big enough to actually receive packets Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 002/313] cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2020-06-23 22:07 ` Jason A. Donenfeld
2019-10-03 15:49 ` [PATCH 5.2 004/313] macsec: drop skb sk before calling gro_cells_receive Greg Kroah-Hartman
` (313 subsequent siblings)
316 siblings, 1 reply; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld, Wei Wang,
David S. Miller
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
[ Upstream commit ca7a03c4175366a92cee0ccc4fec0038c3266e26 ]
Commit 7d9e5f422150 removed references from certain dsts, but accounting
for this never translated down into the fib6 suppression code. This bug
was triggered by WireGuard users who use wg-quick(8), which uses the
"suppress-prefix" directive to ip-rule(8) for routing all of their
internet traffic without routing loops. The test case added here
causes the reference underflow by causing packets to evaluate a suppress
rule.
Fixes: 7d9e5f422150 ("ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Wei Wang <weiwan@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/fib6_rules.c | 3 ++-
tools/testing/selftests/net/fib_tests.sh | 17 ++++++++++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -285,7 +285,8 @@ static bool fib6_rule_suppress(struct fi
return false;
suppress_route:
- ip6_rt_put(rt);
+ if (!(arg->flags & FIB_LOOKUP_NOREF))
+ ip6_rt_put(rt);
return true;
}
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -9,7 +9,7 @@ ret=0
ksft_skip=4
# all tests in this script. Can be overridden with -t option
-TESTS="unregister down carrier nexthop ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics ipv4_route_metrics ipv4_route_v6_gw"
+TESTS="unregister down carrier nexthop suppress ipv6_rt ipv4_rt ipv6_addr_metric ipv4_addr_metric ipv6_route_metrics ipv4_route_metrics ipv4_route_v6_gw"
VERBOSE=0
PAUSE_ON_FAIL=no
@@ -582,6 +582,20 @@ fib_nexthop_test()
cleanup
}
+fib_suppress_test()
+{
+ $IP link add dummy1 type dummy
+ $IP link set dummy1 up
+ $IP -6 route add default dev dummy1
+ $IP -6 rule add table main suppress_prefixlength 0
+ ping -f -c 1000 -W 1 1234::1 || true
+ $IP -6 rule del table main suppress_prefixlength 0
+ $IP link del dummy1
+
+ # If we got here without crashing, we're good.
+ return 0
+}
+
################################################################################
# Tests on route add and replace
@@ -1558,6 +1572,7 @@ do
fib_down_test|down) fib_down_test;;
fib_carrier_test|carrier) fib_carrier_test;;
fib_nexthop_test|nexthop) fib_nexthop_test;;
+ fib_suppress_test|suppress) fib_suppress_test;;
ipv6_route_test|ipv6_rt) ipv6_route_test;;
ipv4_route_test|ipv4_rt) ipv4_route_test;;
ipv6_addr_metric) ipv6_addr_metric_test;;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 004/313] macsec: drop skb sk before calling gro_cells_receive
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 003/313] ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 005/313] net/phy: fix DP83865 10 Mbps HDX loopback disable function Greg Kroah-Hartman
` (312 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiumei Mu, Fei Liu, Xin Long,
David S. Miller
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit ba56d8ce38c8252fff5b745db3899cf092578ede ]
Fei Liu reported a crash when doing netperf on a topo of macsec
dev over veth:
[ 448.919128] refcount_t: underflow; use-after-free.
[ 449.090460] Call trace:
[ 449.092895] refcount_sub_and_test+0xb4/0xc0
[ 449.097155] tcp_wfree+0x2c/0x150
[ 449.100460] ip_rcv+0x1d4/0x3a8
[ 449.103591] __netif_receive_skb_core+0x554/0xae0
[ 449.108282] __netif_receive_skb+0x28/0x78
[ 449.112366] netif_receive_skb_internal+0x54/0x100
[ 449.117144] napi_gro_complete+0x70/0xc0
[ 449.121054] napi_gro_flush+0x6c/0x90
[ 449.124703] napi_complete_done+0x50/0x130
[ 449.128788] gro_cell_poll+0x8c/0xa8
[ 449.132351] net_rx_action+0x16c/0x3f8
[ 449.136088] __do_softirq+0x128/0x320
The issue was caused by skb's true_size changed without its sk's
sk_wmem_alloc increased in tcp/skb_gro_receive(). Later when the
skb is being freed and the skb's truesize is subtracted from its
sk's sk_wmem_alloc in tcp_wfree(), underflow occurs.
macsec is calling gro_cells_receive() to receive a packet, which
actually requires skb->sk to be NULL. However when macsec dev is
over veth, it's possible the skb->sk is still set if the skb was
not unshared or expanded from the peer veth.
ip_rcv() is calling skb_orphan() to drop the skb's sk for tproxy,
but it is too late for macsec's calling gro_cells_receive(). So
fix it by dropping the skb's sk earlier on rx path of macsec.
Fixes: 5491e7c6b1a9 ("macsec: enable GRO and RPS on macsec devices")
Reported-by: Xiumei Mu <xmu@redhat.com>
Reported-by: Fei Liu <feliu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macsec.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1235,6 +1235,7 @@ deliver:
macsec_rxsa_put(rx_sa);
macsec_rxsc_put(rx_sc);
+ skb_orphan(skb);
ret = gro_cells_receive(&macsec->gro_cells, skb);
if (ret == NET_RX_SUCCESS)
count_rx(dev, skb->len);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 005/313] net/phy: fix DP83865 10 Mbps HDX loopback disable function
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 004/313] macsec: drop skb sk before calling gro_cells_receive Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 006/313] net: qrtr: Stop rx_worker before freeing node Greg Kroah-Hartman
` (311 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Mamonov, Andrew Lunn, Jakub Kicinski
From: Peter Mamonov <pmamonov@gmail.com>
[ Upstream commit e47488b2df7f9cb405789c7f5d4c27909fc597ae ]
According to the DP83865 datasheet "the 10 Mbps HDX loopback can be
disabled in the expanded memory register 0x1C0.1". The driver erroneously
used bit 0 instead of bit 1.
Fixes: 4621bf129856 ("phy: Add file missed in previous commit.")
Signed-off-by: Peter Mamonov <pmamonov@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/national.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/net/phy/national.c
+++ b/drivers/net/phy/national.c
@@ -105,14 +105,17 @@ static void ns_giga_speed_fallback(struc
static void ns_10_base_t_hdx_loopack(struct phy_device *phydev, int disable)
{
+ u16 lb_dis = BIT(1);
+
if (disable)
- ns_exp_write(phydev, 0x1c0, ns_exp_read(phydev, 0x1c0) | 1);
+ ns_exp_write(phydev, 0x1c0,
+ ns_exp_read(phydev, 0x1c0) | lb_dis);
else
ns_exp_write(phydev, 0x1c0,
- ns_exp_read(phydev, 0x1c0) & 0xfffe);
+ ns_exp_read(phydev, 0x1c0) & ~lb_dis);
pr_debug("10BASE-T HDX loopback %s\n",
- (ns_exp_read(phydev, 0x1c0) & 0x0001) ? "off" : "on");
+ (ns_exp_read(phydev, 0x1c0) & lb_dis) ? "off" : "on");
}
static int ns_config_init(struct phy_device *phydev)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 006/313] net: qrtr: Stop rx_worker before freeing node
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 005/313] net/phy: fix DP83865 10 Mbps HDX loopback disable function Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 007/313] net/sched: act_sample: dont push mac header on ip6gre ingress Greg Kroah-Hartman
` (310 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjorn Andersson, Jakub Kicinski
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit 73f0c11d11329a0d6d205d4312b6e5d2512af7c5 ]
As the endpoint is unregistered there might still be work pending to
handle incoming messages, which will result in a use after free
scenario. The plan is to remove the rx_worker, but until then (and for
stable@) ensure that the work is stopped before the node is freed.
Fixes: bdabad3e363d ("net: Add Qualcomm IPC router")
Cc: stable@vger.kernel.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/qrtr/qrtr.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/qrtr/qrtr.c
+++ b/net/qrtr/qrtr.c
@@ -150,6 +150,7 @@ static void __qrtr_node_release(struct k
list_del(&node->item);
mutex_unlock(&qrtr_node_lock);
+ cancel_work_sync(&node->work);
skb_queue_purge(&node->rx_queue);
kfree(node);
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 007/313] net/sched: act_sample: dont push mac header on ip6gre ingress
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 006/313] net: qrtr: Stop rx_worker before freeing node Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 008/313] net_sched: add max len check for TCA_KIND Greg Kroah-Hartman
` (309 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Davide Caratti, Yotam Gigi, Jakub Kicinski
From: Davide Caratti <dcaratti@redhat.com>
[ Upstream commit 92974a1d006ad8b30d53047c70974c9e065eb7df ]
current 'sample' action doesn't push the mac header of ingress packets if
they are received by a layer 3 tunnel (like gre or sit); but it forgot to
check for gre over ipv6, so the following script:
# tc q a dev $d clsact
# tc f a dev $d ingress protocol ip flower ip_proto icmp action sample \
> group 100 rate 1
# psample -v -g 100
dumps everything, including outer header and mac, when $d is a gre tunnel
over ipv6. Fix this adding a missing label for ARPHRD_IP6GRE devices.
Fixes: 5c5670fae430 ("net/sched: Introduce sample tc action")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Yotam Gigi <yotam.gi@gmail.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/act_sample.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/sched/act_sample.c
+++ b/net/sched/act_sample.c
@@ -146,6 +146,7 @@ static bool tcf_sample_dev_ok_push(struc
case ARPHRD_TUNNEL6:
case ARPHRD_SIT:
case ARPHRD_IPGRE:
+ case ARPHRD_IP6GRE:
case ARPHRD_VOID:
case ARPHRD_NONE:
return false;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 008/313] net_sched: add max len check for TCA_KIND
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 007/313] net/sched: act_sample: dont push mac header on ip6gre ingress Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 009/313] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs Greg Kroah-Hartman
` (308 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Cong Wang,
David Ahern, Jiri Pirko, Jakub Kicinski,
syzbot+618aacd49e8c8b8486bd
From: Cong Wang <xiyou.wangcong@gmail.com>
[ Upstream commit 62794fc4fbf52f2209dc094ea255eaef760e7d01 ]
The TCA_KIND attribute is of NLA_STRING which does not check
the NUL char. KMSAN reported an uninit-value of TCA_KIND which
is likely caused by the lack of NUL.
Change it to NLA_NUL_STRING and add a max len too.
Fixes: 8b4c3cdd9dd8 ("net: sched: Add policy validation for tc attributes")
Reported-and-tested-by: syzbot+618aacd49e8c8b8486bd@syzkaller.appspotmail.com
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_api.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1390,7 +1390,8 @@ check_loop_fn(struct Qdisc *q, unsigned
}
const struct nla_policy rtm_tca_policy[TCA_MAX + 1] = {
- [TCA_KIND] = { .type = NLA_STRING },
+ [TCA_KIND] = { .type = NLA_NUL_STRING,
+ .len = IFNAMSIZ - 1 },
[TCA_RATE] = { .type = NLA_BINARY,
.len = sizeof(struct tc_estimator) },
[TCA_STAB] = { .type = NLA_NESTED },
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 009/313] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 008/313] net_sched: add max len check for TCA_KIND Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 010/313] nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs Greg Kroah-Hartman
` (307 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Navid Emamdoost, Jakub Kicinski,
David S. Miller
From: Navid Emamdoost <navid.emamdoost@gmail.com>
[ Upstream commit 8ce39eb5a67aee25d9f05b40b673c95b23502e3e ]
In nfp_flower_spawn_vnic_reprs in the loop if initialization or the
allocations fail memory is leaked. Appropriate releases are added.
Fixes: b94524529741 ("nfp: flower: add per repr private data for LAG offload")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/flower/main.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/netronome/nfp/flower/main.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/main.c
@@ -400,6 +400,7 @@ nfp_flower_spawn_vnic_reprs(struct nfp_a
repr_priv = kzalloc(sizeof(*repr_priv), GFP_KERNEL);
if (!repr_priv) {
err = -ENOMEM;
+ nfp_repr_free(repr);
goto err_reprs_clean;
}
@@ -413,6 +414,7 @@ nfp_flower_spawn_vnic_reprs(struct nfp_a
port = nfp_port_alloc(app, port_type, repr);
if (IS_ERR(port)) {
err = PTR_ERR(port);
+ kfree(repr_priv);
nfp_repr_free(repr);
goto err_reprs_clean;
}
@@ -433,6 +435,7 @@ nfp_flower_spawn_vnic_reprs(struct nfp_a
err = nfp_repr_init(app, repr,
port_id, port, priv->nn->dp.netdev);
if (err) {
+ kfree(repr_priv);
nfp_port_free(port);
nfp_repr_free(repr);
goto err_reprs_clean;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 010/313] nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 009/313] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 011/313] openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC Greg Kroah-Hartman
` (306 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Navid Emamdoost, Jakub Kicinski,
David S. Miller
From: Navid Emamdoost <navid.emamdoost@gmail.com>
[ Upstream commit 8572cea1461a006bce1d06c0c4b0575869125fa4 ]
In nfp_flower_spawn_phy_reprs, in the for loop over eth_tbl if any of
intermediate allocations or initializations fail memory is leaked.
requiered releases are added.
Fixes: b94524529741 ("nfp: flower: add per repr private data for LAG offload")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/flower/main.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/ethernet/netronome/nfp/flower/main.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/main.c
@@ -518,6 +518,7 @@ nfp_flower_spawn_phy_reprs(struct nfp_ap
repr_priv = kzalloc(sizeof(*repr_priv), GFP_KERNEL);
if (!repr_priv) {
err = -ENOMEM;
+ nfp_repr_free(repr);
goto err_reprs_clean;
}
@@ -528,11 +529,13 @@ nfp_flower_spawn_phy_reprs(struct nfp_ap
port = nfp_port_alloc(app, NFP_PORT_PHYS_PORT, repr);
if (IS_ERR(port)) {
err = PTR_ERR(port);
+ kfree(repr_priv);
nfp_repr_free(repr);
goto err_reprs_clean;
}
err = nfp_port_init_phy_port(app->pf, app, port, i);
if (err) {
+ kfree(repr_priv);
nfp_port_free(port);
nfp_repr_free(repr);
goto err_reprs_clean;
@@ -545,6 +548,7 @@ nfp_flower_spawn_phy_reprs(struct nfp_ap
err = nfp_repr_init(app, repr,
cmsg_port_id, port, priv->nn->dp.netdev);
if (err) {
+ kfree(repr_priv);
nfp_port_free(port);
nfp_repr_free(repr);
goto err_reprs_clean;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 011/313] openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 010/313] nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 012/313] ppp: Fix memory leak in ppp_write Greg Kroah-Hartman
` (305 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li RongQing, Pravin B Shelar,
David S. Miller
From: Li RongQing <lirongqing@baidu.com>
[ Upstream commit ea8564c865299815095bebeb4b25bef474218e4c ]
userspace openvswitch patch "(dpif-linux: Implement the API
functions to allow multiple handler threads read upcall)"
changes its type from U32 to UNSPEC, but leave the kernel
unchanged
and after kernel 6e237d099fac "(netlink: Relax attr validation
for fixed length types)", this bug is exposed by the below
warning
[ 57.215841] netlink: 'ovs-vswitchd': attribute type 5 has an invalid length.
Fixes: 5cd667b0a456 ("openvswitch: Allow each vport to have an array of 'port_id's")
Signed-off-by: Li RongQing <lirongqing@baidu.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/openvswitch/datapath.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/openvswitch/datapath.c
+++ b/net/openvswitch/datapath.c
@@ -2245,7 +2245,7 @@ static const struct nla_policy vport_pol
[OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
[OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
[OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
- [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_U32 },
+ [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_UNSPEC },
[OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
[OVS_VPORT_ATTR_IFINDEX] = { .type = NLA_U32 },
[OVS_VPORT_ATTR_NETNSID] = { .type = NLA_S32 },
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 012/313] ppp: Fix memory leak in ppp_write
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 011/313] openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 013/313] sch_netem: fix a divide by zero in tabledist() Greg Kroah-Hartman
` (304 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takeshi Misawa, Guillaume Nault,
David S. Miller, syzbot+d9c8bf24e56416d7ce2c
From: Takeshi Misawa <jeliantsurux@gmail.com>
[ Upstream commit 4c247de564f1ff614d11b3bb5313fb70d7b9598b ]
When ppp is closing, __ppp_xmit_process() failed to enqueue skb
and skb allocated in ppp_write() is leaked.
syzbot reported :
BUG: memory leak
unreferenced object 0xffff88812a17bc00 (size 224):
comm "syz-executor673", pid 6952, jiffies 4294942888 (age 13.040s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d110fff9>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
[<00000000d110fff9>] slab_post_alloc_hook mm/slab.h:522 [inline]
[<00000000d110fff9>] slab_alloc_node mm/slab.c:3262 [inline]
[<00000000d110fff9>] kmem_cache_alloc_node+0x163/0x2f0 mm/slab.c:3574
[<000000002d616113>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:197
[<000000000167fc45>] alloc_skb include/linux/skbuff.h:1055 [inline]
[<000000000167fc45>] ppp_write+0x48/0x120 drivers/net/ppp/ppp_generic.c:502
[<000000009ab42c0b>] __vfs_write+0x43/0xa0 fs/read_write.c:494
[<00000000086b2e22>] vfs_write fs/read_write.c:558 [inline]
[<00000000086b2e22>] vfs_write+0xee/0x210 fs/read_write.c:542
[<00000000a2b70ef9>] ksys_write+0x7c/0x130 fs/read_write.c:611
[<00000000ce5e0fdd>] __do_sys_write fs/read_write.c:623 [inline]
[<00000000ce5e0fdd>] __se_sys_write fs/read_write.c:620 [inline]
[<00000000ce5e0fdd>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
[<00000000d9d7b370>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:296
[<0000000006e6d506>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fix this by freeing skb, if ppp is closing.
Fixes: 6d066734e9f0 ("ppp: avoid loop in xmit recursion detection code")
Reported-and-tested-by: syzbot+d9c8bf24e56416d7ce2c@syzkaller.appspotmail.com
Signed-off-by: Takeshi Misawa <jeliantsurux@gmail.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Tested-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ppp/ppp_generic.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -1415,6 +1415,8 @@ static void __ppp_xmit_process(struct pp
netif_wake_queue(ppp->dev);
else
netif_stop_queue(ppp->dev);
+ } else {
+ kfree_skb(skb);
}
ppp_xmit_unlock(ppp);
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 013/313] sch_netem: fix a divide by zero in tabledist()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 012/313] ppp: Fix memory leak in ppp_write Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 014/313] selftests: Update fib_tests to handle missing ping6 Greg Kroah-Hartman
` (303 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, Jakub Kicinski
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit b41d936b5ecfdb3a4abc525ce6402a6c49cffddc ]
syzbot managed to crash the kernel in tabledist() loading
an empty distribution table.
t = dist->table[rnd % dist->size];
Simply return an error when such load is attempted.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_netem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -777,7 +777,7 @@ static int get_dist_table(struct Qdisc *
struct disttable *d;
int i;
- if (n > NETEM_DIST_MAX)
+ if (!n || n > NETEM_DIST_MAX)
return -EINVAL;
d = kvmalloc(sizeof(struct disttable) + n * sizeof(s16), GFP_KERNEL);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 014/313] selftests: Update fib_tests to handle missing ping6
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 013/313] sch_netem: fix a divide by zero in tabledist() Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 015/313] skge: fix checksum byte order Greg Kroah-Hartman
` (302 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Ahern, Jakub Kicinski
From: David Ahern <dsahern@gmail.com>
[ Upstream commit 0360894a05ed52be268e3c4d40b2df9d94975fa6 ]
Some distributions (e.g., debian buster) do not install ping6. Re-use
the hook in pmtu.sh to detect this and fallback to ping.
Fixes: a0e11da78f48 ("fib_tests: Add tests for metrics on routes")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/fib_tests.sh | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/tools/testing/selftests/net/fib_tests.sh
+++ b/tools/testing/selftests/net/fib_tests.sh
@@ -16,6 +16,8 @@ PAUSE_ON_FAIL=no
PAUSE=no
IP="ip -netns ns1"
+which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
+
log_test()
{
local rc=$1
@@ -1068,7 +1070,7 @@ ipv6_route_metrics_test()
log_test $rc 0 "Multipath route with mtu metric"
$IP -6 ro add 2001:db8:104::/64 via 2001:db8:101::2 mtu 1300
- run_cmd "ip netns exec ns1 ping6 -w1 -c1 -s 1500 2001:db8:104::1"
+ run_cmd "ip netns exec ns1 ${ping6} -w1 -c1 -s 1500 2001:db8:104::1"
log_test $? 0 "Using route with mtu metric"
run_cmd "$IP -6 ro add 2001:db8:114::/64 via 2001:db8:101::2 congctl lock foo"
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 015/313] skge: fix checksum byte order
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 014/313] selftests: Update fib_tests to handle missing ping6 Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 016/313] tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth Greg Kroah-Hartman
` (301 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benoit, Stephen Hemminger, David S. Miller
From: Stephen Hemminger <stephen@networkplumber.org>
[ Upstream commit 5aafeb74b5bb65b34cc87c7623f9fa163a34fa3b ]
Running old skge driver on PowerPC causes checksum errors
because hardware reported 1's complement checksum is in little-endian
byte order.
Reported-by: Benoit <benoit.sansoni@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/marvell/skge.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/marvell/skge.c
+++ b/drivers/net/ethernet/marvell/skge.c
@@ -3110,7 +3110,7 @@ static struct sk_buff *skge_rx_get(struc
skb_put(skb, len);
if (dev->features & NETIF_F_RXCSUM) {
- skb->csum = csum;
+ skb->csum = le16_to_cpu(csum);
skb->ip_summed = CHECKSUM_COMPLETE;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 016/313] tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 015/313] skge: fix checksum byte order Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 017/313] usbnet: ignore endpoints with invalid wMaxPacketSize Greg Kroah-Hartman
` (300 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin(Yudong) Yang, Neal Cardwell,
Yuchung Cheng, Soheil Hassas Yeganeh, Priyaranjan Jha,
David S. Miller
From: "Kevin(Yudong) Yang" <yyd@google.com>
[ Upstream commit 6b3656a60f2067738d1a423328199720806f0c44 ]
There was a bug in the previous logic that attempted to ensure gain cycling
gets inflight above BDP even for small BDPs. This code correctly raised and
lowered target inflight values during the gain cycle. And this code
correctly ensured that cwnd was raised when probing bandwidth. However, it
did not correspondingly ensure that cwnd was *not* raised in this way when
*not* probing for bandwidth. The result was that small-BDP flows that were
always cwnd-bound could go for many cycles with a fixed cwnd, and not probe
or yield bandwidth at all. This meant that multiple small-BDP flows could
fail to converge in their bandwidth allocations.
Fixes: 3c346b233c68 ("tcp_bbr: fix bw probing to raise in-flight data for very small BDPs")
Signed-off-by: Kevin(Yudong) Yang <yyd@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Acked-by: Priyaranjan Jha <priyarjha@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_bbr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/ipv4/tcp_bbr.c
+++ b/net/ipv4/tcp_bbr.c
@@ -386,7 +386,7 @@ static u32 bbr_bdp(struct sock *sk, u32
* which allows 2 outstanding 2-packet sequences, to try to keep pipe
* full even with ACK-every-other-packet delayed ACKs.
*/
-static u32 bbr_quantization_budget(struct sock *sk, u32 cwnd, int gain)
+static u32 bbr_quantization_budget(struct sock *sk, u32 cwnd)
{
struct bbr *bbr = inet_csk_ca(sk);
@@ -397,7 +397,7 @@ static u32 bbr_quantization_budget(struc
cwnd = (cwnd + 1) & ~1U;
/* Ensure gain cycling gets inflight above BDP even for small BDPs. */
- if (bbr->mode == BBR_PROBE_BW && gain > BBR_UNIT)
+ if (bbr->mode == BBR_PROBE_BW && bbr->cycle_idx == 0)
cwnd += 2;
return cwnd;
@@ -409,7 +409,7 @@ static u32 bbr_inflight(struct sock *sk,
u32 inflight;
inflight = bbr_bdp(sk, bw, gain);
- inflight = bbr_quantization_budget(sk, inflight, gain);
+ inflight = bbr_quantization_budget(sk, inflight);
return inflight;
}
@@ -529,7 +529,7 @@ static void bbr_set_cwnd(struct sock *sk
* due to aggregation (of data and/or ACKs) visible in the ACK stream.
*/
target_cwnd += bbr_ack_aggregation_cwnd(sk);
- target_cwnd = bbr_quantization_budget(sk, target_cwnd, gain);
+ target_cwnd = bbr_quantization_budget(sk, target_cwnd);
/* If we're below target cwnd, slow start cwnd toward target cwnd. */
if (bbr_full_bw_reached(sk)) /* only cut cwnd if we filled the pipe */
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 017/313] usbnet: ignore endpoints with invalid wMaxPacketSize
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 016/313] tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 018/313] usbnet: sanity checking of packet sizes and device mtu Greg Kroah-Hartman
` (299 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjørn Mork, Jakub Kicinski
From: Bjørn Mork <bjorn@mork.no>
[ Upstream commit 8d3d7c2029c1b360f1a6b0a2fca470b57eb575c0 ]
Endpoints with zero wMaxPacketSize are not usable for transferring
data. Ignore such endpoints when looking for valid in, out and
status pipes, to make the drivers more robust against invalid and
meaningless descriptors.
The wMaxPacketSize of these endpoints are used for memory allocations
and as divisors in many usbnet minidrivers. Avoiding zero is therefore
critical.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/usbnet.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -100,6 +100,11 @@ int usbnet_get_endpoints(struct usbnet *
int intr = 0;
e = alt->endpoint + ep;
+
+ /* ignore endpoints which cannot transfer data */
+ if (!usb_endpoint_maxp(&e->desc))
+ continue;
+
switch (e->desc.bmAttributes) {
case USB_ENDPOINT_XFER_INT:
if (!usb_endpoint_dir_in(&e->desc))
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 018/313] usbnet: sanity checking of packet sizes and device mtu
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 017/313] usbnet: ignore endpoints with invalid wMaxPacketSize Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 019/313] net: phy: micrel: add Asym Pause workaround for KSZ9021 Greg Kroah-Hartman
` (298 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oliver Neukum, David S. Miller
From: Oliver Neukum <oneukum@suse.com>
[ Upstream commit 280ceaed79f18db930c0cc8bb21f6493490bf29c ]
After a reset packet sizes and device mtu can change and need
to be reevaluated to calculate queue sizes.
Malicious devices can set this to zero and we divide by it.
Introduce sanity checking.
Reported-and-tested-by: syzbot+6102c120be558c885f04@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/usbnet.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -344,6 +344,8 @@ void usbnet_update_max_qlen(struct usbne
{
enum usb_device_speed speed = dev->udev->speed;
+ if (!dev->rx_urb_size || !dev->hard_mtu)
+ goto insanity;
switch (speed) {
case USB_SPEED_HIGH:
dev->rx_qlen = MAX_QUEUE_MEMORY / dev->rx_urb_size;
@@ -360,6 +362,7 @@ void usbnet_update_max_qlen(struct usbne
dev->tx_qlen = 5 * MAX_QUEUE_MEMORY / dev->hard_mtu;
break;
default:
+insanity:
dev->rx_qlen = dev->tx_qlen = 4;
}
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 019/313] net: phy: micrel: add Asym Pause workaround for KSZ9021
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 018/313] usbnet: sanity checking of packet sizes and device mtu Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 020/313] net/sched: cbs: Fix not adding cbs instance to list Greg Kroah-Hartman
` (297 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Andersson, Andrew Lunn, David S. Miller
From: Hans Andersson <hans.andersson@cellavision.se>
[ Upstream commit 407d8098cb1ab338199f4753162799a488d87d23 ]
The Micrel KSZ9031 PHY may fail to establish a link when the Asymmetric
Pause capability is set. This issue is described in a Silicon Errata
(DS80000691D or DS80000692D), which advises to always disable the
capability.
Micrel KSZ9021 has no errata, but has the same issue with Asymmetric Pause.
This patch apply the same workaround as the one for KSZ9031.
Fixes: 3aed3e2a143c ("net: phy: micrel: add Asym Pause workaround")
Signed-off-by: Hans Andersson <hans.andersson@cellavision.se>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/micrel.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/phy/micrel.c
+++ b/drivers/net/phy/micrel.c
@@ -763,6 +763,8 @@ static int ksz9031_get_features(struct p
* Whenever the device's Asymmetric Pause capability is set to 1,
* link-up may fail after a link-up to link-down transition.
*
+ * The Errata Sheet is for ksz9031, but ksz9021 has the same issue
+ *
* Workaround:
* Do not enable the Asymmetric Pause capability bit.
*/
@@ -1076,6 +1078,7 @@ static struct phy_driver ksphy_driver[]
/* PHY_GBIT_FEATURES */
.driver_data = &ksz9021_type,
.probe = kszphy_probe,
+ .get_features = ksz9031_get_features,
.config_init = ksz9021_config_init,
.ack_interrupt = kszphy_ack_interrupt,
.config_intr = kszphy_config_intr,
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 020/313] net/sched: cbs: Fix not adding cbs instance to list
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 019/313] net: phy: micrel: add Asym Pause workaround for KSZ9021 Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 021/313] ipv4: Revert removal of rt_uses_gateway Greg Kroah-Hartman
` (296 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vinicius Costa Gomes, Cong Wang,
David S. Miller
From: Vinicius Costa Gomes <vinicius.gomes@intel.com>
[ Upstream commit 3e8b9bfa110896f95d602d8c98d5f9d67e41d78c ]
When removing a cbs instance when offloading is enabled, the crash
below can be observed.
The problem happens because that when offloading is enabled, the cbs
instance is not added to the list.
Also, the current code doesn't handle correctly the case when offload
is disabled without removing the qdisc: if the link speed changes the
credit calculations will be wrong. When we create the cbs instance
with offloading enabled, it's not added to the notification list, when
later we disable offloading, it's not in the list, so link speed
changes will not affect it.
The solution for both issues is the same, add the cbs instance being
created unconditionally to the global list, even if the link state
notification isn't useful "right now".
Crash log:
[518758.189866] BUG: kernel NULL pointer dereference, address: 0000000000000000
[518758.189870] #PF: supervisor read access in kernel mode
[518758.189871] #PF: error_code(0x0000) - not-present page
[518758.189872] PGD 0 P4D 0
[518758.189874] Oops: 0000 [#1] SMP PTI
[518758.189876] CPU: 3 PID: 4825 Comm: tc Not tainted 5.2.9 #1
[518758.189877] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA/Z390 AORUS ULTRA-CF, BIOS F7 03/14/2019
[518758.189881] RIP: 0010:__list_del_entry_valid+0x29/0xa0
[518758.189883] Code: 90 48 b8 00 01 00 00 00 00 ad de 55 48 8b 17 4c 8b 47 08 48 89 e5 48 39 c2 74 27 48 b8 00 02 00 00 00 00 ad de 49 39 c0 74 2d <49> 8b 30 48 39 fe 75 3d 48 8b 52 08 48 39 f2 75 4c b8 01 00 00 00
[518758.189885] RSP: 0018:ffffa27e43903990 EFLAGS: 00010207
[518758.189887] RAX: dead000000000200 RBX: ffff8bce69f0f000 RCX: 0000000000000000
[518758.189888] RDX: 0000000000000000 RSI: ffff8bce69f0f064 RDI: ffff8bce69f0f1e0
[518758.189890] RBP: ffffa27e43903990 R08: 0000000000000000 R09: ffff8bce69e788c0
[518758.189891] R10: ffff8bce62acd400 R11: 00000000000003cb R12: ffff8bce69e78000
[518758.189892] R13: ffff8bce69f0f140 R14: 0000000000000000 R15: 0000000000000000
[518758.189894] FS: 00007fa1572c8f80(0000) GS:ffff8bce6e0c0000(0000) knlGS:0000000000000000
[518758.189895] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[518758.189896] CR2: 0000000000000000 CR3: 000000040a398006 CR4: 00000000003606e0
[518758.189898] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[518758.189899] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[518758.189900] Call Trace:
[518758.189904] cbs_destroy+0x32/0xa0 [sch_cbs]
[518758.189906] qdisc_destroy+0x45/0x120
[518758.189907] qdisc_put+0x25/0x30
[518758.189908] qdisc_graft+0x2c1/0x450
[518758.189910] tc_get_qdisc+0x1c8/0x310
[518758.189912] ? get_page_from_freelist+0x91a/0xcb0
[518758.189914] rtnetlink_rcv_msg+0x293/0x360
[518758.189916] ? kmem_cache_alloc_node_trace+0x178/0x260
[518758.189918] ? __kmalloc_node_track_caller+0x38/0x50
[518758.189920] ? rtnl_calcit.isra.0+0xf0/0xf0
[518758.189922] netlink_rcv_skb+0x48/0x110
[518758.189923] rtnetlink_rcv+0x10/0x20
[518758.189925] netlink_unicast+0x15b/0x1d0
[518758.189926] netlink_sendmsg+0x1ea/0x380
[518758.189929] sock_sendmsg+0x2f/0x40
[518758.189930] ___sys_sendmsg+0x295/0x2f0
[518758.189932] ? ___sys_recvmsg+0x151/0x1e0
[518758.189933] ? do_wp_page+0x7e/0x450
[518758.189935] __sys_sendmsg+0x48/0x80
[518758.189937] __x64_sys_sendmsg+0x1a/0x20
[518758.189939] do_syscall_64+0x53/0x1f0
[518758.189941] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[518758.189942] RIP: 0033:0x7fa15755169a
[518758.189944] Code: 48 c7 c0 ff ff ff ff eb be 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 18 b8 2e 00 00 00 c5 fc 77 0f 05 <48> 3d 00 f0 ff ff 77 5e c3 0f 1f 44 00 00 48 83 ec 28 89 54 24 1c
[518758.189946] RSP: 002b:00007ffda58b60b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[518758.189948] RAX: ffffffffffffffda RBX: 000055e4b836d9a0 RCX: 00007fa15755169a
[518758.189949] RDX: 0000000000000000 RSI: 00007ffda58b6128 RDI: 0000000000000003
[518758.189951] RBP: 00007ffda58b6190 R08: 0000000000000001 R09: 000055e4b9d848a0
[518758.189952] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005d654b49
[518758.189953] R13: 0000000000000000 R14: 00007ffda58b6230 R15: 00007ffda58b6210
[518758.189955] Modules linked in: sch_cbs sch_etf sch_mqprio netlink_diag unix_diag e1000e igb intel_pch_thermal thermal video backlight pcc_cpufreq
[518758.189960] CR2: 0000000000000000
[518758.189961] ---[ end trace 6a13f7aaf5376019 ]---
[518758.189963] RIP: 0010:__list_del_entry_valid+0x29/0xa0
[518758.189964] Code: 90 48 b8 00 01 00 00 00 00 ad de 55 48 8b 17 4c 8b 47 08 48 89 e5 48 39 c2 74 27 48 b8 00 02 00 00 00 00 ad de 49 39 c0 74 2d <49> 8b 30 48 39 fe 75 3d 48 8b 52 08 48 39 f2 75 4c b8 01 00 00 00
[518758.189967] RSP: 0018:ffffa27e43903990 EFLAGS: 00010207
[518758.189968] RAX: dead000000000200 RBX: ffff8bce69f0f000 RCX: 0000000000000000
[518758.189969] RDX: 0000000000000000 RSI: ffff8bce69f0f064 RDI: ffff8bce69f0f1e0
[518758.189971] RBP: ffffa27e43903990 R08: 0000000000000000 R09: ffff8bce69e788c0
[518758.189972] R10: ffff8bce62acd400 R11: 00000000000003cb R12: ffff8bce69e78000
[518758.189973] R13: ffff8bce69f0f140 R14: 0000000000000000 R15: 0000000000000000
[518758.189975] FS: 00007fa1572c8f80(0000) GS:ffff8bce6e0c0000(0000) knlGS:0000000000000000
[518758.189976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[518758.189977] CR2: 0000000000000000 CR3: 000000040a398006 CR4: 00000000003606e0
[518758.189979] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[518758.189980] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Fixes: e0a7683d30e9 ("net/sched: cbs: fix port_rate miscalculation")
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_cbs.c | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
--- a/net/sched/sch_cbs.c
+++ b/net/sched/sch_cbs.c
@@ -392,7 +392,6 @@ static int cbs_init(struct Qdisc *sch, s
{
struct cbs_sched_data *q = qdisc_priv(sch);
struct net_device *dev = qdisc_dev(sch);
- int err;
if (!opt) {
NL_SET_ERR_MSG(extack, "Missing CBS qdisc options which are mandatory");
@@ -404,6 +403,10 @@ static int cbs_init(struct Qdisc *sch, s
if (!q->qdisc)
return -ENOMEM;
+ spin_lock(&cbs_list_lock);
+ list_add(&q->cbs_list, &cbs_list);
+ spin_unlock(&cbs_list_lock);
+
qdisc_hash_add(q->qdisc, false);
q->queue = sch->dev_queue - netdev_get_tx_queue(dev, 0);
@@ -413,17 +416,7 @@ static int cbs_init(struct Qdisc *sch, s
qdisc_watchdog_init(&q->watchdog, sch);
- err = cbs_change(sch, opt, extack);
- if (err)
- return err;
-
- if (!q->offload) {
- spin_lock(&cbs_list_lock);
- list_add(&q->cbs_list, &cbs_list);
- spin_unlock(&cbs_list_lock);
- }
-
- return 0;
+ return cbs_change(sch, opt, extack);
}
static void cbs_destroy(struct Qdisc *sch)
@@ -431,15 +424,18 @@ static void cbs_destroy(struct Qdisc *sc
struct cbs_sched_data *q = qdisc_priv(sch);
struct net_device *dev = qdisc_dev(sch);
- spin_lock(&cbs_list_lock);
- list_del(&q->cbs_list);
- spin_unlock(&cbs_list_lock);
+ /* Nothing to do if we couldn't create the underlying qdisc */
+ if (!q->qdisc)
+ return;
qdisc_watchdog_cancel(&q->watchdog);
cbs_disable_offload(dev, q);
- if (q->qdisc)
- qdisc_put(q->qdisc);
+ spin_lock(&cbs_list_lock);
+ list_del(&q->cbs_list);
+ spin_unlock(&cbs_list_lock);
+
+ qdisc_put(q->qdisc);
}
static int cbs_dump(struct Qdisc *sch, struct sk_buff *skb)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 021/313] ipv4: Revert removal of rt_uses_gateway
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 020/313] net/sched: cbs: Fix not adding cbs instance to list Greg Kroah-Hartman
@ 2019-10-03 15:49 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 022/313] net_sched: add policy validation for action attributes Greg Kroah-Hartman
` (295 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:49 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julian Anastasov, David Ahern,
Jakub Kicinski
From: David Ahern <dsahern@gmail.com>
[ Upstream commit 77d5bc7e6a6cf8bbeca31aab7f0c5449a5eee762 ]
Julian noted that rt_uses_gateway has a more subtle use than 'is gateway
set':
https://lore.kernel.org/netdev/alpine.LFD.2.21.1909151104060.2546@ja.home.ssi.bg/
Revert that part of the commit referenced in the Fixes tag.
Currently, there are no u8 holes in 'struct rtable'. There is a 4-byte hole
in the second cacheline which contains the gateway declaration. So move
rt_gw_family down to the gateway declarations since they are always used
together, and then re-use that u8 for rt_uses_gateway. End result is that
rtable size is unchanged.
Fixes: 1550c171935d ("ipv4: Prepare rtable for IPv6 gateway")
Reported-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David Ahern <dsahern@gmail.com>
Reviewed-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/addr.c | 2 +-
include/net/route.h | 3 ++-
net/ipv4/inet_connection_sock.c | 4 ++--
net/ipv4/ip_forward.c | 2 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/route.c | 36 +++++++++++++++++++++---------------
net/ipv4/xfrm4_policy.c | 1 +
7 files changed, 29 insertions(+), 21 deletions(-)
--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -352,7 +352,7 @@ static bool has_gateway(const struct dst
if (family == AF_INET) {
rt = container_of(dst, struct rtable, dst);
- return rt->rt_gw_family == AF_INET;
+ return rt->rt_uses_gateway;
}
rt6 = container_of(dst, struct rt6_info, dst);
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -53,10 +53,11 @@ struct rtable {
unsigned int rt_flags;
__u16 rt_type;
__u8 rt_is_input;
- u8 rt_gw_family;
+ __u8 rt_uses_gateway;
int rt_iif;
+ u8 rt_gw_family;
/* Info on neighbour */
union {
__be32 rt_gw4;
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -560,7 +560,7 @@ struct dst_entry *inet_csk_route_req(con
rt = ip_route_output_flow(net, fl4, sk);
if (IS_ERR(rt))
goto no_route;
- if (opt && opt->opt.is_strictroute && rt->rt_gw_family)
+ if (opt && opt->opt.is_strictroute && rt->rt_uses_gateway)
goto route_err;
rcu_read_unlock();
return &rt->dst;
@@ -598,7 +598,7 @@ struct dst_entry *inet_csk_route_child_s
rt = ip_route_output_flow(net, fl4, sk);
if (IS_ERR(rt))
goto no_route;
- if (opt && opt->opt.is_strictroute && rt->rt_gw_family)
+ if (opt && opt->opt.is_strictroute && rt->rt_uses_gateway)
goto route_err;
return &rt->dst;
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -123,7 +123,7 @@ int ip_forward(struct sk_buff *skb)
rt = skb_rtable(skb);
- if (opt->is_strictroute && rt->rt_gw_family)
+ if (opt->is_strictroute && rt->rt_uses_gateway)
goto sr_failed;
IPCB(skb)->flags |= IPSKB_FORWARDED;
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -482,7 +482,7 @@ int __ip_queue_xmit(struct sock *sk, str
skb_dst_set_noref(skb, &rt->dst);
packet_routed:
- if (inet_opt && inet_opt->opt.is_strictroute && rt->rt_gw_family)
+ if (inet_opt && inet_opt->opt.is_strictroute && rt->rt_uses_gateway)
goto no_route;
/* OK, we know where to send it, allocate and build IP header. */
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -634,6 +634,7 @@ static void fill_route_from_fnhe(struct
if (fnhe->fnhe_gw) {
rt->rt_flags |= RTCF_REDIRECTED;
+ rt->rt_uses_gateway = 1;
rt->rt_gw_family = AF_INET;
rt->rt_gw4 = fnhe->fnhe_gw;
}
@@ -1312,7 +1313,7 @@ static unsigned int ipv4_mtu(const struc
mtu = READ_ONCE(dst->dev->mtu);
if (unlikely(ip_mtu_locked(dst))) {
- if (rt->rt_gw_family && mtu > 576)
+ if (rt->rt_uses_gateway && mtu > 576)
mtu = 576;
}
@@ -1569,6 +1570,7 @@ static void rt_set_nexthop(struct rtable
struct fib_nh_common *nhc = FIB_RES_NHC(*res);
if (nhc->nhc_gw_family && nhc->nhc_scope == RT_SCOPE_LINK) {
+ rt->rt_uses_gateway = 1;
rt->rt_gw_family = nhc->nhc_gw_family;
/* only INET and INET6 are supported */
if (likely(nhc->nhc_gw_family == AF_INET))
@@ -1634,6 +1636,7 @@ struct rtable *rt_dst_alloc(struct net_d
rt->rt_iif = 0;
rt->rt_pmtu = 0;
rt->rt_mtu_locked = 0;
+ rt->rt_uses_gateway = 0;
rt->rt_gw_family = 0;
rt->rt_gw4 = 0;
INIT_LIST_HEAD(&rt->rt_uncached);
@@ -2664,6 +2667,7 @@ struct dst_entry *ipv4_blackhole_route(s
rt->rt_genid = rt_genid_ipv4(net);
rt->rt_flags = ort->rt_flags;
rt->rt_type = ort->rt_type;
+ rt->rt_uses_gateway = ort->rt_uses_gateway;
rt->rt_gw_family = ort->rt_gw_family;
if (rt->rt_gw_family == AF_INET)
rt->rt_gw4 = ort->rt_gw4;
@@ -2747,21 +2751,23 @@ static int rt_fill_info(struct net *net,
if (nla_put_in_addr(skb, RTA_PREFSRC, fl4->saddr))
goto nla_put_failure;
}
- if (rt->rt_gw_family == AF_INET &&
- nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gw4)) {
- goto nla_put_failure;
- } else if (rt->rt_gw_family == AF_INET6) {
- int alen = sizeof(struct in6_addr);
- struct nlattr *nla;
- struct rtvia *via;
-
- nla = nla_reserve(skb, RTA_VIA, alen + 2);
- if (!nla)
+ if (rt->rt_uses_gateway) {
+ if (rt->rt_gw_family == AF_INET &&
+ nla_put_in_addr(skb, RTA_GATEWAY, rt->rt_gw4)) {
goto nla_put_failure;
-
- via = nla_data(nla);
- via->rtvia_family = AF_INET6;
- memcpy(via->rtvia_addr, &rt->rt_gw6, alen);
+ } else if (rt->rt_gw_family == AF_INET6) {
+ int alen = sizeof(struct in6_addr);
+ struct nlattr *nla;
+ struct rtvia *via;
+
+ nla = nla_reserve(skb, RTA_VIA, alen + 2);
+ if (!nla)
+ goto nla_put_failure;
+
+ via = nla_data(nla);
+ via->rtvia_family = AF_INET6;
+ memcpy(via->rtvia_addr, &rt->rt_gw6, alen);
+ }
}
expires = rt->dst.expires;
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -85,6 +85,7 @@ static int xfrm4_fill_dst(struct xfrm_ds
xdst->u.rt.rt_flags = rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST |
RTCF_LOCAL);
xdst->u.rt.rt_type = rt->rt_type;
+ xdst->u.rt.rt_uses_gateway = rt->rt_uses_gateway;
xdst->u.rt.rt_gw_family = rt->rt_gw_family;
if (rt->rt_gw_family == AF_INET)
xdst->u.rt.rt_gw4 = rt->rt_gw4;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 022/313] net_sched: add policy validation for action attributes
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2019-10-03 15:49 ` [PATCH 5.2 021/313] ipv4: Revert removal of rt_uses_gateway Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 023/313] vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled Greg Kroah-Hartman
` (294 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Ahern, Jamal Hadi Salim,
Cong Wang, Jiri Pirko, Jakub Kicinski
From: Cong Wang <xiyou.wangcong@gmail.com>
[ Upstream commit 199ce850ce112315cfc68d42b694bcaa27b097b7 ]
Similar to commit 8b4c3cdd9dd8
("net: sched: Add policy validation for tc attributes"), we need
to add proper policy validation for TC action attributes too.
Cc: David Ahern <dsahern@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/act_api.c | 34 ++++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -828,6 +828,15 @@ static struct tc_cookie *nla_memdup_cook
return c;
}
+static const struct nla_policy tcf_action_policy[TCA_ACT_MAX + 1] = {
+ [TCA_ACT_KIND] = { .type = NLA_NUL_STRING,
+ .len = IFNAMSIZ - 1 },
+ [TCA_ACT_INDEX] = { .type = NLA_U32 },
+ [TCA_ACT_COOKIE] = { .type = NLA_BINARY,
+ .len = TC_COOKIE_MAX_SIZE },
+ [TCA_ACT_OPTIONS] = { .type = NLA_NESTED },
+};
+
struct tc_action *tcf_action_init_1(struct net *net, struct tcf_proto *tp,
struct nlattr *nla, struct nlattr *est,
char *name, int ovr, int bind,
@@ -843,8 +852,8 @@ struct tc_action *tcf_action_init_1(stru
int err;
if (name == NULL) {
- err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla, NULL,
- extack);
+ err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,
+ tcf_action_policy, extack);
if (err < 0)
goto err_out;
err = -EINVAL;
@@ -853,18 +862,9 @@ struct tc_action *tcf_action_init_1(stru
NL_SET_ERR_MSG(extack, "TC action kind must be specified");
goto err_out;
}
- if (nla_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ) {
- NL_SET_ERR_MSG(extack, "TC action name too long");
- goto err_out;
- }
- if (tb[TCA_ACT_COOKIE]) {
- int cklen = nla_len(tb[TCA_ACT_COOKIE]);
-
- if (cklen > TC_COOKIE_MAX_SIZE) {
- NL_SET_ERR_MSG(extack, "TC cookie size above the maximum");
- goto err_out;
- }
+ nla_strlcpy(act_name, kind, IFNAMSIZ);
+ if (tb[TCA_ACT_COOKIE]) {
cookie = nla_memdup_cookie(tb);
if (!cookie) {
NL_SET_ERR_MSG(extack, "No memory to generate TC cookie");
@@ -1095,7 +1095,8 @@ static struct tc_action *tcf_action_get_
int index;
int err;
- err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla, NULL, extack);
+ err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,
+ tcf_action_policy, extack);
if (err < 0)
goto err_out;
@@ -1149,7 +1150,8 @@ static int tca_action_flush(struct net *
b = skb_tail_pointer(skb);
- err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla, NULL, extack);
+ err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,
+ tcf_action_policy, extack);
if (err < 0)
goto err_out;
@@ -1437,7 +1439,7 @@ static struct nlattr *find_dump_kind(str
if (tb[1] == NULL)
return NULL;
- if (nla_parse_nested_deprecated(tb2, TCA_ACT_MAX, tb[1], NULL, NULL) < 0)
+ if (nla_parse_nested_deprecated(tb2, TCA_ACT_MAX, tb[1], tcf_action_policy, NULL) < 0)
return NULL;
kind = tb2[TCA_ACT_KIND];
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 023/313] vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 022/313] net_sched: add policy validation for action attributes Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 024/313] net/mlx5e: Fix traffic duplication in ethtool steering Greg Kroah-Hartman
` (293 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Ahern, Patrick Ruddy, David S. Miller
From: David Ahern <dsahern@gmail.com>
[ Upstream commit dac91170f8e9c73784af5fad6225e954b795601c ]
A user reported that vrf create fails when IPv6 is disabled at boot using
'ipv6.disable=1':
https://bugzilla.kernel.org/show_bug.cgi?id=204903
The failure is adding fib rules at create time. Add RTNL_FAMILY_IP6MR to
the check in vrf_fib_rule if ipv6_mod_enabled is disabled.
Fixes: e4a38c0c4b27 ("ipv6: add vrf table handling code for ipv6 mcast")
Signed-off-by: David Ahern <dsahern@gmail.com>
Cc: Patrick Ruddy <pruddy@vyatta.att-mail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/vrf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/vrf.c
+++ b/drivers/net/vrf.c
@@ -1153,7 +1153,8 @@ static int vrf_fib_rule(const struct net
struct sk_buff *skb;
int err;
- if (family == AF_INET6 && !ipv6_mod_enabled())
+ if ((family == AF_INET6 || family == RTNL_FAMILY_IP6MR) &&
+ !ipv6_mod_enabled())
return 0;
skb = nlmsg_new(vrf_fib_rule_nl_size(), GFP_KERNEL);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 024/313] net/mlx5e: Fix traffic duplication in ethtool steering
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 023/313] vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 025/313] net: sched: fix possible crash in tcf_action_destroy() Greg Kroah-Hartman
` (292 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Saeed Mahameed, Maor Gottlieb
From: Saeed Mahameed <saeedm@mellanox.com>
[ Upstream commit d22fcc806b84b9818de08b32e494f3c05dd236c7 ]
Before this patch, when adding multiple ethtool steering rules with
identical classification, the driver used to append the new destination
to the already existing hw rule, which caused the hw to forward the
traffic to all destinations (rx queues).
Here we avoid this by setting the "no append" mlx5 fs core flag when
adding a new ethtool rule.
Fixes: 6dc6071cfcde ("net/mlx5e: Add ethtool flow steering support")
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Reviewed-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c
@@ -397,10 +397,10 @@ add_ethtool_flow_rule(struct mlx5e_priv
struct mlx5_flow_table *ft,
struct ethtool_rx_flow_spec *fs)
{
+ struct mlx5_flow_act flow_act = { .flags = FLOW_ACT_NO_APPEND };
struct mlx5_flow_destination *dst = NULL;
- struct mlx5_flow_act flow_act = {0};
- struct mlx5_flow_spec *spec;
struct mlx5_flow_handle *rule;
+ struct mlx5_flow_spec *spec;
int err = 0;
spec = kvzalloc(sizeof(*spec), GFP_KERNEL);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 025/313] net: sched: fix possible crash in tcf_action_destroy()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 024/313] net/mlx5e: Fix traffic duplication in ethtool steering Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 026/313] tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state Greg Kroah-Hartman
` (291 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, Vlad Buslov,
Jiri Pirko, David S. Miller
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 3d66b89c30f9220a72e92847768fc8ba4d027d88 ]
If the allocation done in tcf_exts_init() failed,
we end up with a NULL pointer in exts->actions.
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8198 Comm: syz-executor.3 Not tainted 5.3.0-rc8+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tcf_action_destroy+0x71/0x160 net/sched/act_api.c:705
Code: c3 08 44 89 ee e8 4f cb bb fb 41 83 fd 20 0f 84 c9 00 00 00 e8 c0 c9 bb fb 48 89 d8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 <80> 3c 08 00 0f 85 c0 00 00 00 4c 8b 33 4d 85 f6 0f 84 9d 00 00 00
RSP: 0018:ffff888096e16ff0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000040000 RSI: ffffffff85b6ab30 RDI: 0000000000000000
RBP: ffff888096e17020 R08: ffff8880993f6140 R09: fffffbfff11cae67
R10: fffffbfff11cae66 R11: ffffffff88e57333 R12: 0000000000000000
R13: 0000000000000000 R14: ffff888096e177a0 R15: 0000000000000001
FS: 00007f62bc84a700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000758040 CR3: 0000000088b64000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
tcf_exts_destroy+0x38/0xb0 net/sched/cls_api.c:3030
tcindex_set_parms+0xf7f/0x1e50 net/sched/cls_tcindex.c:488
tcindex_change+0x230/0x318 net/sched/cls_tcindex.c:519
tc_new_tfilter+0xa4b/0x1c70 net/sched/cls_api.c:2152
rtnetlink_rcv_msg+0x838/0xb00 net/core/rtnetlink.c:5214
netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:657
___sys_sendmsg+0x3e2/0x920 net/socket.c:2311
__sys_sendmmsg+0x1bf/0x4d0 net/socket.c:2413
__do_sys_sendmmsg net/socket.c:2442 [inline]
Fixes: 90b73b77d08e ("net: sched: change action API to use array of pointers to actions")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Vlad Buslov <vladbu@mellanox.com>
Cc: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_api.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -3031,8 +3031,10 @@ out:
void tcf_exts_destroy(struct tcf_exts *exts)
{
#ifdef CONFIG_NET_CLS_ACT
- tcf_action_destroy(exts->actions, TCA_ACT_UNBIND);
- kfree(exts->actions);
+ if (exts->actions) {
+ tcf_action_destroy(exts->actions, TCA_ACT_UNBIND);
+ kfree(exts->actions);
+ }
exts->nr_actions = 0;
#endif
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 026/313] tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (24 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 025/313] net: sched: fix possible crash in tcf_action_destroy() Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 027/313] net/mlx5: Add device ID of upcoming BlueField-2 Greg Kroah-Hartman
` (290 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Yuchung Cheng,
Marek Majkowski, Jon Maxwell, David S. Miller
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a66b10c05ee2d744189e9a2130394b070883d289 ]
Yuchung Cheng and Marek Majkowski independently reported a weird
behavior of TCP_USER_TIMEOUT option when used at connect() time.
When the TCP_USER_TIMEOUT is reached, tcp_write_timeout()
believes the flow should live, and the following condition
in tcp_clamp_rto_to_user_timeout() programs one jiffie timers :
remaining = icsk->icsk_user_timeout - elapsed;
if (remaining <= 0)
return 1; /* user timeout has passed; fire ASAP */
This silly situation ends when the max syn rtx count is reached.
This patch makes sure we honor both TCP_SYNCNT and TCP_USER_TIMEOUT,
avoiding these spurious SYN packets.
Fixes: b701a99e431d ("tcp: Add tcp_clamp_rto_to_user_timeout() helper to improve accuracy")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Yuchung Cheng <ycheng@google.com>
Reported-by: Marek Majkowski <marek@cloudflare.com>
Cc: Jon Maxwell <jmaxwell37@gmail.com>
Link: https://marc.info/?l=linux-netdev&m=156940118307949&w=2
Acked-by: Jon Maxwell <jmaxwell37@gmail.com>
Tested-by: Marek Majkowski <marek@cloudflare.com>
Signed-off-by: Marek Majkowski <marek@cloudflare.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_timer.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -210,7 +210,7 @@ static int tcp_write_timeout(struct sock
struct inet_connection_sock *icsk = inet_csk(sk);
struct tcp_sock *tp = tcp_sk(sk);
struct net *net = sock_net(sk);
- bool expired, do_reset;
+ bool expired = false, do_reset;
int retry_until;
if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
@@ -242,9 +242,10 @@ static int tcp_write_timeout(struct sock
if (tcp_out_of_resources(sk, do_reset))
return 1;
}
+ }
+ if (!expired)
expired = retransmits_timed_out(sk, retry_until,
icsk->icsk_user_timeout);
- }
tcp_fastopen_active_detect_blackhole(sk, expired);
if (BPF_SOCK_OPS_TEST_FLAG(tp, BPF_SOCK_OPS_RTO_CB_FLAG))
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 027/313] net/mlx5: Add device ID of upcoming BlueField-2
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (25 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 026/313] tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 028/313] mISDN: enforce CAP_NET_RAW for raw sockets Greg Kroah-Hartman
` (289 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bodong Wang, Saeed Mahameed
From: Bodong Wang <bodong@mellanox.com>
[ Upstream commit d19a79ee38c8fda6d297e4227e80db8bf51c71a6 ]
Add the device ID of upcoming BlueField-2 integrated ConnectX-6 Dx
network controller. Its VFs will be using the generic VF device ID:
0x101e "ConnectX Family mlx5Gen Virtual Function".
Fixes: 2e9d3e83ab82 ("net/mlx5: Update the list of the PCI supported devices")
Signed-off-by: Bodong Wang <bodong@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -1525,6 +1525,7 @@ static const struct pci_device_id mlx5_c
{ PCI_VDEVICE(MELLANOX, 0x101e), MLX5_PCI_DEV_IS_VF}, /* ConnectX Family mlx5Gen Virtual Function */
{ PCI_VDEVICE(MELLANOX, 0xa2d2) }, /* BlueField integrated ConnectX-5 network controller */
{ PCI_VDEVICE(MELLANOX, 0xa2d3), MLX5_PCI_DEV_IS_VF}, /* BlueField integrated ConnectX-5 network controller VF */
+ { PCI_VDEVICE(MELLANOX, 0xa2d6) }, /* BlueField-2 integrated ConnectX-6 Dx network controller */
{ 0, }
};
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 028/313] mISDN: enforce CAP_NET_RAW for raw sockets
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (26 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 027/313] net/mlx5: Add device ID of upcoming BlueField-2 Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 029/313] appletalk: " Greg Kroah-Hartman
` (288 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ori Nimron, David S. Miller
From: Ori Nimron <orinimron123@gmail.com>
[ Upstream commit b91ee4aa2a2199ba4d4650706c272985a5a32d80 ]
When creating a raw AF_ISDN socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/isdn/mISDN/socket.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/isdn/mISDN/socket.c
+++ b/drivers/isdn/mISDN/socket.c
@@ -754,6 +754,8 @@ base_sock_create(struct net *net, struct
if (sock->type != SOCK_RAW)
return -ESOCKTNOSUPPORT;
+ if (!capable(CAP_NET_RAW))
+ return -EPERM;
sk = sk_alloc(net, PF_ISDN, GFP_KERNEL, &mISDN_proto, kern);
if (!sk)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 029/313] appletalk: enforce CAP_NET_RAW for raw sockets
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (27 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 028/313] mISDN: enforce CAP_NET_RAW for raw sockets Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 030/313] ax25: " Greg Kroah-Hartman
` (287 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ori Nimron, David S. Miller
From: Ori Nimron <orinimron123@gmail.com>
[ Upstream commit 6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac ]
When creating a raw AF_APPLETALK socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/appletalk/ddp.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1023,6 +1023,11 @@ static int atalk_create(struct net *net,
*/
if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
goto out;
+
+ rc = -EPERM;
+ if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
+ goto out;
+
rc = -ENOMEM;
sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, kern);
if (!sk)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 030/313] ax25: enforce CAP_NET_RAW for raw sockets
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (28 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 029/313] appletalk: " Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 031/313] ieee802154: " Greg Kroah-Hartman
` (286 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ori Nimron, David S. Miller
From: Ori Nimron <orinimron123@gmail.com>
[ Upstream commit 0614e2b73768b502fc32a75349823356d98aae2c ]
When creating a raw AF_AX25 socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ax25/af_ax25.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -855,6 +855,8 @@ static int ax25_create(struct net *net,
break;
case SOCK_RAW:
+ if (!capable(CAP_NET_RAW))
+ return -EPERM;
break;
default:
return -ESOCKTNOSUPPORT;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 031/313] ieee802154: enforce CAP_NET_RAW for raw sockets
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (29 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 030/313] ax25: " Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 032/313] nfc: " Greg Kroah-Hartman
` (285 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ori Nimron, Stefan Schmidt, David S. Miller
From: Ori Nimron <orinimron123@gmail.com>
[ Upstream commit e69dbd4619e7674c1679cba49afd9dd9ac347eef ]
When creating a raw AF_IEEE802154 socket, CAP_NET_RAW needs to be
checked first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ieee802154/socket.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -1008,6 +1008,9 @@ static int ieee802154_create(struct net
switch (sock->type) {
case SOCK_RAW:
+ rc = -EPERM;
+ if (!capable(CAP_NET_RAW))
+ goto out;
proto = &ieee802154_raw_prot;
ops = &ieee802154_raw_ops;
break;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 032/313] nfc: enforce CAP_NET_RAW for raw sockets
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (30 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 031/313] ieee802154: " Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 033/313] ALSA: hda: Flush interrupts on disabling Greg Kroah-Hartman
` (284 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ori Nimron, David S. Miller
From: Ori Nimron <orinimron123@gmail.com>
[ Upstream commit 3a359798b176183ef09efb7a3dc59abad1cc7104 ]
When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked
first.
Signed-off-by: Ori Nimron <orinimron123@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/llcp_sock.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -1004,10 +1004,13 @@ static int llcp_sock_create(struct net *
sock->type != SOCK_RAW)
return -ESOCKTNOSUPPORT;
- if (sock->type == SOCK_RAW)
+ if (sock->type == SOCK_RAW) {
+ if (!capable(CAP_NET_RAW))
+ return -EPERM;
sock->ops = &llcp_rawsock_ops;
- else
+ } else {
sock->ops = &llcp_sock_ops;
+ }
sk = nfc_llcp_sock_alloc(sock, sock->type, GFP_ATOMIC, kern);
if (sk == NULL)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 033/313] ALSA: hda: Flush interrupts on disabling
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (31 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 032/313] nfc: " Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 034/313] ASoC: SOF: Intel: hda: Make hdac_device device-managed Greg Kroah-Hartman
` (283 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Wilson, Takashi Iwai, Sasha Levin
From: Chris Wilson <chris@chris-wilson.co.uk>
[ Upstream commit caa8422d01e983782548648e125fd617cadcec3f ]
I was looking at
<4> [241.835158] general protection fault: 0000 [#1] PREEMPT SMP PTI
<4> [241.835181] CPU: 1 PID: 214 Comm: kworker/1:3 Tainted: G U 5.2.0-CI-CI_DRM_6509+ #1
<4> [241.835199] Hardware name: Dell Inc. OptiPlex 745 /0GW726, BIOS 2.3.1 05/21/2007
<4> [241.835234] Workqueue: events snd_hdac_bus_process_unsol_events [snd_hda_core]
<4> [241.835256] RIP: 0010:input_handle_event+0x16d/0x5e0
<4> [241.835270] Code: 48 8b 93 58 01 00 00 8b 52 08 89 50 04 8b 83 f8 06 00 00 48 8b 93 00 07 00 00 8d 70 01 48 8d 04 c2 83 e1 08 89 b3 f8 06 00 00 <66> 89 28 66 44 89 60 02 44 89 68 04 8b 93 f8 06 00 00 0f 84 fd fe
<4> [241.835304] RSP: 0018:ffffc9000019fda0 EFLAGS: 00010046
<4> [241.835317] RAX: 6b6b6b6ec6c6c6c3 RBX: ffff8880290fefc8 RCX: 0000000000000000
<4> [241.835332] RDX: 000000006b6b6b6b RSI: 000000006b6b6b6c RDI: 0000000000000046
<4> [241.835347] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000001
<4> [241.835362] R10: ffffc9000019faa0 R11: 0000000000000000 R12: 0000000000000004
<4> [241.835377] R13: 0000000000000000 R14: ffff8880290ff1d0 R15: 0000000000000293
<4> [241.835392] FS: 0000000000000000(0000) GS:ffff88803de80000(0000) knlGS:0000000000000000
<4> [241.835409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4> [241.835422] CR2: 00007ffe9a99e9b7 CR3: 000000002f588000 CR4: 00000000000006e0
<4> [241.835436] Call Trace:
<4> [241.835449] input_event+0x45/0x70
<4> [241.835464] snd_jack_report+0xdc/0x100
<4> [241.835490] snd_hda_jack_report_sync+0x83/0xc0 [snd_hda_codec]
<4> [241.835512] snd_hdac_bus_process_unsol_events+0x5a/0x70 [snd_hda_core]
<4> [241.835530] process_one_work+0x245/0x610
which has the hallmarks of a worker queued from interrupt after it was
supposedly cancelled (note the POISON_FREE), and I could not see where
the interrupt would be flushed on shutdown so added the likely suspects.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111174
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/hda/hdac_controller.c | 2 ++
sound/pci/hda/hda_intel.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/hda/hdac_controller.c b/sound/hda/hdac_controller.c
index 812dc144fb5b2..2258804c58575 100644
--- a/sound/hda/hdac_controller.c
+++ b/sound/hda/hdac_controller.c
@@ -445,6 +445,8 @@ static void azx_int_disable(struct hdac_bus *bus)
list_for_each_entry(azx_dev, &bus->stream_list, list)
snd_hdac_stream_updateb(azx_dev, SD_CTL, SD_INT_MASK, 0);
+ synchronize_irq(bus->irq);
+
/* disable SIE for all streams */
snd_hdac_chip_writeb(bus, INTCTL, 0);
diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index e7da1a59884a6..03dd532967bd4 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1349,9 +1349,9 @@ static int azx_free(struct azx *chip)
}
if (bus->chip_init) {
+ azx_stop_chip(chip);
azx_clear_irq_pending(chip);
azx_stop_all_streams(chip);
- azx_stop_chip(chip);
}
if (bus->irq >= 0)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 034/313] ASoC: SOF: Intel: hda: Make hdac_device device-managed
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (32 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 033/313] ALSA: hda: Flush interrupts on disabling Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 035/313] cpufreq: ap806: Add NULL check after kcalloc Greg Kroah-Hartman
` (282 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Libin Yang, Ranjani Sridharan,
Takashi Iwai, Mark Brown, Sasha Levin
From: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
[ Upstream commit ef9bec27485fefb6b93168fea73fda0dc9638046 ]
snd_hdac_ext_bus_device_exit() has been recently modified
to no longer free the hdac device. SOF allocates memory for
hdac_device and hda_hda_priv with kzalloc. Make them
device-managed instead so that they will be freed when the
SOF driver is unloaded.
Because of the above change, hda_codec is device-managed and
it will be freed when the ASoC device is removed. Freeing
the codec in snd_hda_codec_dev_release() leads to kernel
panic while unloading and reloading the ASoC driver. So,
avoid freeing the hda_codec for ASoC driver. This is done in
the same patch to avoid bisect failure.
Signed-off-by: Libin Yang <libin.yang@intel.com>
Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20190626070450.7229-1-ranjani.sridharan@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_codec.c | 8 +++++++-
sound/soc/sof/intel/hda-codec.c | 6 ++----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 106328584998f..c2a6554c98776 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -846,7 +846,13 @@ static void snd_hda_codec_dev_release(struct device *dev)
snd_hda_sysfs_clear(codec);
kfree(codec->modelname);
kfree(codec->wcaps);
- kfree(codec);
+
+ /*
+ * In the case of ASoC HD-audio, hda_codec is device managed.
+ * It will be freed when the ASoC device is removed.
+ */
+ if (codec->core.type == HDA_DEV_LEGACY)
+ kfree(codec);
}
#define DEV_NAME_LEN 31
diff --git a/sound/soc/sof/intel/hda-codec.c b/sound/soc/sof/intel/hda-codec.c
index b8b37f0823094..0d8437b080bfa 100644
--- a/sound/soc/sof/intel/hda-codec.c
+++ b/sound/soc/sof/intel/hda-codec.c
@@ -62,8 +62,7 @@ static int hda_codec_probe(struct snd_sof_dev *sdev, int address)
address, resp);
#if IS_ENABLED(CONFIG_SND_SOC_SOF_HDA_AUDIO_CODEC)
- /* snd_hdac_ext_bus_device_exit will use kfree to free hdev */
- hda_priv = kzalloc(sizeof(*hda_priv), GFP_KERNEL);
+ hda_priv = devm_kzalloc(sdev->dev, sizeof(*hda_priv), GFP_KERNEL);
if (!hda_priv)
return -ENOMEM;
@@ -82,8 +81,7 @@ static int hda_codec_probe(struct snd_sof_dev *sdev, int address)
return 0;
#else
- /* snd_hdac_ext_bus_device_exit will use kfree to free hdev */
- hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
+ hdev = devm_kzalloc(sdev->dev, sizeof(*hdev), GFP_KERNEL);
if (!hdev)
return -ENOMEM;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 035/313] cpufreq: ap806: Add NULL check after kcalloc
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (33 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 034/313] ASoC: SOF: Intel: hda: Make hdac_device device-managed Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 036/313] regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg Greg Kroah-Hartman
` (281 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hariprasad Kelam, Viresh Kumar, Sasha Levin
From: Hariprasad Kelam <hariprasad.kelam@gmail.com>
[ Upstream commit 3355c91b79394593ebbb197c8e930a91826f4ff3 ]
Add NULL check after kcalloc.
Fix below issue reported by coccicheck
./drivers/cpufreq/armada-8k-cpufreq.c:138:1-12: alloc with no test,
possible model on line 151
Signed-off-by: Hariprasad Kelam <hariprasad.kelam@gmail.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/armada-8k-cpufreq.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/cpufreq/armada-8k-cpufreq.c b/drivers/cpufreq/armada-8k-cpufreq.c
index 988ebc326bdbb..39e34f5066d3d 100644
--- a/drivers/cpufreq/armada-8k-cpufreq.c
+++ b/drivers/cpufreq/armada-8k-cpufreq.c
@@ -136,6 +136,8 @@ static int __init armada_8k_cpufreq_init(void)
nb_cpus = num_possible_cpus();
freq_tables = kcalloc(nb_cpus, sizeof(*freq_tables), GFP_KERNEL);
+ if (!freq_tables)
+ return -ENOMEM;
cpumask_copy(&cpus, cpu_possible_mask);
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 036/313] regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (34 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 035/313] cpufreq: ap806: Add NULL check after kcalloc Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 037/313] spi: dw-mmio: Clock should be shut when error occurs Greg Kroah-Hartman
` (280 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Axel Lin, Mark Brown, Sasha Levin
From: Axel Lin <axel.lin@ingics.com>
[ Upstream commit 1e2cc8c5e0745b545d4974788dc606d678b6e564 ]
According to the datasheet https://www.ti.com/lit/ds/symlink/lm3632a.pdf
Table 20. VPOS Bias Register Field Descriptions VPOS[5:0]
Sets the Positive Display Bias (LDO) Voltage (50 mV per step)
000000: 4 V
000001: 4.05 V
000010: 4.1 V
....................
011101: 5.45 V
011110: 5.5 V (Default)
011111: 5.55 V
....................
100111: 5.95 V
101000: 6 V
Note: Codes 101001 to 111111 map to 6 V
The LM3632_LDO_VSEL_MAX should be 0b101000 (0x28), so the maximum voltage
can match the datasheet.
Fixes: 3a8d1a73a037 ("regulator: add LM363X driver")
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Link: https://lore.kernel.org/r/20190626132632.32629-1-axel.lin@ingics.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/lm363x-regulator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/lm363x-regulator.c b/drivers/regulator/lm363x-regulator.c
index 60f15a7227607..7e2ea8c76f6ea 100644
--- a/drivers/regulator/lm363x-regulator.c
+++ b/drivers/regulator/lm363x-regulator.c
@@ -30,7 +30,7 @@
/* LM3632 */
#define LM3632_BOOST_VSEL_MAX 0x26
-#define LM3632_LDO_VSEL_MAX 0x29
+#define LM3632_LDO_VSEL_MAX 0x28
#define LM3632_VBOOST_MIN 4500000
#define LM3632_VLDO_MIN 4000000
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 037/313] spi: dw-mmio: Clock should be shut when error occurs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (35 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 036/313] regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 038/313] ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER Greg Kroah-Hartman
` (279 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Edworthy, Gareth Williams,
Andy Shevchenko, Mark Brown, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 3da9834d9381dd99273f2ad4e6d096c9187dc4f2 ]
When optional clock requesting fails, the main clock is still up and running,
we should shut it down in such caee.
Fixes: 560ee7e91009 ("spi: dw: Add support for an optional interface clock")
Cc: Phil Edworthy <phil.edworthy@renesas.com>
Cc: Gareth Williams <gareth.williams.jx@renesas.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Gareth Williams <gareth.williams.jx@renesas.com>
Link: https://lore.kernel.org/r/20190710114243.30101-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-mmio.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-dw-mmio.c b/drivers/spi/spi-dw-mmio.c
index 18c06568805e7..86789dbaf5771 100644
--- a/drivers/spi/spi-dw-mmio.c
+++ b/drivers/spi/spi-dw-mmio.c
@@ -172,8 +172,10 @@ static int dw_spi_mmio_probe(struct platform_device *pdev)
/* Optional clock needed to access the registers */
dwsmmio->pclk = devm_clk_get_optional(&pdev->dev, "pclk");
- if (IS_ERR(dwsmmio->pclk))
- return PTR_ERR(dwsmmio->pclk);
+ if (IS_ERR(dwsmmio->pclk)) {
+ ret = PTR_ERR(dwsmmio->pclk);
+ goto out_clk;
+ }
ret = clk_prepare_enable(dwsmmio->pclk);
if (ret)
goto out_clk;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 038/313] ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (36 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 037/313] spi: dw-mmio: Clock should be shut when error occurs Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 039/313] ASoC: sgtl5000: Fix of unmute outputs on probe Greg Kroah-Hartman
` (278 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Andrew F. Davis,
Mark Brown, Sasha Levin
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit b7e814deae33eb30f8f8c6528e8e69b107978d88 ]
Both the supplies and reset GPIO might need a probe deferral for the
resource to be available. Don't print a error message in that case, as
it is a normal operating condition.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Acked-by: Andrew F. Davis <afd@ti.com>
Link: https://lore.kernel.org/r/20190719143637.2018-1-l.stach@pengutronix.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tlv320aic31xx.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/tlv320aic31xx.c b/sound/soc/codecs/tlv320aic31xx.c
index 9b37e98da0db1..26a4f6cd32883 100644
--- a/sound/soc/codecs/tlv320aic31xx.c
+++ b/sound/soc/codecs/tlv320aic31xx.c
@@ -1553,7 +1553,8 @@ static int aic31xx_i2c_probe(struct i2c_client *i2c,
aic31xx->gpio_reset = devm_gpiod_get_optional(aic31xx->dev, "reset",
GPIOD_OUT_LOW);
if (IS_ERR(aic31xx->gpio_reset)) {
- dev_err(aic31xx->dev, "not able to acquire gpio\n");
+ if (PTR_ERR(aic31xx->gpio_reset) != -EPROBE_DEFER)
+ dev_err(aic31xx->dev, "not able to acquire gpio\n");
return PTR_ERR(aic31xx->gpio_reset);
}
@@ -1564,7 +1565,9 @@ static int aic31xx_i2c_probe(struct i2c_client *i2c,
ARRAY_SIZE(aic31xx->supplies),
aic31xx->supplies);
if (ret) {
- dev_err(aic31xx->dev, "Failed to request supplies: %d\n", ret);
+ if (ret != -EPROBE_DEFER)
+ dev_err(aic31xx->dev,
+ "Failed to request supplies: %d\n", ret);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 039/313] ASoC: sgtl5000: Fix of unmute outputs on probe
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (37 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 038/313] ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 040/313] ASoC: sgtl5000: Fix charge pump source assignment Greg Kroah-Hartman
` (277 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleksandr Suvorov, Marcel Ziswiler,
Igor Opaniuk, Fabio Estevam, Mark Brown, Sasha Levin
From: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
[ Upstream commit 631bc8f0134ae9620d86a96b8c5f9445d91a2dca ]
To enable "zero cross detect" for ADC/HP, change
HP_ZCD_EN/ADC_ZCD_EN bits only instead of writing the whole
CHIP_ANA_CTRL register.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Reviewed-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20190719100524.23300-6-oleksandr.suvorov@toradex.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/sgtl5000.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
index a6a4748c97f9d..aad9eca41587e 100644
--- a/sound/soc/codecs/sgtl5000.c
+++ b/sound/soc/codecs/sgtl5000.c
@@ -1288,6 +1288,7 @@ static int sgtl5000_probe(struct snd_soc_component *component)
int ret;
u16 reg;
struct sgtl5000_priv *sgtl5000 = snd_soc_component_get_drvdata(component);
+ unsigned int zcd_mask = SGTL5000_HP_ZCD_EN | SGTL5000_ADC_ZCD_EN;
/* power up sgtl5000 */
ret = sgtl5000_set_power_regs(component);
@@ -1315,9 +1316,8 @@ static int sgtl5000_probe(struct snd_soc_component *component)
0x1f);
snd_soc_component_write(component, SGTL5000_CHIP_PAD_STRENGTH, reg);
- snd_soc_component_write(component, SGTL5000_CHIP_ANA_CTRL,
- SGTL5000_HP_ZCD_EN |
- SGTL5000_ADC_ZCD_EN);
+ snd_soc_component_update_bits(component, SGTL5000_CHIP_ANA_CTRL,
+ zcd_mask, zcd_mask);
snd_soc_component_update_bits(component, SGTL5000_CHIP_MIC_CTRL,
SGTL5000_BIAS_R_MASK,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 040/313] ASoC: sgtl5000: Fix charge pump source assignment
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (38 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 039/313] ASoC: sgtl5000: Fix of unmute outputs on probe Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 041/313] firmware: qcom_scm: Use proper types for dma mappings Greg Kroah-Hartman
` (276 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleksandr Suvorov, Marcel Ziswiler,
Igor Opaniuk, Fabio Estevam, Mark Brown, Sasha Levin
From: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
[ Upstream commit b6319b061ba279577fd7030a9848fbd6a17151e3 ]
If VDDA != VDDIO and any of them is greater than 3.1V, charge pump
source can be assigned automatically [1].
[1] https://www.nxp.com/docs/en/data-sheet/SGTL5000.pdf
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Reviewed-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20190719100524.23300-7-oleksandr.suvorov@toradex.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/sgtl5000.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
index aad9eca41587e..7cbaedffa1ef7 100644
--- a/sound/soc/codecs/sgtl5000.c
+++ b/sound/soc/codecs/sgtl5000.c
@@ -1173,12 +1173,17 @@ static int sgtl5000_set_power_regs(struct snd_soc_component *component)
SGTL5000_INT_OSC_EN);
/* Enable VDDC charge pump */
ana_pwr |= SGTL5000_VDDC_CHRGPMP_POWERUP;
- } else if (vddio >= 3100 && vdda >= 3100) {
+ } else {
ana_pwr &= ~SGTL5000_VDDC_CHRGPMP_POWERUP;
- /* VDDC use VDDIO rail */
- lreg_ctrl |= SGTL5000_VDDC_ASSN_OVRD;
- lreg_ctrl |= SGTL5000_VDDC_MAN_ASSN_VDDIO <<
- SGTL5000_VDDC_MAN_ASSN_SHIFT;
+ /*
+ * if vddio == vdda the source of charge pump should be
+ * assigned manually to VDDIO
+ */
+ if (vddio == vdda) {
+ lreg_ctrl |= SGTL5000_VDDC_ASSN_OVRD;
+ lreg_ctrl |= SGTL5000_VDDC_MAN_ASSN_VDDIO <<
+ SGTL5000_VDDC_MAN_ASSN_SHIFT;
+ }
}
snd_soc_component_write(component, SGTL5000_CHIP_LINREG_CTRL, lreg_ctrl);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 041/313] firmware: qcom_scm: Use proper types for dma mappings
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (39 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 040/313] ASoC: sgtl5000: Fix charge pump source assignment Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 042/313] dmaengine: bcm2835: Print error in case setting DMA mask fails Greg Kroah-Hartman
` (275 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Jackson, Julien Grall,
Bjorn Andersson, Avaneesh Kumar Dwivedi, Stephen Boyd,
Sasha Levin
From: Stephen Boyd <swboyd@chromium.org>
[ Upstream commit 6e37ccf78a53296c6c7bf426065762c27829eb84 ]
We need to use the proper types and convert between physical addresses
and dma addresses here to avoid mismatch warnings. This is especially
important on systems with a different size for dma addresses and
physical addresses. Otherwise, we get the following warning:
drivers/firmware/qcom_scm.c: In function "qcom_scm_assign_mem":
drivers/firmware/qcom_scm.c:469:47: error: passing argument 3 of "dma_alloc_coherent" from incompatible pointer type [-Werror=incompatible-pointer-types]
We also fix the size argument to dma_free_coherent() because that size
doesn't need to be aligned after it's already aligned on the allocation
size. In fact, dma debugging expects the same arguments to be passed to
both the allocation and freeing sides of the functions so changing the
size is incorrect regardless.
Reported-by: Ian Jackson <ian.jackson@citrix.com>
Cc: Ian Jackson <ian.jackson@citrix.com>
Cc: Julien Grall <julien.grall@arm.com>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Avaneesh Kumar Dwivedi <akdwived@codeaurora.org>
Tested-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/qcom_scm.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c
index 2ddc118dba1b4..74b84244a0db8 100644
--- a/drivers/firmware/qcom_scm.c
+++ b/drivers/firmware/qcom_scm.c
@@ -9,6 +9,7 @@
#include <linux/init.h>
#include <linux/cpumask.h>
#include <linux/export.h>
+#include <linux/dma-direct.h>
#include <linux/dma-mapping.h>
#include <linux/module.h>
#include <linux/types.h>
@@ -440,6 +441,7 @@ int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz,
phys_addr_t mem_to_map_phys;
phys_addr_t dest_phys;
phys_addr_t ptr_phys;
+ dma_addr_t ptr_dma;
size_t mem_to_map_sz;
size_t dest_sz;
size_t src_sz;
@@ -457,9 +459,10 @@ int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz,
ptr_sz = ALIGN(src_sz, SZ_64) + ALIGN(mem_to_map_sz, SZ_64) +
ALIGN(dest_sz, SZ_64);
- ptr = dma_alloc_coherent(__scm->dev, ptr_sz, &ptr_phys, GFP_KERNEL);
+ ptr = dma_alloc_coherent(__scm->dev, ptr_sz, &ptr_dma, GFP_KERNEL);
if (!ptr)
return -ENOMEM;
+ ptr_phys = dma_to_phys(__scm->dev, ptr_dma);
/* Fill source vmid detail */
src = ptr;
@@ -489,7 +492,7 @@ int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz,
ret = __qcom_scm_assign_mem(__scm->dev, mem_to_map_phys, mem_to_map_sz,
ptr_phys, src_sz, dest_phys, dest_sz);
- dma_free_coherent(__scm->dev, ALIGN(ptr_sz, SZ_64), ptr, ptr_phys);
+ dma_free_coherent(__scm->dev, ptr_sz, ptr, ptr_dma);
if (ret) {
dev_err(__scm->dev,
"Assign memory protection call failed %d.\n", ret);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 042/313] dmaengine: bcm2835: Print error in case setting DMA mask fails
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (40 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 041/313] firmware: qcom_scm: Use proper types for dma mappings Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 043/313] leds: leds-lp5562 allow firmware files up to the maximum length Greg Kroah-Hartman
` (274 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Vinod Koul, Sasha Levin
From: Stefan Wahren <wahrenst@gmx.net>
[ Upstream commit 72503b25ee363827aafffc3e8d872e6a92a7e422 ]
During enabling of the RPi 4, we found out that the driver doesn't provide
a helpful error message in case setting DMA mask fails. So add one.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Link: https://lore.kernel.org/r/1563297318-4900-1-git-send-email-wahrenst@gmx.net
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/bcm2835-dma.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/dma/bcm2835-dma.c b/drivers/dma/bcm2835-dma.c
index 8101ff2f05c1c..970f654611bdd 100644
--- a/drivers/dma/bcm2835-dma.c
+++ b/drivers/dma/bcm2835-dma.c
@@ -871,8 +871,10 @@ static int bcm2835_dma_probe(struct platform_device *pdev)
pdev->dev.dma_mask = &pdev->dev.coherent_dma_mask;
rc = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32));
- if (rc)
+ if (rc) {
+ dev_err(&pdev->dev, "Unable to set DMA mask\n");
return rc;
+ }
od = devm_kzalloc(&pdev->dev, sizeof(*od), GFP_KERNEL);
if (!od)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 043/313] leds: leds-lp5562 allow firmware files up to the maximum length
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (41 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 042/313] dmaengine: bcm2835: Print error in case setting DMA mask fails Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 044/313] media: dib0700: fix link error for dibx000_i2c_set_speed Greg Kroah-Hartman
` (273 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nick Stoughton, Pavel Machek,
Jacek Anaszewski, Sasha Levin
From: Nick Stoughton <nstoughton@logitech.com>
[ Upstream commit ed2abfebb041473092b41527903f93390d38afa7 ]
Firmware files are in ASCII, using 2 hex characters per byte. The
maximum length of a firmware string is therefore
16 (commands) * 2 (bytes per command) * 2 (characters per byte) = 64
Fixes: ff45262a85db ("leds: add new LP5562 LED driver")
Signed-off-by: Nick Stoughton <nstoughton@logitech.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/leds-lp5562.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/leds/leds-lp5562.c b/drivers/leds/leds-lp5562.c
index 37632fc637414..edb57c42e8b1d 100644
--- a/drivers/leds/leds-lp5562.c
+++ b/drivers/leds/leds-lp5562.c
@@ -260,7 +260,11 @@ static void lp5562_firmware_loaded(struct lp55xx_chip *chip)
{
const struct firmware *fw = chip->fw;
- if (fw->size > LP5562_PROGRAM_LENGTH) {
+ /*
+ * the firmware is encoded in ascii hex character, with 2 chars
+ * per byte
+ */
+ if (fw->size > (LP5562_PROGRAM_LENGTH * 2)) {
dev_err(&chip->cl->dev, "firmware data size overflow: %zu\n",
fw->size);
return;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 044/313] media: dib0700: fix link error for dibx000_i2c_set_speed
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (42 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 043/313] leds: leds-lp5562 allow firmware files up to the maximum length Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 045/313] media: mtk-cir: lower de-glitch counter for rc-mm protocol Greg Kroah-Hartman
` (272 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 765bb8610d305ee488b35d07e2a04ae52fb2df9c ]
When CONFIG_DVB_DIB9000 is disabled, we can still compile code that
now fails to link against dibx000_i2c_set_speed:
drivers/media/usb/dvb-usb/dib0700_devices.o: In function `dib01x0_pmu_update.constprop.7':
dib0700_devices.c:(.text.unlikely+0x1c9c): undefined reference to `dibx000_i2c_set_speed'
The call sites are both through dib01x0_pmu_update(), which gets passed
an 'i2c' pointer from dib9000_get_i2c_master(), which has returned
NULL. Checking this pointer seems to be a good idea anyway, and it avoids
the link failure in most cases.
Sean Young found another case that is not fixed by that, where certain
gcc versions leave an unused function in place that causes the link error,
but adding an explict IS_ENABLED() check also solves this.
Fixes: b7f54910ce01 ("V4L/DVB (4647): Added module for DiB0700 based devices")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/dib0700_devices.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/media/usb/dvb-usb/dib0700_devices.c b/drivers/media/usb/dvb-usb/dib0700_devices.c
index 66d685065e065..ab7a100ec84fe 100644
--- a/drivers/media/usb/dvb-usb/dib0700_devices.c
+++ b/drivers/media/usb/dvb-usb/dib0700_devices.c
@@ -2439,9 +2439,13 @@ static int dib9090_tuner_attach(struct dvb_usb_adapter *adap)
8, 0x0486,
};
+ if (!IS_ENABLED(CONFIG_DVB_DIB9000))
+ return -ENODEV;
if (dvb_attach(dib0090_fw_register, adap->fe_adap[0].fe, i2c, &dib9090_dib0090_config) == NULL)
return -ENODEV;
i2c = dib9000_get_i2c_master(adap->fe_adap[0].fe, DIBX000_I2C_INTERFACE_GPIO_1_2, 0);
+ if (!i2c)
+ return -ENODEV;
if (dib01x0_pmu_update(i2c, data_dib190, 10) != 0)
return -ENODEV;
dib0700_set_i2c_speed(adap->dev, 1500);
@@ -2517,10 +2521,14 @@ static int nim9090md_tuner_attach(struct dvb_usb_adapter *adap)
0, 0x00ef,
8, 0x0406,
};
+ if (!IS_ENABLED(CONFIG_DVB_DIB9000))
+ return -ENODEV;
i2c = dib9000_get_tuner_interface(adap->fe_adap[0].fe);
if (dvb_attach(dib0090_fw_register, adap->fe_adap[0].fe, i2c, &nim9090md_dib0090_config[0]) == NULL)
return -ENODEV;
i2c = dib9000_get_i2c_master(adap->fe_adap[0].fe, DIBX000_I2C_INTERFACE_GPIO_1_2, 0);
+ if (!i2c)
+ return -ENODEV;
if (dib01x0_pmu_update(i2c, data_dib190, 10) < 0)
return -ENODEV;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 045/313] media: mtk-cir: lower de-glitch counter for rc-mm protocol
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (43 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 044/313] media: dib0700: fix link error for dibx000_i2c_set_speed Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 046/313] ASoC: SOF: pci: mark last_busy value at runtime PM init Greg Kroah-Hartman
` (271 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Young, Sean Wang,
Mauro Carvalho Chehab, Sasha Levin
From: Sean Young <sean@mess.org>
[ Upstream commit 5dd4b89dc098bf22cd13e82a308f42a02c102b2b ]
The rc-mm protocol can't be decoded by the mtk-cir since the de-glitch
filter removes pulses/spaces shorter than 294 microseconds.
Tested on a BananaPi R2.
Signed-off-by: Sean Young <sean@mess.org>
Acked-by: Sean Wang <sean.wang@kernel.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/mtk-cir.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/media/rc/mtk-cir.c b/drivers/media/rc/mtk-cir.c
index 46101efe017be..da457bf851303 100644
--- a/drivers/media/rc/mtk-cir.c
+++ b/drivers/media/rc/mtk-cir.c
@@ -35,6 +35,11 @@
/* Fields containing pulse width data */
#define MTK_WIDTH_MASK (GENMASK(7, 0))
+/* IR threshold */
+#define MTK_IRTHD 0x14
+#define MTK_DG_CNT_MASK (GENMASK(12, 8))
+#define MTK_DG_CNT(x) ((x) << 8)
+
/* Bit to enable interrupt */
#define MTK_IRINT_EN BIT(0)
@@ -400,6 +405,9 @@ static int mtk_ir_probe(struct platform_device *pdev)
mtk_w32_mask(ir, val, ir->data->fields[MTK_HW_PERIOD].mask,
ir->data->fields[MTK_HW_PERIOD].reg);
+ /* Set de-glitch counter */
+ mtk_w32_mask(ir, MTK_DG_CNT(1), MTK_DG_CNT_MASK, MTK_IRTHD);
+
/* Enable IR and PWM */
val = mtk_r32(ir, MTK_CONFIG_HIGH_REG);
val |= MTK_OK_COUNT(ir->data->ok_count) | MTK_PWM_EN | MTK_IR_EN;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 046/313] ASoC: SOF: pci: mark last_busy value at runtime PM init
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (44 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 045/313] media: mtk-cir: lower de-glitch counter for rc-mm protocol Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 047/313] media: exynos4-is: fix leaked of_node references Greg Kroah-Hartman
` (270 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pan Xiuli, Ranjani Sridharan,
Pierre-Louis Bossart, Mark Brown, Sasha Levin
From: Pan Xiuli <xiuli.pan@linux.intel.com>
[ Upstream commit f1b1b9b136827915624136624ff54aba5890a15b ]
If last_busy value is not set at runtime PM enable, the device will be
suspend immediately after usage counter is 0. Set the last_busy value to
make sure delay is working at first boot up.
Signed-off-by: Pan Xiuli <xiuli.pan@linux.intel.com>
Signed-off-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20190722141402.7194-2-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/sof-pci-dev.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/sof/sof-pci-dev.c b/sound/soc/sof/sof-pci-dev.c
index b778dffb2d25c..49daf1390dac0 100644
--- a/sound/soc/sof/sof-pci-dev.c
+++ b/sound/soc/sof/sof-pci-dev.c
@@ -203,6 +203,9 @@ static void sof_pci_probe_complete(struct device *dev)
*/
pm_runtime_allow(dev);
+ /* mark last_busy for pm_runtime to make sure not suspend immediately */
+ pm_runtime_mark_last_busy(dev);
+
/* follow recommendation in pci-driver.c to decrement usage counter */
pm_runtime_put_noidle(dev);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 047/313] media: exynos4-is: fix leaked of_node references
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (45 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 046/313] ASoC: SOF: pci: mark last_busy value at runtime PM init Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 049/313] media: vb2: reorder checks in vb2_poll() Greg Kroah-Hartman
` (269 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Yang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Wen Yang <wen.yang99@zte.com.cn>
[ Upstream commit da79bf41a4d170ca93cc8f3881a70d734a071c37 ]
The call to of_get_child_by_name returns a node pointer with refcount
incremented thus it must be explicitly decremented after the last
usage.
Detected by coccinelle with the following warnings:
drivers/media/platform/exynos4-is/fimc-is.c:813:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 807, but without a corresponding object release within this function.
drivers/media/platform/exynos4-is/fimc-is.c:870:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 807, but without a corresponding object release within this function.
drivers/media/platform/exynos4-is/fimc-is.c:885:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 807, but without a corresponding object release within this function.
drivers/media/platform/exynos4-is/media-dev.c:545:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 541, but without a corresponding object release within this function.
drivers/media/platform/exynos4-is/media-dev.c:528:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 499, but without a corresponding object release within this function.
drivers/media/platform/exynos4-is/media-dev.c:534:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 499, but without a corresponding object release within this function.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-is.c | 1 +
drivers/media/platform/exynos4-is/media-dev.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/drivers/media/platform/exynos4-is/fimc-is.c b/drivers/media/platform/exynos4-is/fimc-is.c
index e043d55133a31..b7cc8e651e327 100644
--- a/drivers/media/platform/exynos4-is/fimc-is.c
+++ b/drivers/media/platform/exynos4-is/fimc-is.c
@@ -806,6 +806,7 @@ static int fimc_is_probe(struct platform_device *pdev)
return -ENODEV;
is->pmu_regs = of_iomap(node, 0);
+ of_node_put(node);
if (!is->pmu_regs)
return -ENOMEM;
diff --git a/drivers/media/platform/exynos4-is/media-dev.c b/drivers/media/platform/exynos4-is/media-dev.c
index 1b83a6ec745fb..3cece7cd73e28 100644
--- a/drivers/media/platform/exynos4-is/media-dev.c
+++ b/drivers/media/platform/exynos4-is/media-dev.c
@@ -499,6 +499,7 @@ static int fimc_md_register_sensor_entities(struct fimc_md *fmd)
continue;
ret = fimc_md_parse_port_node(fmd, port, index);
+ of_node_put(port);
if (ret < 0) {
of_node_put(node);
goto cleanup;
@@ -538,6 +539,7 @@ static int __of_get_csis_id(struct device_node *np)
if (!np)
return -EINVAL;
of_property_read_u32(np, "reg", ®);
+ of_node_put(np);
return reg - FIMC_INPUT_MIPI_CSI2_0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 049/313] media: vb2: reorder checks in vb2_poll()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (46 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 047/313] media: exynos4-is: fix leaked of_node references Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 050/313] media: vivid: work around high stack usage with clang Greg Kroah-Hartman
` (268 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Tretter, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Michael Tretter <m.tretter@pengutronix.de>
[ Upstream commit 8d86a15649957c182e90fa2b1267c16699bc12f1 ]
When reaching the end of stream, V4L2 clients may expect the
V4L2_EOS_EVENT before being able to dequeue the last buffer, which has
the V4L2_BUF_FLAG_LAST flag set.
If the vb2_poll() function first checks for events and afterwards if
buffers are available, a driver can queue the V4L2_EOS_EVENT event and
return the buffer after the check for events but before the check for
buffers. This causes vb2_poll() to signal that the buffer with
V4L2_BUF_FLAG_LAST can be read without the V4L2_EOS_EVENT being
available.
First, check for available buffers and afterwards for events to ensure
that if vb2_poll() signals POLLIN | POLLRDNORM for the
V4L2_BUF_FLAG_LAST buffer, it also signals POLLPRI for the
V4L2_EOS_EVENT.
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/common/videobuf2/videobuf2-v4l2.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c
index fb9ac7696fc6e..bd9bfeee385fb 100644
--- a/drivers/media/common/videobuf2/videobuf2-v4l2.c
+++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c
@@ -872,17 +872,19 @@ EXPORT_SYMBOL_GPL(vb2_queue_release);
__poll_t vb2_poll(struct vb2_queue *q, struct file *file, poll_table *wait)
{
struct video_device *vfd = video_devdata(file);
- __poll_t res = 0;
+ __poll_t res;
+
+ res = vb2_core_poll(q, file, wait);
if (test_bit(V4L2_FL_USES_V4L2_FH, &vfd->flags)) {
struct v4l2_fh *fh = file->private_data;
poll_wait(file, &fh->wait, wait);
if (v4l2_event_pending(fh))
- res = EPOLLPRI;
+ res |= EPOLLPRI;
}
- return res | vb2_core_poll(q, file, wait);
+ return res;
}
EXPORT_SYMBOL_GPL(vb2_poll);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 050/313] media: vivid: work around high stack usage with clang
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (47 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 049/313] media: vb2: reorder checks in vb2_poll() Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 051/313] media: hdpvr: Add device num check and handling Greg Kroah-Hartman
` (267 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Nick Desaulniers,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 1a03f91c2c2419c3709c4554952c66695575e91c ]
Building a KASAN-enabled kernel with clang ends up in a case where too
much is inlined into vivid_thread_vid_cap() and the stack usage grows
a lot, possibly when the register allocation fails to produce efficient
code and spills a lot of temporaries to the stack. This uses more
than twice the amount of stack than the sum of the individual functions
when they are not inlined:
drivers/media/platform/vivid/vivid-kthread-cap.c:766:12: error: stack frame size of 2208 bytes in function 'vivid_thread_vid_cap' [-Werror,-Wframe-larger-than=]
Marking two of the key functions in here as 'noinline_for_stack' avoids
the pathological case in clang without any apparent downside for gcc.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vivid/vivid-kthread-cap.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/vivid/vivid-kthread-cap.c b/drivers/media/platform/vivid/vivid-kthread-cap.c
index cf6dfecf879f7..96d85cd8839f3 100644
--- a/drivers/media/platform/vivid/vivid-kthread-cap.c
+++ b/drivers/media/platform/vivid/vivid-kthread-cap.c
@@ -232,8 +232,8 @@ static void *plane_vaddr(struct tpg_data *tpg, struct vivid_buffer *buf,
return vbuf;
}
-static int vivid_copy_buffer(struct vivid_dev *dev, unsigned p, u8 *vcapbuf,
- struct vivid_buffer *vid_cap_buf)
+static noinline_for_stack int vivid_copy_buffer(struct vivid_dev *dev, unsigned p,
+ u8 *vcapbuf, struct vivid_buffer *vid_cap_buf)
{
bool blank = dev->must_blank[vid_cap_buf->vb.vb2_buf.index];
struct tpg_data *tpg = &dev->tpg;
@@ -672,7 +672,8 @@ static void vivid_cap_update_frame_period(struct vivid_dev *dev)
dev->cap_frame_period = f_period;
}
-static void vivid_thread_vid_cap_tick(struct vivid_dev *dev, int dropped_bufs)
+static noinline_for_stack void vivid_thread_vid_cap_tick(struct vivid_dev *dev,
+ int dropped_bufs)
{
struct vivid_buffer *vid_cap_buf = NULL;
struct vivid_buffer *vbi_cap_buf = NULL;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 051/313] media: hdpvr: Add device num check and handling
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (48 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 050/313] media: vivid: work around high stack usage with clang Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 052/313] media: i2c: ov5640: Check for devm_gpiod_get_optional() error Greg Kroah-Hartman
` (266 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luke Nowakowski-Krijger,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin,
syzbot+aac8d0d7205f112045d2
From: Luke Nowakowski-Krijger <lnowakow@eng.ucsd.edu>
[ Upstream commit d4a6a9537bc32811486282206ecfb7c53754b74d ]
Add hdpvr device num check and error handling
We need to increment the device count atomically before we checkout a
device to make sure that we do not reach the max count, otherwise we get
out-of-bounds errors as reported by syzbot.
Reported-and-tested-by: syzbot+aac8d0d7205f112045d2@syzkaller.appspotmail.com
Signed-off-by: Luke Nowakowski-Krijger <lnowakow@eng.ucsd.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/hdpvr/hdpvr-core.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/hdpvr/hdpvr-core.c b/drivers/media/usb/hdpvr/hdpvr-core.c
index 9b9d894d29bcb..a0905c81d2cb2 100644
--- a/drivers/media/usb/hdpvr/hdpvr-core.c
+++ b/drivers/media/usb/hdpvr/hdpvr-core.c
@@ -271,6 +271,7 @@ static int hdpvr_probe(struct usb_interface *interface,
#endif
size_t buffer_size;
int i;
+ int dev_num;
int retval = -ENOMEM;
/* allocate memory for our device state and initialize it */
@@ -368,8 +369,17 @@ static int hdpvr_probe(struct usb_interface *interface,
}
#endif
+ dev_num = atomic_inc_return(&dev_nr);
+ if (dev_num >= HDPVR_MAX) {
+ v4l2_err(&dev->v4l2_dev,
+ "max device number reached, device register failed\n");
+ atomic_dec(&dev_nr);
+ retval = -ENODEV;
+ goto reg_fail;
+ }
+
retval = hdpvr_register_videodev(dev, &interface->dev,
- video_nr[atomic_inc_return(&dev_nr)]);
+ video_nr[dev_num]);
if (retval < 0) {
v4l2_err(&dev->v4l2_dev, "registering videodev failed\n");
goto reg_fail;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 052/313] media: i2c: ov5640: Check for devm_gpiod_get_optional() error
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (49 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 051/313] media: hdpvr: Add device num check and handling Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 053/313] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint Greg Kroah-Hartman
` (265 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
From: Fabio Estevam <festevam@gmail.com>
[ Upstream commit 8791a102ce579346cea9d2f911afef1c1985213c ]
The power down and reset GPIO are optional, but the return value
from devm_gpiod_get_optional() needs to be checked and propagated
in the case of error, so that probe deferral can work.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov5640.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/i2c/ov5640.c b/drivers/media/i2c/ov5640.c
index 759d60c6d6304..afe7920557a8f 100644
--- a/drivers/media/i2c/ov5640.c
+++ b/drivers/media/i2c/ov5640.c
@@ -3022,9 +3022,14 @@ static int ov5640_probe(struct i2c_client *client,
/* request optional power down pin */
sensor->pwdn_gpio = devm_gpiod_get_optional(dev, "powerdown",
GPIOD_OUT_HIGH);
+ if (IS_ERR(sensor->pwdn_gpio))
+ return PTR_ERR(sensor->pwdn_gpio);
+
/* request optional reset pin */
sensor->reset_gpio = devm_gpiod_get_optional(dev, "reset",
GPIOD_OUT_HIGH);
+ if (IS_ERR(sensor->reset_gpio))
+ return PTR_ERR(sensor->reset_gpio);
v4l2_i2c_subdev_init(&sensor->sd, client, &ov5640_subdev_ops);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 053/313] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (50 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 052/313] media: i2c: ov5640: Check for devm_gpiod_get_optional() error Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 054/313] sched/fair: Fix imbalance due to CPU affinity Greg Kroah-Hartman
` (264 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul E. McKenney,
Peter Zijlstra (Intel),
Frederic Weisbecker, Linus Torvalds, Thomas Gleixner,
Ingo Molnar, Sasha Levin
From: Paul E. McKenney <paulmck@linux.ibm.com>
[ Upstream commit 84ec3a0787086fcd25f284f59b3aa01fd6fc0a5d ]
time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
The TASKS03 and TREE04 rcutorture scenarios produce the following
lockdep complaint:
WARNING: inconsistent lock state
5.2.0-rc1+ #513 Not tainted
--------------------------------
inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
migration/1/14 [HC0[0]:SC0[0]:HE1:SE1] takes:
(____ptrval____) (tick_broadcast_lock){?...}, at: tick_broadcast_offline+0xf/0x70
{IN-HARDIRQ-W} state was registered at:
lock_acquire+0xb0/0x1c0
_raw_spin_lock_irqsave+0x3c/0x50
tick_broadcast_switch_to_oneshot+0xd/0x40
tick_switch_to_oneshot+0x4f/0xd0
hrtimer_run_queues+0xf3/0x130
run_local_timers+0x1c/0x50
update_process_times+0x1c/0x50
tick_periodic+0x26/0xc0
tick_handle_periodic+0x1a/0x60
smp_apic_timer_interrupt+0x80/0x2a0
apic_timer_interrupt+0xf/0x20
_raw_spin_unlock_irqrestore+0x4e/0x60
rcu_nocb_gp_kthread+0x15d/0x590
kthread+0xf3/0x130
ret_from_fork+0x3a/0x50
irq event stamp: 171
hardirqs last enabled at (171): [<ffffffff8a201a37>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (170): [<ffffffff8a201a53>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (0): [<ffffffff8a264ee0>] copy_process.part.56+0x650/0x1cb0
softirqs last disabled at (0): [<0000000000000000>] 0x0
[...]
To reproduce, run the following rcutorture test:
$ tools/testing/selftests/rcutorture/bin/kvm.sh --duration 5 --kconfig "CONFIG_DEBUG_LOCK_ALLOC=y CONFIG_PROVE_LOCKING=y" --configs "TASKS03 TREE04"
It turns out that tick_broadcast_offline() was an innocent bystander.
After all, interrupts are supposed to be disabled throughout
take_cpu_down(), and therefore should have been disabled upon entry to
tick_offline_cpu() and thus to tick_broadcast_offline(). This suggests
that one of the CPU-hotplug notifiers was incorrectly enabling interrupts,
and leaving them enabled on return.
Some debugging code showed that the culprit was sched_cpu_dying().
It had irqs enabled after return from sched_tick_stop(). Which in turn
had irqs enabled after return from cancel_delayed_work_sync(). Which is a
wrapper around __cancel_work_timer(). Which can sleep in the case where
something else is concurrently trying to cancel the same delayed work,
and as Thomas Gleixner pointed out on IRC, sleeping is a decidedly bad
idea when you are invoked from take_cpu_down(), regardless of the state
you leave interrupts in upon return.
Code inspection located no reason why the delayed work absolutely
needed to be canceled from sched_tick_stop(): The work is not
bound to the outgoing CPU by design, given that the whole point is
to collect statistics without disturbing the outgoing CPU.
This commit therefore simply drops the cancel_delayed_work_sync() from
sched_tick_stop(). Instead, a new ->state field is added to the tick_work
structure so that the delayed-work handler function sched_tick_remote()
can avoid reposting itself. A cpu_is_offline() check is also added to
sched_tick_remote() to avoid mucking with the state of an offlined CPU
(though it does appear safe to do so). The sched_tick_start() and
sched_tick_stop() functions also update ->state, and sched_tick_start()
also schedules the delayed work if ->state indicates that it is not
already in flight.
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
[ paulmck: Apply Peter Zijlstra and Frederic Weisbecker atomics feedback. ]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190625165238.GJ26519@linux.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/core.c | 57 ++++++++++++++++++++++++++++++++++++++-------
1 file changed, 49 insertions(+), 8 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 42bc2986520d7..275f470812440 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -3051,8 +3051,36 @@ void scheduler_tick(void)
struct tick_work {
int cpu;
+ atomic_t state;
struct delayed_work work;
};
+/* Values for ->state, see diagram below. */
+#define TICK_SCHED_REMOTE_OFFLINE 0
+#define TICK_SCHED_REMOTE_OFFLINING 1
+#define TICK_SCHED_REMOTE_RUNNING 2
+
+/*
+ * State diagram for ->state:
+ *
+ *
+ * TICK_SCHED_REMOTE_OFFLINE
+ * | ^
+ * | |
+ * | | sched_tick_remote()
+ * | |
+ * | |
+ * +--TICK_SCHED_REMOTE_OFFLINING
+ * | ^
+ * | |
+ * sched_tick_start() | | sched_tick_stop()
+ * | |
+ * V |
+ * TICK_SCHED_REMOTE_RUNNING
+ *
+ *
+ * Other transitions get WARN_ON_ONCE(), except that sched_tick_remote()
+ * and sched_tick_start() are happy to leave the state in RUNNING.
+ */
static struct tick_work __percpu *tick_work_cpu;
@@ -3065,6 +3093,7 @@ static void sched_tick_remote(struct work_struct *work)
struct task_struct *curr;
struct rq_flags rf;
u64 delta;
+ int os;
/*
* Handle the tick only if it appears the remote CPU is running in full
@@ -3078,7 +3107,7 @@ static void sched_tick_remote(struct work_struct *work)
rq_lock_irq(rq, &rf);
curr = rq->curr;
- if (is_idle_task(curr))
+ if (is_idle_task(curr) || cpu_is_offline(cpu))
goto out_unlock;
update_rq_clock(rq);
@@ -3098,13 +3127,18 @@ static void sched_tick_remote(struct work_struct *work)
/*
* Run the remote tick once per second (1Hz). This arbitrary
* frequency is large enough to avoid overload but short enough
- * to keep scheduler internal stats reasonably up to date.
+ * to keep scheduler internal stats reasonably up to date. But
+ * first update state to reflect hotplug activity if required.
*/
- queue_delayed_work(system_unbound_wq, dwork, HZ);
+ os = atomic_fetch_add_unless(&twork->state, -1, TICK_SCHED_REMOTE_RUNNING);
+ WARN_ON_ONCE(os == TICK_SCHED_REMOTE_OFFLINE);
+ if (os == TICK_SCHED_REMOTE_RUNNING)
+ queue_delayed_work(system_unbound_wq, dwork, HZ);
}
static void sched_tick_start(int cpu)
{
+ int os;
struct tick_work *twork;
if (housekeeping_cpu(cpu, HK_FLAG_TICK))
@@ -3113,15 +3147,20 @@ static void sched_tick_start(int cpu)
WARN_ON_ONCE(!tick_work_cpu);
twork = per_cpu_ptr(tick_work_cpu, cpu);
- twork->cpu = cpu;
- INIT_DELAYED_WORK(&twork->work, sched_tick_remote);
- queue_delayed_work(system_unbound_wq, &twork->work, HZ);
+ os = atomic_xchg(&twork->state, TICK_SCHED_REMOTE_RUNNING);
+ WARN_ON_ONCE(os == TICK_SCHED_REMOTE_RUNNING);
+ if (os == TICK_SCHED_REMOTE_OFFLINE) {
+ twork->cpu = cpu;
+ INIT_DELAYED_WORK(&twork->work, sched_tick_remote);
+ queue_delayed_work(system_unbound_wq, &twork->work, HZ);
+ }
}
#ifdef CONFIG_HOTPLUG_CPU
static void sched_tick_stop(int cpu)
{
struct tick_work *twork;
+ int os;
if (housekeeping_cpu(cpu, HK_FLAG_TICK))
return;
@@ -3129,7 +3168,10 @@ static void sched_tick_stop(int cpu)
WARN_ON_ONCE(!tick_work_cpu);
twork = per_cpu_ptr(tick_work_cpu, cpu);
- cancel_delayed_work_sync(&twork->work);
+ /* There cannot be competing actions, but don't rely on stop-machine. */
+ os = atomic_xchg(&twork->state, TICK_SCHED_REMOTE_OFFLINING);
+ WARN_ON_ONCE(os != TICK_SCHED_REMOTE_RUNNING);
+ /* Don't cancel, as this would mess up the state machine. */
}
#endif /* CONFIG_HOTPLUG_CPU */
@@ -3137,7 +3179,6 @@ int __init sched_tick_offload_init(void)
{
tick_work_cpu = alloc_percpu(struct tick_work);
BUG_ON(!tick_work_cpu);
-
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 054/313] sched/fair: Fix imbalance due to CPU affinity
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (51 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 053/313] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 055/313] sched/core: Fix CPU controller for !RT_GROUP_SCHED Greg Kroah-Hartman
` (263 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Guittot,
Peter Zijlstra (Intel),
Linus Torvalds, Thomas Gleixner, Ingo Molnar, Sasha Levin
From: Vincent Guittot <vincent.guittot@linaro.org>
[ Upstream commit f6cad8df6b30a5d2bbbd2e698f74b4cafb9fb82b ]
The load_balance() has a dedicated mecanism to detect when an imbalance
is due to CPU affinity and must be handled at parent level. In this case,
the imbalance field of the parent's sched_group is set.
The description of sg_imbalanced() gives a typical example of two groups
of 4 CPUs each and 4 tasks each with a cpumask covering 1 CPU of the first
group and 3 CPUs of the second group. Something like:
{ 0 1 2 3 } { 4 5 6 7 }
* * * *
But the load_balance fails to fix this UC on my octo cores system
made of 2 clusters of quad cores.
Whereas the load_balance is able to detect that the imbalanced is due to
CPU affinity, it fails to fix it because the imbalance field is cleared
before letting parent level a chance to run. In fact, when the imbalance is
detected, the load_balance reruns without the CPU with pinned tasks. But
there is no other running tasks in the situation described above and
everything looks balanced this time so the imbalance field is immediately
cleared.
The imbalance field should not be cleared if there is no other task to move
when the imbalance is detected.
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/1561996022-28829-1-git-send-email-vincent.guittot@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index b07672e793a81..f72bf8122fe4e 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -9319,9 +9319,10 @@ static int load_balance(int this_cpu, struct rq *this_rq,
out_balanced:
/*
* We reach balance although we may have faced some affinity
- * constraints. Clear the imbalance flag if it was set.
+ * constraints. Clear the imbalance flag only if other tasks got
+ * a chance to move and fix the imbalance.
*/
- if (sd_parent) {
+ if (sd_parent && !(env.flags & LBF_ALL_PINNED)) {
int *group_imbalance = &sd_parent->groups->sgc->imbalance;
if (*group_imbalance)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 055/313] sched/core: Fix CPU controller for !RT_GROUP_SCHED
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (52 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 054/313] sched/fair: Fix imbalance due to CPU affinity Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 056/313] x86/apic: Make apic_pending_intr_clear() more robust Greg Kroah-Hartman
` (262 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juri Lelli, Peter Zijlstra (Intel),
Michal Koutný,
Daniel Bristot de Oliveira, Tejun Heo, Linus Torvalds,
Thomas Gleixner, lizefan, longman, luca.abeni, rostedt,
Ingo Molnar, Sasha Levin
From: Juri Lelli <juri.lelli@redhat.com>
[ Upstream commit a07db5c0865799ebed1f88be0df50c581fb65029 ]
On !CONFIG_RT_GROUP_SCHED configurations it is currently not possible to
move RT tasks between cgroups to which CPU controller has been attached;
but it is oddly possible to first move tasks around and then make them
RT (setschedule to FIFO/RR).
E.g.:
# mkdir /sys/fs/cgroup/cpu,cpuacct/group1
# chrt -fp 10 $$
# echo $$ > /sys/fs/cgroup/cpu,cpuacct/group1/tasks
bash: echo: write error: Invalid argument
# chrt -op 0 $$
# echo $$ > /sys/fs/cgroup/cpu,cpuacct/group1/tasks
# chrt -fp 10 $$
# cat /sys/fs/cgroup/cpu,cpuacct/group1/tasks
2345
2598
# chrt -p 2345
pid 2345's current scheduling policy: SCHED_FIFO
pid 2345's current scheduling priority: 10
Also, as Michal noted, it is currently not possible to enable CPU
controller on unified hierarchy with !CONFIG_RT_GROUP_SCHED (if there
are any kernel RT threads in root cgroup, they can't be migrated to the
newly created CPU controller's root in cgroup_update_dfl_csses()).
Existing code comes with a comment saying the "we don't support RT-tasks
being in separate groups". Such comment is however stale and belongs to
pre-RT_GROUP_SCHED times. Also, it doesn't make much sense for
!RT_GROUP_ SCHED configurations, since checks related to RT bandwidth
are not performed at all in these cases.
Make moving RT tasks between CPU controller groups viable by removing
special case check for RT (and DEADLINE) tasks.
Signed-off-by: Juri Lelli <juri.lelli@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Reviewed-by: Daniel Bristot de Oliveira <bristot@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: lizefan@huawei.com
Cc: longman@redhat.com
Cc: luca.abeni@santannapisa.it
Cc: rostedt@goodmis.org
Link: https://lkml.kernel.org/r/20190719063455.27328-1-juri.lelli@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/core.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 275f470812440..b78986ce1f6b0 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -6513,10 +6513,6 @@ static int cpu_cgroup_can_attach(struct cgroup_taskset *tset)
#ifdef CONFIG_RT_GROUP_SCHED
if (!sched_rt_can_attach(css_tg(css), task))
return -EINVAL;
-#else
- /* We don't support RT-tasks being in separate groups */
- if (task->sched_class != &fair_sched_class)
- return -EINVAL;
#endif
/*
* Serialize against wake_up_new_task() such that if its
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 056/313] x86/apic: Make apic_pending_intr_clear() more robust
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (53 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 055/313] sched/core: Fix CPU controller for !RT_GROUP_SCHED Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 057/313] sched/deadline: Fix bandwidth accounting at all levels after offline migration Greg Kroah-Hartman
` (261 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner,
Peter Zijlstra (Intel),
Sasha Levin
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit cc8bf191378c1da8ad2b99cf470ee70193ace84e ]
In course of developing shorthand based IPI support issues with the
function which tries to clear eventually pending ISR bits in the local APIC
were observed.
