linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 5.4 00/74] 5.4.110-rc1 review
@ 2021-04-05  8:53 Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 01/74] selinux: vsock: Set SID for socket returned by accept() Greg Kroah-Hartman
                   ` (78 more replies)
  0 siblings, 79 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	lkft-triage, pavel, jonathanh, f.fainelli, stable

This is the start of the stable review cycle for the 5.4.110 release.
There are 74 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Wed, 07 Apr 2021 08:50:09 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.110-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 5.4.110-rc1

Du Cheng <ducheng2@gmail.com>
    drivers: video: fbcon: fix NULL dereference in fbcon_cursor()

Atul Gopinathan <atulgopinathan@gmail.com>
    staging: rtl8192e: Change state information from u16 to u8

Atul Gopinathan <atulgopinathan@gmail.com>
    staging: rtl8192e: Fix incorrect source in memcpy()

Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
    usb: dwc2: Prevent core suspend when port connection flag is 0

Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
    usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.

Tong Zhang <ztong0001@gmail.com>
    usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference

Johan Hovold <johan@kernel.org>
    USB: cdc-acm: fix use-after-free after probe failure

Johan Hovold <johan@kernel.org>
    USB: cdc-acm: fix double free on probe failure

Oliver Neukum <oneukum@suse.com>
    USB: cdc-acm: downgrade message to debug

Oliver Neukum <oneukum@suse.com>
    USB: cdc-acm: untangle a circular dependency between callback and softint

Oliver Neukum <oneukum@suse.com>
    cdc-acm: fix BREAK rx code path adding necessary calls

Chunfeng Yun <chunfeng.yun@mediatek.com>
    usb: xhci-mtk: fix broken streams issue on 0.96 xHCI

Tony Lindgren <tony@atomide.com>
    usb: musb: Fix suspend with devices connected for a64

Vincent Palatin <vpalatin@chromium.org>
    USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem

Shuah Khan <skhan@linuxfoundation.org>
    usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()

Zheyu Ma <zheyuma97@gmail.com>
    firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

Dinghao Liu <dinghao.liu@zju.edu.cn>
    extcon: Fix error handling in extcon_dev_register

Krzysztof Kozlowski <krzk@kernel.org>
    extcon: Add stubs for extcon_register_notifier_all() functions

Wang Panzhenzhuan <randy.wang@rock-chips.com>
    pinctrl: rockchip: fix restore error in resume

Jason Gunthorpe <jgg@nvidia.com>
    vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends

Thierry Reding <treding@nvidia.com>
    drm/tegra: sor: Grab runtime PM reference across reset

Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
    reiserfs: update reiserfs_xattrs_initialized() condition

Xℹ Ruoyao <xry111@mengyan1223.wang>
    drm/amdgpu: check alignment on CPU page for bo map

Nirmoy Das <nirmoy.das@amd.com>
    drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()

Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
    mm: fix race by making init_zero_pfn() early_initcall

Steven Rostedt (VMware) <rostedt@goodmis.org>
    tracing: Fix stack trace event size

Adrian Hunter <adrian.hunter@intel.com>
    PM: runtime: Fix ordering in pm_runtime_get_suppliers()

Adrian Hunter <adrian.hunter@intel.com>
    PM: runtime: Fix race getting/putting suppliers at probe

Max Filippov <jcmvbkbc@gmail.com>
    xtensa: move coprocessor_flush to the .text section

Hui Wang <hui.wang@canonical.com>
    ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook

Hui Wang <hui.wang@canonical.com>
    ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO

Takashi Iwai <tiwai@suse.de>
    ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks

Takashi Iwai <tiwai@suse.de>
    ALSA: hda: Re-add dropped snd_poewr_change_state() calls

Ikjoon Jang <ikjn@chromium.org>
    ALSA: usb-audio: Apply sample rate quirk to Logitech Connect

Jesper Dangaard Brouer <brouer@redhat.com>
    bpf: Remove MTU check in __bpf_skb_max_len

Tong Zhang <ztong0001@gmail.com>
    net: wan/lmc: unregister device when no matching device is found

Doug Brown <doug@schmorgal.com>
    appletalk: Fix skb allocation size in loopback case

Nathan Rossi <nathan.rossi@digi.com>
    net: ethernet: aquantia: Handle error cleanup of start on open

Shuah Khan <skhan@linuxfoundation.org>
    ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()

Luca Pesce <luca.pesce@vimar.com>
    brcmfmac: clear EAP/association status bits on linkdown events

Sasha Levin <sashal@kernel.org>
    can: tcan4x5x: fix max register value

Oleksij Rempel <linux@rempel-privat.de>
    net: introduce CAN specific pointer in the struct net_device

Marc Kleine-Budde <mkl@pengutronix.de>
    can: dev: move driver related infrastructure into separate subdir

Davide Caratti <dcaratti@redhat.com>
    flow_dissector: fix TTL and TOS dissection on IPv4 fragments

Sasha Levin <sashal@kernel.org>
    net: mvpp2: fix interrupt mask/unmask skip condition

zhangyi (F) <yi.zhang@huawei.com>
    ext4: do not iput inode under running transaction in ext4_rename()

Waiman Long <longman@redhat.com>
    locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling

Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>
    thermal/core: Add NULL pointer check before using cooling device stats

Sameer Pujar <spujar@nvidia.com>
    ASoC: rt5659: Update MCLK rate in set_sysclk()

Tong Zhang <ztong0001@gmail.com>
    staging: comedi: cb_pcidas64: fix request_irq() warn

Tong Zhang <ztong0001@gmail.com>
    staging: comedi: cb_pcidas: fix request_irq() warn

Alexey Dobriyan <adobriyan@gmail.com>
    scsi: qla2xxx: Fix broken #endif placement

Lv Yunlong <lyl2019@mail.ustc.edu.cn>
    scsi: st: Fix a use after free in st_open()

Laurent Vivier <lvivier@redhat.com>
    vhost: Fix vhost_vq_reset()

Christophe Leroy <christophe.leroy@csgroup.eu>
    powerpc: Force inlining of cpu_has_feature() to avoid build failure

Olga Kornievskaia <kolga@netapp.com>
    NFSD: fix error handling in NFSv4.0 callbacks

Lucas Tanure <tanureal@opensource.cirrus.com>
    ASoC: cs42l42: Always wait at least 3ms after reset

Lucas Tanure <tanureal@opensource.cirrus.com>
    ASoC: cs42l42: Fix mixer volume control

Lucas Tanure <tanureal@opensource.cirrus.com>
    ASoC: cs42l42: Fix channel width support

Lucas Tanure <tanureal@opensource.cirrus.com>
    ASoC: cs42l42: Fix Bitclock polarity inversion

Hans de Goede <hdegoede@redhat.com>
    ASoC: es8316: Simplify adc_pga_gain_tlv table

Benjamin Rood <benjaminjrood@gmail.com>
    ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe

Hans de Goede <hdegoede@redhat.com>
    ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10

Hans de Goede <hdegoede@redhat.com>
    ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10

Ritesh Harjani <riteshh@linux.ibm.com>
    iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate

J. Bruce Fields <bfields@redhat.com>
    rpc: fix NULL dereference on kmalloc failure

Julian Braha <julianbraha@gmail.com>
    fs: nfsd: fix kconfig dependency warning for NFSD_V4

Zhaolong Zhang <zhangzl2013@126.com>
    ext4: fix bh ref count on error paths

Eric Whitney <enwlinux@gmail.com>
    ext4: shrink race window in ext4_should_retry_alloc()

Frank van der Linden <fllinden@amazon.com>
    module: harden ELF info handling

Sergey Shtylyov <s.shtylyov@omprussia.ru>
    module: avoid *goto*s in module_sig_check()

Sergey Shtylyov <s.shtylyov@omprussia.ru>
    module: merge repetitive strings in module_sig_check()

Jakub Kicinski <kuba@kernel.org>
    ipv6: weaken the v4mapped source check

David Brazdil <dbrazdil@google.com>
    selinux: vsock: Set SID for socket returned by accept()


-------------

Diffstat:

 Makefile                                           |   4 +-
 arch/powerpc/include/asm/cpu_has_feature.h         |   4 +-
 arch/xtensa/kernel/coprocessor.S                   |  64 ++++----
 drivers/base/power/runtime.c                       |  10 +-
 drivers/extcon/extcon.c                            |   1 +
 drivers/firewire/nosy.c                            |   9 +-
 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c             |  10 +-
 drivers/gpu/drm/tegra/sor.c                        |   7 +
 drivers/net/can/Makefile                           |   7 +-
 drivers/net/can/dev/Makefile                       |   7 +
 drivers/net/can/{ => dev}/dev.c                    |   4 +-
 drivers/net/can/{ => dev}/rx-offload.c             |   0
 drivers/net/can/m_can/tcan4x5x.c                   |   2 +-
 drivers/net/can/slcan.c                            |   4 +-
 drivers/net/can/vcan.c                             |   2 +-
 drivers/net/can/vxcan.c                            |   6 +-
 drivers/net/ethernet/aquantia/atlantic/aq_main.c   |   4 +-
 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c    |   4 +-
 drivers/net/wan/lmc/lmc_main.c                     |   2 +
 drivers/net/wireless/ath/ath10k/wmi-tlv.c          |   7 +-
 .../broadcom/brcm80211/brcmfmac/cfg80211.c         |   7 +-
 drivers/pinctrl/pinctrl-rockchip.c                 |  13 +-
 drivers/scsi/qla2xxx/qla_target.h                  |   2 +-
 drivers/scsi/st.c                                  |   2 +-
 drivers/staging/comedi/drivers/cb_pcidas.c         |   2 +-
 drivers/staging/comedi/drivers/cb_pcidas64.c       |   2 +-
 drivers/staging/rtl8192e/rtllib.h                  |   2 +-
 drivers/staging/rtl8192e/rtllib_rx.c               |   2 +-
 drivers/thermal/thermal_sysfs.c                    |   3 +
 drivers/usb/class/cdc-acm.c                        |  61 +++++---
 drivers/usb/core/quirks.c                          |   4 +
 drivers/usb/dwc2/hcd.c                             |   5 +-
 drivers/usb/gadget/udc/amd5536udc_pci.c            |  10 +-
 drivers/usb/host/xhci-mtk.c                        |  10 +-
 drivers/usb/musb/musb_core.c                       |  12 +-
 drivers/usb/usbip/vhci_hcd.c                       |   2 +
 drivers/vfio/pci/Kconfig                           |   2 +-
 drivers/vhost/vhost.c                              |   2 +-
 drivers/video/fbdev/core/fbcon.c                   |   3 +
 fs/ext4/balloc.c                                   |  38 +++--
 fs/ext4/ext4.h                                     |   1 +
 fs/ext4/inode.c                                    |   6 +-
 fs/ext4/namei.c                                    |  18 +--
 fs/ext4/super.c                                    |   5 +
 fs/ext4/sysfs.c                                    |   7 +
 fs/iomap/swapfile.c                                |  10 ++
 fs/nfsd/Kconfig                                    |   1 +
 fs/nfsd/nfs4callback.c                             |   1 +
 fs/reiserfs/xattr.h                                |   2 +-
 include/linux/can/can-ml.h                         |  12 ++
 include/linux/extcon.h                             |  23 +++
 include/linux/netdevice.h                          |  34 ++++-
 kernel/locking/mutex.c                             |  25 ++--
 kernel/module.c                                    | 166 +++++++++++++++++----
 kernel/module_signature.c                          |   2 +-
 kernel/module_signing.c                            |   2 +-
 kernel/trace/trace.c                               |   3 +-
 mm/memory.c                                        |   2 +-
 net/appletalk/ddp.c                                |  33 ++--
 net/can/af_can.c                                   |  34 +----
 net/can/j1939/main.c                               |  22 +--
 net/can/j1939/socket.c                             |  13 +-
 net/can/proc.c                                     |  19 ++-
 net/core/filter.c                                  |  12 +-
 net/core/flow_dissector.c                          |   6 +-
 net/dccp/ipv6.c                                    |   5 +
 net/ipv6/ip6_input.c                               |  10 --
 net/ipv6/tcp_ipv6.c                                |   5 +
 net/sunrpc/auth_gss/svcauth_gss.c                  |  11 +-
 net/vmw_vsock/af_vsock.c                           |   1 +
 sound/pci/hda/hda_intel.c                          |   8 +
 sound/pci/hda/patch_realtek.c                      |   3 +-
 sound/soc/codecs/cs42l42.c                         |  74 +++++----
 sound/soc/codecs/cs42l42.h                         |  13 +-
 sound/soc/codecs/es8316.c                          |   9 +-
 sound/soc/codecs/rt5640.c                          |   4 +-
 sound/soc/codecs/rt5651.c                          |   4 +-
 sound/soc/codecs/rt5659.c                          |   5 +
 sound/soc/codecs/sgtl5000.c                        |   2 +-
 sound/usb/quirks.c                                 |   1 +
 .../testing/selftests/net/forwarding/tc_flower.sh  |  38 ++++-
 81 files changed, 660 insertions(+), 334 deletions(-)



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 01/74] selinux: vsock: Set SID for socket returned by accept()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 02/74] ipv6: weaken the v4mapped source check Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, David Brazdil, David S. Miller, Sasha Levin

From: David Brazdil <dbrazdil@google.com>

[ Upstream commit 1f935e8e72ec28dddb2dc0650b3b6626a293d94b ]

For AF_VSOCK, accept() currently returns sockets that are unlabelled.
Other socket families derive the child's SID from the SID of the parent
and the SID of the incoming packet. This is typically done as the
connected socket is placed in the queue that accept() removes from.

Reuse the existing 'security_sk_clone' hook to copy the SID from the
parent (server) socket to the child. There is no packet SID in this
case.

Fixes: d021c344051a ("VSOCK: Introduce VM Sockets")
Signed-off-by: David Brazdil <dbrazdil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/vmw_vsock/af_vsock.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 5d323574d04f..c82e7b52ab1f 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -620,6 +620,7 @@ struct sock *__vsock_create(struct net *net,
 		vsk->trusted = psk->trusted;
 		vsk->owner = get_cred(psk->owner);
 		vsk->connect_timeout = psk->connect_timeout;
+		security_sk_clone(parent, sk);
 	} else {
 		vsk->trusted = ns_capable_noaudit(&init_user_ns, CAP_NET_ADMIN);
 		vsk->owner = get_current_cred();
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 02/74] ipv6: weaken the v4mapped source check
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 01/74] selinux: vsock: Set SID for socket returned by accept() Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check() Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sunyi Shao, Jakub Kicinski,
	Mat Martineau, Eric Dumazet, David S. Miller, Sasha Levin

From: Jakub Kicinski <kuba@kernel.org>

[ Upstream commit dcc32f4f183ab8479041b23a1525d48233df1d43 ]

This reverts commit 6af1799aaf3f1bc8defedddfa00df3192445bbf3.

Commit 6af1799aaf3f ("ipv6: drop incoming packets having a v4mapped
source address") introduced an input check against v4mapped addresses.
Use of such addresses on the wire is indeed questionable and not
allowed on public Internet. As the commit pointed out

  https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02

lists potential issues.

Unfortunately there are applications which use v4mapped addresses,
and breaking them is a clear regression. For example v4mapped
addresses (or any semi-valid addresses, really) may be used
for uni-direction event streams or packet export.

Since the issue which sparked the addition of the check was with
TCP and request_socks in particular push the check down to TCPv6
and DCCP. This restores the ability to receive UDPv6 packets with
v4mapped address as the source.

Keep using the IPSTATS_MIB_INHDRERRORS statistic to minimize the
user-visible changes.

Fixes: 6af1799aaf3f ("ipv6: drop incoming packets having a v4mapped source address")
Reported-by: Sunyi Shao <sunyishao@fb.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/dccp/ipv6.c      |  5 +++++
 net/ipv6/ip6_input.c | 10 ----------
 net/ipv6/tcp_ipv6.c  |  5 +++++
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 1e5e08cc0bfc..9f73ccf46c9b 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -319,6 +319,11 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
 	if (!ipv6_unicast_destination(skb))
 		return 0;	/* discard, don't send a reset here */
 
+	if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
+		__IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
+		return 0;
+	}
+
 	if (dccp_bad_service_code(sk, service)) {
 		dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
 		goto drop;
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 3d71c7d6102c..7e5df23cbe7b 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -223,16 +223,6 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev,
 	if (ipv6_addr_is_multicast(&hdr->saddr))
 		goto err;
 
-	/* While RFC4291 is not explicit about v4mapped addresses
-	 * in IPv6 headers, it seems clear linux dual-stack
-	 * model can not deal properly with these.
-	 * Security models could be fooled by ::ffff:127.0.0.1 for example.
-	 *
-	 * https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
-	 */
-	if (ipv6_addr_v4mapped(&hdr->saddr))
-		goto err;
-
 	skb->transport_header = skb->network_header + sizeof(*hdr);
 	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
 
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index b42fa41cfceb..2f061a911bc2 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1093,6 +1093,11 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
 	if (!ipv6_unicast_destination(skb))
 		goto drop;
 
+	if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
+		__IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
+		return 0;
+	}
+
 	return tcp_conn_request(&tcp6_request_sock_ops,
 				&tcp_request_sock_ipv6_ops, sk, skb);
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 01/74] selinux: vsock: Set SID for socket returned by accept() Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 02/74] ipv6: weaken the v4mapped source check Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05 13:35   ` Sergey Shtylyov
  2021-04-05  8:53 ` [PATCH 5.4 04/74] module: avoid *goto*s " Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  78 siblings, 1 reply; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Joe Perches, Miroslav Benes,
	Sergey Shtylyov, Jessica Yu, Sasha Levin

From: Sergey Shtylyov <s.shtylyov@omprussia.ru>

[ Upstream commit 705e9195187d85249fbb0eaa844b1604a98fbc9a ]

The 'reason' variable in module_sig_check() points to 3 strings across
the *switch* statement, all needlessly starting with the same text.
Let's put the starting text into the pr_notice() call -- it saves 21
bytes of the object code (x86 gcc 10.2.1).

Suggested-by: Joe Perches <joe@perches.com>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/module.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/kernel/module.c b/kernel/module.c
index ab1f97cfe18d..9fe3e9b85348 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2908,16 +2908,17 @@ static int module_sig_check(struct load_info *info, int flags)
 		 * enforcing, certain errors are non-fatal.
 		 */
 	case -ENODATA:
-		reason = "Loading of unsigned module";
+		reason = "unsigned module";
 		goto decide;
 	case -ENOPKG:
-		reason = "Loading of module with unsupported crypto";
+		reason = "module with unsupported crypto";
 		goto decide;
 	case -ENOKEY:
-		reason = "Loading of module with unavailable key";
+		reason = "module with unavailable key";
 	decide:
 		if (is_module_sig_enforced()) {
-			pr_notice("%s is rejected\n", reason);
+			pr_notice("%s: loading of %s is rejected\n",
+				  info->name, reason);
 			return -EKEYREJECTED;
 		}
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 04/74] module: avoid *goto*s in module_sig_check()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check() Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 05/74] module: harden ELF info handling Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Joe Perches, Miroslav Benes,
	Sergey Shtylyov, Jessica Yu, Sasha Levin

From: Sergey Shtylyov <s.shtylyov@omprussia.ru>

[ Upstream commit 10ccd1abb808599a6dc7c9389560016ea3568085 ]

Let's move the common handling of the non-fatal errors after the *switch*
statement -- this avoids *goto*s inside that *switch*...

Suggested-by: Joe Perches <joe@perches.com>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/module.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/kernel/module.c b/kernel/module.c
index 9fe3e9b85348..8d1def62a415 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2909,20 +2909,13 @@ static int module_sig_check(struct load_info *info, int flags)
 		 */
 	case -ENODATA:
 		reason = "unsigned module";
-		goto decide;
+		break;
 	case -ENOPKG:
 		reason = "module with unsupported crypto";
-		goto decide;
+		break;
 	case -ENOKEY:
 		reason = "module with unavailable key";
-	decide:
-		if (is_module_sig_enforced()) {
-			pr_notice("%s: loading of %s is rejected\n",
-				  info->name, reason);
-			return -EKEYREJECTED;
-		}
-
-		return security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
+		break;
 
 		/* All other errors are fatal, including nomem, unparseable
 		 * signatures and signature check failures - even if signatures
@@ -2931,6 +2924,13 @@ static int module_sig_check(struct load_info *info, int flags)
 	default:
 		return err;
 	}
+
+	if (is_module_sig_enforced()) {
+		pr_notice("%s: loading of %s is rejected\n", info->name, reason);
+		return -EKEYREJECTED;
+	}
+
+	return security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
 }
 #else /* !CONFIG_MODULE_SIG */
 static int module_sig_check(struct load_info *info, int flags)
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 05/74] module: harden ELF info handling
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 04/74] module: avoid *goto*s " Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 06/74] ext4: shrink race window in ext4_should_retry_alloc() Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Frank van der Linden, Jessica Yu,
	Sasha Levin

From: Frank van der Linden <fllinden@amazon.com>

[ Upstream commit ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 ]

5fdc7db644 ("module: setup load info before module_sig_check()")
moved the ELF setup, so that it was done before the signature
check. This made the module name available to signature error
messages.

However, the checks for ELF correctness in setup_load_info
are not sufficient to prevent bad memory references due to
corrupted offset fields, indices, etc.

So, there's a regression in behavior here: a corrupt and unsigned
(or badly signed) module, which might previously have been rejected
immediately, can now cause an oops/crash.

Harden ELF handling for module loading by doing the following:

- Move the signature check back up so that it comes before ELF
  initialization. It's best to do the signature check to see
  if we can trust the module, before using the ELF structures
  inside it. This also makes checks against info->len
  more accurate again, as this field will be reduced by the
  length of the signature in mod_check_sig().

  The module name is now once again not available for error
  messages during the signature check, but that seems like
  a fair tradeoff.

- Check if sections have offset / size fields that at least don't
  exceed the length of the module.

- Check if sections have section name offsets that don't fall
  outside the section name table.

- Add a few other sanity checks against invalid section indices,
  etc.

This is not an exhaustive consistency check, but the idea is to
at least get through the signature and blacklist checks without
crashing because of corrupted ELF info, and to error out gracefully
for most issues that would have caused problems later on.

Fixes: 5fdc7db6448a ("module: setup load info before module_sig_check()")
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/module.c           | 143 +++++++++++++++++++++++++++++++++-----
 kernel/module_signature.c |   2 +-
 kernel/module_signing.c   |   2 +-
 3 files changed, 127 insertions(+), 20 deletions(-)

diff --git a/kernel/module.c b/kernel/module.c
index 8d1def62a415..c60559b5bf10 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2926,7 +2926,7 @@ static int module_sig_check(struct load_info *info, int flags)
 	}
 
 	if (is_module_sig_enforced()) {
-		pr_notice("%s: loading of %s is rejected\n", info->name, reason);
+		pr_notice("Loading of %s is rejected\n", reason);
 		return -EKEYREJECTED;
 	}
 
@@ -2939,9 +2939,33 @@ static int module_sig_check(struct load_info *info, int flags)
 }
 #endif /* !CONFIG_MODULE_SIG */
 
-/* Sanity checks against invalid binaries, wrong arch, weird elf version. */
-static int elf_header_check(struct load_info *info)
+static int validate_section_offset(struct load_info *info, Elf_Shdr *shdr)
 {
+	unsigned long secend;
+
+	/*
+	 * Check for both overflow and offset/size being
+	 * too large.
+	 */
+	secend = shdr->sh_offset + shdr->sh_size;
+	if (secend < shdr->sh_offset || secend > info->len)
+		return -ENOEXEC;
+
+	return 0;
+}
+
+/*
+ * Sanity checks against invalid binaries, wrong arch, weird elf version.
+ *
+ * Also do basic validity checks against section offsets and sizes, the
+ * section name string table, and the indices used for it (sh_name).
+ */
+static int elf_validity_check(struct load_info *info)
+{
+	unsigned int i;
+	Elf_Shdr *shdr, *strhdr;
+	int err;
+
 	if (info->len < sizeof(*(info->hdr)))
 		return -ENOEXEC;
 
@@ -2951,11 +2975,78 @@ static int elf_header_check(struct load_info *info)
 	    || info->hdr->e_shentsize != sizeof(Elf_Shdr))
 		return -ENOEXEC;
 
+	/*
+	 * e_shnum is 16 bits, and sizeof(Elf_Shdr) is
+	 * known and small. So e_shnum * sizeof(Elf_Shdr)
+	 * will not overflow unsigned long on any platform.
+	 */
 	if (info->hdr->e_shoff >= info->len
 	    || (info->hdr->e_shnum * sizeof(Elf_Shdr) >
 		info->len - info->hdr->e_shoff))
 		return -ENOEXEC;
 
+	info->sechdrs = (void *)info->hdr + info->hdr->e_shoff;
+
+	/*
+	 * Verify if the section name table index is valid.
+	 */
+	if (info->hdr->e_shstrndx == SHN_UNDEF
+	    || info->hdr->e_shstrndx >= info->hdr->e_shnum)
+		return -ENOEXEC;
+
+	strhdr = &info->sechdrs[info->hdr->e_shstrndx];
+	err = validate_section_offset(info, strhdr);
+	if (err < 0)
+		return err;
+
+	/*
+	 * The section name table must be NUL-terminated, as required
+	 * by the spec. This makes strcmp and pr_* calls that access
+	 * strings in the section safe.
+	 */
+	info->secstrings = (void *)info->hdr + strhdr->sh_offset;
+	if (info->secstrings[strhdr->sh_size - 1] != '\0')
+		return -ENOEXEC;
+
+	/*
+	 * The code assumes that section 0 has a length of zero and
+	 * an addr of zero, so check for it.
+	 */
+	if (info->sechdrs[0].sh_type != SHT_NULL
+	    || info->sechdrs[0].sh_size != 0
+	    || info->sechdrs[0].sh_addr != 0)
+		return -ENOEXEC;
+
+	for (i = 1; i < info->hdr->e_shnum; i++) {
+		shdr = &info->sechdrs[i];
+		switch (shdr->sh_type) {
+		case SHT_NULL:
+		case SHT_NOBITS:
+			continue;
+		case SHT_SYMTAB:
+			if (shdr->sh_link == SHN_UNDEF
+			    || shdr->sh_link >= info->hdr->e_shnum)
+				return -ENOEXEC;
+			fallthrough;
+		default:
+			err = validate_section_offset(info, shdr);
+			if (err < 0) {
+				pr_err("Invalid ELF section in module (section %u type %u)\n",
+					i, shdr->sh_type);
+				return err;
+			}
+
+			if (shdr->sh_flags & SHF_ALLOC) {
+				if (shdr->sh_name >= strhdr->sh_size) {
+					pr_err("Invalid ELF section name in module (section %u type %u)\n",
+					       i, shdr->sh_type);
+					return -ENOEXEC;
+				}
+			}
+			break;
+		}
+	}
+
 	return 0;
 }
 
@@ -3052,11 +3143,6 @@ static int rewrite_section_headers(struct load_info *info, int flags)
 
 	for (i = 1; i < info->hdr->e_shnum; i++) {
 		Elf_Shdr *shdr = &info->sechdrs[i];
-		if (shdr->sh_type != SHT_NOBITS
-		    && info->len < shdr->sh_offset + shdr->sh_size) {
-			pr_err("Module len %lu truncated\n", info->len);
-			return -ENOEXEC;
-		}
 
 		/* Mark all sections sh_addr with their address in the
 		   temporary image. */
@@ -3088,11 +3174,6 @@ static int setup_load_info(struct load_info *info, int flags)
 {
 	unsigned int i;
 
-	/* Set up the convenience variables */
-	info->sechdrs = (void *)info->hdr + info->hdr->e_shoff;
-	info->secstrings = (void *)info->hdr
-		+ info->sechdrs[info->hdr->e_shstrndx].sh_offset;
-
 	/* Try to find a name early so we can log errors with a module name */
 	info->index.info = find_sec(info, ".modinfo");
 	if (info->index.info)
@@ -3820,23 +3901,49 @@ static int load_module(struct load_info *info, const char __user *uargs,
 	long err = 0;
 	char *after_dashes;
 
-	err = elf_header_check(info);
+	/*
+	 * Do the signature check (if any) first. All that
+	 * the signature check needs is info->len, it does
+	 * not need any of the section info. That can be
+	 * set up later. This will minimize the chances
+	 * of a corrupt module causing problems before
+	 * we even get to the signature check.
+	 *
+	 * The check will also adjust info->len by stripping
+	 * off the sig length at the end of the module, making
+	 * checks against info->len more correct.
+	 */
+	err = module_sig_check(info, flags);
 	if (err)
 		goto free_copy;
 
+	/*
+	 * Do basic sanity checks against the ELF header and
+	 * sections.
+	 */
+	err = elf_validity_check(info);
+	if (err) {
+		pr_err("Module has invalid ELF structures\n");
+		goto free_copy;
+	}
+
+	/*
+	 * Everything checks out, so set up the section info
+	 * in the info structure.
+	 */
 	err = setup_load_info(info, flags);
 	if (err)
 		goto free_copy;
 
+	/*
+	 * Now that we know we have the correct module name, check
+	 * if it's blacklisted.
+	 */
 	if (blacklisted(info->name)) {
 		err = -EPERM;
 		goto free_copy;
 	}
 
-	err = module_sig_check(info, flags);
-	if (err)
-		goto free_copy;
-
 	err = rewrite_section_headers(info, flags);
 	if (err)
 		goto free_copy;
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 4224a1086b7d..00132d12487c 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -25,7 +25,7 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
 		return -EBADMSG;
 
 	if (ms->id_type != PKEY_ID_PKCS7) {
-		pr_err("%s: Module is not signed with expected PKCS#7 message\n",
+		pr_err("%s: not signed with expected PKCS#7 message\n",
 		       name);
 		return -ENOPKG;
 	}
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index 9d9fc678c91d..8723ae70ea1f 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -30,7 +30,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
 
 	memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));
 
-	ret = mod_check_sig(&ms, modlen, info->name);
+	ret = mod_check_sig(&ms, modlen, "module");
 	if (ret)
 		return ret;
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 06/74] ext4: shrink race window in ext4_should_retry_alloc()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 05/74] module: harden ELF info handling Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 07/74] ext4: fix bh ref count on error paths Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Whitney, Theodore Tso, Sasha Levin

From: Eric Whitney <enwlinux@gmail.com>

[ Upstream commit efc61345274d6c7a46a0570efbc916fcbe3e927b ]

When generic/371 is run on kvm-xfstests using 5.10 and 5.11 kernels, it
fails at significant rates on the two test scenarios that disable
delayed allocation (ext3conv and data_journal) and force actual block
allocation for the fallocate and pwrite functions in the test.  The
failure rate on 5.10 for both ext3conv and data_journal on one test
system typically runs about 85%.  On 5.11, the failure rate on ext3conv
sometimes drops to as low as 1% while the rate on data_journal
increases to nearly 100%.

