* [PATCH 4.19 000/267] 4.19.129-rc1 review
@ 2020-06-19 14:29 Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 001/267] ipv6: fix IPV6_ADDRFORM operation logic Greg Kroah-Hartman
` (268 more replies)
0 siblings, 269 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 4.19.129 release.
There are 267 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sun, 21 Jun 2020 14:15:50 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.129-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.19.129-rc1
Adrian Hunter <adrian.hunter@intel.com>
perf symbols: Fix debuginfo search for Ubuntu
Masami Hiramatsu <mhiramat@kernel.org>
perf probe: Check address correctness by map instead of _etext
Masami Hiramatsu <mhiramat@kernel.org>
perf probe: Fix to check blacklist address correctly
Masami Hiramatsu <mhiramat@kernel.org>
perf probe: Do not show the skipped events
H. Nikolaus Schaller <hns@goldelico.com>
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
Miquel Raynal <miquel.raynal@bootlin.com>
mtd: rawnand: pasemi: Fix the probe error path
Álvaro Fernández Rojas <noltari@gmail.com>
mtd: rawnand: brcmnand: fix hamming oob layout
NeilBrown <neilb@suse.de>
sunrpc: clean up properly in gss_mech_unregister()
NeilBrown <neilb@suse.de>
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
Masahiro Yamada <masahiroy@kernel.org>
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
Michael Ellerman <mpe@ellerman.id.au>
drivers/macintosh: Fix memleak in windfarm_pm112 driver
Jonathan Bakker <xc-racer2@live.ca>
ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries
Ludovic Desroches <ludovic.desroches@microchip.com>
ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin
Marek Szyprowski <m.szyprowski@samsung.com>
ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus
Dmitry Osipenko <digetx@gmail.com>
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
Douglas Anderson <dianders@chromium.org>
kernel/cpu_pm: Fix uninitted local in cpu_pm
Mikulas Patocka <mpatocka@redhat.com>
alpha: fix memory barriers so that they conform to the specification
Eric Biggers <ebiggers@google.com>
dm crypt: avoid truncating the logical block size
Al Viro <viro@zeniv.linux.org.uk>
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
Al Viro <viro@zeniv.linux.org.uk>
sparc32: fix register window handling in genregs32_[gs]et()
Wei Yongjun <weiyongjun1@huawei.com>
gnss: sirf: fix error return code in sirf_probe()
Jonathan Bakker <xc-racer2@live.ca>
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
Jonathan Bakker <xc-racer2@live.ca>
pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210
Anders Roxell <anders.roxell@linaro.org>
power: vexpress: add suppress_bind_attrs to true
Kai-Heng Feng <kai.heng.feng@canonical.com>
igb: Report speed and duplex as unknown when device is runtime suspended
Tomi Valkeinen <tomi.valkeinen@ti.com>
media: ov5640: fix use of destroyed mutex
Larry Finger <Larry.Finger@lwfinger.net>
b43_legacy: Fix connection problem with WPA3
Larry Finger <Larry.Finger@lwfinger.net>
b43: Fix connection problem with WPA3
Larry Finger <Larry.Finger@lwfinger.net>
b43legacy: Fix case where channel status is corrupted
Michał Mirosław <mirq-linux@rere.qmqm.pl>
Bluetooth: hci_bcm: fix freeing not-requested IRQ
Chuhong Yuan <hslester96@gmail.com>
media: go7007: fix a miss of snd_card_free
Christian Lamparter <chunkeey@gmail.com>
carl9170: remove P2P_GO support
Punit Agrawal <punit1.agrawal@toshiba.co.jp>
e1000e: Relax condition to trigger reset for ME workaround
Kai-Heng Feng <kai.heng.feng@canonical.com>
e1000e: Disable TSO for buffer overrun workaround
Ashok Raj <ashok.raj@intel.com>
PCI: Program MPS for RCiEP devices
Roberto Sassu <roberto.sassu@huawei.com>
ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
Filipe Manana <fdmanana@suse.com>
btrfs: fix wrong file range cleanup after an error filling dealloc range
Omar Sandoval <osandov@fb.com>
btrfs: fix error handling when submitting direct I/O bio
Abhishek Sahu <abhsahu@nvidia.com>
PCI: Generalize multi-function power dependency device links
Bjorn Helgaas <bhelgaas@google.com>
PCI: Unify ACS quirk desired vs provided checking
Bjorn Helgaas <bhelgaas@google.com>
PCI: Make ACS quirk implementations more uniform
Kai-Heng Feng <kai.heng.feng@canonical.com>
serial: 8250_pci: Move Pericom IDs to pci_ids.h
Tiezhu Yang <yangtiezhu@loongson.cn>
PCI: Add Loongson vendor ID
Yazen Ghannam <yazen.ghannam@amd.com>
x86/amd_nb: Add Family 19h PCI IDs
Jon Derrick <jonathan.derrick@intel.com>
PCI: vmd: Add device id for VMD device 8086:9A0B
Jonathan Chocron <jonnyc@amazon.com>
PCI: Add Amazon's Annapurna Labs vendor ID
Ben Chuang <ben.chuang@genesyslogic.com.tw>
PCI: Add Genesys Logic, Inc. Vendor ID
Tim Blechmann <tim@klingt.org>
ALSA: lx6464es - add support for LX6464ESe pci express variant
Marcel Bocu <marcel.p.bocu@gmail.com>
x86/amd_nb: Add PCI device IDs for family 17h, model 70h
Jianjun Wang <jianjun.wang@mediatek.com>
PCI: mediatek: Add controller support for MT7629
Lukas Wunner <lukas@wunner.de>
PCI: Enable NVIDIA HDA controllers
Abhishek Sahu <abhsahu@nvidia.com>
PCI: Add NVIDIA GPU multi-function power dependencies
Gustavo Pimentel <Gustavo.Pimentel@synopsys.com>
PCI: Add Synopsys endpoint EDDA Device ID
Kishon Vijay Abraham I <kishon@ti.com>
misc: pci_endpoint_test: Add support to test PCI EP in AM654x
Xiaowei Bao <xiaowei.bao@nxp.com>
misc: pci_endpoint_test: Add the layerscape EP device support
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
PCI: Move Rohm Vendor ID to generic list
Thinh Nguyen <thinh.nguyen@synopsys.com>
PCI: Move Synopsys HAPS platform device IDs
Heiner Kallweit <hkallweit1@gmail.com>
PCI: add USR vendor id and use it in r8169 and w6692 driver
Woods, Brian <Brian.Woods@amd.com>
x86/amd_nb: Add PCI device IDs for family 17h, model 30h
Woods, Brian <Brian.Woods@amd.com>
hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs
Corey Minyard <cminyard@mvista.com>
pci:ipmi: Move IPMI PCI class id defines to pci_ids.h
Jakub Kicinski <jakub.kicinski@netronome.com>
PCI: Remove unused NFP32xx IDs
Ashok Raj <ashok.raj@intel.com>
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
Abhinav Ratna <abhinav.ratna@broadcom.com>
PCI: Add ACS quirk for iProc PAXB
Kevin Buettner <kevinb@redhat.com>
PCI: Avoid FLR for AMD Starship USB 3.0
Marcos Scriven <marcos@scriven.org>
PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
Kai-Heng Feng <kai.heng.feng@canonical.com>
PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
Eric Biggers <ebiggers@google.com>
ext4: fix race between ext4_sync_parent() and rename()
Jeffle Xu <jefflexu@linux.alibaba.com>
ext4: fix error pointer dereference
Harshad Shirwadkar <harshadshirwadkar@gmail.com>
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
Roberto Sassu <roberto.sassu@huawei.com>
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
Roberto Sassu <roberto.sassu@huawei.com>
ima: Directly assign the ima_default_policy pointer to ima_rules
Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
ima: Fix ima digest hash table key calculation
Lichao Liu <liulichao@loongson.cn>
MIPS: CPU_LOONGSON2EF need software to maintain cache consistency
Pavel Tatashin <pasha.tatashin@soleen.com>
mm: initialize deferred pages with interrupts enabled
Andrea Arcangeli <aarcange@redhat.com>
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
Marcos Paulo de Souza <mpdesouza@suse.com>
btrfs: send: emit file capabilities after chown
Anand Jain <anand.jain@oracle.com>
btrfs: include non-missing as a qualifier for the latest_bdev
Daniel Axtens <dja@axtens.net>
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
Hans de Goede <hdegoede@redhat.com>
platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type
Nickolai Kozachenko <daemongloom@gmail.com>
platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
Qiushi Wu <wu000273@umn.edu>
cpuidle: Fix three reference count leaks
Serge Semin <Sergey.Semin@baikalelectronics.ru>
spi: dw: Return any value retrieved from the dma_transfer callback
Haibo Chen <haibo.chen@nxp.com>
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
Xie XiuQi <xiexiuqi@huawei.com>
ixgbe: fix signed-integer-overflow warning
Ulf Hansson <ulf.hansson@linaro.org>
mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
Ulf Hansson <ulf.hansson@linaro.org>
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
Coly Li <colyli@suse.de>
bcache: fix refcount underflow in bcache_device_free()
YuanJunQing <yuanjunqing66@163.com>
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
Jiaxun Yang <jiaxun.yang@flygoat.com>
PCI: Don't disable decoding when mmio_always_on is set
Alexander Sverdlin <alexander.sverdlin@nokia.com>
macvlan: Skip loopback packets in RX handler
Fugang Duan <fugang.duan@nxp.com>
net: ethernet: fec: move GPR register offset and bit into DT
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup
Finn Thain <fthain@telegraphics.com.au>
m68k: mac: Don't call via_flush_cache() on Mac IIfx
Arvind Sankar <nivedita@alum.mit.edu>
x86/mm: Stop printing BRK addresses
Nicolas Toromanoff <nicolas.toromanoff@st.com>
crypto: stm32/crc32 - fix multi-instance
Nicolas Toromanoff <nicolas.toromanoff@st.com>
crypto: stm32/crc32 - fix run-time self test issue.
Nicolas Toromanoff <nicolas.toromanoff@st.com>
crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
Serge Semin <Sergey.Semin@baikalelectronics.ru>
mips: Add udelay lpj numbers adjustment
Serge Semin <Sergey.Semin@baikalelectronics.ru>
mips: MAAR: Use more precise address mask
Arvind Sankar <nivedita@alum.mit.edu>
x86/boot: Correct relocation destination on old linkers
Pali Rohár <pali@kernel.org>
mwifiex: Fix memory corruption in dump_station
Dan Carpenter <dan.carpenter@oracle.com>
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
Erez Shitrit <erezsh@mellanox.com>
net/mlx5e: IPoIB, Drop multicast packets that this interface sent
Jesper Dangaard Brouer <brouer@redhat.com>
veth: Adjust hard_start offset on redirect XDP frames
Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
md: don't flush workqueue unconditionally in md_open
Ryder Lee <ryder.lee@mediatek.com>
mt76: avoid rx reorder buffer overflow
Bhupesh Sharma <bhsharma@redhat.com>
net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wcn36xx: Fix error handling path in 'wcn36xx_probe()'
Rakesh Pillai <pillair@codeaurora.org>
ath10k: Remove msdu from idr when management pkt send fails
Christoph Hellwig <hch@lst.de>
nvme: refine the Qemu Identify CNS quirk
Hans de Goede <hdegoede@redhat.com>
platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types
Hans de Goede <hdegoede@redhat.com>
platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there
Hans de Goede <hdegoede@redhat.com>
platform/x86: intel-vbtn: Split keymap into buttons and switches parts
Hans de Goede <hdegoede@redhat.com>
platform/x86: intel-vbtn: Use acpi_evaluate_integer()
Brian Foster <bfoster@redhat.com>
xfs: fix duplicate verification from xfs_qm_dqflush()
Brian Foster <bfoster@redhat.com>
xfs: reset buffer write failure state on successful completion
Daniel Thompson <daniel.thompson@linaro.org>
kgdb: Fix spurious true from in_dbg_master()
Serge Semin <Sergey.Semin@baikalelectronics.ru>
mips: cm: Fix an invalid error code of INTVN_*_ERR
Jiaxun Yang <jiaxun.yang@flygoat.com>
MIPS: Truncate link address into 32bit for 32bit kernel
Devulapally Shiva Krishna <shiva@chelsio.com>
Crypto/chcr: fix for ccm(aes) failed test
Darrick J. Wong <darrick.wong@oracle.com>
xfs: clean up the error handling in xfs_swap_extents
Jeremy Kerr <jk@ozlabs.org>
powerpc/spufs: fix copy_to_user while atomic
Yunjian Wang <wangyunjian@huawei.com>
net: allwinner: Fix use correct return type for ndo_start_xmit()
Dan Carpenter <dan.carpenter@oracle.com>
media: cec: silence shift wrapping warning in __cec_s_log_addrs()
Wei Yongjun <weiyongjun1@huawei.com>
net: lpc-enet: fix error return code in lpc_mii_init()
Shaokun Zhang <zhangshaokun@hisilicon.com>
drivers/perf: hisi: Fix typo in events attribute array
Peter Zijlstra <peterz@infradead.org>
sched/core: Fix illegal RCU from offline CPUs
Jann Horn <jannh@google.com>
exit: Move preemption fixup up, move blocking operations down
Nathan Chancellor <natechancellor@gmail.com>
lib/mpi: Fix 64-bit MIPS build with Clang
Doug Berger <opendmb@gmail.com>
net: bcmgenet: set Rx mode before starting netif
Andrii Nakryiko <andriin@fb.com>
selftests/bpf: Fix memory leak in extract_build_id()
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
Paul Moore <paul@paul-moore.com>
audit: fix a net reference leak in audit_list_rules_send()
Hans de Goede <hdegoede@redhat.com>
Bluetooth: btbcm: Add 2 missing models to subver tables
Tiezhu Yang <yangtiezhu@loongson.cn>
MIPS: Make sparse_init() using top-down allocation
Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
media: platform: fcp: Set appropriate DMA parameters
Colin Ian King <colin.king@canonical.com>
media: dvb: return -EREMOTEIO on i2c transfer failure.
Paul Moore <paul@paul-moore.com>
audit: fix a net reference leak in audit_send_reply()
Jitao Shi <jitao.shi@mediatek.com>
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
Kees Cook <keescook@chromium.org>
e1000: Distribute switch variables for initialization
Stephane Eranian <eranian@google.com>
tools api fs: Make xxx__mountpoint() more scalable
Jaehoon Chung <jh80.chung@samsung.com>
brcmfmac: fix wrong location to get firmware feature
Christoph Hellwig <hch@lst.de>
staging: android: ion: use vmap instead of vm_map_ram
Jia-Ju Bai <baijiaju1990@gmail.com>
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
Jon Doron <arilou@gmail.com>
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
Serge Semin <Sergey.Semin@baikalelectronics.ru>
spi: dw: Fix Rx-only DMA transfers
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
Sven Eckelmann <sven@narfation.org>
batman-adv: Revert "disable ethtool link speed detection when auto negotiation off"
Linus Walleij <linus.walleij@linaro.org>
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
Filipe Manana <fdmanana@suse.com>
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clocksource: dw_apb_timer_of: Fix missing clockevent timers
Serge Semin <Sergey.Semin@baikalelectronics.ru>
clocksource: dw_apb_timer: Make CPU-affiliation being optional
Serge Semin <Sergey.Semin@baikalelectronics.ru>
spi: dw: Enable interrupts in accordance with DMA xfer mode
Douglas Anderson <dianders@chromium.org>
kgdb: Prevent infinite recursive entries to the debugger
Douglas Anderson <dianders@chromium.org>
kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
Hsin-Yu Chao <hychao@chromium.org>
Bluetooth: Add SCO fallback for invalid LMP parameters error
Tiezhu Yang <yangtiezhu@loongson.cn>
MIPS: Loongson: Build ATI Radeon GPU driver as module
Jesper Dangaard Brouer <brouer@redhat.com>
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
Luke Nelson <lukenels@cs.washington.edu>
arm64: insn: Fix two bugs in encoding 32-bit logical immediates
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
spi: dw: Zero DMA Tx and Rx configurations on stack
Daniel Thompson <daniel.thompson@linaro.org>
arm64: cacheflush: Fix KGDB trap detection
Ard Biesheuvel <ardb@kernel.org>
efi/libstub/x86: Work around LLVM ELF quirk build regression
Arthur Kiyanovski <akiyano@amazon.com>
net: ena: fix error returning in ena_com_get_hash_function()
Mark Starovoytov <mstarovoitov@marvell.com>
net: atlantic: make hw_get_regs optional
Evan Green <evgreen@chromium.org>
spi: pxa2xx: Apply CS clk quirk to BXT
Julien Thierry <jthierry@redhat.com>
objtool: Ignore empty alternatives
Brad Love <brad@nextdimension.cc>
media: si2157: Better check for running tuner in init
Arnd Bergmann <arnd@arndb.de>
crypto: ccp -- don't "select" CONFIG_DMADEVICES
Bogdan Togorean <bogdan.togorean@analog.com>
drm: bridge: adv7511: Extend list of audio sample rates
Ard Biesheuvel <ardb@kernel.org>
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
Marc Zyngier <maz@kernel.org>
KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception
Juergen Gross <jgross@suse.com>
xen/pvcalls-back: test for errors when calling backend_connect()
Ulf Hansson <ulf.hansson@linaro.org>
mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
Ludovic Desroches <ludovic.desroches@microchip.com>
ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description
Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
Chris Wilson <chris@chris-wilson.co.uk>
agp/intel: Reinforce the barrier after GTT updates
Barret Rhoden <brho@google.com>
perf: Add cond_resched() to task_function_call()
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
fat: don't allow to mount if the FAT length == 0
Wang Hai <wanghai38@huawei.com>
mm/slub: fix a memory leak in sysfs_slab_add()
Ezequiel Garcia <ezequiel@collabora.com>
drm/vkms: Hold gem object while still in-use
Casey Schaufler <casey@schaufler-ca.com>
Smack: slab-out-of-bounds in vsscanf
Qiujun Huang <hqjagain@gmail.com>
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
Qiujun Huang <hqjagain@gmail.com>
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
Qiujun Huang <hqjagain@gmail.com>
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
Qiujun Huang <hqjagain@gmail.com>
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
Sumit Saxena <sumit.saxena@broadcom.com>
scsi: megaraid_sas: TM command refire leads to controller firmware crash
Marc Zyngier <maz@kernel.org>
KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
Xing Li <lixing@loongson.cn>
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
Xing Li <lixing@loongson.cn>
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
Sean Christopherson <sean.j.christopherson@intel.com>
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
Paolo Bonzini <pbonzini@redhat.com>
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
Paolo Bonzini <pbonzini@redhat.com>
KVM: nSVM: fix condition for filtering async PF
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
video: fbdev: w100fb: Fix a potential double free.
Eric W. Biederman <ebiederm@xmission.com>
proc: Use new_inode not new_inode_pseudo
Yuxuan Shui <yshuiv7@gmail.com>
ovl: initialize error in ovl_copy_xattr
tannerlove <tannerlove@google.com>
selftests/net: in rxtimestamp getopt_long needs terminating null entry
Longpeng(Mike) <longpeng2@huawei.com>
crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()
Longpeng(Mike) <longpeng2@huawei.com>
crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
Longpeng(Mike) <longpeng2@huawei.com>
crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
Lukas Wunner <lukas@wunner.de>
spi: pxa2xx: Fix runtime PM ref imbalance on probe error
Lubomir Rintel <lkundrak@v3.sk>
spi: pxa2xx: Balance runtime PM enable/disable on error
Lukas Wunner <lukas@wunner.de>
spi: bcm2835: Fix controller unregister order
Lukas Wunner <lukas@wunner.de>
spi: pxa2xx: Fix controller unregister order
Lukas Wunner <lukas@wunner.de>
spi: Fix controller unregister order
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
spi: No need to assign dummy value in spi_unregister_controller()
Anthony Steinhauser <asteinhauser@google.com>
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
Anthony Steinhauser <asteinhauser@google.com>
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
Thomas Lendacky <Thomas.Lendacky@amd.com>
x86/speculation: Add support for STIBP always-on preferred mode
Waiman Long <longman@redhat.com>
x86/speculation: Change misspelled STIPB to STIBP
Paolo Bonzini <pbonzini@redhat.com>
KVM: x86: only do L1TF workaround on affected processors
Sean Christopherson <sean.j.christopherson@intel.com>
KVM: x86/mmu: Consolidate "is MMIO SPTE" code
Kai Huang <kai.huang@linux.intel.com>
kvm: x86: Fix L1TF mitigation for shadow MMU
Eiichi Tsukata <eiichi.tsukata@nutanix.com>
KVM: x86: Fix APIC page invalidation race
Tony Luck <tony.luck@intel.com>
x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned
Michał Mirosław <mirq-linux@rere.qmqm.pl>
ALSA: pcm: disallow linking stream to itself
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
PM: runtime: clk: Fix clk_pm_runtime_get() error path
Justin Chen <justinpopo6@gmail.com>
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
Lukas Wunner <lukas@wunner.de>
spi: bcm2835aux: Fix controller unregister order
Lukas Wunner <lukas@wunner.de>
spi: dw: Fix controller unregister order
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
Tejun Heo <tj@kernel.org>
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPI: PM: Avoid using power resources if there are none for D0
Ard Biesheuvel <ardb@kernel.org>
ACPI: GED: add support for _Exx / _Lxx handler methods
Qiushi Wu <wu000273@umn.edu>
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
Qiushi Wu <wu000273@umn.edu>
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
Kai-Heng Feng <kai.heng.feng@canonical.com>
ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Fix inconsistent card PM state after resume
Hui Wang <hui.wang@canonical.com>
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
Chuhong Yuan <hslester96@gmail.com>
ALSA: es1688: Add the missed snd_card_free()
Ard Biesheuvel <ardb@kernel.org>
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
Hill Ma <maahiuzeon@gmail.com>
x86/reboot/quirks: Add MacBook6,1 reboot quirk
Anthony Steinhauser <asteinhauser@google.com>
x86/speculation: Prevent rogue cross-process SSBD shutdown
Xiaochun Lee <lixc17@lenovo.com>
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
Bob Haarman <inglorion@google.com>
x86_64: Fix jiffies ODR violation
Qu Wenruo <wqu@suse.com>
btrfs: tree-checker: Check level for leaves and nodes
Miklos Szeredi <mszeredi@redhat.com>
aio: fix async fsync creds
Waiman Long <longman@redhat.com>
mm: add kvfree_sensitive() for freeing sensitive data objects
Masami Hiramatsu <mhiramat@kernel.org>
perf probe: Accept the instance number of kretprobe event
Kim Phillips <kim.phillips@amd.com>
x86/cpu/amd: Make erratum #1054 a legacy erratum
Jason Gunthorpe <jgg@ziepe.ca>
RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
Masashi Honma <masashi.honma@gmail.com>
ath9k_htc: Silence undersized packet warnings
Cédric Le Goater <clg@kaod.org>
powerpc/xive: Clear the page tables for the ESB IO mapping
Thomas Falcon <tlfalcon@linux.ibm.com>
drivers/net/ibmvnic: Update VNIC protocol version reporting
Dennis Kadioglu <denk@eclipso.email>
Input: synaptics - add a second working PNP_ID for Lenovo T470s
Jens Axboe <axboe@kernel.dk>
sched/fair: Don't NUMA balance for kthreads
Fredrik Strupe <fredrik@strupe.net>
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
Stephan Gerhold <stephan@gerhold.net>
Input: mms114 - fix handling of mms345l
Su Kang Yin <cantona@cantona.net>
crypto: talitos - fix ECB and CBC algs ivsize
Qu Wenruo <wqu@suse.com>
btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
Anand Jain <anand.jain@oracle.com>
btrfs: merge btrfs_find_device and find_device
Christophe Leroy <christophe.leroy@c-s.fr>
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
Will Deacon <will.deacon@arm.com>
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
Stafford Horne <shorne@gmail.com>
arch/openrisc: Fix issues with access_ok()
Linus Torvalds <torvalds@linux-foundation.org>
Fix 'acccess_ok()' on alpha and SH
Linus Torvalds <torvalds@linux-foundation.org>
make 'user_access_begin()' do 'access_ok()'
Lorenz Bauer <lmb@cloudflare.com>
selftests: bpf: fix use of undeclared RET_IF macro
Willem de Bruijn <willemb@google.com>
tun: correct header offsets in napi frags mode
Ido Schimmel <idosch@mellanox.com>
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
Ido Schimmel <idosch@mellanox.com>
bridge: Avoid infinite loop when suppressing NS messages with invalid options
Vasily Averin <vvs@virtuozzo.com>
net_failover: fixed rollback in net_failover_open()
Hangbin Liu <liuhangbin@gmail.com>
ipv6: fix IPV6_ADDRFORM operation logic
-------------
Diffstat:
.../bindings/display/mediatek/mediatek,dpi.txt | 6 +
Documentation/virtual/kvm/api.txt | 2 +
Makefile | 17 +-
arch/alpha/include/asm/io.h | 74 ++++--
arch/alpha/include/asm/uaccess.h | 8 +-
arch/alpha/kernel/io.c | 60 ++++-
arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 4 +-
arch/arm/boot/dts/exynos4412-galaxy-s3.dtsi | 2 +-
arch/arm/boot/dts/s5pv210-aries.dtsi | 1 +
arch/arm/include/asm/kvm_host.h | 2 +
arch/arm/kernel/ptrace.c | 4 +-
arch/arm/mach-tegra/tegra.c | 4 +-
arch/arm/mm/proc-macros.S | 3 +-
arch/arm64/include/asm/cacheflush.h | 6 +-
arch/arm64/include/asm/kvm_host.h | 8 +-
arch/arm64/kernel/insn.c | 14 +-
arch/m68k/include/asm/mac_via.h | 1 +
arch/m68k/mac/config.c | 21 +-
arch/m68k/mac/via.c | 6 +-
arch/mips/Makefile | 13 +-
arch/mips/boot/compressed/Makefile | 2 +-
arch/mips/configs/loongson3_defconfig | 2 +-
arch/mips/include/asm/kvm_host.h | 6 +-
arch/mips/include/asm/mipsregs.h | 2 +-
arch/mips/kernel/genex.S | 6 +-
arch/mips/kernel/mips-cm.c | 6 +-
arch/mips/kernel/setup.c | 10 +
arch/mips/kernel/time.c | 70 ++++++
arch/mips/kernel/vmlinux.lds.S | 2 +-
arch/mips/mm/dma-noncoherent.c | 1 +
arch/openrisc/include/asm/uaccess.h | 8 +-
arch/powerpc/kernel/dt_cpu_ftrs.c | 8 +
arch/powerpc/kernel/prom.c | 19 ++
arch/powerpc/platforms/cell/spufs/file.c | 113 ++++++---
arch/powerpc/platforms/powernv/smp.c | 1 -
arch/powerpc/sysdev/xive/common.c | 5 +
arch/sh/include/asm/uaccess.h | 7 +-
arch/sparc/kernel/ptrace_32.c | 228 ++++++++----------
arch/sparc/kernel/ptrace_64.c | 17 +-
arch/x86/boot/compressed/head_32.S | 5 +-
arch/x86/boot/compressed/head_64.S | 1 +
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/nospec-branch.h | 1 +
arch/x86/include/asm/set_memory.h | 19 +-
arch/x86/include/asm/uaccess.h | 12 +-
arch/x86/kernel/amd_nb.c | 15 +-
arch/x86/kernel/cpu/amd.c | 3 +-
arch/x86/kernel/cpu/bugs.c | 94 +++++---
arch/x86/kernel/cpu/mcheck/mce.c | 11 +-
arch/x86/kernel/process.c | 28 +--
arch/x86/kernel/process.h | 2 +-
arch/x86/kernel/reboot.c | 8 +
arch/x86/kernel/time.c | 4 -
arch/x86/kernel/vmlinux.lds.S | 4 +-
arch/x86/kvm/mmu.c | 37 +--
arch/x86/kvm/svm.c | 6 +-
arch/x86/kvm/vmx.c | 2 +-
arch/x86/kvm/x86.c | 7 +-
arch/x86/mm/init.c | 2 -
arch/x86/pci/fixup.c | 4 +
drivers/acpi/cppc_acpi.c | 1 +
drivers/acpi/device_pm.c | 2 +-
drivers/acpi/evged.c | 22 +-
drivers/acpi/scan.c | 28 ++-
drivers/acpi/sysfs.c | 4 +-
drivers/bluetooth/btbcm.c | 2 +
drivers/bluetooth/hci_bcm.c | 5 +-
drivers/char/agp/intel-gtt.c | 4 +-
drivers/char/ipmi/ipmi_si_pci.c | 5 -
drivers/clk/clk.c | 6 +-
drivers/clocksource/dw_apb_timer.c | 5 +-
drivers/clocksource/dw_apb_timer_of.c | 6 +-
drivers/cpuidle/sysfs.c | 6 +-
drivers/crypto/cavium/nitrox/nitrox_main.c | 4 +-
drivers/crypto/ccp/Kconfig | 3 +-
drivers/crypto/chelsio/chcr_algo.c | 2 +-
drivers/crypto/stm32/stm32_crc32.c | 144 +++++++-----
drivers/crypto/talitos.c | 2 +-
drivers/crypto/virtio/virtio_crypto_algs.c | 21 +-
drivers/dma/pch_dma.c | 1 -
drivers/firmware/efi/efivars.c | 4 +-
drivers/firmware/efi/libstub/Makefile | 1 +
drivers/gnss/sirf.c | 8 +-
drivers/gpio/gpio-ml-ioh.c | 2 -
drivers/gpio/gpio-pch.c | 1 -
drivers/gpu/drm/bridge/adv7511/adv7511_audio.c | 12 +-
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 16 +-
drivers/gpu/drm/vkms/vkms_drv.h | 5 -
drivers/gpu/drm/vkms/vkms_gem.c | 11 +-
drivers/hwmon/k10temp.c | 9 +-
drivers/i2c/busses/i2c-eg20t.c | 1 -
drivers/infiniband/core/uverbs_main.c | 2 +
drivers/input/mouse/synaptics.c | 1 +
drivers/input/touchscreen/mms114.c | 12 +-
drivers/isdn/hardware/mISDN/w6692.c | 3 -
drivers/macintosh/windfarm_pm112.c | 21 +-
drivers/md/bcache/super.c | 7 +-
drivers/md/dm-crypt.c | 2 +-
drivers/md/md.c | 3 +-
drivers/media/cec/cec-adap.c | 8 +-
drivers/media/i2c/ov5640.c | 4 +-
drivers/media/platform/rcar-fcp.c | 5 +
drivers/media/tuners/si2157.c | 15 +-
drivers/media/usb/dvb-usb/dibusb-mb.c | 2 +-
drivers/media/usb/go7007/snd-go7007.c | 35 ++-
drivers/misc/pch_phub.c | 1 -
drivers/misc/pci_endpoint_test.c | 20 +-
drivers/mmc/core/sdio.c | 3 +-
drivers/mmc/host/meson-mx-sdio.c | 3 +
drivers/mmc/host/sdhci-esdhc-imx.c | 2 +-
drivers/mmc/host/sdhci-msm.c | 10 +-
drivers/mmc/host/via-sdmmc.c | 7 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 11 +-
drivers/mtd/nand/raw/pasemi_nand.c | 4 +-
drivers/net/ethernet/allwinner/sun4i-emac.c | 4 +-
drivers/net/ethernet/amazon/ena/ena_com.c | 6 +-
drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 6 +
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +
drivers/net/ethernet/freescale/fec_main.c | 24 +-
drivers/net/ethernet/ibm/ibmvnic.c | 8 +-
drivers/net/ethernet/intel/e1000/e1000_main.c | 4 +-
drivers/net/ethernet/intel/e1000e/e1000.h | 1 -
drivers/net/ethernet/intel/e1000e/netdev.c | 16 +-
drivers/net/ethernet/intel/igb/igb_ethtool.c | 3 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 2 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 15 +-
drivers/net/ethernet/nxp/lpc_eth.c | 3 +-
.../net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 7 +-
drivers/net/ethernet/qlogic/qede/qede.h | 2 +
drivers/net/ethernet/qlogic/qede/qede_main.c | 11 +-
drivers/net/ethernet/realtek/r8169.c | 2 +-
drivers/net/macvlan.c | 4 +
drivers/net/net_failover.c | 3 +-
drivers/net/tun.c | 12 +-
drivers/net/veth.c | 8 +-
drivers/net/vmxnet3/vmxnet3_ethtool.c | 2 +
drivers/net/vxlan.c | 4 +
drivers/net/wireless/ath/ath10k/mac.c | 3 +
drivers/net/wireless/ath/ath10k/wmi-ops.h | 10 +
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 15 ++
drivers/net/wireless/ath/ath9k/hif_usb.c | 58 +++--
drivers/net/wireless/ath/ath9k/hif_usb.h | 6 +
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 10 +-
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 +-
drivers/net/wireless/ath/ath9k/htc_hst.c | 3 +
drivers/net/wireless/ath/ath9k/wmi.c | 5 +-
drivers/net/wireless/ath/ath9k/wmi.h | 3 +-
drivers/net/wireless/ath/carl9170/fw.c | 4 +-
drivers/net/wireless/ath/carl9170/main.c | 21 +-
drivers/net/wireless/ath/wcn36xx/main.c | 6 +-
drivers/net/wireless/broadcom/b43/main.c | 2 +-
drivers/net/wireless/broadcom/b43legacy/main.c | 1 +
drivers/net/wireless/broadcom/b43legacy/xmit.c | 1 +
.../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 +-
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 14 +-
drivers/net/wireless/mediatek/mt76/agg-rx.c | 8 +-
drivers/net/wireless/mediatek/mt76/mt76.h | 6 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 8 +-
drivers/nvme/host/core.c | 16 +-
drivers/pci/controller/pcie-mediatek.c | 18 ++
drivers/pci/controller/vmd.c | 2 +
drivers/pci/probe.c | 24 +-
drivers/pci/quirks.c | 260 ++++++++++++++++-----
drivers/perf/hisilicon/hisi_uncore_hha_pmu.c | 2 +-
drivers/pinctrl/samsung/pinctrl-exynos.c | 82 +++++--
drivers/platform/x86/hp-wmi.c | 10 +-
drivers/platform/x86/intel-hid.c | 7 +
drivers/platform/x86/intel-vbtn.c | 75 ++++--
drivers/power/reset/vexpress-poweroff.c | 1 +
drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 +-
drivers/spi/spi-bcm-qspi.c | 8 +-
drivers/spi/spi-bcm2835.c | 4 +-
drivers/spi/spi-bcm2835aux.c | 4 +-
drivers/spi/spi-dw-mid.c | 16 +-
drivers/spi/spi-dw.c | 12 +-
drivers/spi/spi-pxa2xx.c | 12 +-
drivers/spi/spi-topcliff-pch.c | 1 -
drivers/spi/spi.c | 4 +-
drivers/staging/android/ion/ion_heap.c | 4 +-
drivers/staging/greybus/sdio.c | 10 +-
drivers/tty/serial/8250/8250_pci.c | 6 -
drivers/tty/serial/pch_uart.c | 2 -
drivers/usb/dwc3/dwc3-haps.c | 4 -
drivers/usb/gadget/udc/pch_udc.c | 1 -
drivers/video/fbdev/w100fb.c | 2 +
drivers/w1/masters/omap_hdq.c | 10 +-
drivers/xen/pvcalls-back.c | 3 +-
fs/aio.c | 8 +
fs/btrfs/dev-replace.c | 8 +-
fs/btrfs/disk-io.c | 10 +
fs/btrfs/file-item.c | 6 +-
fs/btrfs/inode.c | 10 +-
fs/btrfs/ioctl.c | 5 +-
fs/btrfs/qgroup.c | 14 ++
fs/btrfs/scrub.c | 4 +-
fs/btrfs/send.c | 67 ++++++
fs/btrfs/tree-checker.c | 20 ++
fs/btrfs/volumes.c | 86 +++----
fs/btrfs/volumes.h | 4 +-
fs/ext4/ext4_extents.h | 9 +-
fs/ext4/fsync.c | 28 ++-
fs/ext4/xattr.c | 7 +-
fs/fat/inode.c | 6 +
fs/fs-writeback.c | 1 +
fs/nilfs2/segment.c | 2 +
fs/overlayfs/copy_up.c | 2 +-
fs/proc/inode.c | 2 +-
fs/proc/self.c | 2 +-
fs/proc/thread_self.c | 2 +-
fs/xfs/xfs_bmap_util.c | 2 +-
fs/xfs/xfs_buf.c | 8 +-
fs/xfs/xfs_dquot.c | 9 +-
include/linux/kgdb.h | 2 +-
include/linux/kvm_host.h | 4 +-
include/linux/mm.h | 1 +
include/linux/mmzone.h | 2 +
include/linux/pci_ids.h | 36 ++-
include/linux/sched/mm.h | 2 +
include/linux/set_memory.h | 2 +-
include/linux/string.h | 60 ++++-
include/linux/sunrpc/gss_api.h | 1 +
include/linux/sunrpc/svcauth_gss.h | 3 +-
include/linux/uaccess.h | 2 +-
include/uapi/linux/kvm.h | 2 +
kernel/audit.c | 52 +++--
kernel/audit.h | 2 +-
kernel/auditfilter.c | 16 +-
kernel/compat.c | 6 +-
kernel/cpu.c | 18 +-
kernel/cpu_pm.c | 4 +-
kernel/debug/debug_core.c | 5 +
kernel/events/core.c | 23 +-
kernel/exit.c | 31 +--
kernel/sched/core.c | 5 +-
kernel/sched/fair.c | 2 +-
lib/mpi/longlong.h | 2 +-
lib/strncpy_from_user.c | 23 +-
lib/strnlen_user.c | 23 +-
mm/huge_memory.c | 31 ++-
mm/page_alloc.c | 19 +-
mm/slub.c | 4 +-
mm/util.c | 18 ++
net/batman-adv/bat_v_elp.c | 15 +-
net/bluetooth/hci_event.c | 1 +
net/bridge/br_arp_nd_proxy.c | 4 +
net/ipv6/ipv6_sockglue.c | 13 +-
net/netfilter/nft_nat.c | 4 +-
net/sunrpc/auth_gss/gss_mech_switch.c | 12 +-
net/sunrpc/auth_gss/svcauth_gss.c | 18 +-
security/integrity/evm/evm_crypto.c | 2 +-
security/integrity/ima/ima.h | 10 +-
security/integrity/ima/ima_crypto.c | 6 +-
security/integrity/ima/ima_init.c | 2 +-
security/integrity/ima/ima_policy.c | 3 +-
security/integrity/ima/ima_template_lib.c | 18 ++
security/keys/internal.h | 11 -
security/keys/keyctl.c | 16 +-
security/smack/smackfs.c | 10 +
sound/core/pcm_native.c | 5 +
sound/isa/es1688/es1688.c | 4 +-
sound/pci/hda/patch_realtek.c | 6 +
sound/pci/lx6464es/lx6464es.c | 8 +
sound/usb/card.c | 19 +-
sound/usb/quirks-table.h | 20 ++
sound/usb/usbaudio.h | 2 +-
tools/lib/api/fs/fs.c | 17 ++
tools/lib/api/fs/fs.h | 12 +
tools/objtool/check.c | 6 +
tools/perf/builtin-probe.c | 3 +
tools/perf/util/dso.c | 16 ++
tools/perf/util/dso.h | 1 +
tools/perf/util/probe-event.c | 49 ++--
tools/perf/util/probe-finder.c | 1 +
tools/perf/util/symbol.c | 2 +
tools/testing/selftests/bpf/test_progs.c | 1 +
.../testing/selftests/bpf/test_select_reuseport.c | 8 +-
.../networking/timestamping/rxtimestamp.c | 1 +
virt/kvm/arm/aarch32.c | 28 +++
virt/kvm/kvm_main.c | 24 +-
280 files changed, 2442 insertions(+), 1172 deletions(-)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 001/267] ipv6: fix IPV6_ADDRFORM operation logic
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 002/267] net_failover: fixed rollback in net_failover_open() Greg Kroah-Hartman
` (267 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hangbin Liu, David S. Miller
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 79a1f0ccdbb4ad700590f61b00525b390cb53905 ]
Socket option IPV6_ADDRFORM supports UDP/UDPLITE and TCP at present.
Previously the checking logic looks like:
if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE)
do_some_check;
else if (sk->sk_protocol != IPPROTO_TCP)
break;
After commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation"), TCP
was blocked as the logic changed to:
if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE)
do_some_check;
else if (sk->sk_protocol == IPPROTO_TCP)
do_some_check;
break;
else
break;
Then after commit 82c9ae440857 ("ipv6: fix restrict IPV6_ADDRFORM operation")
UDP/UDPLITE were blocked as the logic changed to:
if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE)
do_some_check;
if (sk->sk_protocol == IPPROTO_TCP)
do_some_check;
if (sk->sk_protocol != IPPROTO_TCP)
break;
Fix it by using Eric's code and simply remove the break in TCP check, which
looks like:
if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE)
do_some_check;
else if (sk->sk_protocol == IPPROTO_TCP)
do_some_check;
else
break;
Fixes: 82c9ae440857 ("ipv6: fix restrict IPV6_ADDRFORM operation")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ipv6_sockglue.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -185,14 +185,15 @@ static int do_ipv6_setsockopt(struct soc
retv = -EBUSY;
break;
}
- }
- if (sk->sk_protocol == IPPROTO_TCP &&
- sk->sk_prot != &tcpv6_prot) {
- retv = -EBUSY;
+ } else if (sk->sk_protocol == IPPROTO_TCP) {
+ if (sk->sk_prot != &tcpv6_prot) {
+ retv = -EBUSY;
+ break;
+ }
+ } else {
break;
}
- if (sk->sk_protocol != IPPROTO_TCP)
- break;
+
if (sk->sk_state != TCP_ESTABLISHED) {
retv = -ENOTCONN;
break;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 002/267] net_failover: fixed rollback in net_failover_open()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 001/267] ipv6: fix IPV6_ADDRFORM operation logic Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 003/267] bridge: Avoid infinite loop when suppressing NS messages with invalid options Greg Kroah-Hartman
` (266 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vasily Averin, David S. Miller
From: Vasily Averin <vvs@virtuozzo.com>
[ Upstream commit e8224bfe77293494626f6eec1884fee7b87d0ced ]
found by smatch:
drivers/net/net_failover.c:65 net_failover_open() error:
we previously assumed 'primary_dev' could be null (see line 43)
Fixes: cfc80d9a1163 ("net: Introduce net_failover driver")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/net_failover.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/net_failover.c
+++ b/drivers/net/net_failover.c
@@ -62,7 +62,8 @@ static int net_failover_open(struct net_
return 0;
err_standby_open:
- dev_close(primary_dev);
+ if (primary_dev)
+ dev_close(primary_dev);
err_primary_open:
netif_tx_disable(dev);
return err;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 003/267] bridge: Avoid infinite loop when suppressing NS messages with invalid options
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 001/267] ipv6: fix IPV6_ADDRFORM operation logic Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 002/267] net_failover: fixed rollback in net_failover_open() Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 004/267] vxlan: " Greg Kroah-Hartman
` (265 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Alla Segal,
Nikolay Aleksandrov, David S. Miller
From: Ido Schimmel <idosch@mellanox.com>
[ Upstream commit 53fc685243bd6fb90d90305cea54598b78d3cbfc ]
When neighbor suppression is enabled the bridge device might reply to
Neighbor Solicitation (NS) messages on behalf of remote hosts.
In case the NS message includes the "Source link-layer address" option
[1], the bridge device will use the specified address as the link-layer
destination address in its reply.
To avoid an infinite loop, break out of the options parsing loop when
encountering an option with length zero and disregard the NS message.
This is consistent with the IPv6 ndisc code and RFC 4886 which states
that "Nodes MUST silently discard an ND packet that contains an option
with length zero" [2].
[1] https://tools.ietf.org/html/rfc4861#section-4.3
[2] https://tools.ietf.org/html/rfc4861#section-4.6
Fixes: ed842faeb2bd ("bridge: suppress nd pkts on BR_NEIGH_SUPPRESS ports")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: Alla Segal <allas@mellanox.com>
Tested-by: Alla Segal <allas@mellanox.com>
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/br_arp_nd_proxy.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/bridge/br_arp_nd_proxy.c
+++ b/net/bridge/br_arp_nd_proxy.c
@@ -277,6 +277,10 @@ static void br_nd_send(struct net_bridge
ns_olen = request->len - (skb_network_offset(request) +
sizeof(struct ipv6hdr)) - sizeof(*ns);
for (i = 0; i < ns_olen - 1; i += (ns->opt[i + 1] << 3)) {
+ if (!ns->opt[i + 1]) {
+ kfree_skb(reply);
+ return;
+ }
if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
break;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 004/267] vxlan: Avoid infinite loop when suppressing NS messages with invalid options
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 003/267] bridge: Avoid infinite loop when suppressing NS messages with invalid options Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 005/267] tun: correct header offsets in napi frags mode Greg Kroah-Hartman
` (264 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Nikolay Aleksandrov,
David S. Miller
From: Ido Schimmel <idosch@mellanox.com>
[ Upstream commit 8066e6b449e050675df48e7c4b16c29f00507ff0 ]
When proxy mode is enabled the vxlan device might reply to Neighbor
Solicitation (NS) messages on behalf of remote hosts.
In case the NS message includes the "Source link-layer address" option
[1], the vxlan device will use the specified address as the link-layer
destination address in its reply.
To avoid an infinite loop, break out of the options parsing loop when
encountering an option with length zero and disregard the NS message.
This is consistent with the IPv6 ndisc code and RFC 4886 which states
that "Nodes MUST silently discard an ND packet that contains an option
with length zero" [2].
[1] https://tools.ietf.org/html/rfc4861#section-4.3
[2] https://tools.ietf.org/html/rfc4861#section-4.6
Fixes: 4b29dba9c085 ("vxlan: fix nonfunctional neigh_reduce()")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/vxlan.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -1611,6 +1611,10 @@ static struct sk_buff *vxlan_na_create(s
ns_olen = request->len - skb_network_offset(request) -
sizeof(struct ipv6hdr) - sizeof(*ns);
for (i = 0; i < ns_olen-1; i += (ns->opt[i+1]<<3)) {
+ if (!ns->opt[i + 1]) {
+ kfree_skb(reply);
+ return NULL;
+ }
if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
break;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 005/267] tun: correct header offsets in napi frags mode
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 004/267] vxlan: " Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 006/267] selftests: bpf: fix use of undeclared RET_IF macro Greg Kroah-Hartman
` (263 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Willem de Bruijn, Petar Penkov,
David S. Miller
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f ]
Tun in IFF_NAPI_FRAGS mode calls napi_gro_frags. Unlike netif_rx and
netif_gro_receive, this expects skb->data to point to the mac layer.
But skb_probe_transport_header, __skb_get_hash_symmetric, and
xdp_do_generic in tun_get_user need skb->data to point to the network
header. Flow dissection also needs skb->protocol set, so
eth_type_trans has to be called.
Ensure the link layer header lies in linear as eth_type_trans pulls
ETH_HLEN. Then take the same code paths for frags as for not frags.
Push the link layer header back just before calling napi_gro_frags.
By pulling up to ETH_HLEN from frag0 into linear, this disables the
frag0 optimization in the special case when IFF_NAPI_FRAGS is used
with zero length iov[0] (and thus empty skb->linear).
Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Petar Penkov <ppenkov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/tun.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1870,8 +1870,11 @@ drop:
skb->dev = tun->dev;
break;
case IFF_TAP:
- if (!frags)
- skb->protocol = eth_type_trans(skb, tun->dev);
+ if (frags && !pskb_may_pull(skb, ETH_HLEN)) {
+ err = -ENOMEM;
+ goto drop;
+ }
+ skb->protocol = eth_type_trans(skb, tun->dev);
break;
}
@@ -1927,8 +1930,11 @@ drop:
}
if (frags) {
+ u32 headlen;
+
/* Exercise flow dissector code path. */
- u32 headlen = eth_get_headlen(skb->data, skb_headlen(skb));
+ skb_push(skb, ETH_HLEN);
+ headlen = eth_get_headlen(skb->data, skb_headlen(skb));
if (unlikely(headlen > skb_headlen(skb))) {
this_cpu_inc(tun->pcpu_stats->rx_dropped);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 006/267] selftests: bpf: fix use of undeclared RET_IF macro
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 005/267] tun: correct header offsets in napi frags mode Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 007/267] make user_access_begin() do access_ok() Greg Kroah-Hartman
` (262 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Greg Kroah-Hartman, kernel test robot, Lorenz Bauer
From: Lorenz Bauer <lmb@cloudflare.com>
commit 634efb750435 ("selftests: bpf: Reset global state between
reuseport test runs") uses a macro RET_IF which doesn't exist in
the v4.19 tree. It is defined as follows:
#define RET_IF(condition, tag, format...) ({
if (CHECK_FAIL(condition)) {
printf(tag " " format);
return;
}
})
CHECK_FAIL in turn is defined as:
#define CHECK_FAIL(condition) ({
int __ret = !!(condition);
int __save_errno = errno;
if (__ret) {
test__fail();
fprintf(stdout, "%s:FAIL:%d\n", __func__, __LINE__);
}
errno = __save_errno;
__ret;
})
Replace occurences of RET_IF with CHECK. This will abort the test binary
if clearing the intermediate state fails.
Fixes: 634efb750435 ("selftests: bpf: Reset global state between reuseport test runs")
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/bpf/test_select_reuseport.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/tools/testing/selftests/bpf/test_select_reuseport.c
+++ b/tools/testing/selftests/bpf/test_select_reuseport.c
@@ -616,13 +616,13 @@ static void cleanup_per_test(void)
for (i = 0; i < NR_RESULTS; i++) {
err = bpf_map_update_elem(result_map, &i, &zero, BPF_ANY);
- RET_IF(err, "reset elem in result_map",
- "i:%u err:%d errno:%d\n", i, err, errno);
+ CHECK(err, "reset elem in result_map",
+ "i:%u err:%d errno:%d\n", i, err, errno);
}
err = bpf_map_update_elem(linum_map, &zero, &zero, BPF_ANY);
- RET_IF(err, "reset line number in linum_map", "err:%d errno:%d\n",
- err, errno);
+ CHECK(err, "reset line number in linum_map", "err:%d errno:%d\n",
+ err, errno);
for (i = 0; i < REUSEPORT_ARRAY_SIZE; i++)
close(sk_fds[i]);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 007/267] make user_access_begin() do access_ok()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 006/267] selftests: bpf: fix use of undeclared RET_IF macro Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 008/267] Fix acccess_ok() on alpha and SH Greg Kroah-Hartman
` (261 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Miles Chen
From: Linus Torvalds <torvalds@linux-foundation.org>
commit 594cc251fdd0d231d342d88b2fdff4bc42fb0690 upstream.
Originally, the rule used to be that you'd have to do access_ok()
separately, and then user_access_begin() before actually doing the
direct (optimized) user access.
But experience has shown that people then decide not to do access_ok()
at all, and instead rely on it being implied by other operations or
similar. Which makes it very hard to verify that the access has
actually been range-checked.
If you use the unsafe direct user accesses, hardware features (either
SMAP - Supervisor Mode Access Protection - on x86, or PAN - Privileged
Access Never - on ARM) do force you to use user_access_begin(). But
nothing really forces the range check.
By putting the range check into user_access_begin(), we actually force
people to do the right thing (tm), and the range check vill be visible
near the actual accesses. We have way too long a history of people
trying to avoid them.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/uaccess.h | 12 +++++++++++-
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 16 ++++++++++++++--
include/linux/uaccess.h | 2 +-
kernel/compat.c | 6 ++----
kernel/exit.c | 6 ++----
lib/strncpy_from_user.c | 9 +++++----
lib/strnlen_user.c | 9 +++++----
7 files changed, 40 insertions(+), 20 deletions(-)
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -711,7 +711,17 @@ extern struct movsl_mask {
* checking before using them, but you have to surround them with the
* user_access_begin/end() pair.
*/
-#define user_access_begin() __uaccess_begin()
+static __must_check inline bool user_access_begin(int type,
+ const void __user *ptr,
+ size_t len)
+{
+ if (unlikely(!access_ok(type, ptr, len)))
+ return 0;
+ __uaccess_begin();
+ return 1;
+}
+
+#define user_access_begin(a, b, c) user_access_begin(a, b, c)
#define user_access_end() __uaccess_end()
#define unsafe_put_user(x, ptr, err_label) \
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -1604,7 +1604,9 @@ static int eb_copy_relocations(const str
* happened we would make the mistake of assuming that the
* relocations were valid.
*/
- user_access_begin();
+ if (!user_access_begin(VERIFY_WRITE, urelocs, size))
+ goto end_user;
+
for (copied = 0; copied < nreloc; copied++)
unsafe_put_user(-1,
&urelocs[copied].presumed_offset,
@@ -2649,7 +2651,17 @@ i915_gem_execbuffer2_ioctl(struct drm_de
unsigned int i;
/* Copy the new buffer offsets back to the user's exec list. */
- user_access_begin();
+ /*
+ * Note: count * sizeof(*user_exec_list) does not overflow,
+ * because we checked 'count' in check_buffer_count().
+ *
+ * And this range already got effectively checked earlier
+ * when we did the "copy_from_user()" above.
+ */
+ if (!user_access_begin(VERIFY_WRITE, user_exec_list,
+ count * sizeof(*user_exec_list)))
+ goto end_user;
+
for (i = 0; i < args->buffer_count; i++) {
if (!(exec2_list[i].offset & UPDATE))
continue;
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -267,7 +267,7 @@ extern long strncpy_from_unsafe(char *ds
probe_kernel_read(&retval, addr, sizeof(retval))
#ifndef user_access_begin
-#define user_access_begin() do { } while (0)
+#define user_access_begin(type, ptr, len) access_ok(type, ptr, len)
#define user_access_end() do { } while (0)
#define unsafe_get_user(x, ptr, err) do { if (unlikely(__get_user(x, ptr))) goto err; } while (0)
#define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0)
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -354,10 +354,9 @@ long compat_get_bitmap(unsigned long *ma
bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG);
nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size);
- if (!access_ok(VERIFY_READ, umask, bitmap_size / 8))
+ if (!user_access_begin(VERIFY_READ, umask, bitmap_size / 8))
return -EFAULT;
- user_access_begin();
while (nr_compat_longs > 1) {
compat_ulong_t l1, l2;
unsafe_get_user(l1, umask++, Efault);
@@ -384,10 +383,9 @@ long compat_put_bitmap(compat_ulong_t __
bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG);
nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size);
- if (!access_ok(VERIFY_WRITE, umask, bitmap_size / 8))
+ if (!user_access_begin(VERIFY_WRITE, umask, bitmap_size / 8))
return -EFAULT;
- user_access_begin();
while (nr_compat_longs > 1) {
unsigned long m = *mask++;
unsafe_put_user((compat_ulong_t)m, umask++, Efault);
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1617,10 +1617,9 @@ SYSCALL_DEFINE5(waitid, int, which, pid_
if (!infop)
return err;
- if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
+ if (!user_access_begin(VERIFY_WRITE, infop, sizeof(*infop)))
return -EFAULT;
- user_access_begin();
unsafe_put_user(signo, &infop->si_signo, Efault);
unsafe_put_user(0, &infop->si_errno, Efault);
unsafe_put_user(info.cause, &infop->si_code, Efault);
@@ -1745,10 +1744,9 @@ COMPAT_SYSCALL_DEFINE5(waitid,
if (!infop)
return err;
- if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop)))
+ if (!user_access_begin(VERIFY_WRITE, infop, sizeof(*infop)))
return -EFAULT;
- user_access_begin();
unsafe_put_user(signo, &infop->si_signo, Efault);
unsafe_put_user(0, &infop->si_errno, Efault);
unsafe_put_user(info.cause, &infop->si_code, Efault);
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -115,10 +115,11 @@ long strncpy_from_user(char *dst, const
kasan_check_write(dst, count);
check_object_size(dst, count, false);
- user_access_begin();
- retval = do_strncpy_from_user(dst, src, count, max);
- user_access_end();
- return retval;
+ if (user_access_begin(VERIFY_READ, src, max)) {
+ retval = do_strncpy_from_user(dst, src, count, max);
+ user_access_end();
+ return retval;
+ }
}
return -EFAULT;
}
--- a/lib/strnlen_user.c
+++ b/lib/strnlen_user.c
@@ -114,10 +114,11 @@ long strnlen_user(const char __user *str
unsigned long max = max_addr - src_addr;
long retval;
- user_access_begin();
- retval = do_strnlen_user(str, count, max);
- user_access_end();
- return retval;
+ if (user_access_begin(VERIFY_READ, str, max)) {
+ retval = do_strnlen_user(str, count, max);
+ user_access_end();
+ return retval;
+ }
}
return 0;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 008/267] Fix acccess_ok() on alpha and SH
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 007/267] make user_access_begin() do access_ok() Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 009/267] arch/openrisc: Fix issues with access_ok() Greg Kroah-Hartman
` (260 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matt Turner, Yoshinori Sato,
Linus Torvalds, Miles Chen, Guenter Roeck
From: Linus Torvalds <torvalds@linux-foundation.org>
commit 94bd8a05cd4de344a9a57e52ef7d99550251984f upstream.
Commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
broke both alpha and SH booting in qemu, as noticed by Guenter Roeck.
It turns out that the bug wasn't actually in that commit itself (which
would have been surprising: it was mostly a no-op), but in how the
addition of access_ok() to the strncpy_from_user() and strnlen_user()
functions now triggered the case where those functions would test the
access of the very last byte of the user address space.
The string functions actually did that user range test before too, but
they did it manually by just comparing against user_addr_max(). But
with user_access_begin() doing the check (using "access_ok()"), it now
exposed problems in the architecture implementations of that function.
For example, on alpha, the access_ok() helper macro looked like this:
#define __access_ok(addr, size) \
((get_fs().seg & (addr | size | (addr+size))) == 0)
and what it basically tests is of any of the high bits get set (the
USER_DS masking value is 0xfffffc0000000000).
And that's completely wrong for the "addr+size" check. Because it's
off-by-one for the case where we check to the very end of the user
address space, which is exactly what the strn*_user() functions do.
Why? Because "addr+size" will be exactly the size of the address space,
so trying to access the last byte of the user address space will fail
the __access_ok() check, even though it shouldn't. As a result, the
user string accessor functions failed consistently - because they
literally don't know how long the string is going to be, and the max
access is going to be that last byte of the user address space.
Side note: that alpha macro is buggy for another reason too - it re-uses
the arguments twice.
And SH has another version of almost the exact same bug:
#define __addr_ok(addr) \
((unsigned long __force)(addr) < current_thread_info()->addr_limit.seg)
so far so good: yes, a user address must be below the limit. But then:
#define __access_ok(addr, size) \
(__addr_ok((addr) + (size)))
is wrong with the exact same off-by-one case: the case when "addr+size"
is exactly _equal_ to the limit is actually perfectly fine (think "one
byte access at the last address of the user address space")
The SH version is actually seriously buggy in another way: it doesn't
actually check for overflow, even though it did copy the _comment_ that
talks about overflow.
So it turns out that both SH and alpha actually have completely buggy
implementations of access_ok(), but they happened to work in practice
(although the SH overflow one is a serious serious security bug, not
that anybody likely cares about SH security).
This fixes the problems by using a similar macro on both alpha and SH.
It isn't trying to be clever, the end address is based on this logic:
unsigned long __ao_end = __ao_a + __ao_b - !!__ao_b;
which basically says "add start and length, and then subtract one unless
the length was zero". We can't subtract one for a zero length, or we'd
just hit an underflow instead.
For a lot of access_ok() users the length is a constant, so this isn't
actually as expensive as it initially looks.
Reported-and-tested-by: Guenter Roeck <linux@roeck-us.net>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/include/asm/uaccess.h | 8 +++++---
arch/sh/include/asm/uaccess.h | 7 +++++--
2 files changed, 10 insertions(+), 5 deletions(-)
--- a/arch/alpha/include/asm/uaccess.h
+++ b/arch/alpha/include/asm/uaccess.h
@@ -30,11 +30,13 @@
* Address valid if:
* - "addr" doesn't have any high-bits set
* - AND "size" doesn't have any high-bits set
- * - AND "addr+size" doesn't have any high-bits set
+ * - AND "addr+size-(size != 0)" doesn't have any high-bits set
* - OR we are in kernel mode.
*/
-#define __access_ok(addr, size) \
- ((get_fs().seg & (addr | size | (addr+size))) == 0)
+#define __access_ok(addr, size) ({ \
+ unsigned long __ao_a = (addr), __ao_b = (size); \
+ unsigned long __ao_end = __ao_a + __ao_b - !!__ao_b; \
+ (get_fs().seg & (__ao_a | __ao_b | __ao_end)) == 0; })
#define access_ok(type, addr, size) \
({ \
--- a/arch/sh/include/asm/uaccess.h
+++ b/arch/sh/include/asm/uaccess.h
@@ -16,8 +16,11 @@
* sum := addr + size; carry? --> flag = true;
* if (sum >= addr_limit) flag = true;
*/
-#define __access_ok(addr, size) \
- (__addr_ok((addr) + (size)))
+#define __access_ok(addr, size) ({ \
+ unsigned long __ao_a = (addr), __ao_b = (size); \
+ unsigned long __ao_end = __ao_a + __ao_b - !!__ao_b; \
+ __ao_end >= __ao_a && __addr_ok(__ao_end); })
+
#define access_ok(type, addr, size) \
(__chk_user_ptr(addr), \
__access_ok((unsigned long __force)(addr), (size)))
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 009/267] arch/openrisc: Fix issues with access_ok()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 008/267] Fix acccess_ok() on alpha and SH Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 010/267] x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() Greg Kroah-Hartman
` (259 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Linus Torvalds,
Stafford Horne, Miles Chen
From: Stafford Horne <shorne@gmail.com>
commit 9cb2feb4d21d97386eb25c7b67e2793efcc1e70a upstream.
The commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
exposed incorrect implementations of access_ok() macro in several
architectures. This change fixes 2 issues found in OpenRISC.
OpenRISC was not properly using parenthesis for arguments and also using
arguments twice. This patch fixes those 2 issues.
I test booted this patch with v5.0-rc1 on qemu and it's working fine.
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/openrisc/include/asm/uaccess.h | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/arch/openrisc/include/asm/uaccess.h
+++ b/arch/openrisc/include/asm/uaccess.h
@@ -58,8 +58,12 @@
/* Ensure that addr is below task's addr_limit */
#define __addr_ok(addr) ((unsigned long) addr < get_fs())
-#define access_ok(type, addr, size) \
- __range_ok((unsigned long)addr, (unsigned long)size)
+#define access_ok(type, addr, size) \
+({ \
+ unsigned long __ao_addr = (unsigned long)(addr); \
+ unsigned long __ao_size = (unsigned long)(size); \
+ __range_ok(__ao_addr, __ao_size); \
+})
/*
* These are the main single-value transfer routines. They automatically
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 010/267] x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 009/267] arch/openrisc: Fix issues with access_ok() Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 011/267] lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() Greg Kroah-Hartman
` (258 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julien Thierry, Will Deacon,
Linus Torvalds, Miles Chen
From: Will Deacon <will.deacon@arm.com>
commit 6e693b3ffecb0b478c7050b44a4842854154f715 upstream.
Commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
makes the access_ok() check part of the user_access_begin() preceding a
series of 'unsafe' accesses. This has the desirable effect of ensuring
that all 'unsafe' accesses have been range-checked, without having to
pick through all of the callsites to verify whether the appropriate
checking has been made.
However, the consolidated range check does not inhibit speculation, so
it is still up to the caller to ensure that they are not susceptible to
any speculative side-channel attacks for user addresses that ultimately
fail the access_ok() check.
This is an oversight, so use __uaccess_begin_nospec() to ensure that
speculation is inhibited until the access_ok() check has passed.
Reported-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Miles Chen <miles.chen@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/uaccess.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -717,7 +717,7 @@ static __must_check inline bool user_acc
{
if (unlikely(!access_ok(type, ptr, len)))
return 0;
- __uaccess_begin();
+ __uaccess_begin_nospec();
return 1;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 011/267] lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 010/267] x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 012/267] btrfs: merge btrfs_find_device and find_device Greg Kroah-Hartman
` (257 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Linus Torvalds, Miles Chen
From: Christophe Leroy <christophe.leroy@c-s.fr>
commit ab10ae1c3bef56c29bac61e1201c752221b87b41 upstream.
The range passed to user_access_begin() by strncpy_from_user() and
strnlen_user() starts at 'src' and goes up to the limit of userspace
although reads will be limited by the 'count' param.
On 32 bits powerpc (book3s/32) access has to be granted for each
256Mbytes segment and the cost increases with the number of segments to
unlock.
Limit the range with 'count' param.
Fixes: 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/strncpy_from_user.c | 14 +++++++-------
lib/strnlen_user.c | 14 +++++++-------
2 files changed, 14 insertions(+), 14 deletions(-)
--- a/lib/strncpy_from_user.c
+++ b/lib/strncpy_from_user.c
@@ -29,13 +29,6 @@ static inline long do_strncpy_from_user(
const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
unsigned long res = 0;
- /*
- * Truncate 'max' to the user-specified limit, so that
- * we only have one limit we need to check in the loop
- */
- if (max > count)
- max = count;
-
if (IS_UNALIGNED(src, dst))
goto byte_at_a_time;
@@ -113,6 +106,13 @@ long strncpy_from_user(char *dst, const
unsigned long max = max_addr - src_addr;
long retval;
+ /*
+ * Truncate 'max' to the user-specified limit, so that
+ * we only have one limit we need to check in the loop
+ */
+ if (max > count)
+ max = count;
+
kasan_check_write(dst, count);
check_object_size(dst, count, false);
if (user_access_begin(VERIFY_READ, src, max)) {
--- a/lib/strnlen_user.c
+++ b/lib/strnlen_user.c
@@ -32,13 +32,6 @@ static inline long do_strnlen_user(const
unsigned long c;
/*
- * Truncate 'max' to the user-specified limit, so that
- * we only have one limit we need to check in the loop
- */
- if (max > count)
- max = count;
-
- /*
* Do everything aligned. But that means that we
* need to also expand the maximum..
*/
@@ -114,6 +107,13 @@ long strnlen_user(const char __user *str
unsigned long max = max_addr - src_addr;
long retval;
+ /*
+ * Truncate 'max' to the user-specified limit, so that
+ * we only have one limit we need to check in the loop
+ */
+ if (max > count)
+ max = count;
+
if (user_access_begin(VERIFY_READ, str, max)) {
retval = do_strnlen_user(str, count, max);
user_access_end();
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 012/267] btrfs: merge btrfs_find_device and find_device
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 011/267] lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 013/267] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Greg Kroah-Hartman
` (256 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anand Jain, David Sterba, Vikash Bansal
From: Anand Jain <anand.jain@oracle.com>
commit 09ba3bc9dd150457c506e4661380a6183af651c1 upstream.
Both btrfs_find_device() and find_device() does the same thing except
that the latter does not take the seed device onto account in the device
scanning context. We can merge them.
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[4.19.y backport notes:
Vikash : - To apply this patch, a portion of commit e4319cd9cace
was used to change the first argument of function
"btrfs_find_device" from "struct btrfs_fs_info" to
"struct btrfs_fs_devices".
Signed-off-by: Vikash Bansal <bvikas@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/dev-replace.c | 8 ++--
fs/btrfs/ioctl.c | 5 +-
fs/btrfs/scrub.c | 4 +-
fs/btrfs/volumes.c | 84 ++++++++++++++++++++++++-------------------------
fs/btrfs/volumes.h | 4 +-
5 files changed, 53 insertions(+), 52 deletions(-)
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -112,11 +112,11 @@ no_valid_dev_replace_entry_found:
break;
case BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED:
case BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED:
- dev_replace->srcdev = btrfs_find_device(fs_info, src_devid,
- NULL, NULL);
- dev_replace->tgtdev = btrfs_find_device(fs_info,
+ dev_replace->srcdev = btrfs_find_device(fs_info->fs_devices,
+ src_devid, NULL, NULL, true);
+ dev_replace->tgtdev = btrfs_find_device(fs_info->fs_devices,
BTRFS_DEV_REPLACE_DEVID,
- NULL, NULL);
+ NULL, NULL, true);
/*
* allow 'btrfs dev replace_cancel' if src/tgt device is
* missing
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1642,7 +1642,7 @@ static noinline int btrfs_ioctl_resize(s
btrfs_info(fs_info, "resizing devid %llu", devid);
}
- device = btrfs_find_device(fs_info, devid, NULL, NULL);
+ device = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL, true);
if (!device) {
btrfs_info(fs_info, "resizer unable to find device %llu",
devid);
@@ -3178,7 +3178,8 @@ static long btrfs_ioctl_dev_info(struct
s_uuid = di_args->uuid;
rcu_read_lock();
- dev = btrfs_find_device(fs_info, di_args->devid, s_uuid, NULL);
+ dev = btrfs_find_device(fs_info->fs_devices, di_args->devid, s_uuid,
+ NULL, true);
if (!dev) {
ret = -ENODEV;
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -3835,7 +3835,7 @@ int btrfs_scrub_dev(struct btrfs_fs_info
return PTR_ERR(sctx);
mutex_lock(&fs_info->fs_devices->device_list_mutex);
- dev = btrfs_find_device(fs_info, devid, NULL, NULL);
+ dev = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL, true);
if (!dev || (test_bit(BTRFS_DEV_STATE_MISSING, &dev->dev_state) &&
!is_dev_replace)) {
mutex_unlock(&fs_info->fs_devices->device_list_mutex);
@@ -4019,7 +4019,7 @@ int btrfs_scrub_progress(struct btrfs_fs
struct scrub_ctx *sctx = NULL;
mutex_lock(&fs_info->fs_devices->device_list_mutex);
- dev = btrfs_find_device(fs_info, devid, NULL, NULL);
+ dev = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL, true);
if (dev)
sctx = dev->scrub_ctx;
if (sctx)
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -347,27 +347,6 @@ static struct btrfs_device *__alloc_devi
return dev;
}
-/*
- * Find a device specified by @devid or @uuid in the list of @fs_devices, or
- * return NULL.
- *
- * If devid and uuid are both specified, the match must be exact, otherwise
- * only devid is used.
- */
-static struct btrfs_device *find_device(struct btrfs_fs_devices *fs_devices,
- u64 devid, const u8 *uuid)
-{
- struct btrfs_device *dev;
-
- list_for_each_entry(dev, &fs_devices->devices, dev_list) {
- if (dev->devid == devid &&
- (!uuid || !memcmp(dev->uuid, uuid, BTRFS_UUID_SIZE))) {
- return dev;
- }
- }
- return NULL;
-}
-
static noinline struct btrfs_fs_devices *find_fsid(u8 *fsid)
{
struct btrfs_fs_devices *fs_devices;
@@ -772,8 +751,8 @@ static noinline struct btrfs_device *dev
device = NULL;
} else {
mutex_lock(&fs_devices->device_list_mutex);
- device = find_device(fs_devices, devid,
- disk_super->dev_item.uuid);
+ device = btrfs_find_device(fs_devices, devid,
+ disk_super->dev_item.uuid, NULL, false);
}
if (!device) {
@@ -2144,7 +2123,8 @@ static int btrfs_find_device_by_path(str
disk_super = (struct btrfs_super_block *)bh->b_data;
devid = btrfs_stack_device_id(&disk_super->dev_item);
dev_uuid = disk_super->dev_item.uuid;
- *device = btrfs_find_device(fs_info, devid, dev_uuid, disk_super->fsid);
+ *device = btrfs_find_device(fs_info->fs_devices, devid, dev_uuid,
+ disk_super->fsid, true);
brelse(bh);
if (!*device)
ret = -ENOENT;
@@ -2190,7 +2170,8 @@ int btrfs_find_device_by_devspec(struct
if (devid) {
ret = 0;
- *device = btrfs_find_device(fs_info, devid, NULL, NULL);
+ *device = btrfs_find_device(fs_info->fs_devices, devid,
+ NULL, NULL, true);
if (!*device)
ret = -ENOENT;
} else {
@@ -2322,7 +2303,8 @@ next_slot:
BTRFS_UUID_SIZE);
read_extent_buffer(leaf, fs_uuid, btrfs_device_fsid(dev_item),
BTRFS_FSID_SIZE);
- device = btrfs_find_device(fs_info, devid, dev_uuid, fs_uuid);
+ device = btrfs_find_device(fs_info->fs_devices, devid, dev_uuid,
+ fs_uuid, true);
BUG_ON(!device); /* Logic error */
if (device->fs_devices->seeding) {
@@ -6254,21 +6236,36 @@ blk_status_t btrfs_map_bio(struct btrfs_
return BLK_STS_OK;
}
-struct btrfs_device *btrfs_find_device(struct btrfs_fs_info *fs_info, u64 devid,
- u8 *uuid, u8 *fsid)
+/*
+ * Find a device specified by @devid or @uuid in the list of @fs_devices, or
+ * return NULL.
+ *
+ * If devid and uuid are both specified, the match must be exact, otherwise
+ * only devid is used.
+ *
+ * If @seed is true, traverse through the seed devices.
+ */
+struct btrfs_device *btrfs_find_device(struct btrfs_fs_devices *fs_devices,
+ u64 devid, u8 *uuid, u8 *fsid,
+ bool seed)
{
struct btrfs_device *device;
- struct btrfs_fs_devices *cur_devices;
- cur_devices = fs_info->fs_devices;
- while (cur_devices) {
+ while (fs_devices) {
if (!fsid ||
- !memcmp(cur_devices->fsid, fsid, BTRFS_FSID_SIZE)) {
- device = find_device(cur_devices, devid, uuid);
- if (device)
- return device;
+ !memcmp(fs_devices->fsid, fsid, BTRFS_FSID_SIZE)) {
+ list_for_each_entry(device, &fs_devices->devices,
+ dev_list) {
+ if (device->devid == devid &&
+ (!uuid || memcmp(device->uuid, uuid,
+ BTRFS_UUID_SIZE) == 0))
+ return device;
+ }
}
- cur_devices = cur_devices->seed;
+ if (seed)
+ fs_devices = fs_devices->seed;
+ else
+ return NULL;
}
return NULL;
}
@@ -6513,8 +6510,8 @@ static int read_one_chunk(struct btrfs_f
read_extent_buffer(leaf, uuid, (unsigned long)
btrfs_stripe_dev_uuid_nr(chunk, i),
BTRFS_UUID_SIZE);
- map->stripes[i].dev = btrfs_find_device(fs_info, devid,
- uuid, NULL);
+ map->stripes[i].dev = btrfs_find_device(fs_info->fs_devices,
+ devid, uuid, NULL, true);
if (!map->stripes[i].dev &&
!btrfs_test_opt(fs_info, DEGRADED)) {
free_extent_map(em);
@@ -6653,7 +6650,8 @@ static int read_one_dev(struct btrfs_fs_
return PTR_ERR(fs_devices);
}
- device = btrfs_find_device(fs_info, devid, dev_uuid, fs_uuid);
+ device = btrfs_find_device(fs_info->fs_devices, devid, dev_uuid,
+ fs_uuid, true);
if (!device) {
if (!btrfs_test_opt(fs_info, DEGRADED)) {
btrfs_report_missing_device(fs_info, devid,
@@ -7243,7 +7241,8 @@ int btrfs_get_dev_stats(struct btrfs_fs_
int i;
mutex_lock(&fs_devices->device_list_mutex);
- dev = btrfs_find_device(fs_info, stats->devid, NULL, NULL);
+ dev = btrfs_find_device(fs_info->fs_devices, stats->devid,
+ NULL, NULL, true);
mutex_unlock(&fs_devices->device_list_mutex);
if (!dev) {
@@ -7460,7 +7459,7 @@ static int verify_one_dev_extent(struct
}
/* Make sure no dev extent is beyond device bondary */
- dev = btrfs_find_device(fs_info, devid, NULL, NULL);
+ dev = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL, true);
if (!dev) {
btrfs_err(fs_info, "failed to find devid %llu", devid);
ret = -EUCLEAN;
@@ -7469,7 +7468,8 @@ static int verify_one_dev_extent(struct
/* It's possible this device is a dummy for seed device */
if (dev->disk_total_bytes == 0) {
- dev = find_device(fs_info->fs_devices->seed, devid, NULL);
+ dev = btrfs_find_device(fs_info->fs_devices->seed, devid,
+ NULL, NULL, false);
if (!dev) {
btrfs_err(fs_info, "failed to find seed devid %llu",
devid);
--- a/fs/btrfs/volumes.h
+++ b/fs/btrfs/volumes.h
@@ -430,8 +430,8 @@ void __exit btrfs_cleanup_fs_uuids(void)
int btrfs_num_copies(struct btrfs_fs_info *fs_info, u64 logical, u64 len);
int btrfs_grow_device(struct btrfs_trans_handle *trans,
struct btrfs_device *device, u64 new_size);
-struct btrfs_device *btrfs_find_device(struct btrfs_fs_info *fs_info, u64 devid,
- u8 *uuid, u8 *fsid);
+struct btrfs_device *btrfs_find_device(struct btrfs_fs_devices *fs_devices,
+ u64 devid, u8 *uuid, u8 *fsid, bool seed);
int btrfs_shrink_device(struct btrfs_device *device, u64 new_size);
int btrfs_init_new_device(struct btrfs_fs_info *fs_info, const char *path);
int btrfs_balance(struct btrfs_fs_info *fs_info,
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 013/267] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 012/267] btrfs: merge btrfs_find_device and find_device Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 014/267] crypto: talitos - fix ECB and CBC algs ivsize Greg Kroah-Hartman
` (255 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Qu Wenruo,
David Sterba, Vikash Bansal
From: Qu Wenruo <wqu@suse.com>
commit 62fdaa52a3d00a875da771719b6dc537ca79fce1 upstream.
[BUG]
With crafted image, btrfs will panic at btree operations:
kernel BUG at fs/btrfs/ctree.c:3894!
invalid opcode: 0000 [#1] SMP PTI
CPU: 0 PID: 1138 Comm: btrfs-transacti Not tainted 5.0.0-rc8+ #9
RIP: 0010:__push_leaf_left+0x6b6/0x6e0
RSP: 0018:ffffc0bd4128b990 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffa0a4ab8f0e38 RCX: 0000000000000000
RDX: ffffa0a280000000 RSI: 0000000000000000 RDI: ffffa0a4b3814000
RBP: ffffc0bd4128ba38 R08: 0000000000001000 R09: ffffc0bd4128b948
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000240
R13: ffffa0a4b556fb60 R14: ffffa0a4ab8f0af0 R15: ffffa0a4ab8f0af0
FS: 0000000000000000(0000) GS:ffffa0a4b7a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2461c80020 CR3: 000000022b32a006 CR4: 00000000000206f0
Call Trace:
? _cond_resched+0x1a/0x50
push_leaf_left+0x179/0x190
btrfs_del_items+0x316/0x470
btrfs_del_csums+0x215/0x3a0
__btrfs_free_extent.isra.72+0x5a7/0xbe0
__btrfs_run_delayed_refs+0x539/0x1120
btrfs_run_delayed_refs+0xdb/0x1b0
btrfs_commit_transaction+0x52/0x950
? start_transaction+0x94/0x450
transaction_kthread+0x163/0x190
kthread+0x105/0x140
? btrfs_cleanup_transaction+0x560/0x560
? kthread_destroy_worker+0x50/0x50
ret_from_fork+0x35/0x40
Modules linked in:
---[ end trace c2425e6e89b5558f ]---
[CAUSE]
The offending csum tree looks like this:
checksum tree key (CSUM_TREE ROOT_ITEM 0)
node 29741056 level 1 items 14 free 107 generation 19 owner CSUM_TREE
...
key (EXTENT_CSUM EXTENT_CSUM 85975040) block 29630464 gen 17
key (EXTENT_CSUM EXTENT_CSUM 89911296) block 29642752 gen 17 <<<
key (EXTENT_CSUM EXTENT_CSUM 92274688) block 29646848 gen 17
...
leaf 29630464 items 6 free space 1 generation 17 owner CSUM_TREE
item 0 key (EXTENT_CSUM EXTENT_CSUM 85975040) itemoff 3987 itemsize 8
range start 85975040 end 85983232 length 8192
...
leaf 29642752 items 0 free space 3995 generation 17 owner 0
^ empty leaf invalid owner ^
leaf 29646848 items 1 free space 602 generation 17 owner CSUM_TREE
item 0 key (EXTENT_CSUM EXTENT_CSUM 92274688) itemoff 627 itemsize 3368
range start 92274688 end 95723520 length 3448832
So we have a corrupted csum tree where one tree leaf is completely
empty, causing unbalanced btree, thus leading to unexpected btree
balance error.
[FIX]
For this particular case, we handle it in two directions to catch it:
- Check if the tree block is empty through btrfs_verify_level_key()
So that invalid tree blocks won't be read out through
btrfs_search_slot() and its variants.
- Check 0 tree owner in tree checker
NO tree is using 0 as its tree owner, detect it and reject at tree
block read time.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202821
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Vikash Bansal <bvikas@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 10 ++++++++++
fs/btrfs/tree-checker.c | 6 ++++++
2 files changed, 16 insertions(+)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -438,6 +438,16 @@ int btrfs_verify_level_key(struct btrfs_
*/
if (btrfs_header_generation(eb) > fs_info->last_trans_committed)
return 0;
+
+ /* We have @first_key, so this @eb must have at least one item */
+ if (btrfs_header_nritems(eb) == 0) {
+ btrfs_err(fs_info,
+ "invalid tree nritems, bytenr=%llu nritems=0 expect >0",
+ eb->start);
+ WARN_ON(IS_ENABLED(CONFIG_BTRFS_DEBUG));
+ return -EUCLEAN;
+ }
+
if (found_level)
btrfs_node_key_to_cpu(eb, &found_key, 0);
else
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -509,6 +509,12 @@ static int check_leaf(struct btrfs_fs_in
owner);
return -EUCLEAN;
}
+ /* Unknown tree */
+ if (owner == 0) {
+ generic_err(fs_info, leaf, 0,
+ "invalid owner, root 0 is not defined");
+ return -EUCLEAN;
+ }
key.objectid = owner;
key.type = BTRFS_ROOT_ITEM_KEY;
key.offset = (u64)-1;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 014/267] crypto: talitos - fix ECB and CBC algs ivsize
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 013/267] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Greg Kroah-Hartman
@ 2020-06-19 14:29 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 015/267] Input: mms114 - fix handling of mms345l Greg Kroah-Hartman
` (254 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:29 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Su Kang Yin, Christophe Leroy
From: Su Kang Yin <cantona@cantona.net>
commit e1de42fdfc6a ("crypto: talitos - fix ECB algs ivsize")
wrongly modified CBC algs ivsize instead of ECB aggs ivsize.
This restore the CBC algs original ivsize of removes ECB's ones.
Fixes: e1de42fdfc6a ("crypto: talitos - fix ECB algs ivsize")
Signed-off-by: Su Kang Yin <cantona@cantona.net>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/talitos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -2670,7 +2670,6 @@ static struct talitos_alg_template drive
.cra_ablkcipher = {
.min_keysize = AES_MIN_KEY_SIZE,
.max_keysize = AES_MAX_KEY_SIZE,
- .ivsize = AES_BLOCK_SIZE,
}
},
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
@@ -2704,6 +2703,7 @@ static struct talitos_alg_template drive
.cra_ablkcipher = {
.min_keysize = AES_MIN_KEY_SIZE,
.max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
.setkey = ablkcipher_aes_setkey,
}
},
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 015/267] Input: mms114 - fix handling of mms345l
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2020-06-19 14:29 ` [PATCH 4.19 014/267] crypto: talitos - fix ECB and CBC algs ivsize Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 016/267] ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Greg Kroah-Hartman
` (253 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andi Shyti, Stephan Gerhold,
Dmitry Torokhov, Sasha Levin
From: Stephan Gerhold <stephan@gerhold.net>
[ Upstream commit 3f8f770575d911c989043d8f0fb8dec96360c41c ]
MMS345L is another first generation touch screen from Melfas,
which uses the same registers as MMS152.
However, using I2C_M_NOSTART for it causes errors when reading:
i2c i2c-0: sendbytes: NAK bailout.
mms114 0-0048: __mms114_read_reg: i2c transfer failed (-5)
The driver works fine as soon as I2C_M_NOSTART is removed.
Reviewed-by: Andi Shyti <andi@etezian.org>
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Link: https://lore.kernel.org/r/20200405170904.61512-1-stephan@gerhold.net
[dtor: removed separate mms345l handling, made everyone use standard
transfer mode, propagated the 10bit addressing flag to the read part of the
transfer as well.]
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/mms114.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/input/touchscreen/mms114.c b/drivers/input/touchscreen/mms114.c
index a5ab774da4cc..fca908ba4841 100644
--- a/drivers/input/touchscreen/mms114.c
+++ b/drivers/input/touchscreen/mms114.c
@@ -91,15 +91,15 @@ static int __mms114_read_reg(struct mms114_data *data, unsigned int reg,
if (reg <= MMS114_MODE_CONTROL && reg + len > MMS114_MODE_CONTROL)
BUG();
- /* Write register: use repeated start */
+ /* Write register */
xfer[0].addr = client->addr;
- xfer[0].flags = I2C_M_TEN | I2C_M_NOSTART;
+ xfer[0].flags = client->flags & I2C_M_TEN;
xfer[0].len = 1;
xfer[0].buf = &buf;
/* Read data */
xfer[1].addr = client->addr;
- xfer[1].flags = I2C_M_RD;
+ xfer[1].flags = (client->flags & I2C_M_TEN) | I2C_M_RD;
xfer[1].len = len;
xfer[1].buf = val;
@@ -428,10 +428,8 @@ static int mms114_probe(struct i2c_client *client,
const void *match_data;
int error;
- if (!i2c_check_functionality(client->adapter,
- I2C_FUNC_PROTOCOL_MANGLING)) {
- dev_err(&client->dev,
- "Need i2c bus that supports protocol mangling\n");
+ if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
+ dev_err(&client->dev, "Not supported I2C adapter\n");
return -ENODEV;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 016/267] ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 015/267] Input: mms114 - fix handling of mms345l Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 017/267] sched/fair: Dont NUMA balance for kthreads Greg Kroah-Hartman
` (252 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleg Nesterov, Fredrik Strupe,
Russell King, Sasha Levin
From: Fredrik Strupe <fredrik@strupe.net>
[ Upstream commit 3866f217aaa81bf7165c7f27362eee5d7919c496 ]
call_undef_hook() in traps.c applies the same instr_mask for both 16-bit
and 32-bit thumb instructions. If instr_mask then is only 16 bits wide
(0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb
instructions will be masked out. This makes the function match 32-bit
thumb instructions where the second half-word is equal to instr_val,
regardless of the first half-word.
The result in this case is that all undefined 32-bit thumb instructions
with the second half-word equal to 0xde01 (udf #1) work as breakpoints
and will raise a SIGTRAP instead of a SIGILL, instead of just the one
intended 16-bit instruction. An example of such an instruction is
0xeaa0de01, which is unallocated according to Arm ARM and should raise a
SIGILL, but instead raises a SIGTRAP.
This patch fixes the issue by setting all the bits in instr_mask, which
will still match the intended 16-bit thumb instruction (where the
upper half is always 0), but not any 32-bit thumb instructions.
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Fredrik Strupe <fredrik@strupe.net>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/kernel/ptrace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 36718a424358..492ac74a63f4 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -229,8 +229,8 @@ static struct undef_hook arm_break_hook = {
};
static struct undef_hook thumb_break_hook = {
- .instr_mask = 0xffff,
- .instr_val = 0xde01,
+ .instr_mask = 0xffffffff,
+ .instr_val = 0x0000de01,
.cpsr_mask = PSR_T_BIT,
.cpsr_val = PSR_T_BIT,
.fn = break_trap,
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 017/267] sched/fair: Dont NUMA balance for kthreads
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 016/267] ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 018/267] Input: synaptics - add a second working PNP_ID for Lenovo T470s Greg Kroah-Hartman
` (251 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefano Garzarella, Jens Axboe,
Ingo Molnar, Peter Zijlstra, Sasha Levin
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit 18f855e574d9799a0e7489f8ae6fd8447d0dd74a ]
Stefano reported a crash with using SQPOLL with io_uring:
BUG: kernel NULL pointer dereference, address: 00000000000003b0
CPU: 2 PID: 1307 Comm: io_uring-sq Not tainted 5.7.0-rc7 #11
RIP: 0010:task_numa_work+0x4f/0x2c0
Call Trace:
task_work_run+0x68/0xa0
io_sq_thread+0x252/0x3d0
kthread+0xf9/0x130
ret_from_fork+0x35/0x40
which is task_numa_work() oopsing on current->mm being NULL.
The task work is queued by task_tick_numa(), which checks if current->mm is
NULL at the time of the call. But this state isn't necessarily persistent,
if the kthread is using use_mm() to temporarily adopt the mm of a task.
Change the task_tick_numa() check to exclude kernel threads in general,
as it doesn't make sense to attempt ot balance for kthreads anyway.
Reported-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/865de121-8190-5d30-ece5-3b097dc74431@kernel.dk
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 86ccaaf0c1bf..92b1e71f13c8 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -2697,7 +2697,7 @@ void task_tick_numa(struct rq *rq, struct task_struct *curr)
/*
* We don't care about NUMA placement if we don't have memory.
*/
- if (!curr->mm || (curr->flags & PF_EXITING) || work->next != work)
+ if ((curr->flags & (PF_EXITING | PF_KTHREAD)) || work->next != work)
return;
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 018/267] Input: synaptics - add a second working PNP_ID for Lenovo T470s
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 017/267] sched/fair: Dont NUMA balance for kthreads Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 019/267] drivers/net/ibmvnic: Update VNIC protocol version reporting Greg Kroah-Hartman
` (250 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dennis Kadioglu, Dmitry Torokhov,
Sasha Levin
From: Dennis Kadioglu <denk@eclipso.email>
[ Upstream commit 642aa86eaf8f1e6fe894f20fd7f12f0db52ee03c ]
The Lenovo Thinkpad T470s I own has a different touchpad with "LEN007a"
instead of the already included PNP ID "LEN006c". However, my touchpad
seems to work well without any problems using RMI. So this patch adds the
other PNP ID.
Signed-off-by: Dennis Kadioglu <denk@eclipso.email>
Link: https://lore.kernel.org/r/ff770543cd53ae818363c0fe86477965@mail.eclipso.de
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/mouse/synaptics.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
index d9042d0566ab..671e018eb363 100644
--- a/drivers/input/mouse/synaptics.c
+++ b/drivers/input/mouse/synaptics.c
@@ -173,6 +173,7 @@ static const char * const smbus_pnp_ids[] = {
"LEN005b", /* P50 */
"LEN005e", /* T560 */
"LEN006c", /* T470s */
+ "LEN007a", /* T470s */
"LEN0071", /* T480 */
"LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */
"LEN0073", /* X1 Carbon G5 (Elantech) */
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 019/267] drivers/net/ibmvnic: Update VNIC protocol version reporting
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 018/267] Input: synaptics - add a second working PNP_ID for Lenovo T470s Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 020/267] powerpc/xive: Clear the page tables for the ESB IO mapping Greg Kroah-Hartman
` (249 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Falcon, David S. Miller, Sasha Levin
From: Thomas Falcon <tlfalcon@linux.ibm.com>
[ Upstream commit 784688993ebac34dffe44a9f2fabbe126ebfd4db ]
VNIC protocol version is reported in big-endian format, but it
is not byteswapped before logging. Fix that, and remove version
comparison as only one protocol version exists at this time.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ibm/ibmvnic.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
index abfd990ba4d8..645298628b6f 100644
--- a/drivers/net/ethernet/ibm/ibmvnic.c
+++ b/drivers/net/ethernet/ibm/ibmvnic.c
@@ -4295,12 +4295,10 @@ static void ibmvnic_handle_crq(union ibmvnic_crq *crq,
dev_err(dev, "Error %ld in VERSION_EXCHG_RSP\n", rc);
break;
}
- dev_info(dev, "Partner protocol version is %d\n",
- crq->version_exchange_rsp.version);
- if (be16_to_cpu(crq->version_exchange_rsp.version) <
- ibmvnic_version)
- ibmvnic_version =
+ ibmvnic_version =
be16_to_cpu(crq->version_exchange_rsp.version);
+ dev_info(dev, "Partner protocol version is %d\n",
+ ibmvnic_version);
send_cap_queries(adapter);
break;
case QUERY_CAPABILITY_RSP:
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 020/267] powerpc/xive: Clear the page tables for the ESB IO mapping
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 019/267] drivers/net/ibmvnic: Update VNIC protocol version reporting Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 021/267] ath9k_htc: Silence undersized packet warnings Greg Kroah-Hartman
` (248 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cédric Le Goater,
Michael Ellerman, Sasha Levin
From: Cédric Le Goater <clg@kaod.org>
[ Upstream commit a101950fcb78b0ba20cd487be6627dea58d55c2b ]
Commit 1ca3dec2b2df ("powerpc/xive: Prevent page fault issues in the
machine crash handler") fixed an issue in the FW assisted dump of
machines using hash MMU and the XIVE interrupt mode under the POWER
hypervisor. It forced the mapping of the ESB page of interrupts being
mapped in the Linux IRQ number space to make sure the 'crash kexec'
sequence worked during such an event. But it didn't handle the
un-mapping.
This mapping is now blocking the removal of a passthrough IO adapter
under the POWER hypervisor because it expects the guest OS to have
cleared all page table entries related to the adapter. If some are
still present, the RTAS call which isolates the PCI slot returns error
9001 "valid outstanding translations".
Remove these mapping in the IRQ data cleanup routine.
Under KVM, this cleanup is not required because the ESB pages for the
adapter interrupts are un-mapped from the guest by the hypervisor in
the KVM XIVE native device. This is now redundant but it's harmless.
Fixes: 1ca3dec2b2df ("powerpc/xive: Prevent page fault issues in the machine crash handler")
Cc: stable@vger.kernel.org # v5.5+
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200429075122.1216388-2-clg@kaod.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/xive/common.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/powerpc/sysdev/xive/common.c b/arch/powerpc/sysdev/xive/common.c
index 1c31a08cdd54..2aa9f3de223c 100644
--- a/arch/powerpc/sysdev/xive/common.c
+++ b/arch/powerpc/sysdev/xive/common.c
@@ -23,6 +23,7 @@
#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/msi.h>
+#include <linux/vmalloc.h>
#include <asm/prom.h>
#include <asm/io.h>
@@ -933,12 +934,16 @@ EXPORT_SYMBOL_GPL(is_xive_irq);
void xive_cleanup_irq_data(struct xive_irq_data *xd)
{
if (xd->eoi_mmio) {
+ unmap_kernel_range((unsigned long)xd->eoi_mmio,
+ 1u << xd->esb_shift);
iounmap(xd->eoi_mmio);
if (xd->eoi_mmio == xd->trig_mmio)
xd->trig_mmio = NULL;
xd->eoi_mmio = NULL;
}
if (xd->trig_mmio) {
+ unmap_kernel_range((unsigned long)xd->trig_mmio,
+ 1u << xd->esb_shift);
iounmap(xd->trig_mmio);
xd->trig_mmio = NULL;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 021/267] ath9k_htc: Silence undersized packet warnings
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 020/267] powerpc/xive: Clear the page tables for the ESB IO mapping Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 022/267] RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Greg Kroah-Hartman
` (247 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Denis, Masashi Honma, Kalle Valo,
Sasha Levin
From: Masashi Honma <masashi.honma@gmail.com>
[ Upstream commit 450edd2805982d14ed79733a82927d2857b27cac ]
Some devices like TP-Link TL-WN722N produces this kind of messages
frequently.
kernel: ath: phy0: Short RX data len, dropping (dlen: 4)
This warning is useful for developers to recognize that the device
(Wi-Fi dongle or USB hub etc) is noisy but not for general users. So
this patch make this warning to debug message.
Reported-By: Denis <pro.denis@protonmail.com>
Ref: https://bugzilla.kernel.org/show_bug.cgi?id=207539
Fixes: cd486e627e67 ("ath9k_htc: Discard undersized packets")
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200504214443.4485-1-masashi.honma@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
index b5d7ef4da17f..f19393e584dc 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
@@ -999,9 +999,9 @@ static bool ath9k_rx_prepare(struct ath9k_htc_priv *priv,
* which are not PHY_ERROR (short radar pulses have a length of 3)
*/
if (unlikely(!rs_datalen || (rs_datalen < 10 && !is_phyerr))) {
- ath_warn(common,
- "Short RX data len, dropping (dlen: %d)\n",
- rs_datalen);
+ ath_dbg(common, ANY,
+ "Short RX data len, dropping (dlen: %d)\n",
+ rs_datalen);
goto rx_next;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 022/267] RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 021/267] ath9k_htc: Silence undersized packet warnings Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 023/267] x86/cpu/amd: Make erratum #1054 a legacy erratum Greg Kroah-Hartman
` (246 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leon Romanovsky, Jason Gunthorpe,
Sasha Levin
From: Jason Gunthorpe <jgg@mellanox.com>
[ Upstream commit eb356e6dc15a30af604f052cd0e170450193c254 ]
If is_closed is set, and the event list is empty, then read() will return
-EIO without blocking. After setting is_closed in
ib_uverbs_free_event_queue(), we do trigger a wake_up on the poll_wait,
but the fops->poll() function does not check it, so poll will continue to
sleep on an empty list.
Fixes: 14e23bd6d221 ("RDMA/core: Fix locking in ib_uverbs_event_read")
Link: https://lore.kernel.org/r/0-v1-ace813388969+48859-uverbs_poll_fix%25jgg@mellanox.com
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/uverbs_main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index 5404717998b0..fc4b46258c75 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -360,6 +360,8 @@ static __poll_t ib_uverbs_event_poll(struct ib_uverbs_event_queue *ev_queue,
spin_lock_irq(&ev_queue->lock);
if (!list_empty(&ev_queue->event_list))
pollflags = EPOLLIN | EPOLLRDNORM;
+ else if (ev_queue->is_closed)
+ pollflags = EPOLLERR;
spin_unlock_irq(&ev_queue->lock);
return pollflags;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 023/267] x86/cpu/amd: Make erratum #1054 a legacy erratum
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 022/267] RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 024/267] perf probe: Accept the instance number of kretprobe event Greg Kroah-Hartman
` (245 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Cooper, Kim Phillips,
Borislav Petkov, Sasha Levin
From: Kim Phillips <kim.phillips@amd.com>
[ Upstream commit e2abfc0448a46d8a137505aa180caf14070ec535 ]
Commit
21b5ee59ef18 ("x86/cpu/amd: Enable the fixed Instructions Retired
counter IRPERF")
mistakenly added erratum #1054 as an OS Visible Workaround (OSVW) ID 0.
Erratum #1054 is not OSVW ID 0 [1], so make it a legacy erratum.
There would never have been a false positive on older hardware that
has OSVW bit 0 set, since the IRPERF feature was not available.
However, save a couple of RDMSR executions per thread, on modern
system configurations that correctly set non-zero values in their
OSVW_ID_Length MSRs.
[1] Revision Guide for AMD Family 17h Models 00h-0Fh Processors. The
revision guide is available from the bugzilla link below.
Fixes: 21b5ee59ef18 ("x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF")
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200417143356.26054-1-kim.phillips@amd.com
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/amd.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 120769955687..de69090ca142 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -1122,8 +1122,7 @@ static const int amd_erratum_383[] =
/* #1054: Instructions Retired Performance Counter May Be Inaccurate */
static const int amd_erratum_1054[] =
- AMD_OSVW_ERRATUM(0, AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
-
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
{
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 024/267] perf probe: Accept the instance number of kretprobe event
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 023/267] x86/cpu/amd: Make erratum #1054 a legacy erratum Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 025/267] mm: add kvfree_sensitive() for freeing sensitive data objects Greg Kroah-Hartman
` (244 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yuxuan Shui, Masami Hiramatsu,
Jiri Olsa, Namhyung Kim, Arnaldo Carvalho de Melo, Sasha Levin
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit c6aab66a728b6518772c74bd9dff66e1a1c652fd ]
Since the commit 6a13a0d7b4d1 ("ftrace/kprobe: Show the maxactive number
on kprobe_events") introduced to show the instance number of kretprobe
events, the length of the 1st format of the kprobe event will not 1, but
it can be longer. This caused a parser error in perf-probe.
Skip the length check the 1st format of the kprobe event to accept this
instance number.
Without this fix:
# perf probe -a vfs_read%return
Added new event:
probe:vfs_read__return (on vfs_read%return)
You can now use it in all perf tools, such as:
perf record -e probe:vfs_read__return -aR sleep 1
# perf probe -l
Semantic error :Failed to parse event name: r16:probe/vfs_read__return
Error: Failed to show event list.
And with this fixes:
# perf probe -a vfs_read%return
...
# perf probe -l
probe:vfs_read__return (on vfs_read%return)
Fixes: 6a13a0d7b4d1 ("ftrace/kprobe: Show the maxactive number on kprobe_events")
Reported-by: Yuxuan Shui <yshuiv7@gmail.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Yuxuan Shui <yshuiv7@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207587
Link: http://lore.kernel.org/lkml/158877535215.26469.1113127926699134067.stgit@devnote2
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/probe-event.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tools/perf/util/probe-event.c b/tools/perf/util/probe-event.c
index a22e1f538aea..4dd79e08cb7b 100644
--- a/tools/perf/util/probe-event.c
+++ b/tools/perf/util/probe-event.c
@@ -1753,8 +1753,7 @@ int parse_probe_trace_command(const char *cmd, struct probe_trace_event *tev)
fmt1_str = strtok_r(argv0_str, ":", &fmt);
fmt2_str = strtok_r(NULL, "/", &fmt);
fmt3_str = strtok_r(NULL, " \t", &fmt);
- if (fmt1_str == NULL || strlen(fmt1_str) != 1 || fmt2_str == NULL
- || fmt3_str == NULL) {
+ if (fmt1_str == NULL || fmt2_str == NULL || fmt3_str == NULL) {
semantic_error("Failed to parse event name: %s\n", argv[0]);
ret = -EINVAL;
goto out;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 025/267] mm: add kvfree_sensitive() for freeing sensitive data objects
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 024/267] perf probe: Accept the instance number of kretprobe event Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 026/267] aio: fix async fsync creds Greg Kroah-Hartman
` (243 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Waiman Long,
Andrew Morton, Eric Biggers, David Howells, Jarkko Sakkinen,
James Morris, Serge E. Hallyn, Joe Perches, Matthew Wilcox,
David Rientjes, Uladzislau Rezki, Sasha Levin
From: Waiman Long <longman@redhat.com>
[ Upstream commit d4eaa2837851db2bfed572898bfc17f9a9f9151e ]
For kvmalloc'ed data object that contains sensitive information like
cryptographic keys, we need to make sure that the buffer is always cleared
before freeing it. Using memset() alone for buffer clearing may not
provide certainty as the compiler may compile it away. To be sure, the
special memzero_explicit() has to be used.
This patch introduces a new kvfree_sensitive() for freeing those sensitive
data objects allocated by kvmalloc(). The relevant places where
kvfree_sensitive() can be used are modified to use it.
Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read")
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Uladzislau Rezki <urezki@gmail.com>
Link: http://lkml.kernel.org/r/20200407200318.11711-1-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/mm.h | 1 +
mm/util.c | 18 ++++++++++++++++++
security/keys/internal.h | 11 -----------
security/keys/keyctl.c | 16 +++++-----------
4 files changed, 24 insertions(+), 22 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index b1092046ebef..05bc5f25ab85 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -601,6 +601,7 @@ static inline void *kvcalloc(size_t n, size_t size, gfp_t flags)
}
extern void kvfree(const void *addr);
+extern void kvfree_sensitive(const void *addr, size_t len);
/*
* Mapcount of compound page as a whole, does not include mapped sub-pages.
diff --git a/mm/util.c b/mm/util.c
index 6a24a1025d77..621afcea2bfa 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -453,6 +453,24 @@ void kvfree(const void *addr)
}
EXPORT_SYMBOL(kvfree);
+/**
+ * kvfree_sensitive - Free a data object containing sensitive information.
+ * @addr: address of the data object to be freed.
+ * @len: length of the data object.
+ *
+ * Use the special memzero_explicit() function to clear the content of a
+ * kvmalloc'ed object containing sensitive data to make sure that the
+ * compiler won't optimize out the data clearing.
+ */
+void kvfree_sensitive(const void *addr, size_t len)
+{
+ if (likely(!ZERO_OR_NULL_PTR(addr))) {
+ memzero_explicit((void *)addr, len);
+ kvfree(addr);
+ }
+}
+EXPORT_SYMBOL(kvfree_sensitive);
+
static inline void *__page_rmapping(struct page *page)
{
unsigned long mapping;
diff --git a/security/keys/internal.h b/security/keys/internal.h
index eb50212fbbf8..d1b9c5957000 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -306,15 +306,4 @@ static inline void key_check(const struct key *key)
#define key_check(key) do {} while(0)
#endif
-
-/*
- * Helper function to clear and free a kvmalloc'ed memory object.
- */
-static inline void __kvzfree(const void *addr, size_t len)
-{
- if (addr) {
- memset((void *)addr, 0, len);
- kvfree(addr);
- }
-}
#endif /* _INTERNAL_H */
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index c07c2e2b2478..9394d72a77e8 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -133,10 +133,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
key_ref_put(keyring_ref);
error3:
- if (payload) {
- memzero_explicit(payload, plen);
- kvfree(payload);
- }
+ kvfree_sensitive(payload, plen);
error2:
kfree(description);
error:
@@ -351,7 +348,7 @@ long keyctl_update_key(key_serial_t id,
key_ref_put(key_ref);
error2:
- __kvzfree(payload, plen);
+ kvfree_sensitive(payload, plen);
error:
return ret;
}
@@ -859,7 +856,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
*/
if (ret > key_data_len) {
if (unlikely(key_data))
- __kvzfree(key_data, key_data_len);
+ kvfree_sensitive(key_data, key_data_len);
key_data_len = ret;
continue; /* Allocate buffer */
}
@@ -868,7 +865,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
ret = -EFAULT;
break;
}
- __kvzfree(key_data, key_data_len);
+ kvfree_sensitive(key_data, key_data_len);
key_put_out:
key_put(key);
@@ -1170,10 +1167,7 @@ long keyctl_instantiate_key_common(key_serial_t id,
keyctl_change_reqkey_auth(NULL);
error2:
- if (payload) {
- memzero_explicit(payload, plen);
- kvfree(payload);
- }
+ kvfree_sensitive(payload, plen);
error:
return ret;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 026/267] aio: fix async fsync creds
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 025/267] mm: add kvfree_sensitive() for freeing sensitive data objects Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 027/267] btrfs: tree-checker: Check level for leaves and nodes Greg Kroah-Hartman
` (242 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Avi Kivity, Giuseppe Scrivano,
Miklos Szeredi, Christoph Hellwig
From: Miklos Szeredi <mszeredi@redhat.com>
commit 530f32fc370fd1431ea9802dbc53ab5601dfccdb upstream.
Avi Kivity reports that on fuse filesystems running in a user namespace
asyncronous fsync fails with EOVERFLOW.
The reason is that f_ops->fsync() is called with the creds of the kthread
performing aio work instead of the creds of the process originally
submitting IOCB_CMD_FSYNC.
Fuse sends the creds of the caller in the request header and it needs to
translate the uid and gid into the server's user namespace. Since the
kthread is running in init_user_ns, the translation will fail and the
operation returns an error.
It can be argued that fsync doesn't actually need any creds, but just
zeroing out those fields in the header (as with requests that currently
don't take creds) is a backward compatibility risk.
Instead of working around this issue in fuse, solve the core of the problem
by calling the filesystem with the proper creds.
Reported-by: Avi Kivity <avi@scylladb.com>
Tested-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fixes: c9582eb0ff7d ("fuse: Fail all requests with invalid uids or gids")
Cc: stable@vger.kernel.org # 4.18+
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/aio.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -169,6 +169,7 @@ struct fsync_iocb {
struct file *file;
struct work_struct work;
bool datasync;
+ struct cred *creds;
};
struct poll_iocb {
@@ -1579,8 +1580,11 @@ static ssize_t aio_write(struct kiocb *r
static void aio_fsync_work(struct work_struct *work)
{
struct aio_kiocb *iocb = container_of(work, struct aio_kiocb, fsync.work);
+ const struct cred *old_cred = override_creds(iocb->fsync.creds);
iocb->ki_res.res = vfs_fsync(iocb->fsync.file, iocb->fsync.datasync);
+ revert_creds(old_cred);
+ put_cred(iocb->fsync.creds);
iocb_put(iocb);
}
@@ -1594,6 +1598,10 @@ static int aio_fsync(struct fsync_iocb *
if (unlikely(!req->file->f_op->fsync))
return -EINVAL;
+ req->creds = prepare_creds();
+ if (!req->creds)
+ return -ENOMEM;
+
req->datasync = datasync;
INIT_WORK(&req->work, aio_fsync_work);
schedule_work(&req->work);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 027/267] btrfs: tree-checker: Check level for leaves and nodes
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 026/267] aio: fix async fsync creds Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 028/267] x86_64: Fix jiffies ODR violation Greg Kroah-Hartman
` (241 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qu Wenruo, Su Yue, David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit f556faa46eb4e96d0d0772e74ecf66781e132f72 ]
Although we have tree level check at tree read runtime, it's completely
based on its parent level.
We still need to do accurate level check to avoid invalid tree blocks
sneak into kernel space.
The check itself is simple, for leaf its level should always be 0.
For nodes its level should be in range [1, BTRFS_MAX_LEVEL - 1].
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/tree-checker.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 235c2970b944..d98ec885b72a 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -485,6 +485,13 @@ static int check_leaf(struct btrfs_fs_info *fs_info, struct extent_buffer *leaf,
u32 nritems = btrfs_header_nritems(leaf);
int slot;
+ if (btrfs_header_level(leaf) != 0) {
+ generic_err(fs_info, leaf, 0,
+ "invalid level for leaf, have %d expect 0",
+ btrfs_header_level(leaf));
+ return -EUCLEAN;
+ }
+
/*
* Extent buffers from a relocation tree have a owner field that
* corresponds to the subvolume tree they are based on. So just from an
@@ -649,9 +656,16 @@ int btrfs_check_node(struct btrfs_fs_info *fs_info, struct extent_buffer *node)
unsigned long nr = btrfs_header_nritems(node);
struct btrfs_key key, next_key;
int slot;
+ int level = btrfs_header_level(node);
u64 bytenr;
int ret = 0;
+ if (level <= 0 || level >= BTRFS_MAX_LEVEL) {
+ generic_err(fs_info, node, 0,
+ "invalid level for node, have %d expect [1, %d]",
+ level, BTRFS_MAX_LEVEL - 1);
+ return -EUCLEAN;
+ }
if (nr == 0 || nr > BTRFS_NODEPTRS_PER_BLOCK(fs_info)) {
btrfs_crit(fs_info,
"corrupt node: root=%llu block=%llu, nritems too %s, have %lu expect range [1,%u]",
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 028/267] x86_64: Fix jiffies ODR violation
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 027/267] btrfs: tree-checker: Check level for leaves and nodes Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 029/267] x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Greg Kroah-Hartman
` (240 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Alistair Delva,
Fangrui Song, Bob Haarman, Thomas Gleixner, Andi Kleen,
Josh Poimboeuf, Nick Desaulniers, Sami Tolvanen, Sedat Dilek
From: Bob Haarman <inglorion@google.com>
commit d8ad6d39c35d2b44b3d48b787df7f3359381dcbf upstream.
'jiffies' and 'jiffies_64' are meant to alias (two different symbols that
share the same address). Most architectures make the symbols alias to the
same address via a linker script assignment in their
arch/<arch>/kernel/vmlinux.lds.S:
jiffies = jiffies_64;
which is effectively a definition of jiffies.
jiffies and jiffies_64 are both forward declared for all architectures in
include/linux/jiffies.h. jiffies_64 is defined in kernel/time/timer.c.
x86_64 was peculiar in that it wasn't doing the above linker script
assignment, but rather was:
1. defining jiffies in arch/x86/kernel/time.c instead via the linker script.
2. overriding the symbol jiffies_64 from kernel/time/timer.c in
arch/x86/kernel/vmlinux.lds.s via 'jiffies_64 = jiffies;'.
As Fangrui notes:
In LLD, symbol assignments in linker scripts override definitions in
object files. GNU ld appears to have the same behavior. It would
probably make sense for LLD to error "duplicate symbol" but GNU ld
is unlikely to adopt for compatibility reasons.
This results in an ODR violation (UB), which seems to have survived
thus far. Where it becomes harmful is when;
1. -fno-semantic-interposition is used:
As Fangrui notes:
Clang after LLVM commit 5b22bcc2b70d
("[X86][ELF] Prefer to lower MC_GlobalAddress operands to .Lfoo$local")
defaults to -fno-semantic-interposition similar semantics which help
-fpic/-fPIC code avoid GOT/PLT when the referenced symbol is defined
within the same translation unit. Unlike GCC
-fno-semantic-interposition, Clang emits such relocations referencing
local symbols for non-pic code as well.
This causes references to jiffies to refer to '.Ljiffies$local' when
jiffies is defined in the same translation unit. Likewise, references to
jiffies_64 become references to '.Ljiffies_64$local' in translation units
that define jiffies_64. Because these differ from the names used in the
linker script, they will not be rewritten to alias one another.
2. Full LTO
Full LTO effectively treats all source files as one translation
unit, causing these local references to be produced everywhere. When
the linker processes the linker script, there are no longer any
references to jiffies_64' anywhere to replace with 'jiffies'. And
thus '.Ljiffies$local' and '.Ljiffies_64$local' no longer alias
at all.
In the process of porting patches enabling Full LTO from arm64 to x86_64,
spooky bugs have been observed where the kernel appeared to boot, but init
doesn't get scheduled.
Avoid the ODR violation by matching other architectures and define jiffies
only by linker script. For -fno-semantic-interposition + Full LTO, there
is no longer a global definition of jiffies for the compiler to produce a
local symbol which the linker script won't ensure aliases to jiffies_64.
Fixes: 40747ffa5aa8 ("asmlinkage: Make jiffies visible")
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Reported-by: Alistair Delva <adelva@google.com>
Debugged-by: Nick Desaulniers <ndesaulniers@google.com>
Debugged-by: Sami Tolvanen <samitolvanen@google.com>
Suggested-by: Fangrui Song <maskray@google.com>
Signed-off-by: Bob Haarman <inglorion@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # build+boot on
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: stable@vger.kernel.org
Link: https://github.com/ClangBuiltLinux/linux/issues/852
Link: https://lkml.kernel.org/r/20200602193100.229287-1-inglorion@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/time.c | 4 ----
arch/x86/kernel/vmlinux.lds.S | 4 ++--
2 files changed, 2 insertions(+), 6 deletions(-)
--- a/arch/x86/kernel/time.c
+++ b/arch/x86/kernel/time.c
@@ -24,10 +24,6 @@
#include <asm/hpet.h>
#include <asm/time.h>
-#ifdef CONFIG_X86_64
-__visible volatile unsigned long jiffies __cacheline_aligned_in_smp = INITIAL_JIFFIES;
-#endif
-
unsigned long profile_pc(struct pt_regs *regs)
{
unsigned long pc = instruction_pointer(regs);
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -36,13 +36,13 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONF
#ifdef CONFIG_X86_32
OUTPUT_ARCH(i386)
ENTRY(phys_startup_32)
-jiffies = jiffies_64;
#else
OUTPUT_ARCH(i386:x86-64)
ENTRY(phys_startup_64)
-jiffies_64 = jiffies;
#endif
+jiffies = jiffies_64;
+
#if defined(CONFIG_X86_64)
/*
* On 64-bit, align RODATA to 2MB so we retain large page mappings for
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 029/267] x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 028/267] x86_64: Fix jiffies ODR violation Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 030/267] x86/speculation: Prevent rogue cross-process SSBD shutdown Greg Kroah-Hartman
` (239 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaochun Lee, Bjorn Helgaas
From: Xiaochun Lee <lixc17@lenovo.com>
commit 1574051e52cb4b5b7f7509cfd729b76ca1117808 upstream.
The Intel C620 Platform Controller Hub has MROM functions that have non-PCI
registers (undocumented in the public spec) where BAR 0 is supposed to be,
which results in messages like this:
pci 0000:00:11.0: [Firmware Bug]: reg 0x30: invalid BAR (can't size)
Mark these MROM functions as having non-compliant BARs so we don't try to
probe any of them. There are no other BARs on these devices.
See the Intel C620 Series Chipset Platform Controller Hub Datasheet,
May 2019, Document Number 336067-007US, sec 2.1, 35.5, 35.6.
[bhelgaas: commit log, add 0xa26d]
Link: https://lore.kernel.org/r/1589513467-17070-1-git-send-email-lixiaochun.2888@163.com
Signed-off-by: Xiaochun Lee <lixc17@lenovo.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/pci/fixup.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/x86/pci/fixup.c
+++ b/arch/x86/pci/fixup.c
@@ -572,6 +572,10 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_IN
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6f60, pci_invalid_bar);
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fa0, pci_invalid_bar);
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fc0, pci_invalid_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0xa1ec, pci_invalid_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0xa1ed, pci_invalid_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0xa26c, pci_invalid_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0xa26d, pci_invalid_bar);
/*
* Device [1022:7808]
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 030/267] x86/speculation: Prevent rogue cross-process SSBD shutdown
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 029/267] x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 031/267] x86/reboot/quirks: Add MacBook6,1 reboot quirk Greg Kroah-Hartman
` (238 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Steinhauser, Thomas Gleixner
From: Anthony Steinhauser <asteinhauser@google.com>
commit dbbe2ad02e9df26e372f38cc3e70dab9222c832e upstream.
On context switch the change of TIF_SSBD and TIF_SPEC_IB are evaluated
to adjust the mitigations accordingly. This is optimized to avoid the
expensive MSR write if not needed.
This optimization is buggy and allows an attacker to shutdown the SSBD
protection of a victim process.
The update logic reads the cached base value for the speculation control
MSR which has neither the SSBD nor the STIBP bit set. It then OR's the
SSBD bit only when TIF_SSBD is different and requests the MSR update.
That means if TIF_SSBD of the previous and next task are the same, then
the base value is not updated, even if TIF_SSBD is set. The MSR write is
not requested.
Subsequently if the TIF_STIBP bit differs then the STIBP bit is updated
in the base value and the MSR is written with a wrong SSBD value.
This was introduced when the per task/process conditional STIPB
switching was added on top of the existing SSBD switching.
It is exploitable if the attacker creates a process which enforces SSBD
and has the contrary value of STIBP than the victim process (i.e. if the
victim process enforces STIBP, the attacker process must not enforce it;
if the victim process does not enforce STIBP, the attacker process must
enforce it) and schedule it on the same core as the victim process. If
the victim runs after the attacker the victim becomes vulnerable to
Spectre V4.
To fix this, update the MSR value independent of the TIF_SSBD difference
and dependent on the SSBD mitigation method available. This ensures that
a subsequent STIPB initiated MSR write has the correct state of SSBD.
[ tglx: Handle X86_FEATURE_VIRT_SSBD & X86_FEATURE_VIRT_SSBD correctly
and massaged changelog ]
Fixes: 5bfbe3ad5840 ("x86/speculation: Prepare for per task indirect branch speculation control")
Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/process.c | 28 ++++++++++------------------
1 file changed, 10 insertions(+), 18 deletions(-)
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -413,28 +413,20 @@ static __always_inline void __speculatio
lockdep_assert_irqs_disabled();
- /*
- * If TIF_SSBD is different, select the proper mitigation
- * method. Note that if SSBD mitigation is disabled or permanentely
- * enabled this branch can't be taken because nothing can set
- * TIF_SSBD.
- */
- if (tif_diff & _TIF_SSBD) {
- if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) {
+ /* Handle change of TIF_SSBD depending on the mitigation method. */
+ if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) {
+ if (tif_diff & _TIF_SSBD)
amd_set_ssb_virt_state(tifn);
- } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
+ } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) {
+ if (tif_diff & _TIF_SSBD)
amd_set_core_ssb_state(tifn);
- } else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
- static_cpu_has(X86_FEATURE_AMD_SSBD)) {
- msr |= ssbd_tif_to_spec_ctrl(tifn);
- updmsr = true;
- }
+ } else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) ||
+ static_cpu_has(X86_FEATURE_AMD_SSBD)) {
+ updmsr |= !!(tif_diff & _TIF_SSBD);
+ msr |= ssbd_tif_to_spec_ctrl(tifn);
}
- /*
- * Only evaluate TIF_SPEC_IB if conditional STIBP is enabled,
- * otherwise avoid the MSR write.
- */
+ /* Only evaluate TIF_SPEC_IB if conditional STIBP is enabled. */
if (IS_ENABLED(CONFIG_SMP) &&
static_branch_unlikely(&switch_to_cond_stibp)) {
updmsr |= !!(tif_diff & _TIF_SPEC_IB);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 031/267] x86/reboot/quirks: Add MacBook6,1 reboot quirk
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 030/267] x86/speculation: Prevent rogue cross-process SSBD shutdown Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 032/267] efi/efivars: Add missing kobject_put() in sysfs entry creation error path Greg Kroah-Hartman
` (237 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hill Ma, Borislav Petkov
From: Hill Ma <maahiuzeon@gmail.com>
commit 140fd4ac78d385e6c8e6a5757585f6c707085f87 upstream.
On MacBook6,1 reboot would hang unless parameter reboot=pci is added.
Make it automatic.
Signed-off-by: Hill Ma <maahiuzeon@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20200425200641.GA1554@cslab.localdomain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/reboot.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -197,6 +197,14 @@ static const struct dmi_system_id reboot
DMI_MATCH(DMI_PRODUCT_NAME, "MacBook5"),
},
},
+ { /* Handle problems with rebooting on Apple MacBook6,1 */
+ .callback = set_pci_reboot,
+ .ident = "Apple MacBook6,1",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MacBook6,1"),
+ },
+ },
{ /* Handle problems with rebooting on Apple MacBookPro5 */
.callback = set_pci_reboot,
.ident = "Apple MacBookPro5",
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 032/267] efi/efivars: Add missing kobject_put() in sysfs entry creation error path
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 031/267] x86/reboot/quirks: Add MacBook6,1 reboot quirk Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 033/267] ALSA: es1688: Add the missed snd_card_free() Greg Kroah-Hartman
` (236 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, 亿一, Ard Biesheuvel
From: Ard Biesheuvel <ardb@kernel.org>
commit d8bd8c6e2cfab8b78b537715255be8d7557791c0 upstream.
The documentation provided by kobject_init_and_add() clearly spells out
the need to call kobject_put() on the kobject if an error is returned.
Add this missing call to the error path.
Cc: <stable@vger.kernel.org>
Reported-by: 亿一 <teroincn@gmail.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/efivars.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/firmware/efi/efivars.c
+++ b/drivers/firmware/efi/efivars.c
@@ -586,8 +586,10 @@ efivar_create_sysfs_entry(struct efivar_
ret = kobject_init_and_add(&new_var->kobj, &efivar_ktype,
NULL, "%s", short_name);
kfree(short_name);
- if (ret)
+ if (ret) {
+ kobject_put(&new_var->kobj);
return ret;
+ }
kobject_uevent(&new_var->kobj, KOBJ_ADD);
if (efivar_entry_add(new_var, &efivar_sysfs_list)) {
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 033/267] ALSA: es1688: Add the missed snd_card_free()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 032/267] efi/efivars: Add missing kobject_put() in sysfs entry creation error path Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 034/267] ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Greg Kroah-Hartman
` (235 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chuhong Yuan, Takashi Iwai
From: Chuhong Yuan <hslester96@gmail.com>
commit d9b8fbf15d05350b36081eddafcf7b15aa1add50 upstream.
snd_es968_pnp_detect() misses a snd_card_free() in a failed path.
Add the missed function call to fix it.
Fixes: a20971b201ac ("ALSA: Merge es1688 and es968 drivers")
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200603092459.1424093-1-hslester96@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/isa/es1688/es1688.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/sound/isa/es1688/es1688.c
+++ b/sound/isa/es1688/es1688.c
@@ -282,8 +282,10 @@ static int snd_es968_pnp_detect(struct p
return error;
}
error = snd_es1688_probe(card, dev);
- if (error < 0)
+ if (error < 0) {
+ snd_card_free(card);
return error;
+ }
pnp_set_card_drvdata(pcard, card);
snd_es968_pnp_is_probed = 1;
return 0;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 034/267] ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 033/267] ALSA: es1688: Add the missed snd_card_free() Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 035/267] ALSA: usb-audio: Fix inconsistent card PM state after resume Greg Kroah-Hartman
` (234 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Hui Wang, Takashi Iwai
From: Hui Wang <hui.wang@canonical.com>
commit 573fcbfd319ccef26caa3700320242accea7fd5c upstream.
A couple of Lenovo ThinkCentre machines all have 2 front mics and they
use the same codec alc623 and have the same pin config, so add a
pintbl entry for those machines to apply the fixup
ALC283_FIXUP_HEADSET_MIC.
Cc: <stable@vger.kernel.org>
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Link: https://lore.kernel.org/r/20200608115541.9531-1-hui.wang@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7694,6 +7694,12 @@ static const struct snd_hda_pin_quirk al
ALC225_STANDARD_PINS,
{0x12, 0xb7a60130},
{0x17, 0x90170110}),
+ SND_HDA_PIN_QUIRK(0x10ec0623, 0x17aa, "Lenovo", ALC283_FIXUP_HEADSET_MIC,
+ {0x14, 0x01014010},
+ {0x17, 0x90170120},
+ {0x18, 0x02a11030},
+ {0x19, 0x02a1103f},
+ {0x21, 0x0221101f}),
{}
};
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 035/267] ALSA: usb-audio: Fix inconsistent card PM state after resume
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 034/267] ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 036/267] ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Greg Kroah-Hartman
` (233 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Macpaul Lin
From: Takashi Iwai <tiwai@suse.de>
commit 862b2509d157c629dd26d7ac6c6cdbf043d332eb upstream.