1) O-day testing triggered the WARN_ON() in apic_pending_intr_clear().
This warning is emitted when the function fails to clear pending ISR
bits or observes pending IRR bits which are not delivered to the CPU
after the stale ISR bit(s) are ACK'ed.
Unfortunately the function only emits a WARN_ON() and fails to dump
the IRR/ISR content. That's useless for debugging.
Feng added spot on debug printk's which revealed that the stale IRR
bit belonged to the APIC timer interrupt vector, but adding ad hoc
debug code does not help with sporadic failures in the field.
Rework the loop so the full IRR/ISR contents are saved and on failure
dumped.
2) The loop termination logic is interesting at best.
If the machine has no TSC or cpu_khz is not known yet it tries 1
million times to ack stale IRR/ISR bits. What?
With TSC it uses the TSC to calculate the loop termination. It takes a
timestamp at entry and terminates the loop when:
(rdtsc() - start_timestamp) >= (cpu_hkz << 10)
That's roughly one second.
Both methods are problematic. The APIC has 256 vectors, which means
that in theory max. 256 IRR/ISR bits can be set. In practice this is
impossible and the chance that more than a few bits are set is close
to zero.
With the pure loop based approach the 1 million retries are complete
overkill.
With TSC this can terminate too early in a guest which is running on a
heavily loaded host even with only a couple of IRR/ISR bits set. The
reason is that after acknowledging the highest priority ISR bit,
pending IRRs must get serviced first before the next round of
acknowledge can take place as the APIC (real and virtualized) does not
honour EOI without a preceeding interrupt on the CPU. And every APIC
read/write takes a VMEXIT if the APIC is virtualized. While trying to
reproduce the issue 0-day reported it was observed that the guest was
scheduled out long enough under heavy load that it terminated after 8
iterations.
Make the loop terminate after 512 iterations. That's plenty enough
in any case and does not take endless time to complete.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20190722105219.158847694@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apic/apic.c | 107 +++++++++++++++++++++---------------
1 file changed, 63 insertions(+), 44 deletions(-)
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 2f067b443326e..67d1259e0f7c0 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1462,54 +1462,72 @@ static void lapic_setup_esr(void)
oldvalue, value);
}
-static void apic_pending_intr_clear(void)
+#define APIC_IR_REGS APIC_ISR_NR
+#define APIC_IR_BITS (APIC_IR_REGS * 32)
+#define APIC_IR_MAPSIZE (APIC_IR_BITS / BITS_PER_LONG)
+
+union apic_ir {
+ unsigned long map[APIC_IR_MAPSIZE];
+ u32 regs[APIC_IR_REGS];
+};
+
+static bool apic_check_and_ack(union apic_ir *irr, union apic_ir *isr)
{
- long long max_loops = cpu_khz ? cpu_khz : 1000000;
- unsigned long long tsc = 0, ntsc;
- unsigned int queued;
- unsigned long value;
- int i, j, acked = 0;
+ int i, bit;
+
+ /* Read the IRRs */
+ for (i = 0; i < APIC_IR_REGS; i++)
+ irr->regs[i] = apic_read(APIC_IRR + i * 0x10);
+
+ /* Read the ISRs */
+ for (i = 0; i < APIC_IR_REGS; i++)
+ isr->regs[i] = apic_read(APIC_ISR + i * 0x10);
- if (boot_cpu_has(X86_FEATURE_TSC))
- tsc = rdtsc();
/*
- * After a crash, we no longer service the interrupts and a pending
- * interrupt from previous kernel might still have ISR bit set.
- *
- * Most probably by now CPU has serviced that pending interrupt and
- * it might not have done the ack_APIC_irq() because it thought,
- * interrupt came from i8259 as ExtInt. LAPIC did not get EOI so it
- * does not clear the ISR bit and cpu thinks it has already serivced
- * the interrupt. Hence a vector might get locked. It was noticed
- * for timer irq (vector 0x31). Issue an extra EOI to clear ISR.
+ * If the ISR map is not empty. ACK the APIC and run another round
+ * to verify whether a pending IRR has been unblocked and turned
+ * into a ISR.
*/
- do {
- queued = 0;
- for (i = APIC_ISR_NR - 1; i >= 0; i--)
- queued |= apic_read(APIC_IRR + i*0x10);
-
- for (i = APIC_ISR_NR - 1; i >= 0; i--) {
- value = apic_read(APIC_ISR + i*0x10);
- for_each_set_bit(j, &value, 32) {
- ack_APIC_irq();
- acked++;
- }
- }
- if (acked > 256) {
- pr_err("LAPIC pending interrupts after %d EOI\n", acked);
- break;
- }
- if (queued) {
- if (boot_cpu_has(X86_FEATURE_TSC) && cpu_khz) {
- ntsc = rdtsc();
- max_loops = (long long)cpu_khz << 10;
- max_loops -= ntsc - tsc;
- } else {
- max_loops--;
- }
- }
- } while (queued && max_loops > 0);
- WARN_ON(max_loops <= 0);
+ if (!bitmap_empty(isr->map, APIC_IR_BITS)) {
+ /*
+ * There can be multiple ISR bits set when a high priority
+ * interrupt preempted a lower priority one. Issue an ACK
+ * per set bit.
+ */
+ for_each_set_bit(bit, isr->map, APIC_IR_BITS)
+ ack_APIC_irq();
+ return true;
+ }
+
+ return !bitmap_empty(irr->map, APIC_IR_BITS);
+}
+
+/*
+ * After a crash, we no longer service the interrupts and a pending
+ * interrupt from previous kernel might still have ISR bit set.
+ *
+ * Most probably by now the CPU has serviced that pending interrupt and it
+ * might not have done the ack_APIC_irq() because it thought, interrupt
+ * came from i8259 as ExtInt. LAPIC did not get EOI so it does not clear
+ * the ISR bit and cpu thinks it has already serivced the interrupt. Hence
+ * a vector might get locked. It was noticed for timer irq (vector
+ * 0x31). Issue an extra EOI to clear ISR.
+ *
+ * If there are pending IRR bits they turn into ISR bits after a higher
+ * priority ISR bit has been acked.
+ */
+static void apic_pending_intr_clear(void)
+{
+ union apic_ir irr, isr;
+ unsigned int i;
+
+ /* 512 loops are way oversized and give the APIC a chance to obey. */
+ for (i = 0; i < 512; i++) {
+ if (!apic_check_and_ack(&irr, &isr))
+ return;
+ }
+ /* Dump the IRR/ISR content if that failed */
+ pr_warn("APIC: Stale IRR: %256pb ISR: %256pb\n", irr.map, isr.map);
}
/**
@@ -1577,6 +1595,7 @@ static void setup_local_APIC(void)
value &= ~APIC_TPRI_MASK;
apic_write(APIC_TASKPRI, value);
+ /* Clear eventually stale ISR/IRR bits */
apic_pending_intr_clear();
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 057/313] sched/deadline: Fix bandwidth accounting at all levels after offline migration
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (54 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 056/313] x86/apic: Make apic_pending_intr_clear() more robust Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 058/313] x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails Greg Kroah-Hartman
` (260 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dietmar Eggemann, Juri Lelli,
Peter Zijlstra (Intel),
Linus Torvalds, Thomas Gleixner, bristot, claudio, lizefan,
longman, luca.abeni, mathieu.poirier, rostedt, tj,
tommaso.cucinotta, Ingo Molnar, Sasha Levin
From: Juri Lelli <juri.lelli@redhat.com>
[ Upstream commit 59d06cea1198d665ba11f7e8c5f45b00ff2e4812 ]
If a task happens to be throttled while the CPU it was running on gets
hotplugged off, the bandwidth associated with the task is not correctly
migrated with it when the replenishment timer fires (offline_migration).
Fix things up, for this_bw, running_bw and total_bw, when replenishment
timer fires and task is migrated (dl_task_offline_migration()).
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Signed-off-by: Juri Lelli <juri.lelli@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bristot@redhat.com
Cc: claudio@evidence.eu.com
Cc: lizefan@huawei.com
Cc: longman@redhat.com
Cc: luca.abeni@santannapisa.it
Cc: mathieu.poirier@linaro.org
Cc: rostedt@goodmis.org
Cc: tj@kernel.org
Cc: tommaso.cucinotta@santannapisa.it
Link: https://lkml.kernel.org/r/20190719140000.31694-5-juri.lelli@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/deadline.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
index 1c66480afda81..fcdafdcb129cc 100644
--- a/kernel/sched/deadline.c
+++ b/kernel/sched/deadline.c
@@ -529,6 +529,7 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq);
static struct rq *dl_task_offline_migration(struct rq *rq, struct task_struct *p)
{
struct rq *later_rq = NULL;
+ struct dl_bw *dl_b;
later_rq = find_lock_later_rq(p, rq);
if (!later_rq) {
@@ -557,6 +558,38 @@ static struct rq *dl_task_offline_migration(struct rq *rq, struct task_struct *p
double_lock_balance(rq, later_rq);
}
+ if (p->dl.dl_non_contending || p->dl.dl_throttled) {
+ /*
+ * Inactive timer is armed (or callback is running, but
+ * waiting for us to release rq locks). In any case, when it
+ * will fire (or continue), it will see running_bw of this
+ * task migrated to later_rq (and correctly handle it).
+ */
+ sub_running_bw(&p->dl, &rq->dl);
+ sub_rq_bw(&p->dl, &rq->dl);
+
+ add_rq_bw(&p->dl, &later_rq->dl);
+ add_running_bw(&p->dl, &later_rq->dl);
+ } else {
+ sub_rq_bw(&p->dl, &rq->dl);
+ add_rq_bw(&p->dl, &later_rq->dl);
+ }
+
+ /*
+ * And we finally need to fixup root_domain(s) bandwidth accounting,
+ * since p is still hanging out in the old (now moved to default) root
+ * domain.
+ */
+ dl_b = &rq->rd->dl_bw;
+ raw_spin_lock(&dl_b->lock);
+ __dl_sub(dl_b, p->dl.dl_bw, cpumask_weight(rq->rd->span));
+ raw_spin_unlock(&dl_b->lock);
+
+ dl_b = &later_rq->rd->dl_bw;
+ raw_spin_lock(&dl_b->lock);
+ __dl_add(dl_b, p->dl.dl_bw, cpumask_weight(later_rq->rd->span));
+ raw_spin_unlock(&dl_b->lock);
+
set_task_cpu(p, later_rq->cpu);
double_unlock_balance(later_rq, rq);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 058/313] x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (55 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 057/313] sched/deadline: Fix bandwidth accounting at all levels after offline migration Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 059/313] rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region Greg Kroah-Hartman
` (259 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grzegorz Halat, Thomas Gleixner,
Don Zickus, Sasha Levin
From: Grzegorz Halat <ghalat@redhat.com>
[ Upstream commit 747d5a1bf293dcb33af755a6d285d41b8c1ea010 ]
A reboot request sends an IPI via the reboot vector and waits for all other
CPUs to stop. If one or more CPUs are in critical regions with interrupts
disabled then the IPI is not handled on those CPUs and the shutdown hangs
if native_stop_other_cpus() is called with the wait argument set.
Such a situation can happen when one CPU was stopped within a lock held
section and another CPU is trying to acquire that lock with interrupts
disabled. There are other scenarios which can cause such a lockup as well.
In theory the shutdown should be attempted by an NMI IPI after the timeout
period elapsed. Though the wait loop after sending the reboot vector IPI
prevents this. It checks the wait request argument and the timeout. If wait
is set, which is true for sys_reboot() then it won't fall through to the
NMI shutdown method after the timeout period has finished.
This was an oversight when the NMI shutdown mechanism was added to handle
the 'reboot IPI is not working' situation. The mechanism was added to deal
with stuck panic shutdowns, which do not have the wait request set, so the
'wait request' case was probably not considered.
Remove the wait check from the post reboot vector IPI wait loop and enforce
that the wait loop in the NMI fallback path is invoked even if NMI IPIs are
disabled or the registration of the NMI handler fails. That second wait
loop will then hang if not all CPUs shutdown and the wait argument is set.
[ tglx: Avoid the hard to parse line break in the NMI fallback path,
add comments and massage the changelog ]
Fixes: 7d007d21e539 ("x86/reboot: Use NMI to assist in shutting down if IRQ fails")
Signed-off-by: Grzegorz Halat <ghalat@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Don Zickus <dzickus@redhat.com>
Link: https://lkml.kernel.org/r/20190628122813.15500-1-ghalat@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/smp.c | 46 +++++++++++++++++++++++++------------------
1 file changed, 27 insertions(+), 19 deletions(-)
diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
index 4693e2f3a03ec..f2a749586252e 100644
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
@@ -179,6 +179,12 @@ asmlinkage __visible void smp_reboot_interrupt(void)
irq_exit();
}
+static int register_stop_handler(void)
+{
+ return register_nmi_handler(NMI_LOCAL, smp_stop_nmi_callback,
+ NMI_FLAG_FIRST, "smp_stop");
+}
+
static void native_stop_other_cpus(int wait)
{
unsigned long flags;
@@ -212,39 +218,41 @@ static void native_stop_other_cpus(int wait)
apic->send_IPI_allbutself(REBOOT_VECTOR);
/*
- * Don't wait longer than a second if the caller
- * didn't ask us to wait.
+ * Don't wait longer than a second for IPI completion. The
+ * wait request is not checked here because that would
+ * prevent an NMI shutdown attempt in case that not all
+ * CPUs reach shutdown state.
*/
timeout = USEC_PER_SEC;
- while (num_online_cpus() > 1 && (wait || timeout--))
+ while (num_online_cpus() > 1 && timeout--)
udelay(1);
}
-
- /* if the REBOOT_VECTOR didn't work, try with the NMI */
- if ((num_online_cpus() > 1) && (!smp_no_nmi_ipi)) {
- if (register_nmi_handler(NMI_LOCAL, smp_stop_nmi_callback,
- NMI_FLAG_FIRST, "smp_stop"))
- /* Note: we ignore failures here */
- /* Hope the REBOOT_IRQ is good enough */
- goto finish;
-
- /* sync above data before sending IRQ */
- wmb();
- pr_emerg("Shutting down cpus with NMI\n");
+ /* if the REBOOT_VECTOR didn't work, try with the NMI */
+ if (num_online_cpus() > 1) {
+ /*
+ * If NMI IPI is enabled, try to register the stop handler
+ * and send the IPI. In any case try to wait for the other
+ * CPUs to stop.
+ */
+ if (!smp_no_nmi_ipi && !register_stop_handler()) {
+ /* Sync above data before sending IRQ */
+ wmb();
- apic->send_IPI_allbutself(NMI_VECTOR);
+ pr_emerg("Shutting down cpus with NMI\n");
+ apic->send_IPI_allbutself(NMI_VECTOR);
+ }
/*
- * Don't wait longer than a 10 ms if the caller
- * didn't ask us to wait.
+ * Don't wait longer than 10 ms if the caller didn't
+ * reqeust it. If wait is true, the machine hangs here if
+ * one or more CPUs do not reach shutdown state.
*/
timeout = USEC_PER_MSEC * 10;
while (num_online_cpus() > 1 && (wait || timeout--))
udelay(1);
}
-finish:
local_irq_save(flags);
disable_local_APIC();
mcheck_cpu_clear(this_cpu_ptr(&cpu_info));
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 059/313] rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (56 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 058/313] x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 060/313] x86/apic: Soft disable APIC before initializing it Greg Kroah-Hartman
` (258 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Dietmar Eggemann,
Juri Lelli, Linus Torvalds, Thomas Gleixner, bristot, claudio,
lizefan, longman, luca.abeni, mathieu.poirier, rostedt, tj,
tommaso.cucinotta, Ingo Molnar, Sasha Levin
From: Juri Lelli <juri.lelli@redhat.com>
[ Upstream commit 1a763fd7c6335e3122c1cc09576ef6c99ada4267 ]
sched_setscheduler() needs to acquire cpuset_rwsem, but it is currently
called from an invalid (atomic) context by rcu_spawn_gp_kthread().
Fix that by simply moving sched_setscheduler_nocheck() call outside of
the atomic region, as it doesn't actually require to be guarded by
rcu_node lock.
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Signed-off-by: Juri Lelli <juri.lelli@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bristot@redhat.com
Cc: claudio@evidence.eu.com
Cc: lizefan@huawei.com
Cc: longman@redhat.com
Cc: luca.abeni@santannapisa.it
Cc: mathieu.poirier@linaro.org
Cc: rostedt@goodmis.org
Cc: tj@kernel.org
Cc: tommaso.cucinotta@santannapisa.it
Link: https://lkml.kernel.org/r/20190719140000.31694-8-juri.lelli@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index 980ca3ca643fb..32ea75acba144 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3123,13 +3123,13 @@ static int __init rcu_spawn_gp_kthread(void)
t = kthread_create(rcu_gp_kthread, NULL, "%s", rcu_state.name);
if (WARN_ONCE(IS_ERR(t), "%s: Could not start grace-period kthread, OOM is now expected behavior\n", __func__))
return 0;
+ if (kthread_prio)
+ sched_setscheduler_nocheck(t, SCHED_FIFO, &sp);
rnp = rcu_get_root();
raw_spin_lock_irqsave_rcu_node(rnp, flags);
rcu_state.gp_kthread = t;
- if (kthread_prio) {
+ if (kthread_prio)
sp.sched_priority = kthread_prio;
- sched_setscheduler_nocheck(t, SCHED_FIFO, &sp);
- }
raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
wake_up_process(t);
rcu_spawn_nocb_kthreads();
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 060/313] x86/apic: Soft disable APIC before initializing it
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (57 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 059/313] rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 061/313] ALSA: hda - Show the fatal CORB/RIRB error more clearly Greg Kroah-Hartman
` (257 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner,
Peter Zijlstra (Intel),
Sasha Levin
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 2640da4cccf5cc613bf26f0998b9e340f4b5f69c ]
If the APIC was already enabled on entry of setup_local_APIC() then
disabling it soft via the SPIV register makes a lot of sense.
That masks all LVT entries and brings it into a well defined state.
Otherwise previously enabled LVTs which are not touched in the setup
function stay unmasked and might surprise the just booting kernel.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20190722105219.068290579@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apic/apic.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 67d1259e0f7c0..a18d6dd934e55 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1550,6 +1550,14 @@ static void setup_local_APIC(void)
return;
}
+ /*
+ * If this comes from kexec/kcrash the APIC might be enabled in
+ * SPIV. Soft disable it before doing further initialization.
+ */
+ value = apic_read(APIC_SPIV);
+ value &= ~APIC_SPIV_APIC_ENABLED;
+ apic_write(APIC_SPIV, value);
+
#ifdef CONFIG_X86_32
/* Pound the ESR really hard over the head with a big hammer - mbligh */
if (lapic_is_integrated() && apic->disable_esr) {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 061/313] ALSA: hda - Show the fatal CORB/RIRB error more clearly
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (58 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 060/313] x86/apic: Soft disable APIC before initializing it Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 062/313] ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() Greg Kroah-Hartman
` (256 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit dd65f7e19c6961ba6a69f7c925021b7a270cb950 ]
The last fallback of CORB/RIRB communication error recovery is to turn
on the single command mode, and this last resort usually means that
something is really screwed up. Instead of a normal dev_err(), show
the error more clearly with dev_WARN() with the caller stack trace.
Also, show the bus-reset fallback also as an error, too.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_controller.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/hda_controller.c b/sound/pci/hda/hda_controller.c
index dd96def48a3a1..1158bcf551488 100644
--- a/sound/pci/hda/hda_controller.c
+++ b/sound/pci/hda/hda_controller.c
@@ -869,10 +869,13 @@ static int azx_rirb_get_response(struct hdac_bus *bus, unsigned int addr,
*/
if (hbus->allow_bus_reset && !hbus->response_reset && !hbus->in_reset) {
hbus->response_reset = 1;
+ dev_err(chip->card->dev,
+ "No response from codec, resetting bus: last cmd=0x%08x\n",
+ bus->last_cmd[addr]);
return -EAGAIN; /* give a chance to retry */
}
- dev_err(chip->card->dev,
+ dev_WARN(chip->card->dev,
"azx_get_response timeout, switching to single_cmd mode: last cmd=0x%08x\n",
bus->last_cmd[addr]);
chip->single_cmd = 1;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 062/313] ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (59 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 061/313] ALSA: hda - Show the fatal CORB/RIRB error more clearly Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 063/313] EDAC/mc: Fix grain_bits calculation Greg Kroah-Hartman
` (255 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, Takashi Iwai, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 2127c01b7f63b06a21559f56a8c81a3c6535bd1a ]
In build_adc_controls(), there is an if statement on line 773 to check
whether ak->adc_info is NULL:
if (! ak->adc_info ||
! ak->adc_info[mixer_ch].switch_name)
When ak->adc_info is NULL, it is used on line 792:
knew.name = ak->adc_info[mixer_ch].selector_name;
Thus, a possible null-pointer dereference may occur.
To fix this bug, referring to lines 773 and 774, ak->adc_info
and ak->adc_info[mixer_ch].selector_name are checked before being used.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/i2c/other/ak4xxx-adda.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/sound/i2c/other/ak4xxx-adda.c b/sound/i2c/other/ak4xxx-adda.c
index 5f59316f982ae..7d15093844b92 100644
--- a/sound/i2c/other/ak4xxx-adda.c
+++ b/sound/i2c/other/ak4xxx-adda.c
@@ -775,11 +775,12 @@ static int build_adc_controls(struct snd_akm4xxx *ak)
return err;
memset(&knew, 0, sizeof(knew));
- knew.name = ak->adc_info[mixer_ch].selector_name;
- if (!knew.name) {
+ if (!ak->adc_info ||
+ !ak->adc_info[mixer_ch].selector_name) {
knew.name = "Capture Channel";
knew.index = mixer_ch + ak->idx_offset * 2;
- }
+ } else
+ knew.name = ak->adc_info[mixer_ch].selector_name;
knew.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
knew.info = ak4xxx_capture_source_info;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 063/313] EDAC/mc: Fix grain_bits calculation
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (60 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 062/313] ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 064/313] media: iguanair: add sanity checks Greg Kroah-Hartman
` (254 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Richter, Borislav Petkov,
linux-edac, James Morse, Mauro Carvalho Chehab, Tony Luck,
Sasha Levin
From: Robert Richter <rrichter@marvell.com>
[ Upstream commit 3724ace582d9f675134985727fd5e9811f23c059 ]
The grain in EDAC is defined as "minimum granularity for an error
report, in bytes". The following calculation of the grain_bits in
edac_mc is wrong:
grain_bits = fls_long(e->grain) + 1;
Where grain_bits is defined as:
grain = 1 << grain_bits
Example:
grain = 8 # 64 bit (8 bytes)
grain_bits = fls_long(8) + 1
grain_bits = 4 + 1 = 5
grain = 1 << grain_bits
grain = 1 << 5 = 32
Replace it with the correct calculation:
grain_bits = fls_long(e->grain - 1);
The example gives now:
grain_bits = fls_long(8 - 1)
grain_bits = fls_long(7)
grain_bits = 3
grain = 1 << 3 = 8
Also, check if the hardware reports a reasonable grain != 0 and fallback
with a warning to 1 byte granularity otherwise.
[ bp: massage a bit. ]
Signed-off-by: Robert Richter <rrichter@marvell.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: James Morse <james.morse@arm.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Link: https://lkml.kernel.org/r/20190624150758.6695-2-rrichter@marvell.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/edac_mc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
index 64922c8fa7e3b..d899d86897d06 100644
--- a/drivers/edac/edac_mc.c
+++ b/drivers/edac/edac_mc.c
@@ -1235,9 +1235,13 @@ void edac_mc_handle_error(const enum hw_event_mc_err_type type,
if (p > e->location)
*(p - 1) = '\0';
- /* Report the error via the trace interface */
- grain_bits = fls_long(e->grain) + 1;
+ /* Sanity-check driver-supplied grain value. */
+ if (WARN_ON_ONCE(!e->grain))
+ e->grain = 1;
+
+ grain_bits = fls_long(e->grain - 1);
+ /* Report the error via the trace interface */
if (IS_ENABLED(CONFIG_RAS))
trace_mc_event(type, e->msg, e->label, e->error_count,
mci->mc_idx, e->top_layer, e->mid_layer,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 064/313] media: iguanair: add sanity checks
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (61 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 063/313] EDAC/mc: Fix grain_bits calculation Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 065/313] cpuidle: teo: Allow tick to be stopped if PM QoS is used Greg Kroah-Hartman
` (253 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+01a77b82edaa374068e1,
Oliver Neukum, Sean Young, Mauro Carvalho Chehab, Sasha Levin
From: Oliver Neukum <oneukum@suse.com>
[ Upstream commit ab1cbdf159beba7395a13ab70bc71180929ca064 ]
The driver needs to check the endpoint types, too, as opposed
to the number of endpoints. This also requires moving the check earlier.
Reported-by: syzbot+01a77b82edaa374068e1@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/iguanair.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/media/rc/iguanair.c b/drivers/media/rc/iguanair.c
index ea05e125016a7..872d6441e512c 100644
--- a/drivers/media/rc/iguanair.c
+++ b/drivers/media/rc/iguanair.c
@@ -413,6 +413,10 @@ static int iguanair_probe(struct usb_interface *intf,
int ret, pipein, pipeout;
struct usb_host_interface *idesc;
+ idesc = intf->altsetting;
+ if (idesc->desc.bNumEndpoints < 2)
+ return -ENODEV;
+
ir = kzalloc(sizeof(*ir), GFP_KERNEL);
rc = rc_allocate_device(RC_DRIVER_IR_RAW);
if (!ir || !rc) {
@@ -427,18 +431,13 @@ static int iguanair_probe(struct usb_interface *intf,
ir->urb_in = usb_alloc_urb(0, GFP_KERNEL);
ir->urb_out = usb_alloc_urb(0, GFP_KERNEL);
- if (!ir->buf_in || !ir->packet || !ir->urb_in || !ir->urb_out) {
+ if (!ir->buf_in || !ir->packet || !ir->urb_in || !ir->urb_out ||
+ !usb_endpoint_is_int_in(&idesc->endpoint[0].desc) ||
+ !usb_endpoint_is_int_out(&idesc->endpoint[1].desc)) {
ret = -ENOMEM;
goto out;
}
- idesc = intf->altsetting;
-
- if (idesc->desc.bNumEndpoints < 2) {
- ret = -ENODEV;
- goto out;
- }
-
ir->rc = rc;
ir->dev = &intf->dev;
ir->udev = udev;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 065/313] cpuidle: teo: Allow tick to be stopped if PM QoS is used
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (62 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 064/313] media: iguanair: add sanity checks Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 066/313] arm64: mm: free the initrd reserved memblock in a aligned manner Greg Kroah-Hartman
` (252 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit cab09f3d2d2a0a6cb3dfb678660d67a2c3764f50 ]
The TEO goveror prevents the scheduler tick from being stopped (unless
stopped already) if there is a PM QoS latency constraint for the given
CPU and the target residency of the deepest idle state matching that
constraint is below the tick boundary.
However, that is problematic if CPUs with PM QoS latency constraints
are idle for long times, because it effectively causes the tick to
run on them all the time which is wasteful. [It is also confusing
and questionable if they are full dynticks CPUs.]
To address that issue, modify the TEO governor to carry out the
entire search for the most suitable idle state (from the target
residency perspective) even if a latency constraint is present,
to allow it to determine the expected idle duration in all cases.
Also, when using the last several measured idle duration values
to refine the idle state selection, make it compare those values
with the current expected idle duration value (instead of
comparing them with the target residency of the idle state
selected so far) which should prevent the tick from being
retained when it makes sense to stop it sometimes (especially
in the presence of PM QoS latency constraints).
Fixes: b26bf6ab716f ("cpuidle: New timer events oriented governor for tickless systems")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpuidle/governors/teo.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/drivers/cpuidle/governors/teo.c b/drivers/cpuidle/governors/teo.c
index 7d05efdbd3c66..12d9e6cecf1de 100644
--- a/drivers/cpuidle/governors/teo.c
+++ b/drivers/cpuidle/governors/teo.c
@@ -242,7 +242,7 @@ static int teo_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
struct teo_cpu *cpu_data = per_cpu_ptr(&teo_cpus, dev->cpu);
int latency_req = cpuidle_governor_latency_req(dev->cpu);
unsigned int duration_us, count;
- int max_early_idx, idx, i;
+ int max_early_idx, constraint_idx, idx, i;
ktime_t delta_tick;
if (cpu_data->last_state >= 0) {
@@ -257,6 +257,7 @@ static int teo_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
count = 0;
max_early_idx = -1;
+ constraint_idx = drv->state_count;
idx = -1;
for (i = 0; i < drv->state_count; i++) {
@@ -286,16 +287,8 @@ static int teo_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
if (s->target_residency > duration_us)
break;
- if (s->exit_latency > latency_req) {
- /*
- * If we break out of the loop for latency reasons, use
- * the target residency of the selected state as the
- * expected idle duration to avoid stopping the tick
- * as long as that target residency is low enough.
- */
- duration_us = drv->states[idx].target_residency;
- goto refine;
- }
+ if (s->exit_latency > latency_req && constraint_idx > i)
+ constraint_idx = i;
idx = i;
@@ -321,7 +314,13 @@ static int teo_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
duration_us = drv->states[idx].target_residency;
}
-refine:
+ /*
+ * If there is a latency constraint, it may be necessary to use a
+ * shallower idle state than the one selected so far.
+ */
+ if (constraint_idx < idx)
+ idx = constraint_idx;
+
if (idx < 0) {
idx = 0; /* No states enabled. Must use 0. */
} else if (idx > 0) {
@@ -331,13 +330,12 @@ static int teo_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
/*
* Count and sum the most recent idle duration values less than
- * the target residency of the state selected so far, find the
- * max.
+ * the current expected idle duration value.
*/
for (i = 0; i < INTERVALS; i++) {
unsigned int val = cpu_data->intervals[i];
- if (val >= drv->states[idx].target_residency)
+ if (val >= duration_us)
continue;
count++;
@@ -356,8 +354,10 @@ static int teo_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
* would be too shallow.
*/
if (!(tick_nohz_tick_stopped() && avg_us < TICK_USEC)) {
- idx = teo_find_shallower_state(drv, dev, idx, avg_us);
duration_us = avg_us;
+ if (drv->states[idx].target_residency > avg_us)
+ idx = teo_find_shallower_state(drv, dev,
+ idx, avg_us);
}
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 066/313] arm64: mm: free the initrd reserved memblock in a aligned manner
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (63 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 065/313] cpuidle: teo: Allow tick to be stopped if PM QoS is used Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 067/313] soc: amlogic: meson-clk-measure: protect measure with a mutex Greg Kroah-Hartman
` (251 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Junhua Huang, Will Deacon, Sasha Levin
From: Junhua Huang <huang.junhua@zte.com.cn>
[ Upstream commit 13776f9d40a028a245bb766269e360f5b7a62721 ]
We should free the initrd reserved memblock in an aligned manner,
because the initrd reserves the memblock in an aligned manner
in arm64_memblock_init().
Otherwise there are some fragments in memblock_reserved regions
after free_initrd_mem(). e.g.:
/sys/kernel/debug/memblock # cat reserved
0: 0x0000000080080000..0x00000000817fafff
1: 0x0000000083400000..0x0000000083ffffff
2: 0x0000000090000000..0x000000009000407f
3: 0x00000000b0000000..0x00000000b000003f
4: 0x00000000b26184ea..0x00000000b2618fff
The fragments like the ranges from b0000000 to b000003f and
from b26184ea to b2618fff should be freed.
And we can do free_reserved_area() after memblock_free(),
as free_reserved_area() calls __free_pages(), once we've done
that it could be allocated somewhere else,
but memblock and iomem still say this is reserved memory.
Fixes: 05c58752f9dc ("arm64: To remove initrd reserved area entry from memblock")
Signed-off-by: Junhua Huang <huang.junhua@zte.com.cn>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/mm/init.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index f3c795278def0..b1ee6cb4b17fc 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -570,8 +570,12 @@ void free_initmem(void)
#ifdef CONFIG_BLK_DEV_INITRD
void __init free_initrd_mem(unsigned long start, unsigned long end)
{
+ unsigned long aligned_start, aligned_end;
+
+ aligned_start = __virt_to_phys(start) & PAGE_MASK;
+ aligned_end = PAGE_ALIGN(__virt_to_phys(end));
+ memblock_free(aligned_start, aligned_end - aligned_start);
free_reserved_area((void *)start, (void *)end, 0, "initrd");
- memblock_free(__virt_to_phys(start), end - start);
}
#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 067/313] soc: amlogic: meson-clk-measure: protect measure with a mutex
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (64 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 066/313] arm64: mm: free the initrd reserved memblock in a aligned manner Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 068/313] base: soc: Export soc_device_register/unregister APIs Greg Kroah-Hartman
` (250 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Hilman, Martin Blumenstingl,
Neil Armstrong, Sasha Levin
From: Neil Armstrong <narmstrong@baylibre.com>
[ Upstream commit 3a760d986568b67d1f8411dab64608075817b90d ]
In order to protect clock measuring when multiple process asks for
a measure, protect the main measure function with mutexes.
Reviewed-by: Kevin Hilman <khilman@baylibre.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/amlogic/meson-clk-measure.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/amlogic/meson-clk-measure.c b/drivers/soc/amlogic/meson-clk-measure.c
index 19d4cbc93a17a..c470e24f1dfa6 100644
--- a/drivers/soc/amlogic/meson-clk-measure.c
+++ b/drivers/soc/amlogic/meson-clk-measure.c
@@ -11,6 +11,8 @@
#include <linux/debugfs.h>
#include <linux/regmap.h>
+static DEFINE_MUTEX(measure_lock);
+
#define MSR_CLK_DUTY 0x0
#define MSR_CLK_REG0 0x4
#define MSR_CLK_REG1 0x8
@@ -360,6 +362,10 @@ static int meson_measure_id(struct meson_msr_id *clk_msr_id,
unsigned int val;
int ret;
+ ret = mutex_lock_interruptible(&measure_lock);
+ if (ret)
+ return ret;
+
regmap_write(priv->regmap, MSR_CLK_REG0, 0);
/* Set measurement duration */
@@ -377,8 +383,10 @@ static int meson_measure_id(struct meson_msr_id *clk_msr_id,
ret = regmap_read_poll_timeout(priv->regmap, MSR_CLK_REG0,
val, !(val & MSR_BUSY), 10, 10000);
- if (ret)
+ if (ret) {
+ mutex_unlock(&measure_lock);
return ret;
+ }
/* Disable */
regmap_update_bits(priv->regmap, MSR_CLK_REG0, MSR_ENABLE, 0);
@@ -386,6 +394,8 @@ static int meson_measure_id(struct meson_msr_id *clk_msr_id,
/* Get the value in multiple of gate time counts */
regmap_read(priv->regmap, MSR_CLK_REG2, &val);
+ mutex_unlock(&measure_lock);
+
if (val >= MSR_VAL_MASK)
return -EINVAL;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 068/313] base: soc: Export soc_device_register/unregister APIs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (65 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 067/313] soc: amlogic: meson-clk-measure: protect measure with a mutex Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 069/313] ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid Greg Kroah-Hartman
` (249 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vinod Koul, Vaishali Thakkar,
Stephen Boyd, Bjorn Andersson, Sasha Levin
From: Vinod Koul <vkoul@kernel.org>
[ Upstream commit f7ccc7a397cf2ef64aebb2f726970b93203858d2 ]
Qcom Socinfo driver can be built as a module, so
export these two APIs.
Tested-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Vaishali Thakkar <vaishali.thakkar@linaro.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/soc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/base/soc.c b/drivers/base/soc.c
index 10b280f30217b..7e91894a380b5 100644
--- a/drivers/base/soc.c
+++ b/drivers/base/soc.c
@@ -157,6 +157,7 @@ struct soc_device *soc_device_register(struct soc_device_attribute *soc_dev_attr
out1:
return ERR_PTR(ret);
}
+EXPORT_SYMBOL_GPL(soc_device_register);
/* Ensure soc_dev->attr is freed prior to calling soc_device_unregister. */
void soc_device_unregister(struct soc_device *soc_dev)
@@ -166,6 +167,7 @@ void soc_device_unregister(struct soc_device *soc_dev)
device_unregister(&soc_dev->dev);
early_soc_dev_attr = NULL;
}
+EXPORT_SYMBOL_GPL(soc_device_unregister);
static int __init soc_bus_register(void)
{
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 069/313] ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (66 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 068/313] base: soc: Export soc_device_register/unregister APIs Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 070/313] ia64:unwind: fix double free for mod->arch.init_unw_table Greg Kroah-Hartman
` (248 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard van Breemen, Takashi Iwai, Sasha Levin
From: Ard van Breemen <ard@kwaak.net>
[ Upstream commit 1b34121d9f26d272b0b2334209af6b6fc82d4bf1 ]
The Linux kernel assumes that get_endpoint(alts,0) and
get_endpoint(alts,1) are eachothers feedback endpoints.
To reassure that validity it will test bsynchaddress to comply with that
assumption. But if the bsyncaddress is 0 (invalid), it will flag that as
a wrong assumption and return an error.
Fix: Skip the test if bSynchAddress is 0.
Note: those with a valid bSynchAddress should have a code quirck added.
Signed-off-by: Ard van Breemen <ard@kwaak.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/usb/pcm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
index e4bbf79de956e..33cd26763c0ee 100644
--- a/sound/usb/pcm.c
+++ b/sound/usb/pcm.c
@@ -457,6 +457,7 @@ static int set_sync_endpoint(struct snd_usb_substream *subs,
}
ep = get_endpoint(alts, 1)->bEndpointAddress;
if (get_endpoint(alts, 0)->bLength >= USB_DT_ENDPOINT_AUDIO_SIZE &&
+ get_endpoint(alts, 0)->bSynchAddress != 0 &&
((is_playback && ep != (unsigned int)(get_endpoint(alts, 0)->bSynchAddress | USB_DIR_IN)) ||
(!is_playback && ep != (unsigned int)(get_endpoint(alts, 0)->bSynchAddress & ~USB_DIR_IN)))) {
dev_err(&dev->dev,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 070/313] ia64:unwind: fix double free for mod->arch.init_unw_table
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (67 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 069/313] ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 071/313] EDAC/altera: Use the proper type for the IRQ status bits Greg Kroah-Hartman
` (247 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, chenzefeng, Tony Luck, Sasha Levin
From: chenzefeng <chenzefeng2@huawei.com>
[ Upstream commit c5e5c48c16422521d363c33cfb0dcf58f88c119b ]
The function free_module in file kernel/module.c as follow:
void free_module(struct module *mod) {
......
module_arch_cleanup(mod);
......
module_arch_freeing_init(mod);
......
}
Both module_arch_cleanup and module_arch_freeing_init function
would free the mod->arch.init_unw_table, which cause double free.
Here, set mod->arch.init_unw_table = NULL after remove the unwind
table to avoid double free.
Signed-off-by: chenzefeng <chenzefeng2@huawei.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/ia64/kernel/module.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
index 326448f9df160..1a42ba885188a 100644
--- a/arch/ia64/kernel/module.c
+++ b/arch/ia64/kernel/module.c
@@ -914,10 +914,14 @@ module_finalize (const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, struct module *mo
void
module_arch_cleanup (struct module *mod)
{
- if (mod->arch.init_unw_table)
+ if (mod->arch.init_unw_table) {
unw_remove_unwind_table(mod->arch.init_unw_table);
- if (mod->arch.core_unw_table)
+ mod->arch.init_unw_table = NULL;
+ }
+ if (mod->arch.core_unw_table) {
unw_remove_unwind_table(mod->arch.core_unw_table);
+ mod->arch.core_unw_table = NULL;
+ }
}
void *dereference_module_function_descriptor(struct module *mod, void *ptr)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 071/313] EDAC/altera: Use the proper type for the IRQ status bits
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (68 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 070/313] ia64:unwind: fix double free for mod->arch.init_unw_table Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 072/313] ASoC: rsnd: dont call clk_get_rate() under atomic context Greg Kroah-Hartman
` (246 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Borislav Petkov,
Thor Thayer, James Morse, kernel-janitors, linux-edac,
Mauro Carvalho Chehab, Tony Luck, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 8faa1cf6ed82f33009f63986c3776cc48af1b7b2 ]
Smatch complains about the cast of a u32 pointer to unsigned long:
drivers/edac/altera_edac.c:1878 altr_edac_a10_irq_handler()
warn: passing casted pointer '&irq_status' to 'find_first_bit()'
This code wouldn't work on a 64 bit big endian system because it would
read past the end of &irq_status.
[ bp: massage. ]
Fixes: 13ab8448d2c9 ("EDAC, altera: Add ECC Manager IRQ controller support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Thor Thayer <thor.thayer@linux.intel.com>
Cc: James Morse <james.morse@arm.com>
Cc: kernel-janitors@vger.kernel.org
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Link: https://lkml.kernel.org/r/20190624134717.GA1754@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/altera_edac.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c
index 8816f74a22b4a..2d12b94eccda2 100644
--- a/drivers/edac/altera_edac.c
+++ b/drivers/edac/altera_edac.c
@@ -1829,6 +1829,7 @@ static void altr_edac_a10_irq_handler(struct irq_desc *desc)
struct altr_arria10_edac *edac = irq_desc_get_handler_data(desc);
struct irq_chip *chip = irq_desc_get_chip(desc);
int irq = irq_desc_get_irq(desc);
+ unsigned long bits;
dberr = (irq == edac->db_irq) ? 1 : 0;
sm_offset = dberr ? A10_SYSMGR_ECC_INTSTAT_DERR_OFST :
@@ -1838,7 +1839,8 @@ static void altr_edac_a10_irq_handler(struct irq_desc *desc)
regmap_read(edac->ecc_mgr_map, sm_offset, &irq_status);
- for_each_set_bit(bit, (unsigned long *)&irq_status, 32) {
+ bits = irq_status;
+ for_each_set_bit(bit, &bits, 32) {
irq = irq_linear_revmap(edac->domain, dberr * 32 + bit);
if (irq)
generic_handle_irq(irq);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 072/313] ASoC: rsnd: dont call clk_get_rate() under atomic context
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (69 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 071/313] EDAC/altera: Use the proper type for the IRQ status bits Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 073/313] arm64/prefetch: fix a -Wtype-limits warning Greg Kroah-Hartman
` (245 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leon Kong, Kuninori Morimoto,
Mark Brown, Sasha Levin
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
[ Upstream commit 06e8f5c842f2dbb232897ba967ea7b422745c271 ]
ADG is using clk_get_rate() under atomic context, thus, we might
have scheduling issue.
To avoid this issue, we need to get/keep clk rate under
non atomic context.
We need to handle ADG as special device at Renesas Sound driver.
>From SW point of view, we want to impletent it as
rsnd_mod_ops :: prepare, but it makes code just complicate.
To avoid complicated code/patch, this patch adds new clk_rate[] array,
and keep clk IN rate when rsnd_adg_clk_enable() was called.
Reported-by: Leon Kong <Leon.KONG@cn.bosch.com>
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Tested-by: Leon Kong <Leon.KONG@cn.bosch.com>
Link: https://lore.kernel.org/r/87v9vb0xkp.wl-kuninori.morimoto.gx@renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sh/rcar/adg.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/sound/soc/sh/rcar/adg.c b/sound/soc/sh/rcar/adg.c
index e821ccc70f478..141d9a030c59a 100644
--- a/sound/soc/sh/rcar/adg.c
+++ b/sound/soc/sh/rcar/adg.c
@@ -30,6 +30,7 @@ struct rsnd_adg {
struct clk *clkout[CLKOUTMAX];
struct clk_onecell_data onecell;
struct rsnd_mod mod;
+ int clk_rate[CLKMAX];
u32 flags;
u32 ckr;
u32 rbga;
@@ -113,9 +114,9 @@ static void __rsnd_adg_get_timesel_ratio(struct rsnd_priv *priv,
unsigned int val, en;
unsigned int min, diff;
unsigned int sel_rate[] = {
- clk_get_rate(adg->clk[CLKA]), /* 0000: CLKA */
- clk_get_rate(adg->clk[CLKB]), /* 0001: CLKB */
- clk_get_rate(adg->clk[CLKC]), /* 0010: CLKC */
+ adg->clk_rate[CLKA], /* 0000: CLKA */
+ adg->clk_rate[CLKB], /* 0001: CLKB */
+ adg->clk_rate[CLKC], /* 0010: CLKC */
adg->rbga_rate_for_441khz, /* 0011: RBGA */
adg->rbgb_rate_for_48khz, /* 0100: RBGB */
};
@@ -301,7 +302,7 @@ int rsnd_adg_clk_query(struct rsnd_priv *priv, unsigned int rate)
* AUDIO_CLKA/AUDIO_CLKB/AUDIO_CLKC/AUDIO_CLKI.
*/
for_each_rsnd_clk(clk, adg, i) {
- if (rate == clk_get_rate(clk))
+ if (rate == adg->clk_rate[i])
return sel_table[i];
}
@@ -368,10 +369,18 @@ void rsnd_adg_clk_control(struct rsnd_priv *priv, int enable)
for_each_rsnd_clk(clk, adg, i) {
ret = 0;
- if (enable)
+ if (enable) {
ret = clk_prepare_enable(clk);
- else
+
+ /*
+ * We shouldn't use clk_get_rate() under
+ * atomic context. Let's keep it when
+ * rsnd_adg_clk_enable() was called
+ */
+ adg->clk_rate[i] = clk_get_rate(adg->clk[i]);
+ } else {
clk_disable_unprepare(clk);
+ }
if (ret < 0)
dev_warn(dev, "can't use clk %d\n", i);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 073/313] arm64/prefetch: fix a -Wtype-limits warning
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (70 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 072/313] ASoC: rsnd: dont call clk_get_rate() under atomic context Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 074/313] md/raid1: end bio when the device faulty Greg Kroah-Hartman
` (244 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qian Cai, Will Deacon, Sasha Levin
From: Qian Cai <cai@lca.pw>
[ Upstream commit b99286b088ea843b935dcfb29f187697359fe5cd ]
The commit d5370f754875 ("arm64: prefetch: add alternative pattern for
CPUs without a prefetcher") introduced MIDR_IS_CPU_MODEL_RANGE() to be
used in has_no_hw_prefetch() with rv_min=0 which generates a compilation
warning from GCC,
In file included from ./arch/arm64/include/asm/cache.h:8,
from ./include/linux/cache.h:6,
from ./include/linux/printk.h:9,
from ./include/linux/kernel.h:15,
from ./include/linux/cpumask.h:10,
from arch/arm64/kernel/cpufeature.c:11:
arch/arm64/kernel/cpufeature.c: In function 'has_no_hw_prefetch':
./arch/arm64/include/asm/cputype.h:59:26: warning: comparison of
unsigned expression >= 0 is always true [-Wtype-limits]
_model == (model) && rv >= (rv_min) && rv <= (rv_max); \
^~
arch/arm64/kernel/cpufeature.c:889:9: note: in expansion of macro
'MIDR_IS_CPU_MODEL_RANGE'
return MIDR_IS_CPU_MODEL_RANGE(midr, MIDR_THUNDERX,
^~~~~~~~~~~~~~~~~~~~~~~
Fix it by converting MIDR_IS_CPU_MODEL_RANGE to a static inline
function.
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/cputype.h | 21 +++++++++++----------
arch/arm64/kernel/cpufeature.c | 2 +-
2 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h
index e7d46631cc42b..b1454d117cd2c 100644
--- a/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -51,14 +51,6 @@
#define MIDR_CPU_MODEL_MASK (MIDR_IMPLEMENTOR_MASK | MIDR_PARTNUM_MASK | \
MIDR_ARCHITECTURE_MASK)
-#define MIDR_IS_CPU_MODEL_RANGE(midr, model, rv_min, rv_max) \
-({ \
- u32 _model = (midr) & MIDR_CPU_MODEL_MASK; \
- u32 rv = (midr) & (MIDR_REVISION_MASK | MIDR_VARIANT_MASK); \
- \
- _model == (model) && rv >= (rv_min) && rv <= (rv_max); \
- })
-
#define ARM_CPU_IMP_ARM 0x41
#define ARM_CPU_IMP_APM 0x50
#define ARM_CPU_IMP_CAVIUM 0x43
@@ -159,10 +151,19 @@ struct midr_range {
#define MIDR_REV(m, v, r) MIDR_RANGE(m, v, r, v, r)
#define MIDR_ALL_VERSIONS(m) MIDR_RANGE(m, 0, 0, 0xf, 0xf)
+static inline bool midr_is_cpu_model_range(u32 midr, u32 model, u32 rv_min,
+ u32 rv_max)
+{
+ u32 _model = midr & MIDR_CPU_MODEL_MASK;
+ u32 rv = midr & (MIDR_REVISION_MASK | MIDR_VARIANT_MASK);
+
+ return _model == model && rv >= rv_min && rv <= rv_max;
+}
+
static inline bool is_midr_in_range(u32 midr, struct midr_range const *range)
{
- return MIDR_IS_CPU_MODEL_RANGE(midr, range->model,
- range->rv_min, range->rv_max);
+ return midr_is_cpu_model_range(midr, range->model,
+ range->rv_min, range->rv_max);
}
static inline bool
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 68faf535f40a3..d3fbb89a31e57 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -894,7 +894,7 @@ static bool has_no_hw_prefetch(const struct arm64_cpu_capabilities *entry, int _
u32 midr = read_cpuid_id();
/* Cavium ThunderX pass 1.x and 2.x */
- return MIDR_IS_CPU_MODEL_RANGE(midr, MIDR_THUNDERX,
+ return midr_is_cpu_model_range(midr, MIDR_THUNDERX,
MIDR_CPU_VAR_REV(0, 0),
MIDR_CPU_VAR_REV(1, MIDR_REVISION_MASK));
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 074/313] md/raid1: end bio when the device faulty
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (71 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 073/313] arm64/prefetch: fix a -Wtype-limits warning Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 075/313] md: dont call spare_active in md_reap_sync_thread if all member devices cant work Greg Kroah-Hartman
` (243 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yufen Yu, Song Liu, Sasha Levin
From: Yufen Yu <yuyufen@huawei.com>
[ Upstream commit eeba6809d8d58908b5ed1b5ceb5fcb09a98a7cad ]
When write bio return error, it would be added to conf->retry_list
and wait for raid1d thread to retry write and acknowledge badblocks.
In narrow_write_error(), the error bio will be split in the unit of
badblock shift (such as one sector) and raid1d thread issues them
one by one. Until all of the splited bio has finished, raid1d thread
can go on processing other things, which is time consuming.
But, there is a scene for error handling that is not necessary.
When the device has been set faulty, flush_bio_list() may end
bios in pending_bio_list with error status. Since these bios
has not been issued to the device actually, error handlding to
retry write and acknowledge badblocks make no sense.
Even without that scene, when the device is faulty, badblocks info
can not be written out to the device. Thus, we also no need to
handle the error IO.
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid1.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 2aa36e570e049..a26731a9b38e7 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -426,19 +426,21 @@ static void raid1_end_write_request(struct bio *bio)
/* We never try FailFast to WriteMostly devices */
!test_bit(WriteMostly, &rdev->flags)) {
md_error(r1_bio->mddev, rdev);
- if (!test_bit(Faulty, &rdev->flags))
- /* This is the only remaining device,
- * We need to retry the write without
- * FailFast
- */
- set_bit(R1BIO_WriteError, &r1_bio->state);
- else {
- /* Finished with this branch */
- r1_bio->bios[mirror] = NULL;
- to_put = bio;
- }
- } else
+ }
+
+ /*
+ * When the device is faulty, it is not necessary to
+ * handle write error.
+ * For failfast, this is the only remaining device,
+ * We need to retry the write without FailFast.
+ */
+ if (!test_bit(Faulty, &rdev->flags))
set_bit(R1BIO_WriteError, &r1_bio->state);
+ else {
+ /* Finished with this branch */
+ r1_bio->bios[mirror] = NULL;
+ to_put = bio;
+ }
} else {
/*
* Set R1BIO_Uptodate in our master bio, so that we
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 075/313] md: dont call spare_active in md_reap_sync_thread if all member devices cant work
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (72 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 074/313] md/raid1: end bio when the device faulty Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 076/313] md: dont set In_sync if array is frozen Greg Kroah-Hartman
` (242 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Song Liu, Sasha Levin
From: Guoqing Jiang <jgq516@gmail.com>
[ Upstream commit 0d8ed0e9bf9643f27f4816dca61081784dedb38d ]
When add one disk to array, the md_reap_sync_thread is responsible
to activate the spare and set In_sync flag for the new member in
spare_active().
But if raid1 has one member disk A, and disk B is added to the array.
Then we offline A before all the datas are synchronized from A to B,
obviously B doesn't have the latest data as A, but B is still marked
with In_sync flag.
So let's not call spare_active under the condition, otherwise B is
still showed with 'U' state which is not correct.
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 9801d540fea1c..5e885b6c4240d 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8944,7 +8944,8 @@ void md_reap_sync_thread(struct mddev *mddev)
/* resync has finished, collect result */
md_unregister_thread(&mddev->sync_thread);
if (!test_bit(MD_RECOVERY_INTR, &mddev->recovery) &&
- !test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery)) {
+ !test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery) &&
+ mddev->degraded != mddev->raid_disks) {
/* success...*/
/* activate any spares */
if (mddev->pers->spare_active(mddev)) {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 076/313] md: dont set In_sync if array is frozen
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (73 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 075/313] md: dont call spare_active in md_reap_sync_thread if all member devices cant work Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 077/313] media: media/platform: fsl-viu.c: fix build for MICROBLAZE Greg Kroah-Hartman
` (241 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Song Liu, Sasha Levin
From: Guoqing Jiang <jgq516@gmail.com>
[ Upstream commit 062f5b2ae12a153644c765e7ba3b0f825427be1d ]
When a disk is added to array, the following path is called in mdadm.
Manage_subdevs -> sysfs_freeze_array
-> Manage_add
-> sysfs_set_str(&info, NULL, "sync_action","idle")
Then from kernel side, Manage_add invokes the path (add_new_disk ->
validate_super = super_1_validate) to set In_sync flag.
Since In_sync means "device is in_sync with rest of array", and the new
added disk need to resync thread to help the synchronization of data.
And md_reap_sync_thread would call spare_active to set In_sync for the
new added disk finally. So don't set In_sync if array is in frozen.
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 5e885b6c4240d..b3bfac5f2bdb6 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -1754,8 +1754,15 @@ static int super_1_validate(struct mddev *mddev, struct md_rdev *rdev)
if (!(le32_to_cpu(sb->feature_map) &
MD_FEATURE_RECOVERY_BITMAP))
rdev->saved_raid_disk = -1;
- } else
- set_bit(In_sync, &rdev->flags);
+ } else {
+ /*
+ * If the array is FROZEN, then the device can't
+ * be in_sync with rest of array.
+ */
+ if (!test_bit(MD_RECOVERY_FROZEN,
+ &mddev->recovery))
+ set_bit(In_sync, &rdev->flags);
+ }
rdev->raid_disk = role;
break;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 077/313] media: media/platform: fsl-viu.c: fix build for MICROBLAZE
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (74 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 076/313] md: dont set In_sync if array is frozen Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 078/313] RAS: Fix prototype warnings Greg Kroah-Hartman
` (240 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 6898dd580a045341f844862ceb775144156ec1af ]
arch/microblaze/ defines out_be32() and in_be32(), so don't do that
again in the driver source.
Fixes these build warnings:
../drivers/media/platform/fsl-viu.c:36: warning: "out_be32" redefined
../arch/microblaze/include/asm/io.h:50: note: this is the location of the previous definition
../drivers/media/platform/fsl-viu.c:37: warning: "in_be32" redefined
../arch/microblaze/include/asm/io.h:53: note: this is the location of the previous definition
Fixes: 29d750686331 ("media: fsl-viu: allow building it with COMPILE_TEST")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/fsl-viu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/fsl-viu.c b/drivers/media/platform/fsl-viu.c
index 691be788e38b3..b74e4f50d7d9f 100644
--- a/drivers/media/platform/fsl-viu.c
+++ b/drivers/media/platform/fsl-viu.c
@@ -32,7 +32,7 @@
#define VIU_VERSION "0.5.1"
/* Allow building this driver with COMPILE_TEST */
-#ifndef CONFIG_PPC
+#if !defined(CONFIG_PPC) && !defined(CONFIG_MICROBLAZE)
#define out_be32(v, a) iowrite32be(a, (void __iomem *)v)
#define in_be32(a) ioread32be((void __iomem *)a)
#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 078/313] RAS: Fix prototype warnings
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (75 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 077/313] media: media/platform: fsl-viu.c: fix build for MICROBLAZE Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 16:45 ` Borislav Petkov
2019-10-03 15:50 ` [PATCH 5.2 079/313] RAS: Build debugfs.o only when enabled in Kconfig Greg Kroah-Hartman
` (239 subsequent siblings)
316 siblings, 1 reply; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Valdis Kletnieks, Borislav Petkov,
Tony Luck, linux-edac, x86, Sasha Levin
From: Valdis Klētnieks <valdis.kletnieks@vt.edu>
[ Upstream commit 0a54b809a3a2c31e1055b45b03708eb730222be1 ]
When building with C=2 and/or W=1, legitimate warnings are issued about
missing prototypes:
CHECK drivers/ras/debugfs.c
drivers/ras/debugfs.c:4:15: warning: symbol 'ras_debugfs_dir' was not declared. Should it be static?
drivers/ras/debugfs.c:8:5: warning: symbol 'ras_userspace_consumers' was not declared. Should it be static?
drivers/ras/debugfs.c:38:12: warning: symbol 'ras_add_daemon_trace' was not declared. Should it be static?
drivers/ras/debugfs.c:54:13: warning: symbol 'ras_debugfs_init' was not declared. Should it be static?
CC drivers/ras/debugfs.o
drivers/ras/debugfs.c:8:5: warning: no previous prototype for 'ras_userspace_consumers' [-Wmissing-prototypes]
8 | int ras_userspace_consumers(void)
| ^~~~~~~~~~~~~~~~~~~~~~~
drivers/ras/debugfs.c:38:12: warning: no previous prototype for 'ras_add_daemon_trace' [-Wmissing-prototypes]
38 | int __init ras_add_daemon_trace(void)
| ^~~~~~~~~~~~~~~~~~~~
drivers/ras/debugfs.c:54:13: warning: no previous prototype for 'ras_debugfs_init' [-Wmissing-prototypes]
54 | void __init ras_debugfs_init(void)
| ^~~~~~~~~~~~~~~~
Provide the proper includes.
[ bp: Take care of the same warnings for cec.c too. ]
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-edac@vger.kernel.org
Cc: x86@kernel.org
Link: http://lkml.kernel.org/r/7168.1565218769@turing-police
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ras/cec.c | 1 +
drivers/ras/debugfs.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c
index f5795adc5a6e1..8037c490f3ba7 100644
--- a/drivers/ras/cec.c
+++ b/drivers/ras/cec.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/mm.h>
#include <linux/gfp.h>
+#include <linux/ras.h>
#include <linux/kernel.h>
#include <linux/workqueue.h>
diff --git a/drivers/ras/debugfs.c b/drivers/ras/debugfs.c
index 9c1b717efad86..0d4f985afbf37 100644
--- a/drivers/ras/debugfs.c
+++ b/drivers/ras/debugfs.c
@@ -1,5 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-only
#include <linux/debugfs.h>
+#include <linux/ras.h>
+#include "debugfs.h"
struct dentry *ras_debugfs_dir;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 079/313] RAS: Build debugfs.o only when enabled in Kconfig
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (76 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 078/313] RAS: Fix prototype warnings Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 080/313] ASoC: hdac_hda: fix page fault issue by removing race Greg Kroah-Hartman
` (238 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Valdis Kletnieks,
Borislav Petkov, Tony Luck, linux-edac, x86, Sasha Levin
From: Valdis Kletnieks <valdis.kletnieks@vt.edu>
[ Upstream commit b6ff24f7b5101101ff897dfdde3f37924e676bc2 ]
In addition, the 0day bot reported this build error:
>> drivers/ras/debugfs.c:10:5: error: redefinition of 'ras_userspace_consumers'
int ras_userspace_consumers(void)
^~~~~~~~~~~~~~~~~~~~~~~
In file included from drivers/ras/debugfs.c:3:0:
include/linux/ras.h:14:19: note: previous definition of 'ras_userspace_consumers' was here
static inline int ras_userspace_consumers(void) { return 0; }
^~~~~~~~~~~~~~~~~~~~~~~
for a riscv-specific .config where CONFIG_DEBUG_FS is not set. Fix all
that by making debugfs.o depend on that define.
[ bp: Rewrite commit message. ]
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-edac@vger.kernel.org
Cc: x86@kernel.org
Link: http://lkml.kernel.org/r/7053.1565218556@turing-police
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ras/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/ras/Makefile b/drivers/ras/Makefile
index ef6777e14d3df..6f0404f501071 100644
--- a/drivers/ras/Makefile
+++ b/drivers/ras/Makefile
@@ -1,3 +1,4 @@
# SPDX-License-Identifier: GPL-2.0-only
-obj-$(CONFIG_RAS) += ras.o debugfs.o
+obj-$(CONFIG_RAS) += ras.o
+obj-$(CONFIG_DEBUG_FS) += debugfs.o
obj-$(CONFIG_RAS_CEC) += cec.o
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 080/313] ASoC: hdac_hda: fix page fault issue by removing race
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (77 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 079/313] RAS: Build debugfs.o only when enabled in Kconfig Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 081/313] ACPI / processor: dont print errors for processorIDs == 0xff Greg Kroah-Hartman
` (237 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keyon Jie, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: Keyon Jie <yang.jie@linux.intel.com>
[ Upstream commit 804cbf4bb063204ca6c2471baa694548aab02ce3 ]
There is a race between hda codec device removing and the
jack-detecting work, which will lead to a page fault issue as the
latter work is accessing codec device which could be already removed.
Here add the cancellation of jack-detecting work before codecs are actually
removed to avoid the race and fix the issue.
Bug: https://github.com/thesofproject/linux/issues/1067
Signed-off-by: Keyon Jie <yang.jie@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20190807145030.26117-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/hdac_hda.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sound/soc/codecs/hdac_hda.c b/sound/soc/codecs/hdac_hda.c
index 7d49402569149..91242b6f8ea7a 100644
--- a/sound/soc/codecs/hdac_hda.c
+++ b/sound/soc/codecs/hdac_hda.c
@@ -495,6 +495,10 @@ static int hdac_hda_dev_probe(struct hdac_device *hdev)
static int hdac_hda_dev_remove(struct hdac_device *hdev)
{
+ struct hdac_hda_priv *hda_pvt;
+
+ hda_pvt = dev_get_drvdata(&hdev->dev);
+ cancel_delayed_work_sync(&hda_pvt->codec.jackpoll_work);
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 081/313] ACPI / processor: dont print errors for processorIDs == 0xff
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (78 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 080/313] ASoC: hdac_hda: fix page fault issue by removing race Greg Kroah-Hartman
@ 2019-10-03 15:50 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 082/313] loop: Add LOOP_SET_DIRECT_IO to compat ioctl Greg Kroah-Hartman
` (236 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:50 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Rafael J. Wysocki, Sasha Levin
From: Jiri Slaby <jslaby@suse.cz>
[ Upstream commit 2c2b005f549544c13ef4cfb0e4842949066889bc ]
Some platforms define their processors in this manner:
Device (SCK0)
{
Name (_HID, "ACPI0004" /* Module Device */) // _HID: Hardware ID
Name (_UID, "CPUSCK0") // _UID: Unique ID
Processor (CP00, 0x00, 0x00000410, 0x06){}
Processor (CP01, 0x02, 0x00000410, 0x06){}
Processor (CP02, 0x04, 0x00000410, 0x06){}
Processor (CP03, 0x06, 0x00000410, 0x06){}
Processor (CP04, 0x01, 0x00000410, 0x06){}
Processor (CP05, 0x03, 0x00000410, 0x06){}
Processor (CP06, 0x05, 0x00000410, 0x06){}
Processor (CP07, 0x07, 0x00000410, 0x06){}
Processor (CP08, 0xFF, 0x00000410, 0x06){}
Processor (CP09, 0xFF, 0x00000410, 0x06){}
Processor (CP0A, 0xFF, 0x00000410, 0x06){}
Processor (CP0B, 0xFF, 0x00000410, 0x06){}
...
The processors marked as 0xff are invalid, there are only 8 of them in
this case.
So do not print an error on ids == 0xff, just print an info message.
Actually, we could return ENODEV even on the first CPU with ID 0xff, but
ACPI spec does not forbid the 0xff value to be a processor ID. Given
0xff could be a correct one, we would break working systems if we
returned ENODEV.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_processor.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c
index 24f065114d424..2c4dda0787e84 100644
--- a/drivers/acpi/acpi_processor.c
+++ b/drivers/acpi/acpi_processor.c
@@ -279,9 +279,13 @@ static int acpi_processor_get_info(struct acpi_device *device)
}
if (acpi_duplicate_processor_id(pr->acpi_id)) {
- dev_err(&device->dev,
- "Failed to get unique processor _UID (0x%x)\n",
- pr->acpi_id);
+ if (pr->acpi_id == 0xff)
+ dev_info_once(&device->dev,
+ "Entry not well-defined, consider updating BIOS\n");
+ else
+ dev_err(&device->dev,
+ "Failed to get unique processor _UID (0x%x)\n",
+ pr->acpi_id);
return -ENODEV;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 082/313] loop: Add LOOP_SET_DIRECT_IO to compat ioctl
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (79 preceding siblings ...)
2019-10-03 15:50 ` [PATCH 5.2 081/313] ACPI / processor: dont print errors for processorIDs == 0xff Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 083/313] perf tools: Fix paths in include statements Greg Kroah-Hartman
` (235 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jens Axboe, Alessio Balsini, Sasha Levin
From: Alessio Balsini <balsini@android.com>
[ Upstream commit fdbe4eeeb1aac219b14f10c0ed31ae5d1123e9b8 ]
Enabling Direct I/O with loop devices helps reducing memory usage by
avoiding double caching. 32 bit applications running on 64 bits systems
are currently not able to request direct I/O because is missing from the
lo_compat_ioctl.
This patch fixes the compatibility issue mentioned above by exporting
LOOP_SET_DIRECT_IO as additional lo_compat_ioctl() entry.
The input argument for this ioctl is a single long converted to a 1-bit
boolean, so compatibility is preserved.
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Alessio Balsini <balsini@android.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/loop.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index e1739efca37eb..8e32930f65a1d 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1763,6 +1763,7 @@ static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode,
case LOOP_SET_FD:
case LOOP_CHANGE_FD:
case LOOP_SET_BLOCK_SIZE:
+ case LOOP_SET_DIRECT_IO:
err = lo_ioctl(bdev, mode, cmd, arg);
break;
default:
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 083/313] perf tools: Fix paths in include statements
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (80 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 082/313] loop: Add LOOP_SET_DIRECT_IO to compat ioctl Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 084/313] EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() Greg Kroah-Hartman
` (234 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luke Mujica, Alexander Shishkin,
Ian Rogers, Jiri Olsa, Peter Zijlstra, Stephane Eranian,
Arnaldo Carvalho de Melo, Sasha Levin
From: Luke Mujica <lukemujica@google.com>
[ Upstream commit 2b75863b0845764529e01014a5c90664d8044cbe ]
These paths point to the wrong location but still work because they get
picked up by a -I flag that happens to direct to the correct file. Fix
paths to lead to the actual file location without help from include
flags.
Signed-off-by: Luke Mujica <lukemujica@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/r/20190719202253.220261-1-lukemujica@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/arch/x86/util/kvm-stat.c | 4 ++--
tools/perf/arch/x86/util/tsc.c | 6 +++---
tools/perf/ui/helpline.c | 4 ++--
tools/perf/ui/util.c | 2 +-
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/tools/perf/arch/x86/util/kvm-stat.c b/tools/perf/arch/x86/util/kvm-stat.c
index 865a9762f22ef..3f84403c0983a 100644
--- a/tools/perf/arch/x86/util/kvm-stat.c
+++ b/tools/perf/arch/x86/util/kvm-stat.c
@@ -1,7 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
#include <errno.h>
-#include "../../util/kvm-stat.h"
-#include "../../util/evsel.h"
+#include "../../../util/kvm-stat.h"
+#include "../../../util/evsel.h"
#include <asm/svm.h>
#include <asm/vmx.h>
#include <asm/kvm.h>
diff --git a/tools/perf/arch/x86/util/tsc.c b/tools/perf/arch/x86/util/tsc.c
index 950539f9a4f77..b1eb963b4a6e1 100644
--- a/tools/perf/arch/x86/util/tsc.c
+++ b/tools/perf/arch/x86/util/tsc.c
@@ -5,10 +5,10 @@
#include <linux/stddef.h>
#include <linux/perf_event.h>
-#include "../../perf.h"
+#include "../../../perf.h"
#include <linux/types.h>
-#include "../../util/debug.h"
-#include "../../util/tsc.h"
+#include "../../../util/debug.h"
+#include "../../../util/tsc.h"
int perf_read_tsc_conversion(const struct perf_event_mmap_page *pc,
struct perf_tsc_conversion *tc)
diff --git a/tools/perf/ui/helpline.c b/tools/perf/ui/helpline.c
index b3c421429ed44..54bcd08df87e3 100644
--- a/tools/perf/ui/helpline.c
+++ b/tools/perf/ui/helpline.c
@@ -3,10 +3,10 @@
#include <stdlib.h>
#include <string.h>
-#include "../debug.h"
+#include "../util/debug.h"
#include "helpline.h"
#include "ui.h"
-#include "../util.h"
+#include "../util/util.h"
char ui_helpline__current[512];
diff --git a/tools/perf/ui/util.c b/tools/perf/ui/util.c
index 63bf06e80ab9d..9ed76e88a3e4c 100644
--- a/tools/perf/ui/util.c
+++ b/tools/perf/ui/util.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
#include "util.h"
-#include "../debug.h"
+#include "../util/debug.h"
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 084/313] EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (81 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 083/313] perf tools: Fix paths in include statements Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 085/313] efi: cper: print AER info of PCIe fatal error Greg Kroah-Hartman
` (233 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Douthit, Tony Luck, Sasha Levin
From: Stephen Douthit <stephend@silicom-usa.com>
[ Upstream commit 29a3388bfcce7a6d087051376ea02bf8326a957b ]
Depending on how BIOS has marked the reserved region containing the 32KB
MCHBAR you can get warnings like:
resource sanity check: requesting [mem 0xfed10000-0xfed1ffff], which spans more than reserved [mem 0xfed10000-0xfed17fff]
caller dnv_rd_reg+0xc8/0x240 [pnd2_edac] mapping multiple BARs
Not all of the mmio regions used in dnv_rd_reg() are the same size. The
MCHBAR window is 32KB and the sideband ports are 64KB. Pass the correct
size to ioremap() depending on which resource we're reading from.
Signed-off-by: Stephen Douthit <stephend@silicom-usa.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/pnd2_edac.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/edac/pnd2_edac.c b/drivers/edac/pnd2_edac.c
index ca25f8fe57ef3..1ad538baaa4a9 100644
--- a/drivers/edac/pnd2_edac.c
+++ b/drivers/edac/pnd2_edac.c
@@ -260,11 +260,14 @@ static u64 get_sideband_reg_base_addr(void)
}
}
+#define DNV_MCHBAR_SIZE 0x8000
+#define DNV_SB_PORT_SIZE 0x10000
static int dnv_rd_reg(int port, int off, int op, void *data, size_t sz, char *name)
{
struct pci_dev *pdev;
char *base;
u64 addr;
+ unsigned long size;
if (op == 4) {
pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x1980, NULL);
@@ -279,15 +282,17 @@ static int dnv_rd_reg(int port, int off, int op, void *data, size_t sz, char *na
addr = get_mem_ctrl_hub_base_addr();
if (!addr)
return -ENODEV;
+ size = DNV_MCHBAR_SIZE;
} else {
/* MMIO via sideband register base address */
addr = get_sideband_reg_base_addr();
if (!addr)
return -ENODEV;
addr += (port << 16);
+ size = DNV_SB_PORT_SIZE;
}
- base = ioremap((resource_size_t)addr, 0x10000);
+ base = ioremap((resource_size_t)addr, size);
if (!base)
return -ENODEV;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 085/313] efi: cper: print AER info of PCIe fatal error
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (82 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 084/313] EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 086/313] firmware: arm_scmi: Check if platform has released shmem before using Greg Kroah-Hartman
` (232 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaofei Tan, James Morse,
Ard Biesheuvel, Sasha Levin
From: Xiaofei Tan <tanxiaofei@huawei.com>
[ Upstream commit b194a77fcc4001dc40aecdd15d249648e8a436d1 ]
AER info of PCIe fatal error is not printed in the current driver.
Because APEI driver will panic directly for fatal error, and can't
run to the place of printing AER info.
An example log is as following:
{763}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 11
{763}[Hardware Error]: event severity: fatal
{763}[Hardware Error]: Error 0, type: fatal
{763}[Hardware Error]: section_type: PCIe error
{763}[Hardware Error]: port_type: 0, PCIe end point
{763}[Hardware Error]: version: 4.0
{763}[Hardware Error]: command: 0x0000, status: 0x0010
{763}[Hardware Error]: device_id: 0000:82:00.0
{763}[Hardware Error]: slot: 0
{763}[Hardware Error]: secondary_bus: 0x00
{763}[Hardware Error]: vendor_id: 0x8086, device_id: 0x10fb
{763}[Hardware Error]: class_code: 000002
Kernel panic - not syncing: Fatal hardware error!
This issue was imported by the patch, '37448adfc7ce ("aerdrv: Move
cper_print_aer() call out of interrupt context")'. To fix this issue,
this patch adds print of AER info in cper_print_pcie() for fatal error.
Here is the example log after this patch applied:
{24}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 10
{24}[Hardware Error]: event severity: fatal
{24}[Hardware Error]: Error 0, type: fatal
{24}[Hardware Error]: section_type: PCIe error
{24}[Hardware Error]: port_type: 0, PCIe end point
{24}[Hardware Error]: version: 4.0
{24}[Hardware Error]: command: 0x0546, status: 0x4010
{24}[Hardware Error]: device_id: 0000:01:00.0
{24}[Hardware Error]: slot: 0
{24}[Hardware Error]: secondary_bus: 0x00
{24}[Hardware Error]: vendor_id: 0x15b3, device_id: 0x1019
{24}[Hardware Error]: class_code: 000002
{24}[Hardware Error]: aer_uncor_status: 0x00040000, aer_uncor_mask: 0x00000000
{24}[Hardware Error]: aer_uncor_severity: 0x00062010
{24}[Hardware Error]: TLP Header: 000000c0 01010000 00000001 00000000
Kernel panic - not syncing: Fatal hardware error!
Fixes: 37448adfc7ce ("aerdrv: Move cper_print_aer() call out of interrupt context")
Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com>
Reviewed-by: James Morse <james.morse@arm.com>
[ardb: put parens around terms of && operator]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/cper.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
index 8fa977c7861f9..addf0749dd8b6 100644
--- a/drivers/firmware/efi/cper.c
+++ b/drivers/firmware/efi/cper.c
@@ -390,6 +390,21 @@ static void cper_print_pcie(const char *pfx, const struct cper_sec_pcie *pcie,
printk(
"%s""bridge: secondary_status: 0x%04x, control: 0x%04x\n",
pfx, pcie->bridge.secondary_status, pcie->bridge.control);
+
+ /* Fatal errors call __ghes_panic() before AER handler prints this */
+ if ((pcie->validation_bits & CPER_PCIE_VALID_AER_INFO) &&
+ (gdata->error_severity & CPER_SEV_FATAL)) {
+ struct aer_capability_regs *aer;
+
+ aer = (struct aer_capability_regs *)pcie->aer_info;
+ printk("%saer_uncor_status: 0x%08x, aer_uncor_mask: 0x%08x\n",
+ pfx, aer->uncor_status, aer->uncor_mask);
+ printk("%saer_uncor_severity: 0x%08x\n",
+ pfx, aer->uncor_severity);
+ printk("%sTLP Header: %08x %08x %08x %08x\n", pfx,
+ aer->header_log.dw0, aer->header_log.dw1,
+ aer->header_log.dw2, aer->header_log.dw3);
+ }
}
static void cper_print_tstamp(const char *pfx,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 086/313] firmware: arm_scmi: Check if platform has released shmem before using
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (83 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 085/313] efi: cper: print AER info of PCIe fatal error Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 087/313] sched/fair: Use rq_lock/unlock in online_fair_sched_group Greg Kroah-Hartman
` (231 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jim Quinlan, Sudeep Holla, Sasha Levin
From: Sudeep Holla <sudeep.holla@arm.com>
[ Upstream commit 9dc34d635c67e57051853855c43249408641a5ab ]
Sometimes platfom may take too long to respond to the command and OS
might timeout before platform transfer the ownership of the shared
memory region to the OS with the response.
Since the mailbox channel associated with the channel is freed and new
commands are dispatch on the same channel, OS needs to wait until it
gets back the ownership. If not, either OS may end up overwriting the
platform response for the last command(which is fine as OS timed out
that command) or platform might overwrite the payload for the next
command with the response for the old.
The latter is problematic as platform may end up interpretting the
response as the payload. In order to avoid such race, let's wait until
the OS gets back the ownership before we prepare the shared memory with
the payload for the next command.
Reported-by: Jim Quinlan <james.quinlan@broadcom.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scmi/driver.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index b5bc4c7a8fab2..b49c9e6f4bf10 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -271,6 +271,14 @@ static void scmi_tx_prepare(struct mbox_client *cl, void *m)
struct scmi_chan_info *cinfo = client_to_scmi_chan_info(cl);
struct scmi_shared_mem __iomem *mem = cinfo->payload;
+ /*
+ * Ideally channel must be free by now unless OS timeout last
+ * request and platform continued to process the same, wait
+ * until it releases the shared memory, otherwise we may endup
+ * overwriting its response with new message payload or vice-versa
+ */
+ spin_until_cond(ioread32(&mem->channel_status) &
+ SCMI_SHMEM_CHAN_STAT_CHANNEL_FREE);
/* Mark channel busy + clear error */
iowrite32(0x0, &mem->channel_status);
iowrite32(t->hdr.poll_completion ? 0 : SCMI_SHMEM_FLAG_INTR_ENABLED,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 087/313] sched/fair: Use rq_lock/unlock in online_fair_sched_group
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (84 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 086/313] firmware: arm_scmi: Check if platform has released shmem before using Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 088/313] idle: Prevent late-arriving interrupts from disrupting offline Greg Kroah-Hartman
` (230 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Auld, Peter Zijlstra (Intel),
Thomas Gleixner, Ingo Molnar, Vincent Guittot, Ingo Molnar,
Sasha Levin
From: Phil Auld <pauld@redhat.com>
[ Upstream commit a46d14eca7b75fffe35603aa8b81df654353d80f ]
Enabling WARN_DOUBLE_CLOCK in /sys/kernel/debug/sched_features causes
warning to fire in update_rq_clock. This seems to be caused by onlining
a new fair sched group not using the rq lock wrappers.
[] rq->clock_update_flags & RQCF_UPDATED
[] WARNING: CPU: 5 PID: 54385 at kernel/sched/core.c:210 update_rq_clock+0xec/0x150
[] Call Trace:
[] online_fair_sched_group+0x53/0x100
[] cpu_cgroup_css_online+0x16/0x20
[] online_css+0x1c/0x60
[] cgroup_apply_control_enable+0x231/0x3b0
[] cgroup_mkdir+0x41b/0x530
[] kernfs_iop_mkdir+0x61/0xa0
[] vfs_mkdir+0x108/0x1a0
[] do_mkdirat+0x77/0xe0
[] do_syscall_64+0x55/0x1d0
[] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Using the wrappers in online_fair_sched_group instead of the raw locking
removes this warning.
[ tglx: Use rq_*lock_irq() ]
Signed-off-by: Phil Auld <pauld@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Ingo Molnar <mingo@kernel.org>
Link: https://lkml.kernel.org/r/20190801133749.11033-1-pauld@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index f72bf8122fe4e..5a312c030b8d2 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -10569,18 +10569,18 @@ int alloc_fair_sched_group(struct task_group *tg, struct task_group *parent)
void online_fair_sched_group(struct task_group *tg)
{
struct sched_entity *se;
+ struct rq_flags rf;
struct rq *rq;
int i;
for_each_possible_cpu(i) {
rq = cpu_rq(i);
se = tg->se[i];
-
- raw_spin_lock_irq(&rq->lock);
+ rq_lock_irq(rq, &rf);
update_rq_clock(rq);
attach_entity_cfs_rq(se);
sync_throttle(tg, i);
- raw_spin_unlock_irq(&rq->lock);
+ rq_unlock_irq(rq, &rf);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 088/313] idle: Prevent late-arriving interrupts from disrupting offline
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (85 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 087/313] sched/fair: Use rq_lock/unlock in online_fair_sched_group Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 089/313] blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling Greg Kroah-Hartman
` (229 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra, Frederic Weisbecker,
Thomas Gleixner, Ingo Molnar, Paul E. McKenney, Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit e78a7614f3876ac649b3df608789cb6ef74d0480 ]
Scheduling-clock interrupts can arrive late in the CPU-offline process,
after idle entry and the subsequent call to cpuhp_report_idle_dead().
Once execution passes the call to rcu_report_dead(), RCU is ignoring
the CPU, which results in lockdep complaints when the interrupt handler
uses RCU:
------------------------------------------------------------------------
=============================
WARNING: suspicious RCU usage
5.2.0-rc1+ #681 Not tainted
-----------------------------
kernel/sched/fair.c:9542 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
RCU used illegally from offline CPU!
rcu_scheduler_active = 2, debug_locks = 1
no locks held by swapper/5/0.
stack backtrace:
CPU: 5 PID: 0 Comm: swapper/5 Not tainted 5.2.0-rc1+ #681
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Bochs 01/01/2011
Call Trace:
<IRQ>
dump_stack+0x5e/0x8b
trigger_load_balance+0xa8/0x390
? tick_sched_do_timer+0x60/0x60
update_process_times+0x3b/0x50
tick_sched_handle+0x2f/0x40
tick_sched_timer+0x32/0x70
__hrtimer_run_queues+0xd3/0x3b0
hrtimer_interrupt+0x11d/0x270
? sched_clock_local+0xc/0x74
smp_apic_timer_interrupt+0x79/0x200
apic_timer_interrupt+0xf/0x20
</IRQ>
RIP: 0010:delay_tsc+0x22/0x50
Code: ff 0f 1f 80 00 00 00 00 65 44 8b 05 18 a7 11 48 0f ae e8 0f 31 48 89 d6 48 c1 e6 20 48 09 c6 eb 0e f3 90 65 8b 05 fe a6 11 48 <41> 39 c0 75 18 0f ae e8 0f 31 48 c1 e2 20 48 09 c2 48 89 d0 48 29
RSP: 0000:ffff8f92c0157ed0 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000005 RBX: ffff8c861f356400 RCX: ffff8f92c0157e64
RDX: 000000321214c8cc RSI: 00000032120daa7f RDI: 0000000000260f15
RBP: 0000000000000005 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8c861ee18000 R15: ffff8c861ee18000
cpuhp_report_idle_dead+0x31/0x60
do_idle+0x1d5/0x200
? _raw_spin_unlock_irqrestore+0x2d/0x40
cpu_startup_entry+0x14/0x20
start_secondary+0x151/0x170
secondary_startup_64+0xa4/0xb0
------------------------------------------------------------------------
This happens rarely, but can be forced by happen more often by
placing delays in cpuhp_report_idle_dead() following the call to
rcu_report_dead(). With this in place, the following rcutorture
scenario reproduces the problem within a few minutes:
tools/testing/selftests/rcutorture/bin/kvm.sh --cpus 8 --duration 5 --kconfig "CONFIG_DEBUG_LOCK_ALLOC=y CONFIG_PROVE_LOCKING=y" --configs "TREE04"
This commit uses the crude but effective expedient of moving the disabling
of interrupts within the idle loop to precede the cpu_is_offline()
check. It also invokes tick_nohz_idle_stop_tick() instead of
tick_nohz_idle_stop_tick_protected() to shut off the scheduling-clock
interrupt.
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
[ paulmck: Revert tick_nohz_idle_stop_tick_protected() removal, new callers. ]
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/idle.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/sched/idle.c b/kernel/sched/idle.c
index 80940939b7336..e4bc4aa739b83 100644
--- a/kernel/sched/idle.c
+++ b/kernel/sched/idle.c
@@ -241,13 +241,14 @@ static void do_idle(void)
check_pgt_cache();
rmb();
+ local_irq_disable();
+
if (cpu_is_offline(cpu)) {
- tick_nohz_idle_stop_tick_protected();
+ tick_nohz_idle_stop_tick();
cpuhp_report_idle_dead();
arch_cpu_idle_dead();
}
- local_irq_disable();
arch_cpu_idle_enter();
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 089/313] blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (86 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 088/313] idle: Prevent late-arriving interrupts from disrupting offline Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 090/313] media: gspca: zero usb_buf on error Greg Kroah-Hartman
` (228 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, zhengbin, Jens Axboe, Sasha Levin
From: zhengbin <zhengbin13@huawei.com>
[ Upstream commit 73d9c8d4c0017e21e1ff519474ceb1450484dc9a ]
If blk_mq_init_allocated_queue->elevator_init_mq fails, need to release
the previously requested resources.
Fixes: d34849913819 ("blk-mq-sched: allow setting of default IO scheduler")
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 68106a41f90d2..f934e8afe5b43 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2853,6 +2853,8 @@ static unsigned int nr_hw_queues(struct blk_mq_tag_set *set)
struct request_queue *blk_mq_init_allocated_queue(struct blk_mq_tag_set *set,
struct request_queue *q)
{
+ int ret = -ENOMEM;
+
/* mark the queue as mq asap */
q->mq_ops = set->ops;
@@ -2914,17 +2916,18 @@ struct request_queue *blk_mq_init_allocated_queue(struct blk_mq_tag_set *set,
blk_mq_map_swqueue(q);
if (!(set->flags & BLK_MQ_F_NO_SCHED)) {
- int ret;
-
ret = elevator_init_mq(q);
if (ret)
- return ERR_PTR(ret);
+ goto err_tag_set;
}
return q;
+err_tag_set:
+ blk_mq_del_queue_tag_set(q);
err_hctxs:
kfree(q->queue_hw_ctx);
+ q->nr_hw_queues = 0;
err_sys_init:
blk_mq_sysfs_deinit(q);
err_poll:
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 090/313] media: gspca: zero usb_buf on error
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (87 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 089/313] blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 091/313] perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig Greg Kroah-Hartman
` (227 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin, syzbot+1a35278dd0ebfb3a038a,
syzbot+397fd082ce5143e2f67d, syzbot+06ddf1788cfd048c5e82
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 4843a543fad3bf8221cf14e5d5f32d15cee89e84 ]
If reg_r() fails, then gspca_dev->usb_buf was left uninitialized,
and some drivers used the contents of that buffer in logic.
This caused several syzbot errors:
https://syzkaller.appspot.com/bug?extid=397fd082ce5143e2f67d
https://syzkaller.appspot.com/bug?extid=1a35278dd0ebfb3a038a
https://syzkaller.appspot.com/bug?extid=06ddf1788cfd048c5e82
I analyzed the gspca drivers and zeroed the buffer where needed.
Reported-and-tested-by: syzbot+1a35278dd0ebfb3a038a@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+397fd082ce5143e2f67d@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+06ddf1788cfd048c5e82@syzkaller.appspotmail.com
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/gspca/konica.c | 5 +++++
drivers/media/usb/gspca/nw80x.c | 5 +++++
drivers/media/usb/gspca/ov519.c | 10 ++++++++++
drivers/media/usb/gspca/ov534.c | 5 +++++
drivers/media/usb/gspca/ov534_9.c | 1 +
drivers/media/usb/gspca/se401.c | 5 +++++
drivers/media/usb/gspca/sn9c20x.c | 5 +++++
drivers/media/usb/gspca/sonixb.c | 5 +++++
drivers/media/usb/gspca/sonixj.c | 5 +++++
drivers/media/usb/gspca/spca1528.c | 5 +++++
drivers/media/usb/gspca/sq930x.c | 5 +++++
drivers/media/usb/gspca/sunplus.c | 5 +++++
drivers/media/usb/gspca/vc032x.c | 5 +++++
drivers/media/usb/gspca/w996Xcf.c | 5 +++++
14 files changed, 71 insertions(+)
diff --git a/drivers/media/usb/gspca/konica.c b/drivers/media/usb/gspca/konica.c
index d8e40137a2043..53db9a2895ea5 100644
--- a/drivers/media/usb/gspca/konica.c
+++ b/drivers/media/usb/gspca/konica.c
@@ -114,6 +114,11 @@ static void reg_r(struct gspca_dev *gspca_dev, u16 value, u16 index)
if (ret < 0) {
pr_err("reg_r err %d\n", ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, 2);
}
}
diff --git a/drivers/media/usb/gspca/nw80x.c b/drivers/media/usb/gspca/nw80x.c
index 59649704beba1..880f569bda30f 100644
--- a/drivers/media/usb/gspca/nw80x.c
+++ b/drivers/media/usb/gspca/nw80x.c
@@ -1572,6 +1572,11 @@ static void reg_r(struct gspca_dev *gspca_dev,
if (ret < 0) {
pr_err("reg_r err %d\n", ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, USB_BUF_SZ);
return;
}
if (len == 1)
diff --git a/drivers/media/usb/gspca/ov519.c b/drivers/media/usb/gspca/ov519.c
index cfb1f53bc17e7..f417dfc0b8729 100644
--- a/drivers/media/usb/gspca/ov519.c
+++ b/drivers/media/usb/gspca/ov519.c
@@ -2073,6 +2073,11 @@ static int reg_r(struct sd *sd, u16 index)
} else {
gspca_err(gspca_dev, "reg_r %02x failed %d\n", index, ret);
sd->gspca_dev.usb_err = ret;
+ /*
+ * Make sure the result is zeroed to avoid uninitialized
+ * values.
+ */
+ gspca_dev->usb_buf[0] = 0;
}
return ret;
@@ -2101,6 +2106,11 @@ static int reg_r8(struct sd *sd,
} else {
gspca_err(gspca_dev, "reg_r8 %02x failed %d\n", index, ret);
sd->gspca_dev.usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, 8);
}
return ret;
diff --git a/drivers/media/usb/gspca/ov534.c b/drivers/media/usb/gspca/ov534.c
index 56521c991db45..185c1f10fb30b 100644
--- a/drivers/media/usb/gspca/ov534.c
+++ b/drivers/media/usb/gspca/ov534.c
@@ -693,6 +693,11 @@ static u8 ov534_reg_read(struct gspca_dev *gspca_dev, u16 reg)
if (ret < 0) {
pr_err("read failed %d\n", ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the result is zeroed to avoid uninitialized
+ * values.
+ */
+ gspca_dev->usb_buf[0] = 0;
}
return gspca_dev->usb_buf[0];
}
diff --git a/drivers/media/usb/gspca/ov534_9.c b/drivers/media/usb/gspca/ov534_9.c
index 867f860a96500..91efc650cf769 100644
--- a/drivers/media/usb/gspca/ov534_9.c
+++ b/drivers/media/usb/gspca/ov534_9.c
@@ -1145,6 +1145,7 @@ static u8 reg_r(struct gspca_dev *gspca_dev, u16 reg)
if (ret < 0) {
pr_err("reg_r err %d\n", ret);
gspca_dev->usb_err = ret;
+ return 0;
}
return gspca_dev->usb_buf[0];
}
diff --git a/drivers/media/usb/gspca/se401.c b/drivers/media/usb/gspca/se401.c
index 061deee138c31..e087cfb5980b0 100644
--- a/drivers/media/usb/gspca/se401.c
+++ b/drivers/media/usb/gspca/se401.c
@@ -101,6 +101,11 @@ static void se401_read_req(struct gspca_dev *gspca_dev, u16 req, int silent)
pr_err("read req failed req %#04x error %d\n",
req, err);
gspca_dev->usb_err = err;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, READ_REQ_SIZE);
}
}
diff --git a/drivers/media/usb/gspca/sn9c20x.c b/drivers/media/usb/gspca/sn9c20x.c
index b43f89fee6c1d..12a2395a36ac6 100644
--- a/drivers/media/usb/gspca/sn9c20x.c
+++ b/drivers/media/usb/gspca/sn9c20x.c
@@ -909,6 +909,11 @@ static void reg_r(struct gspca_dev *gspca_dev, u16 reg, u16 length)
if (unlikely(result < 0 || result != length)) {
pr_err("Read register %02x failed %d\n", reg, result);
gspca_dev->usb_err = result;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, USB_BUF_SZ);
}
}
diff --git a/drivers/media/usb/gspca/sonixb.c b/drivers/media/usb/gspca/sonixb.c
index 046fc2c2a1350..4d655e2da9cba 100644
--- a/drivers/media/usb/gspca/sonixb.c
+++ b/drivers/media/usb/gspca/sonixb.c
@@ -453,6 +453,11 @@ static void reg_r(struct gspca_dev *gspca_dev,
dev_err(gspca_dev->v4l2_dev.dev,
"Error reading register %02x: %d\n", value, res);
gspca_dev->usb_err = res;
+ /*
+ * Make sure the result is zeroed to avoid uninitialized
+ * values.
+ */
+ gspca_dev->usb_buf[0] = 0;
}
}
diff --git a/drivers/media/usb/gspca/sonixj.c b/drivers/media/usb/gspca/sonixj.c
index 50a6c8425827f..2e1bd2df8304a 100644
--- a/drivers/media/usb/gspca/sonixj.c
+++ b/drivers/media/usb/gspca/sonixj.c
@@ -1162,6 +1162,11 @@ static void reg_r(struct gspca_dev *gspca_dev,
if (ret < 0) {
pr_err("reg_r err %d\n", ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, USB_BUF_SZ);
}
}
diff --git a/drivers/media/usb/gspca/spca1528.c b/drivers/media/usb/gspca/spca1528.c
index 2ae03b60163ff..ccc477944ef82 100644
--- a/drivers/media/usb/gspca/spca1528.c
+++ b/drivers/media/usb/gspca/spca1528.c
@@ -71,6 +71,11 @@ static void reg_r(struct gspca_dev *gspca_dev,
if (ret < 0) {
pr_err("reg_r err %d\n", ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, USB_BUF_SZ);
}
}
diff --git a/drivers/media/usb/gspca/sq930x.c b/drivers/media/usb/gspca/sq930x.c
index d1ba0888d7989..c3610247a90e0 100644
--- a/drivers/media/usb/gspca/sq930x.c
+++ b/drivers/media/usb/gspca/sq930x.c
@@ -425,6 +425,11 @@ static void reg_r(struct gspca_dev *gspca_dev,
if (ret < 0) {
pr_err("reg_r %04x failed %d\n", value, ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, USB_BUF_SZ);
}
}
diff --git a/drivers/media/usb/gspca/sunplus.c b/drivers/media/usb/gspca/sunplus.c
index d0ddfa957ca9f..f4a4222f0d2e4 100644
--- a/drivers/media/usb/gspca/sunplus.c
+++ b/drivers/media/usb/gspca/sunplus.c
@@ -255,6 +255,11 @@ static void reg_r(struct gspca_dev *gspca_dev,
if (ret < 0) {
pr_err("reg_r err %d\n", ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, USB_BUF_SZ);
}
}
diff --git a/drivers/media/usb/gspca/vc032x.c b/drivers/media/usb/gspca/vc032x.c
index 588a847ea4834..4cb7c92ea1328 100644
--- a/drivers/media/usb/gspca/vc032x.c
+++ b/drivers/media/usb/gspca/vc032x.c
@@ -2906,6 +2906,11 @@ static void reg_r_i(struct gspca_dev *gspca_dev,
if (ret < 0) {
pr_err("reg_r err %d\n", ret);
gspca_dev->usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(gspca_dev->usb_buf, 0, USB_BUF_SZ);
}
}
static void reg_r(struct gspca_dev *gspca_dev,
diff --git a/drivers/media/usb/gspca/w996Xcf.c b/drivers/media/usb/gspca/w996Xcf.c
index 16b679c2de21f..a8350ee9712fb 100644
--- a/drivers/media/usb/gspca/w996Xcf.c
+++ b/drivers/media/usb/gspca/w996Xcf.c
@@ -133,6 +133,11 @@ static int w9968cf_read_sb(struct sd *sd)
} else {
pr_err("Read SB reg [01] failed\n");
sd->gspca_dev.usb_err = ret;
+ /*
+ * Make sure the buffer is zeroed to avoid uninitialized
+ * values.
+ */
+ memset(sd->gspca_dev.usb_buf, 0, 2);
}
udelay(W9968CF_I2C_BUS_DELAY);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 091/313] perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (88 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 090/313] media: gspca: zero usb_buf on error Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 092/313] perf test vfs_getname: Disable ~/.perfconfig to get default output Greg Kroah-Hartman
` (226 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
Luis Cláudio Gonçalves, Namhyung Kim, Taeung Song,
Arnaldo Carvalho de Melo, Sasha Levin
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 61a461fcbd62d42c29a1ea6a9cc3838ad9f49401 ]
We had this comment in Documentation/perf_counter/config.c, i.e. since
when we got this from the git sources, but never really did that
getenv("PERF_CONFIG"), do it now as I need to disable whatever
~/.perfconfig root has so that tests parsing tool output are done for
the expected default output or that we specify an alternate config file
that when read will make the tools produce expected output.
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Luis Cláudio Gonçalves <lclaudio@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Taeung Song <treeze.taeung@gmail.com>
Fixes: 078006012401 ("perf_counter tools: add in basic glue from Git")
Link: https://lkml.kernel.org/n/tip-jo209zac9rut0dz1rqvbdlgm@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/perf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/perf/perf.c b/tools/perf/perf.c
index 72df4b6fa36fd..4c45cdf38adae 100644
--- a/tools/perf/perf.c
+++ b/tools/perf/perf.c
@@ -440,6 +440,9 @@ int main(int argc, const char **argv)
srandom(time(NULL));
+ /* Setting $PERF_CONFIG makes perf read _only_ the given config file. */
+ config_exclusive_filename = getenv("PERF_CONFIG");
+
err = perf_config(perf_default_config, NULL);
if (err)
return err;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 092/313] perf test vfs_getname: Disable ~/.perfconfig to get default output
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (89 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 091/313] perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 093/313] media: mtk-mdp: fix reference count on old device tree Greg Kroah-Hartman
` (225 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
Luis Cláudio Gonçalves, Namhyung Kim, Taeung Song,
Arnaldo Carvalho de Melo, Sasha Levin
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 4fe94ce1c6ba678b5f12b94bb9996eea4fc99e85 ]
To get the expected output we have to ignore whatever changes the user
has in its ~/.perfconfig file, so set PERF_CONFIG to /dev/null to
achieve that.
Before:
# egrep 'trace|show_' ~/.perfconfig
[trace]
show_zeros = yes
show_duration = no
show_timestamp = no
show_arg_names = no
show_prefix = yes
# echo $PERF_CONFIG
# perf test "trace + vfs_getname"
70: Check open filename arg using perf trace + vfs_getname: FAILED!
# export PERF_CONFIG=/dev/null
# perf test "trace + vfs_getname"
70: Check open filename arg using perf trace + vfs_getname: Ok
#
After:
# egrep 'trace|show_' ~/.perfconfig
[trace]
show_zeros = yes
show_duration = no
show_timestamp = no
show_arg_names = no
show_prefix = yes
# echo $PERF_CONFIG
# perf test "trace + vfs_getname"
70: Check open filename arg using perf trace + vfs_getname: Ok
#
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Luis Cláudio Gonçalves <lclaudio@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Taeung Song <treeze.taeung@gmail.com>
Link: https://lkml.kernel.org/n/tip-3up27pexg5i3exuzqrvt4m8u@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/tests/shell/trace+probe_vfs_getname.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/perf/tests/shell/trace+probe_vfs_getname.sh b/tools/perf/tests/shell/trace+probe_vfs_getname.sh
index 147efeb6b1959..e97f55ba61c23 100755
--- a/tools/perf/tests/shell/trace+probe_vfs_getname.sh
+++ b/tools/perf/tests/shell/trace+probe_vfs_getname.sh
@@ -31,6 +31,10 @@ if [ $err -ne 0 ] ; then
exit $err
fi
+# Do not use whatever ~/.perfconfig file, it may change the output
+# via trace.{show_timestamp,show_prefix,etc}
+export PERF_CONFIG=/dev/null
+
trace_open_vfs_getname
err=$?
rm -f ${file}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 093/313] media: mtk-mdp: fix reference count on old device tree
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (90 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 092/313] perf test vfs_getname: Disable ~/.perfconfig to get default output Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 094/313] media: i2c: tda1997x: prevent potential NULL pointer access Greg Kroah-Hartman
` (224 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Brugger, Houlong Wei,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Matthias Brugger <matthias.bgg@gmail.com>
[ Upstream commit 864919ea0380e62adb2503b89825fe358acb8216 ]
of_get_next_child() increments the reference count of the returning
device_node. Decrement it in the check if we are using the old or the
new DTB.
Fixes: ba1f1f70c2c0 ("[media] media: mtk-mdp: Fix mdp device tree")
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Acked-by: Houlong Wei <houlong.wei@mediatek.com>
[hverkuil-cisco@xs4all.nl: use node instead of parent as temp variable]
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mtk-mdp/mtk_mdp_core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/mtk-mdp/mtk_mdp_core.c b/drivers/media/platform/mtk-mdp/mtk_mdp_core.c
index fc9faec85edb6..5d44f2e92dd50 100644
--- a/drivers/media/platform/mtk-mdp/mtk_mdp_core.c
+++ b/drivers/media/platform/mtk-mdp/mtk_mdp_core.c
@@ -110,7 +110,9 @@ static int mtk_mdp_probe(struct platform_device *pdev)
mutex_init(&mdp->vpulock);
/* Old dts had the components as child nodes */
- if (of_get_next_child(dev->of_node, NULL)) {
+ node = of_get_next_child(dev->of_node, NULL);
+ if (node) {
+ of_node_put(node);
parent = dev->of_node;
dev_warn(dev, "device tree is out of date\n");
} else {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 094/313] media: i2c: tda1997x: prevent potential NULL pointer access
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (91 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 093/313] media: mtk-mdp: fix reference count on old device tree Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 095/313] media: fdp1: Reduce FCP not found message level to debug Greg Kroah-Hartman
` (223 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 2f822f1da08ac5c93e351e79d22920f08fa51baf ]
i2c_new_dummy() can fail returning a NULL pointer. This is not checked
and the returned pointer is blindly used. Convert to
devm_i2c_new_dummy_client() which returns an ERR_PTR and also add a
validity check. Using devm_* here also fixes a leak because the dummy
client was not released in the probe error path.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/tda1997x.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/media/i2c/tda1997x.c b/drivers/media/i2c/tda1997x.c
index a62ede0966361..5e68182001ecc 100644
--- a/drivers/media/i2c/tda1997x.c
+++ b/drivers/media/i2c/tda1997x.c
@@ -2691,7 +2691,13 @@ static int tda1997x_probe(struct i2c_client *client,
}
ret = 0x34 + ((io_read(sd, REG_SLAVE_ADDR)>>4) & 0x03);
- state->client_cec = i2c_new_dummy(client->adapter, ret);
+ state->client_cec = devm_i2c_new_dummy_device(&client->dev,
+ client->adapter, ret);
+ if (IS_ERR(state->client_cec)) {
+ ret = PTR_ERR(state->client_cec);
+ goto err_free_mutex;
+ }
+
v4l_info(client, "CEC slave address 0x%02x\n", ret);
ret = tda1997x_core_init(sd);
@@ -2798,7 +2804,6 @@ static int tda1997x_remove(struct i2c_client *client)
media_entity_cleanup(&sd->entity);
v4l2_ctrl_handler_free(&state->hdl);
regulator_bulk_disable(TDA1997X_NUM_SUPPLIES, state->supplies);
- i2c_unregister_device(state->client_cec);
cancel_delayed_work(&state->delayed_work_enable_hpd);
mutex_destroy(&state->page_lock);
mutex_destroy(&state->lock);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 095/313] media: fdp1: Reduce FCP not found message level to debug
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (92 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 094/313] media: i2c: tda1997x: prevent potential NULL pointer access Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 096/313] media: em28xx: modules workqueue not inited for 2nd device Greg Kroah-Hartman
` (222 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Kieran Bingham,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 4fd22938569c14f6092c05880ca387409d78355f ]
When support for the IPMMU is not enabled, the FDP driver may be
probe-deferred multiple times, causing several messages to be printed
like:
rcar_fdp1 fe940000.fdp1: FCP not found (-517)
rcar_fdp1 fe944000.fdp1: FCP not found (-517)
Fix this by reducing the message level to debug level, as is done in the
VSP1 driver.
Fixes: 4710b752e029f3f8 ("[media] v4l: Add Renesas R-Car FDP1 Driver")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar_fdp1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/rcar_fdp1.c b/drivers/media/platform/rcar_fdp1.c
index b8615a288e2b7..6ca2cb15291f1 100644
--- a/drivers/media/platform/rcar_fdp1.c
+++ b/drivers/media/platform/rcar_fdp1.c
@@ -2306,7 +2306,7 @@ static int fdp1_probe(struct platform_device *pdev)
fdp1->fcp = rcar_fcp_get(fcp_node);
of_node_put(fcp_node);
if (IS_ERR(fdp1->fcp)) {
- dev_err(&pdev->dev, "FCP not found (%ld)\n",
+ dev_dbg(&pdev->dev, "FCP not found (%ld)\n",
PTR_ERR(fdp1->fcp));
return PTR_ERR(fdp1->fcp);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 096/313] media: em28xx: modules workqueue not inited for 2nd device
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (93 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 095/313] media: fdp1: Reduce FCP not found message level to debug Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 097/313] arm64/efi: Move variable assignments after SECTIONS Greg Kroah-Hartman
` (221 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Brad Love,
syzbot+b7f57261c521087d89bb, Sean Young, Mauro Carvalho Chehab,
Sasha Levin
From: Sean Young <sean@mess.org>
[ Upstream commit 46e4a26615cc7854340e4b69ca59ee78d6f20c8b ]
syzbot reports an error on flush_request_modules() for the second device.
This workqueue was never initialised so simply remove the offending line.
usb 1-1: USB disconnect, device number 2
em28xx 1-1:1.153: Disconnecting em28xx #1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 12 at kernel/workqueue.c:3031
__flush_work.cold+0x2c/0x36 kernel/workqueue.c:3031
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc2+ #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xca/0x13e lib/dump_stack.c:113
panic+0x2a3/0x6da kernel/panic.c:219
__warn.cold+0x20/0x4a kernel/panic.c:576
report_bug+0x262/0x2a0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:179 [inline]
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:272
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:291
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1026
RIP: 0010:__flush_work.cold+0x2c/0x36 kernel/workqueue.c:3031
Code: 9a 22 00 48 c7 c7 20 e4 c5 85 e8 d9 3a 0d 00 0f 0b 45 31 e4 e9 98 86
ff ff e8 51 9a 22 00 48 c7 c7 20 e4 c5 85 e8 be 3a 0d 00 <0f> 0b 45 31 e4
e9 7d 86 ff ff e8 36 9a 22 00 48 c7 c7 20 e4 c5 85
RSP: 0018:ffff8881da20f720 EFLAGS: 00010286
RAX: 0000000000000024 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8128a0fd RDI: ffffed103b441ed6
RBP: ffff8881da20f888 R08: 0000000000000024 R09: fffffbfff11acd9a
R10: fffffbfff11acd99 R11: ffffffff88d66ccf R12: 0000000000000000
R13: 0000000000000001 R14: ffff8881c6685df8 R15: ffff8881d2a85b78
flush_request_modules drivers/media/usb/em28xx/em28xx-cards.c:3325 [inline]
em28xx_usb_disconnect.cold+0x280/0x2a6
drivers/media/usb/em28xx/em28xx-cards.c:4023
usb_unbind_interface+0x1bd/0x8a0 drivers/usb/core/driver.c:423
__device_release_driver drivers/base/dd.c:1120 [inline]
device_release_driver_internal+0x404/0x4c0 drivers/base/dd.c:1151
bus_remove_device+0x2dc/0x4a0 drivers/base/bus.c:556
device_del+0x420/0xb10 drivers/base/core.c:2288
usb_disable_device+0x211/0x690 drivers/usb/core/message.c:1237
usb_disconnect+0x284/0x8d0 drivers/usb/core/hub.c:2199
hub_port_connect drivers/usb/core/hub.c:4949 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5213 [inline]
port_event drivers/usb/core/hub.c:5359 [inline]
hub_event+0x1454/0x3640 drivers/usb/core/hub.c:5441
process_one_work+0x92b/0x1530 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x7ab/0xe20 kernel/workqueue.c:2417
kthread+0x318/0x420 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..
Fixes: be7fd3c3a8c5e ("media: em28xx: Hauppauge DualHD second tuner functionality)
Reviewed-by: Ezequiel Garcia <ezequiel@collabora.com>
Reviewed-by: Brad Love <brad@nextdimension.cc>
Reported-by: syzbot+b7f57261c521087d89bb@syzkaller.appspotmail.com
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/em28xx/em28xx-cards.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
index 1283c7ca9ad51..1de835a591a06 100644
--- a/drivers/media/usb/em28xx/em28xx-cards.c
+++ b/drivers/media/usb/em28xx/em28xx-cards.c
@@ -4020,7 +4020,6 @@ static void em28xx_usb_disconnect(struct usb_interface *intf)
dev->dev_next->disconnected = 1;
dev_info(&dev->intf->dev, "Disconnecting %s\n",
dev->dev_next->name);
- flush_request_modules(dev->dev_next);
}
dev->disconnected = 1;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 097/313] arm64/efi: Move variable assignments after SECTIONS
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (94 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 096/313] media: em28xx: modules workqueue not inited for 2nd device Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 098/313] perf unwind: Fix libunwind when tid != pid Greg Kroah-Hartman
` (220 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Kees Cook,
Will Deacon, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 90776dd1c427cbb4d381aa4b13338f1fb1d20f5e ]
It seems that LLVM's linker does not correctly handle variable assignments
involving section positions that are updated during the SECTIONS
parsing. Commit aa69fb62bea1 ("arm64/efi: Mark __efistub_stext_offset as
an absolute symbol explicitly") ran into this too, but found a different
workaround.
However, this was not enough, as other variables were also miscalculated
which manifested as boot failures under UEFI where __efistub__end was
not taking the correct _end value (they should be the same):
$ ld.lld -EL -maarch64elf --no-undefined -X -shared \
-Bsymbolic -z notext -z norelro --no-apply-dynamic-relocs \
-o vmlinux.lld -T poc.lds --whole-archive vmlinux.o && \
readelf -Ws vmlinux.lld | egrep '\b(__efistub_|)_end\b'
368272: ffff000002218000 0 NOTYPE LOCAL HIDDEN 38 __efistub__end
368322: ffff000012318000 0 NOTYPE GLOBAL DEFAULT 38 _end
$ aarch64-linux-gnu-ld.bfd -EL -maarch64elf --no-undefined -X -shared \
-Bsymbolic -z notext -z norelro --no-apply-dynamic-relocs \
-o vmlinux.bfd -T poc.lds --whole-archive vmlinux.o && \
readelf -Ws vmlinux.bfd | egrep '\b(__efistub_|)_end\b'
338124: ffff000012318000 0 NOTYPE LOCAL DEFAULT ABS __efistub__end
383812: ffff000012318000 0 NOTYPE GLOBAL DEFAULT 15325 _end
To work around this, all of the __efistub_-prefixed variable assignments
need to be moved after the linker script's SECTIONS entry. As it turns
out, this also solves the problem fixed in commit aa69fb62bea1, so those
changes are reverted here.
Link: https://github.com/ClangBuiltLinux/linux/issues/634
Link: https://bugs.llvm.org/show_bug.cgi?id=42990
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/image-vars.h | 51 +++++++++++++++++++++++++++++++++
arch/arm64/kernel/image.h | 42 ---------------------------
arch/arm64/kernel/vmlinux.lds.S | 2 ++
3 files changed, 53 insertions(+), 42 deletions(-)
create mode 100644 arch/arm64/kernel/image-vars.h
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
new file mode 100644
index 0000000000000..25a2a9b479c2f
--- /dev/null
+++ b/arch/arm64/kernel/image-vars.h
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Linker script variables to be set after section resolution, as
+ * ld.lld does not like variables assigned before SECTIONS is processed.
+ */
+#ifndef __ARM64_KERNEL_IMAGE_VARS_H
+#define __ARM64_KERNEL_IMAGE_VARS_H
+
+#ifndef LINKER_SCRIPT
+#error This file should only be included in vmlinux.lds.S
+#endif
+
+#ifdef CONFIG_EFI
+
+__efistub_stext_offset = stext - _text;
+
+/*
+ * The EFI stub has its own symbol namespace prefixed by __efistub_, to
+ * isolate it from the kernel proper. The following symbols are legally
+ * accessed by the stub, so provide some aliases to make them accessible.
+ * Only include data symbols here, or text symbols of functions that are
+ * guaranteed to be safe when executed at another offset than they were
+ * linked at. The routines below are all implemented in assembler in a
+ * position independent manner
+ */
+__efistub_memcmp = __pi_memcmp;
+__efistub_memchr = __pi_memchr;
+__efistub_memcpy = __pi_memcpy;
+__efistub_memmove = __pi_memmove;
+__efistub_memset = __pi_memset;
+__efistub_strlen = __pi_strlen;
+__efistub_strnlen = __pi_strnlen;
+__efistub_strcmp = __pi_strcmp;
+__efistub_strncmp = __pi_strncmp;
+__efistub_strrchr = __pi_strrchr;
+__efistub___flush_dcache_area = __pi___flush_dcache_area;
+
+#ifdef CONFIG_KASAN
+__efistub___memcpy = __pi_memcpy;
+__efistub___memmove = __pi_memmove;
+__efistub___memset = __pi_memset;
+#endif
+
+__efistub__text = _text;
+__efistub__end = _end;
+__efistub__edata = _edata;
+__efistub_screen_info = screen_info;
+
+#endif
+
+#endif /* __ARM64_KERNEL_IMAGE_VARS_H */
diff --git a/arch/arm64/kernel/image.h b/arch/arm64/kernel/image.h
index 2b85c0d6fa3d1..c7d38c660372c 100644
--- a/arch/arm64/kernel/image.h
+++ b/arch/arm64/kernel/image.h
@@ -65,46 +65,4 @@
DEFINE_IMAGE_LE64(_kernel_offset_le, TEXT_OFFSET); \
DEFINE_IMAGE_LE64(_kernel_flags_le, __HEAD_FLAGS);
-#ifdef CONFIG_EFI
-
-/*
- * Use ABSOLUTE() to avoid ld.lld treating this as a relative symbol:
- * https://github.com/ClangBuiltLinux/linux/issues/561
- */
-__efistub_stext_offset = ABSOLUTE(stext - _text);
-
-/*
- * The EFI stub has its own symbol namespace prefixed by __efistub_, to
- * isolate it from the kernel proper. The following symbols are legally
- * accessed by the stub, so provide some aliases to make them accessible.
- * Only include data symbols here, or text symbols of functions that are
- * guaranteed to be safe when executed at another offset than they were
- * linked at. The routines below are all implemented in assembler in a
- * position independent manner
- */
-__efistub_memcmp = __pi_memcmp;
-__efistub_memchr = __pi_memchr;
-__efistub_memcpy = __pi_memcpy;
-__efistub_memmove = __pi_memmove;
-__efistub_memset = __pi_memset;
-__efistub_strlen = __pi_strlen;
-__efistub_strnlen = __pi_strnlen;
-__efistub_strcmp = __pi_strcmp;
-__efistub_strncmp = __pi_strncmp;
-__efistub_strrchr = __pi_strrchr;
-__efistub___flush_dcache_area = __pi___flush_dcache_area;
-
-#ifdef CONFIG_KASAN
-__efistub___memcpy = __pi_memcpy;
-__efistub___memmove = __pi_memmove;
-__efistub___memset = __pi_memset;
-#endif
-
-__efistub__text = _text;
-__efistub__end = _end;
-__efistub__edata = _edata;
-__efistub_screen_info = screen_info;
-
-#endif
-
#endif /* __ARM64_KERNEL_IMAGE_H */
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 7fa0083749078..803b24d2464ae 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -245,6 +245,8 @@ SECTIONS
HEAD_SYMBOLS
}
+#include "image-vars.h"
+
/*
* The HYP init code and ID map text can't be longer than a page each,
* and should not cross a page boundary.
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 098/313] perf unwind: Fix libunwind when tid != pid
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (95 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 097/313] arm64/efi: Move variable assignments after SECTIONS Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 099/313] media: rc: imon: Allow iMON RC protocol for ffdc 7e device Greg Kroah-Hartman
` (219 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Keeping, Jiri Olsa,
Alexander Shishkin, Konstantin Khlebnikov, Namhyung Kim,
Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: John Keeping <john@metanate.com>
[ Upstream commit e8ba2906f6b9054102ad035ac9cafad9d4168589 ]
Commit e5adfc3e7e77 ("perf map: Synthesize maps only for thread group
leader") changed the recording side so that we no longer get mmap events
for threads other than the thread group leader (when synthesising these
events for threads which exist before perf is started).
When a file recorded after this change is loaded, the lack of mmap
records mean that unwinding is not set up for any other threads.
This can be seen in a simple record/report scenario:
perf record --call-graph=dwarf -t $TID
perf report
If $TID is a process ID then the report will show call graphs, but if
$TID is a secondary thread the output is as if --call-graph=none was
specified.
Following the rationale in that commit, move the libunwind fields into
struct map_groups and update the libunwind functions to take this
instead of the struct thread. This is only required for
unwind__finish_access which must now be called from map_groups__delete
and the others are changed for symmetry.