The observed failures are largely due to ext4_should_retry_alloc()
cutting off block allocation retries when s_mb_free_pending (used to
indicate that a transaction in progress will free blocks) is 0.
However, free space is usually available when this occurs during runs
of generic/371.  It appears that a thread attempting to allocate
blocks is just missing transaction commits in other threads that
increase the free cluster count and reset s_mb_free_pending while
the allocating thread isn't running.  Explicitly testing for free space
availability avoids this race.

The current code uses a post-increment operator in the conditional
expression that determines whether the retry limit has been exceeded.
This means that the conditional expression uses the value of the
retry counter before it's increased, resulting in an extra retry cycle.
The current code actually retries twice before hitting its retry limit
rather than once.

Increasing the retry limit to 3 from the current actual maximum retry
count of 2 in combination with the change described above reduces the
observed failure rate to less that 0.1% on both ext3conv and
data_journal with what should be limited impact on users sensitive to
the overhead caused by retries.

A per filesystem percpu counter exported via sysfs is added to allow
users or developers to track the number of times the retry limit is
exceeded without resorting to debugging methods.  This should provide
some insight into worst case retry behavior.

Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20210218151132.19678-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ext4/balloc.c | 38 ++++++++++++++++++++++++++------------
 fs/ext4/ext4.h   |  1 +
 fs/ext4/super.c  |  5 +++++
 fs/ext4/sysfs.c  |  7 +++++++
 4 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index 5aba67a504cf..031ff3f19018 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -612,27 +612,41 @@ int ext4_claim_free_clusters(struct ext4_sb_info *sbi,
 
 /**
  * ext4_should_retry_alloc() - check if a block allocation should be retried
- * @sb:			super block
- * @retries:		number of attemps has been made
+ * @sb:			superblock
+ * @retries:		number of retry attempts made so far
  *
- * ext4_should_retry_alloc() is called when ENOSPC is returned, and if
- * it is profitable to retry the operation, this function will wait
- * for the current or committing transaction to complete, and then
- * return TRUE.  We will only retry once.
+ * ext4_should_retry_alloc() is called when ENOSPC is returned while
+ * attempting to allocate blocks.  If there's an indication that a pending
+ * journal transaction might free some space and allow another attempt to
+ * succeed, this function will wait for the current or committing transaction
+ * to complete and then return TRUE.
  */
 int ext4_should_retry_alloc(struct super_block *sb, int *retries)
 {
-	if (!ext4_has_free_clusters(EXT4_SB(sb), 1, 0) ||
-	    (*retries)++ > 1 ||
-	    !EXT4_SB(sb)->s_journal)
+	struct ext4_sb_info *sbi = EXT4_SB(sb);
+
+	if (!sbi->s_journal)
 		return 0;
 
-	smp_mb();
-	if (EXT4_SB(sb)->s_mb_free_pending == 0)
+	if (++(*retries) > 3) {
+		percpu_counter_inc(&sbi->s_sra_exceeded_retry_limit);
 		return 0;
+	}
 
+	/*
+	 * if there's no indication that blocks are about to be freed it's
+	 * possible we just missed a transaction commit that did so
+	 */
+	smp_mb();
+	if (sbi->s_mb_free_pending == 0)
+		return ext4_has_free_clusters(sbi, 1, 0);
+
+	/*
+	 * it's possible we've just missed a transaction commit here,
+	 * so ignore the returned status
+	 */
 	jbd_debug(1, "%s: retrying operation after ENOSPC\n", sb->s_id);
-	jbd2_journal_force_commit_nested(EXT4_SB(sb)->s_journal);
+	(void) jbd2_journal_force_commit_nested(sbi->s_journal);
 	return 1;
 }
 
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 1c558b554788..bf3eaa903033 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1420,6 +1420,7 @@ struct ext4_sb_info {
 	struct percpu_counter s_freeinodes_counter;
 	struct percpu_counter s_dirs_counter;
 	struct percpu_counter s_dirtyclusters_counter;
+	struct percpu_counter s_sra_exceeded_retry_limit;
 	struct blockgroup_lock *s_blockgroup_lock;
 	struct proc_dir_entry *s_proc;
 	struct kobject s_kobj;
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 06568467b0c2..2ecf4594a20d 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1017,6 +1017,7 @@ static void ext4_put_super(struct super_block *sb)
 	percpu_counter_destroy(&sbi->s_freeinodes_counter);
 	percpu_counter_destroy(&sbi->s_dirs_counter);
 	percpu_counter_destroy(&sbi->s_dirtyclusters_counter);
+	percpu_counter_destroy(&sbi->s_sra_exceeded_retry_limit);
 	percpu_free_rwsem(&sbi->s_writepages_rwsem);
 #ifdef CONFIG_QUOTA
 	for (i = 0; i < EXT4_MAXQUOTAS; i++)
@@ -4597,6 +4598,9 @@ no_journal:
 	if (!err)
 		err = percpu_counter_init(&sbi->s_dirtyclusters_counter, 0,
 					  GFP_KERNEL);
+	if (!err)
+		err = percpu_counter_init(&sbi->s_sra_exceeded_retry_limit, 0,
+					  GFP_KERNEL);
 	if (!err)
 		err = percpu_init_rwsem(&sbi->s_writepages_rwsem);
 
@@ -4699,6 +4703,7 @@ failed_mount6:
 	percpu_counter_destroy(&sbi->s_freeinodes_counter);
 	percpu_counter_destroy(&sbi->s_dirs_counter);
 	percpu_counter_destroy(&sbi->s_dirtyclusters_counter);
+	percpu_counter_destroy(&sbi->s_sra_exceeded_retry_limit);
 	percpu_free_rwsem(&sbi->s_writepages_rwsem);
 failed_mount5:
 	ext4_ext_release(sb);
diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index eb1efad0e20a..9394360ff137 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -23,6 +23,7 @@ typedef enum {
 	attr_session_write_kbytes,
 	attr_lifetime_write_kbytes,
 	attr_reserved_clusters,
+	attr_sra_exceeded_retry_limit,
 	attr_inode_readahead,
 	attr_trigger_test_error,
 	attr_first_error_time,
@@ -176,6 +177,7 @@ EXT4_ATTR_FUNC(delayed_allocation_blocks, 0444);
 EXT4_ATTR_FUNC(session_write_kbytes, 0444);
 EXT4_ATTR_FUNC(lifetime_write_kbytes, 0444);
 EXT4_ATTR_FUNC(reserved_clusters, 0644);
+EXT4_ATTR_FUNC(sra_exceeded_retry_limit, 0444);
 
 EXT4_ATTR_OFFSET(inode_readahead_blks, 0644, inode_readahead,
 		 ext4_sb_info, s_inode_readahead_blks);
@@ -207,6 +209,7 @@ static struct attribute *ext4_attrs[] = {
 	ATTR_LIST(session_write_kbytes),
 	ATTR_LIST(lifetime_write_kbytes),
 	ATTR_LIST(reserved_clusters),
+	ATTR_LIST(sra_exceeded_retry_limit),
 	ATTR_LIST(inode_readahead_blks),
 	ATTR_LIST(inode_goal),
 	ATTR_LIST(mb_stats),
@@ -308,6 +311,10 @@ static ssize_t ext4_attr_show(struct kobject *kobj,
 		return snprintf(buf, PAGE_SIZE, "%llu\n",
 				(unsigned long long)
 				atomic64_read(&sbi->s_resv_clusters));
+	case attr_sra_exceeded_retry_limit:
+		return snprintf(buf, PAGE_SIZE, "%llu\n",
+				(unsigned long long)
+			percpu_counter_sum(&sbi->s_sra_exceeded_retry_limit));
 	case attr_inode_readahead:
 	case attr_pointer_ui:
 		if (!ptr)
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 07/74] ext4: fix bh ref count on error paths
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 06/74] ext4: shrink race window in ext4_should_retry_alloc() Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 08/74] fs: nfsd: fix kconfig dependency warning for NFSD_V4 Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Zhaolong Zhang, Theodore Tso, Sasha Levin

From: Zhaolong Zhang <zhangzl2013@126.com>

[ Upstream commit c915fb80eaa6194fa9bd0a4487705cd5b0dda2f1 ]

__ext4_journalled_writepage should drop bhs' ref count on error paths

Signed-off-by: Zhaolong Zhang <zhangzl2013@126.com>
Link: https://lore.kernel.org/r/1614678151-70481-1-git-send-email-zhangzl2013@126.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ext4/inode.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index efce97b938b7..1429d01d836b 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -2076,13 +2076,13 @@ static int __ext4_journalled_writepage(struct page *page,
 	if (!ret)
 		ret = err;
 
-	if (!ext4_has_inline_data(inode))
-		ext4_walk_page_buffers(NULL, page_bufs, 0, len,
-				       NULL, bput_one);
 	ext4_set_inode_state(inode, EXT4_STATE_JDATA);
 out:
 	unlock_page(page);
 out_no_pagelock:
+	if (!inline_data && page_bufs)
+		ext4_walk_page_buffers(NULL, page_bufs, 0, len,
+				       NULL, bput_one);
 	brelse(inode_bh);
 	return ret;
 }
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 08/74] fs: nfsd: fix kconfig dependency warning for NFSD_V4
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 07/74] ext4: fix bh ref count on error paths Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 09/74] rpc: fix NULL dereference on kmalloc failure Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Julian Braha, Chuck Lever, Sasha Levin

From: Julian Braha <julianbraha@gmail.com>

[ Upstream commit 7005227369079963d25fb2d5d736d0feb2c44cf6 ]

When NFSD_V4 is enabled and CRYPTO is disabled,
Kbuild gives the following warning:

WARNING: unmet direct dependencies detected for CRYPTO_SHA256
  Depends on [n]: CRYPTO [=n]
  Selected by [y]:
  - NFSD_V4 [=y] && NETWORK_FILESYSTEMS [=y] && NFSD [=y] && PROC_FS [=y]

WARNING: unmet direct dependencies detected for CRYPTO_MD5
  Depends on [n]: CRYPTO [=n]
  Selected by [y]:
  - NFSD_V4 [=y] && NETWORK_FILESYSTEMS [=y] && NFSD [=y] && PROC_FS [=y]

This is because NFSD_V4 selects CRYPTO_MD5 and CRYPTO_SHA256,
without depending on or selecting CRYPTO, despite those config options
being subordinate to CRYPTO.

Signed-off-by: Julian Braha <julianbraha@gmail.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfsd/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
index f2f81561ebb6..4d6e71335bce 100644
--- a/fs/nfsd/Kconfig
+++ b/fs/nfsd/Kconfig
@@ -73,6 +73,7 @@ config NFSD_V4
 	select NFSD_V3
 	select FS_POSIX_ACL
 	select SUNRPC_GSS
+	select CRYPTO
 	select CRYPTO_MD5
 	select CRYPTO_SHA256
 	select GRACE_PERIOD
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 09/74] rpc: fix NULL dereference on kmalloc failure
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 08/74] fs: nfsd: fix kconfig dependency warning for NFSD_V4 Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 10/74] iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, J. Bruce Fields, Chuck Lever, Sasha Levin

From: J. Bruce Fields <bfields@redhat.com>

[ Upstream commit 0ddc942394013f08992fc379ca04cffacbbe3dae ]

I think this is unlikely but possible:

svc_authenticate sets rq_authop and calls svcauth_gss_accept.  The
kmalloc(sizeof(*svcdata), GFP_KERNEL) fails, leaving rq_auth_data NULL,
and returning SVC_DENIED.

This causes svc_process_common to go to err_bad_auth, and eventually
call svc_authorise.  That calls ->release == svcauth_gss_release, which
tries to dereference rq_auth_data.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Link: https://lore.kernel.org/linux-nfs/3F1B347F-B809-478F-A1E9-0BE98E22B0F0@oracle.com/T/#t
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/sunrpc/auth_gss/svcauth_gss.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index cf4d6d7e7282..d5470c7fe879 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1782,11 +1782,14 @@ static int
 svcauth_gss_release(struct svc_rqst *rqstp)
 {
 	struct gss_svc_data *gsd = (struct gss_svc_data *)rqstp->rq_auth_data;
-	struct rpc_gss_wire_cred *gc = &gsd->clcred;
+	struct rpc_gss_wire_cred *gc;
 	struct xdr_buf *resbuf = &rqstp->rq_res;
 	int stat = -EINVAL;
 	struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id);
 
+	if (!gsd)
+		goto out;
+	gc = &gsd->clcred;
 	if (gc->gc_proc != RPC_GSS_PROC_DATA)
 		goto out;
 	/* Release can be called twice, but we only wrap once. */
@@ -1827,10 +1830,10 @@ out_err:
 	if (rqstp->rq_cred.cr_group_info)
 		put_group_info(rqstp->rq_cred.cr_group_info);
 	rqstp->rq_cred.cr_group_info = NULL;
-	if (gsd->rsci)
+	if (gsd && gsd->rsci) {
 		cache_put(&gsd->rsci->h, sn->rsc_cache);
-	gsd->rsci = NULL;
-
+		gsd->rsci = NULL;
+	}
 	return stat;
 }
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 10/74] iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 09/74] rpc: fix NULL dereference on kmalloc failure Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 11/74] ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ritesh Harjani, Darrick J. Wong,
	Christoph Hellwig, Sasha Levin

From: Ritesh Harjani <riteshh@linux.ibm.com>

[ Upstream commit 5808fecc572391867fcd929662b29c12e6d08d81 ]

In case if isi.nr_pages is 0, we are making sis->pages (which is
unsigned int) a huge value in iomap_swapfile_activate() by assigning -1.
This could cause a kernel crash in kernel v4.18 (with below signature).
Or could lead to unknown issues on latest kernel if the fake big swap gets
used.

Fix this issue by returning -EINVAL in case of nr_pages is 0, since it
is anyway a invalid swapfile. Looks like this issue will be hit when
we have pagesize < blocksize type of configuration.

I was able to hit the issue in case of a tiny swap file with below
test script.
https://raw.githubusercontent.com/riteshharjani/LinuxStudy/master/scripts/swap-issue.sh

kernel crash analysis on v4.18
==============================
On v4.18 kernel, it causes a kernel panic, since sis->pages becomes
a huge value and isi.nr_extents is 0. When 0 is returned it is
considered as a swapfile over NFS and SWP_FILE is set (sis->flags |= SWP_FILE).
Then when swapoff was getting called it was calling a_ops->swap_deactivate()
if (sis->flags & SWP_FILE) is true. Since a_ops->swap_deactivate() is
NULL in case of XFS, it causes below panic.

Panic signature on v4.18 kernel:
=======================================
root@qemu:/home/qemu# [ 8291.723351] XFS (loop2): Unmounting Filesystem
[ 8292.123104] XFS (loop2): Mounting V5 Filesystem
[ 8292.132451] XFS (loop2): Ending clean mount
[ 8292.263362] Adding 4294967232k swap on /mnt1/test/swapfile.  Priority:-2 extents:1 across:274877906880k
[ 8292.277834] Unable to handle kernel paging request for instruction fetch
[ 8292.278677] Faulting instruction address: 0x00000000
cpu 0x19: Vector: 400 (Instruction Access) at [c0000009dd5b7ad0]
    pc: 0000000000000000
    lr: c0000000003eb9dc: destroy_swap_extents+0xfc/0x120
    sp: c0000009dd5b7d50
   msr: 8000000040009033
  current = 0xc0000009b6710080
  paca    = 0xc00000003ffcb280   irqmask: 0x03   irq_happened: 0x01
    pid   = 5604, comm = swapoff
Linux version 4.18.0 (riteshh@xxxxxxx) (gcc version 8.4.0 (Ubuntu 8.4.0-1ubuntu1~18.04)) #57 SMP Wed Mar 3 01:33:04 CST 2021
enter ? for help
[link register   ] c0000000003eb9dc destroy_swap_extents+0xfc/0x120
[c0000009dd5b7d50] c0000000025a7058 proc_poll_event+0x0/0x4 (unreliable)
[c0000009dd5b7da0] c0000000003f0498 sys_swapoff+0x3f8/0x910
[c0000009dd5b7e30] c00000000000bbe4 system_call+0x5c/0x70
Exception: c01 (System Call) at 00007ffff7d208d8

Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com>
[djwong: rework the comment to provide more details]
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/iomap/swapfile.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/iomap/swapfile.c b/fs/iomap/swapfile.c
index 152a230f668d..bd0cc3dcc980 100644
--- a/fs/iomap/swapfile.c
+++ b/fs/iomap/swapfile.c
@@ -169,6 +169,16 @@ int iomap_swapfile_activate(struct swap_info_struct *sis,
 			return ret;
 	}
 
+	/*
+	 * If this swapfile doesn't contain even a single page-aligned
+	 * contiguous range of blocks, reject this useless swapfile to
+	 * prevent confusion later on.
+	 */
+	if (isi.nr_pages == 0) {
+		pr_warn("swapon: Cannot find a single usable page in file.\n");
+		return -EINVAL;
+	}
+
 	*pagespan = 1 + isi.highest_ppage - isi.lowest_ppage;
 	sis->max = isi.nr_pages;
 	sis->pages = isi.nr_pages - 1;
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 11/74] ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 10/74] iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 12/74] ASoC: rt5651: " Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mark Brown, Sasha Levin

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit cfa26ed1f9f885c2fd8f53ca492989d1e16d0199 ]

The adc_vol_tlv volume-control has a range from -17.625 dB to +30 dB,
not -176.25 dB to + 300 dB. This wrong scale is esp. a problem in userspace
apps which translate the dB scale to a linear scale. With the logarithmic
dB scale being of by a factor of 10 we loose all precision in the lower
area of the range when apps translate things to a linear scale.

E.g. the 0 dB default, which corresponds with a value of 47 of the
0 - 127 range for the control, would be shown as 0/100 in alsa-mixer.

Since the centi-dB values used in the TLV struct cannot represent the
0.375 dB step size used by these controls, change the TLV definition
for them to specify a min and max value instead of min + stepsize.

Note this mirrors commit 3f31f7d9b540 ("ASoC: rt5670: Fix dac- and adc-
vol-tlv values being off by a factor of 10") which made the exact same
change to the rt5670 codec driver.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210226143817.84287-2-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/rt5640.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sound/soc/codecs/rt5640.c b/sound/soc/codecs/rt5640.c
index 747ca248bf10..3bc63fbcb188 100644
--- a/sound/soc/codecs/rt5640.c
+++ b/sound/soc/codecs/rt5640.c
@@ -339,9 +339,9 @@ static bool rt5640_readable_register(struct device *dev, unsigned int reg)
 }
 
 static const DECLARE_TLV_DB_SCALE(out_vol_tlv, -4650, 150, 0);
-static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -65625, 375, 0);
+static const DECLARE_TLV_DB_MINMAX(dac_vol_tlv, -6562, 0);
 static const DECLARE_TLV_DB_SCALE(in_vol_tlv, -3450, 150, 0);
-static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -17625, 375, 0);
+static const DECLARE_TLV_DB_MINMAX(adc_vol_tlv, -1762, 3000);
 static const DECLARE_TLV_DB_SCALE(adc_bst_tlv, 0, 1200, 0);
 
 /* {0, +20, +24, +30, +35, +40, +44, +50, +52} dB */
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 12/74] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 11/74] ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 13/74] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mark Brown, Sasha Levin

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit eee51df776bd6cac10a76b2779a9fdee3f622b2b ]

The adc_vol_tlv volume-control has a range from -17.625 dB to +30 dB,
not -176.25 dB to + 300 dB. This wrong scale is esp. a problem in userspace
apps which translate the dB scale to a linear scale. With the logarithmic
dB scale being of by a factor of 10 we loose all precision in the lower
area of the range when apps translate things to a linear scale.

E.g. the 0 dB default, which corresponds with a value of 47 of the
0 - 127 range for the control, would be shown as 0/100 in alsa-mixer.

Since the centi-dB values used in the TLV struct cannot represent the
0.375 dB step size used by these controls, change the TLV definition
for them to specify a min and max value instead of min + stepsize.

Note this mirrors commit 3f31f7d9b540 ("ASoC: rt5670: Fix dac- and adc-
vol-tlv values being off by a factor of 10") which made the exact same
change to the rt5670 codec driver.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210226143817.84287-3-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/rt5651.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sound/soc/codecs/rt5651.c b/sound/soc/codecs/rt5651.c
index c506c9305043..829cf552fe3e 100644
--- a/sound/soc/codecs/rt5651.c
+++ b/sound/soc/codecs/rt5651.c
@@ -285,9 +285,9 @@ static bool rt5651_readable_register(struct device *dev, unsigned int reg)
 }
 
 static const DECLARE_TLV_DB_SCALE(out_vol_tlv, -4650, 150, 0);
-static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -65625, 375, 0);
+static const DECLARE_TLV_DB_MINMAX(dac_vol_tlv, -6562, 0);
 static const DECLARE_TLV_DB_SCALE(in_vol_tlv, -3450, 150, 0);
-static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -17625, 375, 0);
+static const DECLARE_TLV_DB_MINMAX(adc_vol_tlv, -1762, 3000);
 static const DECLARE_TLV_DB_SCALE(adc_bst_tlv, 0, 1200, 0);
 
 /* {0, +20, +24, +30, +35, +40, +44, +50, +52} dB */
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 13/74] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 12/74] ASoC: rt5651: " Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 14/74] ASoC: es8316: Simplify adc_pga_gain_tlv table Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Benjamin Rood, Fabio Estevam,
	Mark Brown, Sasha Levin

From: Benjamin Rood <benjaminjrood@gmail.com>

[ Upstream commit f86f58e3594fb0ab1993d833d3b9a2496f3c928c ]

According to the SGTL5000 datasheet [1], the DAP_AVC_CTRL register has
the following bit field definitions:

| BITS  | FIELD       | RW | RESET | DEFINITION                        |
| 15    | RSVD        | RO | 0x0   | Reserved                          |
| 14    | RSVD        | RW | 0x1   | Reserved                          |
| 13:12 | MAX_GAIN    | RW | 0x1   | Max Gain of AVC in expander mode  |
| 11:10 | RSVD        | RO | 0x0   | Reserved                          |
| 9:8   | LBI_RESP    | RW | 0x1   | Integrator Response               |
| 7:6   | RSVD        | RO | 0x0   | Reserved                          |
| 5     | HARD_LMT_EN | RW | 0x0   | Enable hard limiter mode          |
| 4:1   | RSVD        | RO | 0x0   | Reserved                          |
| 0     | EN          | RW | 0x0   | Enable/Disable AVC                |

The original default value written to the DAP_AVC_CTRL register during
sgtl5000_i2c_probe() was 0x0510.  This would incorrectly write values to
bits 4 and 10, which are defined as RESERVED.  It would also not set
bits 12 and 14 to their correct RESET values of 0x1, and instead set
them to 0x0.  While the DAP_AVC module is effectively disabled because
the EN bit is 0, this default value is still writing invalid values to
registers that are marked as read-only and RESERVED as well as not
setting bits 12 and 14 to their correct default values as defined by the
datasheet.

The correct value that should be written to the DAP_AVC_CTRL register is
0x5100, which configures the register bits to the default values defined
by the datasheet, and prevents any writes to bits defined as
'read-only'.  Generally speaking, it is best practice to NOT attempt to
write values to registers/bits defined as RESERVED, as it generally
produces unwanted/undefined behavior, or errors.

Also, all credit for this patch should go to my colleague Dan MacDonald
<dmacdonald@curbellmedical.com> for finding this error in the first
place.

[1] https://www.nxp.com/docs/en/data-sheet/SGTL5000.pdf

Signed-off-by: Benjamin Rood <benjaminjrood@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20210219183308.GA2117@ubuntu-dev
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/sgtl5000.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c
index f5b59305c957..8a1e485982d8 100644
--- a/sound/soc/codecs/sgtl5000.c
+++ b/sound/soc/codecs/sgtl5000.c
@@ -71,7 +71,7 @@ static const struct reg_default sgtl5000_reg_defaults[] = {
 	{ SGTL5000_DAP_EQ_BASS_BAND4,		0x002f },
 	{ SGTL5000_DAP_MAIN_CHAN,		0x8000 },
 	{ SGTL5000_DAP_MIX_CHAN,		0x0000 },
-	{ SGTL5000_DAP_AVC_CTRL,		0x0510 },
+	{ SGTL5000_DAP_AVC_CTRL,		0x5100 },
 	{ SGTL5000_DAP_AVC_THRESHOLD,		0x1473 },
 	{ SGTL5000_DAP_AVC_ATTACK,		0x0028 },
 	{ SGTL5000_DAP_AVC_DECAY,		0x0050 },
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 14/74] ASoC: es8316: Simplify adc_pga_gain_tlv table
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 13/74] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 15/74] ASoC: cs42l42: Fix Bitclock polarity inversion Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mark Brown, Sasha Levin

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit bb18c678754ce1514100fb4c0bf6113b5af36c48 ]

Most steps in this table are steps of 3dB (300 centi-dB), so we can
simplify the table.

This not only reduces the amount of space it takes inside the kernel,
this also makes alsa-lib's mixer code actually accept the table, where
as before this change alsa-lib saw the "ADC PGA Gain" control as a
control without a dB scale.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210228160441.241110-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/es8316.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/sound/soc/codecs/es8316.c b/sound/soc/codecs/es8316.c
index 36eef1fb3d18..b781b28de012 100644
--- a/sound/soc/codecs/es8316.c
+++ b/sound/soc/codecs/es8316.c
@@ -63,13 +63,8 @@ static const SNDRV_CTL_TLVD_DECLARE_DB_RANGE(adc_pga_gain_tlv,
 	1, 1, TLV_DB_SCALE_ITEM(0, 0, 0),
 	2, 2, TLV_DB_SCALE_ITEM(250, 0, 0),
 	3, 3, TLV_DB_SCALE_ITEM(450, 0, 0),
-	4, 4, TLV_DB_SCALE_ITEM(700, 0, 0),
-	5, 5, TLV_DB_SCALE_ITEM(1000, 0, 0),
-	6, 6, TLV_DB_SCALE_ITEM(1300, 0, 0),
-	7, 7, TLV_DB_SCALE_ITEM(1600, 0, 0),
-	8, 8, TLV_DB_SCALE_ITEM(1800, 0, 0),
-	9, 9, TLV_DB_SCALE_ITEM(2100, 0, 0),
-	10, 10, TLV_DB_SCALE_ITEM(2400, 0, 0),
+	4, 7, TLV_DB_SCALE_ITEM(700, 300, 0),
+	8, 10, TLV_DB_SCALE_ITEM(1800, 300, 0),
 );
 
 static const SNDRV_CTL_TLVD_DECLARE_DB_RANGE(hpout_vol_tlv,
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 15/74] ASoC: cs42l42: Fix Bitclock polarity inversion
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 14/74] ASoC: es8316: Simplify adc_pga_gain_tlv table Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 16/74] ASoC: cs42l42: Fix channel width support Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lucas Tanure, Mark Brown, Sasha Levin

From: Lucas Tanure <tanureal@opensource.cirrus.com>

[ Upstream commit e793c965519b8b7f2fea51a48398405e2a501729 ]

The driver was setting bit clock polarity opposite to intended polarity.
Also simplify the code by grouping ADC and DAC clock configurations into
a single field.