When a USB-audio interface gets runtime-suspended via auto-pm feature,
the driver suspends all functionality and increment
chip->num_suspended_intf. Later on, when the system gets suspended to
S3, the driver increments chip->num_suspended_intf again, skips the
device changes, and sets the card power state to
SNDRV_CTL_POWER_D3hot. In return, when the system gets resumed from
S3, the resume callback decrements chip->num_suspended_intf. Since
this refcount is still not zero (it's been runtime-suspended), the
whole resume is skipped. But there is a small pitfall here.
The problem is that the driver doesn't restore the card power state
after this resume call, leaving it as SNDRV_CTL_POWER_D3hot. So,
even after the system resume finishes, the card instance still appears
as if it were system-suspended, and this confuses many ioctl accesses
that are blocked unexpectedly.
In details, we have two issues behind the scene: one is that the card
power state is changed only when the refcount becomes zero, and
another is that the prior auto-suspend check is kept in a boolean
flag. Although the latter problem is almost negligible since the
auto-pm feature is imposed only on the primary interface, but this can
be a potential problem on the devices with multiple interfaces.
This patch addresses those issues by the following:
- Replace chip->autosuspended boolean flag with chip->system_suspend
counter
- At the first system-suspend, chip->num_suspended_intf is recorded to
chip->system_suspend
- At system-resume, the card power state is restored when the
chip->num_suspended_intf refcount reaches to chip->system_suspend,
i.e. the state returns to the auto-suspended
Also, the patch fixes yet another hidden problem by the code
refactoring along with the fixes above: namely, when some resume
procedure failed, the driver left chip->num_suspended_intf that was
already decreased, and it might lead to the refcount unbalance.
In the new code, the refcount decrement is done after the whole resume
procedure, and the problem is avoided as well.
Fixes: 0662292aec05 ("ALSA: usb-audio: Handle normal and auto-suspend equally")
Reported-and-tested-by: Macpaul Lin <macpaul.lin@mediatek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200603153709.6293-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/card.c | 19 ++++++++++++-------
sound/usb/usbaudio.h | 2 +-
2 files changed, 13 insertions(+), 8 deletions(-)
--- a/sound/usb/card.c
+++ b/sound/usb/card.c
@@ -806,9 +806,6 @@ static int usb_audio_suspend(struct usb_
if (chip == (void *)-1L)
return 0;
- chip->autosuspended = !!PMSG_IS_AUTO(message);
- if (!chip->autosuspended)
- snd_power_change_state(chip->card, SNDRV_CTL_POWER_D3hot);
if (!chip->num_suspended_intf++) {
list_for_each_entry(as, &chip->pcm_list, list) {
snd_pcm_suspend_all(as->pcm);
@@ -822,6 +819,11 @@ static int usb_audio_suspend(struct usb_
snd_usb_mixer_suspend(mixer);
}
+ if (!PMSG_IS_AUTO(message) && !chip->system_suspend) {
+ snd_power_change_state(chip->card, SNDRV_CTL_POWER_D3hot);
+ chip->system_suspend = chip->num_suspended_intf;
+ }
+
return 0;
}
@@ -835,10 +837,10 @@ static int __usb_audio_resume(struct usb
if (chip == (void *)-1L)
return 0;
- if (--chip->num_suspended_intf)
- return 0;
atomic_inc(&chip->active); /* avoid autopm */
+ if (chip->num_suspended_intf > 1)
+ goto out;
list_for_each_entry(as, &chip->pcm_list, list) {
err = snd_usb_pcm_resume(as);
@@ -860,9 +862,12 @@ static int __usb_audio_resume(struct usb
snd_usbmidi_resume(p);
}
- if (!chip->autosuspended)
+ out:
+ if (chip->num_suspended_intf == chip->system_suspend) {
snd_power_change_state(chip->card, SNDRV_CTL_POWER_D0);
- chip->autosuspended = 0;
+ chip->system_suspend = 0;
+ }
+ chip->num_suspended_intf--;
err_out:
atomic_dec(&chip->active); /* allow autopm after this point */
--- a/sound/usb/usbaudio.h
+++ b/sound/usb/usbaudio.h
@@ -37,7 +37,7 @@ struct snd_usb_audio {
struct usb_interface *pm_intf;
u32 usb_id;
struct mutex mutex;
- unsigned int autosuspended:1;
+ unsigned int system_suspend;
atomic_t active;
atomic_t shutdown;
atomic_t usage_count;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 036/267] ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 035/267] ALSA: usb-audio: Fix inconsistent card PM state after resume Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 037/267] ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() Greg Kroah-Hartman
` (232 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Takashi Iwai
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit 0c5086f5699906ec8e31ea6509239489f060f2dc upstream.
The HP Thunderbolt Dock has two separate USB devices, one is for speaker
and one is for headset. Add names for them so userspace can apply UCM
settings.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200608062630.10806-1-kai.heng.feng@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/quirks-table.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -39,6 +39,26 @@
.idProduct = prod, \
.bInterfaceClass = USB_CLASS_VENDOR_SPEC
+/* HP Thunderbolt Dock Audio Headset */
+{
+ USB_DEVICE(0x03f0, 0x0269),
+ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) {
+ .vendor_name = "HP",
+ .product_name = "Thunderbolt Dock Audio Headset",
+ .profile_name = "HP-Thunderbolt-Dock-Audio-Headset",
+ .ifnum = QUIRK_NO_INTERFACE
+ }
+},
+/* HP Thunderbolt Dock Audio Module */
+{
+ USB_DEVICE(0x03f0, 0x0567),
+ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) {
+ .vendor_name = "HP",
+ .product_name = "Thunderbolt Dock Audio Module",
+ .profile_name = "HP-Thunderbolt-Dock-Audio-Module",
+ .ifnum = QUIRK_NO_INTERFACE
+ }
+},
/* FTDI devices */
{
USB_DEVICE(0x0403, 0xb8d8),
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 037/267] ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 036/267] ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 038/267] ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Greg Kroah-Hartman
` (231 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qiushi Wu, Rafael J. Wysocki
From: Qiushi Wu <wu000273@umn.edu>
commit 6e6c25283dff866308c87b49434c7dbad4774cc0 upstream.
kobject_init_and_add() takes reference even when it fails.
Thus, when kobject_init_and_add() returns an error,
kobject_put() must be called to properly clean up the kobject.
Fixes: 3f8055c35836 ("ACPI / hotplug: Introduce user space interface for hotplug profiles")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Cc: 3.10+ <stable@vger.kernel.org> # 3.10+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/sysfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/acpi/sysfs.c
+++ b/drivers/acpi/sysfs.c
@@ -990,8 +990,10 @@ void acpi_sysfs_add_hotplug_profile(stru
error = kobject_init_and_add(&hotplug->kobj,
&acpi_hotplug_profile_ktype, hotplug_kobj, "%s", name);
- if (error)
+ if (error) {
+ kobject_put(&hotplug->kobj);
goto err_out;
+ }
kobject_uevent(&hotplug->kobj, KOBJ_ADD);
return;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 038/267] ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 037/267] ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 039/267] ACPI: GED: add support for _Exx / _Lxx handler methods Greg Kroah-Hartman
` (230 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qiushi Wu, Rafael J. Wysocki
From: Qiushi Wu <wu000273@umn.edu>
commit 4d8be4bc94f74bb7d096e1c2e44457b530d5a170 upstream.
kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object. Previous
commit "b8eb718348b8" fixed a similar problem.
Fixes: 158c998ea44b ("ACPI / CPPC: add sysfs support to compute delivered performance")
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/cppc_acpi.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -869,6 +869,7 @@ int acpi_cppc_processor_probe(struct acp
"acpi_cppc");
if (ret) {
per_cpu(cpc_desc_ptr, pr->id) = NULL;
+ kobject_put(&cpc_ptr->kobj);
goto out_free;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 039/267] ACPI: GED: add support for _Exx / _Lxx handler methods
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 038/267] ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 040/267] ACPI: PM: Avoid using power resources if there are none for D0 Greg Kroah-Hartman
` (229 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Rafael J. Wysocki
From: Ard Biesheuvel <ardb@kernel.org>
commit ea6f3af4c5e63f6981c0b0ab8ebec438e2d5ef40 upstream.
Per the ACPI spec, interrupts in the range [0, 255] may be handled
in AML using individual methods whose naming is based on the format
_Exx or _Lxx, where xx is the hex representation of the interrupt
index.
Add support for this missing feature to our ACPI GED driver.
Cc: v4.9+ <stable@vger.kernel.org> # v4.9+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/evged.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
--- a/drivers/acpi/evged.c
+++ b/drivers/acpi/evged.c
@@ -88,6 +88,8 @@ static acpi_status acpi_ged_request_inte
struct resource r;
struct acpi_resource_irq *p = &ares->data.irq;
struct acpi_resource_extended_irq *pext = &ares->data.extended_irq;
+ char ev_name[5];
+ u8 trigger;
if (ares->type == ACPI_RESOURCE_TYPE_END_TAG)
return AE_OK;
@@ -96,14 +98,28 @@ static acpi_status acpi_ged_request_inte
dev_err(dev, "unable to parse IRQ resource\n");
return AE_ERROR;
}
- if (ares->type == ACPI_RESOURCE_TYPE_IRQ)
+ if (ares->type == ACPI_RESOURCE_TYPE_IRQ) {
gsi = p->interrupts[0];
- else
+ trigger = p->triggering;
+ } else {
gsi = pext->interrupts[0];
+ trigger = p->triggering;
+ }
irq = r.start;
- if (ACPI_FAILURE(acpi_get_handle(handle, "_EVT", &evt_handle))) {
+ switch (gsi) {
+ case 0 ... 255:
+ sprintf(ev_name, "_%c%02hhX",
+ trigger == ACPI_EDGE_SENSITIVE ? 'E' : 'L', gsi);
+
+ if (ACPI_SUCCESS(acpi_get_handle(handle, ev_name, &evt_handle)))
+ break;
+ /* fall through */
+ default:
+ if (ACPI_SUCCESS(acpi_get_handle(handle, "_EVT", &evt_handle)))
+ break;
+
dev_err(dev, "cannot locate _EVT method\n");
return AE_ERROR;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 040/267] ACPI: PM: Avoid using power resources if there are none for D0
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 039/267] ACPI: GED: add support for _Exx / _Lxx handler methods Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 041/267] cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages Greg Kroah-Hartman
` (228 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, youling257, Rafael J. Wysocki
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
commit 956ad9d98b73f59e442cc119c98ba1e04e94fe6d upstream.
As recently reported, some platforms provide a list of power
resources for device power state D3hot, through the _PR3 object,
but they do not provide a list of power resources for device power
state D0.
Among other things, this causes acpi_device_get_power() to return
D3hot as the current state of the device in question if all of the
D3hot power resources are "on", because it sees the power_resources
flag set and calls acpi_power_get_inferred_state() which finds that
D3hot is the shallowest power state with all of the associated power
resources turned "on", so that's what it returns. Moreover, that
value takes precedence over the acpi_dev_pm_explicit_get() return
value, because it means a deeper power state. The device may very
well be in D0 physically at that point, however.
Moreover, the presence of _PR3 without _PR0 for a given device
means that only one D3-level power state can be supported by it.
Namely, because there are no power resources to turn "off" when
transitioning the device from D0 into D3cold (which should be
supported since _PR3 is present), the evaluation of _PS3 should
be sufficient to put it straight into D3cold, but this means that
the effect of turning "on" the _PR3 power resources is unclear,
so it is better to avoid doing that altogether. Consequently,
there is no practical way do distinguish D3cold from D3hot for
the device in question and the power states of it can be labeled
so that D3hot is the deepest supported one (and Linux assumes
that putting a device into D3hot via ACPI may cause power to be
removed from it anyway, for legacy reasons).
To work around the problem described above modify the ACPI
enumeration of devices so that power resources are only used
for device power management if the list of D0 power resources
is not empty and make it mart D3cold as supported only if that
is the case and the D3hot list of power resources is not empty
too.
Fixes: ef85bdbec444 ("ACPI / scan: Consolidate extraction of power resources lists")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=205057
Link: https://lore.kernel.org/linux-acpi/20200603194659.185757-1-hdegoede@redhat.com/
Reported-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: youling257@gmail.com
Cc: 3.10+ <stable@vger.kernel.org> # 3.10+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/device_pm.c | 2 +-
drivers/acpi/scan.c | 28 +++++++++++++++++++---------
2 files changed, 20 insertions(+), 10 deletions(-)
--- a/drivers/acpi/device_pm.c
+++ b/drivers/acpi/device_pm.c
@@ -172,7 +172,7 @@ int acpi_device_set_power(struct acpi_de
* possibly drop references to the power resources in use.
*/
state = ACPI_STATE_D3_HOT;
- /* If _PR3 is not available, use D3hot as the target state. */
+ /* If D3cold is not supported, use D3hot as the target state. */
if (!device->power.states[ACPI_STATE_D3_COLD].flags.valid)
target_state = state;
} else if (!device->power.states[state].flags.valid) {
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -921,12 +921,9 @@ static void acpi_bus_init_power_state(st
if (buffer.length && package
&& package->type == ACPI_TYPE_PACKAGE
- && package->package.count) {
- int err = acpi_extract_power_resources(package, 0,
- &ps->resources);
- if (!err)
- device->power.flags.power_resources = 1;
- }
+ && package->package.count)
+ acpi_extract_power_resources(package, 0, &ps->resources);
+
ACPI_FREE(buffer.pointer);
}
@@ -973,14 +970,27 @@ static void acpi_bus_get_power_flags(str
acpi_bus_init_power_state(device, i);
INIT_LIST_HEAD(&device->power.states[ACPI_STATE_D3_COLD].resources);
- if (!list_empty(&device->power.states[ACPI_STATE_D3_HOT].resources))
- device->power.states[ACPI_STATE_D3_COLD].flags.valid = 1;
- /* Set defaults for D0 and D3hot states (always valid) */
+ /* Set the defaults for D0 and D3hot (always supported). */
device->power.states[ACPI_STATE_D0].flags.valid = 1;
device->power.states[ACPI_STATE_D0].power = 100;
device->power.states[ACPI_STATE_D3_HOT].flags.valid = 1;
+ /*
+ * Use power resources only if the D0 list of them is populated, because
+ * some platforms may provide _PR3 only to indicate D3cold support and
+ * in those cases the power resources list returned by it may be bogus.
+ */
+ if (!list_empty(&device->power.states[ACPI_STATE_D0].resources)) {
+ device->power.flags.power_resources = 1;
+ /*
+ * D3cold is supported if the D3hot list of power resources is
+ * not empty.
+ */
+ if (!list_empty(&device->power.states[ACPI_STATE_D3_HOT].resources))
+ device->power.states[ACPI_STATE_D3_COLD].flags.valid = 1;
+ }
+
if (acpi_bus_init_power(device))
device->flags.power_manageable = 0;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 041/267] cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 040/267] ACPI: PM: Avoid using power resources if there are none for D0 Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 042/267] nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Greg Kroah-Hartman
` (227 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kbuild test robot, Jan Kara,
Tejun Heo, Jens Axboe
From: Tejun Heo <tj@kernel.org>
commit 9b0eb69b75bccada2d341d7e7ca342f0cb1c9a6a upstream.
btrfs is going to use css_put() and wbc helpers to improve cgroup
writeback support. Add dummy css_get() definition and export wbc
helpers to prepare for module and !CONFIG_CGROUP builds.
[only backport the export of __inode_attach_wb for stable kernels - gregkh]
Reported-by: kbuild test robot <lkp@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fs-writeback.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -269,6 +269,7 @@ void __inode_attach_wb(struct inode *ino
if (unlikely(cmpxchg(&inode->i_wb, NULL, wb)))
wb_put(wb);
}
+EXPORT_SYMBOL_GPL(__inode_attach_wb);
/**
* locked_inode_to_wb_and_lock_list - determine a locked inode's wb and lock it
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 042/267] nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 041/267] cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 043/267] spi: dw: Fix controller unregister order Greg Kroah-Hartman
` (226 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Walton Hoops, Tomas Hlavaty,
ARAI Shun-ichi, Hideki EIRAKU, Ryusuke Konishi, Andrew Morton,
Linus Torvalds
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 8301c719a2bd131436438e49130ee381d30933f5 upstream.
After commit c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if
mapping has no dirty pages"), the following null pointer dereference has
been reported on nilfs2:
BUG: kernel NULL pointer dereference, address: 00000000000000a8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
...
RIP: 0010:percpu_counter_add_batch+0xa/0x60
...
Call Trace:
__test_set_page_writeback+0x2d3/0x330
nilfs_segctor_do_construct+0x10d3/0x2110 [nilfs2]
nilfs_segctor_construct+0x168/0x260 [nilfs2]
nilfs_segctor_thread+0x127/0x3b0 [nilfs2]
kthread+0xf8/0x130
...
This crash turned out to be caused by set_page_writeback() call for
segment summary buffers at nilfs_segctor_prepare_write().
set_page_writeback() can call inc_wb_stat(inode_to_wb(inode),
WB_WRITEBACK) where inode_to_wb(inode) is NULL if the inode of
underlying block device does not have an associated wb.
This fixes the issue by calling inode_attach_wb() in advance to ensure
to associate the bdev inode with its wb.
Fixes: c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages")
Reported-by: Walton Hoops <me@waltonhoops.com>
Reported-by: Tomas Hlavaty <tom@logand.com>
Reported-by: ARAI Shun-ichi <hermes@ceres.dti.ne.jp>
Reported-by: Hideki EIRAKU <hdk1983@gmail.com>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org> [5.4+]
Link: http://lkml.kernel.org/r/20200608.011819.1399059588922299158.konishi.ryusuke@gmail.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/segment.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -2780,6 +2780,8 @@ int nilfs_attach_log_writer(struct super
if (!nilfs->ns_writer)
return -ENOMEM;
+ inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL);
+
err = nilfs_segctor_start_thread(nilfs->ns_writer);
if (err) {
kfree(nilfs->ns_writer);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 043/267] spi: dw: Fix controller unregister order
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 042/267] nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 044/267] spi: bcm2835aux: " Greg Kroah-Hartman
` (225 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Andy Shevchenko,
Baruch Siach, Mark Brown
From: Lukas Wunner <lukas@wunner.de>
commit ca8b19d61e3fce5d2d7790cde27a0b57bcb3f341 upstream.
The Designware SPI driver uses devm_spi_register_controller() on bind.
As a consequence, on unbind, __device_release_driver() first invokes
dw_spi_remove_host() before unregistering the SPI controller via
devres_release_all().
This order is incorrect: dw_spi_remove_host() shuts down the chip,
rendering the SPI bus inaccessible even though the SPI controller is
still registered. When the SPI controller is subsequently unregistered,
it unbinds all its slave devices. Because their drivers cannot access
the SPI bus, e.g. to quiesce interrupts, the slave devices may be left
in an improper state.
As a rule, devm_spi_register_controller() must not be used if the
->remove() hook performs teardown steps which shall be performed after
unregistering the controller and specifically after unbinding of slaves.
Fix by reverting to the non-devm variant of spi_register_controller().
An alternative approach would be to use device-managed functions for all
steps in dw_spi_remove_host(), e.g. by calling devm_add_action_or_reset()
on probe. However that approach would add more LoC to the driver and
it wouldn't lend itself as well to backporting to stable.
Fixes: 04f421e7b0b1 ("spi: dw: use managed resources")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable@vger.kernel.org # v3.14+
Cc: Baruch Siach <baruch@tkos.co.il>
Link: https://lore.kernel.org/r/3fff8cb8ae44a9893840d0688be15bb88c090a14.1590408496.git.lukas@wunner.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-dw.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/spi/spi-dw.c
+++ b/drivers/spi/spi-dw.c
@@ -536,7 +536,7 @@ int dw_spi_add_host(struct device *dev,
}
}
- ret = devm_spi_register_controller(dev, master);
+ ret = spi_register_controller(master);
if (ret) {
dev_err(&master->dev, "problem registering spi master\n");
goto err_dma_exit;
@@ -560,6 +560,8 @@ void dw_spi_remove_host(struct dw_spi *d
{
dw_spi_debugfs_remove(dws);
+ spi_unregister_controller(dws->master);
+
if (dws->dma_ops && dws->dma_ops->dma_exit)
dws->dma_ops->dma_exit(dws);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 044/267] spi: bcm2835aux: Fix controller unregister order
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 043/267] spi: dw: Fix controller unregister order Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 045/267] spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Greg Kroah-Hartman
` (224 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Martin Sperl, Mark Brown
From: Lukas Wunner <lukas@wunner.de>
commit b9dd3f6d417258ad0beeb292a1bc74200149f15d upstream.
The BCM2835aux SPI driver uses devm_spi_register_master() on bind.
As a consequence, on unbind, __device_release_driver() first invokes
bcm2835aux_spi_remove() before unregistering the SPI controller via
devres_release_all().
This order is incorrect: bcm2835aux_spi_remove() turns off the SPI
controller, including its interrupts and clock. The SPI controller
is thus no longer usable.
When the SPI controller is subsequently unregistered, it unbinds all
its slave devices. If their drivers need to access the SPI bus,
e.g. to quiesce their interrupts, unbinding will fail.
As a rule, devm_spi_register_master() must not be used if the
->remove() hook performs teardown steps which shall be performed
after unbinding of slaves.
Fix by using the non-devm variant spi_register_master(). Note that the
struct spi_master as well as the driver-private data are not freed until
after bcm2835aux_spi_remove() has finished, so accessing them is safe.
Fixes: 1ea29b39f4c8 ("spi: bcm2835aux: add bcm2835 auxiliary spi device driver")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Cc: stable@vger.kernel.org # v4.4+
Cc: Martin Sperl <kernel@martin.sperl.org>
Link: https://lore.kernel.org/r/32f27f4d8242e4d75f9a53f7e8f1f77483b08669.1589557526.git.lukas@wunner.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-bcm2835aux.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/spi/spi-bcm2835aux.c
+++ b/drivers/spi/spi-bcm2835aux.c
@@ -485,7 +485,7 @@ static int bcm2835aux_spi_probe(struct p
goto out_clk_disable;
}
- err = devm_spi_register_master(&pdev->dev, master);
+ err = spi_register_master(master);
if (err) {
dev_err(&pdev->dev, "could not register SPI master: %d\n", err);
goto out_clk_disable;
@@ -505,6 +505,8 @@ static int bcm2835aux_spi_remove(struct
struct spi_master *master = platform_get_drvdata(pdev);
struct bcm2835aux_spi *bs = spi_master_get_devdata(master);
+ spi_unregister_master(master);
+
bcm2835aux_spi_reset_hw(bs);
/* disable the HW block by releasing the clock */
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 045/267] spi: bcm-qspi: when tx/rx buffer is NULL set to 0
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 044/267] spi: bcm2835aux: " Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 046/267] PM: runtime: clk: Fix clk_pm_runtime_get() error path Greg Kroah-Hartman
` (223 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Chen, Kamal Dasu, Mark Brown
From: Justin Chen <justinpopo6@gmail.com>
commit 4df3bea7f9d2ddd9ac2c29ba945c7c4db2def29c upstream.
Currently we set the tx/rx buffer to 0xff when NULL. This causes
problems with some spi slaves where 0xff is a valid command. Looking
at other drivers, the tx/rx buffer is usually set to 0x00 when NULL.
Following this convention solves the issue.
Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver")
Signed-off-by: Justin Chen <justinpopo6@gmail.com>
Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200420190853.45614-6-kdasu.kdev@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-bcm-qspi.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/spi/spi-bcm-qspi.c
+++ b/drivers/spi/spi-bcm-qspi.c
@@ -681,7 +681,7 @@ static void read_from_hw(struct bcm_qspi
if (buf)
buf[tp.byte] = read_rxram_slot_u8(qspi, slot);
dev_dbg(&qspi->pdev->dev, "RD %02x\n",
- buf ? buf[tp.byte] : 0xff);
+ buf ? buf[tp.byte] : 0x0);
} else {
u16 *buf = tp.trans->rx_buf;
@@ -689,7 +689,7 @@ static void read_from_hw(struct bcm_qspi
buf[tp.byte / 2] = read_rxram_slot_u16(qspi,
slot);
dev_dbg(&qspi->pdev->dev, "RD %04x\n",
- buf ? buf[tp.byte] : 0xffff);
+ buf ? buf[tp.byte / 2] : 0x0);
}
update_qspi_trans_byte_count(qspi, &tp,
@@ -744,13 +744,13 @@ static int write_to_hw(struct bcm_qspi *
while (!tstatus && slot < MSPI_NUM_CDRAM) {
if (tp.trans->bits_per_word <= 8) {
const u8 *buf = tp.trans->tx_buf;
- u8 val = buf ? buf[tp.byte] : 0xff;
+ u8 val = buf ? buf[tp.byte] : 0x00;
write_txram_slot_u8(qspi, slot, val);
dev_dbg(&qspi->pdev->dev, "WR %02x\n", val);
} else {
const u16 *buf = tp.trans->tx_buf;
- u16 val = buf ? buf[tp.byte / 2] : 0xffff;
+ u16 val = buf ? buf[tp.byte / 2] : 0x0000;
write_txram_slot_u16(qspi, slot, val);
dev_dbg(&qspi->pdev->dev, "WR %04x\n", val);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 046/267] PM: runtime: clk: Fix clk_pm_runtime_get() error path
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 045/267] spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 047/267] crypto: cavium/nitrox - Fix nitrox_get_first_device() when ndevlist is fully iterated Greg Kroah-Hartman
` (222 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki, Ulf Hansson
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
commit 64c7d7ea22d86cacb65d0c097cc447bc0e6d8abd upstream.
clk_pm_runtime_get() assumes that the PM-runtime usage counter will
be dropped by pm_runtime_get_sync() on errors, which is not the case,
so PM-runtime references to devices acquired by the former are leaked
on errors returned by the latter.
Fix this by modifying clk_pm_runtime_get() to drop the reference if
pm_runtime_get_sync() returns an error.
Fixes: 9a34b45397e5 clk: Add support for runtime PM
Cc: 4.15+ <stable@vger.kernel.org> # 4.15+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/clk.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/clk/clk.c
+++ b/drivers/clk/clk.c
@@ -101,7 +101,11 @@ static int clk_pm_runtime_get(struct clk
return 0;
ret = pm_runtime_get_sync(core->dev);
- return ret < 0 ? ret : 0;
+ if (ret < 0) {
+ pm_runtime_put_noidle(core->dev);
+ return ret;
+ }
+ return 0;
}
static void clk_pm_runtime_put(struct clk_core *core)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 047/267] crypto: cavium/nitrox - Fix nitrox_get_first_device() when ndevlist is fully iterated
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 046/267] PM: runtime: clk: Fix clk_pm_runtime_get() error path Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 048/267] ALSA: pcm: disallow linking stream to itself Greg Kroah-Hartman
` (221 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Herbert Xu
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit 320bdbd816156f9ca07e5fed7bfb449f2908dda7 upstream.
When a list is completely iterated with 'list_for_each_entry(x, ...)', x is
not NULL at the end.
While at it, remove a useless initialization of the ndev variable. It
is overridden by 'list_for_each_entry'.
Fixes: f2663872f073 ("crypto: cavium - Register the CNN55XX supported crypto algorithms.")
Cc: <stable@vger.kernel.org>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/cavium/nitrox/nitrox_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/crypto/cavium/nitrox/nitrox_main.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_main.c
@@ -183,7 +183,7 @@ static void nitrox_remove_from_devlist(s
struct nitrox_device *nitrox_get_first_device(void)
{
- struct nitrox_device *ndev = NULL;
+ struct nitrox_device *ndev;
mutex_lock(&devlist_lock);
list_for_each_entry(ndev, &ndevlist, list) {
@@ -191,7 +191,7 @@ struct nitrox_device *nitrox_get_first_d
break;
}
mutex_unlock(&devlist_lock);
- if (!ndev)
+ if (&ndev->list == &ndevlist)
return NULL;
refcount_inc(&ndev->refcnt);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 048/267] ALSA: pcm: disallow linking stream to itself
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 047/267] crypto: cavium/nitrox - Fix nitrox_get_first_device() when ndevlist is fully iterated Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 049/267] x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Greg Kroah-Hartman
` (220 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michał Mirosław, Takashi Iwai
From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
commit 951e2736f4b11b58dc44d41964fa17c3527d882a upstream.
Prevent SNDRV_PCM_IOCTL_LINK linking stream to itself - the code
can't handle it. Fixed commit is not where bug was introduced, but
changes the context significantly.
Cc: stable@vger.kernel.org
Fixes: 0888c321de70 ("pcm_native: switch to fdget()/fdput()")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Link: https://lore.kernel.org/r/89c4a2487609a0ed6af3ecf01cc972bdc59a7a2d.1591634956.git.mirq-linux@rere.qmqm.pl
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/pcm_native.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -1982,6 +1982,11 @@ static int snd_pcm_link(struct snd_pcm_s
}
pcm_file = f.file->private_data;
substream1 = pcm_file->substream;
+ if (substream == substream1) {
+ res = -EINVAL;
+ goto _badf;
+ }
+
group = kmalloc(sizeof(*group), GFP_KERNEL);
if (!group) {
res = -ENOMEM;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 049/267] x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 048/267] ALSA: pcm: disallow linking stream to itself Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 050/267] KVM: x86: Fix APIC page invalidation race Greg Kroah-Hartman
` (219 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jue Wang, Tony Luck, Borislav Petkov,
Thomas Gleixner
From: Tony Luck <tony.luck@intel.com>
commit 17fae1294ad9d711b2c3dd0edef479d40c76a5e8 upstream.
An interesting thing happened when a guest Linux instance took a machine
check. The VMM unmapped the bad page from guest physical space and
passed the machine check to the guest.
Linux took all the normal actions to offline the page from the process
that was using it. But then guest Linux crashed because it said there
was a second machine check inside the kernel with this stack trace:
do_memory_failure
set_mce_nospec
set_memory_uc
_set_memory_uc
change_page_attr_set_clr
cpa_flush
clflush_cache_range_opt
This was odd, because a CLFLUSH instruction shouldn't raise a machine
check (it isn't consuming the data). Further investigation showed that
the VMM had passed in another machine check because is appeared that the
guest was accessing the bad page.
Fix is to check the scope of the poison by checking the MCi_MISC register.
If the entire page is affected, then unmap the page. If only part of the
page is affected, then mark the page as uncacheable.
This assumes that VMMs will do the logical thing and pass in the "whole
page scope" via the MCi_MISC register (since they unmapped the entire
page).
[ bp: Adjust to x86/entry changes. ]
Fixes: 284ce4011ba6 ("x86/memory_failure: Introduce {set, clear}_mce_nospec()")
Reported-by: Jue Wang <juew@google.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jue Wang <juew@google.com>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20200520163546.GA7977@agluck-desk2.amr.corp.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/set_memory.h | 19 +++++++++++++------
arch/x86/kernel/cpu/mcheck/mce.c | 11 +++++++++--
include/linux/set_memory.h | 2 +-
3 files changed, 23 insertions(+), 9 deletions(-)
--- a/arch/x86/include/asm/set_memory.h
+++ b/arch/x86/include/asm/set_memory.h
@@ -90,28 +90,35 @@ void set_kernel_text_rw(void);
void set_kernel_text_ro(void);
#ifdef CONFIG_X86_64
-static inline int set_mce_nospec(unsigned long pfn)
+/*
+ * Prevent speculative access to the page by either unmapping
+ * it (if we do not require access to any part of the page) or
+ * marking it uncacheable (if we want to try to retrieve data
+ * from non-poisoned lines in the page).
+ */
+static inline int set_mce_nospec(unsigned long pfn, bool unmap)
{
unsigned long decoy_addr;
int rc;
/*
- * Mark the linear address as UC to make sure we don't log more
- * errors because of speculative access to the page.
* We would like to just call:
- * set_memory_uc((unsigned long)pfn_to_kaddr(pfn), 1);
+ * set_memory_XX((unsigned long)pfn_to_kaddr(pfn), 1);
* but doing that would radically increase the odds of a
* speculative access to the poison page because we'd have
* the virtual address of the kernel 1:1 mapping sitting
* around in registers.
* Instead we get tricky. We create a non-canonical address
* that looks just like the one we want, but has bit 63 flipped.
- * This relies on set_memory_uc() properly sanitizing any __pa()
+ * This relies on set_memory_XX() properly sanitizing any __pa()
* results with __PHYSICAL_MASK or PTE_PFN_MASK.
*/
decoy_addr = (pfn << PAGE_SHIFT) + (PAGE_OFFSET ^ BIT(63));
- rc = set_memory_uc(decoy_addr, 1);
+ if (unmap)
+ rc = set_memory_np(decoy_addr, 1);
+ else
+ rc = set_memory_uc(decoy_addr, 1);
if (rc)
pr_warn("Could not invalidate pfn=0x%lx from 1:1 map\n", pfn);
return rc;
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -535,6 +535,13 @@ bool mce_is_memory_error(struct mce *m)
}
EXPORT_SYMBOL_GPL(mce_is_memory_error);
+static bool whole_page(struct mce *m)
+{
+ if (!mca_cfg.ser || !(m->status & MCI_STATUS_MISCV))
+ return true;
+ return MCI_MISC_ADDR_LSB(m->misc) >= PAGE_SHIFT;
+}
+
bool mce_is_correctable(struct mce *m)
{
if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED)
@@ -600,7 +607,7 @@ static int srao_decode_notifier(struct n
if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
pfn = mce->addr >> PAGE_SHIFT;
if (!memory_failure(pfn, 0))
- set_mce_nospec(pfn);
+ set_mce_nospec(pfn, whole_page(mce));
}
return NOTIFY_OK;
@@ -1101,7 +1108,7 @@ static int do_memory_failure(struct mce
if (ret)
pr_err("Memory error not recovered");
else
- set_mce_nospec(m->addr >> PAGE_SHIFT);
+ set_mce_nospec(m->addr >> PAGE_SHIFT, whole_page(m));
return ret;
}
--- a/include/linux/set_memory.h
+++ b/include/linux/set_memory.h
@@ -18,7 +18,7 @@ static inline int set_memory_nx(unsigned
#endif
#ifndef set_mce_nospec
-static inline int set_mce_nospec(unsigned long pfn)
+static inline int set_mce_nospec(unsigned long pfn, bool unmap)
{
return 0;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 050/267] KVM: x86: Fix APIC page invalidation race
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 049/267] x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 051/267] kvm: x86: Fix L1TF mitigation for shadow MMU Greg Kroah-Hartman
` (218 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eiichi Tsukata, Paolo Bonzini, Sasha Levin
From: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
[ Upstream commit e649b3f0188f8fd34dd0dde8d43fd3312b902fb2 ]
Commit b1394e745b94 ("KVM: x86: fix APIC page invalidation") tried
to fix inappropriate APIC page invalidation by re-introducing arch
specific kvm_arch_mmu_notifier_invalidate_range() and calling it from
kvm_mmu_notifier_invalidate_range_start. However, the patch left a
possible race where the VMCS APIC address cache is updated *before*
it is unmapped:
(Invalidator) kvm_mmu_notifier_invalidate_range_start()
(Invalidator) kvm_make_all_cpus_request(kvm, KVM_REQ_APIC_PAGE_RELOAD)
(KVM VCPU) vcpu_enter_guest()
(KVM VCPU) kvm_vcpu_reload_apic_access_page()
(Invalidator) actually unmap page
Because of the above race, there can be a mismatch between the
host physical address stored in the APIC_ACCESS_PAGE VMCS field and
the host physical address stored in the EPT entry for the APIC GPA
(0xfee0000). When this happens, the processor will not trap APIC
accesses, and will instead show the raw contents of the APIC-access page.
Because Windows OS periodically checks for unexpected modifications to
the LAPIC register, this will show up as a BSOD crash with BugCheck
CRITICAL_STRUCTURE_CORRUPTION (109) we are currently seeing in
https://bugzilla.redhat.com/show_bug.cgi?id=1751017.
The root cause of the issue is that kvm_arch_mmu_notifier_invalidate_range()
cannot guarantee that no additional references are taken to the pages in
the range before kvm_mmu_notifier_invalidate_range_end(). Fortunately,
this case is supported by the MMU notifier API, as documented in
include/linux/mmu_notifier.h:
* If the subsystem
* can't guarantee that no additional references are taken to
* the pages in the range, it has to implement the
* invalidate_range() notifier to remove any references taken
* after invalidate_range_start().
The fix therefore is to reload the APIC-access page field in the VMCS
from kvm_mmu_notifier_invalidate_range() instead of ..._range_start().
Cc: stable@vger.kernel.org
Fixes: b1394e745b94 ("KVM: x86: fix APIC page invalidation")
Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=197951
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Message-Id: <20200606042627.61070-1-eiichi.tsukata@nutanix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/x86.c | 7 ++-----
include/linux/kvm_host.h | 4 ++--
virt/kvm/kvm_main.c | 24 ++++++++++++++++--------
3 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b0fd24ee08d2..c53df0b95385 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7525,9 +7525,8 @@ static void vcpu_load_eoi_exitmap(struct kvm_vcpu *vcpu)
kvm_x86_ops->load_eoi_exitmap(vcpu, eoi_exit_bitmap);
}
-int kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
- unsigned long start, unsigned long end,
- bool blockable)
+void kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
+ unsigned long start, unsigned long end)
{
unsigned long apic_address;
@@ -7538,8 +7537,6 @@ int kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
apic_address = gfn_to_hva(kvm, APIC_DEFAULT_PHYS_BASE >> PAGE_SHIFT);
if (start <= apic_address && apic_address < end)
kvm_make_all_cpus_request(kvm, KVM_REQ_APIC_PAGE_RELOAD);
-
- return 0;
}
void kvm_vcpu_reload_apic_access_page(struct kvm_vcpu *vcpu)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 92c6f80e6327..a0de4c7dc9d3 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -1327,8 +1327,8 @@ static inline long kvm_arch_vcpu_async_ioctl(struct file *filp,
}
#endif /* CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL */
-int kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
- unsigned long start, unsigned long end, bool blockable);
+void kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
+ unsigned long start, unsigned long end);
#ifdef CONFIG_HAVE_KVM_VCPU_RUN_PID_CHANGE
int kvm_arch_vcpu_run_pid_change(struct kvm_vcpu *vcpu);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index aca15bd1cc4c..1218ea663c6d 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -141,10 +141,9 @@ static void kvm_uevent_notify_change(unsigned int type, struct kvm *kvm);
static unsigned long long kvm_createvm_count;
static unsigned long long kvm_active_vms;
-__weak int kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
- unsigned long start, unsigned long end, bool blockable)
+__weak void kvm_arch_mmu_notifier_invalidate_range(struct kvm *kvm,
+ unsigned long start, unsigned long end)
{
- return 0;
}
bool kvm_is_zone_device_pfn(kvm_pfn_t pfn)
@@ -366,6 +365,18 @@ static inline struct kvm *mmu_notifier_to_kvm(struct mmu_notifier *mn)
return container_of(mn, struct kvm, mmu_notifier);
}
+static void kvm_mmu_notifier_invalidate_range(struct mmu_notifier *mn,
+ struct mm_struct *mm,
+ unsigned long start, unsigned long end)
+{
+ struct kvm *kvm = mmu_notifier_to_kvm(mn);
+ int idx;
+
+ idx = srcu_read_lock(&kvm->srcu);
+ kvm_arch_mmu_notifier_invalidate_range(kvm, start, end);
+ srcu_read_unlock(&kvm->srcu, idx);
+}
+
static void kvm_mmu_notifier_change_pte(struct mmu_notifier *mn,
struct mm_struct *mm,
unsigned long address,
@@ -390,7 +401,6 @@ static int kvm_mmu_notifier_invalidate_range_start(struct mmu_notifier *mn,
{
struct kvm *kvm = mmu_notifier_to_kvm(mn);
int need_tlb_flush = 0, idx;
- int ret;
idx = srcu_read_lock(&kvm->srcu);
spin_lock(&kvm->mmu_lock);
@@ -407,12 +417,9 @@ static int kvm_mmu_notifier_invalidate_range_start(struct mmu_notifier *mn,
kvm_flush_remote_tlbs(kvm);
spin_unlock(&kvm->mmu_lock);
-
- ret = kvm_arch_mmu_notifier_invalidate_range(kvm, start, end, blockable);
-
srcu_read_unlock(&kvm->srcu, idx);
- return ret;
+ return 0;
}
static void kvm_mmu_notifier_invalidate_range_end(struct mmu_notifier *mn,
@@ -521,6 +528,7 @@ static void kvm_mmu_notifier_release(struct mmu_notifier *mn,
static const struct mmu_notifier_ops kvm_mmu_notifier_ops = {
.flags = MMU_INVALIDATE_DOES_NOT_BLOCK,
+ .invalidate_range = kvm_mmu_notifier_invalidate_range,
.invalidate_range_start = kvm_mmu_notifier_invalidate_range_start,
.invalidate_range_end = kvm_mmu_notifier_invalidate_range_end,
.clear_flush_young = kvm_mmu_notifier_clear_flush_young,
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 051/267] kvm: x86: Fix L1TF mitigation for shadow MMU
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 050/267] KVM: x86: Fix APIC page invalidation race Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 052/267] KVM: x86/mmu: Consolidate "is MMIO SPTE" code Greg Kroah-Hartman
` (217 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Kai Huang,
Paolo Bonzini, Sasha Levin
From: Kai Huang <kai.huang@linux.intel.com>
[ Upstream commit 61455bf26236e7f3d72705382a6437fdfd1bd0af ]
Currently KVM sets 5 most significant bits of physical address bits
reported by CPUID (boot_cpu_data.x86_phys_bits) for nonpresent or
reserved bits SPTE to mitigate L1TF attack from guest when using shadow
MMU. However for some particular Intel CPUs the physical address bits
of internal cache is greater than physical address bits reported by
CPUID.
Use the kernel's existing boot_cpu_data.x86_cache_bits to determine the
five most significant bits. Doing so improves KVM's L1TF mitigation in
the unlikely scenario that system RAM overlaps the high order bits of
the "real" physical address space as reported by CPUID. This aligns with
the kernel's warnings regarding L1TF mitigation, e.g. in the above
scenario the kernel won't warn the user about lack of L1TF mitigation
if x86_cache_bits is greater than x86_phys_bits.
Also initialize shadow_nonpresent_or_rsvd_mask explicitly to make it
consistent with other 'shadow_{xxx}_mask', and opportunistically add a
WARN once if KVM's L1TF mitigation cannot be applied on a system that
is marked as being susceptible to L1TF.
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/mmu.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 62f1e4663bc3..440ffe810e5d 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -479,16 +479,24 @@ static void kvm_mmu_reset_all_pte_masks(void)
* If the CPU has 46 or less physical address bits, then set an
* appropriate mask to guard against L1TF attacks. Otherwise, it is
* assumed that the CPU is not vulnerable to L1TF.
+ *
+ * Some Intel CPUs address the L1 cache using more PA bits than are
+ * reported by CPUID. Use the PA width of the L1 cache when possible
+ * to achieve more effective mitigation, e.g. if system RAM overlaps
+ * the most significant bits of legal physical address space.
*/
- low_phys_bits = boot_cpu_data.x86_phys_bits;
- if (boot_cpu_data.x86_phys_bits <
+ shadow_nonpresent_or_rsvd_mask = 0;
+ low_phys_bits = boot_cpu_data.x86_cache_bits;
+ if (boot_cpu_data.x86_cache_bits <
52 - shadow_nonpresent_or_rsvd_mask_len) {
shadow_nonpresent_or_rsvd_mask =
- rsvd_bits(boot_cpu_data.x86_phys_bits -
+ rsvd_bits(boot_cpu_data.x86_cache_bits -
shadow_nonpresent_or_rsvd_mask_len,
- boot_cpu_data.x86_phys_bits - 1);
+ boot_cpu_data.x86_cache_bits - 1);
low_phys_bits -= shadow_nonpresent_or_rsvd_mask_len;
- }
+ } else
+ WARN_ON_ONCE(boot_cpu_has_bug(X86_BUG_L1TF));
+
shadow_nonpresent_or_rsvd_lower_gfn_mask =
GENMASK_ULL(low_phys_bits - 1, PAGE_SHIFT);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 052/267] KVM: x86/mmu: Consolidate "is MMIO SPTE" code
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 051/267] kvm: x86: Fix L1TF mitigation for shadow MMU Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 053/267] KVM: x86: only do L1TF workaround on affected processors Greg Kroah-Hartman
` (216 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini,
Sasha Levin
From: Sean Christopherson <sean.j.christopherson@intel.com>
[ Upstream commit 26c44a63a291893e0a00f01e96b6e1d0310a79a9 ]
Replace the open-coded "is MMIO SPTE" checks in the MMU warnings
related to software-based access/dirty tracking to make the code
slightly more self-documenting.
No functional change intended.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/mmu.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 440ffe810e5d..ac0a794267d4 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -299,6 +299,11 @@ void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value)
}
EXPORT_SYMBOL_GPL(kvm_mmu_set_mmio_spte_mask);
+static bool is_mmio_spte(u64 spte)
+{
+ return (spte & shadow_mmio_mask) == shadow_mmio_value;
+}
+
static inline bool sp_ad_disabled(struct kvm_mmu_page *sp)
{
return sp->role.ad_disabled;
@@ -306,7 +311,7 @@ static inline bool sp_ad_disabled(struct kvm_mmu_page *sp)
static inline bool spte_ad_enabled(u64 spte)
{
- MMU_WARN_ON((spte & shadow_mmio_mask) == shadow_mmio_value);
+ MMU_WARN_ON(is_mmio_spte(spte));
return !(spte & shadow_acc_track_value);
}
@@ -317,13 +322,13 @@ static bool is_nx_huge_page_enabled(void)
static inline u64 spte_shadow_accessed_mask(u64 spte)
{
- MMU_WARN_ON((spte & shadow_mmio_mask) == shadow_mmio_value);
+ MMU_WARN_ON(is_mmio_spte(spte));
return spte_ad_enabled(spte) ? shadow_accessed_mask : 0;
}
static inline u64 spte_shadow_dirty_mask(u64 spte)
{
- MMU_WARN_ON((spte & shadow_mmio_mask) == shadow_mmio_value);
+ MMU_WARN_ON(is_mmio_spte(spte));
return spte_ad_enabled(spte) ? shadow_dirty_mask : 0;
}
@@ -393,11 +398,6 @@ static void mark_mmio_spte(struct kvm_vcpu *vcpu, u64 *sptep, u64 gfn,
mmu_spte_set(sptep, mask);
}
-static bool is_mmio_spte(u64 spte)
-{
- return (spte & shadow_mmio_mask) == shadow_mmio_value;
-}
-
static gfn_t get_mmio_spte_gfn(u64 spte)
{
u64 gpa = spte & shadow_nonpresent_or_rsvd_lower_gfn_mask;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 053/267] KVM: x86: only do L1TF workaround on affected processors
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 052/267] KVM: x86/mmu: Consolidate "is MMIO SPTE" code Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 054/267] x86/speculation: Change misspelled STIPB to STIBP Greg Kroah-Hartman
` (215 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paolo Bonzini, Sasha Levin
From: Paolo Bonzini <pbonzini@redhat.com>
[ Upstream commit d43e2675e96fc6ae1a633b6a69d296394448cc32 ]
KVM stores the gfn in MMIO SPTEs as a caching optimization. These are split
in two parts, as in "[high 11111 low]", to thwart any attempt to use these bits
in an L1TF attack. This works as long as there are 5 free bits between
MAXPHYADDR and bit 50 (inclusive), leaving bit 51 free so that the MMIO
access triggers a reserved-bit-set page fault.
The bit positions however were computed wrongly for AMD processors that have
encryption support. In this case, x86_phys_bits is reduced (for example
from 48 to 43, to account for the C bit at position 47 and four bits used
internally to store the SEV ASID and other stuff) while x86_cache_bits in
would remain set to 48, and _all_ bits between the reduced MAXPHYADDR
and bit 51 are set. Then low_phys_bits would also cover some of the
bits that are set in the shadow_mmio_value, terribly confusing the gfn
caching mechanism.
To fix this, avoid splitting gfns as long as the processor does not have
the L1TF bug (which includes all AMD processors). When there is no
splitting, low_phys_bits can be set to the reduced MAXPHYADDR removing
the overlap. This fixes "npt=0" operation on EPYC processors.
Thanks to Maxim Levitsky for bisecting this bug.
Cc: stable@vger.kernel.org
Fixes: 52918ed5fcf0 ("KVM: SVM: Override default MMIO mask if memory encryption is enabled")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/mmu.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index ac0a794267d4..18632f15b29f 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -294,6 +294,8 @@ kvm_mmu_calc_root_page_role(struct kvm_vcpu *vcpu);
void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask, u64 mmio_value)
{
BUG_ON((mmio_mask & mmio_value) != mmio_value);
+ WARN_ON(mmio_value & (shadow_nonpresent_or_rsvd_mask << shadow_nonpresent_or_rsvd_mask_len));
+ WARN_ON(mmio_value & shadow_nonpresent_or_rsvd_lower_gfn_mask);
shadow_mmio_value = mmio_value | SPTE_SPECIAL_MASK;
shadow_mmio_mask = mmio_mask | SPTE_SPECIAL_MASK;
}
@@ -486,16 +488,15 @@ static void kvm_mmu_reset_all_pte_masks(void)
* the most significant bits of legal physical address space.
*/
shadow_nonpresent_or_rsvd_mask = 0;
- low_phys_bits = boot_cpu_data.x86_cache_bits;
- if (boot_cpu_data.x86_cache_bits <
- 52 - shadow_nonpresent_or_rsvd_mask_len) {
+ low_phys_bits = boot_cpu_data.x86_phys_bits;
+ if (boot_cpu_has_bug(X86_BUG_L1TF) &&
+ !WARN_ON_ONCE(boot_cpu_data.x86_cache_bits >=
+ 52 - shadow_nonpresent_or_rsvd_mask_len)) {
+ low_phys_bits = boot_cpu_data.x86_cache_bits
+ - shadow_nonpresent_or_rsvd_mask_len;
shadow_nonpresent_or_rsvd_mask =
- rsvd_bits(boot_cpu_data.x86_cache_bits -
- shadow_nonpresent_or_rsvd_mask_len,
- boot_cpu_data.x86_cache_bits - 1);
- low_phys_bits -= shadow_nonpresent_or_rsvd_mask_len;
- } else
- WARN_ON_ONCE(boot_cpu_has_bug(X86_BUG_L1TF));
+ rsvd_bits(low_phys_bits, boot_cpu_data.x86_cache_bits - 1);
+ }
shadow_nonpresent_or_rsvd_lower_gfn_mask =
GENMASK_ULL(low_phys_bits - 1, PAGE_SHIFT);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 054/267] x86/speculation: Change misspelled STIPB to STIBP
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 053/267] KVM: x86: only do L1TF workaround on affected processors Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 055/267] x86/speculation: Add support for STIBP always-on preferred mode Greg Kroah-Hartman
` (214 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Borislav Petkov,
H. Peter Anvin, Andi Kleen, David Woodhouse, Ingo Molnar,
Jiri Kosina, Josh Poimboeuf, KarimAllah Ahmed,
Konrad Rzeszutek Wilk, Peter Zijlstra, Thomas Gleixner, Tim Chen,
x86-ml, Sasha Levin
From: Waiman Long <longman@redhat.com>
[ Upstream commit aa77bfb354c495fc4361199e63fc5765b9e1e783 ]
STIBP stands for Single Thread Indirect Branch Predictors. The acronym,
however, can be easily mis-spelled as STIPB. It is perhaps due to the
presence of another related term - IBPB (Indirect Branch Predictor
Barrier).
Fix the mis-spelling in the code.
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: KarimAllah Ahmed <karahmed@amazon.de>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/1544039368-9009-1-git-send-email-longman@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/bugs.c | 6 +++---
arch/x86/kernel/process.h | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index cf07437cd106..0ea87f9095f0 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -61,7 +61,7 @@ static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS;
u64 __ro_after_init x86_amd_ls_cfg_base;
u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask;
-/* Control conditional STIPB in switch_to() */
+/* Control conditional STIBP in switch_to() */
DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp);
/* Control conditional IBPB in switch_mm() */
DEFINE_STATIC_KEY_FALSE(switch_mm_cond_ibpb);
@@ -750,12 +750,12 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
"always-on" : "conditional");
}
- /* If enhanced IBRS is enabled no STIPB required */
+ /* If enhanced IBRS is enabled no STIBP required */
if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
return;
/*
- * If SMT is not possible or STIBP is not available clear the STIPB
+ * If SMT is not possible or STIBP is not available clear the STIBP
* mode.
*/
if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP))
diff --git a/arch/x86/kernel/process.h b/arch/x86/kernel/process.h
index 898e97cf6629..320ab978fb1f 100644
--- a/arch/x86/kernel/process.h
+++ b/arch/x86/kernel/process.h
@@ -19,7 +19,7 @@ static inline void switch_to_extra(struct task_struct *prev,
if (IS_ENABLED(CONFIG_SMP)) {
/*
* Avoid __switch_to_xtra() invocation when conditional
- * STIPB is disabled and the only different bit is
+ * STIBP is disabled and the only different bit is
* TIF_SPEC_IB. For CONFIG_SMP=n TIF_SPEC_IB is not
* in the TIF_WORK_CTXSW masks.
*/
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 055/267] x86/speculation: Add support for STIBP always-on preferred mode
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 054/267] x86/speculation: Change misspelled STIPB to STIBP Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 056/267] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS Greg Kroah-Hartman
` (213 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Lendacky, Thomas Gleixner,
Andrea Arcangeli, Konrad Rzeszutek Wilk, Jiri Kosina,
Borislav Petkov, Tim Chen, David Woodhouse, Sasha Levin
From: Thomas Lendacky <Thomas.Lendacky@amd.com>
[ Upstream commit 20c3a2c33e9fdc82e9e8e8d2a6445b3256d20191 ]
Different AMD processors may have different implementations of STIBP.
When STIBP is conditionally enabled, some implementations would benefit
from having STIBP always on instead of toggling the STIBP bit through MSR
writes. This preference is advertised through a CPUID feature bit.
When conditional STIBP support is requested at boot and the CPU advertises
STIBP always-on mode as preferred, switch to STIBP "on" support. To show
that this transition has occurred, create a new spectre_v2_user_mitigation
value and a new spectre_v2_user_strings message. The new mitigation value
is used in spectre_v2_user_select_mitigation() to print the new mitigation
message as well as to return a new string from stibp_state().
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Link: https://lkml.kernel.org/r/20181213230352.6937.74943.stgit@tlendack-t1.amdoffice.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/nospec-branch.h | 1 +
arch/x86/kernel/cpu/bugs.c | 28 ++++++++++++++++++++++------
3 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 9f03ac233566..f7f9604b10cc 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -291,6 +291,7 @@
#define X86_FEATURE_AMD_IBPB (13*32+12) /* "" Indirect Branch Prediction Barrier */
#define X86_FEATURE_AMD_IBRS (13*32+14) /* "" Indirect Branch Restricted Speculation */
#define X86_FEATURE_AMD_STIBP (13*32+15) /* "" Single Thread Indirect Branch Predictors */
+#define X86_FEATURE_AMD_STIBP_ALWAYS_ON (13*32+17) /* "" Single Thread Indirect Branch Predictors always-on preferred */
#define X86_FEATURE_AMD_SSBD (13*32+24) /* "" Speculative Store Bypass Disable */
#define X86_FEATURE_VIRT_SSBD (13*32+25) /* Virtualized Speculative Store Bypass Disable */
#define X86_FEATURE_AMD_SSB_NO (13*32+26) /* "" Speculative Store Bypass is fixed in hardware. */
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 09c7466c4880..e3f70c60e8cc 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -232,6 +232,7 @@ enum spectre_v2_mitigation {
enum spectre_v2_user_mitigation {
SPECTRE_V2_USER_NONE,
SPECTRE_V2_USER_STRICT,
+ SPECTRE_V2_USER_STRICT_PREFERRED,
SPECTRE_V2_USER_PRCTL,
SPECTRE_V2_USER_SECCOMP,
};
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 0ea87f9095f0..1f1f342574a2 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -633,10 +633,11 @@ enum spectre_v2_user_cmd {
};
static const char * const spectre_v2_user_strings[] = {
- [SPECTRE_V2_USER_NONE] = "User space: Vulnerable",
- [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection",
- [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl",
- [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl",
+ [SPECTRE_V2_USER_NONE] = "User space: Vulnerable",
+ [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection",
+ [SPECTRE_V2_USER_STRICT_PREFERRED] = "User space: Mitigation: STIBP always-on protection",
+ [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl",
+ [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl",
};
static const struct {
@@ -726,6 +727,15 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
break;
}
+ /*
+ * At this point, an STIBP mode other than "off" has been set.
+ * If STIBP support is not being forced, check if STIBP always-on
+ * is preferred.
+ */
+ if (mode != SPECTRE_V2_USER_STRICT &&
+ boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
+ mode = SPECTRE_V2_USER_STRICT_PREFERRED;
+
/* Initialize Indirect Branch Prediction Barrier */
if (boot_cpu_has(X86_FEATURE_IBPB)) {
setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
@@ -999,6 +1009,7 @@ void arch_smt_update(void)
case SPECTRE_V2_USER_NONE:
break;
case SPECTRE_V2_USER_STRICT:
+ case SPECTRE_V2_USER_STRICT_PREFERRED:
update_stibp_strict();
break;
case SPECTRE_V2_USER_PRCTL:
@@ -1233,7 +1244,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
* Indirect branch speculation is always disabled in strict
* mode.
*/
- if (spectre_v2_user == SPECTRE_V2_USER_STRICT)
+ if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
return -EPERM;
task_clear_spec_ib_disable(task);
task_update_spec_tif(task);
@@ -1246,7 +1258,8 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
*/
if (spectre_v2_user == SPECTRE_V2_USER_NONE)
return -EPERM;
- if (spectre_v2_user == SPECTRE_V2_USER_STRICT)
+ if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
return 0;
task_set_spec_ib_disable(task);
if (ctrl == PR_SPEC_FORCE_DISABLE)
@@ -1317,6 +1330,7 @@ static int ib_prctl_get(struct task_struct *task)
return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
case SPECTRE_V2_USER_STRICT:
+ case SPECTRE_V2_USER_STRICT_PREFERRED:
return PR_SPEC_DISABLE;
default:
return PR_SPEC_NOT_AFFECTED;
@@ -1564,6 +1578,8 @@ static char *stibp_state(void)
return ", STIBP: disabled";
case SPECTRE_V2_USER_STRICT:
return ", STIBP: forced";
+ case SPECTRE_V2_USER_STRICT_PREFERRED:
+ return ", STIBP: always-on";
case SPECTRE_V2_USER_PRCTL:
case SPECTRE_V2_USER_SECCOMP:
if (static_key_enabled(&switch_to_cond_stibp))
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 056/267] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 055/267] x86/speculation: Add support for STIBP always-on preferred mode Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 057/267] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches Greg Kroah-Hartman
` (212 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Steinhauser, Thomas Gleixner,
Sasha Levin
From: Anthony Steinhauser <asteinhauser@google.com>
[ Upstream commit 21998a351512eba4ed5969006f0c55882d995ada ]
When STIBP is unavailable or enhanced IBRS is available, Linux
force-disables the IBPB mitigation of Spectre-BTB even when simultaneous
multithreading is disabled. While attempts to enable IBPB using
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, ...) fail with
EPERM, the seccomp syscall (or its prctl(PR_SET_SECCOMP, ...) equivalent)
which are used e.g. by Chromium or OpenSSH succeed with no errors but the
application remains silently vulnerable to cross-process Spectre v2 attacks
(classical BTB poisoning). At the same time the SYSFS reporting
(/sys/devices/system/cpu/vulnerabilities/spectre_v2) displays that IBPB is
conditionally enabled when in fact it is unconditionally disabled.
STIBP is useful only when SMT is enabled. When SMT is disabled and STIBP is
unavailable, it makes no sense to force-disable also IBPB, because IBPB
protects against cross-process Spectre-BTB attacks regardless of the SMT
state. At the same time since missing STIBP was only observed on AMD CPUs,
AMD does not recommend using STIBP, but recommends using IBPB, so disabling
IBPB because of missing STIBP goes directly against AMD's advice:
https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf
Similarly, enhanced IBRS is designed to protect cross-core BTB poisoning
and BTB-poisoning attacks from user space against kernel (and
BTB-poisoning attacks from guest against hypervisor), it is not designed
to prevent cross-process (or cross-VM) BTB poisoning between processes (or
VMs) running on the same core. Therefore, even with enhanced IBRS it is
necessary to flush the BTB during context-switches, so there is no reason
to force disable IBPB when enhanced IBRS is available.
Enable the prctl control of IBPB even when STIBP is unavailable or enhanced
IBRS is available.
Fixes: 7cc765a67d8e ("x86/speculation: Enable prctl mode for spectre_v2_user")
Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/bugs.c | 87 ++++++++++++++++++++++----------------
1 file changed, 50 insertions(+), 37 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 1f1f342574a2..9f178423cbf0 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -581,7 +581,9 @@ early_param("nospectre_v1", nospectre_v1_cmdline);
static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
SPECTRE_V2_NONE;
-static enum spectre_v2_user_mitigation spectre_v2_user __ro_after_init =
+static enum spectre_v2_user_mitigation spectre_v2_user_stibp __ro_after_init =
+ SPECTRE_V2_USER_NONE;
+static enum spectre_v2_user_mitigation spectre_v2_user_ibpb __ro_after_init =
SPECTRE_V2_USER_NONE;
#ifdef CONFIG_RETPOLINE
@@ -727,15 +729,6 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
break;
}
- /*
- * At this point, an STIBP mode other than "off" has been set.
- * If STIBP support is not being forced, check if STIBP always-on
- * is preferred.
- */
- if (mode != SPECTRE_V2_USER_STRICT &&
- boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
- mode = SPECTRE_V2_USER_STRICT_PREFERRED;
-
/* Initialize Indirect Branch Prediction Barrier */
if (boot_cpu_has(X86_FEATURE_IBPB)) {
setup_force_cpu_cap(X86_FEATURE_USE_IBPB);
@@ -758,23 +751,36 @@ spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd)
pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n",
static_key_enabled(&switch_mm_always_ibpb) ?
"always-on" : "conditional");
+
+ spectre_v2_user_ibpb = mode;
}
- /* If enhanced IBRS is enabled no STIBP required */
- if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ /*
+ * If enhanced IBRS is enabled or SMT impossible, STIBP is not
+ * required.
+ */
+ if (!smt_possible || spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
return;
/*
- * If SMT is not possible or STIBP is not available clear the STIBP
- * mode.
+ * At this point, an STIBP mode other than "off" has been set.
+ * If STIBP support is not being forced, check if STIBP always-on
+ * is preferred.
+ */
+ if (mode != SPECTRE_V2_USER_STRICT &&
+ boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON))
+ mode = SPECTRE_V2_USER_STRICT_PREFERRED;
+
+ /*
+ * If STIBP is not available, clear the STIBP mode.