Note that unwind__get_entries keeps the thread argument since it is
required for symbol lookup and the libdw unwind provider uses the thread
ID.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: e5adfc3e7e77 ("perf map: Synthesize maps only for thread group leader")
Link: http://lkml.kernel.org/r/20190815100146.28842-2-john@metanate.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/map.c | 3 ++-
tools/perf/util/map_groups.h | 4 +++
tools/perf/util/thread.c | 7 +++--
tools/perf/util/thread.h | 4 ---
tools/perf/util/unwind-libunwind-local.c | 18 ++++++-------
tools/perf/util/unwind-libunwind.c | 34 ++++++++++++------------
tools/perf/util/unwind.h | 25 ++++++++---------
7 files changed, 48 insertions(+), 47 deletions(-)
diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
index 9c81ee0927848..3fc32c7075d1e 100644
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -641,6 +641,7 @@ struct map_groups *map_groups__new(struct machine *machine)
void map_groups__delete(struct map_groups *mg)
{
map_groups__exit(mg);
+ unwind__finish_access(mg);
free(mg);
}
@@ -881,7 +882,7 @@ int map_groups__clone(struct thread *thread, struct map_groups *parent)
if (new == NULL)
goto out_unlock;
- err = unwind__prepare_access(thread, new, NULL);
+ err = unwind__prepare_access(mg, new, NULL);
if (err)
goto out_unlock;
diff --git a/tools/perf/util/map_groups.h b/tools/perf/util/map_groups.h
index 4dcda33e0fdf7..db1e4ffc2276d 100644
--- a/tools/perf/util/map_groups.h
+++ b/tools/perf/util/map_groups.h
@@ -31,6 +31,10 @@ struct map_groups {
struct maps maps;
struct machine *machine;
refcount_t refcnt;
+#ifdef HAVE_LIBUNWIND_SUPPORT
+ void *addr_space;
+ struct unwind_libunwind_ops *unwind_libunwind_ops;
+#endif
};
#define KMAP_NAME_LEN 256
diff --git a/tools/perf/util/thread.c b/tools/perf/util/thread.c
index 4a9f88d9b7ab3..12608f14c9910 100644
--- a/tools/perf/util/thread.c
+++ b/tools/perf/util/thread.c
@@ -105,7 +105,6 @@ void thread__delete(struct thread *thread)
}
up_write(&thread->comm_lock);
- unwind__finish_access(thread);
nsinfo__zput(thread->nsinfo);
srccode_state_free(&thread->srccode_state);
@@ -235,7 +234,7 @@ static int ____thread__set_comm(struct thread *thread, const char *str,
list_add(&new->list, &thread->comm_list);
if (exec)
- unwind__flush_access(thread);
+ unwind__flush_access(thread->mg);
}
thread->comm_set = true;
@@ -315,7 +314,7 @@ int thread__insert_map(struct thread *thread, struct map *map)
{
int ret;
- ret = unwind__prepare_access(thread, map, NULL);
+ ret = unwind__prepare_access(thread->mg, map, NULL);
if (ret)
return ret;
@@ -335,7 +334,7 @@ static int __thread__prepare_access(struct thread *thread)
down_read(&maps->lock);
for (map = maps__first(maps); map; map = map__next(map)) {
- err = unwind__prepare_access(thread, map, &initialized);
+ err = unwind__prepare_access(thread->mg, map, &initialized);
if (err || initialized)
break;
}
diff --git a/tools/perf/util/thread.h b/tools/perf/util/thread.h
index cf8375c017a03..6e5dd445bafdc 100644
--- a/tools/perf/util/thread.h
+++ b/tools/perf/util/thread.h
@@ -44,10 +44,6 @@ struct thread {
struct thread_stack *ts;
struct nsinfo *nsinfo;
struct srccode_state srccode_state;
-#ifdef HAVE_LIBUNWIND_SUPPORT
- void *addr_space;
- struct unwind_libunwind_ops *unwind_libunwind_ops;
-#endif
bool filter;
int filter_entry_depth;
};
diff --git a/tools/perf/util/unwind-libunwind-local.c b/tools/perf/util/unwind-libunwind-local.c
index 25e1406b1f8b6..da59672b566de 100644
--- a/tools/perf/util/unwind-libunwind-local.c
+++ b/tools/perf/util/unwind-libunwind-local.c
@@ -615,26 +615,26 @@ static unw_accessors_t accessors = {
.get_proc_name = get_proc_name,
};
-static int _unwind__prepare_access(struct thread *thread)
+static int _unwind__prepare_access(struct map_groups *mg)
{
- thread->addr_space = unw_create_addr_space(&accessors, 0);
- if (!thread->addr_space) {
+ mg->addr_space = unw_create_addr_space(&accessors, 0);
+ if (!mg->addr_space) {
pr_err("unwind: Can't create unwind address space.\n");
return -ENOMEM;
}
- unw_set_caching_policy(thread->addr_space, UNW_CACHE_GLOBAL);
+ unw_set_caching_policy(mg->addr_space, UNW_CACHE_GLOBAL);
return 0;
}
-static void _unwind__flush_access(struct thread *thread)
+static void _unwind__flush_access(struct map_groups *mg)
{
- unw_flush_cache(thread->addr_space, 0, 0);
+ unw_flush_cache(mg->addr_space, 0, 0);
}
-static void _unwind__finish_access(struct thread *thread)
+static void _unwind__finish_access(struct map_groups *mg)
{
- unw_destroy_addr_space(thread->addr_space);
+ unw_destroy_addr_space(mg->addr_space);
}
static int get_entries(struct unwind_info *ui, unwind_entry_cb_t cb,
@@ -659,7 +659,7 @@ static int get_entries(struct unwind_info *ui, unwind_entry_cb_t cb,
*/
if (max_stack - 1 > 0) {
WARN_ONCE(!ui->thread, "WARNING: ui->thread is NULL");
- addr_space = ui->thread->addr_space;
+ addr_space = ui->thread->mg->addr_space;
if (addr_space == NULL)
return -1;
diff --git a/tools/perf/util/unwind-libunwind.c b/tools/perf/util/unwind-libunwind.c
index c0811977d7d54..b843f9d0a9ea2 100644
--- a/tools/perf/util/unwind-libunwind.c
+++ b/tools/perf/util/unwind-libunwind.c
@@ -11,13 +11,13 @@ struct unwind_libunwind_ops __weak *local_unwind_libunwind_ops;
struct unwind_libunwind_ops __weak *x86_32_unwind_libunwind_ops;
struct unwind_libunwind_ops __weak *arm64_unwind_libunwind_ops;
-static void unwind__register_ops(struct thread *thread,
+static void unwind__register_ops(struct map_groups *mg,
struct unwind_libunwind_ops *ops)
{
- thread->unwind_libunwind_ops = ops;
+ mg->unwind_libunwind_ops = ops;
}
-int unwind__prepare_access(struct thread *thread, struct map *map,
+int unwind__prepare_access(struct map_groups *mg, struct map *map,
bool *initialized)
{
const char *arch;
@@ -28,7 +28,7 @@ int unwind__prepare_access(struct thread *thread, struct map *map,
if (!dwarf_callchain_users)
return 0;
- if (thread->addr_space) {
+ if (mg->addr_space) {
pr_debug("unwind: thread map already set, dso=%s\n",
map->dso->name);
if (initialized)
@@ -37,14 +37,14 @@ int unwind__prepare_access(struct thread *thread, struct map *map,
}
/* env->arch is NULL for live-mode (i.e. perf top) */
- if (!thread->mg->machine->env || !thread->mg->machine->env->arch)
+ if (!mg->machine->env || !mg->machine->env->arch)
goto out_register;
- dso_type = dso__type(map->dso, thread->mg->machine);
+ dso_type = dso__type(map->dso, mg->machine);
if (dso_type == DSO__TYPE_UNKNOWN)
return 0;
- arch = perf_env__arch(thread->mg->machine->env);
+ arch = perf_env__arch(mg->machine->env);
if (!strcmp(arch, "x86")) {
if (dso_type != DSO__TYPE_64BIT)
@@ -59,37 +59,37 @@ int unwind__prepare_access(struct thread *thread, struct map *map,
return 0;
}
out_register:
- unwind__register_ops(thread, ops);
+ unwind__register_ops(mg, ops);
- err = thread->unwind_libunwind_ops->prepare_access(thread);
+ err = mg->unwind_libunwind_ops->prepare_access(mg);
if (initialized)
*initialized = err ? false : true;
return err;
}
-void unwind__flush_access(struct thread *thread)
+void unwind__flush_access(struct map_groups *mg)
{
if (!dwarf_callchain_users)
return;
- if (thread->unwind_libunwind_ops)
- thread->unwind_libunwind_ops->flush_access(thread);
+ if (mg->unwind_libunwind_ops)
+ mg->unwind_libunwind_ops->flush_access(mg);
}
-void unwind__finish_access(struct thread *thread)
+void unwind__finish_access(struct map_groups *mg)
{
if (!dwarf_callchain_users)
return;
- if (thread->unwind_libunwind_ops)
- thread->unwind_libunwind_ops->finish_access(thread);
+ if (mg->unwind_libunwind_ops)
+ mg->unwind_libunwind_ops->finish_access(mg);
}
int unwind__get_entries(unwind_entry_cb_t cb, void *arg,
struct thread *thread,
struct perf_sample *data, int max_stack)
{
- if (thread->unwind_libunwind_ops)
- return thread->unwind_libunwind_ops->get_entries(cb, arg, thread, data, max_stack);
+ if (thread->mg->unwind_libunwind_ops)
+ return thread->mg->unwind_libunwind_ops->get_entries(cb, arg, thread, data, max_stack);
return 0;
}
diff --git a/tools/perf/util/unwind.h b/tools/perf/util/unwind.h
index 8a44a1569a21b..3a7d00c20d862 100644
--- a/tools/perf/util/unwind.h
+++ b/tools/perf/util/unwind.h
@@ -6,6 +6,7 @@
#include <linux/types.h>
struct map;
+struct map_groups;
struct perf_sample;
struct symbol;
struct thread;
@@ -19,9 +20,9 @@ struct unwind_entry {
typedef int (*unwind_entry_cb_t)(struct unwind_entry *entry, void *arg);
struct unwind_libunwind_ops {
- int (*prepare_access)(struct thread *thread);
- void (*flush_access)(struct thread *thread);
- void (*finish_access)(struct thread *thread);
+ int (*prepare_access)(struct map_groups *mg);
+ void (*flush_access)(struct map_groups *mg);
+ void (*finish_access)(struct map_groups *mg);
int (*get_entries)(unwind_entry_cb_t cb, void *arg,
struct thread *thread,
struct perf_sample *data, int max_stack);
@@ -46,20 +47,20 @@ int unwind__get_entries(unwind_entry_cb_t cb, void *arg,
#endif
int LIBUNWIND__ARCH_REG_ID(int regnum);
-int unwind__prepare_access(struct thread *thread, struct map *map,
+int unwind__prepare_access(struct map_groups *mg, struct map *map,
bool *initialized);
-void unwind__flush_access(struct thread *thread);
-void unwind__finish_access(struct thread *thread);
+void unwind__flush_access(struct map_groups *mg);
+void unwind__finish_access(struct map_groups *mg);
#else
-static inline int unwind__prepare_access(struct thread *thread __maybe_unused,
+static inline int unwind__prepare_access(struct map_groups *mg __maybe_unused,
struct map *map __maybe_unused,
bool *initialized __maybe_unused)
{
return 0;
}
-static inline void unwind__flush_access(struct thread *thread __maybe_unused) {}
-static inline void unwind__finish_access(struct thread *thread __maybe_unused) {}
+static inline void unwind__flush_access(struct map_groups *mg __maybe_unused) {}
+static inline void unwind__finish_access(struct map_groups *mg __maybe_unused) {}
#endif
#else
static inline int
@@ -72,14 +73,14 @@ unwind__get_entries(unwind_entry_cb_t cb __maybe_unused,
return 0;
}
-static inline int unwind__prepare_access(struct thread *thread __maybe_unused,
+static inline int unwind__prepare_access(struct map_groups *mg __maybe_unused,
struct map *map __maybe_unused,
bool *initialized __maybe_unused)
{
return 0;
}
-static inline void unwind__flush_access(struct thread *thread __maybe_unused) {}
-static inline void unwind__finish_access(struct thread *thread __maybe_unused) {}
+static inline void unwind__flush_access(struct map_groups *mg __maybe_unused) {}
+static inline void unwind__finish_access(struct map_groups *mg __maybe_unused) {}
#endif /* HAVE_DWARF_UNWIND_SUPPORT */
#endif /* __UNWIND_H */
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 099/313] media: rc: imon: Allow iMON RC protocol for ffdc 7e device
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (96 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 098/313] perf unwind: Fix libunwind when tid != pid Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 100/313] dmaengine: iop-adma: use correct printk format strings Greg Kroah-Hartman
` (218 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darius Rad, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
From: Darius Rad <alpha@area49.net>
[ Upstream commit b20a6e298bcb8cb8ae18de26baaf462a6418515b ]
Allow selecting the IR protocol, MCE or iMON, for a device that
identifies as follows (with config id 0x7e):
15c2:ffdc SoundGraph Inc. iMON PAD Remote Controller
As the driver is structured to default to iMON when both RC
protocols are supported, existing users of this device (using MCE
protocol) will need to manually switch to MCE (RC-6) protocol from
userspace (with ir-keytable, sysfs).
Signed-off-by: Darius Rad <alpha@area49.net>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/imon.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/media/rc/imon.c b/drivers/media/rc/imon.c
index 7bee72108b0ee..37a850421fbb1 100644
--- a/drivers/media/rc/imon.c
+++ b/drivers/media/rc/imon.c
@@ -1826,12 +1826,17 @@ static void imon_get_ffdc_type(struct imon_context *ictx)
break;
/* iMON VFD, MCE IR */
case 0x46:
- case 0x7e:
case 0x9e:
dev_info(ictx->dev, "0xffdc iMON VFD, MCE IR");
detected_display_type = IMON_DISPLAY_TYPE_VFD;
allowed_protos = RC_PROTO_BIT_RC6_MCE;
break;
+ /* iMON VFD, iMON or MCE IR */
+ case 0x7e:
+ dev_info(ictx->dev, "0xffdc iMON VFD, iMON or MCE IR");
+ detected_display_type = IMON_DISPLAY_TYPE_VFD;
+ allowed_protos |= RC_PROTO_BIT_RC6_MCE;
+ break;
/* iMON LCD, MCE IR */
case 0x9f:
dev_info(ictx->dev, "0xffdc iMON LCD, MCE IR");
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 100/313] dmaengine: iop-adma: use correct printk format strings
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (97 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 099/313] media: rc: imon: Allow iMON RC protocol for ffdc 7e device Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 101/313] ARM: xscale: fix multi-cpu compilation Greg Kroah-Hartman
` (217 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Vinod Koul, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 00c9755524fbaa28117be774d7c92fddb5ca02f3 ]
When compile-testing on other architectures, we get lots of warnings
about incorrect format strings, like:
drivers/dma/iop-adma.c: In function 'iop_adma_alloc_slots':
drivers/dma/iop-adma.c:307:6: warning: format '%x' expects argument of type 'unsigned int', but argument 6 has type 'dma_addr_t {aka long long unsigned int}' [-Wformat=]
drivers/dma/iop-adma.c: In function 'iop_adma_prep_dma_memcpy':
>> drivers/dma/iop-adma.c:518:40: warning: format '%u' expects argument of type 'unsigned int', but argument 5 has type 'size_t {aka long unsigned int}' [-Wformat=]
Use %zu for printing size_t as required, and cast the dma_addr_t
arguments to 'u64' for printing with %llx. Ideally this should use
the %pad format string, but that requires an lvalue argument that
doesn't work here.
Link: https://lore.kernel.org/r/20190809163334.489360-3-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/iop-adma.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/dma/iop-adma.c b/drivers/dma/iop-adma.c
index c6c0143670d9d..a776857d89c8f 100644
--- a/drivers/dma/iop-adma.c
+++ b/drivers/dma/iop-adma.c
@@ -116,9 +116,9 @@ static void __iop_adma_slot_cleanup(struct iop_adma_chan *iop_chan)
list_for_each_entry_safe(iter, _iter, &iop_chan->chain,
chain_node) {
pr_debug("\tcookie: %d slot: %d busy: %d "
- "this_desc: %#x next_desc: %#x ack: %d\n",
+ "this_desc: %#x next_desc: %#llx ack: %d\n",
iter->async_tx.cookie, iter->idx, busy,
- iter->async_tx.phys, iop_desc_get_next_desc(iter),
+ iter->async_tx.phys, (u64)iop_desc_get_next_desc(iter),
async_tx_test_ack(&iter->async_tx));
prefetch(_iter);
prefetch(&_iter->async_tx);
@@ -306,9 +306,9 @@ iop_adma_alloc_slots(struct iop_adma_chan *iop_chan, int num_slots,
int i;
dev_dbg(iop_chan->device->common.dev,
"allocated slot: %d "
- "(desc %p phys: %#x) slots_per_op %d\n",
+ "(desc %p phys: %#llx) slots_per_op %d\n",
iter->idx, iter->hw_desc,
- iter->async_tx.phys, slots_per_op);
+ (u64)iter->async_tx.phys, slots_per_op);
/* pre-ack all but the last descriptor */
if (num_slots != slots_per_op)
@@ -516,7 +516,7 @@ iop_adma_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t dma_dest,
return NULL;
BUG_ON(len > IOP_ADMA_MAX_BYTE_COUNT);
- dev_dbg(iop_chan->device->common.dev, "%s len: %u\n",
+ dev_dbg(iop_chan->device->common.dev, "%s len: %zu\n",
__func__, len);
spin_lock_bh(&iop_chan->lock);
@@ -549,7 +549,7 @@ iop_adma_prep_dma_xor(struct dma_chan *chan, dma_addr_t dma_dest,
BUG_ON(len > IOP_ADMA_XOR_MAX_BYTE_COUNT);
dev_dbg(iop_chan->device->common.dev,
- "%s src_cnt: %d len: %u flags: %lx\n",
+ "%s src_cnt: %d len: %zu flags: %lx\n",
__func__, src_cnt, len, flags);
spin_lock_bh(&iop_chan->lock);
@@ -582,7 +582,7 @@ iop_adma_prep_dma_xor_val(struct dma_chan *chan, dma_addr_t *dma_src,
if (unlikely(!len))
return NULL;
- dev_dbg(iop_chan->device->common.dev, "%s src_cnt: %d len: %u\n",
+ dev_dbg(iop_chan->device->common.dev, "%s src_cnt: %d len: %zu\n",
__func__, src_cnt, len);
spin_lock_bh(&iop_chan->lock);
@@ -620,7 +620,7 @@ iop_adma_prep_dma_pq(struct dma_chan *chan, dma_addr_t *dst, dma_addr_t *src,
BUG_ON(len > IOP_ADMA_XOR_MAX_BYTE_COUNT);
dev_dbg(iop_chan->device->common.dev,
- "%s src_cnt: %d len: %u flags: %lx\n",
+ "%s src_cnt: %d len: %zu flags: %lx\n",
__func__, src_cnt, len, flags);
if (dmaf_p_disabled_continue(flags))
@@ -683,7 +683,7 @@ iop_adma_prep_dma_pq_val(struct dma_chan *chan, dma_addr_t *pq, dma_addr_t *src,
return NULL;
BUG_ON(len > IOP_ADMA_XOR_MAX_BYTE_COUNT);
- dev_dbg(iop_chan->device->common.dev, "%s src_cnt: %d len: %u\n",
+ dev_dbg(iop_chan->device->common.dev, "%s src_cnt: %d len: %zu\n",
__func__, src_cnt, len);
spin_lock_bh(&iop_chan->lock);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 101/313] ARM: xscale: fix multi-cpu compilation
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (98 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 100/313] dmaengine: iop-adma: use correct printk format strings Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 102/313] perf record: Support aarch64 random socket_id assignment Greg Kroah-Hartman
` (216 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit c7b68049943079550d4e6af0f10aa3aabd64131a ]
Building a combined ARMv4+XScale kernel produces these
and other build failures:
/tmp/copypage-xscale-3aa821.s: Assembler messages:
/tmp/copypage-xscale-3aa821.s:167: Error: selected processor does not support `pld [r7,#0]' in ARM mode
/tmp/copypage-xscale-3aa821.s:168: Error: selected processor does not support `pld [r7,#32]' in ARM mode
/tmp/copypage-xscale-3aa821.s:169: Error: selected processor does not support `pld [r1,#0]' in ARM mode
/tmp/copypage-xscale-3aa821.s:170: Error: selected processor does not support `pld [r1,#32]' in ARM mode
/tmp/copypage-xscale-3aa821.s:171: Error: selected processor does not support `pld [r7,#64]' in ARM mode
/tmp/copypage-xscale-3aa821.s:176: Error: selected processor does not support `ldrd r4,r5,[r7],#8' in ARM mode
/tmp/copypage-xscale-3aa821.s:180: Error: selected processor does not support `strd r4,r5,[r1],#8' in ARM mode
Add an explict .arch armv5 in the inline assembly to allow the ARMv5
specific instructions regardless of the compiler -march= target.
Link: https://lore.kernel.org/r/20190809163334.489360-5-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/copypage-xscale.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mm/copypage-xscale.c b/arch/arm/mm/copypage-xscale.c
index 61d834157bc05..382e1c2855e85 100644
--- a/arch/arm/mm/copypage-xscale.c
+++ b/arch/arm/mm/copypage-xscale.c
@@ -42,6 +42,7 @@ static void mc_copy_user_page(void *from, void *to)
* when prefetching destination as well. (NP)
*/
asm volatile ("\
+.arch xscale \n\
pld [%0, #0] \n\
pld [%0, #32] \n\
pld [%1, #0] \n\
@@ -106,8 +107,9 @@ void
xscale_mc_clear_user_highpage(struct page *page, unsigned long vaddr)
{
void *ptr, *kaddr = kmap_atomic(page);
- asm volatile(
- "mov r1, %2 \n\
+ asm volatile("\
+.arch xscale \n\
+ mov r1, %2 \n\
mov r2, #0 \n\
mov r3, #0 \n\
1: mov ip, %0 \n\
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 102/313] perf record: Support aarch64 random socket_id assignment
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (99 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 101/313] ARM: xscale: fix multi-cpu compilation Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 103/313] media: vsp1: fix memory leak of dl on error return path Greg Kroah-Hartman
` (215 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tan Xiaojun, Jiri Olsa,
Alexander Shishkin, Alexey Budankov, Kan Liang, Namhyung Kim,
Peter Zijlstra, Song Liu, Steven Rostedt (VMware),
Tzvetomir Stoyanov (VMware),
Arnaldo Carvalho de Melo, Sasha Levin
From: Tan Xiaojun <tanxiaojun@huawei.com>
[ Upstream commit 0a4d8fb229dd78f9e0752817339e19e903b37a60 ]
Same as in the commit 01766229533f ("perf record: Support s390 random
socket_id assignment"), aarch64 also have this problem.
Without this fix:
[root@localhost perf]# ./perf report --header -I -v
...
socket_id number is too big.You may need to upgrade the perf tool.
# ========
# captured on : Thu Aug 1 22:58:38 2019
# header version : 1
...
# Core ID and Socket ID information is not available
...
With this fix:
[root@localhost perf]# ./perf report --header -I -v
...
cpumask list: 0-31
cpumask list: 32-63
cpumask list: 64-95
cpumask list: 96-127
# ========
# captured on : Thu Aug 1 22:58:38 2019
# header version : 1
...
# CPU 0: Core ID 0, Socket ID 36
# CPU 1: Core ID 1, Socket ID 36
...
# CPU 126: Core ID 126, Socket ID 8442
# CPU 127: Core ID 127, Socket ID 8442
...
Signed-off-by: Tan Xiaojun <tanxiaojun@huawei.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Tzvetomir Stoyanov (VMware) <tz.stoyanov@gmail.com>
Link: http://lkml.kernel.org/r/1564717737-21602-1-git-send-email-tanxiaojun@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
| 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--git a/tools/perf/util/header.c b/tools/perf/util/header.c
index abe9af8679678..1bc72fe47c2da 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -2205,8 +2205,10 @@ static int process_cpu_topology(struct feat_fd *ff, void *data __maybe_unused)
/* On s390 the socket_id number is not related to the numbers of cpus.
* The socket_id number might be higher than the numbers of cpus.
* This depends on the configuration.
+ * AArch64 is the same.
*/
- if (ph->env.arch && !strncmp(ph->env.arch, "s390", 4))
+ if (ph->env.arch && (!strncmp(ph->env.arch, "s390", 4)
+ || !strncmp(ph->env.arch, "aarch64", 7)))
do_core_id_test = false;
for (i = 0; i < (u32)cpu_nr; i++) {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 103/313] media: vsp1: fix memory leak of dl on error return path
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (100 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 102/313] perf record: Support aarch64 random socket_id assignment Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 104/313] media: i2c: ov5645: Fix power sequence Greg Kroah-Hartman
` (214 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Kieran Bingham,
Laurent Pinchart, Mauro Carvalho Chehab, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 70c55c1ad1a76e804ee5330e134674f5d2741cb7 ]
Currently when the call vsp1_dl_body_get fails and returns null the
error return path leaks the allocation of dl. Fix this by kfree'ing
dl before returning.
Addresses-Coverity: ("Resource leak")
Fixes: 5d7936b8e27d ("media: vsp1: Convert display lists to use new body pool")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vsp1/vsp1_dl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/vsp1/vsp1_dl.c b/drivers/media/platform/vsp1/vsp1_dl.c
index 104b6f5145364..d7b43037e500a 100644
--- a/drivers/media/platform/vsp1/vsp1_dl.c
+++ b/drivers/media/platform/vsp1/vsp1_dl.c
@@ -557,8 +557,10 @@ static struct vsp1_dl_list *vsp1_dl_list_alloc(struct vsp1_dl_manager *dlm)
/* Get a default body for our list. */
dl->body0 = vsp1_dl_body_get(dlm->pool);
- if (!dl->body0)
+ if (!dl->body0) {
+ kfree(dl);
return NULL;
+ }
header_offset = dl->body0->max_entries * sizeof(*dl->body0->entries);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 104/313] media: i2c: ov5645: Fix power sequence
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (101 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 103/313] media: vsp1: fix memory leak of dl on error return path Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 105/313] media: omap3isp: Dont set streaming state on random subdevs Greg Kroah-Hartman
` (213 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Ezequiel Garcia,
Philipp Zabel, Jacopo Mondi, Sakari Ailus, Mauro Carvalho Chehab,
Sasha Levin
From: Ezequiel Garcia <ezequiel@collabora.com>
[ Upstream commit 092e8eb90a7dc7dd210cd4e2ea36075d0a7f96af ]
This is mostly a port of Jacopo's fix:
commit aa4bb8b8838ffcc776a79f49a4d7476b82405349
Author: Jacopo Mondi <jacopo@jmondi.org>
Date: Fri Jul 6 05:51:52 2018 -0400
media: ov5640: Re-work MIPI startup sequence
In the OV5645 case, the changes are:
- At set_power(1) time power up MIPI Tx/Rx and set data and clock lanes in
LP11 during 'sleep' and 'idle' with MIPI clock in non-continuous mode.
- At set_power(0) time power down MIPI Tx/Rx (in addition to the current
power down of regulators and clock gating).
- At s_stream time enable/disable the MIPI interface output.
With this commit the sensor is able to enter LP-11 mode during power up,
as expected by some CSI-2 controllers.
Many thanks to Fabio Estevam for his help debugging this issue.
Tested-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Reviewed-by: Jacopo Mondi <jacopo@jmondi.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov5645.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/drivers/media/i2c/ov5645.c b/drivers/media/i2c/ov5645.c
index 124c8df046337..58972c884705c 100644
--- a/drivers/media/i2c/ov5645.c
+++ b/drivers/media/i2c/ov5645.c
@@ -45,6 +45,8 @@
#define OV5645_CHIP_ID_HIGH_BYTE 0x56
#define OV5645_CHIP_ID_LOW 0x300b
#define OV5645_CHIP_ID_LOW_BYTE 0x45
+#define OV5645_IO_MIPI_CTRL00 0x300e
+#define OV5645_PAD_OUTPUT00 0x3019
#define OV5645_AWB_MANUAL_CONTROL 0x3406
#define OV5645_AWB_MANUAL_ENABLE BIT(0)
#define OV5645_AEC_PK_MANUAL 0x3503
@@ -55,6 +57,7 @@
#define OV5645_ISP_VFLIP BIT(2)
#define OV5645_TIMING_TC_REG21 0x3821
#define OV5645_SENSOR_MIRROR BIT(1)
+#define OV5645_MIPI_CTRL00 0x4800
#define OV5645_PRE_ISP_TEST_SETTING_1 0x503d
#define OV5645_TEST_PATTERN_MASK 0x3
#define OV5645_SET_TEST_PATTERN(x) ((x) & OV5645_TEST_PATTERN_MASK)
@@ -121,7 +124,6 @@ static const struct reg_value ov5645_global_init_setting[] = {
{ 0x3503, 0x07 },
{ 0x3002, 0x1c },
{ 0x3006, 0xc3 },
- { 0x300e, 0x45 },
{ 0x3017, 0x00 },
{ 0x3018, 0x00 },
{ 0x302e, 0x0b },
@@ -350,7 +352,10 @@ static const struct reg_value ov5645_global_init_setting[] = {
{ 0x3a1f, 0x14 },
{ 0x0601, 0x02 },
{ 0x3008, 0x42 },
- { 0x3008, 0x02 }
+ { 0x3008, 0x02 },
+ { OV5645_IO_MIPI_CTRL00, 0x40 },
+ { OV5645_MIPI_CTRL00, 0x24 },
+ { OV5645_PAD_OUTPUT00, 0x70 }
};
static const struct reg_value ov5645_setting_sxga[] = {
@@ -737,13 +742,9 @@ static int ov5645_s_power(struct v4l2_subdev *sd, int on)
goto exit;
}
- ret = ov5645_write_reg(ov5645, OV5645_SYSTEM_CTRL0,
- OV5645_SYSTEM_CTRL0_STOP);
- if (ret < 0) {
- ov5645_set_power_off(ov5645);
- goto exit;
- }
+ usleep_range(500, 1000);
} else {
+ ov5645_write_reg(ov5645, OV5645_IO_MIPI_CTRL00, 0x58);
ov5645_set_power_off(ov5645);
}
}
@@ -1049,11 +1050,20 @@ static int ov5645_s_stream(struct v4l2_subdev *subdev, int enable)
dev_err(ov5645->dev, "could not sync v4l2 controls\n");
return ret;
}
+
+ ret = ov5645_write_reg(ov5645, OV5645_IO_MIPI_CTRL00, 0x45);
+ if (ret < 0)
+ return ret;
+
ret = ov5645_write_reg(ov5645, OV5645_SYSTEM_CTRL0,
OV5645_SYSTEM_CTRL0_START);
if (ret < 0)
return ret;
} else {
+ ret = ov5645_write_reg(ov5645, OV5645_IO_MIPI_CTRL00, 0x40);
+ if (ret < 0)
+ return ret;
+
ret = ov5645_write_reg(ov5645, OV5645_SYSTEM_CTRL0,
OV5645_SYSTEM_CTRL0_STOP);
if (ret < 0)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 105/313] media: omap3isp: Dont set streaming state on random subdevs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (102 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 104/313] media: i2c: ov5645: Fix power sequence Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 106/313] media: imx: mipi csi-2: Dont fail if initial state times-out Greg Kroah-Hartman
` (212 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
From: Sakari Ailus <sakari.ailus@linux.intel.com>
[ Upstream commit 7ef57be07ac146e70535747797ef4aee0f06e9f9 ]
The streaming state should be set to the first upstream sub-device only,
not everywhere, for a sub-device driver itself knows how to best control
the streaming state of its own upstream sub-devices.
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/omap3isp/isp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/media/platform/omap3isp/isp.c b/drivers/media/platform/omap3isp/isp.c
index 38849f0ba09d3..8a87f427c056e 100644
--- a/drivers/media/platform/omap3isp/isp.c
+++ b/drivers/media/platform/omap3isp/isp.c
@@ -719,6 +719,10 @@ static int isp_pipeline_enable(struct isp_pipeline *pipe,
s_stream, mode);
pipe->do_propagation = true;
}
+
+ /* Stop at the first external sub-device. */
+ if (subdev->dev != isp->dev)
+ break;
}
return 0;
@@ -833,6 +837,10 @@ static int isp_pipeline_disable(struct isp_pipeline *pipe)
&subdev->entity);
failure = -ETIMEDOUT;
}
+
+ /* Stop at the first external sub-device. */
+ if (subdev->dev != isp->dev)
+ break;
}
return failure;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 106/313] media: imx: mipi csi-2: Dont fail if initial state times-out
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (103 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 105/313] media: omap3isp: Dont set streaming state on random subdevs Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 107/313] kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE Greg Kroah-Hartman
` (211 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Fabio Estevam,
Steve Longerbeam, Philipp Zabel, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
From: Ezequiel Garcia <ezequiel@collabora.com>
[ Upstream commit 0d5078c7172c46db6c58718d817b9fcf769554b4 ]
Not all sensors will be able to guarantee a proper initial state.
This may be either because the driver is not properly written,
or (probably unlikely) because the hardware won't support it.
While the right solution in the former case is to fix the sensor
driver, the real world not always allows right solutions, due to lack
of available documentation and support on these sensors.
Let's relax this requirement, and allow the driver to support stream start,
even if the sensor initial sequence wasn't the expected.
Also improve the warning message to better explain the problem and provide
a hint that the sensor driver needs to be fixed.
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Steve Longerbeam <slongerbeam@gmail.com>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/imx/imx6-mipi-csi2.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/drivers/staging/media/imx/imx6-mipi-csi2.c b/drivers/staging/media/imx/imx6-mipi-csi2.c
index f29e28df36ed8..bfa4b254c4e48 100644
--- a/drivers/staging/media/imx/imx6-mipi-csi2.c
+++ b/drivers/staging/media/imx/imx6-mipi-csi2.c
@@ -243,7 +243,7 @@ static int __maybe_unused csi2_dphy_wait_ulp(struct csi2_dev *csi2)
}
/* Waits for low-power LP-11 state on data and clock lanes. */
-static int csi2_dphy_wait_stopstate(struct csi2_dev *csi2)
+static void csi2_dphy_wait_stopstate(struct csi2_dev *csi2)
{
u32 mask, reg;
int ret;
@@ -254,11 +254,9 @@ static int csi2_dphy_wait_stopstate(struct csi2_dev *csi2)
ret = readl_poll_timeout(csi2->base + CSI2_PHY_STATE, reg,
(reg & mask) == mask, 0, 500000);
if (ret) {
- v4l2_err(&csi2->sd, "LP-11 timeout, phy_state = 0x%08x\n", reg);
- return ret;
+ v4l2_warn(&csi2->sd, "LP-11 wait timeout, likely a sensor driver bug, expect capture failures.\n");
+ v4l2_warn(&csi2->sd, "phy_state = 0x%08x\n", reg);
}
-
- return 0;
}
/* Wait for active clock on the clock lane. */
@@ -316,9 +314,7 @@ static int csi2_start(struct csi2_dev *csi2)
csi2_enable(csi2, true);
/* Step 5 */
- ret = csi2_dphy_wait_stopstate(csi2);
- if (ret)
- goto err_assert_reset;
+ csi2_dphy_wait_stopstate(csi2);
/* Step 6 */
ret = v4l2_subdev_call(csi2->src_sd, video, s_stream, 1);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 107/313] kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (104 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 106/313] media: imx: mipi csi-2: Dont fail if initial state times-out Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 108/313] net: lpc-enet: fix printk format strings Greg Kroah-Hartman
` (210 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Catalin Marinas, Mark Rutland,
Andrey Ryabinin, Will Deacon, Sasha Levin
From: Mark Rutland <mark.rutland@arm.com>
[ Upstream commit 34b5560db40d2941cfbe82eca1641353d5aed1a9 ]
The generic Makefile.kasan propagates CONFIG_KASAN_SHADOW_OFFSET into
KASAN_SHADOW_OFFSET, but only does so for CONFIG_KASAN_GENERIC.
Since commit:
6bd1d0be0e97936d ("arm64: kasan: Switch to using KASAN_SHADOW_OFFSET")
... arm64 defines CONFIG_KASAN_SHADOW_OFFSET in Kconfig rather than
defining KASAN_SHADOW_OFFSET in a Makefile. Thus, if
CONFIG_KASAN_SW_TAGS && KASAN_INLINE are selected, we get build time
splats due to KASAN_SHADOW_OFFSET not being set:
| [mark@lakrids:~/src/linux]% usellvm 8.0.1 usekorg 8.1.0 make ARCH=arm64 CROSS_COMPILE=aarch64-linux- CC=clang
| scripts/kconfig/conf --syncconfig Kconfig
| CC scripts/mod/empty.o
| clang (LLVM option parsing): for the -hwasan-mapping-offset option: '' value invalid for uint argument!
| scripts/Makefile.build:273: recipe for target 'scripts/mod/empty.o' failed
| make[1]: *** [scripts/mod/empty.o] Error 1
| Makefile:1123: recipe for target 'prepare0' failed
| make: *** [prepare0] Error 2
Let's fix this by always propagating CONFIG_KASAN_SHADOW_OFFSET into
KASAN_SHADOW_OFFSET if CONFIG_KASAN is selected, moving the existing
common definition of +CFLAGS_KASAN_NOSANITIZE to the top of
Makefile.kasan.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Tested-by Steve Capper <steve.capper@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/Makefile.kasan | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
index 6410bd22fe387..03757cc60e06c 100644
--- a/scripts/Makefile.kasan
+++ b/scripts/Makefile.kasan
@@ -1,4 +1,9 @@
# SPDX-License-Identifier: GPL-2.0
+ifdef CONFIG_KASAN
+CFLAGS_KASAN_NOSANITIZE := -fno-builtin
+KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
+endif
+
ifdef CONFIG_KASAN_GENERIC
ifdef CONFIG_KASAN_INLINE
@@ -7,8 +12,6 @@ else
call_threshold := 0
endif
-KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET)
-
CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address
cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1)))
@@ -45,7 +48,3 @@ CFLAGS_KASAN := -fsanitize=kernel-hwaddress \
$(instrumentation_flags)
endif # CONFIG_KASAN_SW_TAGS
-
-ifdef CONFIG_KASAN
-CFLAGS_KASAN_NOSANITIZE := -fno-builtin
-endif
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 108/313] net: lpc-enet: fix printk format strings
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (105 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 107/313] kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 109/313] m68k: Prevent some compiler warnings in Coldfire builds Greg Kroah-Hartman
` (209 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Arnd Bergmann,
Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit de6f97b2bace0e2eb6c3a86e124d1e652a587b56 ]
compile-testing this driver on other architectures showed
multiple warnings:
drivers/net/ethernet/nxp/lpc_eth.c: In function 'lpc_eth_drv_probe':
drivers/net/ethernet/nxp/lpc_eth.c:1337:19: warning: format '%d' expects argument of type 'int', but argument 4 has type 'resource_size_t {aka long long unsigned int}' [-Wformat=]
drivers/net/ethernet/nxp/lpc_eth.c:1342:19: warning: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'dma_addr_t {aka long long unsigned int}' [-Wformat=]
Use format strings that work on all architectures.
Link: https://lore.kernel.org/r/20190809144043.476786-10-arnd@arndb.de
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/nxp/lpc_eth.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/nxp/lpc_eth.c b/drivers/net/ethernet/nxp/lpc_eth.c
index f7e11f1b0426c..b0c8be127bee1 100644
--- a/drivers/net/ethernet/nxp/lpc_eth.c
+++ b/drivers/net/ethernet/nxp/lpc_eth.c
@@ -1344,13 +1344,14 @@ static int lpc_eth_drv_probe(struct platform_device *pdev)
pldat->dma_buff_base_p = dma_handle;
netdev_dbg(ndev, "IO address space :%pR\n", res);
- netdev_dbg(ndev, "IO address size :%d\n", resource_size(res));
+ netdev_dbg(ndev, "IO address size :%zd\n",
+ (size_t)resource_size(res));
netdev_dbg(ndev, "IO address (mapped) :0x%p\n",
pldat->net_base);
netdev_dbg(ndev, "IRQ number :%d\n", ndev->irq);
- netdev_dbg(ndev, "DMA buffer size :%d\n", pldat->dma_buff_size);
- netdev_dbg(ndev, "DMA buffer P address :0x%08x\n",
- pldat->dma_buff_base_p);
+ netdev_dbg(ndev, "DMA buffer size :%zd\n", pldat->dma_buff_size);
+ netdev_dbg(ndev, "DMA buffer P address :%pad\n",
+ &pldat->dma_buff_base_p);
netdev_dbg(ndev, "DMA buffer V address :0x%p\n",
pldat->dma_buff_base_v);
@@ -1397,8 +1398,8 @@ static int lpc_eth_drv_probe(struct platform_device *pdev)
if (ret)
goto err_out_unregister_netdev;
- netdev_info(ndev, "LPC mac at 0x%08x irq %d\n",
- res->start, ndev->irq);
+ netdev_info(ndev, "LPC mac at 0x%08lx irq %d\n",
+ (unsigned long)res->start, ndev->irq);
device_init_wakeup(dev, 1);
device_set_wakeup_enable(dev, 0);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 109/313] m68k: Prevent some compiler warnings in Coldfire builds
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (106 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 108/313] net: lpc-enet: fix printk format strings Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 110/313] ARM: dts: imx7d: cl-som-imx7: make ethernet work again Greg Kroah-Hartman
` (208 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Finn Thain, Greg Ungerer,
Geert Uytterhoeven, Sasha Levin
From: Finn Thain <fthain@telegraphics.com.au>
[ Upstream commit 94c04390225bcd8283103fd0c04be20cc30cc979 ]
Since commit d3b41b6bb49e ("m68k: Dispatch nvram_ops calls to Atari or
Mac functions"), Coldfire builds generate compiler warnings due to the
unconditional inclusion of asm/atarihw.h and asm/macintosh.h.
The inclusion of asm/atarihw.h causes warnings like this:
In file included from ./arch/m68k/include/asm/atarihw.h:25:0,
from arch/m68k/kernel/setup_mm.c:41,
from arch/m68k/kernel/setup.c:3:
./arch/m68k/include/asm/raw_io.h:39:0: warning: "__raw_readb" redefined
#define __raw_readb in_8
In file included from ./arch/m68k/include/asm/io.h:6:0,
from arch/m68k/kernel/setup_mm.c:36,
from arch/m68k/kernel/setup.c:3:
./arch/m68k/include/asm/io_no.h:16:0: note: this is the location of the previous definition
#define __raw_readb(addr) \
...
This issue is resolved by dropping the asm/raw_io.h include. It turns out
that asm/io_mm.h already includes that header file.
Moving the relevant macro definitions helps to clarify this dependency
and make it safe to include asm/atarihw.h.
The other warnings look like this:
In file included from arch/m68k/kernel/setup_mm.c:48:0,
from arch/m68k/kernel/setup.c:3:
./arch/m68k/include/asm/macintosh.h:19:35: warning: 'struct irq_data' declared inside parameter list will not be visible outside of this definition or declaration
extern void mac_irq_enable(struct irq_data *data);
^~~~~~~~
...
This issue is resolved by adding the missing linux/irq.h include.
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Acked-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/include/asm/atarihw.h | 9 ---------
arch/m68k/include/asm/io_mm.h | 6 +++++-
arch/m68k/include/asm/macintosh.h | 1 +
3 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/arch/m68k/include/asm/atarihw.h b/arch/m68k/include/asm/atarihw.h
index 533008262b691..5e5601c382b80 100644
--- a/arch/m68k/include/asm/atarihw.h
+++ b/arch/m68k/include/asm/atarihw.h
@@ -22,7 +22,6 @@
#include <linux/types.h>
#include <asm/bootinfo-atari.h>
-#include <asm/raw_io.h>
#include <asm/kmap.h>
extern u_long atari_mch_cookie;
@@ -132,14 +131,6 @@ extern struct atari_hw_present atari_hw_present;
*/
-#define atari_readb raw_inb
-#define atari_writeb raw_outb
-
-#define atari_inb_p raw_inb
-#define atari_outb_p raw_outb
-
-
-
#include <linux/mm.h>
#include <asm/cacheflush.h>
diff --git a/arch/m68k/include/asm/io_mm.h b/arch/m68k/include/asm/io_mm.h
index 6c03ca5bc4365..819f611dccf28 100644
--- a/arch/m68k/include/asm/io_mm.h
+++ b/arch/m68k/include/asm/io_mm.h
@@ -29,7 +29,11 @@
#include <asm-generic/iomap.h>
#ifdef CONFIG_ATARI
-#include <asm/atarihw.h>
+#define atari_readb raw_inb
+#define atari_writeb raw_outb
+
+#define atari_inb_p raw_inb
+#define atari_outb_p raw_outb
#endif
diff --git a/arch/m68k/include/asm/macintosh.h b/arch/m68k/include/asm/macintosh.h
index d9a08bed4b128..f653b60f2afcf 100644
--- a/arch/m68k/include/asm/macintosh.h
+++ b/arch/m68k/include/asm/macintosh.h
@@ -4,6 +4,7 @@
#include <linux/seq_file.h>
#include <linux/interrupt.h>
+#include <linux/irq.h>
#include <asm/bootinfo-mac.h>
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 110/313] ARM: dts: imx7d: cl-som-imx7: make ethernet work again
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (107 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 109/313] m68k: Prevent some compiler warnings in Coldfire builds Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 111/313] ARM: dts: imx7-colibri: disable HS400 Greg Kroah-Hartman
` (207 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, André Draszik, Ilya Ledvich,
Igor Grinberg, Rob Herring, Mark Rutland, Shawn Guo,
Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
NXP Linux Team, devicetree, linux-arm-kernel, Sasha Levin
From: André Draszik <git@andred.net>
[ Upstream commit 9846a4524ac90b63496580b7ad50674b40d92a8f ]
Recent changes to the atheros at803x driver caused
ethernet to stop working on this board.
In particular commit 6d4cd041f0af
("net: phy: at803x: disable delay only for RGMII mode")
and commit cd28d1d6e52e
("net: phy: at803x: Disable phy delay for RGMII mode")
fix the AR8031 driver to configure the phy's (RX/TX)
delays as per the 'phy-mode' in the device tree.
This now prevents ethernet from working on this board.
It used to work before those commits, because the
AR8031 comes out of reset with RX delay enabled, and
the at803x driver didn't touch the delay configuration
at all when "rgmii" mode was selected, and because
arch/arm/mach-imx/mach-imx7d.c:ar8031_phy_fixup()
unconditionally enables TX delay.
Since above commits ar8031_phy_fixup() also has no
effect anymore, and the end-result is that all delays
are disabled in the phy, no ethernet.
Update the device tree to restore functionality.
Signed-off-by: André Draszik <git@andred.net>
CC: Ilya Ledvich <ilya@compulab.co.il>
CC: Igor Grinberg <grinberg@compulab.co.il>
CC: Rob Herring <robh+dt@kernel.org>
CC: Mark Rutland <mark.rutland@arm.com>
CC: Shawn Guo <shawnguo@kernel.org>
CC: Sascha Hauer <s.hauer@pengutronix.de>
CC: Pengutronix Kernel Team <kernel@pengutronix.de>
CC: Fabio Estevam <festevam@gmail.com>
CC: NXP Linux Team <linux-imx@nxp.com>
CC: devicetree@vger.kernel.org
CC: linux-arm-kernel@lists.infradead.org
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/imx7d-cl-som-imx7.dts b/arch/arm/boot/dts/imx7d-cl-som-imx7.dts
index e61567437d73c..62d5e9a4a7818 100644
--- a/arch/arm/boot/dts/imx7d-cl-som-imx7.dts
+++ b/arch/arm/boot/dts/imx7d-cl-som-imx7.dts
@@ -44,7 +44,7 @@
<&clks IMX7D_ENET1_TIME_ROOT_CLK>;
assigned-clock-parents = <&clks IMX7D_PLL_ENET_MAIN_100M_CLK>;
assigned-clock-rates = <0>, <100000000>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
phy-handle = <ðphy0>;
fsl,magic-packet;
status = "okay";
@@ -70,7 +70,7 @@
<&clks IMX7D_ENET2_TIME_ROOT_CLK>;
assigned-clock-parents = <&clks IMX7D_PLL_ENET_MAIN_100M_CLK>;
assigned-clock-rates = <0>, <100000000>;
- phy-mode = "rgmii";
+ phy-mode = "rgmii-id";
phy-handle = <ðphy1>;
fsl,magic-packet;
status = "okay";
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 111/313] ARM: dts: imx7-colibri: disable HS400
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (108 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 110/313] ARM: dts: imx7d: cl-som-imx7: make ethernet work again Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 112/313] x86/platform/intel/iosf_mbi Rewrite locking Greg Kroah-Hartman
` (206 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Agner, Philippe Schenker,
Oleksandr Suvorov, Shawn Guo, Sasha Levin
From: Stefan Agner <stefan.agner@toradex.com>
[ Upstream commit a95fbda08ee20cd063ce5826e0df95a2c22ea8c5 ]
Force HS200 by masking bit 63 of the SDHCI capability register.
The i.MX ESDHC driver uses SDHCI_QUIRK2_CAPS_BIT63_FOR_HS400. With
that the stack checks bit 63 to descide whether HS400 is available.
Using sdhci-caps-mask allows to mask bit 63. The stack then selects
HS200 as operating mode.
This prevents rare communication errors with minimal effect on
performance:
sdhci-esdhc-imx 30b60000.usdhc: warning! HS400 strobe DLL
status REF not lock!
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Philippe Schenker <philippe.schenker@toradex.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx7-colibri.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/boot/dts/imx7-colibri.dtsi b/arch/arm/boot/dts/imx7-colibri.dtsi
index 895fbde4d4333..c1ed83131b495 100644
--- a/arch/arm/boot/dts/imx7-colibri.dtsi
+++ b/arch/arm/boot/dts/imx7-colibri.dtsi
@@ -323,6 +323,7 @@
vmmc-supply = <®_module_3v3>;
vqmmc-supply = <®_DCDC3>;
non-removable;
+ sdhci-caps-mask = <0x80000000 0x0>;
};
&iomuxc {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 112/313] x86/platform/intel/iosf_mbi Rewrite locking
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (109 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 111/313] ARM: dts: imx7-colibri: disable HS400 Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 113/313] media: radio/si470x: kill urb on error Greg Kroah-Hartman
` (205 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Thomas Gleixner,
Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 00452ba9fdb5bf6fb5fea1dae5227b4bbed44fc4 ]
There are 2 problems with the old iosf PMIC I2C bus arbritration code which
need to be addressed:
1. The lockdep code complains about a possible deadlock in the
iosf_mbi_[un]block_punit_i2c_access code:
[ 6.712662] ======================================================
[ 6.712673] WARNING: possible circular locking dependency detected
[ 6.712685] 5.3.0-rc2+ #79 Not tainted
[ 6.712692] ------------------------------------------------------
[ 6.712702] kworker/0:1/7 is trying to acquire lock:
[ 6.712712] 00000000df1c5681 (iosf_mbi_block_punit_i2c_access_count_mutex){+.+.}, at: iosf_mbi_unblock_punit_i2c_access+0x13/0x90
[ 6.712739]
but task is already holding lock:
[ 6.712749] 0000000067cb23e7 (iosf_mbi_punit_mutex){+.+.}, at: iosf_mbi_block_punit_i2c_access+0x97/0x186
[ 6.712768]
which lock already depends on the new lock.
[ 6.712780]
the existing dependency chain (in reverse order) is:
[ 6.712792]
-> #1 (iosf_mbi_punit_mutex){+.+.}:
[ 6.712808] __mutex_lock+0xa8/0x9a0
[ 6.712818] iosf_mbi_block_punit_i2c_access+0x97/0x186
[ 6.712831] i2c_dw_acquire_lock+0x20/0x30
[ 6.712841] i2c_dw_set_reg_access+0x15/0xb0
[ 6.712851] i2c_dw_probe+0x57/0x473
[ 6.712861] dw_i2c_plat_probe+0x33e/0x640
[ 6.712874] platform_drv_probe+0x38/0x80
[ 6.712884] really_probe+0xf3/0x380
[ 6.712894] driver_probe_device+0x59/0xd0
[ 6.712905] bus_for_each_drv+0x84/0xd0
[ 6.712915] __device_attach+0xe4/0x170
[ 6.712925] bus_probe_device+0x9f/0xb0
[ 6.712935] deferred_probe_work_func+0x79/0xd0
[ 6.712946] process_one_work+0x234/0x560
[ 6.712957] worker_thread+0x50/0x3b0
[ 6.712967] kthread+0x10a/0x140
[ 6.712977] ret_from_fork+0x3a/0x50
[ 6.712986]
-> #0 (iosf_mbi_block_punit_i2c_access_count_mutex){+.+.}:
[ 6.713004] __lock_acquire+0xe07/0x1930
[ 6.713015] lock_acquire+0x9d/0x1a0
[ 6.713025] __mutex_lock+0xa8/0x9a0
[ 6.713035] iosf_mbi_unblock_punit_i2c_access+0x13/0x90
[ 6.713047] i2c_dw_set_reg_access+0x4d/0xb0
[ 6.713058] i2c_dw_probe+0x57/0x473
[ 6.713068] dw_i2c_plat_probe+0x33e/0x640
[ 6.713079] platform_drv_probe+0x38/0x80
[ 6.713089] really_probe+0xf3/0x380
[ 6.713099] driver_probe_device+0x59/0xd0
[ 6.713109] bus_for_each_drv+0x84/0xd0
[ 6.713119] __device_attach+0xe4/0x170
[ 6.713129] bus_probe_device+0x9f/0xb0
[ 6.713140] deferred_probe_work_func+0x79/0xd0
[ 6.713150] process_one_work+0x234/0x560
[ 6.713160] worker_thread+0x50/0x3b0
[ 6.713170] kthread+0x10a/0x140
[ 6.713180] ret_from_fork+0x3a/0x50
[ 6.713189]
other info that might help us debug this:
[ 6.713202] Possible unsafe locking scenario:
[ 6.713212] CPU0 CPU1
[ 6.713221] ---- ----
[ 6.713229] lock(iosf_mbi_punit_mutex);
[ 6.713239] lock(iosf_mbi_block_punit_i2c_access_count_mutex);
[ 6.713253] lock(iosf_mbi_punit_mutex);
[ 6.713265] lock(iosf_mbi_block_punit_i2c_access_count_mutex);
[ 6.713276]
*** DEADLOCK ***
In practice can never happen because only the first caller which
increments iosf_mbi_block_punit_i2c_access_count will also take
iosf_mbi_punit_mutex, that is the whole purpose of the counter, which
itself is protected by iosf_mbi_block_punit_i2c_access_count_mutex.
But there is no way to tell the lockdep code about this and we really
want to be able to run a kernel with lockdep enabled without these
warnings being triggered.
2. The lockdep warning also points out another real problem, if 2 threads
both are in a block of code protected by iosf_mbi_block_punit_i2c_access
and the first thread to acquire the block exits before the second thread
then the second thread will call mutex_unlock on iosf_mbi_punit_mutex,
but it is not the thread which took the mutex and unlocking by another
thread is not allowed.
Fix this by getting rid of the notion of holding a mutex for the entire
duration of the PMIC accesses, be it either from the PUnit side, or from an
in kernel I2C driver. In general holding a mutex after exiting a function
is a bad idea and the above problems show this case is no different.
Instead 2 counters are now used, one for PMIC accesses from the PUnit
and one for accesses from in kernel I2C code. When access is requested
now the code will wait (using a waitqueue) for the counter of the other
type of access to reach 0 and on release, if the counter reaches 0 the
wakequeue is woken.
Note that the counter approach is necessary to allow nested calls.
The main reason for this is so that a series of i2c transfers can be done
with the punit blocked from accessing the bus the whole time. This is
necessary to be able to safely read/modify/write a PMIC register without
racing with the PUNIT doing the same thing.
Allowing nested iosf_mbi_block_punit_i2c_access() calls also is desirable
from a performance pov since the whole dance necessary to block the PUnit
from accessing the PMIC I2C bus is somewhat expensive.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lkml.kernel.org/r/20190812102113.95794-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/platform/intel/iosf_mbi.c | 100 ++++++++++++++++++-----------
1 file changed, 62 insertions(+), 38 deletions(-)
diff --git a/arch/x86/platform/intel/iosf_mbi.c b/arch/x86/platform/intel/iosf_mbi.c
index b393eaa798efd..0099826c88a87 100644
--- a/arch/x86/platform/intel/iosf_mbi.c
+++ b/arch/x86/platform/intel/iosf_mbi.c
@@ -17,6 +17,7 @@
#include <linux/debugfs.h>
#include <linux/capability.h>
#include <linux/pm_qos.h>
+#include <linux/wait.h>
#include <asm/iosf_mbi.h>
@@ -201,23 +202,45 @@ EXPORT_SYMBOL(iosf_mbi_available);
#define PUNIT_SEMAPHORE_BIT BIT(0)
#define PUNIT_SEMAPHORE_ACQUIRE BIT(1)
-static DEFINE_MUTEX(iosf_mbi_punit_mutex);
-static DEFINE_MUTEX(iosf_mbi_block_punit_i2c_access_count_mutex);
+static DEFINE_MUTEX(iosf_mbi_pmic_access_mutex);
static BLOCKING_NOTIFIER_HEAD(iosf_mbi_pmic_bus_access_notifier);
-static u32 iosf_mbi_block_punit_i2c_access_count;
+static DECLARE_WAIT_QUEUE_HEAD(iosf_mbi_pmic_access_waitq);
+static u32 iosf_mbi_pmic_punit_access_count;
+static u32 iosf_mbi_pmic_i2c_access_count;
static u32 iosf_mbi_sem_address;
static unsigned long iosf_mbi_sem_acquired;
static struct pm_qos_request iosf_mbi_pm_qos;
void iosf_mbi_punit_acquire(void)
{
- mutex_lock(&iosf_mbi_punit_mutex);
+ /* Wait for any I2C PMIC accesses from in kernel drivers to finish. */
+ mutex_lock(&iosf_mbi_pmic_access_mutex);
+ while (iosf_mbi_pmic_i2c_access_count != 0) {
+ mutex_unlock(&iosf_mbi_pmic_access_mutex);
+ wait_event(iosf_mbi_pmic_access_waitq,
+ iosf_mbi_pmic_i2c_access_count == 0);
+ mutex_lock(&iosf_mbi_pmic_access_mutex);
+ }
+ /*
+ * We do not need to do anything to allow the PUNIT to safely access
+ * the PMIC, other then block in kernel accesses to the PMIC.
+ */
+ iosf_mbi_pmic_punit_access_count++;
+ mutex_unlock(&iosf_mbi_pmic_access_mutex);
}
EXPORT_SYMBOL(iosf_mbi_punit_acquire);
void iosf_mbi_punit_release(void)
{
- mutex_unlock(&iosf_mbi_punit_mutex);
+ bool do_wakeup;
+
+ mutex_lock(&iosf_mbi_pmic_access_mutex);
+ iosf_mbi_pmic_punit_access_count--;
+ do_wakeup = iosf_mbi_pmic_punit_access_count == 0;
+ mutex_unlock(&iosf_mbi_pmic_access_mutex);
+
+ if (do_wakeup)
+ wake_up(&iosf_mbi_pmic_access_waitq);
}
EXPORT_SYMBOL(iosf_mbi_punit_release);
@@ -256,34 +279,32 @@ static void iosf_mbi_reset_semaphore(void)
* already blocked P-Unit accesses because it wants them blocked over multiple
* i2c-transfers, for e.g. read-modify-write of an I2C client register.
*
- * The P-Unit accesses already being blocked is tracked through the
- * iosf_mbi_block_punit_i2c_access_count variable which is protected by the
- * iosf_mbi_block_punit_i2c_access_count_mutex this mutex is hold for the
- * entire duration of the function.
- *
- * If access is not blocked yet, this function takes the following steps:
+ * To allow safe PMIC i2c bus accesses this function takes the following steps:
*
* 1) Some code sends request to the P-Unit which make it access the PMIC
* I2C bus. Testing has shown that the P-Unit does not check its internal
* PMIC bus semaphore for these requests. Callers of these requests call
* iosf_mbi_punit_acquire()/_release() around their P-Unit accesses, these
- * functions lock/unlock the iosf_mbi_punit_mutex.
- * As the first step we lock the iosf_mbi_punit_mutex, to wait for any in
- * flight requests to finish and to block any new requests.
+ * functions increase/decrease iosf_mbi_pmic_punit_access_count, so first
+ * we wait for iosf_mbi_pmic_punit_access_count to become 0.
+ *
+ * 2) Check iosf_mbi_pmic_i2c_access_count, if access has already
+ * been blocked by another caller, we only need to increment
+ * iosf_mbi_pmic_i2c_access_count and we can skip the other steps.
*
- * 2) Some code makes such P-Unit requests from atomic contexts where it
+ * 3) Some code makes such P-Unit requests from atomic contexts where it
* cannot call iosf_mbi_punit_acquire() as that may sleep.
* As the second step we call a notifier chain which allows any code
* needing P-Unit resources from atomic context to acquire them before
* we take control over the PMIC I2C bus.
*
- * 3) When CPU cores enter C6 or C7 the P-Unit needs to talk to the PMIC
+ * 4) When CPU cores enter C6 or C7 the P-Unit needs to talk to the PMIC
* if this happens while the kernel itself is accessing the PMIC I2C bus
* the SoC hangs.
* As the third step we call pm_qos_update_request() to disallow the CPU
* to enter C6 or C7.
*
- * 4) The P-Unit has a PMIC bus semaphore which we can request to stop
+ * 5) The P-Unit has a PMIC bus semaphore which we can request to stop
* autonomous P-Unit tasks from accessing the PMIC I2C bus while we hold it.
* As the fourth and final step we request this semaphore and wait for our
* request to be acknowledged.
@@ -297,12 +318,18 @@ int iosf_mbi_block_punit_i2c_access(void)
if (WARN_ON(!mbi_pdev || !iosf_mbi_sem_address))
return -ENXIO;
- mutex_lock(&iosf_mbi_block_punit_i2c_access_count_mutex);
+ mutex_lock(&iosf_mbi_pmic_access_mutex);
- if (iosf_mbi_block_punit_i2c_access_count > 0)
+ while (iosf_mbi_pmic_punit_access_count != 0) {
+ mutex_unlock(&iosf_mbi_pmic_access_mutex);
+ wait_event(iosf_mbi_pmic_access_waitq,
+ iosf_mbi_pmic_punit_access_count == 0);
+ mutex_lock(&iosf_mbi_pmic_access_mutex);
+ }
+
+ if (iosf_mbi_pmic_i2c_access_count > 0)
goto success;
- mutex_lock(&iosf_mbi_punit_mutex);
blocking_notifier_call_chain(&iosf_mbi_pmic_bus_access_notifier,
MBI_PMIC_BUS_ACCESS_BEGIN, NULL);
@@ -330,10 +357,6 @@ int iosf_mbi_block_punit_i2c_access(void)
iosf_mbi_sem_acquired = jiffies;
dev_dbg(&mbi_pdev->dev, "P-Unit semaphore acquired after %ums\n",
jiffies_to_msecs(jiffies - start));
- /*
- * Success, keep iosf_mbi_punit_mutex locked till
- * iosf_mbi_unblock_punit_i2c_access() gets called.
- */
goto success;
}
@@ -344,15 +367,13 @@ int iosf_mbi_block_punit_i2c_access(void)
dev_err(&mbi_pdev->dev, "Error P-Unit semaphore timed out, resetting\n");
error:
iosf_mbi_reset_semaphore();
- mutex_unlock(&iosf_mbi_punit_mutex);
-
if (!iosf_mbi_get_sem(&sem))
dev_err(&mbi_pdev->dev, "P-Unit semaphore: %d\n", sem);
success:
if (!WARN_ON(ret))
- iosf_mbi_block_punit_i2c_access_count++;
+ iosf_mbi_pmic_i2c_access_count++;
- mutex_unlock(&iosf_mbi_block_punit_i2c_access_count_mutex);
+ mutex_unlock(&iosf_mbi_pmic_access_mutex);
return ret;
}
@@ -360,17 +381,20 @@ EXPORT_SYMBOL(iosf_mbi_block_punit_i2c_access);
void iosf_mbi_unblock_punit_i2c_access(void)
{
- mutex_lock(&iosf_mbi_block_punit_i2c_access_count_mutex);
+ bool do_wakeup = false;
- iosf_mbi_block_punit_i2c_access_count--;
- if (iosf_mbi_block_punit_i2c_access_count == 0) {
+ mutex_lock(&iosf_mbi_pmic_access_mutex);
+ iosf_mbi_pmic_i2c_access_count--;
+ if (iosf_mbi_pmic_i2c_access_count == 0) {
iosf_mbi_reset_semaphore();
- mutex_unlock(&iosf_mbi_punit_mutex);
dev_dbg(&mbi_pdev->dev, "punit semaphore held for %ums\n",
jiffies_to_msecs(jiffies - iosf_mbi_sem_acquired));
+ do_wakeup = true;
}
+ mutex_unlock(&iosf_mbi_pmic_access_mutex);
- mutex_unlock(&iosf_mbi_block_punit_i2c_access_count_mutex);
+ if (do_wakeup)
+ wake_up(&iosf_mbi_pmic_access_waitq);
}
EXPORT_SYMBOL(iosf_mbi_unblock_punit_i2c_access);
@@ -379,10 +403,10 @@ int iosf_mbi_register_pmic_bus_access_notifier(struct notifier_block *nb)
int ret;
/* Wait for the bus to go inactive before registering */
- mutex_lock(&iosf_mbi_punit_mutex);
+ iosf_mbi_punit_acquire();
ret = blocking_notifier_chain_register(
&iosf_mbi_pmic_bus_access_notifier, nb);
- mutex_unlock(&iosf_mbi_punit_mutex);
+ iosf_mbi_punit_release();
return ret;
}
@@ -403,9 +427,9 @@ int iosf_mbi_unregister_pmic_bus_access_notifier(struct notifier_block *nb)
int ret;
/* Wait for the bus to go inactive before unregistering */
- mutex_lock(&iosf_mbi_punit_mutex);
+ iosf_mbi_punit_acquire();
ret = iosf_mbi_unregister_pmic_bus_access_notifier_unlocked(nb);
- mutex_unlock(&iosf_mbi_punit_mutex);
+ iosf_mbi_punit_release();
return ret;
}
@@ -413,7 +437,7 @@ EXPORT_SYMBOL(iosf_mbi_unregister_pmic_bus_access_notifier);
void iosf_mbi_assert_punit_acquired(void)
{
- WARN_ON(!mutex_is_locked(&iosf_mbi_punit_mutex));
+ WARN_ON(iosf_mbi_pmic_punit_access_count == 0);
}
EXPORT_SYMBOL(iosf_mbi_assert_punit_acquired);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 113/313] media: radio/si470x: kill urb on error
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (110 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 112/313] x86/platform/intel/iosf_mbi Rewrite locking Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 114/313] media: hdpvr: add terminating 0 at end of string Greg Kroah-Hartman
` (204 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin, syzbot+2d4fc2a0c45ad8da7e99
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 0d616f2a3fdbf1304db44d451d9f07008556923b ]
In the probe() function radio->int_in_urb was not killed if an
error occurred in the probe sequence. It was also missing in
the disconnect.
This caused this syzbot issue:
https://syzkaller.appspot.com/bug?extid=2d4fc2a0c45ad8da7e99
Reported-and-tested-by: syzbot+2d4fc2a0c45ad8da7e99@syzkaller.appspotmail.com
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/radio/si470x/radio-si470x-usb.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/media/radio/si470x/radio-si470x-usb.c b/drivers/media/radio/si470x/radio-si470x-usb.c
index 58e622d573733..3dccce398113a 100644
--- a/drivers/media/radio/si470x/radio-si470x-usb.c
+++ b/drivers/media/radio/si470x/radio-si470x-usb.c
@@ -734,7 +734,7 @@ static int si470x_usb_driver_probe(struct usb_interface *intf,
/* start radio */
retval = si470x_start_usb(radio);
if (retval < 0)
- goto err_all;
+ goto err_buf;
/* set initial frequency */
si470x_set_freq(radio, 87.5 * FREQ_MUL); /* available in all regions */
@@ -749,6 +749,8 @@ static int si470x_usb_driver_probe(struct usb_interface *intf,
return 0;
err_all:
+ usb_kill_urb(radio->int_in_urb);
+err_buf:
kfree(radio->buffer);
err_ctrl:
v4l2_ctrl_handler_free(&radio->hdl);
@@ -822,6 +824,7 @@ static void si470x_usb_driver_disconnect(struct usb_interface *intf)
mutex_lock(&radio->lock);
v4l2_device_disconnect(&radio->v4l2_dev);
video_unregister_device(&radio->videodev);
+ usb_kill_urb(radio->int_in_urb);
usb_set_intfdata(intf, NULL);
mutex_unlock(&radio->lock);
v4l2_device_put(&radio->v4l2_dev);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 114/313] media: hdpvr: add terminating 0 at end of string
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (111 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 113/313] media: radio/si470x: kill urb on error Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 115/313] ASoC: uniphier: Fix double reset assersion when transitioning to suspend state Greg Kroah-Hartman
` (203 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin, syzbot+79d18aac4bf1770dd050
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 8b8900b729e4f31f12ac1127bde137c775c327e6 ]
dev->usbc_buf was passed as argument for %s, but it was not safeguarded
by a terminating 0.
This caused this syzbot issue:
https://syzkaller.appspot.com/bug?extid=79d18aac4bf1770dd050
Reported-and-tested-by: syzbot+79d18aac4bf1770dd050@syzkaller.appspotmail.com
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/hdpvr/hdpvr-core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/usb/hdpvr/hdpvr-core.c b/drivers/media/usb/hdpvr/hdpvr-core.c
index a0905c81d2cb2..b75c18a012a73 100644
--- a/drivers/media/usb/hdpvr/hdpvr-core.c
+++ b/drivers/media/usb/hdpvr/hdpvr-core.c
@@ -137,6 +137,7 @@ static int device_authorization(struct hdpvr_device *dev)
dev->fw_ver = dev->usbc_buf[1];
+ dev->usbc_buf[46] = '\0';
v4l2_info(&dev->v4l2_dev, "firmware version 0x%x dated %s\n",
dev->fw_ver, &dev->usbc_buf[2]);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 115/313] ASoC: uniphier: Fix double reset assersion when transitioning to suspend state
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (112 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 114/313] media: hdpvr: add terminating 0 at end of string Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 116/313] powerpc/Makefile: Always pass --synthetic to nm if supported Greg Kroah-Hartman
` (202 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kunihiko Hayashi, Mark Brown, Sasha Levin
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
[ Upstream commit c372a35550c8d60f673b20210eea58a06d6d38cb ]
When transitioning to supend state, uniphier_aio_dai_suspend() is called
and asserts reset lines and disables clocks.
However, if there are two or more DAIs, uniphier_aio_dai_suspend() are
called multiple times, and double reset assersion will cause.
This patch defines the counter that has the number of DAIs at first, and
whenever uniphier_aio_dai_suspend() are called, it decrements the
counter. And only if the counter is zero, it asserts reset lines and
disables clocks.
In the same way, uniphier_aio_dai_resume() are called, it increments the
counter after deasserting reset lines and enabling clocks.
Fixes: 139a34200233 ("ASoC: uniphier: add support for UniPhier AIO CPU DAI driver")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/1566281764-14059-1-git-send-email-hayashi.kunihiko@socionext.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/uniphier/aio-cpu.c | 31 +++++++++++++++++++++----------
sound/soc/uniphier/aio.h | 1 +
2 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/sound/soc/uniphier/aio-cpu.c b/sound/soc/uniphier/aio-cpu.c
index ee90e6c3937ce..2ae582a99b636 100644
--- a/sound/soc/uniphier/aio-cpu.c
+++ b/sound/soc/uniphier/aio-cpu.c
@@ -424,8 +424,11 @@ int uniphier_aio_dai_suspend(struct snd_soc_dai *dai)
{
struct uniphier_aio *aio = uniphier_priv(dai);
- reset_control_assert(aio->chip->rst);
- clk_disable_unprepare(aio->chip->clk);
+ aio->chip->num_wup_aios--;
+ if (!aio->chip->num_wup_aios) {
+ reset_control_assert(aio->chip->rst);
+ clk_disable_unprepare(aio->chip->clk);
+ }
return 0;
}
@@ -439,13 +442,15 @@ int uniphier_aio_dai_resume(struct snd_soc_dai *dai)
if (!aio->chip->active)
return 0;
- ret = clk_prepare_enable(aio->chip->clk);
- if (ret)
- return ret;
+ if (!aio->chip->num_wup_aios) {
+ ret = clk_prepare_enable(aio->chip->clk);
+ if (ret)
+ return ret;
- ret = reset_control_deassert(aio->chip->rst);
- if (ret)
- goto err_out_clock;
+ ret = reset_control_deassert(aio->chip->rst);
+ if (ret)
+ goto err_out_clock;
+ }
aio_iecout_set_enable(aio->chip, true);
aio_chip_init(aio->chip);
@@ -458,7 +463,7 @@ int uniphier_aio_dai_resume(struct snd_soc_dai *dai)
ret = aio_init(sub);
if (ret)
- goto err_out_clock;
+ goto err_out_reset;
if (!sub->setting)
continue;
@@ -466,11 +471,16 @@ int uniphier_aio_dai_resume(struct snd_soc_dai *dai)
aio_port_reset(sub);
aio_src_reset(sub);
}
+ aio->chip->num_wup_aios++;
return 0;
+err_out_reset:
+ if (!aio->chip->num_wup_aios)
+ reset_control_assert(aio->chip->rst);
err_out_clock:
- clk_disable_unprepare(aio->chip->clk);
+ if (!aio->chip->num_wup_aios)
+ clk_disable_unprepare(aio->chip->clk);
return ret;
}
@@ -619,6 +629,7 @@ int uniphier_aio_probe(struct platform_device *pdev)
return PTR_ERR(chip->rst);
chip->num_aios = chip->chip_spec->num_dais;
+ chip->num_wup_aios = chip->num_aios;
chip->aios = devm_kcalloc(dev,
chip->num_aios, sizeof(struct uniphier_aio),
GFP_KERNEL);
diff --git a/sound/soc/uniphier/aio.h b/sound/soc/uniphier/aio.h
index ca6ccbae0ee8c..a7ff7e556429b 100644
--- a/sound/soc/uniphier/aio.h
+++ b/sound/soc/uniphier/aio.h
@@ -285,6 +285,7 @@ struct uniphier_aio_chip {
struct uniphier_aio *aios;
int num_aios;
+ int num_wup_aios;
struct uniphier_aio_pll *plls;
int num_plls;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 116/313] powerpc/Makefile: Always pass --synthetic to nm if supported
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (113 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 115/313] ASoC: uniphier: Fix double reset assersion when transitioning to suspend state Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 117/313] tools headers: Fixup bitsperlong per arch includes Greg Kroah-Hartman
` (201 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Will Deacon,
Sasha Levin, Peter Collingbourne
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 117acf5c29dd89e4c86761c365b9724dba0d9763 ]
Back in 2004 we added logic to arch/ppc64/Makefile to pass
the --synthetic option to nm, if it was supported by nm.
Then in 2005 when arch/ppc64 and arch/ppc were merged, the logic to
add --synthetic was moved inside an #ifdef CONFIG_PPC64 block within
arch/powerpc/Makefile, and has remained there since.
That was fine, though crufty, until recently when a change to
init/Kconfig added a config time check that uses $(NM). On powerpc
that leads to an infinite loop because Kconfig uses $(NM) to calculate
some values, then the powerpc Makefile changes $(NM), which Kconfig
notices and restarts.
The original commit that added --synthetic simply said:
On new toolchains we need to use nm --synthetic or we miss code
symbols.
And the nm man page says that the --synthetic option causes nm to:
Include synthetic symbols in the output. These are special symbols
created by the linker for various purposes.
So it seems safe to always pass --synthetic if nm supports it, ie. on
32-bit and 64-bit, it just means 32-bit kernels might have more
symbols reported (and in practice I see no extra symbols). Making it
unconditional avoids the #ifdef CONFIG_PPC64, which in turn avoids the
infinite loop.
Debugged-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Makefile | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index c345b79414a96..403f7e193833a 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -39,13 +39,11 @@ endif
uname := $(shell uname -m)
KBUILD_DEFCONFIG := $(if $(filter ppc%,$(uname)),$(uname),ppc64)_defconfig
-ifdef CONFIG_PPC64
new_nm := $(shell if $(NM) --help 2>&1 | grep -- '--synthetic' > /dev/null; then echo y; else echo n; fi)
ifeq ($(new_nm),y)
NM := $(NM) --synthetic
endif
-endif
# BITS is used as extension for files which are available in a 32 bit
# and a 64 bit version to simplify shared Makefiles.
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 117/313] tools headers: Fixup bitsperlong per arch includes
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (114 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 116/313] powerpc/Makefile: Always pass --synthetic to nm if supported Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 118/313] ASoC: sun4i-i2s: Dont use the oversample to calculate BCLK Greg Kroah-Hartman
` (200 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
Namhyung Kim, Arnaldo Carvalho de Melo, Sasha Levin
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 42fc2e9ef9603a7948aaa4ffd8dfb94b30294ad8 ]
We were getting the file by luck, from one of the paths in -I, fix it to
get it from the proper place:
$ cd tools/include/uapi/asm/
[acme@quaco asm]$ grep include bitsperlong.h
#include "../../arch/x86/include/uapi/asm/bitsperlong.h"
#include "../../arch/arm64/include/uapi/asm/bitsperlong.h"
#include "../../arch/powerpc/include/uapi/asm/bitsperlong.h"
#include "../../arch/s390/include/uapi/asm/bitsperlong.h"
#include "../../arch/sparc/include/uapi/asm/bitsperlong.h"
#include "../../arch/mips/include/uapi/asm/bitsperlong.h"
#include "../../arch/ia64/include/uapi/asm/bitsperlong.h"
#include "../../arch/riscv/include/uapi/asm/bitsperlong.h"
#include "../../arch/alpha/include/uapi/asm/bitsperlong.h"
#include <asm-generic/bitsperlong.h>
$ ls -la ../../arch/x86/include/uapi/asm/bitsperlong.h
ls: cannot access '../../arch/x86/include/uapi/asm/bitsperlong.h': No such file or directory
$ ls -la ../../../arch/*/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 237 ../../../arch/alpha/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 841 ../../../arch/arm64/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 966 ../../../arch/hexagon/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 234 ../../../arch/ia64/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 100 ../../../arch/microblaze/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 244 ../../../arch/mips/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 352 ../../../arch/parisc/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 312 ../../../arch/powerpc/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 353 ../../../arch/riscv/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 292 ../../../arch/s390/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 323 ../../../arch/sparc/include/uapi/asm/bitsperlong.h
-rw-rw-r--. 1 320 ../../../arch/x86/include/uapi/asm/bitsperlong.h
$
Found while fixing some other problem, before it was escaping the
tools/ chroot and using stuff in the kernel sources:
CC /tmp/build/perf/util/find_bit.o
In file included from /git/linux/tools/include/../../arch/x86/include/uapi/asm/bitsperlong.h:11,
from /git/linux/tools/include/uapi/asm/bitsperlong.h:3,
from /git/linux/tools/include/linux/bits.h:6,
from /git/linux/tools/include/linux/bitops.h:13,
from ../lib/find_bit.c:17:
# cd /git/linux/tools/include/../../arch/x86/include/uapi/asm/
# pwd
/git/linux/arch/x86/include/uapi/asm
#
Now it is getting the one we want it to, i.e. the one inside tools/:
CC /tmp/build/perf/util/find_bit.o
In file included from /git/linux/tools/arch/x86/include/uapi/asm/bitsperlong.h:11,
from /git/linux/tools/include/linux/bits.h:6,
from /git/linux/tools/include/linux/bitops.h:13,
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lkml.kernel.org/n/tip-8f8cfqywmf6jk8a3ucr0ixhu@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/include/uapi/asm/bitsperlong.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/tools/include/uapi/asm/bitsperlong.h b/tools/include/uapi/asm/bitsperlong.h
index 57aaeaf8e1920..edba4d93e9e6a 100644
--- a/tools/include/uapi/asm/bitsperlong.h
+++ b/tools/include/uapi/asm/bitsperlong.h
@@ -1,22 +1,22 @@
/* SPDX-License-Identifier: GPL-2.0 */
#if defined(__i386__) || defined(__x86_64__)
-#include "../../arch/x86/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/x86/include/uapi/asm/bitsperlong.h"
#elif defined(__aarch64__)
-#include "../../arch/arm64/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/arm64/include/uapi/asm/bitsperlong.h"
#elif defined(__powerpc__)
-#include "../../arch/powerpc/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/powerpc/include/uapi/asm/bitsperlong.h"
#elif defined(__s390__)
-#include "../../arch/s390/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/s390/include/uapi/asm/bitsperlong.h"
#elif defined(__sparc__)
-#include "../../arch/sparc/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/sparc/include/uapi/asm/bitsperlong.h"
#elif defined(__mips__)
-#include "../../arch/mips/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/mips/include/uapi/asm/bitsperlong.h"
#elif defined(__ia64__)
-#include "../../arch/ia64/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/ia64/include/uapi/asm/bitsperlong.h"
#elif defined(__riscv)
-#include "../../arch/riscv/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/riscv/include/uapi/asm/bitsperlong.h"
#elif defined(__alpha__)
-#include "../../arch/alpha/include/uapi/asm/bitsperlong.h"
+#include "../../../arch/alpha/include/uapi/asm/bitsperlong.h"
#else
#include <asm-generic/bitsperlong.h>
#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 118/313] ASoC: sun4i-i2s: Dont use the oversample to calculate BCLK
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (115 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 117/313] tools headers: Fixup bitsperlong per arch includes Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 119/313] ASoC: mchp-i2s-mcc: Wait for RX/TX RDY only if controller is running Greg Kroah-Hartman
` (199 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Mark Brown, Sasha Levin
From: Maxime Ripard <maxime.ripard@bootlin.com>
[ Upstream commit 7df8f9a20196072162d9dc8fe99943f2d35f23d5 ]
The BCLK divider should be calculated using the parameters that actually
make the BCLK rate: the number of channels, the sampling rate and the
sample width.
We've been using the oversample_rate previously because in the former SoCs,
the BCLK's parent is MCLK, which in turn is being used to generate the
oversample rate, so we end up with something like this:
oversample = mclk_rate / sampling_rate
bclk_div = oversample / word_size / channels
So, bclk_div = mclk_rate / sampling_rate / word_size / channels.
And this is actually better, since the oversampling ratio only plays a role
because the MCLK is its parent, not because of what BCLK is supposed to be.
Furthermore, that assumption of MCLK being the parent has been broken on
newer SoCs, so let's use the proper formula, and have the parent rate as an
argument.
Fixes: 7d2993811a1e ("ASoC: sun4i-i2s: Add support for H3")
Fixes: 21faaea1343f ("ASoC: sun4i-i2s: Add support for A83T")
Fixes: 66ecce332538 ("ASoC: sun4i-i2s: Add compatibility with A64 codec I2S")
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Link: https://lore.kernel.org/r/c3595e3a9788c2ef2dcc30aa3c8c4953bb5cc249.1566242458.git-series.maxime.ripard@bootlin.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sunxi/sun4i-i2s.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/sound/soc/sunxi/sun4i-i2s.c b/sound/soc/sunxi/sun4i-i2s.c
index fd7c37596f21a..1d946a1927088 100644
--- a/sound/soc/sunxi/sun4i-i2s.c
+++ b/sound/soc/sunxi/sun4i-i2s.c
@@ -219,10 +219,11 @@ static const struct sun4i_i2s_clk_div sun4i_i2s_mclk_div[] = {
};
static int sun4i_i2s_get_bclk_div(struct sun4i_i2s *i2s,
- unsigned int oversample_rate,
+ unsigned long parent_rate,
+ unsigned int sampling_rate,
unsigned int word_size)
{
- int div = oversample_rate / word_size / 2;
+ int div = parent_rate / sampling_rate / word_size / 2;
int i;
for (i = 0; i < ARRAY_SIZE(sun4i_i2s_bclk_div); i++) {
@@ -312,8 +313,8 @@ static int sun4i_i2s_set_clk_rate(struct snd_soc_dai *dai,
return -EINVAL;
}
- bclk_div = sun4i_i2s_get_bclk_div(i2s, oversample_rate,
- word_size);
+ bclk_div = sun4i_i2s_get_bclk_div(i2s, i2s->mclk_freq,
+ rate, word_size);
if (bclk_div < 0) {
dev_err(dai->dev, "Unsupported BCLK divider: %d\n", bclk_div);
return -EINVAL;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 119/313] ASoC: mchp-i2s-mcc: Wait for RX/TX RDY only if controller is running
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (116 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 118/313] ASoC: sun4i-i2s: Dont use the oversample to calculate BCLK Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 120/313] led: triggers: Fix a memory leak bug Greg Kroah-Hartman
` (198 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Codrin Ciubotariu, Mark Brown, Sasha Levin
From: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
[ Upstream commit 0f6fc97501b790c971b11b52a654009d21c45238 ]
Since hw_free() can be called multiple times and not just after a stop
trigger command, we should check whether the RX or TX ready interrupt was
truly enabled previously. For this, we assure that the condition of the
wait event is always true, except when RX/TX interrupts are enabled.
Fixes: 7e0cdf545a55 ("ASoC: mchp-i2s-mcc: add driver for I2SC Multi-Channel Controller")
Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Link: https://lore.kernel.org/r/20190820162411.24836-3-codrin.ciubotariu@microchip.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/atmel/mchp-i2s-mcc.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/sound/soc/atmel/mchp-i2s-mcc.c b/sound/soc/atmel/mchp-i2s-mcc.c
index 86495883ca3f1..8272915fa09b9 100644
--- a/sound/soc/atmel/mchp-i2s-mcc.c
+++ b/sound/soc/atmel/mchp-i2s-mcc.c
@@ -686,22 +686,24 @@ static int mchp_i2s_mcc_hw_free(struct snd_pcm_substream *substream,
err = wait_event_interruptible_timeout(dev->wq_txrdy,
dev->tx_rdy,
msecs_to_jiffies(500));
+ if (err == 0) {
+ dev_warn_once(dev->dev,
+ "Timeout waiting for Tx ready\n");
+ regmap_write(dev->regmap, MCHP_I2SMCC_IDRA,
+ MCHP_I2SMCC_INT_TXRDY_MASK(dev->channels));
+ dev->tx_rdy = 1;
+ }
} else {
err = wait_event_interruptible_timeout(dev->wq_rxrdy,
dev->rx_rdy,
msecs_to_jiffies(500));
- }
-
- if (err == 0) {
- u32 idra;
-
- dev_warn_once(dev->dev, "Timeout waiting for %s\n",
- is_playback ? "Tx ready" : "Rx ready");
- if (is_playback)
- idra = MCHP_I2SMCC_INT_TXRDY_MASK(dev->channels);
- else
- idra = MCHP_I2SMCC_INT_RXRDY_MASK(dev->channels);
- regmap_write(dev->regmap, MCHP_I2SMCC_IDRA, idra);
+ if (err == 0) {
+ dev_warn_once(dev->dev,
+ "Timeout waiting for Rx ready\n");
+ regmap_write(dev->regmap, MCHP_I2SMCC_IDRA,
+ MCHP_I2SMCC_INT_RXRDY_MASK(dev->channels));
+ dev->rx_rdy = 1;
+ }
}
if (!mchp_i2s_mcc_is_running(dev)) {
@@ -809,6 +811,8 @@ static int mchp_i2s_mcc_dai_probe(struct snd_soc_dai *dai)
init_waitqueue_head(&dev->wq_txrdy);
init_waitqueue_head(&dev->wq_rxrdy);
+ dev->tx_rdy = 1;
+ dev->rx_rdy = 1;
snd_soc_dai_init_dma_data(dai, &dev->playback, &dev->capture);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 120/313] led: triggers: Fix a memory leak bug
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (117 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 119/313] ASoC: mchp-i2s-mcc: Wait for RX/TX RDY only if controller is running Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 121/313] ASoC: mchp-i2s-mcc: Fix unprepare of GCLK Greg Kroah-Hartman
` (197 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Pavel Machek,
Jacek Anaszewski, Sasha Levin
From: Wenwen Wang <wenwen@cs.uga.edu>
[ Upstream commit 60e2dde1e91ae0addb21ac380cc36ebee7534e49 ]
In led_trigger_set(), 'event' is allocated in kasprintf(). However, it is
not deallocated in the following execution if the label 'err_activate' or
'err_add_groups' is entered, leading to memory leaks. To fix this issue,
free 'event' before returning the error.
Fixes: 52c47742f79d ("leds: triggers: send uevent when changing triggers")
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/led-triggers.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c
index 8d11a5e232271..eff1bda8b5200 100644
--- a/drivers/leds/led-triggers.c
+++ b/drivers/leds/led-triggers.c
@@ -173,6 +173,7 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig)
list_del(&led_cdev->trig_list);
write_unlock_irqrestore(&led_cdev->trigger->leddev_list_lock, flags);
led_set_brightness(led_cdev, LED_OFF);
+ kfree(event);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 121/313] ASoC: mchp-i2s-mcc: Fix unprepare of GCLK
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (118 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 120/313] led: triggers: Fix a memory leak bug Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 122/313] nbd: add missing config put Greg Kroah-Hartman
` (196 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Codrin Ciubotariu, Mark Brown, Sasha Levin
From: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
[ Upstream commit 988b59467b2b14523a266957affbe9eca3e99fc9 ]
If hw_free() gets called after hw_params(), GCLK remains prepared,
preventing further use of it. This patch fixes this by unpreparing the
clock in hw_free() or if hw_params() gets an error.
Fixes: 7e0cdf545a55 ("ASoC: mchp-i2s-mcc: add driver for I2SC Multi-Channel Controller")
Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Link: https://lore.kernel.org/r/20190820162411.24836-2-codrin.ciubotariu@microchip.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/atmel/mchp-i2s-mcc.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/sound/soc/atmel/mchp-i2s-mcc.c b/sound/soc/atmel/mchp-i2s-mcc.c
index 8272915fa09b9..ab7d5f98e759e 100644
--- a/sound/soc/atmel/mchp-i2s-mcc.c
+++ b/sound/soc/atmel/mchp-i2s-mcc.c
@@ -670,8 +670,13 @@ static int mchp_i2s_mcc_hw_params(struct snd_pcm_substream *substream,
}
ret = regmap_write(dev->regmap, MCHP_I2SMCC_MRA, mra);
- if (ret < 0)
+ if (ret < 0) {
+ if (dev->gclk_use) {
+ clk_unprepare(dev->gclk);
+ dev->gclk_use = 0;
+ }
return ret;
+ }
return regmap_write(dev->regmap, MCHP_I2SMCC_MRB, mrb);
}
@@ -710,9 +715,13 @@ static int mchp_i2s_mcc_hw_free(struct snd_pcm_substream *substream,
regmap_write(dev->regmap, MCHP_I2SMCC_CR, MCHP_I2SMCC_CR_CKDIS);
if (dev->gclk_running) {
- clk_disable_unprepare(dev->gclk);
+ clk_disable(dev->gclk);
dev->gclk_running = 0;
}
+ if (dev->gclk_use) {
+ clk_unprepare(dev->gclk);
+ dev->gclk_use = 0;
+ }
}
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 122/313] nbd: add missing config put
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (119 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 121/313] ASoC: mchp-i2s-mcc: Fix unprepare of GCLK Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 123/313] ACPI / APEI: Release resources if gen_pool_add() fails Greg Kroah-Hartman
` (195 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Mike Christie,
Jens Axboe, Sasha Levin
From: Mike Christie <mchristi@redhat.com>
[ Upstream commit 887e975c4172d0d5670c39ead2f18ba1e4ec8133 ]
Fix bug added with the patch:
commit 8f3ea35929a0806ad1397db99a89ffee0140822a
Author: Josef Bacik <josef@toxicpanda.com>
Date: Mon Jul 16 12:11:35 2018 -0400
nbd: handle unexpected replies better
where if the timeout handler runs when the completion path is and we fail
to grab the mutex in the timeout handler we will leave a config reference
and cannot free the config later.
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Mike Christie <mchristi@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 57aebc6e1c288..5d5e52c6509ce 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -355,8 +355,10 @@ static enum blk_eh_timer_return nbd_xmit_timeout(struct request *req,
}
config = nbd->config;
- if (!mutex_trylock(&cmd->lock))
+ if (!mutex_trylock(&cmd->lock)) {
+ nbd_config_put(nbd);
return BLK_EH_RESET_TIMER;
+ }
if (config->num_connections > 1) {
dev_err_ratelimited(nbd_to_dev(nbd),
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 123/313] ACPI / APEI: Release resources if gen_pool_add() fails
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (120 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 122/313] nbd: add missing config put Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-04 10:05 ` Pavel Machek
2019-10-03 15:51 ` [PATCH 5.2 124/313] arm64: entry: Move ct_user_exit before any other exception Greg Kroah-Hartman
` (194 subsequent siblings)
316 siblings, 1 reply; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liguang Zhang, Borislav Petkov,
Rafael J. Wysocki, Sasha Levin
From: Liguang Zhang <zhangliguang@linux.alibaba.com>
[ Upstream commit 6abc7622271dc520f241462e2474c71723638851 ]
Destroy ghes_estatus_pool and release memory allocated via vmalloc() on
errors in ghes_estatus_pool_init() in order to avoid memory leaks.
[ bp: do the labels properly and with descriptive names and massage. ]
Signed-off-by: Liguang Zhang <zhangliguang@linux.alibaba.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/1563173924-47479-1-git-send-email-zhangliguang@linux.alibaba.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/apei/ghes.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
index 993940d582f50..6875bf629f16e 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
@@ -153,6 +153,7 @@ static void ghes_unmap(void __iomem *vaddr, enum fixed_addresses fixmap_idx)
int ghes_estatus_pool_init(int num_ghes)
{
unsigned long addr, len;
+ int rc;
ghes_estatus_pool = gen_pool_create(GHES_ESTATUS_POOL_MIN_ALLOC_ORDER, -1);
if (!ghes_estatus_pool)
@@ -164,7 +165,7 @@ int ghes_estatus_pool_init(int num_ghes)
ghes_estatus_pool_size_request = PAGE_ALIGN(len);
addr = (unsigned long)vmalloc(PAGE_ALIGN(len));
if (!addr)
- return -ENOMEM;
+ goto err_pool_alloc;
/*
* New allocation must be visible in all pgd before it can be found by
@@ -172,7 +173,19 @@ int ghes_estatus_pool_init(int num_ghes)
*/
vmalloc_sync_all();
- return gen_pool_add(ghes_estatus_pool, addr, PAGE_ALIGN(len), -1);
+ rc = gen_pool_add(ghes_estatus_pool, addr, PAGE_ALIGN(len), -1);
+ if (rc)
+ goto err_pool_add;
+
+ return 0;
+
+err_pool_add:
+ vfree((void *)addr);
+
+err_pool_alloc:
+ gen_pool_destroy(ghes_estatus_pool);
+
+ return -ENOMEM;
}
static int map_gen_v2(struct ghes *ghes)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 124/313] arm64: entry: Move ct_user_exit before any other exception
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (121 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 123/313] ACPI / APEI: Release resources if gen_pool_add() fails Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 125/313] s390/kasan: provide uninstrumented __strlen Greg Kroah-Hartman
` (193 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu, James Morse,
Will Deacon, Sasha Levin
From: James Morse <james.morse@arm.com>
[ Upstream commit 2671828c3ff4ffadf777f793a1f3232d6e51394a ]
When taking an SError or Debug exception from EL0, we run the C
handler for these exceptions before updating the context tracking
code and unmasking lower priority interrupts.
When booting with nohz_full lockdep tells us we got this wrong:
| =============================
| WARNING: suspicious RCU usage
| 5.3.0-rc2-00010-gb4b5e9dcb11b-dirty #11271 Not tainted
| -----------------------------
| include/linux/rcupdate.h:643 rcu_read_unlock() used illegally wh!
|
| other info that might help us debug this:
|
|
| RCU used illegally from idle CPU!
| rcu_scheduler_active = 2, debug_locks = 1
| RCU used illegally from extended quiescent state!
| 1 lock held by a.out/432:
| #0: 00000000c7a79515 (rcu_read_lock){....}, at: brk_handler+0x00
|
| stack backtrace:
| CPU: 1 PID: 432 Comm: a.out Not tainted 5.3.0-rc2-00010-gb4b5e9d1
| Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno De8
| Call trace:
| dump_backtrace+0x0/0x140
| show_stack+0x14/0x20
| dump_stack+0xbc/0x104
| lockdep_rcu_suspicious+0xf8/0x108
| brk_handler+0x164/0x1b0
| do_debug_exception+0x11c/0x278
| el0_dbg+0x14/0x20
Moving the ct_user_exit calls to be before do_debug_exception() means
they are also before trace_hardirqs_off() has been updated. Add a new
ct_user_exit_irqoff macro to avoid the context-tracking code using
irqsave/restore before we've updated trace_hardirqs_off(). To be
consistent, do this everywhere.
The C helper is called enter_from_user_mode() to match x86 in the hope
we can merge them into kernel/context_tracking.c later.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Fixes: 6c81fe7925cc4c42 ("arm64: enable context tracking")
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/exception.h | 2 ++
arch/arm64/kernel/entry.S | 36 ++++++++++++++++--------------
arch/arm64/kernel/traps.c | 9 ++++++++
3 files changed, 30 insertions(+), 17 deletions(-)
diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h
index ed57b760f38cf..a17393ff66774 100644
--- a/arch/arm64/include/asm/exception.h
+++ b/arch/arm64/include/asm/exception.h
@@ -30,4 +30,6 @@ static inline u32 disr_to_esr(u64 disr)
return esr;
}
+asmlinkage void enter_from_user_mode(void);
+
#endif /* __ASM_EXCEPTION_H */
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 320a30dbe35ef..84a822748c84e 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -30,9 +30,9 @@
* Context tracking subsystem. Used to instrument transitions
* between user and kernel mode.
*/
- .macro ct_user_exit
+ .macro ct_user_exit_irqoff
#ifdef CONFIG_CONTEXT_TRACKING
- bl context_tracking_user_exit
+ bl enter_from_user_mode
#endif
.endm
@@ -792,8 +792,8 @@ el0_cp15:
/*
* Trapped CP15 (MRC, MCR, MRRC, MCRR) instructions
*/
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
mov x0, x25
mov x1, sp
bl do_cp15instr
@@ -805,8 +805,8 @@ el0_da:
* Data abort handling
*/
mrs x26, far_el1
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
clear_address_tag x0, x26
mov x1, x25
mov x2, sp
@@ -818,11 +818,11 @@ el0_ia:
*/
mrs x26, far_el1
gic_prio_kentry_setup tmp=x0
+ ct_user_exit_irqoff
enable_da_f
#ifdef CONFIG_TRACE_IRQFLAGS
bl trace_hardirqs_off
#endif
- ct_user_exit
mov x0, x26
mov x1, x25
mov x2, sp
@@ -832,8 +832,8 @@ el0_fpsimd_acc:
/*
* Floating Point or Advanced SIMD access
*/
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
mov x0, x25
mov x1, sp
bl do_fpsimd_acc
@@ -842,8 +842,8 @@ el0_sve_acc:
/*
* Scalable Vector Extension access
*/
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
mov x0, x25
mov x1, sp
bl do_sve_acc
@@ -852,8 +852,8 @@ el0_fpsimd_exc:
/*
* Floating Point, Advanced SIMD or SVE exception
*/
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
mov x0, x25
mov x1, sp
bl do_fpsimd_exc
@@ -868,11 +868,11 @@ el0_sp_pc:
* Stack or PC alignment exception handling
*/
gic_prio_kentry_setup tmp=x0
+ ct_user_exit_irqoff
enable_da_f
#ifdef CONFIG_TRACE_IRQFLAGS
bl trace_hardirqs_off
#endif
- ct_user_exit
mov x0, x26
mov x1, x25
mov x2, sp
@@ -882,8 +882,8 @@ el0_undef:
/*
* Undefined instruction
*/
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
mov x0, sp
bl do_undefinstr
b ret_to_user
@@ -891,8 +891,8 @@ el0_sys:
/*
* System instructions, for trapped cache maintenance instructions
*/
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
mov x0, x25
mov x1, sp
bl do_sysinstr
@@ -902,17 +902,18 @@ el0_dbg:
* Debug exception handling
*/
tbnz x24, #0, el0_inv // EL0 only
+ mrs x24, far_el1
gic_prio_kentry_setup tmp=x3
- mrs x0, far_el1
+ ct_user_exit_irqoff
+ mov x0, x24
mov x1, x25
mov x2, sp
bl do_debug_exception
enable_da_f
- ct_user_exit
b ret_to_user
el0_inv:
+ ct_user_exit_irqoff
enable_daif
- ct_user_exit
mov x0, sp
mov x1, #BAD_SYNC
mov x2, x25
@@ -925,13 +926,13 @@ el0_irq:
kernel_entry 0
el0_irq_naked:
gic_prio_irq_setup pmr=x20, tmp=x0
+ ct_user_exit_irqoff
enable_da_f
#ifdef CONFIG_TRACE_IRQFLAGS
bl trace_hardirqs_off
#endif
- ct_user_exit
#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
tbz x22, #55, 1f
bl do_el0_irq_bp_hardening
@@ -958,13 +959,14 @@ ENDPROC(el1_error)
el0_error:
kernel_entry 0
el0_error_naked:
- mrs x1, esr_el1
+ mrs x25, esr_el1
gic_prio_kentry_setup tmp=x2
+ ct_user_exit_irqoff
enable_dbg
mov x0, sp
+ mov x1, x25
bl do_serror
enable_da_f
- ct_user_exit
b ret_to_user
ENDPROC(el0_error)
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index 985721a1264c9..b6706a8860371 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -7,9 +7,11 @@
*/
#include <linux/bug.h>
+#include <linux/context_tracking.h>
#include <linux/signal.h>
#include <linux/personality.h>
#include <linux/kallsyms.h>
+#include <linux/kprobes.h>
#include <linux/spinlock.h>
#include <linux/uaccess.h>
#include <linux/hardirq.h>
@@ -905,6 +907,13 @@ asmlinkage void do_serror(struct pt_regs *regs, unsigned int esr)
nmi_exit();
}
+asmlinkage void enter_from_user_mode(void)
+{
+ CT_WARN_ON(ct_state() != CONTEXT_USER);
+ user_exit_irqoff();
+}
+NOKPROBE_SYMBOL(enter_from_user_mode);
+
void __pte_error(const char *file, int line, unsigned long val)
{
pr_err("%s:%d: bad pte %016lx.\n", file, line, val);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 125/313] s390/kasan: provide uninstrumented __strlen
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (122 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 124/313] arm64: entry: Move ct_user_exit before any other exception Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 126/313] media: mceusb: fix (eliminate) TX IR signal length limit Greg Kroah-Hartman
` (192 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilya Leoshkevich, Vasily Gorbik, Sasha Levin
From: Vasily Gorbik <gor@linux.ibm.com>
[ Upstream commit f45f7b5bdaa4828ce871cf03f7c01599a0de57a5 ]
s390 kasan code uses sclp_early_printk to report initialization
failures. The code doing that should not be instrumented, because kasan
shadow memory has not been set up yet. Even though sclp_early_core.c is
compiled with instrumentation disabled it uses strlen function, which
is instrumented and would produce shadow memory access if used. To
avoid that, introduce uninstrumented __strlen function to be used
instead.
Before commit 7e0d92f00246 ("s390/kasan: improve string/memory functions
checks") few string functions (including strlen) were escaping kasan
instrumentation due to usage of platform specific versions which are
implemented in inline assembly.
Fixes: 7e0d92f00246 ("s390/kasan: improve string/memory functions checks")
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/string.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/s390/include/asm/string.h b/arch/s390/include/asm/string.h
index 70d87db54e627..4c0690fc5167e 100644
--- a/arch/s390/include/asm/string.h
+++ b/arch/s390/include/asm/string.h
@@ -71,11 +71,16 @@ extern void *__memmove(void *dest, const void *src, size_t n);
#define memcpy(dst, src, len) __memcpy(dst, src, len)
#define memmove(dst, src, len) __memmove(dst, src, len)
#define memset(s, c, n) __memset(s, c, n)
+#define strlen(s) __strlen(s)
+
+#define __no_sanitize_prefix_strfunc(x) __##x
#ifndef __NO_FORTIFY
#define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */
#endif
+#else
+#define __no_sanitize_prefix_strfunc(x) x
#endif /* defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__) */
void *__memset16(uint16_t *s, uint16_t v, size_t count);
@@ -163,8 +168,8 @@ static inline char *strcpy(char *dst, const char *src)
}
#endif
-#ifdef __HAVE_ARCH_STRLEN
-static inline size_t strlen(const char *s)
+#if defined(__HAVE_ARCH_STRLEN) || (defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__))
+static inline size_t __no_sanitize_prefix_strfunc(strlen)(const char *s)
{
register unsigned long r0 asm("0") = 0;
const char *tmp = s;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 126/313] media: mceusb: fix (eliminate) TX IR signal length limit
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (123 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 125/313] s390/kasan: provide uninstrumented __strlen Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 127/313] media: dvb-frontends: use ida for pll number Greg Kroah-Hartman
` (191 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, A Sun, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
From: A Sun <as1033x@comcast.net>
[ Upstream commit 9fc3ce31f5bde660197f35135e90a1cced58aa2c ]
Fix and eliminate mceusb's IR length limit for IR signals transmitted to
the MCE IR blaster ports.
An IR signal TX exceeding 306 pulse/space samples presently causes -EINVAL
return error. There's no such limitation nor error with the MCE device
hardware. And valid IR signals exist with more than 400 pulse/space for the
control of certain appliances (eg Panasonic ACXA75C00600 air conditioner).
The scope of this patch is limited to the mceusb driver. There are still
IR signal TX length and time constraints that related modules of rc core
(eg LIRC) impose, further up the driver stack.
Changes for mceusb_tx_ir():
Converts and sends LIRC IR pulse/space sequence to MCE device IR
pulse/space format.
Break long length LIRC sequence into multiple (unlimited number of) parts
for sending to the MCE device.
Reduce kernel stack IR buffer size: 128 (was 384)
Increase MCE IR data packet size: 31 (was 5)
Zero time LIRC pulse/space no longer copied to MCE IR data.
Eliminate overwriting the source/input LIRC IR data in txbuf[].
Eliminate -EINVAL return; return number of IR samples sent (>0) or
MCE write error code (<0).
New mce_write() and mce_write_callback():
Implements synchronous blocking I/O, with timeout, for writing/sending
data to the MCE device.
An unlimited multipart IR signal sent to the MCE device faster than real
time requires flow control absent with the original mce_request_packet()
and mce_async_callback() asynchronous I/O implementation. Also absent is
TX error feedback.
mce_write() combines and replaces mce_request_packet() and
mce_async_callback() with conversion to synchronous I/O.
mce_write() returns bytes sent (>0) or MCE device write error (<0).
Debug hex dump TX data before processing.
Rename mce_async_out() -> mce_command_out():
The original name is misleading with underlying synchronous I/O
implementation. Function renamed to mce_command_out().
Changes in mceusb_handle_command():
Add support for MCE device error case MCE_RSP_TX_TIMEOUT
"IR TX timeout (TX buffer underrun)"
Changes in mceusb_dev_printdata():
Changes support test and debug of multipart TX IR.
Add buffer boundary information (offset and buffer size) to TX hex dump.
Correct TX trace bug "Raw IR data, 0 pulse/space samples"
Add trace for MCE_RSP_TX_TIMEOUT "IR TX timeout (TX buffer underrun)"
Other changes:
The driver's write to USB device architecture change (async to sync I/O)
is significant so we bump DRIVER_VERSION to "1.95" (from "1.94").
Tests:
$ cat -n irdata1 | head -3
1 carrier 36000
2 pulse 6350
3 space 6350
$ cat -n irdata1 | tail -3
76 pulse 6350
77 space 6350
78 pulse 6350
$ ir-ctl -s irdata1
[1549021.073612] mceusb 1-1.3:1.0: requesting 36000 HZ carrier
[1549021.073635] mceusb 1-1.3:1.0: tx data[0]: 9f 06 01 45 (len=4 sz=4)
[1549021.073649] mceusb 1-1.3:1.0: Request carrier of 35714 Hz (period 28us)
[1549021.073848] mceusb 1-1.3:1.0: tx done status = 4 (wait = 100, expire = 100 (1000ms), urb->actual_length = 4, urb->status = 0)
[1549021.074689] mceusb 1-1.3:1.0: rx data[0]: 9f 06 01 45 (len=4 sz=4)
[1549021.074701] mceusb 1-1.3:1.0: Got carrier of 35714 Hz (period 28us)
[1549021.102023] mceusb 1-1.3:1.0: tx data[0]: 9f 08 03 (len=3 sz=3)
[1549021.102036] mceusb 1-1.3:1.0: Request transmit blaster mask of 0x03
[1549021.102219] mceusb 1-1.3:1.0: tx done status = 3 (wait = 100, expire = 100 (1000ms), urb->actual_length = 3, urb->status = 0)
[1549021.131979] mceusb 1-1.3:1.0: tx data[0]: 9e ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f 9e ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f ff 7f 91 ff (len=81 sz=81)
[1549021.131992] mceusb 1-1.3:1.0: Raw IR data, 30 pulse/space samples
[1549021.133592] mceusb 1-1.3:1.0: tx done status = 81 (wait = 100, expire = 100 (1000ms), urb->actual_length = 81, urb->status = 0)
Hex dumps limited to 64 bytes.
0xff is MCE maximum time pulse, 0x7f is MCE maximum time space.
$ cat -n irdata2 | head -3
1 carrier 36000
2 pulse 50
3 space 50
$ cat -n irdata2 | tail -3
254 pulse 50
255 space 50
256 pulse 50
$ ir-ctl -s irdata2
[1549306.586998] mceusb 1-1.3:1.0: tx data[0]: 9f 08 03 (len=3 sz=3)
[1549306.587015] mceusb 1-1.3:1.0: Request transmit blaster mask of 0x03
[1549306.587252] mceusb 1-1.3:1.0: tx done status = 3 (wait = 100, expire = 100 (1000ms), urb->actual_length = 3, urb->status = 0)
[1549306.613275] mceusb 1-1.3:1.0: tx data[0]: 9e 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 9e 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 9e 81 (len=128 sz=128)
[1549306.613291] mceusb 1-1.3:1.0: Raw IR data, 30 pulse/space samples
[1549306.614837] mceusb 1-1.3:1.0: tx done status = 128 (wait = 100, expire = 100 (1000ms), urb->actual_length = 128, urb->status = 0)
[1549306.614861] mceusb 1-1.3:1.0: tx data[0]: 9e 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 9e 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 01 81 9e 01 (len=128 sz=128)
[1549306.614869] mceusb 1-1.3:1.0: Raw IR data, 30 pulse/space samples
[1549306.620199] mceusb 1-1.3:1.0: tx done status = 128 (wait = 100, expire = 100 (1000ms), urb->actual_length = 128, urb->status = 0)
[1549306.620212] mceusb 1-1.3:1.0: tx data[0]: 89 81 01 81 01 81 01 81 01 81 80 (len=11 sz=11)
[1549306.620221] mceusb 1-1.3:1.0: Raw IR data, 9 pulse/space samples
[1549306.633294] mceusb 1-1.3:1.0: tx done status = 11 (wait = 98, expire = 100 (1000ms), urb->actual_length = 11, urb->status = 0)
Hex dumps limited to 64 bytes.
0x81 is MCE minimum time pulse, 0x01 is MCE minimum time space.
TX IR part 3 sz=11 shows 20msec I/O blocking delay
(100expire - 98wait = 2jiffies)
Signed-off-by: A Sun <as1033x@comcast.net>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/mceusb.c | 334 ++++++++++++++++++++++----------------
1 file changed, 196 insertions(+), 138 deletions(-)
diff --git a/drivers/media/rc/mceusb.c b/drivers/media/rc/mceusb.c
index 72862e4bec627..a69e940920159 100644
--- a/drivers/media/rc/mceusb.c
+++ b/drivers/media/rc/mceusb.c
@@ -31,21 +31,22 @@
#include <linux/pm_wakeup.h>
#include <media/rc-core.h>
-#define DRIVER_VERSION "1.94"
+#define DRIVER_VERSION "1.95"
#define DRIVER_AUTHOR "Jarod Wilson <jarod@redhat.com>"
#define DRIVER_DESC "Windows Media Center Ed. eHome Infrared Transceiver " \
"device driver"
#define DRIVER_NAME "mceusb"
+#define USB_TX_TIMEOUT 1000 /* in milliseconds */
#define USB_CTRL_MSG_SZ 2 /* Size of usb ctrl msg on gen1 hw */
#define MCE_G1_INIT_MSGS 40 /* Init messages on gen1 hw to throw out */
/* MCE constants */
-#define MCE_CMDBUF_SIZE 384 /* MCE Command buffer length */
+#define MCE_IRBUF_SIZE 128 /* TX IR buffer length */
#define MCE_TIME_UNIT 50 /* Approx 50us resolution */
-#define MCE_CODE_LENGTH 5 /* Normal length of packet (with header) */
-#define MCE_PACKET_SIZE 4 /* Normal length of packet (without header) */
-#define MCE_IRDATA_HEADER 0x84 /* Actual header format is 0x80 + num_bytes */
+#define MCE_PACKET_SIZE 31 /* Max length of packet (with header) */
+#define MCE_IRDATA_HEADER (0x80 + MCE_PACKET_SIZE - 1)
+ /* Actual format is 0x80 + num_bytes */
#define MCE_IRDATA_TRAILER 0x80 /* End of IR data */
#define MCE_MAX_CHANNELS 2 /* Two transmitters, hardware dependent? */
#define MCE_DEFAULT_TX_MASK 0x03 /* Vals: TX1=0x01, TX2=0x02, ALL=0x03 */
@@ -607,9 +608,9 @@ static void mceusb_dev_printdata(struct mceusb_dev *ir, u8 *buf, int buf_len,
if (len <= skip)
return;
- dev_dbg(dev, "%cx data: %*ph (length=%d)",
- (out ? 't' : 'r'),
- min(len, buf_len - offset), buf + offset, len);
+ dev_dbg(dev, "%cx data[%d]: %*ph (len=%d sz=%d)",
+ (out ? 't' : 'r'), offset,
+ min(len, buf_len - offset), buf + offset, len, buf_len);
inout = out ? "Request" : "Got";
@@ -731,6 +732,9 @@ static void mceusb_dev_printdata(struct mceusb_dev *ir, u8 *buf, int buf_len,
case MCE_RSP_CMD_ILLEGAL:
dev_dbg(dev, "Illegal PORT_IR command");
break;
+ case MCE_RSP_TX_TIMEOUT:
+ dev_dbg(dev, "IR TX timeout (TX buffer underrun)");
+ break;
default:
dev_dbg(dev, "Unknown command 0x%02x 0x%02x",
cmd, subcmd);
@@ -745,13 +749,14 @@ static void mceusb_dev_printdata(struct mceusb_dev *ir, u8 *buf, int buf_len,
dev_dbg(dev, "End of raw IR data");
else if ((cmd != MCE_CMD_PORT_IR) &&
((cmd & MCE_PORT_MASK) == MCE_COMMAND_IRDATA))
- dev_dbg(dev, "Raw IR data, %d pulse/space samples", ir->rem);
+ dev_dbg(dev, "Raw IR data, %d pulse/space samples",
+ cmd & MCE_PACKET_LENGTH_MASK);
#endif
}
/*
* Schedule work that can't be done in interrupt handlers
- * (mceusb_dev_recv() and mce_async_callback()) nor tasklets.
+ * (mceusb_dev_recv() and mce_write_callback()) nor tasklets.
* Invokes mceusb_deferred_kevent() for recovering from
* error events specified by the kevent bit field.
*/
@@ -764,23 +769,80 @@ static void mceusb_defer_kevent(struct mceusb_dev *ir, int kevent)
dev_dbg(ir->dev, "kevent %d scheduled", kevent);
}
-static void mce_async_callback(struct urb *urb)
+static void mce_write_callback(struct urb *urb)
{
- struct mceusb_dev *ir;
- int len;
-
if (!urb)
return;
- ir = urb->context;
+ complete(urb->context);
+}
+
+/*
+ * Write (TX/send) data to MCE device USB endpoint out.
+ * Used for IR blaster TX and MCE device commands.
+ *
+ * Return: The number of bytes written (> 0) or errno (< 0).