Signed-off-by: Lucas Tanure <tanureal@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20210305173442.195740-2-tanureal@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 20 ++++++++------------
 sound/soc/codecs/cs42l42.h | 11 ++++++-----
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index 5125bb9b37b5..c78e2ce37930 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -797,27 +797,23 @@ static int cs42l42_set_dai_fmt(struct snd_soc_dai *codec_dai, unsigned int fmt)
 	/* Bitclock/frame inversion */
 	switch (fmt & SND_SOC_DAIFMT_INV_MASK) {
 	case SND_SOC_DAIFMT_NB_NF:
+		asp_cfg_val |= CS42L42_ASP_SCPOL_NOR << CS42L42_ASP_SCPOL_SHIFT;
 		break;
 	case SND_SOC_DAIFMT_NB_IF:
-		asp_cfg_val |= CS42L42_ASP_POL_INV <<
-				CS42L42_ASP_LCPOL_IN_SHIFT;
+		asp_cfg_val |= CS42L42_ASP_SCPOL_NOR << CS42L42_ASP_SCPOL_SHIFT;
+		asp_cfg_val |= CS42L42_ASP_LCPOL_INV << CS42L42_ASP_LCPOL_SHIFT;
 		break;
 	case SND_SOC_DAIFMT_IB_NF:
-		asp_cfg_val |= CS42L42_ASP_POL_INV <<
-				CS42L42_ASP_SCPOL_IN_DAC_SHIFT;
 		break;
 	case SND_SOC_DAIFMT_IB_IF:
-		asp_cfg_val |= CS42L42_ASP_POL_INV <<
-				CS42L42_ASP_LCPOL_IN_SHIFT;
-		asp_cfg_val |= CS42L42_ASP_POL_INV <<
-				CS42L42_ASP_SCPOL_IN_DAC_SHIFT;
+		asp_cfg_val |= CS42L42_ASP_LCPOL_INV << CS42L42_ASP_LCPOL_SHIFT;
 		break;
 	}
 
-	snd_soc_component_update_bits(component, CS42L42_ASP_CLK_CFG,
-				CS42L42_ASP_MODE_MASK |
-				CS42L42_ASP_SCPOL_IN_DAC_MASK |
-				CS42L42_ASP_LCPOL_IN_MASK, asp_cfg_val);
+	snd_soc_component_update_bits(component, CS42L42_ASP_CLK_CFG, CS42L42_ASP_MODE_MASK |
+								      CS42L42_ASP_SCPOL_MASK |
+								      CS42L42_ASP_LCPOL_MASK,
+								      asp_cfg_val);
 
 	return 0;
 }
diff --git a/sound/soc/codecs/cs42l42.h b/sound/soc/codecs/cs42l42.h
index 9e3cc528dcff..1f0d67c95a9a 100644
--- a/sound/soc/codecs/cs42l42.h
+++ b/sound/soc/codecs/cs42l42.h
@@ -258,11 +258,12 @@
 #define CS42L42_ASP_SLAVE_MODE		0x00
 #define CS42L42_ASP_MODE_SHIFT		4
 #define CS42L42_ASP_MODE_MASK		(1 << CS42L42_ASP_MODE_SHIFT)
-#define CS42L42_ASP_SCPOL_IN_DAC_SHIFT	2
-#define CS42L42_ASP_SCPOL_IN_DAC_MASK	(1 << CS42L42_ASP_SCPOL_IN_DAC_SHIFT)
-#define CS42L42_ASP_LCPOL_IN_SHIFT	0
-#define CS42L42_ASP_LCPOL_IN_MASK	(1 << CS42L42_ASP_LCPOL_IN_SHIFT)
-#define CS42L42_ASP_POL_INV		1
+#define CS42L42_ASP_SCPOL_SHIFT		2
+#define CS42L42_ASP_SCPOL_MASK		(3 << CS42L42_ASP_SCPOL_SHIFT)
+#define CS42L42_ASP_SCPOL_NOR		3
+#define CS42L42_ASP_LCPOL_SHIFT		0
+#define CS42L42_ASP_LCPOL_MASK		(3 << CS42L42_ASP_LCPOL_SHIFT)
+#define CS42L42_ASP_LCPOL_INV		3
 
 #define CS42L42_ASP_FRM_CFG		(CS42L42_PAGE_12 + 0x08)
 #define CS42L42_ASP_STP_SHIFT		4
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 16/74] ASoC: cs42l42: Fix channel width support
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 15/74] ASoC: cs42l42: Fix Bitclock polarity inversion Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 17/74] ASoC: cs42l42: Fix mixer volume control Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lucas Tanure, Mark Brown, Sasha Levin

From: Lucas Tanure <tanureal@opensource.cirrus.com>

[ Upstream commit 2bdc4f5c6838f7c3feb4fe68e4edbeea158ec0a2 ]

Remove the hard coded 32 bits width and replace with the correct width
calculated by params_width.

Signed-off-by: Lucas Tanure <tanureal@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20210305173442.195740-3-tanureal@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 47 ++++++++++++++++++--------------------
 sound/soc/codecs/cs42l42.h |  1 -
 2 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index c78e2ce37930..26ca5acf0136 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -691,24 +691,6 @@ static int cs42l42_pll_config(struct snd_soc_component *component)
 					CS42L42_CLK_OASRC_SEL_MASK,
 					CS42L42_CLK_OASRC_SEL_12 <<
 					CS42L42_CLK_OASRC_SEL_SHIFT);
-			/* channel 1 on low LRCLK, 32 bit */
-			snd_soc_component_update_bits(component,
-					CS42L42_ASP_RX_DAI0_CH1_AP_RES,
-					CS42L42_ASP_RX_CH_AP_MASK |
-					CS42L42_ASP_RX_CH_RES_MASK,
-					(CS42L42_ASP_RX_CH_AP_LOW <<
-					CS42L42_ASP_RX_CH_AP_SHIFT) |
-					(CS42L42_ASP_RX_CH_RES_32 <<
-					CS42L42_ASP_RX_CH_RES_SHIFT));
-			/* Channel 2 on high LRCLK, 32 bit */
-			snd_soc_component_update_bits(component,
-					CS42L42_ASP_RX_DAI0_CH2_AP_RES,
-					CS42L42_ASP_RX_CH_AP_MASK |
-					CS42L42_ASP_RX_CH_RES_MASK,
-					(CS42L42_ASP_RX_CH_AP_HI <<
-					CS42L42_ASP_RX_CH_AP_SHIFT) |
-					(CS42L42_ASP_RX_CH_RES_32 <<
-					CS42L42_ASP_RX_CH_RES_SHIFT));
 			if (pll_ratio_table[i].mclk_src_sel == 0) {
 				/* Pass the clock straight through */
 				snd_soc_component_update_bits(component,
@@ -824,14 +806,29 @@ static int cs42l42_pcm_hw_params(struct snd_pcm_substream *substream,
 {
 	struct snd_soc_component *component = dai->component;
 	struct cs42l42_private *cs42l42 = snd_soc_component_get_drvdata(component);
-	int retval;
+	unsigned int width = (params_width(params) / 8) - 1;
+	unsigned int val = 0;
 
 	cs42l42->srate = params_rate(params);
-	cs42l42->swidth = params_width(params);
 
-	retval = cs42l42_pll_config(component);
+	switch(substream->stream) {
+	case SNDRV_PCM_STREAM_PLAYBACK:
+		val |= width << CS42L42_ASP_RX_CH_RES_SHIFT;
+		/* channel 1 on low LRCLK */
+		snd_soc_component_update_bits(component, CS42L42_ASP_RX_DAI0_CH1_AP_RES,
+							 CS42L42_ASP_RX_CH_AP_MASK |
+							 CS42L42_ASP_RX_CH_RES_MASK, val);
+		/* Channel 2 on high LRCLK */
+		val |= CS42L42_ASP_RX_CH_AP_HI << CS42L42_ASP_RX_CH_AP_SHIFT;
+		snd_soc_component_update_bits(component, CS42L42_ASP_RX_DAI0_CH2_AP_RES,
+							 CS42L42_ASP_RX_CH_AP_MASK |
+							 CS42L42_ASP_RX_CH_RES_MASK, val);
+		break;
+	default:
+		break;
+	}
 
-	return retval;
+	return cs42l42_pll_config(component);
 }
 
 static int cs42l42_set_sysclk(struct snd_soc_dai *dai,
@@ -896,9 +893,9 @@ static int cs42l42_digital_mute(struct snd_soc_dai *dai, int mute)
 	return 0;
 }
 
-#define CS42L42_FORMATS (SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FMTBIT_S18_3LE | \
-			SNDRV_PCM_FMTBIT_S20_3LE | SNDRV_PCM_FMTBIT_S24_LE | \
-			SNDRV_PCM_FMTBIT_S32_LE)
+#define CS42L42_FORMATS (SNDRV_PCM_FMTBIT_S16_LE |\
+			 SNDRV_PCM_FMTBIT_S24_LE |\
+			 SNDRV_PCM_FMTBIT_S32_LE )
 
 
 static const struct snd_soc_dai_ops cs42l42_ops = {
diff --git a/sound/soc/codecs/cs42l42.h b/sound/soc/codecs/cs42l42.h
index 1f0d67c95a9a..9b017b76828a 100644
--- a/sound/soc/codecs/cs42l42.h
+++ b/sound/soc/codecs/cs42l42.h
@@ -757,7 +757,6 @@ struct  cs42l42_private {
 	struct completion pdn_done;
 	u32 sclk;
 	u32 srate;
-	u32 swidth;
 	u8 plug_state;
 	u8 hs_type;
 	u8 ts_inv;
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 17/74] ASoC: cs42l42: Fix mixer volume control
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 16/74] ASoC: cs42l42: Fix channel width support Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 18/74] ASoC: cs42l42: Always wait at least 3ms after reset Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lucas Tanure, Mark Brown, Sasha Levin

From: Lucas Tanure <tanureal@opensource.cirrus.com>

[ Upstream commit 72d904763ae6a8576e7ad034f9da4f0e3c44bf24 ]

The minimum value is 0x3f (-63dB), which also is mute

Signed-off-by: Lucas Tanure <tanureal@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20210305173442.195740-4-tanureal@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index 26ca5acf0136..95930018a1a4 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -401,7 +401,7 @@ static const struct regmap_config cs42l42_regmap = {
 };
 
 static DECLARE_TLV_DB_SCALE(adc_tlv, -9600, 100, false);
-static DECLARE_TLV_DB_SCALE(mixer_tlv, -6200, 100, false);
+static DECLARE_TLV_DB_SCALE(mixer_tlv, -6300, 100, true);
 
 static const char * const cs42l42_hpf_freq_text[] = {
 	"1.86Hz", "120Hz", "235Hz", "466Hz"
@@ -458,7 +458,7 @@ static const struct snd_kcontrol_new cs42l42_snd_controls[] = {
 				CS42L42_DAC_HPF_EN_SHIFT, true, false),
 	SOC_DOUBLE_R_TLV("Mixer Volume", CS42L42_MIXER_CHA_VOL,
 			 CS42L42_MIXER_CHB_VOL, CS42L42_MIXER_CH_VOL_SHIFT,
-				0x3e, 1, mixer_tlv)
+				0x3f, 1, mixer_tlv)
 };
 
 static int cs42l42_hpdrv_evt(struct snd_soc_dapm_widget *w,
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 18/74] ASoC: cs42l42: Always wait at least 3ms after reset
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 17/74] ASoC: cs42l42: Fix mixer volume control Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 19/74] NFSD: fix error handling in NFSv4.0 callbacks Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lucas Tanure, Mark Brown, Sasha Levin

From: Lucas Tanure <tanureal@opensource.cirrus.com>

[ Upstream commit 19325cfea04446bc79b36bffd4978af15f46a00e ]

This delay is part of the power-up sequence defined in the datasheet.
A runtime_resume is a power-up so must also include the delay.

Signed-off-by: Lucas Tanure <tanureal@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20210305173442.195740-6-tanureal@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/cs42l42.c | 3 ++-
 sound/soc/codecs/cs42l42.h | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/sound/soc/codecs/cs42l42.c b/sound/soc/codecs/cs42l42.c
index 95930018a1a4..dcd2acb2c3ce 100644
--- a/sound/soc/codecs/cs42l42.c
+++ b/sound/soc/codecs/cs42l42.c
@@ -1796,7 +1796,7 @@ static int cs42l42_i2c_probe(struct i2c_client *i2c_client,
 		dev_dbg(&i2c_client->dev, "Found reset GPIO\n");
 		gpiod_set_value_cansleep(cs42l42->reset_gpio, 1);
 	}
-	mdelay(3);
+	usleep_range(CS42L42_BOOT_TIME_US, CS42L42_BOOT_TIME_US * 2);
 
 	/* Request IRQ */
 	ret = devm_request_threaded_irq(&i2c_client->dev,
@@ -1921,6 +1921,7 @@ static int cs42l42_runtime_resume(struct device *dev)
 	}
 
 	gpiod_set_value_cansleep(cs42l42->reset_gpio, 1);
+	usleep_range(CS42L42_BOOT_TIME_US, CS42L42_BOOT_TIME_US * 2);
 
 	regcache_cache_only(cs42l42->regmap, false);
 	regcache_sync(cs42l42->regmap);
diff --git a/sound/soc/codecs/cs42l42.h b/sound/soc/codecs/cs42l42.h
index 9b017b76828a..866d7c873e3c 100644
--- a/sound/soc/codecs/cs42l42.h
+++ b/sound/soc/codecs/cs42l42.h
@@ -740,6 +740,7 @@
 #define CS42L42_FRAC2_VAL(val)	(((val) & 0xff0000) >> 16)
 
 #define CS42L42_NUM_SUPPLIES	5
+#define CS42L42_BOOT_TIME_US	3000
 
 static const char *const cs42l42_supply_names[CS42L42_NUM_SUPPLIES] = {
 	"VA",
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 19/74] NFSD: fix error handling in NFSv4.0 callbacks
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 18/74] ASoC: cs42l42: Always wait at least 3ms after reset Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 20/74] powerpc: Force inlining of cpu_has_feature() to avoid build failure Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Bruce Fields, Olga Kornievskaia,
	Chuck Lever, Benjamin Coddington, Sasha Levin

From: Olga Kornievskaia <kolga@netapp.com>

[ Upstream commit b4250dd868d1b42c0a65de11ef3afbee67ba5d2f ]

When the server tries to do a callback and a client fails it due to
authentication problems, we need the server to set callback down
flag in RENEW so that client can recover.

Suggested-by: Bruce Fields <bfields@redhat.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Tested-by: Benjamin Coddington <bcodding@redhat.com>
Link: https://lore.kernel.org/linux-nfs/FB84E90A-1A03-48B3-8BF7-D9D10AC2C9FE@oracle.com/T/#t
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfsd/nfs4callback.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index efe55d101b0e..3c50d18fe8a9 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1121,6 +1121,7 @@ static void nfsd4_cb_done(struct rpc_task *task, void *calldata)
 		switch (task->tk_status) {
 		case -EIO:
 		case -ETIMEDOUT:
+		case -EACCES:
 			nfsd4_mark_cb_down(clp, task->tk_status);
 		}
 		break;
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 20/74] powerpc: Force inlining of cpu_has_feature() to avoid build failure
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 19/74] NFSD: fix error handling in NFSv4.0 callbacks Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 21/74] vhost: Fix vhost_vq_reset() Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman,
	Sasha Levin

From: Christophe Leroy <christophe.leroy@csgroup.eu>

[ Upstream commit eed5fae00593ab9d261a0c1ffc1bdb786a87a55a ]

The code relies on constant folding of cpu_has_feature() based
on possible and always true values as defined per
CPU_FTRS_ALWAYS and CPU_FTRS_POSSIBLE.

Build failure is encountered with for instance
book3e_all_defconfig on kisskb in the AMDGPU driver which uses
cpu_has_feature(CPU_FTR_VSX_COMP) to decide whether calling
kernel_enable_vsx() or not.

The failure is due to cpu_has_feature() not being inlined with
that configuration with gcc 4.9.

In the same way as commit acdad8fb4a15 ("powerpc: Force inlining of
mmu_has_feature to fix build failure"), for inlining of
cpu_has_feature().

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/b231dfa040ce4cc37f702f5c3a595fdeabfe0462.1615378209.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/include/asm/cpu_has_feature.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/cpu_has_feature.h b/arch/powerpc/include/asm/cpu_has_feature.h
index 7897d16e0990..727d4b321937 100644
--- a/arch/powerpc/include/asm/cpu_has_feature.h
+++ b/arch/powerpc/include/asm/cpu_has_feature.h
@@ -7,7 +7,7 @@
 #include <linux/bug.h>
 #include <asm/cputable.h>
 
-static inline bool early_cpu_has_feature(unsigned long feature)
+static __always_inline bool early_cpu_has_feature(unsigned long feature)
 {
 	return !!((CPU_FTRS_ALWAYS & feature) ||
 		  (CPU_FTRS_POSSIBLE & cur_cpu_spec->cpu_features & feature));
@@ -46,7 +46,7 @@ static __always_inline bool cpu_has_feature(unsigned long feature)
 	return static_branch_likely(&cpu_feature_keys[i]);
 }
 #else
-static inline bool cpu_has_feature(unsigned long feature)
+static __always_inline bool cpu_has_feature(unsigned long feature)
 {
 	return early_cpu_has_feature(feature);
 }
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 21/74] vhost: Fix vhost_vq_reset()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 20/74] powerpc: Force inlining of cpu_has_feature() to avoid build failure Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 22/74] scsi: st: Fix a use after free in st_open() Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Laurent Vivier, Michael S. Tsirkin,
	Sasha Levin

From: Laurent Vivier <lvivier@redhat.com>

[ Upstream commit beb691e69f4dec7bfe8b81b509848acfd1f0dbf9 ]

vhost_reset_is_le() is vhost_init_is_le(), and in the case of
cross-endian legacy, vhost_init_is_le() depends on vq->user_be.

vq->user_be is set by vhost_disable_cross_endian().

But in vhost_vq_reset(), we have:

    vhost_reset_is_le(vq);
    vhost_disable_cross_endian(vq);

And so user_be is used before being set.

To fix that, reverse the lines order as there is no other dependency
between them.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Link: https://lore.kernel.org/r/20210312140913.788592-1-lvivier@redhat.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/vhost/vhost.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 57ab79fbcee9..a279ecacbf60 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -320,8 +320,8 @@ static void vhost_vq_reset(struct vhost_dev *dev,
 	vq->kick = NULL;
 	vq->call_ctx = NULL;
 	vq->log_ctx = NULL;
-	vhost_reset_is_le(vq);
 	vhost_disable_cross_endian(vq);
+	vhost_reset_is_le(vq);
 	vq->busyloop_timeout = 0;
 	vq->umem = NULL;
 	vq->iotlb = NULL;
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 22/74] scsi: st: Fix a use after free in st_open()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 21/74] vhost: Fix vhost_vq_reset() Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 23/74] scsi: qla2xxx: Fix broken #endif placement Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kai Mäkisara, Lv Yunlong,
	Martin K. Petersen, Sasha Levin

From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>

[ Upstream commit c8c165dea4c8f5ad67b1240861e4f6c5395fa4ac ]

In st_open(), if STp->in_use is true, STp will be freed by
scsi_tape_put(). However, STp is still used by DEBC_printk() after. It is
better to DEBC_printk() before scsi_tape_put().

Link: https://lore.kernel.org/r/20210311064636.10522-1-lyl2019@mail.ustc.edu.cn
Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi>
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/st.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
index e3266a64a477..2121e44c342f 100644
--- a/drivers/scsi/st.c
+++ b/drivers/scsi/st.c
@@ -1267,8 +1267,8 @@ static int st_open(struct inode *inode, struct file *filp)
 	spin_lock(&st_use_lock);
 	if (STp->in_use) {
 		spin_unlock(&st_use_lock);
-		scsi_tape_put(STp);
 		DEBC_printk(STp, "Device already in use.\n");
+		scsi_tape_put(STp);
 		return (-EBUSY);
 	}
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 23/74] scsi: qla2xxx: Fix broken #endif placement
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 22/74] scsi: st: Fix a use after free in st_open() Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 24/74] staging: comedi: cb_pcidas: fix request_irq() warn Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Alexey Dobriyan,
	Martin K. Petersen, Sasha Levin

From: Alexey Dobriyan <adobriyan@gmail.com>

[ Upstream commit 5999b9e5b1f8a2f5417b755130919b3ac96f5550 ]

Only half of the file is under include guard because terminating #endif
is placed too early.

Link: https://lore.kernel.org/r/YE4snvoW1SuwcXAn@localhost.localdomain
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/qla2xxx/qla_target.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_target.h b/drivers/scsi/qla2xxx/qla_target.h
index d006f0a97b8c..2236751a3a56 100644
--- a/drivers/scsi/qla2xxx/qla_target.h
+++ b/drivers/scsi/qla2xxx/qla_target.h
@@ -116,7 +116,6 @@
 	(min(1270, ((ql) > 0) ? (QLA_TGT_DATASEGS_PER_CMD_24XX + \
 		QLA_TGT_DATASEGS_PER_CONT_24XX*((ql) - 1)) : 0))
 #endif
-#endif
 
 #define GET_TARGET_ID(ha, iocb) ((HAS_EXTENDED_IDS(ha))			\
 			 ? le16_to_cpu((iocb)->u.isp2x.target.extended)	\
@@ -244,6 +243,7 @@ struct ctio_to_2xxx {
 #ifndef CTIO_RET_TYPE
 #define CTIO_RET_TYPE	0x17		/* CTIO return entry */
 #define ATIO_TYPE7 0x06 /* Accept target I/O entry for 24xx */
+#endif
 
 struct fcp_hdr {
 	uint8_t  r_ctl;
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 24/74] staging: comedi: cb_pcidas: fix request_irq() warn
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 23/74] scsi: qla2xxx: Fix broken #endif placement Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 25/74] staging: comedi: cb_pcidas64: " Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ian Abbott, Tong Zhang, Sasha Levin

From: Tong Zhang <ztong0001@gmail.com>

[ Upstream commit 2e5848a3d86f03024ae096478bdb892ab3d79131 ]

request_irq() wont accept a name which contains slash so we need to
repalce it with something else -- otherwise it will trigger a warning
and the entry in /proc/irq/ will not be created
since the .name might be used by userspace and we don't want to break
userspace, so we are changing the parameters passed to request_irq()

[    1.630764] name 'pci-das1602/16'
[    1.630950] WARNING: CPU: 0 PID: 181 at fs/proc/generic.c:180 __xlate_proc_name+0x93/0xb0
[    1.634009] RIP: 0010:__xlate_proc_name+0x93/0xb0
[    1.639441] Call Trace:
[    1.639976]  proc_mkdir+0x18/0x20
[    1.641946]  request_threaded_irq+0xfe/0x160
[    1.642186]  cb_pcidas_auto_attach+0xf4/0x610 [cb_pcidas]

Suggested-by: Ian Abbott <abbotti@mev.co.uk>
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20210315195914.4801-1-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/comedi/drivers/cb_pcidas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/comedi/drivers/cb_pcidas.c b/drivers/staging/comedi/drivers/cb_pcidas.c
index 1893c70de0b9..10f097a7d847 100644
--- a/drivers/staging/comedi/drivers/cb_pcidas.c
+++ b/drivers/staging/comedi/drivers/cb_pcidas.c
@@ -1281,7 +1281,7 @@ static int cb_pcidas_auto_attach(struct comedi_device *dev,
 	     devpriv->amcc + AMCC_OP_REG_INTCSR);
 
 	ret = request_irq(pcidev->irq, cb_pcidas_interrupt, IRQF_SHARED,
-			  dev->board_name, dev);
+			  "cb_pcidas", dev);
 	if (ret) {
 		dev_dbg(dev->class_dev, "unable to allocate irq %d\n",
 			pcidev->irq);
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 25/74] staging: comedi: cb_pcidas64: fix request_irq() warn
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 24/74] staging: comedi: cb_pcidas: fix request_irq() warn Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 26/74] ASoC: rt5659: Update MCLK rate in set_sysclk() Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ian Abbott, Tong Zhang, Sasha Levin

From: Tong Zhang <ztong0001@gmail.com>

[ Upstream commit d2d106fe3badfc3bf0dd3899d1c3f210c7203eab ]

request_irq() wont accept a name which contains slash so we need to
repalce it with something else -- otherwise it will trigger a warning
and the entry in /proc/irq/ will not be created
since the .name might be used by userspace and we don't want to break
userspace, so we are changing the parameters passed to request_irq()

[    1.565966] name 'pci-das6402/16'
[    1.566149] WARNING: CPU: 0 PID: 184 at fs/proc/generic.c:180 __xlate_proc_name+0x93/0xb0
[    1.568923] RIP: 0010:__xlate_proc_name+0x93/0xb0
[    1.574200] Call Trace:
[    1.574722]  proc_mkdir+0x18/0x20
[    1.576629]  request_threaded_irq+0xfe/0x160
[    1.576859]  auto_attach+0x60a/0xc40 [cb_pcidas64]

Suggested-by: Ian Abbott <abbotti@mev.co.uk>
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20210315195814.4692-1-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/comedi/drivers/cb_pcidas64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/comedi/drivers/cb_pcidas64.c b/drivers/staging/comedi/drivers/cb_pcidas64.c
index e1774e09a320..9fe8b65cd9e3 100644
--- a/drivers/staging/comedi/drivers/cb_pcidas64.c
+++ b/drivers/staging/comedi/drivers/cb_pcidas64.c
@@ -4035,7 +4035,7 @@ static int auto_attach(struct comedi_device *dev,
 	init_stc_registers(dev);
 
 	retval = request_irq(pcidev->irq, handle_interrupt, IRQF_SHARED,
-			     dev->board_name, dev);
+			     "cb_pcidas64", dev);
 	if (retval) {
 		dev_dbg(dev->class_dev, "unable to allocate irq %u\n",
 			pcidev->irq);
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 26/74] ASoC: rt5659: Update MCLK rate in set_sysclk()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 25/74] staging: comedi: cb_pcidas64: " Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 27/74] thermal/core: Add NULL pointer check before using cooling device stats Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mark Brown, Michael Walle,
	Sameer Pujar, Sasha Levin

From: Sameer Pujar <spujar@nvidia.com>

[ Upstream commit dbf54a9534350d6aebbb34f5c1c606b81a4f35dd ]

Simple-card/audio-graph-card drivers do not handle MCLK clock when it
is specified in the codec device node. The expectation here is that,
the codec should actually own up the MCLK clock and do necessary setup
in the driver.

Suggested-by: Mark Brown <broonie@kernel.org>
Suggested-by: Michael Walle <michael@walle.cc>
Signed-off-by: Sameer Pujar <spujar@nvidia.com>
Link: https://lore.kernel.org/r/1615829492-8972-3-git-send-email-spujar@nvidia.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/rt5659.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sound/soc/codecs/rt5659.c b/sound/soc/codecs/rt5659.c
index e66d08398f74..afd61599d94c 100644
--- a/sound/soc/codecs/rt5659.c
+++ b/sound/soc/codecs/rt5659.c
@@ -3463,12 +3463,17 @@ static int rt5659_set_component_sysclk(struct snd_soc_component *component, int
 {
 	struct rt5659_priv *rt5659 = snd_soc_component_get_drvdata(component);
 	unsigned int reg_val = 0;
+	int ret;
 
 	if (freq == rt5659->sysclk && clk_id == rt5659->sysclk_src)
 		return 0;
 
 	switch (clk_id) {
 	case RT5659_SCLK_S_MCLK:
+		ret = clk_set_rate(rt5659->mclk, freq);
+		if (ret)
+			return ret;
+
 		reg_val |= RT5659_SCLK_SRC_MCLK;
 		break;
 	case RT5659_SCLK_S_PLL1:
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 27/74] thermal/core: Add NULL pointer check before using cooling device stats
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 26/74] ASoC: rt5659: Update MCLK rate in set_sysclk() Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 28/74] locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Manaf Meethalavalappu Pallikunhi,
	Daniel Lezcano, Sasha Levin

From: Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>

[ Upstream commit 2046a24ae121cd107929655a6aaf3b8c5beea01f ]

There is a possible chance that some cooling device stats buffer
allocation fails due to very high cooling device max state value.
Later cooling device update sysfs can try to access stats data
for the same cooling device. It will lead to NULL pointer
dereference issue.

Add a NULL pointer check before accessing thermal cooling device
stats data. It fixes the following bug

[ 26.812833] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004
[ 27.122960] Call trace:
[ 27.122963] do_raw_spin_lock+0x18/0xe8
[ 27.122966] _raw_spin_lock+0x24/0x30
[ 27.128157] thermal_cooling_device_stats_update+0x24/0x98
[ 27.128162] cur_state_store+0x88/0xb8
[ 27.128166] dev_attr_store+0x40/0x58
[ 27.128169] sysfs_kf_write+0x50/0x68
[ 27.133358] kernfs_fop_write+0x12c/0x1c8
[ 27.133362] __vfs_write+0x54/0x160
[ 27.152297] vfs_write+0xcc/0x188
[ 27.157132] ksys_write+0x78/0x108
[ 27.162050] ksys_write+0xf8/0x108
[ 27.166968] __arm_smccc_hvc+0x158/0x4b0
[ 27.166973] __arm_smccc_hvc+0x9c/0x4b0
[ 27.186005] el0_svc+0x8/0xc

Signed-off-by: Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/1607367181-24589-1-git-send-email-manafm@codeaurora.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/thermal/thermal_sysfs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/thermal/thermal_sysfs.c b/drivers/thermal/thermal_sysfs.c
index aa99edb4dff7..4dce4a8f71ed 100644
--- a/drivers/thermal/thermal_sysfs.c
+++ b/drivers/thermal/thermal_sysfs.c
@@ -770,6 +770,9 @@ void thermal_cooling_device_stats_update(struct thermal_cooling_device *cdev,
 {
 	struct cooling_dev_stats *stats = cdev->stats;
 
+	if (!stats)
+		return;
+
 	spin_lock(&stats->lock);
 
 	if (stats->state == new_state)
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 28/74] locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 27/74] thermal/core: Add NULL pointer check before using cooling device stats Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 29/74] ext4: do not iput inode under running transaction in ext4_rename() Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Waiman Long, Ingo Molnar,
	Davidlohr Bueso, Sasha Levin

From: Waiman Long <longman@redhat.com>

[ Upstream commit 5de2055d31ea88fd9ae9709ac95c372a505a60fa ]

The use_ww_ctx flag is passed to mutex_optimistic_spin(), but the
function doesn't use it. The frequent use of the (use_ww_ctx && ww_ctx)
combination is repetitive.