*/
- if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP))
+ if (!boot_cpu_has(X86_FEATURE_STIBP))
mode = SPECTRE_V2_USER_NONE;
+
+ spectre_v2_user_stibp = mode;
+
set_mode:
- spectre_v2_user = mode;
- /* Only print the STIBP mode when SMT possible */
- if (smt_possible)
- pr_info("%s\n", spectre_v2_user_strings[mode]);
+ pr_info("%s\n", spectre_v2_user_strings[mode]);
}
static const char * const spectre_v2_strings[] = {
@@ -1005,7 +1011,7 @@ void arch_smt_update(void)
{
mutex_lock(&spec_ctrl_mutex);
- switch (spectre_v2_user) {
+ switch (spectre_v2_user_stibp) {
case SPECTRE_V2_USER_NONE:
break;
case SPECTRE_V2_USER_STRICT:
@@ -1238,14 +1244,16 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
{
switch (ctrl) {
case PR_SPEC_ENABLE:
- if (spectre_v2_user == SPECTRE_V2_USER_NONE)
+ if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE &&
+ spectre_v2_user_stibp == SPECTRE_V2_USER_NONE)
return 0;
/*
* Indirect branch speculation is always disabled in strict
* mode.
*/
- if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
- spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
+ if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED)
return -EPERM;
task_clear_spec_ib_disable(task);
task_update_spec_tif(task);
@@ -1256,10 +1264,12 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
* Indirect branch speculation is always allowed when
* mitigation is force disabled.
*/
- if (spectre_v2_user == SPECTRE_V2_USER_NONE)
+ if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE &&
+ spectre_v2_user_stibp == SPECTRE_V2_USER_NONE)
return -EPERM;
- if (spectre_v2_user == SPECTRE_V2_USER_STRICT ||
- spectre_v2_user == SPECTRE_V2_USER_STRICT_PREFERRED)
+ if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED)
return 0;
task_set_spec_ib_disable(task);
if (ctrl == PR_SPEC_FORCE_DISABLE)
@@ -1290,7 +1300,8 @@ void arch_seccomp_spec_mitigate(struct task_struct *task)
{
if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP)
ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
- if (spectre_v2_user == SPECTRE_V2_USER_SECCOMP)
+ if (spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_SECCOMP)
ib_prctl_set(task, PR_SPEC_FORCE_DISABLE);
}
#endif
@@ -1319,22 +1330,24 @@ static int ib_prctl_get(struct task_struct *task)
if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
return PR_SPEC_NOT_AFFECTED;
- switch (spectre_v2_user) {
- case SPECTRE_V2_USER_NONE:
+ if (spectre_v2_user_ibpb == SPECTRE_V2_USER_NONE &&
+ spectre_v2_user_stibp == SPECTRE_V2_USER_NONE)
return PR_SPEC_ENABLE;
- case SPECTRE_V2_USER_PRCTL:
- case SPECTRE_V2_USER_SECCOMP:
+ else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED)
+ return PR_SPEC_DISABLE;
+ else if (spectre_v2_user_ibpb == SPECTRE_V2_USER_PRCTL ||
+ spectre_v2_user_ibpb == SPECTRE_V2_USER_SECCOMP ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_PRCTL ||
+ spectre_v2_user_stibp == SPECTRE_V2_USER_SECCOMP) {
if (task_spec_ib_force_disable(task))
return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
if (task_spec_ib_disable(task))
return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
- case SPECTRE_V2_USER_STRICT:
- case SPECTRE_V2_USER_STRICT_PREFERRED:
- return PR_SPEC_DISABLE;
- default:
+ } else
return PR_SPEC_NOT_AFFECTED;
- }
}
int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
@@ -1573,7 +1586,7 @@ static char *stibp_state(void)
if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
return "";
- switch (spectre_v2_user) {
+ switch (spectre_v2_user_stibp) {
case SPECTRE_V2_USER_NONE:
return ", STIBP: disabled";
case SPECTRE_V2_USER_STRICT:
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 057/267] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 056/267] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 058/267] spi: No need to assign dummy value in spi_unregister_controller() Greg Kroah-Hartman
` (211 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anthony Steinhauser, Thomas Gleixner,
Sasha Levin
From: Anthony Steinhauser <asteinhauser@google.com>
[ Upstream commit 4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf ]
Currently, it is possible to enable indirect branch speculation even after
it was force-disabled using the PR_SPEC_FORCE_DISABLE option. Moreover, the
PR_GET_SPECULATION_CTRL command gives afterwards an incorrect result
(force-disabled when it is in fact enabled). This also is inconsistent
vs. STIBP and the documention which cleary states that
PR_SPEC_FORCE_DISABLE cannot be undone.
Fix this by actually enforcing force-disabled indirect branch
speculation. PR_SPEC_ENABLE called after PR_SPEC_FORCE_DISABLE now fails
with -EPERM as described in the documentation.
Fixes: 9137bb27e60e ("x86/speculation: Add prctl() control for indirect branch speculation")
Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/bugs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 9f178423cbf0..bf554ed2fd51 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -1249,11 +1249,14 @@ static int ib_prctl_set(struct task_struct *task, unsigned long ctrl)
return 0;
/*
* Indirect branch speculation is always disabled in strict
- * mode.
+ * mode. It can neither be enabled if it was force-disabled
+ * by a previous prctl call.
+
*/
if (spectre_v2_user_ibpb == SPECTRE_V2_USER_STRICT ||
spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT ||
- spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED)
+ spectre_v2_user_stibp == SPECTRE_V2_USER_STRICT_PREFERRED ||
+ task_spec_ib_force_disable(task))
return -EPERM;
task_clear_spec_ib_disable(task);
task_update_spec_tif(task);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 058/267] spi: No need to assign dummy value in spi_unregister_controller()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 057/267] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 059/267] spi: Fix controller unregister order Greg Kroah-Hartman
` (210 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Mark Brown, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit ebc37af5e0a134355ea2b62ed4141458bdbd5389 ]
The device_for_each_child() doesn't require the returned value to be checked.
Thus, drop the dummy variable completely and have no warning anymore:
drivers/spi/spi.c: In function ‘spi_unregister_controller’:
drivers/spi/spi.c:2480:6: warning: variable ‘dummy’ set but not used [-Wunused-but-set-variable]
int dummy;
^~~~~
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 88a8a8edd44b..0022a49797f9 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -2305,7 +2305,6 @@ void spi_unregister_controller(struct spi_controller *ctlr)
{
struct spi_controller *found;
int id = ctlr->bus_num;
- int dummy;
/* First make sure that this controller was ever added */
mutex_lock(&board_lock);
@@ -2319,7 +2318,7 @@ void spi_unregister_controller(struct spi_controller *ctlr)
list_del(&ctlr->list);
mutex_unlock(&board_lock);
- dummy = device_for_each_child(&ctlr->dev, NULL, __unregister);
+ device_for_each_child(&ctlr->dev, NULL, __unregister);
device_unregister(&ctlr->dev);
/* free bus id */
mutex_lock(&board_lock);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 059/267] spi: Fix controller unregister order
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 058/267] spi: No need to assign dummy value in spi_unregister_controller() Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 060/267] spi: pxa2xx: " Greg Kroah-Hartman
` (209 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Linus Walleij,
Mark Brown, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 84855678add8aba927faf76bc2f130a40f94b6f7 ]
When an SPI controller unregisters, it unbinds all its slave devices.
For this, their drivers may need to access the SPI bus, e.g. to quiesce
interrupts.
However since commit ffbbdd21329f ("spi: create a message queueing
infrastructure"), spi_destroy_queue() is executed before unbinding the
slaves. It sets ctlr->running = false, thereby preventing SPI bus
access and causing unbinding of slave devices to fail.
Fix by unbinding slaves before calling spi_destroy_queue().
Fixes: ffbbdd21329f ("spi: create a message queueing infrastructure")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Cc: stable@vger.kernel.org # v3.4+
Cc: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/8aaf9d44c153fe233b17bc2dec4eb679898d7e7b.1589557526.git.lukas@wunner.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index 0022a49797f9..f589d8100e95 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -2306,6 +2306,8 @@ void spi_unregister_controller(struct spi_controller *ctlr)
struct spi_controller *found;
int id = ctlr->bus_num;
+ device_for_each_child(&ctlr->dev, NULL, __unregister);
+
/* First make sure that this controller was ever added */
mutex_lock(&board_lock);
found = idr_find(&spi_master_idr, id);
@@ -2318,7 +2320,6 @@ void spi_unregister_controller(struct spi_controller *ctlr)
list_del(&ctlr->list);
mutex_unlock(&board_lock);
- device_for_each_child(&ctlr->dev, NULL, __unregister);
device_unregister(&ctlr->dev);
/* free bus id */
mutex_lock(&board_lock);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 060/267] spi: pxa2xx: Fix controller unregister order
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 059/267] spi: Fix controller unregister order Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 061/267] spi: bcm2835: " Greg Kroah-Hartman
` (208 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Andy Shevchenko,
Tsuchiya Yuto, Mark Brown, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 32e5b57232c0411e7dea96625c415510430ac079 ]
The PXA2xx SPI driver uses devm_spi_register_controller() on bind.
As a consequence, on unbind, __device_release_driver() first invokes
pxa2xx_spi_remove() before unregistering the SPI controller via
devres_release_all().
This order is incorrect: pxa2xx_spi_remove() disables the chip,
rendering the SPI bus inaccessible even though the SPI controller is
still registered. When the SPI controller is subsequently unregistered,
it unbinds all its slave devices. Because their drivers cannot access
the SPI bus, e.g. to quiesce interrupts, the slave devices may be left
in an improper state.
As a rule, devm_spi_register_controller() must not be used if the
->remove() hook performs teardown steps which shall be performed after
unregistering the controller and specifically after unbinding of slaves.
Fix by reverting to the non-devm variant of spi_register_controller().
An alternative approach would be to use device-managed functions for all
steps in pxa2xx_spi_remove(), e.g. by calling devm_add_action_or_reset()
on probe. However that approach would add more LoC to the driver and
it wouldn't lend itself as well to backporting to stable.
The improper use of devm_spi_register_controller() was introduced in 2013
by commit a807fcd090d6 ("spi: pxa2xx: use devm_spi_register_master()"),
but all earlier versions of the driver going back to 2006 were likewise
broken because they invoked spi_unregister_master() at the end of
pxa2xx_spi_remove(), rather than at the beginning.
Fixes: e0c9905e87ac ("[PATCH] SPI: add PXA2xx SSP SPI Driver")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable@vger.kernel.org # v2.6.17+
Cc: Tsuchiya Yuto <kitakar@gmail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206403#c1
Link: https://lore.kernel.org/r/834c446b1cf3284d2660f1bee1ebe3e737cd02a9.1590408496.git.lukas@wunner.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-pxa2xx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
index e4482823d8d7..d6c30bd1583f 100644
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -1739,7 +1739,7 @@ static int pxa2xx_spi_probe(struct platform_device *pdev)
/* Register with the SPI framework */
platform_set_drvdata(pdev, drv_data);
- status = devm_spi_register_controller(&pdev->dev, master);
+ status = spi_register_controller(master);
if (status != 0) {
dev_err(&pdev->dev, "problem registering spi master\n");
goto out_error_clock_enabled;
@@ -1773,6 +1773,8 @@ static int pxa2xx_spi_remove(struct platform_device *pdev)
pm_runtime_get_sync(&pdev->dev);
+ spi_unregister_controller(drv_data->master);
+
/* Disable the SSP at the peripheral and SOC level */
pxa2xx_spi_write(drv_data, SSCR0, 0);
clk_disable_unprepare(ssp->clk);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 061/267] spi: bcm2835: Fix controller unregister order
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 060/267] spi: pxa2xx: " Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 062/267] spi: pxa2xx: Balance runtime PM enable/disable on error Greg Kroah-Hartman
` (207 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Mark Brown, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 9dd277ff92d06f6aa95b39936ad83981d781f49b ]
The BCM2835 SPI driver uses devm_spi_register_controller() on bind.
As a consequence, on unbind, __device_release_driver() first invokes
bcm2835_spi_remove() before unregistering the SPI controller via
devres_release_all().
This order is incorrect: bcm2835_spi_remove() tears down the DMA
channels and turns off the SPI controller, including its interrupts
and clock. The SPI controller is thus no longer usable.
When the SPI controller is subsequently unregistered, it unbinds all
its slave devices. If their drivers need to access the SPI bus,
e.g. to quiesce their interrupts, unbinding will fail.
As a rule, devm_spi_register_controller() must not be used if the
->remove() hook performs teardown steps which shall be performed
after unbinding of slaves.
Fix by using the non-devm variant spi_register_controller(). Note that
the struct spi_controller as well as the driver-private data are not
freed until after bcm2835_spi_remove() has finished, so accessing them
is safe.
Fixes: 247263dba208 ("spi: bcm2835: use devm_spi_register_master()")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Cc: stable@vger.kernel.org # v3.13+
Link: https://lore.kernel.org/r/2397dd70cdbe95e0bc4da2b9fca0f31cb94e5aed.1589557526.git.lukas@wunner.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-bcm2835.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-bcm2835.c b/drivers/spi/spi-bcm2835.c
index eab27d41ba83..df6abc75bc16 100644
--- a/drivers/spi/spi-bcm2835.c
+++ b/drivers/spi/spi-bcm2835.c
@@ -793,7 +793,7 @@ static int bcm2835_spi_probe(struct platform_device *pdev)
goto out_clk_disable;
}
- err = devm_spi_register_master(&pdev->dev, master);
+ err = spi_register_master(master);
if (err) {
dev_err(&pdev->dev, "could not register SPI master: %d\n", err);
goto out_clk_disable;
@@ -813,6 +813,8 @@ static int bcm2835_spi_remove(struct platform_device *pdev)
struct spi_master *master = platform_get_drvdata(pdev);
struct bcm2835_spi *bs = spi_master_get_devdata(master);
+ spi_unregister_master(master);
+
/* Clear FIFOs, and disable the HW block */
bcm2835_wr(bs, BCM2835_SPI_CS,
BCM2835_SPI_CS_CLEAR_RX | BCM2835_SPI_CS_CLEAR_TX);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 062/267] spi: pxa2xx: Balance runtime PM enable/disable on error
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 061/267] spi: bcm2835: " Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 063/267] spi: pxa2xx: Fix runtime PM ref imbalance on probe error Greg Kroah-Hartman
` (206 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lubomir Rintel, Mark Brown, Sasha Levin
From: Lubomir Rintel <lkundrak@v3.sk>
[ Upstream commit 1274204542f683e1d8491ebe9cc86284d5a8ebcc ]
Don't undo the PM initialization if we error out before we managed to
initialize it. The call to pm_runtime_disable() without being preceded
by pm_runtime_enable() would disturb the balance of the Force.
In practice, this happens if we fail to allocate any of the GPIOS ("cs",
"ready") due to -EPROBE_DEFER because we're getting probled before the
GPIO driver.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Link: https://lore.kernel.org/r/20190719122713.3444318-1-lkundrak@v3.sk
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-pxa2xx.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
index d6c30bd1583f..6551188fea23 100644
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -1742,14 +1742,16 @@ static int pxa2xx_spi_probe(struct platform_device *pdev)
status = spi_register_controller(master);
if (status != 0) {
dev_err(&pdev->dev, "problem registering spi master\n");
- goto out_error_clock_enabled;
+ goto out_error_pm_runtime_enabled;
}
return status;
-out_error_clock_enabled:
+out_error_pm_runtime_enabled:
pm_runtime_put_noidle(&pdev->dev);
pm_runtime_disable(&pdev->dev);
+
+out_error_clock_enabled:
clk_disable_unprepare(ssp->clk);
out_error_dma_irq_alloc:
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 063/267] spi: pxa2xx: Fix runtime PM ref imbalance on probe error
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 062/267] spi: pxa2xx: Balance runtime PM enable/disable on error Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 064/267] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() Greg Kroah-Hartman
` (205 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Jarkko Nikula,
Andy Shevchenko, Mark Brown, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 65e318e17358a3fd4fcb5a69d89b14016dee2f06 ]
The PXA2xx SPI driver releases a runtime PM ref in the probe error path
even though it hasn't acquired a ref earlier.
Apparently commit e2b714afee32 ("spi: pxa2xx: Disable runtime PM if
controller registration fails") sought to copy-paste the invocation of
pm_runtime_disable() from pxa2xx_spi_remove(), but erroneously copied
the call to pm_runtime_put_noidle() as well. Drop it.
Fixes: e2b714afee32 ("spi: pxa2xx: Disable runtime PM if controller registration fails")
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable@vger.kernel.org # v4.17+
Cc: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Link: https://lore.kernel.org/r/58b2ac6942ca1f91aaeeafe512144bc5343e1d84.1590408496.git.lukas@wunner.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-pxa2xx.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
index 6551188fea23..2525fd9c8aa4 100644
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -1748,7 +1748,6 @@ static int pxa2xx_spi_probe(struct platform_device *pdev)
return status;
out_error_pm_runtime_enabled:
- pm_runtime_put_noidle(&pdev->dev);
pm_runtime_disable(&pdev->dev);
out_error_clock_enabled:
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 064/267] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 063/267] spi: pxa2xx: Fix runtime PM ref imbalance on probe error Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 065/267] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() Greg Kroah-Hartman
` (204 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, LABBE Corentin, Gonglei, Herbert Xu,
Michael S. Tsirkin, Jason Wang, David S. Miller, virtualization,
Longpeng(Mike),
Sasha Levin
From: Longpeng(Mike) <longpeng2@huawei.com>
[ Upstream commit 8c855f0720ff006d75d0a2512c7f6c4f60ff60ee ]
The system'll crash when the users insmod crypto/tcrypto.ko with mode=155
( testing "authenc(hmac(sha1),cbc(aes))" ). It's caused by reuse the memory
of request structure.
In crypto_authenc_init_tfm(), the reqsize is set to:
[PART 1] sizeof(authenc_request_ctx) +
[PART 2] ictx->reqoff +
[PART 3] MAX(ahash part, skcipher part)
and the 'PART 3' is used by both ahash and skcipher in turn.
When the virtio_crypto driver finish skcipher req, it'll call ->complete
callback(in crypto_finalize_skcipher_request) and then free its
resources whose pointers are recorded in 'skcipher parts'.
However, the ->complete is 'crypto_authenc_encrypt_done' in this case,
it will use the 'ahash part' of the request and change its content,
so virtio_crypto driver will get the wrong pointer after ->complete
finish and mistakenly free some other's memory. So the system will crash
when these memory will be used again.
The resources which need to be cleaned up are not used any more. But the
pointers of these resources may be changed in the function
"crypto_finalize_skcipher_request". Thus release specific resources before
calling this function.
Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
Reported-by: LABBE Corentin <clabbe@baylibre.com>
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: virtualization@lists.linux-foundation.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200123101000.GB24255@Red
Acked-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Link: https://lore.kernel.org/r/20200602070501.2023-3-longpeng2@huawei.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/virtio/virtio_crypto_algs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c b/drivers/crypto/virtio/virtio_crypto_algs.c
index 38432721069f..9348060cc32f 100644
--- a/drivers/crypto/virtio/virtio_crypto_algs.c
+++ b/drivers/crypto/virtio/virtio_crypto_algs.c
@@ -594,10 +594,11 @@ static void virtio_crypto_ablkcipher_finalize_req(
scatterwalk_map_and_copy(req->info, req->dst,
req->nbytes - AES_BLOCK_SIZE,
AES_BLOCK_SIZE, 0);
- crypto_finalize_ablkcipher_request(vc_sym_req->base.dataq->engine,
- req, err);
kzfree(vc_sym_req->iv);
virtcrypto_clear_request(&vc_sym_req->base);
+
+ crypto_finalize_ablkcipher_request(vc_sym_req->base.dataq->engine,
+ req, err);
}
static struct virtio_crypto_algo virtio_crypto_algs[] = { {
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 065/267] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 064/267] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 066/267] crypto: virtio: Fix dest length " Greg Kroah-Hartman
` (203 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, LABBE Corentin, Herbert Xu,
Michael S. Tsirkin, Jason Wang, David S. Miller, virtualization,
Gonglei, Longpeng(Mike),
Sasha Levin
From: Longpeng(Mike) <longpeng2@huawei.com>
[ Upstream commit b02989f37fc5e865ceeee9070907e4493b3a21e2 ]
The system will crash when the users insmod crypto/tcrypt.ko with mode=38
( testing "cts(cbc(aes))" ).
Usually the next entry of one sg will be @sg@ + 1, but if this sg element
is part of a chained scatterlist, it could jump to the start of a new
scatterlist array. Fix it by sg_next() on calculation of src/dst
scatterlist.
Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
Reported-by: LABBE Corentin <clabbe@baylibre.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: virtualization@lists.linux-foundation.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200123101000.GB24255@Red
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Link: https://lore.kernel.org/r/20200602070501.2023-2-longpeng2@huawei.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/virtio/virtio_crypto_algs.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c b/drivers/crypto/virtio/virtio_crypto_algs.c
index 9348060cc32f..e9a8485c4929 100644
--- a/drivers/crypto/virtio/virtio_crypto_algs.c
+++ b/drivers/crypto/virtio/virtio_crypto_algs.c
@@ -367,13 +367,18 @@ __virtio_crypto_ablkcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req,
int err;
unsigned long flags;
struct scatterlist outhdr, iv_sg, status_sg, **sgs;
- int i;
u64 dst_len;
unsigned int num_out = 0, num_in = 0;
int sg_total;
uint8_t *iv;
+ struct scatterlist *sg;
src_nents = sg_nents_for_len(req->src, req->nbytes);
+ if (src_nents < 0) {
+ pr_err("Invalid number of src SG.\n");
+ return src_nents;
+ }
+
dst_nents = sg_nents(req->dst);
pr_debug("virtio_crypto: Number of sgs (src_nents: %d, dst_nents: %d)\n",
@@ -459,12 +464,12 @@ __virtio_crypto_ablkcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req,
vc_sym_req->iv = iv;
/* Source data */
- for (i = 0; i < src_nents; i++)
- sgs[num_out++] = &req->src[i];
+ for (sg = req->src; src_nents; sg = sg_next(sg), src_nents--)
+ sgs[num_out++] = sg;
/* Destination data */
- for (i = 0; i < dst_nents; i++)
- sgs[num_out + num_in++] = &req->dst[i];
+ for (sg = req->dst; sg; sg = sg_next(sg))
+ sgs[num_out + num_in++] = sg;
/* Status */
sg_init_one(&status_sg, &vc_req->status, sizeof(vc_req->status));
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 066/267] crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 065/267] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 067/267] selftests/net: in rxtimestamp getopt_long needs terminating null entry Greg Kroah-Hartman
` (202 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gonglei, Herbert Xu,
Michael S. Tsirkin, Jason Wang, David S. Miller, virtualization,
Longpeng(Mike),
Sasha Levin
From: Longpeng(Mike) <longpeng2@huawei.com>
[ Upstream commit d90ca42012db2863a9a30b564a2ace6016594bda ]
The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some
testcases in tcrypto.ko.
For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the
crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this
case and get a wrong at then end.
SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes)
EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes)
DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes)
(pp: plaintext cc:ciphertext)
Fix this issue by limit the length of dest buffer.
Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: virtualization@lists.linux-foundation.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Link: https://lore.kernel.org/r/20200602070501.2023-4-longpeng2@huawei.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/virtio/virtio_crypto_algs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c b/drivers/crypto/virtio/virtio_crypto_algs.c
index e9a8485c4929..ab4700e4b409 100644
--- a/drivers/crypto/virtio/virtio_crypto_algs.c
+++ b/drivers/crypto/virtio/virtio_crypto_algs.c
@@ -424,6 +424,7 @@ __virtio_crypto_ablkcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req,
goto free;
}
+ dst_len = min_t(unsigned int, req->nbytes, dst_len);
pr_debug("virtio_crypto: src_len: %u, dst_len: %llu\n",
req->nbytes, dst_len);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 067/267] selftests/net: in rxtimestamp getopt_long needs terminating null entry
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 066/267] crypto: virtio: Fix dest length " Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 068/267] ovl: initialize error in ovl_copy_xattr Greg Kroah-Hartman
` (201 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tanner Love, Willem de Bruijn,
David S. Miller
From: tannerlove <tannerlove@google.com>
[ Upstream commit 865a6cbb2288f8af7f9dc3b153c61b7014fdcf1e ]
getopt_long requires the last element to be filled with zeros.
Otherwise, passing an unrecognized option can cause a segfault.
Fixes: 16e781224198 ("selftests/net: Add a test to validate behavior of rx timestamps")
Signed-off-by: Tanner Love <tannerlove@google.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/networking/timestamping/rxtimestamp.c | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/networking/timestamping/rxtimestamp.c
+++ b/tools/testing/selftests/networking/timestamping/rxtimestamp.c
@@ -114,6 +114,7 @@ static struct option long_options[] = {
{ "tcp", no_argument, 0, 't' },
{ "udp", no_argument, 0, 'u' },
{ "ip", no_argument, 0, 'i' },
+ { NULL, 0, NULL, 0 },
};
static int next_port = 19999;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 068/267] ovl: initialize error in ovl_copy_xattr
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 067/267] selftests/net: in rxtimestamp getopt_long needs terminating null entry Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 069/267] proc: Use new_inode not new_inode_pseudo Greg Kroah-Hartman
` (200 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yuxuan Shui, Alexander Potapenko,
Miklos Szeredi
From: Yuxuan Shui <yshuiv7@gmail.com>
commit 520da69d265a91c6536c63851cbb8a53946974f0 upstream.
In ovl_copy_xattr, if all the xattrs to be copied are overlayfs private
xattrs, the copy loop will terminate without assigning anything to the
error variable, thus returning an uninitialized value.
If ovl_copy_xattr is called from ovl_clear_empty, this uninitialized error
value is put into a pointer by ERR_PTR(), causing potential invalid memory
accesses down the line.
This commit initialize error with 0. This is the correct value because when
there's no xattr to copy, because all xattrs are private, ovl_copy_xattr
should succeed.
This bug is discovered with the help of INIT_STACK_ALL and clang.
Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com>
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1050405
Fixes: 0956254a2d5b ("ovl: don't copy up opaqueness")
Cc: stable@vger.kernel.org # v4.8
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/copy_up.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -43,7 +43,7 @@ int ovl_copy_xattr(struct dentry *old, s
{
ssize_t list_size, size, value_size = 0;
char *buf, *name, *value = NULL;
- int uninitialized_var(error);
+ int error = 0;
size_t slen;
if (!(old->d_inode->i_opflags & IOP_XATTR) ||
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 069/267] proc: Use new_inode not new_inode_pseudo
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 068/267] ovl: initialize error in ovl_copy_xattr Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 070/267] video: fbdev: w100fb: Fix a potential double free Greg Kroah-Hartman
` (199 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+7d2debdcdb3cb93c1e5e,
Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit ef1548adada51a2f32ed7faef50aa465e1b4c5da upstream.
Recently syzbot reported that unmounting proc when there is an ongoing
inotify watch on the root directory of proc could result in a use
after free when the watch is removed after the unmount of proc
when the watcher exits.
Commit 69879c01a0c3 ("proc: Remove the now unnecessary internal mount
of proc") made it easier to unmount proc and allowed syzbot to see the
problem, but looking at the code it has been around for a long time.
Looking at the code the fsnotify watch should have been removed by
fsnotify_sb_delete in generic_shutdown_super. Unfortunately the inode
was allocated with new_inode_pseudo instead of new_inode so the inode
was not on the sb->s_inodes list. Which prevented
fsnotify_unmount_inodes from finding the inode and removing the watch
as well as made it so the "VFS: Busy inodes after unmount" warning
could not find the inodes to warn about them.
Make all of the inodes in proc visible to generic_shutdown_super,
and fsnotify_sb_delete by using new_inode instead of new_inode_pseudo.
The only functional difference is that new_inode places the inodes
on the sb->s_inodes list.
I wrote a small test program and I can verify that without changes it
can trigger this issue, and by replacing new_inode_pseudo with
new_inode the issues goes away.
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/000000000000d788c905a7dfa3f4@google.com
Reported-by: syzbot+7d2debdcdb3cb93c1e5e@syzkaller.appspotmail.com
Fixes: 0097875bd415 ("proc: Implement /proc/thread-self to point at the directory of the current thread")
Fixes: 021ada7dff22 ("procfs: switch /proc/self away from proc_dir_entry")
Fixes: 51f0885e5415 ("vfs,proc: guarantee unique inodes in /proc")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/inode.c | 2 +-
fs/proc/self.c | 2 +-
fs/proc/thread_self.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -451,7 +451,7 @@ const struct inode_operations proc_link_
struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
{
- struct inode *inode = new_inode_pseudo(sb);
+ struct inode *inode = new_inode(sb);
if (inode) {
inode->i_ino = de->low_ino;
--- a/fs/proc/self.c
+++ b/fs/proc/self.c
@@ -42,7 +42,7 @@ int proc_setup_self(struct super_block *
inode_lock(root_inode);
self = d_alloc_name(s->s_root, "self");
if (self) {
- struct inode *inode = new_inode_pseudo(s);
+ struct inode *inode = new_inode(s);
if (inode) {
inode->i_ino = self_inum;
inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
--- a/fs/proc/thread_self.c
+++ b/fs/proc/thread_self.c
@@ -42,7 +42,7 @@ int proc_setup_thread_self(struct super_
inode_lock(root_inode);
thread_self = d_alloc_name(s->s_root, "thread-self");
if (thread_self) {
- struct inode *inode = new_inode_pseudo(s);
+ struct inode *inode = new_inode(s);
if (inode) {
inode->i_ino = thread_self_inum;
inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 070/267] video: fbdev: w100fb: Fix a potential double free.
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 069/267] proc: Use new_inode not new_inode_pseudo Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 071/267] KVM: nSVM: fix condition for filtering async PF Greg Kroah-Hartman
` (198 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Richard Purdie, Antonino Daplas,
Bartlomiej Zolnierkiewicz, Christophe JAILLET, Sam Ravnborg
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit 18722d48a6bb9c2e8d046214c0a5fd19d0a7c9f6 upstream.
Some memory is vmalloc'ed in the 'w100fb_save_vidmem' function and freed in
the 'w100fb_restore_vidmem' function. (these functions are called
respectively from the 'suspend' and the 'resume' functions)
However, it is also freed in the 'remove' function.
In order to avoid a potential double free, set the corresponding pointer
to NULL once freed in the 'w100fb_restore_vidmem' function.
Fixes: aac51f09d96a ("[PATCH] w100fb: Rewrite for platform independence")
Cc: Richard Purdie <rpurdie@rpsys.net>
Cc: Antonino Daplas <adaplas@pol.net>
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: <stable@vger.kernel.org> # v2.6.14+
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20200506181902.193290-1-christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/w100fb.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/video/fbdev/w100fb.c
+++ b/drivers/video/fbdev/w100fb.c
@@ -583,6 +583,7 @@ static void w100fb_restore_vidmem(struct
memsize=par->mach->mem->size;
memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_extmem, memsize);
vfree(par->saved_extmem);
+ par->saved_extmem = NULL;
}
if (par->saved_intmem) {
memsize=MEM_INT_SIZE;
@@ -591,6 +592,7 @@ static void w100fb_restore_vidmem(struct
else
memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_intmem, memsize);
vfree(par->saved_intmem);
+ par->saved_intmem = NULL;
}
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 071/267] KVM: nSVM: fix condition for filtering async PF
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 070/267] video: fbdev: w100fb: Fix a potential double free Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 072/267] KVM: nSVM: leave ASID aside in copy_vmcb_control_area Greg Kroah-Hartman
` (197 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini
From: Paolo Bonzini <pbonzini@redhat.com>
commit a3535be731c2a343912578465021f50937f7b099 upstream.
Async page faults have to be trapped in the host (L1 in this case),
since the APF reason was passed from L0 to L1 and stored in the L1 APF
data page. This was completely reversed: the page faults were passed
to the guest, a L2 hypervisor.
Cc: stable@vger.kernel.org
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3229,8 +3229,8 @@ static int nested_svm_exit_special(struc
return NESTED_EXIT_HOST;
break;
case SVM_EXIT_EXCP_BASE + PF_VECTOR:
- /* When we're shadowing, trap PFs, but not async PF */
- if (!npt_enabled && svm->vcpu.arch.apf.host_apf_reason == 0)
+ /* Trap async PF even if not shadowing */
+ if (!npt_enabled || svm->vcpu.arch.apf.host_apf_reason)
return NESTED_EXIT_HOST;
break;
default:
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 072/267] KVM: nSVM: leave ASID aside in copy_vmcb_control_area
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 071/267] KVM: nSVM: fix condition for filtering async PF Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 073/267] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Greg Kroah-Hartman
` (196 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paolo Bonzini
From: Paolo Bonzini <pbonzini@redhat.com>
commit 6c0238c4a62b3a0b1201aeb7e33a4636d552a436 upstream.
Restoring the ASID from the hsave area on VMEXIT is wrong, because its
value depends on the handling of TLB flushes. Just skipping the field in
copy_vmcb_control_area will do.
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -3319,7 +3319,7 @@ static inline void copy_vmcb_control_are
dst->iopm_base_pa = from->iopm_base_pa;
dst->msrpm_base_pa = from->msrpm_base_pa;
dst->tsc_offset = from->tsc_offset;
- dst->asid = from->asid;
+ /* asid not copied, it is handled manually for svm->vmcb. */
dst->tlb_ctl = from->tlb_ctl;
dst->int_ctl = from->int_ctl;
dst->int_vector = from->int_vector;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 073/267] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 072/267] KVM: nSVM: leave ASID aside in copy_vmcb_control_area Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 074/267] KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) Greg Kroah-Hartman
` (195 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jim Mattson, Xiaoyao Li,
Sean Christopherson, Paolo Bonzini
From: Sean Christopherson <sean.j.christopherson@intel.com>
commit 2ebac8bb3c2d35f5135466490fc8eeaf3f3e2d37 upstream.
Consult only the basic exit reason, i.e. bits 15:0 of vmcs.EXIT_REASON,
when determining whether a nested VM-Exit should be reflected into L1 or
handled by KVM in L0.
For better or worse, the switch statement in nested_vmx_exit_reflected()
currently defaults to "true", i.e. reflects any nested VM-Exit without
dedicated logic. Because the case statements only contain the basic
exit reason, any VM-Exit with modifier bits set will be reflected to L1,
even if KVM intended to handle it in L0.
Practically speaking, this only affects EXIT_REASON_MCE_DURING_VMENTRY,
i.e. a #MC that occurs on nested VM-Enter would be incorrectly routed to
L1, as "failed VM-Entry" is the only modifier that KVM can currently
encounter. The SMM modifiers will never be generated as KVM doesn't
support/employ a SMI Transfer Monitor. Ditto for "exit from enclave",
as KVM doesn't yet support virtualizing SGX, i.e. it's impossible to
enter an enclave in a KVM guest (L1 or L2).
Fixes: 644d711aa0e1 ("KVM: nVMX: Deciding if L0 or L1 should handle an L2 exit")
Cc: Jim Mattson <jmattson@google.com>
Cc: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200227174430.26371-1-sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -9683,7 +9683,7 @@ static bool nested_vmx_exit_reflected(st
vmcs_read32(VM_EXIT_INTR_ERROR_CODE),
KVM_ISA_VMX);
- switch (exit_reason) {
+ switch ((u16)exit_reason) {
case EXIT_REASON_EXCEPTION_NMI:
if (is_nmi(intr_info))
return false;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 074/267] KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 073/267] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Greg Kroah-Hartman
@ 2020-06-19 14:30 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 075/267] KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Greg Kroah-Hartman
` (194 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:30 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aleksandar Markovic, Xing Li,
Huacai Chen, Paolo Bonzini
From: Xing Li <lixing@loongson.cn>
commit fe2b73dba47fb6d6922df1ad44e83b1754d5ed4d upstream.
The code in decode_config4() of arch/mips/kernel/cpu-probe.c
asid_mask = MIPS_ENTRYHI_ASID;
if (config4 & MIPS_CONF4_AE)
asid_mask |= MIPS_ENTRYHI_ASIDX;
set_cpu_asid_mask(c, asid_mask);
set asid_mask to cpuinfo->asid_mask.
So in order to support variable ASID_MASK, KVM_ENTRYHI_ASID should also
be changed to cpu_asid_mask(&boot_cpu_data).
Cc: Stable <stable@vger.kernel.org> #4.9+
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Signed-off-by: Xing Li <lixing@loongson.cn>
[Huacai: Change current_cpu_data to boot_cpu_data for optimization]
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Message-Id: <1590220602-3547-2-git-send-email-chenhc@lemote.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/kvm_host.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -275,7 +275,7 @@ enum emulation_result {
#define MIPS3_PG_FRAME 0x3fffffc0
#define VPN2_MASK 0xffffe000
-#define KVM_ENTRYHI_ASID MIPS_ENTRYHI_ASID
+#define KVM_ENTRYHI_ASID cpu_asid_mask(&boot_cpu_data)
#define TLB_IS_GLOBAL(x) ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G)
#define TLB_VPN2(x) ((x).tlb_hi & VPN2_MASK)
#define TLB_ASID(x) ((x).tlb_hi & KVM_ENTRYHI_ASID)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 075/267] KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2020-06-19 14:30 ` [PATCH 4.19 074/267] KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 076/267] KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts Greg Kroah-Hartman
` (193 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aleksandar Markovic, Xing Li,
Huacai Chen, Paolo Bonzini
From: Xing Li <lixing@loongson.cn>
commit 5816c76dea116a458f1932eefe064e35403248eb upstream.
If a CPU support more than 32bit vmbits (which is true for 64bit CPUs),
VPN2_MASK set to fixed 0xffffe000 will lead to a wrong EntryHi in some
functions such as _kvm_mips_host_tlb_inv().
The cpu_vmbits definition of 32bit CPU in cpu-features.h is 31, so we
still use the old definition.
Cc: Stable <stable@vger.kernel.org>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Signed-off-by: Xing Li <lixing@loongson.cn>
[Huacai: Improve commit messages]
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Message-Id: <1590220602-3547-3-git-send-email-chenhc@lemote.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/kvm_host.h | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -274,7 +274,11 @@ enum emulation_result {
#define MIPS3_PG_SHIFT 6
#define MIPS3_PG_FRAME 0x3fffffc0
+#if defined(CONFIG_64BIT)
+#define VPN2_MASK GENMASK(cpu_vmbits - 1, 13)
+#else
#define VPN2_MASK 0xffffe000
+#endif
#define KVM_ENTRYHI_ASID cpu_asid_mask(&boot_cpu_data)
#define TLB_IS_GLOBAL(x) ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G)
#define TLB_VPN2(x) ((x).tlb_hi & VPN2_MASK)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 076/267] KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 075/267] KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 077/267] scsi: megaraid_sas: TM command refire leads to controller firmware crash Greg Kroah-Hartman
` (192 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, James Morse, Marc Zyngier
From: Marc Zyngier <maz@kernel.org>
commit 3204be4109ad681523e3461ce64454c79278450a upstream.
AArch32 CP1x registers are overlayed on their AArch64 counterparts
in the vcpu struct. This leads to an interesting problem as they
are stored in their CPU-local format, and thus a CP1x register
doesn't "hit" the lower 32bit portion of the AArch64 register on
a BE host.
To workaround this unfortunate situation, introduce a bias trick
in the vcpu_cp1x() accessors which picks the correct half of the
64bit register.
Cc: stable@vger.kernel.org
Reported-by: James Morse <james.morse@arm.com>
Tested-by: James Morse <james.morse@arm.com>
Acked-by: James Morse <james.morse@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/kvm_host.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -335,8 +335,10 @@ void vcpu_write_sys_reg(struct kvm_vcpu
* CP14 and CP15 live in the same array, as they are backed by the
* same system registers.
*/
-#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r)])
-#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r)])
+#define CPx_BIAS IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)
+
+#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_BIAS])
+#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_BIAS])
struct kvm_vm_stat {
ulong remote_tlb_flush;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 077/267] scsi: megaraid_sas: TM command refire leads to controller firmware crash
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 076/267] KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 078/267] ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Greg Kroah-Hartman
` (191 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sumit Saxena, Chandrakanth Patil,
Martin K. Petersen
From: Sumit Saxena <sumit.saxena@broadcom.com>
commit 6fd8525a70221c26823b1c7e912fb21f218fb0c5 upstream.
When TM command times out, driver invokes the controller reset. Post reset,
driver re-fires pended TM commands which leads to firmware crash.
Post controller reset, return pended TM commands back to OS.
Link: https://lore.kernel.org/r/20200508085242.23406-1-chandrakanth.patil@broadcom.com
Cc: stable@vger.kernel.org
Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
Signed-off-by: Chandrakanth Patil <chandrakanth.patil@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
@@ -3940,6 +3940,7 @@ void megasas_refire_mgmt_cmd(struct mega
struct fusion_context *fusion;
struct megasas_cmd *cmd_mfi;
union MEGASAS_REQUEST_DESCRIPTOR_UNION *req_desc;
+ struct MPI2_RAID_SCSI_IO_REQUEST *scsi_io_req;
u16 smid;
bool refire_cmd = 0;
u8 result;
@@ -3990,6 +3991,11 @@ void megasas_refire_mgmt_cmd(struct mega
break;
}
+ scsi_io_req = (struct MPI2_RAID_SCSI_IO_REQUEST *)
+ cmd_fusion->io_request;
+ if (scsi_io_req->Function == MPI2_FUNCTION_SCSI_TASK_MGMT)
+ result = RETURN_CMD;
+
switch (result) {
case REFIRE_CMD:
megasas_fire_cmd_fusion(instance, req_desc);
@@ -4187,7 +4193,6 @@ megasas_issue_tm(struct megasas_instance
if (!timeleft) {
dev_err(&instance->pdev->dev,
"task mgmt type 0x%x timed out\n", type);
- cmd_mfi->flags |= DRV_DCMD_SKIP_REFIRE;
mutex_unlock(&instance->reset_mutex);
rc = megasas_reset_fusion(instance->host, MFI_IO_TIMEOUT_OCR);
mutex_lock(&instance->reset_mutex);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 078/267] ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 077/267] scsi: megaraid_sas: TM command refire leads to controller firmware crash Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 079/267] ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Greg Kroah-Hartman
` (190 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiujun Huang, Kalle Valo,
syzbot+5d338854440137ea0fef
From: Qiujun Huang <hqjagain@gmail.com>
commit abeaa85054ff8cfe8b99aafc5c70ea067e5d0908 upstream.
Free wmi later after cmd urb has been killed, as urb cb will access wmi.
the case reported by syzbot:
https://lore.kernel.org/linux-usb/0000000000000002fc05a1d61a68@google.com
BUG: KASAN: use-after-free in ath9k_wmi_ctrl_rx+0x416/0x500
drivers/net/wireless/ath/ath9k/wmi.c:215
Read of size 1 at addr ffff8881cef1417c by task swapper/1/0
Call Trace:
<IRQ>
ath9k_wmi_ctrl_rx+0x416/0x500 drivers/net/wireless/ath/ath9k/wmi.c:215
ath9k_htc_rx_msg+0x2da/0xaf0
drivers/net/wireless/ath/ath9k/htc_hst.c:459
ath9k_hif_usb_reg_in_cb+0x1ba/0x630
drivers/net/wireless/ath/ath9k/hif_usb.c:718
__usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650
usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716
dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
expire_timers kernel/time/timer.c:1449 [inline]
__run_timers kernel/time/timer.c:1773 [inline]
__run_timers kernel/time/timer.c:1740 [inline]
run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786
Reported-and-tested-by: syzbot+5d338854440137ea0fef@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200404041838.10426-3-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 5 +++--
drivers/net/wireless/ath/ath9k/hif_usb.h | 1 +
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 10 +++++++---
drivers/net/wireless/ath/ath9k/wmi.c | 5 ++++-
drivers/net/wireless/ath/ath9k/wmi.h | 3 ++-
5 files changed, 17 insertions(+), 7 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -973,7 +973,7 @@ err:
return -ENOMEM;
}
-static void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev)
+void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev)
{
usb_kill_anchored_urbs(&hif_dev->regout_submitted);
ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
@@ -1341,8 +1341,9 @@ static void ath9k_hif_usb_disconnect(str
if (hif_dev->flags & HIF_USB_READY) {
ath9k_htc_hw_deinit(hif_dev->htc_handle, unplugged);
- ath9k_htc_hw_free(hif_dev->htc_handle);
ath9k_hif_usb_dev_deinit(hif_dev);
+ ath9k_destoy_wmi(hif_dev->htc_handle->drv_priv);
+ ath9k_htc_hw_free(hif_dev->htc_handle);
}
usb_set_intfdata(interface, NULL);
--- a/drivers/net/wireless/ath/ath9k/hif_usb.h
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.h
@@ -133,5 +133,6 @@ struct hif_device_usb {
int ath9k_hif_usb_init(void);
void ath9k_hif_usb_exit(void);
+void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev);
#endif /* HTC_USB_H */
--- a/drivers/net/wireless/ath/ath9k/htc_drv_init.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
@@ -933,8 +933,9 @@ err_init:
int ath9k_htc_probe_device(struct htc_target *htc_handle, struct device *dev,
u16 devid, char *product, u32 drv_info)
{
- struct ieee80211_hw *hw;
+ struct hif_device_usb *hif_dev;
struct ath9k_htc_priv *priv;
+ struct ieee80211_hw *hw;
int ret;
hw = ieee80211_alloc_hw(sizeof(struct ath9k_htc_priv), &ath9k_htc_ops);
@@ -969,7 +970,10 @@ int ath9k_htc_probe_device(struct htc_ta
return 0;
err_init:
- ath9k_deinit_wmi(priv);
+ ath9k_stop_wmi(priv);
+ hif_dev = (struct hif_device_usb *)htc_handle->hif_dev;
+ ath9k_hif_usb_dealloc_urbs(hif_dev);
+ ath9k_destoy_wmi(priv);
err_free:
ieee80211_free_hw(hw);
return ret;
@@ -984,7 +988,7 @@ void ath9k_htc_disconnect_device(struct
htc_handle->drv_priv->ah->ah_flags |= AH_UNPLUGGED;
ath9k_deinit_device(htc_handle->drv_priv);
- ath9k_deinit_wmi(htc_handle->drv_priv);
+ ath9k_stop_wmi(htc_handle->drv_priv);
ieee80211_free_hw(htc_handle->drv_priv->hw);
}
}
--- a/drivers/net/wireless/ath/ath9k/wmi.c
+++ b/drivers/net/wireless/ath/ath9k/wmi.c
@@ -112,14 +112,17 @@ struct wmi *ath9k_init_wmi(struct ath9k_
return wmi;
}
-void ath9k_deinit_wmi(struct ath9k_htc_priv *priv)
+void ath9k_stop_wmi(struct ath9k_htc_priv *priv)
{
struct wmi *wmi = priv->wmi;
mutex_lock(&wmi->op_mutex);
wmi->stopped = true;
mutex_unlock(&wmi->op_mutex);
+}
+void ath9k_destoy_wmi(struct ath9k_htc_priv *priv)
+{
kfree(priv->wmi);
}
--- a/drivers/net/wireless/ath/ath9k/wmi.h
+++ b/drivers/net/wireless/ath/ath9k/wmi.h
@@ -179,7 +179,6 @@ struct wmi {
};
struct wmi *ath9k_init_wmi(struct ath9k_htc_priv *priv);
-void ath9k_deinit_wmi(struct ath9k_htc_priv *priv);
int ath9k_wmi_connect(struct htc_target *htc, struct wmi *wmi,
enum htc_endpoint_id *wmi_ctrl_epid);
int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id,
@@ -189,6 +188,8 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum
void ath9k_wmi_event_tasklet(unsigned long data);
void ath9k_fatal_work(struct work_struct *work);
void ath9k_wmi_event_drain(struct ath9k_htc_priv *priv);
+void ath9k_stop_wmi(struct ath9k_htc_priv *priv);
+void ath9k_destoy_wmi(struct ath9k_htc_priv *priv);
#define WMI_CMD(_wmi_cmd) \
do { \
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 079/267] ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 078/267] ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 080/267] ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Greg Kroah-Hartman
` (189 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiujun Huang, Kalle Valo,
syzbot+b1c61e5f11be5782f192
From: Qiujun Huang <hqjagain@gmail.com>
commit e4ff08a4d727146bb6717a39a8d399d834654345 upstream.
Write out of slab bounds. We should check epid.
The case reported by syzbot:
https://lore.kernel.org/linux-usb/0000000000006ac55b05a1c05d72@google.com
BUG: KASAN: use-after-free in htc_process_conn_rsp
drivers/net/wireless/ath/ath9k/htc_hst.c:131 [inline]
BUG: KASAN: use-after-free in ath9k_htc_rx_msg+0xa25/0xaf0
drivers/net/wireless/ath/ath9k/htc_hst.c:443
Write of size 2 at addr ffff8881cea291f0 by task swapper/1/0
Call Trace:
htc_process_conn_rsp drivers/net/wireless/ath/ath9k/htc_hst.c:131
[inline]
ath9k_htc_rx_msg+0xa25/0xaf0
drivers/net/wireless/ath/ath9k/htc_hst.c:443
ath9k_hif_usb_reg_in_cb+0x1ba/0x630
drivers/net/wireless/ath/ath9k/hif_usb.c:718
__usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650
usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716
dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
expire_timers kernel/time/timer.c:1449 [inline]
__run_timers kernel/time/timer.c:1773 [inline]
__run_timers kernel/time/timer.c:1740 [inline]
run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786
Reported-and-tested-by: syzbot+b1c61e5f11be5782f192@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200404041838.10426-4-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/htc_hst.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -113,6 +113,9 @@ static void htc_process_conn_rsp(struct
if (svc_rspmsg->status == HTC_SERVICE_SUCCESS) {
epid = svc_rspmsg->endpoint_id;
+ if (epid < 0 || epid >= ENDPOINT_MAX)
+ return;
+
service_id = be16_to_cpu(svc_rspmsg->service_id);
max_msglen = be16_to_cpu(svc_rspmsg->max_msg_len);
endpoint = &target->endpoint[epid];
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 080/267] ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 079/267] ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 081/267] ath9k: Fix general protection fault " Greg Kroah-Hartman
` (188 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiujun Huang, Kalle Valo,
syzbot+d403396d4df67ad0bd5f
From: Qiujun Huang <hqjagain@gmail.com>
commit 19d6c375d671ce9949a864fb9a03e19f5487b4d3 upstream.
Add barrier to accessing the stack array skb_pool.
The case reported by syzbot:
https://lore.kernel.org/linux-usb/0000000000003d7c1505a2168418@google.com
BUG: KASAN: stack-out-of-bounds in ath9k_hif_usb_rx_stream
drivers/net/wireless/ath/ath9k/hif_usb.c:626 [inline]
BUG: KASAN: stack-out-of-bounds in ath9k_hif_usb_rx_cb+0xdf6/0xf70
drivers/net/wireless/ath/ath9k/hif_usb.c:666
Write of size 8 at addr ffff8881db309a28 by task swapper/1/0
Call Trace:
ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:626
[inline]
ath9k_hif_usb_rx_cb+0xdf6/0xf70
drivers/net/wireless/ath/ath9k/hif_usb.c:666
__usb_hcd_giveback_urb+0x1f2/0x470 drivers/usb/core/hcd.c:1648
usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1713
dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
expire_timers kernel/time/timer.c:1449 [inline]
__run_timers kernel/time/timer.c:1773 [inline]
__run_timers kernel/time/timer.c:1740 [inline]
run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786
Reported-and-tested-by: syzbot+d403396d4df67ad0bd5f@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200404041838.10426-5-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -612,6 +612,11 @@ static void ath9k_hif_usb_rx_stream(stru
hif_dev->remain_skb = nskb;
spin_unlock(&hif_dev->rx_lock);
} else {
+ if (pool_index == MAX_PKT_NUM_IN_TRANSFER) {
+ dev_err(&hif_dev->udev->dev,
+ "ath9k_htc: over RX MAX_PKT_NUM\n");
+ goto err;
+ }
nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
if (!nskb) {
dev_err(&hif_dev->udev->dev,
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 081/267] ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 080/267] ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 082/267] Smack: slab-out-of-bounds in vsscanf Greg Kroah-Hartman
` (187 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiujun Huang, Kalle Valo,
syzbot+40d5d2e8a4680952f042
From: Qiujun Huang <hqjagain@gmail.com>
commit 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05 upstream.
In ath9k_hif_usb_rx_cb interface number is assumed to be 0.
usb_ifnum_to_if(urb->dev, 0)
But it isn't always true.
The case reported by syzbot:
https://lore.kernel.org/linux-usb/000000000000666c9c05a1c05d12@google.com
usb 2-1: new high-speed USB device number 2 using dummy_hcd
usb 2-1: config 1 has an invalid interface number: 2 but max is 0
usb 2-1: config 1 has no interface number 0
usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice=
1.08
usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
general protection fault, probably for non-canonical address
0xdffffc0000000015: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc5-syzkaller #0
Call Trace
__usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650
usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716
dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
expire_timers kernel/time/timer.c:1449 [inline]
__run_timers kernel/time/timer.c:1773 [inline]
__run_timers kernel/time/timer.c:1740 [inline]
run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786
__do_softirq+0x21e/0x950 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:373 [inline]
irq_exit+0x178/0x1a0 kernel/softirq.c:413
exiting_irq arch/x86/include/asm/apic.h:546 [inline]
smp_apic_timer_interrupt+0x141/0x540 arch/x86/kernel/apic/apic.c:1146
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
Reported-and-tested-by: syzbot+40d5d2e8a4680952f042@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200404041838.10426-6-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 48 +++++++++++++++++++++++--------
drivers/net/wireless/ath/ath9k/hif_usb.h | 5 +++
2 files changed, 42 insertions(+), 11 deletions(-)
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -643,9 +643,9 @@ err:
static void ath9k_hif_usb_rx_cb(struct urb *urb)
{
- struct sk_buff *skb = (struct sk_buff *) urb->context;
- struct hif_device_usb *hif_dev =
- usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
+ struct rx_buf *rx_buf = (struct rx_buf *)urb->context;
+ struct hif_device_usb *hif_dev = rx_buf->hif_dev;
+ struct sk_buff *skb = rx_buf->skb;
int ret;
if (!skb)
@@ -685,14 +685,15 @@ resubmit:
return;
free:
kfree_skb(skb);
+ kfree(rx_buf);
}
static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
{
- struct sk_buff *skb = (struct sk_buff *) urb->context;
+ struct rx_buf *rx_buf = (struct rx_buf *)urb->context;
+ struct hif_device_usb *hif_dev = rx_buf->hif_dev;
+ struct sk_buff *skb = rx_buf->skb;
struct sk_buff *nskb;
- struct hif_device_usb *hif_dev =
- usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
int ret;
if (!skb)
@@ -750,6 +751,7 @@ resubmit:
return;
free:
kfree_skb(skb);
+ kfree(rx_buf);
urb->context = NULL;
}
@@ -795,7 +797,7 @@ static int ath9k_hif_usb_alloc_tx_urbs(s
init_usb_anchor(&hif_dev->mgmt_submitted);
for (i = 0; i < MAX_TX_URB_NUM; i++) {
- tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL);
+ tx_buf = kzalloc(sizeof(*tx_buf), GFP_KERNEL);
if (!tx_buf)
goto err;
@@ -832,8 +834,9 @@ static void ath9k_hif_usb_dealloc_rx_urb
static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev)
{
- struct urb *urb = NULL;
+ struct rx_buf *rx_buf = NULL;
struct sk_buff *skb = NULL;
+ struct urb *urb = NULL;
int i, ret;
init_usb_anchor(&hif_dev->rx_submitted);
@@ -841,6 +844,12 @@ static int ath9k_hif_usb_alloc_rx_urbs(s
for (i = 0; i < MAX_RX_URB_NUM; i++) {
+ rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL);
+ if (!rx_buf) {
+ ret = -ENOMEM;
+ goto err_rxb;
+ }
+
/* Allocate URB */
urb = usb_alloc_urb(0, GFP_KERNEL);
if (urb == NULL) {
@@ -855,11 +864,14 @@ static int ath9k_hif_usb_alloc_rx_urbs(s
goto err_skb;
}
+ rx_buf->hif_dev = hif_dev;
+ rx_buf->skb = skb;
+
usb_fill_bulk_urb(urb, hif_dev->udev,
usb_rcvbulkpipe(hif_dev->udev,
USB_WLAN_RX_PIPE),
skb->data, MAX_RX_BUF_SIZE,
- ath9k_hif_usb_rx_cb, skb);
+ ath9k_hif_usb_rx_cb, rx_buf);
/* Anchor URB */
usb_anchor_urb(urb, &hif_dev->rx_submitted);
@@ -885,6 +897,8 @@ err_submit:
err_skb:
usb_free_urb(urb);
err_urb:
+ kfree(rx_buf);
+err_rxb:
ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
return ret;
}
@@ -896,14 +910,21 @@ static void ath9k_hif_usb_dealloc_reg_in
static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev)
{
- struct urb *urb = NULL;
+ struct rx_buf *rx_buf = NULL;
struct sk_buff *skb = NULL;
+ struct urb *urb = NULL;
int i, ret;
init_usb_anchor(&hif_dev->reg_in_submitted);
for (i = 0; i < MAX_REG_IN_URB_NUM; i++) {
+ rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL);
+ if (!rx_buf) {
+ ret = -ENOMEM;
+ goto err_rxb;
+ }
+
/* Allocate URB */
urb = usb_alloc_urb(0, GFP_KERNEL);
if (urb == NULL) {
@@ -918,11 +939,14 @@ static int ath9k_hif_usb_alloc_reg_in_ur
goto err_skb;
}
+ rx_buf->hif_dev = hif_dev;
+ rx_buf->skb = skb;
+
usb_fill_int_urb(urb, hif_dev->udev,
usb_rcvintpipe(hif_dev->udev,
USB_REG_IN_PIPE),
skb->data, MAX_REG_IN_BUF_SIZE,
- ath9k_hif_usb_reg_in_cb, skb, 1);
+ ath9k_hif_usb_reg_in_cb, rx_buf, 1);
/* Anchor URB */
usb_anchor_urb(urb, &hif_dev->reg_in_submitted);
@@ -948,6 +972,8 @@ err_submit:
err_skb:
usb_free_urb(urb);
err_urb:
+ kfree(rx_buf);
+err_rxb:
ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
return ret;
}
--- a/drivers/net/wireless/ath/ath9k/hif_usb.h
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.h
@@ -86,6 +86,11 @@ struct tx_buf {
struct list_head list;
};
+struct rx_buf {
+ struct sk_buff *skb;
+ struct hif_device_usb *hif_dev;
+};
+
#define HIF_USB_TX_STOP BIT(0)
#define HIF_USB_TX_FLUSH BIT(1)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 082/267] Smack: slab-out-of-bounds in vsscanf
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 081/267] ath9k: Fix general protection fault " Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 083/267] drm/vkms: Hold gem object while still in-use Greg Kroah-Hartman
` (186 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hillf Danton,
syzbot+bfdd4a2f07be52351350, Casey Schaufler
From: Casey Schaufler <casey@schaufler-ca.com>
commit 84e99e58e8d1e26f04c097f4266e431a33987f36 upstream.
Add barrier to soob. Return -EOVERFLOW if the buffer
is exceeded.
Suggested-by: Hillf Danton <hdanton@sina.com>
Reported-by: syzbot+bfdd4a2f07be52351350@syzkaller.appspotmail.com
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/smack/smackfs.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -906,11 +906,21 @@ static ssize_t smk_set_cipso(struct file
else
rule += strlen(skp->smk_known) + 1;
+ if (rule > data + count) {
+ rc = -EOVERFLOW;
+ goto out;
+ }
+
ret = sscanf(rule, "%d", &maplevel);
if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
goto out;
rule += SMK_DIGITLEN;
+ if (rule > data + count) {
+ rc = -EOVERFLOW;
+ goto out;
+ }
+
ret = sscanf(rule, "%d", &catlen);
if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
goto out;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 083/267] drm/vkms: Hold gem object while still in-use
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 082/267] Smack: slab-out-of-bounds in vsscanf Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 084/267] mm/slub: fix a memory leak in sysfs_slab_add() Greg Kroah-Hartman
` (185 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ezequiel Garcia, Rodrigo Siqueira,
Rodrigo Siqueira, syzbot+e3372a2afe1e7ef04bc7
From: Ezequiel Garcia <ezequiel@collabora.com>
commit 0ea2ea42b31abc1141f2fd3911f952a97d401fcb upstream.
We need to keep the reference to the drm_gem_object
until the last access by vkms_dumb_create.
Therefore, the put the object after it is used.
This fixes a use-after-free issue reported by syzbot.
While here, change vkms_gem_create() symbol to static.
Reported-and-tested-by: syzbot+e3372a2afe1e7ef04bc7@syzkaller.appspotmail.com
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Rodrigo Siqueira <rodrigosiqueiramelo@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200427214405.13069-1-ezequiel@collabora.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/vkms/vkms_drv.h | 5 -----
drivers/gpu/drm/vkms/vkms_gem.c | 11 ++++++-----
2 files changed, 6 insertions(+), 10 deletions(-)
--- a/drivers/gpu/drm/vkms/vkms_drv.h
+++ b/drivers/gpu/drm/vkms/vkms_drv.h
@@ -62,11 +62,6 @@ int vkms_output_init(struct vkms_device
struct drm_plane *vkms_plane_init(struct vkms_device *vkmsdev);
/* Gem stuff */
-struct drm_gem_object *vkms_gem_create(struct drm_device *dev,
- struct drm_file *file,
- u32 *handle,
- u64 size);
-
int vkms_gem_fault(struct vm_fault *vmf);
int vkms_dumb_create(struct drm_file *file, struct drm_device *dev,
--- a/drivers/gpu/drm/vkms/vkms_gem.c
+++ b/drivers/gpu/drm/vkms/vkms_gem.c
@@ -93,10 +93,10 @@ int vkms_gem_fault(struct vm_fault *vmf)
return ret;
}
-struct drm_gem_object *vkms_gem_create(struct drm_device *dev,
- struct drm_file *file,
- u32 *handle,
- u64 size)
+static struct drm_gem_object *vkms_gem_create(struct drm_device *dev,
+ struct drm_file *file,
+ u32 *handle,
+ u64 size)
{
struct vkms_gem_object *obj;
int ret;
@@ -109,7 +109,6 @@ struct drm_gem_object *vkms_gem_create(s
return ERR_CAST(obj);
ret = drm_gem_handle_create(file, &obj->gem, handle);
- drm_gem_object_put_unlocked(&obj->gem);
if (ret)
return ERR_PTR(ret);
@@ -138,6 +137,8 @@ int vkms_dumb_create(struct drm_file *fi
args->size = gem_obj->size;
args->pitch = pitch;
+ drm_gem_object_put_unlocked(gem_obj);
+
DRM_DEBUG_DRIVER("Created object of size %lld\n", size);
return 0;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 084/267] mm/slub: fix a memory leak in sysfs_slab_add()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 083/267] drm/vkms: Hold gem object while still in-use Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 085/267] fat: dont allow to mount if the FAT length == 0 Greg Kroah-Hartman
` (184 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai, Andrew Morton,
Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
Linus Torvalds
From: Wang Hai <wanghai38@huawei.com>
commit dde3c6b72a16c2db826f54b2d49bdea26c3534a2 upstream.
syzkaller reports for memory leak when kobject_init_and_add() returns an
error in the function sysfs_slab_add() [1]
When this happened, the function kobject_put() is not called for the
corresponding kobject, which potentially leads to memory leak.