+ */
+static int mce_write(struct mceusb_dev *ir, u8 *data, int size)
+{
+ int ret;
+ struct urb *urb;
+ struct device *dev = ir->dev;
+ unsigned char *buf_out;
+ struct completion tx_done;
+ unsigned long expire;
+ unsigned long ret_wait;
+
+ mceusb_dev_printdata(ir, data, size, 0, size, true);
+
+ urb = usb_alloc_urb(0, GFP_KERNEL);
+ if (unlikely(!urb)) {
+ dev_err(dev, "Error: mce write couldn't allocate urb");
+ return -ENOMEM;
+ }
+
+ buf_out = kmalloc(size, GFP_KERNEL);
+ if (!buf_out) {
+ usb_free_urb(urb);
+ return -ENOMEM;
+ }
+
+ init_completion(&tx_done);
+
+ /* outbound data */
+ if (usb_endpoint_xfer_int(ir->usb_ep_out))
+ usb_fill_int_urb(urb, ir->usbdev, ir->pipe_out,
+ buf_out, size, mce_write_callback, &tx_done,
+ ir->usb_ep_out->bInterval);
+ else
+ usb_fill_bulk_urb(urb, ir->usbdev, ir->pipe_out,
+ buf_out, size, mce_write_callback, &tx_done);
+ memcpy(buf_out, data, size);
+
+ ret = usb_submit_urb(urb, GFP_KERNEL);
+ if (ret) {
+ dev_err(dev, "Error: mce write submit urb error = %d", ret);
+ kfree(buf_out);
+ usb_free_urb(urb);
+ return ret;
+ }
+
+ expire = msecs_to_jiffies(USB_TX_TIMEOUT);
+ ret_wait = wait_for_completion_timeout(&tx_done, expire);
+ if (!ret_wait) {
+ dev_err(dev, "Error: mce write timed out (expire = %lu (%dms))",
+ expire, USB_TX_TIMEOUT);
+ usb_kill_urb(urb);
+ ret = (urb->status == -ENOENT ? -ETIMEDOUT : urb->status);
+ } else {
+ ret = urb->status;
+ }
+ if (ret >= 0)
+ ret = urb->actual_length; /* bytes written */
switch (urb->status) {
/* success */
case 0:
- len = urb->actual_length;
-
- mceusb_dev_printdata(ir, urb->transfer_buffer, len,
- 0, len, true);
break;
case -ECONNRESET:
@@ -790,140 +852,135 @@ static void mce_async_callback(struct urb *urb)
break;
case -EPIPE:
- dev_err(ir->dev, "Error: request urb status = %d (TX HALT)",
+ dev_err(ir->dev, "Error: mce write urb status = %d (TX HALT)",
urb->status);
mceusb_defer_kevent(ir, EVENT_TX_HALT);
break;
default:
- dev_err(ir->dev, "Error: request urb status = %d", urb->status);
+ dev_err(ir->dev, "Error: mce write urb status = %d",
+ urb->status);
break;
}
- /* the transfer buffer and urb were allocated in mce_request_packet */
- kfree(urb->transfer_buffer);
- usb_free_urb(urb);
-}
-
-/* request outgoing (send) usb packet - used to initialize remote */
-static void mce_request_packet(struct mceusb_dev *ir, unsigned char *data,
- int size)
-{
- int res;
- struct urb *async_urb;
- struct device *dev = ir->dev;
- unsigned char *async_buf;
+ dev_dbg(dev, "tx done status = %d (wait = %lu, expire = %lu (%dms), urb->actual_length = %d, urb->status = %d)",
+ ret, ret_wait, expire, USB_TX_TIMEOUT,
+ urb->actual_length, urb->status);
- async_urb = usb_alloc_urb(0, GFP_KERNEL);
- if (unlikely(!async_urb)) {
- dev_err(dev, "Error, couldn't allocate urb!");
- return;
- }
-
- async_buf = kmalloc(size, GFP_KERNEL);
- if (!async_buf) {
- usb_free_urb(async_urb);
- return;
- }
-
- /* outbound data */
- if (usb_endpoint_xfer_int(ir->usb_ep_out))
- usb_fill_int_urb(async_urb, ir->usbdev, ir->pipe_out,
- async_buf, size, mce_async_callback, ir,
- ir->usb_ep_out->bInterval);
- else
- usb_fill_bulk_urb(async_urb, ir->usbdev, ir->pipe_out,
- async_buf, size, mce_async_callback, ir);
-
- memcpy(async_buf, data, size);
-
- dev_dbg(dev, "send request called (size=%#x)", size);
+ kfree(buf_out);
+ usb_free_urb(urb);
- res = usb_submit_urb(async_urb, GFP_ATOMIC);
- if (res) {
- dev_err(dev, "send request FAILED! (res=%d)", res);
- kfree(async_buf);
- usb_free_urb(async_urb);
- return;
- }
- dev_dbg(dev, "send request complete (res=%d)", res);
+ return ret;
}
-static void mce_async_out(struct mceusb_dev *ir, unsigned char *data, int size)
+static void mce_command_out(struct mceusb_dev *ir, u8 *data, int size)
{
int rsize = sizeof(DEVICE_RESUME);
if (ir->need_reset) {
ir->need_reset = false;
- mce_request_packet(ir, DEVICE_RESUME, rsize);
+ mce_write(ir, DEVICE_RESUME, rsize);
msleep(10);
}
- mce_request_packet(ir, data, size);
+ mce_write(ir, data, size);
msleep(10);
}
-/* Send data out the IR blaster port(s) */
+/*
+ * Transmit IR out the MCE device IR blaster port(s).
+ *
+ * Convert IR pulse/space sequence from LIRC to MCE format.
+ * Break up a long IR sequence into multiple parts (MCE IR data packets).
+ *
+ * u32 txbuf[] consists of IR pulse, space, ..., and pulse times in usec.
+ * Pulses and spaces are implicit by their position.
+ * The first IR sample, txbuf[0], is always a pulse.
+ *
+ * u8 irbuf[] consists of multiple IR data packets for the MCE device.
+ * A packet is 1 u8 MCE_IRDATA_HEADER and up to 30 u8 IR samples.
+ * An IR sample is 1-bit pulse/space flag with 7-bit time
+ * in MCE time units (50usec).
+ *
+ * Return: The number of IR samples sent (> 0) or errno (< 0).
+ */
static int mceusb_tx_ir(struct rc_dev *dev, unsigned *txbuf, unsigned count)
{
struct mceusb_dev *ir = dev->priv;
- int i, length, ret = 0;
- int cmdcount = 0;
- unsigned char cmdbuf[MCE_CMDBUF_SIZE];
-
- /* MCE tx init header */
- cmdbuf[cmdcount++] = MCE_CMD_PORT_IR;
- cmdbuf[cmdcount++] = MCE_CMD_SETIRTXPORTS;
- cmdbuf[cmdcount++] = ir->tx_mask;
+ u8 cmdbuf[3] = { MCE_CMD_PORT_IR, MCE_CMD_SETIRTXPORTS, 0x00 };
+ u8 irbuf[MCE_IRBUF_SIZE];
+ int ircount = 0;
+ unsigned int irsample;
+ int i, length, ret;
/* Send the set TX ports command */
- mce_async_out(ir, cmdbuf, cmdcount);
- cmdcount = 0;
-
- /* Generate mce packet data */
- for (i = 0; (i < count) && (cmdcount < MCE_CMDBUF_SIZE); i++) {
- txbuf[i] = txbuf[i] / MCE_TIME_UNIT;
-
- do { /* loop to support long pulses/spaces > 127*50us=6.35ms */
-
- /* Insert mce packet header every 4th entry */
- if ((cmdcount < MCE_CMDBUF_SIZE) &&
- (cmdcount % MCE_CODE_LENGTH) == 0)
- cmdbuf[cmdcount++] = MCE_IRDATA_HEADER;
-
- /* Insert mce packet data */
- if (cmdcount < MCE_CMDBUF_SIZE)
- cmdbuf[cmdcount++] =
- (txbuf[i] < MCE_PULSE_BIT ?
- txbuf[i] : MCE_MAX_PULSE_LENGTH) |
- (i & 1 ? 0x00 : MCE_PULSE_BIT);
- else {
- ret = -EINVAL;
- goto out;
+ cmdbuf[2] = ir->tx_mask;
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
+
+ /* Generate mce IR data packet */
+ for (i = 0; i < count; i++) {
+ irsample = txbuf[i] / MCE_TIME_UNIT;
+
+ /* loop to support long pulses/spaces > 6350us (127*50us) */
+ while (irsample > 0) {
+ /* Insert IR header every 30th entry */
+ if (ircount % MCE_PACKET_SIZE == 0) {
+ /* Room for IR header and one IR sample? */
+ if (ircount >= MCE_IRBUF_SIZE - 1) {
+ /* Send near full buffer */
+ ret = mce_write(ir, irbuf, ircount);
+ if (ret < 0)
+ return ret;
+ ircount = 0;
+ }
+ irbuf[ircount++] = MCE_IRDATA_HEADER;
}
- } while ((txbuf[i] > MCE_MAX_PULSE_LENGTH) &&
- (txbuf[i] -= MCE_MAX_PULSE_LENGTH));
- }
-
- /* Check if we have room for the empty packet at the end */
- if (cmdcount >= MCE_CMDBUF_SIZE) {
- ret = -EINVAL;
- goto out;
- }
+ /* Insert IR sample */
+ if (irsample <= MCE_MAX_PULSE_LENGTH) {
+ irbuf[ircount] = irsample;
+ irsample = 0;
+ } else {
+ irbuf[ircount] = MCE_MAX_PULSE_LENGTH;
+ irsample -= MCE_MAX_PULSE_LENGTH;
+ }
+ /*
+ * Even i = IR pulse
+ * Odd i = IR space
+ */
+ irbuf[ircount] |= (i & 1 ? 0 : MCE_PULSE_BIT);
+ ircount++;
+
+ /* IR buffer full? */
+ if (ircount >= MCE_IRBUF_SIZE) {
+ /* Fix packet length in last header */
+ length = ircount % MCE_PACKET_SIZE;
+ if (length > 0)
+ irbuf[ircount - length] -=
+ MCE_PACKET_SIZE - length;
+ /* Send full buffer */
+ ret = mce_write(ir, irbuf, ircount);
+ if (ret < 0)
+ return ret;
+ ircount = 0;
+ }
+ }
+ } /* after for loop, 0 <= ircount < MCE_IRBUF_SIZE */
/* Fix packet length in last header */
- length = cmdcount % MCE_CODE_LENGTH;
- cmdbuf[cmdcount - length] -= MCE_CODE_LENGTH - length;
+ length = ircount % MCE_PACKET_SIZE;
+ if (length > 0)
+ irbuf[ircount - length] -= MCE_PACKET_SIZE - length;
- /* All mce commands end with an empty packet (0x80) */
- cmdbuf[cmdcount++] = MCE_IRDATA_TRAILER;
+ /* Append IR trailer (0x80) to final partial (or empty) IR buffer */
+ irbuf[ircount++] = MCE_IRDATA_TRAILER;
- /* Transmit the command to the mce device */
- mce_async_out(ir, cmdbuf, cmdcount);
+ /* Send final buffer */
+ ret = mce_write(ir, irbuf, ircount);
+ if (ret < 0)
+ return ret;
-out:
- return ret ? ret : count;
+ return count;
}
/* Sets active IR outputs -- mce devices typically have two */
@@ -963,7 +1020,7 @@ static int mceusb_set_tx_carrier(struct rc_dev *dev, u32 carrier)
cmdbuf[2] = MCE_CMD_SIG_END;
cmdbuf[3] = MCE_IRDATA_TRAILER;
dev_dbg(ir->dev, "disabling carrier modulation");
- mce_async_out(ir, cmdbuf, sizeof(cmdbuf));
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
return 0;
}
@@ -977,7 +1034,7 @@ static int mceusb_set_tx_carrier(struct rc_dev *dev, u32 carrier)
carrier);
/* Transmit new carrier to mce device */
- mce_async_out(ir, cmdbuf, sizeof(cmdbuf));
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
return 0;
}
}
@@ -1000,10 +1057,10 @@ static int mceusb_set_timeout(struct rc_dev *dev, unsigned int timeout)
cmdbuf[2] = units >> 8;
cmdbuf[3] = units;
- mce_async_out(ir, cmdbuf, sizeof(cmdbuf));
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
/* get receiver timeout value */
- mce_async_out(ir, GET_RX_TIMEOUT, sizeof(GET_RX_TIMEOUT));
+ mce_command_out(ir, GET_RX_TIMEOUT, sizeof(GET_RX_TIMEOUT));
return 0;
}
@@ -1028,7 +1085,7 @@ static int mceusb_set_rx_wideband(struct rc_dev *dev, int enable)
ir->wideband_rx_enabled = false;
cmdbuf[2] = 1; /* port 1 is long range receiver */
}
- mce_async_out(ir, cmdbuf, sizeof(cmdbuf));
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
/* response from device sets ir->learning_active */
return 0;
@@ -1051,7 +1108,7 @@ static int mceusb_set_rx_carrier_report(struct rc_dev *dev, int enable)
ir->carrier_report_enabled = true;
if (!ir->learning_active) {
cmdbuf[2] = 2; /* port 2 is short range receiver */
- mce_async_out(ir, cmdbuf, sizeof(cmdbuf));
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
}
} else {
ir->carrier_report_enabled = false;
@@ -1062,7 +1119,7 @@ static int mceusb_set_rx_carrier_report(struct rc_dev *dev, int enable)
*/
if (ir->learning_active && !ir->wideband_rx_enabled) {
cmdbuf[2] = 1; /* port 1 is long range receiver */
- mce_async_out(ir, cmdbuf, sizeof(cmdbuf));
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
}
}
@@ -1141,6 +1198,7 @@ static void mceusb_handle_command(struct mceusb_dev *ir, int index)
}
break;
case MCE_RSP_CMD_ILLEGAL:
+ case MCE_RSP_TX_TIMEOUT:
ir->need_reset = true;
break;
default:
@@ -1279,7 +1337,7 @@ static void mceusb_get_emulator_version(struct mceusb_dev *ir)
{
/* If we get no reply or an illegal command reply, its ver 1, says MS */
ir->emver = 1;
- mce_async_out(ir, GET_EMVER, sizeof(GET_EMVER));
+ mce_command_out(ir, GET_EMVER, sizeof(GET_EMVER));
}
static void mceusb_gen1_init(struct mceusb_dev *ir)
@@ -1325,10 +1383,10 @@ static void mceusb_gen1_init(struct mceusb_dev *ir)
dev_dbg(dev, "set handshake - retC = %d", ret);
/* device resume */
- mce_async_out(ir, DEVICE_RESUME, sizeof(DEVICE_RESUME));
+ mce_command_out(ir, DEVICE_RESUME, sizeof(DEVICE_RESUME));
/* get hw/sw revision? */
- mce_async_out(ir, GET_REVISION, sizeof(GET_REVISION));
+ mce_command_out(ir, GET_REVISION, sizeof(GET_REVISION));
kfree(data);
}
@@ -1336,13 +1394,13 @@ static void mceusb_gen1_init(struct mceusb_dev *ir)
static void mceusb_gen2_init(struct mceusb_dev *ir)
{
/* device resume */
- mce_async_out(ir, DEVICE_RESUME, sizeof(DEVICE_RESUME));
+ mce_command_out(ir, DEVICE_RESUME, sizeof(DEVICE_RESUME));
/* get wake version (protocol, key, address) */
- mce_async_out(ir, GET_WAKEVERSION, sizeof(GET_WAKEVERSION));
+ mce_command_out(ir, GET_WAKEVERSION, sizeof(GET_WAKEVERSION));
/* unknown what this one actually returns... */
- mce_async_out(ir, GET_UNKNOWN2, sizeof(GET_UNKNOWN2));
+ mce_command_out(ir, GET_UNKNOWN2, sizeof(GET_UNKNOWN2));
}
static void mceusb_get_parameters(struct mceusb_dev *ir)
@@ -1356,24 +1414,24 @@ static void mceusb_get_parameters(struct mceusb_dev *ir)
ir->num_rxports = 2;
/* get number of tx and rx ports */
- mce_async_out(ir, GET_NUM_PORTS, sizeof(GET_NUM_PORTS));
+ mce_command_out(ir, GET_NUM_PORTS, sizeof(GET_NUM_PORTS));
/* get the carrier and frequency */
- mce_async_out(ir, GET_CARRIER_FREQ, sizeof(GET_CARRIER_FREQ));
+ mce_command_out(ir, GET_CARRIER_FREQ, sizeof(GET_CARRIER_FREQ));
if (ir->num_txports && !ir->flags.no_tx)
/* get the transmitter bitmask */
- mce_async_out(ir, GET_TX_BITMASK, sizeof(GET_TX_BITMASK));
+ mce_command_out(ir, GET_TX_BITMASK, sizeof(GET_TX_BITMASK));
/* get receiver timeout value */
- mce_async_out(ir, GET_RX_TIMEOUT, sizeof(GET_RX_TIMEOUT));
+ mce_command_out(ir, GET_RX_TIMEOUT, sizeof(GET_RX_TIMEOUT));
/* get receiver sensor setting */
- mce_async_out(ir, GET_RX_SENSOR, sizeof(GET_RX_SENSOR));
+ mce_command_out(ir, GET_RX_SENSOR, sizeof(GET_RX_SENSOR));
for (i = 0; i < ir->num_txports; i++) {
cmdbuf[2] = i;
- mce_async_out(ir, cmdbuf, sizeof(cmdbuf));
+ mce_command_out(ir, cmdbuf, sizeof(cmdbuf));
}
}
@@ -1382,7 +1440,7 @@ static void mceusb_flash_led(struct mceusb_dev *ir)
if (ir->emver < 2)
return;
- mce_async_out(ir, FLASH_LED, sizeof(FLASH_LED));
+ mce_command_out(ir, FLASH_LED, sizeof(FLASH_LED));
}
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 127/313] media: dvb-frontends: use ida for pll number
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (124 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 126/313] media: mceusb: fix (eliminate) TX IR signal length limit Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 128/313] posix-cpu-timers: Sanitize bogus WARNONS Greg Kroah-Hartman
` (190 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+8a8f48672560c8ca59dd,
Sean Young, Mauro Carvalho Chehab, Sasha Levin
From: Sean Young <sean@mess.org>
[ Upstream commit c268e7adea52be0093de1164c425f3c8d8927770 ]
KASAN: global-out-of-bounds Read in dvb_pll_attach
Syzbot reported global-out-of-bounds Read in dvb_pll_attach, while
accessing id[dvb_pll_devcount], because dvb_pll_devcount was 65,
that is more than size of 'id' which is DVB_PLL_MAX(64).
Rather than increasing dvb_pll_devcount every time, use ida so that
numbers are allocated correctly. This does mean that no more than
64 devices can be attached at the same time, but this is more than
sufficient.
usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the
software demuxer
dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
usb 1-1: media controller created
dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
tc90522 0-0018: Toshiba TC90522 attached.
usb 1-1: DVB: registering adapter 0 frontend 0 (Toshiba TC90522 ISDB-T
module)...
dvbdev: dvb_create_media_entity: media entity 'Toshiba TC90522 ISDB-T
module' registered.
==================================================================
BUG: KASAN: global-out-of-bounds in dvb_pll_attach+0x6c5/0x830
drivers/media/dvb-frontends/dvb-pll.c:798
Read of size 4 at addr ffffffff89c9e5e0 by task kworker/0:1/12
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc6+ #13
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xca/0x13e lib/dump_stack.c:113
print_address_description+0x67/0x231 mm/kasan/report.c:188
__kasan_report.cold+0x1a/0x32 mm/kasan/report.c:317
kasan_report+0xe/0x20 mm/kasan/common.c:614
dvb_pll_attach+0x6c5/0x830 drivers/media/dvb-frontends/dvb-pll.c:798
dvb_pll_probe+0xfe/0x174 drivers/media/dvb-frontends/dvb-pll.c:877
i2c_device_probe+0x790/0xaa0 drivers/i2c/i2c-core-base.c:389
really_probe+0x281/0x660 drivers/base/dd.c:509
driver_probe_device+0x104/0x210 drivers/base/dd.c:670
__device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777
bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454
__device_attach+0x217/0x360 drivers/base/dd.c:843
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:514
device_add+0xae6/0x16f0 drivers/base/core.c:2111
i2c_new_client_device+0x5b3/0xc40 drivers/i2c/i2c-core-base.c:778
i2c_new_device+0x19/0x50 drivers/i2c/i2c-core-base.c:821
dvb_module_probe+0xf9/0x220 drivers/media/dvb-core/dvbdev.c:985
friio_tuner_attach+0x125/0x1d0 drivers/media/usb/dvb-usb-v2/gl861.c:536
dvb_usbv2_adapter_frontend_init
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:675 [inline]
dvb_usbv2_adapter_init drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:804
[inline]
dvb_usbv2_init drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:865 [inline]
dvb_usbv2_probe.cold+0x24dc/0x255d
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:980
usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361
really_probe+0x281/0x660 drivers/base/dd.c:509
driver_probe_device+0x104/0x210 drivers/base/dd.c:670
__device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777
bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454
__device_attach+0x217/0x360 drivers/base/dd.c:843
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:514
device_add+0xae6/0x16f0 drivers/base/core.c:2111
usb_set_configuration+0xdf6/0x1670 drivers/usb/core/message.c:2023
generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210
usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266
really_probe+0x281/0x660 drivers/base/dd.c:509
driver_probe_device+0x104/0x210 drivers/base/dd.c:670
__device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777
bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454
__device_attach+0x217/0x360 drivers/base/dd.c:843
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:514
device_add+0xae6/0x16f0 drivers/base/core.c:2111
usb_new_device.cold+0x8c1/0x1016 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x1ada/0x3590 drivers/usb/core/hub.c:5432
process_one_work+0x905/0x1570 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x7ab/0xe20 kernel/workqueue.c:2417
kthread+0x30b/0x410 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
The buggy address belongs to the variable:
id+0x100/0x120
Memory state around the buggy address:
ffffffff89c9e480: fa fa fa fa 00 00 fa fa fa fa fa fa 00 00 00 00
ffffffff89c9e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffffffff89c9e580: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
^
ffffffff89c9e600: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa
ffffffff89c9e680: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa
==================================================================
Reported-by: syzbot+8a8f48672560c8ca59dd@syzkaller.appspotmail.com
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/dvb-pll.c | 40 ++++++++++++++++-----------
1 file changed, 24 insertions(+), 16 deletions(-)
diff --git a/drivers/media/dvb-frontends/dvb-pll.c b/drivers/media/dvb-frontends/dvb-pll.c
index ba0c49107bd28..d45b4ddc8f912 100644
--- a/drivers/media/dvb-frontends/dvb-pll.c
+++ b/drivers/media/dvb-frontends/dvb-pll.c
@@ -9,6 +9,7 @@
#include <linux/slab.h>
#include <linux/module.h>
+#include <linux/idr.h>
#include <linux/dvb/frontend.h>
#include <asm/types.h>
@@ -34,8 +35,7 @@ struct dvb_pll_priv {
};
#define DVB_PLL_MAX 64
-
-static unsigned int dvb_pll_devcount;
+static DEFINE_IDA(pll_ida);
static int debug;
module_param(debug, int, 0644);
@@ -787,6 +787,7 @@ struct dvb_frontend *dvb_pll_attach(struct dvb_frontend *fe, int pll_addr,
struct dvb_pll_priv *priv = NULL;
int ret;
const struct dvb_pll_desc *desc;
+ int nr;
b1 = kmalloc(1, GFP_KERNEL);
if (!b1)
@@ -795,9 +796,14 @@ struct dvb_frontend *dvb_pll_attach(struct dvb_frontend *fe, int pll_addr,
b1[0] = 0;
msg.buf = b1;
- if ((id[dvb_pll_devcount] > DVB_PLL_UNDEFINED) &&
- (id[dvb_pll_devcount] < ARRAY_SIZE(pll_list)))
- pll_desc_id = id[dvb_pll_devcount];
+ nr = ida_simple_get(&pll_ida, 0, DVB_PLL_MAX, GFP_KERNEL);
+ if (nr < 0) {
+ kfree(b1);
+ return NULL;
+ }
+
+ if (id[nr] > DVB_PLL_UNDEFINED && id[nr] < ARRAY_SIZE(pll_list))
+ pll_desc_id = id[nr];
BUG_ON(pll_desc_id < 1 || pll_desc_id >= ARRAY_SIZE(pll_list));
@@ -808,24 +814,20 @@ struct dvb_frontend *dvb_pll_attach(struct dvb_frontend *fe, int pll_addr,
fe->ops.i2c_gate_ctrl(fe, 1);
ret = i2c_transfer (i2c, &msg, 1);
- if (ret != 1) {
- kfree(b1);
- return NULL;
- }
+ if (ret != 1)
+ goto out;
if (fe->ops.i2c_gate_ctrl)
fe->ops.i2c_gate_ctrl(fe, 0);
}
priv = kzalloc(sizeof(struct dvb_pll_priv), GFP_KERNEL);
- if (!priv) {
- kfree(b1);
- return NULL;
- }
+ if (!priv)
+ goto out;
priv->pll_i2c_address = pll_addr;
priv->i2c = i2c;
priv->pll_desc = desc;
- priv->nr = dvb_pll_devcount++;
+ priv->nr = nr;
memcpy(&fe->ops.tuner_ops, &dvb_pll_tuner_ops,
sizeof(struct dvb_tuner_ops));
@@ -858,6 +860,11 @@ struct dvb_frontend *dvb_pll_attach(struct dvb_frontend *fe, int pll_addr,
kfree(b1);
return fe;
+out:
+ kfree(b1);
+ ida_simple_remove(&pll_ida, nr);
+
+ return NULL;
}
EXPORT_SYMBOL(dvb_pll_attach);
@@ -894,9 +901,10 @@ dvb_pll_probe(struct i2c_client *client, const struct i2c_device_id *id)
static int dvb_pll_remove(struct i2c_client *client)
{
- struct dvb_frontend *fe;
+ struct dvb_frontend *fe = i2c_get_clientdata(client);
+ struct dvb_pll_priv *priv = fe->tuner_priv;
- fe = i2c_get_clientdata(client);
+ ida_simple_remove(&pll_ida, priv->nr);
dvb_pll_release(fe);
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 128/313] posix-cpu-timers: Sanitize bogus WARNONS
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (125 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 127/313] media: dvb-frontends: use ida for pll number Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 129/313] media: dvb-core: fix a memory leak bug Greg Kroah-Hartman
` (189 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Frederic Weisbecker,
Sasha Levin
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 692117c1f7a6770ed41dd8f277cd9fed1dfb16f1 ]
Warning when p == NULL and then proceeding and dereferencing p does not
make any sense as the kernel will crash with a NULL pointer dereference
right away.
Bailing out when p == NULL and returning an error code does not cure the
underlying problem which caused p to be NULL. Though it might allow to
do proper debugging.
Same applies to the clock id check in set_process_cpu_timer().
Clean them up and make them return without trying to do further damage.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Link: https://lkml.kernel.org/r/20190819143801.846497772@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/time/posix-cpu-timers.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c
index 0a426f4e31251..5bbad147a90cf 100644
--- a/kernel/time/posix-cpu-timers.c
+++ b/kernel/time/posix-cpu-timers.c
@@ -375,7 +375,8 @@ static int posix_cpu_timer_del(struct k_itimer *timer)
struct sighand_struct *sighand;
struct task_struct *p = timer->it.cpu.task;
- WARN_ON_ONCE(p == NULL);
+ if (WARN_ON_ONCE(!p))
+ return -EINVAL;
/*
* Protect against sighand release/switch in exit/exec and process/
@@ -580,7 +581,8 @@ static int posix_cpu_timer_set(struct k_itimer *timer, int timer_flags,
u64 old_expires, new_expires, old_incr, val;
int ret;
- WARN_ON_ONCE(p == NULL);
+ if (WARN_ON_ONCE(!p))
+ return -EINVAL;
/*
* Use the to_ktime conversion because that clamps the maximum
@@ -715,10 +717,11 @@ static int posix_cpu_timer_set(struct k_itimer *timer, int timer_flags,
static void posix_cpu_timer_get(struct k_itimer *timer, struct itimerspec64 *itp)
{
- u64 now;
struct task_struct *p = timer->it.cpu.task;
+ u64 now;
- WARN_ON_ONCE(p == NULL);
+ if (WARN_ON_ONCE(!p))
+ return;
/*
* Easy part: convert the reload time.
@@ -1000,12 +1003,13 @@ static void check_process_timers(struct task_struct *tsk,
*/
static void posix_cpu_timer_rearm(struct k_itimer *timer)
{
+ struct task_struct *p = timer->it.cpu.task;
struct sighand_struct *sighand;
unsigned long flags;
- struct task_struct *p = timer->it.cpu.task;
u64 now;
- WARN_ON_ONCE(p == NULL);
+ if (WARN_ON_ONCE(!p))
+ return;
/*
* Fetch the current sample and update the timer's expiry time.
@@ -1202,7 +1206,9 @@ void set_process_cpu_timer(struct task_struct *tsk, unsigned int clock_idx,
u64 now;
int ret;
- WARN_ON_ONCE(clock_idx == CPUCLOCK_SCHED);
+ if (WARN_ON_ONCE(clock_idx >= CPUCLOCK_SCHED))
+ return;
+
ret = cpu_timer_sample_group(clock_idx, tsk, &now);
if (oldval && ret != -EINVAL) {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 129/313] media: dvb-core: fix a memory leak bug
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (126 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 128/313] posix-cpu-timers: Sanitize bogus WARNONS Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 130/313] EDAC/amd64: Support more than two controllers for chip selects handling Greg Kroah-Hartman
` (188 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
From: Wenwen Wang <wenwen@cs.uga.edu>
[ Upstream commit fcd5ce4b3936242e6679875a4d3c3acfc8743e15 ]
In dvb_create_media_entity(), 'dvbdev->entity' is allocated through
kzalloc(). Then, 'dvbdev->pads' is allocated through kcalloc(). However, if
kcalloc() fails, the allocated 'dvbdev->entity' is not deallocated, leading
to a memory leak bug. To fix this issue, free 'dvbdev->entity' before
returning -ENOMEM.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-core/dvbdev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
index a3393cd4e584f..7557fbf9d3068 100644
--- a/drivers/media/dvb-core/dvbdev.c
+++ b/drivers/media/dvb-core/dvbdev.c
@@ -339,8 +339,10 @@ static int dvb_create_media_entity(struct dvb_device *dvbdev,
if (npads) {
dvbdev->pads = kcalloc(npads, sizeof(*dvbdev->pads),
GFP_KERNEL);
- if (!dvbdev->pads)
+ if (!dvbdev->pads) {
+ kfree(dvbdev->entity);
return -ENOMEM;
+ }
}
switch (type) {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 130/313] EDAC/amd64: Support more than two controllers for chip selects handling
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (127 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 129/313] media: dvb-core: fix a memory leak bug Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 131/313] libperf: Fix alignment trap with xyarray contents in perf stat Greg Kroah-Hartman
` (187 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yazen Ghannam, Borislav Petkov,
linux-edac, James Morse, Mauro Carvalho Chehab, Tony Luck,
Sasha Levin
From: Yazen Ghannam <yazen.ghannam@amd.com>
[ Upstream commit d971e28e2ce4696fcc32998c8aced5e47701fffe ]
The struct chip_select array that's used for saving chip select bases
and masks is fixed at length of two. There should be one struct
chip_select for each controller, so this array should be increased to
support systems that may have more than two controllers.
Increase the size of the struct chip_select array to eight, which is the
largest number of controllers per die currently supported on AMD
systems.
Fix number of DIMMs and Chip Select bases/masks on Family17h, because
AMD Family 17h systems support 2 DIMMs, 4 CS bases, and 2 CS masks per
channel.
Also, carve out the Family 17h+ reading of the bases/masks into a
separate function. This effectively reverts the original bases/masks
reading code to before Family 17h support was added.
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: James Morse <james.morse@arm.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Link: https://lkml.kernel.org/r/20190821235938.118710-2-Yazen.Ghannam@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/amd64_edac.c | 123 +++++++++++++++++++++-----------------
drivers/edac/amd64_edac.h | 5 +-
2 files changed, 71 insertions(+), 57 deletions(-)
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index 873437be86d9c..dd60cf5a3d969 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -810,7 +810,7 @@ static void debug_display_dimm_sizes_df(struct amd64_pvt *pvt, u8 ctrl)
edac_printk(KERN_DEBUG, EDAC_MC, "UMC%d chip selects:\n", ctrl);
- for (dimm = 0; dimm < 4; dimm++) {
+ for (dimm = 0; dimm < 2; dimm++) {
size0 = 0;
cs0 = dimm * 2;
@@ -942,89 +942,102 @@ static void prep_chip_selects(struct amd64_pvt *pvt)
} else if (pvt->fam == 0x15 && pvt->model == 0x30) {
pvt->csels[0].b_cnt = pvt->csels[1].b_cnt = 4;
pvt->csels[0].m_cnt = pvt->csels[1].m_cnt = 2;
+ } else if (pvt->fam >= 0x17) {
+ int umc;
+
+ for_each_umc(umc) {
+ pvt->csels[umc].b_cnt = 4;
+ pvt->csels[umc].m_cnt = 2;
+ }
+
} else {
pvt->csels[0].b_cnt = pvt->csels[1].b_cnt = 8;
pvt->csels[0].m_cnt = pvt->csels[1].m_cnt = 4;
}
}
+static void read_umc_base_mask(struct amd64_pvt *pvt)
+{
+ u32 umc_base_reg, umc_mask_reg;
+ u32 base_reg, mask_reg;
+ u32 *base, *mask;
+ int cs, umc;
+
+ for_each_umc(umc) {
+ umc_base_reg = get_umc_base(umc) + UMCCH_BASE_ADDR;
+
+ for_each_chip_select(cs, umc, pvt) {
+ base = &pvt->csels[umc].csbases[cs];
+
+ base_reg = umc_base_reg + (cs * 4);
+
+ if (!amd_smn_read(pvt->mc_node_id, base_reg, base))
+ edac_dbg(0, " DCSB%d[%d]=0x%08x reg: 0x%x\n",
+ umc, cs, *base, base_reg);
+ }
+
+ umc_mask_reg = get_umc_base(umc) + UMCCH_ADDR_MASK;
+
+ for_each_chip_select_mask(cs, umc, pvt) {
+ mask = &pvt->csels[umc].csmasks[cs];
+
+ mask_reg = umc_mask_reg + (cs * 4);
+
+ if (!amd_smn_read(pvt->mc_node_id, mask_reg, mask))
+ edac_dbg(0, " DCSM%d[%d]=0x%08x reg: 0x%x\n",
+ umc, cs, *mask, mask_reg);
+ }
+ }
+}
+
/*
* Function 2 Offset F10_DCSB0; read in the DCS Base and DCS Mask registers
*/
static void read_dct_base_mask(struct amd64_pvt *pvt)
{
- int base_reg0, base_reg1, mask_reg0, mask_reg1, cs;
+ int cs;
prep_chip_selects(pvt);
- if (pvt->umc) {
- base_reg0 = get_umc_base(0) + UMCCH_BASE_ADDR;
- base_reg1 = get_umc_base(1) + UMCCH_BASE_ADDR;
- mask_reg0 = get_umc_base(0) + UMCCH_ADDR_MASK;
- mask_reg1 = get_umc_base(1) + UMCCH_ADDR_MASK;
- } else {
- base_reg0 = DCSB0;
- base_reg1 = DCSB1;
- mask_reg0 = DCSM0;
- mask_reg1 = DCSM1;
- }
+ if (pvt->umc)
+ return read_umc_base_mask(pvt);
for_each_chip_select(cs, 0, pvt) {
- int reg0 = base_reg0 + (cs * 4);
- int reg1 = base_reg1 + (cs * 4);
+ int reg0 = DCSB0 + (cs * 4);
+ int reg1 = DCSB1 + (cs * 4);
u32 *base0 = &pvt->csels[0].csbases[cs];
u32 *base1 = &pvt->csels[1].csbases[cs];
- if (pvt->umc) {
- if (!amd_smn_read(pvt->mc_node_id, reg0, base0))
- edac_dbg(0, " DCSB0[%d]=0x%08x reg: 0x%x\n",
- cs, *base0, reg0);
-
- if (!amd_smn_read(pvt->mc_node_id, reg1, base1))
- edac_dbg(0, " DCSB1[%d]=0x%08x reg: 0x%x\n",
- cs, *base1, reg1);
- } else {
- if (!amd64_read_dct_pci_cfg(pvt, 0, reg0, base0))
- edac_dbg(0, " DCSB0[%d]=0x%08x reg: F2x%x\n",
- cs, *base0, reg0);
+ if (!amd64_read_dct_pci_cfg(pvt, 0, reg0, base0))
+ edac_dbg(0, " DCSB0[%d]=0x%08x reg: F2x%x\n",
+ cs, *base0, reg0);
- if (pvt->fam == 0xf)
- continue;
+ if (pvt->fam == 0xf)
+ continue;
- if (!amd64_read_dct_pci_cfg(pvt, 1, reg0, base1))
- edac_dbg(0, " DCSB1[%d]=0x%08x reg: F2x%x\n",
- cs, *base1, (pvt->fam == 0x10) ? reg1
- : reg0);
- }
+ if (!amd64_read_dct_pci_cfg(pvt, 1, reg0, base1))
+ edac_dbg(0, " DCSB1[%d]=0x%08x reg: F2x%x\n",
+ cs, *base1, (pvt->fam == 0x10) ? reg1
+ : reg0);
}
for_each_chip_select_mask(cs, 0, pvt) {
- int reg0 = mask_reg0 + (cs * 4);
- int reg1 = mask_reg1 + (cs * 4);
+ int reg0 = DCSM0 + (cs * 4);
+ int reg1 = DCSM1 + (cs * 4);
u32 *mask0 = &pvt->csels[0].csmasks[cs];
u32 *mask1 = &pvt->csels[1].csmasks[cs];
- if (pvt->umc) {
- if (!amd_smn_read(pvt->mc_node_id, reg0, mask0))
- edac_dbg(0, " DCSM0[%d]=0x%08x reg: 0x%x\n",
- cs, *mask0, reg0);
-
- if (!amd_smn_read(pvt->mc_node_id, reg1, mask1))
- edac_dbg(0, " DCSM1[%d]=0x%08x reg: 0x%x\n",
- cs, *mask1, reg1);
- } else {
- if (!amd64_read_dct_pci_cfg(pvt, 0, reg0, mask0))
- edac_dbg(0, " DCSM0[%d]=0x%08x reg: F2x%x\n",
- cs, *mask0, reg0);
+ if (!amd64_read_dct_pci_cfg(pvt, 0, reg0, mask0))
+ edac_dbg(0, " DCSM0[%d]=0x%08x reg: F2x%x\n",
+ cs, *mask0, reg0);
- if (pvt->fam == 0xf)
- continue;
+ if (pvt->fam == 0xf)
+ continue;
- if (!amd64_read_dct_pci_cfg(pvt, 1, reg0, mask1))
- edac_dbg(0, " DCSM1[%d]=0x%08x reg: F2x%x\n",
- cs, *mask1, (pvt->fam == 0x10) ? reg1
- : reg0);
- }
+ if (!amd64_read_dct_pci_cfg(pvt, 1, reg0, mask1))
+ edac_dbg(0, " DCSM1[%d]=0x%08x reg: F2x%x\n",
+ cs, *mask1, (pvt->fam == 0x10) ? reg1
+ : reg0);
}
}
diff --git a/drivers/edac/amd64_edac.h b/drivers/edac/amd64_edac.h
index 8f66472f7adc2..4dce6a2ac75f9 100644
--- a/drivers/edac/amd64_edac.h
+++ b/drivers/edac/amd64_edac.h
@@ -96,6 +96,7 @@
/* Hardware limit on ChipSelect rows per MC and processors per system */
#define NUM_CHIPSELECTS 8
#define DRAM_RANGES 8
+#define NUM_CONTROLLERS 8
#define ON true
#define OFF false
@@ -351,8 +352,8 @@ struct amd64_pvt {
u32 dbam0; /* DRAM Base Address Mapping reg for DCT0 */
u32 dbam1; /* DRAM Base Address Mapping reg for DCT1 */
- /* one for each DCT */
- struct chip_select csels[2];
+ /* one for each DCT/UMC */
+ struct chip_select csels[NUM_CONTROLLERS];
/* DRAM base and limit pairs F1x[78,70,68,60,58,50,48,40] */
struct dram_range ranges[DRAM_RANGES];
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 131/313] libperf: Fix alignment trap with xyarray contents in perf stat
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (128 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 130/313] EDAC/amd64: Support more than two controllers for chip selects handling Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 132/313] EDAC/amd64: Recognize DRAM device type ECC capability Greg Kroah-Hartman
` (186 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gerald Baeza, Alexander Shishkin,
Alexandre Torgue, Andi Kleen, Jiri Olsa, Mathieu Poirier,
Namhyung Kim, Peter Zijlstra, Arnaldo Carvalho de Melo,
Sasha Levin
From: Gerald BAEZA <gerald.baeza@st.com>
[ Upstream commit d9c5c083416500e95da098c01be092b937def7fa ]
Following the patch 'perf stat: Fix --no-scale', an alignment trap
happens in process_counter_values() on ARMv7 platforms due to the
attempt to copy non 64 bits aligned double words (pointed by 'count')
via a NEON vectored instruction ('vld1' with 64 bits alignment
constraint).
This patch sets a 64 bits alignment constraint on 'contents[]' field in
'struct xyarray' since the 'count' pointer used above points to such a
structure.
Signed-off-by: Gerald Baeza <gerald.baeza@st.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexandre Torgue <alexandre.torgue@st.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1566464769-16374-1-git-send-email-gerald.baeza@st.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/xyarray.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/xyarray.h b/tools/perf/util/xyarray.h
index 7ffe562e7ae7f..2627b038b6f2a 100644
--- a/tools/perf/util/xyarray.h
+++ b/tools/perf/util/xyarray.h
@@ -2,6 +2,7 @@
#ifndef _PERF_XYARRAY_H_
#define _PERF_XYARRAY_H_ 1
+#include <linux/compiler.h>
#include <sys/types.h>
struct xyarray {
@@ -10,7 +11,7 @@ struct xyarray {
size_t entries;
size_t max_x;
size_t max_y;
- char contents[];
+ char contents[] __aligned(8);
};
struct xyarray *xyarray__new(int xlen, int ylen, size_t entry_size);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 132/313] EDAC/amd64: Recognize DRAM device type ECC capability
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (129 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 131/313] libperf: Fix alignment trap with xyarray contents in perf stat Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 133/313] EDAC/amd64: Decode syndrome before translating address Greg Kroah-Hartman
` (185 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yazen Ghannam, Borislav Petkov,
linux-edac, James Morse, Mauro Carvalho Chehab, Tony Luck,
Sasha Levin
From: Yazen Ghannam <yazen.ghannam@amd.com>
[ Upstream commit f8be8e5680225ac9caf07d4545f8529b7395327f ]
AMD Family 17h systems support x4 and x16 DRAM devices. However, the
device type is not checked when setting mci.edac_ctl_cap.
Set the appropriate capability flag based on the device type.
Default to x8 DRAM device when neither the x4 or x16 bits are set.
[ bp: reverse cpk_en check to save an indentation level. ]
Fixes: 2d09d8f301f5 ("EDAC, amd64: Determine EDAC MC capabilities on Fam17h")
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: James Morse <james.morse@arm.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Link: https://lkml.kernel.org/r/20190821235938.118710-3-Yazen.Ghannam@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/amd64_edac.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index dd60cf5a3d969..ffe56a8fe39da 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -3150,12 +3150,15 @@ static bool ecc_enabled(struct pci_dev *F3, u16 nid)
static inline void
f17h_determine_edac_ctl_cap(struct mem_ctl_info *mci, struct amd64_pvt *pvt)
{
- u8 i, ecc_en = 1, cpk_en = 1;
+ u8 i, ecc_en = 1, cpk_en = 1, dev_x4 = 1, dev_x16 = 1;
for_each_umc(i) {
if (pvt->umc[i].sdp_ctrl & UMC_SDP_INIT) {
ecc_en &= !!(pvt->umc[i].umc_cap_hi & UMC_ECC_ENABLED);
cpk_en &= !!(pvt->umc[i].umc_cap_hi & UMC_ECC_CHIPKILL_CAP);
+
+ dev_x4 &= !!(pvt->umc[i].dimm_cfg & BIT(6));
+ dev_x16 &= !!(pvt->umc[i].dimm_cfg & BIT(7));
}
}
@@ -3163,8 +3166,15 @@ f17h_determine_edac_ctl_cap(struct mem_ctl_info *mci, struct amd64_pvt *pvt)
if (ecc_en) {
mci->edac_ctl_cap |= EDAC_FLAG_SECDED;
- if (cpk_en)
+ if (!cpk_en)
+ return;
+
+ if (dev_x4)
mci->edac_ctl_cap |= EDAC_FLAG_S4ECD4ED;
+ else if (dev_x16)
+ mci->edac_ctl_cap |= EDAC_FLAG_S16ECD16ED;
+ else
+ mci->edac_ctl_cap |= EDAC_FLAG_S8ECD8ED;
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 133/313] EDAC/amd64: Decode syndrome before translating address
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (130 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 132/313] EDAC/amd64: Recognize DRAM device type ECC capability Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 134/313] ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91 Greg Kroah-Hartman
` (184 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yazen Ghannam, Borislav Petkov,
linux-edac, James Morse, Mauro Carvalho Chehab, Tony Luck,
Sasha Levin
From: Yazen Ghannam <yazen.ghannam@amd.com>
[ Upstream commit 8a2eaab7daf03b23ac902481218034ae2fae5e16 ]
AMD Family 17h systems currently require address translation in order to
report the system address of a DRAM ECC error. This is currently done
before decoding the syndrome information. The syndrome information does
not depend on the address translation, so the proper EDAC csrow/channel
reporting can function without the address. However, the syndrome
information will not be decoded if the address translation fails.
Decode the syndrome information before doing the address translation.
The syndrome information is architecturally defined in MCA_SYND and can
be considered robust. The address translation is system-specific and may
fail on newer systems without proper updates to the translation
algorithm.
Fixes: 713ad54675fd ("EDAC, amd64: Define and register UMC error decode function")
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>
Cc: James Morse <james.morse@arm.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Link: https://lkml.kernel.org/r/20190821235938.118710-6-Yazen.Ghannam@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/amd64_edac.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index ffe56a8fe39da..608fdab566b32 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -2550,13 +2550,6 @@ static void decode_umc_error(int node_id, struct mce *m)
err.channel = find_umc_channel(m);
- if (umc_normaddr_to_sysaddr(m->addr, pvt->mc_node_id, err.channel, &sys_addr)) {
- err.err_code = ERR_NORM_ADDR;
- goto log_error;
- }
-
- error_address_to_page_and_offset(sys_addr, &err);
-
if (!(m->status & MCI_STATUS_SYNDV)) {
err.err_code = ERR_SYND;
goto log_error;
@@ -2573,6 +2566,13 @@ static void decode_umc_error(int node_id, struct mce *m)
err.csrow = m->synd & 0x7;
+ if (umc_normaddr_to_sysaddr(m->addr, pvt->mc_node_id, err.channel, &sys_addr)) {
+ err.err_code = ERR_NORM_ADDR;
+ goto log_error;
+ }
+
+ error_address_to_page_and_offset(sys_addr, &err);
+
log_error:
__log_ecc_error(mci, &err, ecc_type);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 134/313] ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (131 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 133/313] EDAC/amd64: Decode syndrome before translating address Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 135/313] soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain Greg Kroah-Hartman
` (183 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Alexandre Belloni,
Sasha Levin
From: Masahiro Yamada <yamada.masahiro@socionext.com>
[ Upstream commit 9fac85a6db8999922f2cd92dfe2e83e063b31a94 ]
<generated/at91_pm_data-offsets.h> is only generated and included by
arch/arm/mach-at91/, so it does not need to reside in the globally
visible include/generated/.
I renamed it to arch/arm/mach-at91/pm_data-offsets.h since the prefix
'at91_' is just redundant in mach-at91/.
My main motivation of this change is to avoid the race condition for
the parallel build (-j) when CONFIG_IKHEADERS is enabled.
When it is enabled, all the headers under include/ are archived into
kernel/kheaders_data.tar.xz and exposed in the sysfs.
In the parallel build, we have no idea in which order files are built.
- If at91_pm_data-offsets.h is built before kheaders_data.tar.xz,
the header will be included in the archive. Probably nobody will
use it, but it is harmless except that it will increase the archive
size needlessly.
- If kheaders_data.tar.xz is built before at91_pm_data-offsets.h,
the header will not be included in the archive. However, in the next
build, the archive will be re-generated to include the newly-found
at91_pm_data-offsets.h. This is not nice from the build system point
of view.
- If at91_pm_data-offsets.h and kheaders_data.tar.xz are built at the
same time, the corrupted header might be included in the archive,
which does not look nice either.
This commit fixes the race.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Link: https://lore.kernel.org/r/20190823024346.591-1-yamada.masahiro@socionext.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-at91/.gitignore | 1 +
arch/arm/mach-at91/Makefile | 5 +++--
arch/arm/mach-at91/pm_suspend.S | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
create mode 100644 arch/arm/mach-at91/.gitignore
diff --git a/arch/arm/mach-at91/.gitignore b/arch/arm/mach-at91/.gitignore
new file mode 100644
index 0000000000000..2ecd6f51c8a95
--- /dev/null
+++ b/arch/arm/mach-at91/.gitignore
@@ -0,0 +1 @@
+pm_data-offsets.h
diff --git a/arch/arm/mach-at91/Makefile b/arch/arm/mach-at91/Makefile
index 31b61f0e1c077..de64301dcff25 100644
--- a/arch/arm/mach-at91/Makefile
+++ b/arch/arm/mach-at91/Makefile
@@ -19,9 +19,10 @@ ifeq ($(CONFIG_PM_DEBUG),y)
CFLAGS_pm.o += -DDEBUG
endif
-include/generated/at91_pm_data-offsets.h: arch/arm/mach-at91/pm_data-offsets.s FORCE
+$(obj)/pm_data-offsets.h: $(obj)/pm_data-offsets.s FORCE
$(call filechk,offsets,__PM_DATA_OFFSETS_H__)
-arch/arm/mach-at91/pm_suspend.o: include/generated/at91_pm_data-offsets.h
+$(obj)/pm_suspend.o: $(obj)/pm_data-offsets.h
targets += pm_data-offsets.s
+clean-files += pm_data-offsets.h
diff --git a/arch/arm/mach-at91/pm_suspend.S b/arch/arm/mach-at91/pm_suspend.S
index c751f047b1166..ed57c879d4e17 100644
--- a/arch/arm/mach-at91/pm_suspend.S
+++ b/arch/arm/mach-at91/pm_suspend.S
@@ -10,7 +10,7 @@
#include <linux/linkage.h>
#include <linux/clk/at91_pmc.h>
#include "pm.h"
-#include "generated/at91_pm_data-offsets.h"
+#include "pm_data-offsets.h"
#define SRAMC_SELF_FRESH_ACTIVE 0x01
#define SRAMC_SELF_FRESH_EXIT 0x00
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 135/313] soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (132 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 134/313] ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91 Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 136/313] soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9 Greg Kroah-Hartman
` (182 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Simon Horman,
Ulf Hansson, Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit af0bc634728c0bc6a3f66f911f227d5c6396db88 ]
Currently the R-Mobile "always-on" PM Domain is implemented by returning
-EBUSY from the generic_pm_domain.power_off() callback, and doing
nothing in the generic_pm_domain.power_on() callback. However, this
means the PM Domain core code is not aware of the semantics of this
special domain, leading to boot warnings like the following on
SH/R-Mobile SoCs:
sh_cmt e6130000.timer: PM domain c5 will not be powered off
Fix this by making the always-on nature of the domain explicit instead,
by setting the GENPD_FLAG_ALWAYS_ON flag. This removes the need for the
domain to provide power control callbacks.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/renesas/rmobile-sysc.c | 31 +++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/soc/renesas/rmobile-sysc.c b/drivers/soc/renesas/rmobile-sysc.c
index 421ae1c887d82..54b616ad4a62a 100644
--- a/drivers/soc/renesas/rmobile-sysc.c
+++ b/drivers/soc/renesas/rmobile-sysc.c
@@ -48,12 +48,8 @@ struct rmobile_pm_domain *to_rmobile_pd(struct generic_pm_domain *d)
static int rmobile_pd_power_down(struct generic_pm_domain *genpd)
{
struct rmobile_pm_domain *rmobile_pd = to_rmobile_pd(genpd);
- unsigned int mask;
+ unsigned int mask = BIT(rmobile_pd->bit_shift);
- if (rmobile_pd->bit_shift == ~0)
- return -EBUSY;
-
- mask = BIT(rmobile_pd->bit_shift);
if (rmobile_pd->suspend) {
int ret = rmobile_pd->suspend();
@@ -80,14 +76,10 @@ static int rmobile_pd_power_down(struct generic_pm_domain *genpd)
static int __rmobile_pd_power_up(struct rmobile_pm_domain *rmobile_pd)
{
- unsigned int mask;
+ unsigned int mask = BIT(rmobile_pd->bit_shift);
unsigned int retry_count;
int ret = 0;
- if (rmobile_pd->bit_shift == ~0)
- return 0;
-
- mask = BIT(rmobile_pd->bit_shift);
if (__raw_readl(rmobile_pd->base + PSTR) & mask)
return ret;
@@ -122,11 +114,15 @@ static void rmobile_init_pm_domain(struct rmobile_pm_domain *rmobile_pd)
struct dev_power_governor *gov = rmobile_pd->gov;
genpd->flags |= GENPD_FLAG_PM_CLK | GENPD_FLAG_ACTIVE_WAKEUP;
- genpd->power_off = rmobile_pd_power_down;
- genpd->power_on = rmobile_pd_power_up;
- genpd->attach_dev = cpg_mstp_attach_dev;
- genpd->detach_dev = cpg_mstp_detach_dev;
- __rmobile_pd_power_up(rmobile_pd);
+ genpd->attach_dev = cpg_mstp_attach_dev;
+ genpd->detach_dev = cpg_mstp_detach_dev;
+
+ if (!(genpd->flags & GENPD_FLAG_ALWAYS_ON)) {
+ genpd->power_off = rmobile_pd_power_down;
+ genpd->power_on = rmobile_pd_power_up;
+ __rmobile_pd_power_up(rmobile_pd);
+ }
+
pm_genpd_init(genpd, gov ? : &simple_qos_governor, false);
}
@@ -270,6 +266,11 @@ static void __init rmobile_setup_pm_domain(struct device_node *np,
break;
case PD_NORMAL:
+ if (pd->bit_shift == ~0) {
+ /* Top-level always-on domain */
+ pr_debug("PM domain %s is always-on domain\n", name);
+ pd->genpd.flags |= GENPD_FLAG_ALWAYS_ON;
+ }
break;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 136/313] soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (133 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 135/313] soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 137/313] PM / devfreq: Fix kernel oops on governor module load Greg Kroah-Hartman
` (181 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Simon Horman,
Sasha Levin
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 2eced4607a1e6f51f928ae3e521fe02be5cb7d23 ]
ARM Erratum 754322 affects Cortex-A9 revisions r2p* and r3p*.
Automatically enable support code to mitigate the erratum when compiling
a kernel for any of the affected Renesas SoCs:
- RZ/A1: r3p0,
- R-Mobile A1: r2p4,
- R-Car M1A: r2p2-00rel0,
- R-Car H1: r3p0,
- SH-Mobile AG5: r2p2.
EMMA Mobile EV2 (r1p3) and RZ/A2 (r4p1) are not affected.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/renesas/Kconfig | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/soc/renesas/Kconfig b/drivers/soc/renesas/Kconfig
index 68bfca6f20ddf..2040caa6c8085 100644
--- a/drivers/soc/renesas/Kconfig
+++ b/drivers/soc/renesas/Kconfig
@@ -55,6 +55,7 @@ config ARCH_EMEV2
config ARCH_R7S72100
bool "RZ/A1H (R7S72100)"
+ select ARM_ERRATA_754322
select PM
select PM_GENERIC_DOMAINS
select SYS_SUPPORTS_SH_MTU2
@@ -76,6 +77,7 @@ config ARCH_R8A73A4
config ARCH_R8A7740
bool "R-Mobile A1 (R8A77400)"
select ARCH_RMOBILE
+ select ARM_ERRATA_754322
select RENESAS_INTC_IRQPIN
config ARCH_R8A7743
@@ -103,10 +105,12 @@ config ARCH_R8A77470
config ARCH_R8A7778
bool "R-Car M1A (R8A77781)"
select ARCH_RCAR_GEN1
+ select ARM_ERRATA_754322
config ARCH_R8A7779
bool "R-Car H1 (R8A77790)"
select ARCH_RCAR_GEN1
+ select ARM_ERRATA_754322
select HAVE_ARM_SCU if SMP
select HAVE_ARM_TWD if SMP
select SYSC_R8A7779
@@ -150,6 +154,7 @@ config ARCH_R9A06G032
config ARCH_SH73A0
bool "SH-Mobile AG5 (R8A73A00)"
select ARCH_RMOBILE
+ select ARM_ERRATA_754322
select HAVE_ARM_SCU if SMP
select HAVE_ARM_TWD if SMP
select RENESAS_INTC_IRQPIN
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 137/313] PM / devfreq: Fix kernel oops on governor module load
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (134 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 136/313] soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9 Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 138/313] ARM: OMAP2+: move platform-specific asm-offset.h to arch/arm/mach-omap2 Greg Kroah-Hartman
` (180 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Chanwoo Choi,
MyungJoo Ham, Sasha Levin
From: Ezequiel Garcia <ezequiel@collabora.com>
[ Upstream commit 7544fd7f384591038646d3cd9efb311ab4509e24 ]
A bit unexpectedly (but still documented), request_module may
return a positive value, in case of a modprobe error.
This is currently causing issues in the devfreq framework.
When a request_module exits with a positive value, we currently
return that via ERR_PTR. However, because the value is positive,
it's not a ERR_VALUE proper, and is therefore treated as a
valid struct devfreq_governor pointer, leading to a kernel oops.
Fix this by returning -EINVAL if request_module returns a positive
value.
Fixes: b53b0128052ff ("PM / devfreq: Fix static checker warning in try_then_request_governor")
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/devfreq/devfreq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
index ab22bf8a12d69..a0e19802149fc 100644
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
@@ -254,7 +254,7 @@ static struct devfreq_governor *try_then_request_governor(const char *name)
/* Restore previous state before return */
mutex_lock(&devfreq_list_lock);
if (err)
- return ERR_PTR(err);
+ return (err < 0) ? ERR_PTR(err) : ERR_PTR(-EINVAL);
governor = find_devfreq_governor(name);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 138/313] ARM: OMAP2+: move platform-specific asm-offset.h to arch/arm/mach-omap2
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (135 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 137/313] PM / devfreq: Fix kernel oops on governor module load Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 139/313] PM / devfreq: passive: Use non-devm notifiers Greg Kroah-Hartman
` (179 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Keerthy,
Tony Lindgren, Sasha Levin
From: Masahiro Yamada <yamada.masahiro@socionext.com>
[ Upstream commit ccf4975dca233b1d6a74752d6ab35c239edc0d58 ]
<generated/ti-pm-asm-offsets.h> is only generated and included by
arch/arm/mach-omap2/, so it does not need to reside in the globally
visible include/generated/.
I renamed it to arch/arm/mach-omap2/pm-asm-offsets.h since the prefix
'ti-' is just redundant in mach-omap2/.
My main motivation of this change is to avoid the race condition for
the parallel build (-j) when CONFIG_IKHEADERS is enabled.
When it is enabled, all the headers under include/ are archived into
kernel/kheaders_data.tar.xz and exposed in the sysfs.
In the parallel build, we have no idea in which order files are built.
- If ti-pm-asm-offsets.h is built before kheaders_data.tar.xz,
the header will be included in the archive. Probably nobody will
use it, but it is harmless except that it will increase the archive
size needlessly.
- If kheaders_data.tar.xz is built before ti-pm-asm-offsets.h,
the header will not be included in the archive. However, in the next
build, the archive will be re-generated to include the newly-found
ti-pm-asm-offsets.h. This is not nice from the build system point
of view.
- If ti-pm-asm-offsets.h and kheaders_data.tar.xz are built at the
same time, the corrupted header might be included in the archive,
which does not look nice either.
This commit fixes the race.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Tested-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-omap2/.gitignore | 1 +
arch/arm/mach-omap2/Makefile | 5 +++--
arch/arm/mach-omap2/sleep33xx.S | 2 +-
arch/arm/mach-omap2/sleep43xx.S | 2 +-
4 files changed, 6 insertions(+), 4 deletions(-)
create mode 100644 arch/arm/mach-omap2/.gitignore
diff --git a/arch/arm/mach-omap2/.gitignore b/arch/arm/mach-omap2/.gitignore
new file mode 100644
index 0000000000000..79a8d6ea71520
--- /dev/null
+++ b/arch/arm/mach-omap2/.gitignore
@@ -0,0 +1 @@
+pm-asm-offsets.h
diff --git a/arch/arm/mach-omap2/Makefile b/arch/arm/mach-omap2/Makefile
index 85d1b13c9215b..26baeb6477aff 100644
--- a/arch/arm/mach-omap2/Makefile
+++ b/arch/arm/mach-omap2/Makefile
@@ -236,9 +236,10 @@ obj-y += omap_phy_internal.o
obj-$(CONFIG_MACH_OMAP2_TUSB6010) += usb-tusb6010.o
-include/generated/ti-pm-asm-offsets.h: arch/arm/mach-omap2/pm-asm-offsets.s FORCE
+$(obj)/pm-asm-offsets.h: $(obj)/pm-asm-offsets.s FORCE
$(call filechk,offsets,__TI_PM_ASM_OFFSETS_H__)
-$(obj)/sleep33xx.o $(obj)/sleep43xx.o: include/generated/ti-pm-asm-offsets.h
+$(obj)/sleep33xx.o $(obj)/sleep43xx.o: $(obj)/pm-asm-offsets.h
targets += pm-asm-offsets.s
+clean-files += pm-asm-offsets.h
diff --git a/arch/arm/mach-omap2/sleep33xx.S b/arch/arm/mach-omap2/sleep33xx.S
index 47a816468cdb4..a003769121aaa 100644
--- a/arch/arm/mach-omap2/sleep33xx.S
+++ b/arch/arm/mach-omap2/sleep33xx.S
@@ -6,7 +6,6 @@
* Dave Gerlach, Vaibhav Bedia
*/
-#include <generated/ti-pm-asm-offsets.h>
#include <linux/linkage.h>
#include <linux/platform_data/pm33xx.h>
#include <linux/ti-emif-sram.h>
@@ -15,6 +14,7 @@
#include "iomap.h"
#include "cm33xx.h"
+#include "pm-asm-offsets.h"
#define AM33XX_CM_CLKCTRL_MODULESTATE_DISABLED 0x00030000
#define AM33XX_CM_CLKCTRL_MODULEMODE_DISABLE 0x0003
diff --git a/arch/arm/mach-omap2/sleep43xx.S b/arch/arm/mach-omap2/sleep43xx.S
index 0c1031442571f..27b13d47cf193 100644
--- a/arch/arm/mach-omap2/sleep43xx.S
+++ b/arch/arm/mach-omap2/sleep43xx.S
@@ -6,7 +6,6 @@
* Dave Gerlach, Vaibhav Bedia
*/
-#include <generated/ti-pm-asm-offsets.h>
#include <linux/linkage.h>
#include <linux/ti-emif-sram.h>
#include <linux/platform_data/pm33xx.h>
@@ -19,6 +18,7 @@
#include "iomap.h"
#include "omap-secure.h"
#include "omap44xx.h"
+#include "pm-asm-offsets.h"
#include "prm33xx.h"
#include "prcm43xx.h"
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 139/313] PM / devfreq: passive: Use non-devm notifiers
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (136 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 138/313] ARM: OMAP2+: move platform-specific asm-offset.h to arch/arm/mach-omap2 Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 140/313] PM / devfreq: exynos-bus: Correct clock enable sequence Greg Kroah-Hartman
` (178 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leonard Crestez, Chanwoo Choi,
MyungJoo Ham, Sasha Levin
From: Leonard Crestez <leonard.crestez@nxp.com>
[ Upstream commit 0ef7c7cce43f6ecc2b96d447e69b2900a9655f7c ]
The devfreq passive governor registers and unregisters devfreq
transition notifiers on DEVFREQ_GOV_START/GOV_STOP using devm wrappers.
If devfreq itself is registered with devm then a warning is triggered on
rmmod from devm_devfreq_unregister_notifier. Call stack looks like this:
devm_devfreq_unregister_notifier+0x30/0x40
devfreq_passive_event_handler+0x4c/0x88
devfreq_remove_device.part.8+0x6c/0x9c
devm_devfreq_dev_release+0x18/0x20
release_nodes+0x1b0/0x220
devres_release_all+0x78/0x84
device_release_driver_internal+0x100/0x1c0
driver_detach+0x4c/0x90
bus_remove_driver+0x7c/0xd0
driver_unregister+0x2c/0x58
platform_driver_unregister+0x10/0x18
imx_devfreq_platdrv_exit+0x14/0xd40 [imx_devfreq]
This happens because devres_release_all will first remove all the nodes
into a separate todo list so the nested devres_release from
devm_devfreq_unregister_notifier won't find anything.
Fix the warning by calling the non-devm APIS for frequency notification.
Using devm wrappers is not actually useful for a governor anyway: it
relies on the devfreq core to correctly match the GOV_START/GOV_STOP
notifications.
Fixes: 996133119f57 ("PM / devfreq: Add new passive governor")
Signed-off-by: Leonard Crestez <leonard.crestez@nxp.com>
Acked-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/devfreq/governor_passive.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/devfreq/governor_passive.c b/drivers/devfreq/governor_passive.c
index 58308948b8637..da485477065c5 100644
--- a/drivers/devfreq/governor_passive.c
+++ b/drivers/devfreq/governor_passive.c
@@ -165,12 +165,12 @@ static int devfreq_passive_event_handler(struct devfreq *devfreq,
p_data->this = devfreq;
nb->notifier_call = devfreq_passive_notifier_call;
- ret = devm_devfreq_register_notifier(dev, parent, nb,
+ ret = devfreq_register_notifier(parent, nb,
DEVFREQ_TRANSITION_NOTIFIER);
break;
case DEVFREQ_GOV_STOP:
- devm_devfreq_unregister_notifier(dev, parent, nb,
- DEVFREQ_TRANSITION_NOTIFIER);
+ WARN_ON(devfreq_unregister_notifier(parent, nb,
+ DEVFREQ_TRANSITION_NOTIFIER));
break;
default:
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 140/313] PM / devfreq: exynos-bus: Correct clock enable sequence
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (137 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 139/313] PM / devfreq: passive: Use non-devm notifiers Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 141/313] media: cec-notifier: clear cec_adap in cec_notifier_unregister Greg Kroah-Hartman
` (177 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kamil Konieczny, Chanwoo Choi,
MyungJoo Ham, Sasha Levin
From: Kamil Konieczny <k.konieczny@partner.samsung.com>
[ Upstream commit 2c2b20e0da89c76759ee28c6824413ab2fa3bfc6 ]
Regulators should be enabled before clocks to avoid h/w hang. This
require change in exynos_bus_probe() to move exynos_bus_parse_of()
after exynos_bus_parent_parse_of() and change in error handling.
Similar change is needed in exynos_bus_exit() where clock should be
disabled before regulators.
Signed-off-by: Kamil Konieczny <k.konieczny@partner.samsung.com>
Acked-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/devfreq/exynos-bus.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/drivers/devfreq/exynos-bus.c b/drivers/devfreq/exynos-bus.c
index d9f377912c104..7c06df8bd74fe 100644
--- a/drivers/devfreq/exynos-bus.c
+++ b/drivers/devfreq/exynos-bus.c
@@ -191,11 +191,10 @@ static void exynos_bus_exit(struct device *dev)
if (ret < 0)
dev_warn(dev, "failed to disable the devfreq-event devices\n");
- if (bus->regulator)
- regulator_disable(bus->regulator);
-
dev_pm_opp_of_remove_table(dev);
clk_disable_unprepare(bus->clk);
+ if (bus->regulator)
+ regulator_disable(bus->regulator);
}
/*
@@ -383,6 +382,7 @@ static int exynos_bus_probe(struct platform_device *pdev)
struct exynos_bus *bus;
int ret, max_state;
unsigned long min_freq, max_freq;
+ bool passive = false;
if (!np) {
dev_err(dev, "failed to find devicetree node\n");
@@ -396,27 +396,27 @@ static int exynos_bus_probe(struct platform_device *pdev)
bus->dev = &pdev->dev;
platform_set_drvdata(pdev, bus);
- /* Parse the device-tree to get the resource information */
- ret = exynos_bus_parse_of(np, bus);
- if (ret < 0)
- return ret;
-
profile = devm_kzalloc(dev, sizeof(*profile), GFP_KERNEL);
- if (!profile) {
- ret = -ENOMEM;
- goto err;
- }
+ if (!profile)
+ return -ENOMEM;
node = of_parse_phandle(dev->of_node, "devfreq", 0);
if (node) {
of_node_put(node);
- goto passive;
+ passive = true;
} else {
ret = exynos_bus_parent_parse_of(np, bus);
+ if (ret < 0)
+ return ret;
}
+ /* Parse the device-tree to get the resource information */
+ ret = exynos_bus_parse_of(np, bus);
if (ret < 0)
- goto err;
+ goto err_reg;
+
+ if (passive)
+ goto passive;
/* Initialize the struct profile and governor data for parent device */
profile->polling_ms = 50;
@@ -507,6 +507,9 @@ static int exynos_bus_probe(struct platform_device *pdev)
err:
dev_pm_opp_of_remove_table(dev);
clk_disable_unprepare(bus->clk);
+err_reg:
+ if (!passive)
+ regulator_disable(bus->regulator);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 141/313] media: cec-notifier: clear cec_adap in cec_notifier_unregister
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (138 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 140/313] PM / devfreq: exynos-bus: Correct clock enable sequence Greg Kroah-Hartman
@ 2019-10-03 15:51 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 142/313] media: saa7146: add cleanup in hexium_attach() Greg Kroah-Hartman
` (176 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:51 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 14d5511691e5290103bc480998bc322e68f139d4 ]
If cec_notifier_cec_adap_unregister() is called before
cec_unregister_adapter() then everything is OK (and this is the
case today). But if it is the other way around, then
cec_notifier_unregister() is called first, and that doesn't
set n->cec_adap to NULL.
So if e.g. cec_notifier_set_phys_addr() is called after
cec_notifier_unregister() but before cec_unregister_adapter()
then n->cec_adap points to an unregistered and likely deleted
cec adapter. So just set n->cec_adap->notifier and n->cec_adap
to NULL for rubustness.
Eventually cec_notifier_unregister will disappear and this will
be simplified substantially.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/cec/cec-notifier.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/cec/cec-notifier.c b/drivers/media/cec/cec-notifier.c
index 9598c7778871a..c4aa27e0c4308 100644
--- a/drivers/media/cec/cec-notifier.c
+++ b/drivers/media/cec/cec-notifier.c
@@ -124,6 +124,8 @@ void cec_notifier_unregister(struct cec_notifier *n)
{
mutex_lock(&n->lock);
n->callback = NULL;
+ n->cec_adap->notifier = NULL;
+ n->cec_adap = NULL;
mutex_unlock(&n->lock);
cec_notifier_put(n);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 142/313] media: saa7146: add cleanup in hexium_attach()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (139 preceding siblings ...)
2019-10-03 15:51 ` [PATCH 5.2 141/313] media: cec-notifier: clear cec_adap in cec_notifier_unregister Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 143/313] media: cpia2_usb: fix memory leaks Greg Kroah-Hartman
` (175 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Wenwen Wang <wenwen@cs.uga.edu>
[ Upstream commit 42e64117d3b4a759013f77bbcf25ab6700e55de7 ]
If saa7146_register_device() fails, no cleanup is executed, leading to
memory/resource leaks. To fix this issue, perform necessary cleanup work
before returning the error.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7146/hexium_gemini.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/pci/saa7146/hexium_gemini.c b/drivers/media/pci/saa7146/hexium_gemini.c
index dca20a3d98e25..f962269306707 100644
--- a/drivers/media/pci/saa7146/hexium_gemini.c
+++ b/drivers/media/pci/saa7146/hexium_gemini.c
@@ -292,6 +292,9 @@ static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_d
ret = saa7146_register_device(&hexium->video_dev, dev, "hexium gemini", VFL_TYPE_GRABBER);
if (ret < 0) {
pr_err("cannot register capture v4l2 device. skipping.\n");
+ saa7146_vv_release(dev);
+ i2c_del_adapter(&hexium->i2c_adapter);
+ kfree(hexium);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 143/313] media: cpia2_usb: fix memory leaks
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (140 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 142/313] media: saa7146: add cleanup in hexium_attach() Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 144/313] media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() Greg Kroah-Hartman
` (174 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Wenwen Wang <wenwen@cs.uga.edu>
[ Upstream commit 1c770f0f52dca1a2323c594f01f5ec6f1dddc97f ]
In submit_urbs(), 'cam->sbuf[i].data' is allocated through kmalloc_array().
However, it is not deallocated if the following allocation for urbs fails.
To fix this issue, free 'cam->sbuf[i].data' if usb_alloc_urb() fails.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/cpia2/cpia2_usb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/media/usb/cpia2/cpia2_usb.c b/drivers/media/usb/cpia2/cpia2_usb.c
index 17468f7d78ed2..3ab80a7b44985 100644
--- a/drivers/media/usb/cpia2/cpia2_usb.c
+++ b/drivers/media/usb/cpia2/cpia2_usb.c
@@ -676,6 +676,10 @@ static int submit_urbs(struct camera_data *cam)
if (!urb) {
for (j = 0; j < i; j++)
usb_free_urb(cam->sbuf[j].urb);
+ for (j = 0; j < NUM_SBUF; j++) {
+ kfree(cam->sbuf[j].data);
+ cam->sbuf[j].data = NULL;
+ }
return -ENOMEM;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 144/313] media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (141 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 143/313] media: cpia2_usb: fix memory leaks Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 145/313] perf trace beauty ioctl: Fix off-by-one error in cmd->string table Greg Kroah-Hartman
` (173 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej S. Szmigiero, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
[ Upstream commit 9d802222a3405599d6e1984d9324cddf592ea1f4 ]
saa7134_i2c_eeprom_md7134_gate() function and the associated comment uses
an inverted i2c gate open / closed terminology.
Let's fix this.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[hverkuil-cisco@xs4all.nl: fix alignment checkpatch warning]
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7134/saa7134-i2c.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/media/pci/saa7134/saa7134-i2c.c b/drivers/media/pci/saa7134/saa7134-i2c.c
index 493b1858815fb..04e85765373ec 100644
--- a/drivers/media/pci/saa7134/saa7134-i2c.c
+++ b/drivers/media/pci/saa7134/saa7134-i2c.c
@@ -342,7 +342,11 @@ static const struct i2c_client saa7134_client_template = {
/* ----------------------------------------------------------- */
-/* On Medion 7134 reading EEPROM needs DVB-T demod i2c gate open */
+/*
+ * On Medion 7134 reading the SAA7134 chip config EEPROM needs DVB-T
+ * demod i2c gate closed due to an address clash between this EEPROM
+ * and the demod one.
+ */
static void saa7134_i2c_eeprom_md7134_gate(struct saa7134_dev *dev)
{
u8 subaddr = 0x7, dmdregval;
@@ -359,14 +363,14 @@ static void saa7134_i2c_eeprom_md7134_gate(struct saa7134_dev *dev)
ret = i2c_transfer(&dev->i2c_adap, i2cgatemsg_r, 2);
if ((ret == 2) && (dmdregval & 0x2)) {
- pr_debug("%s: DVB-T demod i2c gate was left closed\n",
+ pr_debug("%s: DVB-T demod i2c gate was left open\n",
dev->name);
data[0] = subaddr;
data[1] = (dmdregval & ~0x2);
if (i2c_transfer(&dev->i2c_adap, i2cgatemsg_w, 1) != 1)
- pr_err("%s: EEPROM i2c gate open failure\n",
- dev->name);
+ pr_err("%s: EEPROM i2c gate close failure\n",
+ dev->name);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 145/313] perf trace beauty ioctl: Fix off-by-one error in cmd->string table
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (142 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 144/313] media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 146/313] perf report: Fix --ns time sort key output Greg Kroah-Hartman
` (172 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Peterson,
Arnaldo Carvalho de Melo, Alexander Shishkin, Jiri Olsa,
Namhyung Kim, Peter Zijlstra, Sasha Levin
From: Benjamin Peterson <benjamin@python.org>
[ Upstream commit b92675f4a9c02dd78052645597dac9e270679ddf ]
While tracing a program that calls isatty(3), I noticed that strace
reported TCGETS for the request argument of the underlying ioctl(2)
syscall while perf trace reported TCSETS. strace is corrrect. The bug in
perf was due to the tty ioctl beauty table starting at 0x5400 rather
than 0x5401.
Committer testing:
Using augmented_raw_syscalls.o and settings to make 'perf trace'
use strace formatting, i.e. with this in ~/.perfconfig
# cat ~/.perfconfig
[trace]
add_events = /home/acme/git/linux/tools/perf/examples/bpf/augmented_raw_syscalls.c
show_zeros = yes
show_duration = no
no_inherit = yes
show_timestamp = no
show_arg_names = no
args_alignment = 40
show_prefix = yes
# strace -e ioctl stty > /dev/null
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, 0x7fff8a9b0860) = -1 ENOTTY (Inappropriate ioctl for device)
ioctl(1, TCGETS, 0x7fff8a9b0540) = -1 ENOTTY (Inappropriate ioctl for device)
+++ exited with 0 +++
#
Before:
# perf trace -e ioctl stty > /dev/null
ioctl(0, TCSETS, 0x7fff2cf79f20) = 0
ioctl(1, TIOCSWINSZ, 0x7fff2cf79f40) = -1 ENOTTY (Inappropriate ioctl for device)
ioctl(1, TCSETS, 0x7fff2cf79c20) = -1 ENOTTY (Inappropriate ioctl for device)
#
After:
# perf trace -e ioctl stty > /dev/null
ioctl(0, TCGETS, 0x7ffed0763920) = 0
ioctl(1, TIOCGWINSZ, 0x7ffed0763940) = -1 ENOTTY (Inappropriate ioctl for device)
ioctl(1, TCGETS, 0x7ffed0763620) = -1 ENOTTY (Inappropriate ioctl for device)
#
Signed-off-by: Benjamin Peterson <benjamin@python.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: 1cc47f2d46206d67285aea0ca7e8450af571da13 ("perf trace beauty ioctl: Improve 'cmd' beautifier")
Link: http://lkml.kernel.org/r/20190823033625.18814-1-benjamin@python.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/trace/beauty/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/trace/beauty/ioctl.c b/tools/perf/trace/beauty/ioctl.c
index 52242fa4072b0..e19eb6ea361d7 100644
--- a/tools/perf/trace/beauty/ioctl.c
+++ b/tools/perf/trace/beauty/ioctl.c
@@ -21,7 +21,7 @@
static size_t ioctl__scnprintf_tty_cmd(int nr, int dir, char *bf, size_t size)
{
static const char *ioctl_tty_cmd[] = {
- "TCGETS", "TCSETS", "TCSETSW", "TCSETSF", "TCGETA", "TCSETA", "TCSETAW",
+ [_IOC_NR(TCGETS)] = "TCGETS", "TCSETS", "TCSETSW", "TCSETSF", "TCGETA", "TCSETA", "TCSETAW",
"TCSETAF", "TCSBRK", "TCXONC", "TCFLSH", "TIOCEXCL", "TIOCNXCL", "TIOCSCTTY",
"TIOCGPGRP", "TIOCSPGRP", "TIOCOUTQ", "TIOCSTI", "TIOCGWINSZ", "TIOCSWINSZ",
"TIOCMGET", "TIOCMBIS", "TIOCMBIC", "TIOCMSET", "TIOCGSOFTCAR", "TIOCSSOFTCAR",
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 146/313] perf report: Fix --ns time sort key output
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (143 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 145/313] perf trace beauty ioctl: Fix off-by-one error in cmd->string table Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 147/313] perf script: Fix memory leaks in list_scripts() Greg Kroah-Hartman
` (171 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andi Kleen, Arnaldo Carvalho de Melo,
Jiri Olsa, Sasha Levin
From: Andi Kleen <ak@linux.intel.com>
[ Upstream commit 3dab6ac080dcd7f71cb9ceb84ad7dafecd6f7c07 ]
If the user specified --ns, the column to print the sort time stamp
wasn't wide enough to actually print the full nanoseconds.
Widen the time key column width when --ns is specified.
Before:
% perf record -a sleep 1
% perf report --sort time,overhead,symbol --stdio --ns
...
2.39% 187851.10000 [k] smp_call_function_single - -
1.53% 187851.10000 [k] intel_idle - -
0.59% 187851.10000 [.] __wcscmp_ifunc - -
0.33% 187851.10000 [.] 0000000000000000 - -
0.28% 187851.10000 [k] cpuidle_enter_state - -
After:
% perf report --sort time,overhead,symbol --stdio --ns
...
2.39% 187851.100000000 [k] smp_call_function_single - -
1.53% 187851.100000000 [k] intel_idle - -
0.59% 187851.100000000 [.] __wcscmp_ifunc - -
0.33% 187851.100000000 [.] 0000000000000000 - -
0.28% 187851.100000000 [k] cpuidle_enter_state - -
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Link: http://lkml.kernel.org/r/20190823210338.12360-2-andi@firstfloor.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/hist.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
index 7ace7a10054d8..966c248d6a3a1 100644
--- a/tools/perf/util/hist.c
+++ b/tools/perf/util/hist.c
@@ -193,7 +193,10 @@ void hists__calc_col_len(struct hists *hists, struct hist_entry *h)
hists__new_col_len(hists, HISTC_MEM_LVL, 21 + 3);
hists__new_col_len(hists, HISTC_LOCAL_WEIGHT, 12);
hists__new_col_len(hists, HISTC_GLOBAL_WEIGHT, 12);
- hists__new_col_len(hists, HISTC_TIME, 12);
+ if (symbol_conf.nanosecs)
+ hists__new_col_len(hists, HISTC_TIME, 16);
+ else
+ hists__new_col_len(hists, HISTC_TIME, 12);
if (h->srcline) {
len = MAX(strlen(h->srcline), strlen(sort_srcline.se_header));
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 147/313] perf script: Fix memory leaks in list_scripts()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (144 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 146/313] perf report: Fix --ns time sort key output Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 148/313] media: aspeed-video: address a protential usage of an unitialized var Greg Kroah-Hartman
` (170 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva,
Alexander Shishkin, Andi Kleen, Jiri Olsa, Namhyung Kim,
Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: Gustavo A. R. Silva <gustavo@embeddedor.com>
[ Upstream commit 3b4acbb92dbda4829e021e5c6d5410658849fa1c ]
In case memory resources for *buf* and *paths* were allocated, jump to
*out* and release them before return.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Gustavo A. R. Silva <gustavo@embeddedor.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Addresses-Coverity-ID: 1444328 ("Resource leak")
Fixes: 6f3da20e151f ("perf report: Support builtin perf script in scripts menu")
Link: http://lkml.kernel.org/r/20190408162748.GA21008@embeddedor
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/ui/browsers/scripts.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/perf/ui/browsers/scripts.c b/tools/perf/ui/browsers/scripts.c
index 27cf3ab88d13f..f4edb18f67ec9 100644
--- a/tools/perf/ui/browsers/scripts.c
+++ b/tools/perf/ui/browsers/scripts.c
@@ -131,8 +131,10 @@ static int list_scripts(char *script_name, bool *custom,
int key = ui_browser__input_window("perf script command",
"Enter perf script command line (without perf script prefix)",
script_args, "", 0);
- if (key != K_ENTER)
- return -1;
+ if (key != K_ENTER) {
+ ret = -1;
+ goto out;
+ }
sprintf(script_name, "%s script %s", perf, script_args);
} else if (choice < num + max_std) {
strcpy(script_name, paths[choice]);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 148/313] media: aspeed-video: address a protential usage of an unitialized var
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (145 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 147/313] perf script: Fix memory leaks in list_scripts() Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 149/313] media: ov9650: add a sanity check Greg Kroah-Hartman
` (169 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Mauro Carvalho Chehab,
Sasha Levin
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
[ Upstream commit 31b8b0bd6e55c3ea5a08bb8141fa5d3c90600e3b ]
While this might not occur in practice, if the device is doing
the right thing, it would be teoretically be possible to have
both hsync_counter and vsync_counter negatives.
If this ever happen, ctrl will be undefined, but the driver
will still call:
aspeed_video_update(video, VE_CTRL, 0, ctrl);
Change the code to prevent this to happen.
This was warned by cppcheck:
[drivers/media/platform/aspeed-video.c:653]: (error) Uninitialized variable: ctrl
Reviewed-by: Eddie James <eajames@linux.ibm.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/aspeed-video.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/aspeed-video.c b/drivers/media/platform/aspeed-video.c
index de0f192afa8b1..388c32a11345d 100644
--- a/drivers/media/platform/aspeed-video.c
+++ b/drivers/media/platform/aspeed-video.c
@@ -632,7 +632,7 @@ static void aspeed_video_check_and_set_polarity(struct aspeed_video *video)
}
if (hsync_counter < 0 || vsync_counter < 0) {
- u32 ctrl;
+ u32 ctrl = 0;
if (hsync_counter < 0) {
ctrl = VE_CTRL_HSYNC_POL;
@@ -652,7 +652,8 @@ static void aspeed_video_check_and_set_polarity(struct aspeed_video *video)
V4L2_DV_VSYNC_POS_POL;
}
- aspeed_video_update(video, VE_CTRL, 0, ctrl);
+ if (ctrl)
+ aspeed_video_update(video, VE_CTRL, 0, ctrl);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 149/313] media: ov9650: add a sanity check
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (146 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 148/313] media: aspeed-video: address a protential usage of an unitialized var Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 150/313] leds: lm3532: Fixes for the driver for stability Greg Kroah-Hartman
` (168 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sylwester Nawrocki,
Mauro Carvalho Chehab, Sasha Levin
From: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
[ Upstream commit 093347abc7a4e0490e3c962ecbde2dc272a8f708 ]
As pointed by cppcheck:
[drivers/media/i2c/ov9650.c:706]: (error) Shifting by a negative value is undefined behaviour
[drivers/media/i2c/ov9650.c:707]: (error) Shifting by a negative value is undefined behaviour
[drivers/media/i2c/ov9650.c:721]: (error) Shifting by a negative value is undefined behaviour
Prevent mangling with gains with invalid values.
As pointed by Sylvester, this should never happen in practice,
as min value of V4L2_CID_GAIN control is 16 (gain is always >= 16
and m is always >= 0), but it is too hard for a static analyzer
to get this, as the logic with validates control min/max is
elsewhere inside V4L2 core.
Reviewed-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov9650.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/i2c/ov9650.c b/drivers/media/i2c/ov9650.c
index 30ab2225fbd0c..b350f5c1a9890 100644
--- a/drivers/media/i2c/ov9650.c
+++ b/drivers/media/i2c/ov9650.c
@@ -703,6 +703,11 @@ static int ov965x_set_gain(struct ov965x *ov965x, int auto_gain)
for (m = 6; m >= 0; m--)
if (gain >= (1 << m) * 16)
break;
+
+ /* Sanity check: don't adjust the gain with a negative value */
+ if (m < 0)
+ return -EINVAL;
+
rgain = (gain - ((1 << m) * 16)) / (1 << m);
rgain |= (((1 << m) - 1) << 4);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 150/313] leds: lm3532: Fixes for the driver for stability
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (147 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 149/313] media: ov9650: add a sanity check Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 151/313] ASoC: es8316: fix headphone mixer volume table Greg Kroah-Hartman
` (167 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Dan Murphy,
Jacek Anaszewski, Sasha Levin
From: Dan Murphy <dmurphy@ti.com>
[ Upstream commit 6559ac32998248182572e1ccae79dc2eb40ac7c6 ]
Fixed misspelled words, added error check during probe
on the init of the registers, and fixed ALS/I2C control
mode.
Fixes: bc1b8492c764 ("leds: lm3532: Introduce the lm3532 LED driver")
Reported-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Dan Murphy <dmurphy@ti.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/leds-lm3532.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/drivers/leds/leds-lm3532.c b/drivers/leds/leds-lm3532.c
index 180895b83b888..e55a64847fe2f 100644
--- a/drivers/leds/leds-lm3532.c
+++ b/drivers/leds/leds-lm3532.c
@@ -40,7 +40,7 @@
#define LM3532_REG_ZN_3_LO 0x67
#define LM3532_REG_MAX 0x7e
-/* Contorl Enable */
+/* Control Enable */
#define LM3532_CTRL_A_ENABLE BIT(0)
#define LM3532_CTRL_B_ENABLE BIT(1)
#define LM3532_CTRL_C_ENABLE BIT(2)
@@ -302,7 +302,7 @@ static int lm3532_led_disable(struct lm3532_led *led_data)
int ret;
ret = regmap_update_bits(led_data->priv->regmap, LM3532_REG_ENABLE,
- ctrl_en_val, ~ctrl_en_val);
+ ctrl_en_val, 0);
if (ret) {
dev_err(led_data->priv->dev, "Failed to set ctrl:%d\n", ret);
return ret;
@@ -321,7 +321,7 @@ static int lm3532_brightness_set(struct led_classdev *led_cdev,
mutex_lock(&led->priv->lock);
- if (led->mode == LM3532_BL_MODE_ALS) {
+ if (led->mode == LM3532_ALS_CTRL) {
if (brt_val > LED_OFF)
ret = lm3532_led_enable(led);
else
@@ -542,11 +542,14 @@ static int lm3532_parse_node(struct lm3532_data *priv)
}
if (led->mode == LM3532_BL_MODE_ALS) {
+ led->mode = LM3532_ALS_CTRL;
ret = lm3532_parse_als(priv);
if (ret)
dev_err(&priv->client->dev, "Failed to parse als\n");
else
lm3532_als_configure(priv, led);
+ } else {
+ led->mode = LM3532_I2C_CTRL;
}
led->num_leds = fwnode_property_read_u32_array(child,
@@ -590,7 +593,13 @@ static int lm3532_parse_node(struct lm3532_data *priv)
goto child_out;
}
- lm3532_init_registers(led);
+ ret = lm3532_init_registers(led);
+ if (ret) {
+ dev_err(&priv->client->dev, "register init err: %d\n",
+ ret);
+ fwnode_handle_put(child);
+ goto child_out;
+ }
i++;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 151/313] ASoC: es8316: fix headphone mixer volume table
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (148 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 150/313] leds: lm3532: Fixes for the driver for stability Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 152/313] ACPI / CPPC: do not require the _PSD method Greg Kroah-Hartman
` (166 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Katsuhiro Suzuki, Daniel Drake,
Mark Brown, Sasha Levin
From: Katsuhiro Suzuki <katsuhiro@katsuster.net>
[ Upstream commit f972d02fee2496024cfd6f59021c9d89d54922a6 ]
This patch fix setting table of Headphone mixer volume.
Current code uses 4 ... 7 values but these values are prohibited.
Correct settings are the following:
0000 -12dB
0001 -10.5dB
0010 -9dB
0011 -7.5dB
0100 -6dB
1000 -4.5dB
1001 -3dB
1010 -1.5dB
1011 0dB
Signed-off-by: Katsuhiro Suzuki <katsuhiro@katsuster.net>
Reviewed-by: Daniel Drake <drake@endlessm.com>
Link: https://lore.kernel.org/r/20190826153900.25969-1-katsuhiro@katsuster.net
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/es8316.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/es8316.c b/sound/soc/codecs/es8316.c
index 6db002cc20582..96d04896193f2 100644
--- a/sound/soc/codecs/es8316.c
+++ b/sound/soc/codecs/es8316.c
@@ -51,7 +51,10 @@ static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(adc_vol_tlv, -9600, 50, 1);
static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(alc_max_gain_tlv, -650, 150, 0);
static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(alc_min_gain_tlv, -1200, 150, 0);
static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(alc_target_tlv, -1650, 150, 0);
-static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(hpmixer_gain_tlv, -1200, 150, 0);
+static const SNDRV_CTL_TLVD_DECLARE_DB_RANGE(hpmixer_gain_tlv,
+ 0, 4, TLV_DB_SCALE_ITEM(-1200, 150, 0),
+ 8, 11, TLV_DB_SCALE_ITEM(-450, 150, 0),
+);
static const SNDRV_CTL_TLVD_DECLARE_DB_RANGE(adc_pga_gain_tlv,
0, 0, TLV_DB_SCALE_ITEM(-350, 0, 0),
@@ -89,7 +92,7 @@ static const struct snd_kcontrol_new es8316_snd_controls[] = {
SOC_DOUBLE_TLV("Headphone Playback Volume", ES8316_CPHP_ICAL_VOL,
4, 0, 3, 1, hpout_vol_tlv),
SOC_DOUBLE_TLV("Headphone Mixer Volume", ES8316_HPMIX_VOL,
- 0, 4, 7, 0, hpmixer_gain_tlv),
+ 0, 4, 11, 0, hpmixer_gain_tlv),
SOC_ENUM("Playback Polarity", dacpol),
SOC_DOUBLE_R_TLV("DAC Playback Volume", ES8316_DAC_VOLL,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 152/313] ACPI / CPPC: do not require the _PSD method
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (149 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 151/313] ASoC: es8316: fix headphone mixer volume table Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 153/313] sched/cpufreq: Align trace event behavior of fast switching Greg Kroah-Hartman
` (165 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Al Stone, Rafael J. Wysocki, Sasha Levin
From: Al Stone <ahs3@redhat.com>
[ Upstream commit 4c4cdc4c63853fee48c02e25c8605fb65a6c9924 ]
According to the ACPI 6.3 specification, the _PSD method is optional
when using CPPC. The underlying assumption is that each CPU can change
frequency independently from all other CPUs; _PSD is provided to tell
the OS that some processors can NOT do that.
However, the acpi_get_psd() function returns ENODEV if there is no _PSD
method present, or an ACPI error status if an error occurs when evaluating
_PSD, if present. This makes _PSD mandatory when using CPPC, in violation
of the specification, and only on Linux.
This has forced some firmware writers to provide a dummy _PSD, even though
it is irrelevant, but only because Linux requires it; other OSPMs follow
the spec. We really do not want to have OS specific ACPI tables, though.
So, correct acpi_get_psd() so that it does not return an error if there
is no _PSD method present, but does return a failure when the method can
not be executed properly. This allows _PSD to be optional as it should
be.
Signed-off-by: Al Stone <ahs3@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/cppc_acpi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 15f103d7532b0..3b2525908dd8c 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -365,8 +365,10 @@ static int acpi_get_psd(struct cpc_desc *cpc_ptr, acpi_handle handle)
union acpi_object *psd = NULL;
struct acpi_psd_package *pdomain;
- status = acpi_evaluate_object_typed(handle, "_PSD", NULL, &buffer,
- ACPI_TYPE_PACKAGE);
+ status = acpi_evaluate_object_typed(handle, "_PSD", NULL,
+ &buffer, ACPI_TYPE_PACKAGE);
+ if (status == AE_NOT_FOUND) /* _PSD is optional */
+ return 0;
if (ACPI_FAILURE(status))
return -ENODEV;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 153/313] sched/cpufreq: Align trace event behavior of fast switching
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (150 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 152/313] ACPI / CPPC: do not require the _PSD method Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 154/313] x86/apic/vector: Warn when vector space exhaustion breaks affinity Greg Kroah-Hartman
` (164 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas RAILLARD,
Peter Zijlstra (Intel),
Rafael J. Wysocki, Sasha Levin
From: Douglas RAILLARD <douglas.raillard@arm.com>
[ Upstream commit 77c84dd1881d0f0176cb678d770bfbda26c54390 ]
Fast switching path only emits an event for the CPU of interest, whereas the
regular path emits an event for all the CPUs that had their frequency changed,
i.e. all the CPUs sharing the same policy.
With the current behavior, looking at cpu_frequency event for a given CPU that
is using the fast switching path will not give the correct frequency signal.
Signed-off-by: Douglas RAILLARD <douglas.raillard@arm.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/cpufreq_schedutil.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kernel/sched/cpufreq_schedutil.c b/kernel/sched/cpufreq_schedutil.c
index ae3ec77bb92f6..e139b54716b4a 100644
--- a/kernel/sched/cpufreq_schedutil.c
+++ b/kernel/sched/cpufreq_schedutil.c
@@ -117,6 +117,7 @@ static void sugov_fast_switch(struct sugov_policy *sg_policy, u64 time,
unsigned int next_freq)
{
struct cpufreq_policy *policy = sg_policy->policy;
+ int cpu;
if (!sugov_update_next_freq(sg_policy, time, next_freq))
return;
@@ -126,7 +127,11 @@ static void sugov_fast_switch(struct sugov_policy *sg_policy, u64 time,
return;
policy->cur = next_freq;
- trace_cpu_frequency(next_freq, smp_processor_id());
+
+ if (trace_cpu_frequency_enabled()) {
+ for_each_cpu(cpu, policy->cpus)
+ trace_cpu_frequency(next_freq, cpu);
+ }
}
static void sugov_deferred_update(struct sugov_policy *sg_policy, u64 time,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 154/313] x86/apic/vector: Warn when vector space exhaustion breaks affinity
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (151 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 153/313] sched/cpufreq: Align trace event behavior of fast switching Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 155/313] arm64: kpti: ensure patched kernel text is fetched from PoU Greg Kroah-Hartman
` (163 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, djuran, Neil Horman, Thomas Gleixner,
Sasha Levin
From: Neil Horman <nhorman@tuxdriver.com>
[ Upstream commit 743dac494d61d991967ebcfab92e4f80dc7583b3 ]
On x86, CPUs are limited in the number of interrupts they can have affined
to them as they only support 256 interrupt vectors per CPU. 32 vectors are
reserved for the CPU and the kernel reserves another 22 for internal
purposes. That leaves 202 vectors for assignement to devices.
When an interrupt is set up or the affinity is changed by the kernel or the
administrator, the vector assignment code attempts to honor the requested
affinity mask. If the vector space on the CPUs in that affinity mask is
exhausted the code falls back to a wider set of CPUs and assigns a vector
on a CPU outside of the requested affinity mask silently.
While the effective affinity is reflected in the corresponding
/proc/irq/$N/effective_affinity* files the silent breakage of the requested
affinity can lead to unexpected behaviour for administrators.
Add a pr_warn() when this happens so that adminstrators get at least
informed about it in the syslog.
[ tglx: Massaged changelog and made the pr_warn() more informative ]
Reported-by: djuran@redhat.com
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: djuran@redhat.com
Link: https://lkml.kernel.org/r/20190822143421.9535-1-nhorman@tuxdriver.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apic/vector.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
index fdacb864c3dd4..2c5676b0a6e7f 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -398,6 +398,17 @@ static int activate_reserved(struct irq_data *irqd)
if (!irqd_can_reserve(irqd))
apicd->can_reserve = false;
}
+
+ /*
+ * Check to ensure that the effective affinity mask is a subset
+ * the user supplied affinity mask, and warn the user if it is not
+ */
+ if (!cpumask_subset(irq_data_get_effective_affinity_mask(irqd),
+ irq_data_get_affinity_mask(irqd))) {
+ pr_warn("irq %u: Affinity broken due to vector space exhaustion.\n",
+ irqd->irq);
+ }
+
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 155/313] arm64: kpti: ensure patched kernel text is fetched from PoU
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (152 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 154/313] x86/apic/vector: Warn when vector space exhaustion breaks affinity Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 156/313] perf evlist: Use unshare(CLONE_FS) in sb threads to let setns(CLONE_NEWNS) work Greg Kroah-Hartman
` (162 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Rutland, Catalin Marinas,
James Morse, Will Deacon, Sasha Levin
From: Mark Rutland <mark.rutland@arm.com>
[ Upstream commit f32c7a8e45105bd0af76872bf6eef0438ff12fb2 ]
While the MMUs is disabled, I-cache speculation can result in
instructions being fetched from the PoC. During boot we may patch
instructions (e.g. for alternatives and jump labels), and these may be
dirty at the PoU (and stale at the PoC).
Thus, while the MMU is disabled in the KPTI pagetable fixup code we may
load stale instructions into the I-cache, potentially leading to
subsequent crashes when executing regions of code which have been
modified at runtime.
Similarly to commit:
8ec41987436d566f ("arm64: mm: ensure patched kernel text is fetched from PoU")
... we can invalidate the I-cache after enabling the MMU to prevent such
issues.
The KPTI pagetable fixup code itself should be clean to the PoC per the
boot protocol, so no maintenance is required for this code.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/mm/proc.S | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
index 7dbf2be470f6c..28a8f7b87ff06 100644
--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -286,6 +286,15 @@ skip_pgd:
msr sctlr_el1, x18
isb
+ /*
+ * Invalidate the local I-cache so that any instructions fetched
+ * speculatively from the PoC are discarded, since they may have
+ * been dynamically patched at the PoU.
+ */
+ ic iallu
+ dsb nsh
+ isb
+
/* Set the flag to zero to indicate that we're all done */
str wzr, [flag_ptr]
ret
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 156/313] perf evlist: Use unshare(CLONE_FS) in sb threads to let setns(CLONE_NEWNS) work
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (153 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 155/313] arm64: kpti: ensure patched kernel text is fetched from PoU Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 157/313] x86/mm/pti: Do not invoke PTI functions when PTI is disabled Greg Kroah-Hartman
` (161 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Karl Rister, Alexander Shishkin,
Alexei Starovoitov, Brendan Gregg, Daniel Borkmann,
Krister Johansen, Namhyung Kim, Peter Zijlstra, Song Liu,
Stanislav Fomichev, Thomas-Mich Richter,
Arnaldo Carvalho de Melo, Sasha Levin
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit b397f8468fa27f08b83b348ffa56a226f72453af ]
When we started using a thread to catch the PERF_RECORD_BPF_EVENT meta
data events to then ask the kernel for further info (BTF, etc) for BPF
programs shortly after they get loaded, we forgot to use
unshare(CLONE_FS) as was done in:
868a832918f6 ("perf top: Support lookup of symbols in other mount namespaces.")
Do it so that we can enter the namespaces to read the build-ids at the
end of a 'perf record' session for the DSOs that had hits.
Before:
Starting a 'stress-ng --cpus 8' inside a container and then, outside the
container running:
# perf record -a --namespaces sleep 5
# perf buildid-list | grep stress-ng
#
We would end up with a 'perf.data' file that had no entry in its
build-id table for the /usr/bin/stress-ng binary inside the container
that got tons of PERF_RECORD_SAMPLEs.
After:
# perf buildid-list | grep stress-ng
f2ed02c68341183a124b9b0f6e2e6c493c465b29 /usr/bin/stress-ng
#
Then its just a matter of making sure that that binary debuginfo package
gets available in a place that 'perf report' will look at build-id keyed
ELF files, which, in my case, on a f30 notebook, was a matter of
installing the debuginfo file for the distro used in the container,
fedora 31:
# rpm -ivh http://fedora.c3sl.ufpr.br/linux/development/31/Everything/x86_64/debug/tree/Packages/s/stress-ng-debuginfo-0.07.29-10.fc31.x86_64.rpm
Then, because perf currently looks for those debuginfo files (richer ELF
symtab) inside that namespace (look at the setns calls):
openat(AT_FDCWD, "/proc/self/ns/mnt", O_RDONLY) = 137
openat(AT_FDCWD, "/proc/13169/ns/mnt", O_RDONLY) = 139
setns(139, CLONE_NEWNS) = 0
stat("/usr/bin/stress-ng", {st_mode=S_IFREG|0755, st_size=3065416, ...}) = 0
openat(AT_FDCWD, "/usr/bin/stress-ng", O_RDONLY) = 140
fcntl(140, F_GETFD) = 0
fstat(140, {st_mode=S_IFREG|0755, st_size=3065416, ...}) = 0
mmap(NULL, 3065416, PROT_READ, MAP_PRIVATE, 140, 0) = 0x7ff2fdc5b000
munmap(0x7ff2fdc5b000, 3065416) = 0
close(140) = 0
stat("stress-ng-0.07.29-10.fc31.x86_64.debug", 0x7fff45d71260) = -1 ENOENT (No such file or directory)
stat("/usr/bin/stress-ng-0.07.29-10.fc31.x86_64.debug", 0x7fff45d71260) = -1 ENOENT (No such file or directory)
stat("/usr/bin/.debug/stress-ng-0.07.29-10.fc31.x86_64.debug", 0x7fff45d71260) = -1 ENOENT (No such file or directory)
stat("/usr/lib/debug/usr/bin/stress-ng-0.07.29-10.fc31.x86_64.debug", 0x7fff45d71260) = -1 ENOENT (No such file or directory)
stat("/root/.debug/.build-id/f2/ed02c68341183a124b9b0f6e2e6c493c465b29", 0x7fff45d711e0) = -1 ENOENT (No such file or directory)
To only then go back to the "host" namespace to look just in the users's
~/.debug cache:
setns(137, CLONE_NEWNS) = 0
chdir("/root") = 0
close(137) = 0
close(139) = 0
stat("/root/.debug/.build-id/f2/ed02c68341183a124b9b0f6e2e6c493c465b29/elf", 0x7fff45d732e0) = -1 ENOENT (No such file or directory)
It continues to fail to resolve symbols:
# perf report | grep stress-ng | head -5
9.50% stress-ng-cpu stress-ng [.] 0x0000000000021ac1
8.58% stress-ng-cpu stress-ng [.] 0x0000000000021ab4
8.51% stress-ng-cpu stress-ng [.] 0x0000000000021489
7.17% stress-ng-cpu stress-ng [.] 0x00000000000219b6
3.93% stress-ng-cpu stress-ng [.] 0x0000000000021478
#
To overcome that we use:
# perf buildid-cache -v --add /usr/lib/debug/usr/bin/stress-ng-0.07.29-10.fc31.x86_64.debug
Adding f2ed02c68341183a124b9b0f6e2e6c493c465b29 /usr/lib/debug/usr/bin/stress-ng-0.07.29-10.fc31.x86_64.debug: Ok
#
# ls -la /root/.debug/.build-id/f2/ed02c68341183a124b9b0f6e2e6c493c465b29/elf
-rw-r--r--. 3 root root 2401184 Jul 27 07:03 /root/.debug/.build-id/f2/ed02c68341183a124b9b0f6e2e6c493c465b29/elf
# file /root/.debug/.build-id/f2/ed02c68341183a124b9b0f6e2e6c493c465b29/elf
/root/.debug/.build-id/f2/ed02c68341183a124b9b0f6e2e6c493c465b29/elf: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter \004, BuildID[sha1]=f2ed02c68341183a124b9b0f6e2e6c493c465b29, for GNU/Linux 3.2.0, with debug_info, not stripped, too many notes (256)
#
Now it finally works:
# perf report | grep stress-ng | head -5
23.59% stress-ng-cpu stress-ng [.] ackermann
23.33% stress-ng-cpu stress-ng [.] is_prime
17.36% stress-ng-cpu stress-ng [.] stress_cpu_sieve
6.08% stress-ng-cpu stress-ng [.] stress_cpu_correlate
3.55% stress-ng-cpu stress-ng [.] queens_try
#
I'll make sure that it looks for the build-id keyed files in both the
"host" namespace (the namespace the user running 'perf record' was a the
time of the recording) and in the container namespace, as it shouldn't
matter where a content based key lookup finds the ELF file to use in
resolving symbols, etc.
Reported-by: Karl Rister <krister@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Krister Johansen <kjlx@templeofstupid.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stanislav Fomichev <sdf@google.com>
Cc: Thomas-Mich Richter <tmricht@linux.vnet.ibm.com>
Fixes: 657ee5531903 ("perf evlist: Introduce side band thread")
Link: https://lkml.kernel.org/n/tip-g79k0jz41adiaeuqud742t2l@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/evlist.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tools/perf/util/evlist.c b/tools/perf/util/evlist.c
index a474ede17cd6c..001bb444d2056 100644
--- a/tools/perf/util/evlist.c
+++ b/tools/perf/util/evlist.c
@@ -21,6 +21,7 @@
#include "bpf-event.h"
#include <signal.h>
#include <unistd.h>
+#include <sched.h>
#include "parse-events.h"
#include <subcmd/parse-options.h>
@@ -1870,6 +1871,14 @@ static void *perf_evlist__poll_thread(void *arg)
struct perf_evlist *evlist = arg;
bool draining = false;
int i, done = 0;
+ /*
+ * In order to read symbols from other namespaces perf to needs to call
+ * setns(2). This isn't permitted if the struct_fs has multiple users.
+ * unshare(2) the fs so that we may continue to setns into namespaces
+ * that we're observing when, for instance, reading the build-ids at
+ * the end of a 'perf record' session.
+ */
+ unshare(CLONE_FS);
while (!done) {
bool got_data = false;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 157/313] x86/mm/pti: Do not invoke PTI functions when PTI is disabled
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (154 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 156/313] perf evlist: Use unshare(CLONE_FS) in sb threads to let setns(CLONE_NEWNS) work Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 158/313] ASoC: fsl_ssi: Fix clock control issue in master mode Greg Kroah-Hartman
` (160 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Dave Hansen,
Ingo Molnar, Song Liu, Peter Zijlstra (Intel),
Sasha Levin
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 990784b57731192b7d90c8d4049e6318d81e887d ]
When PTI is disabled at boot time either because the CPU is not affected or
PTI has been disabled on the command line, the boot code still calls into
pti_finalize() which then unconditionally invokes:
pti_clone_entry_text()
pti_clone_kernel_text()
pti_clone_kernel_text() was called unconditionally before the 32bit support
was added and 32bit added the call to pti_clone_entry_text().
The call has no side effects as cloning the page tables into the available
second one, which was allocated for PTI does not create damage. But it does
not make sense either and in case that this functionality would be extended
later this might actually lead to hard to diagnose issues.
Neither function should be called when PTI is runtime disabled. Make the
invocation conditional.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20190828143124.063353972@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/mm/pti.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index b196524759ec5..ba22b50f4eca2 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -666,6 +666,8 @@ void __init pti_init(void)
*/
void pti_finalize(void)
{
+ if (!boot_cpu_has(X86_FEATURE_PTI))
+ return;
/*
* We need to clone everything (again) that maps parts of the
* kernel image.
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 158/313] ASoC: fsl_ssi: Fix clock control issue in master mode
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (155 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 157/313] x86/mm/pti: Do not invoke PTI functions when PTI is disabled Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 159/313] x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() Greg Kroah-Hartman
` (159 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shengjiu Wang, Mark Brown, Sasha Levin
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit 696d05225cebffd172008d212657be90e823eac0 ]
The test case is
arecord -Dhw:0 -d 10 -f S16_LE -r 48000 -c 2 temp.wav &
aplay -Dhw:0 -d 30 -f S16_LE -r 48000 -c 2 test.wav
There will be error after end of arecord:
aplay: pcm_write:2051: write error: Input/output error
Capture and Playback work in parallel in master mode, one
substream stops, the other substream is impacted, the
reason is that clock is disabled wrongly.
The clock's reference count is not increased when second
substream starts, the hw_param() function returns in the
beginning because first substream is enabled, then in end
of first substream, the hw_free() disables the clock.
This patch is to move the clock enablement to the place
before checking of the device enablement in hw_param().
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Link: https://lore.kernel.org/r/1567012817-12625-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_ssi.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/sound/soc/fsl/fsl_ssi.c b/sound/soc/fsl/fsl_ssi.c
index 09b2967befd96..d83be26d64467 100644
--- a/sound/soc/fsl/fsl_ssi.c
+++ b/sound/soc/fsl/fsl_ssi.c
@@ -799,15 +799,6 @@ static int fsl_ssi_hw_params(struct snd_pcm_substream *substream,
u32 wl = SSI_SxCCR_WL(sample_size);
int ret;
- /*
- * SSI is properly configured if it is enabled and running in
- * the synchronous mode; Note that AC97 mode is an exception
- * that should set separate configurations for STCCR and SRCCR
- * despite running in the synchronous mode.
- */
- if (ssi->streams && ssi->synchronous)
- return 0;
-
if (fsl_ssi_is_i2s_master(ssi)) {
ret = fsl_ssi_set_bclk(substream, dai, hw_params);
if (ret)
@@ -823,6 +814,15 @@ static int fsl_ssi_hw_params(struct snd_pcm_substream *substream,
}
}
+ /*
+ * SSI is properly configured if it is enabled and running in
+ * the synchronous mode; Note that AC97 mode is an exception
+ * that should set separate configurations for STCCR and SRCCR
+ * despite running in the synchronous mode.
+ */
+ if (ssi->streams && ssi->synchronous)
+ return 0;
+
if (!fsl_ssi_is_ac97(ssi)) {
/*
* Keep the ssi->i2s_net intact while having a local variable
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 159/313] x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (156 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 158/313] ASoC: fsl_ssi: Fix clock control issue in master mode Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 160/313] nvmet: fix data units read and written counters in SMART log Greg Kroah-Hartman
` (158 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Song Liu, Thomas Gleixner,
Ingo Molnar, Peter Zijlstra (Intel),
Sasha Levin
From: Song Liu <songliubraving@fb.com>
[ Upstream commit 825d0b73cd7526b0bb186798583fae810091cbac ]
pti_clone_pmds() assumes that the supplied address is either:
- properly PUD/PMD aligned
or
- the address is actually mapped which means that independently
of the mapping level (PUD/PMD/PTE) the next higher mapping
exists.
If that's not the case the unaligned address can be incremented by PUD or
PMD size incorrectly. All callers supply mapped and/or aligned addresses,
but for the sake of robustness it's better to handle that case properly and
to emit a warning.
[ tglx: Rewrote changelog and added WARN_ON_ONCE() ]
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1908282352470.1938@nanos.tec.linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/mm/pti.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index ba22b50f4eca2..7f2140414440d 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -330,13 +330,15 @@ pti_clone_pgtable(unsigned long start, unsigned long end,
pud = pud_offset(p4d, addr);
if (pud_none(*pud)) {
- addr += PUD_SIZE;
+ WARN_ON_ONCE(addr & ~PUD_MASK);
+ addr = round_up(addr + 1, PUD_SIZE);
continue;
}
pmd = pmd_offset(pud, addr);
if (pmd_none(*pmd)) {
- addr += PMD_SIZE;
+ WARN_ON_ONCE(addr & ~PMD_MASK);
+ addr = round_up(addr + 1, PMD_SIZE);
continue;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 160/313] nvmet: fix data units read and written counters in SMART log
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (157 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 159/313] x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 161/313] nvme-multipath: fix ana log nsid lookup when nsid is not found Greg Kroah-Hartman
` (157 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Wu, Israel Rukshin, Max Gurtovoy,
Chaitanya Kulkarni, Christoph Hellwig, Sagi Grimberg,
Sasha Levin
From: Tom Wu <tomwu@mellanox.com>
[ Upstream commit 3bec2e3754becebd4c452999adb49bc62c575ea4 ]
In nvme spec 1.3 there is a definition for data write/read counters
from SMART log, (See section 5.14.1.2):
This value is reported in thousands (i.e., a value of 1
corresponds to 1000 units of 512 bytes read) and is rounded up.
However, in nvme target where value is reported with actual units,
but not thousands of units as the spec requires.
Signed-off-by: Tom Wu <tomwu@mellanox.com>
Reviewed-by: Israel Rukshin <israelr@mellanox.com>
Reviewed-by: Max Gurtovoy <maxg@mellanox.com>
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/admin-cmd.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c
index 9f72d515fc4b3..4099093a17343 100644
--- a/drivers/nvme/target/admin-cmd.c
+++ b/drivers/nvme/target/admin-cmd.c
@@ -81,9 +81,11 @@ static u16 nvmet_get_smart_log_nsid(struct nvmet_req *req,
goto out;
host_reads = part_stat_read(ns->bdev->bd_part, ios[READ]);
- data_units_read = part_stat_read(ns->bdev->bd_part, sectors[READ]);
+ data_units_read = DIV_ROUND_UP(part_stat_read(ns->bdev->bd_part,
+ sectors[READ]), 1000);
host_writes = part_stat_read(ns->bdev->bd_part, ios[WRITE]);
- data_units_written = part_stat_read(ns->bdev->bd_part, sectors[WRITE]);
+ data_units_written = DIV_ROUND_UP(part_stat_read(ns->bdev->bd_part,
+ sectors[WRITE]), 1000);
put_unaligned_le64(host_reads, &slog->host_reads[0]);
put_unaligned_le64(data_units_read, &slog->data_units_read[0]);
@@ -111,11 +113,11 @@ static u16 nvmet_get_smart_log_all(struct nvmet_req *req,
if (!ns->bdev)
continue;
host_reads += part_stat_read(ns->bdev->bd_part, ios[READ]);
- data_units_read +=
- part_stat_read(ns->bdev->bd_part, sectors[READ]);
+ data_units_read += DIV_ROUND_UP(
+ part_stat_read(ns->bdev->bd_part, sectors[READ]), 1000);
host_writes += part_stat_read(ns->bdev->bd_part, ios[WRITE]);
- data_units_written +=
- part_stat_read(ns->bdev->bd_part, sectors[WRITE]);
+ data_units_written += DIV_ROUND_UP(
+ part_stat_read(ns->bdev->bd_part, sectors[WRITE]), 1000);
}
rcu_read_unlock();
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 161/313] nvme-multipath: fix ana log nsid lookup when nsid is not found
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (158 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 160/313] nvmet: fix data units read and written counters in SMART log Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 162/313] ALSA: firewire-motu: add support for MOTU 4pre Greg Kroah-Hartman
` (156 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anton Eidelman, James Smart,
Hannes Reinecke, Christoph Hellwig, Sagi Grimberg, Sasha Levin
From: Anton Eidelman <anton@lightbitslabs.com>
[ Upstream commit e01f91dff91c7b16a6e3faf2565017d497a73f83 ]
ANA log parsing invokes nvme_update_ana_state() per ANA group desc.
This updates the state of namespaces with nsids in desc->nsids[].
Both ctrl->namespaces list and desc->nsids[] array are sorted by nsid.
Hence nvme_update_ana_state() performs a single walk over ctrl->namespaces:
- if current namespace matches the current desc->nsids[n],
this namespace is updated, and n is incremented.
- the process stops when it encounters the end of either
ctrl->namespaces end or desc->nsids[]
In case desc->nsids[n] does not match any of ctrl->namespaces,
the remaining nsids following desc->nsids[n] will not be updated.
Such situation was considered abnormal and generated WARN_ON_ONCE.
However ANA log MAY contain nsids not (yet) found in ctrl->namespaces.
For example, lets consider the following scenario:
- nvme0 exposes namespaces with nsids = [2, 3] to the host
- a new namespace nsid = 1 is added dynamically
- also, a ANA topology change is triggered
- NS_CHANGED aen is generated and triggers scan_work
- before scan_work discovers nsid=1 and creates a namespace, a NOTICE_ANA
aen was issues and ana_work receives ANA log with nsids=[1, 2, 3]
Result: ana_work fails to update ANA state on existing namespaces [2, 3]
Solution:
Change the way nvme_update_ana_state() namespace list walk
checks the current namespace against desc->nsids[n] as follows:
a) ns->head->ns_id < desc->nsids[n]: keep walking ctrl->namespaces.
b) ns->head->ns_id == desc->nsids[n]: match, update the namespace
c) ns->head->ns_id >= desc->nsids[n]: skip to desc->nsids[n+1]
This enables correct operation in the scenario described above.
This also allows ANA log to contain nsids currently invisible
to the host, i.e. inactive nsids.
Signed-off-by: Anton Eidelman <anton@lightbitslabs.com>
Reviewed-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/multipath.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c
index 304aa8a65f2f8..f928bcfc57b5b 100644
--- a/drivers/nvme/host/multipath.c
+++ b/drivers/nvme/host/multipath.c
@@ -501,14 +501,16 @@ static int nvme_update_ana_state(struct nvme_ctrl *ctrl,
down_write(&ctrl->namespaces_rwsem);
list_for_each_entry(ns, &ctrl->namespaces, list) {
- if (ns->head->ns_id != le32_to_cpu(desc->nsids[n]))
+ unsigned nsid = le32_to_cpu(desc->nsids[n]);
+
+ if (ns->head->ns_id < nsid)
continue;
- nvme_update_ns_ana_state(desc, ns);
+ if (ns->head->ns_id == nsid)
+ nvme_update_ns_ana_state(desc, ns);
if (++n == nr_nsids)
break;
}
up_write(&ctrl->namespaces_rwsem);
- WARN_ON_ONCE(n < nr_nsids);
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 162/313] ALSA: firewire-motu: add support for MOTU 4pre
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (159 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 161/313] nvme-multipath: fix ana log nsid lookup when nsid is not found Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 163/313] iommu/amd: Silence warnings under memory pressure Greg Kroah-Hartman
` (155 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Sakamoto, Takashi Iwai, Sasha Levin
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
[ Upstream commit 6af86bdb8ad41f4cf1292d3b10857dc322758328 ]
MOTU 4pre was launched in 2012 by MOTU, Inc. This commit allows userspace
applications can transmit and receive PCM frames and MIDI messages for
this model via ALSA PCM interface and RawMidi/Sequencer interfaces.