In fact, ww_ctx should not be used at all if !use_ww_ctx.  Simplify
ww_mutex code by dropping use_ww_ctx from mutex_optimistic_spin() an
clear ww_ctx if !use_ww_ctx. In this way, we can replace (use_ww_ctx &&
ww_ctx) by just (ww_ctx).

Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Davidlohr Bueso <dbueso@suse.de>
Link: https://lore.kernel.org/r/20210316153119.13802-2-longman@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/locking/mutex.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c
index 468a9b8422e3..07a9f9f46e03 100644
--- a/kernel/locking/mutex.c
+++ b/kernel/locking/mutex.c
@@ -636,7 +636,7 @@ static inline int mutex_can_spin_on_owner(struct mutex *lock)
  */
 static __always_inline bool
 mutex_optimistic_spin(struct mutex *lock, struct ww_acquire_ctx *ww_ctx,
-		      const bool use_ww_ctx, struct mutex_waiter *waiter)
+		      struct mutex_waiter *waiter)
 {
 	if (!waiter) {
 		/*
@@ -712,7 +712,7 @@ fail:
 #else
 static __always_inline bool
 mutex_optimistic_spin(struct mutex *lock, struct ww_acquire_ctx *ww_ctx,
-		      const bool use_ww_ctx, struct mutex_waiter *waiter)
+		      struct mutex_waiter *waiter)
 {
 	return false;
 }
@@ -932,6 +932,9 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 	struct ww_mutex *ww;
 	int ret;
 
+	if (!use_ww_ctx)
+		ww_ctx = NULL;
+
 	might_sleep();
 
 #ifdef CONFIG_DEBUG_MUTEXES
@@ -939,7 +942,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 #endif
 
 	ww = container_of(lock, struct ww_mutex, base);
-	if (use_ww_ctx && ww_ctx) {
+	if (ww_ctx) {
 		if (unlikely(ww_ctx == READ_ONCE(ww->ctx)))
 			return -EALREADY;
 
@@ -956,10 +959,10 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 	mutex_acquire_nest(&lock->dep_map, subclass, 0, nest_lock, ip);
 
 	if (__mutex_trylock(lock) ||
-	    mutex_optimistic_spin(lock, ww_ctx, use_ww_ctx, NULL)) {
+	    mutex_optimistic_spin(lock, ww_ctx, NULL)) {
 		/* got the lock, yay! */
 		lock_acquired(&lock->dep_map, ip);
-		if (use_ww_ctx && ww_ctx)
+		if (ww_ctx)
 			ww_mutex_set_context_fastpath(ww, ww_ctx);
 		preempt_enable();
 		return 0;
@@ -970,7 +973,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 	 * After waiting to acquire the wait_lock, try again.
 	 */
 	if (__mutex_trylock(lock)) {
-		if (use_ww_ctx && ww_ctx)
+		if (ww_ctx)
 			__ww_mutex_check_waiters(lock, ww_ctx);
 
 		goto skip_wait;
@@ -1023,7 +1026,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 			goto err;
 		}
 
-		if (use_ww_ctx && ww_ctx) {
+		if (ww_ctx) {
 			ret = __ww_mutex_check_kill(lock, &waiter, ww_ctx);
 			if (ret)
 				goto err;
@@ -1036,7 +1039,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 		 * ww_mutex needs to always recheck its position since its waiter
 		 * list is not FIFO ordered.
 		 */
-		if ((use_ww_ctx && ww_ctx) || !first) {
+		if (ww_ctx || !first) {
 			first = __mutex_waiter_is_first(lock, &waiter);
 			if (first)
 				__mutex_set_flag(lock, MUTEX_FLAG_HANDOFF);
@@ -1049,7 +1052,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 		 * or we must see its unlock and acquire.
 		 */
 		if (__mutex_trylock(lock) ||
-		    (first && mutex_optimistic_spin(lock, ww_ctx, use_ww_ctx, &waiter)))
+		    (first && mutex_optimistic_spin(lock, ww_ctx, &waiter)))
 			break;
 
 		spin_lock(&lock->wait_lock);
@@ -1058,7 +1061,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
 acquired:
 	__set_current_state(TASK_RUNNING);
 
-	if (use_ww_ctx && ww_ctx) {
+	if (ww_ctx) {
 		/*
 		 * Wound-Wait; we stole the lock (!first_waiter), check the
 		 * waiters as anyone might want to wound us.
@@ -1078,7 +1081,7 @@ skip_wait:
 	/* got the lock - cleanup and rejoice! */
 	lock_acquired(&lock->dep_map, ip);
 
-	if (use_ww_ctx && ww_ctx)
+	if (ww_ctx)
 		ww_mutex_lock_acquired(ww, ww_ctx);
 
 	spin_unlock(&lock->wait_lock);
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 29/74] ext4: do not iput inode under running transaction in ext4_rename()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 28/74] locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 30/74] net: mvpp2: fix interrupt mask/unmask skip condition Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, zhangyi (F), Theodore Tso, Sasha Levin

From: zhangyi (F) <yi.zhang@huawei.com>

[ Upstream commit 5dccdc5a1916d4266edd251f20bbbb113a5c495f ]

In ext4_rename(), when RENAME_WHITEOUT failed to add new entry into
directory, it ends up dropping new created whiteout inode under the
running transaction. After commit <9b88f9fb0d2> ("ext4: Do not iput inode
under running transaction"), we follow the assumptions that evict() does
not get called from a transaction context but in ext4_rename() it breaks
this suggestion. Although it's not a real problem, better to obey it, so
this patch add inode to orphan list and stop transaction before final
iput().

Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
Link: https://lore.kernel.org/r/20210303131703.330415-2-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ext4/namei.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index e992a9f15671..4c37abe76851 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3731,14 +3731,14 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
 	 */
 	retval = -ENOENT;
 	if (!old.bh || le32_to_cpu(old.de->inode) != old.inode->i_ino)
-		goto end_rename;
+		goto release_bh;
 
 	new.bh = ext4_find_entry(new.dir, &new.dentry->d_name,
 				 &new.de, &new.inlined);
 	if (IS_ERR(new.bh)) {
 		retval = PTR_ERR(new.bh);
 		new.bh = NULL;
-		goto end_rename;
+		goto release_bh;
 	}
 	if (new.bh) {
 		if (!new.inode) {
@@ -3755,15 +3755,13 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
 		handle = ext4_journal_start(old.dir, EXT4_HT_DIR, credits);
 		if (IS_ERR(handle)) {
 			retval = PTR_ERR(handle);
-			handle = NULL;
-			goto end_rename;
+			goto release_bh;
 		}
 	} else {
 		whiteout = ext4_whiteout_for_rename(&old, credits, &handle);
 		if (IS_ERR(whiteout)) {
 			retval = PTR_ERR(whiteout);
-			whiteout = NULL;
-			goto end_rename;
+			goto release_bh;
 		}
 	}
 
@@ -3871,16 +3869,18 @@ end_rename:
 			ext4_resetent(handle, &old,
 				      old.inode->i_ino, old_file_type);
 			drop_nlink(whiteout);
+			ext4_orphan_add(handle, whiteout);
 		}
 		unlock_new_inode(whiteout);
+		ext4_journal_stop(handle);
 		iput(whiteout);
-
+	} else {
+		ext4_journal_stop(handle);
 	}
+release_bh:
 	brelse(old.dir_bh);
 	brelse(old.bh);
 	brelse(new.bh);
-	if (handle)
-		ext4_journal_stop(handle);
 	return retval;
 }
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 30/74] net: mvpp2: fix interrupt mask/unmask skip condition
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 29/74] ext4: do not iput inode under running transaction in ext4_rename() Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 31/74] flow_dissector: fix TTL and TOS dissection on IPv4 fragments Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Russell King, Stefan Chulski,
	David S. Miller, Sasha Levin

[ Upstream commit 7867299cde34e9c2d2c676f2a384a9d5853b914d ]

The condition should be skipped if CPU ID equal to nthreads.
The patch doesn't fix any actual issue since
nthreads = min_t(unsigned int, num_present_cpus(), MVPP2_MAX_THREADS).
On all current Armada platforms, the number of CPU's is
less than MVPP2_MAX_THREADS.

Fixes: e531f76757eb ("net: mvpp2: handle cases where more CPUs are available than s/w threads")
Reported-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
index 9a77b70ad601..491bcfd36ac2 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -1073,7 +1073,7 @@ static void mvpp2_interrupts_unmask(void *arg)
 	u32 val;
 
 	/* If the thread isn't used, don't do anything */
-	if (smp_processor_id() > port->priv->nthreads)
+	if (smp_processor_id() >= port->priv->nthreads)
 		return;
 
 	val = MVPP2_CAUSE_MISC_SUM_MASK |
@@ -2078,7 +2078,7 @@ static void mvpp2_txq_sent_counter_clear(void *arg)
 	int queue;
 
 	/* If the thread isn't used, don't do anything */
-	if (smp_processor_id() > port->priv->nthreads)
+	if (smp_processor_id() >= port->priv->nthreads)
 		return;
 
 	for (queue = 0; queue < port->ntxqs; queue++) {
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 31/74] flow_dissector: fix TTL and TOS dissection on IPv4 fragments
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 30/74] net: mvpp2: fix interrupt mask/unmask skip condition Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 32/74] can: dev: move driver related infrastructure into separate subdir Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Shuang Li, Davide Caratti,
	David S. Miller, Sasha Levin

From: Davide Caratti <dcaratti@redhat.com>

[ Upstream commit d2126838050ccd1dadf310ffb78b2204f3b032b9 ]

the following command:

 # tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
   $tcflags dst_ip 192.0.2.2 ip_ttl 63 action drop

doesn't drop all IPv4 packets that match the configured TTL / destination
address. In particular, if "fragment offset" or "more fragments" have non
zero value in the IPv4 header, setting of FLOW_DISSECTOR_KEY_IP is simply
ignored. Fix this dissecting IPv4 TTL and TOS before fragment info; while
at it, add a selftest for tc flower's match on 'ip_ttl' that verifies the
correct behavior.

Fixes: 518d8a2e9bad ("net/flow_dissector: add support for dissection of misc ip header fields")
Reported-by: Shuang Li <shuali@redhat.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/core/flow_dissector.c                     |  6 +--
 .../selftests/net/forwarding/tc_flower.sh     | 38 ++++++++++++++++++-
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index e3bdd859c895..da86c0e1b677 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1028,6 +1028,9 @@ proto_again:
 			key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
 		}
 
+		__skb_flow_dissect_ipv4(skb, flow_dissector,
+					target_container, data, iph);
+
 		if (ip_is_fragment(iph)) {
 			key_control->flags |= FLOW_DIS_IS_FRAGMENT;
 
@@ -1044,9 +1047,6 @@ proto_again:
 			}
 		}
 
-		__skb_flow_dissect_ipv4(skb, flow_dissector,
-					target_container, data, iph);
-
 		break;
 	}
 	case htons(ETH_P_IPV6): {
diff --git a/tools/testing/selftests/net/forwarding/tc_flower.sh b/tools/testing/selftests/net/forwarding/tc_flower.sh
index 058c746ee300..b11d8e6b5bc1 100755
--- a/tools/testing/selftests/net/forwarding/tc_flower.sh
+++ b/tools/testing/selftests/net/forwarding/tc_flower.sh
@@ -3,7 +3,7 @@
 
 ALL_TESTS="match_dst_mac_test match_src_mac_test match_dst_ip_test \
 	match_src_ip_test match_ip_flags_test match_pcp_test match_vlan_test \
-	match_ip_tos_test match_indev_test"
+	match_ip_tos_test match_indev_test match_ip_ttl_test"
 NUM_NETIFS=2
 source tc_common.sh
 source lib.sh
@@ -310,6 +310,42 @@ match_ip_tos_test()
 	log_test "ip_tos match ($tcflags)"
 }
 
+match_ip_ttl_test()
+{
+	RET=0
+
+	tc filter add dev $h2 ingress protocol ip pref 1 handle 101 flower \
+		$tcflags dst_ip 192.0.2.2 ip_ttl 63 action drop
+	tc filter add dev $h2 ingress protocol ip pref 2 handle 102 flower \
+		$tcflags dst_ip 192.0.2.2 action drop
+
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+		-t ip "ttl=63" -q
+
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+		-t ip "ttl=63,mf,frag=256" -q
+
+	tc_check_packets "dev $h2 ingress" 102 1
+	check_fail $? "Matched on the wrong filter (no check on ttl)"
+
+	tc_check_packets "dev $h2 ingress" 101 2
+	check_err $? "Did not match on correct filter (ttl=63)"
+
+	$MZ $h1 -c 1 -p 64 -a $h1mac -b $h2mac -A 192.0.2.1 -B 192.0.2.2 \
+		-t ip "ttl=255" -q
+
+	tc_check_packets "dev $h2 ingress" 101 3
+	check_fail $? "Matched on a wrong filter (ttl=63)"
+
+	tc_check_packets "dev $h2 ingress" 102 1
+	check_err $? "Did not match on correct filter (no check on ttl)"
+
+	tc filter del dev $h2 ingress protocol ip pref 2 handle 102 flower
+	tc filter del dev $h2 ingress protocol ip pref 1 handle 101 flower
+
+	log_test "ip_ttl match ($tcflags)"
+}
+
 match_indev_test()
 {
 	RET=0
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 32/74] can: dev: move driver related infrastructure into separate subdir
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 31/74] flow_dissector: fix TTL and TOS dissection on IPv4 fragments Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 33/74] net: introduce CAN specific pointer in the struct net_device Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, Marc Kleine-Budde,
	Sasha Levin

From: Marc Kleine-Budde <mkl@pengutronix.de>

[ Upstream commit 3e77f70e734584e0ad1038e459ed3fd2400f873a ]

This patch moves the CAN driver related infrastructure into a separate subdir.
It will be split into more files in the coming patches.

Reviewed-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Link: https://lore.kernel.org/r/20210111141930.693847-3-mkl@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/can/Makefile               | 7 +------
 drivers/net/can/dev/Makefile           | 7 +++++++
 drivers/net/can/{ => dev}/dev.c        | 0
 drivers/net/can/{ => dev}/rx-offload.c | 0
 4 files changed, 8 insertions(+), 6 deletions(-)
 create mode 100644 drivers/net/can/dev/Makefile
 rename drivers/net/can/{ => dev}/dev.c (100%)
 rename drivers/net/can/{ => dev}/rx-offload.c (100%)

diff --git a/drivers/net/can/Makefile b/drivers/net/can/Makefile
index 22164300122d..a2b4463d8480 100644
--- a/drivers/net/can/Makefile
+++ b/drivers/net/can/Makefile
@@ -7,12 +7,7 @@ obj-$(CONFIG_CAN_VCAN)		+= vcan.o
 obj-$(CONFIG_CAN_VXCAN)		+= vxcan.o
 obj-$(CONFIG_CAN_SLCAN)		+= slcan.o
 
-obj-$(CONFIG_CAN_DEV)		+= can-dev.o
-can-dev-y			+= dev.o
-can-dev-y			+= rx-offload.o
-
-can-dev-$(CONFIG_CAN_LEDS)	+= led.o
-
+obj-y				+= dev/
 obj-y				+= rcar/
 obj-y				+= spi/
 obj-y				+= usb/
diff --git a/drivers/net/can/dev/Makefile b/drivers/net/can/dev/Makefile
new file mode 100644
index 000000000000..cba92e6bcf6f
--- /dev/null
+++ b/drivers/net/can/dev/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0
+
+obj-$(CONFIG_CAN_DEV)		+= can-dev.o
+can-dev-y			+= dev.o
+can-dev-y			+= rx-offload.o
+
+can-dev-$(CONFIG_CAN_LEDS)	+= led.o
diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev/dev.c
similarity index 100%
rename from drivers/net/can/dev.c
rename to drivers/net/can/dev/dev.c
diff --git a/drivers/net/can/rx-offload.c b/drivers/net/can/dev/rx-offload.c
similarity index 100%
rename from drivers/net/can/rx-offload.c
rename to drivers/net/can/dev/rx-offload.c
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 33/74] net: introduce CAN specific pointer in the struct net_device
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 32/74] can: dev: move driver related infrastructure into separate subdir Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 34/74] can: tcan4x5x: fix max register value Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+5138c4dd15a0401bec7b,
	Oleksij Rempel, Jakub Kicinski, Sasha Levin

From: Oleksij Rempel <o.rempel@pengutronix.de>

[ Upstream commit 4e096a18867a5a989b510f6999d9c6b6622e8f7b ]

Since 20dd3850bcf8 ("can: Speed up CAN frame receiption by using
ml_priv") the CAN framework uses per device specific data in the AF_CAN
protocol. For this purpose the struct net_device->ml_priv is used. Later
the ml_priv usage in CAN was extended for other users, one of them being
CAN_J1939.

Later in the kernel ml_priv was converted to an union, used by other
drivers. E.g. the tun driver started storing it's stats pointer.

Since tun devices can claim to be a CAN device, CAN specific protocols
will wrongly interpret this pointer, which will cause system crashes.
Mostly this issue is visible in the CAN_J1939 stack.

To fix this issue, we request a dedicated CAN pointer within the
net_device struct.

Reported-by: syzbot+5138c4dd15a0401bec7b@syzkaller.appspotmail.com
Fixes: 20dd3850bcf8 ("can: Speed up CAN frame receiption by using ml_priv")
Fixes: ffd956eef69b ("can: introduce CAN midlayer private and allocate it automatically")
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Fixes: 497a5757ce4e ("tun: switch to net core provided statistics counters")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20210223070127.4538-1-o.rempel@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/can/dev/dev.c  |  4 +++-
 drivers/net/can/slcan.c    |  4 +++-
 drivers/net/can/vcan.c     |  2 +-
 drivers/net/can/vxcan.c    |  6 +++++-
 include/linux/can/can-ml.h | 12 ++++++++++++
 include/linux/netdevice.h  | 34 +++++++++++++++++++++++++++++++++-
 net/can/af_can.c           | 34 ++--------------------------------
 net/can/j1939/main.c       | 22 ++++++++--------------
 net/can/j1939/socket.c     | 13 ++++---------
 net/can/proc.c             | 19 +++++++++++++------
 10 files changed, 84 insertions(+), 66 deletions(-)

diff --git a/drivers/net/can/dev/dev.c b/drivers/net/can/dev/dev.c
index 1e0c1a05df82..322da89cb9c6 100644
--- a/drivers/net/can/dev/dev.c
+++ b/drivers/net/can/dev/dev.c
@@ -718,6 +718,7 @@ EXPORT_SYMBOL_GPL(alloc_can_err_skb);
 struct net_device *alloc_candev_mqs(int sizeof_priv, unsigned int echo_skb_max,
 				    unsigned int txqs, unsigned int rxqs)
 {
+	struct can_ml_priv *can_ml;
 	struct net_device *dev;
 	struct can_priv *priv;
 	int size;
@@ -749,7 +750,8 @@ struct net_device *alloc_candev_mqs(int sizeof_priv, unsigned int echo_skb_max,
 	priv = netdev_priv(dev);
 	priv->dev = dev;
 
-	dev->ml_priv = (void *)priv + ALIGN(sizeof_priv, NETDEV_ALIGN);
+	can_ml = (void *)priv + ALIGN(sizeof_priv, NETDEV_ALIGN);
+	can_set_ml_priv(dev, can_ml);
 
 	if (echo_skb_max) {
 		priv->echo_skb_max = echo_skb_max;
diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c
index 4dfa459ef5c7..95fefb1eef36 100644
--- a/drivers/net/can/slcan.c
+++ b/drivers/net/can/slcan.c
@@ -519,6 +519,7 @@ static struct slcan *slc_alloc(void)
 	int i;
 	char name[IFNAMSIZ];
 	struct net_device *dev = NULL;
+	struct can_ml_priv *can_ml;
 	struct slcan       *sl;
 	int size;
 
@@ -541,7 +542,8 @@ static struct slcan *slc_alloc(void)
 
 	dev->base_addr  = i;
 	sl = netdev_priv(dev);
-	dev->ml_priv = (void *)sl + ALIGN(sizeof(*sl), NETDEV_ALIGN);
+	can_ml = (void *)sl + ALIGN(sizeof(*sl), NETDEV_ALIGN);
+	can_set_ml_priv(dev, can_ml);
 
 	/* Initialize channel control data */
 	sl->magic = SLCAN_MAGIC;
diff --git a/drivers/net/can/vcan.c b/drivers/net/can/vcan.c
index 39ca14b0585d..067705e2850b 100644
--- a/drivers/net/can/vcan.c
+++ b/drivers/net/can/vcan.c
@@ -153,7 +153,7 @@ static void vcan_setup(struct net_device *dev)
 	dev->addr_len		= 0;
 	dev->tx_queue_len	= 0;
 	dev->flags		= IFF_NOARP;
-	dev->ml_priv		= netdev_priv(dev);
+	can_set_ml_priv(dev, netdev_priv(dev));
 
 	/* set flags according to driver capabilities */
 	if (echo)
diff --git a/drivers/net/can/vxcan.c b/drivers/net/can/vxcan.c
index b1baa4ac1d53..7000c6cd1e48 100644
--- a/drivers/net/can/vxcan.c
+++ b/drivers/net/can/vxcan.c
@@ -141,6 +141,8 @@ static const struct net_device_ops vxcan_netdev_ops = {
 
 static void vxcan_setup(struct net_device *dev)
 {
+	struct can_ml_priv *can_ml;
+
 	dev->type		= ARPHRD_CAN;
 	dev->mtu		= CANFD_MTU;
 	dev->hard_header_len	= 0;
@@ -149,7 +151,9 @@ static void vxcan_setup(struct net_device *dev)
 	dev->flags		= (IFF_NOARP|IFF_ECHO);
 	dev->netdev_ops		= &vxcan_netdev_ops;
 	dev->needs_free_netdev	= true;
-	dev->ml_priv		= netdev_priv(dev) + ALIGN(sizeof(struct vxcan_priv), NETDEV_ALIGN);
+
+	can_ml = netdev_priv(dev) + ALIGN(sizeof(struct vxcan_priv), NETDEV_ALIGN);
+	can_set_ml_priv(dev, can_ml);
 }
 
 /* forward declaration for rtnl_create_link() */
diff --git a/include/linux/can/can-ml.h b/include/linux/can/can-ml.h
index 2f5d731ae251..8afa92d15a66 100644
--- a/include/linux/can/can-ml.h
+++ b/include/linux/can/can-ml.h
@@ -44,6 +44,7 @@
 
 #include <linux/can.h>
 #include <linux/list.h>
+#include <linux/netdevice.h>
 
 #define CAN_SFF_RCV_ARRAY_SZ (1 << CAN_SFF_ID_BITS)
 #define CAN_EFF_RCV_HASH_BITS 10
@@ -65,4 +66,15 @@ struct can_ml_priv {
 #endif
 };
 
+static inline struct can_ml_priv *can_get_ml_priv(struct net_device *dev)
+{
+	return netdev_get_ml_priv(dev, ML_PRIV_CAN);
+}
+
+static inline void can_set_ml_priv(struct net_device *dev,
+				   struct can_ml_priv *ml_priv)
+{
+	netdev_set_ml_priv(dev, ml_priv, ML_PRIV_CAN);
+}
+
 #endif /* CAN_ML_H */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index db1b9623977c..11a52f2fa35d 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1555,6 +1555,12 @@ enum netdev_priv_flags {
 #define IFF_L3MDEV_RX_HANDLER		IFF_L3MDEV_RX_HANDLER
 #define IFF_LIVE_RENAME_OK		IFF_LIVE_RENAME_OK
 
+/* Specifies the type of the struct net_device::ml_priv pointer */
+enum netdev_ml_priv_type {
+	ML_PRIV_NONE,
+	ML_PRIV_CAN,
+};
+
 /**
  *	struct net_device - The DEVICE structure.
  *
@@ -1732,6 +1738,7 @@ enum netdev_priv_flags {
  * 	@nd_net:		Network namespace this network device is inside
  *
  * 	@ml_priv:	Mid-layer private
+ *	@ml_priv_type:  Mid-layer private type
  * 	@lstats:	Loopback statistics
  * 	@tstats:	Tunnel statistics
  * 	@dstats:	Dummy statistics
@@ -2019,8 +2026,10 @@ struct net_device {
 	possible_net_t			nd_net;
 
 	/* mid-layer private */
+	void				*ml_priv;
+	enum netdev_ml_priv_type	ml_priv_type;
+
 	union {
-		void					*ml_priv;
 		struct pcpu_lstats __percpu		*lstats;
 		struct pcpu_sw_netstats __percpu	*tstats;
 		struct pcpu_dstats __percpu		*dstats;
@@ -2167,6 +2176,29 @@ static inline void netdev_reset_rx_headroom(struct net_device *dev)
 	netdev_set_rx_headroom(dev, -1);
 }
 
+static inline void *netdev_get_ml_priv(struct net_device *dev,
+				       enum netdev_ml_priv_type type)
+{
+	if (dev->ml_priv_type != type)
+		return NULL;
+
+	return dev->ml_priv;
+}
+
+static inline void netdev_set_ml_priv(struct net_device *dev,
+				      void *ml_priv,
+				      enum netdev_ml_priv_type type)
+{
+	WARN(dev->ml_priv_type && dev->ml_priv_type != type,
+	     "Overwriting already set ml_priv_type (%u) with different ml_priv_type (%u)!\n",
+	     dev->ml_priv_type, type);
+	WARN(!dev->ml_priv_type && dev->ml_priv,
+	     "Overwriting already set ml_priv and ml_priv_type is ML_PRIV_NONE!\n");
+
+	dev->ml_priv = ml_priv;
+	dev->ml_priv_type = type;
+}
+
 /*
  * Net namespace inlines
  */
diff --git a/net/can/af_can.c b/net/can/af_can.c
index 306d3584a441..c758a12ffe46 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
@@ -304,8 +304,8 @@ static struct can_dev_rcv_lists *can_dev_rcv_lists_find(struct net *net,
 							struct net_device *dev)
 {
 	if (dev) {
-		struct can_ml_priv *ml_priv = dev->ml_priv;
-		return &ml_priv->dev_rcv_lists;
+		struct can_ml_priv *can_ml = can_get_ml_priv(dev);
+		return &can_ml->dev_rcv_lists;
 	} else {
 		return net->can.rx_alldev_list;
 	}
@@ -788,25 +788,6 @@ void can_proto_unregister(const struct can_proto *cp)
 }
 EXPORT_SYMBOL(can_proto_unregister);
 
-/* af_can notifier to create/remove CAN netdevice specific structs */
-static int can_notifier(struct notifier_block *nb, unsigned long msg,
-			void *ptr)
-{
-	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
-
-	if (dev->type != ARPHRD_CAN)
-		return NOTIFY_DONE;
-
-	switch (msg) {
-	case NETDEV_REGISTER:
-		WARN(!dev->ml_priv,
-		     "No CAN mid layer private allocated, please fix your driver and use alloc_candev()!\n");
-		break;
-	}
-
-	return NOTIFY_DONE;
-}
-
 static int can_pernet_init(struct net *net)
 {
 	spin_lock_init(&net->can.rcvlists_lock);
@@ -874,11 +855,6 @@ static const struct net_proto_family can_family_ops = {
 	.owner  = THIS_MODULE,
 };
 
-/* notifier block for netdevice event */
-static struct notifier_block can_netdev_notifier __read_mostly = {
-	.notifier_call = can_notifier,
-};
-
 static struct pernet_operations can_pernet_ops __read_mostly = {
 	.init = can_pernet_init,
 	.exit = can_pernet_exit,
@@ -909,17 +885,12 @@ static __init int can_init(void)
 	err = sock_register(&can_family_ops);
 	if (err)
 		goto out_sock;
-	err = register_netdevice_notifier(&can_netdev_notifier);
-	if (err)
-		goto out_notifier;
 
 	dev_add_pack(&can_packet);
 	dev_add_pack(&canfd_packet);
 
 	return 0;
 
-out_notifier:
-	sock_unregister(PF_CAN);
 out_sock:
 	unregister_pernet_subsys(&can_pernet_ops);
 out_pernet:
@@ -933,7 +904,6 @@ static __exit void can_exit(void)
 	/* protocol unregister */
 	dev_remove_pack(&canfd_packet);
 	dev_remove_pack(&can_packet);
-	unregister_netdevice_notifier(&can_netdev_notifier);
 	sock_unregister(PF_CAN);
 
 	unregister_pernet_subsys(&can_pernet_ops);
diff --git a/net/can/j1939/main.c b/net/can/j1939/main.c
index 137054bff9ec..e52330f628c9 100644
--- a/net/can/j1939/main.c
+++ b/net/can/j1939/main.c
@@ -140,9 +140,9 @@ static struct j1939_priv *j1939_priv_create(struct net_device *ndev)
 static inline void j1939_priv_set(struct net_device *ndev,
 				  struct j1939_priv *priv)
 {
-	struct can_ml_priv *can_ml_priv = ndev->ml_priv;
+	struct can_ml_priv *can_ml = can_get_ml_priv(ndev);
 
-	can_ml_priv->j1939_priv = priv;
+	can_ml->j1939_priv = priv;
 }
 
 static void __j1939_priv_release(struct kref *kref)
@@ -211,12 +211,9 @@ static void __j1939_rx_release(struct kref *kref)
 /* get pointer to priv without increasing ref counter */
 static inline struct j1939_priv *j1939_ndev_to_priv(struct net_device *ndev)
 {
-	struct can_ml_priv *can_ml_priv = ndev->ml_priv;
+	struct can_ml_priv *can_ml = can_get_ml_priv(ndev);
 