This patch fixes the issue by calling kobject_put() even if
kobject_init_and_add() fails.
[1]
BUG: memory leak
unreferenced object 0xffff8880a6d4be88 (size 8):
comm "syz-executor.3", pid 946, jiffies 4295772514 (age 18.396s)
hex dump (first 8 bytes):
70 69 64 5f 33 00 ff ff pid_3...
backtrace:
kstrdup+0x35/0x70 mm/util.c:60
kstrdup_const+0x3d/0x50 mm/util.c:82
kvasprintf_const+0x112/0x170 lib/kasprintf.c:48
kobject_set_name_vargs+0x55/0x130 lib/kobject.c:289
kobject_add_varg lib/kobject.c:384 [inline]
kobject_init_and_add+0xd8/0x170 lib/kobject.c:473
sysfs_slab_add+0x1d8/0x290 mm/slub.c:5811
__kmem_cache_create+0x50a/0x570 mm/slub.c:4384
create_cache+0x113/0x1e0 mm/slab_common.c:407
kmem_cache_create_usercopy+0x1a1/0x260 mm/slab_common.c:505
kmem_cache_create+0xd/0x10 mm/slab_common.c:564
create_pid_cachep kernel/pid_namespace.c:54 [inline]
create_pid_namespace kernel/pid_namespace.c:96 [inline]
copy_pid_ns+0x77c/0x8f0 kernel/pid_namespace.c:148
create_new_namespaces+0x26b/0xa30 kernel/nsproxy.c:95
unshare_nsproxy_namespaces+0xa7/0x1e0 kernel/nsproxy.c:229
ksys_unshare+0x3d2/0x770 kernel/fork.c:2969
__do_sys_unshare kernel/fork.c:3037 [inline]
__se_sys_unshare kernel/fork.c:3035 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3035
do_syscall_64+0xa1/0x530 arch/x86/entry/common.c:295
Fixes: 80da026a8e5d ("mm/slub: fix slab double-free in case of duplicate sysfs filename")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Link: http://lkml.kernel.org/r/20200602115033.1054-1-wanghai38@huawei.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/slub.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -5738,8 +5738,10 @@ static int sysfs_slab_add(struct kmem_ca
s->kobj.kset = kset;
err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
- if (err)
+ if (err) {
+ kobject_put(&s->kobj);
goto out;
+ }
err = sysfs_create_group(&s->kobj, &slab_attr_group);
if (err)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 085/267] fat: dont allow to mount if the FAT length == 0
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 084/267] mm/slub: fix a memory leak in sysfs_slab_add() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 086/267] perf: Add cond_resched() to task_function_call() Greg Kroah-Hartman
` (183 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6f1624f937d9d6911e2d,
OGAWA Hirofumi, Andrew Morton, Marco Elver, Dmitry Vyukov,
Linus Torvalds
From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
commit b1b65750b8db67834482f758fc385bfa7560d228 upstream.
If FAT length == 0, the image doesn't have any data. And it can be the
cause of overlapping the root dir and FAT entries.
Also Windows treats it as invalid format.
Reported-by: syzbot+6f1624f937d9d6911e2d@syzkaller.appspotmail.com
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Marco Elver <elver@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Link: http://lkml.kernel.org/r/87r1wz8mrd.fsf@mail.parknet.co.jp
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fat/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -1519,6 +1519,12 @@ static int fat_read_bpb(struct super_blo
goto out;
}
+ if (bpb->fat_fat_length == 0 && bpb->fat32_length == 0) {
+ if (!silent)
+ fat_msg(sb, KERN_ERR, "bogus number of FAT sectors");
+ goto out;
+ }
+
error = 0;
out:
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 086/267] perf: Add cond_resched() to task_function_call()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 085/267] fat: dont allow to mount if the FAT length == 0 Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 087/267] agp/intel: Reinforce the barrier after GTT updates Greg Kroah-Hartman
` (182 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+bb4935a5c09b5ff79940,
Barret Rhoden, Peter Zijlstra (Intel)
From: Barret Rhoden <brho@google.com>
commit 2ed6edd33a214bca02bd2b45e3fc3038a059436b upstream.
Under rare circumstances, task_function_call() can repeatedly fail and
cause a soft lockup.
There is a slight race where the process is no longer running on the cpu
we targeted by the time remote_function() runs. The code will simply
try again. If we are very unlucky, this will continue to fail, until a
watchdog fires. This can happen in a heavily loaded, multi-core virtual
machine.
Reported-by: syzbot+bb4935a5c09b5ff79940@syzkaller.appspotmail.com
Signed-off-by: Barret Rhoden <brho@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20200414222920.121401-1-brho@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/core.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -94,11 +94,11 @@ static void remote_function(void *data)
* @info: the function call argument
*
* Calls the function @func when the task is currently running. This might
- * be on the current CPU, which just calls the function directly
+ * be on the current CPU, which just calls the function directly. This will
+ * retry due to any failures in smp_call_function_single(), such as if the
+ * task_cpu() goes offline concurrently.
*
- * returns: @func return value, or
- * -ESRCH - when the process isn't running
- * -EAGAIN - when the process moved away
+ * returns @func return value or -ESRCH when the process isn't running
*/
static int
task_function_call(struct task_struct *p, remote_function_f func, void *info)
@@ -111,11 +111,16 @@ task_function_call(struct task_struct *p
};
int ret;
- do {
- ret = smp_call_function_single(task_cpu(p), remote_function, &data, 1);
- if (!ret)
- ret = data.ret;
- } while (ret == -EAGAIN);
+ for (;;) {
+ ret = smp_call_function_single(task_cpu(p), remote_function,
+ &data, 1);
+ ret = !ret ? data.ret : -EAGAIN;
+
+ if (ret != -EAGAIN)
+ break;
+
+ cond_resched();
+ }
return ret;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 087/267] agp/intel: Reinforce the barrier after GTT updates
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 086/267] perf: Add cond_resched() to task_function_call() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 088/267] mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Greg Kroah-Hartman
` (181 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chris Wilson, Andi Shyti
From: Chris Wilson <chris@chris-wilson.co.uk>
commit f30d3ced9fafa03e4855508929b5b6334907f45e upstream.
After changing the timing between GTT updates and execution on the GPU,
we started seeing sporadic failures on Ironlake. These were narrowed
down to being an insufficiently strong enough barrier/delay after
updating the GTT and scheduling execution on the GPU. By forcing the
uncached read, and adding the missing barrier for the singular
insert_page (relocation paths), the sporadic failures go away.
Fixes: 983d308cb8f6 ("agp/intel: Serialise after GTT updates")
Fixes: 3497971a71d8 ("agp/intel: Flush chipset writes after updating a single PTE")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Acked-by: Andi Shyti <andi.shyti@intel.com>
Cc: stable@vger.kernel.org # v4.0+
Link: https://patchwork.freedesktop.org/patch/msgid/20200410083535.25464-1-chris@chris-wilson.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/agp/intel-gtt.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/char/agp/intel-gtt.c
+++ b/drivers/char/agp/intel-gtt.c
@@ -846,6 +846,7 @@ void intel_gtt_insert_page(dma_addr_t ad
unsigned int flags)
{
intel_private.driver->write_entry(addr, pg, flags);
+ readl(intel_private.gtt + pg);
if (intel_private.driver->chipset_flush)
intel_private.driver->chipset_flush();
}
@@ -871,7 +872,7 @@ void intel_gtt_insert_sg_entries(struct
j++;
}
}
- wmb();
+ readl(intel_private.gtt + j - 1);
if (intel_private.driver->chipset_flush)
intel_private.driver->chipset_flush();
}
@@ -1105,6 +1106,7 @@ static void i9xx_cleanup(void)
static void i9xx_chipset_flush(void)
{
+ wmb();
if (intel_private.i9xx_flush_page)
writel(1, intel_private.i9xx_flush_page);
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 088/267] mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 087/267] agp/intel: Reinforce the barrier after GTT updates Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 089/267] ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Greg Kroah-Hartman
` (180 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Veerabhadrarao Badiganti, Ulf Hansson
From: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
commit 9253d71011c349d5f5cc0cebdf68b4a80811b92d upstream.
Clear tuning_done flag while executing tuning to ensure vendor
specific HS400 settings are applied properly when the controller
is re-initialized in HS400 mode.
Without this, re-initialization of the qcom SDHC in HS400 mode fails
while resuming the driver from runtime-suspend or system-suspend.
Fixes: ff06ce417828 ("mmc: sdhci-msm: Add HS400 platform support")
Cc: stable@vger.kernel.org
Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
Link: https://lore.kernel.org/r/1590678838-18099-1-git-send-email-vbadigan@codeaurora.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-msm.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -1084,6 +1084,12 @@ static int sdhci_msm_execute_tuning(stru
msm_host->use_cdr = true;
/*
+ * Clear tuning_done flag before tuning to ensure proper
+ * HS400 settings.
+ */
+ msm_host->tuning_done = 0;
+
+ /*
* For HS400 tuning in HS200 timing requires:
* - select MCLK/2 in VENDOR_SPEC
* - program MCLK to 400MHz (or nearest supported) in GCC
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 089/267] ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 088/267] mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 090/267] mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() Greg Kroah-Hartman
` (179 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ludovic Desroches, Alexandre Belloni
From: Ludovic Desroches <ludovic.desroches@microchip.com>
commit a1af7f36c70369b971ee1cf679dd68368dad23f0 upstream.
Remove non-removable and mmc-ddr-1_8v properties from the sdmmc0
node which come probably from an unchecked copy/paste.
Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Fixes:42ed535595ec "ARM: dts: at91: introduce the sama5d2 ptc ek board"
Cc: stable@vger.kernel.org # 4.19 and later
Link: https://lore.kernel.org/r/20200401221504.41196-1-ludovic.desroches@microchip.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 --
1 file changed, 2 deletions(-)
--- a/arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts
+++ b/arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts
@@ -125,8 +125,6 @@
bus-width = <8>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_sdmmc0_default>;
- non-removable;
- mmc-ddr-1_8v;
status = "okay";
};
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 090/267] mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 089/267] ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 091/267] xen/pvcalls-back: test for errors when calling backend_connect() Greg Kroah-Hartman
` (178 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ulf Hansson
From: Ulf Hansson <ulf.hansson@linaro.org>
commit f04086c225da11ad16d7f9a2fbca6483ab16dded upstream.
During some scenarios mmc_sdio_init_card() runs a retry path for the UHS-I
specific initialization, which leads to removal of the previously allocated
card. A new card is then re-allocated while retrying.
However, in one of the corresponding error paths we may end up to remove an
already removed card, which likely leads to a NULL pointer exception. So,
let's fix this.
Fixes: 5fc3d80ef496 ("mmc: sdio: don't use rocr to check if the card could support UHS mode")
Cc: <stable@vger.kernel.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20200430091640.455-2-ulf.hansson@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/sdio.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/mmc/core/sdio.c
+++ b/drivers/mmc/core/sdio.c
@@ -720,9 +720,8 @@ try_again:
/* Retry init sequence, but without R4_18V_PRESENT. */
retries = 0;
goto try_again;
- } else {
- goto remove;
}
+ return err;
}
/*
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 091/267] xen/pvcalls-back: test for errors when calling backend_connect()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 090/267] mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 092/267] KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception Greg Kroah-Hartman
` (177 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juergen Gross, Stefano Stabellini,
Boris Ostrovsky
From: Juergen Gross <jgross@suse.com>
commit c8d70a29d6bbc956013f3401f92a4431a9385a3c upstream.
backend_connect() can fail, so switch the device to connected only if
no error occurred.
Fixes: 0a9c75c2c7258f2 ("xen/pvcalls: xenbus state handling")
Cc: stable@vger.kernel.org
Signed-off-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20200511074231.19794-1-jgross@suse.com
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/pvcalls-back.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/xen/pvcalls-back.c
+++ b/drivers/xen/pvcalls-back.c
@@ -1096,7 +1096,8 @@ static void set_backend_state(struct xen
case XenbusStateInitialised:
switch (state) {
case XenbusStateConnected:
- backend_connect(dev);
+ if (backend_connect(dev))
+ return;
xenbus_switch_state(dev, XenbusStateConnected);
break;
case XenbusStateClosing:
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 092/267] KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 091/267] xen/pvcalls-back: test for errors when calling backend_connect() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 093/267] ACPI: GED: use correct trigger type field in _Exx / _Lxx handling Greg Kroah-Hartman
` (176 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, James Morse, Marc Zyngier
From: Marc Zyngier <maz@kernel.org>
commit 0370964dd3ff7d3d406f292cb443a927952cbd05 upstream.
On a VHE system, the EL1 state is left in the CPU most of the time,
and only syncronized back to memory when vcpu_put() is called (most
of the time on preemption).
Which means that when injecting an exception, we'd better have a way
to either:
(1) write directly to the EL1 sysregs
(2) synchronize the state back to memory, and do the changes there
For an AArch64, we already do (1), so we are safe. Unfortunately,
doing the same thing for AArch32 would be pretty invasive. Instead,
we can easily implement (2) by calling the put/load architectural
backends, and keep preemption disabled. We can then reload the
state back into EL1.
Cc: stable@vger.kernel.org
Reported-by: James Morse <james.morse@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/include/asm/kvm_host.h | 2 ++
arch/arm64/include/asm/kvm_host.h | 2 ++
virt/kvm/arm/aarch32.c | 28 ++++++++++++++++++++++++++++
3 files changed, 32 insertions(+)
--- a/arch/arm/include/asm/kvm_host.h
+++ b/arch/arm/include/asm/kvm_host.h
@@ -364,4 +364,6 @@ static inline void kvm_vcpu_put_sysregs(
struct kvm *kvm_arch_alloc_vm(void);
void kvm_arch_free_vm(struct kvm *kvm);
+#define kvm_arm_vcpu_loaded(vcpu) (false)
+
#endif /* __ARM_KVM_HOST_H__ */
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -537,4 +537,6 @@ void kvm_vcpu_put_sysregs(struct kvm_vcp
struct kvm *kvm_arch_alloc_vm(void);
void kvm_arch_free_vm(struct kvm *kvm);
+#define kvm_arm_vcpu_loaded(vcpu) ((vcpu)->arch.sysregs_loaded_on_cpu)
+
#endif /* __ARM64_KVM_HOST_H__ */
--- a/virt/kvm/arm/aarch32.c
+++ b/virt/kvm/arm/aarch32.c
@@ -44,6 +44,26 @@ static const u8 return_offsets[8][2] = {
[7] = { 4, 4 }, /* FIQ, unused */
};
+static bool pre_fault_synchronize(struct kvm_vcpu *vcpu)
+{
+ preempt_disable();
+ if (kvm_arm_vcpu_loaded(vcpu)) {
+ kvm_arch_vcpu_put(vcpu);
+ return true;
+ }
+
+ preempt_enable();
+ return false;
+}
+
+static void post_fault_synchronize(struct kvm_vcpu *vcpu, bool loaded)
+{
+ if (loaded) {
+ kvm_arch_vcpu_load(vcpu, smp_processor_id());
+ preempt_enable();
+ }
+}
+
/*
* When an exception is taken, most CPSR fields are left unchanged in the
* handler. However, some are explicitly overridden (e.g. M[4:0]).
@@ -166,7 +186,10 @@ static void prepare_fault32(struct kvm_v
void kvm_inject_undef32(struct kvm_vcpu *vcpu)
{
+ bool loaded = pre_fault_synchronize(vcpu);
+
prepare_fault32(vcpu, PSR_AA32_MODE_UND, 4);
+ post_fault_synchronize(vcpu, loaded);
}
/*
@@ -179,6 +202,9 @@ static void inject_abt32(struct kvm_vcpu
u32 vect_offset;
u32 *far, *fsr;
bool is_lpae;
+ bool loaded;
+
+ loaded = pre_fault_synchronize(vcpu);
if (is_pabt) {
vect_offset = 12;
@@ -202,6 +228,8 @@ static void inject_abt32(struct kvm_vcpu
/* no need to shuffle FS[4] into DFSR[10] as its 0 */
*fsr = DFSR_FSC_EXTABT_nLPAE;
}
+
+ post_fault_synchronize(vcpu, loaded);
}
void kvm_inject_dabt32(struct kvm_vcpu *vcpu, unsigned long addr)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 093/267] ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 092/267] KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 094/267] drm: bridge: adv7511: Extend list of audio sample rates Greg Kroah-Hartman
` (175 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Rafael J. Wysocki
From: Ard Biesheuvel <ardb@kernel.org>
commit e5c399b0bd6490c12c0af2a9eaa9d7cd805d52c9 upstream.
Commit ea6f3af4c5e63f69 ("ACPI: GED: add support for _Exx / _Lxx handler
methods") added a reference to the 'triggering' field of either the
normal or the extended ACPI IRQ resource struct, but inadvertently used
the wrong pointer in the latter case. Note that both pointers refer to the
same union, and the 'triggering' field appears at the same offset in both
struct types, so it currently happens to work by accident. But let's fix
it nonetheless
Fixes: ea6f3af4c5e63f69 ("ACPI: GED: add support for _Exx / _Lxx handler methods")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/evged.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/acpi/evged.c
+++ b/drivers/acpi/evged.c
@@ -103,7 +103,7 @@ static acpi_status acpi_ged_request_inte
trigger = p->triggering;
} else {
gsi = pext->interrupts[0];
- trigger = p->triggering;
+ trigger = pext->triggering;
}
irq = r.start;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 094/267] drm: bridge: adv7511: Extend list of audio sample rates
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 093/267] ACPI: GED: use correct trigger type field in _Exx / _Lxx handling Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 095/267] crypto: ccp -- dont "select" CONFIG_DMADEVICES Greg Kroah-Hartman
` (174 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bogdan Togorean, Andrzej Hajda, Sasha Levin
From: Bogdan Togorean <bogdan.togorean@analog.com>
[ Upstream commit b97b6a1f6e14a25d1e1ca2a46c5fa3e2ca374e22 ]
ADV7511 support sample rates up to 192kHz. CTS and N parameters should
be computed accordingly so this commit extend the list up to maximum
supported sample rate.
Signed-off-by: Bogdan Togorean <bogdan.togorean@analog.com>
Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200413113513.86091-2-bogdan.togorean@analog.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511_audio.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_audio.c b/drivers/gpu/drm/bridge/adv7511/adv7511_audio.c
index 1b4783d45c53..3a218b56a008 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_audio.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_audio.c
@@ -20,13 +20,15 @@ static void adv7511_calc_cts_n(unsigned int f_tmds, unsigned int fs,
{
switch (fs) {
case 32000:
- *n = 4096;
+ case 48000:
+ case 96000:
+ case 192000:
+ *n = fs * 128 / 1000;
break;
case 44100:
- *n = 6272;
- break;
- case 48000:
- *n = 6144;
+ case 88200:
+ case 176400:
+ *n = fs * 128 / 900;
break;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 095/267] crypto: ccp -- dont "select" CONFIG_DMADEVICES
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 094/267] drm: bridge: adv7511: Extend list of audio sample rates Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 096/267] media: si2157: Better check for running tuner in init Greg Kroah-Hartman
` (173 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Tom Lendacky,
Herbert Xu, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit eebac678556d6927f09a992872f4464cf3aecc76 ]
DMADEVICES is the top-level option for the slave DMA
subsystem, and should not be selected by device drivers,
as this can cause circular dependencies such as:
drivers/net/ethernet/freescale/Kconfig:6:error: recursive dependency detected!
drivers/net/ethernet/freescale/Kconfig:6: symbol NET_VENDOR_FREESCALE depends on PPC_BESTCOMM
drivers/dma/bestcomm/Kconfig:6: symbol PPC_BESTCOMM depends on DMADEVICES
drivers/dma/Kconfig:6: symbol DMADEVICES is selected by CRYPTO_DEV_SP_CCP
drivers/crypto/ccp/Kconfig:10: symbol CRYPTO_DEV_SP_CCP depends on CRYPTO
crypto/Kconfig:16: symbol CRYPTO is selected by LIBCRC32C
lib/Kconfig:222: symbol LIBCRC32C is selected by LIQUIDIO
drivers/net/ethernet/cavium/Kconfig:65: symbol LIQUIDIO depends on PTP_1588_CLOCK
drivers/ptp/Kconfig:8: symbol PTP_1588_CLOCK is implied by FEC
drivers/net/ethernet/freescale/Kconfig:23: symbol FEC depends on NET_VENDOR_FREESCALE
The LIQUIDIO driver causing this problem is addressed in a
separate patch, but this change is needed to prevent it from
happening again.
Using "depends on DMADEVICES" is what we do for all other
implementations of slave DMA controllers as well.
Fixes: b3c2fee5d66b ("crypto: ccp - Ensure all dependencies are specified")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ccp/Kconfig | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index b9dfae47aefd..7f5fc705503d 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -9,10 +9,9 @@ config CRYPTO_DEV_CCP_DD
config CRYPTO_DEV_SP_CCP
bool "Cryptographic Coprocessor device"
default y
- depends on CRYPTO_DEV_CCP_DD
+ depends on CRYPTO_DEV_CCP_DD && DMADEVICES
select HW_RANDOM
select DMA_ENGINE
- select DMADEVICES
select CRYPTO_SHA1
select CRYPTO_SHA256
help
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 096/267] media: si2157: Better check for running tuner in init
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 095/267] crypto: ccp -- dont "select" CONFIG_DMADEVICES Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 097/267] objtool: Ignore empty alternatives Greg Kroah-Hartman
` (172 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brad Love, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
From: Brad Love <brad@nextdimension.cc>
[ Upstream commit e955f959ac52e145f27ff2be9078b646d0352af0 ]
Getting the Xtal trim property to check if running is less error prone.
Reset if_frequency if state is unknown.
Replaces the previous "garbage check".
Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/si2157.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c
index a08d8fe2bb1b..13770b038048 100644
--- a/drivers/media/tuners/si2157.c
+++ b/drivers/media/tuners/si2157.c
@@ -84,24 +84,23 @@ static int si2157_init(struct dvb_frontend *fe)
struct si2157_cmd cmd;
const struct firmware *fw;
const char *fw_name;
- unsigned int uitmp, chip_id;
+ unsigned int chip_id, xtal_trim;
dev_dbg(&client->dev, "\n");
- /* Returned IF frequency is garbage when firmware is not running */
- memcpy(cmd.args, "\x15\x00\x06\x07", 4);
+ /* Try to get Xtal trim property, to verify tuner still running */
+ memcpy(cmd.args, "\x15\x00\x04\x02", 4);
cmd.wlen = 4;
cmd.rlen = 4;
ret = si2157_cmd_execute(client, &cmd);
- if (ret)
- goto err;
- uitmp = cmd.args[2] << 0 | cmd.args[3] << 8;
- dev_dbg(&client->dev, "if_frequency kHz=%u\n", uitmp);
+ xtal_trim = cmd.args[2] | (cmd.args[3] << 8);
- if (uitmp == dev->if_frequency / 1000)
+ if (ret == 0 && xtal_trim < 16)
goto warm;
+ dev->if_frequency = 0; /* we no longer know current tuner state */
+
/* power up */
if (dev->chiptype == SI2157_CHIPTYPE_SI2146) {
memcpy(cmd.args, "\xc0\x05\x01\x00\x00\x0b\x00\x00\x01", 9);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 097/267] objtool: Ignore empty alternatives
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 096/267] media: si2157: Better check for running tuner in init Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 098/267] spi: pxa2xx: Apply CS clk quirk to BXT Greg Kroah-Hartman
` (171 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julien Thierry,
Peter Zijlstra (Intel),
Miroslav Benes, Josh Poimboeuf, Ingo Molnar, Sasha Levin
From: Julien Thierry <jthierry@redhat.com>
[ Upstream commit 7170cf47d16f1ba29eca07fd818870b7af0a93a5 ]
The .alternatives section can contain entries with no original
instructions. Objtool will currently crash when handling such an entry.
Just skip that entry, but still give a warning to discourage useless
entries.
Signed-off-by: Julien Thierry <jthierry@redhat.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/objtool/check.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 4d509734b695..fd3071d83dea 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -801,6 +801,12 @@ static int add_special_section_alts(struct objtool_file *file)
}
if (special_alt->group) {
+ if (!special_alt->orig_len) {
+ WARN_FUNC("empty alternative entry",
+ orig_insn->sec, orig_insn->offset);
+ continue;
+ }
+
ret = handle_group_alt(file, special_alt, orig_insn,
&new_insn);
if (ret)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 098/267] spi: pxa2xx: Apply CS clk quirk to BXT
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 097/267] objtool: Ignore empty alternatives Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 099/267] net: atlantic: make hw_get_regs optional Greg Kroah-Hartman
` (170 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Green, Shobhit Srivastava,
Andy Shevchenko, Mark Brown, Sasha Levin
From: Evan Green <evgreen@chromium.org>
[ Upstream commit 6eefaee4f2d366a389da0eb95e524ba82bf358c4 ]
With a couple allies at Intel, and much badgering, I got confirmation
from Intel that at least BXT suffers from the same SPI chip-select
issue as Cannonlake (and beyond). The issue being that after going
through runtime suspend/resume, toggling the chip-select line without
also sending data does nothing.
Add the quirk to BXT to briefly toggle dynamic clock gating off and
on, forcing the fabric to wake up enough to notice the CS register
change.
Signed-off-by: Evan Green <evgreen@chromium.org>
Cc: Shobhit Srivastava <shobhit.srivastava@intel.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20200427163238.1.Ib1faaabe236e37ea73be9b8dcc6aa034cb3c8804@changeid
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-pxa2xx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c
index 2525fd9c8aa4..eafd0c2135a1 100644
--- a/drivers/spi/spi-pxa2xx.c
+++ b/drivers/spi/spi-pxa2xx.c
@@ -156,6 +156,7 @@ static const struct lpss_config lpss_platforms[] = {
.tx_threshold_hi = 48,
.cs_sel_shift = 8,
.cs_sel_mask = 3 << 8,
+ .cs_clk_stays_gated = true,
},
{ /* LPSS_CNL_SSP */
.offset = 0x200,
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 099/267] net: atlantic: make hw_get_regs optional
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 098/267] spi: pxa2xx: Apply CS clk quirk to BXT Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 100/267] net: ena: fix error returning in ena_com_get_hash_function() Greg Kroah-Hartman
` (169 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Starovoytov, David S. Miller,
Sasha Levin
From: Mark Starovoytov <mstarovoitov@marvell.com>
[ Upstream commit d0f23741c202c685447050713907f3be39a985ee ]
This patch fixes potential crash in case if hw_get_regs is NULL.
Signed-off-by: Mark Starovoytov <mstarovoitov@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
index 15dcfb6704e5..adac5df0d6b4 100644
--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
@@ -620,6 +620,9 @@ int aq_nic_get_regs(struct aq_nic_s *self, struct ethtool_regs *regs, void *p)
u32 *regs_buff = p;
int err = 0;
+ if (unlikely(!self->aq_hw_ops->hw_get_regs))
+ return -EOPNOTSUPP;
+
regs->version = 1;
err = self->aq_hw_ops->hw_get_regs(self->aq_hw,
@@ -634,6 +637,9 @@ err_exit:
int aq_nic_get_regs_count(struct aq_nic_s *self)
{
+ if (unlikely(!self->aq_hw_ops->hw_get_regs))
+ return 0;
+
return self->aq_nic_cfg.aq_hw_caps->mac_regs_count;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 100/267] net: ena: fix error returning in ena_com_get_hash_function()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 099/267] net: atlantic: make hw_get_regs optional Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 101/267] efi/libstub/x86: Work around LLVM ELF quirk build regression Greg Kroah-Hartman
` (168 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sameeh Jubran, Arthur Kiyanovski,
David S. Miller, Sasha Levin
From: Arthur Kiyanovski <akiyano@amazon.com>
[ Upstream commit e9a1de378dd46375f9abfd8de1e6f59ee114a793 ]
In case the "func" parameter is NULL we now return "-EINVAL".
This shouldn't happen in general, but when it does happen, this is the
proper way to handle it.
We also check func for NULL in the beginning of the function, as there
is no reason to do all the work and realize in the end of the function
it was useless.
Signed-off-by: Sameeh Jubran <sameehj@amazon.com>
Signed-off-by: Arthur Kiyanovski <akiyano@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amazon/ena/ena_com.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index 3afc0e59a2bd..d07f7f65169a 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -2137,6 +2137,9 @@ int ena_com_get_hash_function(struct ena_com_dev *ena_dev,
rss->hash_key;
int rc;
+ if (unlikely(!func))
+ return -EINVAL;
+
rc = ena_com_get_feature_ex(ena_dev, &get_resp,
ENA_ADMIN_RSS_HASH_FUNCTION,
rss->hash_key_dma_addr,
@@ -2149,8 +2152,7 @@ int ena_com_get_hash_function(struct ena_com_dev *ena_dev,
if (rss->hash_func)
rss->hash_func--;
- if (func)
- *func = rss->hash_func;
+ *func = rss->hash_func;
if (key)
memcpy(key, hash_key->key, (size_t)(hash_key->keys_num) << 2);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 101/267] efi/libstub/x86: Work around LLVM ELF quirk build regression
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 100/267] net: ena: fix error returning in ena_com_get_hash_function() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 102/267] arm64: cacheflush: Fix KGDB trap detection Greg Kroah-Hartman
` (167 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nick Desaulniers,
Peter Collingbourne, Sami Tolvanen, Arnd Bergmann, Fangrui Song,
Ard Biesheuvel, Sasha Levin
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit f77767ed5f4d398b29119563155e4ece2dfeee13 ]
When building the x86 EFI stub with Clang, the libstub Makefile rules
that manipulate the ELF object files may throw an error like:
STUBCPY drivers/firmware/efi/libstub/efi-stub-helper.stub.o
strip: drivers/firmware/efi/libstub/efi-stub-helper.stub.o: Failed to find link section for section 10
objcopy: drivers/firmware/efi/libstub/efi-stub-helper.stub.o: Failed to find link section for section 10
This is the result of a LLVM feature [0] where symbol references are
stored in a LLVM specific .llvm_addrsig section in a non-transparent way,
causing generic ELF tools such as strip or objcopy to choke on them.
So force the compiler not to emit these sections, by passing the
appropriate command line option.
[0] https://sourceware.org/bugzilla/show_bug.cgi?id=23817
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Peter Collingbourne <pcc@google.com>
Cc: Sami Tolvanen <samitolvanen@google.com>
Reported-by: Arnd Bergmann <arnd@arndb.de>
Suggested-by: Fangrui Song <maskray@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/libstub/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index d9845099635e..d3777d754984 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -28,6 +28,7 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \
-D__NO_FORTIFY \
$(call cc-option,-ffreestanding) \
$(call cc-option,-fno-stack-protector) \
+ $(call cc-option,-fno-addrsig) \
-D__DISABLE_EXPORTS
GCOV_PROFILE := n
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 102/267] arm64: cacheflush: Fix KGDB trap detection
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 101/267] efi/libstub/x86: Work around LLVM ELF quirk build regression Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 103/267] spi: dw: Zero DMA Tx and Rx configurations on stack Greg Kroah-Hartman
` (166 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Thompson, Douglas Anderson,
Will Deacon, Sasha Levin
From: Daniel Thompson <daniel.thompson@linaro.org>
[ Upstream commit ab8ad279ceac4fc78ae4dcf1a26326e05695e537 ]
flush_icache_range() contains a bodge to avoid issuing IPIs when the kgdb
trap handler is running because issuing IPIs is unsafe (and not needed)
in this execution context. However the current test, based on
kgdb_connected is flawed: it both over-matches and under-matches.
The over match occurs because kgdb_connected is set when gdb attaches
to the stub and remains set during normal running. This is relatively
harmelss because in almost all cases irq_disabled() will be false.
The under match is more serious. When kdb is used instead of kgdb to access
the debugger then kgdb_connected is not set in all the places that the
debug core updates sw breakpoints (and hence flushes the icache). This
can lead to deadlock.
Fix by replacing the ad-hoc check with the proper kgdb macro. This also
allows us to drop the #ifdef wrapper.
Fixes: 3b8c9f1cdfc5 ("arm64: IPI each CPU after invalidating the I-cache for kernel mappings")
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20200504170518.2959478-1-daniel.thompson@linaro.org
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/cacheflush.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/cacheflush.h b/arch/arm64/include/asm/cacheflush.h
index 19844211a4e6..a449a1c602d3 100644
--- a/arch/arm64/include/asm/cacheflush.h
+++ b/arch/arm64/include/asm/cacheflush.h
@@ -90,7 +90,7 @@ static inline void flush_icache_range(unsigned long start, unsigned long end)
* IPI all online CPUs so that they undergo a context synchronization
* event and are forced to refetch the new instructions.
*/
-#ifdef CONFIG_KGDB
+
/*
* KGDB performs cache maintenance with interrupts disabled, so we
* will deadlock trying to IPI the secondary CPUs. In theory, we can
@@ -100,9 +100,9 @@ static inline void flush_icache_range(unsigned long start, unsigned long end)
* the patching operation, so we don't need extra IPIs here anyway.
* In which case, add a KGDB-specific bodge and return early.
*/
- if (kgdb_connected && irqs_disabled())
+ if (in_dbg_master())
return;
-#endif
+
kick_all_cpus_sync();
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 103/267] spi: dw: Zero DMA Tx and Rx configurations on stack
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 102/267] arm64: cacheflush: Fix KGDB trap detection Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 104/267] arm64: insn: Fix two bugs in encoding 32-bit logical immediates Greg Kroah-Hartman
` (165 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Feng Tang,
Mark Brown, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 3cb97e223d277f84171cc4ccecab31e08b2ee7b5 ]
Some DMA controller drivers do not tolerate non-zero values in
the DMA configuration structures. Zero them to avoid issues with
such DMA controller drivers. Even despite above this is a good
practice per se.
Fixes: 7063c0d942a1 ("spi/dw_spi: add DMA support")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Feng Tang <feng.tang@intel.com>
Cc: Feng Tang <feng.tang@intel.com>
Link: https://lore.kernel.org/r/20200506153025.21441-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-mid.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c
index 3db905f5f345..f7ec8b98e6db 100644
--- a/drivers/spi/spi-dw-mid.c
+++ b/drivers/spi/spi-dw-mid.c
@@ -155,6 +155,7 @@ static struct dma_async_tx_descriptor *dw_spi_dma_prepare_tx(struct dw_spi *dws,
if (!xfer->tx_buf)
return NULL;
+ memset(&txconf, 0, sizeof(txconf));
txconf.direction = DMA_MEM_TO_DEV;
txconf.dst_addr = dws->dma_addr;
txconf.dst_maxburst = 16;
@@ -201,6 +202,7 @@ static struct dma_async_tx_descriptor *dw_spi_dma_prepare_rx(struct dw_spi *dws,
if (!xfer->rx_buf)
return NULL;
+ memset(&rxconf, 0, sizeof(rxconf));
rxconf.direction = DMA_DEV_TO_MEM;
rxconf.src_addr = dws->dma_addr;
rxconf.src_maxburst = 16;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 104/267] arm64: insn: Fix two bugs in encoding 32-bit logical immediates
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 103/267] spi: dw: Zero DMA Tx and Rx configurations on stack Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 105/267] ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K Greg Kroah-Hartman
` (164 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Xi Wang, Luke Nelson,
Marc Zyngier, Sasha Levin
From: Luke Nelson <lukenels@cs.washington.edu>
[ Upstream commit 579d1b3faa3735e781ff74aac0afd598515dbc63 ]
This patch fixes two issues present in the current function for encoding
arm64 logical immediates when using the 32-bit variants of instructions.
First, the code does not correctly reject an all-ones 32-bit immediate,
and returns an undefined instruction encoding.
Second, the code incorrectly rejects some 32-bit immediates that are
actually encodable as logical immediates. The root cause is that the code
uses a default mask of 64-bit all-ones, even for 32-bit immediates.
This causes an issue later on when the default mask is used to fill the
top bits of the immediate with ones, shown here:
/*
* Pattern: 0..01..10..01..1
*
* Fill the unused top bits with ones, and check if
* the result is a valid immediate (all ones with a
* contiguous ranges of zeroes).
*/
imm |= ~mask;
if (!range_of_ones(~imm))
return AARCH64_BREAK_FAULT;
To see the problem, consider an immediate of the form 0..01..10..01..1,
where the upper 32 bits are zero, such as 0x80000001. The code checks
if ~(imm | ~mask) contains a range of ones: the incorrect mask yields
1..10..01..10..0, which fails the check; the correct mask yields
0..01..10..0, which succeeds.
The fix for both issues is to generate a correct mask based on the
instruction immediate size, and use the mask to check for all-ones,
all-zeroes, and values wider than the mask.
Currently, arch/arm64/kvm/va_layout.c is the only user of this function,
which uses 64-bit immediates and therefore won't trigger these bugs.
We tested the new code against llvm-mc with all 1,302 encodable 32-bit
logical immediates and all 5,334 encodable 64-bit logical immediates.
Fixes: ef3935eeebff ("arm64: insn: Add encoder for bitwise operations using literals")
Suggested-by: Will Deacon <will@kernel.org>
Co-developed-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200508181547.24783-2-luke.r.nels@gmail.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/insn.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c
index 3e6229e30109..cd37edbdedcb 100644
--- a/arch/arm64/kernel/insn.c
+++ b/arch/arm64/kernel/insn.c
@@ -1490,16 +1490,10 @@ static u32 aarch64_encode_immediate(u64 imm,
u32 insn)
{
unsigned int immr, imms, n, ones, ror, esz, tmp;
- u64 mask = ~0UL;
-
- /* Can't encode full zeroes or full ones */
- if (!imm || !~imm)
- return AARCH64_BREAK_FAULT;
+ u64 mask;
switch (variant) {
case AARCH64_INSN_VARIANT_32BIT:
- if (upper_32_bits(imm))
- return AARCH64_BREAK_FAULT;
esz = 32;
break;
case AARCH64_INSN_VARIANT_64BIT:
@@ -1511,6 +1505,12 @@ static u32 aarch64_encode_immediate(u64 imm,
return AARCH64_BREAK_FAULT;
}
+ mask = GENMASK(esz - 1, 0);
+
+ /* Can't encode full zeroes, full ones, or value wider than the mask */
+ if (!imm || imm == mask || imm & ~mask)
+ return AARCH64_BREAK_FAULT;
+
/*
* Inverse of Replicate(). Try to spot a repeating pattern
* with a pow2 stride.
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 105/267] ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 104/267] arm64: insn: Fix two bugs in encoding 32-bit logical immediates Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 106/267] MIPS: Loongson: Build ATI Radeon GPU driver as module Greg Kroah-Hartman
` (163 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jesper Dangaard Brouer,
Alexei Starovoitov, Jeff Kirsher, Sasha Levin
From: Jesper Dangaard Brouer <brouer@redhat.com>
[ Upstream commit 88eb0ee17b2ece64fcf6689a4557a5c2e7a89c4b ]
The ixgbe driver have another memory model when compiled on archs with
PAGE_SIZE above 4096 bytes. In this mode it doesn't split the page in
two halves, but instead increment rx_buffer->page_offset by truesize of
packet (which include headroom and tailroom for skb_shared_info).
This is done correctly in ixgbe_build_skb(), but in ixgbe_rx_buffer_flip
which is currently only called on XDP_TX and XDP_REDIRECT, it forgets
to add the tailroom for skb_shared_info. This breaks XDP_REDIRECT, for
veth and cpumap. Fix by adding size of skb_shared_info tailroom.
Maintainers notice: This fix have been queued to Jeff.
Fixes: 6453073987ba ("ixgbe: add initial support for xdp redirect")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Link: https://lore.kernel.org/bpf/158945344946.97035.17031588499266605743.stgit@firesoul
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 8177276500f5..7d723b70fcf6 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -2258,7 +2258,8 @@ static void ixgbe_rx_buffer_flip(struct ixgbe_ring *rx_ring,
rx_buffer->page_offset ^= truesize;
#else
unsigned int truesize = ring_uses_build_skb(rx_ring) ?
- SKB_DATA_ALIGN(IXGBE_SKB_PAD + size) :
+ SKB_DATA_ALIGN(IXGBE_SKB_PAD + size) +
+ SKB_DATA_ALIGN(sizeof(struct skb_shared_info)) :
SKB_DATA_ALIGN(size);
rx_buffer->page_offset += truesize;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 106/267] MIPS: Loongson: Build ATI Radeon GPU driver as module
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 105/267] ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 107/267] Bluetooth: Add SCO fallback for invalid LMP parameters error Greg Kroah-Hartman
` (162 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tiezhu Yang, Thomas Bogendoerfer,
Sasha Levin
From: Tiezhu Yang <yangtiezhu@loongson.cn>
[ Upstream commit a44de7497f91834df0b8b6d459e259788ba66794 ]
When ATI Radeon GPU driver has been compiled directly into the kernel
instead of as a module, we should make sure the firmware for the model
(check available ones in /lib/firmware/radeon) is built-in to the kernel
as well, otherwise there exists the following fatal error during GPU init,
change CONFIG_DRM_RADEON=y to CONFIG_DRM_RADEON=m to fix it.
[ 1.900997] [drm] Loading RS780 Microcode
[ 1.905077] radeon 0000:01:05.0: Direct firmware load for radeon/RS780_pfp.bin failed with error -2
[ 1.914140] r600_cp: Failed to load firmware "radeon/RS780_pfp.bin"
[ 1.920405] [drm:r600_init] *ERROR* Failed to load firmware!
[ 1.926069] radeon 0000:01:05.0: Fatal error during GPU init
[ 1.931729] [drm] radeon: finishing device.
Fixes: 024e6a8b5bb1 ("MIPS: Loongson: Add a Loongson-3 default config file")
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/configs/loongson3_defconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/configs/loongson3_defconfig b/arch/mips/configs/loongson3_defconfig
index 324dfee23dfb..c871e40b8878 100644
--- a/arch/mips/configs/loongson3_defconfig
+++ b/arch/mips/configs/loongson3_defconfig
@@ -250,7 +250,7 @@ CONFIG_MEDIA_CAMERA_SUPPORT=y
CONFIG_MEDIA_USB_SUPPORT=y
CONFIG_USB_VIDEO_CLASS=m
CONFIG_DRM=y
-CONFIG_DRM_RADEON=y
+CONFIG_DRM_RADEON=m
CONFIG_FB_RADEON=y
CONFIG_LCD_CLASS_DEVICE=y
CONFIG_LCD_PLATFORM=m
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 107/267] Bluetooth: Add SCO fallback for invalid LMP parameters error
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 106/267] MIPS: Loongson: Build ATI Radeon GPU driver as module Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 108/267] kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb Greg Kroah-Hartman
` (161 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hsin-Yu Chao, Marcel Holtmann, Sasha Levin
From: Hsin-Yu Chao <hychao@chromium.org>
[ Upstream commit 56b5453a86203a44726f523b4133c1feca49ce7c ]
Bluetooth PTS test case HFP/AG/ACC/BI-12-I accepts SCO connection
with invalid parameter at the first SCO request expecting AG to
attempt another SCO request with the use of "safe settings" for
given codec, base on section 5.7.1.2 of HFP 1.7 specification.
This patch addresses it by adding "Invalid LMP Parameters" (0x1e)
to the SCO fallback case. Verified with below log:
< HCI Command: Setup Synchronous Connection (0x01|0x0028) plen 17
Handle: 256
Transmit bandwidth: 8000
Receive bandwidth: 8000
Max latency: 13
Setting: 0x0003
Input Coding: Linear
Input Data Format: 1's complement
Input Sample Size: 8-bit
# of bits padding at MSB: 0
Air Coding Format: Transparent Data
Retransmission effort: Optimize for link quality (0x02)
Packet type: 0x0380
3-EV3 may not be used
2-EV5 may not be used
3-EV5 may not be used
> HCI Event: Command Status (0x0f) plen 4
Setup Synchronous Connection (0x01|0x0028) ncmd 1
Status: Success (0x00)
> HCI Event: Number of Completed Packets (0x13) plen 5
Num handles: 1
Handle: 256
Count: 1
> HCI Event: Max Slots Change (0x1b) plen 3
Handle: 256
Max slots: 1
> HCI Event: Synchronous Connect Complete (0x2c) plen 17
Status: Invalid LMP Parameters / Invalid LL Parameters (0x1e)
Handle: 0
Address: 00:1B:DC:F2:21:59 (OUI 00-1B-DC)
Link type: eSCO (0x02)
Transmission interval: 0x00
Retransmission window: 0x02
RX packet length: 0
TX packet length: 0
Air mode: Transparent (0x03)
< HCI Command: Setup Synchronous Connection (0x01|0x0028) plen 17
Handle: 256
Transmit bandwidth: 8000
Receive bandwidth: 8000
Max latency: 8
Setting: 0x0003
Input Coding: Linear
Input Data Format: 1's complement
Input Sample Size: 8-bit
# of bits padding at MSB: 0
Air Coding Format: Transparent Data
Retransmission effort: Optimize for link quality (0x02)
Packet type: 0x03c8
EV3 may be used
2-EV3 may not be used
3-EV3 may not be used
2-EV5 may not be used
3-EV5 may not be used
> HCI Event: Command Status (0x0f) plen 4
Setup Synchronous Connection (0x01|0x0028) ncmd 1
Status: Success (0x00)
> HCI Event: Max Slots Change (0x1b) plen 3
Handle: 256
Max slots: 5
> HCI Event: Max Slots Change (0x1b) plen 3
Handle: 256
Max slots: 1
> HCI Event: Synchronous Connect Complete (0x2c) plen 17
Status: Success (0x00)
Handle: 257
Address: 00:1B:DC:F2:21:59 (OUI 00-1B-DC)
Link type: eSCO (0x02)
Transmission interval: 0x06
Retransmission window: 0x04
RX packet length: 30
TX packet length: 30
Air mode: Transparent (0x03)
Signed-off-by: Hsin-Yu Chao <hychao@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_event.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 3e7badb3ac2d..a044e6bb12b8 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -4097,6 +4097,7 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
case 0x11: /* Unsupported Feature or Parameter Value */
case 0x1c: /* SCO interval rejected */
case 0x1a: /* Unsupported Remote Feature */
+ case 0x1e: /* Invalid LMP Parameters */
case 0x1f: /* Unspecified error */
case 0x20: /* Unsupported LMP Parameter value */
if (conn->out) {
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 108/267] kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 107/267] Bluetooth: Add SCO fallback for invalid LMP parameters error Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 109/267] kgdb: Prevent infinite recursive entries to the debugger Greg Kroah-Hartman
` (160 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Daniel Thompson,
Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 202164fbfa2b2ffa3e66b504e0f126ba9a745006 ]
In commit 81eaadcae81b ("kgdboc: disable the console lock when in
kgdb") we avoided the WARN_CONSOLE_UNLOCKED() yell when we were in
kgdboc. That still works fine, but it turns out that we get a similar
yell when using other I/O drivers. One example is the "I/O driver"
for the kgdb test suite (kgdbts). When I enabled that I again got the
same yells.
Even though "kgdbts" doesn't actually interact with the user over the
console, using it still causes kgdb to print to the consoles. That
trips the same warning:
con_is_visible+0x60/0x68
con_scroll+0x110/0x1b8
lf+0x4c/0xc8
vt_console_print+0x1b8/0x348
vkdb_printf+0x320/0x89c
kdb_printf+0x68/0x90
kdb_main_loop+0x190/0x860
kdb_stub+0x2cc/0x3ec
kgdb_cpu_enter+0x268/0x744
kgdb_handle_exception+0x1a4/0x200
kgdb_compiled_brk_fn+0x34/0x44
brk_handler+0x7c/0xb8
do_debug_exception+0x1b4/0x228
Let's increment/decrement the "ignore_console_lock_warning" variable
all the time when we enter the debugger.
This will allow us to later revert commit 81eaadcae81b ("kgdboc:
disable the console lock when in kgdb").
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://lore.kernel.org/r/20200507130644.v4.1.Ied2b058357152ebcc8bf68edd6f20a11d98d7d4e@changeid
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/debug/debug_core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
index 94aa9ae0007a..d2799767aab8 100644
--- a/kernel/debug/debug_core.c
+++ b/kernel/debug/debug_core.c
@@ -577,6 +577,8 @@ return_normal:
if (kgdb_skipexception(ks->ex_vector, ks->linux_regs))
goto kgdb_restore;
+ atomic_inc(&ignore_console_lock_warning);
+
/* Call the I/O driver's pre_exception routine */
if (dbg_io_ops->pre_exception)
dbg_io_ops->pre_exception();
@@ -649,6 +651,8 @@ cpu_master_loop:
if (dbg_io_ops->post_exception)
dbg_io_ops->post_exception();
+ atomic_dec(&ignore_console_lock_warning);
+
if (!kgdb_single_step) {
raw_spin_unlock(&dbg_slave_lock);
/* Wait till all the CPUs have quit from the debugger. */
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 109/267] kgdb: Prevent infinite recursive entries to the debugger
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 108/267] kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 110/267] spi: dw: Enable interrupts in accordance with DMA xfer mode Greg Kroah-Hartman
` (159 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Daniel Thompson,
Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 3ca676e4ca60d1834bb77535dafe24169cadacef ]
If we detect that we recursively entered the debugger we should hack
our I/O ops to NULL so that the panic() in the next line won't
actually cause another recursion into the debugger. The first line of
kgdb_panic() will check this and return.
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://lore.kernel.org/r/20200507130644.v4.6.I89de39f68736c9de610e6f241e68d8dbc44bc266@changeid
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/debug/debug_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
index d2799767aab8..6a1dc2613bb9 100644
--- a/kernel/debug/debug_core.c
+++ b/kernel/debug/debug_core.c
@@ -444,6 +444,7 @@ static int kgdb_reenter_check(struct kgdb_state *ks)
if (exception_level > 1) {
dump_stack();
+ kgdb_io_module_registered = false;
panic("Recursive entry to debugger");
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 110/267] spi: dw: Enable interrupts in accordance with DMA xfer mode
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 109/267] kgdb: Prevent infinite recursive entries to the debugger Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 111/267] clocksource: dw_apb_timer: Make CPU-affiliation being optional Greg Kroah-Hartman
` (158 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Georgy Vlasov, Serge Semin,
Ramil Zaripov, Alexey Malahov, Thomas Bogendoerfer, Paul Burton,
Ralf Baechle, Arnd Bergmann, Andy Shevchenko, Rob Herring,
linux-mips, devicetree, Mark Brown, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 43dba9f3f98c2b184a19f856f06fe22817bfd9e0 ]
It's pointless to track the Tx overrun interrupts if Rx-only SPI
transfer is issued. Similarly there is no need in handling the Rx
overrun/underrun interrupts if Tx-only SPI transfer is executed.
So lets unmask the interrupts only if corresponding SPI
transactions are implied.
Co-developed-by: Georgy Vlasov <Georgy.Vlasov@baikalelectronics.ru>
Signed-off-by: Georgy Vlasov <Georgy.Vlasov@baikalelectronics.ru>
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Cc: Ramil Zaripov <Ramil.Zaripov@baikalelectronics.ru>
Cc: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Paul Burton <paulburton@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: devicetree@vger.kernel.org
Link: https://lore.kernel.org/r/20200522000806.7381-3-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-mid.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c
index f7ec8b98e6db..e1b34ef9a31c 100644
--- a/drivers/spi/spi-dw-mid.c
+++ b/drivers/spi/spi-dw-mid.c
@@ -228,19 +228,23 @@ static struct dma_async_tx_descriptor *dw_spi_dma_prepare_rx(struct dw_spi *dws,
static int mid_spi_dma_setup(struct dw_spi *dws, struct spi_transfer *xfer)
{
- u16 dma_ctrl = 0;
+ u16 imr = 0, dma_ctrl = 0;
dw_writel(dws, DW_SPI_DMARDLR, 0xf);
dw_writel(dws, DW_SPI_DMATDLR, 0x10);
- if (xfer->tx_buf)
+ if (xfer->tx_buf) {
dma_ctrl |= SPI_DMA_TDMAE;
- if (xfer->rx_buf)
+ imr |= SPI_INT_TXOI;
+ }
+ if (xfer->rx_buf) {
dma_ctrl |= SPI_DMA_RDMAE;
+ imr |= SPI_INT_RXUI | SPI_INT_RXOI;
+ }
dw_writel(dws, DW_SPI_DMACR, dma_ctrl);
/* Set the interrupt mask */
- spi_umask_intr(dws, SPI_INT_TXOI | SPI_INT_RXUI | SPI_INT_RXOI);
+ spi_umask_intr(dws, imr);
dws->transfer_handler = dma_transfer;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 111/267] clocksource: dw_apb_timer: Make CPU-affiliation being optional
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 110/267] spi: dw: Enable interrupts in accordance with DMA xfer mode Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 112/267] clocksource: dw_apb_timer_of: Fix missing clockevent timers Greg Kroah-Hartman
` (157 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Alexey Malahov,
Thomas Bogendoerfer, Paul Burton, Ralf Baechle, Alessandro Zummo,
Alexandre Belloni, Arnd Bergmann, Rob Herring, linux-mips,
linux-rtc, devicetree, Daniel Lezcano, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit cee43dbf2ee3f430434e2b66994eff8a1aeda889 ]
Currently the DW APB Timer driver binds each clockevent timers to a
particular CPU. This isn't good for multiple reasons. First of all seeing
the device is placed on APB bus (which makes it accessible from any CPU
core), accessible over MMIO and having the DYNIRQ flag set we can be sure
that manually binding the timer to any CPU just isn't correct. By doing
so we just set an extra limitation on device usage. This also doesn't
reflect the device actual capability, since by setting the IRQ affinity
we can make it virtually local to any CPU. Secondly imagine if you had a
real CPU-local timer with the same rating and the same CPU-affinity.
In this case if DW APB timer was registered first, then due to the
clockevent framework tick-timer selection procedure we'll end up with the
real CPU-local timer being left unselected for clock-events tracking. But
on most of the platforms (MIPS/ARM/etc) such timers are normally embedded
into the CPU core and are accessible with much better performance then
devices placed on APB. For instance in MIPS architectures there is
r4k-timer, which is CPU-local, assigned with the same rating, and normally
its clockevent device is registered after the platform-specific one.
So in order to fix all of these issues let's make the DW APB Timer CPU
affinity being optional and deactivated by passing a negative CPU id,
which will effectively set the DW APB clockevent timer cpumask to
'cpu_possible_mask'.
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Cc: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Paul Burton <paulburton@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-rtc@vger.kernel.org
Cc: devicetree@vger.kernel.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20200521204818.25436-5-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/dw_apb_timer.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/clocksource/dw_apb_timer.c b/drivers/clocksource/dw_apb_timer.c
index 1f5f734e4919..a018199575e3 100644
--- a/drivers/clocksource/dw_apb_timer.c
+++ b/drivers/clocksource/dw_apb_timer.c
@@ -225,7 +225,8 @@ static int apbt_next_event(unsigned long delta,
/**
* dw_apb_clockevent_init() - use an APB timer as a clock_event_device
*
- * @cpu: The CPU the events will be targeted at.
+ * @cpu: The CPU the events will be targeted at or -1 if CPU affiliation
+ * isn't required.
* @name: The name used for the timer and the IRQ for it.
* @rating: The rating to give the timer.
* @base: I/O base for the timer registers.
@@ -260,7 +261,7 @@ dw_apb_clockevent_init(int cpu, const char *name, unsigned rating,
dw_ced->ced.max_delta_ticks = 0x7fffffff;
dw_ced->ced.min_delta_ns = clockevent_delta2ns(5000, &dw_ced->ced);
dw_ced->ced.min_delta_ticks = 5000;
- dw_ced->ced.cpumask = cpumask_of(cpu);
+ dw_ced->ced.cpumask = cpu < 0 ? cpu_possible_mask : cpumask_of(cpu);
dw_ced->ced.features = CLOCK_EVT_FEAT_PERIODIC |
CLOCK_EVT_FEAT_ONESHOT | CLOCK_EVT_FEAT_DYNIRQ;
dw_ced->ced.set_state_shutdown = apbt_shutdown;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 112/267] clocksource: dw_apb_timer_of: Fix missing clockevent timers
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 111/267] clocksource: dw_apb_timer: Make CPU-affiliation being optional Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 113/267] btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums Greg Kroah-Hartman
` (156 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Alexey Malahov,
Thomas Bogendoerfer, Paul Burton, Ralf Baechle, Alessandro Zummo,
Alexandre Belloni, Arnd Bergmann, Rob Herring, linux-mips,
linux-rtc, devicetree, Daniel Lezcano, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 6d2e16a3181bafb77b535095c39ad1c8b9558c8c ]
Commit 100214889973 ("clocksource: dw_apb_timer_of: use
clocksource_of_init") replaced a publicly available driver
initialization method with one called by the timer_probe() method
available after CLKSRC_OF. In current implementation it traverses
all the timers available in the system and calls their initialization
methods if corresponding devices were either in dtb or in acpi. But
if before the commit any number of available timers would be installed
as clockevent and clocksource devices, after that there would be at most
two. The rest are just ignored since default case branch doesn't do
anything. I don't see a reason of such behaviour, neither the commit
message explains it. Moreover this might be wrong if on some platforms
these timers might be used for different purpose, as virtually CPU-local
clockevent timers and as an independent broadcast timer. So in order
to keep the compatibility with the platforms where the order of the
timers detection has some meaning, lets add the secondly discovered
timer to be of clocksource/sched_clock type, while the very first and
the others would provide the clockevents service.
Fixes: 100214889973 ("clocksource: dw_apb_timer_of: use clocksource_of_init")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Cc: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Paul Burton <paulburton@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-rtc@vger.kernel.org
Cc: devicetree@vger.kernel.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20200521204818.25436-7-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/dw_apb_timer_of.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/clocksource/dw_apb_timer_of.c b/drivers/clocksource/dw_apb_timer_of.c
index 69866cd8f4bb..3e4d0e5733d3 100644
--- a/drivers/clocksource/dw_apb_timer_of.c
+++ b/drivers/clocksource/dw_apb_timer_of.c
@@ -146,10 +146,6 @@ static int num_called;
static int __init dw_apb_timer_init(struct device_node *timer)
{
switch (num_called) {
- case 0:
- pr_debug("%s: found clockevent timer\n", __func__);
- add_clockevent(timer);
- break;
case 1:
pr_debug("%s: found clocksource timer\n", __func__);
add_clocksource(timer);
@@ -160,6 +156,8 @@ static int __init dw_apb_timer_init(struct device_node *timer)
#endif
break;
default:
+ pr_debug("%s: found clockevent timer\n", __func__);
+ add_clockevent(timer);
break;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 113/267] btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 112/267] clocksource: dw_apb_timer_of: Fix missing clockevent timers Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 114/267] ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE Greg Kroah-Hartman
` (155 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit 7e4a3f7ed5d54926ec671bbb13e171cfe179cc50 ]
We are currently treating any non-zero return value from btrfs_next_leaf()
the same way, by going to the code that inserts a new checksum item in the
tree. However if btrfs_next_leaf() returns an error (a value < 0), we
should just stop and return the error, and not behave as if nothing has
happened, since in that case we do not have a way to know if there is a
next leaf or we are currently at the last leaf already.
So fix that by returning the error from btrfs_next_leaf().
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/file-item.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c
index f9e280d0b44f..1b8a04b767ff 100644
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -785,10 +785,12 @@ again:
nritems = btrfs_header_nritems(path->nodes[0]);
if (!nritems || (path->slots[0] >= nritems - 1)) {
ret = btrfs_next_leaf(root, path);
- if (ret == 1)
+ if (ret < 0) {
+ goto out;
+ } else if (ret > 0) {
found_next = 1;
- if (ret != 0)
goto insert;
+ }
slot = path->slots[0];
}
btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 114/267] ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 113/267] btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 115/267] batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" Greg Kroah-Hartman
` (154 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ard Biesheuvel, Florian Fainelli,
Linus Walleij, Russell King, Sasha Levin
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit e1de94380af588bdf6ad6f0cc1f75004c35bc096 ]
Recent work with KASan exposed the folling hard-coded bitmask
in arch/arm/mm/proc-macros.S:
bic rd, sp, #8128
bic rd, rd, #63
This forms the bitmask 0x1FFF that is coinciding with
(PAGE_SIZE << THREAD_SIZE_ORDER) - 1, this code was assuming
that THREAD_SIZE is always 8K (8192).
As KASan was increasing THREAD_SIZE_ORDER to 2, I ran into
this bug.
Fix it by this little oneline suggested by Ard:
bic rd, sp, #(THREAD_SIZE - 1) & ~63
Where THREAD_SIZE is defined using THREAD_SIZE_ORDER.
We have to also include <linux/const.h> since the THREAD_SIZE
expands to use the _AC() macro.
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/proc-macros.S | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mm/proc-macros.S b/arch/arm/mm/proc-macros.S
index 5461d589a1e2..60ac7c5999a9 100644
--- a/arch/arm/mm/proc-macros.S
+++ b/arch/arm/mm/proc-macros.S
@@ -5,6 +5,7 @@
* VMA_VM_FLAGS
* VM_EXEC
*/
+#include <linux/const.h>
#include <asm/asm-offsets.h>
#include <asm/thread_info.h>
@@ -30,7 +31,7 @@
* act_mm - get current->active_mm
*/
.macro act_mm, rd
- bic \rd, sp, #8128
+ bic \rd, sp, #(THREAD_SIZE - 1) & ~63
bic \rd, \rd, #63
ldr \rd, [\rd, #TI_TASK]
.if (TSK_ACTIVE_MM > IMM12_MASK)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 115/267] batman-adv: Revert "disable ethtool link speed detection when auto negotiation off"
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 114/267] ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 116/267] mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error Greg Kroah-Hartman
` (153 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Schiffer, Sven Eckelmann,
Simon Wunderlich, Sasha Levin
From: Sven Eckelmann <sven@narfation.org>
[ Upstream commit 9ad346c90509ebd983f60da7d082f261ad329507 ]
The commit 8c46fcd78308 ("batman-adv: disable ethtool link speed detection
when auto negotiation off") disabled the usage of ethtool's link_ksetting
when auto negotation was enabled due to invalid values when used with
tun/tap virtual net_devices. According to the patch, automatic measurements
should be used for these kind of interfaces.
But there are major flaws with this argumentation:
* automatic measurements are not implemented
* auto negotiation has nothing to do with the validity of the retrieved
values
The first point has to be fixed by a longer patch series. The "validity"
part of the second point must be addressed in the same patch series by
dropping the usage of ethtool's link_ksetting (thus always doing automatic
measurements over ethernet).
Drop the patch again to have more default values for various net_device
types/configurations. The user can still overwrite them using the
batadv_hardif's BATADV_ATTR_THROUGHPUT_OVERRIDE.