The device supports MOTU protocol version 3. Unlike the other devices, the
device is simply designed. The size of data block is fixed to 10 quadlets
during available sampling rates (44.1 - 96.0 kHz). Each data block
includes 1 source packet header, 2 data chunks for messages, 8 data chunks
for PCM samples and 2 data chunks for padding to quadlet alignment. The
device has no MIDI, optical, BNC and AES/EBU interfaces.
Like support for the other MOTU devices, the quality of playback sound
is not enough good with periodical noise yet.
$ python2 crpp < ~/git/am-config-rom/motu/motu-4pre.img
ROM header and bus information block
-----------------------------------------------------------------
400 041078cc bus_info_length 4, crc_length 16, crc 30924
404 31333934 bus_name "1394"
408 20ff7000 irmc 0, cmc 0, isc 1, bmc 0, cyc_clk_acc 255, max_rec 7 (256)
40c 0001f200 company_id 0001f2 |
410 000a41c5 device_id 00000a41c5 | EUI-64 0001f200000a41c5
root directory
-----------------------------------------------------------------
414 0004ef04 directory_length 4, crc 61188
418 030001f2 vendor
41c 0c0083c0 node capabilities per IEEE 1394
420 d1000002 --> unit directory at 428
424 8d000005 --> eui-64 leaf at 438
unit directory at 428
-----------------------------------------------------------------
428 0003ceda directory_length 3, crc 52954
42c 120001f2 specifier id
430 13000045 version
434 17103800 model
eui-64 leaf at 438
-----------------------------------------------------------------
438 0002d248 leaf_length 2, crc 53832
43c 0001f200 company_id 0001f2 |
440 000a41c5 device_id 00000a41c5 | EUI-64 0001f200000a41c5
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/firewire/motu/motu.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/firewire/motu/motu.c b/sound/firewire/motu/motu.c
index 03cda2166ea3d..72908b4de77c0 100644
--- a/sound/firewire/motu/motu.c
+++ b/sound/firewire/motu/motu.c
@@ -247,6 +247,17 @@ static const struct snd_motu_spec motu_audio_express = {
.analog_out_ports = 4,
};
+static const struct snd_motu_spec motu_4pre = {
+ .name = "4pre",
+ .protocol = &snd_motu_protocol_v3,
+ .flags = SND_MOTU_SPEC_SUPPORT_CLOCK_X2 |
+ SND_MOTU_SPEC_TX_MICINST_CHUNK |
+ SND_MOTU_SPEC_TX_RETURN_CHUNK |
+ SND_MOTU_SPEC_RX_SEPARETED_MAIN,
+ .analog_in_ports = 2,
+ .analog_out_ports = 2,
+};
+
#define SND_MOTU_DEV_ENTRY(model, data) \
{ \
.match_flags = IEEE1394_MATCH_VENDOR_ID | \
@@ -265,6 +276,7 @@ static const struct ieee1394_device_id motu_id_table[] = {
SND_MOTU_DEV_ENTRY(0x000015, &motu_828mk3), /* FireWire only. */
SND_MOTU_DEV_ENTRY(0x000035, &motu_828mk3), /* Hybrid. */
SND_MOTU_DEV_ENTRY(0x000033, &motu_audio_express),
+ SND_MOTU_DEV_ENTRY(0x000045, &motu_4pre),
{ }
};
MODULE_DEVICE_TABLE(ieee1394, motu_id_table);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 163/313] iommu/amd: Silence warnings under memory pressure
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (160 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 162/313] ALSA: firewire-motu: add support for MOTU 4pre Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 164/313] ASoC: Intel: Haswell: Adjust machine device private context Greg Kroah-Hartman
` (154 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qian Cai, Joerg Roedel, Sasha Levin
From: Qian Cai <cai@lca.pw>
[ Upstream commit 3d708895325b78506e8daf00ef31549476e8586a ]
When running heavy memory pressure workloads, the system is throwing
endless warnings,
smartpqi 0000:23:00.0: AMD-Vi: IOMMU mapping error in map_sg (io-pages:
5 reason: -12)
Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40
07/10/2019
swapper/10: page allocation failure: order:0, mode:0xa20(GFP_ATOMIC),
nodemask=(null),cpuset=/,mems_allowed=0,4
Call Trace:
<IRQ>
dump_stack+0x62/0x9a
warn_alloc.cold.43+0x8a/0x148
__alloc_pages_nodemask+0x1a5c/0x1bb0
get_zeroed_page+0x16/0x20
iommu_map_page+0x477/0x540
map_sg+0x1ce/0x2f0
scsi_dma_map+0xc6/0x160
pqi_raid_submit_scsi_cmd_with_io_request+0x1c3/0x470 [smartpqi]
do_IRQ+0x81/0x170
common_interrupt+0xf/0xf
</IRQ>
because the allocation could fail from iommu_map_page(), and the volume
of this call could be huge which may generate a lot of serial console
output and cosumes all CPUs.
Fix it by silencing the warning in this call site, and there is still a
dev_err() later to notify the failure.
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd_iommu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index 3e687f18b203a..a0b64c43257a6 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -2570,7 +2570,9 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
bus_addr = address + s->dma_address + (j << PAGE_SHIFT);
phys_addr = (sg_phys(s) & PAGE_MASK) + (j << PAGE_SHIFT);
- ret = iommu_map_page(domain, bus_addr, phys_addr, PAGE_SIZE, prot, GFP_ATOMIC);
+ ret = iommu_map_page(domain, bus_addr, phys_addr,
+ PAGE_SIZE, prot,
+ GFP_ATOMIC | __GFP_NOWARN);
if (ret)
goto out_unmap;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 164/313] ASoC: Intel: Haswell: Adjust machine device private context
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (161 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 163/313] iommu/amd: Silence warnings under memory pressure Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 165/313] libata/ahci: Drop PCS quirk for Denverton and beyond Greg Kroah-Hartman
` (153 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cezary Rojewski,
Pierre-Louis Bossart, Mark Brown, Sasha Levin
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit ca964edf0ddbfec2cb10b3d251d09598e7ca9b13 ]
Apart from Haswell machines, all other devices have their private data
set to snd_soc_acpi_mach instance.
Changes for HSW/ BDW boards introduced with series:
https://patchwork.kernel.org/cover/10782035/
added support for dai_link platform_name adjustments within card probe
routines. These take for granted private_data points to
snd_soc_acpi_mach whereas for Haswell, it's sst_pdata instead. Change
private context of platform_device - representing machine board - to
address this.
Fixes: e87055d732e3 ("ASoC: Intel: haswell: platform name fixup support")
Fixes: 7e40ddcf974a ("ASoC: Intel: bdw-rt5677: platform name fixup support")
Fixes: 2d067b2807f9 ("ASoC: Intel: broadwell: platform name fixup support")
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20190822113616.22702-2-cezary.rojewski@intel.com
Tested-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/common/sst-acpi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/soc/intel/common/sst-acpi.c b/sound/soc/intel/common/sst-acpi.c
index 0e8e0a7a11df3..5854868650b9e 100644
--- a/sound/soc/intel/common/sst-acpi.c
+++ b/sound/soc/intel/common/sst-acpi.c
@@ -141,11 +141,12 @@ static int sst_acpi_probe(struct platform_device *pdev)
}
platform_set_drvdata(pdev, sst_acpi);
+ mach->pdata = sst_pdata;
/* register machine driver */
sst_acpi->pdev_mach =
platform_device_register_data(dev, mach->drv_name, -1,
- sst_pdata, sizeof(*sst_pdata));
+ mach, sizeof(*mach));
if (IS_ERR(sst_acpi->pdev_mach))
return PTR_ERR(sst_acpi->pdev_mach);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 165/313] libata/ahci: Drop PCS quirk for Denverton and beyond
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (162 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 164/313] ASoC: Intel: Haswell: Adjust machine device private context Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 166/313] iommu/iova: Avoid false sharing on fq_timer_on Greg Kroah-Hartman
` (152 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Douthit, Christoph Hellwig,
Dan Williams, Jens Axboe, Sasha Levin
From: Dan Williams <dan.j.williams@intel.com>
[ Upstream commit c312ef176399e04fc5f7f2809d9a589751fbf6d9 ]
The Linux ahci driver has historically implemented a configuration fixup
for platforms / platform-firmware that fails to enable the ports prior
to OS hand-off at boot. The fixup was originally implemented way back
before ahci moved from drivers/scsi/ to drivers/ata/, and was updated in
2007 via commit 49f290903935 "ahci: update PCS programming". The quirk
sets a port-enable bitmap in the PCS register at offset 0x92.
This quirk could be applied generically up until the arrival of the
Denverton (DNV) platform. The DNV AHCI controller architecture supports
more than 6 ports and along with that the PCS register location and
format were updated to allow for more possible ports in the bitmap. DNV
AHCI expands the register to 32-bits and moves it to offset 0x94.
As it stands there are no known problem reports with existing Linux
trying to set bits at offset 0x92 which indicates that the quirk is not
applicable. Likely it is not applicable on a wider range of platforms,
but it is difficult to discern which platforms if any still depend on
the quirk.
Rather than try to fix the PCS quirk to consider the DNV register layout
instead require explicit opt-in. The assumption is that the OS driver
need not touch this register, and platforms can be added with a new
boad_ahci_pcs7 board-id when / if problematic platforms are found in the
future. The logic in ahci_intel_pcs_quirk() looks for all Intel AHCI
instances with "legacy" board-ids and otherwise skips the quirk if the
board was matched by class-code.
Reported-by: Stephen Douthit <stephend@silicom-usa.com>
Cc: Christoph Hellwig <hch@infradead.org>
Reviewed-by: Stephen Douthit <stephend@silicom-usa.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/ahci.c | 116 +++++++++++++++++++++++++++------------------
drivers/ata/ahci.h | 2 +
2 files changed, 71 insertions(+), 47 deletions(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index f7652baa63370..3e63294304c72 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -65,6 +65,12 @@ enum board_ids {
board_ahci_sb700, /* for SB700 and SB800 */
board_ahci_vt8251,
+ /*
+ * board IDs for Intel chipsets that support more than 6 ports
+ * *and* end up needing the PCS quirk.
+ */
+ board_ahci_pcs7,
+
/* aliases */
board_ahci_mcp_linux = board_ahci_mcp65,
board_ahci_mcp67 = board_ahci_mcp65,
@@ -220,6 +226,12 @@ static const struct ata_port_info ahci_port_info[] = {
.udma_mask = ATA_UDMA6,
.port_ops = &ahci_vt8251_ops,
},
+ [board_ahci_pcs7] = {
+ .flags = AHCI_FLAG_COMMON,
+ .pio_mask = ATA_PIO4,
+ .udma_mask = ATA_UDMA6,
+ .port_ops = &ahci_ops,
+ },
};
static const struct pci_device_id ahci_pci_tbl[] = {
@@ -264,26 +276,26 @@ static const struct pci_device_id ahci_pci_tbl[] = {
{ PCI_VDEVICE(INTEL, 0x3b2b), board_ahci }, /* PCH RAID */
{ PCI_VDEVICE(INTEL, 0x3b2c), board_ahci_mobile }, /* PCH M RAID */
{ PCI_VDEVICE(INTEL, 0x3b2f), board_ahci }, /* PCH AHCI */
- { PCI_VDEVICE(INTEL, 0x19b0), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19b1), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19b2), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19b3), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19b4), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19b5), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19b6), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19b7), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19bE), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19bF), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c0), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c1), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c2), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c3), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c4), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c5), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c6), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19c7), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19cE), board_ahci }, /* DNV AHCI */
- { PCI_VDEVICE(INTEL, 0x19cF), board_ahci }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b0), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b1), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b2), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b3), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b4), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b5), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b6), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19b7), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19bE), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19bF), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c0), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c1), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c2), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c3), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c4), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c5), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c6), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19c7), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19cE), board_ahci_pcs7 }, /* DNV AHCI */
+ { PCI_VDEVICE(INTEL, 0x19cF), board_ahci_pcs7 }, /* DNV AHCI */
{ PCI_VDEVICE(INTEL, 0x1c02), board_ahci }, /* CPT AHCI */
{ PCI_VDEVICE(INTEL, 0x1c03), board_ahci_mobile }, /* CPT M AHCI */
{ PCI_VDEVICE(INTEL, 0x1c04), board_ahci }, /* CPT RAID */
@@ -623,30 +635,6 @@ static void ahci_pci_save_initial_config(struct pci_dev *pdev,
ahci_save_initial_config(&pdev->dev, hpriv);
}
-static int ahci_pci_reset_controller(struct ata_host *host)
-{
- struct pci_dev *pdev = to_pci_dev(host->dev);
- int rc;
-
- rc = ahci_reset_controller(host);
- if (rc)
- return rc;
-
- if (pdev->vendor == PCI_VENDOR_ID_INTEL) {
- struct ahci_host_priv *hpriv = host->private_data;
- u16 tmp16;
-
- /* configure PCS */
- pci_read_config_word(pdev, 0x92, &tmp16);
- if ((tmp16 & hpriv->port_map) != hpriv->port_map) {
- tmp16 |= hpriv->port_map;
- pci_write_config_word(pdev, 0x92, tmp16);
- }
- }
-
- return 0;
-}
-
static void ahci_pci_init_controller(struct ata_host *host)
{
struct ahci_host_priv *hpriv = host->private_data;
@@ -849,7 +837,7 @@ static int ahci_pci_device_runtime_resume(struct device *dev)
struct ata_host *host = pci_get_drvdata(pdev);
int rc;
- rc = ahci_pci_reset_controller(host);
+ rc = ahci_reset_controller(host);
if (rc)
return rc;
ahci_pci_init_controller(host);
@@ -884,7 +872,7 @@ static int ahci_pci_device_resume(struct device *dev)
ahci_mcp89_apple_enable(pdev);
if (pdev->dev.power.power_state.event == PM_EVENT_SUSPEND) {
- rc = ahci_pci_reset_controller(host);
+ rc = ahci_reset_controller(host);
if (rc)
return rc;
@@ -1619,6 +1607,34 @@ static void ahci_update_initial_lpm_policy(struct ata_port *ap,
ap->target_lpm_policy = policy;
}
+static void ahci_intel_pcs_quirk(struct pci_dev *pdev, struct ahci_host_priv *hpriv)
+{
+ const struct pci_device_id *id = pci_match_id(ahci_pci_tbl, pdev);
+ u16 tmp16;
+
+ /*
+ * Only apply the 6-port PCS quirk for known legacy platforms.
+ */
+ if (!id || id->vendor != PCI_VENDOR_ID_INTEL)
+ return;
+ if (((enum board_ids) id->driver_data) < board_ahci_pcs7)
+ return;
+
+ /*
+ * port_map is determined from PORTS_IMPL PCI register which is
+ * implemented as write or write-once register. If the register
+ * isn't programmed, ahci automatically generates it from number
+ * of ports, which is good enough for PCS programming. It is
+ * otherwise expected that platform firmware enables the ports
+ * before the OS boots.
+ */
+ pci_read_config_word(pdev, PCS_6, &tmp16);
+ if ((tmp16 & hpriv->port_map) != hpriv->port_map) {
+ tmp16 |= hpriv->port_map;
+ pci_write_config_word(pdev, PCS_6, tmp16);
+ }
+}
+
static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
{
unsigned int board_id = ent->driver_data;
@@ -1731,6 +1747,12 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
/* save initial config */
ahci_pci_save_initial_config(pdev, hpriv);
+ /*
+ * If platform firmware failed to enable ports, try to enable
+ * them here.
+ */
+ ahci_intel_pcs_quirk(pdev, hpriv);
+
/* prepare host */
if (hpriv->cap & HOST_CAP_NCQ) {
pi.flags |= ATA_FLAG_NCQ;
@@ -1840,7 +1862,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
if (rc)
return rc;
- rc = ahci_pci_reset_controller(host);
+ rc = ahci_reset_controller(host);
if (rc)
return rc;
diff --git a/drivers/ata/ahci.h b/drivers/ata/ahci.h
index 0570629d719d8..3dbf398c92eaf 100644
--- a/drivers/ata/ahci.h
+++ b/drivers/ata/ahci.h
@@ -247,6 +247,8 @@ enum {
ATA_FLAG_ACPI_SATA | ATA_FLAG_AN,
ICH_MAP = 0x90, /* ICH MAP register */
+ PCS_6 = 0x92, /* 6 port PCS */
+ PCS_7 = 0x94, /* 7+ port PCS (Denverton) */
/* em constants */
EM_MAX_SLOTS = 8,
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 166/313] iommu/iova: Avoid false sharing on fq_timer_on
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (163 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 165/313] libata/ahci: Drop PCS quirk for Denverton and beyond Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 167/313] libtraceevent: Change users plugin directory Greg Kroah-Hartman
` (151 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Jinyu Qi, Joerg Roedel,
Robin Murphy, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 0d87308cca2c124f9bce02383f1d9632c9be89c4 ]
In commit 14bd9a607f90 ("iommu/iova: Separate atomic variables
to improve performance") Jinyu Qi identified that the atomic_cmpxchg()
in queue_iova() was causing a performance loss and moved critical fields
so that the false sharing would not impact them.
However, avoiding the false sharing in the first place seems easy.
We should attempt the atomic_cmpxchg() no more than 100 times
per second. Adding an atomic_read() will keep the cache
line mostly shared.
This false sharing came with commit 9a005a800ae8
("iommu/iova: Add flush timer").
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: 9a005a800ae8 ('iommu/iova: Add flush timer')
Cc: Jinyu Qi <jinyuqi@huawei.com>
Cc: Joerg Roedel <jroedel@suse.de>
Acked-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/iova.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c
index 3e1a8a6755723..41c605b0058f9 100644
--- a/drivers/iommu/iova.c
+++ b/drivers/iommu/iova.c
@@ -577,7 +577,9 @@ void queue_iova(struct iova_domain *iovad,
spin_unlock_irqrestore(&fq->lock, flags);
- if (atomic_cmpxchg(&iovad->fq_timer_on, 0, 1) == 0)
+ /* Avoid false sharing as much as possible. */
+ if (!atomic_read(&iovad->fq_timer_on) &&
+ !atomic_cmpxchg(&iovad->fq_timer_on, 0, 1))
mod_timer(&iovad->fq_timer,
jiffies + msecs_to_jiffies(IOVA_FQ_TIMEOUT));
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 167/313] libtraceevent: Change users plugin directory
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (164 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 166/313] iommu/iova: Avoid false sharing on fq_timer_on Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 168/313] ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks Greg Kroah-Hartman
` (150 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrick McLean, Tzvetomir Stoyanov,
Andrew Morton, Jiri Olsa, Namhyung Kim, linux-trace-devel,
Steven Rostedt (VMware),
Arnaldo Carvalho de Melo, Sasha Levin
From: Tzvetomir Stoyanov <tstoyanov@vmware.com>
[ Upstream commit e97fd1383cd77c467d2aed7fa4e596789df83977 ]
To be compliant with XDG user directory layout, the user's plugin
directory is changed from ~/.traceevent/plugins to
~/.local/lib/traceevent/plugins/
Suggested-by: Patrick McLean <chutzpah@gentoo.org>
Signed-off-by: Tzvetomir Stoyanov <tstoyanov@vmware.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Patrick McLean <chutzpah@gentoo.org>
Cc: linux-trace-devel@vger.kernel.org
Link: https://lore.kernel.org/linux-trace-devel/20190313144206.41e75cf8@patrickm/
Link: http://lore.kernel.org/linux-trace-devel/20190801074959.22023-4-tz.stoyanov@gmail.com
Link: http://lore.kernel.org/lkml/20190805204355.344622683@goodmis.org
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/traceevent/Makefile | 6 +++---
tools/lib/traceevent/event-plugin.c | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/lib/traceevent/Makefile b/tools/lib/traceevent/Makefile
index 3292c290654f6..86ce17a1f7fb6 100644
--- a/tools/lib/traceevent/Makefile
+++ b/tools/lib/traceevent/Makefile
@@ -62,15 +62,15 @@ set_plugin_dir := 1
# Set plugin_dir to preffered global plugin location
# If we install under $HOME directory we go under
-# $(HOME)/.traceevent/plugins
+# $(HOME)/.local/lib/traceevent/plugins
#
# We dont set PLUGIN_DIR in case we install under $HOME
# directory, because by default the code looks under:
-# $(HOME)/.traceevent/plugins by default.
+# $(HOME)/.local/lib/traceevent/plugins by default.
#
ifeq ($(plugin_dir),)
ifeq ($(prefix),$(HOME))
-override plugin_dir = $(HOME)/.traceevent/plugins
+override plugin_dir = $(HOME)/.local/lib/traceevent/plugins
set_plugin_dir := 0
else
override plugin_dir = $(libdir)/traceevent/plugins
diff --git a/tools/lib/traceevent/event-plugin.c b/tools/lib/traceevent/event-plugin.c
index 8ca28de9337a5..e1f7ddd5a6cf0 100644
--- a/tools/lib/traceevent/event-plugin.c
+++ b/tools/lib/traceevent/event-plugin.c
@@ -18,7 +18,7 @@
#include "event-utils.h"
#include "trace-seq.h"
-#define LOCAL_PLUGIN_DIR ".traceevent/plugins"
+#define LOCAL_PLUGIN_DIR ".local/lib/traceevent/plugins/"
static struct registered_plugin_options {
struct registered_plugin_options *next;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 168/313] ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (165 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 167/313] libtraceevent: Change users plugin directory Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 169/313] x86/amd_nb: Add PCI device IDs for family 17h, model 70h Greg Kroah-Hartman
` (149 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski,
Krzysztof Kozlowski, Sasha Levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 5b0eeeaa37615df37a9a30929b73e9defe61ca84 ]
Commit aff138bf8e37 ("ARM: dts: exynos: Add TMU nodes regulator supply
for Peach boards") assigned LDO10 to Exynos Thermal Measurement Unit,
but it turned out that it supplies also some other critical parts and
board freezes/crashes when it is turned off.
The mentioned commit made Exynos TMU a consumer of that regulator and in
typical case Exynos TMU driver keeps it enabled from early boot. However
there are such configurations (example is multi_v7_defconfig), in which
some of the regulators are compiled as modules and are not available
from early boot. In such case it may happen that LDO10 is turned off by
regulator core, because it has no consumers yet (in this case consumer
drivers cannot get it, because the supply regulators for it are not yet
available). This in turn causes the board to crash. This patch restores
'always-on' property for the LDO10 regulator.
Fixes: aff138bf8e37 ("ARM: dts: exynos: Add TMU nodes regulator supply for Peach boards")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos5420-peach-pit.dts | 1 +
arch/arm/boot/dts/exynos5800-peach-pi.dts | 1 +
2 files changed, 2 insertions(+)
diff --git a/arch/arm/boot/dts/exynos5420-peach-pit.dts b/arch/arm/boot/dts/exynos5420-peach-pit.dts
index f78db6809cca4..9eb48cabcca45 100644
--- a/arch/arm/boot/dts/exynos5420-peach-pit.dts
+++ b/arch/arm/boot/dts/exynos5420-peach-pit.dts
@@ -440,6 +440,7 @@
regulator-name = "vdd_ldo10";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
+ regulator-always-on;
regulator-state-mem {
regulator-off-in-suspend;
};
diff --git a/arch/arm/boot/dts/exynos5800-peach-pi.dts b/arch/arm/boot/dts/exynos5800-peach-pi.dts
index e0f470fe54c81..4398f2d1fe881 100644
--- a/arch/arm/boot/dts/exynos5800-peach-pi.dts
+++ b/arch/arm/boot/dts/exynos5800-peach-pi.dts
@@ -440,6 +440,7 @@
regulator-name = "vdd_ldo10";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
+ regulator-always-on;
regulator-state-mem {
regulator-off-in-suspend;
};
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 169/313] x86/amd_nb: Add PCI device IDs for family 17h, model 70h
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (166 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 168/313] ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 170/313] ACPI: custom_method: fix memory leaks Greg Kroah-Hartman
` (148 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vicki Pfau, Marcel Bocu,
Thomas Gleixner, Brian Woods, Ingo Molnar, Borislav Petkov,
H. Peter Anvin, x86, Woods, Brian, Clemens Ladisch, Jean Delvare,
Guenter Roeck, linux-hwmon, Sasha Levin, Bjorn Helgaas
From: Marcel Bocu <marcel.p.bocu@gmail.com>
[ Upstream commit af4e1c5eca95bed1192d8dc45c8ed63aea2209e8 ]
The AMD Ryzen gen 3 processors came with a different PCI IDs for the
function 3 & 4 which are used to access the SMN interface. The root
PCI address however remained at the same address as the model 30h.
Adding the F3/F4 PCI IDs respectively to the misc and link ids appear
to be sufficient for k10temp, so let's add them and follow up on the
patch if other functions need more tweaking.
Vicki Pfau sent an identical patch after I checked that no-one had
written this patch. I would have been happy about dropping my patch but
unlike for his patch series, I had already Cc:ed the x86 people and
they already reviewed the changes. Since Vicki has not answered to
any email after his initial series, let's assume she is on vacation
and let's avoid duplication of reviews from the maintainers and merge
my series. To acknowledge Vicki's anteriority, I added her S-o-b to
the patch.
v2, suggested by Guenter Roeck and Brian Woods:
- rename from 71h to 70h
Signed-off-by: Vicki Pfau <vi@endrift.com>
Signed-off-by: Marcel Bocu <marcel.p.bocu@gmail.com>
Tested-by: Marcel Bocu <marcel.p.bocu@gmail.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Brian Woods <brian.woods@amd.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com> # pci_ids.h
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Cc: "Woods, Brian" <Brian.Woods@amd.com>
Cc: Clemens Ladisch <clemens@ladisch.de>
Cc: Jean Delvare <jdelvare@suse.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: linux-hwmon@vger.kernel.org
Link: https://lore.kernel.org/r/20190722174510.2179-1-marcel.p.bocu@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/amd_nb.c | 3 +++
include/linux/pci_ids.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index 002aedc693933..8c26b696d8930 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -21,6 +21,7 @@
#define PCI_DEVICE_ID_AMD_17H_DF_F4 0x1464
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F4 0x15ec
#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F4 0x1494
+#define PCI_DEVICE_ID_AMD_17H_M70H_DF_F4 0x1444
/* Protect the PCI config register pairs used for SMN and DF indirect access. */
static DEFINE_MUTEX(smn_mutex);
@@ -50,6 +51,7 @@ const struct pci_device_id amd_nb_misc_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F3) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M70H_DF_F3) },
{}
};
EXPORT_SYMBOL_GPL(amd_nb_misc_ids);
@@ -63,6 +65,7 @@ static const struct pci_device_id amd_nb_link_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F4) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M70H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F4) },
{}
};
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 70e86148cb1e9..862556761bbf4 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -548,6 +548,7 @@
#define PCI_DEVICE_ID_AMD_17H_DF_F3 0x1463
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F3 0x15eb
#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F3 0x1493
+#define PCI_DEVICE_ID_AMD_17H_M70H_DF_F3 0x1443
#define PCI_DEVICE_ID_AMD_CNB17H_F3 0x1703
#define PCI_DEVICE_ID_AMD_LANCE 0x2000
#define PCI_DEVICE_ID_AMD_LANCE_HOME 0x2001
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 170/313] ACPI: custom_method: fix memory leaks
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (167 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 169/313] x86/amd_nb: Add PCI device IDs for family 17h, model 70h Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 171/313] ACPI / PCI: fix acpi_pci_irq_enable() memory leak Greg Kroah-Hartman
` (147 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Rafael J. Wysocki, Sasha Levin
From: Wenwen Wang <wenwen@cs.uga.edu>
[ Upstream commit 03d1571d9513369c17e6848476763ebbd10ec2cb ]
In cm_write(), 'buf' is allocated through kzalloc(). In the following
execution, if an error occurs, 'buf' is not deallocated, leading to memory
leaks. To fix this issue, free 'buf' before returning the error.
Fixes: 526b4af47f44 ("ACPI: Split out custom_method functionality into an own driver")
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/custom_method.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index b2ef4c2ec955d..fd66a736621cf 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -49,8 +49,10 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
if ((*ppos > max_size) ||
(*ppos + count > max_size) ||
(*ppos + count < count) ||
- (count > uncopied_bytes))
+ (count > uncopied_bytes)) {
+ kfree(buf);
return -EINVAL;
+ }
if (copy_from_user(buf + (*ppos), user_buf, count)) {
kfree(buf);
@@ -70,6 +72,7 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
add_taint(TAINT_OVERRIDDEN_ACPI_TABLE, LOCKDEP_NOW_UNRELIABLE);
}
+ kfree(buf);
return count;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 171/313] ACPI / PCI: fix acpi_pci_irq_enable() memory leak
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (168 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 170/313] ACPI: custom_method: fix memory leaks Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 172/313] closures: fix a race on wakeup from closure_sync Greg Kroah-Hartman
` (146 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenwen Wang, Rafael J. Wysocki, Sasha Levin
From: Wenwen Wang <wenwen@cs.uga.edu>
[ Upstream commit 29b49958cf73b439b17fa29e9a25210809a6c01c ]
In acpi_pci_irq_enable(), 'entry' is allocated by kzalloc() in
acpi_pci_irq_check_entry() (invoked from acpi_pci_irq_lookup()). However,
it is not deallocated if acpi_pci_irq_valid() returns false, leading to a
memory leak. To fix this issue, free 'entry' before returning 0.
Fixes: e237a5518425 ("x86/ACPI/PCI: Recognize that Interrupt Line 255 means "not connected"")
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/pci_irq.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/pci_irq.c b/drivers/acpi/pci_irq.c
index d2549ae65e1b6..dea8a60e18a4c 100644
--- a/drivers/acpi/pci_irq.c
+++ b/drivers/acpi/pci_irq.c
@@ -449,8 +449,10 @@ int acpi_pci_irq_enable(struct pci_dev *dev)
* No IRQ known to the ACPI subsystem - maybe the BIOS /
* driver reported one, then use it. Exit in any case.
*/
- if (!acpi_pci_irq_valid(dev, pin))
+ if (!acpi_pci_irq_valid(dev, pin)) {
+ kfree(entry);
return 0;
+ }
if (acpi_isa_register_gsi(dev))
dev_warn(&dev->dev, "PCI INT %c: no GSI\n",
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 172/313] closures: fix a race on wakeup from closure_sync
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (169 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 171/313] ACPI / PCI: fix acpi_pci_irq_enable() memory leak Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 173/313] hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs Greg Kroah-Hartman
` (145 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kent Overstreet, Coly Li, Jens Axboe,
Sasha Levin
From: Kent Overstreet <kent.overstreet@gmail.com>
[ Upstream commit a22a9602b88fabf10847f238ff81fde5f906fef7 ]
The race was when a thread using closure_sync() notices cl->s->done == 1
before the thread calling closure_put() calls wake_up_process(). Then,
it's possible for that thread to return and exit just before
wake_up_process() is called - so we're trying to wake up a process that
no longer exists.
rcu_read_lock() is sufficient to protect against this, as there's an rcu
barrier somewhere in the process teardown path.
Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
Acked-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/closure.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c
index 73f5319295bc9..c12cd809ab193 100644
--- a/drivers/md/bcache/closure.c
+++ b/drivers/md/bcache/closure.c
@@ -105,8 +105,14 @@ struct closure_syncer {
static void closure_sync_fn(struct closure *cl)
{
- cl->s->done = 1;
- wake_up_process(cl->s->task);
+ struct closure_syncer *s = cl->s;
+ struct task_struct *p;
+
+ rcu_read_lock();
+ p = READ_ONCE(s->task);
+ s->done = 1;
+ wake_up_process(p);
+ rcu_read_unlock();
}
void __sched __closure_sync(struct closure *cl)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 173/313] hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (170 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 172/313] closures: fix a race on wakeup from closure_sync Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 174/313] hwmon: (acpi_power_meter) Change log level for unsafe software power cap Greg Kroah-Hartman
` (144 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vicki Pfau, Marcel Bocu,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
x86, Woods, Brian, Clemens Ladisch, Jean Delvare, Guenter Roeck,
linux-hwmon, Sasha Levin
From: Marcel Bocu <marcel.p.bocu@gmail.com>
[ Upstream commit 12163cfbfc0f804cc7d27bc20e8d266ce7459260 ]
It would seem like model 70h is behaving in the same way as model 30h,
so let's just add the new F3 PCI ID to the list of compatible devices.
Unlike previous Ryzen/Threadripper, Ryzen gen 3 processors do not need
temperature offsets anymore. This has been reported in the press and
verified on my Ryzen 3700X by checking that the idle temperature
reported by k10temp is matching the temperature reported by the
firmware.
Vicki Pfau sent an identical patch after I checked that no-one had
written this patch. I would have been happy about dropping my patch but
unlike for his patch series, I had already Cc:ed the x86 people and
they already reviewed the changes. Since Vicki has not answered to
any email after his initial series, let's assume she is on vacation
and let's avoid duplication of reviews from the maintainers and merge
my series. To acknowledge Vicki's anteriority, I added her S-o-b to
the patch.
v2, suggested by Guenter Roeck and Brian Woods:
- rename from 71h to 70h
Signed-off-by: Vicki Pfau <vi@endrift.com>
Signed-off-by: Marcel Bocu <marcel.p.bocu@gmail.com>
Tested-by: Marcel Bocu <marcel.p.bocu@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Cc: "Woods, Brian" <Brian.Woods@amd.com>
Cc: Clemens Ladisch <clemens@ladisch.de>
Cc: Jean Delvare <jdelvare@suse.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: linux-hwmon@vger.kernel.org
Link: https://lore.kernel.org/r/20190722174653.2391-1-marcel.p.bocu@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/k10temp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hwmon/k10temp.c b/drivers/hwmon/k10temp.c
index c77e89239dcd9..5c1dddde193c3 100644
--- a/drivers/hwmon/k10temp.c
+++ b/drivers/hwmon/k10temp.c
@@ -349,6 +349,7 @@ static const struct pci_device_id k10temp_id_table[] = {
{ PCI_VDEVICE(AMD, PCI_DEVICE_ID_AMD_17H_DF_F3) },
{ PCI_VDEVICE(AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F3) },
{ PCI_VDEVICE(AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F3) },
+ { PCI_VDEVICE(AMD, PCI_DEVICE_ID_AMD_17H_M70H_DF_F3) },
{ PCI_VDEVICE(HYGON, PCI_DEVICE_ID_AMD_17H_DF_F3) },
{}
};
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 174/313] hwmon: (acpi_power_meter) Change log level for unsafe software power cap
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (171 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 173/313] hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 175/313] md/raid1: fail run raid1 array when active disk less than one Greg Kroah-Hartman
` (143 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wang Shenran, Guenter Roeck, Sasha Levin
From: Wang Shenran <shenran268@gmail.com>
[ Upstream commit 6e4d91aa071810deac2cd052161aefb376ecf04e ]
At boot time, the acpi_power_meter driver logs the following error level
message: "Ignoring unsafe software power cap". Having read about it from
a few sources, it seems that the error message can be quite misleading.
While the message can imply that Linux is ignoring the fact that the
system is operating in potentially dangerous conditions, the truth is
the driver found an ACPI_PMC object that supports software power
capping. The driver simply decides not to use it, perhaps because it
doesn't support the object.
The best solution is probably changing the log level from error to warning.
All sources I have found, regarding the error, have downplayed its
significance. There is not much of a reason for it to be on error level,
while causing potential confusions or misinterpretations.
Signed-off-by: Wang Shenran <shenran268@gmail.com>
Link: https://lore.kernel.org/r/20190724080110.6952-1-shenran268@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/acpi_power_meter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c
index 6ba1a08253f0a..4cf25458f0b95 100644
--- a/drivers/hwmon/acpi_power_meter.c
+++ b/drivers/hwmon/acpi_power_meter.c
@@ -681,8 +681,8 @@ static int setup_attrs(struct acpi_power_meter_resource *resource)
if (resource->caps.flags & POWER_METER_CAN_CAP) {
if (!can_cap_in_hardware()) {
- dev_err(&resource->acpi_dev->dev,
- "Ignoring unsafe software power cap!\n");
+ dev_warn(&resource->acpi_dev->dev,
+ "Ignoring unsafe software power cap!\n");
goto skip_unsafe_cap;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 175/313] md/raid1: fail run raid1 array when active disk less than one
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (172 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 174/313] hwmon: (acpi_power_meter) Change log level for unsafe software power cap Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 176/313] dmaengine: ti: edma: Do not reset reserved paRAM slots Greg Kroah-Hartman
` (142 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Yufen Yu, Song Liu, Sasha Levin
From: Yufen Yu <yuyufen@huawei.com>
[ Upstream commit 07f1a6850c5d5a65c917c3165692b5179ac4cb6b ]
When run test case:
mdadm -CR /dev/md1 -l 1 -n 4 /dev/sd[a-d] --assume-clean --bitmap=internal
mdadm -S /dev/md1
mdadm -A /dev/md1 /dev/sd[b-c] --run --force
mdadm --zero /dev/sda
mdadm /dev/md1 -a /dev/sda
echo offline > /sys/block/sdc/device/state
echo offline > /sys/block/sdb/device/state
sleep 5
mdadm -S /dev/md1
echo running > /sys/block/sdb/device/state
echo running > /sys/block/sdc/device/state
mdadm -A /dev/md1 /dev/sd[a-c] --run --force
mdadm run fail with kernel message as follow:
[ 172.986064] md: kicking non-fresh sdb from array!
[ 173.004210] md: kicking non-fresh sdc from array!
[ 173.022383] md/raid1:md1: active with 0 out of 4 mirrors
[ 173.022406] md1: failed to create bitmap (-5)
In fact, when active disk in raid1 array less than one, we
need to return fail in raid1_run().
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid1.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index a26731a9b38e7..f393f0dc042fc 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -3096,6 +3096,13 @@ static int raid1_run(struct mddev *mddev)
!test_bit(In_sync, &conf->mirrors[i].rdev->flags) ||
test_bit(Faulty, &conf->mirrors[i].rdev->flags))
mddev->degraded++;
+ /*
+ * RAID1 needs at least one disk in active
+ */
+ if (conf->raid_disks - mddev->degraded < 1) {
+ ret = -EINVAL;
+ goto abort;
+ }
if (conf->raid_disks - mddev->degraded == 1)
mddev->recovery_cp = MaxSector;
@@ -3129,8 +3136,12 @@ static int raid1_run(struct mddev *mddev)
ret = md_integrity_register(mddev);
if (ret) {
md_unregister_thread(&mddev->thread);
- raid1_free(mddev, conf);
+ goto abort;
}
+ return 0;
+
+abort:
+ raid1_free(mddev, conf);
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 176/313] dmaengine: ti: edma: Do not reset reserved paRAM slots
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (173 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 175/313] md/raid1: fail run raid1 array when active disk less than one Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 177/313] kprobes: Prohibit probing on BUG() and WARN() address Greg Kroah-Hartman
` (141 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Ujfalusi, Vinod Koul, Sasha Levin
From: Peter Ujfalusi <peter.ujfalusi@ti.com>
[ Upstream commit c5dbe60664b3660f5ac5854e21273ea2e7ff698f ]
Skip resetting paRAM slots marked as reserved as they might be used by
other cores.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20190823125618.8133-2-peter.ujfalusi@ti.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/ti/edma.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/dma/ti/edma.c b/drivers/dma/ti/edma.c
index ceabdea40ae0f..982631d4e1f8a 100644
--- a/drivers/dma/ti/edma.c
+++ b/drivers/dma/ti/edma.c
@@ -2273,9 +2273,6 @@ static int edma_probe(struct platform_device *pdev)
ecc->default_queue = info->default_queue;
- for (i = 0; i < ecc->num_slots; i++)
- edma_write_slot(ecc, i, &dummy_paramset);
-
if (info->rsv) {
/* Set the reserved slots in inuse list */
rsv_slots = info->rsv->rsv_slots;
@@ -2288,6 +2285,12 @@ static int edma_probe(struct platform_device *pdev)
}
}
+ for (i = 0; i < ecc->num_slots; i++) {
+ /* Reset only unused - not reserved - paRAM slots */
+ if (!test_bit(i, ecc->slot_inuse))
+ edma_write_slot(ecc, i, &dummy_paramset);
+ }
+
/* Clear the xbar mapped channels in unused list */
xbar_chans = info->xbar_chans;
if (xbar_chans) {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 177/313] kprobes: Prohibit probing on BUG() and WARN() address
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (174 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 176/313] dmaengine: ti: edma: Do not reset reserved paRAM slots Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 178/313] x86/mm: Fix cpumask_of_node() error condition Greg Kroah-Hartman
` (140 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu,
Steven Rostedt (VMware),
Naveen N. Rao, Anil S Keshavamurthy, David S . Miller,
Linus Torvalds, Naveen N . Rao, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar, Sasha Levin
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit e336b4027775cb458dc713745e526fa1a1996b2a ]
Since BUG() and WARN() may use a trap (e.g. UD2 on x86) to
get the address where the BUG() has occurred, kprobes can not
do single-step out-of-line that instruction. So prohibit
probing on such address.
Without this fix, if someone put a kprobe on WARN(), the
kernel will crash with invalid opcode error instead of
outputing warning message, because kernel can not find
correct bug address.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: David S . Miller <davem@davemloft.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Naveen N . Rao <naveen.n.rao@linux.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/156750890133.19112.3393666300746167111.stgit@devnote2
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bug.h | 5 +++++
kernel/kprobes.c | 3 ++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/linux/bug.h b/include/linux/bug.h
index fe5916550da8c..f639bd0122f39 100644
--- a/include/linux/bug.h
+++ b/include/linux/bug.h
@@ -47,6 +47,11 @@ void generic_bug_clear_once(void);
#else /* !CONFIG_GENERIC_BUG */
+static inline void *find_bug(unsigned long bugaddr)
+{
+ return NULL;
+}
+
static inline enum bug_trap_type report_bug(unsigned long bug_addr,
struct pt_regs *regs)
{
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 2504c269e6583..1010bde1146b5 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1514,7 +1514,8 @@ static int check_kprobe_address_safe(struct kprobe *p,
/* Ensure it is not in reserved area nor out of text */
if (!kernel_text_address((unsigned long) p->addr) ||
within_kprobe_blacklist((unsigned long) p->addr) ||
- jump_label_text_reserved(p->addr, p->addr)) {
+ jump_label_text_reserved(p->addr, p->addr) ||
+ find_bug((unsigned long)p->addr)) {
ret = -EINVAL;
goto out;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 178/313] x86/mm: Fix cpumask_of_node() error condition
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (175 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 177/313] kprobes: Prohibit probing on BUG() and WARN() address Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 179/313] irqchip/sifive-plic: set max threshold for ignored handlers Greg Kroah-Hartman
` (139 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Thomas Gleixner, Borislav Petkov, Yunsheng Lin, Ingo Molnar,
Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit bc04a049f058a472695aa22905d57e2b1f4c77d9 ]
When CONFIG_DEBUG_PER_CPU_MAPS=y we validate that the @node argument of
cpumask_of_node() is a valid node_id. It however forgets to check for
negative numbers. Fix this by explicitly casting to unsigned int.
(unsigned)node >= nr_node_ids
verifies: 0 <= node < nr_node_ids
Also ammend the error message to match the condition.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Yunsheng Lin <linyunsheng@huawei.com>
Link: https://lkml.kernel.org/r/20190903075352.GY2369@hirez.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/mm/numa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
index e6dad600614c2..4123100e0eafe 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
@@ -861,9 +861,9 @@ void numa_remove_cpu(int cpu)
*/
const struct cpumask *cpumask_of_node(int node)
{
- if (node >= nr_node_ids) {
+ if ((unsigned)node >= nr_node_ids) {
printk(KERN_WARNING
- "cpumask_of_node(%d): node > nr_node_ids(%u)\n",
+ "cpumask_of_node(%d): (unsigned)node >= nr_node_ids(%u)\n",
node, nr_node_ids);
dump_stack();
return cpu_none_mask;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 179/313] irqchip/sifive-plic: set max threshold for ignored handlers
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (176 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 178/313] x86/mm: Fix cpumask_of_node() error condition Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 180/313] s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding Greg Kroah-Hartman
` (138 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Marc Zyngier,
Paul Walmsley, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 9ce06497c2722a0f9109e4cc3ce35b7a69617886 ]
When running in M-mode, the S-mode plic handlers are still listed in the
device tree. Ignore them by setting the maximum threshold.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-sifive-plic.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c
index cf755964f2f8b..c72c036aea768 100644
--- a/drivers/irqchip/irq-sifive-plic.c
+++ b/drivers/irqchip/irq-sifive-plic.c
@@ -244,6 +244,7 @@ static int __init plic_init(struct device_node *node,
struct plic_handler *handler;
irq_hw_number_t hwirq;
int cpu, hartid;
+ u32 threshold = 0;
if (of_irq_parse_one(node, i, &parent)) {
pr_err("failed to parse parent for context %d.\n", i);
@@ -266,10 +267,16 @@ static int __init plic_init(struct device_node *node,
continue;
}
+ /*
+ * When running in M-mode we need to ignore the S-mode handler.
+ * Here we assume it always comes later, but that might be a
+ * little fragile.
+ */
handler = per_cpu_ptr(&plic_handlers, cpu);
if (handler->present) {
pr_warn("handler already present for context %d.\n", i);
- continue;
+ threshold = 0xffffffff;
+ goto done;
}
handler->present = true;
@@ -279,8 +286,9 @@ static int __init plic_init(struct device_node *node,
handler->enable_base =
plic_regs + ENABLE_BASE + i * ENABLE_PER_HART;
+done:
/* priority must be > threshold to trigger an interrupt */
- writel(0, handler->hart_base + CONTEXT_THRESHOLD);
+ writel(threshold, handler->hart_base + CONTEXT_THRESHOLD);
for (hwirq = 1; hwirq <= nr_irqs; hwirq++)
plic_toggle(handler, hwirq, 0);
nr_handlers++;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 180/313] s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (177 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 179/313] irqchip/sifive-plic: set max threshold for ignored handlers Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 181/313] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices Greg Kroah-Hartman
` (137 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Harald Freudenberger, Vasily Gorbik,
Sasha Levin
From: Harald Freudenberger <freude@linux.ibm.com>
[ Upstream commit 9e323d45ba94262620a073a3f9945ca927c07c71 ]
With 'extra run-time crypto self tests' enabled, the selftest
for s390-xts fails with
alg: skcipher: xts-aes-s390 encryption unexpectedly succeeded on
test vector "random: len=0 klen=64"; expected_error=-22,
cfg="random: inplace use_digest nosimd src_divs=[2.61%@+4006,
84.44%@+21, 1.55%@+13, 4.50%@+344, 4.26%@+21, 2.64%@+27]"
This special case with nbytes=0 is not handled correctly and this
fix now makes sure that -EINVAL is returned when there is en/decrypt
called with 0 bytes to en/decrypt.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/crypto/aes_s390.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
index d00f84add5f4c..6d2dbb5089d5c 100644
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -586,6 +586,9 @@ static int xts_aes_encrypt(struct blkcipher_desc *desc,
struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm);
struct blkcipher_walk walk;
+ if (!nbytes)
+ return -EINVAL;
+
if (unlikely(!xts_ctx->fc))
return xts_fallback_encrypt(desc, dst, src, nbytes);
@@ -600,6 +603,9 @@ static int xts_aes_decrypt(struct blkcipher_desc *desc,
struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm);
struct blkcipher_walk walk;
+ if (!nbytes)
+ return -EINVAL;
+
if (unlikely(!xts_ctx->fc))
return xts_fallback_decrypt(desc, dst, src, nbytes);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 181/313] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (178 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 180/313] s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 182/313] x86/cpu: Add Tiger Lake to Intel family Greg Kroah-Hartman
` (136 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiaxing Luo, John Garry,
Marc Zyngier, Sasha Levin
From: Marc Zyngier <maz@kernel.org>
[ Upstream commit c9c96e30ecaa0aafa225aa1a5392cb7db17c7a82 ]
When allocating a range of LPIs for a Multi-MSI capable device,
this allocation extended to the closest power of 2.
But on the release path, the interrupts are released one by
one. This results in not releasing the "extra" range, leaking
the its_device. Trying to reprobe the device will then fail.
Fix it by releasing the LPIs the same way we allocate them.
Fixes: 8208d1708b88 ("irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size")
Reported-by: Jiaxing Luo <luojiaxing@huawei.com>
Tested-by: John Garry <john.garry@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/f5e948aa-e32f-3f74-ae30-31fee06c2a74@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-gic-v3-its.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
index 20e5482d91b94..fca8b90028522 100644
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -2641,14 +2641,13 @@ static void its_irq_domain_free(struct irq_domain *domain, unsigned int virq,
struct its_node *its = its_dev->its;
int i;
+ bitmap_release_region(its_dev->event_map.lpi_map,
+ its_get_event_id(irq_domain_get_irq_data(domain, virq)),
+ get_count_order(nr_irqs));
+
for (i = 0; i < nr_irqs; i++) {
struct irq_data *data = irq_domain_get_irq_data(domain,
virq + i);
- u32 event = its_get_event_id(data);
-
- /* Mark interrupt index as unused */
- clear_bit(event, its_dev->event_map.lpi_map);
-
/* Nuke the entry in the domain */
irq_domain_reset_irq_data(data);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 182/313] x86/cpu: Add Tiger Lake to Intel family
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (179 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 181/313] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 183/313] platform/x86: intel_pmc_core: Do not ioremap RAM Greg Kroah-Hartman
` (135 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Luck, Gayatri Kammela,
Linus Torvalds, Peter Zijlstra, Rahul Tanwar, Thomas Gleixner,
Ingo Molnar, Sasha Levin
From: Gayatri Kammela <gayatri.kammela@intel.com>
[ Upstream commit 6e1c32c5dbb4b90eea8f964c2869d0bde050dbe0 ]
Add the model numbers/CPUIDs of Tiger Lake mobile and desktop to the
Intel family.
Suggested-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Gayatri Kammela <gayatri.kammela@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rahul Tanwar <rahul.tanwar@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190905193020.14707-2-tony.luck@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/intel-family.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h
index f60ddd655c787..82a57d344b9bc 100644
--- a/arch/x86/include/asm/intel-family.h
+++ b/arch/x86/include/asm/intel-family.h
@@ -58,6 +58,9 @@
#define INTEL_FAM6_ICELAKE_MOBILE 0x7E
#define INTEL_FAM6_ICELAKE_NNPI 0x9D
+#define INTEL_FAM6_TIGERLAKE_L 0x8C
+#define INTEL_FAM6_TIGERLAKE 0x8D
+
/* "Small Core" Processors (Atom) */
#define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 183/313] platform/x86: intel_pmc_core: Do not ioremap RAM
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (180 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 182/313] x86/cpu: Add Tiger Lake to Intel family Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 184/313] SoC: simple-card-utils: set 0Hz to sysclk when shutdown Greg Kroah-Hartman
` (134 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, M. Vefa Bicakci, Andy Shevchenko,
Sasha Levin
From: M. Vefa Bicakci <m.v.b@runbox.com>
[ Upstream commit 7d505758b1e556cdf65a5e451744fe0ae8063d17 ]
On a Xen-based PVH virtual machine with more than 4 GiB of RAM,
intel_pmc_core fails initialization with the following warning message
from the kernel, indicating that the driver is attempting to ioremap
RAM:
ioremap on RAM at 0x00000000fe000000 - 0x00000000fe001fff
WARNING: CPU: 1 PID: 434 at arch/x86/mm/ioremap.c:186 __ioremap_caller.constprop.0+0x2aa/0x2c0
...
Call Trace:
? pmc_core_probe+0x87/0x2d0 [intel_pmc_core]
pmc_core_probe+0x87/0x2d0 [intel_pmc_core]
This issue appears to manifest itself because of the following fallback
mechanism in the driver:
if (lpit_read_residency_count_address(&slp_s0_addr))
pmcdev->base_addr = PMC_BASE_ADDR_DEFAULT;
The validity of address PMC_BASE_ADDR_DEFAULT (i.e., 0xFE000000) is not
verified by the driver, which is what this patch introduces. With this
patch, if address PMC_BASE_ADDR_DEFAULT is in RAM, then the driver will
not attempt to ioremap the aforementioned address.
Signed-off-by: M. Vefa Bicakci <m.v.b@runbox.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel_pmc_core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/intel_pmc_core.c b/drivers/platform/x86/intel_pmc_core.c
index be6cda89dcf5b..01a530e2f8017 100644
--- a/drivers/platform/x86/intel_pmc_core.c
+++ b/drivers/platform/x86/intel_pmc_core.c
@@ -882,10 +882,14 @@ static int pmc_core_probe(struct platform_device *pdev)
if (pmcdev->map == &spt_reg_map && !pci_dev_present(pmc_pci_ids))
pmcdev->map = &cnp_reg_map;
- if (lpit_read_residency_count_address(&slp_s0_addr))
+ if (lpit_read_residency_count_address(&slp_s0_addr)) {
pmcdev->base_addr = PMC_BASE_ADDR_DEFAULT;
- else
+
+ if (page_is_ram(PHYS_PFN(pmcdev->base_addr)))
+ return -ENODEV;
+ } else {
pmcdev->base_addr = slp_s0_addr - pmcdev->map->slp_s0_offset;
+ }
pmcdev->regbase = ioremap(pmcdev->base_addr,
pmcdev->map->regmap_length);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 184/313] SoC: simple-card-utils: set 0Hz to sysclk when shutdown
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (181 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 183/313] platform/x86: intel_pmc_core: Do not ioremap RAM Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 185/313] ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set Greg Kroah-Hartman
` (133 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Katsuhiro Suzuki, Mark Brown, Sasha Levin
From: Katsuhiro Suzuki <katsuhiro@katsuster.net>
[ Upstream commit 2458adb8f92ad4d07ef7ab27c5bafa1d3f4678d6 ]
This patch set 0Hz to sysclk when shutdown the card.
Some codecs set rate constraints that derives from sysclk. This
mechanism works correctly if machine drivers give fixed frequency.
But simple-audio and audio-graph card set variable clock rate if
'mclk-fs' property exists. In this case, rate constraints will go
bad scenario. For example a codec accepts three limited rates
(mclk / 256, mclk / 384, mclk / 512).
Bad scenario as follows (mclk-fs = 256):
- Initialize sysclk by correct value (Ex. 12.288MHz)
- Codec set constraints of PCM rate by sysclk
48kHz (1/256), 32kHz (1/384), 24kHz (1/512)
- Play 48kHz sound, it's acceptable
- Sysclk is not changed
- Play 32kHz sound, it's acceptable
- Set sysclk to 8.192MHz (= fs * mclk-fs = 32k * 256)
- Codec set constraints of PCM rate by sysclk
32kHz (1/256), 21.33kHz (1/384), 16kHz (1/512)
- Play 48kHz again, but it's NOT acceptable because constraints
do not allow 48kHz
So codecs treat 0Hz sysclk as signal of applying no constraints to
avoid this problem.
Signed-off-by: Katsuhiro Suzuki <katsuhiro@katsuster.net>
Link: https://lore.kernel.org/r/20190907174501.19833-1-katsuhiro@katsuster.net
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/generic/simple-card-utils.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/generic/simple-card-utils.c b/sound/soc/generic/simple-card-utils.c
index f4c6375d11c7a..ef1adf87cbc8b 100644
--- a/sound/soc/generic/simple-card-utils.c
+++ b/sound/soc/generic/simple-card-utils.c
@@ -224,10 +224,17 @@ EXPORT_SYMBOL_GPL(asoc_simple_startup);
void asoc_simple_shutdown(struct snd_pcm_substream *substream)
{
struct snd_soc_pcm_runtime *rtd = substream->private_data;
+ struct snd_soc_dai *codec_dai = rtd->codec_dai;
+ struct snd_soc_dai *cpu_dai = rtd->cpu_dai;
struct asoc_simple_priv *priv = snd_soc_card_get_drvdata(rtd->card);
struct simple_dai_props *dai_props =
simple_priv_to_props(priv, rtd->num);
+ if (dai_props->mclk_fs) {
+ snd_soc_dai_set_sysclk(codec_dai, 0, 0, SND_SOC_CLOCK_IN);
+ snd_soc_dai_set_sysclk(cpu_dai, 0, 0, SND_SOC_CLOCK_OUT);
+ }
+
asoc_simple_clk_disable(dai_props->cpu_dai);
asoc_simple_clk_disable(dai_props->codec_dai);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 185/313] ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (182 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 184/313] SoC: simple-card-utils: set 0Hz to sysclk when shutdown Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 186/313] io_uring: fix wrong sequence setting logic Greg Kroah-Hartman
` (132 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Ujfalusi, Arthur She,
Mark Brown, Sasha Levin
From: Peter Ujfalusi <peter.ujfalusi@ti.com>
[ Upstream commit 2ec42f3147e1610716f184b02e65d7f493eed925 ]
Some tools use the snd_pcm_info_get_name() to try to identify PCMs or for
other purposes.
Currently it is left empty with the dmaengine-pcm, in this case copy the
pcm->id string as pcm->name.
For example IGT is using this to find the HDMI PCM for testing audio on it.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reported-by: Arthur She <arthur.she@linaro.org>
Link: https://lore.kernel.org/r/20190906055524.7393-1-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-generic-dmaengine-pcm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sound/soc/soc-generic-dmaengine-pcm.c b/sound/soc/soc-generic-dmaengine-pcm.c
index 748f5f641002e..d93db2c2b5270 100644
--- a/sound/soc/soc-generic-dmaengine-pcm.c
+++ b/sound/soc/soc-generic-dmaengine-pcm.c
@@ -306,6 +306,12 @@ static int dmaengine_pcm_new(struct snd_soc_pcm_runtime *rtd)
if (!dmaengine_pcm_can_report_residue(dev, pcm->chan[i]))
pcm->flags |= SND_DMAENGINE_PCM_FLAG_NO_RESIDUE;
+
+ if (rtd->pcm->streams[i].pcm->name[0] == '\0') {
+ strncpy(rtd->pcm->streams[i].pcm->name,
+ rtd->pcm->streams[i].pcm->id,
+ sizeof(rtd->pcm->streams[i].pcm->name));
+ }
}
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 186/313] io_uring: fix wrong sequence setting logic
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (183 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 185/313] ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 187/313] block: make rq sector size accessible for block stats Greg Kroah-Hartman
` (131 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jackie Liu, Jens Axboe, Sasha Levin
From: Jackie Liu <liuyun01@kylinos.cn>
[ Upstream commit 8776f3fa15a5cd213c4dfab7ddaf557983374ea6 ]
Sqo_thread will get sqring in batches, which will cause
ctx->cached_sq_head to be added in batches. if one of these
sqes is set with the DRAIN flag, then he will never get a
chance to process, and finally sqo_thread will not exit.
Fixes: de0617e4671 ("io_uring: add support for marking commands as draining")
Signed-off-by: Jackie Liu <liuyun01@kylinos.cn>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/io_uring.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index 03cd8f5bba850..701936f2bde39 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -288,6 +288,7 @@ struct io_ring_ctx {
struct sqe_submit {
const struct io_uring_sqe *sqe;
unsigned short index;
+ u32 sequence;
bool has_user;
bool needs_lock;
bool needs_fixed_file;
@@ -1894,7 +1895,7 @@ static int io_req_set_file(struct io_ring_ctx *ctx, const struct sqe_submit *s,
if (flags & IOSQE_IO_DRAIN) {
req->flags |= REQ_F_IO_DRAIN;
- req->sequence = ctx->cached_sq_head - 1;
+ req->sequence = s->sequence;
}
if (!io_op_needs_file(s->sqe))
@@ -2050,6 +2051,7 @@ static bool io_get_sqring(struct io_ring_ctx *ctx, struct sqe_submit *s)
if (head < ctx->sq_entries) {
s->index = head;
s->sqe = &ctx->sq_sqes[head];
+ s->sequence = ctx->cached_sq_head;
ctx->cached_sq_head++;
return true;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 187/313] block: make rq sector size accessible for block stats
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (184 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 186/313] io_uring: fix wrong sequence setting logic Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 188/313] raid5: dont set STRIPE_HANDLE to stripe which is in batch list Greg Kroah-Hartman
` (130 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Begunkov, Hou Tao, Jens Axboe,
Sasha Levin
From: Hou Tao <houtao1@huawei.com>
[ Upstream commit 3d24430694077313c75c6b89f618db09943621e4 ]
Currently rq->data_len will be decreased by partial completion or
zeroed by completion, so when blk_stat_add() is invoked, data_len
will be zero and there will never be samples in poll_cb because
blk_mq_poll_stats_bkt() will return -1 if data_len is zero.
We could move blk_stat_add() back to __blk_mq_complete_request(),
but that would make the effort of trying to call ktime_get_ns()
once in vain. Instead we can reuse throtl_size field, and use
it for both block stats and block throttle, and adjust the
logic in blk_mq_poll_stats_bkt() accordingly.
Fixes: 4bc6339a583c ("block: move blk_stat_add() to __blk_mq_end_request()")
Tested-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 11 +++++------
block/blk-throttle.c | 3 ++-
include/linux/blkdev.h | 15 ++++++++++++---
3 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index f934e8afe5b43..af93ca28ce4f0 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -44,12 +44,12 @@ static void blk_mq_poll_stats_fn(struct blk_stat_callback *cb);
static int blk_mq_poll_stats_bkt(const struct request *rq)
{
- int ddir, bytes, bucket;
+ int ddir, sectors, bucket;
ddir = rq_data_dir(rq);
- bytes = blk_rq_bytes(rq);
+ sectors = blk_rq_stats_sectors(rq);
- bucket = ddir + 2*(ilog2(bytes) - 9);
+ bucket = ddir + 2 * ilog2(sectors);
if (bucket < 0)
return -1;
@@ -330,6 +330,7 @@ static struct request *blk_mq_rq_ctx_init(struct blk_mq_alloc_data *data,
else
rq->start_time_ns = 0;
rq->io_start_time_ns = 0;
+ rq->stats_sectors = 0;
rq->nr_phys_segments = 0;
#if defined(CONFIG_BLK_DEV_INTEGRITY)
rq->nr_integrity_segments = 0;
@@ -679,9 +680,7 @@ void blk_mq_start_request(struct request *rq)
if (test_bit(QUEUE_FLAG_STATS, &q->queue_flags)) {
rq->io_start_time_ns = ktime_get_ns();
-#ifdef CONFIG_BLK_DEV_THROTTLING_LOW
- rq->throtl_size = blk_rq_sectors(rq);
-#endif
+ rq->stats_sectors = blk_rq_sectors(rq);
rq->rq_flags |= RQF_STATS;
rq_qos_issue(q, rq);
}
diff --git a/block/blk-throttle.c b/block/blk-throttle.c
index 8ab6c81532236..ee74bffe3504d 100644
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -2246,7 +2246,8 @@ void blk_throtl_stat_add(struct request *rq, u64 time_ns)
struct request_queue *q = rq->q;
struct throtl_data *td = q->td;
- throtl_track_latency(td, rq->throtl_size, req_op(rq), time_ns >> 10);
+ throtl_track_latency(td, blk_rq_stats_sectors(rq), req_op(rq),
+ time_ns >> 10);
}
void blk_throtl_bio_endio(struct bio *bio)
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 93baef66b9424..4c6754e536725 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -202,9 +202,12 @@ struct request {
#ifdef CONFIG_BLK_WBT
unsigned short wbt_flags;
#endif
-#ifdef CONFIG_BLK_DEV_THROTTLING_LOW
- unsigned short throtl_size;
-#endif
+ /*
+ * rq sectors used for blk stats. It has the same value
+ * with blk_rq_sectors(rq), except that it never be zeroed
+ * by completion.
+ */
+ unsigned short stats_sectors;
/*
* Number of scatter-gather DMA addr+len pairs after
@@ -902,6 +905,7 @@ static inline struct request_queue *bdev_get_queue(struct block_device *bdev)
* blk_rq_err_bytes() : bytes left till the next error boundary
* blk_rq_sectors() : sectors left in the entire request
* blk_rq_cur_sectors() : sectors left in the current segment
+ * blk_rq_stats_sectors() : sectors of the entire request used for stats
*/
static inline sector_t blk_rq_pos(const struct request *rq)
{
@@ -930,6 +934,11 @@ static inline unsigned int blk_rq_cur_sectors(const struct request *rq)
return blk_rq_cur_bytes(rq) >> SECTOR_SHIFT;
}
+static inline unsigned int blk_rq_stats_sectors(const struct request *rq)
+{
+ return rq->stats_sectors;
+}
+
#ifdef CONFIG_BLK_DEV_ZONED
static inline unsigned int blk_rq_zone_no(struct request *rq)
{
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 188/313] raid5: dont set STRIPE_HANDLE to stripe which is in batch list
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (185 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 187/313] block: make rq sector size accessible for block stats Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 189/313] mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD Greg Kroah-Hartman
` (129 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Song Liu, Sasha Levin
From: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
[ Upstream commit 6ce220dd2f8ea71d6afc29b9a7524c12e39f374a ]
If stripe in batch list is set with STRIPE_HANDLE flag, then the stripe
could be set with STRIPE_ACTIVE by the handle_stripe function. And if
error happens to the batch_head at the same time, break_stripe_batch_list
is called, then below warning could happen (the same report in [1]), it
means a member of batch list was set with STRIPE_ACTIVE.
[7028915.431770] stripe state: 2001
[7028915.431815] ------------[ cut here ]------------
[7028915.431828] WARNING: CPU: 18 PID: 29089 at drivers/md/raid5.c:4614 break_stripe_batch_list+0x203/0x240 [raid456]
[...]
[7028915.431879] CPU: 18 PID: 29089 Comm: kworker/u82:5 Tainted: G O 4.14.86-1-storage #4.14.86-1.2~deb9
[7028915.431881] Hardware name: Supermicro SSG-2028R-ACR24L/X10DRH-iT, BIOS 3.1 06/18/2018
[7028915.431888] Workqueue: raid5wq raid5_do_work [raid456]
[7028915.431890] task: ffff9ab0ef36d7c0 task.stack: ffffb72926f84000
[7028915.431896] RIP: 0010:break_stripe_batch_list+0x203/0x240 [raid456]
[7028915.431898] RSP: 0018:ffffb72926f87ba8 EFLAGS: 00010286
[7028915.431900] RAX: 0000000000000012 RBX: ffff9aaa84a98000 RCX: 0000000000000000
[7028915.431901] RDX: 0000000000000000 RSI: ffff9ab2bfa15458 RDI: ffff9ab2bfa15458
[7028915.431902] RBP: ffff9aaa8fb4e900 R08: 0000000000000001 R09: 0000000000002eb4
[7028915.431903] R10: 00000000ffffffff R11: 0000000000000000 R12: ffff9ab1736f1b00
[7028915.431904] R13: 0000000000000000 R14: ffff9aaa8fb4e900 R15: 0000000000000001
[7028915.431906] FS: 0000000000000000(0000) GS:ffff9ab2bfa00000(0000) knlGS:0000000000000000
[7028915.431907] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[7028915.431908] CR2: 00007ff953b9f5d8 CR3: 0000000bf4009002 CR4: 00000000003606e0
[7028915.431909] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[7028915.431910] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[7028915.431910] Call Trace:
[7028915.431923] handle_stripe+0x8e7/0x2020 [raid456]
[7028915.431930] ? __wake_up_common_lock+0x89/0xc0
[7028915.431935] handle_active_stripes.isra.58+0x35f/0x560 [raid456]
[7028915.431939] raid5_do_work+0xc6/0x1f0 [raid456]
Also commit 59fc630b8b5f9f ("RAID5: batch adjacent full stripe write")
said "If a stripe is added to batch list, then only the first stripe
of the list should be put to handle_list and run handle_stripe."
So don't set STRIPE_HANDLE to stripe which is already in batch list,
otherwise the stripe could be put to handle_list and run handle_stripe,
then the above warning could be triggered.
[1]. https://www.spinics.net/lists/raid/msg62552.html
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index da94cbaa1a9ed..8d2811e436b93 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -5719,7 +5719,8 @@ static bool raid5_make_request(struct mddev *mddev, struct bio * bi)
do_flush = false;
}
- set_bit(STRIPE_HANDLE, &sh->state);
+ if (!sh->batch_head)
+ set_bit(STRIPE_HANDLE, &sh->state);
clear_bit(STRIPE_DELAYED, &sh->state);
if ((!sh->batch_head || sh == sh->batch_head) &&
(bi->bi_opf & REQ_SYNC) &&
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 189/313] mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (186 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 188/313] raid5: dont set STRIPE_HANDLE to stripe which is in batch list Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 190/313] sched/psi: Correct overly pessimistic size calculation Greg Kroah-Hartman
` (128 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Kaehlcke, Ulf Hansson,
Douglas Anderson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 36d57efb4af534dd6b442ea0b9a04aa6dfa37abe ]
The sdio_irq_pending flag is used to let host drivers indicate that it has
signaled an IRQ. If that is the case and we only have a single SDIO func
that have claimed an SDIO IRQ, our assumption is that we can avoid reading
the SDIO_CCCR_INTx register and just call the SDIO func irq handler
immediately. This makes sense, but the flag is set/cleared in a somewhat
messy order, let's fix that up according to below.
First, the flag is currently set in sdio_run_irqs(), which is executed as a
work that was scheduled from sdio_signal_irq(). To make it more implicit
that the host have signaled an IRQ, let's instead immediately set the flag
in sdio_signal_irq(). This also makes the behavior consistent with host
drivers that uses the legacy, mmc_signal_sdio_irq() API. This have no
functional impact, because we don't expect host drivers to call
sdio_signal_irq() until after the work (sdio_run_irqs()) have been executed
anyways.
Second, currently we never clears the flag when using the sdio_run_irqs()
work, but only when using the sdio_irq_thread(). Let make the behavior
consistent, by moving the flag to be cleared inside the common
process_sdio_pending_irqs() function. Additionally, tweak the behavior of
the flag slightly, by avoiding to clear it unless we processed the SDIO
IRQ. The purpose with this at this point, is to keep the information about
whether there have been an SDIO IRQ signaled by the host, so at system
resume we can decide to process it without reading the SDIO_CCCR_INTx
register.
Tested-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/sdio_irq.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/mmc/core/sdio_irq.c b/drivers/mmc/core/sdio_irq.c
index 9f54a259a1b36..e4823ef0a0de9 100644
--- a/drivers/mmc/core/sdio_irq.c
+++ b/drivers/mmc/core/sdio_irq.c
@@ -31,6 +31,7 @@ static int process_sdio_pending_irqs(struct mmc_host *host)
{
struct mmc_card *card = host->card;
int i, ret, count;
+ bool sdio_irq_pending = host->sdio_irq_pending;
unsigned char pending;
struct sdio_func *func;
@@ -38,13 +39,16 @@ static int process_sdio_pending_irqs(struct mmc_host *host)
if (mmc_card_suspended(card))
return 0;
+ /* Clear the flag to indicate that we have processed the IRQ. */
+ host->sdio_irq_pending = false;
+
/*
* Optimization, if there is only 1 function interrupt registered
* and we know an IRQ was signaled then call irq handler directly.
* Otherwise do the full probe.
*/
func = card->sdio_single_irq;
- if (func && host->sdio_irq_pending) {
+ if (func && sdio_irq_pending) {
func->irq_handler(func);
return 1;
}
@@ -96,7 +100,6 @@ void sdio_run_irqs(struct mmc_host *host)
{
mmc_claim_host(host);
if (host->sdio_irqs) {
- host->sdio_irq_pending = true;
process_sdio_pending_irqs(host);
if (host->ops->ack_sdio_irq)
host->ops->ack_sdio_irq(host);
@@ -115,6 +118,7 @@ void sdio_irq_work(struct work_struct *work)
void sdio_signal_irq(struct mmc_host *host)
{
+ host->sdio_irq_pending = true;
queue_delayed_work(system_wq, &host->sdio_irq_work, 0);
}
EXPORT_SYMBOL_GPL(sdio_signal_irq);
@@ -160,7 +164,6 @@ static int sdio_irq_thread(void *_host)
if (ret)
break;
ret = process_sdio_pending_irqs(host);
- host->sdio_irq_pending = false;
mmc_release_host(host);
/*
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 190/313] sched/psi: Correct overly pessimistic size calculation
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (187 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 189/313] mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 191/313] mmc: sdhci: Fix incorrect switch to HS mode Greg Kroah-Hartman
` (127 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miles Chen, linux-mediatek,
wsd_upstream, Linus Torvalds, Peter Zijlstra, Thomas Gleixner,
Ingo Molnar, Sasha Levin
From: Miles Chen <miles.chen@mediatek.com>
[ Upstream commit 4adcdcea717cb2d8436bef00dd689aa5bc76f11b ]
When passing a equal or more then 32 bytes long string to psi_write(),
psi_write() copies 31 bytes to its buf and overwrites buf[30]
with '\0'. Which makes the input string 1 byte shorter than
it should be.
Fix it by copying sizeof(buf) bytes when nbytes >= sizeof(buf).
This does not cause problems in normal use case like:
"some 500000 10000000" or "full 500000 10000000" because they
are less than 32 bytes in length.
/* assuming nbytes == 35 */
char buf[32];
buf_size = min(nbytes, (sizeof(buf) - 1)); /* buf_size = 31 */
if (copy_from_user(buf, user_buf, buf_size))
return -EFAULT;
buf[buf_size - 1] = '\0'; /* buf[30] = '\0' */
Before:
%cd /proc/pressure/
%echo "123456789|123456789|123456789|1234" > memory
[ 22.473497] nbytes=35,buf_size=31
[ 22.473775] 123456789|123456789|123456789| (print 30 chars)
%sh: write error: Invalid argument
%echo "123456789|123456789|123456789|1" > memory
[ 64.916162] nbytes=32,buf_size=31
[ 64.916331] 123456789|123456789|123456789| (print 30 chars)
%sh: write error: Invalid argument
After:
%cd /proc/pressure/
%echo "123456789|123456789|123456789|1234" > memory
[ 254.837863] nbytes=35,buf_size=32
[ 254.838541] 123456789|123456789|123456789|1 (print 31 chars)
%sh: write error: Invalid argument
%echo "123456789|123456789|123456789|1" > memory
[ 9965.714935] nbytes=32,buf_size=32
[ 9965.715096] 123456789|123456789|123456789|1 (print 31 chars)
%sh: write error: Invalid argument
Also remove the superfluous parentheses.
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Cc: <linux-mediatek@lists.infradead.org>
Cc: <wsd_upstream@mediatek.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190912103452.13281-1-miles.chen@mediatek.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/psi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c
index 6e52b67b420e7..517e3719027e6 100644
--- a/kernel/sched/psi.c
+++ b/kernel/sched/psi.c
@@ -1198,7 +1198,7 @@ static ssize_t psi_write(struct file *file, const char __user *user_buf,
if (static_branch_likely(&psi_disabled))
return -EOPNOTSUPP;
- buf_size = min(nbytes, (sizeof(buf) - 1));
+ buf_size = min(nbytes, sizeof(buf));
if (copy_from_user(buf, user_buf, buf_size))
return -EFAULT;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 191/313] mmc: sdhci: Fix incorrect switch to HS mode
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (188 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 190/313] sched/psi: Correct overly pessimistic size calculation Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 192/313] mmc: core: Add helper function to indicate if SDIO IRQs is enabled Greg Kroah-Hartman
` (126 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Al Cooper,
Ulf Hansson, Sasha Levin
From: Al Cooper <alcooperx@gmail.com>
[ Upstream commit c894e33ddc1910e14d6f2a2016f60ab613fd8b37 ]
When switching from any MMC speed mode that requires 1.8v
(HS200, HS400 and HS400ES) to High Speed (HS) mode, the system
ends up configured for SDR12 with a 50MHz clock which is an illegal
mode.
This happens because the SDHCI_CTRL_VDD_180 bit in the
SDHCI_HOST_CONTROL2 register is left set and when this bit is
set, the speed mode is controlled by the SDHCI_CTRL_UHS field
in the SDHCI_HOST_CONTROL2 register. The SDHCI_CTRL_UHS field
will end up being set to 0 (SDR12) by sdhci_set_uhs_signaling()
because there is no UHS mode being set.
The fix is to change sdhci_set_uhs_signaling() to set the
SDHCI_CTRL_UHS field to SDR25 (which is the same as HS) for
any switch to HS mode.
This was found on a new eMMC controller that does strict checking
of the speed mode and the corresponding clock rate. It caused the
switch to HS400 mode to fail because part of the sequence to switch
to HS400 requires a switch from HS200 to HS before going to HS400.
Suggested-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Al Cooper <alcooperx@gmail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c
index a5dc5aae973e6..c66e66fbaeb40 100644
--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -1849,7 +1849,9 @@ void sdhci_set_uhs_signaling(struct sdhci_host *host, unsigned timing)
ctrl_2 |= SDHCI_CTRL_UHS_SDR104;
else if (timing == MMC_TIMING_UHS_SDR12)
ctrl_2 |= SDHCI_CTRL_UHS_SDR12;
- else if (timing == MMC_TIMING_UHS_SDR25)
+ else if (timing == MMC_TIMING_SD_HS ||
+ timing == MMC_TIMING_MMC_HS ||
+ timing == MMC_TIMING_UHS_SDR25)
ctrl_2 |= SDHCI_CTRL_UHS_SDR25;
else if (timing == MMC_TIMING_UHS_SDR50)
ctrl_2 |= SDHCI_CTRL_UHS_SDR50;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 192/313] mmc: core: Add helper function to indicate if SDIO IRQs is enabled
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (189 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 191/313] mmc: sdhci: Fix incorrect switch to HS mode Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 193/313] mmc: dw_mmc: Re-store SDIO IRQs mask at system resume Greg Kroah-Hartman
` (125 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Kaehlcke, Ulf Hansson,
Douglas Anderson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit bd880b00697befb73eff7220ee20bdae4fdd487b ]
To avoid each host driver supporting SDIO IRQs, from keeping track
internally about if SDIO IRQs has been claimed, let's introduce a common
helper function, sdio_irq_claimed().
The function returns true if SDIO IRQs are claimed, via using the
information about the number of claimed irqs. This is safe, even without
any locks, as long as the helper function is called only from
runtime/system suspend callbacks of the host driver.
Tested-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/mmc/host.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h
index 7ac3755444d3d..56a8ad506072c 100644
--- a/include/linux/mmc/host.h
+++ b/include/linux/mmc/host.h
@@ -493,6 +493,15 @@ void mmc_command_done(struct mmc_host *host, struct mmc_request *mrq);
void mmc_cqe_request_done(struct mmc_host *host, struct mmc_request *mrq);
+/*
+ * May be called from host driver's system/runtime suspend/resume callbacks,
+ * to know if SDIO IRQs has been claimed.
+ */
+static inline bool sdio_irq_claimed(struct mmc_host *host)
+{
+ return host->sdio_irqs > 0;
+}
+
static inline void mmc_signal_sdio_irq(struct mmc_host *host)
{
host->ops->enable_sdio_irq(host, 0);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 193/313] mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (190 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 192/313] mmc: core: Add helper function to indicate if SDIO IRQs is enabled Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 194/313] raid5: dont increment read_errors on EILSEQ return Greg Kroah-Hartman
` (124 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Kaehlcke, Ulf Hansson,
Douglas Anderson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 7c526608d5afb62cbc967225e2ccaacfdd142e9d ]
In cases when SDIO IRQs have been enabled, runtime suspend is prevented by
the driver. However, this still means dw_mci_runtime_suspend|resume() gets
called during system suspend/resume, via pm_runtime_force_suspend|resume().
This means during system suspend/resume, the register context of the dw_mmc
device most likely loses its register context, even in cases when SDIO IRQs
have been enabled.
To re-enable the SDIO IRQs during system resume, the dw_mmc driver
currently relies on the mmc core to re-enable the SDIO IRQs when it resumes
the SDIO card, but this isn't the recommended solution. Instead, it's
better to deal with this locally in the dw_mmc driver, so let's do that.
Tested-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/dw_mmc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
index 60c3a06e3469a..45c3490546839 100644
--- a/drivers/mmc/host/dw_mmc.c
+++ b/drivers/mmc/host/dw_mmc.c
@@ -3482,6 +3482,10 @@ int dw_mci_runtime_resume(struct device *dev)
/* Force setup bus to guarantee available clock output */
dw_mci_setup_bus(host->slot, true);
+ /* Re-enable SDIO interrupts. */
+ if (sdio_irq_claimed(host->slot->mmc))
+ __dw_mci_enable_sdio_irq(host->slot, 1);
+
/* Now that slots are all setup, we can enable card detect */
dw_mci_enable_cd(host);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 194/313] raid5: dont increment read_errors on EILSEQ return
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (191 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 193/313] mmc: dw_mmc: Re-store SDIO IRQs mask at system resume Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 195/313] mmc: mtk-sd: Re-store SDIO IRQs mask at system resume Greg Kroah-Hartman
` (123 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nigel Croxon, Song Liu, Sasha Levin
From: Nigel Croxon <ncroxon@redhat.com>
[ Upstream commit b76b4715eba0d0ed574f58918b29c1b2f0fa37a8 ]
While MD continues to count read errors returned by the lower layer.
If those errors are -EILSEQ, instead of -EIO, it should NOT increase
the read_errors count.
When RAID6 is set up on dm-integrity target that detects massive
corruption, the leg will be ejected from the array. Even if the
issue is correctable with a sector re-write and the array has
necessary redundancy to correct it.
The leg is ejected because it runs up the rdev->read_errors beyond
conf->max_nr_stripes. The return status in dm-drypt when there is
a data integrity error is -EILSEQ (BLK_STS_PROTECTION).
Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 8d2811e436b93..f04e867b38211 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2526,7 +2526,8 @@ static void raid5_end_read_request(struct bio * bi)
int set_bad = 0;
clear_bit(R5_UPTODATE, &sh->dev[i].flags);
- atomic_inc(&rdev->read_errors);
+ if (!(bi->bi_status == BLK_STS_PROTECTION))
+ atomic_inc(&rdev->read_errors);
if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
pr_warn_ratelimited(
"md/raid:%s: read error on replacement device (sector %llu on %s).\n",
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 195/313] mmc: mtk-sd: Re-store SDIO IRQs mask at system resume
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (192 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 194/313] raid5: dont increment read_errors on EILSEQ return Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 196/313] libertas: Add missing sentinel at end of if_usb.c fw_table Greg Kroah-Hartman
` (122 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 1c81d69d4c98aab56c5a7d5a810f84aefdb37e9b ]
In cases when SDIO IRQs have been enabled, runtime suspend is prevented by
the driver. However, this still means msdc_runtime_suspend|resume() gets
called during system suspend/resume, via pm_runtime_force_suspend|resume().
This means during system suspend/resume, the register context of the mtk-sd
device most likely loses its register context, even in cases when SDIO IRQs
have been enabled.
To re-enable the SDIO IRQs during system resume, the mtk-sd driver
currently relies on the mmc core to re-enable the SDIO IRQs when it resumes
the SDIO card, but this isn't the recommended solution. Instead, it's
better to deal with this locally in the mtk-sd driver, so let's do that.
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/mtk-sd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c
index 33f4b6387ef71..978c8ccce7e31 100644
--- a/drivers/mmc/host/mtk-sd.c
+++ b/drivers/mmc/host/mtk-sd.c
@@ -2421,6 +2421,9 @@ static void msdc_restore_reg(struct msdc_host *host)
} else {
writel(host->save_para.pad_tune, host->base + tune_reg);
}
+
+ if (sdio_irq_claimed(host->mmc))
+ __msdc_enable_sdio_irq(host, 1);
}
static int msdc_runtime_suspend(struct device *dev)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 196/313] libertas: Add missing sentinel at end of if_usb.c fw_table
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (193 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 195/313] mmc: mtk-sd: Re-store SDIO IRQs mask at system resume Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 197/313] e1000e: add workaround for possible stalled packet Greg Kroah-Hartman
` (121 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Easton, Kalle Valo,
Sasha Levin, syzbot+98156c174c5a2cad9f8f
From: Kevin Easton <kevin@guarana.org>
[ Upstream commit 764f3f1ecffc434096e0a2b02f1a6cc964a89df6 ]
This sentinel tells the firmware loading process when to stop.
Reported-and-tested-by: syzbot+98156c174c5a2cad9f8f@syzkaller.appspotmail.com
Signed-off-by: Kevin Easton <kevin@guarana.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/libertas/if_usb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/libertas/if_usb.c b/drivers/net/wireless/marvell/libertas/if_usb.c
index f1622f0ff8c9e..fe3142d85d1e4 100644
--- a/drivers/net/wireless/marvell/libertas/if_usb.c
+++ b/drivers/net/wireless/marvell/libertas/if_usb.c
@@ -50,7 +50,8 @@ static const struct lbs_fw_table fw_table[] = {
{ MODEL_8388, "libertas/usb8388_v5.bin", NULL },
{ MODEL_8388, "libertas/usb8388.bin", NULL },
{ MODEL_8388, "usb8388.bin", NULL },
- { MODEL_8682, "libertas/usb8682.bin", NULL }
+ { MODEL_8682, "libertas/usb8682.bin", NULL },
+ { 0, NULL, NULL }
};
static const struct usb_device_id if_usb_table[] = {
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 197/313] e1000e: add workaround for possible stalled packet
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (194 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 196/313] libertas: Add missing sentinel at end of if_usb.c fw_table Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 198/313] ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker Greg Kroah-Hartman
` (120 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Aaron Brown,
Jeff Kirsher, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit e5e9a2ecfe780975820e157b922edee715710b66 ]
This works around a possible stalled packet issue, which may occur due to
clock recovery from the PCH being too slow, when the LAN is transitioning
from K1 at 1G link speed.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204057
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/e1000e/ich8lan.c | 10 ++++++++++
drivers/net/ethernet/intel/e1000e/ich8lan.h | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c
index cdae0efde8e64..7998a73b6a0fa 100644
--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c
+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c
@@ -1429,6 +1429,16 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
else
phy_reg |= 0xFA;
e1e_wphy_locked(hw, I217_PLL_CLOCK_GATE_REG, phy_reg);
+
+ if (speed == SPEED_1000) {
+ hw->phy.ops.read_reg_locked(hw, HV_PM_CTRL,
+ &phy_reg);
+
+ phy_reg |= HV_PM_CTRL_K1_CLK_REQ;
+
+ hw->phy.ops.write_reg_locked(hw, HV_PM_CTRL,
+ phy_reg);
+ }
}
hw->phy.ops.release(hw);
diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.h b/drivers/net/ethernet/intel/e1000e/ich8lan.h
index eb09c755fa172..1502895eb45dd 100644
--- a/drivers/net/ethernet/intel/e1000e/ich8lan.h
+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.h
@@ -210,7 +210,7 @@
/* PHY Power Management Control */
#define HV_PM_CTRL PHY_REG(770, 17)
-#define HV_PM_CTRL_PLL_STOP_IN_K1_GIGA 0x100
+#define HV_PM_CTRL_K1_CLK_REQ 0x200
#define HV_PM_CTRL_K1_ENABLE 0x4000
#define I217_PLL_CLOCK_GATE_REG PHY_REG(772, 28)
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 198/313] ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (195 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 197/313] e1000e: add workaround for possible stalled packet Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 199/313] ALSA: hda - Drop unsol event handler for Intel HDMI codecs Greg Kroah-Hartman
` (119 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomas Espeleta, Takashi Iwai, Sasha Levin
From: Tomas Espeleta <tomas.espeleta@gmail.com>
[ Upstream commit a2ef03fe617a8365fb7794531b11ba587509a9b9 ]
[ This is rather a revival of the patch Tomas sent in months ago, but
applying only with the quirk model option -- tiwai ]
Hard coded coefficients to make Huawuei Matebook X right speaker
work. The Matebook X has a ALC298, please refer to bug 197801 on
how these numbers were reverse engineered from the Windows driver
The reversed engineered sequence represents a repeating pattern
of verbs, and the only values that are changing periodically are
written on indexes 0x23 and 0x25:
0x500, 0x23
0x400, VALUE1
0x500, 0x25
0x400, VALUE2
* skipped reading sequences (0x500 - 0xc00 sequences are ignored)
* static values from reverse engineering are used
NOTE: since a significant risk is still considered, this is provided
as an experimental fix that isn't applied as default for now. For
enabling the fix, you'll have to choose huawei-mbx-stereo via model
option of snd-hda-intel module.
If we get feedback from users that this works stably, we may apply it
per default.
[ Some coding style fixes and replacement with AC_VERB_* by tiwai ]
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=197801
Signed-off-by: Tomas Espeleta <tomas.espeleta@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/sound/hd-audio/models.rst | 3 +
sound/pci/hda/patch_realtek.c | 74 +++++++++++++++++++++++++
2 files changed, 77 insertions(+)
diff --git a/Documentation/sound/hd-audio/models.rst b/Documentation/sound/hd-audio/models.rst
index 7d7c191102a73..11298f0ce44db 100644
--- a/Documentation/sound/hd-audio/models.rst
+++ b/Documentation/sound/hd-audio/models.rst
@@ -260,6 +260,9 @@ alc295-hp-x360
HP Spectre X360 fixups
alc-sense-combo
Headset button support for Chrome platform
+huawei-mbx-stereo
+ Enable initialization verbs for Huawei MBX stereo speakers;
+ might be risky, try this at your own risk
ALC66x/67x/892
==============
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index c1ddfd2fac522..1bec62720374d 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -3755,6 +3755,72 @@ static void alc269_x101_hp_automute_hook(struct hda_codec *codec,
vref);
}
+/*
+ * Magic sequence to make Huawei Matebook X right speaker working (bko#197801)
+ */
+struct hda_alc298_mbxinit {
+ unsigned char value_0x23;
+ unsigned char value_0x25;
+};
+
+static void alc298_huawei_mbx_stereo_seq(struct hda_codec *codec,
+ const struct hda_alc298_mbxinit *initval,
+ bool first)
+{
+ snd_hda_codec_write(codec, 0x06, 0, AC_VERB_SET_DIGI_CONVERT_3, 0x0);
+ alc_write_coef_idx(codec, 0x26, 0xb000);
+
+ if (first)
+ snd_hda_codec_write(codec, 0x21, 0, AC_VERB_GET_PIN_SENSE, 0x0);
+
+ snd_hda_codec_write(codec, 0x6, 0, AC_VERB_SET_DIGI_CONVERT_3, 0x80);
+ alc_write_coef_idx(codec, 0x26, 0xf000);
+ alc_write_coef_idx(codec, 0x23, initval->value_0x23);
+
+ if (initval->value_0x23 != 0x1e)
+ alc_write_coef_idx(codec, 0x25, initval->value_0x25);
+
+ snd_hda_codec_write(codec, 0x20, 0, AC_VERB_SET_COEF_INDEX, 0x26);
+ snd_hda_codec_write(codec, 0x20, 0, AC_VERB_SET_PROC_COEF, 0xb010);
+}
+
+static void alc298_fixup_huawei_mbx_stereo(struct hda_codec *codec,
+ const struct hda_fixup *fix,
+ int action)
+{
+ /* Initialization magic */
+ static const struct hda_alc298_mbxinit dac_init[] = {
+ {0x0c, 0x00}, {0x0d, 0x00}, {0x0e, 0x00}, {0x0f, 0x00},
+ {0x10, 0x00}, {0x1a, 0x40}, {0x1b, 0x82}, {0x1c, 0x00},
+ {0x1d, 0x00}, {0x1e, 0x00}, {0x1f, 0x00},
+ {0x20, 0xc2}, {0x21, 0xc8}, {0x22, 0x26}, {0x23, 0x24},
+ {0x27, 0xff}, {0x28, 0xff}, {0x29, 0xff}, {0x2a, 0x8f},
+ {0x2b, 0x02}, {0x2c, 0x48}, {0x2d, 0x34}, {0x2e, 0x00},
+ {0x2f, 0x00},
+ {0x30, 0x00}, {0x31, 0x00}, {0x32, 0x00}, {0x33, 0x00},
+ {0x34, 0x00}, {0x35, 0x01}, {0x36, 0x93}, {0x37, 0x0c},
+ {0x38, 0x00}, {0x39, 0x00}, {0x3a, 0xf8}, {0x38, 0x80},
+ {}
+ };
+ const struct hda_alc298_mbxinit *seq;
+
+ if (action != HDA_FIXUP_ACT_INIT)
+ return;
+
+ /* Start */
+ snd_hda_codec_write(codec, 0x06, 0, AC_VERB_SET_DIGI_CONVERT_3, 0x00);
+ snd_hda_codec_write(codec, 0x06, 0, AC_VERB_SET_DIGI_CONVERT_3, 0x80);
+ alc_write_coef_idx(codec, 0x26, 0xf000);
+ alc_write_coef_idx(codec, 0x22, 0x31);
+ alc_write_coef_idx(codec, 0x23, 0x0b);
+ alc_write_coef_idx(codec, 0x25, 0x00);
+ snd_hda_codec_write(codec, 0x20, 0, AC_VERB_SET_COEF_INDEX, 0x26);
+ snd_hda_codec_write(codec, 0x20, 0, AC_VERB_SET_PROC_COEF, 0xb010);
+
+ for (seq = dac_init; seq->value_0x23; seq++)
+ alc298_huawei_mbx_stereo_seq(codec, seq, seq == dac_init);
+}
+
static void alc269_fixup_x101_headset_mic(struct hda_codec *codec,
const struct hda_fixup *fix, int action)
{
@@ -5780,6 +5846,7 @@ enum {
ALC255_FIXUP_DUMMY_LINEOUT_VERB,
ALC255_FIXUP_DELL_HEADSET_MIC,
ALC256_FIXUP_HUAWEI_MACH_WX9_PINS,
+ ALC298_FIXUP_HUAWEI_MBX_STEREO,
ALC295_FIXUP_HP_X360,
ALC221_FIXUP_HP_HEADSET_MIC,
ALC285_FIXUP_LENOVO_HEADPHONE_NOISE,
@@ -6089,6 +6156,12 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC255_FIXUP_MIC_MUTE_LED
},
+ [ALC298_FIXUP_HUAWEI_MBX_STEREO] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc298_fixup_huawei_mbx_stereo,
+ .chained = true,
+ .chain_id = ALC255_FIXUP_MIC_MUTE_LED
+ },
[ALC269_FIXUP_ASUS_X101_FUNC] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc269_fixup_x101_headset_mic,
@@ -7280,6 +7353,7 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
{.id = ALC225_FIXUP_HEADSET_JACK, .name = "alc-headset-jack"},
{.id = ALC295_FIXUP_CHROME_BOOK, .name = "alc-chrome-book"},
{.id = ALC299_FIXUP_PREDATOR_SPK, .name = "predator-spk"},
+ {.id = ALC298_FIXUP_HUAWEI_MBX_STEREO, .name = "huawei-mbx-stereo"},
{}
};
#define ALC225_STANDARD_PINS \
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 199/313] ALSA: hda - Drop unsol event handler for Intel HDMI codecs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (196 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 198/313] ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 200/313] drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) Greg Kroah-Hartman
` (118 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit f2dbe87c5ac1f88e6007ba1f1374f4bd8a197fb6 ]
We don't need to deal with the unsol events for Intel chips that are
tied with the graphics via audio component notifier. Although the
presence of the audio component is checked at the beginning of
hdmi_unsol_event(), better to short cut by dropping unsol_event ops.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=204565
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_hdmi.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
index e49c1c00f5ce1..ca0404edd939e 100644
--- a/sound/pci/hda/patch_hdmi.c
+++ b/sound/pci/hda/patch_hdmi.c
@@ -2611,6 +2611,8 @@ static void i915_pin_cvt_fixup(struct hda_codec *codec,
/* precondition and allocation for Intel codecs */
static int alloc_intel_hdmi(struct hda_codec *codec)
{
+ int err;
+
/* requires i915 binding */
if (!codec->bus->core.audio_component) {
codec_info(codec, "No i915 binding for Intel HDMI/DP codec\n");
@@ -2619,7 +2621,12 @@ static int alloc_intel_hdmi(struct hda_codec *codec)
return -ENODEV;
}
- return alloc_generic_hdmi(codec);
+ err = alloc_generic_hdmi(codec);
+ if (err < 0)
+ return err;
+ /* no need to handle unsol events */
+ codec->patch_ops.unsol_event = NULL;
+ return 0;
}
/* parse and post-process for Intel codecs */
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 200/313] drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (197 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 199/313] ALSA: hda - Drop unsol event handler for Intel HDMI codecs Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 201/313] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() Greg Kroah-Hartman
` (117 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Quan, Ahzo, Alex Deucher, Sasha Levin
From: Ahzo <Ahzo@tutanota.com>
[ Upstream commit f659bb6dae58c113805f92822e4c16ddd3156b79 ]
This fixes screen corruption/flickering on 75 Hz displays.
v2: make print statement debug only (Alex)
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=102646
Reviewed-by: Evan Quan <evan.quan@amd.com>
Signed-off-by: Ahzo <Ahzo@tutanota.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c
index 048757e8f4949..d1919d343cce4 100644
--- a/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c
+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c
@@ -4064,6 +4064,11 @@ static int smu7_program_display_gap(struct pp_hwmgr *hwmgr)
data->frame_time_x2 = frame_time_in_us * 2 / 100;
+ if (data->frame_time_x2 < 280) {
+ pr_debug("%s: enforce minimal VBITimeout: %d -> 280\n", __func__, data->frame_time_x2);
+ data->frame_time_x2 = 280;
+ }
+
display_gap2 = pre_vbi_time_in_us * (ref_clock / 100);
cgs_write_ind_register(hwmgr->device, CGS_IND_REG__SMC, ixCG_DISPLAY_GAP_CNTL2, display_gap2);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 201/313] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (198 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 200/313] drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) Greg Kroah-Hartman
@ 2019-10-03 15:52 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 202/313] drm: fix module name in edid_firmware log message Greg Kroah-Hartman
` (116 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:52 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomas Bortoli,
syzbot+0522702e9d67142379f1, Sean Young, Mauro Carvalho Chehab,
Sasha Levin
From: Tomas Bortoli <tomasbortoli@gmail.com>
[ Upstream commit a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 ]
The function at issue does not always initialize each byte allocated
for 'b' and can therefore leak uninitialized memory to a USB device in
the call to usb_bulk_msg()
Use kzalloc() instead of kmalloc()
Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+0522702e9d67142379f1@syzkaller.appspotmail.com
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/ttusb-dec/ttusb_dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/ttusb-dec/ttusb_dec.c b/drivers/media/usb/ttusb-dec/ttusb_dec.c
index 1d0afa340f47c..3198f9624b7c0 100644
--- a/drivers/media/usb/ttusb-dec/ttusb_dec.c
+++ b/drivers/media/usb/ttusb-dec/ttusb_dec.c
@@ -319,7 +319,7 @@ static int ttusb_dec_send_command(struct ttusb_dec *dec, const u8 command,
dprintk("%s\n", __func__);
- b = kmalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
+ b = kzalloc(COMMAND_PACKET_SIZE + 4, GFP_KERNEL);
if (!b)
return -ENOMEM;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 202/313] drm: fix module name in edid_firmware log message
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (199 preceding siblings ...)
2019-10-03 15:52 ` [PATCH 5.2 201/313] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 203/313] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 Greg Kroah-Hartman
` (115 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Göran Uddeborg, Daniel Vetter,
Jani Nikula, Sasha Levin
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit ade925995b172f1d7410d1c665b2f47c5e99bef0 ]
The module is drm_kms_helper, not drm_kms_firmware.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204549
Reported-by: Göran Uddeborg <goeran@uddeborg.se>
Fixes: ac6c35a4d8c7 ("drm: add backwards compatibility support for drm_kms_helper.edid_firmware")
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190821094312.5514-1-jani.nikula@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_kms_helper_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_kms_helper_common.c b/drivers/gpu/drm/drm_kms_helper_common.c
index 9c5ae825c5078..69917ecd4af67 100644
--- a/drivers/gpu/drm/drm_kms_helper_common.c
+++ b/drivers/gpu/drm/drm_kms_helper_common.c
@@ -39,7 +39,7 @@ MODULE_LICENSE("GPL and additional rights");
/* Backward compatibility for drm_kms_helper.edid_firmware */
static int edid_firmware_set(const char *val, const struct kernel_param *kp)
{
- DRM_NOTE("drm_kms_firmware.edid_firmware is deprecated, please use drm.edid_firmware instead.\n");
+ DRM_NOTE("drm_kms_helper.edid_firmware is deprecated, please use drm.edid_firmware instead.\n");
return __drm_set_edid_firmware_path(val);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 203/313] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (200 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 202/313] drm: fix module name in edid_firmware log message Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 204/313] iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems Greg Kroah-Hartman
` (114 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 051c78af14fcd74a22b5af45548ad9d588247cc7 ]
Lenovo ThinkCentre M73 and M93 don't seem to have a proper beep
although the driver tries to probe and set up blindly.
Blacklist these machines for suppressing the beep creation.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=204635
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 1bec62720374d..d223a79ac934f 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1058,6 +1058,9 @@ static const struct snd_pci_quirk beep_white_list[] = {
SND_PCI_QUIRK(0x1043, 0x834a, "EeePC", 1),
SND_PCI_QUIRK(0x1458, 0xa002, "GA-MA790X", 1),
SND_PCI_QUIRK(0x8086, 0xd613, "Intel", 1),
+ /* blacklist -- no beep available */
+ SND_PCI_QUIRK(0x17aa, 0x309e, "Lenovo ThinkCentre M73", 0),
+ SND_PCI_QUIRK(0x17aa, 0x30a3, "Lenovo ThinkCentre M93", 0),
{}
};
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 204/313] iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (201 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 203/313] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 205/313] zd1211rw: remove false assertion from zd_mac_clear() Greg Kroah-Hartman
` (113 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Kai-Heng Feng,
Joerg Roedel, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 93d051550ee02eaff9a2541d825605a7bd778027 ]
Raven Ridge systems may have malfunction touchpad or hang at boot if
incorrect IVRS IOAPIC is provided by BIOS.
Users already found correct "ivrs_ioapic=" values, let's put them inside
kernel to workaround buggy BIOS.
BugLink: https://bugs.launchpad.net/bugs/1795292
BugLink: https://bugs.launchpad.net/bugs/1837688
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/Makefile | 2 +-
drivers/iommu/amd_iommu.h | 14 +++++
drivers/iommu/amd_iommu_init.c | 5 +-
drivers/iommu/amd_iommu_quirks.c | 92 ++++++++++++++++++++++++++++++++
4 files changed, 111 insertions(+), 2 deletions(-)
create mode 100644 drivers/iommu/amd_iommu.h
create mode 100644 drivers/iommu/amd_iommu_quirks.c
diff --git a/drivers/iommu/Makefile b/drivers/iommu/Makefile
index 8c71a15e986b5..826a5bbe0d09b 100644
--- a/drivers/iommu/Makefile
+++ b/drivers/iommu/Makefile
@@ -10,7 +10,7 @@ obj-$(CONFIG_IOMMU_IO_PGTABLE_LPAE) += io-pgtable-arm.o
obj-$(CONFIG_IOMMU_IOVA) += iova.o
obj-$(CONFIG_OF_IOMMU) += of_iommu.o
obj-$(CONFIG_MSM_IOMMU) += msm_iommu.o
-obj-$(CONFIG_AMD_IOMMU) += amd_iommu.o amd_iommu_init.o
+obj-$(CONFIG_AMD_IOMMU) += amd_iommu.o amd_iommu_init.o amd_iommu_quirks.o
obj-$(CONFIG_AMD_IOMMU_DEBUGFS) += amd_iommu_debugfs.o
obj-$(CONFIG_AMD_IOMMU_V2) += amd_iommu_v2.o
obj-$(CONFIG_ARM_SMMU) += arm-smmu.o
diff --git a/drivers/iommu/amd_iommu.h b/drivers/iommu/amd_iommu.h
new file mode 100644
index 0000000000000..12d540d9b59b0
--- /dev/null
+++ b/drivers/iommu/amd_iommu.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+#ifndef AMD_IOMMU_H
+#define AMD_IOMMU_H
+
+int __init add_special_device(u8 type, u8 id, u16 *devid, bool cmd_line);
+
+#ifdef CONFIG_DMI
+void amd_iommu_apply_ivrs_quirks(void);
+#else
+static void amd_iommu_apply_ivrs_quirks(void) { }
+#endif
+
+#endif
diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
index 07d84dbab564e..6469f51282427 100644
--- a/drivers/iommu/amd_iommu_init.c
+++ b/drivers/iommu/amd_iommu_init.c
@@ -30,6 +30,7 @@
#include <asm/irq_remapping.h>
#include <linux/crash_dump.h>
+#include "amd_iommu.h"
#include "amd_iommu_proto.h"
#include "amd_iommu_types.h"
#include "irq_remapping.h"
@@ -997,7 +998,7 @@ static void __init set_dev_entry_from_acpi(struct amd_iommu *iommu,
set_iommu_for_device(iommu, devid);
}
-static int __init add_special_device(u8 type, u8 id, u16 *devid, bool cmd_line)
+int __init add_special_device(u8 type, u8 id, u16 *devid, bool cmd_line)
{
struct devid_map *entry;
struct list_head *list;
@@ -1148,6 +1149,8 @@ static int __init init_iommu_from_acpi(struct amd_iommu *iommu,
if (ret)
return ret;
+ amd_iommu_apply_ivrs_quirks();
+
/*
* First save the recommended feature enable bits from ACPI
*/
diff --git a/drivers/iommu/amd_iommu_quirks.c b/drivers/iommu/amd_iommu_quirks.c
new file mode 100644
index 0000000000000..c235f79b7a200
--- /dev/null
+++ b/drivers/iommu/amd_iommu_quirks.c
@@ -0,0 +1,92 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+/*
+ * Quirks for AMD IOMMU
+ *
+ * Copyright (C) 2019 Kai-Heng Feng <kai.heng.feng@canonical.com>
+ */
+
+#ifdef CONFIG_DMI
+#include <linux/dmi.h>
+
+#include "amd_iommu.h"
+
+#define IVHD_SPECIAL_IOAPIC 1
+
+struct ivrs_quirk_entry {
+ u8 id;
+ u16 devid;
+};
+
+enum {
+ DELL_INSPIRON_7375 = 0,
+ DELL_LATITUDE_5495,
+ LENOVO_IDEAPAD_330S_15ARR,
+};
+
+static const struct ivrs_quirk_entry ivrs_ioapic_quirks[][3] __initconst = {
+ /* ivrs_ioapic[4]=00:14.0 ivrs_ioapic[5]=00:00.2 */
+ [DELL_INSPIRON_7375] = {
+ { .id = 4, .devid = 0xa0 },
+ { .id = 5, .devid = 0x2 },
+ {}
+ },
+ /* ivrs_ioapic[4]=00:14.0 */
+ [DELL_LATITUDE_5495] = {
+ { .id = 4, .devid = 0xa0 },
+ {}
+ },
+ /* ivrs_ioapic[32]=00:14.0 */
+ [LENOVO_IDEAPAD_330S_15ARR] = {
+ { .id = 32, .devid = 0xa0 },
+ {}
+ },
+ {}
+};
+
+static int __init ivrs_ioapic_quirk_cb(const struct dmi_system_id *d)
+{
+ const struct ivrs_quirk_entry *i;
+
+ for (i = d->driver_data; i->id != 0 && i->devid != 0; i++)
+ add_special_device(IVHD_SPECIAL_IOAPIC, i->id, (u16 *)&i->devid, 0);
+
+ return 0;
+}
+
+static const struct dmi_system_id ivrs_quirks[] __initconst = {
+ {
+ .callback = ivrs_ioapic_quirk_cb,
+ .ident = "Dell Inspiron 7375",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 7375"),
+ },
+ .driver_data = (void *)&ivrs_ioapic_quirks[DELL_INSPIRON_7375],
+ },
+ {
+ .callback = ivrs_ioapic_quirk_cb,
+ .ident = "Dell Latitude 5495",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Latitude 5495"),
+ },
+ .driver_data = (void *)&ivrs_ioapic_quirks[DELL_LATITUDE_5495],
+ },
+ {
+ .callback = ivrs_ioapic_quirk_cb,
+ .ident = "Lenovo ideapad 330S-15ARR",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "81FB"),
+ },
+ .driver_data = (void *)&ivrs_ioapic_quirks[LENOVO_IDEAPAD_330S_15ARR],
+ },
+ {}
+};
+
+void __init amd_iommu_apply_ivrs_quirks(void)
+{
+ dmi_check_system(ivrs_quirks);
+}
+#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 205/313] zd1211rw: remove false assertion from zd_mac_clear()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (202 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 204/313] iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 206/313] btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index() Greg Kroah-Hartman
` (112 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+74c65761783d66a9c97c,
Oliver Neukum, Kalle Valo, Sasha Levin
From: Oliver Neukum <oneukum@suse.com>
[ Upstream commit 7a2eb7367fdea72e448d1a847aa857f6caf8ea2f ]
The function is called before the lock which is asserted was ever used.
Just remove it.
Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wireless/zydas/zd1211rw/zd_mac.c b/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
index da7e63fca9f57..a9999d10ae81f 100644
--- a/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
+++ b/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
@@ -223,7 +223,6 @@ void zd_mac_clear(struct zd_mac *mac)
{
flush_workqueue(zd_workqueue);
zd_chip_clear(&mac->chip);
- lockdep_assert_held(&mac->lock);
ZD_MEMCLEAR(mac, sizeof(struct zd_mac));
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 206/313] btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (203 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 205/313] zd1211rw: remove false assertion from zd_mac_clear() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 207/313] btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type Greg Kroah-Hartman
` (111 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 933c22a7512c5c09b1fdc46b557384efe8d03233 ]
There is one report of fuzzed image which leads to BUG_ON() in
btrfs_delete_delayed_dir_index().
Although that fuzzed image can already be addressed by enhanced
extent-tree error handler, it's still better to hunt down more BUG_ON().
This patch will hunt down two BUG_ON()s in
btrfs_delete_delayed_dir_index():
- One for error from btrfs_delayed_item_reserve_metadata()
Instead of BUG_ON(), we output an error message and free the item.
And return the error.
All callers of this function handles the error by aborting current
trasaction.
- One for possible EEXIST from __btrfs_add_delayed_deletion_item()
That function can return -EEXIST.
We already have a good enough error message for that, only need to
clean up the reserved metadata space and allocated item.
To help above cleanup, also modifiy __btrfs_remove_delayed_item() called
in btrfs_release_delayed_item(), to skip unassociated item.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203253
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/delayed-inode.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
index 43fdb2992956a..6858a05606dd3 100644
--- a/fs/btrfs/delayed-inode.c
+++ b/fs/btrfs/delayed-inode.c
@@ -474,6 +474,9 @@ static void __btrfs_remove_delayed_item(struct btrfs_delayed_item *delayed_item)
struct rb_root_cached *root;
struct btrfs_delayed_root *delayed_root;
+ /* Not associated with any delayed_node */
+ if (!delayed_item->delayed_node)
+ return;
delayed_root = delayed_item->delayed_node->root->fs_info->delayed_root;
BUG_ON(!delayed_root);
@@ -1525,7 +1528,12 @@ int btrfs_delete_delayed_dir_index(struct btrfs_trans_handle *trans,
* we have reserved enough space when we start a new transaction,
* so reserving metadata failure is impossible.
*/
- BUG_ON(ret);
+ if (ret < 0) {
+ btrfs_err(trans->fs_info,
+"metadata reservation failed for delayed dir item deltiona, should have been reserved");
+ btrfs_release_delayed_item(item);
+ goto end;
+ }
mutex_lock(&node->mutex);
ret = __btrfs_add_delayed_deletion_item(node, item);
@@ -1534,7 +1542,8 @@ int btrfs_delete_delayed_dir_index(struct btrfs_trans_handle *trans,
"err add delayed dir index item(index: %llu) into the deletion tree of the delayed node(root id: %llu, inode id: %llu, errno: %d)",
index, node->root->root_key.objectid,
node->inode_id, ret);
- BUG();
+ btrfs_delayed_item_release_metadata(dir->root, item);
+ btrfs_release_delayed_item(item);
}
mutex_unlock(&node->mutex);
end:
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 207/313] btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (204 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 206/313] btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 208/313] btrfs: tree-checker: Add ROOT_ITEM check Greg Kroah-Hartman
` (110 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jungyeon Yoon, Qu Wenruo,
David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 2a28468e525f3924efed7f29f2bc5a2926e7e19a ]
[BUG]
With fuzzed image and MIXED_GROUPS super flag, we can hit the following
BUG_ON():
kernel BUG at fs/btrfs/delayed-ref.c:491!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 1849 Comm: sync Tainted: G O 5.2.0-custom #27
RIP: 0010:update_existing_head_ref.cold+0x44/0x46 [btrfs]
Call Trace:
add_delayed_ref_head+0x20c/0x2d0 [btrfs]
btrfs_add_delayed_tree_ref+0x1fc/0x490 [btrfs]
btrfs_free_tree_block+0x123/0x380 [btrfs]
__btrfs_cow_block+0x435/0x500 [btrfs]
btrfs_cow_block+0x110/0x240 [btrfs]
btrfs_search_slot+0x230/0xa00 [btrfs]
? __lock_acquire+0x105e/0x1e20
btrfs_insert_empty_items+0x67/0xc0 [btrfs]
alloc_reserved_file_extent+0x9e/0x340 [btrfs]
__btrfs_run_delayed_refs+0x78e/0x1240 [btrfs]
? kvm_clock_read+0x18/0x30
? __sched_clock_gtod_offset+0x21/0x50
btrfs_run_delayed_refs.part.0+0x4e/0x180 [btrfs]
btrfs_run_delayed_refs+0x23/0x30 [btrfs]
btrfs_commit_transaction+0x53/0x9f0 [btrfs]
btrfs_sync_fs+0x7c/0x1c0 [btrfs]
? __ia32_sys_fdatasync+0x20/0x20
sync_fs_one_sb+0x23/0x30
iterate_supers+0x95/0x100
ksys_sync+0x62/0xb0
__ia32_sys_sync+0xe/0x20
do_syscall_64+0x65/0x240
entry_SYSCALL_64_after_hwframe+0x49/0xbe
[CAUSE]
This situation is caused by several factors:
- Fuzzed image
The extent tree of this fs missed one backref for extent tree root.
So we can allocated space from that slot.
- MIXED_BG feature
Super block has MIXED_BG flag.
- No mixed block groups exists
All block groups are just regular ones.
This makes data space_info->block_groups[] contains metadata block
groups. And when we reserve space for data, we can use space in
metadata block group.
Then we hit the following file operations:
- fallocate
We need to allocate data extents.
find_free_extent() choose to use the metadata block to allocate space
from, and choose the space of extent tree root, since its backref is
missing.
This generate one delayed ref head with is_data = 1.
- extent tree update
We need to update extent tree at run_delayed_ref time.
This generate one delayed ref head with is_data = 0, for the same
bytenr of old extent tree root.
Then we trigger the BUG_ON().
[FIX]
The quick fix here is to check block_group->flags before using it.
The problem can only happen for MIXED_GROUPS fs. Regular filesystems
won't have space_info with DATA|METADATA flag, and no way to hit the
bug.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203255
Reported-by: Jungyeon Yoon <jungyeon.yoon@gmail.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/extent-tree.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index b8f4720879021..37865929fdc22 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -7875,6 +7875,14 @@ static noinline int find_free_extent(struct btrfs_fs_info *fs_info,
*/
if ((flags & extra) && !(block_group->flags & extra))
goto loop;
+
+ /*
+ * This block group has different flags than we want.
+ * It's possible that we have MIXED_GROUP flag but no
+ * block group is mixed. Just skip such block group.
+ */
+ btrfs_release_block_group(block_group, delalloc);
+ continue;
}
have_block_group:
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 208/313] btrfs: tree-checker: Add ROOT_ITEM check
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (205 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 207/313] btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 209/313] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Greg Kroah-Hartman
` (109 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jungyeon Yoon, Qu Wenruo,
David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 259ee7754b6793af8bdd77f9ca818bc41cfe9541 ]
This patch will introduce ROOT_ITEM check, which includes:
- Key->objectid and key->offset check
Currently only some easy check, e.g. 0 as rootid is invalid.
- Item size check
Root item size is fixed.
- Generation checks
Generation, generation_v2 and last_snapshot should not be greater than
super generation + 1
- Level and alignment check
Level should be in [0, 7], and bytenr must be aligned to sector size.
- Flags check
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203261
Reported-by: Jungyeon Yoon <jungyeon.yoon@gmail.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/tree-checker.c | 92 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 92 insertions(+)
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index ccd5706199d76..d83adda6c090a 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -821,6 +821,95 @@ static int check_inode_item(struct extent_buffer *leaf,
return 0;
}
+static int check_root_item(struct extent_buffer *leaf, struct btrfs_key *key,
+ int slot)
+{
+ struct btrfs_fs_info *fs_info = leaf->fs_info;
+ struct btrfs_root_item ri;
+ const u64 valid_root_flags = BTRFS_ROOT_SUBVOL_RDONLY |
+ BTRFS_ROOT_SUBVOL_DEAD;
+
+ /* No such tree id */
+ if (key->objectid == 0) {
+ generic_err(leaf, slot, "invalid root id 0");
+ return -EUCLEAN;
+ }
+
+ /*
+ * Some older kernel may create ROOT_ITEM with non-zero offset, so here
+ * we only check offset for reloc tree whose key->offset must be a
+ * valid tree.