-	if (!can_ml_priv)
-		return NULL;
-
-	return can_ml_priv->j1939_priv;
+	return can_ml->j1939_priv;
 }
 
 static struct j1939_priv *j1939_priv_get_by_ndev_locked(struct net_device *ndev)
@@ -225,9 +222,6 @@ static struct j1939_priv *j1939_priv_get_by_ndev_locked(struct net_device *ndev)
 
 	lockdep_assert_held(&j1939_netdev_lock);
 
-	if (ndev->type != ARPHRD_CAN)
-		return NULL;
-
 	priv = j1939_ndev_to_priv(ndev);
 	if (priv)
 		j1939_priv_get(priv);
@@ -348,15 +342,16 @@ static int j1939_netdev_notify(struct notifier_block *nb,
 			       unsigned long msg, void *data)
 {
 	struct net_device *ndev = netdev_notifier_info_to_dev(data);
+	struct can_ml_priv *can_ml = can_get_ml_priv(ndev);
 	struct j1939_priv *priv;
 
+	if (!can_ml)
+		goto notify_done;
+
 	priv = j1939_priv_get_by_ndev(ndev);
 	if (!priv)
 		goto notify_done;
 
-	if (ndev->type != ARPHRD_CAN)
-		goto notify_put;
-
 	switch (msg) {
 	case NETDEV_DOWN:
 		j1939_cancel_active_session(priv, NULL);
@@ -365,7 +360,6 @@ static int j1939_netdev_notify(struct notifier_block *nb,
 		break;
 	}
 
-notify_put:
 	j1939_priv_put(priv);
 
 notify_done:
diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c
index 047090960539..d57475c8ba07 100644
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -12,6 +12,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+#include <linux/can/can-ml.h>
 #include <linux/can/core.h>
 #include <linux/can/skb.h>
 #include <linux/errqueue.h>
@@ -453,6 +454,7 @@ static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len)
 		j1939_jsk_del(priv, jsk);
 		j1939_local_ecu_put(priv, jsk->addr.src_name, jsk->addr.sa);
 	} else {
+		struct can_ml_priv *can_ml;
 		struct net_device *ndev;
 
 		ndev = dev_get_by_index(net, addr->can_ifindex);
@@ -461,15 +463,8 @@ static int j1939_sk_bind(struct socket *sock, struct sockaddr *uaddr, int len)
 			goto out_release_sock;
 		}
 
-		if (ndev->type != ARPHRD_CAN) {
-			dev_put(ndev);
-			ret = -ENODEV;
-			goto out_release_sock;
-		}
-
-		if (!ndev->ml_priv) {
-			netdev_warn_once(ndev,
-					 "No CAN mid layer private allocated, please fix your driver and use alloc_candev()!\n");
+		can_ml = can_get_ml_priv(ndev);
+		if (!can_ml) {
 			dev_put(ndev);
 			ret = -ENODEV;
 			goto out_release_sock;
diff --git a/net/can/proc.c b/net/can/proc.c
index 077af42c26ba..a5fc63c78370 100644
--- a/net/can/proc.c
+++ b/net/can/proc.c
@@ -329,8 +329,11 @@ static int can_rcvlist_proc_show(struct seq_file *m, void *v)
 
 	/* receive list for registered CAN devices */
 	for_each_netdev_rcu(net, dev) {
-		if (dev->type == ARPHRD_CAN && dev->ml_priv)
-			can_rcvlist_proc_show_one(m, idx, dev, dev->ml_priv);
+		struct can_ml_priv *can_ml = can_get_ml_priv(dev);
+
+		if (can_ml)
+			can_rcvlist_proc_show_one(m, idx, dev,
+						  &can_ml->dev_rcv_lists);
 	}
 
 	rcu_read_unlock();
@@ -382,8 +385,10 @@ static int can_rcvlist_sff_proc_show(struct seq_file *m, void *v)
 
 	/* sff receive list for registered CAN devices */
 	for_each_netdev_rcu(net, dev) {
-		if (dev->type == ARPHRD_CAN && dev->ml_priv) {
-			dev_rcv_lists = dev->ml_priv;
+		struct can_ml_priv *can_ml = can_get_ml_priv(dev);
+
+		if (can_ml) {
+			dev_rcv_lists = &can_ml->dev_rcv_lists;
 			can_rcvlist_proc_show_array(m, dev, dev_rcv_lists->rx_sff,
 						    ARRAY_SIZE(dev_rcv_lists->rx_sff));
 		}
@@ -413,8 +418,10 @@ static int can_rcvlist_eff_proc_show(struct seq_file *m, void *v)
 
 	/* eff receive list for registered CAN devices */
 	for_each_netdev_rcu(net, dev) {
-		if (dev->type == ARPHRD_CAN && dev->ml_priv) {
-			dev_rcv_lists = dev->ml_priv;
+		struct can_ml_priv *can_ml = can_get_ml_priv(dev);
+
+		if (can_ml) {
+			dev_rcv_lists = &can_ml->dev_rcv_lists;
 			can_rcvlist_proc_show_array(m, dev, dev_rcv_lists->rx_eff,
 						    ARRAY_SIZE(dev_rcv_lists->rx_eff));
 		}
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 34/74] can: tcan4x5x: fix max register value
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 33/74] net: introduce CAN specific pointer in the struct net_device Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:53 ` [PATCH 5.4 35/74] brcmfmac: clear EAP/association status bits on linkdown events Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dan Murphy, Sean Nyekjaer,
	Marc Kleine-Budde, Sasha Levin

[ Upstream commit 6e1caaf8ed22eb700cc47ec353816eee33186c1c ]

This patch fixes the max register value for the regmap.

Reviewed-by: Dan Murphy <dmurphy@ti.com>
Tested-by: Sean Nyekjaer <sean@geanix.com>
Link: https://lore.kernel.org/r/20201215231746.1132907-12-mkl@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/can/m_can/tcan4x5x.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/can/m_can/tcan4x5x.c b/drivers/net/can/m_can/tcan4x5x.c
index 32cb479fe6ac..0d66582bd356 100644
--- a/drivers/net/can/m_can/tcan4x5x.c
+++ b/drivers/net/can/m_can/tcan4x5x.c
@@ -88,7 +88,7 @@
 
 #define TCAN4X5X_MRAM_START 0x8000
 #define TCAN4X5X_MCAN_OFFSET 0x1000
-#define TCAN4X5X_MAX_REGISTER 0x8fff
+#define TCAN4X5X_MAX_REGISTER 0x8ffc
 
 #define TCAN4X5X_CLEAR_ALL_INT 0xffffffff
 #define TCAN4X5X_SET_ALL_INT 0xffffffff
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 35/74] brcmfmac: clear EAP/association status bits on linkdown events
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 34/74] can: tcan4x5x: fix max register value Greg Kroah-Hartman
@ 2021-04-05  8:53 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 36/74] ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:53 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Luca Pesce, Kalle Valo, Sasha Levin

From: Luca Pesce <luca.pesce@vimar.com>

[ Upstream commit e862a3e4088070de352fdafe9bd9e3ae0a95a33c ]

This ensure that previous association attempts do not leave stale statuses
on subsequent attempts.

This fixes the WARN_ON(!cr->bss)) from __cfg80211_connect_result() when
connecting to an AP after a previous connection failure (e.g. where EAP fails
due to incorrect psk but association succeeded). In some scenarios, indeed,
brcmf_is_linkup() was reporting a link up event too early due to stale
BRCMF_VIF_STATUS_ASSOC_SUCCESS bit, thus reporting to cfg80211 a connection
result with a zeroed bssid (vif->profile.bssid is still empty), causing the
WARN_ON due to the call to cfg80211_get_bss() with the empty bssid.

Signed-off-by: Luca Pesce <luca.pesce@vimar.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1608807119-21785-1-git-send-email-luca.pesce@vimar.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c    | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 4ca50353538e..cd813c69a178 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5382,7 +5382,8 @@ static bool brcmf_is_linkup(struct brcmf_cfg80211_vif *vif,
 	return false;
 }
 
-static bool brcmf_is_linkdown(const struct brcmf_event_msg *e)
+static bool brcmf_is_linkdown(struct brcmf_cfg80211_vif *vif,
+			    const struct brcmf_event_msg *e)
 {
 	u32 event = e->event_code;
 	u16 flags = e->flags;
@@ -5391,6 +5392,8 @@ static bool brcmf_is_linkdown(const struct brcmf_event_msg *e)
 	    (event == BRCMF_E_DISASSOC_IND) ||
 	    ((event == BRCMF_E_LINK) && (!(flags & BRCMF_EVENT_MSG_LINK)))) {
 		brcmf_dbg(CONN, "Processing link down\n");
+		clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
+		clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
 		return true;
 	}
 	return false;
@@ -5683,7 +5686,7 @@ brcmf_notify_connect_status(struct brcmf_if *ifp,
 		} else
 			brcmf_bss_connect_done(cfg, ndev, e, true);
 		brcmf_net_setcarrier(ifp, true);
-	} else if (brcmf_is_linkdown(e)) {
+	} else if (brcmf_is_linkdown(ifp->vif, e)) {
 		brcmf_dbg(CONN, "Linkdown\n");
 		if (!brcmf_is_ibssmode(ifp->vif)) {
 			brcmf_bss_connect_done(cfg, ndev, e, false);
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 36/74] ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2021-04-05  8:53 ` [PATCH 5.4 35/74] brcmfmac: clear EAP/association status bits on linkdown events Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 37/74] net: ethernet: aquantia: Handle error cleanup of start on open Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Shuah Khan, Kalle Valo, Sasha Levin

From: Shuah Khan <skhan@linuxfoundation.org>

[ Upstream commit 09078368d516918666a0122f2533dc73676d3d7e ]

ieee80211_find_sta_by_ifaddr() must be called under the RCU lock and
the resulting pointer is only valid under RCU lock as well.

Fix ath10k_wmi_tlv_op_pull_peer_stats_info() to hold RCU lock before it
calls ieee80211_find_sta_by_ifaddr() and release it when the resulting
pointer is no longer needed.

This problem was found while reviewing code to debug RCU warn from
ath10k_wmi_tlv_parse_peer_stats_info().

Link: https://lore.kernel.org/linux-wireless/7230c9e5-2632-b77e-c4f9-10eca557a5bb@linuxfoundation.org/
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210210212107.40373-1-skhan@linuxfoundation.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
index 3ec71f52e8fe..d38276ac375e 100644
--- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
@@ -445,13 +445,13 @@ static void ath10k_wmi_event_tdls_peer(struct ath10k *ar, struct sk_buff *skb)
 	case WMI_TDLS_TEARDOWN_REASON_TX:
 	case WMI_TDLS_TEARDOWN_REASON_RSSI:
 	case WMI_TDLS_TEARDOWN_REASON_PTR_TIMEOUT:
+		rcu_read_lock();
 		station = ieee80211_find_sta_by_ifaddr(ar->hw,
 						       ev->peer_macaddr.addr,
 						       NULL);
 		if (!station) {
 			ath10k_warn(ar, "did not find station from tdls peer event");
-			kfree(tb);
-			return;
+			goto exit;
 		}
 		arvif = ath10k_get_arvif(ar, __le32_to_cpu(ev->vdev_id));
 		ieee80211_tdls_oper_request(
@@ -462,6 +462,9 @@ static void ath10k_wmi_event_tdls_peer(struct ath10k *ar, struct sk_buff *skb)
 					);
 		break;
 	}
+
+exit:
+	rcu_read_unlock();
 	kfree(tb);
 }
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 37/74] net: ethernet: aquantia: Handle error cleanup of start on open
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 36/74] ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 38/74] appletalk: Fix skb allocation size in loopback case Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nathan Rossi, Igor Russkikh,
	David S. Miller, Sasha Levin

From: Nathan Rossi <nathan.rossi@digi.com>

[ Upstream commit 8a28af7a3e85ddf358f8c41e401a33002f7a9587 ]

The aq_nic_start function can fail in a variety of cases which leaves
the device in broken state.

An example case where the start function fails is the
request_threaded_irq which can be interrupted, resulting in a EINTR
result. This can be manually triggered by bringing the link up (e.g. ip
link set up) and triggering a SIGINT on the initiating process (e.g.
Ctrl+C). This would put the device into a half configured state.
Subsequently bringing the link up again would cause the napi_enable to
BUG.

In order to correctly clean up the failed attempt to start a device call
aq_nic_stop.

Signed-off-by: Nathan Rossi <nathan.rossi@digi.com>
Reviewed-by: Igor Russkikh <irusskikh@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/aquantia/atlantic/aq_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_main.c b/drivers/net/ethernet/aquantia/atlantic/aq_main.c
index bb65dd39f847..72c7404ae6c5 100644
--- a/drivers/net/ethernet/aquantia/atlantic/aq_main.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_main.c
@@ -66,8 +66,10 @@ static int aq_ndev_open(struct net_device *ndev)
 		goto err_exit;
 
 	err = aq_nic_start(aq_nic);
-	if (err < 0)
+	if (err < 0) {
+		aq_nic_stop(aq_nic);
 		goto err_exit;
+	}
 
 err_exit:
 	if (err < 0)
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 38/74] appletalk: Fix skb allocation size in loopback case
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 37/74] net: ethernet: aquantia: Handle error cleanup of start on open Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 39/74] net: wan/lmc: unregister device when no matching device is found Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Doug Brown, David S. Miller, Sasha Levin

From: Doug Brown <doug@schmorgal.com>

[ Upstream commit 39935dccb21c60f9bbf1bb72d22ab6fd14ae7705 ]

If a DDP broadcast packet is sent out to a non-gateway target, it is
also looped back. There is a potential for the loopback device to have a
longer hardware header length than the original target route's device,
which can result in the skb not being created with enough room for the
loopback device's hardware header. This patch fixes the issue by
determining that a loopback will be necessary prior to allocating the
skb, and if so, ensuring the skb has enough room.

This was discovered while testing a new driver that creates a LocalTalk
network interface (LTALK_HLEN = 1). It caused an skb_under_panic.

Signed-off-by: Doug Brown <doug@schmorgal.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/appletalk/ddp.c | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index b41375d4d295..4610c352849b 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1568,8 +1568,8 @@ static int atalk_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
 	struct sk_buff *skb;
 	struct net_device *dev;
 	struct ddpehdr *ddp;
-	int size;
-	struct atalk_route *rt;
+	int size, hard_header_len;
+	struct atalk_route *rt, *rt_lo = NULL;
 	int err;
 
 	if (flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT))
@@ -1632,7 +1632,22 @@ static int atalk_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
 	SOCK_DEBUG(sk, "SK %p: Size needed %d, device %s\n",
 			sk, size, dev->name);
 
-	size += dev->hard_header_len;
+	hard_header_len = dev->hard_header_len;
+	/* Leave room for loopback hardware header if necessary */
+	if (usat->sat_addr.s_node == ATADDR_BCAST &&
+	    (dev->flags & IFF_LOOPBACK || !(rt->flags & RTF_GATEWAY))) {
+		struct atalk_addr at_lo;
+
+		at_lo.s_node = 0;
+		at_lo.s_net  = 0;
+
+		rt_lo = atrtr_find(&at_lo);
+
+		if (rt_lo && rt_lo->dev->hard_header_len > hard_header_len)
+			hard_header_len = rt_lo->dev->hard_header_len;
+	}
+
+	size += hard_header_len;
 	release_sock(sk);
 	skb = sock_alloc_send_skb(sk, size, (flags & MSG_DONTWAIT), &err);
 	lock_sock(sk);
@@ -1640,7 +1655,7 @@ static int atalk_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
 		goto out;
 
 	skb_reserve(skb, ddp_dl->header_length);
-	skb_reserve(skb, dev->hard_header_len);
+	skb_reserve(skb, hard_header_len);
 	skb->dev = dev;
 
 	SOCK_DEBUG(sk, "SK %p: Begin build.\n", sk);
@@ -1691,18 +1706,12 @@ static int atalk_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
 		/* loop back */
 		skb_orphan(skb);
 		if (ddp->deh_dnode == ATADDR_BCAST) {
-			struct atalk_addr at_lo;
-
-			at_lo.s_node = 0;
-			at_lo.s_net  = 0;
-
-			rt = atrtr_find(&at_lo);
-			if (!rt) {
+			if (!rt_lo) {
 				kfree_skb(skb);
 				err = -ENETUNREACH;
 				goto out;
 			}
-			dev = rt->dev;
+			dev = rt_lo->dev;
 			skb->dev = dev;
 		}
 		ddp_dl->request(ddp_dl, skb, dev->dev_addr);
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 39/74] net: wan/lmc: unregister device when no matching device is found
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 38/74] appletalk: Fix skb allocation size in loopback case Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 40/74] bpf: Remove MTU check in __bpf_skb_max_len Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tong Zhang, David S. Miller, Sasha Levin

From: Tong Zhang <ztong0001@gmail.com>

[ Upstream commit 62e69bc419772638369eff8ff81340bde8aceb61 ]

lmc set sc->lmc_media pointer when there is a matching device.
However, when no matching device is found, this pointer is NULL
and the following dereference will result in a null-ptr-deref.

To fix this issue, unregister the hdlc device and return an error.

[    4.569359] BUG: KASAN: null-ptr-deref in lmc_init_one.cold+0x2b6/0x55d [lmc]
[    4.569748] Read of size 8 at addr 0000000000000008 by task modprobe/95
[    4.570102]
[    4.570187] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7 #94
[    4.570527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-preb4
[    4.571125] Call Trace:
[    4.571261]  dump_stack+0x7d/0xa3
[    4.571445]  kasan_report.cold+0x10c/0x10e
[    4.571667]  ? lmc_init_one.cold+0x2b6/0x55d [lmc]
[    4.571932]  lmc_init_one.cold+0x2b6/0x55d [lmc]
[    4.572186]  ? lmc_mii_readreg+0xa0/0xa0 [lmc]
[    4.572432]  local_pci_probe+0x6f/0xb0
[    4.572639]  pci_device_probe+0x171/0x240
[    4.572857]  ? pci_device_remove+0xe0/0xe0
[    4.573080]  ? kernfs_create_link+0xb6/0x110
[    4.573315]  ? sysfs_do_create_link_sd.isra.0+0x76/0xe0
[    4.573598]  really_probe+0x161/0x420
[    4.573799]  driver_probe_device+0x6d/0xd0
[    4.574022]  device_driver_attach+0x82/0x90
[    4.574249]  ? device_driver_attach+0x90/0x90
[    4.574485]  __driver_attach+0x60/0x100
[    4.574694]  ? device_driver_attach+0x90/0x90
[    4.574931]  bus_for_each_dev+0xe1/0x140
[    4.575146]  ? subsys_dev_iter_exit+0x10/0x10
[    4.575387]  ? klist_node_init+0x61/0x80
[    4.575602]  bus_add_driver+0x254/0x2a0
[    4.575812]  driver_register+0xd3/0x150
[    4.576021]  ? 0xffffffffc0018000
[    4.576202]  do_one_initcall+0x84/0x250
[    4.576411]  ? trace_event_raw_event_initcall_finish+0x150/0x150
[    4.576733]  ? unpoison_range+0xf/0x30
[    4.576938]  ? ____kasan_kmalloc.constprop.0+0x84/0xa0
[    4.577219]  ? unpoison_range+0xf/0x30
[    4.577423]  ? unpoison_range+0xf/0x30
[    4.577628]  do_init_module+0xf8/0x350
[    4.577833]  load_module+0x3fe6/0x4340
[    4.578038]  ? vm_unmap_ram+0x1d0/0x1d0
[    4.578247]  ? ____kasan_kmalloc.constprop.0+0x84/0xa0
[    4.578526]  ? module_frob_arch_sections+0x20/0x20
[    4.578787]  ? __do_sys_finit_module+0x108/0x170
[    4.579037]  __do_sys_finit_module+0x108/0x170
[    4.579278]  ? __ia32_sys_init_module+0x40/0x40
[    4.579523]  ? file_open_root+0x200/0x200
[    4.579742]  ? do_sys_open+0x85/0xe0
[    4.579938]  ? filp_open+0x50/0x50
[    4.580125]  ? exit_to_user_mode_prepare+0xfc/0x130
[    4.580390]  do_syscall_64+0x33/0x40
[    4.580586]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    4.580859] RIP: 0033:0x7f1a724c3cf7
[    4.581054] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d6 48 891
[    4.582043] RSP: 002b:00007fff44941c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[    4.582447] RAX: ffffffffffffffda RBX: 00000000012ada70 RCX: 00007f1a724c3cf7
[    4.582827] RDX: 0000000000000000 RSI: 00000000012ac9e0 RDI: 0000000000000003
[    4.583207] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
[    4.583587] R10: 00007f1a72527300 R11: 0000000000000246 R12: 00000000012ac9e0
[    4.583968] R13: 0000000000000000 R14: 00000000012acc90 R15: 0000000000000001
[    4.584349] ==================================================================

Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wan/lmc/lmc_main.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/wan/lmc/lmc_main.c b/drivers/net/wan/lmc/lmc_main.c
index 0e6a51525d91..f3deb2a2fa47 100644
--- a/drivers/net/wan/lmc/lmc_main.c
+++ b/drivers/net/wan/lmc/lmc_main.c
@@ -912,6 +912,8 @@ static int lmc_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
         break;
     default:
 	printk(KERN_WARNING "%s: LMC UNKNOWN CARD!\n", dev->name);
+	unregister_hdlc_device(dev);
+	return -EIO;
         break;
     }
 
-- 
2.30.1




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 40/74] bpf: Remove MTU check in __bpf_skb_max_len
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 39/74] net: wan/lmc: unregister device when no matching device is found Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 41/74] ALSA: usb-audio: Apply sample rate quirk to Logitech Connect Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jesper Dangaard Brouer,
	Daniel Borkmann, John Fastabend

From: Jesper Dangaard Brouer <brouer@redhat.com>

commit 6306c1189e77a513bf02720450bb43bd4ba5d8ae upstream.

Multiple BPF-helpers that can manipulate/increase the size of the SKB uses
__bpf_skb_max_len() as the max-length. This function limit size against
the current net_device MTU (skb->dev->mtu).

When a BPF-prog grow the packet size, then it should not be limited to the
MTU. The MTU is a transmit limitation, and software receiving this packet
should be allowed to increase the size. Further more, current MTU check in
__bpf_skb_max_len uses the MTU from ingress/current net_device, which in
case of redirects uses the wrong net_device.

This patch keeps a sanity max limit of SKB_MAX_ALLOC (16KiB). The real limit
is elsewhere in the system. Jesper's testing[1] showed it was not possible
to exceed 8KiB when expanding the SKB size via BPF-helper. The limiting
factor is the define KMALLOC_MAX_CACHE_SIZE which is 8192 for
SLUB-allocator (CONFIG_SLUB) in-case PAGE_SIZE is 4096. This define is
in-effect due to this being called from softirq context see code
__gfp_pfmemalloc_flags() and __do_kmalloc_node(). Jakub's testing showed
that frames above 16KiB can cause NICs to reset (but not crash). Keep this
sanity limit at this level as memory layer can differ based on kernel
config.

[1] https://github.com/xdp-project/bpf-examples/tree/master/MTU-tests

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/161287788936.790810.2937823995775097177.stgit@firesoul
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/core/filter.c |   12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3146,18 +3146,14 @@ static int bpf_skb_net_shrink(struct sk_
 	return 0;
 }
 
-static u32 __bpf_skb_max_len(const struct sk_buff *skb)
-{
-	return skb->dev ? skb->dev->mtu + skb->dev->hard_header_len :
-			  SKB_MAX_ALLOC;
-}
+#define BPF_SKB_MAX_LEN SKB_MAX_ALLOC
 
 BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
 	   u32, mode, u64, flags)
 {
 	u32 len_cur, len_diff_abs = abs(len_diff);
 	u32 len_min = bpf_skb_net_base_len(skb);
-	u32 len_max = __bpf_skb_max_len(skb);
+	u32 len_max = BPF_SKB_MAX_LEN;
 	__be16 proto = skb->protocol;
 	bool shrink = len_diff < 0;
 	u32 off;
@@ -3237,7 +3233,7 @@ static int bpf_skb_trim_rcsum(struct sk_
 static inline int __bpf_skb_change_tail(struct sk_buff *skb, u32 new_len,
 					u64 flags)
 {
-	u32 max_len = __bpf_skb_max_len(skb);
+	u32 max_len = BPF_SKB_MAX_LEN;
 	u32 min_len = __bpf_skb_min_len(skb);
 	int ret;
 
@@ -3313,7 +3309,7 @@ static const struct bpf_func_proto sk_sk
 static inline int __bpf_skb_change_head(struct sk_buff *skb, u32 head_room,
 					u64 flags)
 {
-	u32 max_len = __bpf_skb_max_len(skb);
+	u32 max_len = BPF_SKB_MAX_LEN;
 	u32 new_len = skb->len + head_room;
 	int ret;
 



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 41/74] ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 40/74] bpf: Remove MTU check in __bpf_skb_max_len Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 42/74] ALSA: hda: Re-add dropped snd_poewr_change_state() calls Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ikjoon Jang, Takashi Iwai

From: Ikjoon Jang <ikjn@chromium.org>

commit 625bd5a616ceda4840cd28f82e957c8ced394b6a upstream.

Logitech ConferenceCam Connect is a compound USB device with UVC and
UAC. Not 100% reproducible but sometimes it keeps responding STALL to
every control transfer once it receives get_freq request.

This patch adds 046d:0x084c to a snd_usb_get_sample_rate_quirk list.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203419
Signed-off-by: Ikjoon Jang <ikjn@chromium.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210324105153.2322881-1-ikjn@chromium.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/usb/quirks.c |    1 +
 1 file changed, 1 insertion(+)

--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1453,6 +1453,7 @@ bool snd_usb_get_sample_rate_quirk(struc
 	case USB_ID(0x21B4, 0x0081): /* AudioQuest DragonFly */
 	case USB_ID(0x2912, 0x30c8): /* Audioengine D1 */
 	case USB_ID(0x413c, 0xa506): /* Dell AE515 sound bar */
+	case USB_ID(0x046d, 0x084c): /* Logitech ConferenceCam Connect */
 		return true;
 	}
 



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 42/74] ALSA: hda: Re-add dropped snd_poewr_change_state() calls
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 41/74] ALSA: usb-audio: Apply sample rate quirk to Logitech Connect Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 43/74] ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai

From: Takashi Iwai <tiwai@suse.de>

commit c8f79808cd8eb5bc8d14de129bd6d586d3fce0aa upstream.

The card power state change via snd_power_change_state() at the system
suspend/resume seems dropped mistakenly during the PM code rewrite.
The card power state doesn't play much role nowadays but it's still
referred in a few places such as the HDMI codec driver.

This patch restores them, but in a more appropriate place now in the
prepare and complete callbacks.

Fixes: f5dac54d9d93 ("ALSA: hda: Separate runtime and system suspend")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210329113059.25035-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/pci/hda/hda_intel.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1024,6 +1024,7 @@ static int azx_prepare(struct device *de
 
 	chip = card->private_data;
 	chip->pm_prepared = 1;
+	snd_power_change_state(card, SNDRV_CTL_POWER_D3hot);
 
 	flush_work(&azx_bus(chip)->unsol_work);
 
@@ -1039,6 +1040,7 @@ static void azx_complete(struct device *
 	struct azx *chip;
 
 	chip = card->private_data;
+	snd_power_change_state(card, SNDRV_CTL_POWER_D0);
 	chip->pm_prepared = 0;
 }
 



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 43/74] ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 42/74] ALSA: hda: Re-add dropped snd_poewr_change_state() calls Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 44/74] ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai

From: Takashi Iwai <tiwai@suse.de>

commit 66affb7bb0dc0905155a1b2475261aa704d1ddb5 upstream.

The recently added PM prepare and complete callbacks don't have the
sanity check whether the card instance has been properly initialized,
which may potentially lead to Oops.

This patch adds the azx_is_pm_ready() call in each place
appropriately like other PM callbacks.

Fixes: f5dac54d9d93 ("ALSA: hda: Separate runtime and system suspend")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210329113059.25035-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/pci/hda/hda_intel.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -1022,6 +1022,9 @@ static int azx_prepare(struct device *de
 	struct snd_card *card = dev_get_drvdata(dev);
 	struct azx *chip;
 
+	if (!azx_is_pm_ready(card))
+		return 0;
+
 	chip = card->private_data;
 	chip->pm_prepared = 1;
 	snd_power_change_state(card, SNDRV_CTL_POWER_D3hot);
@@ -1039,6 +1042,9 @@ static void azx_complete(struct device *
 	struct snd_card *card = dev_get_drvdata(dev);
 	struct azx *chip;
 
+	if (!azx_is_pm_ready(card))
+		return;
+
 	chip = card->private_data;
 	snd_power_change_state(card, SNDRV_CTL_POWER_D0);
 	chip->pm_prepared = 0;



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 44/74] ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 43/74] ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 45/74] ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai

From: Hui Wang <hui.wang@canonical.com>

commit febf22565549ea7111e7d45e8f2d64373cc66b11 upstream.

We found a recording issue on a Dell AIO, users plug a headset-mic and
select headset-mic from UI, but can't record any sound from
headset-mic. The root cause is the determine_headset_type() returns a
wrong type, e.g. users plug a ctia type headset, but that function
returns omtp type.