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/batman-adv/bat_v_elp.c | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c
index 5da183b2f4c9..af3da6cdfc79 100644
--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -132,20 +132,7 @@ static u32 batadv_v_elp_get_throughput(struct batadv_hardif_neigh_node *neigh)
rtnl_lock();
ret = __ethtool_get_link_ksettings(hard_iface->net_dev, &link_settings);
rtnl_unlock();
-
- /* Virtual interface drivers such as tun / tap interfaces, VLAN, etc
- * tend to initialize the interface throughput with some value for the
- * sake of having a throughput number to export via ethtool. This
- * exported throughput leaves batman-adv to conclude the interface
- * throughput is genuine (reflecting reality), thus no measurements
- * are necessary.
- *
- * Based on the observation that those interface types also tend to set
- * the link auto-negotiation to 'off', batman-adv shall check this
- * setting to differentiate between genuine link throughput information
- * and placeholders installed by virtual interfaces.
- */
- if (ret == 0 && link_settings.base.autoneg == AUTONEG_ENABLE) {
+ if (ret == 0) {
/* link characteristics might change over time */
if (link_settings.base.duplex == DUPLEX_FULL)
hard_iface->bat_v.flags |= BATADV_FULL_DUPLEX;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 116/267] mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 115/267] batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 117/267] spi: dw: Fix Rx-only DMA transfers Greg Kroah-Hartman
` (152 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Blumenstingl, Tobias Baumann,
Ulf Hansson, Sasha Levin
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit 91995b904ec2e44b5c159ac6a5d3f154345a4de7 ]
The vendor driver (from the 3.10 kernel) triggers a soft reset every
time before starting a new command. While this fixes a problem where
SDIO cards are not detected at all (because all commands simply
timed out) this hurts SD card read performance a bit (in my tests
between 10% to 20%).
Trigger a soft reset after we got a CRC error or if the previous command
timed out (just like the vendor driver from the same 3.10 kernel for the
newer SDHC controller IP does). This fixes detection of SDIO cards and
doesn't hurt SD card read performance at the same time.
With this patch the initialization of an RTL8723BS SDIO card looks like
this:
req done (CMD52): -110: 00000000 00000000 00000000 00000000
clock 400000Hz busmode 2 powermode 2 cs 1 Vdd 21 width 1 timing 0
starting CMD0 arg 00000000 flags 000000c0
req done (CMD0): 0: 00000000 00000000 00000000 00000000
clock 400000Hz busmode 2 powermode 2 cs 0 Vdd 21 width 1 timing 0
starting CMD8 arg 000001aa flags 000002f5
req done (CMD8): -110: 00000000 00000000 00000000 00000000
starting CMD5 arg 00000000 flags 000002e1
req done (CMD5): 0: 90ff0000 00000000 00000000 00000000
starting CMD5 arg 00200000 flags 000002e1
req done (CMD5): 0: 90ff0000 00000000 00000000 00000000
starting CMD3 arg 00000000 flags 00000075
req done (CMD3): 0: 00010000 00000000 00000000 00000000
starting CMD7 arg 00010000 flags 00000015
req done (CMD7): 0: 00001e00 00000000 00000000 00000000
starting CMD52 arg 00000000 flags 00000195
req done (CMD52): 0: 00001032 00000000 00000000 00000000
[... more CMD52 omitted ...]
clock 400000Hz busmode 2 powermode 2 cs 0 Vdd 21 width 1 timing 2
clock 50000000Hz busmode 2 powermode 2 cs 0 Vdd 21 width 1 timing 2
starting CMD52 arg 00000e00 flags 00000195
req done (CMD52): 0: 00001000 00000000 00000000 00000000
starting CMD52 arg 80000e02 flags 00000195
req done (CMD52): 0: 00001002 00000000 00000000 00000000
clock 50000000Hz busmode 2 powermode 2 cs 0 Vdd 21 width 4 timing 2
starting CMD52 arg 00020000 flags 00000195
req done (CMD52): 0: 00001007 00000000 00000000 00000000
[... more CMD52 omitted ...]
new high speed SDIO card at address 0001
Fixes: ed80a13bb4c4c9 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoCs")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Link: https://lore.kernel.org/r/20200503222805.2668941-1-martin.blumenstingl@googlemail.com
Tested-by: Tobias Baumann <017623705678@o2online.de>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/meson-mx-sdio.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mmc/host/meson-mx-sdio.c b/drivers/mmc/host/meson-mx-sdio.c
index 1c062473b1c2..27837a794e7b 100644
--- a/drivers/mmc/host/meson-mx-sdio.c
+++ b/drivers/mmc/host/meson-mx-sdio.c
@@ -249,6 +249,9 @@ static void meson_mx_mmc_request_done(struct meson_mx_mmc_host *host)
mrq = host->mrq;
+ if (host->cmd->error)
+ meson_mx_mmc_soft_reset(host);
+
host->mrq = NULL;
host->cmd = NULL;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 117/267] spi: dw: Fix Rx-only DMA transfers
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 116/267] mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 118/267] x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit Greg Kroah-Hartman
` (151 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Andy Shevchenko,
Georgy Vlasov, Ramil Zaripov, Alexey Malahov,
Thomas Bogendoerfer, Arnd Bergmann, Feng Tang, Rob Herring,
linux-mips, devicetree, Mark Brown, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 46164fde6b7890e7a3982d54549947c8394c0192 ]
Tx-only DMA transfers are working perfectly fine since in this case
the code just ignores the Rx FIFO overflow interrupts. But it turns
out the SPI Rx-only transfers are broken since nothing pushing any
data to the shift registers, so the Rx FIFO is left empty and the
SPI core subsystems just returns a timeout error. Since DW DMAC
driver doesn't support something like cyclic write operations of
a single byte to a device register, the only way to support the
Rx-only SPI transfers is to fake it by using a dummy Tx-buffer.
This is what we intend to fix in this commit by setting the
SPI_CONTROLLER_MUST_TX flag for DMA-capable platform.
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Georgy Vlasov <Georgy.Vlasov@baikalelectronics.ru>
Cc: Ramil Zaripov <Ramil.Zaripov@baikalelectronics.ru>
Cc: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Feng Tang <feng.tang@intel.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: devicetree@vger.kernel.org
Link: https://lore.kernel.org/r/20200529131205.31838-9-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-dw.c b/drivers/spi/spi-dw.c
index ac888a3d03aa..3fbd6f01fb10 100644
--- a/drivers/spi/spi-dw.c
+++ b/drivers/spi/spi-dw.c
@@ -533,6 +533,7 @@ int dw_spi_add_host(struct device *dev, struct dw_spi *dws)
dws->dma_inited = 0;
} else {
master->can_dma = dws->dma_ops->can_dma;
+ master->flags |= SPI_CONTROLLER_MUST_TX;
}
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 118/267] x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 117/267] spi: dw: Fix Rx-only DMA transfers Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 119/267] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() Greg Kroah-Hartman
` (150 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vitaly Kuznetsov, Jon Doron,
Roman Kagan, Paolo Bonzini, Sasha Levin
From: Jon Doron <arilou@gmail.com>
[ Upstream commit f7d31e65368aeef973fab788aa22c4f1d5a6af66 ]
The problem the patch is trying to address is the fact that 'struct
kvm_hyperv_exit' has different layout on when compiling in 32 and 64 bit
modes.
In 64-bit mode the default alignment boundary is 64 bits thus
forcing extra gaps after 'type' and 'msr' but in 32-bit mode the
boundary is at 32 bits thus no extra gaps.
This is an issue as even when the kernel is 64 bit, the userspace using
the interface can be both 32 and 64 bit but the same 32 bit userspace has
to work with 32 bit kernel.
The issue is fixed by forcing the 64 bit layout, this leads to ABI
change for 32 bit builds and while we are obviously breaking '32 bit
userspace with 32 bit kernel' case, we're fixing the '32 bit userspace
with 64 bit kernel' one.
As the interface has no (known) users and 32 bit KVM is rather baroque
nowadays, this seems like a reasonable decision.
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jon Doron <arilou@gmail.com>
Message-Id: <20200424113746.3473563-2-arilou@gmail.com>
Reviewed-by: Roman Kagan <rvkagan@yandex-team.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/virtual/kvm/api.txt | 2 ++
include/uapi/linux/kvm.h | 2 ++
2 files changed, 4 insertions(+)
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index 8e16017ff397..d2f265a9dc0d 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -3999,9 +3999,11 @@ EOI was received.
#define KVM_EXIT_HYPERV_SYNIC 1
#define KVM_EXIT_HYPERV_HCALL 2
__u32 type;
+ __u32 pad1;
union {
struct {
__u32 msr;
+ __u32 pad2;
__u64 control;
__u64 evt_page;
__u64 msg_page;
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 251be353f950..66ce6659ecb6 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -189,9 +189,11 @@ struct kvm_hyperv_exit {
#define KVM_EXIT_HYPERV_SYNIC 1
#define KVM_EXIT_HYPERV_HCALL 2
__u32 type;
+ __u32 pad1;
union {
struct {
__u32 msr;
+ __u32 pad2;
__u64 control;
__u64 evt_page;
__u64 msg_page;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 119/267] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 118/267] x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 120/267] staging: android: ion: use vmap instead of vm_map_ram Greg Kroah-Hartman
` (149 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Ju Bai, David S. Miller, Sasha Levin
From: Jia-Ju Bai <baijiaju1990@gmail.com>
[ Upstream commit 3e1c6846b9e108740ef8a37be80314053f5dd52a ]
The value adapter->rss_conf is stored in DMA memory, and it is assigned
to rssConf, so rssConf->indTableSize can be modified at anytime by
malicious hardware. Because rssConf->indTableSize is assigned to n,
buffer overflow may occur when the code "rssConf->indTable[n]" is
executed.
To fix this possible bug, n is checked after being used.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/vmxnet3/vmxnet3_ethtool.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/vmxnet3/vmxnet3_ethtool.c b/drivers/net/vmxnet3/vmxnet3_ethtool.c
index 559db051a500..88d18ab83e54 100644
--- a/drivers/net/vmxnet3/vmxnet3_ethtool.c
+++ b/drivers/net/vmxnet3/vmxnet3_ethtool.c
@@ -692,6 +692,8 @@ vmxnet3_get_rss(struct net_device *netdev, u32 *p, u8 *key, u8 *hfunc)
*hfunc = ETH_RSS_HASH_TOP;
if (!p)
return 0;
+ if (n > UPT1_RSS_MAX_IND_TABLE_SIZE)
+ return 0;
while (n--)
p[n] = rssConf->indTable[n];
return 0;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 120/267] staging: android: ion: use vmap instead of vm_map_ram
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 119/267] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 121/267] brcmfmac: fix wrong location to get firmware feature Greg Kroah-Hartman
` (148 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Andrew Morton,
Peter Zijlstra (Intel),
Christian Borntraeger, Christophe Leroy, Daniel Vetter,
David Airlie, Gao Xiang, Haiyang Zhang, Johannes Weiner,
K. Y. Srinivasan, Laura Abbott, Mark Rutland, Michael Kelley,
Minchan Kim, Nitin Gupta, Robin Murphy, Sakari Ailus,
Stephen Hemminger, Sumit Semwal, Wei Liu, Benjamin Herrenschmidt,
Catalin Marinas, Heiko Carstens, Paul Mackerras, Vasily Gorbik,
Will Deacon, Linus Torvalds, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 5bf9917452112694b2c774465ee4dbe441c84b77 ]
vm_map_ram can keep mappings around after the vm_unmap_ram. Using that
with non-PAGE_KERNEL mappings can lead to all kinds of aliasing issues.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: David Airlie <airlied@linux.ie>
Cc: Gao Xiang <xiang@kernel.org>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Michael Kelley <mikelley@microsoft.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Nitin Gupta <ngupta@vflare.org>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Wei Liu <wei.liu@kernel.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Paul Mackerras <paulus@ozlabs.org>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Will Deacon <will@kernel.org>
Link: http://lkml.kernel.org/r/20200414131348.444715-4-hch@lst.de
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/android/ion/ion_heap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/android/ion/ion_heap.c b/drivers/staging/android/ion/ion_heap.c
index 31db510018a9..6babcdb4d7d2 100644
--- a/drivers/staging/android/ion/ion_heap.c
+++ b/drivers/staging/android/ion/ion_heap.c
@@ -97,12 +97,12 @@ int ion_heap_map_user(struct ion_heap *heap, struct ion_buffer *buffer,
static int ion_heap_clear_pages(struct page **pages, int num, pgprot_t pgprot)
{
- void *addr = vm_map_ram(pages, num, -1, pgprot);
+ void *addr = vmap(pages, num, VM_MAP, pgprot);
if (!addr)
return -ENOMEM;
memset(addr, 0, PAGE_SIZE * num);
- vm_unmap_ram(addr, num);
+ vunmap(addr);
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 121/267] brcmfmac: fix wrong location to get firmware feature
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 120/267] staging: android: ion: use vmap instead of vm_map_ram Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 122/267] tools api fs: Make xxx__mountpoint() more scalable Greg Kroah-Hartman
` (147 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jaehoon Chung, Kalle Valo, Sasha Levin
From: Jaehoon Chung <jh80.chung@samsung.com>
[ Upstream commit c57673852062428cdeabdd6501ac8b8e4c302067 ]
sup_wpa feature is getting after setting feature_disable flag.
If firmware is supported sup_wpa feature, it's always enabled
regardless of feature_disable flag.
Fixes: b8a64f0e96c2 ("brcmfmac: support 4-way handshake offloading for WPA/WPA2-PSK")
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200330052528.10503-1-jh80.chung@samsung.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
index 4c5a3995dc35..d7f41caa0b0b 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
@@ -281,13 +281,14 @@ void brcmf_feat_attach(struct brcmf_pub *drvr)
if (!err)
ifp->drvr->feat_flags |= BIT(BRCMF_FEAT_SCAN_RANDOM_MAC);
+ brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_FWSUP, "sup_wpa");
+
if (drvr->settings->feature_disable) {
brcmf_dbg(INFO, "Features: 0x%02x, disable: 0x%02x\n",
ifp->drvr->feat_flags,
drvr->settings->feature_disable);
ifp->drvr->feat_flags &= ~drvr->settings->feature_disable;
}
- brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_FWSUP, "sup_wpa");
brcmf_feat_firmware_overrides(drvr);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 122/267] tools api fs: Make xxx__mountpoint() more scalable
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 121/267] brcmfmac: fix wrong location to get firmware feature Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 123/267] e1000: Distribute switch variables for initialization Greg Kroah-Hartman
` (146 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephane Eranian, Ian Rogers,
Jiri Olsa, Alexander Shishkin, Andrey Zhizhikin, Kan Liang,
Kefeng Wang, Mark Rutland, Namhyung Kim, Peter Zijlstra,
Petr Mladek, Thomas Gleixner, Arnaldo Carvalho de Melo,
Sasha Levin
From: Stephane Eranian <eranian@google.com>
[ Upstream commit c6fddb28bad26e5472cb7acf7b04cd5126f1a4ab ]
The xxx_mountpoint() interface provided by fs.c finds mount points for
common pseudo filesystems. The first time xxx_mountpoint() is invoked,
it scans the mount table (/proc/mounts) looking for a match. If found,
it is cached. The price to scan /proc/mounts is paid once if the mount
is found.
When the mount point is not found, subsequent calls to xxx_mountpoint()
scan /proc/mounts over and over again. There is no caching.
This causes a scaling issue in perf record with hugeltbfs__mountpoint().
The function is called for each process found in
synthesize__mmap_events(). If the machine has thousands of processes
and if the /proc/mounts has many entries this could cause major overhead
in perf record. We have observed multi-second slowdowns on some
configurations.
As an example on a laptop:
Before:
$ sudo umount /dev/hugepages
$ strace -e trace=openat -o /tmp/tt perf record -a ls
$ fgrep mounts /tmp/tt
285
After:
$ sudo umount /dev/hugepages
$ strace -e trace=openat -o /tmp/tt perf record -a ls
$ fgrep mounts /tmp/tt
1
One could argue that the non-caching in case the moint point is not
found is intentional. That way subsequent calls may discover a moint
point if the sysadmin mounts the filesystem. But the same argument could
be made against caching the mount point. It could be unmounted causing
errors. It all depends on the intent of the interface. This patch
assumes it is expected to scan /proc/mounts once. The patch documents
the caching behavior in the fs.h header file.
An alternative would be to just fix perf record. But it would solve the
problem with hugetlbs__mountpoint() but there could be similar issues
(possibly down the line) with other xxx_mountpoint() calls in perf or
other tools.
Signed-off-by: Stephane Eranian <eranian@google.com>
Reviewed-by: Ian Rogers <irogers@google.com>
Acked-by: Jiri Olsa <jolsa@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andrey Zhizhikin <andrey.z@gmail.com>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lore.kernel.org/lkml/20200402154357.107873-3-irogers@google.com
Signed-off-by: Ian Rogers <irogers@google.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/api/fs/fs.c | 17 +++++++++++++++++
tools/lib/api/fs/fs.h | 12 ++++++++++++
2 files changed, 29 insertions(+)
diff --git a/tools/lib/api/fs/fs.c b/tools/lib/api/fs/fs.c
index bd021a0eeef8..4cc69675c2a9 100644
--- a/tools/lib/api/fs/fs.c
+++ b/tools/lib/api/fs/fs.c
@@ -90,6 +90,7 @@ struct fs {
const char * const *mounts;
char path[PATH_MAX];
bool found;
+ bool checked;
long magic;
};
@@ -111,31 +112,37 @@ static struct fs fs__entries[] = {
.name = "sysfs",
.mounts = sysfs__fs_known_mountpoints,
.magic = SYSFS_MAGIC,
+ .checked = false,
},
[FS__PROCFS] = {
.name = "proc",
.mounts = procfs__known_mountpoints,
.magic = PROC_SUPER_MAGIC,
+ .checked = false,
},
[FS__DEBUGFS] = {
.name = "debugfs",
.mounts = debugfs__known_mountpoints,
.magic = DEBUGFS_MAGIC,
+ .checked = false,
},
[FS__TRACEFS] = {
.name = "tracefs",
.mounts = tracefs__known_mountpoints,
.magic = TRACEFS_MAGIC,
+ .checked = false,
},
[FS__HUGETLBFS] = {
.name = "hugetlbfs",
.mounts = hugetlbfs__known_mountpoints,
.magic = HUGETLBFS_MAGIC,
+ .checked = false,
},
[FS__BPF_FS] = {
.name = "bpf",
.mounts = bpf_fs__known_mountpoints,
.magic = BPF_FS_MAGIC,
+ .checked = false,
},
};
@@ -158,6 +165,7 @@ static bool fs__read_mounts(struct fs *fs)
}
fclose(fp);
+ fs->checked = true;
return fs->found = found;
}
@@ -220,6 +228,7 @@ static bool fs__env_override(struct fs *fs)
return false;
fs->found = true;
+ fs->checked = true;
strncpy(fs->path, override_path, sizeof(fs->path) - 1);
fs->path[sizeof(fs->path) - 1] = '\0';
return true;
@@ -246,6 +255,14 @@ static const char *fs__mountpoint(int idx)
if (fs->found)
return (const char *)fs->path;
+ /* the mount point was already checked for the mount point
+ * but and did not exist, so return NULL to avoid scanning again.
+ * This makes the found and not found paths cost equivalent
+ * in case of multiple calls.
+ */
+ if (fs->checked)
+ return NULL;
+
return fs__get_mountpoint(fs);
}
diff --git a/tools/lib/api/fs/fs.h b/tools/lib/api/fs/fs.h
index 92d03b8396b1..3b70003e7cfb 100644
--- a/tools/lib/api/fs/fs.h
+++ b/tools/lib/api/fs/fs.h
@@ -18,6 +18,18 @@
const char *name##__mount(void); \
bool name##__configured(void); \
+/*
+ * The xxxx__mountpoint() entry points find the first match mount point for each
+ * filesystems listed below, where xxxx is the filesystem type.
+ *
+ * The interface is as follows:
+ *
+ * - If a mount point is found on first call, it is cached and used for all
+ * subsequent calls.
+ *
+ * - If a mount point is not found, NULL is returned on first call and all
+ * subsequent calls.
+ */
FS(sysfs)
FS(procfs)
FS(debugfs)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 123/267] e1000: Distribute switch variables for initialization
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 122/267] tools api fs: Make xxx__mountpoint() more scalable Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 124/267] dt-bindings: display: mediatek: control dpi pins mode to avoid leakage Greg Kroah-Hartman
` (145 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Aaron Brown, Jeff Kirsher,
Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit a34c7f5156654ebaf7eaace102938be7ff7036cb ]
Variables declared in a switch statement before any case statements
cannot be automatically initialized with compiler instrumentation (as
they are not part of any execution flow). With GCC's proposed automatic
stack variable initialization feature, this triggers a warning (and they
don't get initialized). Clang's automatic stack variable initialization
(via CONFIG_INIT_STACK_ALL=y) doesn't throw a warning, but it also
doesn't initialize such variables[1]. Note that these warnings (or silent
skipping) happen before the dead-store elimination optimization phase,
so even when the automatic initializations are later elided in favor of
direct initializations, the warnings remain.
To avoid these problems, move such variables into the "case" where
they're used or lift them up into the main function body.
drivers/net/ethernet/intel/e1000/e1000_main.c: In function ‘e1000_xmit_frame’:
drivers/net/ethernet/intel/e1000/e1000_main.c:3143:18: warning: statement will never be executed [-Wswitch-unreachable]
3143 | unsigned int pull_size;
| ^~~~~~~~~
[1] https://bugs.llvm.org/show_bug.cgi?id=44916
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/e1000/e1000_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c
index 2110d5f2da19..47b867c64b14 100644
--- a/drivers/net/ethernet/intel/e1000/e1000_main.c
+++ b/drivers/net/ethernet/intel/e1000/e1000_main.c
@@ -3144,8 +3144,9 @@ static netdev_tx_t e1000_xmit_frame(struct sk_buff *skb,
hdr_len = skb_transport_offset(skb) + tcp_hdrlen(skb);
if (skb->data_len && hdr_len == len) {
switch (hw->mac_type) {
+ case e1000_82544: {
unsigned int pull_size;
- case e1000_82544:
+
/* Make sure we have room to chop off 4 bytes,
* and that the end alignment will work out to
* this hardware's requirements
@@ -3166,6 +3167,7 @@ static netdev_tx_t e1000_xmit_frame(struct sk_buff *skb,
}
len = skb_headlen(skb);
break;
+ }
default:
/* do nothing */
break;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 124/267] dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 123/267] e1000: Distribute switch variables for initialization Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 125/267] audit: fix a net reference leak in audit_send_reply() Greg Kroah-Hartman
` (144 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Herring, Jitao Shi,
Chun-Kuang Hu, Sasha Levin
From: Jitao Shi <jitao.shi@mediatek.com>
[ Upstream commit b0ff9b590733079f7f9453e5976a9dd2630949e3 ]
Add property "pinctrl-names" to swap pin mode between gpio and dpi mode.
Set the dpi pins to gpio mode and output-low to avoid leakage current
when dpi disabled.
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Jitao Shi <jitao.shi@mediatek.com>
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../devicetree/bindings/display/mediatek/mediatek,dpi.txt | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/Documentation/devicetree/bindings/display/mediatek/mediatek,dpi.txt b/Documentation/devicetree/bindings/display/mediatek/mediatek,dpi.txt
index b6a7e7397b8b..b944fe067188 100644
--- a/Documentation/devicetree/bindings/display/mediatek/mediatek,dpi.txt
+++ b/Documentation/devicetree/bindings/display/mediatek/mediatek,dpi.txt
@@ -16,6 +16,9 @@ Required properties:
Documentation/devicetree/bindings/graph.txt. This port should be connected
to the input port of an attached HDMI or LVDS encoder chip.
+Optional properties:
+- pinctrl-names: Contain "default" and "sleep".
+
Example:
dpi0: dpi@1401d000 {
@@ -26,6 +29,9 @@ dpi0: dpi@1401d000 {
<&mmsys CLK_MM_DPI_ENGINE>,
<&apmixedsys CLK_APMIXED_TVDPLL>;
clock-names = "pixel", "engine", "pll";
+ pinctrl-names = "default", "sleep";
+ pinctrl-0 = <&dpi_pin_func>;
+ pinctrl-1 = <&dpi_pin_idle>;
port {
dpi0_out: endpoint {
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 125/267] audit: fix a net reference leak in audit_send_reply()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 124/267] dt-bindings: display: mediatek: control dpi pins mode to avoid leakage Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 126/267] media: dvb: return -EREMOTEIO on i2c transfer failure Greg Kroah-Hartman
` (143 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, teroincn, Richard Guy Briggs,
Paul Moore, Sasha Levin
From: Paul Moore <paul@paul-moore.com>
[ Upstream commit a48b284b403a4a073d8beb72d2bb33e54df67fb6 ]
If audit_send_reply() fails when trying to create a new thread to
send the reply it also fails to cleanup properly, leaking a reference
to a net structure. This patch fixes the error path and makes a
handful of other cleanups that came up while fixing the code.
Reported-by: teroincn@gmail.com
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/audit.c | 50 +++++++++++++++++++++++++++++---------------------
1 file changed, 29 insertions(+), 21 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 7afec5f43c63..20c78480d632 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -937,19 +937,30 @@ out_kfree_skb:
return NULL;
}
+static void audit_free_reply(struct audit_reply *reply)
+{
+ if (!reply)
+ return;
+
+ if (reply->skb)
+ kfree_skb(reply->skb);
+ if (reply->net)
+ put_net(reply->net);
+ kfree(reply);
+}
+
static int audit_send_reply_thread(void *arg)
{
struct audit_reply *reply = (struct audit_reply *)arg;
- struct sock *sk = audit_get_sk(reply->net);
audit_ctl_lock();
audit_ctl_unlock();
/* Ignore failure. It'll only happen if the sender goes away,
because our timeout is set to infinite. */
- netlink_unicast(sk, reply->skb, reply->portid, 0);
- put_net(reply->net);
- kfree(reply);
+ netlink_unicast(audit_get_sk(reply->net), reply->skb, reply->portid, 0);
+ reply->skb = NULL;
+ audit_free_reply(reply);
return 0;
}
@@ -963,35 +974,32 @@ static int audit_send_reply_thread(void *arg)
* @payload: payload data
* @size: payload size
*
- * Allocates an skb, builds the netlink message, and sends it to the port id.
- * No failure notifications.
+ * Allocates a skb, builds the netlink message, and sends it to the port id.
*/
static void audit_send_reply(struct sk_buff *request_skb, int seq, int type, int done,
int multi, const void *payload, int size)
{
- struct net *net = sock_net(NETLINK_CB(request_skb).sk);
- struct sk_buff *skb;
struct task_struct *tsk;
- struct audit_reply *reply = kmalloc(sizeof(struct audit_reply),
- GFP_KERNEL);
+ struct audit_reply *reply;
+ reply = kzalloc(sizeof(*reply), GFP_KERNEL);
if (!reply)
return;
- skb = audit_make_reply(seq, type, done, multi, payload, size);
- if (!skb)
- goto out;
-
- reply->net = get_net(net);
+ reply->skb = audit_make_reply(seq, type, done, multi, payload, size);
+ if (!reply->skb)
+ goto err;
+ reply->net = get_net(sock_net(NETLINK_CB(request_skb).sk));
reply->portid = NETLINK_CB(request_skb).portid;
- reply->skb = skb;
tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply");
- if (!IS_ERR(tsk))
- return;
- kfree_skb(skb);
-out:
- kfree(reply);
+ if (IS_ERR(tsk))
+ goto err;
+
+ return;
+
+err:
+ audit_free_reply(reply);
}
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 126/267] media: dvb: return -EREMOTEIO on i2c transfer failure.
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 125/267] audit: fix a net reference leak in audit_send_reply() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 127/267] media: platform: fcp: Set appropriate DMA parameters Greg Kroah-Hartman
` (142 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit 96f3a9392799dd0f6472648a7366622ffd0989f3 ]
Currently when i2c transfers fail the error return -EREMOTEIO
is assigned to err but then later overwritten when the tuner
attach call is made. Fix this by returning early with the
error return code -EREMOTEIO on i2c transfer failure errors.
If the transfer fails, an uninitialized value will be read from b2.
Addresses-Coverity: ("Unused value")
Fixes: fbfee8684ff2 ("V4L/DVB (5651): Dibusb-mb: convert pll handling to properly use dvb-pll")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/dibusb-mb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb/dibusb-mb.c b/drivers/media/usb/dvb-usb/dibusb-mb.c
index 408920577716..94f59c7765dc 100644
--- a/drivers/media/usb/dvb-usb/dibusb-mb.c
+++ b/drivers/media/usb/dvb-usb/dibusb-mb.c
@@ -84,7 +84,7 @@ static int dibusb_tuner_probe_and_attach(struct dvb_usb_adapter *adap)
if (i2c_transfer(&adap->dev->i2c_adap, msg, 2) != 2) {
err("tuner i2c write failed.");
- ret = -EREMOTEIO;
+ return -EREMOTEIO;
}
if (adap->fe_adap[0].fe->ops.i2c_gate_ctrl)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 127/267] media: platform: fcp: Set appropriate DMA parameters
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 126/267] media: dvb: return -EREMOTEIO on i2c transfer failure Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 128/267] MIPS: Make sparse_init() using top-down allocation Greg Kroah-Hartman
` (141 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Kieran Bingham,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
[ Upstream commit dd844fb8e50b12e65bbdc5746c9876c6735500df ]
Enabling CONFIG_DMA_API_DEBUG=y and CONFIG_DMA_API_DEBUG_SG=y will
enable extra validation on DMA operations ensuring that the size
restraints are met.
When using the FCP in conjunction with the VSP1/DU, and display frames,
the size of the DMA operations is larger than the default maximum
segment size reported by the DMA core (64K). With the DMA debug enabled,
this produces a warning such as the following:
"DMA-API: rcar-fcp fea27000.fcp: mapping sg segment longer than device
claims to support [len=3145728] [max=65536]"
We have no specific limitation on the segment size which isn't already
handled by the VSP1/DU which actually handles the DMA allcoations and
buffer management, so define a maximum segment size of up to 4GB (a 32
bit mask).
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Fixes: 7b49235e83b2 ("[media] v4l: Add Renesas R-Car FCP driver")
Signed-off-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar-fcp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/platform/rcar-fcp.c b/drivers/media/platform/rcar-fcp.c
index 43c78620c9d8..5c6b00737fe7 100644
--- a/drivers/media/platform/rcar-fcp.c
+++ b/drivers/media/platform/rcar-fcp.c
@@ -8,6 +8,7 @@
*/
#include <linux/device.h>
+#include <linux/dma-mapping.h>
#include <linux/list.h>
#include <linux/module.h>
#include <linux/mod_devicetable.h>
@@ -21,6 +22,7 @@
struct rcar_fcp_device {
struct list_head list;
struct device *dev;
+ struct device_dma_parameters dma_parms;
};
static LIST_HEAD(fcp_devices);
@@ -136,6 +138,9 @@ static int rcar_fcp_probe(struct platform_device *pdev)
fcp->dev = &pdev->dev;
+ fcp->dev->dma_parms = &fcp->dma_parms;
+ dma_set_max_seg_size(fcp->dev, DMA_BIT_MASK(32));
+
pm_runtime_enable(&pdev->dev);
mutex_lock(&fcp_lock);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 128/267] MIPS: Make sparse_init() using top-down allocation
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 127/267] media: platform: fcp: Set appropriate DMA parameters Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 129/267] Bluetooth: btbcm: Add 2 missing models to subver tables Greg Kroah-Hartman
` (140 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Juxin Gao, Tiezhu Yang,
Thomas Bogendoerfer, Sasha Levin
From: Tiezhu Yang <yangtiezhu@loongson.cn>
[ Upstream commit 269b3a9ac538c4ae87f84be640b9fa89914a2489 ]
In the current code, if CONFIG_SWIOTLB is set, when failed to get IO TLB
memory from the low pages by plat_swiotlb_setup(), it may lead to the boot
process failed with kernel panic.
(1) On the Loongson and SiByte platform
arch/mips/loongson64/dma.c
arch/mips/sibyte/common/dma.c
void __init plat_swiotlb_setup(void)
{
swiotlb_init(1);
}
kernel/dma/swiotlb.c
void __init
swiotlb_init(int verbose)
{
...
vstart = memblock_alloc_low(PAGE_ALIGN(bytes), PAGE_SIZE);
if (vstart && !swiotlb_init_with_tbl(vstart, io_tlb_nslabs, verbose))
return;
...
pr_warn("Cannot allocate buffer");
no_iotlb_memory = true;
}
phys_addr_t swiotlb_tbl_map_single()
{
...
if (no_iotlb_memory)
panic("Can not allocate SWIOTLB buffer earlier ...");
...
}
(2) On the Cavium OCTEON platform
arch/mips/cavium-octeon/dma-octeon.c
void __init plat_swiotlb_setup(void)
{
...
octeon_swiotlb = memblock_alloc_low(swiotlbsize, PAGE_SIZE);
if (!octeon_swiotlb)
panic("%s: Failed to allocate %zu bytes align=%lx\n",
__func__, swiotlbsize, PAGE_SIZE);
...
}
Because IO_TLB_DEFAULT_SIZE is 64M, if the rest size of low memory is less
than 64M when call plat_swiotlb_setup(), we can easily reproduce the panic
case.
In order to reduce the possibility of kernel panic when failed to get IO
TLB memory under CONFIG_SWIOTLB, it is better to allocate low memory as
small as possible before plat_swiotlb_setup(), so make sparse_init() using
top-down allocation.
Reported-by: Juxin Gao <gaojuxin@loongson.cn>
Co-developed-by: Juxin Gao <gaojuxin@loongson.cn>
Signed-off-by: Juxin Gao <gaojuxin@loongson.cn>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/setup.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c
index e87c98b8a72c..2c2480be3f36 100644
--- a/arch/mips/kernel/setup.c
+++ b/arch/mips/kernel/setup.c
@@ -933,7 +933,17 @@ static void __init arch_mem_init(char **cmdline_p)
BOOTMEM_DEFAULT);
#endif
device_tree_init();
+
+ /*
+ * In order to reduce the possibility of kernel panic when failed to
+ * get IO TLB memory under CONFIG_SWIOTLB, it is better to allocate
+ * low memory as small as possible before plat_swiotlb_setup(), so
+ * make sparse_init() using top-down allocation.
+ */
+ memblock_set_bottom_up(false);
sparse_init();
+ memblock_set_bottom_up(true);
+
plat_swiotlb_setup();
dma_contiguous_reserve(PFN_PHYS(max_low_pfn));
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 129/267] Bluetooth: btbcm: Add 2 missing models to subver tables
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 128/267] MIPS: Make sparse_init() using top-down allocation Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 130/267] audit: fix a net reference leak in audit_list_rules_send() Greg Kroah-Hartman
` (139 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Marcel Holtmann, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit c03ee9af4e07112bd3fc688daca9e654f41eca93 ]
Currently the bcm_uart_subver_ and bcm_usb_subver_table-s lack entries
for the BCM4324B5 and BCM20703A1 chipsets. This makes the code use just
"BCM" as prefix for the filename to pass to request-firmware, making it
harder for users to figure out which firmware they need. This especially
is problematic with the UART attached BCM4324B5 where this leads to the
filename being just "BCM.hcd".
Add the 2 missing devices to subver tables. This has been tested on:
1. A Dell XPS15 9550 where this makes btbcm.c try to load
"BCM20703A1-0a5c-6410.hcd" before it tries to load "BCM-0a5c-6410.hcd".
2. A Thinkpad 8 where this makes btbcm.c try to load
"BCM4324B5.hcd" before it tries to load "BCM.hcd"
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btbcm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c
index e3e4d929e74f..ff6203c331ff 100644
--- a/drivers/bluetooth/btbcm.c
+++ b/drivers/bluetooth/btbcm.c
@@ -324,6 +324,7 @@ static const struct bcm_subver_table bcm_uart_subver_table[] = {
{ 0x4103, "BCM4330B1" }, /* 002.001.003 */
{ 0x410e, "BCM43341B0" }, /* 002.001.014 */
{ 0x4406, "BCM4324B3" }, /* 002.004.006 */
+ { 0x4606, "BCM4324B5" }, /* 002.006.006 */
{ 0x6109, "BCM4335C0" }, /* 003.001.009 */
{ 0x610c, "BCM4354" }, /* 003.001.012 */
{ 0x2122, "BCM4343A0" }, /* 001.001.034 */
@@ -334,6 +335,7 @@ static const struct bcm_subver_table bcm_uart_subver_table[] = {
};
static const struct bcm_subver_table bcm_usb_subver_table[] = {
+ { 0x2105, "BCM20703A1" }, /* 001.001.005 */
{ 0x210b, "BCM43142A0" }, /* 001.001.011 */
{ 0x2112, "BCM4314A0" }, /* 001.001.018 */
{ 0x2118, "BCM20702A0" }, /* 001.001.024 */
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 130/267] audit: fix a net reference leak in audit_list_rules_send()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 129/267] Bluetooth: btbcm: Add 2 missing models to subver tables Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 131/267] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported Greg Kroah-Hartman
` (138 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, teroincn, Richard Guy Briggs,
Paul Moore, Sasha Levin
From: Paul Moore <paul@paul-moore.com>
[ Upstream commit 3054d06719079388a543de6adb812638675ad8f5 ]
If audit_list_rules_send() fails when trying to create a new thread
to send the rules it also fails to cleanup properly, leaking a
reference to a net structure. This patch fixes the error patch and
renames audit_send_list() to audit_send_list_thread() to better
match its cousin, audit_send_reply_thread().
Reported-by: teroincn@gmail.com
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/audit.c | 2 +-
kernel/audit.h | 2 +-
kernel/auditfilter.c | 16 +++++++---------
3 files changed, 9 insertions(+), 11 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 20c78480d632..45741c3c48a4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -893,7 +893,7 @@ main_queue:
return 0;
}
-int audit_send_list(void *_dest)
+int audit_send_list_thread(void *_dest)
{
struct audit_netlink_list *dest = _dest;
struct sk_buff *skb;
diff --git a/kernel/audit.h b/kernel/audit.h
index 214e14948370..99badd7ba56f 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -248,7 +248,7 @@ struct audit_netlink_list {
struct sk_buff_head q;
};
-int audit_send_list(void *_dest);
+int audit_send_list_thread(void *_dest);
extern int selinux_audit_rule_update(void);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 1c8a48abda80..b2cc63ca0068 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1157,11 +1157,8 @@ int audit_rule_change(int type, int seq, void *data, size_t datasz)
*/
int audit_list_rules_send(struct sk_buff *request_skb, int seq)
{
- u32 portid = NETLINK_CB(request_skb).portid;
- struct net *net = sock_net(NETLINK_CB(request_skb).sk);
struct task_struct *tsk;
struct audit_netlink_list *dest;
- int err = 0;
/* We can't just spew out the rules here because we might fill
* the available socket buffer space and deadlock waiting for
@@ -1169,25 +1166,26 @@ int audit_list_rules_send(struct sk_buff *request_skb, int seq)
* happen if we're actually running in the context of auditctl
* trying to _send_ the stuff */
- dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL);
+ dest = kmalloc(sizeof(*dest), GFP_KERNEL);
if (!dest)
return -ENOMEM;
- dest->net = get_net(net);
- dest->portid = portid;
+ dest->net = get_net(sock_net(NETLINK_CB(request_skb).sk));
+ dest->portid = NETLINK_CB(request_skb).portid;
skb_queue_head_init(&dest->q);
mutex_lock(&audit_filter_mutex);
audit_list_rules(seq, &dest->q);
mutex_unlock(&audit_filter_mutex);
- tsk = kthread_run(audit_send_list, dest, "audit_send_list");
+ tsk = kthread_run(audit_send_list_thread, dest, "audit_send_list");
if (IS_ERR(tsk)) {
skb_queue_purge(&dest->q);
+ put_net(dest->net);
kfree(dest);
- err = PTR_ERR(tsk);
+ return PTR_ERR(tsk);
}
- return err;
+ return 0;
}
int audit_comparator(u32 left, u32 op, u32 right)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 131/267] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 130/267] audit: fix a net reference leak in audit_list_rules_send() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 132/267] selftests/bpf: Fix memory leak in extract_build_id() Greg Kroah-Hartman
` (137 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 0d7c83463fdf7841350f37960a7abadd3e650b41 ]
Instead of EINVAL which should be used for malformed netlink messages.
Fixes: eb31628e37a0 ("netfilter: nf_tables: Add support for IPv6 NAT")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nft_nat.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index c15807d10b91..3e82a7d0df2a 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -135,7 +135,7 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
priv->type = NF_NAT_MANIP_DST;
break;
default:
- return -EINVAL;
+ return -EOPNOTSUPP;
}
if (tb[NFTA_NAT_FAMILY] == NULL)
@@ -202,7 +202,7 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
if (tb[NFTA_NAT_FLAGS]) {
priv->flags = ntohl(nla_get_be32(tb[NFTA_NAT_FLAGS]));
if (priv->flags & ~NF_NAT_RANGE_MASK)
- return -EINVAL;
+ return -EOPNOTSUPP;
}
return nf_ct_netns_get(ctx->net, family);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 132/267] selftests/bpf: Fix memory leak in extract_build_id()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 131/267] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 133/267] net: bcmgenet: set Rx mode before starting netif Greg Kroah-Hartman
` (136 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrii Nakryiko, Alexei Starovoitov,
Song Liu, Sasha Levin
From: Andrii Nakryiko <andriin@fb.com>
[ Upstream commit 9f56bb531a809ecaa7f0ddca61d2cf3adc1cb81a ]
getline() allocates string, which has to be freed.
Fixes: 81f77fd0deeb ("bpf: add selftest for stackmap with BPF_F_STACK_BUILD_ID")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20200429012111.277390-7-andriin@fb.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_progs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
index 89f8b0dae7ef..bad3505d66e0 100644
--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -1118,6 +1118,7 @@ static int extract_build_id(char *build_id, size_t size)
len = size;
memcpy(build_id, line, len);
build_id[len] = '\0';
+ free(line);
return 0;
err:
fclose(fp);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 133/267] net: bcmgenet: set Rx mode before starting netif
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 132/267] selftests/bpf: Fix memory leak in extract_build_id() Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 134/267] lib/mpi: Fix 64-bit MIPS build with Clang Greg Kroah-Hartman
` (135 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Doug Berger, Florian Fainelli,
David S. Miller, Sasha Levin
From: Doug Berger <opendmb@gmail.com>
[ Upstream commit 72f96347628e73dbb61b307f18dd19293cc6792a ]
This commit explicitly calls the bcmgenet_set_rx_mode() function when
the network interface is started. This function is normally called by
ndo_set_rx_mode when the flags are changed, but apparently not when
the driver is suspended and resumed.
This change ensures that address filtering or promiscuous mode are
properly restored by the driver after the MAC may have been reset.
Fixes: b6e978e50444 ("net: bcmgenet: add suspend/resume callbacks")
Signed-off-by: Doug Berger <opendmb@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
index 047fc0cf0263..40e8ef984b62 100644
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -72,6 +72,9 @@
#define GENET_RDMA_REG_OFF (priv->hw_params->rdma_offset + \
TOTAL_DESC * DMA_DESC_SIZE)
+/* Forward declarations */
+static void bcmgenet_set_rx_mode(struct net_device *dev);
+
static inline void bcmgenet_writel(u32 value, void __iomem *offset)
{
/* MIPS chips strapped for BE will automagically configure the
@@ -2859,6 +2862,7 @@ static void bcmgenet_netif_start(struct net_device *dev)
struct bcmgenet_priv *priv = netdev_priv(dev);
/* Start the network engine */
+ bcmgenet_set_rx_mode(dev);
bcmgenet_enable_rx_napi(priv);
umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 134/267] lib/mpi: Fix 64-bit MIPS build with Clang
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 133/267] net: bcmgenet: set Rx mode before starting netif Greg Kroah-Hartman
@ 2020-06-19 14:31 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 135/267] exit: Move preemption fixup up, move blocking operations down Greg Kroah-Hartman
` (134 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:31 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Golovin, Nathan Chancellor,
Herbert Xu, Sasha Levin
From: Nathan Chancellor <natechancellor@gmail.com>
[ Upstream commit 18f1ca46858eac22437819937ae44aa9a8f9f2fa ]
When building 64r6_defconfig with CONFIG_MIPS32_O32 disabled and
CONFIG_CRYPTO_RSA enabled:
lib/mpi/generic_mpih-mul1.c:37:24: error: invalid use of a cast in a
inline asm context requiring an l-value: remove the cast
or build with -fheinous-gnu-extensions
umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/mpi/longlong.h:664:22: note: expanded from macro 'umul_ppmm'
: "=d" ((UDItype)(w0))
~~~~~~~~~~^~~
lib/mpi/generic_mpih-mul1.c:37:13: error: invalid use of a cast in a
inline asm context requiring an l-value: remove the cast
or build with -fheinous-gnu-extensions
umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/mpi/longlong.h:668:22: note: expanded from macro 'umul_ppmm'
: "=d" ((UDItype)(w1))
~~~~~~~~~~^~~
2 errors generated.
This special case for umul_ppmm for MIPS64r6 was added in
commit bbc25bee37d2b ("lib/mpi: Fix umul_ppmm() for MIPS64r6"), due to
GCC being inefficient and emitting a __multi3 intrinsic.
There is no such issue with clang; with this patch applied, I can build
this configuration without any problems and there are no link errors
like mentioned in the commit above (which I can still reproduce with
GCC 9.3.0 when that commit is reverted). Only use this definition when
GCC is being used.
This really should have been caught by commit b0c091ae04f67 ("lib/mpi:
Eliminate unused umul_ppmm definitions for MIPS") when I was messing
around in this area but I was not testing 64-bit MIPS at the time.
Link: https://github.com/ClangBuiltLinux/linux/issues/885
Reported-by: Dmitry Golovin <dima@golovin.in>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/mpi/longlong.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/mpi/longlong.h b/lib/mpi/longlong.h
index e01b705556aa..6c5229f98c9e 100644
--- a/lib/mpi/longlong.h
+++ b/lib/mpi/longlong.h
@@ -671,7 +671,7 @@ do { \
************** MIPS/64 **************
***************************************/
#if (defined(__mips) && __mips >= 3) && W_TYPE_SIZE == 64
-#if defined(__mips_isa_rev) && __mips_isa_rev >= 6
+#if defined(__mips_isa_rev) && __mips_isa_rev >= 6 && defined(CONFIG_CC_IS_GCC)
/*
* GCC ends up emitting a __multi3 intrinsic call for MIPS64r6 with the plain C
* code below, so we special case MIPS64r6 until the compiler can do better.
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 135/267] exit: Move preemption fixup up, move blocking operations down
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2020-06-19 14:31 ` [PATCH 4.19 134/267] lib/mpi: Fix 64-bit MIPS build with Clang Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 136/267] sched/core: Fix illegal RCU from offline CPUs Greg Kroah-Hartman
` (133 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jann Horn, Peter Zijlstra (Intel),
Sasha Levin
From: Jann Horn <jannh@google.com>
[ Upstream commit 586b58cac8b4683eb58a1446fbc399de18974e40 ]
With CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_CGROUPS=y, kernel oopses in
non-preemptible context look untidy; after the main oops, the kernel prints
a "sleeping function called from invalid context" report because
exit_signals() -> cgroup_threadgroup_change_begin() -> percpu_down_read()
can sleep, and that happens before the preempt_count_set(PREEMPT_ENABLED)
fixup.
It looks like the same thing applies to profile_task_exit() and
kcov_task_exit().
Fix it by moving the preemption fixup up and the calls to
profile_task_exit() and kcov_task_exit() down.
Fixes: 1dc0fffc48af ("sched/core: Robustify preemption leak checks")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20200305220657.46800-1-jannh@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/exit.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/kernel/exit.c b/kernel/exit.c
index 894fca56a38c..eeaafd4064c9 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -772,8 +772,12 @@ void __noreturn do_exit(long code)
struct task_struct *tsk = current;
int group_dead;
- profile_task_exit(tsk);
- kcov_task_exit(tsk);
+ /*
+ * We can get here from a kernel oops, sometimes with preemption off.
+ * Start by checking for critical errors.
+ * Then fix up important state like USER_DS and preemption.
+ * Then do everything else.
+ */
WARN_ON(blk_needs_flush_plug(tsk));
@@ -791,6 +795,16 @@ void __noreturn do_exit(long code)
*/
set_fs(USER_DS);
+ if (unlikely(in_atomic())) {
+ pr_info("note: %s[%d] exited with preempt_count %d\n",
+ current->comm, task_pid_nr(current),
+ preempt_count());
+ preempt_count_set(PREEMPT_ENABLED);
+ }
+
+ profile_task_exit(tsk);
+ kcov_task_exit(tsk);
+
ptrace_event(PTRACE_EVENT_EXIT, code);
validate_creds_for_do_exit(tsk);
@@ -828,13 +842,6 @@ void __noreturn do_exit(long code)
raw_spin_lock_irq(&tsk->pi_lock);
raw_spin_unlock_irq(&tsk->pi_lock);
- if (unlikely(in_atomic())) {
- pr_info("note: %s[%d] exited with preempt_count %d\n",
- current->comm, task_pid_nr(current),
- preempt_count());
- preempt_count_set(PREEMPT_ENABLED);
- }
-
/* sync mm's RSS info before statistics gathering */
if (tsk->mm)
sync_mm_rss(tsk->mm);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 136/267] sched/core: Fix illegal RCU from offline CPUs
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 135/267] exit: Move preemption fixup up, move blocking operations down Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 137/267] drivers/perf: hisi: Fix typo in events attribute array Greg Kroah-Hartman
` (132 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel),
Qian Cai, Sasha Levin, Michael Ellerman
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit bf2c59fce4074e55d622089b34be3a6bc95484fb ]
In the CPU-offline process, it calls mmdrop() after idle entry and the
subsequent call to cpuhp_report_idle_dead(). Once execution passes the
call to rcu_report_dead(), RCU is ignoring the CPU, which results in
lockdep complaining when mmdrop() uses RCU from either memcg or
debugobjects below.
Fix it by cleaning up the active_mm state from BP instead. Every arch
which has CONFIG_HOTPLUG_CPU should have already called idle_task_exit()
from AP. The only exception is parisc because it switches them to
&init_mm unconditionally (see smp_boot_one_cpu() and smp_cpu_init()),
but the patch will still work there because it calls mmgrab(&init_mm) in
smp_cpu_init() and then should call mmdrop(&init_mm) in finish_cpu().
WARNING: suspicious RCU usage
-----------------------------
kernel/workqueue.c:710 RCU or wq_pool_mutex should be held!
other info that might help us debug this:
RCU used illegally from offline CPU!
Call Trace:
dump_stack+0xf4/0x164 (unreliable)
lockdep_rcu_suspicious+0x140/0x164
get_work_pool+0x110/0x150
__queue_work+0x1bc/0xca0
queue_work_on+0x114/0x120
css_release+0x9c/0xc0
percpu_ref_put_many+0x204/0x230
free_pcp_prepare+0x264/0x570
free_unref_page+0x38/0xf0
__mmdrop+0x21c/0x2c0
idle_task_exit+0x170/0x1b0
pnv_smp_cpu_kill_self+0x38/0x2e0
cpu_die+0x48/0x64
arch_cpu_idle_dead+0x30/0x50
do_idle+0x2f4/0x470
cpu_startup_entry+0x38/0x40
start_secondary+0x7a8/0xa80
start_secondary_resume+0x10/0x14
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Link: https://lkml.kernel.org/r/20200401214033.8448-1-cai@lca.pw
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/smp.c | 1 -
include/linux/sched/mm.h | 2 ++
kernel/cpu.c | 18 +++++++++++++++++-
kernel/sched/core.c | 5 +++--
4 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/smp.c b/arch/powerpc/platforms/powernv/smp.c
index 3d3c989e44dd..8d49ba370c50 100644
--- a/arch/powerpc/platforms/powernv/smp.c
+++ b/arch/powerpc/platforms/powernv/smp.c
@@ -171,7 +171,6 @@ static void pnv_smp_cpu_kill_self(void)
/* Standard hot unplug procedure */
idle_task_exit();
- current->active_mm = NULL; /* for sanity */
cpu = smp_processor_id();
DBG("CPU%d offline\n", cpu);
generic_set_cpu_dead(cpu);
diff --git a/include/linux/sched/mm.h b/include/linux/sched/mm.h
index e9d4e389aed9..766bbe813861 100644
--- a/include/linux/sched/mm.h
+++ b/include/linux/sched/mm.h
@@ -49,6 +49,8 @@ static inline void mmdrop(struct mm_struct *mm)
__mmdrop(mm);
}
+void mmdrop(struct mm_struct *mm);
+
/*
* This has to be called after a get_task_mm()/mmget_not_zero()
* followed by taking the mmap_sem for writing before modifying the
diff --git a/kernel/cpu.c b/kernel/cpu.c
index 6d6c106a495c..08b9d6ba0807 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -3,6 +3,7 @@
*
* This code is licenced under the GPL.
*/
+#include <linux/sched/mm.h>
#include <linux/proc_fs.h>
#include <linux/smp.h>
#include <linux/init.h>
@@ -532,6 +533,21 @@ static int bringup_cpu(unsigned int cpu)
return bringup_wait_for_ap(cpu);
}
+static int finish_cpu(unsigned int cpu)
+{
+ struct task_struct *idle = idle_thread_get(cpu);
+ struct mm_struct *mm = idle->active_mm;
+
+ /*
+ * idle_task_exit() will have switched to &init_mm, now
+ * clean up any remaining active_mm state.
+ */
+ if (mm != &init_mm)
+ idle->active_mm = &init_mm;
+ mmdrop(mm);
+ return 0;
+}
+
/*
* Hotplug state machine related functions
*/
@@ -1379,7 +1395,7 @@ static struct cpuhp_step cpuhp_hp_states[] = {
[CPUHP_BRINGUP_CPU] = {
.name = "cpu:bringup",
.startup.single = bringup_cpu,
- .teardown.single = NULL,
+ .teardown.single = finish_cpu,
.cant_stop = true,
},
/* Final state before CPU kills itself */
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 2befd2c4ce9e..0325ccf3a8e4 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -5571,13 +5571,14 @@ void idle_task_exit(void)
struct mm_struct *mm = current->active_mm;
BUG_ON(cpu_online(smp_processor_id()));
+ BUG_ON(current != this_rq()->idle);
if (mm != &init_mm) {
switch_mm(mm, &init_mm, current);
- current->active_mm = &init_mm;
finish_arch_post_lock_switch();
}
- mmdrop(mm);
+
+ /* finish_cpu(), as ran on the BP, will clean up the active_mm state */
}
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 137/267] drivers/perf: hisi: Fix typo in events attribute array
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 136/267] sched/core: Fix illegal RCU from offline CPUs Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 138/267] net: lpc-enet: fix error return code in lpc_mii_init() Greg Kroah-Hartman
` (131 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaokun Zhang, Will Deacon,
Mark Rutland, Sasha Levin
From: Shaokun Zhang <zhangshaokun@hisilicon.com>
[ Upstream commit 88562f06ebf56587788783e5420f25fde3ca36c8 ]
Fix up one typo: wr_dr_64b -> wr_ddr_64b.
Fixes: 2bab3cf9104c ("perf: hisi: Add support for HiSilicon SoC HHA PMU driver")
Signed-off-by: Shaokun Zhang <zhangshaokun@hisilicon.com>
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/r/1587643530-34357-1-git-send-email-zhangshaokun@hisilicon.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/hisilicon/hisi_uncore_hha_pmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/perf/hisilicon/hisi_uncore_hha_pmu.c b/drivers/perf/hisilicon/hisi_uncore_hha_pmu.c
index 443906e0aff3..0393c4471227 100644
--- a/drivers/perf/hisilicon/hisi_uncore_hha_pmu.c
+++ b/drivers/perf/hisilicon/hisi_uncore_hha_pmu.c
@@ -290,7 +290,7 @@ static struct attribute *hisi_hha_pmu_events_attr[] = {
HISI_PMU_EVENT_ATTR(rx_wbip, 0x05),
HISI_PMU_EVENT_ATTR(rx_wtistash, 0x11),
HISI_PMU_EVENT_ATTR(rd_ddr_64b, 0x1c),
- HISI_PMU_EVENT_ATTR(wr_dr_64b, 0x1d),
+ HISI_PMU_EVENT_ATTR(wr_ddr_64b, 0x1d),
HISI_PMU_EVENT_ATTR(rd_ddr_128b, 0x1e),
HISI_PMU_EVENT_ATTR(wr_ddr_128b, 0x1f),
HISI_PMU_EVENT_ATTR(spill_num, 0x20),
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 138/267] net: lpc-enet: fix error return code in lpc_mii_init()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 137/267] drivers/perf: hisi: Fix typo in events attribute array Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 139/267] media: cec: silence shift wrapping warning in __cec_s_log_addrs() Greg Kroah-Hartman
` (130 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Vladimir Zapolskiy,
David S. Miller, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 88ec7cb22ddde725ed4ce15991f0bd9dd817fd85 ]
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes: b7370112f519 ("lpc32xx: Added ethernet driver")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/nxp/lpc_eth.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/nxp/lpc_eth.c b/drivers/net/ethernet/nxp/lpc_eth.c
index 41d30f55c946..6bd6c261f2ba 100644
--- a/drivers/net/ethernet/nxp/lpc_eth.c
+++ b/drivers/net/ethernet/nxp/lpc_eth.c
@@ -845,7 +845,8 @@ static int lpc_mii_init(struct netdata_local *pldat)
if (mdiobus_register(pldat->mii_bus))
goto err_out_unregister_bus;
- if (lpc_mii_probe(pldat->ndev) != 0)
+ err = lpc_mii_probe(pldat->ndev);
+ if (err)
goto err_out_unregister_bus;
return 0;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 139/267] media: cec: silence shift wrapping warning in __cec_s_log_addrs()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 138/267] net: lpc-enet: fix error return code in lpc_mii_init() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 140/267] net: allwinner: Fix use correct return type for ndo_start_xmit() Greg Kroah-Hartman
` (129 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 3b5af3171e2d5a73ae6f04965ed653d039904eb6 ]
The log_addrs->log_addr_type[i] value is a u8 which is controlled by
the user and comes from the ioctl. If it's over 31 then that results in
undefined behavior (shift wrapping) and that leads to a Smatch static
checker warning. We already cap the value later so we can silence the
warning just by re-ordering the existing checks.
I think the UBSan checker will also catch this bug at runtime and
generate a warning. But otherwise the bug is harmless.
Fixes: 9881fe0ca187 ("[media] cec: add HDMI CEC framework (adapter)")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/cec/cec-adap.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c
index ba7e976bf6dc..60b20ae02b05 100644
--- a/drivers/media/cec/cec-adap.c
+++ b/drivers/media/cec/cec-adap.c
@@ -1668,6 +1668,10 @@ int __cec_s_log_addrs(struct cec_adapter *adap,
unsigned j;
log_addrs->log_addr[i] = CEC_LOG_ADDR_INVALID;
+ if (log_addrs->log_addr_type[i] > CEC_LOG_ADDR_TYPE_UNREGISTERED) {
+ dprintk(1, "unknown logical address type\n");
+ return -EINVAL;
+ }
if (type_mask & (1 << log_addrs->log_addr_type[i])) {
dprintk(1, "duplicate logical address type\n");
return -EINVAL;
@@ -1688,10 +1692,6 @@ int __cec_s_log_addrs(struct cec_adapter *adap,
dprintk(1, "invalid primary device type\n");
return -EINVAL;
}
- if (log_addrs->log_addr_type[i] > CEC_LOG_ADDR_TYPE_UNREGISTERED) {
- dprintk(1, "unknown logical address type\n");
- return -EINVAL;
- }
for (j = 0; j < feature_sz; j++) {
if ((features[j] & 0x80) == 0) {
if (op_is_dev_features)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 140/267] net: allwinner: Fix use correct return type for ndo_start_xmit()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 139/267] media: cec: silence shift wrapping warning in __cec_s_log_addrs() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 141/267] powerpc/spufs: fix copy_to_user while atomic Greg Kroah-Hartman
` (128 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunjian Wang, David S. Miller, Sasha Levin
From: Yunjian Wang <wangyunjian@huawei.com>
[ Upstream commit 09f6c44aaae0f1bdb8b983d7762676d5018c53bc ]
The method ndo_start_xmit() returns a value of type netdev_tx_t. Fix
the ndo function to use the correct type. And emac_start_xmit() can
leak one skb if 'channel' == 3.
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/allwinner/sun4i-emac.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/allwinner/sun4i-emac.c b/drivers/net/ethernet/allwinner/sun4i-emac.c
index 3143de45baaa..c458b81ba63a 100644
--- a/drivers/net/ethernet/allwinner/sun4i-emac.c
+++ b/drivers/net/ethernet/allwinner/sun4i-emac.c
@@ -433,7 +433,7 @@ static void emac_timeout(struct net_device *dev)
/* Hardware start transmission.
* Send a packet to media from the upper layer.
*/
-static int emac_start_xmit(struct sk_buff *skb, struct net_device *dev)
+static netdev_tx_t emac_start_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct emac_board_info *db = netdev_priv(dev);
unsigned long channel;
@@ -441,7 +441,7 @@ static int emac_start_xmit(struct sk_buff *skb, struct net_device *dev)
channel = db->tx_fifo_stat & 3;
if (channel == 3)
- return 1;
+ return NETDEV_TX_BUSY;
channel = (channel == 1 ? 1 : 0);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 141/267] powerpc/spufs: fix copy_to_user while atomic
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 140/267] net: allwinner: Fix use correct return type for ndo_start_xmit() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 142/267] xfs: clean up the error handling in xfs_swap_extents Greg Kroah-Hartman
` (127 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeremy Kerr, Arnd Bergmann,
Christoph Hellwig, Al Viro, Sasha Levin
From: Jeremy Kerr <jk@ozlabs.org>
[ Upstream commit 88413a6bfbbe2f648df399b62f85c934460b7a4d ]
Currently, we may perform a copy_to_user (through
simple_read_from_buffer()) while holding a context's register_lock,
while accessing the context save area.
This change uses a temporary buffer for the context save area data,
which we then pass to simple_read_from_buffer.
Includes changes from Christoph Hellwig <hch@lst.de>.
Fixes: bf1ab978be23 ("[POWERPC] coredump: Add SPU elf notes to coredump.")