+ */
+ if (key->objectid == BTRFS_TREE_RELOC_OBJECTID && key->offset == 0) {
+ generic_err(leaf, slot, "invalid root id 0 for reloc tree");
+ return -EUCLEAN;
+ }
+
+ if (btrfs_item_size_nr(leaf, slot) != sizeof(ri)) {
+ generic_err(leaf, slot,
+ "invalid root item size, have %u expect %zu",
+ btrfs_item_size_nr(leaf, slot), sizeof(ri));
+ }
+
+ read_extent_buffer(leaf, &ri, btrfs_item_ptr_offset(leaf, slot),
+ sizeof(ri));
+
+ /* Generation related */
+ if (btrfs_root_generation(&ri) >
+ btrfs_super_generation(fs_info->super_copy) + 1) {
+ generic_err(leaf, slot,
+ "invalid root generation, have %llu expect (0, %llu]",
+ btrfs_root_generation(&ri),
+ btrfs_super_generation(fs_info->super_copy) + 1);
+ return -EUCLEAN;
+ }
+ if (btrfs_root_generation_v2(&ri) >
+ btrfs_super_generation(fs_info->super_copy) + 1) {
+ generic_err(leaf, slot,
+ "invalid root v2 generation, have %llu expect (0, %llu]",
+ btrfs_root_generation_v2(&ri),
+ btrfs_super_generation(fs_info->super_copy) + 1);
+ return -EUCLEAN;
+ }
+ if (btrfs_root_last_snapshot(&ri) >
+ btrfs_super_generation(fs_info->super_copy) + 1) {
+ generic_err(leaf, slot,
+ "invalid root last_snapshot, have %llu expect (0, %llu]",
+ btrfs_root_last_snapshot(&ri),
+ btrfs_super_generation(fs_info->super_copy) + 1);
+ return -EUCLEAN;
+ }
+
+ /* Alignment and level check */
+ if (!IS_ALIGNED(btrfs_root_bytenr(&ri), fs_info->sectorsize)) {
+ generic_err(leaf, slot,
+ "invalid root bytenr, have %llu expect to be aligned to %u",
+ btrfs_root_bytenr(&ri), fs_info->sectorsize);
+ return -EUCLEAN;
+ }
+ if (btrfs_root_level(&ri) >= BTRFS_MAX_LEVEL) {
+ generic_err(leaf, slot,
+ "invalid root level, have %u expect [0, %u]",
+ btrfs_root_level(&ri), BTRFS_MAX_LEVEL - 1);
+ return -EUCLEAN;
+ }
+ if (ri.drop_level >= BTRFS_MAX_LEVEL) {
+ generic_err(leaf, slot,
+ "invalid root level, have %u expect [0, %u]",
+ ri.drop_level, BTRFS_MAX_LEVEL - 1);
+ return -EUCLEAN;
+ }
+
+ /* Flags check */
+ if (btrfs_root_flags(&ri) & ~valid_root_flags) {
+ generic_err(leaf, slot,
+ "invalid root flags, have 0x%llx expect mask 0x%llx",
+ btrfs_root_flags(&ri), valid_root_flags);
+ return -EUCLEAN;
+ }
+ return 0;
+}
+
/*
* Common point to switch the item-specific validation.
*/
@@ -856,6 +945,9 @@ static int check_leaf_item(struct extent_buffer *leaf,
case BTRFS_INODE_ITEM_KEY:
ret = check_inode_item(leaf, key, slot);
break;
+ case BTRFS_ROOT_ITEM_KEY:
+ ret = check_root_item(leaf, key, slot);
+ break;
}
return ret;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 209/313] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (206 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 208/313] btrfs: tree-checker: Add ROOT_ITEM check Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 210/313] kvm: Nested KVM MMUs need PAE root too Greg Kroah-Hartman
` (108 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Qu Wenruo,
David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit 62fdaa52a3d00a875da771719b6dc537ca79fce1 ]
[BUG]
With crafted image, btrfs will panic at btree operations:
kernel BUG at fs/btrfs/ctree.c:3894!
invalid opcode: 0000 [#1] SMP PTI
CPU: 0 PID: 1138 Comm: btrfs-transacti Not tainted 5.0.0-rc8+ #9
RIP: 0010:__push_leaf_left+0x6b6/0x6e0
RSP: 0018:ffffc0bd4128b990 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffa0a4ab8f0e38 RCX: 0000000000000000
RDX: ffffa0a280000000 RSI: 0000000000000000 RDI: ffffa0a4b3814000
RBP: ffffc0bd4128ba38 R08: 0000000000001000 R09: ffffc0bd4128b948
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000240
R13: ffffa0a4b556fb60 R14: ffffa0a4ab8f0af0 R15: ffffa0a4ab8f0af0
FS: 0000000000000000(0000) GS:ffffa0a4b7a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2461c80020 CR3: 000000022b32a006 CR4: 00000000000206f0
Call Trace:
? _cond_resched+0x1a/0x50
push_leaf_left+0x179/0x190
btrfs_del_items+0x316/0x470
btrfs_del_csums+0x215/0x3a0
__btrfs_free_extent.isra.72+0x5a7/0xbe0
__btrfs_run_delayed_refs+0x539/0x1120
btrfs_run_delayed_refs+0xdb/0x1b0
btrfs_commit_transaction+0x52/0x950
? start_transaction+0x94/0x450
transaction_kthread+0x163/0x190
kthread+0x105/0x140
? btrfs_cleanup_transaction+0x560/0x560
? kthread_destroy_worker+0x50/0x50
ret_from_fork+0x35/0x40
Modules linked in:
---[ end trace c2425e6e89b5558f ]---
[CAUSE]
The offending csum tree looks like this:
checksum tree key (CSUM_TREE ROOT_ITEM 0)
node 29741056 level 1 items 14 free 107 generation 19 owner CSUM_TREE
...
key (EXTENT_CSUM EXTENT_CSUM 85975040) block 29630464 gen 17
key (EXTENT_CSUM EXTENT_CSUM 89911296) block 29642752 gen 17 <<<
key (EXTENT_CSUM EXTENT_CSUM 92274688) block 29646848 gen 17
...
leaf 29630464 items 6 free space 1 generation 17 owner CSUM_TREE
item 0 key (EXTENT_CSUM EXTENT_CSUM 85975040) itemoff 3987 itemsize 8
range start 85975040 end 85983232 length 8192
...
leaf 29642752 items 0 free space 3995 generation 17 owner 0
^ empty leaf invalid owner ^
leaf 29646848 items 1 free space 602 generation 17 owner CSUM_TREE
item 0 key (EXTENT_CSUM EXTENT_CSUM 92274688) itemoff 627 itemsize 3368
range start 92274688 end 95723520 length 3448832
So we have a corrupted csum tree where one tree leaf is completely
empty, causing unbalanced btree, thus leading to unexpected btree
balance error.
[FIX]
For this particular case, we handle it in two directions to catch it:
- Check if the tree block is empty through btrfs_verify_level_key()
So that invalid tree blocks won't be read out through
btrfs_search_slot() and its variants.
- Check 0 tree owner in tree checker
NO tree is using 0 as its tree owner, detect it and reject at tree
block read time.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202821
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/disk-io.c | 10 ++++++++++
fs/btrfs/tree-checker.c | 6 ++++++
2 files changed, 16 insertions(+)
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index deb74a8c191a4..6d26d38a2e12c 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -423,6 +423,16 @@ int btrfs_verify_level_key(struct extent_buffer *eb, int level,
*/
if (btrfs_header_generation(eb) > fs_info->last_trans_committed)
return 0;
+
+ /* We have @first_key, so this @eb must have at least one item */
+ if (btrfs_header_nritems(eb) == 0) {
+ btrfs_err(fs_info,
+ "invalid tree nritems, bytenr=%llu nritems=0 expect >0",
+ eb->start);
+ WARN_ON(IS_ENABLED(CONFIG_BTRFS_DEBUG));
+ return -EUCLEAN;
+ }
+
if (found_level)
btrfs_node_key_to_cpu(eb, &found_key, 0);
else
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index d83adda6c090a..9634cae1e1b1d 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -991,6 +991,12 @@ static int check_leaf(struct extent_buffer *leaf, bool check_item_data)
owner);
return -EUCLEAN;
}
+ /* Unknown tree */
+ if (owner == 0) {
+ generic_err(leaf, 0,
+ "invalid owner, root 0 is not defined");
+ return -EUCLEAN;
+ }
return 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 210/313] kvm: Nested KVM MMUs need PAE root too
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (207 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 209/313] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 211/313] media: omap3isp: Set device on omap3isp subdevs Greg Kroah-Hartman
` (107 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Palecek, Paolo Bonzini, Sasha Levin
From: Jiří Paleček <jpalecek@web.de>
[ Upstream commit 1cfff4d9a5d01fa61e5768a6afffc81ae1c8ecb9 ]
On AMD processors, in PAE 32bit mode, nested KVM instances don't
work. The L0 host get a kernel OOPS, which is related to
arch.mmu->pae_root being NULL.
The reason for this is that when setting up nested KVM instance,
arch.mmu is set to &arch.guest_mmu (while normally, it would be
&arch.root_mmu). However, the initialization and allocation of
pae_root only creates it in root_mmu. KVM code (ie. in
mmu_alloc_shadow_roots) then accesses arch.mmu->pae_root, which is the
unallocated arch.guest_mmu->pae_root.
This fix just allocates (and frees) pae_root in both guest_mmu and
root_mmu (and also lm_root if it was allocated). The allocation is
subject to previous restrictions ie. it won't allocate anything on
64-bit and AFAIK not on Intel.
Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=203923
Fixes: 14c07ad89f4d ("x86/kvm/mmu: introduce guest_mmu")
Signed-off-by: Jiri Palecek <jpalecek@web.de>
Tested-by: Jiri Palecek <jpalecek@web.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/mmu.c | 30 ++++++++++++++++++++++--------
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 66055ca29b6b4..9130152d5ed83 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -5607,13 +5607,13 @@ slot_handle_leaf(struct kvm *kvm, struct kvm_memory_slot *memslot,
PT_PAGE_TABLE_LEVEL, lock_flush_tlb);
}
-static void free_mmu_pages(struct kvm_vcpu *vcpu)
+static void free_mmu_pages(struct kvm_mmu *mmu)
{
- free_page((unsigned long)vcpu->arch.mmu->pae_root);
- free_page((unsigned long)vcpu->arch.mmu->lm_root);
+ free_page((unsigned long)mmu->pae_root);
+ free_page((unsigned long)mmu->lm_root);
}
-static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
+static int alloc_mmu_pages(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu)
{
struct page *page;
int i;
@@ -5634,9 +5634,9 @@ static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
if (!page)
return -ENOMEM;
- vcpu->arch.mmu->pae_root = page_address(page);
+ mmu->pae_root = page_address(page);
for (i = 0; i < 4; ++i)
- vcpu->arch.mmu->pae_root[i] = INVALID_PAGE;
+ mmu->pae_root[i] = INVALID_PAGE;
return 0;
}
@@ -5644,6 +5644,7 @@ static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
int kvm_mmu_create(struct kvm_vcpu *vcpu)
{
uint i;
+ int ret;
vcpu->arch.mmu = &vcpu->arch.root_mmu;
vcpu->arch.walk_mmu = &vcpu->arch.root_mmu;
@@ -5661,7 +5662,19 @@ int kvm_mmu_create(struct kvm_vcpu *vcpu)
vcpu->arch.guest_mmu.prev_roots[i] = KVM_MMU_ROOT_INFO_INVALID;
vcpu->arch.nested_mmu.translate_gpa = translate_nested_gpa;
- return alloc_mmu_pages(vcpu);
+
+ ret = alloc_mmu_pages(vcpu, &vcpu->arch.guest_mmu);
+ if (ret)
+ return ret;
+
+ ret = alloc_mmu_pages(vcpu, &vcpu->arch.root_mmu);
+ if (ret)
+ goto fail_allocate_root;
+
+ return ret;
+ fail_allocate_root:
+ free_mmu_pages(&vcpu->arch.guest_mmu);
+ return ret;
}
@@ -6134,7 +6147,8 @@ unsigned long kvm_mmu_calculate_default_mmu_pages(struct kvm *kvm)
void kvm_mmu_destroy(struct kvm_vcpu *vcpu)
{
kvm_mmu_unload(vcpu);
- free_mmu_pages(vcpu);
+ free_mmu_pages(&vcpu->arch.root_mmu);
+ free_mmu_pages(&vcpu->arch.guest_mmu);
mmu_free_memory_caches(vcpu);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 211/313] media: omap3isp: Set device on omap3isp subdevs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (208 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 210/313] kvm: Nested KVM MMUs need PAE root too Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 212/313] PM / devfreq: passive: fix compiler warning Greg Kroah-Hartman
` (106 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
From: Sakari Ailus <sakari.ailus@linux.intel.com>
[ Upstream commit e9eb103f027725053a4b02f93d7f2858b56747ce ]
The omap3isp driver registered subdevs without the dev field being set. Do
that now.
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/omap3isp/ispccdc.c | 1 +
drivers/media/platform/omap3isp/ispccp2.c | 1 +
drivers/media/platform/omap3isp/ispcsi2.c | 1 +
drivers/media/platform/omap3isp/isppreview.c | 1 +
drivers/media/platform/omap3isp/ispresizer.c | 1 +
drivers/media/platform/omap3isp/ispstat.c | 2 ++
6 files changed, 7 insertions(+)
diff --git a/drivers/media/platform/omap3isp/ispccdc.c b/drivers/media/platform/omap3isp/ispccdc.c
index 1ba8a5ba343f6..e2f336c715a4d 100644
--- a/drivers/media/platform/omap3isp/ispccdc.c
+++ b/drivers/media/platform/omap3isp/ispccdc.c
@@ -2602,6 +2602,7 @@ int omap3isp_ccdc_register_entities(struct isp_ccdc_device *ccdc,
int ret;
/* Register the subdev and video node. */
+ ccdc->subdev.dev = vdev->mdev->dev;
ret = v4l2_device_register_subdev(vdev, &ccdc->subdev);
if (ret < 0)
goto error;
diff --git a/drivers/media/platform/omap3isp/ispccp2.c b/drivers/media/platform/omap3isp/ispccp2.c
index efca45bb02c8b..d0a49cdfd22d2 100644
--- a/drivers/media/platform/omap3isp/ispccp2.c
+++ b/drivers/media/platform/omap3isp/ispccp2.c
@@ -1031,6 +1031,7 @@ int omap3isp_ccp2_register_entities(struct isp_ccp2_device *ccp2,
int ret;
/* Register the subdev and video nodes. */
+ ccp2->subdev.dev = vdev->mdev->dev;
ret = v4l2_device_register_subdev(vdev, &ccp2->subdev);
if (ret < 0)
goto error;
diff --git a/drivers/media/platform/omap3isp/ispcsi2.c b/drivers/media/platform/omap3isp/ispcsi2.c
index e85917f4a50cc..fd493c5e4e24f 100644
--- a/drivers/media/platform/omap3isp/ispcsi2.c
+++ b/drivers/media/platform/omap3isp/ispcsi2.c
@@ -1198,6 +1198,7 @@ int omap3isp_csi2_register_entities(struct isp_csi2_device *csi2,
int ret;
/* Register the subdev and video nodes. */
+ csi2->subdev.dev = vdev->mdev->dev;
ret = v4l2_device_register_subdev(vdev, &csi2->subdev);
if (ret < 0)
goto error;
diff --git a/drivers/media/platform/omap3isp/isppreview.c b/drivers/media/platform/omap3isp/isppreview.c
index 40e22400cf5ec..97d660606d984 100644
--- a/drivers/media/platform/omap3isp/isppreview.c
+++ b/drivers/media/platform/omap3isp/isppreview.c
@@ -2225,6 +2225,7 @@ int omap3isp_preview_register_entities(struct isp_prev_device *prev,
int ret;
/* Register the subdev and video nodes. */
+ prev->subdev.dev = vdev->mdev->dev;
ret = v4l2_device_register_subdev(vdev, &prev->subdev);
if (ret < 0)
goto error;
diff --git a/drivers/media/platform/omap3isp/ispresizer.c b/drivers/media/platform/omap3isp/ispresizer.c
index 21ca6954df72f..78d9dd7ea2da7 100644
--- a/drivers/media/platform/omap3isp/ispresizer.c
+++ b/drivers/media/platform/omap3isp/ispresizer.c
@@ -1681,6 +1681,7 @@ int omap3isp_resizer_register_entities(struct isp_res_device *res,
int ret;
/* Register the subdev and video nodes. */
+ res->subdev.dev = vdev->mdev->dev;
ret = v4l2_device_register_subdev(vdev, &res->subdev);
if (ret < 0)
goto error;
diff --git a/drivers/media/platform/omap3isp/ispstat.c b/drivers/media/platform/omap3isp/ispstat.c
index ca7bb8497c3da..cb5841f628cff 100644
--- a/drivers/media/platform/omap3isp/ispstat.c
+++ b/drivers/media/platform/omap3isp/ispstat.c
@@ -1026,6 +1026,8 @@ void omap3isp_stat_unregister_entities(struct ispstat *stat)
int omap3isp_stat_register_entities(struct ispstat *stat,
struct v4l2_device *vdev)
{
+ stat->subdev.dev = vdev->mdev->dev;
+
return v4l2_device_register_subdev(vdev, &stat->subdev);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 212/313] PM / devfreq: passive: fix compiler warning
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (209 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 211/313] media: omap3isp: Set device on omap3isp subdevs Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 213/313] ARM: dts: logicpd-torpedo-baseboard: Fix missing video Greg Kroah-Hartman
` (105 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, MyungJoo Ham, Sasha Levin
From: MyungJoo Ham <myungjoo.ham@samsung.com>
[ Upstream commit 0465814831a926ce2f83e8f606d067d86745234e ]
The recent commit of
PM / devfreq: passive: Use non-devm notifiers
had incurred compiler warning, "unused variable 'dev'".
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/devfreq/governor_passive.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/devfreq/governor_passive.c b/drivers/devfreq/governor_passive.c
index da485477065c5..be6eeab9c814e 100644
--- a/drivers/devfreq/governor_passive.c
+++ b/drivers/devfreq/governor_passive.c
@@ -149,7 +149,6 @@ static int devfreq_passive_notifier_call(struct notifier_block *nb,
static int devfreq_passive_event_handler(struct devfreq *devfreq,
unsigned int event, void *data)
{
- struct device *dev = devfreq->dev.parent;
struct devfreq_passive_data *p_data
= (struct devfreq_passive_data *)devfreq->data;
struct devfreq *parent = (struct devfreq *)p_data->parent;
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 213/313] ARM: dts: logicpd-torpedo-baseboard: Fix missing video
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (210 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 212/313] PM / devfreq: passive: fix compiler warning Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 214/313] ARM: omap2plus_defconfig: " Greg Kroah-Hartman
` (104 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adam Ford, Tony Lindgren
From: Adam Ford <aford173@gmail.com>
commit f9f5518a38684e031d913f40482721ff553f5ba2 upstream.
A previous commit removed the panel-dpi driver, which made the
Torpedo video stop working because it relied on the dpi driver
for setting video timings. Now that the simple-panel driver is
available in omap2plus, this patch migrates the Torpedo dev kits
to use a similar panel and remove the manual timing requirements.
Fixes: 8bf4b1621178 ("drm/omap: Remove panel-dpi driver")
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/logicpd-torpedo-baseboard.dtsi | 37 +++--------------------
1 file changed, 6 insertions(+), 31 deletions(-)
--- a/arch/arm/boot/dts/logicpd-torpedo-baseboard.dtsi
+++ b/arch/arm/boot/dts/logicpd-torpedo-baseboard.dtsi
@@ -108,7 +108,6 @@
&dss {
status = "ok";
vdds_dsi-supply = <&vpll2>;
- vdda_video-supply = <&video_reg>;
pinctrl-names = "default";
pinctrl-0 = <&dss_dpi_pins1>;
port {
@@ -124,44 +123,20 @@
display0 = &lcd0;
};
- video_reg: video_reg {
- pinctrl-names = "default";
- pinctrl-0 = <&panel_pwr_pins>;
- compatible = "regulator-fixed";
- regulator-name = "fixed-supply";
- regulator-min-microvolt = <3300000>;
- regulator-max-microvolt = <3300000>;
- gpio = <&gpio5 27 GPIO_ACTIVE_HIGH>; /* gpio155, lcd INI */
- };
-
lcd0: display {
- compatible = "panel-dpi";
+ /* This isn't the exact LCD, but the timings meet spec */
+ /* To make it work, set CONFIG_OMAP2_DSS_MIN_FCK_PER_PCK=4 */
+ compatible = "newhaven,nhd-4.3-480272ef-atxl";
label = "15";
- status = "okay";
- /* default-on; */
pinctrl-names = "default";
-
+ pinctrl-0 = <&panel_pwr_pins>;
+ backlight = <&bl>;
+ enable-gpios = <&gpio5 27 GPIO_ACTIVE_HIGH>;
port {
lcd_in: endpoint {
remote-endpoint = <&dpi_out>;
};
};
-
- panel-timing {
- clock-frequency = <9000000>;
- hactive = <480>;
- vactive = <272>;
- hfront-porch = <3>;
- hback-porch = <2>;
- hsync-len = <42>;
- vback-porch = <3>;
- vfront-porch = <4>;
- vsync-len = <11>;
- hsync-active = <0>;
- vsync-active = <0>;
- de-active = <1>;
- pixelclk-active = <1>;
- };
};
bl: backlight {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 214/313] ARM: omap2plus_defconfig: Fix missing video
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (211 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 213/313] ARM: dts: logicpd-torpedo-baseboard: Fix missing video Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 215/313] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36 Greg Kroah-Hartman
` (103 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adam Ford, Tony Lindgren
From: Adam Ford <aford173@gmail.com>
commit 4957eccf979b025286b39388fd1a60cde601a10a upstream.
When the panel-dpi driver was removed, the simple-panels driver
was never enabled, so anyone who used the panel-dpi driver lost
video, and those who used it inconjunction with simple-panels
would have to manually enable CONFIG_DRM_PANEL_SIMPLE.
This patch makes CONFIG_DRM_PANEL_SIMPLE a module in the same
way the deprecated panel-dpi was.
Fixes: 8bf4b1621178 ("drm/omap: Remove panel-dpi driver")
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/configs/omap2plus_defconfig | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm/configs/omap2plus_defconfig
+++ b/arch/arm/configs/omap2plus_defconfig
@@ -363,6 +363,7 @@ CONFIG_DRM_OMAP_PANEL_TPO_TD028TTEC1=m
CONFIG_DRM_OMAP_PANEL_TPO_TD043MTEA1=m
CONFIG_DRM_OMAP_PANEL_NEC_NL8048HL11=m
CONFIG_DRM_TILCDC=m
+CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_FB=y
CONFIG_FIRMWARE_EDID=y
CONFIG_FB_MODE_HELPERS=y
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 215/313] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (212 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 214/313] ARM: omap2plus_defconfig: " Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 216/313] ALSA: firewire-tascam: handle error code when getting current source of clock Greg Kroah-Hartman
` (102 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luca Coelho, Kalle Valo
From: Luca Coelho <luciano.coelho@intel.com>
commit fddbfeece9c7882cc47754c7da460fe427e3e85b upstream.
The intention was to have the GEO_TX_POWER_LIMIT command in FW version
36 as well, but not all 8000 family got this feature enabled. The
8000 family is the only one using version 36, so skip this version
entirely. If we try to send this command to the firmwares that do not
support it, we get a BAD_COMMAND response from the firmware.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=204151.
Cc: stable@vger.kernel.org # 4.19+
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
@@ -882,11 +882,13 @@ static bool iwl_mvm_sar_geo_support(stru
* firmware versions. Unfortunately, we don't have a TLV API
* flag to rely on, so rely on the major version which is in
* the first byte of ucode_ver. This was implemented
- * initially on version 38 and then backported to 36, 29 and
- * 17.
+ * initially on version 38 and then backported to29 and 17.
+ * The intention was to have it in 36 as well, but not all
+ * 8000 family got this feature enabled. The 8000 family is
+ * the only one using version 36, so skip this version
+ * entirely.
*/
return IWL_UCODE_SERIAL(mvm->fw->ucode_ver) >= 38 ||
- IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 36 ||
IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 29 ||
IWL_UCODE_SERIAL(mvm->fw->ucode_ver) == 17;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 216/313] ALSA: firewire-tascam: handle error code when getting current source of clock
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (213 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 215/313] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36 Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 217/313] ALSA: firewire-tascam: check intermediate state of clock status and retry Greg Kroah-Hartman
` (101 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Sakamoto, Takashi Iwai
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit 2617120f4de6d0423384e0e86b14c78b9de84d5a upstream.
The return value of snd_tscm_stream_get_clock() is ignored. This commit
checks the value and handle error.
Fixes: e453df44f0d6 ("ALSA: firewire-tascam: add PCM functionality")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20190910135152.29800-2-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/firewire/tascam/tascam-pcm.c | 3 +++
1 file changed, 3 insertions(+)
--- a/sound/firewire/tascam/tascam-pcm.c
+++ b/sound/firewire/tascam/tascam-pcm.c
@@ -56,6 +56,9 @@ static int pcm_open(struct snd_pcm_subst
goto err_locked;
err = snd_tscm_stream_get_clock(tscm, &clock);
+ if (err < 0)
+ goto err_locked;
+
if (clock != SND_TSCM_CLOCK_INTERNAL ||
amdtp_stream_pcm_running(&tscm->rx_stream) ||
amdtp_stream_pcm_running(&tscm->tx_stream)) {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 217/313] ALSA: firewire-tascam: check intermediate state of clock status and retry
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (214 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 216/313] ALSA: firewire-tascam: handle error code when getting current source of clock Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 218/313] scsi: scsi_dh_rdac: zero cdb in send_mode_select() Greg Kroah-Hartman
` (100 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Sakamoto, Takashi Iwai
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit e1a00b5b253a4f97216b9a33199a863987075162 upstream.
2 bytes in MSB of register for clock status is zero during intermediate
state after changing status of sampling clock in models of TASCAM FireWire
series. The duration of this state differs depending on cases. During the
state, it's better to retry reading the register for current status of
the clock.
In current implementation, the intermediate state is checked only when
getting current sampling transmission frequency, then retry reading.
This care is required for the other operations to read the register.
This commit moves the codes of check and retry into helper function
commonly used for operations to read the register.
Fixes: e453df44f0d6 ("ALSA: firewire-tascam: add PCM functionality")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20190910135152.29800-3-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/firewire/tascam/tascam-stream.c | 42 ++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 14 deletions(-)
--- a/sound/firewire/tascam/tascam-stream.c
+++ b/sound/firewire/tascam/tascam-stream.c
@@ -8,20 +8,37 @@
#include <linux/delay.h>
#include "tascam.h"
+#define CLOCK_STATUS_MASK 0xffff0000
+#define CLOCK_CONFIG_MASK 0x0000ffff
+
#define CALLBACK_TIMEOUT 500
static int get_clock(struct snd_tscm *tscm, u32 *data)
{
+ int trial = 0;
__be32 reg;
int err;
- err = snd_fw_transaction(tscm->unit, TCODE_READ_QUADLET_REQUEST,
- TSCM_ADDR_BASE + TSCM_OFFSET_CLOCK_STATUS,
- ®, sizeof(reg), 0);
- if (err >= 0)
+ while (trial++ < 5) {
+ err = snd_fw_transaction(tscm->unit, TCODE_READ_QUADLET_REQUEST,
+ TSCM_ADDR_BASE + TSCM_OFFSET_CLOCK_STATUS,
+ ®, sizeof(reg), 0);
+ if (err < 0)
+ return err;
+
*data = be32_to_cpu(reg);
+ if (*data & CLOCK_STATUS_MASK)
+ break;
+
+ // In intermediate state after changing clock status.
+ msleep(50);
+ }
- return err;
+ // Still in the intermediate state.
+ if (trial >= 5)
+ return -EAGAIN;
+
+ return 0;
}
static int set_clock(struct snd_tscm *tscm, unsigned int rate,
@@ -34,7 +51,7 @@ static int set_clock(struct snd_tscm *ts
err = get_clock(tscm, &data);
if (err < 0)
return err;
- data &= 0x0000ffff;
+ data &= CLOCK_CONFIG_MASK;
if (rate > 0) {
data &= 0x000000ff;
@@ -79,17 +96,14 @@ static int set_clock(struct snd_tscm *ts
int snd_tscm_stream_get_rate(struct snd_tscm *tscm, unsigned int *rate)
{
- u32 data = 0x0;
- unsigned int trials = 0;
+ u32 data;
int err;
- while (data == 0x0 || trials++ < 5) {
- err = get_clock(tscm, &data);
- if (err < 0)
- return err;
+ err = get_clock(tscm, &data);
+ if (err < 0)
+ return err;
- data = (data & 0xff000000) >> 24;
- }
+ data = (data & 0xff000000) >> 24;
/* Check base rate. */
if ((data & 0x0f) == 0x01)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 218/313] scsi: scsi_dh_rdac: zero cdb in send_mode_select()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (215 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 217/313] ALSA: firewire-tascam: check intermediate state of clock status and retry Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 219/313] scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag Greg Kroah-Hartman
` (99 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Wilck, Ales Novak,
Shane Seymour, Martin K. Petersen
From: Martin Wilck <Martin.Wilck@suse.com>
commit 57adf5d4cfd3198aa480e7c94a101fc8c4e6109d upstream.
cdb in send_mode_select() is not zeroed and is only partially filled in
rdac_failover_get(), which leads to some random data getting to the
device. Users have reported storage responding to such commands with
INVALID FIELD IN CDB. Code before commit 327825574132 was not affected, as
it called blk_rq_set_block_pc().
Fix this by zeroing out the cdb first.
Identified & fix proposed by HPE.
Fixes: 327825574132 ("scsi_dh_rdac: switch to scsi_execute_req_flags()")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20190904155205.1666-1-martin.wilck@suse.com
Signed-off-by: Martin Wilck <mwilck@suse.com>
Acked-by: Ales Novak <alnovak@suse.cz>
Reviewed-by: Shane Seymour <shane.seymour@hpe.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/device_handler/scsi_dh_rdac.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/scsi/device_handler/scsi_dh_rdac.c
+++ b/drivers/scsi/device_handler/scsi_dh_rdac.c
@@ -546,6 +546,8 @@ static void send_mode_select(struct work
spin_unlock(&ctlr->ms_lock);
retry:
+ memset(cdb, 0, sizeof(cdb));
+
data_size = rdac_failover_get(ctlr, &list, cdb);
RDAC_LOG(RDAC_LOG_FAILOVER, sdev, "array %s, ctlr %d, "
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 219/313] scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (216 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 218/313] scsi: scsi_dh_rdac: zero cdb in send_mode_select() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 220/313] printk: Do not lose last line in kmsg buffer dump Greg Kroah-Hartman
` (98 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quinn Tran, Himanshu Madhani,
Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit 8b5292bcfcacf15182a77a973a98d310e76fd58b upstream.
Relogin fails to move forward due to scan_state flag indicating device is
not there. Before relogin process, Session delete process accidently
modified the scan_state flag.
[mkp: typos plus corrected Fixes: sha as reported by sfr]
Fixes: 2dee5521028c ("scsi: qla2xxx: Fix login state machine freeze")
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 25 ++++++++++++++++++++-----
drivers/scsi/qla2xxx/qla_os.c | 1 +
drivers/scsi/qla2xxx/qla_target.c | 1 -
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -289,8 +289,13 @@ qla2x00_async_login(struct scsi_qla_host
struct srb_iocb *lio;
int rval = QLA_FUNCTION_FAILED;
- if (!vha->flags.online)
- goto done;
+ if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) ||
+ fcport->loop_id == FC_NO_LOOP_ID) {
+ ql_log(ql_log_warn, vha, 0xffff,
+ "%s: %8phC - not sending command.\n",
+ __func__, fcport->port_name);
+ return rval;
+ }
sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL);
if (!sp)
@@ -1262,8 +1267,13 @@ int qla24xx_async_gpdb(struct scsi_qla_h
struct port_database_24xx *pd;
struct qla_hw_data *ha = vha->hw;
- if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT))
+ if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT) ||
+ fcport->loop_id == FC_NO_LOOP_ID) {
+ ql_log(ql_log_warn, vha, 0xffff,
+ "%s: %8phC - not sending command.\n",
+ __func__, fcport->port_name);
return rval;
+ }
fcport->disc_state = DSC_GPDB;
@@ -1953,8 +1963,11 @@ qla24xx_handle_plogi_done_event(struct s
return;
}
- if (fcport->disc_state == DSC_DELETE_PEND)
+ if ((fcport->disc_state == DSC_DELETE_PEND) ||
+ (fcport->disc_state == DSC_DELETED)) {
+ set_bit(RELOGIN_NEEDED, &vha->dpc_flags);
return;
+ }
if (ea->sp->gen2 != fcport->login_gen) {
/* target side must have changed it. */
@@ -6699,8 +6712,10 @@ qla2x00_abort_isp_cleanup(scsi_qla_host_
}
/* Clear all async request states across all VPs. */
- list_for_each_entry(fcport, &vha->vp_fcports, list)
+ list_for_each_entry(fcport, &vha->vp_fcports, list) {
fcport->flags &= ~(FCF_LOGIN_NEEDED | FCF_ASYNC_SENT);
+ fcport->scan_state = 0;
+ }
spin_lock_irqsave(&ha->vport_slock, flags);
list_for_each_entry(vp, &ha->vp_list, list) {
atomic_inc(&vp->vref_count);
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -5087,6 +5087,7 @@ void qla24xx_create_new_sess(struct scsi
if (fcport) {
fcport->id_changed = 1;
fcport->scan_state = QLA_FCPORT_FOUND;
+ fcport->chip_reset = vha->hw->base_qpair->chip_reset;
memcpy(fcport->node_name, e->u.new_sess.node_name, WWN_SIZE);
if (pla) {
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -1209,7 +1209,6 @@ static void qla24xx_chk_fcp_state(struct
sess->logout_on_delete = 0;
sess->logo_ack_needed = 0;
sess->fw_login_state = DSC_LS_PORT_UNAVAIL;
- sess->scan_state = 0;
}
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 220/313] printk: Do not lose last line in kmsg buffer dump
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (217 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 219/313] scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 221/313] IB/mlx5: Free mpi in mp_slave mode Greg Kroah-Hartman
` (97 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel, rostedt
Cc: Greg Kroah-Hartman, stable, Vincent Whitchurch,
Sergey Senozhatsky, Petr Mladek
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
commit c9dccacfccc72c32692eedff4a27a4b0833a2afd upstream.
kmsg_dump_get_buffer() is supposed to select all the youngest log
messages which fit into the provided buffer. It determines the correct
start index by using msg_print_text() with a NULL buffer to calculate
the size of each entry. However, when performing the actual writes,
msg_print_text() only writes the entry to the buffer if the written len
is lesser than the size of the buffer. So if the lengths of the
selected youngest log messages happen to precisely fill up the provided
buffer, the last log message is not included.
We don't want to modify msg_print_text() to fill up the buffer and start
returning a length which is equal to the size of the buffer, since
callers of its other users, such as kmsg_dump_get_line(), depend upon
the current behaviour.
Instead, fix kmsg_dump_get_buffer() to compensate for this.
For example, with the following two final prints:
[ 6.427502] AAAAAAAAAAAAA
[ 6.427769] BBBBBBBB12345
A dump of a 64-byte buffer filled by kmsg_dump_get_buffer(), before this
patch:
00000000: 3c 30 3e 5b 20 20 20 20 36 2e 35 32 32 31 39 37 <0>[ 6.522197
00000010: 5d 20 41 41 41 41 41 41 41 41 41 41 41 41 41 0a ] AAAAAAAAAAAAA.
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
After this patch:
00000000: 3c 30 3e 5b 20 20 20 20 36 2e 34 35 36 36 37 38 <0>[ 6.456678
00000010: 5d 20 42 42 42 42 42 42 42 42 31 32 33 34 35 0a ] BBBBBBBB12345.
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Link: http://lkml.kernel.org/r/20190711142937.4083-1-vincent.whitchurch@axis.com
Fixes: e2ae715d66bf4bec ("kmsg - kmsg_dump() use iterator to receive log buffer content")
To: rostedt@goodmis.org
Cc: linux-kernel@vger.kernel.org
Cc: <stable@vger.kernel.org> # v3.5+
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/printk/printk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -3274,7 +3274,7 @@ bool kmsg_dump_get_buffer(struct kmsg_du
/* move first record forward until length fits into the buffer */
seq = dumper->cur_seq;
idx = dumper->cur_idx;
- while (l > size && seq < dumper->next_seq) {
+ while (l >= size && seq < dumper->next_seq) {
struct printk_log *msg = log_from_idx(idx);
l -= msg_print_text(msg, true, time, NULL, 0);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 221/313] IB/mlx5: Free mpi in mp_slave mode
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (218 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 220/313] printk: Do not lose last line in kmsg buffer dump Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 222/313] IB/hfi1: Define variables as unsigned long to fix KASAN warning Greg Kroah-Hartman
` (96 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Danit Goldberg, Jason Gunthorpe
From: Danit Goldberg <danitg@mellanox.com>
commit 5d44adebbb7e785939df3db36ac360f5e8b73e44 upstream.
ib_add_slave_port() allocates a multiport struct but never frees it.
Don't leak memory, free the allocated mpi struct during driver unload.
Cc: <stable@vger.kernel.org>
Fixes: 32f69e4be269 ("{net, IB}/mlx5: Manage port association for multiport RoCE")
Link: https://lore.kernel.org/r/20190916064818.19823-3-leon@kernel.org
Signed-off-by: Danit Goldberg <danitg@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/mlx5/main.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -6829,6 +6829,7 @@ static void mlx5_ib_remove(struct mlx5_c
mlx5_ib_unbind_slave_port(mpi->ibdev, mpi);
list_del(&mpi->list);
mutex_unlock(&mlx5_ib_multiport_mutex);
+ kfree(mpi);
return;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 222/313] IB/hfi1: Define variables as unsigned long to fix KASAN warning
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (219 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 221/313] IB/mlx5: Free mpi in mp_slave mode Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 223/313] IB/hfi1: Do not update hcrc for a KDETH packet during fault injection Greg Kroah-Hartman
` (95 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marciniszyn, Ira Weiny,
Kaike Wan, Dennis Dalessandro, Jason Gunthorpe
From: Ira Weiny <ira.weiny@intel.com>
commit f8659d68e2bee5b86a1beaf7be42d942e1fc81f4 upstream.
Define the working variables to be unsigned long to be compatible with
for_each_set_bit and change types as needed.
While we are at it remove unused variables from a couple of functions.
This was found because of the following KASAN warning:
==================================================================
BUG: KASAN: stack-out-of-bounds in find_first_bit+0x19/0x70
Read of size 8 at addr ffff888362d778d0 by task kworker/u308:2/1889
CPU: 21 PID: 1889 Comm: kworker/u308:2 Tainted: G W 5.3.0-rc2-mm1+ #2
Hardware name: Intel Corporation W2600CR/W2600CR, BIOS SE5C600.86B.02.04.0003.102320141138 10/23/2014
Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]
Call Trace:
dump_stack+0x9a/0xf0
? find_first_bit+0x19/0x70
print_address_description+0x6c/0x332
? find_first_bit+0x19/0x70
? find_first_bit+0x19/0x70
__kasan_report.cold.6+0x1a/0x3b
? find_first_bit+0x19/0x70
kasan_report+0xe/0x12
find_first_bit+0x19/0x70
pma_get_opa_portstatus+0x5cc/0xa80 [hfi1]
? ret_from_fork+0x3a/0x50
? pma_get_opa_port_ectrs+0x200/0x200 [hfi1]
? stack_trace_consume_entry+0x80/0x80
hfi1_process_mad+0x39b/0x26c0 [hfi1]
? __lock_acquire+0x65e/0x21b0
? clear_linkup_counters+0xb0/0xb0 [hfi1]
? check_chain_key+0x1d7/0x2e0
? lock_downgrade+0x3a0/0x3a0
? match_held_lock+0x2e/0x250
ib_mad_recv_done+0x698/0x15e0 [ib_core]
? clear_linkup_counters+0xb0/0xb0 [hfi1]
? ib_mad_send_done+0xc80/0xc80 [ib_core]
? mark_held_locks+0x79/0xa0
? _raw_spin_unlock_irqrestore+0x44/0x60
? rvt_poll_cq+0x1e1/0x340 [rdmavt]
__ib_process_cq+0x97/0x100 [ib_core]
ib_cq_poll_work+0x31/0xb0 [ib_core]
process_one_work+0x4ee/0xa00
? pwq_dec_nr_in_flight+0x110/0x110
? do_raw_spin_lock+0x113/0x1d0
worker_thread+0x57/0x5a0
? process_one_work+0xa00/0xa00
kthread+0x1bb/0x1e0
? kthread_create_on_node+0xc0/0xc0
ret_from_fork+0x3a/0x50
The buggy address belongs to the page:
page:ffffea000d8b5dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x17ffffc0000000()
raw: 0017ffffc0000000 0000000000000000 ffffea000d8b5dc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
addr ffff888362d778d0 is located in stack of task kworker/u308:2/1889 at offset 32 in frame:
pma_get_opa_portstatus+0x0/0xa80 [hfi1]
this frame has 1 object:
[32, 36) 'vl_select_mask'
Memory state around the buggy address:
ffff888362d77780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888362d77800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff888362d77880: 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 00 00
^
ffff888362d77900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888362d77980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2
==================================================================
Cc: <stable@vger.kernel.org>
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20190911113053.126040.47327.stgit@awfm-01.aw.intel.com
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/mad.c | 45 ++++++++++++++++-----------------------
1 file changed, 19 insertions(+), 26 deletions(-)
--- a/drivers/infiniband/hw/hfi1/mad.c
+++ b/drivers/infiniband/hw/hfi1/mad.c
@@ -2326,7 +2326,7 @@ struct opa_port_status_req {
__be32 vl_select_mask;
};
-#define VL_MASK_ALL 0x000080ff
+#define VL_MASK_ALL 0x00000000000080ffUL
struct opa_port_status_rsp {
__u8 port_num;
@@ -2625,15 +2625,14 @@ static int pma_get_opa_classportinfo(str
}
static void a0_portstatus(struct hfi1_pportdata *ppd,
- struct opa_port_status_rsp *rsp, u32 vl_select_mask)
+ struct opa_port_status_rsp *rsp)
{
if (!is_bx(ppd->dd)) {
unsigned long vl;
u64 sum_vl_xmit_wait = 0;
- u32 vl_all_mask = VL_MASK_ALL;
+ unsigned long vl_all_mask = VL_MASK_ALL;
- for_each_set_bit(vl, (unsigned long *)&(vl_all_mask),
- 8 * sizeof(vl_all_mask)) {
+ for_each_set_bit(vl, &vl_all_mask, BITS_PER_LONG) {
u64 tmp = sum_vl_xmit_wait +
read_port_cntr(ppd, C_TX_WAIT_VL,
idx_from_vl(vl));
@@ -2730,12 +2729,12 @@ static int pma_get_opa_portstatus(struct
(struct opa_port_status_req *)pmp->data;
struct hfi1_devdata *dd = dd_from_ibdev(ibdev);
struct opa_port_status_rsp *rsp;
- u32 vl_select_mask = be32_to_cpu(req->vl_select_mask);
+ unsigned long vl_select_mask = be32_to_cpu(req->vl_select_mask);
unsigned long vl;
size_t response_data_size;
u32 nports = be32_to_cpu(pmp->mad_hdr.attr_mod) >> 24;
u8 port_num = req->port_num;
- u8 num_vls = hweight32(vl_select_mask);
+ u8 num_vls = hweight64(vl_select_mask);
struct _vls_pctrs *vlinfo;
struct hfi1_ibport *ibp = to_iport(ibdev, port);
struct hfi1_pportdata *ppd = ppd_from_ibp(ibp);
@@ -2771,7 +2770,7 @@ static int pma_get_opa_portstatus(struct
hfi1_read_link_quality(dd, &rsp->link_quality_indicator);
- rsp->vl_select_mask = cpu_to_be32(vl_select_mask);
+ rsp->vl_select_mask = cpu_to_be32((u32)vl_select_mask);
rsp->port_xmit_data = cpu_to_be64(read_dev_cntr(dd, C_DC_XMIT_FLITS,
CNTR_INVALID_VL));
rsp->port_rcv_data = cpu_to_be64(read_dev_cntr(dd, C_DC_RCV_FLITS,
@@ -2842,8 +2841,7 @@ static int pma_get_opa_portstatus(struct
* So in the for_each_set_bit() loop below, we don't need
* any additional checks for vl.
*/
- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
- 8 * sizeof(vl_select_mask)) {
+ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
memset(vlinfo, 0, sizeof(*vlinfo));
tmp = read_dev_cntr(dd, C_DC_RX_FLIT_VL, idx_from_vl(vl));
@@ -2884,7 +2882,7 @@ static int pma_get_opa_portstatus(struct
vfi++;
}
- a0_portstatus(ppd, rsp, vl_select_mask);
+ a0_portstatus(ppd, rsp);
if (resp_len)
*resp_len += response_data_size;
@@ -2931,16 +2929,14 @@ static u64 get_error_counter_summary(str
return error_counter_summary;
}
-static void a0_datacounters(struct hfi1_pportdata *ppd, struct _port_dctrs *rsp,
- u32 vl_select_mask)
+static void a0_datacounters(struct hfi1_pportdata *ppd, struct _port_dctrs *rsp)
{
if (!is_bx(ppd->dd)) {
unsigned long vl;
u64 sum_vl_xmit_wait = 0;
- u32 vl_all_mask = VL_MASK_ALL;
+ unsigned long vl_all_mask = VL_MASK_ALL;
- for_each_set_bit(vl, (unsigned long *)&(vl_all_mask),
- 8 * sizeof(vl_all_mask)) {
+ for_each_set_bit(vl, &vl_all_mask, BITS_PER_LONG) {
u64 tmp = sum_vl_xmit_wait +
read_port_cntr(ppd, C_TX_WAIT_VL,
idx_from_vl(vl));
@@ -2995,7 +2991,7 @@ static int pma_get_opa_datacounters(stru
u64 port_mask;
u8 port_num;
unsigned long vl;
- u32 vl_select_mask;
+ unsigned long vl_select_mask;
int vfi;
u16 link_width;
u16 link_speed;
@@ -3073,8 +3069,7 @@ static int pma_get_opa_datacounters(stru
* So in the for_each_set_bit() loop below, we don't need
* any additional checks for vl.
*/
- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
- 8 * sizeof(req->vl_select_mask)) {
+ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
memset(vlinfo, 0, sizeof(*vlinfo));
rsp->vls[vfi].port_vl_xmit_data =
@@ -3122,7 +3117,7 @@ static int pma_get_opa_datacounters(stru
vfi++;
}
- a0_datacounters(ppd, rsp, vl_select_mask);
+ a0_datacounters(ppd, rsp);
if (resp_len)
*resp_len += response_data_size;
@@ -3217,7 +3212,7 @@ static int pma_get_opa_porterrors(struct
struct _vls_ectrs *vlinfo;
unsigned long vl;
u64 port_mask, tmp;
- u32 vl_select_mask;
+ unsigned long vl_select_mask;
int vfi;
req = (struct opa_port_error_counters64_msg *)pmp->data;
@@ -3276,8 +3271,7 @@ static int pma_get_opa_porterrors(struct
vlinfo = &rsp->vls[0];
vfi = 0;
vl_select_mask = be32_to_cpu(req->vl_select_mask);
- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
- 8 * sizeof(req->vl_select_mask)) {
+ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
memset(vlinfo, 0, sizeof(*vlinfo));
rsp->vls[vfi].port_vl_xmit_discards =
cpu_to_be64(read_port_cntr(ppd, C_SW_XMIT_DSCD_VL,
@@ -3488,7 +3482,7 @@ static int pma_set_opa_portstatus(struct
u32 nports = be32_to_cpu(pmp->mad_hdr.attr_mod) >> 24;
u64 portn = be64_to_cpu(req->port_select_mask[3]);
u32 counter_select = be32_to_cpu(req->counter_select_mask);
- u32 vl_select_mask = VL_MASK_ALL; /* clear all per-vl cnts */
+ unsigned long vl_select_mask = VL_MASK_ALL; /* clear all per-vl cnts */
unsigned long vl;
if ((nports != 1) || (portn != 1 << port)) {
@@ -3582,8 +3576,7 @@ static int pma_set_opa_portstatus(struct
if (counter_select & CS_UNCORRECTABLE_ERRORS)
write_dev_cntr(dd, C_DC_UNC_ERR, CNTR_INVALID_VL, 0);
- for_each_set_bit(vl, (unsigned long *)&(vl_select_mask),
- 8 * sizeof(vl_select_mask)) {
+ for_each_set_bit(vl, &vl_select_mask, BITS_PER_LONG) {
if (counter_select & CS_PORT_XMIT_DATA)
write_port_cntr(ppd, C_TX_FLIT_VL, idx_from_vl(vl), 0);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 223/313] IB/hfi1: Do not update hcrc for a KDETH packet during fault injection
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (220 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 222/313] IB/hfi1: Define variables as unsigned long to fix KASAN warning Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 224/313] RDMA: Fix double-free in srq creation error flow Greg Kroah-Hartman
` (94 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marciniszyn, Kaike Wan, Jason Gunthorpe
From: Kaike Wan <kaike.wan@intel.com>
commit b2590bdd0b1dfb91737e6cb07ebb47bd74957f7e upstream.
When a KDETH packet is subject to fault injection during transmission,
HCRC is supposed to be omitted from the packet so that the hardware on the
receiver side would drop the packet. When creating pbc, the PbcInsertHcrc
field is set to be PBC_IHCRC_NONE if the KDETH packet is subject to fault
injection, but overwritten with PBC_IHCRC_LKDETH when update_hcrc() is
called later.
This problem is fixed by not calling update_hcrc() when the packet is
subject to fault injection.
Fixes: 6b6cf9357f78 ("IB/hfi1: Set PbcInsertHcrc for TID RDMA packets")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190715164546.74174.99296.stgit@awfm-01.aw.intel.com
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/verbs.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
--- a/drivers/infiniband/hw/hfi1/verbs.c
+++ b/drivers/infiniband/hw/hfi1/verbs.c
@@ -874,16 +874,17 @@ int hfi1_verbs_send_dma(struct rvt_qp *q
else
pbc |= (ib_is_sc5(sc5) << PBC_DC_INFO_SHIFT);
- if (unlikely(hfi1_dbg_should_fault_tx(qp, ps->opcode)))
- pbc = hfi1_fault_tx(qp, ps->opcode, pbc);
pbc = create_pbc(ppd,
pbc,
qp->srate_mbps,
vl,
plen);
- /* Update HCRC based on packet opcode */
- pbc = update_hcrc(ps->opcode, pbc);
+ if (unlikely(hfi1_dbg_should_fault_tx(qp, ps->opcode)))
+ pbc = hfi1_fault_tx(qp, ps->opcode, pbc);
+ else
+ /* Update HCRC based on packet opcode */
+ pbc = update_hcrc(ps->opcode, pbc);
}
tx->wqe = qp->s_wqe;
ret = build_verbs_tx_desc(tx->sde, len, tx, ahg_info, pbc);
@@ -1030,12 +1031,12 @@ int hfi1_verbs_send_pio(struct rvt_qp *q
else
pbc |= (ib_is_sc5(sc5) << PBC_DC_INFO_SHIFT);
+ pbc = create_pbc(ppd, pbc, qp->srate_mbps, vl, plen);
if (unlikely(hfi1_dbg_should_fault_tx(qp, ps->opcode)))
pbc = hfi1_fault_tx(qp, ps->opcode, pbc);
- pbc = create_pbc(ppd, pbc, qp->srate_mbps, vl, plen);
-
- /* Update HCRC based on packet opcode */
- pbc = update_hcrc(ps->opcode, pbc);
+ else
+ /* Update HCRC based on packet opcode */
+ pbc = update_hcrc(ps->opcode, pbc);
}
if (cb)
iowait_pio_inc(&priv->s_iowait);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 224/313] RDMA: Fix double-free in srq creation error flow
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (221 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 223/313] IB/hfi1: Do not update hcrc for a KDETH packet during fault injection Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 225/313] randstruct: Check member structs in is_pure_ops_struct() Greg Kroah-Hartman
` (93 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jack Morgenstein, Leon Romanovsky,
Jason Gunthorpe
From: Jack Morgenstein <jackm@dev.mellanox.co.il>
commit 3eca7fc2d8d1275d9cf0c709f0937becbfcf6d96 upstream.
The cited commit introduced a double-free of the srq buffer in the error
flow of procedure __uverbs_create_xsrq().
The problem is that ib_destroy_srq_user() called in the error flow also
frees the srq buffer.
Thus, if uverbs_response() fails in __uverbs_create_srq(), the srq buffer
will be freed twice.
Cc: <stable@vger.kernel.org>
Fixes: 68e326dea1db ("RDMA: Handle SRQ allocations by IB/core")
Link: https://lore.kernel.org/r/20190916071154.20383-5-leon@kernel.org
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/core/uverbs_cmd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -3477,7 +3477,8 @@ static int __uverbs_create_xsrq(struct u
err_copy:
ib_destroy_srq_user(srq, uverbs_get_cleared_udata(attrs));
-
+ /* It was released in ib_destroy_srq_user */
+ srq = NULL;
err_free:
kfree(srq);
err_put:
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 225/313] randstruct: Check member structs in is_pure_ops_struct()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (222 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 224/313] RDMA: Fix double-free in srq creation error flow Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 226/313] ARM: dts: am3517-evm: Fix missing video Greg Kroah-Hartman
` (92 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Joonwon Kang, Kees Cook
From: Joonwon Kang <kjw1627@gmail.com>
commit 60f2c82ed20bde57c362e66f796cf9e0e38a6dbb upstream.
While no uses in the kernel triggered this case, it was possible to have
a false negative where a struct contains other structs which contain only
function pointers because of unreachable code in is_pure_ops_struct().
Signed-off-by: Joonwon Kang <kjw1627@gmail.com>
Link: https://lore.kernel.org/r/20190727155841.GA13586@host
Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/gcc-plugins/randomize_layout_plugin.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -443,13 +443,13 @@ static int is_pure_ops_struct(const_tree
if (node == fieldtype)
continue;
- if (!is_fptr(fieldtype))
- return 0;
-
- if (code != RECORD_TYPE && code != UNION_TYPE)
+ if (code == RECORD_TYPE || code == UNION_TYPE) {
+ if (!is_pure_ops_struct(fieldtype))
+ return 0;
continue;
+ }
- if (!is_pure_ops_struct(fieldtype))
+ if (!is_fptr(fieldtype))
return 0;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 226/313] ARM: dts: am3517-evm: Fix missing video
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (223 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 225/313] randstruct: Check member structs in is_pure_ops_struct() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 227/313] rcu/tree: Fix SCHED_FIFO params Greg Kroah-Hartman
` (91 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adam Ford, Tony Lindgren
From: Adam Ford <aford173@gmail.com>
commit 24cf23276a54dd2825d3e3965c1b1b453e2a113d upstream.
A previous commit removed the panel-dpi driver, which made the
video on the AM3517-evm stop working because it relied on the dpi
driver for setting video timings. Now that the simple-panel driver
is available in omap2plus, this patch migrates the am3517-evm
to use a similar panel and remove the manual timing requirements.
Fixes: 8bf4b1621178 ("drm/omap: Remove panel-dpi driver")
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/am3517-evm.dts | 23 ++++-------------------
1 file changed, 4 insertions(+), 19 deletions(-)
--- a/arch/arm/boot/dts/am3517-evm.dts
+++ b/arch/arm/boot/dts/am3517-evm.dts
@@ -124,10 +124,11 @@
};
lcd0: display@0 {
- compatible = "panel-dpi";
+ /* This isn't the exact LCD, but the timings meet spec */
+ /* To make it work, set CONFIG_OMAP2_DSS_MIN_FCK_PER_PCK=4 */
+ compatible = "newhaven,nhd-4.3-480272ef-atxl";
label = "15";
- status = "okay";
- pinctrl-names = "default";
+ backlight = <&bl>;
enable-gpios = <&gpio6 16 GPIO_ACTIVE_HIGH>; /* gpio176, lcd INI */
vcc-supply = <&vdd_io_reg>;
@@ -136,22 +137,6 @@
remote-endpoint = <&dpi_out>;
};
};
-
- panel-timing {
- clock-frequency = <9000000>;
- hactive = <480>;
- vactive = <272>;
- hfront-porch = <3>;
- hback-porch = <2>;
- hsync-len = <42>;
- vback-porch = <3>;
- vfront-porch = <4>;
- vsync-len = <11>;
- hsync-active = <0>;
- vsync-active = <0>;
- de-active = <1>;
- pixelclk-active = <1>;
- };
};
bl: backlight {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 227/313] rcu/tree: Fix SCHED_FIFO params
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (224 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 226/313] ARM: dts: am3517-evm: Fix missing video Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 228/313] ALSA: hda/realtek - PCI quirk for Medion E4254 Greg Kroah-Hartman
` (90 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Paul E. McKenney, Juri Lelli, Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit 130d9c331bc59a8733b47c58ef197a2b1fa3ed43 ]
A rather embarrasing mistake had us call sched_setscheduler() before
initializing the parameters passed to it.
Fixes: 1a763fd7c633 ("rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Paul E. McKenney <paulmck@linux.ibm.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index 32ea75acba144..affa7aae758f3 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3123,13 +3123,13 @@ static int __init rcu_spawn_gp_kthread(void)
t = kthread_create(rcu_gp_kthread, NULL, "%s", rcu_state.name);
if (WARN_ONCE(IS_ERR(t), "%s: Could not start grace-period kthread, OOM is now expected behavior\n", __func__))
return 0;
- if (kthread_prio)
+ if (kthread_prio) {
+ sp.sched_priority = kthread_prio;
sched_setscheduler_nocheck(t, SCHED_FIFO, &sp);
+ }
rnp = rcu_get_root();
raw_spin_lock_irqsave_rcu_node(rnp, flags);
rcu_state.gp_kthread = t;
- if (kthread_prio)
- sp.sched_priority = kthread_prio;
raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
wake_up_process(t);
rcu_spawn_nocb_kthreads();
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 228/313] ALSA: hda/realtek - PCI quirk for Medion E4254
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (225 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 227/313] rcu/tree: Fix SCHED_FIFO params Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 229/313] blk-mq: add callback of .cleanup_rq Greg Kroah-Hartman
` (89 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan-Marek Glogowski, Takashi Iwai,
Sasha Levin
From: Jan-Marek Glogowski <glogow@fbihome.de>
[ Upstream commit bd9c10bc663dd2eaac8fe39dad0f18cd21527446 ]
The laptop has a combined jack to attach headsets on the right.
The BIOS encodes them as two different colored jacks at the front,
but otherwise it seems to be configured ok. But any adaption of
the pins config on its own doesn't fix the jack detection to work
in Linux. Still Windows works correct.
This is somehow fixed by chaining ALC256_FIXUP_ASUS_HEADSET_MODE,
which seems to register the microphone jack as a headset part and
also results in fixing jack sensing, visible in dmesg as:
-snd_hda_codec_realtek hdaudioC0D0: Mic=0x19
+snd_hda_codec_realtek hdaudioC0D0: Headset Mic=0x19
[ Actually the essential change is the location of the jack; the
driver created "Front Mic Jack" without the matching volume / mute
control element due to its jack location, which confused PA.
-- tiwai ]
Signed-off-by: Jan-Marek Glogowski <glogow@fbihome.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/8f4f9b20-0aeb-f8f1-c02f-fd53c09679f1@fbihome.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index d223a79ac934f..36aee8ad20547 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5870,6 +5870,7 @@ enum {
ALC256_FIXUP_ASUS_MIC_NO_PRESENCE,
ALC299_FIXUP_PREDATOR_SPK,
ALC294_FIXUP_ASUS_INTSPK_HEADSET_MIC,
+ ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE,
};
static const struct hda_fixup alc269_fixups[] = {
@@ -6926,6 +6927,16 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC
},
+ [ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x19, 0x04a11040 },
+ { 0x21, 0x04211020 },
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC256_FIXUP_ASUS_HEADSET_MODE
+ },
};
static const struct snd_pci_quirk alc269_fixup_tbl[] = {
@@ -7189,6 +7200,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x9e54, "LENOVO NB", ALC269_FIXUP_LENOVO_EAPD),
SND_PCI_QUIRK(0x19e5, 0x3204, "Huawei MACH-WX9", ALC256_FIXUP_HUAWEI_MACH_WX9_PINS),
SND_PCI_QUIRK(0x1b7d, 0xa831, "Ordissimo EVE2 ", ALC269VB_FIXUP_ORDISSIMO_EVE2), /* Also known as Malata PC-B1303 */
+ SND_PCI_QUIRK(0x10ec, 0x118c, "Medion EE4254 MD62100", ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE),
#if 0
/* Below is a quirk table taken from the old code.
@@ -7357,6 +7369,7 @@ static const struct hda_model_fixup alc269_fixup_models[] = {
{.id = ALC295_FIXUP_CHROME_BOOK, .name = "alc-chrome-book"},
{.id = ALC299_FIXUP_PREDATOR_SPK, .name = "predator-spk"},
{.id = ALC298_FIXUP_HUAWEI_MBX_STEREO, .name = "huawei-mbx-stereo"},
+ {.id = ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE, .name = "alc256-medion-headset"},
{}
};
#define ALC225_STANDARD_PINS \
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 229/313] blk-mq: add callback of .cleanup_rq
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (226 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 228/313] ALSA: hda/realtek - PCI quirk for Medion E4254 Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 230/313] scsi: implement .cleanup_rq callback Greg Kroah-Hartman
` (88 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ewan D. Milne, Bart Van Assche,
Hannes Reinecke, Christoph Hellwig, Mike Snitzer, dm-devel,
Ming Lei, Jens Axboe, Sasha Levin
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit 226b4fc75c78f9c497c5182d939101b260cfb9f3 ]
SCSI maintains its own driver private data hooked off of each SCSI
request, and the pridate data won't be freed after scsi_queue_rq()
returns BLK_STS_RESOURCE or BLK_STS_DEV_RESOURCE. An upper layer driver
(e.g. dm-rq) may need to retry these SCSI requests, before SCSI has
fully dispatched them, due to a lower level SCSI driver's resource
limitation identified in scsi_queue_rq(). Currently SCSI's per-request
private data is leaked when the upper layer driver (dm-rq) frees and
then retries these requests in response to BLK_STS_RESOURCE or
BLK_STS_DEV_RESOURCE returns from scsi_queue_rq().
This usecase is so specialized that it doesn't warrant training an
existing blk-mq interface (e.g. blk_mq_free_request) to allow SCSI to
account for freeing its driver private data -- doing so would add an
extra branch for handling a special case that all other consumers of
SCSI (and blk-mq) won't ever need to worry about.
So the most pragmatic way forward is to delegate freeing SCSI driver
private data to the upper layer driver (dm-rq). Do so by adding
new .cleanup_rq callback and calling a new blk_mq_cleanup_rq() method
from dm-rq. A following commit will implement the .cleanup_rq() hook
in scsi_mq_ops.
Cc: Ewan D. Milne <emilne@redhat.com>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: dm-devel@redhat.com
Cc: <stable@vger.kernel.org>
Fixes: 396eaf21ee17 ("blk-mq: improve DM's blk-mq IO merging via blk_insert_cloned_request feedback")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-rq.c | 1 +
include/linux/blk-mq.h | 13 +++++++++++++
2 files changed, 14 insertions(+)
diff --git a/drivers/md/dm-rq.c b/drivers/md/dm-rq.c
index 5f7063f05ae07..b41ecb451c784 100644
--- a/drivers/md/dm-rq.c
+++ b/drivers/md/dm-rq.c
@@ -408,6 +408,7 @@ static int map_request(struct dm_rq_target_io *tio)
ret = dm_dispatch_clone_request(clone, rq);
if (ret == BLK_STS_RESOURCE || ret == BLK_STS_DEV_RESOURCE) {
blk_rq_unprep_clone(clone);
+ blk_mq_cleanup_rq(clone);
tio->ti->type->release_clone_rq(clone, &tio->info);
tio->clone = NULL;
return DM_MAPIO_REQUEUE;
diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h
index 15d1aa53d96c4..a5a99b43f68e8 100644
--- a/include/linux/blk-mq.h
+++ b/include/linux/blk-mq.h
@@ -140,6 +140,7 @@ typedef int (poll_fn)(struct blk_mq_hw_ctx *);
typedef int (map_queues_fn)(struct blk_mq_tag_set *set);
typedef bool (busy_fn)(struct request_queue *);
typedef void (complete_fn)(struct request *);
+typedef void (cleanup_rq_fn)(struct request *);
struct blk_mq_ops {
@@ -200,6 +201,12 @@ struct blk_mq_ops {
/* Called from inside blk_get_request() */
void (*initialize_rq_fn)(struct request *rq);
+ /*
+ * Called before freeing one request which isn't completed yet,
+ * and usually for freeing the driver private data
+ */
+ cleanup_rq_fn *cleanup_rq;
+
/*
* If set, returns whether or not this queue currently is busy
*/
@@ -366,4 +373,10 @@ static inline blk_qc_t request_to_qc_t(struct blk_mq_hw_ctx *hctx,
BLK_QC_T_INTERNAL;
}
+static inline void blk_mq_cleanup_rq(struct request *rq)
+{
+ if (rq->q->mq_ops->cleanup_rq)
+ rq->q->mq_ops->cleanup_rq(rq);
+}
+
#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 230/313] scsi: implement .cleanup_rq callback
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (227 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 229/313] blk-mq: add callback of .cleanup_rq Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 231/313] powerpc/imc: Dont create debugfs files for cpu-less nodes Greg Kroah-Hartman
` (87 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ewan D. Milne, Bart Van Assche,
Hannes Reinecke, Christoph Hellwig, Mike Snitzer, dm-devel,
Ming Lei, Jens Axboe, Sasha Levin
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit b7e9e1fb7a9227be34ad4a5e778022c3164494cf ]
Implement .cleanup_rq() callback for freeing driver private part
of the request. Then we can avoid to leak this part if the request isn't
completed by SCSI, and freed by blk-mq or upper layer(such as dm-rq) finally.
Cc: Ewan D. Milne <emilne@redhat.com>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: dm-devel@redhat.com
Cc: <stable@vger.kernel.org>
Fixes: 396eaf21ee17 ("blk-mq: improve DM's blk-mq IO merging via blk_insert_cloned_request feedback")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_lib.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 40f392569664b..506062081d8e2 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1073,6 +1073,18 @@ static void scsi_initialize_rq(struct request *rq)
cmd->retries = 0;
}
+/*
+ * Only called when the request isn't completed by SCSI, and not freed by
+ * SCSI
+ */
+static void scsi_cleanup_rq(struct request *rq)
+{
+ if (rq->rq_flags & RQF_DONTPREP) {
+ scsi_mq_uninit_cmd(blk_mq_rq_to_pdu(rq));
+ rq->rq_flags &= ~RQF_DONTPREP;
+ }
+}
+
/* Add a command to the list used by the aacraid and dpt_i2o drivers */
void scsi_add_cmd_to_list(struct scsi_cmnd *cmd)
{
@@ -1800,6 +1812,7 @@ static const struct blk_mq_ops scsi_mq_ops = {
.init_request = scsi_mq_init_request,
.exit_request = scsi_mq_exit_request,
.initialize_rq_fn = scsi_initialize_rq,
+ .cleanup_rq = scsi_cleanup_rq,
.busy = scsi_mq_lld_busy,
.map_queues = scsi_map_queues,
};
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 231/313] powerpc/imc: Dont create debugfs files for cpu-less nodes
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (228 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 230/313] scsi: implement .cleanup_rq callback Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 232/313] tpm_tis_core: Turn on the TPM before probing IRQs Greg Kroah-Hartman
` (86 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qian Cai, Michael Ellerman,
Madhavan Srinivasan, Jan Stancek
From: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
commit 41ba17f20ea835c489e77bd54e2da73184e22060 upstream.
Commit <684d984038aa> ('powerpc/powernv: Add debugfs interface for
imc-mode and imc') added debugfs interface for the nest imc pmu
devices to support changing of different ucode modes. Primarily adding
this capability for debug. But when doing so, the code did not
consider the case of cpu-less nodes. So when reading the _cmd_ or
_mode_ file of a cpu-less node will create this crash.
Faulting instruction address: 0xc0000000000d0d58
Oops: Kernel access of bad area, sig: 11 [#1]
...
CPU: 67 PID: 5301 Comm: cat Not tainted 5.2.0-rc6-next-20190627+ #19
NIP: c0000000000d0d58 LR: c00000000049aa18 CTR:c0000000000d0d50
REGS: c00020194548f9e0 TRAP: 0300 Not tainted (5.2.0-rc6-next-20190627+)
MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR:28022822 XER: 00000000
CFAR: c00000000049aa14 DAR: 000000000003fc08 DSISR:40000000 IRQMASK: 0
...
NIP imc_mem_get+0x8/0x20
LR simple_attr_read+0x118/0x170
Call Trace:
simple_attr_read+0x70/0x170 (unreliable)
debugfs_attr_read+0x6c/0xb0
__vfs_read+0x3c/0x70
vfs_read+0xbc/0x1a0
ksys_read+0x7c/0x140
system_call+0x5c/0x70
Patch fixes the issue with a more robust check for vbase to NULL.
Before patch, ls output for the debugfs imc directory
# ls /sys/kernel/debug/powerpc/imc/
imc_cmd_0 imc_cmd_251 imc_cmd_253 imc_cmd_255 imc_mode_0 imc_mode_251 imc_mode_253 imc_mode_255
imc_cmd_250 imc_cmd_252 imc_cmd_254 imc_cmd_8 imc_mode_250 imc_mode_252 imc_mode_254 imc_mode_8
After patch, ls output for the debugfs imc directory
# ls /sys/kernel/debug/powerpc/imc/
imc_cmd_0 imc_cmd_8 imc_mode_0 imc_mode_8
Actual bug here is that, we have two loops with potentially different
loop counts. That is, in imc_get_mem_addr_nest(), loop count is
obtained from the dt entries. But in case of export_imc_mode_and_cmd(),
loop was based on for_each_nid() count. Patch fixes the loop count in
latter based on the struct mem_info. Ideally it would be better to
have array size in struct imc_pmu.
Fixes: 684d984038aa ('powerpc/powernv: Add debugfs interface for imc-mode and imc')
Reported-by: Qian Cai <cai@lca.pw>
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190827101635.6942-1-maddy@linux.vnet.ibm.com
Cc: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/powernv/opal-imc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/arch/powerpc/platforms/powernv/opal-imc.c
+++ b/arch/powerpc/platforms/powernv/opal-imc.c
@@ -53,9 +53,9 @@ static void export_imc_mode_and_cmd(stru
struct imc_pmu *pmu_ptr)
{
static u64 loc, *imc_mode_addr, *imc_cmd_addr;
- int chip = 0, nid;
char mode[16], cmd[16];
u32 cb_offset;
+ struct imc_mem_info *ptr = pmu_ptr->mem_info;
imc_debugfs_parent = debugfs_create_dir("imc", powerpc_debugfs_root);
@@ -69,20 +69,20 @@ static void export_imc_mode_and_cmd(stru
if (of_property_read_u32(node, "cb_offset", &cb_offset))
cb_offset = IMC_CNTL_BLK_OFFSET;
- for_each_node(nid) {
- loc = (u64)(pmu_ptr->mem_info[chip].vbase) + cb_offset;
+ while (ptr->vbase != NULL) {
+ loc = (u64)(ptr->vbase) + cb_offset;
imc_mode_addr = (u64 *)(loc + IMC_CNTL_BLK_MODE_OFFSET);
- sprintf(mode, "imc_mode_%d", nid);
+ sprintf(mode, "imc_mode_%d", (u32)(ptr->id));
if (!imc_debugfs_create_x64(mode, 0600, imc_debugfs_parent,
imc_mode_addr))
goto err;
imc_cmd_addr = (u64 *)(loc + IMC_CNTL_BLK_CMD_OFFSET);
- sprintf(cmd, "imc_cmd_%d", nid);
+ sprintf(cmd, "imc_cmd_%d", (u32)(ptr->id));
if (!imc_debugfs_create_x64(cmd, 0600, imc_debugfs_parent,
imc_cmd_addr))
goto err;
- chip++;
+ ptr++;
}
return;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 232/313] tpm_tis_core: Turn on the TPM before probing IRQs
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (229 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 231/313] powerpc/imc: Dont create debugfs files for cpu-less nodes Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 233/313] tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts Greg Kroah-Hartman
` (85 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-stable, Stefan Berger, Jarkko Sakkinen
From: Stefan Berger <stefanb@linux.ibm.com>
commit 5b359c7c43727e624eac3efc7ad21bd2defea161 upstream.
The interrupt probing sequence in tpm_tis_core cannot obviously run with
the TPM power gated. Power on the TPM with tpm_chip_start() before
probing IRQ's. Turn it off once the probing is complete.
Cc: linux-stable@vger.kernel.org
Fixes: a3fbfae82b4c ("tpm: take TPM chip power gating out of tpm_transmit()")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm_tis_core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -980,6 +980,7 @@ int tpm_tis_core_init(struct device *dev
goto out_err;
}
+ tpm_chip_start(chip);
if (irq) {
tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
irq);
@@ -989,6 +990,7 @@ int tpm_tis_core_init(struct device *dev
} else {
tpm_tis_probe_irq(chip, intmask);
}
+ tpm_chip_stop(chip);
}
rc = tpm_chip_register(chip);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 233/313] tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (230 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 232/313] tpm_tis_core: Turn on the TPM before probing IRQs Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 234/313] tpm: Wrap the buffer from the caller to tpm_buf in tpm_send() Greg Kroah-Hartman
` (84 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, linux-stable, Stefan Berger, Jarkko Sakkinen
From: Stefan Berger <stefanb@linux.ibm.com>
commit 1ea32c83c699df32689d329b2415796b7bfc2f6e upstream.
The tpm_tis_core has to set the TPM_CHIP_FLAG_IRQ before probing for
interrupts since there is no other place in the code that would set
it.
Cc: linux-stable@vger.kernel.org
Fixes: 570a36097f30 ("tpm: drop 'irq' from struct tpm_vendor_specific")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm_tis_core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -981,6 +981,7 @@ int tpm_tis_core_init(struct device *dev
}
tpm_chip_start(chip);
+ chip->flags |= TPM_CHIP_FLAG_IRQ;
if (irq) {
tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
irq);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 234/313] tpm: Wrap the buffer from the caller to tpm_buf in tpm_send()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (231 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 233/313] tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 235/313] fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock Greg Kroah-Hartman
` (83 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mimi Zohar, Jarkko Sakkinen,
Jerry Snitselaar
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
commit e13cd21ffd50a07b55dcc4d8c38cedf27f28eaa1 upstream.
tpm_send() does not give anymore the result back to the caller. This
would require another memcpy(), which kind of tells that the whole
approach is somewhat broken. Instead, as Mimi suggested, this commit
just wraps the data to the tpm_buf, and thus the result will not go to
the garbage.
Obviously this assumes from the caller that it passes large enough
buffer, which makes the whole API somewhat broken because it could be
different size than @buflen but since trusted keys is the only module
using this API right now I think that this fix is sufficient for the
moment.
In the near future the plan is to replace the parameters with a tpm_buf
created by the caller.
Reported-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: stable@vger.kernel.org
Fixes: 412eb585587a ("use tpm_buf in tpm_transmit_cmd() as the IO parameter")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm-interface.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -354,14 +354,9 @@ int tpm_send(struct tpm_chip *chip, void
if (!chip)
return -ENODEV;
- rc = tpm_buf_init(&buf, 0, 0);
- if (rc)
- goto out;
-
- memcpy(buf.data, cmd, buflen);
+ buf.data = cmd;
rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to a send a command");
- tpm_buf_destroy(&buf);
-out:
+
tpm_put_ops(chip);
return rc;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 235/313] fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (232 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 234/313] tpm: Wrap the buffer from the caller to tpm_buf in tpm_send() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 236/313] fuse: fix missing unlock_page in fuse_writepage() Greg Kroah-Hartman
` (82 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+af05535bb79520f95431,
syzbot+d86c4426a01f60feddc7, Christoph Hellwig, Eric Biggers,
Miklos Szeredi
From: Eric Biggers <ebiggers@google.com>
commit 76e43c8ccaa35c30d5df853013561145a0f750a5 upstream.
When IOCB_CMD_POLL is used on the FUSE device, aio_poll() disables IRQs
and takes kioctx::ctx_lock, then fuse_iqueue::waitq.lock.
This may have to wait for fuse_iqueue::waitq.lock to be released by one
of many places that take it with IRQs enabled. Since the IRQ handler
may take kioctx::ctx_lock, lockdep reports that a deadlock is possible.
Fix it by protecting the state of struct fuse_iqueue with a separate
spinlock, and only accessing fuse_iqueue::waitq using the versions of
the waitqueue functions which do IRQ-safe locking internally.
Reproducer:
#include <fcntl.h>
#include <stdio.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <linux/aio_abi.h>
int main()
{
char opts[128];
int fd = open("/dev/fuse", O_RDWR);
aio_context_t ctx = 0;
struct iocb cb = { .aio_lio_opcode = IOCB_CMD_POLL, .aio_fildes = fd };
struct iocb *cbp = &cb;
sprintf(opts, "fd=%d,rootmode=040000,user_id=0,group_id=0", fd);
mkdir("mnt", 0700);
mount("foo", "mnt", "fuse", 0, opts);
syscall(__NR_io_setup, 1, &ctx);
syscall(__NR_io_submit, ctx, 1, &cbp);
}
Beginning of lockdep output:
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.3.0-rc5 #9 Not tainted
-----------------------------------------------------
syz_fuse/135 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
000000003590ceda (&fiq->waitq){+.+.}, at: spin_lock include/linux/spinlock.h:338 [inline]
000000003590ceda (&fiq->waitq){+.+.}, at: aio_poll fs/aio.c:1751 [inline]
000000003590ceda (&fiq->waitq){+.+.}, at: __io_submit_one.constprop.0+0x203/0x5b0 fs/aio.c:1825
and this task is already holding:
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq include/linux/spinlock.h:363 [inline]
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll fs/aio.c:1749 [inline]
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: __io_submit_one.constprop.0+0x1f4/0x5b0 fs/aio.c:1825
which would create a new lock dependency:
(&(&ctx->ctx_lock)->rlock){..-.} -> (&fiq->waitq){+.+.}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&(&ctx->ctx_lock)->rlock){..-.}
[...]
Reported-by: syzbot+af05535bb79520f95431@syzkaller.appspotmail.com
Reported-by: syzbot+d86c4426a01f60feddc7@syzkaller.appspotmail.com
Fixes: bfe4037e722e ("aio: implement IOCB_CMD_POLL")
Cc: <stable@vger.kernel.org> # v4.19+
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/dev.c | 93 ++++++++++++++++++++++++++++---------------------------
fs/fuse/fuse_i.h | 3 +
fs/fuse/inode.c | 1
3 files changed, 52 insertions(+), 45 deletions(-)
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -377,7 +377,7 @@ static void queue_request(struct fuse_iq
req->in.h.len = sizeof(struct fuse_in_header) +
len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
list_add_tail(&req->list, &fiq->pending);
- wake_up_locked(&fiq->waitq);
+ wake_up(&fiq->waitq);
kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
}
@@ -389,16 +389,16 @@ void fuse_queue_forget(struct fuse_conn
forget->forget_one.nodeid = nodeid;
forget->forget_one.nlookup = nlookup;
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
if (fiq->connected) {
fiq->forget_list_tail->next = forget;
fiq->forget_list_tail = forget;
- wake_up_locked(&fiq->waitq);
+ wake_up(&fiq->waitq);
kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
} else {
kfree(forget);
}
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
}
static void flush_bg_queue(struct fuse_conn *fc)
@@ -412,10 +412,10 @@ static void flush_bg_queue(struct fuse_c
req = list_first_entry(&fc->bg_queue, struct fuse_req, list);
list_del(&req->list);
fc->active_background++;
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
req->in.h.unique = fuse_get_unique(fiq);
queue_request(fiq, req);
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
}
}
@@ -439,9 +439,9 @@ static void request_end(struct fuse_conn
* smp_mb() from queue_interrupt().
*/
if (!list_empty(&req->intr_entry)) {
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
list_del_init(&req->intr_entry);
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
}
WARN_ON(test_bit(FR_PENDING, &req->flags));
WARN_ON(test_bit(FR_SENT, &req->flags));
@@ -483,10 +483,10 @@ put_request:
static int queue_interrupt(struct fuse_iqueue *fiq, struct fuse_req *req)
{
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
/* Check for we've sent request to interrupt this req */
if (unlikely(!test_bit(FR_INTERRUPTED, &req->flags))) {
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
return -EINVAL;
}
@@ -499,13 +499,13 @@ static int queue_interrupt(struct fuse_i
smp_mb();
if (test_bit(FR_FINISHED, &req->flags)) {
list_del_init(&req->intr_entry);
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
return 0;
}
- wake_up_locked(&fiq->waitq);
+ wake_up(&fiq->waitq);
kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
}
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
return 0;
}
@@ -535,16 +535,16 @@ static void request_wait_answer(struct f
if (!err)
return;
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
/* Request is not yet in userspace, bail out */
if (test_bit(FR_PENDING, &req->flags)) {
list_del(&req->list);
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
__fuse_put_request(req);
req->out.h.error = -EINTR;
return;
}
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
}
/*
@@ -559,9 +559,9 @@ static void __fuse_request_send(struct f
struct fuse_iqueue *fiq = &fc->iq;
BUG_ON(test_bit(FR_BACKGROUND, &req->flags));
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
if (!fiq->connected) {
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
req->out.h.error = -ENOTCONN;
} else {
req->in.h.unique = fuse_get_unique(fiq);
@@ -569,7 +569,7 @@ static void __fuse_request_send(struct f
/* acquire extra reference, since request is still needed
after request_end() */
__fuse_get_request(req);
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
request_wait_answer(fc, req);
/* Pairs with smp_wmb() in request_end() */
@@ -700,12 +700,12 @@ static int fuse_request_send_notify_repl
__clear_bit(FR_ISREPLY, &req->flags);
req->in.h.unique = unique;
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
if (fiq->connected) {
queue_request(fiq, req);
err = 0;
}
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
return err;
}
@@ -1149,12 +1149,12 @@ static int request_pending(struct fuse_i
* Unlike other requests this is assembled on demand, without a need
* to allocate a separate fuse_req structure.
*
- * Called with fiq->waitq.lock held, releases it
+ * Called with fiq->lock held, releases it
*/
static int fuse_read_interrupt(struct fuse_iqueue *fiq,
struct fuse_copy_state *cs,
size_t nbytes, struct fuse_req *req)
-__releases(fiq->waitq.lock)
+__releases(fiq->lock)
{
struct fuse_in_header ih;
struct fuse_interrupt_in arg;
@@ -1169,7 +1169,7 @@ __releases(fiq->waitq.lock)
ih.unique = (req->in.h.unique | FUSE_INT_REQ_BIT);
arg.unique = req->in.h.unique;
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
if (nbytes < reqsize)
return -EINVAL;
@@ -1206,7 +1206,7 @@ static struct fuse_forget_link *dequeue_
static int fuse_read_single_forget(struct fuse_iqueue *fiq,
struct fuse_copy_state *cs,
size_t nbytes)
-__releases(fiq->waitq.lock)
+__releases(fiq->lock)
{
int err;
struct fuse_forget_link *forget = dequeue_forget(fiq, 1, NULL);
@@ -1220,7 +1220,7 @@ __releases(fiq->waitq.lock)
.len = sizeof(ih) + sizeof(arg),
};
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
kfree(forget);
if (nbytes < ih.len)
return -EINVAL;
@@ -1238,7 +1238,7 @@ __releases(fiq->waitq.lock)
static int fuse_read_batch_forget(struct fuse_iqueue *fiq,
struct fuse_copy_state *cs, size_t nbytes)
-__releases(fiq->waitq.lock)
+__releases(fiq->lock)
{
int err;
unsigned max_forgets;
@@ -1252,13 +1252,13 @@ __releases(fiq->waitq.lock)
};
if (nbytes < ih.len) {
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
return -EINVAL;
}
max_forgets = (nbytes - ih.len) / sizeof(struct fuse_forget_one);
head = dequeue_forget(fiq, max_forgets, &count);
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
arg.count = count;
ih.len += count * sizeof(struct fuse_forget_one);
@@ -1288,7 +1288,7 @@ __releases(fiq->waitq.lock)
static int fuse_read_forget(struct fuse_conn *fc, struct fuse_iqueue *fiq,
struct fuse_copy_state *cs,
size_t nbytes)
-__releases(fiq->waitq.lock)
+__releases(fiq->lock)
{
if (fc->minor < 16 || fiq->forget_list_head.next->next == NULL)
return fuse_read_single_forget(fiq, cs, nbytes);
@@ -1318,16 +1318,19 @@ static ssize_t fuse_dev_do_read(struct f
unsigned int hash;
restart:
- spin_lock(&fiq->waitq.lock);
- err = -EAGAIN;
- if ((file->f_flags & O_NONBLOCK) && fiq->connected &&
- !request_pending(fiq))
- goto err_unlock;
+ for (;;) {
+ spin_lock(&fiq->lock);
+ if (!fiq->connected || request_pending(fiq))
+ break;
+ spin_unlock(&fiq->lock);
- err = wait_event_interruptible_exclusive_locked(fiq->waitq,
+ if (file->f_flags & O_NONBLOCK)
+ return -EAGAIN;
+ err = wait_event_interruptible_exclusive(fiq->waitq,
!fiq->connected || request_pending(fiq));
- if (err)
- goto err_unlock;
+ if (err)
+ return err;
+ }
if (!fiq->connected) {
err = fc->aborted ? -ECONNABORTED : -ENODEV;
@@ -1351,7 +1354,7 @@ static ssize_t fuse_dev_do_read(struct f
req = list_entry(fiq->pending.next, struct fuse_req, list);
clear_bit(FR_PENDING, &req->flags);
list_del_init(&req->list);
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
in = &req->in;
reqsize = in->h.len;
@@ -1409,7 +1412,7 @@ out_end:
return err;
err_unlock:
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
return err;
}
@@ -2121,12 +2124,12 @@ static __poll_t fuse_dev_poll(struct fil
fiq = &fud->fc->iq;
poll_wait(file, &fiq->waitq, wait);
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
if (!fiq->connected)
mask = EPOLLERR;
else if (request_pending(fiq))
mask |= EPOLLIN | EPOLLRDNORM;
- spin_unlock(&fiq->waitq.lock);
+ spin_unlock(&fiq->lock);
return mask;
}
@@ -2221,15 +2224,15 @@ void fuse_abort_conn(struct fuse_conn *f
flush_bg_queue(fc);
spin_unlock(&fc->bg_lock);
- spin_lock(&fiq->waitq.lock);
+ spin_lock(&fiq->lock);
fiq->connected = 0;
list_for_each_entry(req, &fiq->pending, list)
clear_bit(FR_PENDING, &req->flags);
list_splice_tail_init(&fiq->pending, &to_end);
while (forget_pending(fiq))
kfree(dequeue_forget(fiq, 1, NULL));
- wake_up_all_locked(&fiq->waitq);
- spin_unlock(&fiq->waitq.lock);
+ wake_up_all(&fiq->waitq);
+ spin_unlock(&fiq->lock);
kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
end_polls(fc);
wake_up_all(&fc->blocked_waitq);
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -450,6 +450,9 @@ struct fuse_iqueue {
/** Connection established */
unsigned connected;
+ /** Lock protecting accesses to members of this structure */
+ spinlock_t lock;
+
/** Readers of the connection are waiting on this */
wait_queue_head_t waitq;
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -582,6 +582,7 @@ static int fuse_show_options(struct seq_
static void fuse_iqueue_init(struct fuse_iqueue *fiq)
{
memset(fiq, 0, sizeof(struct fuse_iqueue));
+ spin_lock_init(&fiq->lock);
init_waitqueue_head(&fiq->waitq);
INIT_LIST_HEAD(&fiq->pending);
INIT_LIST_HEAD(&fiq->interrupts);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 236/313] fuse: fix missing unlock_page in fuse_writepage()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (233 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 235/313] fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 237/313] fuse: fix beyond-end-of-page access in fuse_parse_cache() Greg Kroah-Hartman
` (81 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vasily Averin, Miklos Szeredi
From: Vasily Averin <vvs@virtuozzo.com>
commit d5880c7a8620290a6c90ced7a0e8bd0ad9419601 upstream.
unlock_page() was missing in case of an already in-flight write against the
same page.
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Fixes: ff17be086477 ("fuse: writepage: skip already in flight")
Cc: <stable@vger.kernel.org> # v3.13
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/file.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1767,6 +1767,7 @@ static int fuse_writepage(struct page *p
WARN_ON(wbc->sync_mode == WB_SYNC_ALL);
redirty_page_for_writepage(wbc, page);
+ unlock_page(page);
return 0;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 237/313] fuse: fix beyond-end-of-page access in fuse_parse_cache()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (234 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 236/313] fuse: fix missing unlock_page in fuse_writepage() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 238/313] parisc: Disable HP HSC-PCI Cards to prevent kernel crash Greg Kroah-Hartman
` (80 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tejun Heo, Miklos Szeredi
From: Tejun Heo <tj@kernel.org>
commit e5854b1cdf6cb48a20e01e3bdad0476a4c60a077 upstream.
With DEBUG_PAGEALLOC on, the following triggers.
BUG: unable to handle page fault for address: ffff88859367c000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 3001067 P4D 3001067 PUD 406d3a8067 PMD 406d30c067 PTE 800ffffa6c983060
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
CPU: 38 PID: 3110657 Comm: python2.7
RIP: 0010:fuse_readdir+0x88f/0xe7a [fuse]
Code: 49 8b 4d 08 49 39 4e 60 0f 84 44 04 00 00 48 8b 43 08 43 8d 1c 3c 4d 01 7e 68 49 89 dc 48 03 5c 24 38 49 89 46 60 8b 44 24 30 <8b> 4b 10 44 29 e0 48 89 ca 48 83 c1 1f 48 83 e1 f8 83 f8 17 49 89
RSP: 0018:ffffc90035edbde0 EFLAGS: 00010286
RAX: 0000000000001000 RBX: ffff88859367bff0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88859367bfed RDI: 0000000000920907
RBP: ffffc90035edbe90 R08: 000000000000014b R09: 0000000000000004
R10: ffff88859367b000 R11: 0000000000000000 R12: 0000000000000ff0
R13: ffffc90035edbee0 R14: ffff889fb8546180 R15: 0000000000000020
FS: 00007f80b5f4a740(0000) GS:ffff889fffa00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88859367c000 CR3: 0000001c170c2001 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
iterate_dir+0x122/0x180
__x64_sys_getdents+0xa6/0x140
do_syscall_64+0x42/0x100
entry_SYSCALL_64_after_hwframe+0x44/0xa9
It's in fuse_parse_cache(). %rbx (ffff88859367bff0) is fuse_dirent
pointer - addr + offset. FUSE_DIRENT_SIZE() is trying to dereference
namelen off of it but that derefs into the next page which is disabled
by pagealloc debug causing a PF.
This is caused by dirent->namelen being accessed before ensuring that
there's enough bytes in the page for the dirent. Fix it by pushing
down reclen calculation.
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes: 5d7bc7e8680c ("fuse: allow using readdir cache")
Cc: stable@vger.kernel.org # v4.20+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/readdir.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/fuse/readdir.c
+++ b/fs/fuse/readdir.c
@@ -372,11 +372,13 @@ static enum fuse_parse_result fuse_parse
for (;;) {
struct fuse_dirent *dirent = addr + offset;
unsigned int nbytes = size - offset;
- size_t reclen = FUSE_DIRENT_SIZE(dirent);
+ size_t reclen;
if (nbytes < FUSE_NAME_OFFSET || !dirent->namelen)
break;
+ reclen = FUSE_DIRENT_SIZE(dirent); /* derefs ->namelen */
+
if (WARN_ON(dirent->namelen > FUSE_NAME_MAX))
return FOUND_ERR;
if (WARN_ON(reclen > nbytes))
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 238/313] parisc: Disable HP HSC-PCI Cards to prevent kernel crash
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (235 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 237/313] fuse: fix beyond-end-of-page access in fuse_parse_cache() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 239/313] platform/x86: intel_int0002_vgpio: Fix wakeups not working on Cherry Trail Greg Kroah-Hartman
` (79 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller, Phil Scarr
From: Helge Deller <deller@gmx.de>
commit 5fa1659105fac63e0f3c199b476025c2e04111ce upstream.
The HP Dino PCI controller chip can be used in two variants: as on-board
controller (e.g. in B160L), or on an Add-On card ("Card-Mode") to bridge
PCI components to systems without a PCI bus, e.g. to a HSC/GSC bus. One
such Add-On card is the HP HSC-PCI Card which has one or more DEC Tulip
PCI NIC chips connected to the on-card Dino PCI controller.
Dino in Card-Mode has a big disadvantage: All PCI memory accesses need
to go through the DINO_MEM_DATA register, so Linux drivers will not be
able to use the ioremap() function. Without ioremap() many drivers will
not work, one example is the tulip driver which then simply crashes the
kernel if it tries to access the ports on the HP HSC card.
This patch disables the HP HSC card if it finds one, and as such
fixes the kernel crash on a HP D350/2 machine.
Signed-off-by: Helge Deller <deller@gmx.de>
Noticed-by: Phil Scarr <phil.scarr@pm.me>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/parisc/dino.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
--- a/drivers/parisc/dino.c
+++ b/drivers/parisc/dino.c
@@ -156,6 +156,15 @@ static inline struct dino_device *DINO_D
return container_of(hba, struct dino_device, hba);
}
+/* Check if PCI device is behind a Card-mode Dino. */
+static int pci_dev_is_behind_card_dino(struct pci_dev *dev)
+{
+ struct dino_device *dino_dev;
+
+ dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge));
+ return is_card_dino(&dino_dev->hba.dev->id);
+}
+
/*
* Dino Configuration Space Accessor Functions
*/
@@ -437,6 +446,21 @@ static void quirk_cirrus_cardbus(struct
}
DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_CIRRUS, PCI_DEVICE_ID_CIRRUS_6832, quirk_cirrus_cardbus );
+#ifdef CONFIG_TULIP
+static void pci_fixup_tulip(struct pci_dev *dev)
+{
+ if (!pci_dev_is_behind_card_dino(dev))
+ return;
+ if (!(pci_resource_flags(dev, 1) & IORESOURCE_MEM))
+ return;
+ pr_warn("%s: HP HSC-PCI Cards with card-mode Dino not yet supported.\n",
+ pci_name(dev));
+ /* Disable this card by zeroing the PCI resources */
+ memset(&dev->resource[0], 0, sizeof(dev->resource[0]));
+ memset(&dev->resource[1], 0, sizeof(dev->resource[1]));
+}
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_DEC, PCI_ANY_ID, pci_fixup_tulip);
+#endif /* CONFIG_TULIP */
static void __init
dino_bios_init(void)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 239/313] platform/x86: intel_int0002_vgpio: Fix wakeups not working on Cherry Trail
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (236 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 238/313] parisc: Disable HP HSC-PCI Cards to prevent kernel crash Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 240/313] KVM: x86: always stop emulation on page fault Greg Kroah-Hartman
` (78 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko
From: Hans de Goede <hdegoede@redhat.com>
commit 1bd43d0077b9a32a8b8059036471f3fc82dae342 upstream.
Commit 871f1f2bcb01 ("platform/x86: intel_int0002_vgpio: Only implement
irq_set_wake on Bay Trail") removed the irq_set_wake method from the
struct irq_chip used on Cherry Trail, but it did not set
IRQCHIP_SKIP_SET_WAKE causing kernel/irq/manage.c: set_irq_wake_real()
to return -ENXIO.
This causes the kernel to no longer see PME events reported through the
INT0002 device as wakeup events. Which e.g. breaks wakeup by the (USB)
keyboard on many Cherry Trail 2-in-1 devices.
Cc: stable@vger.kernel.org
Fixes: 871f1f2bcb01 ("platform/x86: intel_int0002_vgpio: Only implement irq_set_wake on Bay Trail")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/intel_int0002_vgpio.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/platform/x86/intel_int0002_vgpio.c
+++ b/drivers/platform/x86/intel_int0002_vgpio.c
@@ -155,6 +155,7 @@ static struct irq_chip int0002_cht_irqch
* No set_wake, on CHT the IRQ is typically shared with the ACPI SCI
* and we don't want to mess with the ACPI SCI irq settings.
*/
+ .flags = IRQCHIP_SKIP_SET_WAKE,
};
static int int0002_probe(struct platform_device *pdev)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 240/313] KVM: x86: always stop emulation on page fault
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (237 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 239/313] platform/x86: intel_int0002_vgpio: Fix wakeups not working on Cherry Trail Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 241/313] KVM: x86: set ctxt->have_exception in x86_decode_insn() Greg Kroah-Hartman
` (77 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Denis Lunev, Roman Kagan,
Denis Plotnikov, Jan Dakinevich, Paolo Bonzini
From: Jan Dakinevich <jan.dakinevich@virtuozzo.com>
commit 8530a79c5a9f4e29e6ffb35ec1a79d81f4968ec8 upstream.
inject_emulated_exception() returns true if and only if nested page
fault happens. However, page fault can come from guest page tables
walk, either nested or not nested. In both cases we should stop an
attempt to read under RIP and give guest to step over its own page
fault handler.
This is also visible when an emulated instruction causes a #GP fault
and the VMware backdoor is enabled. To handle the VMware backdoor,
KVM intercepts #GP faults; with only the next patch applied,
x86_emulate_instruction() injects a #GP but returns EMULATE_FAIL
instead of EMULATE_DONE. EMULATE_FAIL causes handle_exception_nmi()
(or gp_interception() for SVM) to re-inject the original #GP because it
thinks emulation failed due to a non-VMware opcode. This patch prevents
the issue as x86_emulate_instruction() will return EMULATE_DONE after
injecting the #GP.
Fixes: 6ea6e84309ca ("KVM: x86: inject exceptions produced by x86_decode_insn")
Cc: stable@vger.kernel.org
Cc: Denis Lunev <den@virtuozzo.com>
Cc: Roman Kagan <rkagan@virtuozzo.com>
Cc: Denis Plotnikov <dplotnikov@virtuozzo.com>
Signed-off-by: Jan Dakinevich <jan.dakinevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6481,8 +6481,10 @@ int x86_emulate_instruction(struct kvm_v
if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
emulation_type))
return EMULATE_DONE;
- if (ctxt->have_exception && inject_emulated_exception(vcpu))
+ if (ctxt->have_exception) {
+ inject_emulated_exception(vcpu);
return EMULATE_DONE;
+ }
if (emulation_type & EMULTYPE_SKIP)
return EMULATE_FAIL;
return handle_emulation_failure(vcpu, emulation_type);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 241/313] KVM: x86: set ctxt->have_exception in x86_decode_insn()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (238 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 240/313] KVM: x86: always stop emulation on page fault Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 242/313] KVM: x86: Manually calculate reserved bits when loading PDPTRS Greg Kroah-Hartman
` (76 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Denis Lunev, Roman Kagan,
Denis Plotnikov, Jan Dakinevich, Paolo Bonzini
From: Jan Dakinevich <jan.dakinevich@virtuozzo.com>
commit c8848cee74ff05638e913582a476bde879c968ad upstream.
x86_emulate_instruction() takes into account ctxt->have_exception flag
during instruction decoding, but in practice this flag is never set in
x86_decode_insn().
Fixes: 6ea6e84309ca ("KVM: x86: inject exceptions produced by x86_decode_insn")
Cc: stable@vger.kernel.org
Cc: Denis Lunev <den@virtuozzo.com>
Cc: Roman Kagan <rkagan@virtuozzo.com>
Cc: Denis Plotnikov <dplotnikov@virtuozzo.com>
Signed-off-by: Jan Dakinevich <jan.dakinevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 2 ++
arch/x86/kvm/x86.c | 6 ++++++
2 files changed, 8 insertions(+)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -5377,6 +5377,8 @@ done_prefixes:
ctxt->memopp->addr.mem.ea + ctxt->_eip);
done:
+ if (rc == X86EMUL_PROPAGATE_FAULT)
+ ctxt->have_exception = true;
return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
}
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6482,6 +6482,12 @@ int x86_emulate_instruction(struct kvm_v
emulation_type))
return EMULATE_DONE;
if (ctxt->have_exception) {
+ /*
+ * #UD should result in just EMULATION_FAILED, and trap-like
+ * exception should not be encountered during decode.
+ */
+ WARN_ON_ONCE(ctxt->exception.vector == UD_VECTOR ||
+ exception_type(ctxt->exception.vector) == EXCPT_TRAP);
inject_emulated_exception(vcpu);
return EMULATE_DONE;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 242/313] KVM: x86: Manually calculate reserved bits when loading PDPTRS
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (239 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 241/313] KVM: x86: set ctxt->have_exception in x86_decode_insn() Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 243/313] KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes Greg Kroah-Hartman
` (75 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nadav Amit, Doug Reiland,
Sean Christopherson, Peter Xu, Paolo Bonzini
From: Sean Christopherson <sean.j.christopherson@intel.com>
commit 16cfacc8085782dab8e365979356ce1ca87fd6cc upstream.
Manually generate the PDPTR reserved bit mask when explicitly loading
PDPTRs. The reserved bits that are being tracked by the MMU reflect the
current paging mode, which is unlikely to be PAE paging in the vast
majority of flows that use load_pdptrs(), e.g. CR0 and CR4 emulation,
__set_sregs(), etc... This can cause KVM to incorrectly signal a bad
PDPTR, or more likely, miss a reserved bit check and subsequently fail
a VM-Enter due to a bad VMCS.GUEST_PDPTR.
Add a one off helper to generate the reserved bits instead of sharing
code across the MMU's calculations and the PDPTR emulation. The PDPTR
reserved bits are basically set in stone, and pushing a helper into
the MMU's calculation adds unnecessary complexity without improving
readability.
Oppurtunistically fix/update the comment for load_pdptrs().
Note, the buggy commit also introduced a deliberate functional change,
"Also remove bit 5-6 from rsvd_bits_mask per latest SDM.", which was
effectively (and correctly) reverted by commit cd9ae5fe47df ("KVM: x86:
Fix page-tables reserved bits"). A bit of SDM archaeology shows that
the SDM from late 2008 had a bug (likely a copy+paste error) where it
listed bits 6:5 as AVL and A for PDPTEs used for 4k entries but reserved
for 2mb entries. I.e. the SDM contradicted itself, and bits 6:5 are and
always have been reserved.
Fixes: 20c466b56168d ("KVM: Use rsvd_bits_mask in load_pdptrs()")
Cc: stable@vger.kernel.org
Cc: Nadav Amit <nadav.amit@gmail.com>
Reported-by: Doug Reiland <doug.reiland@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -669,8 +669,14 @@ static int kvm_read_nested_guest_page(st
data, offset, len, access);
}
+static inline u64 pdptr_rsvd_bits(struct kvm_vcpu *vcpu)
+{
+ return rsvd_bits(cpuid_maxphyaddr(vcpu), 63) | rsvd_bits(5, 8) |
+ rsvd_bits(1, 2);
+}
+
/*
- * Load the pae pdptrs. Return true is they are all valid.
+ * Load the pae pdptrs. Return 1 if they are all valid, 0 otherwise.
*/
int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3)
{
@@ -689,8 +695,7 @@ int load_pdptrs(struct kvm_vcpu *vcpu, s
}
for (i = 0; i < ARRAY_SIZE(pdpte); ++i) {
if ((pdpte[i] & PT_PRESENT_MASK) &&
- (pdpte[i] &
- vcpu->arch.mmu->guest_rsvd_check.rsvd_bits_mask[0][2])) {
+ (pdpte[i] & pdptr_rsvd_bits(vcpu))) {
ret = 0;
goto out;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 243/313] KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (240 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 242/313] KVM: x86: Manually calculate reserved bits when loading PDPTRS Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 244/313] KVM: x86/mmu: Use fast invalidate mechanism to zap MMIO sptes Greg Kroah-Hartman
` (74 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Graf, Liran Alon,
Sean Christopherson, Wanpeng Li, Paolo Bonzini
From: Alexander Graf <graf@amazon.com>
commit fdcf756213756c23b533ca4974d1f48c6a4d4281 upstream.
We can easily route hardware interrupts directly into VM context when
they target the "Fixed" or "LowPriority" delivery modes.
However, on modes such as "SMI" or "Init", we need to go via KVM code
to actually put the vCPU into a different mode of operation, so we can
not post the interrupt
Add code in the VMX and SVM PI logic to explicitly refuse to establish
posted mappings for advanced IRQ deliver modes. This reflects the logic
in __apic_accept_irq() which also only ever passes Fixed and LowPriority
interrupts as posted interrupts into the guest.
This fixes a bug I have with code which configures real hardware to
inject virtual SMIs into my guest.
Signed-off-by: Alexander Graf <graf@amazon.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Wanpeng Li <wanpengli@tencent.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/kvm_host.h | 7 +++++++
arch/x86/kvm/svm.c | 4 +++-
arch/x86/kvm/vmx/vmx.c | 6 +++++-
3 files changed, 15 insertions(+), 2 deletions(-)
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1576,6 +1576,13 @@ bool kvm_intr_is_single_vcpu(struct kvm
void kvm_set_msi_irq(struct kvm *kvm, struct kvm_kernel_irq_routing_entry *e,
struct kvm_lapic_irq *irq);
+static inline bool kvm_irq_is_postable(struct kvm_lapic_irq *irq)
+{
+ /* We can only post Fixed and LowPrio IRQs */
+ return (irq->delivery_mode == dest_Fixed ||
+ irq->delivery_mode == dest_LowestPrio);
+}
+
static inline void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu)
{
if (kvm_x86_ops->vcpu_blocking)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5252,7 +5252,8 @@ get_pi_vcpu_info(struct kvm *kvm, struct
kvm_set_msi_irq(kvm, e, &irq);
- if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
+ if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
+ !kvm_irq_is_postable(&irq)) {
pr_debug("SVM: %s: use legacy intr remap mode for irq %u\n",
__func__, irq.vector);
return -1;
@@ -5306,6 +5307,7 @@ static int svm_update_pi_irte(struct kvm
* 1. When cannot target interrupt to a specific vcpu.
* 2. Unsetting posted interrupt.
* 3. APIC virtialization is disabled for the vcpu.
+ * 4. IRQ has incompatible delivery mode (SMI, INIT, etc)
*/
if (!get_pi_vcpu_info(kvm, e, &vcpu_info, &svm) && set &&
kvm_vcpu_apicv_active(&svm->vcpu)) {
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7325,10 +7325,14 @@ static int vmx_update_pi_irte(struct kvm
* irqbalance to make the interrupts single-CPU.
*
* We will support full lowest-priority interrupt later.
+ *
+ * In addition, we can only inject generic interrupts using
+ * the PI mechanism, refuse to route others through it.
*/
kvm_set_msi_irq(kvm, e, &irq);
- if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) {
+ if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu) ||
+ !kvm_irq_is_postable(&irq)) {
/*
* Make sure the IRTE is in remapped mode if
* we don't handle it in posted mode.
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 244/313] KVM: x86/mmu: Use fast invalidate mechanism to zap MMIO sptes
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (241 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 243/313] KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 245/313] media: videobuf-core.c: poll_wait needs a non-NULL buf pointer Greg Kroah-Hartman
` (73 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini
From: Sean Christopherson <sean.j.christopherson@intel.com>
commit 92f58b5c0181596d9f1e317b49ada2e728fb76eb upstream.
Use the fast invalidate mechasim to zap MMIO sptes on a MMIO generation
wrap. The fast invalidate flow was reintroduced to fix a livelock bug
in kvm_mmu_zap_all() that can occur if kvm_mmu_zap_all() is invoked when
the guest has live vCPUs. I.e. using kvm_mmu_zap_all() to handle the
MMIO generation wrap is theoretically susceptible to the livelock bug.
This effectively reverts commit 4771450c345dc ("Revert "KVM: MMU: drop
kvm_mmu_zap_mmio_sptes""), i.e. restores the behavior of commit
a8eca9dcc656a ("KVM: MMU: drop kvm_mmu_zap_mmio_sptes").
Note, this actually fixes commit 571c5af06e303 ("KVM: x86/mmu:
Voluntarily reschedule as needed when zapping MMIO sptes"), but there
is no need to incrementally revert back to using fast invalidate, e.g.
doing so doesn't provide any bisection or stability benefits.
Fixes: 571c5af06e303 ("KVM: x86/mmu: Voluntarily reschedule as needed when zapping MMIO sptes")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/mmu.c | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -389,8 +389,6 @@ static void mark_mmio_spte(struct kvm_vc
mask |= (gpa & shadow_nonpresent_or_rsvd_mask)
<< shadow_nonpresent_or_rsvd_mask_len;
- page_header(__pa(sptep))->mmio_cached = true;
-
trace_mark_mmio_spte(sptep, gfn, access, gen);
mmu_spte_set(sptep, mask);
}
@@ -5952,7 +5950,7 @@ void kvm_mmu_slot_set_dirty(struct kvm *
}
EXPORT_SYMBOL_GPL(kvm_mmu_slot_set_dirty);
-static void __kvm_mmu_zap_all(struct kvm *kvm, bool mmio_only)
+void kvm_mmu_zap_all(struct kvm *kvm)
{
struct kvm_mmu_page *sp, *node;
LIST_HEAD(invalid_list);
@@ -5961,14 +5959,10 @@ static void __kvm_mmu_zap_all(struct kvm
spin_lock(&kvm->mmu_lock);
restart:
list_for_each_entry_safe(sp, node, &kvm->arch.active_mmu_pages, link) {
- if (mmio_only && !sp->mmio_cached)
- continue;
if (sp->role.invalid && sp->root_count)
continue;
- if (__kvm_mmu_prepare_zap_page(kvm, sp, &invalid_list, &ign)) {
- WARN_ON_ONCE(mmio_only);
+ if (__kvm_mmu_prepare_zap_page(kvm, sp, &invalid_list, &ign))
goto restart;
- }
if (cond_resched_lock(&kvm->mmu_lock))
goto restart;
}
@@ -5977,11 +5971,6 @@ restart:
spin_unlock(&kvm->mmu_lock);
}
-void kvm_mmu_zap_all(struct kvm *kvm)
-{
- return __kvm_mmu_zap_all(kvm, false);
-}
-
void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm, u64 gen)
{
WARN_ON(gen & KVM_MEMSLOT_GEN_UPDATE_IN_PROGRESS);
@@ -6003,7 +5992,7 @@ void kvm_mmu_invalidate_mmio_sptes(struc
*/
if (unlikely(gen == 0)) {
kvm_debug_ratelimited("kvm: zapping shadow pages for mmio generation wraparound\n");
- __kvm_mmu_zap_all(kvm, true);
+ kvm_mmu_zap_all_fast(kvm);
}
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 245/313] media: videobuf-core.c: poll_wait needs a non-NULL buf pointer
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (242 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 244/313] KVM: x86/mmu: Use fast invalidate mechanism to zap MMIO sptes Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 246/313] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table Greg Kroah-Hartman
` (72 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Dan Carpenter,
Mauro Carvalho Chehab
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
commit 6f51fdfd8229d5358c2d6e272cf73478866e8ddc upstream.
poll_wait uses &buf->done, but buf is NULL. Move the poll_wait to later
in the function once buf is correctly set and only call it if it is
non-NULL.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: bb436cbeb918 ("media: videobuf: fix epoll() by calling poll_wait first")
Cc: <stable@vger.kernel.org> # for v5.1 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/v4l2-core/videobuf-core.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/media/v4l2-core/videobuf-core.c
+++ b/drivers/media/v4l2-core/videobuf-core.c
@@ -1123,7 +1123,6 @@ __poll_t videobuf_poll_stream(struct fil
struct videobuf_buffer *buf = NULL;
__poll_t rc = 0;
- poll_wait(file, &buf->done, wait);
videobuf_queue_lock(q);
if (q->streaming) {
if (!list_empty(&q->stream))
@@ -1143,7 +1142,9 @@ __poll_t videobuf_poll_stream(struct fil
}
buf = q->read_buf;
}
- if (!buf)
+ if (buf)
+ poll_wait(file, &buf->done, wait);
+ else
rc = EPOLLERR;
if (0 == rc) {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 246/313] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (243 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 245/313] media: videobuf-core.c: poll_wait needs a non-NULL buf pointer Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 247/313] media: dont drop front-end reference count for ->detach Greg Kroah-Hartman
` (71 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rui Salvaterra, Hans de Goede,
Hans Verkuil, Mauro Carvalho Chehab
From: Hans de Goede <hdegoede@redhat.com>
commit 7e0bb5828311f811309bed5749528ca04992af2f upstream.
Like a bunch of other MSI laptops the MS-1039 uses a 0c45:627b
SN9C201 + OV7660 webcam which is mounted upside down.
Add it to the sn9c20x flip_dmi_table to deal with this.
Cc: stable@vger.kernel.org
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/gspca/sn9c20x.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/media/usb/gspca/sn9c20x.c
+++ b/drivers/media/usb/gspca/sn9c20x.c
@@ -124,6 +124,13 @@ static const struct dmi_system_id flip_d
}
},
{
+ .ident = "MSI MS-1039",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "MICRO-STAR INT'L CO.,LTD."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MS-1039"),
+ }
+ },
+ {
.ident = "MSI MS-1632",
.matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "MSI"),
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 247/313] media: dont drop front-end reference count for ->detach
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (244 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 246/313] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 248/313] spi: ep93xx: Repair SPI CS lookup tables Greg Kroah-Hartman
` (70 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Max Kellermann, Wolfgang Rohdewald,
Arnd Bergmann, Sean Young, Mauro Carvalho Chehab
From: Arnd Bergmann <arnd@arndb.de>
commit 14e3cdbb00a885eedc95c0cf8eda8fe28d26d6b4 upstream.
A bugfix introduce a link failure in configurations without CONFIG_MODULES:
In file included from drivers/media/usb/dvb-usb/pctv452e.c:20:0:
drivers/media/usb/dvb-usb/pctv452e.c: In function 'pctv452e_frontend_attach':
drivers/media/dvb-frontends/stb0899_drv.h:151:36: error: weak declaration of 'stb0899_attach' being applied to a already existing, static definition
The problem is that the !IS_REACHABLE() declaration of stb0899_attach()
is a 'static inline' definition that clashes with the weak definition.
I further observed that the bugfix was only done for one of the five users
of stb0899_attach(), the other four still have the problem. This reverts
the bugfix and instead addresses the problem by not dropping the reference
count when calling '->detach()', instead we call this function directly
in dvb_frontend_put() before dropping the kref on the front-end.
I first submitted this in early 2018, and after some discussion it
was apparently discarded. While there is a long-term plan in place,
that plan is obviously not nearing completion yet, and the current
kernel is still broken unless this patch is applied.
Link: https://patchwork.kernel.org/patch/10140175/
Link: https://patchwork.linuxtv.org/patch/54831/
Cc: Max Kellermann <max.kellermann@gmail.com>
Cc: Wolfgang Rohdewald <wolfgang@rohdewald.de>
Cc: stable@vger.kernel.org
Fixes: f686c14364ad ("[media] stb0899: move code to "detach" callback")
Fixes: 6cdeaed3b142 ("media: dvb_usb_pctv452e: module refcount changes were unbalanced")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/dvb-core/dvb_frontend.c | 4 +++-
drivers/media/usb/dvb-usb/pctv452e.c | 8 --------
2 files changed, 3 insertions(+), 9 deletions(-)
--- a/drivers/media/dvb-core/dvb_frontend.c
+++ b/drivers/media/dvb-core/dvb_frontend.c
@@ -152,6 +152,9 @@ static void dvb_frontend_free(struct kre
static void dvb_frontend_put(struct dvb_frontend *fe)
{
+ /* call detach before dropping the reference count */
+ if (fe->ops.detach)
+ fe->ops.detach(fe);
/*
* Check if the frontend was registered, as otherwise
* kref was not initialized yet.
@@ -3026,7 +3029,6 @@ void dvb_frontend_detach(struct dvb_fron
dvb_frontend_invoke_release(fe, fe->ops.release_sec);
dvb_frontend_invoke_release(fe, fe->ops.tuner_ops.release);
dvb_frontend_invoke_release(fe, fe->ops.analog_ops.release);
- dvb_frontend_invoke_release(fe, fe->ops.detach);
dvb_frontend_put(fe);
}
EXPORT_SYMBOL(dvb_frontend_detach);
--- a/drivers/media/usb/dvb-usb/pctv452e.c
+++ b/drivers/media/usb/dvb-usb/pctv452e.c
@@ -909,14 +909,6 @@ static int pctv452e_frontend_attach(stru
&a->dev->i2c_adap);
if (!a->fe_adap[0].fe)
return -ENODEV;
-
- /*
- * dvb_frontend will call dvb_detach for both stb0899_detach
- * and stb0899_release but we only do dvb_attach(stb0899_attach).
- * Increment the module refcount instead.
- */
- symbol_get(stb0899_attach);
-
if ((dvb_attach(lnbp22_attach, a->fe_adap[0].fe,
&a->dev->i2c_adap)) == NULL)
err("Cannot attach lnbp22\n");
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 248/313] spi: ep93xx: Repair SPI CS lookup tables
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (245 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 247/313] media: dont drop front-end reference count for ->detach Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 249/313] spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when its not ours Greg Kroah-Hartman
` (69 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Sverdlin, Linus Walleij,
Lukasz Majewski, Mark Brown
From: Alexander Sverdlin <alexander.sverdlin@gmail.com>
commit 4fbc485324d2975c54201091dfad0a7dd4902324 upstream.
The actual device name of the SPI controller being registered on EP93xx is
"spi0" (as seen by gpiod_find_lookup_table()). This patch fixes all
relevant lookup tables and the following failure (seen on EDB9302):
ep93xx-spi ep93xx-spi.0: failed to register SPI master
ep93xx-spi: probe of ep93xx-spi.0 failed with error -22
Fixes: 1dfbf334f1236 ("spi: ep93xx: Convert to use CS GPIO descriptors")
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Link: https://lore.kernel.org/r/20190831180402.10008-1-alexander.sverdlin@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-ep93xx/edb93xx.c | 2 +-
arch/arm/mach-ep93xx/simone.c | 2 +-
arch/arm/mach-ep93xx/ts72xx.c | 4 ++--
arch/arm/mach-ep93xx/vision_ep9307.c | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
--- a/arch/arm/mach-ep93xx/edb93xx.c
+++ b/arch/arm/mach-ep93xx/edb93xx.c
@@ -103,7 +103,7 @@ static struct spi_board_info edb93xx_spi
};
static struct gpiod_lookup_table edb93xx_spi_cs_gpio_table = {
- .dev_id = "ep93xx-spi.0",
+ .dev_id = "spi0",
.table = {
GPIO_LOOKUP("A", 6, "cs", GPIO_ACTIVE_LOW),
{ },
--- a/arch/arm/mach-ep93xx/simone.c
+++ b/arch/arm/mach-ep93xx/simone.c
@@ -73,7 +73,7 @@ static struct spi_board_info simone_spi_
* v1.3 parts will still work, since the signal on SFRMOUT is automatic.