On this machine, the internal mic is not connected to the codec, the
"Input Source" is headset mic by default. And when users plug a
headset, the determine_headset_type() will be called immediately, the
codec on this AIO is alc274, the delay time for this codec in the
determine_headset_type() is only 80ms, the delay is too short to
correctly determine the headset type, the fail rate is nearly 99% when
users plug the headset with the normal speed.

Other codecs set several hundred ms delay time, so here I change the
delay time to 850ms for alc2x4 series, after this change, the fail
rate is zero unless users plug the headset slowly on purpose.

Cc: <stable@vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Link: https://lore.kernel.org/r/20210320091542.6748-1-hui.wang@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/pci/hda/patch_realtek.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5192,7 +5192,7 @@ static void alc_determine_headset_type(s
 	case 0x10ec0274:
 	case 0x10ec0294:
 		alc_process_coef_fw(codec, coef0274);
-		msleep(80);
+		msleep(850);
 		val = alc_read_coef_idx(codec, 0x46);
 		is_ctia = (val & 0x00f0) == 0x00f0;
 		break;



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 45/74] ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 44/74] ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 46/74] xtensa: move coprocessor_flush to the .text section Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai

From: Hui Wang <hui.wang@canonical.com>

commit e54f30befa7990b897189b44a56c1138c6bfdbb5 upstream.

We found the alc_update_headset_mode() is not called on some machines
when unplugging the headset, as a result, the mode of the
ALC_HEADSET_MODE_UNPLUGGED can't be set, then the current_headset_type
is not cleared, if users plug a differnt type of headset next time,
the determine_headset_type() will not be called and the audio jack is
set to the headset type of previous time.

On the Dell machines which connect the dmic to the PCH, if we open
the gnome-sound-setting and unplug the headset, this issue will
happen. Those machines disable the auto-mute by ucm and has no
internal mic in the input source, so the update_headset_mode() will
not be called by cap_sync_hook or automute_hook when unplugging, and
because the gnome-sound-setting is opened, the codec will not enter
the runtime_suspend state, so the update_headset_mode() will not be
called by alc_resume when unplugging. In this case the
hp_automute_hook is called when unplugging, so add
update_headset_mode() calling to this function.

Cc: <stable@vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Link: https://lore.kernel.org/r/20210320091542.6748-2-hui.wang@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 sound/pci/hda/patch_realtek.c |    1 +
 1 file changed, 1 insertion(+)

--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5376,6 +5376,7 @@ static void alc_update_headset_jack_cb(s
 				       struct hda_jack_callback *jack)
 {
 	snd_hda_gen_hp_automute(codec, jack);
+	alc_update_headset_mode(codec);
 }
 
 static void alc_probe_headset_mode(struct hda_codec *codec)



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 46/74] xtensa: move coprocessor_flush to the .text section
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 45/74] ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 47/74] PM: runtime: Fix race getting/putting suppliers at probe Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Max Filippov

From: Max Filippov <jcmvbkbc@gmail.com>

commit ab5eb336411f18fd449a1fb37d36a55ec422603f upstream.

coprocessor_flush is not a part of fast exception handlers, but it uses
parts of fast coprocessor handling code that's why it's in the same
source file. It uses call0 opcode to invoke those parts so there are no
limitations on their relative location, but the rest of the code calls
coprocessor_flush with call8 and that doesn't work when vectors are
placed in a different gigabyte-aligned area than the rest of the kernel.

Move coprocessor_flush from the .exception.text section to the .text so
that it's reachable from the rest of the kernel with call8.

Cc: stable@vger.kernel.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/xtensa/kernel/coprocessor.S |   64 ++++++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 31 deletions(-)

--- a/arch/xtensa/kernel/coprocessor.S
+++ b/arch/xtensa/kernel/coprocessor.S
@@ -109,37 +109,6 @@
 	.previous
 
 /*
- * coprocessor_flush(struct thread_info*, index)
- *                             a2        a3
- *
- * Save coprocessor registers for coprocessor 'index'.
- * The register values are saved to or loaded from the coprocessor area 
- * inside the task_info structure.
- *
- * Note that this function doesn't update the coprocessor_owner information!
- *
- */
-
-ENTRY(coprocessor_flush)
-
-	/* reserve 4 bytes on stack to save a0 */
-	abi_entry(4)
-
-	s32i	a0, a1, 0
-	movi	a0, .Lsave_cp_regs_jump_table
-	addx8	a3, a3, a0
-	l32i	a4, a3, 4
-	l32i	a3, a3, 0
-	add	a2, a2, a4
-	beqz	a3, 1f
-	callx0	a3
-1:	l32i	a0, a1, 0
-
-	abi_ret(4)
-
-ENDPROC(coprocessor_flush)
-
-/*
  * Entry condition:
  *
  *   a0:	trashed, original value saved on stack (PT_AREG0)
@@ -261,6 +230,39 @@ ENTRY(fast_coprocessor)
 
 ENDPROC(fast_coprocessor)
 
+	.text
+
+/*
+ * coprocessor_flush(struct thread_info*, index)
+ *                             a2        a3
+ *
+ * Save coprocessor registers for coprocessor 'index'.
+ * The register values are saved to or loaded from the coprocessor area
+ * inside the task_info structure.
+ *
+ * Note that this function doesn't update the coprocessor_owner information!
+ *
+ */
+
+ENTRY(coprocessor_flush)
+
+	/* reserve 4 bytes on stack to save a0 */
+	abi_entry(4)
+
+	s32i	a0, a1, 0
+	movi	a0, .Lsave_cp_regs_jump_table
+	addx8	a3, a3, a0
+	l32i	a4, a3, 4
+	l32i	a3, a3, 0
+	add	a2, a2, a4
+	beqz	a3, 1f
+	callx0	a3
+1:	l32i	a0, a1, 0
+
+	abi_ret(4)
+
+ENDPROC(coprocessor_flush)
+
 	.data
 
 ENTRY(coprocessor_owner)



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 47/74] PM: runtime: Fix race getting/putting suppliers at probe
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 46/74] xtensa: move coprocessor_flush to the .text section Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 48/74] PM: runtime: Fix ordering in pm_runtime_get_suppliers() Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Asutosh Das, Adrian Hunter,
	Rafael J. Wysocki

From: Adrian Hunter <adrian.hunter@intel.com>

commit 9dfacc54a8661bc8be6e08cffee59596ec59f263 upstream.

pm_runtime_put_suppliers() must not decrement rpm_active unless the
consumer is suspended. That is because, otherwise, it could suspend
suppliers for an active consumer.

That can happen as follows:

 static int driver_probe_device(struct device_driver *drv, struct device *dev)
 {
	int ret = 0;

	if (!device_is_registered(dev))
		return -ENODEV;

	dev->can_match = true;
	pr_debug("bus: '%s': %s: matched device %s with driver %s\n",
		 drv->bus->name, __func__, dev_name(dev), drv->name);

	pm_runtime_get_suppliers(dev);
	if (dev->parent)
		pm_runtime_get_sync(dev->parent);

 At this point, dev can runtime suspend so rpm_put_suppliers() can run,
 rpm_active becomes 1 (the lowest value).

	pm_runtime_barrier(dev);
	if (initcall_debug)
		ret = really_probe_debug(dev, drv);
	else
		ret = really_probe(dev, drv);

 Probe callback can have runtime resumed dev, and then runtime put
 so dev is awaiting autosuspend, but rpm_active is 2.

	pm_request_idle(dev);

	if (dev->parent)
		pm_runtime_put(dev->parent);

	pm_runtime_put_suppliers(dev);

 Now pm_runtime_put_suppliers() will put the supplier
 i.e. rpm_active 2 -> 1, but consumer can still be active.

	return ret;
 }

Fix by checking the runtime status. For any status other than
RPM_SUSPENDED, rpm_active can be considered to be "owned" by
rpm_[get/put]_suppliers() and pm_runtime_put_suppliers() need do nothing.

Reported-by: Asutosh Das <asutoshd@codeaurora.org>
Fixes: 4c06c4e6cf63 ("driver core: Fix possible supplier PM-usage counter imbalance")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: 5.1+ <stable@vger.kernel.org> # 5.1+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/base/power/runtime.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/drivers/base/power/runtime.c
+++ b/drivers/base/power/runtime.c
@@ -1677,6 +1677,8 @@ void pm_runtime_get_suppliers(struct dev
 void pm_runtime_put_suppliers(struct device *dev)
 {
 	struct device_link *link;
+	unsigned long flags;
+	bool put;
 	int idx;
 
 	idx = device_links_read_lock();
@@ -1685,7 +1687,11 @@ void pm_runtime_put_suppliers(struct dev
 				device_links_read_lock_held())
 		if (link->supplier_preactivated) {
 			link->supplier_preactivated = false;
-			if (refcount_dec_not_one(&link->rpm_active))
+			spin_lock_irqsave(&dev->power.lock, flags);
+			put = pm_runtime_status_suspended(dev) &&
+			      refcount_dec_not_one(&link->rpm_active);
+			spin_unlock_irqrestore(&dev->power.lock, flags);
+			if (put)
 				pm_runtime_put(link->supplier);
 		}
 



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 48/74] PM: runtime: Fix ordering in pm_runtime_get_suppliers()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 47/74] PM: runtime: Fix race getting/putting suppliers at probe Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 49/74] tracing: Fix stack trace event size Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Rafael J. Wysocki

From: Adrian Hunter <adrian.hunter@intel.com>

commit c0c33442f7203704aef345647e14c2fb86071001 upstream.

rpm_active indicates how many times the supplier usage_count has been
incremented. Consequently it must be updated after pm_runtime_get_sync() of
the supplier, not before.

Fixes: 4c06c4e6cf63 ("driver core: Fix possible supplier PM-usage counter imbalance")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: 5.1+ <stable@vger.kernel.org> # 5.1+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/base/power/runtime.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/base/power/runtime.c
+++ b/drivers/base/power/runtime.c
@@ -1663,8 +1663,8 @@ void pm_runtime_get_suppliers(struct dev
 				device_links_read_lock_held())
 		if (link->flags & DL_FLAG_PM_RUNTIME) {
 			link->supplier_preactivated = true;
-			refcount_inc(&link->rpm_active);
 			pm_runtime_get_sync(link->supplier);
+			refcount_inc(&link->rpm_active);
 		}
 
 	device_links_read_unlock(idx);



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 49/74] tracing: Fix stack trace event size
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 48/74] PM: runtime: Fix ordering in pm_runtime_get_suppliers() Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 50/74] mm: fix race by making init_zero_pfn() early_initcall Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Vasily Gorbik, Steven Rostedt (VMware)

From: Steven Rostedt (VMware) <rostedt@goodmis.org>

commit 9deb193af69d3fd6dd8e47f292b67c805a787010 upstream.

Commit cbc3b92ce037 fixed an issue to modify the macros of the stack trace
event so that user space could parse it properly. Originally the stack
trace format to user space showed that the called stack was a dynamic
array. But it is not actually a dynamic array, in the way that other
dynamic event arrays worked, and this broke user space parsing for it. The
update was to make the array look to have 8 entries in it. Helper
functions were added to make it parse it correctly, as the stack was
dynamic, but was determined by the size of the event stored.

Although this fixed user space on how it read the event, it changed the
internal structure used for the stack trace event. It changed the array
size from [0] to [8] (added 8 entries). This increased the size of the
stack trace event by 8 words. The size reserved on the ring buffer was the
size of the stack trace event plus the number of stack entries found in
the stack trace. That commit caused the amount to be 8 more than what was
needed because it did not expect the caller field to have any size. This
produced 8 entries of garbage (and reading random data) from the stack
trace event:

          <idle>-0       [002] d... 1976396.837549: <stack trace>
 => trace_event_raw_event_sched_switch
 => __traceiter_sched_switch
 => __schedule
 => schedule_idle
 => do_idle
 => cpu_startup_entry
 => secondary_startup_64_no_verify
 => 0xc8c5e150ffff93de
 => 0xffff93de
 => 0
 => 0
 => 0xc8c5e17800000000
 => 0x1f30affff93de
 => 0x00000004
 => 0x200000000

Instead, subtract the size of the caller field from the size of the event
to make sure that only the amount needed to store the stack trace is
reserved.

Link: https://lore.kernel.org/lkml/your-ad-here.call-01617191565-ext-9692@work.hours/

Cc: stable@vger.kernel.org
Fixes: cbc3b92ce037 ("tracing: Set kernel_stack's caller size properly")
Reported-by: Vasily Gorbik <gor@linux.ibm.com>
Tested-by: Vasily Gorbik <gor@linux.ibm.com>
Acked-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/trace/trace.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2857,7 +2857,8 @@ static void __ftrace_trace_stack(struct
 
 	size = nr_entries * sizeof(unsigned long);
 	event = __trace_buffer_lock_reserve(buffer, TRACE_STACK,
-					    sizeof(*entry) + size, flags, pc);
+				    (sizeof(*entry) - sizeof(entry->caller)) + size,
+				    flags, pc);
 	if (!event)
 		goto out;
 	entry = ring_buffer_event_data(event);



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 50/74] mm: fix race by making init_zero_pfn() early_initcall
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 49/74] tracing: Fix stack trace event size Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 51/74] drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ilya Lipnitskiy, Hugh Dickins,
	Eric W. Biederman, 周琰杰  ,
	Linus Torvalds

From: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>

commit e720e7d0e983bf05de80b231bccc39f1487f0f16 upstream.

There are code paths that rely on zero_pfn to be fully initialized
before core_initcall.  For example, wq_sysfs_init() is a core_initcall
function that eventually results in a call to kernel_execve, which
causes a page fault with a subsequent mmput.  If zero_pfn is not
initialized by then it may not get cleaned up properly and result in an
error:

  BUG: Bad rss-counter state mm:(ptrval) type:MM_ANONPAGES val:1

Here is an analysis of the race as seen on a MIPS device. On this
particular MT7621 device (Ubiquiti ER-X), zero_pfn is PFN 0 until
initialized, at which point it becomes PFN 5120:

  1. wq_sysfs_init calls into kobject_uevent_env at core_initcall:
       kobject_uevent_env+0x7e4/0x7ec
       kset_register+0x68/0x88
       bus_register+0xdc/0x34c
       subsys_virtual_register+0x34/0x78
       wq_sysfs_init+0x1c/0x4c
       do_one_initcall+0x50/0x1a8
       kernel_init_freeable+0x230/0x2c8
       kernel_init+0x10/0x100
       ret_from_kernel_thread+0x14/0x1c

  2. kobject_uevent_env() calls call_usermodehelper_exec() which executes
     kernel_execve asynchronously.

  3. Memory allocations in kernel_execve cause a page fault, bumping the
     MM reference counter:
       add_mm_counter_fast+0xb4/0xc0
       handle_mm_fault+0x6e4/0xea0
       __get_user_pages.part.78+0x190/0x37c
       __get_user_pages_remote+0x128/0x360
       get_arg_page+0x34/0xa0
       copy_string_kernel+0x194/0x2a4
       kernel_execve+0x11c/0x298
       call_usermodehelper_exec_async+0x114/0x194

  4. In case zero_pfn has not been initialized yet, zap_pte_range does
     not decrement the MM_ANONPAGES RSS counter and the BUG message is
     triggered shortly afterwards when __mmdrop checks the ref counters:
       __mmdrop+0x98/0x1d0
       free_bprm+0x44/0x118
       kernel_execve+0x160/0x1d8
       call_usermodehelper_exec_async+0x114/0x194
       ret_from_kernel_thread+0x14/0x1c

To avoid races such as described above, initialize init_zero_pfn at
early_initcall level.  Depending on the architecture, ZERO_PAGE is
either constant or gets initialized even earlier, at paging_init, so
there is no issue with initializing zero_pfn earlier.

Link: https://lkml.kernel.org/r/CALCv0x2YqOXEAy2Q=hafjhHCtTHVodChv1qpM=niAXOpqEbt7w@mail.gmail.com
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: stable@vger.kernel.org
Tested-by: 周琰杰 (Zhou Yanjie) <zhouyanjie@wanyeetech.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 mm/memory.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/memory.c
+++ b/mm/memory.c
@@ -150,7 +150,7 @@ static int __init init_zero_pfn(void)
 	zero_pfn = page_to_pfn(ZERO_PAGE(0));
 	return 0;
 }
-core_initcall(init_zero_pfn);
+early_initcall(init_zero_pfn);
 
 
 #if defined(SPLIT_RSS_COUNTING)



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 51/74] drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 50/74] mm: fix race by making init_zero_pfn() early_initcall Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 52/74] drm/amdgpu: check alignment on CPU page for bo map Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nirmoy Das, Christian König,
	Alex Deucher

From: Nirmoy Das <nirmoy.das@amd.com>

commit 5e61b84f9d3ddfba73091f9fbc940caae1c9eb22 upstream.

Offset calculation wasn't correct as start addresses are in pfn
not in bytes.

CC: stable@vger.kernel.org
Signed-off-by: Nirmoy Das <nirmoy.das@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
@@ -2333,7 +2333,7 @@ int amdgpu_vm_bo_clear_mappings(struct a
 			after->start = eaddr + 1;
 			after->last = tmp->last;
 			after->offset = tmp->offset;
-			after->offset += after->start - tmp->start;
+			after->offset += (after->start - tmp->start) << PAGE_SHIFT;
 			after->flags = tmp->flags;
 			after->bo_va = tmp->bo_va;
 			list_add(&after->list, &tmp->bo_va->invalids);



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 52/74] drm/amdgpu: check alignment on CPU page for bo map
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 51/74] drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 53/74] reiserfs: update reiserfs_xattrs_initialized() condition Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christian König, Xi Ruoyao,
	Alex Deucher

From: Xℹ Ruoyao <xry111@mengyan1223.wang>

commit e3512fb67093fabdf27af303066627b921ee9bd8 upstream.

The page table of AMDGPU requires an alignment to CPU page so we should
check ioctl parameters for it.  Return -EINVAL if some parameter is
unaligned to CPU page, instead of corrupt the page table sliently.

Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Xi Ruoyao <xry111@mengyan1223.wang>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
@@ -2123,8 +2123,8 @@ int amdgpu_vm_bo_map(struct amdgpu_devic
 	uint64_t eaddr;
 
 	/* validate the parameters */
-	if (saddr & AMDGPU_GPU_PAGE_MASK || offset & AMDGPU_GPU_PAGE_MASK ||
-	    size == 0 || size & AMDGPU_GPU_PAGE_MASK)
+	if (saddr & ~PAGE_MASK || offset & ~PAGE_MASK ||
+	    size == 0 || size & ~PAGE_MASK)
 		return -EINVAL;
 
 	/* make sure object fit at this offset */
@@ -2188,8 +2188,8 @@ int amdgpu_vm_bo_replace_map(struct amdg
 	int r;
 
 	/* validate the parameters */
-	if (saddr & AMDGPU_GPU_PAGE_MASK || offset & AMDGPU_GPU_PAGE_MASK ||
-	    size == 0 || size & AMDGPU_GPU_PAGE_MASK)
+	if (saddr & ~PAGE_MASK || offset & ~PAGE_MASK ||
+	    size == 0 || size & ~PAGE_MASK)
 		return -EINVAL;
 
 	/* make sure object fit at this offset */



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 53/74] reiserfs: update reiserfs_xattrs_initialized() condition
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 52/74] drm/amdgpu: check alignment on CPU page for bo map Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 54/74] drm/tegra: sor: Grab runtime PM reference across reset Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tetsuo Handa, Jeff Mahoney, Jan Kara,
	Linus Torvalds, syzbot

From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>

commit 5e46d1b78a03d52306f21f77a4e4a144b6d31486 upstream.

syzbot is reporting NULL pointer dereference at reiserfs_security_init()
[1], for commit ab17c4f02156c4f7 ("reiserfs: fixup xattr_root caching")
is assuming that REISERFS_SB(s)->xattr_root != NULL in
reiserfs_xattr_jcreate_nblocks() despite that commit made
REISERFS_SB(sb)->priv_root != NULL && REISERFS_SB(s)->xattr_root == NULL
case possible.

I guess that commit 6cb4aff0a77cc0e6 ("reiserfs: fix oops while creating
privroot with selinux enabled") wanted to check xattr_root != NULL
before reiserfs_xattr_jcreate_nblocks(), for the changelog is talking
about the xattr root.

  The issue is that while creating the privroot during mount
  reiserfs_security_init calls reiserfs_xattr_jcreate_nblocks which
  dereferences the xattr root. The xattr root doesn't exist, so we get
  an oops.

Therefore, update reiserfs_xattrs_initialized() to check both the
privroot and the xattr root.

Link: https://syzkaller.appspot.com/bug?id=8abaedbdeb32c861dc5340544284167dd0e46cde # [1]
Reported-and-tested-by: syzbot <syzbot+690cb1e51970435f9775@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 6cb4aff0a77c ("reiserfs: fix oops while creating privroot with selinux enabled")
Acked-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Jan Kara <jack@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/reiserfs/xattr.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/reiserfs/xattr.h
+++ b/fs/reiserfs/xattr.h
@@ -43,7 +43,7 @@ void reiserfs_security_free(struct reise
 
 static inline int reiserfs_xattrs_initialized(struct super_block *sb)
 {
-	return REISERFS_SB(sb)->priv_root != NULL;
+	return REISERFS_SB(sb)->priv_root && REISERFS_SB(sb)->xattr_root;
 }
 
 #define xattr_size(size) ((size) + sizeof(struct reiserfs_xattr_header))



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 54/74] drm/tegra: sor: Grab runtime PM reference across reset
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 53/74] reiserfs: update reiserfs_xattrs_initialized() condition Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 55/74] vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jonathan Hunter, Thierry Reding

From: Thierry Reding <treding@nvidia.com>

commit ac097aecfef0bb289ca53d2fe0b73fc7e1612a05 upstream.

The SOR resets are exclusively shared with the SOR power domain. This
means that exclusive access can only be granted temporarily and in order
for that to work, a rigorous sequence must be observed. To ensure that a
single consumer gets exclusive access to a reset, each consumer must
implement a rigorous protocol using the reset_control_acquire() and
reset_control_release() functions.

However, these functions alone don't provide any guarantees at the
system level. Drivers need to ensure that the only a single consumer has
access to the reset at the same time. In order for the SOR to be able to
exclusively access its reset, it must therefore ensure that the SOR
power domain is not powered off by holding on to a runtime PM reference
to that power domain across the reset assert/deassert operation.

This used to work fine by accident, but was revealed when recently more
devices started to rely on the SOR power domain.

Fixes: 11c632e1cfd3 ("drm/tegra: sor: Implement acquire/release for reset")
Reported-by: Jonathan Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/tegra/sor.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/drivers/gpu/drm/tegra/sor.c
+++ b/drivers/gpu/drm/tegra/sor.c
@@ -2871,6 +2871,12 @@ static int tegra_sor_init(struct host1x_
 	 * kernel is possible.
 	 */
 	if (sor->rst) {
+		err = pm_runtime_resume_and_get(sor->dev);
+		if (err < 0) {
+			dev_err(sor->dev, "failed to get runtime PM: %d\n", err);
+			return err;
+		}
+
 		err = reset_control_acquire(sor->rst);
 		if (err < 0) {
 			dev_err(sor->dev, "failed to acquire SOR reset: %d\n",
@@ -2904,6 +2910,7 @@ static int tegra_sor_init(struct host1x_
 		}
 
 		reset_control_release(sor->rst);
+		pm_runtime_put(sor->dev);
 	}
 
 	err = clk_prepare_enable(sor->clk_safe);



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 55/74] vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 54/74] drm/tegra: sor: Grab runtime PM reference across reset Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 56/74] pinctrl: rockchip: fix restore error in resume Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, kernel test robot, Jason Gunthorpe,
	Alex Williamson

From: Jason Gunthorpe <jgg@nvidia.com>

commit e0146a108ce4d2c22b9510fd12268e3ee72a0161 upstream.

Compiling the nvlink stuff relies on the SPAPR_TCE_IOMMU otherwise there
are compile errors:

 drivers/vfio/pci/vfio_pci_nvlink2.c:101:10: error: implicit declaration of function 'mm_iommu_put' [-Werror,-Wimplicit-function-declaration]
                            ret = mm_iommu_put(data->mm, data->mem);

As PPC only defines these functions when the config is set.

Previously this wasn't a problem by chance as SPAPR_TCE_IOMMU was the only
IOMMU that could have satisfied IOMMU_API on POWERNV.

Fixes: 179209fa1270 ("vfio: IOMMU_API should be selected")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Message-Id: <0-v1-83dba9768fc3+419-vfio_nvlink2_kconfig_jgg@nvidia.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/vfio/pci/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/vfio/pci/Kconfig
+++ b/drivers/vfio/pci/Kconfig
@@ -42,6 +42,6 @@ config VFIO_PCI_IGD
 
 config VFIO_PCI_NVLINK2
 	def_bool y
-	depends on VFIO_PCI && PPC_POWERNV
+	depends on VFIO_PCI && PPC_POWERNV && SPAPR_TCE_IOMMU
 	help
 	  VFIO PCI support for P9 Witherspoon machine with NVIDIA V100 GPUs



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 56/74] pinctrl: rockchip: fix restore error in resume
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 55/74] vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 57/74] extcon: Add stubs for extcon_register_notifier_all() functions Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jianqun Xu, Heiko Stuebner,
	Wang Panzhenzhuan, Linus Walleij

From: Wang Panzhenzhuan <randy.wang@rock-chips.com>

commit c971af25cda94afe71617790826a86253e88eab0 upstream.

The restore in resume should match to suspend which only set for RK3288
SoCs pinctrl.

Fixes: 8dca933127024 ("pinctrl: rockchip: save and restore gpio6_c6 pinmux in suspend/resume")
Reviewed-by: Jianqun Xu <jay.xu@rock-chips.com>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Wang Panzhenzhuan <randy.wang@rock-chips.com>
Signed-off-by: Jianqun Xu <jay.xu@rock-chips.com>
Link: https://lore.kernel.org/r/20210223100725.269240-1-jay.xu@rock-chips.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/pinctrl/pinctrl-rockchip.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

--- a/drivers/pinctrl/pinctrl-rockchip.c
+++ b/drivers/pinctrl/pinctrl-rockchip.c
@@ -3386,12 +3386,15 @@ static int __maybe_unused rockchip_pinct
 static int __maybe_unused rockchip_pinctrl_resume(struct device *dev)
 {
 	struct rockchip_pinctrl *info = dev_get_drvdata(dev);
-	int ret = regmap_write(info->regmap_base, RK3288_GRF_GPIO6C_IOMUX,
-			       rk3288_grf_gpio6c_iomux |
-			       GPIO6C6_SEL_WRITE_ENABLE);
+	int ret;
 
-	if (ret)
-		return ret;
+	if (info->ctrl->type == RK3288) {
+		ret = regmap_write(info->regmap_base, RK3288_GRF_GPIO6C_IOMUX,
+				   rk3288_grf_gpio6c_iomux |
+				   GPIO6C6_SEL_WRITE_ENABLE);
+		if (ret)
+			return ret;
+	}
 
 	return pinctrl_force_default(info->pctl_dev);
 }



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 57/74] extcon: Add stubs for extcon_register_notifier_all() functions
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 56/74] pinctrl: rockchip: fix restore error in resume Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 58/74] extcon: Fix error handling in extcon_dev_register Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, kernel test robot,
	Krzysztof Kozlowski, Chanwoo Choi, Sasha Levin

From: Krzysztof Kozlowski <krzk@kernel.org>

[ Upstream commit c9570d4a5efd04479b3cd09c39b571eb031d94f4 ]

Add stubs for extcon_register_notifier_all() function for !CONFIG_EXTCON
case.  This is useful for compile testing and for drivers which use
EXTCON but do not require it (therefore do not depend on CONFIG_EXTCON).

Fixes: 815429b39d94 ("extcon: Add new extcon_register_notifier_all() to monitor all external connectors")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/linux/extcon.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/include/linux/extcon.h b/include/linux/extcon.h
index 2bdf643d8593..47d3e19a49ae 100644
--- a/include/linux/extcon.h
+++ b/include/linux/extcon.h
@@ -271,6 +271,29 @@ static inline  void devm_extcon_unregister_notifier(struct device *dev,
 				struct extcon_dev *edev, unsigned int id,
 				struct notifier_block *nb) { }
 
+static inline int extcon_register_notifier_all(struct extcon_dev *edev,
+					       struct notifier_block *nb)
+{
+	return 0;
+}
+
+static inline int extcon_unregister_notifier_all(struct extcon_dev *edev,
+						 struct notifier_block *nb)
+{
+	return 0;
+}
+
+static inline int devm_extcon_register_notifier_all(struct device *dev,
+						    struct extcon_dev *edev,
+						    struct notifier_block *nb)
+{
+	return 0;
+}
+
+static inline void devm_extcon_unregister_notifier_all(struct device *dev,
+						       struct extcon_dev *edev,
+						       struct notifier_block *nb) { }
+
 static inline struct extcon_dev *extcon_get_extcon_dev(const char *extcon_name)
 {
 	return ERR_PTR(-ENODEV);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 58/74] extcon: Fix error handling in extcon_dev_register
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 57/74] extcon: Add stubs for extcon_register_notifier_all() functions Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 59/74] firewire: nosy: Fix a use-after-free bug in nosy_ioctl() Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dinghao Liu, Chanwoo Choi, Sasha Levin

From: Dinghao Liu <dinghao.liu@zju.edu.cn>

[ Upstream commit d3bdd1c3140724967ca4136755538fa7c05c2b4e ]

When devm_kcalloc() fails, we should execute device_unregister()
to unregister edev->dev from system.