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
[hch: renamed to function to avoid ___-prefixes]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/cell/spufs/file.c | 113 +++++++++++++++--------
1 file changed, 75 insertions(+), 38 deletions(-)
diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index 43e7b93f27c7..d16adcd93921 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -1991,8 +1991,9 @@ static ssize_t __spufs_mbox_info_read(struct spu_context *ctx,
static ssize_t spufs_mbox_info_read(struct file *file, char __user *buf,
size_t len, loff_t *pos)
{
- int ret;
struct spu_context *ctx = file->private_data;
+ u32 stat, data;
+ int ret;
if (!access_ok(VERIFY_WRITE, buf, len))
return -EFAULT;
@@ -2001,11 +2002,16 @@ static ssize_t spufs_mbox_info_read(struct file *file, char __user *buf,
if (ret)
return ret;
spin_lock(&ctx->csa.register_lock);
- ret = __spufs_mbox_info_read(ctx, buf, len, pos);
+ stat = ctx->csa.prob.mb_stat_R;
+ data = ctx->csa.prob.pu_mb_R;
spin_unlock(&ctx->csa.register_lock);
spu_release_saved(ctx);
- return ret;
+ /* EOF if there's no entry in the mbox */
+ if (!(stat & 0x0000ff))
+ return 0;
+
+ return simple_read_from_buffer(buf, len, pos, &data, sizeof(data));
}
static const struct file_operations spufs_mbox_info_fops = {
@@ -2032,6 +2038,7 @@ static ssize_t spufs_ibox_info_read(struct file *file, char __user *buf,
size_t len, loff_t *pos)
{
struct spu_context *ctx = file->private_data;
+ u32 stat, data;
int ret;
if (!access_ok(VERIFY_WRITE, buf, len))
@@ -2041,11 +2048,16 @@ static ssize_t spufs_ibox_info_read(struct file *file, char __user *buf,
if (ret)
return ret;
spin_lock(&ctx->csa.register_lock);
- ret = __spufs_ibox_info_read(ctx, buf, len, pos);
+ stat = ctx->csa.prob.mb_stat_R;
+ data = ctx->csa.priv2.puint_mb_R;
spin_unlock(&ctx->csa.register_lock);
spu_release_saved(ctx);
- return ret;
+ /* EOF if there's no entry in the ibox */
+ if (!(stat & 0xff0000))
+ return 0;
+
+ return simple_read_from_buffer(buf, len, pos, &data, sizeof(data));
}
static const struct file_operations spufs_ibox_info_fops = {
@@ -2054,6 +2066,11 @@ static const struct file_operations spufs_ibox_info_fops = {
.llseek = generic_file_llseek,
};
+static size_t spufs_wbox_info_cnt(struct spu_context *ctx)
+{
+ return (4 - ((ctx->csa.prob.mb_stat_R & 0x00ff00) >> 8)) * sizeof(u32);
+}
+
static ssize_t __spufs_wbox_info_read(struct spu_context *ctx,
char __user *buf, size_t len, loff_t *pos)
{
@@ -2062,7 +2079,7 @@ static ssize_t __spufs_wbox_info_read(struct spu_context *ctx,
u32 wbox_stat;
wbox_stat = ctx->csa.prob.mb_stat_R;
- cnt = 4 - ((wbox_stat & 0x00ff00) >> 8);
+ cnt = spufs_wbox_info_cnt(ctx);
for (i = 0; i < cnt; i++) {
data[i] = ctx->csa.spu_mailbox_data[i];
}
@@ -2075,7 +2092,8 @@ static ssize_t spufs_wbox_info_read(struct file *file, char __user *buf,
size_t len, loff_t *pos)
{
struct spu_context *ctx = file->private_data;
- int ret;
+ u32 data[ARRAY_SIZE(ctx->csa.spu_mailbox_data)];
+ int ret, count;
if (!access_ok(VERIFY_WRITE, buf, len))
return -EFAULT;
@@ -2084,11 +2102,13 @@ static ssize_t spufs_wbox_info_read(struct file *file, char __user *buf,
if (ret)
return ret;
spin_lock(&ctx->csa.register_lock);
- ret = __spufs_wbox_info_read(ctx, buf, len, pos);
+ count = spufs_wbox_info_cnt(ctx);
+ memcpy(&data, &ctx->csa.spu_mailbox_data, sizeof(data));
spin_unlock(&ctx->csa.register_lock);
spu_release_saved(ctx);
- return ret;
+ return simple_read_from_buffer(buf, len, pos, &data,
+ count * sizeof(u32));
}
static const struct file_operations spufs_wbox_info_fops = {
@@ -2097,27 +2117,33 @@ static const struct file_operations spufs_wbox_info_fops = {
.llseek = generic_file_llseek,
};
-static ssize_t __spufs_dma_info_read(struct spu_context *ctx,
- char __user *buf, size_t len, loff_t *pos)
+static void spufs_get_dma_info(struct spu_context *ctx,
+ struct spu_dma_info *info)
{
- struct spu_dma_info info;
- struct mfc_cq_sr *qp, *spuqp;
int i;
- info.dma_info_type = ctx->csa.priv2.spu_tag_status_query_RW;
- info.dma_info_mask = ctx->csa.lscsa->tag_mask.slot[0];
- info.dma_info_status = ctx->csa.spu_chnldata_RW[24];
- info.dma_info_stall_and_notify = ctx->csa.spu_chnldata_RW[25];
- info.dma_info_atomic_command_status = ctx->csa.spu_chnldata_RW[27];
+ info->dma_info_type = ctx->csa.priv2.spu_tag_status_query_RW;
+ info->dma_info_mask = ctx->csa.lscsa->tag_mask.slot[0];
+ info->dma_info_status = ctx->csa.spu_chnldata_RW[24];
+ info->dma_info_stall_and_notify = ctx->csa.spu_chnldata_RW[25];
+ info->dma_info_atomic_command_status = ctx->csa.spu_chnldata_RW[27];
for (i = 0; i < 16; i++) {
- qp = &info.dma_info_command_data[i];
- spuqp = &ctx->csa.priv2.spuq[i];
+ struct mfc_cq_sr *qp = &info->dma_info_command_data[i];
+ struct mfc_cq_sr *spuqp = &ctx->csa.priv2.spuq[i];
qp->mfc_cq_data0_RW = spuqp->mfc_cq_data0_RW;
qp->mfc_cq_data1_RW = spuqp->mfc_cq_data1_RW;
qp->mfc_cq_data2_RW = spuqp->mfc_cq_data2_RW;
qp->mfc_cq_data3_RW = spuqp->mfc_cq_data3_RW;
}
+}
+
+static ssize_t __spufs_dma_info_read(struct spu_context *ctx,
+ char __user *buf, size_t len, loff_t *pos)
+{
+ struct spu_dma_info info;
+
+ spufs_get_dma_info(ctx, &info);
return simple_read_from_buffer(buf, len, pos, &info,
sizeof info);
@@ -2127,6 +2153,7 @@ static ssize_t spufs_dma_info_read(struct file *file, char __user *buf,
size_t len, loff_t *pos)
{
struct spu_context *ctx = file->private_data;
+ struct spu_dma_info info;
int ret;
if (!access_ok(VERIFY_WRITE, buf, len))
@@ -2136,11 +2163,12 @@ static ssize_t spufs_dma_info_read(struct file *file, char __user *buf,
if (ret)
return ret;
spin_lock(&ctx->csa.register_lock);
- ret = __spufs_dma_info_read(ctx, buf, len, pos);
+ spufs_get_dma_info(ctx, &info);
spin_unlock(&ctx->csa.register_lock);
spu_release_saved(ctx);
- return ret;
+ return simple_read_from_buffer(buf, len, pos, &info,
+ sizeof(info));
}
static const struct file_operations spufs_dma_info_fops = {
@@ -2149,13 +2177,31 @@ static const struct file_operations spufs_dma_info_fops = {
.llseek = no_llseek,
};
+static void spufs_get_proxydma_info(struct spu_context *ctx,
+ struct spu_proxydma_info *info)
+{
+ int i;
+
+ info->proxydma_info_type = ctx->csa.prob.dma_querytype_RW;
+ info->proxydma_info_mask = ctx->csa.prob.dma_querymask_RW;
+ info->proxydma_info_status = ctx->csa.prob.dma_tagstatus_R;
+
+ for (i = 0; i < 8; i++) {
+ struct mfc_cq_sr *qp = &info->proxydma_info_command_data[i];
+ struct mfc_cq_sr *puqp = &ctx->csa.priv2.puq[i];
+
+ qp->mfc_cq_data0_RW = puqp->mfc_cq_data0_RW;
+ qp->mfc_cq_data1_RW = puqp->mfc_cq_data1_RW;
+ qp->mfc_cq_data2_RW = puqp->mfc_cq_data2_RW;
+ qp->mfc_cq_data3_RW = puqp->mfc_cq_data3_RW;
+ }
+}
+
static ssize_t __spufs_proxydma_info_read(struct spu_context *ctx,
char __user *buf, size_t len, loff_t *pos)
{
struct spu_proxydma_info info;
- struct mfc_cq_sr *qp, *puqp;
int ret = sizeof info;
- int i;
if (len < ret)
return -EINVAL;
@@ -2163,18 +2209,7 @@ static ssize_t __spufs_proxydma_info_read(struct spu_context *ctx,
if (!access_ok(VERIFY_WRITE, buf, len))
return -EFAULT;
- info.proxydma_info_type = ctx->csa.prob.dma_querytype_RW;
- info.proxydma_info_mask = ctx->csa.prob.dma_querymask_RW;
- info.proxydma_info_status = ctx->csa.prob.dma_tagstatus_R;
- for (i = 0; i < 8; i++) {
- qp = &info.proxydma_info_command_data[i];
- puqp = &ctx->csa.priv2.puq[i];
-
- qp->mfc_cq_data0_RW = puqp->mfc_cq_data0_RW;
- qp->mfc_cq_data1_RW = puqp->mfc_cq_data1_RW;
- qp->mfc_cq_data2_RW = puqp->mfc_cq_data2_RW;
- qp->mfc_cq_data3_RW = puqp->mfc_cq_data3_RW;
- }
+ spufs_get_proxydma_info(ctx, &info);
return simple_read_from_buffer(buf, len, pos, &info,
sizeof info);
@@ -2184,17 +2219,19 @@ static ssize_t spufs_proxydma_info_read(struct file *file, char __user *buf,
size_t len, loff_t *pos)
{
struct spu_context *ctx = file->private_data;
+ struct spu_proxydma_info info;
int ret;
ret = spu_acquire_saved(ctx);
if (ret)
return ret;
spin_lock(&ctx->csa.register_lock);
- ret = __spufs_proxydma_info_read(ctx, buf, len, pos);
+ spufs_get_proxydma_info(ctx, &info);
spin_unlock(&ctx->csa.register_lock);
spu_release_saved(ctx);
- return ret;
+ return simple_read_from_buffer(buf, len, pos, &info,
+ sizeof(info));
}
static const struct file_operations spufs_proxydma_info_fops = {
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 142/267] xfs: clean up the error handling in xfs_swap_extents
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 141/267] powerpc/spufs: fix copy_to_user while atomic Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 143/267] Crypto/chcr: fix for ccm(aes) failed test Greg Kroah-Hartman
` (126 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Christoph Hellwig,
Sasha Levin
From: Darrick J. Wong <darrick.wong@oracle.com>
[ Upstream commit 8bc3b5e4b70d28f8edcafc3c9e4de515998eea9e ]
Make sure we release resources properly if we cannot clean out the COW
extents in preparation for an extent swap.
Fixes: 96987eea537d6c ("xfs: cancel COW blocks before swapext")
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/xfs/xfs_bmap_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c
index e638740f1681..3e1dd66bd676 100644
--- a/fs/xfs/xfs_bmap_util.c
+++ b/fs/xfs/xfs_bmap_util.c
@@ -1823,7 +1823,7 @@ xfs_swap_extents(
if (xfs_inode_has_cow_data(tip)) {
error = xfs_reflink_cancel_cow_range(tip, 0, NULLFILEOFF, true);
if (error)
- return error;
+ goto out_unlock;
}
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 143/267] Crypto/chcr: fix for ccm(aes) failed test
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 142/267] xfs: clean up the error handling in xfs_swap_extents Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 144/267] MIPS: Truncate link address into 32bit for 32bit kernel Greg Kroah-Hartman
` (125 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ayush Sawal,
Devulapally Shiva Krishna, David S. Miller, Sasha Levin
From: Devulapally Shiva Krishna <shiva@chelsio.com>
[ Upstream commit 10b0c75d7bc19606fa9a62c8ab9180e95c0e0385 ]
The ccm(aes) test fails when req->assoclen > ~240bytes.
The problem is the value assigned to auth_offset is wrong.
As auth_offset is unsigned char, it can take max value as 255.
So fix it by making it unsigned int.
Signed-off-by: Ayush Sawal <ayush.sawal@chelsio.com>
Signed-off-by: Devulapally Shiva Krishna <shiva@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/chelsio/chcr_algo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c
index c435f89f34e3..9b3c259f081d 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2764,7 +2764,7 @@ static void fill_sec_cpl_for_aead(struct cpl_tx_sec_pdu *sec_cpl,
unsigned int mac_mode = CHCR_SCMD_AUTH_MODE_CBCMAC;
unsigned int c_id = a_ctx(tfm)->dev->rx_channel_id;
unsigned int ccm_xtra;
- unsigned char tag_offset = 0, auth_offset = 0;
+ unsigned int tag_offset = 0, auth_offset = 0;
unsigned int assoclen;
if (get_aead_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_AEAD_RFC4309)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 144/267] MIPS: Truncate link address into 32bit for 32bit kernel
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 143/267] Crypto/chcr: fix for ccm(aes) failed test Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 145/267] mips: cm: Fix an invalid error code of INTVN_*_ERR Greg Kroah-Hartman
` (124 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiaxun Yang, Fangrui Song, Kees Cook,
Nathan Chancellor, Maciej W. Rozycki, Nick Desaulniers,
Thomas Bogendoerfer, Sasha Levin
From: Jiaxun Yang <jiaxun.yang@flygoat.com>
[ Upstream commit ff487d41036035376e47972c7c522490b839ab37 ]
LLD failed to link vmlinux with 64bit load address for 32bit ELF
while bfd will strip 64bit address into 32bit silently.
To fix LLD build, we should truncate load address provided by platform
into 32bit for 32bit kernel.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Link: https://github.com/ClangBuiltLinux/linux/issues/786
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=25784
Reviewed-by: Fangrui Song <maskray@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Cc: Maciej W. Rozycki <macro@linux-mips.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/Makefile | 13 ++++++++++++-
arch/mips/boot/compressed/Makefile | 2 +-
arch/mips/kernel/vmlinux.lds.S | 2 +-
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/arch/mips/Makefile b/arch/mips/Makefile
index ad0a92f95af1..63e2ad43bd6a 100644
--- a/arch/mips/Makefile
+++ b/arch/mips/Makefile
@@ -290,12 +290,23 @@ ifdef CONFIG_64BIT
endif
endif
+# When linking a 32-bit executable the LLVM linker cannot cope with a
+# 32-bit load address that has been sign-extended to 64 bits. Simply
+# remove the upper 32 bits then, as it is safe to do so with other
+# linkers.
+ifdef CONFIG_64BIT
+ load-ld = $(load-y)
+else
+ load-ld = $(subst 0xffffffff,0x,$(load-y))
+endif
+
KBUILD_AFLAGS += $(cflags-y)
KBUILD_CFLAGS += $(cflags-y)
-KBUILD_CPPFLAGS += -DVMLINUX_LOAD_ADDRESS=$(load-y)
+KBUILD_CPPFLAGS += -DVMLINUX_LOAD_ADDRESS=$(load-y) -DLINKER_LOAD_ADDRESS=$(load-ld)
KBUILD_CPPFLAGS += -DDATAOFFSET=$(if $(dataoffset-y),$(dataoffset-y),0)
bootvars-y = VMLINUX_LOAD_ADDRESS=$(load-y) \
+ LINKER_LOAD_ADDRESS=$(load-ld) \
VMLINUX_ENTRY_ADDRESS=$(entry-y) \
PLATFORM="$(platform-y)" \
ITS_INPUTS="$(its-y)"
diff --git a/arch/mips/boot/compressed/Makefile b/arch/mips/boot/compressed/Makefile
index d859f079b771..378cbfb31ee7 100644
--- a/arch/mips/boot/compressed/Makefile
+++ b/arch/mips/boot/compressed/Makefile
@@ -90,7 +90,7 @@ ifneq ($(zload-y),)
VMLINUZ_LOAD_ADDRESS := $(zload-y)
else
VMLINUZ_LOAD_ADDRESS = $(shell $(obj)/calc_vmlinuz_load_addr \
- $(obj)/vmlinux.bin $(VMLINUX_LOAD_ADDRESS))
+ $(obj)/vmlinux.bin $(LINKER_LOAD_ADDRESS))
endif
UIMAGE_LOADADDR = $(VMLINUZ_LOAD_ADDRESS)
diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S
index 36f2e860ba3e..be63fff95b2a 100644
--- a/arch/mips/kernel/vmlinux.lds.S
+++ b/arch/mips/kernel/vmlinux.lds.S
@@ -50,7 +50,7 @@ SECTIONS
/* . = 0xa800000000300000; */
. = 0xffffffff80300000;
#endif
- . = VMLINUX_LOAD_ADDRESS;
+ . = LINKER_LOAD_ADDRESS;
/* read-only */
_text = .; /* Text and read-only data */
.text : {
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 145/267] mips: cm: Fix an invalid error code of INTVN_*_ERR
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 144/267] MIPS: Truncate link address into 32bit for 32bit kernel Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 146/267] kgdb: Fix spurious true from in_dbg_master() Greg Kroah-Hartman
` (123 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Alexey Malahov,
Thomas Bogendoerfer, Paul Burton, Ralf Baechle, Arnd Bergmann,
Rob Herring, linux-pm, devicetree, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit 8a0efb8b101665a843205eab3d67ab09cb2d9a8d ]
Commit 3885c2b463f6 ("MIPS: CM: Add support for reporting CM cache
errors") adds cm2_causes[] array with map of error type ID and
pointers to the short description string. There is a mistake in
the table, since according to MIPS32 manual CM2_ERROR_TYPE = {17,18}
correspond to INTVN_WR_ERR and INTVN_RD_ERR, while the table
claims they have {0x17,0x18} codes. This is obviously hex-dec
copy-paste bug. Moreover codes {0x18 - 0x1a} indicate L2 ECC errors.
Fixes: 3885c2b463f6 ("MIPS: CM: Add support for reporting CM cache errors")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Cc: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Paul Burton <paulburton@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: linux-pm@vger.kernel.org
Cc: devicetree@vger.kernel.org
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/mips-cm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/mips/kernel/mips-cm.c b/arch/mips/kernel/mips-cm.c
index 7f3f136572de..50d3d74001cb 100644
--- a/arch/mips/kernel/mips-cm.c
+++ b/arch/mips/kernel/mips-cm.c
@@ -123,9 +123,9 @@ static char *cm2_causes[32] = {
"COH_RD_ERR", "MMIO_WR_ERR", "MMIO_RD_ERR", "0x07",
"0x08", "0x09", "0x0a", "0x0b",
"0x0c", "0x0d", "0x0e", "0x0f",
- "0x10", "0x11", "0x12", "0x13",
- "0x14", "0x15", "0x16", "INTVN_WR_ERR",
- "INTVN_RD_ERR", "0x19", "0x1a", "0x1b",
+ "0x10", "INTVN_WR_ERR", "INTVN_RD_ERR", "0x13",
+ "0x14", "0x15", "0x16", "0x17",
+ "0x18", "0x19", "0x1a", "0x1b",
"0x1c", "0x1d", "0x1e", "0x1f"
};
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 146/267] kgdb: Fix spurious true from in_dbg_master()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 145/267] mips: cm: Fix an invalid error code of INTVN_*_ERR Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 147/267] xfs: reset buffer write failure state on successful completion Greg Kroah-Hartman
` (122 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Will Deacon, Douglas Anderson,
Daniel Thompson, Sasha Levin
From: Daniel Thompson <daniel.thompson@linaro.org>
[ Upstream commit 3fec4aecb311995189217e64d725cfe84a568de3 ]
Currently there is a small window where a badly timed migration could
cause in_dbg_master() to spuriously return true. Specifically if we
migrate to a new core after reading the processor id and the previous
core takes a breakpoint then we will evaluate true if we read
kgdb_active before we get the IPI to bring us to halt.
Fix this by checking irqs_disabled() first. Interrupts are always
disabled when we are executing the kgdb trap so this is an acceptable
prerequisite. This also allows us to replace raw_smp_processor_id()
with smp_processor_id() since the short circuit logic will prevent
warnings from PREEMPT_DEBUG.
Fixes: dcc7871128e9 ("kgdb: core changes to support kdb")
Suggested-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200506164223.2875760-1-daniel.thompson@linaro.org
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/kgdb.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
index e465bb15912d..6be5545d3584 100644
--- a/include/linux/kgdb.h
+++ b/include/linux/kgdb.h
@@ -317,7 +317,7 @@ extern void gdbstub_exit(int status);
extern int kgdb_single_step;
extern atomic_t kgdb_active;
#define in_dbg_master() \
- (raw_smp_processor_id() == atomic_read(&kgdb_active))
+ (irqs_disabled() && (smp_processor_id() == atomic_read(&kgdb_active)))
extern bool dbg_is_early;
extern void __init dbg_late_init(void);
#else /* ! CONFIG_KGDB */
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 147/267] xfs: reset buffer write failure state on successful completion
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 146/267] kgdb: Fix spurious true from in_dbg_master() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 148/267] xfs: fix duplicate verification from xfs_qm_dqflush() Greg Kroah-Hartman
` (121 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Foster, Darrick J. Wong,
Christoph Hellwig, Allison Collins, Sasha Levin
From: Brian Foster <bfoster@redhat.com>
[ Upstream commit b6983e80b03bd4fd42de71993b3ac7403edac758 ]
The buffer write failure flag is intended to control the internal
write retry that XFS has historically implemented to help mitigate
the severity of transient I/O errors. The flag is set when a buffer
is resubmitted from the I/O completion path due to a previous
failure. It is checked on subsequent I/O completions to skip the
internal retry and fall through to the higher level configurable
error handling mechanism. The flag is cleared in the synchronous and
delwri submission paths and also checked in various places to log
write failure messages.
There are a couple minor problems with the current usage of this
flag. One is that we issue an internal retry after every submission
from xfsaild due to how delwri submission clears the flag. This
results in double the expected or configured number of write
attempts when under sustained failures. Another more subtle issue is
that the flag is never cleared on successful I/O completion. This
can cause xfs_wait_buftarg() to suggest that dirty buffers are being
thrown away due to the existence of the flag, when the reality is
that the flag might still be set because the write succeeded on the
retry.
Clear the write failure flag on successful I/O completion to address
both of these problems. This means that the internal retry attempt
occurs once since the last time a buffer write failed and that
various other contexts only see the flag set when the immediately
previous write attempt has failed.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Allison Collins <allison.henderson@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/xfs/xfs_buf.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c
index c1f7c0d5d608..b33a9cd4fe94 100644
--- a/fs/xfs/xfs_buf.c
+++ b/fs/xfs/xfs_buf.c
@@ -1202,8 +1202,10 @@ xfs_buf_ioend(
bp->b_ops->verify_read(bp);
}
- if (!bp->b_error)
+ if (!bp->b_error) {
+ bp->b_flags &= ~XBF_WRITE_FAIL;
bp->b_flags |= XBF_DONE;
+ }
if (bp->b_iodone)
(*(bp->b_iodone))(bp);
@@ -1263,7 +1265,7 @@ xfs_bwrite(
bp->b_flags |= XBF_WRITE;
bp->b_flags &= ~(XBF_ASYNC | XBF_READ | _XBF_DELWRI_Q |
- XBF_WRITE_FAIL | XBF_DONE);
+ XBF_DONE);
error = xfs_buf_submit(bp);
if (error) {
@@ -2000,7 +2002,7 @@ xfs_buf_delwri_submit_buffers(
* synchronously. Otherwise, drop the buffer from the delwri
* queue and submit async.
*/
- bp->b_flags &= ~(_XBF_DELWRI_Q | XBF_WRITE_FAIL);
+ bp->b_flags &= ~_XBF_DELWRI_Q;
bp->b_flags |= XBF_WRITE;
if (wait_list) {
bp->b_flags &= ~XBF_ASYNC;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 148/267] xfs: fix duplicate verification from xfs_qm_dqflush()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 147/267] xfs: reset buffer write failure state on successful completion Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 149/267] platform/x86: intel-vbtn: Use acpi_evaluate_integer() Greg Kroah-Hartman
` (120 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Foster, Dave Chinner,
Christoph Hellwig, Allison Collins, Darrick J. Wong, Sasha Levin
From: Brian Foster <bfoster@redhat.com>
[ Upstream commit 629dcb38dc351947ed6a26a997d4b587f3bd5c7e ]
The pre-flush dquot verification in xfs_qm_dqflush() duplicates the
read verifier by checking the dquot in the on-disk buffer. Instead,
verify the in-core variant before it is flushed to the buffer.
Fixes: 7224fa482a6d ("xfs: add full xfs_dqblk verifier")
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Allison Collins <allison.henderson@oracle.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/xfs/xfs_dquot.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/fs/xfs/xfs_dquot.c b/fs/xfs/xfs_dquot.c
index a1af984e4913..59b2b29542f4 100644
--- a/fs/xfs/xfs_dquot.c
+++ b/fs/xfs/xfs_dquot.c
@@ -1120,13 +1120,12 @@ xfs_qm_dqflush(
dqb = bp->b_addr + dqp->q_bufoffset;
ddqp = &dqb->dd_diskdq;
- /*
- * A simple sanity check in case we got a corrupted dquot.
- */
- fa = xfs_dqblk_verify(mp, dqb, be32_to_cpu(ddqp->d_id), 0);
+ /* sanity check the in-core structure before we flush */
+ fa = xfs_dquot_verify(mp, &dqp->q_core, be32_to_cpu(dqp->q_core.d_id),
+ 0);
if (fa) {
xfs_alert(mp, "corrupt dquot ID 0x%x in memory at %pS",
- be32_to_cpu(ddqp->d_id), fa);
+ be32_to_cpu(dqp->q_core.d_id), fa);
xfs_buf_relse(bp);
xfs_dqfunlock(dqp);
xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 149/267] platform/x86: intel-vbtn: Use acpi_evaluate_integer()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 148/267] xfs: fix duplicate verification from xfs_qm_dqflush() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 150/267] platform/x86: intel-vbtn: Split keymap into buttons and switches parts Greg Kroah-Hartman
` (119 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 18937875a231d831c309716d6d8fc358f8381881 ]
Use acpi_evaluate_integer() instead of open-coding it.
This is a preparation patch for adding a intel_vbtn_has_switches()
helper function.
Fixes: de9647efeaa9 ("platform/x86: intel-vbtn: Only activate tablet mode switch on 2-in-1's")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel-vbtn.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/drivers/platform/x86/intel-vbtn.c b/drivers/platform/x86/intel-vbtn.c
index a0d0cecff55f..0bcfa20dd614 100644
--- a/drivers/platform/x86/intel-vbtn.c
+++ b/drivers/platform/x86/intel-vbtn.c
@@ -118,28 +118,21 @@ static void detect_tablet_mode(struct platform_device *device)
const char *chassis_type = dmi_get_system_info(DMI_CHASSIS_TYPE);
struct intel_vbtn_priv *priv = dev_get_drvdata(&device->dev);
acpi_handle handle = ACPI_HANDLE(&device->dev);
- struct acpi_buffer vgbs_output = { ACPI_ALLOCATE_BUFFER, NULL };
- union acpi_object *obj;
+ unsigned long long vgbs;
acpi_status status;
int m;
if (!(chassis_type && strcmp(chassis_type, "31") == 0))
- goto out;
+ return;
- status = acpi_evaluate_object(handle, "VGBS", NULL, &vgbs_output);
+ status = acpi_evaluate_integer(handle, "VGBS", NULL, &vgbs);
if (ACPI_FAILURE(status))
- goto out;
-
- obj = vgbs_output.pointer;
- if (!(obj && obj->type == ACPI_TYPE_INTEGER))
- goto out;
+ return;
- m = !(obj->integer.value & TABLET_MODE_FLAG);
+ m = !(vgbs & TABLET_MODE_FLAG);
input_report_switch(priv->input_dev, SW_TABLET_MODE, m);
- m = (obj->integer.value & DOCK_MODE_FLAG) ? 1 : 0;
+ m = (vgbs & DOCK_MODE_FLAG) ? 1 : 0;
input_report_switch(priv->input_dev, SW_DOCK, m);
-out:
- kfree(vgbs_output.pointer);
}
static int intel_vbtn_probe(struct platform_device *device)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 150/267] platform/x86: intel-vbtn: Split keymap into buttons and switches parts
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 149/267] platform/x86: intel-vbtn: Use acpi_evaluate_integer() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 151/267] platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there Greg Kroah-Hartman
` (118 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit f6ba524970c4b73b234bf41ecd6628f5803b1559 ]
Split the sparse keymap into 2 separate keymaps, a buttons and a switches
keymap and combine the 2 to a single map again in intel_vbtn_input_setup().
This is a preparation patch for not telling userspace that we have switches
when we do not have them (and for doing the same for the buttons).
Fixes: de9647efeaa9 ("platform/x86: intel-vbtn: Only activate tablet mode switch on 2-in-1's")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel-vbtn.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/drivers/platform/x86/intel-vbtn.c b/drivers/platform/x86/intel-vbtn.c
index 0bcfa20dd614..e42203776727 100644
--- a/drivers/platform/x86/intel-vbtn.c
+++ b/drivers/platform/x86/intel-vbtn.c
@@ -39,14 +39,20 @@ static const struct key_entry intel_vbtn_keymap[] = {
{ KE_IGNORE, 0xC7, { KEY_VOLUMEDOWN } }, /* volume-down key release */
{ KE_KEY, 0xC8, { KEY_ROTATE_LOCK_TOGGLE } }, /* rotate-lock key press */
{ KE_KEY, 0xC9, { KEY_ROTATE_LOCK_TOGGLE } }, /* rotate-lock key release */
+};
+
+static const struct key_entry intel_vbtn_switchmap[] = {
{ KE_SW, 0xCA, { .sw = { SW_DOCK, 1 } } }, /* Docked */
{ KE_SW, 0xCB, { .sw = { SW_DOCK, 0 } } }, /* Undocked */
{ KE_SW, 0xCC, { .sw = { SW_TABLET_MODE, 1 } } }, /* Tablet */
{ KE_SW, 0xCD, { .sw = { SW_TABLET_MODE, 0 } } }, /* Laptop */
- { KE_END },
};
+#define KEYMAP_LEN \
+ (ARRAY_SIZE(intel_vbtn_keymap) + ARRAY_SIZE(intel_vbtn_switchmap) + 1)
+
struct intel_vbtn_priv {
+ struct key_entry keymap[KEYMAP_LEN];
struct input_dev *input_dev;
bool wakeup_mode;
};
@@ -54,13 +60,29 @@ struct intel_vbtn_priv {
static int intel_vbtn_input_setup(struct platform_device *device)
{
struct intel_vbtn_priv *priv = dev_get_drvdata(&device->dev);
- int ret;
+ int ret, keymap_len = 0;
+
+ if (true) {
+ memcpy(&priv->keymap[keymap_len], intel_vbtn_keymap,
+ ARRAY_SIZE(intel_vbtn_keymap) *
+ sizeof(struct key_entry));
+ keymap_len += ARRAY_SIZE(intel_vbtn_keymap);
+ }
+
+ if (true) {
+ memcpy(&priv->keymap[keymap_len], intel_vbtn_switchmap,
+ ARRAY_SIZE(intel_vbtn_switchmap) *
+ sizeof(struct key_entry));
+ keymap_len += ARRAY_SIZE(intel_vbtn_switchmap);
+ }
+
+ priv->keymap[keymap_len].type = KE_END;
priv->input_dev = devm_input_allocate_device(&device->dev);
if (!priv->input_dev)
return -ENOMEM;
- ret = sparse_keymap_setup(priv->input_dev, intel_vbtn_keymap, NULL);
+ ret = sparse_keymap_setup(priv->input_dev, priv->keymap, NULL);
if (ret)
return ret;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 151/267] platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 150/267] platform/x86: intel-vbtn: Split keymap into buttons and switches parts Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 152/267] platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types Greg Kroah-Hartman
` (117 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 990fbb48067bf8cfa34b7d1e6e1674eaaef2f450 ]
Commit de9647efeaa9 ("platform/x86: intel-vbtn: Only activate tablet mode
switch on 2-in-1's") added a DMI chassis-type check to avoid accidentally
reporting SW_TABLET_MODE = 1 to userspace on laptops (specifically on the
Dell XPS 9360), to avoid e.g. userspace ignoring touchpad events because
userspace thought the device was in tablet-mode.
But if we are not getting the initial status of the switch because the
device does not have a tablet mode, then we really should not advertise
the presence of a tablet-mode switch to userspace at all, as userspace may
use the mere presence of this switch for certain heuristics.
Fixes: de9647efeaa9 ("platform/x86: intel-vbtn: Only activate tablet mode switch on 2-in-1's")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel-vbtn.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
diff --git a/drivers/platform/x86/intel-vbtn.c b/drivers/platform/x86/intel-vbtn.c
index e42203776727..23cda7aa96cd 100644
--- a/drivers/platform/x86/intel-vbtn.c
+++ b/drivers/platform/x86/intel-vbtn.c
@@ -54,6 +54,7 @@ static const struct key_entry intel_vbtn_switchmap[] = {
struct intel_vbtn_priv {
struct key_entry keymap[KEYMAP_LEN];
struct input_dev *input_dev;
+ bool has_switches;
bool wakeup_mode;
};
@@ -69,7 +70,7 @@ static int intel_vbtn_input_setup(struct platform_device *device)
keymap_len += ARRAY_SIZE(intel_vbtn_keymap);
}
- if (true) {
+ if (priv->has_switches) {
memcpy(&priv->keymap[keymap_len], intel_vbtn_switchmap,
ARRAY_SIZE(intel_vbtn_switchmap) *
sizeof(struct key_entry));
@@ -137,16 +138,12 @@ out_unknown:
static void detect_tablet_mode(struct platform_device *device)
{
- const char *chassis_type = dmi_get_system_info(DMI_CHASSIS_TYPE);
struct intel_vbtn_priv *priv = dev_get_drvdata(&device->dev);
acpi_handle handle = ACPI_HANDLE(&device->dev);
unsigned long long vgbs;
acpi_status status;
int m;
- if (!(chassis_type && strcmp(chassis_type, "31") == 0))
- return;
-
status = acpi_evaluate_integer(handle, "VGBS", NULL, &vgbs);
if (ACPI_FAILURE(status))
return;
@@ -157,6 +154,19 @@ static void detect_tablet_mode(struct platform_device *device)
input_report_switch(priv->input_dev, SW_DOCK, m);
}
+static bool intel_vbtn_has_switches(acpi_handle handle)
+{
+ const char *chassis_type = dmi_get_system_info(DMI_CHASSIS_TYPE);
+ unsigned long long vgbs;
+ acpi_status status;
+
+ if (!(chassis_type && strcmp(chassis_type, "31") == 0))
+ return false;
+
+ status = acpi_evaluate_integer(handle, "VGBS", NULL, &vgbs);
+ return ACPI_SUCCESS(status);
+}
+
static int intel_vbtn_probe(struct platform_device *device)
{
acpi_handle handle = ACPI_HANDLE(&device->dev);
@@ -175,13 +185,16 @@ static int intel_vbtn_probe(struct platform_device *device)
return -ENOMEM;
dev_set_drvdata(&device->dev, priv);
+ priv->has_switches = intel_vbtn_has_switches(handle);
+
err = intel_vbtn_input_setup(device);
if (err) {
pr_err("Failed to setup Intel Virtual Button\n");
return err;
}
- detect_tablet_mode(device);
+ if (priv->has_switches)
+ detect_tablet_mode(device);
status = acpi_install_notify_handler(handle,
ACPI_DEVICE_NOTIFY,
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 152/267] platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 151/267] platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 153/267] nvme: refine the Qemu Identify CNS quirk Greg Kroah-Hartman
` (116 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Mario Limonciello,
Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 1fac39fd0316b19c3e57a182524332332d1643ce ]
Commit de9647efeaa9 ("platform/x86: intel-vbtn: Only activate tablet mode
switch on 2-in-1's") added a DMI chassis-type check to avoid accidentally
reporting SW_TABLET_MODE = 1 to userspace on laptops.
Some devices with a detachable keyboard and using the intel-vbnt (INT33D6)
interface to report if they are in tablet mode (keyboard detached) or not,
report 32 / "Detachable" as chassis-type, e.g. the HP Pavilion X2 series.
Other devices with a detachable keyboard and using the intel-vbnt (INT33D6)
interface to report SW_TABLET_MODE, report 8 / "Portable" as chassis-type.
The Dell Venue 11 Pro 7130 is an example of this.
Extend the DMI chassis-type check to also accept Portables and Detachables
so that the intel-vbtn driver will report SW_TABLET_MODE on these devices.
Note the chassis-type check was originally added to avoid a false-positive
tablet-mode report on the Dell XPS 9360 laptop. To the best of my knowledge
that laptop is using a chassis-type of 9 / "Laptop", so after this commit
we still ignore the tablet-switch for that chassis-type.
Fixes: de9647efeaa9 ("platform/x86: intel-vbtn: Only activate tablet mode switch on 2-in-1's")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Mario Limonciello <Mario.limonciello@dell.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel-vbtn.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/intel-vbtn.c b/drivers/platform/x86/intel-vbtn.c
index 23cda7aa96cd..5f8120d12859 100644
--- a/drivers/platform/x86/intel-vbtn.c
+++ b/drivers/platform/x86/intel-vbtn.c
@@ -157,12 +157,22 @@ static void detect_tablet_mode(struct platform_device *device)
static bool intel_vbtn_has_switches(acpi_handle handle)
{
const char *chassis_type = dmi_get_system_info(DMI_CHASSIS_TYPE);
+ unsigned long chassis_type_int;
unsigned long long vgbs;
acpi_status status;
- if (!(chassis_type && strcmp(chassis_type, "31") == 0))
+ if (kstrtoul(chassis_type, 10, &chassis_type_int))
return false;
+ switch (chassis_type_int) {
+ case 8: /* Portable */
+ case 31: /* Convertible */
+ case 32: /* Detachable */
+ break;
+ default:
+ return false;
+ }
+
status = acpi_evaluate_integer(handle, "VGBS", NULL, &vgbs);
return ACPI_SUCCESS(status);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 153/267] nvme: refine the Qemu Identify CNS quirk
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 152/267] platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 154/267] ath10k: Remove msdu from idr when management pkt send fails Greg Kroah-Hartman
` (115 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Keith Busch,
Sagi Grimberg, Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit b9a5c3d4c34d8bd9fd75f7f28d18a57cb68da237 ]
Add a helper to check if we can use Identify CNS values > 1, and refine
the Qemu quirk to not apply to reported versions larger than 1.1, as the
Qemu implementation had been fixed by then.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index d5359c7c811a..0d60f2f8f3ee 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -926,6 +926,19 @@ void nvme_stop_keep_alive(struct nvme_ctrl *ctrl)
}
EXPORT_SYMBOL_GPL(nvme_stop_keep_alive);
+/*
+ * In NVMe 1.0 the CNS field was just a binary controller or namespace
+ * flag, thus sending any new CNS opcodes has a big chance of not working.
+ * Qemu unfortunately had that bug after reporting a 1.1 version compliance
+ * (but not for any later version).
+ */
+static bool nvme_ctrl_limited_cns(struct nvme_ctrl *ctrl)
+{
+ if (ctrl->quirks & NVME_QUIRK_IDENTIFY_CNS)
+ return ctrl->vs < NVME_VS(1, 2, 0);
+ return ctrl->vs < NVME_VS(1, 1, 0);
+}
+
static int nvme_identify_ctrl(struct nvme_ctrl *dev, struct nvme_id_ctrl **id)
{
struct nvme_command c = { };
@@ -3368,8 +3381,7 @@ static void nvme_scan_work(struct work_struct *work)
mutex_lock(&ctrl->scan_lock);
nn = le32_to_cpu(id->nn);
- if (ctrl->vs >= NVME_VS(1, 1, 0) &&
- !(ctrl->quirks & NVME_QUIRK_IDENTIFY_CNS)) {
+ if (!nvme_ctrl_limited_cns(ctrl)) {
if (!nvme_scan_ns_list(ctrl, nn))
goto out_free_id;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 154/267] ath10k: Remove msdu from idr when management pkt send fails
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 153/267] nvme: refine the Qemu Identify CNS quirk Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 155/267] wcn36xx: Fix error handling path in wcn36xx_probe() Greg Kroah-Hartman
` (114 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rakesh Pillai, Kalle Valo, Sasha Levin
From: Rakesh Pillai <pillair@codeaurora.org>
[ Upstream commit c730c477176ad4af86d9aae4d360a7ad840b073a ]
Currently when the sending of any management pkt
via wmi command fails, the packet is being unmapped
freed in the error handling. But the idr entry added,
which is used to track these packet is not getting removed.
Hence, during unload, in wmi cleanup, all the entries
in IDR are removed and the corresponding buffer is
attempted to be freed. This can cause a situation where
one packet is attempted to be freed twice.
Fix this error by rmeoving the msdu from the idr
list when the sending of a management packet over
wmi fails.
Tested HW: WCN3990
Tested FW: WLAN.HL.3.1-01040-QCAHLSWMTPLZ-1
Fixes: 1807da49733e ("ath10k: wmi: add management tx by reference support over wmi")
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1588667015-25490-1-git-send-email-pillair@codeaurora.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 3 +++
drivers/net/wireless/ath/ath10k/wmi-ops.h | 10 ++++++++++
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 15 +++++++++++++++
3 files changed, 28 insertions(+)
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index a09d7a07e90a..81af403c19c2 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -3852,6 +3852,9 @@ void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
if (ret) {
ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
ret);
+ /* remove this msdu from idr tracking */
+ ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
+
dma_unmap_single(ar->dev, paddr, skb->len,
DMA_TO_DEVICE);
ieee80211_free_txskb(ar->hw, skb);
diff --git a/drivers/net/wireless/ath/ath10k/wmi-ops.h b/drivers/net/wireless/ath/ath10k/wmi-ops.h
index 7fd63bbf8e24..b6cd33fa79f8 100644
--- a/drivers/net/wireless/ath/ath10k/wmi-ops.h
+++ b/drivers/net/wireless/ath/ath10k/wmi-ops.h
@@ -139,6 +139,7 @@ struct wmi_ops {
struct sk_buff *(*gen_mgmt_tx_send)(struct ath10k *ar,
struct sk_buff *skb,
dma_addr_t paddr);
+ int (*cleanup_mgmt_tx_send)(struct ath10k *ar, struct sk_buff *msdu);
struct sk_buff *(*gen_dbglog_cfg)(struct ath10k *ar, u64 module_enable,
u32 log_level);
struct sk_buff *(*gen_pktlog_enable)(struct ath10k *ar, u32 filter);
@@ -431,6 +432,15 @@ ath10k_wmi_get_txbf_conf_scheme(struct ath10k *ar)
return ar->wmi.ops->get_txbf_conf_scheme(ar);
}
+static inline int
+ath10k_wmi_cleanup_mgmt_tx_send(struct ath10k *ar, struct sk_buff *msdu)
+{
+ if (!ar->wmi.ops->cleanup_mgmt_tx_send)
+ return -EOPNOTSUPP;
+
+ return ar->wmi.ops->cleanup_mgmt_tx_send(ar, msdu);
+}
+
static inline int
ath10k_wmi_mgmt_tx_send(struct ath10k *ar, struct sk_buff *msdu,
dma_addr_t paddr)
diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
index 248decb494c2..7f435fa29f75 100644
--- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
+++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
@@ -2638,6 +2638,18 @@ ath10k_wmi_tlv_op_gen_request_stats(struct ath10k *ar, u32 stats_mask)
return skb;
}
+static int
+ath10k_wmi_tlv_op_cleanup_mgmt_tx_send(struct ath10k *ar,
+ struct sk_buff *msdu)
+{
+ struct ath10k_skb_cb *cb = ATH10K_SKB_CB(msdu);
+ struct ath10k_wmi *wmi = &ar->wmi;
+
+ idr_remove(&wmi->mgmt_pending_tx, cb->msdu_id);
+
+ return 0;
+}
+
static int
ath10k_wmi_mgmt_tx_alloc_msdu_id(struct ath10k *ar, struct sk_buff *skb,
dma_addr_t paddr)
@@ -2710,6 +2722,8 @@ ath10k_wmi_tlv_op_gen_mgmt_tx_send(struct ath10k *ar, struct sk_buff *msdu,
if (desc_id < 0)
goto err_free_skb;
+ cb->msdu_id = desc_id;
+
ptr = (void *)skb->data;
tlv = ptr;
tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_MGMT_TX_CMD);
@@ -3949,6 +3963,7 @@ static const struct wmi_ops wmi_tlv_ops = {
.gen_force_fw_hang = ath10k_wmi_tlv_op_gen_force_fw_hang,
/* .gen_mgmt_tx = not implemented; HTT is used */
.gen_mgmt_tx_send = ath10k_wmi_tlv_op_gen_mgmt_tx_send,
+ .cleanup_mgmt_tx_send = ath10k_wmi_tlv_op_cleanup_mgmt_tx_send,
.gen_dbglog_cfg = ath10k_wmi_tlv_op_gen_dbglog_cfg,
.gen_pktlog_enable = ath10k_wmi_tlv_op_gen_pktlog_enable,
.gen_pktlog_disable = ath10k_wmi_tlv_op_gen_pktlog_disable,
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 155/267] wcn36xx: Fix error handling path in wcn36xx_probe()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 154/267] ath10k: Remove msdu from idr when management pkt send fails Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 156/267] net: qed*: Reduce RX and TX default ring count when running inside kdump kernel Greg Kroah-Hartman
` (113 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Bjorn Andersson,
Kalle Valo, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit a86308fc534edeceaf64670c691e17485436a4f4 ]
In case of error, 'qcom_wcnss_open_channel()' must be undone by a call to
'rpmsg_destroy_ept()', as already done in the remove function.
Fixes: 5052de8deff5 ("soc: qcom: smd: Transition client drivers from smd to rpmsg")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200507043619.200051-1-christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/main.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c
index 79998a3ddb7a..ad051f34e65b 100644
--- a/drivers/net/wireless/ath/wcn36xx/main.c
+++ b/drivers/net/wireless/ath/wcn36xx/main.c
@@ -1341,7 +1341,7 @@ static int wcn36xx_probe(struct platform_device *pdev)
if (addr && ret != ETH_ALEN) {
wcn36xx_err("invalid local-mac-address\n");
ret = -EINVAL;
- goto out_wq;
+ goto out_destroy_ept;
} else if (addr) {
wcn36xx_info("mac address: %pM\n", addr);
SET_IEEE80211_PERM_ADDR(wcn->hw, addr);
@@ -1349,7 +1349,7 @@ static int wcn36xx_probe(struct platform_device *pdev)
ret = wcn36xx_platform_get_resources(wcn, pdev);
if (ret)
- goto out_wq;
+ goto out_destroy_ept;
wcn36xx_init_ieee80211(wcn);
ret = ieee80211_register_hw(wcn->hw);
@@ -1361,6 +1361,8 @@ static int wcn36xx_probe(struct platform_device *pdev)
out_unmap:
iounmap(wcn->ccu_base);
iounmap(wcn->dxe_base);
+out_destroy_ept:
+ rpmsg_destroy_ept(wcn->smd_channel);
out_wq:
ieee80211_free_hw(hw);
out_err:
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 156/267] net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 155/267] wcn36xx: Fix error handling path in wcn36xx_probe() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 157/267] mt76: avoid rx reorder buffer overflow Greg Kroah-Hartman
` (112 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kexec, Ariel Elior,
GR-everest-linux-l2, Manish Chopra, David S. Miller,
Bhupesh Sharma, Sasha Levin
From: Bhupesh Sharma <bhsharma@redhat.com>
[ Upstream commit 73e030977f7884dbe1be0018bab517e8d02760f8 ]
Normally kdump kernel(s) run under severe memory constraint with the
basic idea being to save the crashdump vmcore reliably when the primary
kernel panics/hangs.
Currently the qed* ethernet driver ends up consuming a lot of memory in
the kdump kernel, leading to kdump kernel panic when one tries to save
the vmcore via ssh/nfs (thus utilizing the services of the underlying
qed* network interfaces).
An example OOM message log seen in the kdump kernel can be seen here
[1], with crashkernel size reservation of 512M.
Using tools like memstrack (see [2]), we can track the modules taking up
the bulk of memory in the kdump kernel and organize the memory usage
output as per 'highest allocator first'. An example log for the OOM case
indicates that the qed* modules end up allocating approximately 216M
memory, which is a large part of the total crashkernel size:
dracut-pre-pivot[676]: ======== Report format module_summary: ========
dracut-pre-pivot[676]: Module qed using 149.6MB (2394 pages), peak allocation 149.6MB (2394 pages)
dracut-pre-pivot[676]: Module qede using 65.3MB (1045 pages), peak allocation 65.3MB (1045 pages)
This patch reduces the default RX and TX ring count from 1024 to 64
when running inside kdump kernel, which leads to a significant memory
saving.
An example log with the patch applied shows the reduced memory
allocation in the kdump kernel:
dracut-pre-pivot[674]: ======== Report format module_summary: ========
dracut-pre-pivot[674]: Module qed using 141.8MB (2268 pages), peak allocation 141.8MB (2268 pages)
<..snip..>
[dracut-pre-pivot[674]: Module qede using 4.8MB (76 pages), peak allocation 4.9MB (78 pages)
Tested crashdump vmcore save via ssh/nfs protocol using underlying qed*
network interface after applying this patch.
[1] OOM log:
------------
kworker/0:6: page allocation failure: order:6,
mode:0x60c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null)
kworker/0:6 cpuset=/ mems_allowed=0
CPU: 0 PID: 145 Comm: kworker/0:6 Not tainted 4.18.0-109.el8.aarch64 #1
Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL025
01/18/2019
Workqueue: events work_for_cpu_fn
Call trace:
dump_backtrace+0x0/0x188
show_stack+0x24/0x30
dump_stack+0x90/0xb4
warn_alloc+0xf4/0x178
__alloc_pages_nodemask+0xcac/0xd58
alloc_pages_current+0x8c/0xf8
kmalloc_order_trace+0x38/0x108
qed_iov_alloc+0x40/0x248 [qed]
qed_resc_alloc+0x224/0x518 [qed]
qed_slowpath_start+0x254/0x928 [qed]
__qede_probe+0xf8/0x5e0 [qede]
qede_probe+0x68/0xd8 [qede]
local_pci_probe+0x44/0xa8
work_for_cpu_fn+0x20/0x30
process_one_work+0x1ac/0x3e8
worker_thread+0x44/0x448
kthread+0x130/0x138
ret_from_fork+0x10/0x18
Cannot start slowpath
qede: probe of 0000:05:00.1 failed with error -12
[2]. Memstrack tool: https://github.com/ryncsn/memstrack
Cc: kexec@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Cc: Ariel Elior <aelior@marvell.com>
Cc: GR-everest-linux-l2@marvell.com
Cc: Manish Chopra <manishc@marvell.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Bhupesh Sharma <bhsharma@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qede/qede.h | 2 ++
drivers/net/ethernet/qlogic/qede/qede_main.c | 11 +++++++++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qede/qede.h b/drivers/net/ethernet/qlogic/qede/qede.h
index dc3be8a4acf4..2bdc410d1144 100644
--- a/drivers/net/ethernet/qlogic/qede/qede.h
+++ b/drivers/net/ethernet/qlogic/qede/qede.h
@@ -550,12 +550,14 @@ int qede_add_tc_flower_fltr(struct qede_dev *edev, __be16 proto,
#define RX_RING_SIZE ((u16)BIT(RX_RING_SIZE_POW))
#define NUM_RX_BDS_MAX (RX_RING_SIZE - 1)
#define NUM_RX_BDS_MIN 128
+#define NUM_RX_BDS_KDUMP_MIN 63
#define NUM_RX_BDS_DEF ((u16)BIT(10) - 1)
#define TX_RING_SIZE_POW 13
#define TX_RING_SIZE ((u16)BIT(TX_RING_SIZE_POW))
#define NUM_TX_BDS_MAX (TX_RING_SIZE - 1)
#define NUM_TX_BDS_MIN 128
+#define NUM_TX_BDS_KDUMP_MIN 63
#define NUM_TX_BDS_DEF NUM_TX_BDS_MAX
#define QEDE_MIN_PKT_LEN 64
diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c
index 0d8e39ffbcd1..1aabb2e7a38b 100644
--- a/drivers/net/ethernet/qlogic/qede/qede_main.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_main.c
@@ -29,6 +29,7 @@
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
+#include <linux/crash_dump.h>
#include <linux/module.h>
#include <linux/pci.h>
#include <linux/version.h>
@@ -730,8 +731,14 @@ static struct qede_dev *qede_alloc_etherdev(struct qed_dev *cdev,
edev->dp_module = dp_module;
edev->dp_level = dp_level;
edev->ops = qed_ops;
- edev->q_num_rx_buffers = NUM_RX_BDS_DEF;
- edev->q_num_tx_buffers = NUM_TX_BDS_DEF;
+
+ if (is_kdump_kernel()) {
+ edev->q_num_rx_buffers = NUM_RX_BDS_KDUMP_MIN;
+ edev->q_num_tx_buffers = NUM_TX_BDS_KDUMP_MIN;
+ } else {
+ edev->q_num_rx_buffers = NUM_RX_BDS_DEF;
+ edev->q_num_tx_buffers = NUM_TX_BDS_DEF;
+ }
DP_INFO(edev, "Allocated netdev with %d tx queues and %d rx queues\n",
info->num_queues, info->num_queues);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 157/267] mt76: avoid rx reorder buffer overflow
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 156/267] net: qed*: Reduce RX and TX default ring count when running inside kdump kernel Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 15:39 ` Felix Fietkau
2020-06-19 14:32 ` [PATCH 4.19 158/267] md: dont flush workqueue unconditionally in md_open Greg Kroah-Hartman
` (111 subsequent siblings)
268 siblings, 1 reply; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chih-Min Chen, Ryder Lee,
Felix Fietkau, Sasha Levin
From: Ryder Lee <ryder.lee@mediatek.com>
[ Upstream commit 7c4f744d6703757be959f521a7a441bf34745d99 ]
Enlarge slot to support 11ax 256 BA (256 MPDUs in an AMPDU)
Signed-off-by: Chih-Min Chen <chih-min.chen@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/agg-rx.c | 8 ++++----
drivers/net/wireless/mediatek/mt76/mt76.h | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/agg-rx.c b/drivers/net/wireless/mediatek/mt76/agg-rx.c
index 73c8b2805c97..d44d57e6eb27 100644
--- a/drivers/net/wireless/mediatek/mt76/agg-rx.c
+++ b/drivers/net/wireless/mediatek/mt76/agg-rx.c
@@ -154,8 +154,8 @@ void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames)
struct ieee80211_sta *sta;
struct mt76_rx_tid *tid;
bool sn_less;
- u16 seqno, head, size;
- u8 ackp, idx;
+ u16 seqno, head, size, idx;
+ u8 ackp;
__skb_queue_tail(frames, skb);
@@ -240,7 +240,7 @@ out:
}
int mt76_rx_aggr_start(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tidno,
- u16 ssn, u8 size)
+ u16 ssn, u16 size)
{
struct mt76_rx_tid *tid;
@@ -264,7 +264,7 @@ EXPORT_SYMBOL_GPL(mt76_rx_aggr_start);
static void mt76_rx_aggr_shutdown(struct mt76_dev *dev, struct mt76_rx_tid *tid)
{
- u8 size = tid->size;
+ u16 size = tid->size;
int i;
cancel_delayed_work(&tid->reorder_work);
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h b/drivers/net/wireless/mediatek/mt76/mt76.h
index 2eab35879163..7b1667ec619e 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -193,8 +193,8 @@ struct mt76_rx_tid {
struct delayed_work reorder_work;
u16 head;
- u8 size;
- u8 nframes;
+ u16 size;
+ u16 nframes;
u8 started:1, stopped:1, timer_pending:1;
@@ -537,7 +537,7 @@ int mt76_get_survey(struct ieee80211_hw *hw, int idx,
void mt76_set_stream_caps(struct mt76_dev *dev, bool vht);
int mt76_rx_aggr_start(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tid,
- u16 ssn, u8 size);
+ u16 ssn, u16 size);
void mt76_rx_aggr_stop(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tid);
void mt76_wcid_key_setup(struct mt76_dev *dev, struct mt76_wcid *wcid,
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 158/267] md: dont flush workqueue unconditionally in md_open
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 157/267] mt76: avoid rx reorder buffer overflow Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 159/267] veth: Adjust hard_start offset on redirect XDP frames Greg Kroah-Hartman
` (110 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Song Liu, Sasha Levin
From: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
[ Upstream commit f6766ff6afff70e2aaf39e1511e16d471de7c3ae ]
We need to check mddev->del_work before flush workqueu since the purpose
of flush is to ensure the previous md is disappeared. Otherwise the similar
deadlock appeared if LOCKDEP is enabled, it is due to md_open holds the
bdev->bd_mutex before flush workqueue.
kernel: [ 154.522645] ======================================================
kernel: [ 154.522647] WARNING: possible circular locking dependency detected
kernel: [ 154.522650] 5.6.0-rc7-lp151.27-default #25 Tainted: G O
kernel: [ 154.522651] ------------------------------------------------------
kernel: [ 154.522653] mdadm/2482 is trying to acquire lock:
kernel: [ 154.522655] ffff888078529128 ((wq_completion)md_misc){+.+.}, at: flush_workqueue+0x84/0x4b0
kernel: [ 154.522673]
kernel: [ 154.522673] but task is already holding lock:
kernel: [ 154.522675] ffff88804efa9338 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x79/0x590
kernel: [ 154.522691]
kernel: [ 154.522691] which lock already depends on the new lock.
kernel: [ 154.522691]
kernel: [ 154.522694]
kernel: [ 154.522694] the existing dependency chain (in reverse order) is:
kernel: [ 154.522696]
kernel: [ 154.522696] -> #4 (&bdev->bd_mutex){+.+.}:
kernel: [ 154.522704] __mutex_lock+0x87/0x950
kernel: [ 154.522706] __blkdev_get+0x79/0x590
kernel: [ 154.522708] blkdev_get+0x65/0x140
kernel: [ 154.522709] blkdev_get_by_dev+0x2f/0x40
kernel: [ 154.522716] lock_rdev+0x3d/0x90 [md_mod]
kernel: [ 154.522719] md_import_device+0xd6/0x1b0 [md_mod]
kernel: [ 154.522723] new_dev_store+0x15e/0x210 [md_mod]
kernel: [ 154.522728] md_attr_store+0x7a/0xc0 [md_mod]
kernel: [ 154.522732] kernfs_fop_write+0x117/0x1b0
kernel: [ 154.522735] vfs_write+0xad/0x1a0
kernel: [ 154.522737] ksys_write+0xa4/0xe0
kernel: [ 154.522745] do_syscall_64+0x64/0x2b0
kernel: [ 154.522748] entry_SYSCALL_64_after_hwframe+0x49/0xbe
kernel: [ 154.522749]
kernel: [ 154.522749] -> #3 (&mddev->reconfig_mutex){+.+.}:
kernel: [ 154.522752] __mutex_lock+0x87/0x950
kernel: [ 154.522756] new_dev_store+0xc9/0x210 [md_mod]
kernel: [ 154.522759] md_attr_store+0x7a/0xc0 [md_mod]
kernel: [ 154.522761] kernfs_fop_write+0x117/0x1b0
kernel: [ 154.522763] vfs_write+0xad/0x1a0
kernel: [ 154.522765] ksys_write+0xa4/0xe0
kernel: [ 154.522767] do_syscall_64+0x64/0x2b0
kernel: [ 154.522769] entry_SYSCALL_64_after_hwframe+0x49/0xbe
kernel: [ 154.522770]
kernel: [ 154.522770] -> #2 (kn->count#253){++++}:
kernel: [ 154.522775] __kernfs_remove+0x253/0x2c0
kernel: [ 154.522778] kernfs_remove+0x1f/0x30
kernel: [ 154.522780] kobject_del+0x28/0x60
kernel: [ 154.522783] mddev_delayed_delete+0x24/0x30 [md_mod]
kernel: [ 154.522786] process_one_work+0x2a7/0x5f0
kernel: [ 154.522788] worker_thread+0x2d/0x3d0
kernel: [ 154.522793] kthread+0x117/0x130
kernel: [ 154.522795] ret_from_fork+0x3a/0x50
kernel: [ 154.522796]
kernel: [ 154.522796] -> #1 ((work_completion)(&mddev->del_work)){+.+.}:
kernel: [ 154.522800] process_one_work+0x27e/0x5f0
kernel: [ 154.522802] worker_thread+0x2d/0x3d0
kernel: [ 154.522804] kthread+0x117/0x130
kernel: [ 154.522806] ret_from_fork+0x3a/0x50
kernel: [ 154.522807]
kernel: [ 154.522807] -> #0 ((wq_completion)md_misc){+.+.}:
kernel: [ 154.522813] __lock_acquire+0x1392/0x1690
kernel: [ 154.522816] lock_acquire+0xb4/0x1a0
kernel: [ 154.522818] flush_workqueue+0xab/0x4b0
kernel: [ 154.522821] md_open+0xb6/0xc0 [md_mod]
kernel: [ 154.522823] __blkdev_get+0xea/0x590
kernel: [ 154.522825] blkdev_get+0x65/0x140
kernel: [ 154.522828] do_dentry_open+0x1d1/0x380
kernel: [ 154.522831] path_openat+0x567/0xcc0
kernel: [ 154.522834] do_filp_open+0x9b/0x110
kernel: [ 154.522836] do_sys_openat2+0x201/0x2a0
kernel: [ 154.522838] do_sys_open+0x57/0x80
kernel: [ 154.522840] do_syscall_64+0x64/0x2b0
kernel: [ 154.522842] entry_SYSCALL_64_after_hwframe+0x49/0xbe
kernel: [ 154.522844]
kernel: [ 154.522844] other info that might help us debug this:
kernel: [ 154.522844]
kernel: [ 154.522846] Chain exists of:
kernel: [ 154.522846] (wq_completion)md_misc --> &mddev->reconfig_mutex --> &bdev->bd_mutex
kernel: [ 154.522846]
kernel: [ 154.522850] Possible unsafe locking scenario:
kernel: [ 154.522850]
kernel: [ 154.522852] CPU0 CPU1
kernel: [ 154.522853] ---- ----
kernel: [ 154.522854] lock(&bdev->bd_mutex);
kernel: [ 154.522856] lock(&mddev->reconfig_mutex);
kernel: [ 154.522858] lock(&bdev->bd_mutex);
kernel: [ 154.522860] lock((wq_completion)md_misc);
kernel: [ 154.522861]
kernel: [ 154.522861] *** DEADLOCK ***
kernel: [ 154.522861]
kernel: [ 154.522864] 1 lock held by mdadm/2482:
kernel: [ 154.522865] #0: ffff88804efa9338 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x79/0x590
kernel: [ 154.522868]
kernel: [ 154.522868] stack backtrace:
kernel: [ 154.522873] CPU: 1 PID: 2482 Comm: mdadm Tainted: G O 5.6.0-rc7-lp151.27-default #25
kernel: [ 154.522875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
kernel: [ 154.522878] Call Trace:
kernel: [ 154.522881] dump_stack+0x8f/0xcb
kernel: [ 154.522884] check_noncircular+0x194/0x1b0
kernel: [ 154.522888] ? __lock_acquire+0x1392/0x1690
kernel: [ 154.522890] __lock_acquire+0x1392/0x1690
kernel: [ 154.522893] lock_acquire+0xb4/0x1a0
kernel: [ 154.522895] ? flush_workqueue+0x84/0x4b0
kernel: [ 154.522898] flush_workqueue+0xab/0x4b0
kernel: [ 154.522900] ? flush_workqueue+0x84/0x4b0
kernel: [ 154.522905] ? md_open+0xb6/0xc0 [md_mod]
kernel: [ 154.522908] md_open+0xb6/0xc0 [md_mod]
kernel: [ 154.522910] __blkdev_get+0xea/0x590
kernel: [ 154.522912] ? bd_acquire+0xc0/0xc0
kernel: [ 154.522914] blkdev_get+0x65/0x140
kernel: [ 154.522916] ? bd_acquire+0xc0/0xc0
kernel: [ 154.522918] do_dentry_open+0x1d1/0x380
kernel: [ 154.522921] path_openat+0x567/0xcc0
kernel: [ 154.522923] ? __lock_acquire+0x380/0x1690
kernel: [ 154.522926] do_filp_open+0x9b/0x110
kernel: [ 154.522929] ? __alloc_fd+0xe5/0x1f0
kernel: [ 154.522935] ? kmem_cache_alloc+0x28c/0x630
kernel: [ 154.522939] ? do_sys_openat2+0x201/0x2a0
kernel: [ 154.522941] do_sys_openat2+0x201/0x2a0
kernel: [ 154.522944] do_sys_open+0x57/0x80
kernel: [ 154.522946] do_syscall_64+0x64/0x2b0
kernel: [ 154.522948] entry_SYSCALL_64_after_hwframe+0x49/0xbe
kernel: [ 154.522951] RIP: 0033:0x7f98d279d9ae
And md_alloc also flushed the same workqueue, but the thing is different
here. Because all the paths call md_alloc don't hold bdev->bd_mutex, and
the flush is necessary to avoid race condition, so leave it as it is.