*/
static struct gpiod_lookup_table simone_spi_cs_gpio_table = {
- .dev_id = "ep93xx-spi.0",
+ .dev_id = "spi0",
.table = {
GPIO_LOOKUP("A", 1, "cs", GPIO_ACTIVE_LOW),
{ },
--- a/arch/arm/mach-ep93xx/ts72xx.c
+++ b/arch/arm/mach-ep93xx/ts72xx.c
@@ -267,7 +267,7 @@ static struct spi_board_info bk3_spi_boa
* goes through CPLD
*/
static struct gpiod_lookup_table bk3_spi_cs_gpio_table = {
- .dev_id = "ep93xx-spi.0",
+ .dev_id = "spi0",
.table = {
GPIO_LOOKUP("F", 3, "cs", GPIO_ACTIVE_LOW),
{ },
@@ -316,7 +316,7 @@ static struct spi_board_info ts72xx_spi_
};
static struct gpiod_lookup_table ts72xx_spi_cs_gpio_table = {
- .dev_id = "ep93xx-spi.0",
+ .dev_id = "spi0",
.table = {
/* DIO_17 */
GPIO_LOOKUP("F", 2, "cs", GPIO_ACTIVE_LOW),
--- a/arch/arm/mach-ep93xx/vision_ep9307.c
+++ b/arch/arm/mach-ep93xx/vision_ep9307.c
@@ -242,7 +242,7 @@ static struct spi_board_info vision_spi_
};
static struct gpiod_lookup_table vision_spi_cs_gpio_table = {
- .dev_id = "ep93xx-spi.0",
+ .dev_id = "spi0",
.table = {
GPIO_LOOKUP_IDX("A", 6, "cs", 0, GPIO_ACTIVE_LOW),
GPIO_LOOKUP_IDX("A", 7, "cs", 1, GPIO_ACTIVE_LOW),
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 249/313] spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when its not ours
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (246 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 248/313] spi: ep93xx: Repair SPI CS lookup tables Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 250/313] binfmt_elf: Do not move brk for INTERP-less ET_EXEC Greg Kroah-Hartman
` (68 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vladimir Oltean, Mark Brown
From: Vladimir Oltean <olteanv@gmail.com>
commit d41f36a6464a85c06ad920703d878e4491d2c023 upstream.
The DSPI interrupt can be shared between two controllers at least on the
LX2160A. In that case, the driver for one controller might misbehave and
consume the other's interrupt. Fix this by actually checking if any of
the bits in the status register have been asserted.
Fixes: 13aed2392741 ("spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Link: https://lore.kernel.org/r/20190822212450.21420-2-olteanv@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-fsl-dspi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/spi/spi-fsl-dspi.c
+++ b/drivers/spi/spi-fsl-dspi.c
@@ -886,9 +886,11 @@ static irqreturn_t dspi_interrupt(int ir
trans_mode);
}
}
+
+ return IRQ_HANDLED;
}
- return IRQ_HANDLED;
+ return IRQ_NONE;
}
static const struct of_device_id fsl_dspi_dt_ids[] = {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 250/313] binfmt_elf: Do not move brk for INTERP-less ET_EXEC
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (247 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 249/313] spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when its not ours Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 251/313] ASoC: Intel: NHLT: Fix debug print format Greg Kroah-Hartman
` (67 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Linus Torvalds,
Richard Kojedzinszky
From: Kees Cook <keescook@chromium.org>
commit 7be3cb019db1cbd5fd5ffe6d64a23fefa4b6f229 upstream.
When brk was moved for binaries without an interpreter, it should have
been limited to ET_DYN only. In other words, the special case was an
ET_DYN that lacks an INTERP, not just an executable that lacks INTERP.
The bug manifested for giant static executables, where the brk would end
up in the middle of the text area on 32-bit architectures.
Reported-and-tested-by: Richard Kojedzinszky <richard@kojedz.in>
Fixes: bbdc6076d2e5 ("binfmt_elf: move brk out of mmap when doing direct loader exec")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/binfmt_elf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1142,7 +1142,8 @@ out_free_interp:
* (since it grows up, and may collide early with the stack
* growing down), and into the unused ELF_ET_DYN_BASE region.
*/
- if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && !interpreter)
+ if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
+ loc->elf_ex.e_type == ET_DYN && !interpreter)
current->mm->brk = current->mm->start_brk =
ELF_ET_DYN_BASE;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 251/313] ASoC: Intel: NHLT: Fix debug print format
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (248 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 250/313] binfmt_elf: Do not move brk for INTERP-less ET_EXEC Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 252/313] ASoC: Intel: Skylake: Use correct function to access iomem space Greg Kroah-Hartman
` (66 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński,
Pierre-Louis Bossart, Mark Brown
From: Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
commit 855a06da37a773fd073d51023ac9d07988c87da8 upstream.
oem_table_id is 8 chars long, so we need to limit it, otherwise it
may print some unprintable characters into dmesg.
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
Link: https://lore.kernel.org/r/20190827141712.21015-7-amadeuszx.slawinski@linux.intel.com
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/skylake/skl-nhlt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/intel/skylake/skl-nhlt.c
+++ b/sound/soc/intel/skylake/skl-nhlt.c
@@ -225,7 +225,7 @@ int skl_nhlt_update_topology_bin(struct
struct hdac_bus *bus = skl_to_bus(skl);
struct device *dev = bus->dev;
- dev_dbg(dev, "oem_id %.6s, oem_table_id %8s oem_revision %d\n",
+ dev_dbg(dev, "oem_id %.6s, oem_table_id %.8s oem_revision %d\n",
nhlt->header.oem_id, nhlt->header.oem_table_id,
nhlt->header.oem_revision);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 252/313] ASoC: Intel: Skylake: Use correct function to access iomem space
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (249 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 251/313] ASoC: Intel: NHLT: Fix debug print format Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 253/313] ASoC: Intel: Fix use of potentially uninitialized variable Greg Kroah-Hartman
` (65 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński,
Pierre-Louis Bossart, Mark Brown
From: Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
commit 17d29ff98fd4b70e9ccdac5e95e18a087e2737ef upstream.
For copying from __iomem, we should use __ioread32_copy.
reported by sparse:
sound/soc/intel/skylake/skl-debug.c:437:34: warning: incorrect type in argument 1 (different address spaces)
sound/soc/intel/skylake/skl-debug.c:437:34: expected void [noderef] <asn:2> *to
sound/soc/intel/skylake/skl-debug.c:437:34: got unsigned char *
sound/soc/intel/skylake/skl-debug.c:437:51: warning: incorrect type in argument 2 (different address spaces)
sound/soc/intel/skylake/skl-debug.c:437:51: expected void const *from
sound/soc/intel/skylake/skl-debug.c:437:51: got void [noderef] <asn:2> *[assigned] fw_reg_addr
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
Link: https://lore.kernel.org/r/20190827141712.21015-2-amadeuszx.slawinski@linux.intel.com
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/skylake/skl-debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/intel/skylake/skl-debug.c
+++ b/sound/soc/intel/skylake/skl-debug.c
@@ -188,7 +188,7 @@ static ssize_t fw_softreg_read(struct fi
memset(d->fw_read_buff, 0, FW_REG_BUF);
if (w0_stat_sz > 0)
- __iowrite32_copy(d->fw_read_buff, fw_reg_addr, w0_stat_sz >> 2);
+ __ioread32_copy(d->fw_read_buff, fw_reg_addr, w0_stat_sz >> 2);
for (offset = 0; offset < FW_REG_SIZE; offset += 16) {
ret += snprintf(tmp + ret, FW_REG_BUF - ret, "%#.4x: ", offset);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 253/313] ASoC: Intel: Fix use of potentially uninitialized variable
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (250 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 252/313] ASoC: Intel: Skylake: Use correct function to access iomem space Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 254/313] ARM: samsung: Fix system restart on S3C6410 Greg Kroah-Hartman
` (64 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński,
Pierre-Louis Bossart, Mark Brown
From: Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
commit 810f3b860850148788fc1ed8a6f5f807199fed65 upstream.
If ipc->ops.reply_msg_match is NULL, we may end up using uninitialized
mask value.
reported by smatch:
sound/soc/intel/common/sst-ipc.c:266 sst_ipc_reply_find_msg() error: uninitialized symbol 'mask'.
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@intel.com>
Link: https://lore.kernel.org/r/20190827141712.21015-3-amadeuszx.slawinski@linux.intel.com
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/intel/common/sst-ipc.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/soc/intel/common/sst-ipc.c
+++ b/sound/soc/intel/common/sst-ipc.c
@@ -222,6 +222,8 @@ struct ipc_message *sst_ipc_reply_find_m
if (ipc->ops.reply_msg_match != NULL)
header = ipc->ops.reply_msg_match(header, &mask);
+ else
+ mask = (u64)-1;
if (list_empty(&ipc->rx_list)) {
dev_err(ipc->dev, "error: rx list empty but received 0x%llx\n",
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 254/313] ARM: samsung: Fix system restart on S3C6410
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (251 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 253/313] ASoC: Intel: Fix use of potentially uninitialized variable Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 255/313] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up Greg Kroah-Hartman
` (63 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lihua Yao, Krzysztof Kozlowski
From: Lihua Yao <ylhuajnu@outlook.com>
commit 16986074035cc0205472882a00d404ed9d213313 upstream.
S3C6410 system restart is triggered by watchdog reset.
Cc: <stable@vger.kernel.org>
Fixes: 9f55342cc2de ("ARM: dts: s3c64xx: Fix infinite interrupt in soft mode")
Signed-off-by: Lihua Yao <ylhuajnu@outlook.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/plat-samsung/watchdog-reset.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm/plat-samsung/watchdog-reset.c
+++ b/arch/arm/plat-samsung/watchdog-reset.c
@@ -62,6 +62,7 @@ void samsung_wdt_reset(void)
#ifdef CONFIG_OF
static const struct of_device_id s3c2410_wdt_match[] = {
{ .compatible = "samsung,s3c2410-wdt" },
+ { .compatible = "samsung,s3c6410-wdt" },
{},
};
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 255/313] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (252 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 254/313] ARM: samsung: Fix system restart on S3C6410 Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 256/313] arm64: tlb: Ensure we execute an ISB following walk cache invalidation Greg Kroah-Hartman
` (62 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Luis Araneda, Michal Simek
From: Luis Araneda <luaraneda@gmail.com>
commit b7005d4ef4f3aa2dc24019ffba03a322557ac43d upstream.
This fixes a kernel panic on memcpy when
FORTIFY_SOURCE is enabled.
The initial smp implementation on commit aa7eb2bb4e4a
("arm: zynq: Add smp support")
used memcpy, which worked fine until commit ee333554fed5
("ARM: 8749/1: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE")
enabled overflow checks at runtime, producing a read
overflow panic.
The computed size of memcpy args are:
- p_size (dst): 4294967295 = (size_t) -1
- q_size (src): 1
- size (len): 8
Additionally, the memory is marked as __iomem, so one of
the memcpy_* functions should be used for read/write.
Fixes: aa7eb2bb4e4a ("arm: zynq: Add smp support")
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-zynq/platsmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/mach-zynq/platsmp.c
+++ b/arch/arm/mach-zynq/platsmp.c
@@ -57,7 +57,7 @@ int zynq_cpun_start(u32 address, int cpu
* 0x4: Jump by mov instruction
* 0x8: Jumping address
*/
- memcpy((__force void *)zero, &zynq_secondary_trampoline,
+ memcpy_toio(zero, &zynq_secondary_trampoline,
trampoline_size);
writel(address, zero + trampoline_size);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 256/313] arm64: tlb: Ensure we execute an ISB following walk cache invalidation
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (253 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 255/313] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 257/313] arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328 Greg Kroah-Hartman
` (61 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Rutland, Will Deacon
From: Will Deacon <will@kernel.org>
commit 51696d346c49c6cf4f29e9b20d6e15832a2e3408 upstream.
05f2d2f83b5a ("arm64: tlbflush: Introduce __flush_tlb_kernel_pgtable")
added a new TLB invalidation helper which is used when freeing
intermediate levels of page table used for kernel mappings, but is
missing the required ISB instruction after completion of the TLBI
instruction.
Add the missing barrier.
Cc: <stable@vger.kernel.org>
Fixes: 05f2d2f83b5a ("arm64: tlbflush: Introduce __flush_tlb_kernel_pgtable")
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/tlbflush.h | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm64/include/asm/tlbflush.h
+++ b/arch/arm64/include/asm/tlbflush.h
@@ -251,6 +251,7 @@ static inline void __flush_tlb_kernel_pg
dsb(ishst);
__tlbi(vaae1is, addr);
dsb(ish);
+ isb();
}
#endif
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 257/313] arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (254 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 256/313] arm64: tlb: Ensure we execute an ISB following walk cache invalidation Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 258/313] iommu/arm-smmu-v3: Disable detection of ATS and PRI Greg Kroah-Hartman
` (60 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robin Murphy, Liang Chen, Shawn Lin,
Heiko Stuebner
From: Shawn Lin <shawn.lin@rock-chips.com>
commit 03e61929c0d227ed3e1c322fc3804216ea298b7e upstream.
150MHz is a fundamental limitation of RK3328 Soc, w/o this limitation,
eMMC, for instance, will run into 200MHz clock rate in HS200 mode, which
makes the RK3328 boards not always boot properly. By adding it in
rk3328.dtsi would also obviate the worry of missing it when adding new
boards.
Fixes: 52e02d377a72 ("arm64: dts: rockchip: add core dtsi file for RK3328 SoCs")
Cc: stable@vger.kernel.org
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Liang Chen <cl@rock-chips.com>
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
@@ -800,6 +800,7 @@
<&cru SCLK_SDMMC_DRV>, <&cru SCLK_SDMMC_SAMPLE>;
clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
+ max-frequency = <150000000>;
status = "disabled";
};
@@ -811,6 +812,7 @@
<&cru SCLK_SDIO_DRV>, <&cru SCLK_SDIO_SAMPLE>;
clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
+ max-frequency = <150000000>;
status = "disabled";
};
@@ -822,6 +824,7 @@
<&cru SCLK_EMMC_DRV>, <&cru SCLK_EMMC_SAMPLE>;
clock-names = "biu", "ciu", "ciu-drive", "ciu-sample";
fifo-depth = <0x100>;
+ max-frequency = <150000000>;
status = "disabled";
};
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 258/313] iommu/arm-smmu-v3: Disable detection of ATS and PRI
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (255 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 257/313] arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328 Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 259/313] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP Greg Kroah-Hartman
` (59 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robin Murphy, Will Deacon
From: Will Deacon <will@kernel.org>
commit b5e86196b83fd68e065a7c811ab8925fb0dc3893 upstream.
Detecting the ATS capability of the SMMU at probe time introduces a
spinlock into the ->unmap() fast path, even when ATS is not actually
in use. Furthermore, the ATC invalidation that exists is broken, as it
occurs before invalidation of the main SMMU TLB which leaves a window
where the ATC can be repopulated with stale entries.
Given that ATS is both a new feature and a specialist sport, disable it
for now whilst we fix it properly in subsequent patches. Since PRI
requires ATS, disable that too.
Cc: <stable@vger.kernel.org>
Fixes: 9ce27afc0830 ("iommu/arm-smmu-v3: Add support for PCI ATS")
Acked-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/arm-smmu-v3.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -2817,11 +2817,13 @@ static int arm_smmu_device_hw_probe(stru
}
/* Boolean feature flags */
+#if 0 /* ATS invalidation is slow and broken */
if (IS_ENABLED(CONFIG_PCI_PRI) && reg & IDR0_PRI)
smmu->features |= ARM_SMMU_FEAT_PRI;
if (IS_ENABLED(CONFIG_PCI_ATS) && reg & IDR0_ATS)
smmu->features |= ARM_SMMU_FEAT_ATS;
+#endif
if (reg & IDR0_SEV)
smmu->features |= ARM_SMMU_FEAT_SEV;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 259/313] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (256 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 258/313] iommu/arm-smmu-v3: Disable detection of ATS and PRI Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 260/313] iommu/vt-d: Fix wrong analysis whether devices share the same bus Greg Kroah-Hartman
` (58 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thadeu Lima de Souza Cascardo,
Thomas Gleixner
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
commit f18ddc13af981ce3c7b7f26925f099e7c6929aba upstream.
ENOTSUPP is not supposed to be returned to userspace. This was found on an
OpenPower machine, where the RTC does not support set_alarm.
On that system, a clock_nanosleep(CLOCK_REALTIME_ALARM, ...) results in
"524 Unknown error 524"
Replace it with EOPNOTSUPP which results in the expected "95 Operation not
supported" error.
Fixes: 1c6b39ad3f01 (alarmtimers: Return -ENOTSUPP if no RTC device is present)
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20190903171802.28314-1-cascardo@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/time/alarmtimer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
@@ -673,7 +673,7 @@ static int alarm_timer_create(struct k_i
enum alarmtimer_type type;
if (!alarmtimer_get_rtcdev())
- return -ENOTSUPP;
+ return -EOPNOTSUPP;
if (!capable(CAP_WAKE_ALARM))
return -EPERM;
@@ -791,7 +791,7 @@ static int alarm_timer_nsleep(const cloc
int ret = 0;
if (!alarmtimer_get_rtcdev())
- return -ENOTSUPP;
+ return -EOPNOTSUPP;
if (flags & ~TIMER_ABSTIME)
return -EINVAL;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 260/313] iommu/vt-d: Fix wrong analysis whether devices share the same bus
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (257 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 259/313] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 261/313] regulator: Defer init completion for a while after late_initcall Greg Kroah-Hartman
` (57 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Logan Gunthorpe, David Woodhouse,
Joerg Roedel, Jacob Pan, Nadav Amit, Joerg Roedel
From: Nadav Amit <namit@vmware.com>
commit 2c70010867f164d1b30e787e360e05d10cc40046 upstream.
set_msi_sid_cb() is used to determine whether device aliases share the
same bus, but it can provide false indications that aliases use the same
bus when in fact they do not. The reason is that set_msi_sid_cb()
assumes that pdev is fixed, while actually pci_for_each_dma_alias() can
call fn() when pdev is set to a subordinate device.
As a result, running an VM on ESX with VT-d emulation enabled can
results in the log warning such as:
DMAR: [INTR-REMAP] Request device [00:11.0] fault index 3b [fault reason 38] Blocked an interrupt request due to source-id verification failure
This seems to cause additional ata errors such as:
ata3.00: qc timeout (cmd 0xa1)
ata3.00: failed to IDENTIFY (I/O error, err_mask=0x4)
These timeouts also cause boot to be much longer and other errors.
Fix it by checking comparing the alias with the previous one instead.
Fixes: 3f0c625c6ae71 ("iommu/vt-d: Allow interrupts from the entire bus for aliased devices")
Cc: stable@vger.kernel.org
Cc: Logan Gunthorpe <logang@deltatee.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Signed-off-by: Nadav Amit <namit@vmware.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/intel_irq_remapping.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/iommu/intel_irq_remapping.c
+++ b/drivers/iommu/intel_irq_remapping.c
@@ -376,13 +376,13 @@ static int set_msi_sid_cb(struct pci_dev
{
struct set_msi_sid_data *data = opaque;
+ if (data->count == 0 || PCI_BUS_NUM(alias) == PCI_BUS_NUM(data->alias))
+ data->busmatch_count++;
+
data->pdev = pdev;
data->alias = alias;
data->count++;
- if (PCI_BUS_NUM(alias) == pdev->bus->number)
- data->busmatch_count++;
-
return 0;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 261/313] regulator: Defer init completion for a while after late_initcall
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (258 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 260/313] iommu/vt-d: Fix wrong analysis whether devices share the same bus Greg Kroah-Hartman
@ 2019-10-03 15:53 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 262/313] efifb: BGRT: Improve efifb_bgrt_sanity_check Greg Kroah-Hartman
` (56 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:53 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown, Lee Jones
From: Mark Brown <broonie@kernel.org>
commit 55576cf1853798e86f620766e23b604c9224c19c upstream.
The kernel has no way of knowing when we have finished instantiating
drivers, between deferred probe and systems that build key drivers as
modules we might be doing this long after userspace has booted. This has
always been a bit of an issue with regulator_init_complete since it can
power off hardware that's not had it's driver loaded which can result in
user visible effects, the main case is powering off displays. Practically
speaking it's not been an issue in real systems since most systems that
use the regulator API are embedded and build in key drivers anyway but
with Arm laptops coming on the market it's becoming more of an issue so
let's do something about it.
In the absence of any better idea just defer the powering off for 30s
after late_initcall(), this is obviously a hack but it should mask the
issue for now and it's no more arbitrary than late_initcall() itself.
Ideally we'd have some heuristics to detect if we're on an affected
system and tune or skip the delay appropriately, and there may be some
need for a command line option to be added.
Link: https://lore.kernel.org/r/20190904124250.25844-1-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Tested-by: Lee Jones <lee.jones@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/regulator/core.c | 42 +++++++++++++++++++++++++++++++-----------
1 file changed, 31 insertions(+), 11 deletions(-)
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -5486,7 +5486,7 @@ static int __init regulator_init(void)
/* init early to allow our consumers to complete system booting */
core_initcall(regulator_init);
-static int __init regulator_late_cleanup(struct device *dev, void *data)
+static int regulator_late_cleanup(struct device *dev, void *data)
{
struct regulator_dev *rdev = dev_to_rdev(dev);
const struct regulator_ops *ops = rdev->desc->ops;
@@ -5535,18 +5535,9 @@ unlock:
return 0;
}
-static int __init regulator_init_complete(void)
+static void regulator_init_complete_work_function(struct work_struct *work)
{
/*
- * Since DT doesn't provide an idiomatic mechanism for
- * enabling full constraints and since it's much more natural
- * with DT to provide them just assume that a DT enabled
- * system has full constraints.
- */
- if (of_have_populated_dt())
- has_full_constraints = true;
-
- /*
* Regulators may had failed to resolve their input supplies
* when were registered, either because the input supply was
* not registered yet or because its parent device was not
@@ -5563,6 +5554,35 @@ static int __init regulator_init_complet
*/
class_for_each_device(®ulator_class, NULL, NULL,
regulator_late_cleanup);
+}
+
+static DECLARE_DELAYED_WORK(regulator_init_complete_work,
+ regulator_init_complete_work_function);
+
+static int __init regulator_init_complete(void)
+{
+ /*
+ * Since DT doesn't provide an idiomatic mechanism for
+ * enabling full constraints and since it's much more natural
+ * with DT to provide them just assume that a DT enabled
+ * system has full constraints.
+ */
+ if (of_have_populated_dt())
+ has_full_constraints = true;
+
+ /*
+ * We punt completion for an arbitrary amount of time since
+ * systems like distros will load many drivers from userspace
+ * so consumers might not always be ready yet, this is
+ * particularly an issue with laptops where this might bounce
+ * the display off then on. Ideally we'd get a notification
+ * from userspace when this happens but we don't so just wait
+ * a bit and hope we waited long enough. It'd be better if
+ * we'd only do this on systems that need it, and a kernel
+ * command line option might be useful.
+ */
+ schedule_delayed_work(®ulator_init_complete_work,
+ msecs_to_jiffies(30000));
return 0;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 262/313] efifb: BGRT: Improve efifb_bgrt_sanity_check
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (259 preceding siblings ...)
2019-10-03 15:53 ` [PATCH 5.2 261/313] regulator: Defer init completion for a while after late_initcall Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 263/313] gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps Greg Kroah-Hartman
` (55 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede,
Bartlomiej Zolnierkiewicz, Peter Jones
From: Hans de Goede <hdegoede@redhat.com>
commit 51677dfcc17f88ed754143df670ff064eae67f84 upstream.
For various reasons, at least with x86 EFI firmwares, the xoffset and
yoffset in the BGRT info are not always reliable.
Extensive testing has shown that when the info is correct, the
BGRT image is always exactly centered horizontally (the yoffset variable
is more variable and not always predictable).
This commit simplifies / improves the bgrt_sanity_check to simply
check that the BGRT image is exactly centered horizontally and skips
(re)drawing it when it is not.
This fixes the BGRT image sometimes being drawn in the wrong place.
Cc: stable@vger.kernel.org
Fixes: 88fe4ceb2447 ("efifb: BGRT: Do not copy the boot graphics for non native resolutions")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Cc: Peter Jones <pjones@redhat.com>,
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190721131918.10115-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/efifb.c | 27 ++++++---------------------
1 file changed, 6 insertions(+), 21 deletions(-)
--- a/drivers/video/fbdev/efifb.c
+++ b/drivers/video/fbdev/efifb.c
@@ -122,28 +122,13 @@ static void efifb_copy_bmp(u8 *src, u32
*/
static bool efifb_bgrt_sanity_check(struct screen_info *si, u32 bmp_width)
{
- static const int default_resolutions[][2] = {
- { 800, 600 },
- { 1024, 768 },
- { 1280, 1024 },
- };
- u32 i, right_margin;
+ /*
+ * All x86 firmwares horizontally center the image (the yoffset
+ * calculations differ between boards, but xoffset is predictable).
+ */
+ u32 expected_xoffset = (si->lfb_width - bmp_width) / 2;
- for (i = 0; i < ARRAY_SIZE(default_resolutions); i++) {
- if (default_resolutions[i][0] == si->lfb_width &&
- default_resolutions[i][1] == si->lfb_height)
- break;
- }
- /* If not a default resolution used for textmode, this should be fine */
- if (i >= ARRAY_SIZE(default_resolutions))
- return true;
-
- /* If the right margin is 5 times smaller then the left one, reject */
- right_margin = si->lfb_width - (bgrt_tab.image_offset_x + bmp_width);
- if (right_margin < (bgrt_tab.image_offset_x / 5))
- return false;
-
- return true;
+ return bgrt_tab.image_offset_x == expected_xoffset;
}
#else
static bool efifb_bgrt_sanity_check(struct screen_info *si, u32 bmp_width)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 263/313] gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (260 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 262/313] efifb: BGRT: Improve efifb_bgrt_sanity_check Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 264/313] z3fold: fix retry mechanism in page reclaim Greg Kroah-Hartman
` (54 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bob Peterson, Andreas Gruenbacher
From: Bob Peterson <rpeterso@redhat.com>
commit f0b444b349e33ae0d3dd93e25ca365482a5d17d4 upstream.
In function sweep_bh_for_rgrps, which is a helper for punch_hole,
it uses variable buf_in_tr to keep track of when it needs to commit
pending block frees on a partial delete that overflows the
transaction created for the delete. The problem is that the
variable was initialized at the start of function sweep_bh_for_rgrps
but it was never cleared, even when starting a new transaction.
This patch reinitializes the variable when the transaction is
ended, so the next transaction starts out with it cleared.
Fixes: d552a2b9b33e ("GFS2: Non-recursive delete")
Cc: stable@vger.kernel.org # v4.12+
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/bmap.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/gfs2/bmap.c
+++ b/fs/gfs2/bmap.c
@@ -1670,6 +1670,7 @@ out_unlock:
brelse(dibh);
up_write(&ip->i_rw_mutex);
gfs2_trans_end(sdp);
+ buf_in_tr = false;
}
gfs2_glock_dq_uninit(rd_gh);
cond_resched();
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 264/313] z3fold: fix retry mechanism in page reclaim
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (261 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 263/313] gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 265/313] z3fold: fix memory leak in kmem cache Greg Kroah-Hartman
` (53 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vitaly Wool, Markus Linnala,
Chris Murphy, Agustin DallAlba, Maciej S. Szmigiero,
Shakeel Butt, Henry Burns, Andrew Morton, Linus Torvalds
From: Vitaly Wool <vitalywool@gmail.com>
commit 3f9d2b5766aea06042630ac60b7316fd0cebf06f upstream.
z3fold_page_reclaim()'s retry mechanism is broken: on a second iteration
it will have zhdr from the first one so that zhdr is no longer in line
with struct page. That leads to crashes when the system is stressed.
Fix that by moving zhdr assignment up.
While at it, protect against using already freed handles by using own
local slots structure in z3fold_page_reclaim().
Link: http://lkml.kernel.org/r/20190908162919.830388dc7404d1e2c80f4095@gmail.com
Signed-off-by: Vitaly Wool <vitalywool@gmail.com>
Reported-by: Markus Linnala <markus.linnala@gmail.com>
Reported-by: Chris Murphy <bugzilla@colorremedies.com>
Reported-by: Agustin Dall'Alba <agustin@dallalba.com.ar>
Cc: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Henry Burns <henrywolfeburns@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/z3fold.c | 49 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 34 insertions(+), 15 deletions(-)
--- a/mm/z3fold.c
+++ b/mm/z3fold.c
@@ -368,9 +368,10 @@ static inline int __idx(struct z3fold_he
* Encodes the handle of a particular buddy within a z3fold page
* Pool lock should be held as this function accesses first_num
*/
-static unsigned long encode_handle(struct z3fold_header *zhdr, enum buddy bud)
+static unsigned long __encode_handle(struct z3fold_header *zhdr,
+ struct z3fold_buddy_slots *slots,
+ enum buddy bud)
{
- struct z3fold_buddy_slots *slots;
unsigned long h = (unsigned long)zhdr;
int idx = 0;
@@ -387,11 +388,15 @@ static unsigned long encode_handle(struc
if (bud == LAST)
h |= (zhdr->last_chunks << BUDDY_SHIFT);
- slots = zhdr->slots;
slots->slot[idx] = h;
return (unsigned long)&slots->slot[idx];
}
+static unsigned long encode_handle(struct z3fold_header *zhdr, enum buddy bud)
+{
+ return __encode_handle(zhdr, zhdr->slots, bud);
+}
+
/* Returns the z3fold page where a given handle is stored */
static inline struct z3fold_header *handle_to_z3fold_header(unsigned long h)
{
@@ -626,6 +631,7 @@ static void do_compact_page(struct z3fol
}
if (unlikely(PageIsolated(page) ||
+ test_bit(PAGE_CLAIMED, &page->private) ||
test_bit(PAGE_STALE, &page->private))) {
z3fold_page_unlock(zhdr);
return;
@@ -1102,6 +1108,7 @@ static int z3fold_reclaim_page(struct z3
struct z3fold_header *zhdr = NULL;
struct page *page = NULL;
struct list_head *pos;
+ struct z3fold_buddy_slots slots;
unsigned long first_handle = 0, middle_handle = 0, last_handle = 0;
spin_lock(&pool->lock);
@@ -1120,16 +1127,22 @@ static int z3fold_reclaim_page(struct z3
/* this bit could have been set by free, in which case
* we pass over to the next page in the pool.
*/
- if (test_and_set_bit(PAGE_CLAIMED, &page->private))
+ if (test_and_set_bit(PAGE_CLAIMED, &page->private)) {
+ page = NULL;
continue;
+ }
- if (unlikely(PageIsolated(page)))
+ if (unlikely(PageIsolated(page))) {
+ clear_bit(PAGE_CLAIMED, &page->private);
+ page = NULL;
continue;
+ }
+ zhdr = page_address(page);
if (test_bit(PAGE_HEADLESS, &page->private))
break;
- zhdr = page_address(page);
if (!z3fold_page_trylock(zhdr)) {
+ clear_bit(PAGE_CLAIMED, &page->private);
zhdr = NULL;
continue; /* can't evict at this point */
}
@@ -1147,26 +1160,30 @@ static int z3fold_reclaim_page(struct z3
if (!test_bit(PAGE_HEADLESS, &page->private)) {
/*
- * We need encode the handles before unlocking, since
- * we can race with free that will set
- * (first|last)_chunks to 0
+ * We need encode the handles before unlocking, and
+ * use our local slots structure because z3fold_free
+ * can zero out zhdr->slots and we can't do much
+ * about that
*/
first_handle = 0;
last_handle = 0;
middle_handle = 0;
if (zhdr->first_chunks)
- first_handle = encode_handle(zhdr, FIRST);
+ first_handle = __encode_handle(zhdr, &slots,
+ FIRST);
if (zhdr->middle_chunks)
- middle_handle = encode_handle(zhdr, MIDDLE);
+ middle_handle = __encode_handle(zhdr, &slots,
+ MIDDLE);
if (zhdr->last_chunks)
- last_handle = encode_handle(zhdr, LAST);
+ last_handle = __encode_handle(zhdr, &slots,
+ LAST);
/*
* it's safe to unlock here because we hold a
* reference to this page
*/
z3fold_page_unlock(zhdr);
} else {
- first_handle = encode_handle(zhdr, HEADLESS);
+ first_handle = __encode_handle(zhdr, &slots, HEADLESS);
last_handle = middle_handle = 0;
}
@@ -1196,9 +1213,9 @@ next:
spin_lock(&pool->lock);
list_add(&page->lru, &pool->lru);
spin_unlock(&pool->lock);
+ clear_bit(PAGE_CLAIMED, &page->private);
} else {
z3fold_page_lock(zhdr);
- clear_bit(PAGE_CLAIMED, &page->private);
if (kref_put(&zhdr->refcount,
release_z3fold_page_locked)) {
atomic64_dec(&pool->pages_nr);
@@ -1213,6 +1230,7 @@ next:
list_add(&page->lru, &pool->lru);
spin_unlock(&pool->lock);
z3fold_page_unlock(zhdr);
+ clear_bit(PAGE_CLAIMED, &page->private);
}
/* We started off locked to we need to lock the pool back */
@@ -1317,7 +1335,8 @@ static bool z3fold_page_isolate(struct p
VM_BUG_ON_PAGE(!PageMovable(page), page);
VM_BUG_ON_PAGE(PageIsolated(page), page);
- if (test_bit(PAGE_HEADLESS, &page->private))
+ if (test_bit(PAGE_HEADLESS, &page->private) ||
+ test_bit(PAGE_CLAIMED, &page->private))
return false;
zhdr = page_address(page);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 265/313] z3fold: fix memory leak in kmem cache
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (262 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 264/313] z3fold: fix retry mechanism in page reclaim Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 266/313] mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone Greg Kroah-Hartman
` (52 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vitaly Wool, Markus Linnala,
Dan Streetman, Henry Burns, Shakeel Butt, Vlastimil Babka,
Andrew Morton, Linus Torvalds
From: Vitaly Wool <vitalywool@gmail.com>
commit 63398413c00c7836ea87a1fa205c91d2199b25cf upstream.
Currently there is a leak in init_z3fold_page() -- it allocates handles
from kmem cache even for headless pages, but then they are never used and
never freed, so eventually kmem cache may get exhausted. This patch
provides a fix for that.
Link: http://lkml.kernel.org/r/20190917185352.44cf285d3ebd9e64548de5de@gmail.com
Signed-off-by: Vitaly Wool <vitalywool@gmail.com>
Reported-by: Markus Linnala <markus.linnala@gmail.com>
Tested-by: Markus Linnala <markus.linnala@gmail.com>
Cc: Dan Streetman <ddstreet@ieee.org>
Cc: Henry Burns <henrywolfeburns@gmail.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/z3fold.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/mm/z3fold.c
+++ b/mm/z3fold.c
@@ -297,14 +297,11 @@ static void z3fold_unregister_migration(
}
/* Initializes the z3fold header of a newly allocated z3fold page */
-static struct z3fold_header *init_z3fold_page(struct page *page,
+static struct z3fold_header *init_z3fold_page(struct page *page, bool headless,
struct z3fold_pool *pool, gfp_t gfp)
{
struct z3fold_header *zhdr = page_address(page);
- struct z3fold_buddy_slots *slots = alloc_slots(pool, gfp);
-
- if (!slots)
- return NULL;
+ struct z3fold_buddy_slots *slots;
INIT_LIST_HEAD(&page->lru);
clear_bit(PAGE_HEADLESS, &page->private);
@@ -312,6 +309,12 @@ static struct z3fold_header *init_z3fold
clear_bit(NEEDS_COMPACTING, &page->private);
clear_bit(PAGE_STALE, &page->private);
clear_bit(PAGE_CLAIMED, &page->private);
+ if (headless)
+ return zhdr;
+
+ slots = alloc_slots(pool, gfp);
+ if (!slots)
+ return NULL;
spin_lock_init(&zhdr->page_lock);
kref_init(&zhdr->refcount);
@@ -932,7 +935,7 @@ retry:
if (!page)
return -ENOMEM;
- zhdr = init_z3fold_page(page, pool, gfp);
+ zhdr = init_z3fold_page(page, bud == HEADLESS, pool, gfp);
if (!zhdr) {
__free_page(page);
return -ENOMEM;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 266/313] mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (263 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 265/313] z3fold: fix memory leak in kmem cache Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 267/313] memcg, oom: dont require __GFP_FS when invoking memcg OOM killer Greg Kroah-Hartman
` (51 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yafang Shao, Vlastimil Babka,
David Rientjes, Yafang Shao, Mel Gorman, Michal Hocko,
Andrew Morton, Linus Torvalds
From: Yafang Shao <laoar.shao@gmail.com>
commit a94b525241c0fff3598809131d7cfcfe1d572d8c upstream.
total_{migrate,free}_scanned will be added to COMPACTMIGRATE_SCANNED and
COMPACTFREE_SCANNED in compact_zone(). We should clear them before
scanning a new zone. In the proc triggered compaction, we forgot clearing
them.
[laoar.shao@gmail.com: introduce a helper compact_zone_counters_init()]
Link: http://lkml.kernel.org/r/1563869295-25748-1-git-send-email-laoar.shao@gmail.com
[akpm@linux-foundation.org: expand compact_zone_counters_init() into its single callsite, per mhocko]
[vbabka@suse.cz: squash compact_zone() list_head init as well]
Link: http://lkml.kernel.org/r/1fb6f7da-f776-9e42-22f8-bbb79b030b98@suse.cz
[akpm@linux-foundation.org: kcompactd_do_work(): avoid unnecessary initialization of cc.zone]
Link: http://lkml.kernel.org/r/1563789275-9639-1-git-send-email-laoar.shao@gmail.com
Fixes: 7f354a548d1c ("mm, compaction: add vmstats for kcompactd work")
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Cc: David Rientjes <rientjes@google.com>
Cc: Yafang Shao <shaoyafang@didiglobal.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Michal Hocko <mhocko@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/compaction.c | 35 +++++++++++++----------------------
1 file changed, 13 insertions(+), 22 deletions(-)
--- a/mm/compaction.c
+++ b/mm/compaction.c
@@ -2078,6 +2078,17 @@ compact_zone(struct compact_control *cc,
const bool sync = cc->mode != MIGRATE_ASYNC;
bool update_cached;
+ /*
+ * These counters track activities during zone compaction. Initialize
+ * them before compacting a new zone.
+ */
+ cc->total_migrate_scanned = 0;
+ cc->total_free_scanned = 0;
+ cc->nr_migratepages = 0;
+ cc->nr_freepages = 0;
+ INIT_LIST_HEAD(&cc->freepages);
+ INIT_LIST_HEAD(&cc->migratepages);
+
cc->migratetype = gfpflags_to_migratetype(cc->gfp_mask);
ret = compaction_suitable(cc->zone, cc->order, cc->alloc_flags,
cc->classzone_idx);
@@ -2281,10 +2292,6 @@ static enum compact_result compact_zone_
{
enum compact_result ret;
struct compact_control cc = {
- .nr_freepages = 0,
- .nr_migratepages = 0,
- .total_migrate_scanned = 0,
- .total_free_scanned = 0,
.order = order,
.search_order = order,
.gfp_mask = gfp_mask,
@@ -2305,8 +2312,6 @@ static enum compact_result compact_zone_
if (capture)
current->capture_control = &capc;
- INIT_LIST_HEAD(&cc.freepages);
- INIT_LIST_HEAD(&cc.migratepages);
ret = compact_zone(&cc, &capc);
@@ -2408,8 +2413,6 @@ static void compact_node(int nid)
struct zone *zone;
struct compact_control cc = {
.order = -1,
- .total_migrate_scanned = 0,
- .total_free_scanned = 0,
.mode = MIGRATE_SYNC,
.ignore_skip_hint = true,
.whole_zone = true,
@@ -2423,11 +2426,7 @@ static void compact_node(int nid)
if (!populated_zone(zone))
continue;
- cc.nr_freepages = 0;
- cc.nr_migratepages = 0;
cc.zone = zone;
- INIT_LIST_HEAD(&cc.freepages);
- INIT_LIST_HEAD(&cc.migratepages);
compact_zone(&cc, NULL);
@@ -2529,8 +2528,6 @@ static void kcompactd_do_work(pg_data_t
struct compact_control cc = {
.order = pgdat->kcompactd_max_order,
.search_order = pgdat->kcompactd_max_order,
- .total_migrate_scanned = 0,
- .total_free_scanned = 0,
.classzone_idx = pgdat->kcompactd_classzone_idx,
.mode = MIGRATE_SYNC_LIGHT,
.ignore_skip_hint = false,
@@ -2554,16 +2551,10 @@ static void kcompactd_do_work(pg_data_t
COMPACT_CONTINUE)
continue;
- cc.nr_freepages = 0;
- cc.nr_migratepages = 0;
- cc.total_migrate_scanned = 0;
- cc.total_free_scanned = 0;
- cc.zone = zone;
- INIT_LIST_HEAD(&cc.freepages);
- INIT_LIST_HEAD(&cc.migratepages);
-
if (kthread_should_stop())
return;
+
+ cc.zone = zone;
status = compact_zone(&cc, NULL);
if (status == COMPACT_SUCCESS) {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 267/313] memcg, oom: dont require __GFP_FS when invoking memcg OOM killer
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (264 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 266/313] mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 268/313] memcg, kmem: do not fail __GFP_NOFAIL charges Greg Kroah-Hartman
` (50 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tetsuo Handa, Masoud Sharbiani,
Michal Hocko, David Rientjes, Andrew Morton, Linus Torvalds
From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
commit f9c645621a28e37813a1de96d9cbd89cde94a1e4 upstream.
Masoud Sharbiani noticed that commit 29ef680ae7c21110 ("memcg, oom: move
out_of_memory back to the charge path") broke memcg OOM called from
__xfs_filemap_fault() path. It turned out that try_charge() is retrying
forever without making forward progress because mem_cgroup_oom(GFP_NOFS)
cannot invoke the OOM killer due to commit 3da88fb3bacfaa33 ("mm, oom:
move GFP_NOFS check to out_of_memory").
Allowing forced charge due to being unable to invoke memcg OOM killer will
lead to global OOM situation. Also, just returning -ENOMEM will be risky
because OOM path is lost and some paths (e.g. get_user_pages()) will leak
-ENOMEM. Therefore, invoking memcg OOM killer (despite GFP_NOFS) will be
the only choice we can choose for now.
Until 29ef680ae7c21110, we were able to invoke memcg OOM killer when
GFP_KERNEL reclaim failed [1]. But since 29ef680ae7c21110, we need to
invoke memcg OOM killer when GFP_NOFS reclaim failed [2]. Although in the
past we did invoke memcg OOM killer for GFP_NOFS [3], we might get
pre-mature memcg OOM reports due to this patch.
[1]
leaker invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0
CPU: 0 PID: 2746 Comm: leaker Not tainted 4.18.0+ #19
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/13/2018
Call Trace:
dump_stack+0x63/0x88
dump_header+0x67/0x27a
? mem_cgroup_scan_tasks+0x91/0xf0
oom_kill_process+0x210/0x410
out_of_memory+0x10a/0x2c0
mem_cgroup_out_of_memory+0x46/0x80
mem_cgroup_oom_synchronize+0x2e4/0x310
? high_work_func+0x20/0x20
pagefault_out_of_memory+0x31/0x76
mm_fault_error+0x55/0x115
? handle_mm_fault+0xfd/0x220
__do_page_fault+0x433/0x4e0
do_page_fault+0x22/0x30
? page_fault+0x8/0x30
page_fault+0x1e/0x30
RIP: 0033:0x4009f0
Code: 03 00 00 00 e8 71 fd ff ff 48 83 f8 ff 49 89 c6 74 74 48 89 c6 bf c0 0c 40 00 31 c0 e8 69 fd ff ff 45 85 ff 7e 21 31 c9 66 90 <41> 0f be 14 0e 01 d3 f7 c1 ff 0f 00 00 75 05 41 c6 04 0e 2a 48 83
RSP: 002b:00007ffe29ae96f0 EFLAGS: 00010206
RAX: 000000000000001b RBX: 0000000000000000 RCX: 0000000001ce1000
RDX: 0000000000000000 RSI: 000000007fffffe5 RDI: 0000000000000000
RBP: 000000000000000c R08: 0000000000000000 R09: 00007f94be09220d
R10: 0000000000000002 R11: 0000000000000246 R12: 00000000000186a0
R13: 0000000000000003 R14: 00007f949d845000 R15: 0000000002800000
Task in /leaker killed as a result of limit of /leaker
memory: usage 524288kB, limit 524288kB, failcnt 158965
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 2016kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /leaker: cache:844KB rss:521136KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB inactive_anon:0KB active_anon:521224KB inactive_file:1012KB active_file:8KB unevictable:0KB
Memory cgroup out of memory: Kill process 2746 (leaker) score 998 or sacrifice child
Killed process 2746 (leaker) total-vm:536704kB, anon-rss:521176kB, file-rss:1208kB, shmem-rss:0kB
oom_reaper: reaped process 2746 (leaker), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
[2]
leaker invoked oom-killer: gfp_mask=0x600040(GFP_NOFS), nodemask=(null), order=0, oom_score_adj=0
CPU: 1 PID: 2746 Comm: leaker Not tainted 4.18.0+ #20
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/13/2018
Call Trace:
dump_stack+0x63/0x88
dump_header+0x67/0x27a
? mem_cgroup_scan_tasks+0x91/0xf0
oom_kill_process+0x210/0x410
out_of_memory+0x109/0x2d0
mem_cgroup_out_of_memory+0x46/0x80
try_charge+0x58d/0x650
? __radix_tree_replace+0x81/0x100
mem_cgroup_try_charge+0x7a/0x100
__add_to_page_cache_locked+0x92/0x180
add_to_page_cache_lru+0x4d/0xf0
iomap_readpages_actor+0xde/0x1b0
? iomap_zero_range_actor+0x1d0/0x1d0
iomap_apply+0xaf/0x130
iomap_readpages+0x9f/0x150
? iomap_zero_range_actor+0x1d0/0x1d0
xfs_vm_readpages+0x18/0x20 [xfs]
read_pages+0x60/0x140
__do_page_cache_readahead+0x193/0x1b0
ondemand_readahead+0x16d/0x2c0
page_cache_async_readahead+0x9a/0xd0
filemap_fault+0x403/0x620
? alloc_set_pte+0x12c/0x540
? _cond_resched+0x14/0x30
__xfs_filemap_fault+0x66/0x180 [xfs]
xfs_filemap_fault+0x27/0x30 [xfs]
__do_fault+0x19/0x40
__handle_mm_fault+0x8e8/0xb60
handle_mm_fault+0xfd/0x220
__do_page_fault+0x238/0x4e0
do_page_fault+0x22/0x30
? page_fault+0x8/0x30
page_fault+0x1e/0x30
RIP: 0033:0x4009f0
Code: 03 00 00 00 e8 71 fd ff ff 48 83 f8 ff 49 89 c6 74 74 48 89 c6 bf c0 0c 40 00 31 c0 e8 69 fd ff ff 45 85 ff 7e 21 31 c9 66 90 <41> 0f be 14 0e 01 d3 f7 c1 ff 0f 00 00 75 05 41 c6 04 0e 2a 48 83
RSP: 002b:00007ffda45c9290 EFLAGS: 00010206
RAX: 000000000000001b RBX: 0000000000000000 RCX: 0000000001a1e000
RDX: 0000000000000000 RSI: 000000007fffffe5 RDI: 0000000000000000
RBP: 000000000000000c R08: 0000000000000000 R09: 00007f6d061ff20d
R10: 0000000000000002 R11: 0000000000000246 R12: 00000000000186a0
R13: 0000000000000003 R14: 00007f6ce59b2000 R15: 0000000002800000
Task in /leaker killed as a result of limit of /leaker
memory: usage 524288kB, limit 524288kB, failcnt 7221
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
kmem: usage 1944kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /leaker: cache:3632KB rss:518232KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB inactive_anon:0KB active_anon:518408KB inactive_file:3908KB active_file:12KB unevictable:0KB
Memory cgroup out of memory: Kill process 2746 (leaker) score 992 or sacrifice child
Killed process 2746 (leaker) total-vm:536704kB, anon-rss:518264kB, file-rss:1188kB, shmem-rss:0kB
oom_reaper: reaped process 2746 (leaker), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
[3]
leaker invoked oom-killer: gfp_mask=0x50, order=0, oom_score_adj=0
leaker cpuset=/ mems_allowed=0
CPU: 1 PID: 3206 Comm: leaker Not tainted 3.10.0-957.27.2.el7.x86_64 #1
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/13/2018
Call Trace:
[<ffffffffaf364147>] dump_stack+0x19/0x1b
[<ffffffffaf35eb6a>] dump_header+0x90/0x229
[<ffffffffaedbb456>] ? find_lock_task_mm+0x56/0xc0
[<ffffffffaee32a38>] ? try_get_mem_cgroup_from_mm+0x28/0x60
[<ffffffffaedbb904>] oom_kill_process+0x254/0x3d0
[<ffffffffaee36c36>] mem_cgroup_oom_synchronize+0x546/0x570
[<ffffffffaee360b0>] ? mem_cgroup_charge_common+0xc0/0xc0
[<ffffffffaedbc194>] pagefault_out_of_memory+0x14/0x90
[<ffffffffaf35d072>] mm_fault_error+0x6a/0x157
[<ffffffffaf3717c8>] __do_page_fault+0x3c8/0x4f0
[<ffffffffaf371925>] do_page_fault+0x35/0x90
[<ffffffffaf36d768>] page_fault+0x28/0x30
Task in /leaker killed as a result of limit of /leaker
memory: usage 524288kB, limit 524288kB, failcnt 20628
memory+swap: usage 524288kB, limit 9007199254740988kB, failcnt 0
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Memory cgroup stats for /leaker: cache:840KB rss:523448KB rss_huge:0KB mapped_file:0KB swap:0KB inactive_anon:0KB active_anon:523448KB inactive_file:464KB active_file:376KB unevictable:0KB
Memory cgroup out of memory: Kill process 3206 (leaker) score 970 or sacrifice child
Killed process 3206 (leaker) total-vm:536692kB, anon-rss:523304kB, file-rss:412kB, shmem-rss:0kB
Bisected by Masoud Sharbiani.
Link: http://lkml.kernel.org/r/cbe54ed1-b6ba-a056-8899-2dc42526371d@i-love.sakura.ne.jp
Fixes: 3da88fb3bacfaa33 ("mm, oom: move GFP_NOFS check to out_of_memory") [necessary after 29ef680ae7c21110]
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: Masoud Sharbiani <msharbiani@apple.com>
Tested-by: Masoud Sharbiani <msharbiani@apple.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: David Rientjes <rientjes@google.com>
Cc: <stable@vger.kernel.org> [4.19+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/oom_kill.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -1060,9 +1060,10 @@ bool out_of_memory(struct oom_control *o
* The OOM killer does not compensate for IO-less reclaim.
* pagefault_out_of_memory lost its gfp context so we have to
* make sure exclude 0 mask - all other users should have at least
- * ___GFP_DIRECT_RECLAIM to get here.
+ * ___GFP_DIRECT_RECLAIM to get here. But mem_cgroup_oom() has to
+ * invoke the OOM killer even if it is a GFP_NOFS allocation.
*/
- if (oc->gfp_mask && !(oc->gfp_mask & __GFP_FS))
+ if (oc->gfp_mask && !(oc->gfp_mask & __GFP_FS) && !is_memcg_oom(oc))
return true;
/*
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 268/313] memcg, kmem: do not fail __GFP_NOFAIL charges
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (265 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 267/313] memcg, oom: dont require __GFP_FS when invoking memcg OOM killer Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 269/313] lib/lzo/lzo1x_compress.c: fix alignment bug in lzo-rle Greg Kroah-Hartman
` (49 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Hocko, Thomas Lindroth,
Johannes Weiner, Vladimir Davydov, Andrey Ryabinin, Shakeel Butt,
Andrew Morton, Linus Torvalds, Tetsuo Handa
From: Michal Hocko <mhocko@suse.com>
commit e55d9d9bfb69405bd7615c0f8d229d8fafb3e9b8 upstream.
Thomas has noticed the following NULL ptr dereference when using cgroup
v1 kmem limit:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
PGD 0
P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 16923 Comm: gtk-update-icon Not tainted 4.19.51 #42
Hardware name: Gigabyte Technology Co., Ltd. Z97X-Gaming G1/Z97X-Gaming G1, BIOS F9 07/31/2015
RIP: 0010:create_empty_buffers+0x24/0x100
Code: cd 0f 1f 44 00 00 0f 1f 44 00 00 41 54 49 89 d4 ba 01 00 00 00 55 53 48 89 fb e8 97 fe ff ff 48 89 c5 48 89 c2 eb 03 48 89 ca <48> 8b 4a 08 4c 09 22 48 85 c9 75 f1 48 89 6a 08 48 8b 43 18 48 8d
RSP: 0018:ffff927ac1b37bf8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: fffff2d4429fd740 RCX: 0000000100097149
RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff9075a99fbe00
RBP: 0000000000000000 R08: fffff2d440949cc8 R09: 00000000000960c0
R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000
R13: ffff907601f18360 R14: 0000000000002000 R15: 0000000000001000
FS: 00007fb55b288bc0(0000) GS:ffff90761f8c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 000000007aebc002 CR4: 00000000001606e0
Call Trace:
create_page_buffers+0x4d/0x60
__block_write_begin_int+0x8e/0x5a0
? ext4_inode_attach_jinode.part.82+0xb0/0xb0
? jbd2__journal_start+0xd7/0x1f0
ext4_da_write_begin+0x112/0x3d0
generic_perform_write+0xf1/0x1b0
? file_update_time+0x70/0x140
__generic_file_write_iter+0x141/0x1a0
ext4_file_write_iter+0xef/0x3b0
__vfs_write+0x17e/0x1e0
vfs_write+0xa5/0x1a0
ksys_write+0x57/0xd0
do_syscall_64+0x55/0x160
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Tetsuo then noticed that this is because the __memcg_kmem_charge_memcg
fails __GFP_NOFAIL charge when the kmem limit is reached. This is a wrong
behavior because nofail allocations are not allowed to fail. Normal
charge path simply forces the charge even if that means to cross the
limit. Kmem accounting should be doing the same.
Link: http://lkml.kernel.org/r/20190906125608.32129-1-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Debugged-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Thomas Lindroth <thomas.lindroth@gmail.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memcontrol.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -2719,6 +2719,16 @@ int __memcg_kmem_charge_memcg(struct pag
if (!cgroup_subsys_on_dfl(memory_cgrp_subsys) &&
!page_counter_try_charge(&memcg->kmem, nr_pages, &counter)) {
+
+ /*
+ * Enforce __GFP_NOFAIL allocation because callers are not
+ * prepared to see failures and likely do not have any failure
+ * handling code.
+ */
+ if (gfp & __GFP_NOFAIL) {
+ page_counter_charge(&memcg->kmem, nr_pages);
+ return 0;
+ }
cancel_charge(memcg, nr_pages);
return -ENOMEM;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 269/313] lib/lzo/lzo1x_compress.c: fix alignment bug in lzo-rle
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (266 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 268/313] memcg, kmem: do not fail __GFP_NOFAIL charges Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 270/313] mt76: round up length on mt76_wr_copy Greg Kroah-Hartman
` (48 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Rodgman,
Markus F.X.J. Oberhumer, Minchan Kim, Andrew Morton,
Linus Torvalds
From: Dave Rodgman <dave.rodgman@arm.com>
commit 09b35b4192f6682dff96a093ab1930998cdb73b4 upstream.
Fix an unaligned access which breaks on platforms where this is not
permitted (e.g., Sparc).
Link: http://lkml.kernel.org/r/20190912145502.35229-1-dave.rodgman@arm.com
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Cc: Dave Rodgman <dave.rodgman@arm.com>
Cc: Markus F.X.J. Oberhumer <markus@oberhumer.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/lzo/lzo1x_compress.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/lib/lzo/lzo1x_compress.c
+++ b/lib/lzo/lzo1x_compress.c
@@ -83,17 +83,19 @@ next:
ALIGN((uintptr_t)ir, 4)) &&
(ir < limit) && (*ir == 0))
ir++;
- for (; (ir + 4) <= limit; ir += 4) {
- dv = *((u32 *)ir);
- if (dv) {
+ if (IS_ALIGNED((uintptr_t)ir, 4)) {
+ for (; (ir + 4) <= limit; ir += 4) {
+ dv = *((u32 *)ir);
+ if (dv) {
# if defined(__LITTLE_ENDIAN)
- ir += __builtin_ctz(dv) >> 3;
+ ir += __builtin_ctz(dv) >> 3;
# elif defined(__BIG_ENDIAN)
- ir += __builtin_clz(dv) >> 3;
+ ir += __builtin_clz(dv) >> 3;
# else
# error "missing endian definition"
# endif
- break;
+ break;
+ }
}
}
#endif
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 270/313] mt76: round up length on mt76_wr_copy
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (267 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 269/313] lib/lzo/lzo1x_compress.c: fix alignment bug in lzo-rle Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 271/313] KEYS: trusted: correctly initialize digests and fix locking issue Greg Kroah-Hartman
` (47 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Felix Fietkau
From: Felix Fietkau <nbd@nbd.name>
commit 850e8f6fbd5d0003b0f1119d19a01c6fef1644e2 upstream.
When beacon length is not a multiple of 4, the beacon could be sent with
the last 1-3 bytes corrupted. The skb data is guaranteed to have enough
room for reading beyond the end, because it is always followed by
skb_shared_info, so rounding up is safe.
All other callers of mt76_wr_copy have multiple-of-4 length already.
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mediatek/mt76/mmio.c | 2 +-
drivers/net/wireless/mediatek/mt76/usb.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/mediatek/mt76/mmio.c
+++ b/drivers/net/wireless/mediatek/mt76/mmio.c
@@ -43,7 +43,7 @@ static u32 mt76_mmio_rmw(struct mt76_dev
static void mt76_mmio_copy(struct mt76_dev *dev, u32 offset, const void *data,
int len)
{
- __iowrite32_copy(dev->mmio.regs + offset, data, len >> 2);
+ __iowrite32_copy(dev->mmio.regs + offset, data, DIV_ROUND_UP(len, 4));
}
static int mt76_mmio_wr_rp(struct mt76_dev *dev, u32 base,
--- a/drivers/net/wireless/mediatek/mt76/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/usb.c
@@ -164,7 +164,7 @@ static void mt76u_copy(struct mt76_dev *
int i, ret;
mutex_lock(&usb->usb_ctrl_mtx);
- for (i = 0; i < (len / 4); i++) {
+ for (i = 0; i < DIV_ROUND_UP(len, 4); i++) {
put_unaligned_le32(val[i], usb->data);
ret = __mt76u_vendor_request(dev, MT_VEND_MULTI_WRITE,
USB_DIR_OUT | USB_TYPE_VENDOR,
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 271/313] KEYS: trusted: correctly initialize digests and fix locking issue
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (268 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 270/313] mt76: round up length on mt76_wr_copy Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 272/313] rtw88: pci: Rearrange the memory usage for skb in RX ISR Greg Kroah-Hartman
` (46 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roberto Sassu, Jarkko Sakkinen,
Jerry Snitselaar
From: Roberto Sassu <roberto.sassu@huawei.com>
commit 9f75c82246313d4c2a6bc77e947b45655b3b5ad5 upstream.
Commit 0b6cf6b97b7e ("tpm: pass an array of tpm_extend_digest structures to
tpm_pcr_extend()") modifies tpm_pcr_extend() to accept a digest for each
PCR bank. After modification, tpm_pcr_extend() expects that digests are
passed in the same order as the algorithms set in chip->allocated_banks.
This patch fixes two issues introduced in the last iterations of the patch
set: missing initialization of the TPM algorithm ID in the tpm_digest
structures passed to tpm_pcr_extend() by the trusted key module, and
unreleased locks in the TPM driver due to returning from tpm_pcr_extend()
without calling tpm_put_ops().
Cc: stable@vger.kernel.org
Fixes: 0b6cf6b97b7e ("tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm-interface.c | 14 +++++++++-----
security/keys/trusted.c | 5 +++++
2 files changed, 14 insertions(+), 5 deletions(-)
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -320,18 +320,22 @@ int tpm_pcr_extend(struct tpm_chip *chip
if (!chip)
return -ENODEV;
- for (i = 0; i < chip->nr_allocated_banks; i++)
- if (digests[i].alg_id != chip->allocated_banks[i].alg_id)
- return -EINVAL;
+ for (i = 0; i < chip->nr_allocated_banks; i++) {
+ if (digests[i].alg_id != chip->allocated_banks[i].alg_id) {
+ rc = EINVAL;
+ goto out;
+ }
+ }
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
rc = tpm2_pcr_extend(chip, pcr_idx, digests);
- tpm_put_ops(chip);
- return rc;
+ goto out;
}
rc = tpm1_pcr_extend(chip, pcr_idx, digests[0].digest,
"attempting extend a PCR value");
+
+out:
tpm_put_ops(chip);
return rc;
}
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1228,11 +1228,16 @@ hashalg_fail:
static int __init init_digests(void)
{
+ int i;
+
digests = kcalloc(chip->nr_allocated_banks, sizeof(*digests),
GFP_KERNEL);
if (!digests)
return -ENOMEM;
+ for (i = 0; i < chip->nr_allocated_banks; i++)
+ digests[i].alg_id = chip->allocated_banks[i].alg_id;
+
return 0;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 272/313] rtw88: pci: Rearrange the memory usage for skb in RX ISR
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (269 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 271/313] KEYS: trusted: correctly initialize digests and fix locking issue Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 273/313] rtw88: pci: Use DMA sync instead of remapping " Greg Kroah-Hartman
` (45 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jian-Hong Pan, Kalle Valo
From: Jian-Hong Pan <jian-hong@endlessm.com>
commit ee6db78f5db9bfe426c57a1ec9713827ebccd2d4 upstream.
Testing with RTL8822BE hardware, when available memory is low, we
frequently see a kernel panic and system freeze.
First, rtw_pci_rx_isr encounters a memory allocation failure (trimmed):
rx routine starvation
WARNING: CPU: 7 PID: 9871 at drivers/net/wireless/realtek/rtw88/pci.c:822 rtw_pci_rx_isr.constprop.25+0x35a/0x370 [rtwpci]
[ 2356.580313] RIP: 0010:rtw_pci_rx_isr.constprop.25+0x35a/0x370 [rtwpci]
Then we see a variety of different error conditions and kernel panics,
such as this one (trimmed):
rtw_pci 0000:02:00.0: pci bus timeout, check dma status
skbuff: skb_over_panic: text:00000000091b6e66 len:415 put:415 head:00000000d2880c6f data:000000007a02b1ea tail:0x1df end:0xc0 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:105!
invalid opcode: 0000 [#1] SMP NOPTI
RIP: 0010:skb_panic+0x43/0x45
When skb allocation fails and the "rx routine starvation" is hit, the
function returns immediately without updating the RX ring. At this
point, the RX ring may continue referencing an old skb which was already
handed off to ieee80211_rx_irqsafe(). When it comes to be used again,
bad things happen.
This patch allocates a new, data-sized skb first in RX ISR. After
copying the data in, we pass it to the upper layers. However, if skb
allocation fails, we effectively drop the frame. In both cases, the
original, full size ring skb is reused.
In addition, to fixing the kernel crash, the RX routine should now
generally behave better under low memory conditions.
Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=204053
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtw88/pci.c | 49 +++++++++++++------------------
1 file changed, 22 insertions(+), 27 deletions(-)
--- a/drivers/net/wireless/realtek/rtw88/pci.c
+++ b/drivers/net/wireless/realtek/rtw88/pci.c
@@ -763,6 +763,7 @@ static void rtw_pci_rx_isr(struct rtw_de
u32 pkt_offset;
u32 pkt_desc_sz = chip->rx_pkt_desc_sz;
u32 buf_desc_sz = chip->rx_buf_desc_sz;
+ u32 new_len;
u8 *rx_desc;
dma_addr_t dma;
@@ -790,40 +791,34 @@ static void rtw_pci_rx_isr(struct rtw_de
pkt_offset = pkt_desc_sz + pkt_stat.drv_info_sz +
pkt_stat.shift;
- if (pkt_stat.is_c2h) {
- /* keep rx_desc, halmac needs it */
- skb_put(skb, pkt_stat.pkt_len + pkt_offset);
+ /* allocate a new skb for this frame,
+ * discard the frame if none available
+ */
+ new_len = pkt_stat.pkt_len + pkt_offset;
+ new = dev_alloc_skb(new_len);
+ if (WARN_ONCE(!new, "rx routine starvation\n"))
+ goto next_rp;
+
+ /* put the DMA data including rx_desc from phy to new skb */
+ skb_put_data(new, skb->data, new_len);
- /* pass offset for further operation */
- *((u32 *)skb->cb) = pkt_offset;
- skb_queue_tail(&rtwdev->c2h_queue, skb);
+ if (pkt_stat.is_c2h) {
+ /* pass rx_desc & offset for further operation */
+ *((u32 *)new->cb) = pkt_offset;
+ skb_queue_tail(&rtwdev->c2h_queue, new);
ieee80211_queue_work(rtwdev->hw, &rtwdev->c2h_work);
} else {
- /* remove rx_desc, maybe use skb_pull? */
- skb_put(skb, pkt_stat.pkt_len);
- skb_reserve(skb, pkt_offset);
-
- /* alloc a smaller skb to mac80211 */
- new = dev_alloc_skb(pkt_stat.pkt_len);
- if (!new) {
- new = skb;
- } else {
- skb_put_data(new, skb->data, skb->len);
- dev_kfree_skb_any(skb);
- }
- /* TODO: merge into rx.c */
- rtw_rx_stats(rtwdev, pkt_stat.vif, skb);
+ /* remove rx_desc */
+ skb_pull(new, pkt_offset);
+
+ rtw_rx_stats(rtwdev, pkt_stat.vif, new);
memcpy(new->cb, &rx_status, sizeof(rx_status));
ieee80211_rx_irqsafe(rtwdev->hw, new);
}
- /* skb delivered to mac80211, alloc a new one in rx ring */
- new = dev_alloc_skb(RTK_PCI_RX_BUF_SIZE);
- if (WARN(!new, "rx routine starvation\n"))
- return;
-
- ring->buf[cur_rp] = new;
- rtw_pci_reset_rx_desc(rtwdev, new, ring, cur_rp, buf_desc_sz);
+next_rp:
+ /* new skb delivered to mac80211, re-enable original skb DMA */
+ rtw_pci_reset_rx_desc(rtwdev, skb, ring, cur_rp, buf_desc_sz);
/* host read next element in ring */
if (++cur_rp >= ring->r.len)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 273/313] rtw88: pci: Use DMA sync instead of remapping in RX ISR
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (270 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 272/313] rtw88: pci: Rearrange the memory usage for skb in RX ISR Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 274/313] ath10k: fix channel info parsing for non tlv target Greg Kroah-Hartman
` (44 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jian-Hong Pan, Kalle Valo
From: Jian-Hong Pan <jian-hong@endlessm.com>
commit 29b68a920f6abb7b5ba21ab4b779f62d536bac9b upstream.
Since each skb in RX ring is reused instead of new allocation, we can
treat the DMA in a more efficient way by DMA synchronization.
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtw88/pci.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
--- a/drivers/net/wireless/realtek/rtw88/pci.c
+++ b/drivers/net/wireless/realtek/rtw88/pci.c
@@ -206,6 +206,23 @@ static int rtw_pci_reset_rx_desc(struct
return 0;
}
+static void rtw_pci_sync_rx_desc_device(struct rtw_dev *rtwdev, dma_addr_t dma,
+ struct rtw_pci_rx_ring *rx_ring,
+ u32 idx, u32 desc_sz)
+{
+ struct device *dev = rtwdev->dev;
+ struct rtw_pci_rx_buffer_desc *buf_desc;
+ int buf_sz = RTK_PCI_RX_BUF_SIZE;
+
+ dma_sync_single_for_device(dev, dma, buf_sz, DMA_FROM_DEVICE);
+
+ buf_desc = (struct rtw_pci_rx_buffer_desc *)(rx_ring->r.head +
+ idx * desc_sz);
+ memset(buf_desc, 0, sizeof(*buf_desc));
+ buf_desc->buf_size = cpu_to_le16(RTK_PCI_RX_BUF_SIZE);
+ buf_desc->dma = cpu_to_le32(dma);
+}
+
static int rtw_pci_init_rx_ring(struct rtw_dev *rtwdev,
struct rtw_pci_rx_ring *rx_ring,
u8 desc_size, u32 len)
@@ -782,8 +799,8 @@ static void rtw_pci_rx_isr(struct rtw_de
rtw_pci_dma_check(rtwdev, ring, cur_rp);
skb = ring->buf[cur_rp];
dma = *((dma_addr_t *)skb->cb);
- pci_unmap_single(rtwpci->pdev, dma, RTK_PCI_RX_BUF_SIZE,
- PCI_DMA_FROMDEVICE);
+ dma_sync_single_for_cpu(rtwdev->dev, dma, RTK_PCI_RX_BUF_SIZE,
+ DMA_FROM_DEVICE);
rx_desc = skb->data;
chip->ops->query_rx_desc(rtwdev, rx_desc, &pkt_stat, &rx_status);
@@ -818,7 +835,8 @@ static void rtw_pci_rx_isr(struct rtw_de
next_rp:
/* new skb delivered to mac80211, re-enable original skb DMA */
- rtw_pci_reset_rx_desc(rtwdev, skb, ring, cur_rp, buf_desc_sz);
+ rtw_pci_sync_rx_desc_device(rtwdev, dma, ring, cur_rp,
+ buf_desc_sz);
/* host read next element in ring */
if (++cur_rp >= ring->r.len)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 274/313] ath10k: fix channel info parsing for non tlv target
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (271 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 273/313] rtw88: pci: Use DMA sync instead of remapping " Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 275/313] i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask Greg Kroah-Hartman
` (43 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rakesh Pillai, Kalle Valo
From: Rakesh Pillai <pillair@codeaurora.org>
commit 6be6c04bcc2e8770b8637632789ff15765124894 upstream.
The tlv targets such as WCN3990 send more data in the chan info event, which is
not sent by the non tlv targets. There is a minimum size check in the wmi event
for non-tlv targets and hence we cannot update the common channel info
structure as it was done in commit 13104929d2ec ("ath10k: fill the channel
survey results for WCN3990 correctly"). This broke channel survey results on
10.x firmware versions.
If the common channel info structure is updated, the size check for chan info
event for non-tlv targets will fail and return -EPROTO and we see the below
error messages
ath10k_pci 0000:01:00.0: failed to parse chan info event: -71
Add tlv specific channel info structure and restore the original size of the
common channel info structure to mitigate this issue.
Tested HW: WCN3990
QCA9887
Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1
10.2.4-1.0-00037
Fixes: 13104929d2ec ("ath10k: fill the channel survey results for WCN3990 correctly")
Cc: stable@vger.kernel.org # 5.0
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 2 +-
drivers/net/wireless/ath/ath10k/wmi-tlv.h | 16 ++++++++++++++++
drivers/net/wireless/ath/ath10k/wmi.h | 8 --------
3 files changed, 17 insertions(+), 9 deletions(-)
--- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
@@ -810,7 +810,7 @@ static int ath10k_wmi_tlv_op_pull_ch_inf
struct wmi_ch_info_ev_arg *arg)
{
const void **tb;
- const struct wmi_chan_info_event *ev;
+ const struct wmi_tlv_chan_info_event *ev;
int ret;
tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
--- a/drivers/net/wireless/ath/ath10k/wmi-tlv.h
+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.h
@@ -1607,6 +1607,22 @@ struct chan_info_params {
#define WMI_TLV_FLAG_MGMT_BUNDLE_TX_COMPL BIT(9)
+struct wmi_tlv_chan_info_event {
+ __le32 err_code;
+ __le32 freq;
+ __le32 cmd_flags;
+ __le32 noise_floor;
+ __le32 rx_clear_count;
+ __le32 cycle_count;
+ __le32 chan_tx_pwr_range;
+ __le32 chan_tx_pwr_tp;
+ __le32 rx_frame_count;
+ __le32 my_bss_rx_cycle_count;
+ __le32 rx_11b_mode_data_duration;
+ __le32 tx_frame_cnt;
+ __le32 mac_clk_mhz;
+} __packed;
+
struct wmi_tlv_mgmt_tx_compl_ev {
__le32 desc_id;
__le32 status;
--- a/drivers/net/wireless/ath/ath10k/wmi.h
+++ b/drivers/net/wireless/ath/ath10k/wmi.h
@@ -6524,14 +6524,6 @@ struct wmi_chan_info_event {
__le32 noise_floor;
__le32 rx_clear_count;
__le32 cycle_count;
- __le32 chan_tx_pwr_range;
- __le32 chan_tx_pwr_tp;
- __le32 rx_frame_count;
- __le32 my_bss_rx_cycle_count;
- __le32 rx_11b_mode_data_duration;
- __le32 tx_frame_cnt;
- __le32 mac_clk_mhz;
-
} __packed;
struct wmi_10_4_chan_info_event {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 275/313] i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (272 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 274/313] ath10k: fix channel info parsing for non tlv target Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 276/313] block: mq-deadline: Fix queue restart handling Greg Kroah-Hartman
` (42 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Assmann, Andrew Bowers, Jeff Kirsher
From: Stefan Assmann <sassmann@kpanic.de>
commit a7542b87607560d0b89e7ff81d870bd6ff8835cb upstream.
While testing VF spawn/destroy the following panic occurred.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000029
[...]
Workqueue: i40e i40e_service_task [i40e]
RIP: 0010:i40e_sync_vsi_filters+0x6fd/0xc60 [i40e]
[...]
Call Trace:
? __switch_to_asm+0x35/0x70
? __switch_to_asm+0x41/0x70
? __switch_to_asm+0x35/0x70
? _cond_resched+0x15/0x30
i40e_sync_filters_subtask+0x56/0x70 [i40e]
i40e_service_task+0x382/0x11b0 [i40e]
? __switch_to_asm+0x41/0x70
? __switch_to_asm+0x41/0x70
process_one_work+0x1a7/0x3b0
worker_thread+0x30/0x390
? create_worker+0x1a0/0x1a0
kthread+0x112/0x130
? kthread_bind+0x30/0x30
ret_from_fork+0x35/0x40
Investigation revealed a race where pf->vf[vsi->vf_id].trusted may get
accessed by the watchdog via i40e_sync_filters_subtask() although
i40e_free_vfs() already free'd pf->vf.
To avoid this the call to i40e_sync_vsi_filters() in
i40e_sync_filters_subtask() needs to be guarded by __I40E_VF_DISABLE,
which is also used by i40e_free_vfs().
Note: put the __I40E_VF_DISABLE check after the
__I40E_MACVLAN_SYNC_PENDING check as the latter is more likely to
trigger.
CC: stable@vger.kernel.org
Signed-off-by: Stefan Assmann <sassmann@kpanic.de>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/i40e/i40e_main.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -2586,6 +2586,10 @@ static void i40e_sync_filters_subtask(st
return;
if (!test_and_clear_bit(__I40E_MACVLAN_SYNC_PENDING, pf->state))
return;
+ if (test_and_set_bit(__I40E_VF_DISABLE, pf->state)) {
+ set_bit(__I40E_MACVLAN_SYNC_PENDING, pf->state);
+ return;
+ }
for (v = 0; v < pf->num_alloc_vsi; v++) {
if (pf->vsi[v] &&
@@ -2600,6 +2604,7 @@ static void i40e_sync_filters_subtask(st
}
}
}
+ clear_bit(__I40E_VF_DISABLE, pf->state);
}
/**
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 276/313] block: mq-deadline: Fix queue restart handling
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (273 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 275/313] i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 277/313] block: fix null pointer dereference in blk_mq_rq_timed_out() Greg Kroah-Hartman
` (41 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Holmberg, Hans Holmberg,
Christoph Hellwig, Damien Le Moal, Jens Axboe
From: Damien Le Moal <damien.lemoal@wdc.com>
commit cb8acabbe33b110157955a7425ee876fb81e6bbc upstream.
Commit 7211aef86f79 ("block: mq-deadline: Fix write completion
handling") added a call to blk_mq_sched_mark_restart_hctx() in
dd_dispatch_request() to make sure that write request dispatching does
not stall when all target zones are locked. This fix left a subtle race
when a write completion happens during a dispatch execution on another
CPU:
CPU 0: Dispatch CPU1: write completion
dd_dispatch_request()
lock(&dd->lock);
...
lock(&dd->zone_lock); dd_finish_request()
rq = find request lock(&dd->zone_lock);
unlock(&dd->zone_lock);
zone write unlock
unlock(&dd->zone_lock);
...
__blk_mq_free_request
check restart flag (not set)
-> queue not run
...
if (!rq && have writes)
blk_mq_sched_mark_restart_hctx()
unlock(&dd->lock)
Since the dispatch context finishes after the write request completion
handling, marking the queue as needing a restart is not seen from
__blk_mq_free_request() and blk_mq_sched_restart() not executed leading
to the dispatch stall under 100% write workloads.
Fix this by moving the call to blk_mq_sched_mark_restart_hctx() from
dd_dispatch_request() into dd_finish_request() under the zone lock to
ensure full mutual exclusion between write request dispatch selection
and zone unlock on write request completion.
Fixes: 7211aef86f79 ("block: mq-deadline: Fix write completion handling")
Cc: stable@vger.kernel.org
Reported-by: Hans Holmberg <Hans.Holmberg@wdc.com>
Reviewed-by: Hans Holmberg <hans.holmberg@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/mq-deadline.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
--- a/block/mq-deadline.c
+++ b/block/mq-deadline.c
@@ -377,13 +377,6 @@ done:
* hardware queue, but we may return a request that is for a
* different hardware queue. This is because mq-deadline has shared
* state for all hardware queues, in terms of sorting, FIFOs, etc.
- *
- * For a zoned block device, __dd_dispatch_request() may return NULL
- * if all the queued write requests are directed at zones that are already
- * locked due to on-going write requests. In this case, make sure to mark
- * the queue as needing a restart to ensure that the queue is run again
- * and the pending writes dispatched once the target zones for the ongoing
- * write requests are unlocked in dd_finish_request().
*/
static struct request *dd_dispatch_request(struct blk_mq_hw_ctx *hctx)
{
@@ -392,9 +385,6 @@ static struct request *dd_dispatch_reque
spin_lock(&dd->lock);
rq = __dd_dispatch_request(dd);
- if (!rq && blk_queue_is_zoned(hctx->queue) &&
- !list_empty(&dd->fifo_list[WRITE]))
- blk_mq_sched_mark_restart_hctx(hctx);
spin_unlock(&dd->lock);
return rq;
@@ -560,6 +550,13 @@ static void dd_prepare_request(struct re
* spinlock so that the zone is never unlocked while deadline_fifo_request()
* or deadline_next_request() are executing. This function is called for
* all requests, whether or not these requests complete successfully.
+ *
+ * For a zoned block device, __dd_dispatch_request() may have stopped
+ * dispatching requests if all the queued requests are write requests directed
+ * at zones that are already locked due to on-going write requests. To ensure
+ * write request dispatch progress in this case, mark the queue as needing a
+ * restart to ensure that the queue is run again after completion of the
+ * request and zones being unlocked.
*/
static void dd_finish_request(struct request *rq)
{
@@ -571,6 +568,8 @@ static void dd_finish_request(struct req
spin_lock_irqsave(&dd->zone_lock, flags);
blk_req_zone_write_unlock(rq);
+ if (!list_empty(&dd->fifo_list[WRITE]))
+ blk_mq_sched_mark_restart_hctx(rq->mq_hctx);
spin_unlock_irqrestore(&dd->zone_lock, flags);
}
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 277/313] block: fix null pointer dereference in blk_mq_rq_timed_out()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (274 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 276/313] block: mq-deadline: Fix queue restart handling Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 278/313] smb3: allow disabling requesting leases Greg Kroah-Hartman
` (40 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Keith Busch,
Bart Van Assche, Ming Lei, Bob Liu, Yufen Yu, Jens Axboe
From: Yufen Yu <yuyufen@huawei.com>
commit 8d6996630c03d7ceeabe2611378fea5ca1c3f1b3 upstream.
We got a null pointer deference BUG_ON in blk_mq_rq_timed_out()
as following:
[ 108.825472] BUG: kernel NULL pointer dereference, address: 0000000000000040
[ 108.827059] PGD 0 P4D 0
[ 108.827313] Oops: 0000 [#1] SMP PTI
[ 108.827657] CPU: 6 PID: 198 Comm: kworker/6:1H Not tainted 5.3.0-rc8+ #431
[ 108.829503] Workqueue: kblockd blk_mq_timeout_work
[ 108.829913] RIP: 0010:blk_mq_check_expired+0x258/0x330
[ 108.838191] Call Trace:
[ 108.838406] bt_iter+0x74/0x80
[ 108.838665] blk_mq_queue_tag_busy_iter+0x204/0x450
[ 108.839074] ? __switch_to_asm+0x34/0x70
[ 108.839405] ? blk_mq_stop_hw_queue+0x40/0x40
[ 108.839823] ? blk_mq_stop_hw_queue+0x40/0x40
[ 108.840273] ? syscall_return_via_sysret+0xf/0x7f
[ 108.840732] blk_mq_timeout_work+0x74/0x200
[ 108.841151] process_one_work+0x297/0x680
[ 108.841550] worker_thread+0x29c/0x6f0
[ 108.841926] ? rescuer_thread+0x580/0x580
[ 108.842344] kthread+0x16a/0x1a0
[ 108.842666] ? kthread_flush_work+0x170/0x170
[ 108.843100] ret_from_fork+0x35/0x40
The bug is caused by the race between timeout handle and completion for
flush request.
When timeout handle function blk_mq_rq_timed_out() try to read
'req->q->mq_ops', the 'req' have completed and reinitiated by next
flush request, which would call blk_rq_init() to clear 'req' as 0.
After commit 12f5b93145 ("blk-mq: Remove generation seqeunce"),
normal requests lifetime are protected by refcount. Until 'rq->ref'
drop to zero, the request can really be free. Thus, these requests
cannot been reused before timeout handle finish.
However, flush request has defined .end_io and rq->end_io() is still
called even if 'rq->ref' doesn't drop to zero. After that, the 'flush_rq'
can be reused by the next flush request handle, resulting in null
pointer deference BUG ON.
We fix this problem by covering flush request with 'rq->ref'.
If the refcount is not zero, flush_end_io() return and wait the
last holder recall it. To record the request status, we add a new
entry 'rq_status', which will be used in flush_end_io().
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: stable@vger.kernel.org # v4.18+
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Bob Liu <bob.liu@oracle.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-------
v2:
- move rq_status from struct request to struct blk_flush_queue
v3:
- remove unnecessary '{}' pair.
v4:
- let spinlock to protect 'fq->rq_status'
v5:
- move rq_status after flush_running_idx member of struct blk_flush_queue
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
block/blk-flush.c | 10 ++++++++++
block/blk-mq.c | 5 ++++-
block/blk.h | 7 +++++++
3 files changed, 21 insertions(+), 1 deletion(-)
--- a/block/blk-flush.c
+++ b/block/blk-flush.c
@@ -214,6 +214,16 @@ static void flush_end_io(struct request
/* release the tag's ownership to the req cloned from */
spin_lock_irqsave(&fq->mq_flush_lock, flags);
+
+ if (!refcount_dec_and_test(&flush_rq->ref)) {
+ fq->rq_status = error;
+ spin_unlock_irqrestore(&fq->mq_flush_lock, flags);
+ return;
+ }
+
+ if (fq->rq_status != BLK_STS_OK)
+ error = fq->rq_status;
+
hctx = flush_rq->mq_hctx;
if (!q->elevator) {
blk_mq_tag_set_rq(hctx, flush_rq->tag, fq->orig_rq);
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -910,7 +910,10 @@ static bool blk_mq_check_expired(struct
*/
if (blk_mq_req_expired(rq, next))
blk_mq_rq_timed_out(rq, reserved);
- if (refcount_dec_and_test(&rq->ref))
+
+ if (is_flush_rq(rq, hctx))
+ rq->end_io(rq, 0);
+ else if (refcount_dec_and_test(&rq->ref))
__blk_mq_free_request(rq);
return true;
--- a/block/blk.h
+++ b/block/blk.h
@@ -19,6 +19,7 @@ struct blk_flush_queue {
unsigned int flush_queue_delayed:1;
unsigned int flush_pending_idx:1;
unsigned int flush_running_idx:1;
+ blk_status_t rq_status;
unsigned long flush_pending_since;
struct list_head flush_queue[2];
struct list_head flush_data_in_flight;
@@ -47,6 +48,12 @@ static inline void __blk_get_queue(struc
kobject_get(&q->kobj);
}
+static inline bool
+is_flush_rq(struct request *req, struct blk_mq_hw_ctx *hctx)
+{
+ return hctx->fq->flush_rq == req;
+}
+
struct blk_flush_queue *blk_alloc_flush_queue(struct request_queue *q,
int node, int cmd_size, gfp_t flags);
void blk_free_flush_queue(struct blk_flush_queue *q);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 278/313] smb3: allow disabling requesting leases
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (275 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 277/313] block: fix null pointer dereference in blk_mq_rq_timed_out() Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 279/313] smb3: fix leak in "open on server" perf counter Greg Kroah-Hartman
` (39 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Shilovsky, Steve French,
Ronnie Sahlberg
From: Steve French <stfrench@microsoft.com>
commit 3e7a02d47872081f4b6234a9f72500f1d10f060c upstream.
In some cases to work around server bugs or performance
problems it can be helpful to be able to disable requesting
SMB2.1/SMB3 leases on a particular mount (not to all servers
and all shares we are mounted to). Add new mount parm
"nolease" which turns off requesting leases on directory
or file opens. Currently the only way to disable leases is
globally through a module load parameter. This is more
granular.
Suggested-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsfs.c | 2 ++
fs/cifs/cifsglob.h | 2 ++
fs/cifs/connect.c | 9 ++++++++-
fs/cifs/smb2pdu.c | 2 +-
4 files changed, 13 insertions(+), 2 deletions(-)
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -433,6 +433,8 @@ cifs_show_options(struct seq_file *s, st
cifs_show_security(s, tcon->ses);
cifs_show_cache_flavor(s, cifs_sb);
+ if (tcon->no_lease)
+ seq_puts(s, ",nolease");
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER)
seq_puts(s, ",multiuser");
else if (tcon->ses->user_name)
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -575,6 +575,7 @@ struct smb_vol {
bool noblocksnd:1;
bool noautotune:1;
bool nostrictsync:1; /* do not force expensive SMBflush on every sync */
+ bool no_lease:1; /* disable requesting leases */
bool fsc:1; /* enable fscache */
bool mfsymlinks:1; /* use Minshall+French Symlinks */
bool multiuser:1;
@@ -1079,6 +1080,7 @@ struct cifs_tcon {
bool need_reopen_files:1; /* need to reopen tcon file handles */
bool use_resilient:1; /* use resilient instead of durable handles */
bool use_persistent:1; /* use persistent instead of durable handles */
+ bool no_lease:1; /* Do not request leases on files or directories */
__le32 capabilities;
__u32 share_flags;
__u32 maximal_access;
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -74,7 +74,7 @@ enum {
Opt_user_xattr, Opt_nouser_xattr,
Opt_forceuid, Opt_noforceuid,
Opt_forcegid, Opt_noforcegid,
- Opt_noblocksend, Opt_noautotune,
+ Opt_noblocksend, Opt_noautotune, Opt_nolease,
Opt_hard, Opt_soft, Opt_perm, Opt_noperm,
Opt_mapposix, Opt_nomapposix,
Opt_mapchars, Opt_nomapchars, Opt_sfu,
@@ -133,6 +133,7 @@ static const match_table_t cifs_mount_op
{ Opt_noforcegid, "noforcegid" },
{ Opt_noblocksend, "noblocksend" },
{ Opt_noautotune, "noautotune" },
+ { Opt_nolease, "nolease" },
{ Opt_hard, "hard" },
{ Opt_soft, "soft" },
{ Opt_perm, "perm" },
@@ -1709,6 +1710,9 @@ cifs_parse_mount_options(const char *mou
case Opt_noautotune:
vol->noautotune = 1;
break;
+ case Opt_nolease:
+ vol->no_lease = 1;
+ break;
case Opt_hard:
vol->retry = 1;
break;
@@ -3230,6 +3234,8 @@ static int match_tcon(struct cifs_tcon *
return 0;
if (tcon->handle_timeout != volume_info->handle_timeout)
return 0;
+ if (tcon->no_lease != volume_info->no_lease)
+ return 0;
return 1;
}
@@ -3444,6 +3450,7 @@ cifs_get_tcon(struct cifs_ses *ses, stru
tcon->nocase = volume_info->nocase;
tcon->nohandlecache = volume_info->nohandlecache;
tcon->local_lease = volume_info->local_lease;
+ tcon->no_lease = volume_info->no_lease;
INIT_LIST_HEAD(&tcon->pending_opens);
spin_lock(&cifs_tcp_ses_lock);
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2370,7 +2370,7 @@ SMB2_open_init(struct cifs_tcon *tcon, s
iov[1].iov_len = uni_path_len;
iov[1].iov_base = path;
- if (!server->oplocks)
+ if ((!server->oplocks) || (tcon->no_lease))
*oplock = SMB2_OPLOCK_LEVEL_NONE;
if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 279/313] smb3: fix leak in "open on server" perf counter
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (276 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 278/313] smb3: allow disabling requesting leases Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 280/313] ovl: Fix dereferencing possible ERR_PTR() Greg Kroah-Hartman
` (38 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Steve French, Pavel Shilovsky
From: Steve French <stfrench@microsoft.com>
commit d2f15428d6a0ebfc0edc364094d7c4a2de7037ed upstream.
We were not bumping up the "open on server" (num_remote_opens)
counter (in some cases) on opens of the share root so
could end up showing as a negative value.
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 5 +++++
fs/cifs/smb2pdu.c | 1 +
2 files changed, 6 insertions(+)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -743,6 +743,8 @@ int open_shroot(unsigned int xid, struct
if (rc)
goto oshr_exit;
+ atomic_inc(&tcon->num_remote_opens);
+
o_rsp = (struct smb2_create_rsp *)rsp_iov[0].iov_base;
oparms.fid->persistent_fid = o_rsp->PersistentFileId;
oparms.fid->volatile_fid = o_rsp->VolatileFileId;
@@ -1167,6 +1169,7 @@ smb2_set_ea(const unsigned int xid, stru
rc = compound_send_recv(xid, ses, flags, 3, rqst,
resp_buftype, rsp_iov);
+ /* no need to bump num_remote_opens because handle immediately closed */
sea_exit:
kfree(ea);
@@ -1488,6 +1491,8 @@ smb2_ioctl_query_info(const unsigned int
resp_buftype, rsp_iov);
if (rc)
goto iqinf_exit;
+
+ /* No need to bump num_remote_opens since handle immediately closed */
if (qi.flags & PASSTHRU_FSCTL) {
pqi = (struct smb_query_info __user *)arg;
io_rsp = (struct smb2_ioctl_rsp *)rsp_iov[1].iov_base;
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -2263,6 +2263,7 @@ int smb311_posix_mkdir(const unsigned in
rqst.rq_iov = iov;
rqst.rq_nvec = n_iov;
+ /* no need to inc num_remote_opens because we close it just below */
trace_smb3_posix_mkdir_enter(xid, tcon->tid, ses->Suid, CREATE_NOT_FILE,
FILE_WRITE_ATTRIBUTES);
/* resource #4: response buffer */
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 280/313] ovl: Fix dereferencing possible ERR_PTR()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (277 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 279/313] smb3: fix leak in "open on server" perf counter Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 281/313] ovl: filter of trusted xattr results in audit Greg Kroah-Hartman
` (37 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ding Xiang, Miklos Szeredi
From: Ding Xiang <dingxiang@cmss.chinamobile.com>
commit 97f024b9171e74c4443bbe8a8dce31b917f97ac5 upstream.
if ovl_encode_real_fh() fails, no memory was allocated
and the error in the error-valued pointer should be returned.
Fixes: 9b6faee07470 ("ovl: check ERR_PTR() return value from ovl_encode_fh()")
Signed-off-by: Ding Xiang <dingxiang@cmss.chinamobile.com>
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/export.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/fs/overlayfs/export.c
+++ b/fs/overlayfs/export.c
@@ -227,9 +227,8 @@ static int ovl_d_to_fh(struct dentry *de
/* Encode an upper or lower file handle */
fh = ovl_encode_real_fh(enc_lower ? ovl_dentry_lower(dentry) :
ovl_dentry_upper(dentry), !enc_lower);
- err = PTR_ERR(fh);
if (IS_ERR(fh))
- goto fail;
+ return PTR_ERR(fh);
err = -EOVERFLOW;
if (fh->len > buflen)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 281/313] ovl: filter of trusted xattr results in audit
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (278 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 280/313] ovl: Fix dereferencing possible ERR_PTR() Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 282/313] btrfs: fix allocation of free space cache v1 bitmap pages Greg Kroah-Hartman
` (36 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Salyzyn, linux-security-module,
kernel-team, Miklos Szeredi
From: Mark Salyzyn <salyzyn@android.com>
commit 5c2e9f346b815841f9bed6029ebcb06415caf640 upstream.
When filtering xattr list for reading, presence of trusted xattr
results in a security audit log. However, if there is other content
no errno will be set, and if there isn't, the errno will be -ENODATA
and not -EPERM as is usually associated with a lack of capability.
The check does not block the request to list the xattrs present.
Switch to ns_capable_noaudit to reflect a more appropriate check.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Cc: linux-security-module@vger.kernel.org
Cc: kernel-team@android.com
Cc: stable@vger.kernel.org # v3.18+
Fixes: a082c6f680da ("ovl: filter trusted xattr for non-admin")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -383,7 +383,8 @@ static bool ovl_can_list(const char *s)
return true;
/* Never list trusted.overlay, list other trusted for superuser only */
- return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN);
+ return !ovl_is_private_xattr(s) &&
+ ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN);
}
ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 282/313] btrfs: fix allocation of free space cache v1 bitmap pages
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (279 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 281/313] ovl: filter of trusted xattr results in audit Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 283/313] Btrfs: fix use-after-free when using the tree modification log Greg Kroah-Hartman
` (35 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erhard F., Christophe Leroy, David Sterba
From: Christophe Leroy <christophe.leroy@c-s.fr>
commit 3acd48507dc43eeeb0a1fe965b8bad91cab904a7 upstream.
Various notifications of type "BUG kmalloc-4096 () : Redzone
overwritten" have been observed recently in various parts of the kernel.
After some time, it has been made a relation with the use of BTRFS
filesystem and with SLUB_DEBUG turned on.
[ 22.809700] BUG kmalloc-4096 (Tainted: G W ): Redzone overwritten
[ 22.810286] INFO: 0xbe1a5921-0xfbfc06cd. First byte 0x0 instead of 0xcc
[ 22.810866] INFO: Allocated in __load_free_space_cache+0x588/0x780 [btrfs] age=22 cpu=0 pid=224
[ 22.811193] __slab_alloc.constprop.26+0x44/0x70
[ 22.811345] kmem_cache_alloc_trace+0xf0/0x2ec
[ 22.811588] __load_free_space_cache+0x588/0x780 [btrfs]
[ 22.811848] load_free_space_cache+0xf4/0x1b0 [btrfs]
[ 22.812090] cache_block_group+0x1d0/0x3d0 [btrfs]
[ 22.812321] find_free_extent+0x680/0x12a4 [btrfs]
[ 22.812549] btrfs_reserve_extent+0xec/0x220 [btrfs]
[ 22.812785] btrfs_alloc_tree_block+0x178/0x5f4 [btrfs]
[ 22.813032] __btrfs_cow_block+0x150/0x5d4 [btrfs]
[ 22.813262] btrfs_cow_block+0x194/0x298 [btrfs]
[ 22.813484] commit_cowonly_roots+0x44/0x294 [btrfs]
[ 22.813718] btrfs_commit_transaction+0x63c/0xc0c [btrfs]
[ 22.813973] close_ctree+0xf8/0x2a4 [btrfs]
[ 22.814107] generic_shutdown_super+0x80/0x110
[ 22.814250] kill_anon_super+0x18/0x30
[ 22.814437] btrfs_kill_super+0x18/0x90 [btrfs]
[ 22.814590] INFO: Freed in proc_cgroup_show+0xc0/0x248 age=41 cpu=0 pid=83
[ 22.814841] proc_cgroup_show+0xc0/0x248
[ 22.814967] proc_single_show+0x54/0x98
[ 22.815086] seq_read+0x278/0x45c
[ 22.815190] __vfs_read+0x28/0x17c
[ 22.815289] vfs_read+0xa8/0x14c
[ 22.815381] ksys_read+0x50/0x94
[ 22.815475] ret_from_syscall+0x0/0x38
Commit 69d2480456d1 ("btrfs: use copy_page for copying pages instead of
memcpy") changed the way bitmap blocks are copied. But allthough bitmaps
have the size of a page, they were allocated with kzalloc().
Most of the time, kzalloc() allocates aligned blocks of memory, so
copy_page() can be used. But when some debug options like SLAB_DEBUG are
activated, kzalloc() may return unaligned pointer.
On powerpc, memcpy(), copy_page() and other copying functions use
'dcbz' instruction which provides an entire zeroed cacheline to avoid
memory read when the intention is to overwrite a full line. Functions
like memcpy() are writen to care about partial cachelines at the start
and end of the destination, but copy_page() assumes it gets pages. As
pages are naturally cache aligned, copy_page() doesn't care about
partial lines. This means that when copy_page() is called with a
misaligned pointer, a few leading bytes are zeroed.
To fix it, allocate bitmaps through kmem_cache instead of using kzalloc()
The cache pool is created with PAGE_SIZE alignment constraint.
Reported-by: Erhard F. <erhard_f@mailbox.org>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204371
Fixes: 69d2480456d1 ("btrfs: use copy_page for copying pages instead of memcpy")
Cc: stable@vger.kernel.org # 4.19+
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Reviewed-by: David Sterba <dsterba@suse.com>
[ rename to btrfs_free_space_bitmap ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ctree.h | 1 +
fs/btrfs/free-space-cache.c | 20 +++++++++++++-------
fs/btrfs/inode.c | 8 ++++++++
3 files changed, 22 insertions(+), 7 deletions(-)
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -40,6 +40,7 @@ extern struct kmem_cache *btrfs_trans_ha
extern struct kmem_cache *btrfs_bit_radix_cachep;
extern struct kmem_cache *btrfs_path_cachep;
extern struct kmem_cache *btrfs_free_space_cachep;
+extern struct kmem_cache *btrfs_free_space_bitmap_cachep;
struct btrfs_ordered_sum;
struct btrfs_ref;
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c
@@ -764,7 +764,8 @@ static int __load_free_space_cache(struc
} else {
ASSERT(num_bitmaps);
num_bitmaps--;
- e->bitmap = kzalloc(PAGE_SIZE, GFP_NOFS);
+ e->bitmap = kmem_cache_zalloc(
+ btrfs_free_space_bitmap_cachep, GFP_NOFS);
if (!e->bitmap) {
kmem_cache_free(
btrfs_free_space_cachep, e);
@@ -1881,7 +1882,7 @@ static void free_bitmap(struct btrfs_fre
struct btrfs_free_space *bitmap_info)
{
unlink_free_space(ctl, bitmap_info);
- kfree(bitmap_info->bitmap);
+ kmem_cache_free(btrfs_free_space_bitmap_cachep, bitmap_info->bitmap);
kmem_cache_free(btrfs_free_space_cachep, bitmap_info);
ctl->total_bitmaps--;
ctl->op->recalc_thresholds(ctl);
@@ -2135,7 +2136,8 @@ new_bitmap:
}
/* allocate the bitmap */
- info->bitmap = kzalloc(PAGE_SIZE, GFP_NOFS);
+ info->bitmap = kmem_cache_zalloc(btrfs_free_space_bitmap_cachep,
+ GFP_NOFS);
spin_lock(&ctl->tree_lock);
if (!info->bitmap) {
ret = -ENOMEM;
@@ -2146,7 +2148,9 @@ new_bitmap:
out:
if (info) {
- kfree(info->bitmap);
+ if (info->bitmap)
+ kmem_cache_free(btrfs_free_space_bitmap_cachep,
+ info->bitmap);
kmem_cache_free(btrfs_free_space_cachep, info);
}
@@ -2802,7 +2806,8 @@ out:
if (entry->bytes == 0) {
ctl->free_extents--;
if (entry->bitmap) {
- kfree(entry->bitmap);
+ kmem_cache_free(btrfs_free_space_bitmap_cachep,
+ entry->bitmap);
ctl->total_bitmaps--;
ctl->op->recalc_thresholds(ctl);
}
@@ -3606,7 +3611,7 @@ again:
}
if (!map) {
- map = kzalloc(PAGE_SIZE, GFP_NOFS);
+ map = kmem_cache_zalloc(btrfs_free_space_bitmap_cachep, GFP_NOFS);
if (!map) {
kmem_cache_free(btrfs_free_space_cachep, info);
return -ENOMEM;
@@ -3635,7 +3640,8 @@ again:
if (info)
kmem_cache_free(btrfs_free_space_cachep, info);
- kfree(map);
+ if (map)
+ kmem_cache_free(btrfs_free_space_bitmap_cachep, map);
return 0;
}
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -73,6 +73,7 @@ static struct kmem_cache *btrfs_inode_ca
struct kmem_cache *btrfs_trans_handle_cachep;
struct kmem_cache *btrfs_path_cachep;
struct kmem_cache *btrfs_free_space_cachep;
+struct kmem_cache *btrfs_free_space_bitmap_cachep;
static int btrfs_setsize(struct inode *inode, struct iattr *attr);
static int btrfs_truncate(struct inode *inode, bool skip_writeback);
@@ -9361,6 +9362,7 @@ void __cold btrfs_destroy_cachep(void)
kmem_cache_destroy(btrfs_trans_handle_cachep);
kmem_cache_destroy(btrfs_path_cachep);
kmem_cache_destroy(btrfs_free_space_cachep);
+ kmem_cache_destroy(btrfs_free_space_bitmap_cachep);
}
int __init btrfs_init_cachep(void)
@@ -9390,6 +9392,12 @@ int __init btrfs_init_cachep(void)
if (!btrfs_free_space_cachep)
goto fail;
+ btrfs_free_space_bitmap_cachep = kmem_cache_create("btrfs_free_space_bitmap",
+ PAGE_SIZE, PAGE_SIZE,
+ SLAB_RED_ZONE, NULL);
+ if (!btrfs_free_space_bitmap_cachep)
+ goto fail;
+
return 0;
fail:
btrfs_destroy_cachep();
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 283/313] Btrfs: fix use-after-free when using the tree modification log
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (280 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 282/313] btrfs: fix allocation of free space cache v1 bitmap pages Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 284/313] btrfs: Relinquish CPUs in btrfs_compare_trees Greg Kroah-Hartman
` (34 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Anand Jain,
Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit efad8a853ad2057f96664328a0d327a05ce39c76 upstream.
At ctree.c:get_old_root(), we are accessing a root's header owner field
after we have freed the respective extent buffer. This results in an
use-after-free that can lead to crashes, and when CONFIG_DEBUG_PAGEALLOC
is set, results in a stack trace like the following:
[ 3876.799331] stack segment: 0000 [#1] SMP DEBUG_PAGEALLOC PTI
[ 3876.799363] CPU: 0 PID: 15436 Comm: pool Not tainted 5.3.0-rc3-btrfs-next-54 #1
[ 3876.799385] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
[ 3876.799433] RIP: 0010:btrfs_search_old_slot+0x652/0xd80 [btrfs]
(...)
[ 3876.799502] RSP: 0018:ffff9f08c1a2f9f0 EFLAGS: 00010286
[ 3876.799518] RAX: ffff8dd300000000 RBX: ffff8dd85a7a9348 RCX: 000000038da26000
[ 3876.799538] RDX: 0000000000000000 RSI: ffffe522ce368980 RDI: 0000000000000246
[ 3876.799559] RBP: dae1922adadad000 R08: 0000000008020000 R09: ffffe522c0000000
[ 3876.799579] R10: ffff8dd57fd788c8 R11: 000000007511b030 R12: ffff8dd781ddc000
[ 3876.799599] R13: ffff8dd9e6240578 R14: ffff8dd6896f7a88 R15: ffff8dd688cf90b8
[ 3876.799620] FS: 00007f23ddd97700(0000) GS:ffff8dda20200000(0000) knlGS:0000000000000000
[ 3876.799643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3876.799660] CR2: 00007f23d4024000 CR3: 0000000710bb0005 CR4: 00000000003606f0
[ 3876.799682] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3876.799703] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3876.799723] Call Trace:
[ 3876.799735] ? do_raw_spin_unlock+0x49/0xc0
[ 3876.799749] ? _raw_spin_unlock+0x24/0x30
[ 3876.799779] resolve_indirect_refs+0x1eb/0xc80 [btrfs]
[ 3876.799810] find_parent_nodes+0x38d/0x1180 [btrfs]
[ 3876.799841] btrfs_check_shared+0x11a/0x1d0 [btrfs]
[ 3876.799870] ? extent_fiemap+0x598/0x6e0 [btrfs]
[ 3876.799895] extent_fiemap+0x598/0x6e0 [btrfs]
[ 3876.799913] do_vfs_ioctl+0x45a/0x700
[ 3876.799926] ksys_ioctl+0x70/0x80
[ 3876.799938] ? trace_hardirqs_off_thunk+0x1a/0x20
[ 3876.799953] __x64_sys_ioctl+0x16/0x20
[ 3876.799965] do_syscall_64+0x62/0x220
[ 3876.799977] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3876.799993] RIP: 0033:0x7f23e0013dd7
(...)
[ 3876.800056] RSP: 002b:00007f23ddd96ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3876.800078] RAX: ffffffffffffffda RBX: 00007f23d80210f8 RCX: 00007f23e0013dd7
[ 3876.800099] RDX: 00007f23d80210f8 RSI: 00000000c020660b RDI: 0000000000000003
[ 3876.800626] RBP: 000055fa2a2a2440 R08: 0000000000000000 R09: 00007f23ddd96d7c
[ 3876.801143] R10: 00007f23d8022000 R11: 0000000000000246 R12: 00007f23ddd96d80
[ 3876.801662] R13: 00007f23ddd96d78 R14: 00007f23d80210f0 R15: 00007f23ddd96d80
(...)
[ 3876.805107] ---[ end trace e53161e179ef04f9 ]---
Fix that by saving the root's header owner field into a local variable
before freeing the root's extent buffer, and then use that local variable
when needed.
Fixes: 30b0463a9394d9 ("Btrfs: fix accessing the root pointer in tree mod log functions")
CC: stable@vger.kernel.org # 3.10+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ctree.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1343,6 +1343,7 @@ get_old_root(struct btrfs_root *root, u6
struct tree_mod_elem *tm;
struct extent_buffer *eb = NULL;
struct extent_buffer *eb_root;
+ u64 eb_root_owner = 0;
struct extent_buffer *old;
struct tree_mod_root *old_root = NULL;
u64 old_generation = 0;
@@ -1380,6 +1381,7 @@ get_old_root(struct btrfs_root *root, u6
free_extent_buffer(old);
}
} else if (old_root) {
+ eb_root_owner = btrfs_header_owner(eb_root);
btrfs_tree_read_unlock(eb_root);
free_extent_buffer(eb_root);
eb = alloc_dummy_extent_buffer(fs_info, logical);
@@ -1396,7 +1398,7 @@ get_old_root(struct btrfs_root *root, u6
if (old_root) {
btrfs_set_header_bytenr(eb, eb->start);
btrfs_set_header_backref_rev(eb, BTRFS_MIXED_BACKREF_REV);
- btrfs_set_header_owner(eb, btrfs_header_owner(eb_root));
+ btrfs_set_header_owner(eb, eb_root_owner);
btrfs_set_header_level(eb, old_root->level);
btrfs_set_header_generation(eb, old_generation);
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 284/313] btrfs: Relinquish CPUs in btrfs_compare_trees
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (281 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 283/313] Btrfs: fix use-after-free when using the tree modification log Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 285/313] btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer Greg Kroah-Hartman
` (33 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Thumshirn, Nikolay Borisov,
David Sterba
From: Nikolay Borisov <nborisov@suse.com>
commit 6af112b11a4bc1b560f60a618ac9c1dcefe9836e upstream.
When doing any form of incremental send the parent and the child trees
need to be compared via btrfs_compare_trees. This can result in long
loop chains without ever relinquishing the CPU. This causes softlockup
detector to trigger when comparing trees with a lot of items. Example
report:
watchdog: BUG: soft lockup - CPU#0 stuck for 24s! [snapperd:16153]
CPU: 0 PID: 16153 Comm: snapperd Not tainted 5.2.9-1-default #1 openSUSE Tumbleweed (unreleased)
Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
pstate: 40000005 (nZcv daif -PAN -UAO)
pc : __ll_sc_arch_atomic_sub_return+0x14/0x20
lr : btrfs_release_extent_buffer_pages+0xe0/0x1e8 [btrfs]
sp : ffff00001273b7e0
Call trace:
__ll_sc_arch_atomic_sub_return+0x14/0x20
release_extent_buffer+0xdc/0x120 [btrfs]
free_extent_buffer.part.0+0xb0/0x118 [btrfs]
free_extent_buffer+0x24/0x30 [btrfs]
btrfs_release_path+0x4c/0xa0 [btrfs]
btrfs_free_path.part.0+0x20/0x40 [btrfs]
btrfs_free_path+0x24/0x30 [btrfs]
get_inode_info+0xa8/0xf8 [btrfs]
finish_inode_if_needed+0xe0/0x6d8 [btrfs]
changed_cb+0x9c/0x410 [btrfs]
btrfs_compare_trees+0x284/0x648 [btrfs]
send_subvol+0x33c/0x520 [btrfs]
btrfs_ioctl_send+0x8a0/0xaf0 [btrfs]
btrfs_ioctl+0x199c/0x2288 [btrfs]
do_vfs_ioctl+0x4b0/0x820
ksys_ioctl+0x84/0xb8
__arm64_sys_ioctl+0x28/0x38
el0_svc_common.constprop.0+0x7c/0x188
el0_svc_handler+0x34/0x90
el0_svc+0x8/0xc
Fix this by adding a call to cond_resched at the beginning of the main
loop in btrfs_compare_trees.
Fixes: 7069830a9e38 ("Btrfs: add btrfs_compare_trees function")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ctree.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -5477,6 +5477,7 @@ int btrfs_compare_trees(struct btrfs_roo
advance_left = advance_right = 0;
while (1) {
+ cond_resched();
if (advance_left && !left_end_reached) {
ret = tree_advance(left_path, &left_level,
left_root_level,
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 285/313] btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (282 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 284/313] btrfs: Relinquish CPUs in btrfs_compare_trees Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 286/313] btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space Greg Kroah-Hartman
` (32 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Dennis Zhou, David Sterba
From: Dennis Zhou <dennis@kernel.org>
commit eb5b64f142504a597d67e2109d603055ff765e52 upstream.
Before, if a eb failed to write out, we would end up triggering a
BUG_ON(). As of f4340622e0226 ("btrfs: extent_io: Move the BUG_ON() in
flush_write_bio() one level up"), we no longer BUG_ON(), so we should
make life consistent and add back the unwritten bytes to
dirty_metadata_bytes.
Fixes: f4340622e022 ("btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up")
CC: stable@vger.kernel.org # 5.2+
Reviewed-by: Filipe Manana <fdmanana@kernel.org>
Signed-off-by: Dennis Zhou <dennis@kernel.org>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -3708,12 +3708,21 @@ err_unlock:
static void set_btree_ioerr(struct page *page)
{
struct extent_buffer *eb = (struct extent_buffer *)page->private;
+ struct btrfs_fs_info *fs_info;
SetPageError(page);
if (test_and_set_bit(EXTENT_BUFFER_WRITE_ERR, &eb->bflags))
return;
/*
+ * If we error out, we should add back the dirty_metadata_bytes
+ * to make it consistent.
+ */
+ fs_info = eb->fs_info;
+ percpu_counter_add_batch(&fs_info->dirty_metadata_bytes,
+ eb->len, fs_info->dirty_metadata_batch);
+
+ /*
* If writeback for a btree extent that doesn't belong to a log tree
* failed, increment the counter transaction->eb_write_errors.
* We do this because while the transaction is running and before it's
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 286/313] btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (283 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 285/313] btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 287/313] btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls Greg Kroah-Hartman
` (31 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Nikolay Borisov,
Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit bab32fc069ce8829c416e8737c119f62a57970f9 upstream.
[BUG]
Under the following case with qgroup enabled, if some error happened
after we have reserved delalloc space, then in error handling path, we
could cause qgroup data space leakage:
>From btrfs_truncate_block() in inode.c:
ret = btrfs_delalloc_reserve_space(inode, &data_reserved,
block_start, blocksize);
if (ret)
goto out;
again:
page = find_or_create_page(mapping, index, mask);
if (!page) {
btrfs_delalloc_release_space(inode, data_reserved,
block_start, blocksize, true);
btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, true);
ret = -ENOMEM;
goto out;
}
[CAUSE]
In the above case, btrfs_delalloc_reserve_space() will call
btrfs_qgroup_reserve_data() and mark the io_tree range with
EXTENT_QGROUP_RESERVED flag.
In the error handling path, we have the following call stack:
btrfs_delalloc_release_space()
|- btrfs_free_reserved_data_space()
|- btrsf_qgroup_free_data()
|- __btrfs_qgroup_release_data(reserved=@reserved, free=1)
|- qgroup_free_reserved_data(reserved=@reserved)
|- clear_record_extent_bits();
|- freed += changeset.bytes_changed;
However due to a completion bug, qgroup_free_reserved_data() will clear
EXTENT_QGROUP_RESERVED flag in BTRFS_I(inode)->io_failure_tree, other
than the correct BTRFS_I(inode)->io_tree.
Since io_failure_tree is never marked with that flag,
btrfs_qgroup_free_data() will not free any data reserved space at all,
causing a leakage.
This type of error handling can only be triggered by errors outside of
qgroup code. So EDQUOT error from qgroup can't trigger it.
[FIX]
Fix the wrong target io_tree.
Reported-by: Josef Bacik <josef@toxicpanda.com>
Fixes: bc42bda22345 ("btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges")
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -3469,7 +3469,7 @@ static int qgroup_free_reserved_data(str
* EXTENT_QGROUP_RESERVED, we won't double free.
* So not need to rush.
*/
- ret = clear_record_extent_bits(&BTRFS_I(inode)->io_failure_tree,
+ ret = clear_record_extent_bits(&BTRFS_I(inode)->io_tree,
free_start, free_start + free_len - 1,
EXTENT_QGROUP_RESERVED, &changeset);
if (ret < 0)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 287/313] btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (284 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 286/313] btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 288/313] Btrfs: fix race setting up and completing qgroup rescan workers Greg Kroah-Hartman
` (30 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit d4e204948fe3e0dc8e1fbf3f8f3290c9c2823be3 upstream.
[BUG]
The following script can cause btrfs qgroup data space leak:
mkfs.btrfs -f $dev
mount $dev -o nospace_cache $mnt
btrfs subv create $mnt/subv
btrfs quota en $mnt
btrfs quota rescan -w $mnt
btrfs qgroup limit 128m $mnt/subv
for (( i = 0; i < 3; i++)); do
# Create 3 64M holes for latter fallocate to fail
truncate -s 192m $mnt/subv/file
xfs_io -c "pwrite 64m 4k" $mnt/subv/file > /dev/null
xfs_io -c "pwrite 128m 4k" $mnt/subv/file > /dev/null
sync
# it's supposed to fail, and each failure will leak at least 64M
# data space
xfs_io -f -c "falloc 0 192m" $mnt/subv/file &> /dev/null
rm $mnt/subv/file
sync
done
# Shouldn't fail after we removed the file
xfs_io -f -c "falloc 0 64m" $mnt/subv/file
[CAUSE]
Btrfs qgroup data reserve code allow multiple reservations to happen on
a single extent_changeset:
E.g:
btrfs_qgroup_reserve_data(inode, &data_reserved, 0, SZ_1M);
btrfs_qgroup_reserve_data(inode, &data_reserved, SZ_1M, SZ_2M);
btrfs_qgroup_reserve_data(inode, &data_reserved, 0, SZ_4M);
Btrfs qgroup code has its internal tracking to make sure we don't
double-reserve in above example.
The only pattern utilizing this feature is in the main while loop of
btrfs_fallocate() function.
However btrfs_qgroup_reserve_data()'s error handling has a bug in that
on error it clears all ranges in the io_tree with EXTENT_QGROUP_RESERVED
flag but doesn't free previously reserved bytes.
This bug has a two fold effect:
- Clearing EXTENT_QGROUP_RESERVED ranges
This is the correct behavior, but it prevents
btrfs_qgroup_check_reserved_leak() to catch the leakage as the
detector is purely EXTENT_QGROUP_RESERVED flag based.
- Leak the previously reserved data bytes.
The bug manifests when N calls to btrfs_qgroup_reserve_data are made and
the last one fails, leaking space reserved in the previous ones.
[FIX]
Also free previously reserved data bytes when btrfs_qgroup_reserve_data
fails.
Fixes: 524725537023 ("btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -3425,6 +3425,9 @@ cleanup:
while ((unode = ulist_next(&reserved->range_changed, &uiter)))
clear_extent_bit(&BTRFS_I(inode)->io_tree, unode->val,
unode->aux, EXTENT_QGROUP_RESERVED, 0, 0, NULL);
+ /* Also free data bytes of already reserved one */
+ btrfs_qgroup_free_refroot(root->fs_info, root->root_key.objectid,
+ orig_reserved, BTRFS_QGROUP_RSV_DATA);
extent_changeset_release(reserved);
return ret;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 288/313] Btrfs: fix race setting up and completing qgroup rescan workers
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (285 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 287/313] btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 289/313] SUNRPC: Dequeue the request from the receive queue while were re-encoding Greg Kroah-Hartman
` (29 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 13fc1d271a2e3ab8a02071e711add01fab9271f6 upstream.
There is a race between setting up a qgroup rescan worker and completing
a qgroup rescan worker that can lead to callers of the qgroup rescan wait
ioctl to either not wait for the rescan worker to complete or to hang
forever due to missing wake ups. The following diagram shows a sequence
of steps that illustrates the race.