Fixes: 046050f6e623e ("extcon: Update the prototype of extcon_register_notifier() with enum extcon")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/extcon/extcon.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index e055893fd5c3..5c9e156cd086 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1241,6 +1241,7 @@ int extcon_dev_register(struct extcon_dev *edev)
 				sizeof(*edev->nh), GFP_KERNEL);
 	if (!edev->nh) {
 		ret = -ENOMEM;
+		device_unregister(&edev->dev);
 		goto err_dev;
 	}
 
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 59/74] firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 58/74] extcon: Fix error handling in extcon_dev_register Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 60/74] usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Greg Kroah-Hartman,
	Stefan Richter, Linus Torvalds, Sasha Levin

From: Zheyu Ma <zheyuma97@gmail.com>

[ Upstream commit 829933ef05a951c8ff140e814656d73e74915faf ]

For each device, the nosy driver allocates a pcilynx structure.
A use-after-free might happen in the following scenario:

 1. Open nosy device for the first time and call ioctl with command
    NOSY_IOC_START, then a new client A will be malloced and added to
    doubly linked list.
 2. Open nosy device for the second time and call ioctl with command
    NOSY_IOC_START, then a new client B will be malloced and added to
    doubly linked list.
 3. Call ioctl with command NOSY_IOC_START for client A, then client A
    will be readded to the doubly linked list. Now the doubly linked
    list is messed up.
 4. Close the first nosy device and nosy_release will be called. In
    nosy_release, client A will be unlinked and freed.
 5. Close the second nosy device, and client A will be referenced,
    resulting in UAF.

The root cause of this bug is that the element in the doubly linked list
is reentered into the list.

Fix this bug by adding a check before inserting a client.  If a client
is already in the linked list, don't insert it.

The following KASAN report reveals it:

   BUG: KASAN: use-after-free in nosy_release+0x1ea/0x210
   Write of size 8 at addr ffff888102ad7360 by task poc
   CPU: 3 PID: 337 Comm: poc Not tainted 5.12.0-rc5+ #6
   Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
   Call Trace:
     nosy_release+0x1ea/0x210
     __fput+0x1e2/0x840
     task_work_run+0xe8/0x180
     exit_to_user_mode_prepare+0x114/0x120
     syscall_exit_to_user_mode+0x1d/0x40
     entry_SYSCALL_64_after_hwframe+0x44/0xae

   Allocated by task 337:
     nosy_open+0x154/0x4d0
     misc_open+0x2ec/0x410
     chrdev_open+0x20d/0x5a0
     do_dentry_open+0x40f/0xe80
     path_openat+0x1cf9/0x37b0
     do_filp_open+0x16d/0x390
     do_sys_openat2+0x11d/0x360
     __x64_sys_open+0xfd/0x1a0
     do_syscall_64+0x33/0x40
     entry_SYSCALL_64_after_hwframe+0x44/0xae

   Freed by task 337:
     kfree+0x8f/0x210
     nosy_release+0x158/0x210
     __fput+0x1e2/0x840
     task_work_run+0xe8/0x180
     exit_to_user_mode_prepare+0x114/0x120
     syscall_exit_to_user_mode+0x1d/0x40
     entry_SYSCALL_64_after_hwframe+0x44/0xae

   The buggy address belongs to the object at ffff888102ad7300 which belongs to the cache kmalloc-128 of size 128
   The buggy address is located 96 bytes inside of 128-byte region [ffff888102ad7300, ffff888102ad7380)

[ Modified to use 'list_empty()' inside proper lock  - Linus ]

Link: https://lore.kernel.org/lkml/1617433116-5930-1-git-send-email-zheyuma97@gmail.com/
Reported-and-tested-by: 马哲宇 (Zheyu Ma) <zheyuma97@gmail.com>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/firewire/nosy.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/firewire/nosy.c b/drivers/firewire/nosy.c
index 0cc746673677..9ee747a85ee4 100644
--- a/drivers/firewire/nosy.c
+++ b/drivers/firewire/nosy.c
@@ -346,6 +346,7 @@ nosy_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	struct client *client = file->private_data;
 	spinlock_t *client_list_lock = &client->lynx->client_list_lock;
 	struct nosy_stats stats;
+	int ret;
 
 	switch (cmd) {
 	case NOSY_IOC_GET_STATS:
@@ -360,11 +361,15 @@ nosy_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 			return 0;
 
 	case NOSY_IOC_START:
+		ret = -EBUSY;
 		spin_lock_irq(client_list_lock);
-		list_add_tail(&client->link, &client->lynx->client_list);
+		if (list_empty(&client->link)) {
+			list_add_tail(&client->link, &client->lynx->client_list);
+			ret = 0;
+		}
 		spin_unlock_irq(client_list_lock);
 
-		return 0;
+		return ret;
 
 	case NOSY_IOC_STOP:
 		spin_lock_irq(client_list_lock);
-- 
2.30.2




^ permalink raw reply related	[flat|nested] 84+ messages in thread

* [PATCH 5.4 60/74] usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 59/74] firewire: nosy: Fix a use-after-free bug in nosy_ioctl() Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 61/74] USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+3dea30b047f41084de66, Shuah Khan

From: Shuah Khan <skhan@linuxfoundation.org>

commit 1cc5ed25bdade86de2650a82b2730108a76de20c upstream.

Fix shift out-of-bounds in vhci_hub_control() SetPortFeature handling.

UBSAN: shift-out-of-bounds in drivers/usb/usbip/vhci_hcd.c:605:42
shift exponent 768 is too large for 32-bit type 'int'

Reported-by: syzbot+3dea30b047f41084de66@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210324230654.34798-1-skhan@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/usbip/vhci_hcd.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -595,6 +595,8 @@ static int vhci_hub_control(struct usb_h
 				pr_err("invalid port number %d\n", wIndex);
 				goto error;
 			}
+			if (wValue >= 32)
+				goto error;
 			if (hcd->speed == HCD_USB3) {
 				if ((vhci_hcd->port_status[rhport] &
 				     USB_SS_PORT_STAT_POWER) != 0) {



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 61/74] USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 60/74] usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 62/74] usb: musb: Fix suspend with devices connected for a64 Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vincent Palatin

From: Vincent Palatin <vpalatin@chromium.org>

commit 0bd860493f81eb2a46173f6f5e44cc38331c8dbd upstream.

This LTE modem (M.2 card) has a bug in its power management:
there is some kind of race condition for U3 wake-up between the host and
the device. The modem firmware sometimes crashes/locks when both events
happen at the same time and the modem fully drops off the USB bus (and
sometimes re-enumerates, sometimes just gets stuck until the next
reboot).

Tested with the modem wired to the XHCI controller on an AMD 3015Ce
platform. Without the patch, the modem dropped of the USB bus 5 times in
3 days. With the quirk, it stayed connected for a week while the
'runtime_suspended_time' counter incremented as excepted.

Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Link: https://lore.kernel.org/r/20210319124802.2315195-1-vpalatin@chromium.org
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/core/quirks.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -498,6 +498,10 @@ static const struct usb_device_id usb_qu
 	/* DJI CineSSD */
 	{ USB_DEVICE(0x2ca3, 0x0031), .driver_info = USB_QUIRK_NO_LPM },
 
+	/* Fibocom L850-GL LTE Modem */
+	{ USB_DEVICE(0x2cb7, 0x0007), .driver_info =
+			USB_QUIRK_IGNORE_REMOTE_WAKEUP },
+
 	/* INTEL VALUE SSD */
 	{ USB_DEVICE(0x8086, 0xf1a5), .driver_info = USB_QUIRK_RESET_RESUME },
 



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 62/74] usb: musb: Fix suspend with devices connected for a64
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 61/74] USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 63/74] usb: xhci-mtk: fix broken streams issue on 0.96 xHCI Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bhushan Shah, Tony Lindgren

From: Tony Lindgren <tony@atomide.com>

commit 92af4fc6ec331228aca322ca37c8aea7b150a151 upstream.

Pinephone running on Allwinner A64 fails to suspend with USB devices
connected as reported by Bhushan Shah <bshah@kde.org>. Reverting
commit 5fbf7a253470 ("usb: musb: fix idling for suspend after
disconnect interrupt") fixes the issue.

Let's add suspend checks also for suspend after disconnect interrupt
quirk handling like we already do elsewhere.

Fixes: 5fbf7a253470 ("usb: musb: fix idling for suspend after disconnect interrupt")
Reported-by: Bhushan Shah <bshah@kde.org>
Tested-by: Bhushan Shah <bshah@kde.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20210324071142.42264-1-tony@atomide.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/musb/musb_core.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

--- a/drivers/usb/musb/musb_core.c
+++ b/drivers/usb/musb/musb_core.c
@@ -1866,10 +1866,14 @@ static void musb_pm_runtime_check_sessio
 		MUSB_DEVCTL_HR;
 	switch (devctl & ~s) {
 	case MUSB_QUIRK_B_DISCONNECT_99:
-		musb_dbg(musb, "Poll devctl in case of suspend after disconnect\n");
-		schedule_delayed_work(&musb->irq_work,
-				      msecs_to_jiffies(1000));
-		break;
+		if (musb->quirk_retries && !musb->flush_irq_work) {
+			musb_dbg(musb, "Poll devctl in case of suspend after disconnect\n");
+			schedule_delayed_work(&musb->irq_work,
+					      msecs_to_jiffies(1000));
+			musb->quirk_retries--;
+			break;
+		}
+		fallthrough;
 	case MUSB_QUIRK_B_INVALID_VBUS_91:
 		if (musb->quirk_retries && !musb->flush_irq_work) {
 			musb_dbg(musb,



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 63/74] usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 62/74] usb: musb: Fix suspend with devices connected for a64 Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 64/74] cdc-acm: fix BREAK rx code path adding necessary calls Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chunfeng Yun

From: Chunfeng Yun <chunfeng.yun@mediatek.com>

commit 6f978a30c9bb12dab1302d0f06951ee290f5e600 upstream.

The MediaTek 0.96 xHCI controller on some platforms does not
support bulk stream even HCCPARAMS says supporting, due to MaxPSASize
is set a default value 1 by mistake, here use XHCI_BROKEN_STREAMS
quirk to fix it.

Fixes: 94a631d91ad3 ("usb: xhci-mtk: check hcc_params after adding primary hcd")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Link: https://lore.kernel.org/r/1616482975-17841-4-git-send-email-chunfeng.yun@mediatek.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/host/xhci-mtk.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/drivers/usb/host/xhci-mtk.c
+++ b/drivers/usb/host/xhci-mtk.c
@@ -397,6 +397,13 @@ static void xhci_mtk_quirks(struct devic
 	xhci->quirks |= XHCI_SPURIOUS_SUCCESS;
 	if (mtk->lpm_support)
 		xhci->quirks |= XHCI_LPM_SUPPORT;
+
+	/*
+	 * MTK xHCI 0.96: PSA is 1 by default even if doesn't support stream,
+	 * and it's 3 when support it.
+	 */
+	if (xhci->hci_version < 0x100 && HCC_MAX_PSA(xhci->hcc_params) == 4)
+		xhci->quirks |= XHCI_BROKEN_STREAMS;
 }
 
 /* called during probe() after chip reset completes */
@@ -553,7 +560,8 @@ static int xhci_mtk_probe(struct platfor
 	if (ret)
 		goto put_usb3_hcd;
 
-	if (HCC_MAX_PSA(xhci->hcc_params) >= 4)
+	if (HCC_MAX_PSA(xhci->hcc_params) >= 4 &&
+	    !(xhci->quirks & XHCI_BROKEN_STREAMS))
 		xhci->shared_hcd->can_do_streams = 1;
 
 	ret = usb_add_hcd(xhci->shared_hcd, irq, IRQF_SHARED);



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 64/74] cdc-acm: fix BREAK rx code path adding necessary calls
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 63/74] usb: xhci-mtk: fix broken streams issue on 0.96 xHCI Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 65/74] USB: cdc-acm: untangle a circular dependency between callback and softint Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Oliver Neukum

From: Oliver Neukum <oneukum@suse.com>

commit 08dff274edda54310d6f1cf27b62fddf0f8d146e upstream.

Counting break events is nice but we should actually report them to
the tty layer.

Fixes: 5a6a62bdb9257 ("cdc-acm: add TIOCMIWAIT")
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20210311133714.31881-1-oneukum@suse.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/class/cdc-acm.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -312,8 +312,10 @@ static void acm_process_notification(str
 			acm->iocount.dsr++;
 		if (difference & ACM_CTRL_DCD)
 			acm->iocount.dcd++;
-		if (newctrl & ACM_CTRL_BRK)
+		if (newctrl & ACM_CTRL_BRK) {
 			acm->iocount.brk++;
+			tty_insert_flip_char(&acm->port, 0, TTY_BREAK);
+		}
 		if (newctrl & ACM_CTRL_RI)
 			acm->iocount.rng++;
 		if (newctrl & ACM_CTRL_FRAMING)



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 65/74] USB: cdc-acm: untangle a circular dependency between callback and softint
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 64/74] cdc-acm: fix BREAK rx code path adding necessary calls Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 66/74] USB: cdc-acm: downgrade message to debug Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bruno Thomsen, Oliver Neukum

From: Oliver Neukum <oneukum@suse.com>

commit 6069e3e927c8fb3a1947b07d1a561644ea960248 upstream.

We have a cycle of callbacks scheduling works which submit
URBs with thos callbacks. This needs to be blocked, stopped
and unblocked to untangle the circle.

The issue leads to faults like:

[   55.068392] Unable to handle kernel paging request at virtual address 6b6b6c03
[   55.075624] pgd = be866494
[   55.078335] [6b6b6c03] *pgd=00000000
[   55.081924] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[   55.087238] Modules linked in: ppp_async crc_ccitt ppp_generic slhc
xt_TCPMSS xt_tcpmss xt_hl nf_log_ipv6 nf_log_ipv4 nf_log_common
xt_policy xt_limit xt_conntrack xt_tcpudp xt_pkttype ip6table_mangle
iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
iptable_mangle ip6table_filter ip6_tables iptable_filter ip_tables
des_generic md5 sch_fq_codel cdc_mbim cdc_wdm cdc_ncm usbnet mii
cdc_acm usb_storage ip_tunnel xfrm_user xfrm6_tunnel tunnel6
xfrm4_tunnel tunnel4 esp6 esp4 ah6 ah4 xfrm_algo xt_LOG xt_LED
xt_comment x_tables ipv6
[   55.134954] CPU: 0 PID: 82 Comm: kworker/0:2 Tainted: G
   T 5.8.17 #1
[   55.142526] Hardware name: Freescale i.MX7 Dual (Device Tree)
[   55.148304] Workqueue: events acm_softint [cdc_acm]
[   55.153196] PC is at kobject_get+0x10/0xa4
[   55.157302] LR is at usb_get_dev+0x14/0x1c
[   55.161402] pc : [<8047c06c>]    lr : [<80560448>]    psr: 20000193
[   55.167671] sp : bca39ea8  ip : 00007374  fp : bf6cbd80
[   55.172899] r10: 00000000  r9 : bdd92284  r8 : bdd92008
[   55.178128] r7 : 6b6b6b6b  r6 : fffffffe  r5 : 60000113  r4 : 6b6b6be3
[   55.184658] r3 : 6b6b6b6b  r2 : 00000111  r1 : 00000000  r0 : 6b6b6be3
[   55.191191] Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM Segment none
[   55.198417] Control: 10c5387d  Table: bcf0c06a  DAC: 00000051
[   55.204168] Process kworker/0:2 (pid: 82, stack limit = 0x9bdd2a89)
[   55.210439] Stack: (0xbca39ea8 to 0xbca3a000)
[   55.214805] 9ea0:                   bf6cbd80 80769a50 6b6b6b6b 80560448 bdeb0500 8056bfe8
[   55.222991] 9ec0: 00000002 b76da000 00000000 bdeb0500 bdd92448 bca38000 bdeb0510 8056d69c
[   55.231177] 9ee0: bca38000 00000000 80c050fc 00000000 bca39f44 09d42015 00000000 00000001
[   55.239363] 9f00: bdd92448 bdd92438 bdd92000 7f1158c4 bdd92448 bca2ee00 bf6cbd80 bf6cef00
[   55.247549] 9f20: 00000000 00000000 00000000 801412d8 bf6cbd98 80c03d00 bca2ee00 bf6cbd80
[   55.255735] 9f40: bca2ee14 bf6cbd98 80c03d00 00000008 bca38000 80141568 00000000 80c446ae
[   55.263921] 9f60: 00000000 bc9ed880 bc9f0700 bca38000 bc117eb4 80141524 bca2ee00 bc9ed8a4
[   55.272107] 9f80: 00000000 80147cc8 00000000 bc9f0700 80147b84 00000000 00000000 00000000
[   55.280292] 9fa0: 00000000 00000000 00000000 80100148 00000000 00000000 00000000 00000000
[   55.288477] 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   55.296662] 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[   55.304860] [<8047c06c>] (kobject_get) from [<80560448>] (usb_get_dev+0x14/0x1c)
[   55.312271] [<80560448>] (usb_get_dev) from [<8056bfe8>] (usb_hcd_unlink_urb+0x50/0xd8)
[   55.320286] [<8056bfe8>] (usb_hcd_unlink_urb) from [<8056d69c>] (usb_kill_urb.part.0+0x44/0xd0)
[   55.329004] [<8056d69c>] (usb_kill_urb.part.0) from [<7f1158c4>] (acm_softint+0x4c/0x10c [cdc_acm])
[   55.338082] [<7f1158c4>] (acm_softint [cdc_acm]) from [<801412d8>] (process_one_work+0x19c/0x3e8)
[   55.346969] [<801412d8>] (process_one_work) from [<80141568>] (worker_thread+0x44/0x4dc)
[   55.355072] [<80141568>] (worker_thread) from [<80147cc8>] (kthread+0x144/0x180)
[   55.362481] [<80147cc8>] (kthread) from [<80100148>] (ret_from_fork+0x14/0x2c)
[   55.369706] Exception stack(0xbca39fb0 to 0xbca39ff8)

Tested-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210311130126.15972-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/class/cdc-acm.c |   48 +++++++++++++++++++++++++++++---------------
 1 file changed, 32 insertions(+), 16 deletions(-)

--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -147,17 +147,29 @@ static inline int acm_set_control(struct
 #define acm_send_break(acm, ms) \
 	acm_ctrl_msg(acm, USB_CDC_REQ_SEND_BREAK, ms, NULL, 0)
 
-static void acm_kill_urbs(struct acm *acm)
+static void acm_poison_urbs(struct acm *acm)
 {
 	int i;
 
-	usb_kill_urb(acm->ctrlurb);
+	usb_poison_urb(acm->ctrlurb);
 	for (i = 0; i < ACM_NW; i++)
-		usb_kill_urb(acm->wb[i].urb);
+		usb_poison_urb(acm->wb[i].urb);
 	for (i = 0; i < acm->rx_buflimit; i++)
-		usb_kill_urb(acm->read_urbs[i]);
+		usb_poison_urb(acm->read_urbs[i]);
+}
+
+static void acm_unpoison_urbs(struct acm *acm)
+{
+	int i;
+
+	for (i = 0; i < acm->rx_buflimit; i++)
+		usb_unpoison_urb(acm->read_urbs[i]);
+	for (i = 0; i < ACM_NW; i++)
+		usb_unpoison_urb(acm->wb[i].urb);
+	usb_unpoison_urb(acm->ctrlurb);
 }
 
+
 /*
  * Write buffer management.
  * All of these assume proper locks taken by the caller.
@@ -225,9 +237,10 @@ static int acm_start_wb(struct acm *acm,
 
 	rc = usb_submit_urb(wb->urb, GFP_ATOMIC);
 	if (rc < 0) {
-		dev_err(&acm->data->dev,
-			"%s - usb_submit_urb(write bulk) failed: %d\n",
-			__func__, rc);
+		if (rc != -EPERM)
+			dev_err(&acm->data->dev,
+				"%s - usb_submit_urb(write bulk) failed: %d\n",
+				__func__, rc);
 		acm_write_done(acm, wb);
 	}
 	return rc;
@@ -481,11 +494,6 @@ static void acm_read_bulk_callback(struc
 	dev_vdbg(&acm->data->dev, "got urb %d, len %d, status %d\n",
 		rb->index, urb->actual_length, status);
 
-	if (!acm->dev) {
-		dev_dbg(&acm->data->dev, "%s - disconnected\n", __func__);
-		return;
-	}
-
 	switch (status) {
 	case 0:
 		usb_mark_last_busy(acm->dev);
@@ -732,6 +740,7 @@ static void acm_port_shutdown(struct tty
 	 * Need to grab write_lock to prevent race with resume, but no need to
 	 * hold it due to the tty-port initialised flag.
 	 */
+	acm_poison_urbs(acm);
 	spin_lock_irq(&acm->write_lock);
 	spin_unlock_irq(&acm->write_lock);
 
@@ -748,7 +757,8 @@ static void acm_port_shutdown(struct tty
 		usb_autopm_put_interface_async(acm->control);
 	}
 
-	acm_kill_urbs(acm);
+	acm_unpoison_urbs(acm);
+
 }
 
 static void acm_tty_cleanup(struct tty_struct *tty)
@@ -1555,8 +1565,14 @@ static void acm_disconnect(struct usb_in
 	if (!acm)
 		return;
 
-	mutex_lock(&acm->mutex);
 	acm->disconnected = true;
+	/*
+	 * there is a circular dependency. acm_softint() can resubmit
+	 * the URBs in error handling so we need to block any
+	 * submission right away
+	 */
+	acm_poison_urbs(acm);
+	mutex_lock(&acm->mutex);
 	if (acm->country_codes) {
 		device_remove_file(&acm->control->dev,
 				&dev_attr_wCountryCodes);
@@ -1575,7 +1591,6 @@ static void acm_disconnect(struct usb_in
 		tty_kref_put(tty);
 	}
 
-	acm_kill_urbs(acm);
 	cancel_delayed_work_sync(&acm->dwork);
 
 	tty_unregister_device(acm_tty_driver, acm->minor);
@@ -1617,7 +1632,7 @@ static int acm_suspend(struct usb_interf
 	if (cnt)
 		return 0;
 
-	acm_kill_urbs(acm);
+	acm_poison_urbs(acm);
 	cancel_delayed_work_sync(&acm->dwork);
 	acm->urbs_in_error_delay = 0;
 
@@ -1630,6 +1645,7 @@ static int acm_resume(struct usb_interfa
 	struct urb *urb;
 	int rv = 0;
 
+	acm_unpoison_urbs(acm);
 	spin_lock_irq(&acm->write_lock);
 
 	if (--acm->susp_count)



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 66/74] USB: cdc-acm: downgrade message to debug
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 65/74] USB: cdc-acm: untangle a circular dependency between callback and softint Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 67/74] USB: cdc-acm: fix double free on probe failure Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bruno Thomsen, Oliver Neukum

From: Oliver Neukum <oneukum@suse.com>

commit e4c77070ad45fc940af1d7fb1e637c349e848951 upstream.

This failure is so common that logging an error here amounts
to spamming log files.

Reviewed-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210311130126.15972-2-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/class/cdc-acm.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -658,7 +658,8 @@ static void acm_port_dtr_rts(struct tty_
 
 	res = acm_set_control(acm, val);
 	if (res && (acm->ctrl_caps & USB_CDC_CAP_LINE))
-		dev_err(&acm->control->dev, "failed to set dtr/rts\n");
+		/* This is broken in too many devices to spam the logs */
+		dev_dbg(&acm->control->dev, "failed to set dtr/rts\n");
 }
 
 static int acm_port_activate(struct tty_port *port, struct tty_struct *tty)



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 67/74] USB: cdc-acm: fix double free on probe failure
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 66/74] USB: cdc-acm: downgrade message to debug Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 68/74] USB: cdc-acm: fix use-after-free after " Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jaejoong Kim, Oliver Neukum, Johan Hovold

From: Johan Hovold <johan@kernel.org>

commit 7180495cb3d0e2a2860d282a468b4146c21da78f upstream.

If tty-device registration fails the driver copy of any Country
Selection functional descriptor would end up being freed twice; first
explicitly in the error path and then again in the tty-port destructor.

Drop the first erroneous free that was left when fixing a tty-port
resource leak.

Fixes: cae2bc768d17 ("usb: cdc-acm: Decrement tty port's refcount if probe() fail")
Cc: stable@vger.kernel.org      # 4.19
Cc: Jaejoong Kim <climbbb.kim@gmail.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20210322155318.9837-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/class/cdc-acm.c |    1 -
 1 file changed, 1 deletion(-)

--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1534,7 +1534,6 @@ alloc_fail6:
 				&dev_attr_wCountryCodes);
 		device_remove_file(&acm->control->dev,
 				&dev_attr_iCountryCodeRelDate);
-		kfree(acm->country_codes);
 	}
 	device_remove_file(&acm->control->dev, &dev_attr_bmCapabilities);
 alloc_fail5:



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 68/74] USB: cdc-acm: fix use-after-free after probe failure
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 67/74] USB: cdc-acm: fix double free on probe failure Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 69/74] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexey Khoroshilov, Oliver Neukum,
	Johan Hovold

From: Johan Hovold <johan@kernel.org>

commit 4e49bf376c0451ad2eae2592e093659cde12be9a upstream.

If tty-device registration fails the driver would fail to release the
data interface. When the device is later disconnected, the disconnect
callback would still be called for the data interface and would go about
releasing already freed resources.

Fixes: c93d81955005 ("usb: cdc-acm: fix error handling in acm_probe()")
Cc: stable@vger.kernel.org      # 3.9
Cc: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20210322155318.9837-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/class/cdc-acm.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1529,6 +1529,11 @@ skip_countries:
 
 	return 0;
 alloc_fail6:
+	if (!acm->combined_interfaces) {
+		/* Clear driver data so that disconnect() returns early. */
+		usb_set_intfdata(data_interface, NULL);
+		usb_driver_release_interface(&acm_driver, data_interface);
+	}
 	if (acm->country_codes) {
 		device_remove_file(&acm->control->dev,
 				&dev_attr_wCountryCodes);



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 69/74] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 68/74] USB: cdc-acm: fix use-after-free after " Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 70/74] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tong Zhang

From: Tong Zhang <ztong0001@gmail.com>

commit 72035f4954f0bca2d8c47cf31b3629c42116f5b7 upstream.

init_dma_pools() calls dma_pool_create(...dev->dev) to create dma pool.
however, dev->dev is actually set after calling init_dma_pools(), which
effectively makes dma_pool_create(..NULL) and cause crash.
To fix this issue, init dma only after dev->dev is set.

[    1.317993] RIP: 0010:dma_pool_create+0x83/0x290
[    1.323257] Call Trace:
[    1.323390]  ? pci_write_config_word+0x27/0x30
[    1.323626]  init_dma_pools+0x41/0x1a0 [snps_udc_core]
[    1.323899]  udc_pci_probe+0x202/0x2b1 [amd5536udc_pci]

Fixes: 7c51247a1f62 (usb: gadget: udc: Provide correct arguments for 'dma_pool_create')
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20210317230400.357756-1-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/gadget/udc/amd5536udc_pci.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

--- a/drivers/usb/gadget/udc/amd5536udc_pci.c
+++ b/drivers/usb/gadget/udc/amd5536udc_pci.c
@@ -154,6 +154,11 @@ static int udc_pci_probe(
 	pci_set_master(pdev);
 	pci_try_set_mwi(pdev);
 
+	dev->phys_addr = resource;
+	dev->irq = pdev->irq;
+	dev->pdev = pdev;
+	dev->dev = &pdev->dev;
+
 	/* init dma pools */
 	if (use_dma) {
 		retval = init_dma_pools(dev);
@@ -161,11 +166,6 @@ static int udc_pci_probe(
 			goto err_dma;
 	}
 
-	dev->phys_addr = resource;
-	dev->irq = pdev->irq;
-	dev->pdev = pdev;
-	dev->dev = &pdev->dev;
-
 	/* general probing */
 	if (udc_probe(dev)) {
 		retval = -ENODEV;



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 70/74] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 69/74] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 71/74] usb: dwc2: Prevent core suspend when port connection flag is 0 Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Artur Petrosyan, Minas Harutyunyan

From: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>

commit 5e3bbae8ee3d677a0aa2919dc62b5c60ea01ba61 upstream.

Increased the waiting timeout for HPRT0.PrtSusp register field
to be set, because on HiKey 960 board HPRT0.PrtSusp wasn't
generated with the existing timeout.

Cc: <stable@vger.kernel.org> # 4.18
Fixes: 22bb5cfdf13a ("usb: dwc2: Fix host exit from hibernation flow.")
Signed-off-by: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
Acked-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Link: https://lore.kernel.org/r/20210326102447.8F7FEA005D@mailhost.synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/dwc2/hcd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -5398,7 +5398,7 @@ int dwc2_host_enter_hibernation(struct d
 	dwc2_writel(hsotg, hprt0, HPRT0);
 
 	/* Wait for the HPRT0.PrtSusp register field to be set */
-	if (dwc2_hsotg_wait_bit_set(hsotg, HPRT0, HPRT0_SUSP, 3000))
+	if (dwc2_hsotg_wait_bit_set(hsotg, HPRT0, HPRT0_SUSP, 5000))
 		dev_warn(hsotg->dev, "Suspend wasn't generated\n");
 
 	/*



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 71/74] usb: dwc2: Prevent core suspend when port connection flag is 0
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 70/74] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 72/74] staging: rtl8192e: Fix incorrect source in memcpy() Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Artur Petrosyan

From: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>

commit 93f672804bf2d7a49ef3fd96827ea6290ca1841e upstream.

In host mode port connection status flag is "0" when loading
the driver. After loading the driver system asserts suspend
which is handled by "_dwc2_hcd_suspend()" function. Before
the system suspend the port connection status is "0". As
result need to check the "port_connect_status" if it is "0",
then skipping entering to suspend.

Cc: <stable@vger.kernel.org> # 5.2
Fixes: 6f6d70597c15 ("usb: dwc2: bus suspend/resume for hosts with DWC2_POWER_DOWN_PARAM_NONE")
Signed-off-by: Artur Petrosyan <Arthur.Petrosyan@synopsys.com>
Link: https://lore.kernel.org/r/20210326102510.BDEDEA005D@mailhost.synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/dwc2/hcd.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -4322,7 +4322,8 @@ static int _dwc2_hcd_suspend(struct usb_
 	if (hsotg->op_state == OTG_STATE_B_PERIPHERAL)
 		goto unlock;
 
-	if (hsotg->params.power_down > DWC2_POWER_DOWN_PARAM_PARTIAL)
+	if (hsotg->params.power_down != DWC2_POWER_DOWN_PARAM_PARTIAL ||
+	    hsotg->flags.b.port_connect_status == 0)
 		goto skip_power_saving;
 
 	/*



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 72/74] staging: rtl8192e: Fix incorrect source in memcpy()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 71/74] usb: dwc2: Prevent core suspend when port connection flag is 0 Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 73/74] staging: rtl8192e: Change state information from u16 to u8 Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Atul Gopinathan

From: Atul Gopinathan <atulgopinathan@gmail.com>

commit 72ad25fbbb78930f892b191637359ab5b94b3190 upstream.

The variable "info_element" is of the following type:

	struct rtllib_info_element *info_element

defined in drivers/staging/rtl8192e/rtllib.h:

	struct rtllib_info_element {
		u8 id;
		u8 len;
		u8 data[];
	} __packed;

The "len" field defines the size of the "data[]" array. The code is
supposed to check if "info_element->len" is greater than 4 and later
equal to 6. If this is satisfied then, the last two bytes (the 4th and
5th element of u8 "data[]" array) are copied into "network->CcxRmState".

Right now the code uses "memcpy()" with the source as "&info_element[4]"
which would copy in wrong and unintended information. The struct
"rtllib_info_element" has a size of 2 bytes for "id" and "len",
therefore indexing will be done in interval of 2 bytes. So,
"info_element[4]" would point to data which is beyond the memory
allocated for this pointer (that is, at x+8, while "info_element" has
been allocated only from x to x+7 (2 + 6 => 8 bytes)).

This patch rectifies this error by using "&info_element->data[4]" which
correctly copies the last two bytes of "data[]".

NOTE: The faulty line of code came from the following commit:

commit ecdfa44610fa ("Staging: add Realtek 8192 PCI wireless driver")

The above commit created the file `rtl8192e/ieee80211/ieee80211_rx.c`
which had the faulty line of code. This file has been deleted (or
possibly renamed) with the contents copied in to a new file
`rtl8192e/rtllib_rx.c` along with additional code in the commit
94a799425eee (tagged in Fixes).

Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Cc: stable@vger.kernel.org
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210323113413.29179-1-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/rtl8192e/rtllib_rx.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/staging/rtl8192e/rtllib_rx.c
+++ b/drivers/staging/rtl8192e/rtllib_rx.c
@@ -1968,7 +1968,7 @@ static void rtllib_parse_mife_generic(st
 	    info_element->data[2] == 0x96 &&
 	    info_element->data[3] == 0x01) {
 		if (info_element->len == 6) {
-			memcpy(network->CcxRmState, &info_element[4], 2);
+			memcpy(network->CcxRmState, &info_element->data[4], 2);
 			if (network->CcxRmState[0] != 0)
 				network->bCcxRmEnable = true;
 			else



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 73/74] staging: rtl8192e: Change state information from u16 to u8
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 72/74] staging: rtl8192e: Fix incorrect source in memcpy() Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05  8:54 ` [PATCH 5.4 74/74] drivers: video: fbcon: fix NULL dereference in fbcon_cursor() Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Atul Gopinathan

From: Atul Gopinathan <atulgopinathan@gmail.com>

commit e78836ae76d20f38eed8c8c67f21db97529949da upstream.

The "u16 CcxRmState[2];" array field in struct "rtllib_network" has 4
bytes in total while the operations performed on this array through-out
the code base are only 2 bytes.

The "CcxRmState" field is fed only 2 bytes of data using memcpy():

(In rtllib_rx.c:1972)
	memcpy(network->CcxRmState, &info_element->data[4], 2)

With "info_element->data[]" being a u8 array, if 2 bytes are written
into "CcxRmState" (whose one element is u16 size), then the 2 u8
elements from "data[]" gets squashed and written into the first element
("CcxRmState[0]") while the second element ("CcxRmState[1]") is never
fed with any data.

Same in file rtllib_rx.c:2522:
	 memcpy(dst->CcxRmState, src->CcxRmState, 2);

The above line duplicates "src" data to "dst" but only writes 2 bytes
(and not 4, which is the actual size). Again, only 1st element gets the
value while the 2nd element remains uninitialized.

This later makes operations done with CcxRmState unpredictable in the
following lines as the 1st element is having a squashed number while the
2nd element is having an uninitialized random number.

rtllib_rx.c:1973:    if (network->CcxRmState[0] != 0)
rtllib_rx.c:1977:    network->MBssidMask = network->CcxRmState[1] & 0x07;

network->MBssidMask is also of type u8 and not u16.

Fix this by changing the type of "CcxRmState" from u16 to u8 so that the
data written into this array and read from it make sense and are not
random values.

NOTE: The wrong initialization of "CcxRmState" can be seen in the
following commit:

commit ecdfa44610fa ("Staging: add Realtek 8192 PCI wireless driver")

The above commit created a file `rtl8192e/ieee80211.h` which used to
have the faulty line. The file has been deleted (or possibly renamed)
with the contents copied in to a new file `rtl8192e/rtllib.h` along with
additional code in the commit 94a799425eee (tagged in Fixes).

Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Cc: stable@vger.kernel.org
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210323113413.29179-2-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/rtl8192e/rtllib.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/staging/rtl8192e/rtllib.h
+++ b/drivers/staging/rtl8192e/rtllib.h
@@ -1105,7 +1105,7 @@ struct rtllib_network {
 	bool	bWithAironetIE;
 	bool	bCkipSupported;
 	bool	bCcxRmEnable;
-	u16	CcxRmState[2];
+	u8	CcxRmState[2];
 	bool	bMBssidValid;
 	u8	MBssidMask;
 	u8	MBssid[ETH_ALEN];



^ permalink raw reply	[flat|nested] 84+ messages in thread

* [PATCH 5.4 74/74] drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 73/74] staging: rtl8192e: Change state information from u16 to u8 Greg Kroah-Hartman
@ 2021-04-05  8:54 ` Greg Kroah-Hartman
  2021-04-05 16:51 ` [PATCH 5.4 00/74] 5.4.110-rc1 review Florian Fainelli
                   ` (4 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05  8:54 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, syzbot+b67aaae8d3a927f68d20, Du Cheng

From: Du Cheng <ducheng2@gmail.com>

commit 01faae5193d6190b7b3aa93dae43f514e866d652 upstream.

add null-check on function pointer before dereference on ops->cursor

Reported-by: syzbot+b67aaae8d3a927f68d20@syzkaller.appspotmail.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Link: https://lore.kernel.org/r/20210312081421.452405-1-ducheng2@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/video/fbdev/core/fbcon.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -1339,6 +1339,9 @@ static void fbcon_cursor(struct vc_data
 
 	ops->cursor_flash = (mode == CM_ERASE) ? 0 : 1;
 
+	if (!ops->cursor)
+		return;
+
 	ops->cursor(vc, info, mode, get_color(vc, info, c, 1),
 		    get_color(vc, info, c, 0));
 }



^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check()
  2021-04-05  8:53 ` [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check() Greg Kroah-Hartman
@ 2021-04-05 13:35   ` Sergey Shtylyov
  2021-04-05 13:40     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 84+ messages in thread
From: Sergey Shtylyov @ 2021-04-05 13:35 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: stable, Joe Perches, Miroslav Benes, Jessica Yu, Sasha Levin

On 4/5/21 11:53 AM, Greg Kroah-Hartman wrote:

> From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
> 
> [ Upstream commit 705e9195187d85249fbb0eaa844b1604a98fbc9a ]
> 
> The 'reason' variable in module_sig_check() points to 3 strings across
> the *switch* statement, all needlessly starting with the same text.
> Let's put the starting text into the pr_notice() call -- it saves 21
> bytes of the object code (x86 gcc 10.2.1).
> 
> Suggested-by: Joe Perches <joe@perches.com>
> Reviewed-by: Miroslav Benes <mbenes@suse.cz>
> Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
> Signed-off-by: Jessica Yu <jeyu@kernel.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  kernel/module.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/module.c b/kernel/module.c
> index ab1f97cfe18d..9fe3e9b85348 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2908,16 +2908,17 @@ static int module_sig_check(struct load_info *info, int flags)
>  		 * enforcing, certain errors are non-fatal.
>  		 */
>  	case -ENODATA:
> -		reason = "Loading of unsigned module";
> +		reason = "unsigned module";
>  		goto decide;
>  	case -ENOPKG:
> -		reason = "Loading of module with unsupported crypto";
> +		reason = "module with unsupported crypto";
>  		goto decide;
>  	case -ENOKEY:
> -		reason = "Loading of module with unavailable key";
> +		reason = "module with unavailable key";
>  	decide:
>  		if (is_module_sig_enforced()) {
> -			pr_notice("%s is rejected\n", reason);
> +			pr_notice("%s: loading of %s is rejected\n",
> +				  info->name, reason);

   Mhm, in 5.4 there was no printing of 'info->name'...

[...]

MBR, Sergey

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check()
  2021-04-05 13:35   ` Sergey Shtylyov
@ 2021-04-05 13:40     ` Greg Kroah-Hartman
  2021-04-05 14:11       ` Sergey Shtylyov
  0 siblings, 1 reply; 84+ messages in thread
From: Greg Kroah-Hartman @ 2021-04-05 13:40 UTC (permalink / raw)
  To: Sergey Shtylyov
  Cc: linux-kernel, stable, Joe Perches, Miroslav Benes, Jessica Yu,
	Sasha Levin

On Mon, Apr 05, 2021 at 04:35:40PM +0300, Sergey Shtylyov wrote:
> On 4/5/21 11:53 AM, Greg Kroah-Hartman wrote:
> 
> > From: Sergey Shtylyov <s.shtylyov@omprussia.ru>
> > 
> > [ Upstream commit 705e9195187d85249fbb0eaa844b1604a98fbc9a ]
> > 
> > The 'reason' variable in module_sig_check() points to 3 strings across
> > the *switch* statement, all needlessly starting with the same text.
> > Let's put the starting text into the pr_notice() call -- it saves 21
> > bytes of the object code (x86 gcc 10.2.1).
> > 
> > Suggested-by: Joe Perches <joe@perches.com>
> > Reviewed-by: Miroslav Benes <mbenes@suse.cz>
> > Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
> > Signed-off-by: Jessica Yu <jeyu@kernel.org>
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
> > ---
> >  kernel/module.c | 9 +++++----
> >  1 file changed, 5 insertions(+), 4 deletions(-)
> > 
> > diff --git a/kernel/module.c b/kernel/module.c
> > index ab1f97cfe18d..9fe3e9b85348 100644
> > --- a/kernel/module.c
> > +++ b/kernel/module.c
> > @@ -2908,16 +2908,17 @@ static int module_sig_check(struct load_info *info, int flags)
> >  		 * enforcing, certain errors are non-fatal.
> >  		 */
> >  	case -ENODATA:
> > -		reason = "Loading of unsigned module";
> > +		reason = "unsigned module";
> >  		goto decide;
> >  	case -ENOPKG:
> > -		reason = "Loading of module with unsupported crypto";
> > +		reason = "module with unsupported crypto";
> >  		goto decide;
> >  	case -ENOKEY:
> > -		reason = "Loading of module with unavailable key";
> > +		reason = "module with unavailable key";
> >  	decide:
> >  		if (is_module_sig_enforced()) {
> > -			pr_notice("%s is rejected\n", reason);
> > +			pr_notice("%s: loading of %s is rejected\n",
> > +				  info->name, reason);
> 
>    Mhm, in 5.4 there was no printing of 'info->name'...

Is that now a problem?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check()
  2021-04-05 13:40     ` Greg Kroah-Hartman
@ 2021-04-05 14:11       ` Sergey Shtylyov
  2021-04-05 16:14         ` Sasha Levin
  0 siblings, 1 reply; 84+ messages in thread
From: Sergey Shtylyov @ 2021-04-05 14:11 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, stable, Joe Perches, Miroslav Benes, Jessica Yu,
	Sasha Levin

On 4/5/21 4:40 PM, Greg Kroah-Hartman wrote:

[...]
>>> [ Upstream commit 705e9195187d85249fbb0eaa844b1604a98fbc9a ]
>>>
>>> The 'reason' variable in module_sig_check() points to 3 strings across
>>> the *switch* statement, all needlessly starting with the same text.
>>> Let's put the starting text into the pr_notice() call -- it saves 21
>>> bytes of the object code (x86 gcc 10.2.1).
>>>
>>> Suggested-by: Joe Perches <joe@perches.com>
>>> Reviewed-by: Miroslav Benes <mbenes@suse.cz>
>>> Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
>>> Signed-off-by: Jessica Yu <jeyu@kernel.org>
>>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>>> ---
>>>  kernel/module.c | 9 +++++----
>>>  1 file changed, 5 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/kernel/module.c b/kernel/module.c
>>> index ab1f97cfe18d..9fe3e9b85348 100644
>>> --- a/kernel/module.c
>>> +++ b/kernel/module.c
>>> @@ -2908,16 +2908,17 @@ static int module_sig_check(struct load_info *info, int flags)
>>>  		 * enforcing, certain errors are non-fatal.
>>>  		 */
>>>  	case -ENODATA:
>>> -		reason = "Loading of unsigned module";
>>> +		reason = "unsigned module";
>>>  		goto decide;
>>>  	case -ENOPKG:
>>> -		reason = "Loading of module with unsupported crypto";
>>> +		reason = "module with unsupported crypto";
>>>  		goto decide;
>>>  	case -ENOKEY:
>>> -		reason = "Loading of module with unavailable key";
>>> +		reason = "module with unavailable key";
>>>  	decide:
>>>  		if (is_module_sig_enforced()) {
>>> -			pr_notice("%s is rejected\n", reason);
>>> +			pr_notice("%s: loading of %s is rejected\n",
>>> +				  info->name, reason);
>>
>>    Mhm, in 5.4 there was no printing of 'info->name'...
> 
> Is that now a problem?

   Looking at 5.4.y, it probably shouldn't be a problem... but I had to go and look. :-)
   I've found a simple commit that added 'info->name' printing (perhaps should also be
considered for inclusion?):

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9f35f634e099894f4d6c3b039cd3de5281ee637


> thanks,
> 
> greg k-h

MBR, Sergey

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check()
  2021-04-05 14:11       ` Sergey Shtylyov
@ 2021-04-05 16:14         ` Sasha Levin
  0 siblings, 0 replies; 84+ messages in thread
From: Sasha Levin @ 2021-04-05 16:14 UTC (permalink / raw)
  To: Sergey Shtylyov
  Cc: Greg Kroah-Hartman, linux-kernel, stable, Joe Perches,
	Miroslav Benes, Jessica Yu

On Mon, Apr 05, 2021 at 05:11:13PM +0300, Sergey Shtylyov wrote:
>On 4/5/21 4:40 PM, Greg Kroah-Hartman wrote:
>
>[...]
>>>> [ Upstream commit 705e9195187d85249fbb0eaa844b1604a98fbc9a ]
>>>>
>>>> The 'reason' variable in module_sig_check() points to 3 strings across
>>>> the *switch* statement, all needlessly starting with the same text.
>>>> Let's put the starting text into the pr_notice() call -- it saves 21
>>>> bytes of the object code (x86 gcc 10.2.1).
>>>>
>>>> Suggested-by: Joe Perches <joe@perches.com>
>>>> Reviewed-by: Miroslav Benes <mbenes@suse.cz>
>>>> Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
>>>> Signed-off-by: Jessica Yu <jeyu@kernel.org>
>>>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>>>> ---
>>>>  kernel/module.c | 9 +++++----
>>>>  1 file changed, 5 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/kernel/module.c b/kernel/module.c
>>>> index ab1f97cfe18d..9fe3e9b85348 100644
>>>> --- a/kernel/module.c
>>>> +++ b/kernel/module.c
>>>> @@ -2908,16 +2908,17 @@ static int module_sig_check(struct load_info *info, int flags)
>>>>  		 * enforcing, certain errors are non-fatal.
>>>>  		 */
>>>>  	case -ENODATA:
>>>> -		reason = "Loading of unsigned module";
>>>> +		reason = "unsigned module";
>>>>  		goto decide;
>>>>  	case -ENOPKG:
>>>> -		reason = "Loading of module with unsupported crypto";
>>>> +		reason = "module with unsupported crypto";
>>>>  		goto decide;
>>>>  	case -ENOKEY:
>>>> -		reason = "Loading of module with unavailable key";
>>>> +		reason = "module with unavailable key";
>>>>  	decide:
>>>>  		if (is_module_sig_enforced()) {
>>>> -			pr_notice("%s is rejected\n", reason);
>>>> +			pr_notice("%s: loading of %s is rejected\n",
>>>> +				  info->name, reason);
>>>
>>>    Mhm, in 5.4 there was no printing of 'info->name'...
>>
>> Is that now a problem?
>
>   Looking at 5.4.y, it probably shouldn't be a problem... but I had to go and look. :-)
>   I've found a simple commit that added 'info->name' printing (perhaps should also be
>considered for inclusion?):
>
>https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9f35f634e099894f4d6c3b039cd3de5281ee637

Ah yes, looks like I squashed it in by mistake. I'll fix it up in the
queue. Thanks!

-- 
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 00/74] 5.4.110-rc1 review
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2021-04-05  8:54 ` [PATCH 5.4 74/74] drivers: video: fbcon: fix NULL dereference in fbcon_cursor() Greg Kroah-Hartman
@ 2021-04-05 16:51 ` Florian Fainelli
  2021-04-05 17:58 ` Guenter Roeck
                   ` (3 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Florian Fainelli @ 2021-04-05 16:51 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
	jonathanh, stable



On 4/5/2021 1:53 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.110 release.
> There are 74 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed, 07 Apr 2021 08:50:09 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.110-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

On ARCH_BRCMSTB, using 32-bit and 64-bit kernels:

Tested-by: Florian Fainelli <f.fainelli@gmail.com>
-- 
Florian

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 00/74] 5.4.110-rc1 review
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2021-04-05 16:51 ` [PATCH 5.4 00/74] 5.4.110-rc1 review Florian Fainelli
@ 2021-04-05 17:58 ` Guenter Roeck
  2021-04-06  0:29 ` Shuah Khan
                   ` (2 subsequent siblings)
  78 siblings, 0 replies; 84+ messages in thread
From: Guenter Roeck @ 2021-04-05 17:58 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, lkft-triage, pavel,
	jonathanh, f.fainelli, stable

On Mon, Apr 05, 2021 at 10:53:24AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.110 release.
> There are 74 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed, 07 Apr 2021 08:50:09 +0000.
> Anything received after that time might be too late.
> 

Build results:
	total: 157 pass: 157 fail: 0
Qemu test results:
	total: 433 pass: 433 fail: 0

Tested-by: Guenter Roeck <linux@roeck-us.net>

Guenter

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 00/74] 5.4.110-rc1 review
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2021-04-05 17:58 ` Guenter Roeck
@ 2021-04-06  0:29 ` Shuah Khan
  2021-04-06  3:42 ` Naresh Kamboju
  2021-04-06  7:12 ` Samuel Zou
  78 siblings, 0 replies; 84+ messages in thread
From: Shuah Khan @ 2021-04-06  0:29 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
	jonathanh, f.fainelli, stable, Shuah Khan

On 4/5/21 2:53 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.110 release.
> There are 74 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed, 07 Apr 2021 08:50:09 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.110-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

Tested-by: Shuah Khan <skhan@linuxfoundation.org>

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 00/74] 5.4.110-rc1 review
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2021-04-06  0:29 ` Shuah Khan
@ 2021-04-06  3:42 ` Naresh Kamboju
  2021-04-06  7:12 ` Samuel Zou
  78 siblings, 0 replies; 84+ messages in thread
From: Naresh Kamboju @ 2021-04-06  3:42 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: open list, Linus Torvalds, Andrew Morton, Guenter Roeck,
	Shuah Khan, patches, lkft-triage, Pavel Machek, Jon Hunter,
	Florian Fainelli, linux-stable

On Mon, 5 Apr 2021 at 14:33, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.4.110 release.
> There are 74 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 07 Apr 2021 08:50:09 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.110-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>

## Build
* kernel: 5.4.110-rc1
* git: ['https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git',
'https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc']
* git branch: linux-5.4.y
* git commit: c6f7c5a01d5a9e0d0cfb721249d5378de5f00310
* git describe: v5.4.109-75-gc6f7c5a01d5a
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.4.y/build/v5.4.109-75-gc6f7c5a01d5a

## No regressions (compared to v5.4.109)

## No fixes (compared to v5.4.109)

## Test result summary
 total: 71104, pass: 59473, fail: 795, skip: 10620, xfail: 216,

## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 191 total, 190 passed, 1 failed
* arm64: 25 total, 25 passed, 0 failed
* dragonboard-410c: 1 total, 1 passed, 0 failed
* hi6220-hikey: 1 total, 1 passed, 0 failed
* i386: 14 total, 14 passed, 0 failed
* juno-r2: 1 total, 1 passed, 0 failed
* mips: 45 total, 45 passed, 0 failed
* parisc: 9 total, 9 passed, 0 failed
* powerpc: 27 total, 27 passed, 0 failed
* riscv: 21 total, 21 passed, 0 failed
* s390: 9 total, 9 passed, 0 failed
* sh: 18 total, 18 passed, 0 failed
* sparc: 9 total, 9 passed, 0 failed
* x15: 1 total, 1 passed, 0 failed
* x86: 1 total, 1 passed, 0 failed
* x86_64: 25 total, 25 passed, 0 failed

## Test suites summary
* fwts
* igt-gpu-tools
* install-android-platform-tools-r2600
* kselftest-android
* kselftest-bpf
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-efivarfs
* kselftest-filesystems
* kselftest-firmware
* kselftest-fpu
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-lkdtm
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-vm
* kselftest-x86
* kselftest-zram
* kvm-unit-tests
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* perf
* rcutorture
* ssuite
* v4l2-compliance

--
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 84+ messages in thread

* Re: [PATCH 5.4 00/74] 5.4.110-rc1 review
  2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2021-04-06  3:42 ` Naresh Kamboju
@ 2021-04-06  7:12 ` Samuel Zou
  78 siblings, 0 replies; 84+ messages in thread
From: Samuel Zou @ 2021-04-06  7:12 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
	jonathanh, f.fainelli, stable



On 2021/4/5 16:53, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.110 release.
> There are 74 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed, 07 Apr 2021 08:50:09 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.110-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Tested on arm64 and x86 for 5.4.110-rc1,

Kernel repo:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Branch: linux-5.4.y
Version: 5.4.110-rc1
Commit: c6f7c5a01d5a9e0d0cfb721249d5378de5f00310
Compiler: gcc version 7.3.0 (GCC)

arm64:
--------------------------------------------------------------------
Testcase Result Summary:
total: 4720
passed: 4720
failed: 0
timeout: 0
--------------------------------------------------------------------

x86:
--------------------------------------------------------------------
Testcase Result Summary:
total: 4720
passed: 4720
failed: 0
timeout: 0
--------------------------------------------------------------------

Tested-by: Hulk Robot <hulkrobot@huawei.com>


^ permalink raw reply	[flat|nested] 84+ messages in thread

end of thread, other threads:[~2021-04-06  7:12 UTC | newest]

Thread overview: 84+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-05  8:53 [PATCH 5.4 00/74] 5.4.110-rc1 review Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 01/74] selinux: vsock: Set SID for socket returned by accept() Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 02/74] ipv6: weaken the v4mapped source check Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 03/74] module: merge repetitive strings in module_sig_check() Greg Kroah-Hartman
2021-04-05 13:35   ` Sergey Shtylyov
2021-04-05 13:40     ` Greg Kroah-Hartman
2021-04-05 14:11       ` Sergey Shtylyov
2021-04-05 16:14         ` Sasha Levin
2021-04-05  8:53 ` [PATCH 5.4 04/74] module: avoid *goto*s " Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 05/74] module: harden ELF info handling Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 06/74] ext4: shrink race window in ext4_should_retry_alloc() Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 07/74] ext4: fix bh ref count on error paths Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 08/74] fs: nfsd: fix kconfig dependency warning for NFSD_V4 Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 09/74] rpc: fix NULL dereference on kmalloc failure Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 10/74] iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 11/74] ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 12/74] ASoC: rt5651: " Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 13/74] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 14/74] ASoC: es8316: Simplify adc_pga_gain_tlv table Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 15/74] ASoC: cs42l42: Fix Bitclock polarity inversion Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 16/74] ASoC: cs42l42: Fix channel width support Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 17/74] ASoC: cs42l42: Fix mixer volume control Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 18/74] ASoC: cs42l42: Always wait at least 3ms after reset Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 19/74] NFSD: fix error handling in NFSv4.0 callbacks Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 20/74] powerpc: Force inlining of cpu_has_feature() to avoid build failure Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 21/74] vhost: Fix vhost_vq_reset() Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 22/74] scsi: st: Fix a use after free in st_open() Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 23/74] scsi: qla2xxx: Fix broken #endif placement Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 24/74] staging: comedi: cb_pcidas: fix request_irq() warn Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 25/74] staging: comedi: cb_pcidas64: " Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 26/74] ASoC: rt5659: Update MCLK rate in set_sysclk() Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 27/74] thermal/core: Add NULL pointer check before using cooling device stats Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 28/74] locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 29/74] ext4: do not iput inode under running transaction in ext4_rename() Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 30/74] net: mvpp2: fix interrupt mask/unmask skip condition Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 31/74] flow_dissector: fix TTL and TOS dissection on IPv4 fragments Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 32/74] can: dev: move driver related infrastructure into separate subdir Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 33/74] net: introduce CAN specific pointer in the struct net_device Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 34/74] can: tcan4x5x: fix max register value Greg Kroah-Hartman
2021-04-05  8:53 ` [PATCH 5.4 35/74] brcmfmac: clear EAP/association status bits on linkdown events Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 36/74] ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 37/74] net: ethernet: aquantia: Handle error cleanup of start on open Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 38/74] appletalk: Fix skb allocation size in loopback case Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 39/74] net: wan/lmc: unregister device when no matching device is found Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 40/74] bpf: Remove MTU check in __bpf_skb_max_len Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 41/74] ALSA: usb-audio: Apply sample rate quirk to Logitech Connect Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 42/74] ALSA: hda: Re-add dropped snd_poewr_change_state() calls Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 43/74] ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 44/74] ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 45/74] ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 46/74] xtensa: move coprocessor_flush to the .text section Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 47/74] PM: runtime: Fix race getting/putting suppliers at probe Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 48/74] PM: runtime: Fix ordering in pm_runtime_get_suppliers() Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 49/74] tracing: Fix stack trace event size Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 50/74] mm: fix race by making init_zero_pfn() early_initcall Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 51/74] drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 52/74] drm/amdgpu: check alignment on CPU page for bo map Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 53/74] reiserfs: update reiserfs_xattrs_initialized() condition Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 54/74] drm/tegra: sor: Grab runtime PM reference across reset Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 55/74] vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 56/74] pinctrl: rockchip: fix restore error in resume Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 57/74] extcon: Add stubs for extcon_register_notifier_all() functions Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 58/74] extcon: Fix error handling in extcon_dev_register Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 59/74] firewire: nosy: Fix a use-after-free bug in nosy_ioctl() Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 60/74] usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 61/74] USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 62/74] usb: musb: Fix suspend with devices connected for a64 Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 63/74] usb: xhci-mtk: fix broken streams issue on 0.96 xHCI Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 64/74] cdc-acm: fix BREAK rx code path adding necessary calls Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 65/74] USB: cdc-acm: untangle a circular dependency between callback and softint Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 66/74] USB: cdc-acm: downgrade message to debug Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 67/74] USB: cdc-acm: fix double free on probe failure Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 68/74] USB: cdc-acm: fix use-after-free after " Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 69/74] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 70/74] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 71/74] usb: dwc2: Prevent core suspend when port connection flag is 0 Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 72/74] staging: rtl8192e: Fix incorrect source in memcpy() Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 73/74] staging: rtl8192e: Change state information from u16 to u8 Greg Kroah-Hartman
2021-04-05  8:54 ` [PATCH 5.4 74/74] drivers: video: fbcon: fix NULL dereference in fbcon_cursor() Greg Kroah-Hartman
2021-04-05 16:51 ` [PATCH 5.4 00/74] 5.4.110-rc1 review Florian Fainelli
2021-04-05 17:58 ` Guenter Roeck
2021-04-06  0:29 ` Shuah Khan
2021-04-06  3:42 ` Naresh Kamboju
2021-04-06  7:12 ` Samuel Zou

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).