CPU 1 CPU 2 CPU 3
btrfs_ioctl_quota_rescan()
btrfs_qgroup_rescan()
qgroup_rescan_init()
mutex_lock(&fs_info->qgroup_rescan_lock)
spin_lock(&fs_info->qgroup_lock)
fs_info->qgroup_flags |=
BTRFS_QGROUP_STATUS_FLAG_RESCAN
init_completion(
&fs_info->qgroup_rescan_completion)
fs_info->qgroup_rescan_running = true
mutex_unlock(&fs_info->qgroup_rescan_lock)
spin_unlock(&fs_info->qgroup_lock)
btrfs_init_work()
--> starts the worker
btrfs_qgroup_rescan_worker()
mutex_lock(&fs_info->qgroup_rescan_lock)
fs_info->qgroup_flags &=
~BTRFS_QGROUP_STATUS_FLAG_RESCAN
mutex_unlock(&fs_info->qgroup_rescan_lock)
starts transaction, updates qgroup status
item, etc
btrfs_ioctl_quota_rescan()
btrfs_qgroup_rescan()
qgroup_rescan_init()
mutex_lock(&fs_info->qgroup_rescan_lock)
spin_lock(&fs_info->qgroup_lock)
fs_info->qgroup_flags |=
BTRFS_QGROUP_STATUS_FLAG_RESCAN
init_completion(
&fs_info->qgroup_rescan_completion)
fs_info->qgroup_rescan_running = true
mutex_unlock(&fs_info->qgroup_rescan_lock)
spin_unlock(&fs_info->qgroup_lock)
btrfs_init_work()
--> starts another worker
mutex_lock(&fs_info->qgroup_rescan_lock)
fs_info->qgroup_rescan_running = false
mutex_unlock(&fs_info->qgroup_rescan_lock)
complete_all(&fs_info->qgroup_rescan_completion)
Before the rescan worker started by the task at CPU 3 completes, if
another task calls btrfs_ioctl_quota_rescan(), it will get -EINPROGRESS
because the flag BTRFS_QGROUP_STATUS_FLAG_RESCAN is set at
fs_info->qgroup_flags, which is expected and correct behaviour.
However if other task calls btrfs_ioctl_quota_rescan_wait() before the
rescan worker started by the task at CPU 3 completes, it will return
immediately without waiting for the new rescan worker to complete,
because fs_info->qgroup_rescan_running is set to false by CPU 2.
This race is making test case btrfs/171 (from fstests) to fail often:
btrfs/171 9s ... - output mismatch (see /home/fdmanana/git/hub/xfstests/results//btrfs/171.out.bad)
# --- tests/btrfs/171.out 2018-09-16 21:30:48.505104287 +0100
# +++ /home/fdmanana/git/hub/xfstests/results//btrfs/171.out.bad 2019-09-19 02:01:36.938486039 +0100
# @@ -1,2 +1,3 @@
# QA output created by 171
# +ERROR: quota rescan failed: Operation now in progress
# Silence is golden
# ...
# (Run 'diff -u /home/fdmanana/git/hub/xfstests/tests/btrfs/171.out /home/fdmanana/git/hub/xfstests/results//btrfs/171.out.bad' to see the entire diff)
That is because the test calls the btrfs-progs commands "qgroup quota
rescan -w", "qgroup assign" and "qgroup remove" in a sequence that makes
calls to the rescan start ioctl fail with -EINPROGRESS (note the "btrfs"
commands 'qgroup assign' and 'qgroup remove' often call the rescan start
ioctl after calling the qgroup assign ioctl,
btrfs_ioctl_qgroup_assign()), since previous waits didn't actually wait
for a rescan worker to complete.
Another problem the race can cause is missing wake ups for waiters,
since the call to complete_all() happens outside a critical section and
after clearing the flag BTRFS_QGROUP_STATUS_FLAG_RESCAN. In the sequence
diagram above, if we have a waiter for the first rescan task (executed
by CPU 2), then fs_info->qgroup_rescan_completion.wait is not empty, and
if after the rescan worker clears BTRFS_QGROUP_STATUS_FLAG_RESCAN and
before it calls complete_all() against
fs_info->qgroup_rescan_completion, the task at CPU 3 calls
init_completion() against fs_info->qgroup_rescan_completion which
re-initilizes its wait queue to an empty queue, therefore causing the
rescan worker at CPU 2 to call complete_all() against an empty queue,
never waking up the task waiting for that rescan worker.
Fix this by clearing BTRFS_QGROUP_STATUS_FLAG_RESCAN and setting
fs_info->qgroup_rescan_running to false in the same critical section,
delimited by the mutex fs_info->qgroup_rescan_lock, as well as doing the
call to complete_all() in that same critical section. This gives the
protection needed to avoid rescan wait ioctl callers not waiting for a
running rescan worker and the lost wake ups problem, since setting that
rescan flag and boolean as well as initializing the wait queue is done
already in a critical section delimited by that mutex (at
qgroup_rescan_init()).
Fixes: 57254b6ebce4ce ("Btrfs: add ioctl to wait for qgroup rescan completion")
Fixes: d2c609b834d62f ("btrfs: properly track when rescan worker is running")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 33 +++++++++++++++++++--------------
1 file changed, 19 insertions(+), 14 deletions(-)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -3154,9 +3154,6 @@ out:
btrfs_free_path(path);
mutex_lock(&fs_info->qgroup_rescan_lock);
- if (!btrfs_fs_closing(fs_info))
- fs_info->qgroup_flags &= ~BTRFS_QGROUP_STATUS_FLAG_RESCAN;
-
if (err > 0 &&
fs_info->qgroup_flags & BTRFS_QGROUP_STATUS_FLAG_INCONSISTENT) {
fs_info->qgroup_flags &= ~BTRFS_QGROUP_STATUS_FLAG_INCONSISTENT;
@@ -3172,16 +3169,30 @@ out:
trans = btrfs_start_transaction(fs_info->quota_root, 1);
if (IS_ERR(trans)) {
err = PTR_ERR(trans);
+ trans = NULL;
btrfs_err(fs_info,
"fail to start transaction for status update: %d",
err);
- goto done;
}
- ret = update_qgroup_status_item(trans);
- if (ret < 0) {
- err = ret;
- btrfs_err(fs_info, "fail to update qgroup status: %d", err);
+
+ mutex_lock(&fs_info->qgroup_rescan_lock);
+ if (!btrfs_fs_closing(fs_info))
+ fs_info->qgroup_flags &= ~BTRFS_QGROUP_STATUS_FLAG_RESCAN;
+ if (trans) {
+ ret = update_qgroup_status_item(trans);
+ if (ret < 0) {
+ err = ret;
+ btrfs_err(fs_info, "fail to update qgroup status: %d",
+ err);
+ }
}
+ fs_info->qgroup_rescan_running = false;
+ complete_all(&fs_info->qgroup_rescan_completion);
+ mutex_unlock(&fs_info->qgroup_rescan_lock);
+
+ if (!trans)
+ return;
+
btrfs_end_transaction(trans);
if (btrfs_fs_closing(fs_info)) {
@@ -3192,12 +3203,6 @@ out:
} else {
btrfs_err(fs_info, "qgroup scan failed with %d", err);
}
-
-done:
- mutex_lock(&fs_info->qgroup_rescan_lock);
- fs_info->qgroup_rescan_running = false;
- mutex_unlock(&fs_info->qgroup_rescan_lock);
- complete_all(&fs_info->qgroup_rescan_completion);
}
/*
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 289/313] SUNRPC: Dequeue the request from the receive queue while were re-encoding
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (286 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 288/313] Btrfs: fix race setting up and completing qgroup rescan workers Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 290/313] SUNRPC: Fix buffer handling of GSS MIC without slack Greg Kroah-Hartman
` (28 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker
From: Trond Myklebust <trondmy@gmail.com>
commit cc204d01262a69218b2d0db5cdea371de85871d9 upstream.
Ensure that we dequeue the request from the transport receive queue
while we're re-encoding to prevent issues like use-after-free when
we release the bvec.
Fixes: 7536908982047 ("SUNRPC: Ensure the bvecs are reset when we re-encode...")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: stable@vger.kernel.org # v4.20+
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/sunrpc/xprt.h | 1
net/sunrpc/clnt.c | 6 ++--
net/sunrpc/xprt.c | 54 +++++++++++++++++++++++++-------------------
3 files changed, 35 insertions(+), 26 deletions(-)
--- a/include/linux/sunrpc/xprt.h
+++ b/include/linux/sunrpc/xprt.h
@@ -346,6 +346,7 @@ bool xprt_prepare_transmit(struct rpc_
void xprt_request_enqueue_transmit(struct rpc_task *task);
void xprt_request_enqueue_receive(struct rpc_task *task);
void xprt_request_wait_receive(struct rpc_task *task);
+void xprt_request_dequeue_xprt(struct rpc_task *task);
bool xprt_request_need_retransmit(struct rpc_task *task);
void xprt_transmit(struct rpc_task *task);
void xprt_end_transmit(struct rpc_task *task);
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1785,6 +1785,7 @@ rpc_xdr_encode(struct rpc_task *task)
req->rq_rbuffer,
req->rq_rcvsize);
+ req->rq_reply_bytes_recvd = 0;
req->rq_snd_buf.head[0].iov_len = 0;
xdr_init_encode(&xdr, &req->rq_snd_buf,
req->rq_snd_buf.head[0].iov_base, req);
@@ -1804,6 +1805,8 @@ call_encode(struct rpc_task *task)
if (!rpc_task_need_encode(task))
goto out;
dprint_status(task);
+ /* Dequeue task from the receive queue while we're encoding */
+ xprt_request_dequeue_xprt(task);
/* Encode here so that rpcsec_gss can use correct sequence number. */
rpc_xdr_encode(task);
/* Did the encode result in an error condition? */
@@ -2437,9 +2440,6 @@ call_decode(struct rpc_task *task)
return;
case -EAGAIN:
task->tk_status = 0;
- xdr_free_bvec(&req->rq_rcv_buf);
- req->rq_reply_bytes_recvd = 0;
- req->rq_rcv_buf.len = 0;
if (task->tk_client->cl_discrtry)
xprt_conditional_disconnect(req->rq_xprt,
req->rq_connect_cookie);
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -1296,6 +1296,36 @@ xprt_request_dequeue_transmit(struct rpc
}
/**
+ * xprt_request_dequeue_xprt - remove a task from the transmit+receive queue
+ * @task: pointer to rpc_task
+ *
+ * Remove a task from the transmit and receive queues, and ensure that
+ * it is not pinned by the receive work item.
+ */
+void
+xprt_request_dequeue_xprt(struct rpc_task *task)
+{
+ struct rpc_rqst *req = task->tk_rqstp;
+ struct rpc_xprt *xprt = req->rq_xprt;
+
+ if (test_bit(RPC_TASK_NEED_XMIT, &task->tk_runstate) ||
+ test_bit(RPC_TASK_NEED_RECV, &task->tk_runstate) ||
+ xprt_is_pinned_rqst(req)) {
+ spin_lock(&xprt->queue_lock);
+ xprt_request_dequeue_transmit_locked(task);
+ xprt_request_dequeue_receive_locked(task);
+ while (xprt_is_pinned_rqst(req)) {
+ set_bit(RPC_TASK_MSG_PIN_WAIT, &task->tk_runstate);
+ spin_unlock(&xprt->queue_lock);
+ xprt_wait_on_pinned_rqst(req);
+ spin_lock(&xprt->queue_lock);
+ clear_bit(RPC_TASK_MSG_PIN_WAIT, &task->tk_runstate);
+ }
+ spin_unlock(&xprt->queue_lock);
+ }
+}
+
+/**
* xprt_request_prepare - prepare an encoded request for transport
* @req: pointer to rpc_rqst
*
@@ -1719,28 +1749,6 @@ void xprt_retry_reserve(struct rpc_task
xprt_do_reserve(xprt, task);
}
-static void
-xprt_request_dequeue_all(struct rpc_task *task, struct rpc_rqst *req)
-{
- struct rpc_xprt *xprt = req->rq_xprt;
-
- if (test_bit(RPC_TASK_NEED_XMIT, &task->tk_runstate) ||
- test_bit(RPC_TASK_NEED_RECV, &task->tk_runstate) ||
- xprt_is_pinned_rqst(req)) {
- spin_lock(&xprt->queue_lock);
- xprt_request_dequeue_transmit_locked(task);
- xprt_request_dequeue_receive_locked(task);
- while (xprt_is_pinned_rqst(req)) {
- set_bit(RPC_TASK_MSG_PIN_WAIT, &task->tk_runstate);
- spin_unlock(&xprt->queue_lock);
- xprt_wait_on_pinned_rqst(req);
- spin_lock(&xprt->queue_lock);
- clear_bit(RPC_TASK_MSG_PIN_WAIT, &task->tk_runstate);
- }
- spin_unlock(&xprt->queue_lock);
- }
-}
-
/**
* xprt_release - release an RPC request slot
* @task: task which is finished with the slot
@@ -1764,7 +1772,7 @@ void xprt_release(struct rpc_task *task)
task->tk_ops->rpc_count_stats(task, task->tk_calldata);
else if (task->tk_client)
rpc_count_iostats(task, task->tk_client->cl_metrics);
- xprt_request_dequeue_all(task, req);
+ xprt_request_dequeue_xprt(task);
spin_lock_bh(&xprt->transport_lock);
xprt->ops->release_xprt(xprt, task);
if (xprt->ops->release_request)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 290/313] SUNRPC: Fix buffer handling of GSS MIC without slack
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (287 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 289/313] SUNRPC: Dequeue the request from the receive queue while were re-encoding Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 291/313] ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint Greg Kroah-Hartman
` (27 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Coddington, Chuck Lever,
Anna Schumaker
From: Benjamin Coddington <bcodding@redhat.com>
commit 5f1bc39979d868a0358c683864bec3fc8395440b upstream.
The GSS Message Integrity Check data for krb5i may lie partially in the XDR
reply buffer's pages and tail. If so, we try to copy the entire MIC into
free space in the tail. But as the estimations of the slack space required
for authentication and verification have improved there may be less free
space in the tail to complete this copy -- see commit 2c94b8eca1a2
("SUNRPC: Use au_rslack when computing reply buffer size"). In fact, there
may only be room in the tail for a single copy of the MIC, and not part of
the MIC and then another complete copy.
The real world failure reported is that `ls` of a directory on NFS may
sometimes return -EIO, which can be traced back to xdr_buf_read_netobj()
failing to find available free space in the tail to copy the MIC.
Fix this by checking for the case of the MIC crossing the boundaries of
head, pages, and tail. If so, shift the buffer until the MIC is contained
completely within the pages or tail. This allows the remainder of the
function to create a sub buffer that directly address the complete MIC.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Cc: stable@vger.kernel.org # v5.1
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/xdr.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -1237,16 +1237,29 @@ xdr_encode_word(struct xdr_buf *buf, uns
EXPORT_SYMBOL_GPL(xdr_encode_word);
/* If the netobj starting offset bytes from the start of xdr_buf is contained
- * entirely in the head or the tail, set object to point to it; otherwise
- * try to find space for it at the end of the tail, copy it there, and
- * set obj to point to it. */
+ * entirely in the head, pages, or tail, set object to point to it; otherwise
+ * shift the buffer until it is contained entirely within the pages or tail.
+ */
int xdr_buf_read_netobj(struct xdr_buf *buf, struct xdr_netobj *obj, unsigned int offset)
{
struct xdr_buf subbuf;
+ unsigned int boundary;
if (xdr_decode_word(buf, offset, &obj->len))
return -EFAULT;
- if (xdr_buf_subsegment(buf, &subbuf, offset + 4, obj->len))
+ offset += 4;
+
+ /* Is the obj partially in the head? */
+ boundary = buf->head[0].iov_len;
+ if (offset < boundary && (offset + obj->len) > boundary)
+ xdr_shift_buf(buf, boundary - offset);
+
+ /* Is the obj partially in the pages? */
+ boundary += buf->page_len;
+ if (offset < boundary && (offset + obj->len) > boundary)
+ xdr_shrink_pagelen(buf, boundary - offset);
+
+ if (xdr_buf_subsegment(buf, &subbuf, offset, obj->len))
return -EFAULT;
/* Is the obj contained entirely in the head? */
@@ -1258,11 +1271,7 @@ int xdr_buf_read_netobj(struct xdr_buf *
if (subbuf.tail[0].iov_len == obj->len)
return 0;
- /* use end of tail as storage for obj:
- * (We don't copy to the beginning because then we'd have
- * to worry about doing a potentially overlapping copy.
- * This assumes the object is at most half the length of the
- * tail.) */
+ /* Find a contiguous area in @buf to hold all of @obj */
if (obj->len > buf->buflen - buf->len)
return -ENOMEM;
if (buf->tail[0].iov_len != 0)
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 291/313] ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (288 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 290/313] SUNRPC: Fix buffer handling of GSS MIC without slack Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 292/313] md/raid6: Set R5_ReadError when there is read failure on parity disk Greg Kroah-Hartman
` (26 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Curtis Malainey, Jarkko Nikula,
Andy Shevchenko, Rafael J. Wysocki
From: Jarkko Nikula <jarkko.nikula@linux.intel.com>
commit 57b3006492a4c11b2d4a772b5b2905d544a32037 upstream.
My assumption in commit b53548f9d9e4 ("spi: pxa2xx: Remove LPSS private
register restoring during resume") that Intel Lynxpoint and compatible
based chipsets may not need LPSS private registers saving and restoring
over suspend/resume cycle turned out to be false on Intel Broadwell.
Curtis Malainey sent a patch bringing above change back and reported the
LPSS SPI Chip Select control was lost over suspend/resume cycle on
Broadwell machine.
Instead of reverting above commit lets add LPSS private register
saving/restoring also for all LPSS SPI, I2C and UART controllers on
Lynxpoint and compatible chipset to make sure context is not lost in
case nothing else preserves it like firmware or if LPSS is always on.
Fixes: b53548f9d9e4 ("spi: pxa2xx: Remove LPSS private register restoring during resume")
Reported-by: Curtis Malainey <cujomalainey@chromium.org>
Tested-by: Curtis Malainey <cujomalainey@chromium.org>
Cc: 5.0+ <stable@vger.kernel.org> # 5.0+
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/acpi_lpss.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/acpi/acpi_lpss.c
+++ b/drivers/acpi/acpi_lpss.c
@@ -219,12 +219,13 @@ static void bsw_pwm_setup(struct lpss_pr
}
static const struct lpss_device_desc lpt_dev_desc = {
- .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR,
+ .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR
+ | LPSS_SAVE_CTX,
.prv_offset = 0x800,
};
static const struct lpss_device_desc lpt_i2c_dev_desc = {
- .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_LTR,
+ .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_LTR | LPSS_SAVE_CTX,
.prv_offset = 0x800,
};
@@ -236,7 +237,8 @@ static struct property_entry uart_proper
};
static const struct lpss_device_desc lpt_uart_dev_desc = {
- .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR,
+ .flags = LPSS_CLK | LPSS_CLK_GATE | LPSS_CLK_DIVIDER | LPSS_LTR
+ | LPSS_SAVE_CTX,
.clk_con_id = "baudclk",
.prv_offset = 0x800,
.setup = lpss_uart_setup,
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 292/313] md/raid6: Set R5_ReadError when there is read failure on parity disk
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (289 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 291/313] ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 293/313] md: dont report active array_state until after revalidate_disk() completes Greg Kroah-Hartman
` (25 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiao Ni, Song Liu
From: Xiao Ni <xni@redhat.com>
commit 143f6e733b73051cd22dcb80951c6c929da413ce upstream.
7471fb77ce4d ("md/raid6: Fix anomily when recovering a single device in
RAID6.") avoids rereading P when it can be computed from other members.
However, this misses the chance to re-write the right data to P. This
patch sets R5_ReadError if the re-read fails.
Also, when re-read is skipped, we also missed the chance to reset
rdev->read_errors to 0. It can fail the disk when there are many read
errors on P member disk (other disks don't have read error)
V2: upper layer read request don't read parity/Q data. So there is no
need to consider such situation.
This is Reported-by: kbuild test robot <lkp@intel.com>
Fixes: 7471fb77ce4d ("md/raid6: Fix anomily when recovering a single device in RAID6.")
Cc: <stable@vger.kernel.org> #4.4+
Signed-off-by: Xiao Ni <xni@redhat.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid5.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2559,7 +2559,9 @@ static void raid5_end_read_request(struc
&& !test_bit(R5_ReadNoMerge, &sh->dev[i].flags))
retry = 1;
if (retry)
- if (test_bit(R5_ReadNoMerge, &sh->dev[i].flags)) {
+ if (sh->qd_idx >= 0 && sh->pd_idx == i)
+ set_bit(R5_ReadError, &sh->dev[i].flags);
+ else if (test_bit(R5_ReadNoMerge, &sh->dev[i].flags)) {
set_bit(R5_ReadError, &sh->dev[i].flags);
clear_bit(R5_ReadNoMerge, &sh->dev[i].flags);
} else
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 293/313] md: dont report active array_state until after revalidate_disk() completes.
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (290 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 292/313] md/raid6: Set R5_ReadError when there is read failure on parity disk Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 294/313] md: only call set_in_sync() when it is expected to succeed Greg Kroah-Hartman
` (24 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, Song Liu
From: NeilBrown <neilb@suse.com>
commit 9d4b45d6af442237560d0bb5502a012baa5234b7 upstream.
Until revalidate_disk() has completed, the size of a new md array will
appear to be zero.
So we shouldn't report, through array_state, that the array is active
until that time.
udev rules check array_state to see if the array is ready. As soon as
it appear to be zero, fsck can be run. If it find the size to be
zero, it will fail.
So add a new flag to provide an interlock between do_md_run() and
array_state_show(). This flag is set while do_md_run() is active and
it prevents array_state_show() from reporting that the array is
active.
Before do_md_run() is called, ->pers will be NULL so array is
definitely not active.
After do_md_run() is called, revalidate_disk() will have run and the
array will be completely ready.
We also move various sysfs_notify*() calls out of md_run() into
do_md_run() after MD_NOT_READY is cleared. This ensure the
information is ready before the notification is sent.
Prior to v4.12, array_state_show() was called with the
mddev->reconfig_mutex held, which provided exclusion with do_md_run().
Note that MD_NOT_READY cleared twice. This is deliberate to cover
both success and error paths with minimal noise.
Fixes: b7b17c9b67e5 ("md: remove mddev_lock() from md_attr_show()")
Cc: stable@vger.kernel.org (v4.12++)
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 11 +++++++----
drivers/md/md.h | 3 +++
2 files changed, 10 insertions(+), 4 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -4105,7 +4105,7 @@ array_state_show(struct mddev *mddev, ch
{
enum array_state st = inactive;
- if (mddev->pers)
+ if (mddev->pers && !test_bit(MD_NOT_READY, &mddev->flags))
switch(mddev->ro) {
case 1:
st = readonly;
@@ -5660,9 +5660,6 @@ int md_run(struct mddev *mddev)
md_update_sb(mddev, 0);
md_new_event(mddev);
- sysfs_notify_dirent_safe(mddev->sysfs_state);
- sysfs_notify_dirent_safe(mddev->sysfs_action);
- sysfs_notify(&mddev->kobj, NULL, "degraded");
return 0;
abort:
@@ -5676,6 +5673,7 @@ static int do_md_run(struct mddev *mddev
{
int err;
+ set_bit(MD_NOT_READY, &mddev->flags);
err = md_run(mddev);
if (err)
goto out;
@@ -5696,9 +5694,14 @@ static int do_md_run(struct mddev *mddev
set_capacity(mddev->gendisk, mddev->array_sectors);
revalidate_disk(mddev->gendisk);
+ clear_bit(MD_NOT_READY, &mddev->flags);
mddev->changed = 1;
kobject_uevent(&disk_to_dev(mddev->gendisk)->kobj, KOBJ_CHANGE);
+ sysfs_notify_dirent_safe(mddev->sysfs_state);
+ sysfs_notify_dirent_safe(mddev->sysfs_action);
+ sysfs_notify(&mddev->kobj, NULL, "degraded");
out:
+ clear_bit(MD_NOT_READY, &mddev->flags);
return err;
}
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
@@ -236,6 +236,9 @@ enum mddev_flags {
MD_UPDATING_SB, /* md_check_recovery is updating the metadata
* without explicitly holding reconfig_mutex.
*/
+ MD_NOT_READY, /* do_md_run() is active, so 'array_state'
+ * must not report that array is ready yet
+ */
};
enum mddev_sb_flags {
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 294/313] md: only call set_in_sync() when it is expected to succeed.
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (291 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 293/313] md: dont report active array_state until after revalidate_disk() completes Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 295/313] cfg80211: Purge frame registrations on iftype change Greg Kroah-Hartman
` (23 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, Song Liu, Jack Wang
From: NeilBrown <neilb@suse.com>
commit 480523feae581ab714ba6610388a3b4619a2f695 upstream.
Since commit 4ad23a976413 ("MD: use per-cpu counter for
writes_pending"), set_in_sync() is substantially more expensive: it
can wait for a full RCU grace period which can be 10s of milliseconds.
So we should only call it when the cost is justified.
md_check_recovery() currently calls set_in_sync() every time it finds
anything to do (on non-external active arrays). For an array
performing resync or recovery, this will be quite often.
Each call will introduce a delay to the md thread, which can noticeable
affect IO submission latency.
In md_check_recovery() we only need to call set_in_sync() if
'safemode' was non-zero at entry, meaning that there has been not
recent IO. So we save this "safemode was nonzero" state, and only
call set_in_sync() if it was non-zero.
This measurably reduces mean and maximum IO submission latency during
resync/recovery.
Reported-and-tested-by: Jack Wang <jinpu.wang@cloud.ionos.com>
Fixes: 4ad23a976413 ("MD: use per-cpu counter for writes_pending")
Cc: stable@vger.kernel.org (v4.12+)
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -8811,6 +8811,7 @@ void md_check_recovery(struct mddev *mdd
if (mddev_trylock(mddev)) {
int spares = 0;
+ bool try_set_sync = mddev->safemode != 0;
if (!mddev->external && mddev->safemode == 1)
mddev->safemode = 0;
@@ -8856,7 +8857,7 @@ void md_check_recovery(struct mddev *mdd
}
}
- if (!mddev->external && !mddev->in_sync) {
+ if (try_set_sync && !mddev->external && !mddev->in_sync) {
spin_lock(&mddev->lock);
set_in_sync(mddev);
spin_unlock(&mddev->lock);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 295/313] cfg80211: Purge frame registrations on iftype change
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (292 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 294/313] md: only call set_in_sync() when it is expected to succeed Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 296/313] /dev/mem: Bail out upon SIGKILL Greg Kroah-Hartman
` (22 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Denis Kenzior, Johannes Berg
From: Denis Kenzior <denkenz@gmail.com>
commit c1d3ad84eae35414b6b334790048406bd6301b12 upstream.
Currently frame registrations are not purged, even when changing the
interface type. This can lead to potentially weird situations where
frames possibly not allowed on a given interface type remain registered
due to the type switching happening after registration.
The kernel currently relies on userspace apps to actually purge the
registrations themselves, this is not something that the kernel should
rely on.
Add a call to cfg80211_mlme_purge_registrations() to forcefully remove
any registrations left over prior to switching the iftype.
Cc: stable@vger.kernel.org
Signed-off-by: Denis Kenzior <denkenz@gmail.com>
Link: https://lore.kernel.org/r/20190828211110.15005-1-denkenz@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/util.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -960,6 +960,7 @@ int cfg80211_change_iface(struct cfg8021
}
cfg80211_process_rdev_events(rdev);
+ cfg80211_mlme_purge_registrations(dev->ieee80211_ptr);
}
err = rdev_change_virtual_intf(rdev, dev, ntype, params);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 296/313] /dev/mem: Bail out upon SIGKILL.
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (293 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 295/313] cfg80211: Purge frame registrations on iftype change Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 297/313] fs: Export generic_fadvise() Greg Kroah-Hartman
` (21 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tetsuo Handa, syzbot
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit 8619e5bdeee8b2c685d686281f2d2a6017c4bc15 upstream.
syzbot found that a thread can stall for minutes inside read_mem() or
write_mem() after that thread was killed by SIGKILL [1]. Reading from
iomem areas of /dev/mem can be slow, depending on the hardware.
While reading 2GB at one read() is legal, delaying termination of killed
thread for minutes is bad. Thus, allow reading/writing /dev/mem and
/dev/kmem to be preemptible and killable.
[ 1335.912419][T20577] read_mem: sz=4096 count=2134565632
[ 1335.943194][T20577] read_mem: sz=4096 count=2134561536
[ 1335.978280][T20577] read_mem: sz=4096 count=2134557440
[ 1336.011147][T20577] read_mem: sz=4096 count=2134553344
[ 1336.041897][T20577] read_mem: sz=4096 count=2134549248
Theoretically, reading/writing /dev/mem and /dev/kmem can become
"interruptible". But this patch chose "killable". Future patch will make
them "interruptible" so that we can revert to "killable" if some program
regressed.
[1] https://syzkaller.appspot.com/bug?id=a0e3436829698d5824231251fad9d8e998f94f5e
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: stable <stable@vger.kernel.org>
Reported-by: syzbot <syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/r/1566825205-10703-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/mem.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -97,6 +97,13 @@ void __weak unxlate_dev_mem_ptr(phys_add
}
#endif
+static inline bool should_stop_iteration(void)
+{
+ if (need_resched())
+ cond_resched();
+ return fatal_signal_pending(current);
+}
+
/*
* This funcion reads the *physical* memory. The f_pos points directly to the
* memory location.
@@ -175,6 +182,8 @@ static ssize_t read_mem(struct file *fil
p += sz;
count -= sz;
read += sz;
+ if (should_stop_iteration())
+ break;
}
kfree(bounce);
@@ -251,6 +260,8 @@ static ssize_t write_mem(struct file *fi
p += sz;
count -= sz;
written += sz;
+ if (should_stop_iteration())
+ break;
}
*ppos += written;
@@ -468,6 +479,10 @@ static ssize_t read_kmem(struct file *fi
read += sz;
low_count -= sz;
count -= sz;
+ if (should_stop_iteration()) {
+ count = 0;
+ break;
+ }
}
}
@@ -492,6 +507,8 @@ static ssize_t read_kmem(struct file *fi
buf += sz;
read += sz;
p += sz;
+ if (should_stop_iteration())
+ break;
}
free_page((unsigned long)kbuf);
}
@@ -544,6 +561,8 @@ static ssize_t do_write_kmem(unsigned lo
p += sz;
count -= sz;
written += sz;
+ if (should_stop_iteration())
+ break;
}
*ppos += written;
@@ -595,6 +614,8 @@ static ssize_t write_kmem(struct file *f
buf += sz;
virtr += sz;
p += sz;
+ if (should_stop_iteration())
+ break;
}
free_page((unsigned long)kbuf);
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 297/313] fs: Export generic_fadvise()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (294 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 296/313] /dev/mem: Bail out upon SIGKILL Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 298/313] mm: Handle MADV_WILLNEED through vfs_fadvise() Greg Kroah-Hartman
` (20 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Jan Kara
From: Jan Kara <jack@suse.cz>
commit cf1ea0592dbf109e7e7935b7d5b1a47a1ba04174 upstream.
Filesystems will need to call this function from their fadvise handlers.
CC: stable@vger.kernel.org
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/fs.h | 2 ++
mm/fadvise.c | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3544,6 +3544,8 @@ extern void inode_nohighmem(struct inode
/* mm/fadvise.c */
extern int vfs_fadvise(struct file *file, loff_t offset, loff_t len,
int advice);
+extern int generic_fadvise(struct file *file, loff_t offset, loff_t len,
+ int advice);
#if defined(CONFIG_IO_URING)
extern struct sock *io_uring_get_socket(struct file *file);
--- a/mm/fadvise.c
+++ b/mm/fadvise.c
@@ -27,8 +27,7 @@
* deactivate the pages and clear PG_Referenced.
*/
-static int generic_fadvise(struct file *file, loff_t offset, loff_t len,
- int advice)
+int generic_fadvise(struct file *file, loff_t offset, loff_t len, int advice)
{
struct inode *inode;
struct address_space *mapping;
@@ -178,6 +177,7 @@ static int generic_fadvise(struct file *
}
return 0;
}
+EXPORT_SYMBOL(generic_fadvise);
int vfs_fadvise(struct file *file, loff_t offset, loff_t len, int advice)
{
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 298/313] mm: Handle MADV_WILLNEED through vfs_fadvise()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (295 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 297/313] fs: Export generic_fadvise() Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 299/313] xfs: Fix stale data exposure when readahead races with hole punch Greg Kroah-Hartman
` (19 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amir Goldstein, Boaz Harrosh,
Jan Kara, Darrick J. Wong
From: Jan Kara <jack@suse.cz>
commit 692fe62433d4ca47605b39f7c416efd6679ba694 upstream.
Currently handling of MADV_WILLNEED hint calls directly into readahead
code. Handle it by calling vfs_fadvise() instead so that filesystem can
use its ->fadvise() callback to acquire necessary locks or otherwise
prepare for the request.
Suggested-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Boaz Harrosh <boazh@netapp.com>
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/madvise.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -14,6 +14,7 @@
#include <linux/userfaultfd_k.h>
#include <linux/hugetlb.h>
#include <linux/falloc.h>
+#include <linux/fadvise.h>
#include <linux/sched.h>
#include <linux/ksm.h>
#include <linux/fs.h>
@@ -275,6 +276,7 @@ static long madvise_willneed(struct vm_a
unsigned long start, unsigned long end)
{
struct file *file = vma->vm_file;
+ loff_t offset;
*prev = vma;
#ifdef CONFIG_SWAP
@@ -298,12 +300,20 @@ static long madvise_willneed(struct vm_a
return 0;
}
- start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
- if (end > vma->vm_end)
- end = vma->vm_end;
- end = ((end - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
-
- force_page_cache_readahead(file->f_mapping, file, start, end - start);
+ /*
+ * Filesystem's fadvise may need to take various locks. We need to
+ * explicitly grab a reference because the vma (and hence the
+ * vma's reference to the file) can go away as soon as we drop
+ * mmap_sem.
+ */
+ *prev = NULL; /* tell sys_madvise we drop mmap_sem */
+ get_file(file);
+ up_read(¤t->mm->mmap_sem);
+ offset = (loff_t)(start - vma->vm_start)
+ + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
+ vfs_fadvise(file, offset, end - start, POSIX_FADV_WILLNEED);
+ fput(file);
+ down_read(¤t->mm->mmap_sem);
return 0;
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 299/313] xfs: Fix stale data exposure when readahead races with hole punch
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (296 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 298/313] mm: Handle MADV_WILLNEED through vfs_fadvise() Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 300/313] ipmi: move message error checking to avoid deadlock Greg Kroah-Hartman
` (18 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amir Goldstein, Jan Kara, Darrick J. Wong
From: Jan Kara <jack@suse.cz>
commit 40144e49ff84c3bd6bd091b58115257670be8803 upstream.
Hole puching currently evicts pages from page cache and then goes on to
remove blocks from the inode. This happens under both XFS_IOLOCK_EXCL
and XFS_MMAPLOCK_EXCL which provides appropriate serialization with
racing reads or page faults. However there is currently nothing that
prevents readahead triggered by fadvise() or madvise() from racing with
the hole punch and instantiating page cache page after hole punching has
evicted page cache in xfs_flush_unmap_range() but before it has removed
blocks from the inode. This page cache page will be mapping soon to be
freed block and that can lead to returning stale data to userspace or
even filesystem corruption.
Fix the problem by protecting handling of readahead requests by
XFS_IOLOCK_SHARED similarly as we protect reads.
CC: stable@vger.kernel.org
Link: https://lore.kernel.org/linux-fsdevel/CAOQ4uxjQNmxqmtA_VbYW0Su9rKRk2zobJmahcyeaEVOFKVQ5dw@mail.gmail.com/
Reported-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_file.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
--- a/fs/xfs/xfs_file.c
+++ b/fs/xfs/xfs_file.c
@@ -33,6 +33,7 @@
#include <linux/pagevec.h>
#include <linux/backing-dev.h>
#include <linux/mman.h>
+#include <linux/fadvise.h>
static const struct vm_operations_struct xfs_file_vm_ops;
@@ -939,6 +940,30 @@ out_unlock:
return error;
}
+STATIC int
+xfs_file_fadvise(
+ struct file *file,
+ loff_t start,
+ loff_t end,
+ int advice)
+{
+ struct xfs_inode *ip = XFS_I(file_inode(file));
+ int ret;
+ int lockflags = 0;
+
+ /*
+ * Operations creating pages in page cache need protection from hole
+ * punching and similar ops
+ */
+ if (advice == POSIX_FADV_WILLNEED) {
+ lockflags = XFS_IOLOCK_SHARED;
+ xfs_ilock(ip, lockflags);
+ }
+ ret = generic_fadvise(file, start, end, advice);
+ if (lockflags)
+ xfs_iunlock(ip, lockflags);
+ return ret;
+}
STATIC loff_t
xfs_file_remap_range(
@@ -1235,6 +1260,7 @@ const struct file_operations xfs_file_op
.fsync = xfs_file_fsync,
.get_unmapped_area = thp_get_unmapped_area,
.fallocate = xfs_file_fallocate,
+ .fadvise = xfs_file_fadvise,
.remap_file_range = xfs_file_remap_range,
};
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 300/313] ipmi: move message error checking to avoid deadlock
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (297 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 299/313] xfs: Fix stale data exposure when readahead races with hole punch Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 301/313] mtd: rawnand: stm32_fmc2: avoid warnings when building with W=1 option Greg Kroah-Hartman
` (17 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tony Camuso, Corey Minyard
From: Tony Camuso <tcamuso@redhat.com>
commit 383035211c79d4d98481a09ad429b31c7dbf22bd upstream.
V1->V2: in handle_one_rcv_msg, if data_size > 2, set requeue to zero and
goto out instead of calling ipmi_free_msg.
Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
In the source stack trace below, function set_need_watch tries to
take out the same si_lock that was taken earlier by ipmi_thread.
ipmi_thread() [drivers/char/ipmi/ipmi_si_intf.c:995]
smi_event_handler() [drivers/char/ipmi/ipmi_si_intf.c:765]
handle_transaction_done() [drivers/char/ipmi/ipmi_si_intf.c:555]
deliver_recv_msg() [drivers/char/ipmi/ipmi_si_intf.c:283]
ipmi_smi_msg_received() [drivers/char/ipmi/ipmi_msghandler.c:4503]
intf_err_seq() [drivers/char/ipmi/ipmi_msghandler.c:1149]
smi_remove_watch() [drivers/char/ipmi/ipmi_msghandler.c:999]
set_need_watch() [drivers/char/ipmi/ipmi_si_intf.c:1066]
Upstream commit e1891cffd4c4896a899337a243273f0e23c028df adds code to
ipmi_smi_msg_received() to call smi_remove_watch() via intf_err_seq()
and this seems to be causing the deadlock.
commit e1891cffd4c4896a899337a243273f0e23c028df
Author: Corey Minyard <cminyard@mvista.com>
Date: Wed Oct 24 15:17:04 2018 -0500
ipmi: Make the smi watcher be disabled immediately when not needed
The fix is to put all messages in the queue and move the message
checking code out of ipmi_smi_msg_received and into handle_one_recv_msg,
which processes the message checking after ipmi_thread releases its
locks.
Additionally,Kosuke Tatsukawa <tatsu@ab.jp.nec.com> reported that
handle_new_recv_msgs calls ipmi_free_msg when handle_one_rcv_msg returns
zero, so that the call to ipmi_free_msg in handle_one_rcv_msg introduced
another panic when "ipmitool sensor list" was run in a loop. He
submitted this part of the patch.
+free_msg:
+ requeue = 0;
+ goto out;
Reported by: Osamu Samukawa <osa-samukawa@tg.jp.nec.com>
Characterized by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
Fixes: e1891cffd4c4 ("ipmi: Make the smi watcher be disabled immediately when not needed")
Cc: stable@vger.kernel.org # 5.1
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/ipmi/ipmi_msghandler.c | 114 ++++++++++++++++++------------------
1 file changed, 57 insertions(+), 57 deletions(-)
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -4215,7 +4215,53 @@ static int handle_one_recv_msg(struct ip
int chan;
ipmi_debug_msg("Recv:", msg->rsp, msg->rsp_size);
- if (msg->rsp_size < 2) {
+
+ if ((msg->data_size >= 2)
+ && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
+ && (msg->data[1] == IPMI_SEND_MSG_CMD)
+ && (msg->user_data == NULL)) {
+
+ if (intf->in_shutdown)
+ goto free_msg;
+
+ /*
+ * This is the local response to a command send, start
+ * the timer for these. The user_data will not be
+ * NULL if this is a response send, and we will let
+ * response sends just go through.
+ */
+
+ /*
+ * Check for errors, if we get certain errors (ones
+ * that mean basically we can try again later), we
+ * ignore them and start the timer. Otherwise we
+ * report the error immediately.
+ */
+ if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
+ && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
+ && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)
+ && (msg->rsp[2] != IPMI_BUS_ERR)
+ && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) {
+ int ch = msg->rsp[3] & 0xf;
+ struct ipmi_channel *chans;
+
+ /* Got an error sending the message, handle it. */
+
+ chans = READ_ONCE(intf->channel_list)->c;
+ if ((chans[ch].medium == IPMI_CHANNEL_MEDIUM_8023LAN)
+ || (chans[ch].medium == IPMI_CHANNEL_MEDIUM_ASYNC))
+ ipmi_inc_stat(intf, sent_lan_command_errs);
+ else
+ ipmi_inc_stat(intf, sent_ipmb_command_errs);
+ intf_err_seq(intf, msg->msgid, msg->rsp[2]);
+ } else
+ /* The message was sent, start the timer. */
+ intf_start_seq_timer(intf, msg->msgid);
+free_msg:
+ requeue = 0;
+ goto out;
+
+ } else if (msg->rsp_size < 2) {
/* Message is too small to be correct. */
dev_warn(intf->si_dev,
"BMC returned too small a message for netfn %x cmd %x, got %d bytes\n",
@@ -4472,62 +4518,16 @@ void ipmi_smi_msg_received(struct ipmi_s
unsigned long flags = 0; /* keep us warning-free. */
int run_to_completion = intf->run_to_completion;
- if ((msg->data_size >= 2)
- && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
- && (msg->data[1] == IPMI_SEND_MSG_CMD)
- && (msg->user_data == NULL)) {
-
- if (intf->in_shutdown)
- goto free_msg;
-
- /*
- * This is the local response to a command send, start
- * the timer for these. The user_data will not be
- * NULL if this is a response send, and we will let
- * response sends just go through.
- */
-
- /*
- * Check for errors, if we get certain errors (ones
- * that mean basically we can try again later), we
- * ignore them and start the timer. Otherwise we
- * report the error immediately.
- */
- if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
- && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
- && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)
- && (msg->rsp[2] != IPMI_BUS_ERR)
- && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) {
- int ch = msg->rsp[3] & 0xf;
- struct ipmi_channel *chans;
-
- /* Got an error sending the message, handle it. */
-
- chans = READ_ONCE(intf->channel_list)->c;
- if ((chans[ch].medium == IPMI_CHANNEL_MEDIUM_8023LAN)
- || (chans[ch].medium == IPMI_CHANNEL_MEDIUM_ASYNC))
- ipmi_inc_stat(intf, sent_lan_command_errs);
- else
- ipmi_inc_stat(intf, sent_ipmb_command_errs);
- intf_err_seq(intf, msg->msgid, msg->rsp[2]);
- } else
- /* The message was sent, start the timer. */
- intf_start_seq_timer(intf, msg->msgid);
-
-free_msg:
- ipmi_free_smi_msg(msg);
- } else {
- /*
- * To preserve message order, we keep a queue and deliver from
- * a tasklet.
- */
- if (!run_to_completion)
- spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
- list_add_tail(&msg->link, &intf->waiting_rcv_msgs);
- if (!run_to_completion)
- spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
- flags);
- }
+ /*
+ * To preserve message order, we keep a queue and deliver from
+ * a tasklet.
+ */
+ if (!run_to_completion)
+ spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
+ list_add_tail(&msg->link, &intf->waiting_rcv_msgs);
+ if (!run_to_completion)
+ spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
+ flags);
if (!run_to_completion)
spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 301/313] mtd: rawnand: stm32_fmc2: avoid warnings when building with W=1 option
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (298 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 300/313] ipmi: move message error checking to avoid deadlock Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 302/313] ext4: fix warning inside ext4_convert_unwritten_extents_endio Greg Kroah-Hartman
` (16 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Kerello, Miquel Raynal
From: Christophe Kerello <christophe.kerello@st.com>
commit b410f4eb01a1950ed73ae40859d0978b1a924380 upstream.
This patch solves warnings detected by setting W=1 when building.
Warnings type detected:
drivers/mtd/nand/raw/stm32_fmc2_nand.c: In function ‘stm32_fmc2_calc_timings’:
drivers/mtd/nand/raw/stm32_fmc2_nand.c:1417:23: warning: comparison is
always false due to limited range of data type [-Wtype-limits]
else if (tims->twait > FMC2_PMEM_PATT_TIMING_MASK)
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
Cc: stable@vger.kernel.org
Fixes: 2cd457f328c1 ("mtd: rawnand: stm32_fmc2: add STM32 FMC2 NAND flash controller driver")
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/stm32_fmc2_nand.c | 88 ++++++++++-----------------------
1 file changed, 28 insertions(+), 60 deletions(-)
--- a/drivers/mtd/nand/raw/stm32_fmc2_nand.c
+++ b/drivers/mtd/nand/raw/stm32_fmc2_nand.c
@@ -1424,21 +1424,16 @@ static void stm32_fmc2_calc_timings(stru
struct stm32_fmc2_timings *tims = &nand->timings;
unsigned long hclk = clk_get_rate(fmc2->clk);
unsigned long hclkp = NSEC_PER_SEC / (hclk / 1000);
- int tar, tclr, thiz, twait, tset_mem, tset_att, thold_mem, thold_att;
+ unsigned long timing, tar, tclr, thiz, twait;
+ unsigned long tset_mem, tset_att, thold_mem, thold_att;
- tar = hclkp;
- if (tar < sdrt->tAR_min)
- tar = sdrt->tAR_min;
- tims->tar = DIV_ROUND_UP(tar, hclkp) - 1;
- if (tims->tar > FMC2_PCR_TIMING_MASK)
- tims->tar = FMC2_PCR_TIMING_MASK;
-
- tclr = hclkp;
- if (tclr < sdrt->tCLR_min)
- tclr = sdrt->tCLR_min;
- tims->tclr = DIV_ROUND_UP(tclr, hclkp) - 1;
- if (tims->tclr > FMC2_PCR_TIMING_MASK)
- tims->tclr = FMC2_PCR_TIMING_MASK;
+ tar = max_t(unsigned long, hclkp, sdrt->tAR_min);
+ timing = DIV_ROUND_UP(tar, hclkp) - 1;
+ tims->tar = min_t(unsigned long, timing, FMC2_PCR_TIMING_MASK);
+
+ tclr = max_t(unsigned long, hclkp, sdrt->tCLR_min);
+ timing = DIV_ROUND_UP(tclr, hclkp) - 1;
+ tims->tclr = min_t(unsigned long, timing, FMC2_PCR_TIMING_MASK);
tims->thiz = FMC2_THIZ;
thiz = (tims->thiz + 1) * hclkp;
@@ -1448,18 +1443,11 @@ static void stm32_fmc2_calc_timings(stru
* tWAIT > tWP
* tWAIT > tREA + tIO
*/
- twait = hclkp;
- if (twait < sdrt->tRP_min)
- twait = sdrt->tRP_min;
- if (twait < sdrt->tWP_min)
- twait = sdrt->tWP_min;
- if (twait < sdrt->tREA_max + FMC2_TIO)
- twait = sdrt->tREA_max + FMC2_TIO;
- tims->twait = DIV_ROUND_UP(twait, hclkp);
- if (tims->twait == 0)
- tims->twait = 1;
- else if (tims->twait > FMC2_PMEM_PATT_TIMING_MASK)
- tims->twait = FMC2_PMEM_PATT_TIMING_MASK;
+ twait = max_t(unsigned long, hclkp, sdrt->tRP_min);
+ twait = max_t(unsigned long, twait, sdrt->tWP_min);
+ twait = max_t(unsigned long, twait, sdrt->tREA_max + FMC2_TIO);
+ timing = DIV_ROUND_UP(twait, hclkp);
+ tims->twait = clamp_val(timing, 1, FMC2_PMEM_PATT_TIMING_MASK);
/*
* tSETUP_MEM > tCS - tWAIT
@@ -1474,20 +1462,15 @@ static void stm32_fmc2_calc_timings(stru
if (twait > thiz && (sdrt->tDS_min > twait - thiz) &&
(tset_mem < sdrt->tDS_min - (twait - thiz)))
tset_mem = sdrt->tDS_min - (twait - thiz);
- tims->tset_mem = DIV_ROUND_UP(tset_mem, hclkp);
- if (tims->tset_mem == 0)
- tims->tset_mem = 1;
- else if (tims->tset_mem > FMC2_PMEM_PATT_TIMING_MASK)
- tims->tset_mem = FMC2_PMEM_PATT_TIMING_MASK;
+ timing = DIV_ROUND_UP(tset_mem, hclkp);
+ tims->tset_mem = clamp_val(timing, 1, FMC2_PMEM_PATT_TIMING_MASK);
/*
* tHOLD_MEM > tCH
* tHOLD_MEM > tREH - tSETUP_MEM
* tHOLD_MEM > max(tRC, tWC) - (tSETUP_MEM + tWAIT)
*/
- thold_mem = hclkp;
- if (thold_mem < sdrt->tCH_min)
- thold_mem = sdrt->tCH_min;
+ thold_mem = max_t(unsigned long, hclkp, sdrt->tCH_min);
if (sdrt->tREH_min > tset_mem &&
(thold_mem < sdrt->tREH_min - tset_mem))
thold_mem = sdrt->tREH_min - tset_mem;
@@ -1497,11 +1480,8 @@ static void stm32_fmc2_calc_timings(stru
if ((sdrt->tWC_min > tset_mem + twait) &&
(thold_mem < sdrt->tWC_min - (tset_mem + twait)))
thold_mem = sdrt->tWC_min - (tset_mem + twait);
- tims->thold_mem = DIV_ROUND_UP(thold_mem, hclkp);
- if (tims->thold_mem == 0)
- tims->thold_mem = 1;
- else if (tims->thold_mem > FMC2_PMEM_PATT_TIMING_MASK)
- tims->thold_mem = FMC2_PMEM_PATT_TIMING_MASK;
+ timing = DIV_ROUND_UP(thold_mem, hclkp);
+ tims->thold_mem = clamp_val(timing, 1, FMC2_PMEM_PATT_TIMING_MASK);
/*
* tSETUP_ATT > tCS - tWAIT
@@ -1523,11 +1503,8 @@ static void stm32_fmc2_calc_timings(stru
if (twait > thiz && (sdrt->tDS_min > twait - thiz) &&
(tset_att < sdrt->tDS_min - (twait - thiz)))
tset_att = sdrt->tDS_min - (twait - thiz);
- tims->tset_att = DIV_ROUND_UP(tset_att, hclkp);
- if (tims->tset_att == 0)
- tims->tset_att = 1;
- else if (tims->tset_att > FMC2_PMEM_PATT_TIMING_MASK)
- tims->tset_att = FMC2_PMEM_PATT_TIMING_MASK;
+ timing = DIV_ROUND_UP(tset_att, hclkp);
+ tims->tset_att = clamp_val(timing, 1, FMC2_PMEM_PATT_TIMING_MASK);
/*
* tHOLD_ATT > tALH
@@ -1542,17 +1519,11 @@ static void stm32_fmc2_calc_timings(stru
* tHOLD_ATT > tRC - (tSETUP_ATT + tWAIT)
* tHOLD_ATT > tWC - (tSETUP_ATT + tWAIT)
*/
- thold_att = hclkp;
- if (thold_att < sdrt->tALH_min)
- thold_att = sdrt->tALH_min;
- if (thold_att < sdrt->tCH_min)
- thold_att = sdrt->tCH_min;
- if (thold_att < sdrt->tCLH_min)
- thold_att = sdrt->tCLH_min;
- if (thold_att < sdrt->tCOH_min)
- thold_att = sdrt->tCOH_min;
- if (thold_att < sdrt->tDH_min)
- thold_att = sdrt->tDH_min;
+ thold_att = max_t(unsigned long, hclkp, sdrt->tALH_min);
+ thold_att = max_t(unsigned long, thold_att, sdrt->tCH_min);
+ thold_att = max_t(unsigned long, thold_att, sdrt->tCLH_min);
+ thold_att = max_t(unsigned long, thold_att, sdrt->tCOH_min);
+ thold_att = max_t(unsigned long, thold_att, sdrt->tDH_min);
if ((sdrt->tWB_max + FMC2_TIO + FMC2_TSYNC > tset_mem) &&
(thold_att < sdrt->tWB_max + FMC2_TIO + FMC2_TSYNC - tset_mem))
thold_att = sdrt->tWB_max + FMC2_TIO + FMC2_TSYNC - tset_mem;
@@ -1571,11 +1542,8 @@ static void stm32_fmc2_calc_timings(stru
if ((sdrt->tWC_min > tset_att + twait) &&
(thold_att < sdrt->tWC_min - (tset_att + twait)))
thold_att = sdrt->tWC_min - (tset_att + twait);
- tims->thold_att = DIV_ROUND_UP(thold_att, hclkp);
- if (tims->thold_att == 0)
- tims->thold_att = 1;
- else if (tims->thold_att > FMC2_PMEM_PATT_TIMING_MASK)
- tims->thold_att = FMC2_PMEM_PATT_TIMING_MASK;
+ timing = DIV_ROUND_UP(thold_att, hclkp);
+ tims->thold_att = clamp_val(timing, 1, FMC2_PMEM_PATT_TIMING_MASK);
}
static int stm32_fmc2_setup_interface(struct nand_chip *chip, int chipnr,
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 302/313] ext4: fix warning inside ext4_convert_unwritten_extents_endio
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (299 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 301/313] mtd: rawnand: stm32_fmc2: avoid warnings when building with W=1 option Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 303/313] ext4: fix punch hole for inline_data file systems Greg Kroah-Hartman
` (15 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rakesh Pandit, Theodore Tso, stable
From: Rakesh Pandit <rakesh@tuxera.com>
commit e3d550c2c4f2f3dba469bc3c4b83d9332b4e99e1 upstream.
Really enable warning when CONFIG_EXT4_DEBUG is set and fix missing
first argument. This was introduced in commit ff95ec22cd7f ("ext4:
add warning to ext4_convert_unwritten_extents_endio") and splitting
extents inside endio would trigger it.
Fixes: ff95ec22cd7f ("ext4: add warning to ext4_convert_unwritten_extents_endio")
Signed-off-by: Rakesh Pandit <rakesh@tuxera.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/extents.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -3813,8 +3813,8 @@ static int ext4_convert_unwritten_extent
* illegal.
*/
if (ee_block != map->m_lblk || ee_len > map->m_len) {
-#ifdef EXT4_DEBUG
- ext4_warning("Inode (%ld) finished: extent logical block %llu,"
+#ifdef CONFIG_EXT4_DEBUG
+ ext4_warning(inode->i_sb, "Inode (%ld) finished: extent logical block %llu,"
" len %u; IO logical block %llu, len %u",
inode->i_ino, (unsigned long long)ee_block, ee_len,
(unsigned long long)map->m_lblk, map->m_len);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 303/313] ext4: fix punch hole for inline_data file systems
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (300 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 302/313] ext4: fix warning inside ext4_convert_unwritten_extents_endio Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 304/313] quota: fix wrong condition in is_quota_modification() Greg Kroah-Hartman
` (14 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Theodore Tso
From: Theodore Ts'o <tytso@mit.edu>
commit c1e8220bd316d8ae8e524df39534b8a412a45d5e upstream.
If a program attempts to punch a hole on an inline data file, we need
to convert it to a normal file first.
This was detected using ext4/032 using the adv configuration. Simple
reproducer:
mke2fs -Fq -t ext4 -O inline_data /dev/vdc
mount /vdc
echo "" > /vdc/testfile
xfs_io -c 'truncate 33554432' /vdc/testfile
xfs_io -c 'fpunch 0 1048576' /vdc/testfile
umount /vdc
e2fsck -fy /dev/vdc
Cc: stable@vger.kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4288,6 +4288,15 @@ int ext4_punch_hole(struct inode *inode,
trace_ext4_punch_hole(inode, offset, length, 0);
+ ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
+ if (ext4_has_inline_data(inode)) {
+ down_write(&EXT4_I(inode)->i_mmap_sem);
+ ret = ext4_convert_inline_data(inode);
+ up_write(&EXT4_I(inode)->i_mmap_sem);
+ if (ret)
+ return ret;
+ }
+
/*
* Write out all dirty pages to avoid race conditions
* Then release them.
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 304/313] quota: fix wrong condition in is_quota_modification()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (301 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 303/313] ext4: fix punch hole for inline_data file systems Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 305/313] hwrng: core - dont wait on add_early_randomness() Greg Kroah-Hartman
` (13 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jan Kara
From: Chao Yu <yuchao0@huawei.com>
commit 6565c182094f69e4ffdece337d395eb7ec760efc upstream.
Quoted from
commit 3da40c7b0898 ("ext4: only call ext4_truncate when size <= isize")
" At LSF we decided that if we truncate up from isize we shouldn't trim
fallocated blocks that were fallocated with KEEP_SIZE and are past the
new i_size. This patch fixes ext4 to do this. "
And generic/092 of fstest have covered this case for long time, however
is_quota_modification() didn't adjust based on that rule, so that in
below condition, we will lose to quota block change:
- fallocate blocks beyond EOF
- remount
- truncate(file_path, file_size)
Fix it.
Link: https://lore.kernel.org/r/20190911093650.35329-1-yuchao0@huawei.com
Fixes: 3da40c7b0898 ("ext4: only call ext4_truncate when size <= isize")
CC: stable@vger.kernel.org
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/quotaops.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/quotaops.h
+++ b/include/linux/quotaops.h
@@ -22,7 +22,7 @@ static inline struct quota_info *sb_dqop
/* i_mutex must being held */
static inline bool is_quota_modification(struct inode *inode, struct iattr *ia)
{
- return (ia->ia_valid & ATTR_SIZE && ia->ia_size != inode->i_size) ||
+ return (ia->ia_valid & ATTR_SIZE) ||
(ia->ia_valid & ATTR_UID && !uid_eq(ia->ia_uid, inode->i_uid)) ||
(ia->ia_valid & ATTR_GID && !gid_eq(ia->ia_gid, inode->i_gid));
}
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 305/313] hwrng: core - dont wait on add_early_randomness()
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (302 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 304/313] quota: fix wrong condition in is_quota_modification() Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 306/313] i2c: riic: Clear NACK in tend isr Greg Kroah-Hartman
` (12 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Vivier, Theodore Tso, Herbert Xu
From: Laurent Vivier <lvivier@redhat.com>
commit 78887832e76541f77169a24ac238fccb51059b63 upstream.
add_early_randomness() is called by hwrng_register() when the
hardware is added. If this hardware and its module are present
at boot, and if there is no data available the boot hangs until
data are available and can't be interrupted.
For instance, in the case of virtio-rng, in some cases the host can be
not able to provide enough entropy for all the guests.
We can have two easy ways to reproduce the problem but they rely on
misconfiguration of the hypervisor or the egd daemon:
- if virtio-rng device is configured to connect to the egd daemon of the
host but when the virtio-rng driver asks for data the daemon is not
connected,
- if virtio-rng device is configured to connect to the egd daemon of the
host but the egd daemon doesn't provide data.
The guest kernel will hang at boot until the virtio-rng driver provides
enough data.
To avoid that, call rng_get_data() in non-blocking mode (wait=0)
from add_early_randomness().
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Fixes: d9e797261933 ("hwrng: add randomness to system from rng...")
Cc: <stable@vger.kernel.org>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/hw_random/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -67,7 +67,7 @@ static void add_early_randomness(struct
size_t size = min_t(size_t, 16, rng_buffer_size());
mutex_lock(&reading_mutex);
- bytes_read = rng_get_data(rng, rng_buffer, size, 1);
+ bytes_read = rng_get_data(rng, rng_buffer, size, 0);
mutex_unlock(&reading_mutex);
if (bytes_read > 0)
add_device_randomness(rng_buffer, bytes_read);
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 306/313] i2c: riic: Clear NACK in tend isr
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (303 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 305/313] hwrng: core - dont wait on add_early_randomness() Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 307/313] CIFS: fix max ea value size Greg Kroah-Hartman
` (11 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chien Nguyen, Chris Brandt, Wolfram Sang
From: Chris Brandt <chris.brandt@renesas.com>
commit a71e2ac1f32097fbb2beab098687a7a95c84543e upstream.
The NACKF flag should be cleared in INTRIICNAKI interrupt processing as
description in HW manual.
This issue shows up quickly when PREEMPT_RT is applied and a device is
probed that is not plugged in (like a touchscreen controller). The result
is endless interrupts that halt system boot.
Fixes: 310c18a41450 ("i2c: riic: add driver")
Cc: stable@vger.kernel.org
Reported-by: Chien Nguyen <chien.nguyen.eb@rvc.renesas.com>
Signed-off-by: Chris Brandt <chris.brandt@renesas.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-riic.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/i2c/busses/i2c-riic.c
+++ b/drivers/i2c/busses/i2c-riic.c
@@ -202,6 +202,7 @@ static irqreturn_t riic_tend_isr(int irq
if (readb(riic->base + RIIC_ICSR2) & ICSR2_NACKF) {
/* We got a NACKIE */
readb(riic->base + RIIC_ICDRR); /* dummy read */
+ riic_clear_set_bit(riic, ICSR2_NACKF, 0, RIIC_ICSR2);
riic->err = -ENXIO;
} else if (riic->bytes_left) {
return IRQ_NONE;
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 307/313] CIFS: fix max ea value size
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (304 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 306/313] i2c: riic: Clear NACK in tend isr Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 308/313] CIFS: Fix oplock handling for SMB 2.1+ protocols Greg Kroah-Hartman
` (10 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Murphy Zhou, Aurelien Aptel, Steve French
From: Murphy Zhou <jencce.kernel@gmail.com>
commit 63d37fb4ce5ae7bf1e58f906d1bf25f036fe79b2 upstream.
It should not be larger then the slab max buf size. If user
specifies a larger size, it passes this check and goes
straightly to SMB2_set_info_init performing an insecure memcpy.
Signed-off-by: Murphy Zhou <jencce.kernel@gmail.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cifs/xattr.c
+++ b/fs/cifs/xattr.c
@@ -31,7 +31,7 @@
#include "cifs_fs_sb.h"
#include "cifs_unicode.h"
-#define MAX_EA_VALUE_SIZE 65535
+#define MAX_EA_VALUE_SIZE CIFSMaxBufSize
#define CIFS_XATTR_CIFS_ACL "system.cifs_acl"
#define CIFS_XATTR_ATTRIB "cifs.dosattrib" /* full name: user.cifs.dosattrib */
#define CIFS_XATTR_CREATETIME "cifs.creationtime" /* user.cifs.creationtime */
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 308/313] CIFS: Fix oplock handling for SMB 2.1+ protocols
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (305 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 307/313] CIFS: fix max ea value size Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 309/313] drm/amd/display: Restore backlight brightness after system resume Greg Kroah-Hartman
` (9 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Shilovsky, Steve French,
Ronnie Sahlberg
From: Pavel Shilovsky <pshilov@microsoft.com>
commit a016e2794fc3a245a91946038dd8f34d65e53cc3 upstream.
There may be situations when a server negotiates SMB 2.1
protocol version or higher but responds to a CREATE request
with an oplock rather than a lease.
Currently the client doesn't handle such a case correctly:
when another CREATE comes in the server sends an oplock
break to the initial CREATE and the client doesn't send
an ack back due to a wrong caching level being set (READ
instead of RWH). Missing an oplock break ack makes the
server wait until the break times out which dramatically
increases the latency of the second CREATE.
Fix this by properly detecting oplocks when using SMB 2.1
protocol version and higher.
Cc: <stable@vger.kernel.org>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3254,6 +3254,11 @@ smb21_set_oplock_level(struct cifsInodeI
if (oplock == SMB2_OPLOCK_LEVEL_NOCHANGE)
return;
+ /* Check if the server granted an oplock rather than a lease */
+ if (oplock & SMB2_OPLOCK_LEVEL_EXCLUSIVE)
+ return smb2_set_oplock_level(cinode, oplock, epoch,
+ purge_cache);
+
if (oplock & SMB2_LEASE_READ_CACHING_HE) {
new_oplock |= CIFS_CACHE_READ_FLG;
strcat(message, "R");
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 309/313] drm/amd/display: Restore backlight brightness after system resume
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (306 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 308/313] CIFS: Fix oplock handling for SMB 2.1+ protocols Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 310/313] md/raid0: avoid RAID0 data corruption due to layout confusion Greg Kroah-Hartman
` (8 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Alex Deucher
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit bb264220d9316f6bd7c1fd84b8da398c93912931 upstream.
Laptops with AMD APU doesn't restore display backlight brightness after
system resume.
This issue started when DC was introduced.
Let's use BL_CORE_SUSPENDRESUME so the backlight core calls
update_status callback after system resume to restore the backlight
level.
Tested on Dell Inspiron 3180 (Stoney Ridge) and Dell Latitude 5495
(Raven Ridge).
Cc: <stable@vger.kernel.org>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1958,6 +1958,7 @@ static int amdgpu_dm_backlight_get_brigh
}
static const struct backlight_ops amdgpu_dm_backlight_ops = {
+ .options = BL_CORE_SUSPENDRESUME,
.get_brightness = amdgpu_dm_backlight_get_brightness,
.update_status = amdgpu_dm_backlight_update_status,
};
^ permalink raw reply [flat|nested] 324+ messages in thread
* [PATCH 5.2 310/313] md/raid0: avoid RAID0 data corruption due to layout confusion.
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (307 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 309/313] drm/amd/display: Restore backlight brightness after system resume Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 311/313] mt76: mt7615: always release sem in mt7615_load_patch Greg Kroah-Hartman
` (7 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, NeilBrown, Song Liu,
Sasha Levin
From: NeilBrown <neilb@suse.de>
[ Upstream commit c84a1372df929033cb1a0441fb57bd3932f39ac9 ]
If the drives in a RAID0 are not all the same size, the array is
divided into zones.
The first zone covers all drives, to the size of the smallest.
The second zone covers all drives larger than the smallest, up to
the size of the second smallest - etc.
A change in Linux 3.14 unintentionally changed the layout for the
second and subsequent zones. All the correct data is still stored, but
each chunk may be assigned to a different device than in pre-3.14 kernels.
This can lead to data corruption.
It is not possible to determine what layout to use - it depends which
kernel the data was written by.
So we add a module parameter to allow the old (0) or new (1) layout to be
specified, and refused to assemble an affected array if that parameter is
not set.
Fixes: 20d0189b1012 ("block: Introduce new bio_split()")
cc: stable@vger.kernel.org (3.14+)
Acked-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid0.c | 33 ++++++++++++++++++++++++++++++++-
drivers/md/raid0.h | 14 ++++++++++++++
2 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index bf5cf184a260b..297bbc0f41f05 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -19,6 +19,9 @@
#include "raid0.h"
#include "raid5.h"
+static int default_layout = 0;
+module_param(default_layout, int, 0644);
+
#define UNSUPPORTED_MDDEV_FLAGS \
((1L << MD_HAS_JOURNAL) | \
(1L << MD_JOURNAL_CLEAN) | \
@@ -139,6 +142,19 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf)
}
pr_debug("md/raid0:%s: FINAL %d zones\n",
mdname(mddev), conf->nr_strip_zones);
+
+ if (conf->nr_strip_zones == 1) {
+ conf->layout = RAID0_ORIG_LAYOUT;
+ } else if (default_layout == RAID0_ORIG_LAYOUT ||
+ default_layout == RAID0_ALT_MULTIZONE_LAYOUT) {
+ conf->layout = default_layout;
+ } else {
+ pr_err("md/raid0:%s: cannot assemble multi-zone RAID0 with default_layout setting\n",
+ mdname(mddev));
+ pr_err("md/raid0: please set raid.default_layout to 1 or 2\n");
+ err = -ENOTSUPP;
+ goto abort;
+ }
/*
* now since we have the hard sector sizes, we can make sure
* chunk size is a multiple of that sector size
@@ -547,10 +563,12 @@ static void raid0_handle_discard(struct mddev *mddev, struct bio *bio)
static bool raid0_make_request(struct mddev *mddev, struct bio *bio)
{
+ struct r0conf *conf = mddev->private;
struct strip_zone *zone;
struct md_rdev *tmp_dev;
sector_t bio_sector;
sector_t sector;
+ sector_t orig_sector;
unsigned chunk_sects;
unsigned sectors;
@@ -584,8 +602,21 @@ static bool raid0_make_request(struct mddev *mddev, struct bio *bio)
bio = split;
}
+ orig_sector = sector;
zone = find_zone(mddev->private, §or);
- tmp_dev = map_sector(mddev, zone, sector, §or);
+ switch (conf->layout) {
+ case RAID0_ORIG_LAYOUT:
+ tmp_dev = map_sector(mddev, zone, orig_sector, §or);
+ break;
+ case RAID0_ALT_MULTIZONE_LAYOUT:
+ tmp_dev = map_sector(mddev, zone, sector, §or);
+ break;
+ default:
+ WARN("md/raid0:%s: Invalid layout\n", mdname(mddev));
+ bio_io_error(bio);
+ return true;
+ }
+
bio_set_dev(bio, tmp_dev->bdev);
bio->bi_iter.bi_sector = sector + zone->dev_start +
tmp_dev->data_offset;
diff --git a/drivers/md/raid0.h b/drivers/md/raid0.h
index 540e65d92642d..3816e5477db1e 100644
--- a/drivers/md/raid0.h
+++ b/drivers/md/raid0.h
@@ -8,11 +8,25 @@ struct strip_zone {
int nb_dev; /* # of devices attached to the zone */
};
+/* Linux 3.14 (20d0189b101) made an unintended change to
+ * the RAID0 layout for multi-zone arrays (where devices aren't all
+ * the same size.
+ * RAID0_ORIG_LAYOUT restores the original layout
+ * RAID0_ALT_MULTIZONE_LAYOUT uses the altered layout
+ * The layouts are identical when there is only one zone (all
+ * devices the same size).
+ */
+
+enum r0layout {
+ RAID0_ORIG_LAYOUT = 1,
+ RAID0_ALT_MULTIZONE_LAYOUT = 2,
+};
struct r0conf {
struct strip_zone *strip_zone;
struct md_rdev **devlist; /* lists of rdevs, pointed to
* by strip_zone->dev */
int nr_strip_zones;
+ enum r0layout layout;
};
#endif
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 311/313] mt76: mt7615: always release sem in mt7615_load_patch
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (308 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 310/313] md/raid0: avoid RAID0 data corruption due to layout confusion Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 312/313] mt76: mt7615: fix mt7615 firmware path definitions Greg Kroah-Hartman
` (6 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Bianconi, Felix Fietkau, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 2fc446487c364bf8bbd5f8f5f27e52d914fa1d72 ]
Release patch semaphore even if request_firmware fails in
mt7615_load_patch
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
index dc1301effa242..e2dd425ac97e0 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
@@ -289,9 +289,9 @@ static int mt7615_driver_own(struct mt7615_dev *dev)
static int mt7615_load_patch(struct mt7615_dev *dev)
{
- const struct firmware *fw;
- const struct mt7615_patch_hdr *hdr;
const char *firmware = MT7615_ROM_PATCH;
+ const struct mt7615_patch_hdr *hdr;
+ const struct firmware *fw = NULL;
int len, ret, sem;
sem = mt7615_mcu_patch_sem_ctrl(dev, 1);
@@ -307,7 +307,7 @@ static int mt7615_load_patch(struct mt7615_dev *dev)
ret = request_firmware(&fw, firmware, dev->mt76.dev);
if (ret)
- return ret;
+ goto out;
if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
dev_err(dev->mt76.dev, "Invalid firmware\n");
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 312/313] mt76: mt7615: fix mt7615 firmware path definitions
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (309 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 311/313] mt76: mt7615: always release sem in mt7615_load_patch Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 313/313] platform/chrome: cros_ec_rpmsg: Fix race with host command when probe failed Greg Kroah-Hartman
` (5 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lorenzo Bianconi, Kalle Valo, Sasha Levin
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 9d4d0d06bbf9f7e576b0ebbb2f77672d0fc7f503 ]
mt7615 patch/n9/cr4 firmwares are available in mediatek folder in
linux-firmware repository. Because of this mt7615 won't work on regular
distributions like Ubuntu. Fix path definitions. Moreover remove useless
firmware name pointers and use definitions directly
Fixes: 04b8e65922f6 ("mt76: add mac80211 driver for MT7615 PCIe-based chipsets")
Cc: stable@vger.kernel.org
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 11 ++++-------
drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 6 +++---
2 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
index e2dd425ac97e0..f877e3862f8db 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
@@ -289,7 +289,6 @@ static int mt7615_driver_own(struct mt7615_dev *dev)
static int mt7615_load_patch(struct mt7615_dev *dev)
{
- const char *firmware = MT7615_ROM_PATCH;
const struct mt7615_patch_hdr *hdr;
const struct firmware *fw = NULL;
int len, ret, sem;
@@ -305,7 +304,7 @@ static int mt7615_load_patch(struct mt7615_dev *dev)
return -EAGAIN;
}
- ret = request_firmware(&fw, firmware, dev->mt76.dev);
+ ret = request_firmware(&fw, MT7615_ROM_PATCH, dev->mt76.dev);
if (ret)
goto out;
@@ -371,14 +370,12 @@ static u32 gen_dl_mode(u8 feature_set, bool is_cr4)
static int mt7615_load_ram(struct mt7615_dev *dev)
{
- const struct firmware *fw;
const struct mt7615_fw_trailer *hdr;
- const char *n9_firmware = MT7615_FIRMWARE_N9;
- const char *cr4_firmware = MT7615_FIRMWARE_CR4;
u32 n9_ilm_addr, offset;
int i, ret;
+ const struct firmware *fw;
- ret = request_firmware(&fw, n9_firmware, dev->mt76.dev);
+ ret = request_firmware(&fw, MT7615_FIRMWARE_N9, dev->mt76.dev);
if (ret)
return ret;
@@ -426,7 +423,7 @@ static int mt7615_load_ram(struct mt7615_dev *dev)
release_firmware(fw);
- ret = request_firmware(&fw, cr4_firmware, dev->mt76.dev);
+ ret = request_firmware(&fw, MT7615_FIRMWARE_CR4, dev->mt76.dev);
if (ret)
return ret;
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h b/drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h
index 895c2904d7ebf..929b39fa57c34 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h
@@ -25,9 +25,9 @@
#define MT7615_RX_RING_SIZE 1024
#define MT7615_RX_MCU_RING_SIZE 512
-#define MT7615_FIRMWARE_CR4 "mt7615_cr4.bin"
-#define MT7615_FIRMWARE_N9 "mt7615_n9.bin"
-#define MT7615_ROM_PATCH "mt7615_rom_patch.bin"
+#define MT7615_FIRMWARE_CR4 "mediatek/mt7615_cr4.bin"
+#define MT7615_FIRMWARE_N9 "mediatek/mt7615_n9.bin"
+#define MT7615_ROM_PATCH "mediatek/mt7615_rom_patch.bin"
#define MT7615_EEPROM_SIZE 1024
#define MT7615_TOKEN_SIZE 4096
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* [PATCH 5.2 313/313] platform/chrome: cros_ec_rpmsg: Fix race with host command when probe failed
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (310 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 312/313] mt76: mt7615: fix mt7615 firmware path definitions Greg Kroah-Hartman
@ 2019-10-03 15:54 ` Greg Kroah-Hartman
2019-10-03 23:00 ` [PATCH 5.2 000/313] 5.2.19-stable review kernelci.org bot
` (4 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pi-Hsun Shih, Enric Balletbo i Serra,
Sasha Levin
From: Pi-Hsun Shih <pihsun@chromium.org>
[ Upstream commit 71cddb7097e2b0feb855d7fd7d59afd12cbee4bb ]
Since the rpmsg_endpoint is created before probe is called, it's
possible that a host event is received during cros_ec_register, and
there would be some pending work in the host_event_work workqueue while
cros_ec_register is called.
If cros_ec_register fails, when the leftover work in host_event_work
run, the ec_dev from the drvdata of the rpdev could be already set to
NULL, causing kernel crash when trying to run cros_ec_get_next_event.
Fix this by creating the rpmsg_endpoint by ourself, and when
cros_ec_register fails (or on remove), destroy the endpoint first (to
make sure there's no more new calls to cros_ec_rpmsg_callback), and then
cancel all works in the host_event_work workqueue.
Cc: stable@vger.kernel.org
Fixes: 2de89fd98958 ("platform/chrome: cros_ec: Add EC host command support using rpmsg")
Signed-off-by: Pi-Hsun Shih <pihsun@chromium.org>
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec_rpmsg.c | 32 +++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/chrome/cros_ec_rpmsg.c b/drivers/platform/chrome/cros_ec_rpmsg.c
index 5d3fb2abad1d6..bec19d4814aba 100644
--- a/drivers/platform/chrome/cros_ec_rpmsg.c
+++ b/drivers/platform/chrome/cros_ec_rpmsg.c
@@ -41,6 +41,7 @@ struct cros_ec_rpmsg {
struct rpmsg_device *rpdev;
struct completion xfer_ack;
struct work_struct host_event_work;
+ struct rpmsg_endpoint *ept;
};
/**
@@ -72,7 +73,6 @@ static int cros_ec_pkt_xfer_rpmsg(struct cros_ec_device *ec_dev,
struct cros_ec_command *ec_msg)
{
struct cros_ec_rpmsg *ec_rpmsg = ec_dev->priv;
- struct rpmsg_device *rpdev = ec_rpmsg->rpdev;
struct ec_host_response *response;
unsigned long timeout;
int len;
@@ -85,7 +85,7 @@ static int cros_ec_pkt_xfer_rpmsg(struct cros_ec_device *ec_dev,
dev_dbg(ec_dev->dev, "prepared, len=%d\n", len);
reinit_completion(&ec_rpmsg->xfer_ack);
- ret = rpmsg_send(rpdev->ept, ec_dev->dout, len);
+ ret = rpmsg_send(ec_rpmsg->ept, ec_dev->dout, len);
if (ret) {
dev_err(ec_dev->dev, "rpmsg send failed\n");
return ret;
@@ -196,11 +196,24 @@ static int cros_ec_rpmsg_callback(struct rpmsg_device *rpdev, void *data,
return 0;
}
+static struct rpmsg_endpoint *
+cros_ec_rpmsg_create_ept(struct rpmsg_device *rpdev)
+{
+ struct rpmsg_channel_info chinfo = {};
+
+ strscpy(chinfo.name, rpdev->id.name, RPMSG_NAME_SIZE);
+ chinfo.src = rpdev->src;
+ chinfo.dst = RPMSG_ADDR_ANY;
+
+ return rpmsg_create_ept(rpdev, cros_ec_rpmsg_callback, NULL, chinfo);
+}
+
static int cros_ec_rpmsg_probe(struct rpmsg_device *rpdev)
{
struct device *dev = &rpdev->dev;
struct cros_ec_rpmsg *ec_rpmsg;
struct cros_ec_device *ec_dev;
+ int ret;
ec_dev = devm_kzalloc(dev, sizeof(*ec_dev), GFP_KERNEL);
if (!ec_dev)
@@ -225,7 +238,18 @@ static int cros_ec_rpmsg_probe(struct rpmsg_device *rpdev)
INIT_WORK(&ec_rpmsg->host_event_work,
cros_ec_rpmsg_host_event_function);
- return cros_ec_register(ec_dev);
+ ec_rpmsg->ept = cros_ec_rpmsg_create_ept(rpdev);
+ if (!ec_rpmsg->ept)
+ return -ENOMEM;
+
+ ret = cros_ec_register(ec_dev);
+ if (ret < 0) {
+ rpmsg_destroy_ept(ec_rpmsg->ept);
+ cancel_work_sync(&ec_rpmsg->host_event_work);
+ return ret;
+ }
+
+ return 0;
}
static void cros_ec_rpmsg_remove(struct rpmsg_device *rpdev)
@@ -233,6 +257,7 @@ static void cros_ec_rpmsg_remove(struct rpmsg_device *rpdev)
struct cros_ec_device *ec_dev = dev_get_drvdata(&rpdev->dev);
struct cros_ec_rpmsg *ec_rpmsg = ec_dev->priv;
+ rpmsg_destroy_ept(ec_rpmsg->ept);
cancel_work_sync(&ec_rpmsg->host_event_work);
}
@@ -249,7 +274,6 @@ static struct rpmsg_driver cros_ec_driver_rpmsg = {
},
.probe = cros_ec_rpmsg_probe,
.remove = cros_ec_rpmsg_remove,
- .callback = cros_ec_rpmsg_callback,
};
module_rpmsg_driver(cros_ec_driver_rpmsg);
--
2.20.1
^ permalink raw reply related [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 078/313] RAS: Fix prototype warnings
2019-10-03 15:50 ` [PATCH 5.2 078/313] RAS: Fix prototype warnings Greg Kroah-Hartman
@ 2019-10-03 16:45 ` Borislav Petkov
2019-10-03 18:17 ` Greg Kroah-Hartman
0 siblings, 1 reply; 324+ messages in thread
From: Borislav Petkov @ 2019-10-03 16:45 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Valdis Kletnieks, Borislav Petkov,
Tony Luck, linux-edac, x86, Sasha Levin
On Thu, Oct 03, 2019 at 05:50:56PM +0200, Greg Kroah-Hartman wrote:
> From: Valdis Klētnieks <valdis.kletnieks@vt.edu>
>
> [ Upstream commit 0a54b809a3a2c31e1055b45b03708eb730222be1 ]
>
> When building with C=2 and/or W=1, legitimate warnings are issued about
> missing prototypes:
>
> CHECK drivers/ras/debugfs.c
> drivers/ras/debugfs.c:4:15: warning: symbol 'ras_debugfs_dir' was not declared. Should it be static?
> drivers/ras/debugfs.c:8:5: warning: symbol 'ras_userspace_consumers' was not declared. Should it be static?
> drivers/ras/debugfs.c:38:12: warning: symbol 'ras_add_daemon_trace' was not declared. Should it be static?
> drivers/ras/debugfs.c:54:13: warning: symbol 'ras_debugfs_init' was not declared. Should it be static?
> CC drivers/ras/debugfs.o
> drivers/ras/debugfs.c:8:5: warning: no previous prototype for 'ras_userspace_consumers' [-Wmissing-prototypes]
> 8 | int ras_userspace_consumers(void)
> | ^~~~~~~~~~~~~~~~~~~~~~~
> drivers/ras/debugfs.c:38:12: warning: no previous prototype for 'ras_add_daemon_trace' [-Wmissing-prototypes]
> 38 | int __init ras_add_daemon_trace(void)
> | ^~~~~~~~~~~~~~~~~~~~
> drivers/ras/debugfs.c:54:13: warning: no previous prototype for 'ras_debugfs_init' [-Wmissing-prototypes]
> 54 | void __init ras_debugfs_init(void)
> | ^~~~~~~~~~~~~~~~
>
> Provide the proper includes.
>
> [ bp: Take care of the same warnings for cec.c too. ]
>
> Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
> Signed-off-by: Borislav Petkov <bp@suse.de>
> Cc: Tony Luck <tony.luck@intel.com>
> Cc: linux-edac@vger.kernel.org
> Cc: x86@kernel.org
> Link: http://lkml.kernel.org/r/7168.1565218769@turing-police
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> drivers/ras/cec.c | 1 +
> drivers/ras/debugfs.c | 2 ++
> 2 files changed, 3 insertions(+)
>
> diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c
> index f5795adc5a6e1..8037c490f3ba7 100644
> --- a/drivers/ras/cec.c
> +++ b/drivers/ras/cec.c
> @@ -1,6 +1,7 @@
> // SPDX-License-Identifier: GPL-2.0
> #include <linux/mm.h>
> #include <linux/gfp.h>
> +#include <linux/ras.h>
> #include <linux/kernel.h>
> #include <linux/workqueue.h>
>
> diff --git a/drivers/ras/debugfs.c b/drivers/ras/debugfs.c
> index 9c1b717efad86..0d4f985afbf37 100644
> --- a/drivers/ras/debugfs.c
> +++ b/drivers/ras/debugfs.c
> @@ -1,5 +1,7 @@
> // SPDX-License-Identifier: GPL-2.0-only
> #include <linux/debugfs.h>
> +#include <linux/ras.h>
> +#include "debugfs.h"
>
> struct dentry *ras_debugfs_dir;
>
> --
Definitely not stable material.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 078/313] RAS: Fix prototype warnings
2019-10-03 16:45 ` Borislav Petkov
@ 2019-10-03 18:17 ` Greg Kroah-Hartman
0 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-03 18:17 UTC (permalink / raw)
To: Borislav Petkov
Cc: linux-kernel, stable, Valdis Kletnieks, Borislav Petkov,
Tony Luck, linux-edac, x86, Sasha Levin
On Thu, Oct 03, 2019 at 06:45:27PM +0200, Borislav Petkov wrote:
> On Thu, Oct 03, 2019 at 05:50:56PM +0200, Greg Kroah-Hartman wrote:
> > From: Valdis Klētnieks <valdis.kletnieks@vt.edu>
> >
> > [ Upstream commit 0a54b809a3a2c31e1055b45b03708eb730222be1 ]
> >
> > When building with C=2 and/or W=1, legitimate warnings are issued about
> > missing prototypes:
> >
> > CHECK drivers/ras/debugfs.c
> > drivers/ras/debugfs.c:4:15: warning: symbol 'ras_debugfs_dir' was not declared. Should it be static?
> > drivers/ras/debugfs.c:8:5: warning: symbol 'ras_userspace_consumers' was not declared. Should it be static?
> > drivers/ras/debugfs.c:38:12: warning: symbol 'ras_add_daemon_trace' was not declared. Should it be static?
> > drivers/ras/debugfs.c:54:13: warning: symbol 'ras_debugfs_init' was not declared. Should it be static?
> > CC drivers/ras/debugfs.o
> > drivers/ras/debugfs.c:8:5: warning: no previous prototype for 'ras_userspace_consumers' [-Wmissing-prototypes]
> > 8 | int ras_userspace_consumers(void)
> > | ^~~~~~~~~~~~~~~~~~~~~~~
> > drivers/ras/debugfs.c:38:12: warning: no previous prototype for 'ras_add_daemon_trace' [-Wmissing-prototypes]
> > 38 | int __init ras_add_daemon_trace(void)
> > | ^~~~~~~~~~~~~~~~~~~~
> > drivers/ras/debugfs.c:54:13: warning: no previous prototype for 'ras_debugfs_init' [-Wmissing-prototypes]
> > 54 | void __init ras_debugfs_init(void)
> > | ^~~~~~~~~~~~~~~~
> >
> > Provide the proper includes.
> >
> > [ bp: Take care of the same warnings for cec.c too. ]
> >
> > Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
> > Signed-off-by: Borislav Petkov <bp@suse.de>
> > Cc: Tony Luck <tony.luck@intel.com>
> > Cc: linux-edac@vger.kernel.org
> > Cc: x86@kernel.org
> > Link: http://lkml.kernel.org/r/7168.1565218769@turing-police
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
> > ---
> > drivers/ras/cec.c | 1 +
> > drivers/ras/debugfs.c | 2 ++
> > 2 files changed, 3 insertions(+)
> >
> > diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c
> > index f5795adc5a6e1..8037c490f3ba7 100644
> > --- a/drivers/ras/cec.c
> > +++ b/drivers/ras/cec.c
> > @@ -1,6 +1,7 @@
> > // SPDX-License-Identifier: GPL-2.0
> > #include <linux/mm.h>
> > #include <linux/gfp.h>
> > +#include <linux/ras.h>
> > #include <linux/kernel.h>
> > #include <linux/workqueue.h>
> >
> > diff --git a/drivers/ras/debugfs.c b/drivers/ras/debugfs.c
> > index 9c1b717efad86..0d4f985afbf37 100644
> > --- a/drivers/ras/debugfs.c
> > +++ b/drivers/ras/debugfs.c
> > @@ -1,5 +1,7 @@
> > // SPDX-License-Identifier: GPL-2.0-only
> > #include <linux/debugfs.h>
> > +#include <linux/ras.h>
> > +#include "debugfs.h"
> >
> > struct dentry *ras_debugfs_dir;
> >
> > --
>
> Definitely not stable material.
Agreed, I'll go drop it from everywhere, sorry about that.
greg k-h
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 000/313] 5.2.19-stable review
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (311 preceding siblings ...)
2019-10-03 15:54 ` [PATCH 5.2 313/313] platform/chrome: cros_ec_rpmsg: Fix race with host command when probe failed Greg Kroah-Hartman
@ 2019-10-03 23:00 ` kernelci.org bot
2019-10-03 23:51 ` Kevin Hilman
2019-10-03 23:50 ` shuah
` (3 subsequent siblings)
316 siblings, 1 reply; 324+ messages in thread
From: kernelci.org bot @ 2019-10-03 23:00 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
stable-rc/linux-5.2.y boot: 136 boots: 1 failed, 126 passed with 9 offline (v5.2.18-314-g2c8369f13ff8)
Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.2.y/kernel/v5.2.18-314-g2c8369f13ff8/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.2.y/kernel/v5.2.18-314-g2c8369f13ff8/
Tree: stable-rc
Branch: linux-5.2.y
Git Describe: v5.2.18-314-g2c8369f13ff8
Git Commit: 2c8369f13ff8c1375690964c79ffdc0e41ab4f97
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 80 unique boards, 27 SoC families, 16 builds out of 209
Boot Failure Detected:
arm64:
defconfig:
gcc-8:
rk3399-firefly: 1 failed lab
Offline Platforms:
arm:
qcom_defconfig:
gcc-8
qcom-apq8064-cm-qs600: 1 offline lab
qcom-apq8064-ifc6410: 1 offline lab
davinci_all_defconfig:
gcc-8
dm365evm,legacy: 1 offline lab
sunxi_defconfig:
gcc-8
sun5i-r8-chip: 1 offline lab
sun7i-a20-bananapi: 1 offline lab
multi_v7_defconfig:
gcc-8
qcom-apq8064-cm-qs600: 1 offline lab
qcom-apq8064-ifc6410: 1 offline lab
sun5i-r8-chip: 1 offline lab
arm64:
defconfig:
gcc-8
apq8016-sbc: 1 offline lab
---
For more info write to <info@kernelci.org>
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 000/313] 5.2.19-stable review
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (312 preceding siblings ...)
2019-10-03 23:00 ` [PATCH 5.2 000/313] 5.2.19-stable review kernelci.org bot
@ 2019-10-03 23:50 ` shuah
2019-10-04 7:38 ` Jon Hunter
` (2 subsequent siblings)
316 siblings, 0 replies; 324+ messages in thread
From: shuah @ 2019-10-03 23:50 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
stable, shuah
On 10/3/19 9:49 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.2.19 release.
> There are 313 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 05 Oct 2019 03:37:47 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.2.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.2.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 000/313] 5.2.19-stable review
2019-10-03 23:00 ` [PATCH 5.2 000/313] 5.2.19-stable review kernelci.org bot
@ 2019-10-03 23:51 ` Kevin Hilman
2019-10-04 7:55 ` Greg Kroah-Hartman
0 siblings, 1 reply; 324+ messages in thread
From: Kevin Hilman @ 2019-10-03 23:51 UTC (permalink / raw)
To: kernelci.org bot, Greg Kroah-Hartman, linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
"kernelci.org bot" <bot@kernelci.org> writes:
> stable-rc/linux-5.2.y boot: 136 boots: 1 failed, 126 passed with 9 offline (v5.2.18-314-g2c8369f13ff8)
>
> Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.2.y/kernel/v5.2.18-314-g2c8369f13ff8/
> Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.2.y/kernel/v5.2.18-314-g2c8369f13ff8/
>
> Tree: stable-rc
> Branch: linux-5.2.y
> Git Describe: v5.2.18-314-g2c8369f13ff8
> Git Commit: 2c8369f13ff8c1375690964c79ffdc0e41ab4f97
> Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> Tested: 80 unique boards, 27 SoC families, 16 builds out of 209
TL;DR; all is well.
> Boot Failure Detected:
>
> arm64:
> defconfig:
> gcc-8:
> rk3399-firefly: 1 failed lab
There's a known issue on this board I've been trying to debug with the
mediatek maintainers, and we're not sure yet if it's a kernel issue or
a hardware issue on my board, but for now, nothing to worry about for
stable.
Kevin
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 000/313] 5.2.19-stable review
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (313 preceding siblings ...)
2019-10-03 23:50 ` shuah
@ 2019-10-04 7:38 ` Jon Hunter
2019-10-04 15:35 ` Dan Rue
2019-10-04 22:58 ` Guenter Roeck
316 siblings, 0 replies; 324+ messages in thread
From: Jon Hunter @ 2019-10-04 7:38 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
lkft-triage, stable, linux-tegra
On 03/10/2019 16:49, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.2.19 release.
> There are 313 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 05 Oct 2019 03:37:47 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.2.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.2.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v5.2:
12 builds: 12 pass, 0 fail
22 boots: 22 pass, 0 fail
38 tests: 38 pass, 0 fail
Linux version: 5.2.19-rc1-g2c8369f13ff8
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 000/313] 5.2.19-stable review
2019-10-03 23:51 ` Kevin Hilman
@ 2019-10-04 7:55 ` Greg Kroah-Hartman
0 siblings, 0 replies; 324+ messages in thread
From: Greg Kroah-Hartman @ 2019-10-04 7:55 UTC (permalink / raw)
To: Kevin Hilman
Cc: kernelci.org bot, linux-kernel, torvalds, akpm, linux, shuah,
patches, ben.hutchings, lkft-triage, stable
On Thu, Oct 03, 2019 at 04:51:34PM -0700, Kevin Hilman wrote:
> "kernelci.org bot" <bot@kernelci.org> writes:
>
> > stable-rc/linux-5.2.y boot: 136 boots: 1 failed, 126 passed with 9 offline (v5.2.18-314-g2c8369f13ff8)
> >
> > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.2.y/kernel/v5.2.18-314-g2c8369f13ff8/
> > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.2.y/kernel/v5.2.18-314-g2c8369f13ff8/
> >
> > Tree: stable-rc
> > Branch: linux-5.2.y
> > Git Describe: v5.2.18-314-g2c8369f13ff8
> > Git Commit: 2c8369f13ff8c1375690964c79ffdc0e41ab4f97
> > Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> > Tested: 80 unique boards, 27 SoC families, 16 builds out of 209
>
> TL;DR; all is well.
>
> > Boot Failure Detected:
> >
> > arm64:
> > defconfig:
> > gcc-8:
> > rk3399-firefly: 1 failed lab
>
> There's a known issue on this board I've been trying to debug with the
> mediatek maintainers, and we're not sure yet if it's a kernel issue or
> a hardware issue on my board, but for now, nothing to worry about for
> stable.
Thanks for the explaination and summary!
greg k-h
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 123/313] ACPI / APEI: Release resources if gen_pool_add() fails
2019-10-03 15:51 ` [PATCH 5.2 123/313] ACPI / APEI: Release resources if gen_pool_add() fails Greg Kroah-Hartman
@ 2019-10-04 10:05 ` Pavel Machek
0 siblings, 0 replies; 324+ messages in thread
From: Pavel Machek @ 2019-10-04 10:05 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Liguang Zhang, Borislav Petkov,
Rafael J. Wysocki, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 585 bytes --]
Hi!
> @@ -172,7 +173,19 @@ int ghes_estatus_pool_init(int num_ghes)
> */
> vmalloc_sync_all();
>
> - return gen_pool_add(ghes_estatus_pool, addr, PAGE_ALIGN(len), -1);
> + rc = gen_pool_add(ghes_estatus_pool, addr, PAGE_ALIGN(len), -1);
> + if (rc)
> + goto err_pool_add;
> +
> + return 0;
> +
> +err_pool_add:
> + vfree((void *)addr);
> +
AFAICT this cast should not be neccessary.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 000/313] 5.2.19-stable review
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (314 preceding siblings ...)
2019-10-04 7:38 ` Jon Hunter
@ 2019-10-04 15:35 ` Dan Rue
2019-10-04 22:58 ` Guenter Roeck
316 siblings, 0 replies; 324+ messages in thread
From: Dan Rue @ 2019-10-04 15:35 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, shuah, patches, lkft-triage, ben.hutchings, stable,
akpm, torvalds, linux
On Thu, Oct 03, 2019 at 05:49:38PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.2.19 release.
> There are 313 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 05 Oct 2019 03:37:47 PM UTC.
> Anything received after that time might be too late.
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 5.2.19-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.2.y
git commit: 2c8369f13ff8c1375690964c79ffdc0e41ab4f97
git describe: v5.2.18-314-g2c8369f13ff8
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.2-oe/build/v5.2.18-314-g2c8369f13ff8
No regressions (compared to build v5.2.18)
No fixes (compared to build v5.2.18)
Ran 24453 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-timers-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* ltp-dio-tests
* ltp-io-tests
* ltp-syscalls-tests
* network-basic-tests
* ltp-open-posix-tests
* kvm-unit-tests
* ssuite
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 000/313] 5.2.19-stable review
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
` (315 preceding siblings ...)
2019-10-04 15:35 ` Dan Rue
@ 2019-10-04 22:58 ` Guenter Roeck
316 siblings, 0 replies; 324+ messages in thread
From: Guenter Roeck @ 2019-10-04 22:58 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
lkft-triage, stable
On Thu, Oct 03, 2019 at 05:49:38PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.2.19 release.
> There are 313 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 05 Oct 2019 03:37:47 PM UTC.
> Anything received after that time might be too late.
>
Build results:
total: 159 pass: 159 fail: 0
Qemu test results:
total: 390 pass: 390 fail: 0
Guenter
^ permalink raw reply [flat|nested] 324+ messages in thread
* Re: [PATCH 5.2 003/313] ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule
2019-10-03 15:49 ` [PATCH 5.2 003/313] ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule Greg Kroah-Hartman
@ 2020-06-23 22:07 ` Jason A. Donenfeld
0 siblings, 0 replies; 324+ messages in thread
From: Jason A. Donenfeld @ 2020-06-23 22:07 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: LKML, stable, Wei Wang
I realize 5.2 has long since sunsetted, and I really missed the boat
on speaking up about this many many months ago, but in case any
distros or organizations have a 5.2.x stable series, this should
probably be reverted from 5.2. The reason is that 7d9e5f422 was added
to 5.3, and introduced a UaF, which this commit then fixed. But
without 7d9e5f422, this commit adds a memory leak.
Anyway, not worth spending too much brain cycles on this, considering
5.2 isn't even mentioned on kernel.org any more, but in case it helps
for somebody doing something strange in years to come, voila.
^ permalink raw reply [flat|nested] 324+ messages in thread
end of thread, other threads:[~2020-06-23 22:08 UTC | newest]
Thread overview: 324+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-03 15:49 [PATCH 5.2 000/313] 5.2.19-stable review Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 001/313] arcnet: provide a buffer big enough to actually receive packets Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 002/313] cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 003/313] ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule Greg Kroah-Hartman
2020-06-23 22:07 ` Jason A. Donenfeld
2019-10-03 15:49 ` [PATCH 5.2 004/313] macsec: drop skb sk before calling gro_cells_receive Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 005/313] net/phy: fix DP83865 10 Mbps HDX loopback disable function Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 006/313] net: qrtr: Stop rx_worker before freeing node Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 007/313] net/sched: act_sample: dont push mac header on ip6gre ingress Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 008/313] net_sched: add max len check for TCA_KIND Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 009/313] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 010/313] nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 011/313] openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 012/313] ppp: Fix memory leak in ppp_write Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 013/313] sch_netem: fix a divide by zero in tabledist() Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 014/313] selftests: Update fib_tests to handle missing ping6 Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 015/313] skge: fix checksum byte order Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 016/313] tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 017/313] usbnet: ignore endpoints with invalid wMaxPacketSize Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 018/313] usbnet: sanity checking of packet sizes and device mtu Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 019/313] net: phy: micrel: add Asym Pause workaround for KSZ9021 Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 020/313] net/sched: cbs: Fix not adding cbs instance to list Greg Kroah-Hartman
2019-10-03 15:49 ` [PATCH 5.2 021/313] ipv4: Revert removal of rt_uses_gateway Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 022/313] net_sched: add policy validation for action attributes Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 023/313] vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 024/313] net/mlx5e: Fix traffic duplication in ethtool steering Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 025/313] net: sched: fix possible crash in tcf_action_destroy() Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 026/313] tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 027/313] net/mlx5: Add device ID of upcoming BlueField-2 Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 028/313] mISDN: enforce CAP_NET_RAW for raw sockets Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 029/313] appletalk: " Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 030/313] ax25: " Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 031/313] ieee802154: " Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 032/313] nfc: " Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 033/313] ALSA: hda: Flush interrupts on disabling Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 034/313] ASoC: SOF: Intel: hda: Make hdac_device device-managed Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 035/313] cpufreq: ap806: Add NULL check after kcalloc Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 036/313] regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 037/313] spi: dw-mmio: Clock should be shut when error occurs Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 038/313] ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 039/313] ASoC: sgtl5000: Fix of unmute outputs on probe Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 040/313] ASoC: sgtl5000: Fix charge pump source assignment Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 041/313] firmware: qcom_scm: Use proper types for dma mappings Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 042/313] dmaengine: bcm2835: Print error in case setting DMA mask fails Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 043/313] leds: leds-lp5562 allow firmware files up to the maximum length Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 044/313] media: dib0700: fix link error for dibx000_i2c_set_speed Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 045/313] media: mtk-cir: lower de-glitch counter for rc-mm protocol Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 046/313] ASoC: SOF: pci: mark last_busy value at runtime PM init Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 047/313] media: exynos4-is: fix leaked of_node references Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 049/313] media: vb2: reorder checks in vb2_poll() Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 050/313] media: vivid: work around high stack usage with clang Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 051/313] media: hdpvr: Add device num check and handling Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 052/313] media: i2c: ov5640: Check for devm_gpiod_get_optional() error Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 053/313] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 054/313] sched/fair: Fix imbalance due to CPU affinity Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 055/313] sched/core: Fix CPU controller for !RT_GROUP_SCHED Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 056/313] x86/apic: Make apic_pending_intr_clear() more robust Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 057/313] sched/deadline: Fix bandwidth accounting at all levels after offline migration Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 058/313] x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 059/313] rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 060/313] x86/apic: Soft disable APIC before initializing it Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 061/313] ALSA: hda - Show the fatal CORB/RIRB error more clearly Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 062/313] ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 063/313] EDAC/mc: Fix grain_bits calculation Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 064/313] media: iguanair: add sanity checks Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 065/313] cpuidle: teo: Allow tick to be stopped if PM QoS is used Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 066/313] arm64: mm: free the initrd reserved memblock in a aligned manner Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 067/313] soc: amlogic: meson-clk-measure: protect measure with a mutex Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 068/313] base: soc: Export soc_device_register/unregister APIs Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 069/313] ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 070/313] ia64:unwind: fix double free for mod->arch.init_unw_table Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 071/313] EDAC/altera: Use the proper type for the IRQ status bits Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 072/313] ASoC: rsnd: dont call clk_get_rate() under atomic context Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 073/313] arm64/prefetch: fix a -Wtype-limits warning Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 074/313] md/raid1: end bio when the device faulty Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 075/313] md: dont call spare_active in md_reap_sync_thread if all member devices cant work Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 076/313] md: dont set In_sync if array is frozen Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 077/313] media: media/platform: fsl-viu.c: fix build for MICROBLAZE Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 078/313] RAS: Fix prototype warnings Greg Kroah-Hartman
2019-10-03 16:45 ` Borislav Petkov
2019-10-03 18:17 ` Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 079/313] RAS: Build debugfs.o only when enabled in Kconfig Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 080/313] ASoC: hdac_hda: fix page fault issue by removing race Greg Kroah-Hartman
2019-10-03 15:50 ` [PATCH 5.2 081/313] ACPI / processor: dont print errors for processorIDs == 0xff Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 082/313] loop: Add LOOP_SET_DIRECT_IO to compat ioctl Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 083/313] perf tools: Fix paths in include statements Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 084/313] EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 085/313] efi: cper: print AER info of PCIe fatal error Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 086/313] firmware: arm_scmi: Check if platform has released shmem before using Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 087/313] sched/fair: Use rq_lock/unlock in online_fair_sched_group Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 088/313] idle: Prevent late-arriving interrupts from disrupting offline Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 089/313] blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 090/313] media: gspca: zero usb_buf on error Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 091/313] perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 092/313] perf test vfs_getname: Disable ~/.perfconfig to get default output Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 093/313] media: mtk-mdp: fix reference count on old device tree Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 094/313] media: i2c: tda1997x: prevent potential NULL pointer access Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 095/313] media: fdp1: Reduce FCP not found message level to debug Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 096/313] media: em28xx: modules workqueue not inited for 2nd device Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 097/313] arm64/efi: Move variable assignments after SECTIONS Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 098/313] perf unwind: Fix libunwind when tid != pid Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 099/313] media: rc: imon: Allow iMON RC protocol for ffdc 7e device Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 100/313] dmaengine: iop-adma: use correct printk format strings Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 101/313] ARM: xscale: fix multi-cpu compilation Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 102/313] perf record: Support aarch64 random socket_id assignment Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 103/313] media: vsp1: fix memory leak of dl on error return path Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 104/313] media: i2c: ov5645: Fix power sequence Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 105/313] media: omap3isp: Dont set streaming state on random subdevs Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 106/313] media: imx: mipi csi-2: Dont fail if initial state times-out Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 107/313] kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 108/313] net: lpc-enet: fix printk format strings Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 109/313] m68k: Prevent some compiler warnings in Coldfire builds Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 110/313] ARM: dts: imx7d: cl-som-imx7: make ethernet work again Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 111/313] ARM: dts: imx7-colibri: disable HS400 Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 112/313] x86/platform/intel/iosf_mbi Rewrite locking Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 113/313] media: radio/si470x: kill urb on error Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 114/313] media: hdpvr: add terminating 0 at end of string Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 115/313] ASoC: uniphier: Fix double reset assersion when transitioning to suspend state Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 116/313] powerpc/Makefile: Always pass --synthetic to nm if supported Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 117/313] tools headers: Fixup bitsperlong per arch includes Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 118/313] ASoC: sun4i-i2s: Dont use the oversample to calculate BCLK Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 119/313] ASoC: mchp-i2s-mcc: Wait for RX/TX RDY only if controller is running Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 120/313] led: triggers: Fix a memory leak bug Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 121/313] ASoC: mchp-i2s-mcc: Fix unprepare of GCLK Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 122/313] nbd: add missing config put Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 123/313] ACPI / APEI: Release resources if gen_pool_add() fails Greg Kroah-Hartman
2019-10-04 10:05 ` Pavel Machek
2019-10-03 15:51 ` [PATCH 5.2 124/313] arm64: entry: Move ct_user_exit before any other exception Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 125/313] s390/kasan: provide uninstrumented __strlen Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 126/313] media: mceusb: fix (eliminate) TX IR signal length limit Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 127/313] media: dvb-frontends: use ida for pll number Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 128/313] posix-cpu-timers: Sanitize bogus WARNONS Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 129/313] media: dvb-core: fix a memory leak bug Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 130/313] EDAC/amd64: Support more than two controllers for chip selects handling Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 131/313] libperf: Fix alignment trap with xyarray contents in perf stat Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 132/313] EDAC/amd64: Recognize DRAM device type ECC capability Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 133/313] EDAC/amd64: Decode syndrome before translating address Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 134/313] ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91 Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 135/313] soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 136/313] soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9 Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 137/313] PM / devfreq: Fix kernel oops on governor module load Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 138/313] ARM: OMAP2+: move platform-specific asm-offset.h to arch/arm/mach-omap2 Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 139/313] PM / devfreq: passive: Use non-devm notifiers Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 140/313] PM / devfreq: exynos-bus: Correct clock enable sequence Greg Kroah-Hartman
2019-10-03 15:51 ` [PATCH 5.2 141/313] media: cec-notifier: clear cec_adap in cec_notifier_unregister Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 142/313] media: saa7146: add cleanup in hexium_attach() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 143/313] media: cpia2_usb: fix memory leaks Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 144/313] media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 145/313] perf trace beauty ioctl: Fix off-by-one error in cmd->string table Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 146/313] perf report: Fix --ns time sort key output Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 147/313] perf script: Fix memory leaks in list_scripts() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 148/313] media: aspeed-video: address a protential usage of an unitialized var Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 149/313] media: ov9650: add a sanity check Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 150/313] leds: lm3532: Fixes for the driver for stability Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 151/313] ASoC: es8316: fix headphone mixer volume table Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 152/313] ACPI / CPPC: do not require the _PSD method Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 153/313] sched/cpufreq: Align trace event behavior of fast switching Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 154/313] x86/apic/vector: Warn when vector space exhaustion breaks affinity Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 155/313] arm64: kpti: ensure patched kernel text is fetched from PoU Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 156/313] perf evlist: Use unshare(CLONE_FS) in sb threads to let setns(CLONE_NEWNS) work Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 157/313] x86/mm/pti: Do not invoke PTI functions when PTI is disabled Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 158/313] ASoC: fsl_ssi: Fix clock control issue in master mode Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 159/313] x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 160/313] nvmet: fix data units read and written counters in SMART log Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 161/313] nvme-multipath: fix ana log nsid lookup when nsid is not found Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 162/313] ALSA: firewire-motu: add support for MOTU 4pre Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 163/313] iommu/amd: Silence warnings under memory pressure Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 164/313] ASoC: Intel: Haswell: Adjust machine device private context Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 165/313] libata/ahci: Drop PCS quirk for Denverton and beyond Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 166/313] iommu/iova: Avoid false sharing on fq_timer_on Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 167/313] libtraceevent: Change users plugin directory Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 168/313] ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 169/313] x86/amd_nb: Add PCI device IDs for family 17h, model 70h Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 170/313] ACPI: custom_method: fix memory leaks Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 171/313] ACPI / PCI: fix acpi_pci_irq_enable() memory leak Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 172/313] closures: fix a race on wakeup from closure_sync Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 173/313] hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 174/313] hwmon: (acpi_power_meter) Change log level for unsafe software power cap Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 175/313] md/raid1: fail run raid1 array when active disk less than one Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 176/313] dmaengine: ti: edma: Do not reset reserved paRAM slots Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 177/313] kprobes: Prohibit probing on BUG() and WARN() address Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 178/313] x86/mm: Fix cpumask_of_node() error condition Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 179/313] irqchip/sifive-plic: set max threshold for ignored handlers Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 180/313] s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 181/313] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 182/313] x86/cpu: Add Tiger Lake to Intel family Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 183/313] platform/x86: intel_pmc_core: Do not ioremap RAM Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 184/313] SoC: simple-card-utils: set 0Hz to sysclk when shutdown Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 185/313] ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 186/313] io_uring: fix wrong sequence setting logic Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 187/313] block: make rq sector size accessible for block stats Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 188/313] raid5: dont set STRIPE_HANDLE to stripe which is in batch list Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 189/313] mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 190/313] sched/psi: Correct overly pessimistic size calculation Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 191/313] mmc: sdhci: Fix incorrect switch to HS mode Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 192/313] mmc: core: Add helper function to indicate if SDIO IRQs is enabled Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 193/313] mmc: dw_mmc: Re-store SDIO IRQs mask at system resume Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 194/313] raid5: dont increment read_errors on EILSEQ return Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 195/313] mmc: mtk-sd: Re-store SDIO IRQs mask at system resume Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 196/313] libertas: Add missing sentinel at end of if_usb.c fw_table Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 197/313] e1000e: add workaround for possible stalled packet Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 198/313] ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 199/313] ALSA: hda - Drop unsol event handler for Intel HDMI codecs Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 200/313] drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) Greg Kroah-Hartman
2019-10-03 15:52 ` [PATCH 5.2 201/313] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 202/313] drm: fix module name in edid_firmware log message Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 203/313] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 204/313] iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 205/313] zd1211rw: remove false assertion from zd_mac_clear() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 206/313] btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 207/313] btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 208/313] btrfs: tree-checker: Add ROOT_ITEM check Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 209/313] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 210/313] kvm: Nested KVM MMUs need PAE root too Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 211/313] media: omap3isp: Set device on omap3isp subdevs Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 212/313] PM / devfreq: passive: fix compiler warning Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 213/313] ARM: dts: logicpd-torpedo-baseboard: Fix missing video Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 214/313] ARM: omap2plus_defconfig: " Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 215/313] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36 Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 216/313] ALSA: firewire-tascam: handle error code when getting current source of clock Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 217/313] ALSA: firewire-tascam: check intermediate state of clock status and retry Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 218/313] scsi: scsi_dh_rdac: zero cdb in send_mode_select() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 219/313] scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 220/313] printk: Do not lose last line in kmsg buffer dump Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 221/313] IB/mlx5: Free mpi in mp_slave mode Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 222/313] IB/hfi1: Define variables as unsigned long to fix KASAN warning Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 223/313] IB/hfi1: Do not update hcrc for a KDETH packet during fault injection Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 224/313] RDMA: Fix double-free in srq creation error flow Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 225/313] randstruct: Check member structs in is_pure_ops_struct() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 226/313] ARM: dts: am3517-evm: Fix missing video Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 227/313] rcu/tree: Fix SCHED_FIFO params Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 228/313] ALSA: hda/realtek - PCI quirk for Medion E4254 Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 229/313] blk-mq: add callback of .cleanup_rq Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 230/313] scsi: implement .cleanup_rq callback Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 231/313] powerpc/imc: Dont create debugfs files for cpu-less nodes Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 232/313] tpm_tis_core: Turn on the TPM before probing IRQs Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 233/313] tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 234/313] tpm: Wrap the buffer from the caller to tpm_buf in tpm_send() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 235/313] fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 236/313] fuse: fix missing unlock_page in fuse_writepage() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 237/313] fuse: fix beyond-end-of-page access in fuse_parse_cache() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 238/313] parisc: Disable HP HSC-PCI Cards to prevent kernel crash Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 239/313] platform/x86: intel_int0002_vgpio: Fix wakeups not working on Cherry Trail Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 240/313] KVM: x86: always stop emulation on page fault Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 241/313] KVM: x86: set ctxt->have_exception in x86_decode_insn() Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 242/313] KVM: x86: Manually calculate reserved bits when loading PDPTRS Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 243/313] KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 244/313] KVM: x86/mmu: Use fast invalidate mechanism to zap MMIO sptes Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 245/313] media: videobuf-core.c: poll_wait needs a non-NULL buf pointer Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 246/313] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 247/313] media: dont drop front-end reference count for ->detach Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 248/313] spi: ep93xx: Repair SPI CS lookup tables Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 249/313] spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when its not ours Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 250/313] binfmt_elf: Do not move brk for INTERP-less ET_EXEC Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 251/313] ASoC: Intel: NHLT: Fix debug print format Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 252/313] ASoC: Intel: Skylake: Use correct function to access iomem space Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 253/313] ASoC: Intel: Fix use of potentially uninitialized variable Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 254/313] ARM: samsung: Fix system restart on S3C6410 Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 255/313] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 256/313] arm64: tlb: Ensure we execute an ISB following walk cache invalidation Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 257/313] arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328 Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 258/313] iommu/arm-smmu-v3: Disable detection of ATS and PRI Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 259/313] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 260/313] iommu/vt-d: Fix wrong analysis whether devices share the same bus Greg Kroah-Hartman
2019-10-03 15:53 ` [PATCH 5.2 261/313] regulator: Defer init completion for a while after late_initcall Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 262/313] efifb: BGRT: Improve efifb_bgrt_sanity_check Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 263/313] gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 264/313] z3fold: fix retry mechanism in page reclaim Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 265/313] z3fold: fix memory leak in kmem cache Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 266/313] mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 267/313] memcg, oom: dont require __GFP_FS when invoking memcg OOM killer Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 268/313] memcg, kmem: do not fail __GFP_NOFAIL charges Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 269/313] lib/lzo/lzo1x_compress.c: fix alignment bug in lzo-rle Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 270/313] mt76: round up length on mt76_wr_copy Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 271/313] KEYS: trusted: correctly initialize digests and fix locking issue Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 272/313] rtw88: pci: Rearrange the memory usage for skb in RX ISR Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 273/313] rtw88: pci: Use DMA sync instead of remapping " Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 274/313] ath10k: fix channel info parsing for non tlv target Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 275/313] i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 276/313] block: mq-deadline: Fix queue restart handling Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 277/313] block: fix null pointer dereference in blk_mq_rq_timed_out() Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 278/313] smb3: allow disabling requesting leases Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 279/313] smb3: fix leak in "open on server" perf counter Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 280/313] ovl: Fix dereferencing possible ERR_PTR() Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 281/313] ovl: filter of trusted xattr results in audit Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 282/313] btrfs: fix allocation of free space cache v1 bitmap pages Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 283/313] Btrfs: fix use-after-free when using the tree modification log Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 284/313] btrfs: Relinquish CPUs in btrfs_compare_trees Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 285/313] btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 286/313] btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 287/313] btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 288/313] Btrfs: fix race setting up and completing qgroup rescan workers Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 289/313] SUNRPC: Dequeue the request from the receive queue while were re-encoding Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 290/313] SUNRPC: Fix buffer handling of GSS MIC without slack Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 291/313] ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 292/313] md/raid6: Set R5_ReadError when there is read failure on parity disk Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 293/313] md: dont report active array_state until after revalidate_disk() completes Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 294/313] md: only call set_in_sync() when it is expected to succeed Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 295/313] cfg80211: Purge frame registrations on iftype change Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 296/313] /dev/mem: Bail out upon SIGKILL Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 297/313] fs: Export generic_fadvise() Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 298/313] mm: Handle MADV_WILLNEED through vfs_fadvise() Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 299/313] xfs: Fix stale data exposure when readahead races with hole punch Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 300/313] ipmi: move message error checking to avoid deadlock Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 301/313] mtd: rawnand: stm32_fmc2: avoid warnings when building with W=1 option Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 302/313] ext4: fix warning inside ext4_convert_unwritten_extents_endio Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 303/313] ext4: fix punch hole for inline_data file systems Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 304/313] quota: fix wrong condition in is_quota_modification() Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 305/313] hwrng: core - dont wait on add_early_randomness() Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 306/313] i2c: riic: Clear NACK in tend isr Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 307/313] CIFS: fix max ea value size Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 308/313] CIFS: Fix oplock handling for SMB 2.1+ protocols Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 309/313] drm/amd/display: Restore backlight brightness after system resume Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 310/313] md/raid0: avoid RAID0 data corruption due to layout confusion Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 311/313] mt76: mt7615: always release sem in mt7615_load_patch Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 312/313] mt76: mt7615: fix mt7615 firmware path definitions Greg Kroah-Hartman
2019-10-03 15:54 ` [PATCH 5.2 313/313] platform/chrome: cros_ec_rpmsg: Fix race with host command when probe failed Greg Kroah-Hartman
2019-10-03 23:00 ` [PATCH 5.2 000/313] 5.2.19-stable review kernelci.org bot
2019-10-03 23:51 ` Kevin Hilman
2019-10-04 7:55 ` Greg Kroah-Hartman
2019-10-03 23:50 ` shuah
2019-10-04 7:38 ` Jon Hunter
2019-10-04 15:35 ` Dan Rue
2019-10-04 22:58 ` Guenter Roeck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).