Signed-off-by: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 9426976e0860..a6db4fd267aa 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7438,7 +7438,8 @@ static int md_open(struct block_device *bdev, fmode_t mode)
*/
mddev_put(mddev);
/* Wait until bdev->bd_disk is definitely gone */
- flush_workqueue(md_misc_wq);
+ if (work_pending(&mddev->del_work))
+ flush_workqueue(md_misc_wq);
/* Then retry the open from the top */
return -ERESTARTSYS;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 159/267] veth: Adjust hard_start offset on redirect XDP frames
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 158/267] md: dont flush workqueue unconditionally in md_open Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 160/267] net/mlx5e: IPoIB, Drop multicast packets that this interface sent Greg Kroah-Hartman
` (109 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mao Wenan, Jesper Dangaard Brouer,
Alexei Starovoitov, Toshiaki Makita,
Toke Høiland-Jørgensen, Sasha Levin
From: Jesper Dangaard Brouer <brouer@redhat.com>
[ Upstream commit 5c8572251fabc5bb49fd623c064e95a9daf6a3e3 ]
When native XDP redirect into a veth device, the frame arrives in the
xdp_frame structure. It is then processed in veth_xdp_rcv_one(),
which can run a new XDP bpf_prog on the packet. Doing so requires
converting xdp_frame to xdp_buff, but the tricky part is that
xdp_frame memory area is located in the top (data_hard_start) memory
area that xdp_buff will point into.
The current code tried to protect the xdp_frame area, by assigning
xdp_buff.data_hard_start past this memory. This results in 32 bytes
less headroom to expand into via BPF-helper bpf_xdp_adjust_head().
This protect step is actually not needed, because BPF-helper
bpf_xdp_adjust_head() already reserve this area, and don't allow
BPF-prog to expand into it. Thus, it is safe to point data_hard_start
directly at xdp_frame memory area.
Fixes: 9fc8d518d9d5 ("veth: Handle xdp_frames in xdp napi ring")
Reported-by: Mao Wenan <maowenan@huawei.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/bpf/158945338331.97035.5923525383710752178.stgit@firesoul
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/veth.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 41a00cd76955..2abbad1abaf2 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -377,13 +377,15 @@ static struct sk_buff *veth_xdp_rcv_one(struct veth_rq *rq,
unsigned int *xdp_xmit)
{
void *hard_start = frame->data - frame->headroom;
- void *head = hard_start - sizeof(struct xdp_frame);
int len = frame->len, delta = 0;
struct xdp_frame orig_frame;
struct bpf_prog *xdp_prog;
unsigned int headroom;
struct sk_buff *skb;
+ /* bpf_xdp_adjust_head() assures BPF cannot access xdp_frame area */
+ hard_start -= sizeof(struct xdp_frame);
+
rcu_read_lock();
xdp_prog = rcu_dereference(rq->xdp_prog);
if (likely(xdp_prog)) {
@@ -405,7 +407,6 @@ static struct sk_buff *veth_xdp_rcv_one(struct veth_rq *rq,
break;
case XDP_TX:
orig_frame = *frame;
- xdp.data_hard_start = head;
xdp.rxq->mem = frame->mem;
if (unlikely(veth_xdp_tx(rq->dev, &xdp) < 0)) {
trace_xdp_exception(rq->dev, xdp_prog, act);
@@ -417,7 +418,6 @@ static struct sk_buff *veth_xdp_rcv_one(struct veth_rq *rq,
goto xdp_xmit;
case XDP_REDIRECT:
orig_frame = *frame;
- xdp.data_hard_start = head;
xdp.rxq->mem = frame->mem;
if (xdp_do_redirect(rq->dev, &xdp, xdp_prog)) {
frame = &orig_frame;
@@ -437,7 +437,7 @@ static struct sk_buff *veth_xdp_rcv_one(struct veth_rq *rq,
rcu_read_unlock();
headroom = sizeof(struct xdp_frame) + frame->headroom - delta;
- skb = veth_build_skb(head, headroom, len, 0);
+ skb = veth_build_skb(hard_start, headroom, len, 0);
if (!skb) {
xdp_return_frame(frame);
goto err;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 160/267] net/mlx5e: IPoIB, Drop multicast packets that this interface sent
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 159/267] veth: Adjust hard_start offset on redirect XDP frames Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 161/267] rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() Greg Kroah-Hartman
` (108 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erez Shitrit, Alex Vesker,
Saeed Mahameed, Sasha Levin
From: Erez Shitrit <erezsh@mellanox.com>
[ Upstream commit 8b46d424a743ddfef8056d5167f13ee7ebd1dcad ]
After enabled loopback packets for IPoIB, we need to drop these packets
that this HCA has replicated and came back to the same interface that
sent them.
Fixes: 4c6c615e3f30 ("net/mlx5e: IPoIB, Add PKEY child interface nic profile")
Signed-off-by: Erez Shitrit <erezsh@mellanox.com>
Reviewed-by: Alex Vesker <valex@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
index 044687a1f27c..9d86e49a7f44 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
@@ -1314,6 +1314,7 @@ out:
#ifdef CONFIG_MLX5_CORE_IPOIB
+#define MLX5_IB_GRH_SGID_OFFSET 8
#define MLX5_IB_GRH_DGID_OFFSET 24
#define MLX5_GID_SIZE 16
@@ -1327,6 +1328,7 @@ static inline void mlx5i_complete_rx_cqe(struct mlx5e_rq *rq,
struct net_device *netdev;
struct mlx5e_priv *priv;
char *pseudo_header;
+ u32 flags_rqpn;
u32 qpn;
u8 *dgid;
u8 g;
@@ -1347,7 +1349,8 @@ static inline void mlx5i_complete_rx_cqe(struct mlx5e_rq *rq,
priv = mlx5i_epriv(netdev);
tstamp = &priv->tstamp;
- g = (be32_to_cpu(cqe->flags_rqpn) >> 28) & 3;
+ flags_rqpn = be32_to_cpu(cqe->flags_rqpn);
+ g = (flags_rqpn >> 28) & 3;
dgid = skb->data + MLX5_IB_GRH_DGID_OFFSET;
if ((!g) || dgid[0] != 0xff)
skb->pkt_type = PACKET_HOST;
@@ -1356,9 +1359,15 @@ static inline void mlx5i_complete_rx_cqe(struct mlx5e_rq *rq,
else
skb->pkt_type = PACKET_MULTICAST;
- /* TODO: IB/ipoib: Allow mcast packets from other VFs
- * 68996a6e760e5c74654723eeb57bf65628ae87f4
+ /* Drop packets that this interface sent, ie multicast packets
+ * that the HCA has replicated.
*/
+ if (g && (qpn == (flags_rqpn & 0xffffff)) &&
+ (memcmp(netdev->dev_addr + 4, skb->data + MLX5_IB_GRH_SGID_OFFSET,
+ MLX5_GID_SIZE) == 0)) {
+ skb->dev = NULL;
+ return;
+ }
skb_pull(skb, MLX5_IB_GRH_BYTES);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 161/267] rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 160/267] net/mlx5e: IPoIB, Drop multicast packets that this interface sent Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 162/267] mwifiex: Fix memory corruption in dump_station Greg Kroah-Hartman
` (107 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit beb12813bc75d4a23de43b85ad1c7cb28d27631e ]
Seven years ago we tried to fix a leak but actually introduced a double
free instead. It was an understandable mistake because the code was a
bit confusing and the free was done in the wrong place. The "skb"
pointer is freed in both _rtl_usb_tx_urb_setup() and _rtl_usb_transmit().
The free belongs _rtl_usb_transmit() instead of _rtl_usb_tx_urb_setup()
and I've cleaned the code up a bit to hopefully make it more clear.
Fixes: 36ef0b473fbf ("rtlwifi: usb: add missing freeing of skbuff")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200513093951.GD347693@mwanda
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 1181b725f503..1893640555c1 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -910,10 +910,8 @@ static struct urb *_rtl_usb_tx_urb_setup(struct ieee80211_hw *hw,
WARN_ON(NULL == skb);
_urb = usb_alloc_urb(0, GFP_ATOMIC);
- if (!_urb) {
- kfree_skb(skb);
+ if (!_urb)
return NULL;
- }
_rtl_install_trx_info(rtlusb, skb, ep_num);
usb_fill_bulk_urb(_urb, rtlusb->udev, usb_sndbulkpipe(rtlusb->udev,
ep_num), skb->data, skb->len, _rtl_tx_complete, skb);
@@ -927,7 +925,6 @@ static void _rtl_usb_transmit(struct ieee80211_hw *hw, struct sk_buff *skb,
struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
u32 ep_num;
struct urb *_urb = NULL;
- struct sk_buff *_skb = NULL;
WARN_ON(NULL == rtlusb->usb_tx_aggregate_hdl);
if (unlikely(IS_USB_STOP(rtlusb))) {
@@ -936,8 +933,7 @@ static void _rtl_usb_transmit(struct ieee80211_hw *hw, struct sk_buff *skb,
return;
}
ep_num = rtlusb->ep_map.ep_mapping[qnum];
- _skb = skb;
- _urb = _rtl_usb_tx_urb_setup(hw, _skb, ep_num);
+ _urb = _rtl_usb_tx_urb_setup(hw, skb, ep_num);
if (unlikely(!_urb)) {
pr_err("Can't allocate urb. Drop skb!\n");
kfree_skb(skb);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 162/267] mwifiex: Fix memory corruption in dump_station
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 161/267] rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 163/267] x86/boot: Correct relocation destination on old linkers Greg Kroah-Hartman
` (106 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Ganapathi Bhat,
Kalle Valo, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 3aa42bae9c4d1641aeb36f1a8585cd1d506cf471 ]
The mwifiex_cfg80211_dump_station() uses static variable for iterating
over a linked list of all associated stations (when the driver is in UAP
role). This has a race condition if .dump_station is called in parallel
for multiple interfaces. This corruption can be triggered by registering
multiple SSIDs and calling, in parallel for multiple interfaces
iw dev <iface> station dump
[16750.719775] Unable to handle kernel paging request at virtual address dead000000000110
...
[16750.899173] Call trace:
[16750.901696] mwifiex_cfg80211_dump_station+0x94/0x100 [mwifiex]
[16750.907824] nl80211_dump_station+0xbc/0x278 [cfg80211]
[16750.913160] netlink_dump+0xe8/0x320
[16750.916827] netlink_recvmsg+0x1b4/0x338
[16750.920861] ____sys_recvmsg+0x7c/0x2b0
[16750.924801] ___sys_recvmsg+0x70/0x98
[16750.928564] __sys_recvmsg+0x58/0xa0
[16750.932238] __arm64_sys_recvmsg+0x28/0x30
[16750.936453] el0_svc_common.constprop.3+0x90/0x158
[16750.941378] do_el0_svc+0x74/0x90
[16750.944784] el0_sync_handler+0x12c/0x1a8
[16750.948903] el0_sync+0x114/0x140
[16750.952312] Code: f9400003 f907f423 eb02007f 54fffd60 (b9401060)
[16750.958583] ---[ end trace c8ad181c2f4b8576 ]---
This patch drops the use of the static iterator, and instead every time
the function is called iterates to the idx-th position of the
linked-list.
It would be better to convert the code not to use linked list for
associated stations storage (since the chip has a limited number of
associated stations anyway - it could just be an array). Such a change
may be proposed in the future. In the meantime this patch can backported
into stable kernels in this simple form.
Fixes: 8baca1a34d4c ("mwifiex: dump station support in uap mode")
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200515075924.13841-1-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index 7b74ef71bef1..650191db25cb 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -1468,7 +1468,8 @@ mwifiex_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
int idx, u8 *mac, struct station_info *sinfo)
{
struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
- static struct mwifiex_sta_node *node;
+ struct mwifiex_sta_node *node;
+ int i;
if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) &&
priv->media_connected && idx == 0) {
@@ -1478,13 +1479,10 @@ mwifiex_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
mwifiex_send_cmd(priv, HOST_CMD_APCMD_STA_LIST,
HostCmd_ACT_GEN_GET, 0, NULL, true);
- if (node && (&node->list == &priv->sta_list)) {
- node = NULL;
- return -ENOENT;
- }
-
- node = list_prepare_entry(node, &priv->sta_list, list);
- list_for_each_entry_continue(node, &priv->sta_list, list) {
+ i = 0;
+ list_for_each_entry(node, &priv->sta_list, list) {
+ if (i++ != idx)
+ continue;
ether_addr_copy(mac, node->mac_addr);
return mwifiex_dump_station_info(priv, node, sinfo);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 163/267] x86/boot: Correct relocation destination on old linkers
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 162/267] mwifiex: Fix memory corruption in dump_station Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 164/267] mips: MAAR: Use more precise address mask Greg Kroah-Hartman
` (105 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arvind Sankar, Borislav Petkov, Sasha Levin
From: Arvind Sankar <nivedita@alum.mit.edu>
[ Upstream commit 5214028dd89e49ba27007c3ee475279e584261f0 ]
For the 32-bit kernel, as described in
6d92bc9d483a ("x86/build: Build compressed x86 kernels as PIE"),
pre-2.26 binutils generates R_386_32 relocations in PIE mode. Since the
startup code does not perform relocation, any reloc entry with R_386_32
will remain as 0 in the executing code.
Commit
974f221c84b0 ("x86/boot: Move compressed kernel to the end of the
decompression buffer")
added a new symbol _end but did not mark it hidden, which doesn't give
the correct offset on older linkers. This causes the compressed kernel
to be copied beyond the end of the decompression buffer, rather than
flush against it. This region of memory may be reserved or already
allocated for other purposes by the bootloader.
Mark _end as hidden to fix. This changes the relocation from R_386_32 to
R_386_RELATIVE even on the pre-2.26 binutils.
For 64-bit, this is not strictly necessary, as the 64-bit kernel is only
built as PIE if the linker supports -z noreloc-overflow, which implies
binutils-2.27+, but for consistency, mark _end as hidden here too.
The below illustrates the before/after impact of the patch using
binutils-2.25 and gcc-4.6.4 (locally compiled from source) and QEMU.
Disassembly before patch:
48: 8b 86 60 02 00 00 mov 0x260(%esi),%eax
4e: 2d 00 00 00 00 sub $0x0,%eax
4f: R_386_32 _end
Disassembly after patch:
48: 8b 86 60 02 00 00 mov 0x260(%esi),%eax
4e: 2d 00 f0 76 00 sub $0x76f000,%eax
4f: R_386_RELATIVE *ABS*
Dump from extract_kernel before patch:
early console in extract_kernel
input_data: 0x0207c098 <--- this is at output + init_size
input_len: 0x0074fef1
output: 0x01000000
output_len: 0x00fa63d0
kernel_total_size: 0x0107c000
needed_size: 0x0107c000
Dump from extract_kernel after patch:
early console in extract_kernel
input_data: 0x0190d098 <--- this is at output + init_size - _end
input_len: 0x0074fef1
output: 0x01000000
output_len: 0x00fa63d0
kernel_total_size: 0x0107c000
needed_size: 0x0107c000
Fixes: 974f221c84b0 ("x86/boot: Move compressed kernel to the end of the decompression buffer")
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200207214926.3564079-1-nivedita@alum.mit.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/boot/compressed/head_32.S | 5 +++--
arch/x86/boot/compressed/head_64.S | 1 +
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index 01d628ea3402..c6c4b877f3d2 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -49,16 +49,17 @@
* Position Independent Executable (PIE) so that linker won't optimize
* R_386_GOT32X relocation to its fixed symbol address. Older
* linkers generate R_386_32 relocations against locally defined symbols,
- * _bss, _ebss, _got and _egot, in PIE. It isn't wrong, just less
+ * _bss, _ebss, _got, _egot and _end, in PIE. It isn't wrong, just less
* optimal than R_386_RELATIVE. But the x86 kernel fails to properly handle
* R_386_32 relocations when relocating the kernel. To generate
- * R_386_RELATIVE relocations, we mark _bss, _ebss, _got and _egot as
+ * R_386_RELATIVE relocations, we mark _bss, _ebss, _got, _egot and _end as
* hidden:
*/
.hidden _bss
.hidden _ebss
.hidden _got
.hidden _egot
+ .hidden _end
__HEAD
ENTRY(startup_32)
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 9fa644c62839..474733f8b330 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -42,6 +42,7 @@
.hidden _ebss
.hidden _got
.hidden _egot
+ .hidden _end
__HEAD
.code32
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 164/267] mips: MAAR: Use more precise address mask
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 163/267] x86/boot: Correct relocation destination on old linkers Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 165/267] mips: Add udelay lpj numbers adjustment Greg Kroah-Hartman
` (104 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Malahov, Serge Semin,
Thomas Bogendoerfer, Paul Burton, Ralf Baechle, Arnd Bergmann,
Rob Herring, devicetree, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit bbb5946eb545fab8ad8f46bce8a803e1c0c39d47 ]
Indeed according to the MIPS32 Privileged Resource Architecgture the MAAR
pair register address field either takes [12:31] bits for non-XPA systems
and [12:55] otherwise. In any case the current address mask is just
wrong for 64-bit and 32-bits XPA chips. So lets extend it to 59-bits
of physical address value. This shall cover the 64-bits architecture and
systems with XPA enabled, and won't cause any problem for non-XPA 32-bit
systems, since address values exceeding the architecture specific MAAR
mask will be just truncated with setting zeros in the unsupported upper
bits.
Co-developed-by: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Signed-off-by: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Paul Burton <paulburton@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: devicetree@vger.kernel.org
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/mipsregs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/mipsregs.h b/arch/mips/include/asm/mipsregs.h
index 1bb9448777c5..f9a7c137be9f 100644
--- a/arch/mips/include/asm/mipsregs.h
+++ b/arch/mips/include/asm/mipsregs.h
@@ -749,7 +749,7 @@
/* MAAR bit definitions */
#define MIPS_MAAR_VH (_U64CAST_(1) << 63)
-#define MIPS_MAAR_ADDR ((BIT_ULL(BITS_PER_LONG - 12) - 1) << 12)
+#define MIPS_MAAR_ADDR GENMASK_ULL(55, 12)
#define MIPS_MAAR_ADDR_SHIFT 12
#define MIPS_MAAR_S (_ULCAST_(1) << 1)
#define MIPS_MAAR_VL (_ULCAST_(1) << 0)
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 165/267] mips: Add udelay lpj numbers adjustment
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 164/267] mips: MAAR: Use more precise address mask Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 166/267] crypto: stm32/crc32 - fix ext4 chksum BUG_ON() Greg Kroah-Hartman
` (103 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Malahov, Serge Semin,
Jiaxun Yang, Thomas Bogendoerfer, Paul Burton, Ralf Baechle,
Arnd Bergmann, Rob Herring, devicetree, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit ed26aacfb5f71eecb20a51c4467da440cb719d66 ]
Loops-per-jiffies is a special number which represents a number of
noop-loop cycles per CPU-scheduler quantum - jiffies. As you
understand aside from CPU-specific implementation it depends on
the CPU frequency. So when a platform has the CPU frequency fixed,
we have no problem and the current udelay interface will work
just fine. But as soon as CPU-freq driver is enabled and the cores
frequency changes, we'll end up with distorted udelay's. In order
to fix this we have to accordinly adjust the per-CPU udelay_val
(the same as the global loops_per_jiffy) number. This can be done
in the CPU-freq transition event handler. We subscribe to that event
in the MIPS arch time-inititalization method.
Co-developed-by: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Signed-off-by: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Paul Burton <paulburton@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: devicetree@vger.kernel.org
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/time.c | 70 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 70 insertions(+)
diff --git a/arch/mips/kernel/time.c b/arch/mips/kernel/time.c
index bfe02ded25d1..1e631a484ddf 100644
--- a/arch/mips/kernel/time.c
+++ b/arch/mips/kernel/time.c
@@ -22,12 +22,82 @@
#include <linux/smp.h>
#include <linux/spinlock.h>
#include <linux/export.h>
+#include <linux/cpufreq.h>
+#include <linux/delay.h>
#include <asm/cpu-features.h>
#include <asm/cpu-type.h>
#include <asm/div64.h>
#include <asm/time.h>
+#ifdef CONFIG_CPU_FREQ
+
+static DEFINE_PER_CPU(unsigned long, pcp_lpj_ref);
+static DEFINE_PER_CPU(unsigned long, pcp_lpj_ref_freq);
+static unsigned long glb_lpj_ref;
+static unsigned long glb_lpj_ref_freq;
+
+static int cpufreq_callback(struct notifier_block *nb,
+ unsigned long val, void *data)
+{
+ struct cpufreq_freqs *freq = data;
+ struct cpumask *cpus = freq->policy->cpus;
+ unsigned long lpj;
+ int cpu;
+
+ /*
+ * Skip lpj numbers adjustment if the CPU-freq transition is safe for
+ * the loops delay. (Is this possible?)
+ */
+ if (freq->flags & CPUFREQ_CONST_LOOPS)
+ return NOTIFY_OK;
+
+ /* Save the initial values of the lpjes for future scaling. */
+ if (!glb_lpj_ref) {
+ glb_lpj_ref = boot_cpu_data.udelay_val;
+ glb_lpj_ref_freq = freq->old;
+
+ for_each_online_cpu(cpu) {
+ per_cpu(pcp_lpj_ref, cpu) =
+ cpu_data[cpu].udelay_val;
+ per_cpu(pcp_lpj_ref_freq, cpu) = freq->old;
+ }
+ }
+
+ /*
+ * Adjust global lpj variable and per-CPU udelay_val number in
+ * accordance with the new CPU frequency.
+ */
+ if ((val == CPUFREQ_PRECHANGE && freq->old < freq->new) ||
+ (val == CPUFREQ_POSTCHANGE && freq->old > freq->new)) {
+ loops_per_jiffy = cpufreq_scale(glb_lpj_ref,
+ glb_lpj_ref_freq,
+ freq->new);
+
+ for_each_cpu(cpu, cpus) {
+ lpj = cpufreq_scale(per_cpu(pcp_lpj_ref, cpu),
+ per_cpu(pcp_lpj_ref_freq, cpu),
+ freq->new);
+ cpu_data[cpu].udelay_val = (unsigned int)lpj;
+ }
+ }
+
+ return NOTIFY_OK;
+}
+
+static struct notifier_block cpufreq_notifier = {
+ .notifier_call = cpufreq_callback,
+};
+
+static int __init register_cpufreq_notifier(void)
+{
+ return cpufreq_register_notifier(&cpufreq_notifier,
+ CPUFREQ_TRANSITION_NOTIFIER);
+}
+core_initcall(register_cpufreq_notifier);
+
+#endif /* CONFIG_CPU_FREQ */
+
/*
* forward reference
*/
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 166/267] crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 165/267] mips: Add udelay lpj numbers adjustment Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 167/267] crypto: stm32/crc32 - fix run-time self test issue Greg Kroah-Hartman
` (102 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@st.com>
[ Upstream commit 49c2c082e00e0bc4f5cbb7c21c7f0f873b35ab09 ]
Allow use of crc_update without prior call to crc_init.
And change (and fix) driver to use CRC device even on unaligned buffers.
Fixes: b51dbe90912a ("crypto: stm32 - Support for STM32 CRC32 crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32_crc32.c | 98 +++++++++++++++---------------
1 file changed, 48 insertions(+), 50 deletions(-)
diff --git a/drivers/crypto/stm32/stm32_crc32.c b/drivers/crypto/stm32/stm32_crc32.c
index 29d2095d9dfd..749b51762b18 100644
--- a/drivers/crypto/stm32/stm32_crc32.c
+++ b/drivers/crypto/stm32/stm32_crc32.c
@@ -28,8 +28,10 @@
/* Registers values */
#define CRC_CR_RESET BIT(0)
-#define CRC_CR_REVERSE (BIT(7) | BIT(6) | BIT(5))
#define CRC_INIT_DEFAULT 0xFFFFFFFF
+#define CRC_CR_REV_IN_WORD (BIT(6) | BIT(5))
+#define CRC_CR_REV_IN_BYTE BIT(5)
+#define CRC_CR_REV_OUT BIT(7)
#define CRC_AUTOSUSPEND_DELAY 50
@@ -38,8 +40,6 @@ struct stm32_crc {
struct device *dev;
void __iomem *regs;
struct clk *clk;
- u8 pending_data[sizeof(u32)];
- size_t nb_pending_bytes;
};
struct stm32_crc_list {
@@ -59,7 +59,6 @@ struct stm32_crc_ctx {
struct stm32_crc_desc_ctx {
u32 partial; /* crc32c: partial in first 4 bytes of that struct */
- struct stm32_crc *crc;
};
static int stm32_crc32_cra_init(struct crypto_tfm *tfm)
@@ -101,25 +100,22 @@ static int stm32_crc_init(struct shash_desc *desc)
struct stm32_crc *crc;
spin_lock_bh(&crc_list.lock);
- list_for_each_entry(crc, &crc_list.dev_list, list) {
- ctx->crc = crc;
- break;
- }
+ crc = list_first_entry(&crc_list.dev_list, struct stm32_crc, list);
spin_unlock_bh(&crc_list.lock);
- pm_runtime_get_sync(ctx->crc->dev);
+ pm_runtime_get_sync(crc->dev);
/* Reset, set key, poly and configure in bit reverse mode */
- writel_relaxed(bitrev32(mctx->key), ctx->crc->regs + CRC_INIT);
- writel_relaxed(bitrev32(mctx->poly), ctx->crc->regs + CRC_POL);
- writel_relaxed(CRC_CR_RESET | CRC_CR_REVERSE, ctx->crc->regs + CRC_CR);
+ writel_relaxed(bitrev32(mctx->key), crc->regs + CRC_INIT);
+ writel_relaxed(bitrev32(mctx->poly), crc->regs + CRC_POL);
+ writel_relaxed(CRC_CR_RESET | CRC_CR_REV_IN_WORD | CRC_CR_REV_OUT,
+ crc->regs + CRC_CR);
/* Store partial result */
- ctx->partial = readl_relaxed(ctx->crc->regs + CRC_DR);
- ctx->crc->nb_pending_bytes = 0;
+ ctx->partial = readl_relaxed(crc->regs + CRC_DR);
- pm_runtime_mark_last_busy(ctx->crc->dev);
- pm_runtime_put_autosuspend(ctx->crc->dev);
+ pm_runtime_mark_last_busy(crc->dev);
+ pm_runtime_put_autosuspend(crc->dev);
return 0;
}
@@ -128,31 +124,49 @@ static int stm32_crc_update(struct shash_desc *desc, const u8 *d8,
unsigned int length)
{
struct stm32_crc_desc_ctx *ctx = shash_desc_ctx(desc);
- struct stm32_crc *crc = ctx->crc;
- u32 *d32;
- unsigned int i;
+ struct stm32_crc_ctx *mctx = crypto_shash_ctx(desc->tfm);
+ struct stm32_crc *crc;
+
+ spin_lock_bh(&crc_list.lock);
+ crc = list_first_entry(&crc_list.dev_list, struct stm32_crc, list);
+ spin_unlock_bh(&crc_list.lock);
pm_runtime_get_sync(crc->dev);
- if (unlikely(crc->nb_pending_bytes)) {
- while (crc->nb_pending_bytes != sizeof(u32) && length) {
- /* Fill in pending data */
- crc->pending_data[crc->nb_pending_bytes++] = *(d8++);
+ /*
+ * Restore previously calculated CRC for this context as init value
+ * Restore polynomial configuration
+ * Configure in register for word input data,
+ * Configure out register in reversed bit mode data.
+ */
+ writel_relaxed(bitrev32(ctx->partial), crc->regs + CRC_INIT);
+ writel_relaxed(bitrev32(mctx->poly), crc->regs + CRC_POL);
+ writel_relaxed(CRC_CR_RESET | CRC_CR_REV_IN_WORD | CRC_CR_REV_OUT,
+ crc->regs + CRC_CR);
+
+ if (d8 != PTR_ALIGN(d8, sizeof(u32))) {
+ /* Configure for byte data */
+ writel_relaxed(CRC_CR_REV_IN_BYTE | CRC_CR_REV_OUT,
+ crc->regs + CRC_CR);
+ while (d8 != PTR_ALIGN(d8, sizeof(u32)) && length) {
+ writeb_relaxed(*d8++, crc->regs + CRC_DR);
length--;
}
-
- if (crc->nb_pending_bytes == sizeof(u32)) {
- /* Process completed pending data */
- writel_relaxed(*(u32 *)crc->pending_data,
- crc->regs + CRC_DR);
- crc->nb_pending_bytes = 0;
- }
+ /* Configure for word data */
+ writel_relaxed(CRC_CR_REV_IN_WORD | CRC_CR_REV_OUT,
+ crc->regs + CRC_CR);
}
- d32 = (u32 *)d8;
- for (i = 0; i < length >> 2; i++)
- /* Process 32 bits data */
- writel_relaxed(*(d32++), crc->regs + CRC_DR);
+ for (; length >= sizeof(u32); d8 += sizeof(u32), length -= sizeof(u32))
+ writel_relaxed(*((u32 *)d8), crc->regs + CRC_DR);
+
+ if (length) {
+ /* Configure for byte data */
+ writel_relaxed(CRC_CR_REV_IN_BYTE | CRC_CR_REV_OUT,
+ crc->regs + CRC_CR);
+ while (length--)
+ writeb_relaxed(*d8++, crc->regs + CRC_DR);
+ }
/* Store partial result */
ctx->partial = readl_relaxed(crc->regs + CRC_DR);
@@ -160,22 +174,6 @@ static int stm32_crc_update(struct shash_desc *desc, const u8 *d8,
pm_runtime_mark_last_busy(crc->dev);
pm_runtime_put_autosuspend(crc->dev);
- /* Check for pending data (non 32 bits) */
- length &= 3;
- if (likely(!length))
- return 0;
-
- if ((crc->nb_pending_bytes + length) >= sizeof(u32)) {
- /* Shall not happen */
- dev_err(crc->dev, "Pending data overflow\n");
- return -EINVAL;
- }
-
- d8 = (const u8 *)d32;
- for (i = 0; i < length; i++)
- /* Store pending data */
- crc->pending_data[crc->nb_pending_bytes++] = *(d8++);
-
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 167/267] crypto: stm32/crc32 - fix run-time self test issue.
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 166/267] crypto: stm32/crc32 - fix ext4 chksum BUG_ON() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 168/267] crypto: stm32/crc32 - fix multi-instance Greg Kroah-Hartman
` (101 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@st.com>
[ Upstream commit a8cc3128bf2c01c4d448fe17149e87132113b445 ]
Fix wrong crc32 initialisation value:
"alg: shash: stm32_crc32 test failed (wrong result) on test vector 0,
cfg="init+update+final aligned buffer"
cra_name="crc32c" expects an init value of 0XFFFFFFFF,
cra_name="crc32" expects an init value of 0.
Fixes: b51dbe90912a ("crypto: stm32 - Support for STM32 CRC32 crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32_crc32.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/stm32/stm32_crc32.c b/drivers/crypto/stm32/stm32_crc32.c
index 749b51762b18..c5ad83ad2f72 100644
--- a/drivers/crypto/stm32/stm32_crc32.c
+++ b/drivers/crypto/stm32/stm32_crc32.c
@@ -28,10 +28,10 @@
/* Registers values */
#define CRC_CR_RESET BIT(0)
-#define CRC_INIT_DEFAULT 0xFFFFFFFF
#define CRC_CR_REV_IN_WORD (BIT(6) | BIT(5))
#define CRC_CR_REV_IN_BYTE BIT(5)
#define CRC_CR_REV_OUT BIT(7)
+#define CRC32C_INIT_DEFAULT 0xFFFFFFFF
#define CRC_AUTOSUSPEND_DELAY 50
@@ -65,7 +65,7 @@ static int stm32_crc32_cra_init(struct crypto_tfm *tfm)
{
struct stm32_crc_ctx *mctx = crypto_tfm_ctx(tfm);
- mctx->key = CRC_INIT_DEFAULT;
+ mctx->key = 0;
mctx->poly = CRC32_POLY_LE;
return 0;
}
@@ -74,7 +74,7 @@ static int stm32_crc32c_cra_init(struct crypto_tfm *tfm)
{
struct stm32_crc_ctx *mctx = crypto_tfm_ctx(tfm);
- mctx->key = CRC_INIT_DEFAULT;
+ mctx->key = CRC32C_INIT_DEFAULT;
mctx->poly = CRC32C_POLY_LE;
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 168/267] crypto: stm32/crc32 - fix multi-instance
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 167/267] crypto: stm32/crc32 - fix run-time self test issue Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 169/267] x86/mm: Stop printing BRK addresses Greg Kroah-Hartman
` (100 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@st.com>
[ Upstream commit 10b89c43a64eb0d236903b79a3bc9d8f6cbfd9c7 ]
Ensure CRC algorithm is registered only once in crypto framework when
there are several instances of CRC devices.
Update the CRC device list management to avoid that only the first CRC
instance is used.
Fixes: b51dbe90912a ("crypto: stm32 - Support for STM32 CRC32 crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32_crc32.c | 48 ++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/stm32/stm32_crc32.c b/drivers/crypto/stm32/stm32_crc32.c
index c5ad83ad2f72..47d31335c2d4 100644
--- a/drivers/crypto/stm32/stm32_crc32.c
+++ b/drivers/crypto/stm32/stm32_crc32.c
@@ -93,16 +93,29 @@ static int stm32_crc_setkey(struct crypto_shash *tfm, const u8 *key,
return 0;
}
-static int stm32_crc_init(struct shash_desc *desc)
+static struct stm32_crc *stm32_crc_get_next_crc(void)
{
- struct stm32_crc_desc_ctx *ctx = shash_desc_ctx(desc);
- struct stm32_crc_ctx *mctx = crypto_shash_ctx(desc->tfm);
struct stm32_crc *crc;
spin_lock_bh(&crc_list.lock);
crc = list_first_entry(&crc_list.dev_list, struct stm32_crc, list);
+ if (crc)
+ list_move_tail(&crc->list, &crc_list.dev_list);
spin_unlock_bh(&crc_list.lock);
+ return crc;
+}
+
+static int stm32_crc_init(struct shash_desc *desc)
+{
+ struct stm32_crc_desc_ctx *ctx = shash_desc_ctx(desc);
+ struct stm32_crc_ctx *mctx = crypto_shash_ctx(desc->tfm);
+ struct stm32_crc *crc;
+
+ crc = stm32_crc_get_next_crc();
+ if (!crc)
+ return -ENODEV;
+
pm_runtime_get_sync(crc->dev);
/* Reset, set key, poly and configure in bit reverse mode */
@@ -127,9 +140,9 @@ static int stm32_crc_update(struct shash_desc *desc, const u8 *d8,
struct stm32_crc_ctx *mctx = crypto_shash_ctx(desc->tfm);
struct stm32_crc *crc;
- spin_lock_bh(&crc_list.lock);
- crc = list_first_entry(&crc_list.dev_list, struct stm32_crc, list);
- spin_unlock_bh(&crc_list.lock);
+ crc = stm32_crc_get_next_crc();
+ if (!crc)
+ return -ENODEV;
pm_runtime_get_sync(crc->dev);
@@ -202,6 +215,8 @@ static int stm32_crc_digest(struct shash_desc *desc, const u8 *data,
return stm32_crc_init(desc) ?: stm32_crc_finup(desc, data, length, out);
}
+static unsigned int refcnt;
+static DEFINE_MUTEX(refcnt_lock);
static struct shash_alg algs[] = {
/* CRC-32 */
{
@@ -294,12 +309,18 @@ static int stm32_crc_probe(struct platform_device *pdev)
list_add(&crc->list, &crc_list.dev_list);
spin_unlock(&crc_list.lock);
- ret = crypto_register_shashes(algs, ARRAY_SIZE(algs));
- if (ret) {
- dev_err(dev, "Failed to register\n");
- clk_disable_unprepare(crc->clk);
- return ret;
+ mutex_lock(&refcnt_lock);
+ if (!refcnt) {
+ ret = crypto_register_shashes(algs, ARRAY_SIZE(algs));
+ if (ret) {
+ mutex_unlock(&refcnt_lock);
+ dev_err(dev, "Failed to register\n");
+ clk_disable_unprepare(crc->clk);
+ return ret;
+ }
}
+ refcnt++;
+ mutex_unlock(&refcnt_lock);
dev_info(dev, "Initialized\n");
@@ -320,7 +341,10 @@ static int stm32_crc_remove(struct platform_device *pdev)
list_del(&crc->list);
spin_unlock(&crc_list.lock);
- crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
+ mutex_lock(&refcnt_lock);
+ if (!--refcnt)
+ crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
+ mutex_unlock(&refcnt_lock);
pm_runtime_disable(crc->dev);
pm_runtime_put_noidle(crc->dev);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 169/267] x86/mm: Stop printing BRK addresses
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 168/267] crypto: stm32/crc32 - fix multi-instance Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 170/267] m68k: mac: Dont call via_flush_cache() on Mac IIfx Greg Kroah-Hartman
` (99 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arvind Sankar, Borislav Petkov,
Kees Cook, Dave Hansen, Sasha Levin
From: Arvind Sankar <nivedita@alum.mit.edu>
[ Upstream commit 67d631b7c05eff955ccff4139327f0f92a5117e5 ]
This currently leaks kernel physical addresses into userspace.
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Link: https://lkml.kernel.org/r/20200229231120.1147527-1-nivedita@alum.mit.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/mm/init.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index fb5f29c60019..b1dba0987565 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -120,8 +120,6 @@ __ref void *alloc_low_pages(unsigned int num)
} else {
pfn = pgt_buf_end;
pgt_buf_end += num;
- printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
- pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
}
for (i = 0; i < num; i++) {
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 170/267] m68k: mac: Dont call via_flush_cache() on Mac IIfx
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 169/267] x86/mm: Stop printing BRK addresses Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 171/267] btrfs: qgroup: mark qgroup inconsistent if were inherting snapshot to a new qgroup Greg Kroah-Hartman
` (98 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Finn Thain, Joshua Thompson,
Geert Uytterhoeven, Sasha Levin, Stan Johnson
From: Finn Thain <fthain@telegraphics.com.au>
[ Upstream commit bcc44f6b74106b31f0b0408b70305a40360d63b7 ]
There is no VIA2 chip on the Mac IIfx, so don't call via_flush_cache().
This avoids a boot crash which appeared in v5.4.
printk: console [ttyS0] enabled
printk: bootconsole [debug0] disabled
printk: bootconsole [debug0] disabled
Calibrating delay loop... 9.61 BogoMIPS (lpj=48064)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 1024 (order: 0, 4096 bytes, linear)
Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes, linear)
devtmpfs: initialized
random: get_random_u32 called from bucket_table_alloc.isra.27+0x68/0x194 with crng_init=0
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
futex hash table entries: 256 (order: -1, 3072 bytes, linear)
NET: Registered protocol family 16
Data read fault at 0x00000000 in Super Data (pc=0x8a6a)
BAD KERNEL BUSERR
Oops: 00000000
Modules linked in:
PC: [<00008a6a>] via_flush_cache+0x12/0x2c
SR: 2700 SP: 01c1fe3c a2: 01c24000
d0: 00001119 d1: 0000000c d2: 00012000 d3: 0000000f
d4: 01c06840 d5: 00033b92 a0: 00000000 a1: 00000000
Process swapper (pid: 1, task=01c24000)
Frame format=B ssw=0755 isc=0200 isb=fff7 daddr=00000000 dobuf=01c1fed0
baddr=00008a6e dibuf=0000004e ver=f
Stack from 01c1fec4:
01c1fed0 00007d7e 00010080 01c1fedc 0000792e 00000001 01c1fef4 00006b40
01c80000 00040000 00000006 00000003 01c1ff1c 004a545e 004ff200 00040000
00000000 00000003 01c06840 00033b92 004a5410 004b6c88 01c1ff84 000021e2
00000073 00000003 01c06840 00033b92 0038507a 004bb094 004b6ca8 004b6c88
004b6ca4 004b6c88 000021ae 00020002 00000000 01c0685d 00000000 01c1ffb4
0049f938 00409c85 01c06840 0045bd40 00000073 00000002 00000002 00000000
Call Trace: [<00007d7e>] mac_cache_card_flush+0x12/0x1c
[<00010080>] fix_dnrm+0x2/0x18
[<0000792e>] cache_push+0x46/0x5a
[<00006b40>] arch_dma_prep_coherent+0x60/0x6e
[<00040000>] switched_to_dl+0x76/0xd0
[<004a545e>] dma_atomic_pool_init+0x4e/0x188
[<00040000>] switched_to_dl+0x76/0xd0
[<00033b92>] parse_args+0x0/0x370
[<004a5410>] dma_atomic_pool_init+0x0/0x188
[<000021e2>] do_one_initcall+0x34/0x1be
[<00033b92>] parse_args+0x0/0x370
[<0038507a>] strcpy+0x0/0x1e
[<000021ae>] do_one_initcall+0x0/0x1be
[<00020002>] do_proc_dointvec_conv+0x54/0x74
[<0049f938>] kernel_init_freeable+0x126/0x190
[<0049f94c>] kernel_init_freeable+0x13a/0x190
[<004a5410>] dma_atomic_pool_init+0x0/0x188
[<00041798>] complete+0x0/0x3c
[<000b9b0c>] kfree+0x0/0x20a
[<0038df98>] schedule+0x0/0xd0
[<0038d604>] kernel_init+0x0/0xda
[<0038d610>] kernel_init+0xc/0xda
[<0038d604>] kernel_init+0x0/0xda
[<00002d38>] ret_from_kernel_thread+0xc/0x14
Code: 0000 2079 0048 10da 2279 0048 10c8 d3c8 <1011> 0200 fff7 1280 d1f9 0048 10c8 1010 0000 0008 1080 4e5e 4e75 4e56 0000 2039
Disabling lock debugging due to kernel taint
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
Thanks to Stan Johnson for capturing the console log and running git
bisect.
Git bisect said commit 8e3a68fb55e0 ("dma-mapping: make
dma_atomic_pool_init self-contained") is the first "bad" commit. I don't
know why. Perhaps mach_l2_flush first became reachable with that commit.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: Stan Johnson <userm57@yahoo.com>
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Cc: Joshua Thompson <funaho@jurai.org>
Link: https://lore.kernel.org/r/b8bbeef197d6b3898e82ed0d231ad08f575a4b34.1589949122.git.fthain@telegraphics.com.au
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/include/asm/mac_via.h | 1 +
arch/m68k/mac/config.c | 21 ++-------------------
arch/m68k/mac/via.c | 6 +++++-
3 files changed, 8 insertions(+), 20 deletions(-)
diff --git a/arch/m68k/include/asm/mac_via.h b/arch/m68k/include/asm/mac_via.h
index de1470c4d829..1149251ea58d 100644
--- a/arch/m68k/include/asm/mac_via.h
+++ b/arch/m68k/include/asm/mac_via.h
@@ -257,6 +257,7 @@ extern int rbv_present,via_alt_mapping;
struct irq_desc;
+extern void via_l2_flush(int writeback);
extern void via_register_interrupts(void);
extern void via_irq_enable(int);
extern void via_irq_disable(int);
diff --git a/arch/m68k/mac/config.c b/arch/m68k/mac/config.c
index cd9317d53276..a4f91bea6c88 100644
--- a/arch/m68k/mac/config.c
+++ b/arch/m68k/mac/config.c
@@ -61,7 +61,6 @@ extern void iop_preinit(void);
extern void iop_init(void);
extern void via_init(void);
extern void via_init_clock(irq_handler_t func);
-extern void via_flush_cache(void);
extern void oss_init(void);
extern void psc_init(void);
extern void baboon_init(void);
@@ -132,21 +131,6 @@ int __init mac_parse_bootinfo(const struct bi_record *record)
return unknown;
}
-/*
- * Flip into 24bit mode for an instant - flushes the L2 cache card. We
- * have to disable interrupts for this. Our IRQ handlers will crap
- * themselves if they take an IRQ in 24bit mode!
- */
-
-static void mac_cache_card_flush(int writeback)
-{
- unsigned long flags;
-
- local_irq_save(flags);
- via_flush_cache();
- local_irq_restore(flags);
-}
-
void __init config_mac(void)
{
if (!MACH_IS_MAC)
@@ -178,9 +162,8 @@ void __init config_mac(void)
* not.
*/
- if (macintosh_config->ident == MAC_MODEL_IICI
- || macintosh_config->ident == MAC_MODEL_IIFX)
- mach_l2_flush = mac_cache_card_flush;
+ if (macintosh_config->ident == MAC_MODEL_IICI)
+ mach_l2_flush = via_l2_flush;
}
diff --git a/arch/m68k/mac/via.c b/arch/m68k/mac/via.c
index 038d5a1c4d48..8307da441a10 100644
--- a/arch/m68k/mac/via.c
+++ b/arch/m68k/mac/via.c
@@ -289,10 +289,14 @@ void via_debug_dump(void)
* the system into 24-bit mode for an instant.
*/
-void via_flush_cache(void)
+void via_l2_flush(int writeback)
{
+ unsigned long flags;
+
+ local_irq_save(flags);
via2[gBufB] &= ~VIA2B_vMode32;
via2[gBufB] |= VIA2B_vMode32;
+ local_irq_restore(flags);
}
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 171/267] btrfs: qgroup: mark qgroup inconsistent if were inherting snapshot to a new qgroup
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 170/267] m68k: mac: Dont call via_flush_cache() on Mac IIfx Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 172/267] net: ethernet: fec: move GPR register offset and bit into DT Greg Kroah-Hartman
` (97 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Qu Wenruo, David Sterba,
Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit cbab8ade585a18c4334b085564d9d046e01a3f70 ]
[BUG]
For the following operation, qgroup is guaranteed to be screwed up due
to snapshot adding to a new qgroup:
# mkfs.btrfs -f $dev
# mount $dev $mnt
# btrfs qgroup en $mnt
# btrfs subv create $mnt/src
# xfs_io -f -c "pwrite 0 1m" $mnt/src/file
# sync
# btrfs qgroup create 1/0 $mnt/src
# btrfs subv snapshot -i 1/0 $mnt/src $mnt/snapshot
# btrfs qgroup show -prce $mnt/src
qgroupid rfer excl max_rfer max_excl parent child
-------- ---- ---- -------- -------- ------ -----
0/5 16.00KiB 16.00KiB none none --- ---
0/257 1.02MiB 16.00KiB none none --- ---
0/258 1.02MiB 16.00KiB none none 1/0 ---
1/0 0.00B 0.00B none none --- 0/258
^^^^^^^^^^^^^^^^^^^^
[CAUSE]
The problem is in btrfs_qgroup_inherit(), we don't have good enough
check to determine if the new relation would break the existing
accounting.
Unlike btrfs_add_qgroup_relation(), which has proper check to determine
if we can do quick update without a rescan, in btrfs_qgroup_inherit() we
can even assign a snapshot to multiple qgroups.
[FIX]
Fix it by manually marking qgroup inconsistent for snapshot inheritance.
For subvolume creation, since all its extents are exclusively owned, we
don't need to rescan.
In theory, we should call relation check like quick_update_accounting()
when doing qgroup inheritance and inform user about qgroup accounting
inconsistency.
But we don't have good mechanism to relay that back to the user in the
snapshot creation context, thus we can only silently mark the qgroup
inconsistent.
Anyway, user shouldn't use qgroup inheritance during snapshot creation,
and should add qgroup relationship after snapshot creation by 'btrfs
qgroup assign', which has a much better UI to inform user about qgroup
inconsistent and kick in rescan automatically.
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/qgroup.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index cbd40826f5dc..c8ed4db73b84 100644
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -2259,6 +2259,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid,
struct btrfs_root *quota_root;
struct btrfs_qgroup *srcgroup;
struct btrfs_qgroup *dstgroup;
+ bool need_rescan = false;
u32 level_size = 0;
u64 nums;
@@ -2402,6 +2403,13 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid,
goto unlock;
}
++i_qgroups;
+
+ /*
+ * If we're doing a snapshot, and adding the snapshot to a new
+ * qgroup, the numbers are guaranteed to be incorrect.
+ */
+ if (srcid)
+ need_rescan = true;
}
for (i = 0; i < inherit->num_ref_copies; ++i, i_qgroups += 2) {
@@ -2421,6 +2429,9 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid,
dst->rfer = src->rfer - level_size;
dst->rfer_cmpr = src->rfer_cmpr - level_size;
+
+ /* Manually tweaking numbers certainly needs a rescan */
+ need_rescan = true;
}
for (i = 0; i < inherit->num_excl_copies; ++i, i_qgroups += 2) {
struct btrfs_qgroup *src;
@@ -2439,6 +2450,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid,
dst->excl = src->excl + level_size;
dst->excl_cmpr = src->excl_cmpr + level_size;
+ need_rescan = true;
}
unlock:
@@ -2446,6 +2458,8 @@ unlock:
out:
if (!committing)
mutex_unlock(&fs_info->qgroup_ioctl_lock);
+ if (need_rescan)
+ fs_info->qgroup_flags |= BTRFS_QGROUP_STATUS_FLAG_INCONSISTENT;
return ret;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 172/267] net: ethernet: fec: move GPR register offset and bit into DT
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 171/267] btrfs: qgroup: mark qgroup inconsistent if were inherting snapshot to a new qgroup Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 21:04 ` Pavel Machek
2020-06-19 14:32 ` [PATCH 4.19 173/267] macvlan: Skip loopback packets in RX handler Greg Kroah-Hartman
` (96 subsequent siblings)
268 siblings, 1 reply; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fugang Duan, David S. Miller, Sasha Levin
From: Fugang Duan <fugang.duan@nxp.com>
[ Upstream commit 8a448bf832af537d26aa557d183a16943dce4510 ]
The commit da722186f654 (net: fec: set GPR bit on suspend by DT
configuration) set the GPR reigster offset and bit in driver for
wake on lan feature.
But it introduces two issues here:
- one SOC has two instances, they have different bit
- different SOCs may have different offset and bit
So to support wake-on-lan feature on other i.MX platforms, it should
configure the GPR reigster offset and bit from DT.
So the patch is to improve the commit da722186f654 (net: fec: set GPR
bit on suspend by DT configuration) to support multiple ethernet
instances on i.MX series.
v2:
* switch back to store the quirks bitmask in driver_data
v3:
* suggested by Sascha Hauer, use a struct fec_devinfo for
abstracting differences between different hardware variants,
it can give more freedom to describe the differences.
Signed-off-by: Fugang Duan <fugang.duan@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/fec_main.c | 24 +++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c
index 48c58f93b124..6702bc2dd92f 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -88,8 +88,6 @@ static void fec_enet_itr_coal_init(struct net_device *ndev);
struct fec_devinfo {
u32 quirks;
- u8 stop_gpr_reg;
- u8 stop_gpr_bit;
};
static const struct fec_devinfo fec_imx25_info = {
@@ -112,8 +110,6 @@ static const struct fec_devinfo fec_imx6q_info = {
FEC_QUIRK_HAS_BUFDESC_EX | FEC_QUIRK_HAS_CSUM |
FEC_QUIRK_HAS_VLAN | FEC_QUIRK_ERR006358 |
FEC_QUIRK_HAS_RACC,
- .stop_gpr_reg = 0x34,
- .stop_gpr_bit = 27,
};
static const struct fec_devinfo fec_mvf600_info = {
@@ -3401,19 +3397,23 @@ static int fec_enet_get_irq_cnt(struct platform_device *pdev)
}
static int fec_enet_init_stop_mode(struct fec_enet_private *fep,
- struct fec_devinfo *dev_info,
struct device_node *np)
{
struct device_node *gpr_np;
+ u32 out_val[3];
int ret = 0;
- if (!dev_info)
- return 0;
-
- gpr_np = of_parse_phandle(np, "gpr", 0);
+ gpr_np = of_parse_phandle(np, "fsl,stop-mode", 0);
if (!gpr_np)
return 0;
+ ret = of_property_read_u32_array(np, "fsl,stop-mode", out_val,
+ ARRAY_SIZE(out_val));
+ if (ret) {
+ dev_dbg(&fep->pdev->dev, "no stop mode property\n");
+ return ret;
+ }
+
fep->stop_gpr.gpr = syscon_node_to_regmap(gpr_np);
if (IS_ERR(fep->stop_gpr.gpr)) {
dev_err(&fep->pdev->dev, "could not find gpr regmap\n");
@@ -3422,8 +3422,8 @@ static int fec_enet_init_stop_mode(struct fec_enet_private *fep,
goto out;
}
- fep->stop_gpr.reg = dev_info->stop_gpr_reg;
- fep->stop_gpr.bit = dev_info->stop_gpr_bit;
+ fep->stop_gpr.reg = out_val[1];
+ fep->stop_gpr.bit = out_val[2];
out:
of_node_put(gpr_np);
@@ -3501,7 +3501,7 @@ fec_probe(struct platform_device *pdev)
if (of_get_property(np, "fsl,magic-packet", NULL))
fep->wol_flag |= FEC_WOL_HAS_MAGIC_PACKET;
- ret = fec_enet_init_stop_mode(fep, dev_info, np);
+ ret = fec_enet_init_stop_mode(fep, np);
if (ret)
goto failed_stop_mode;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 173/267] macvlan: Skip loopback packets in RX handler
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 172/267] net: ethernet: fec: move GPR register offset and bit into DT Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 174/267] PCI: Dont disable decoding when mmio_always_on is set Greg Kroah-Hartman
` (95 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Sverdlin, David S. Miller,
Sasha Levin
From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
[ Upstream commit 81f3dc9349ce0bf7b8447f147f45e70f0a5b36a6 ]
Ignore loopback-originatig packets soon enough and don't try to process L2
header where it doesn't exist. The very similar br_handle_frame() in bridge
code performs exactly the same check.
This is an example of such ICMPv6 packet:
skb len=96 headroom=40 headlen=96 tailroom=56
mac=(40,0) net=(40,40) trans=80
shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0))
csum(0xae2e9a2f ip_summed=1 complete_sw=0 valid=0 level=0)
hash(0xc97ebd88 sw=1 l4=1) proto=0x86dd pkttype=5 iif=24
dev name=etha01.212 feat=0x0x0000000040005000
skb headroom: 00000000: 00 7c 86 52 84 88 ff ff 00 00 00 00 00 00 08 00
skb headroom: 00000010: 45 00 00 9e 5d 5c 40 00 40 11 33 33 00 00 00 01
skb headroom: 00000020: 02 40 43 80 00 00 86 dd
skb linear: 00000000: 60 09 88 bd 00 38 3a ff fe 80 00 00 00 00 00 00
skb linear: 00000010: 00 40 43 ff fe 80 00 00 ff 02 00 00 00 00 00 00
skb linear: 00000020: 00 00 00 00 00 00 00 01 86 00 61 00 40 00 00 2d
skb linear: 00000030: 00 00 00 00 00 00 00 00 03 04 40 e0 00 00 01 2c
skb linear: 00000040: 00 00 00 78 00 00 00 00 fd 5f 42 68 23 87 a8 81
skb linear: 00000050: 00 00 00 00 00 00 00 00 01 01 02 40 43 80 00 00
skb tailroom: 00000000: ...
skb tailroom: 00000010: ...
skb tailroom: 00000020: ...
skb tailroom: 00000030: ...
Call Trace, how it happens exactly:
...
macvlan_handle_frame+0x321/0x425 [macvlan]
? macvlan_forward_source+0x110/0x110 [macvlan]
__netif_receive_skb_core+0x545/0xda0
? enqueue_task_fair+0xe5/0x8e0
? __netif_receive_skb_one_core+0x36/0x70
__netif_receive_skb_one_core+0x36/0x70
process_backlog+0x97/0x140
net_rx_action+0x1eb/0x350
? __hrtimer_run_queues+0x136/0x2e0
__do_softirq+0xe3/0x383
do_softirq_own_stack+0x2a/0x40
</IRQ>
do_softirq.part.4+0x4e/0x50
netif_rx_ni+0x60/0xd0
dev_loopback_xmit+0x83/0xf0
ip6_finish_output2+0x575/0x590 [ipv6]
? ip6_cork_release.isra.1+0x64/0x90 [ipv6]
? __ip6_make_skb+0x38d/0x680 [ipv6]
? ip6_output+0x6c/0x140 [ipv6]
ip6_output+0x6c/0x140 [ipv6]
ip6_send_skb+0x1e/0x60 [ipv6]
rawv6_sendmsg+0xc4b/0xe10 [ipv6]
? proc_put_long+0xd0/0xd0
? rw_copy_check_uvector+0x4e/0x110
? sock_sendmsg+0x36/0x40
sock_sendmsg+0x36/0x40
___sys_sendmsg+0x2b6/0x2d0
? proc_dointvec+0x23/0x30
? addrconf_sysctl_forward+0x8d/0x250 [ipv6]
? dev_forward_change+0x130/0x130 [ipv6]
? _raw_spin_unlock+0x12/0x30
? proc_sys_call_handler.isra.14+0x9f/0x110
? __call_rcu+0x213/0x510
? get_max_files+0x10/0x10
? trace_hardirqs_on+0x2c/0xe0
? __sys_sendmsg+0x63/0xa0
__sys_sendmsg+0x63/0xa0
do_syscall_64+0x6c/0x1e0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macvlan.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 225bfc808112..349123592af0 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -451,6 +451,10 @@ static rx_handler_result_t macvlan_handle_frame(struct sk_buff **pskb)
int ret;
rx_handler_result_t handle_res;
+ /* Packets from dev_loopback_xmit() do not have L2 header, bail out */
+ if (unlikely(skb->pkt_type == PACKET_LOOPBACK))
+ return RX_HANDLER_PASS;
+
port = macvlan_port_get_rcu(skb->dev);
if (is_multicast_ether_addr(eth->h_dest)) {
unsigned int hash;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 174/267] PCI: Dont disable decoding when mmio_always_on is set
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 173/267] macvlan: Skip loopback packets in RX handler Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 175/267] MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() Greg Kroah-Hartman
` (94 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiaxun Yang, Bjorn Helgaas,
Thomas Bogendoerfer, Sasha Levin
From: Jiaxun Yang <jiaxun.yang@flygoat.com>
[ Upstream commit b6caa1d8c80cb71b6162cb1f1ec13aa655026c9f ]
Don't disable MEM/IO decoding when a device have both non_compliant_bars
and mmio_always_on.
That would allow us quirk devices with junk in BARs but can't disable
their decoding.
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Acked-by: Bjorn Helgaas <helgaas@kernel.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index fa4c386c8cd8..a21c04d8a40b 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1634,7 +1634,7 @@ int pci_setup_device(struct pci_dev *dev)
/* Device class may be changed after fixup */
class = dev->class >> 8;
- if (dev->non_compliant_bars) {
+ if (dev->non_compliant_bars && !dev->mmio_always_on) {
pci_read_config_word(dev, PCI_COMMAND, &cmd);
if (cmd & (PCI_COMMAND_IO | PCI_COMMAND_MEMORY)) {
pci_info(dev, "device has non-compliant BARs; disabling IO/MEM decoding\n");
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 175/267] MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 174/267] PCI: Dont disable decoding when mmio_always_on is set Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 176/267] bcache: fix refcount underflow in bcache_device_free() Greg Kroah-Hartman
` (93 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, YuanJunQing, Thomas Bogendoerfer,
Sasha Levin
From: YuanJunQing <yuanjunqing66@163.com>
[ Upstream commit 31e1b3efa802f97a17628dde280006c4cee4ce5e ]
Register "a1" is unsaved in this function,
when CONFIG_TRACE_IRQFLAGS is enabled,
the TRACE_IRQS_OFF macro will call trace_hardirqs_off(),
and this may change register "a1".
The changed register "a1" as argument will be send
to do_fpe() and do_msa_fpe().
Signed-off-by: YuanJunQing <yuanjunqing66@163.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/genex.S | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/mips/kernel/genex.S b/arch/mips/kernel/genex.S
index 6c257b52f57f..7fad007fe025 100644
--- a/arch/mips/kernel/genex.S
+++ b/arch/mips/kernel/genex.S
@@ -477,20 +477,20 @@ NESTED(nmi_handler, PT_SIZE, sp)
.endm
.macro __build_clear_fpe
+ CLI
+ TRACE_IRQS_OFF
.set push
/* gas fails to assemble cfc1 for some archs (octeon).*/ \
.set mips1
SET_HARDFLOAT
cfc1 a1, fcr31
.set pop
- CLI
- TRACE_IRQS_OFF
.endm
.macro __build_clear_msa_fpe
- _cfcmsa a1, MSA_CSR
CLI
TRACE_IRQS_OFF
+ _cfcmsa a1, MSA_CSR
.endm
.macro __build_clear_ade
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 176/267] bcache: fix refcount underflow in bcache_device_free()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 175/267] MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 177/267] mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk Greg Kroah-Hartman
` (92 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Coly Li, Jens Axboe, Sasha Levin
From: Coly Li <colyli@suse.de>
[ Upstream commit 86da9f736740eba602389908574dfbb0f517baa5 ]
The problematic code piece in bcache_device_free() is,
785 static void bcache_device_free(struct bcache_device *d)
786 {
787 struct gendisk *disk = d->disk;
[snipped]
799 if (disk) {
800 if (disk->flags & GENHD_FL_UP)
801 del_gendisk(disk);
802
803 if (disk->queue)
804 blk_cleanup_queue(disk->queue);
805
806 ida_simple_remove(&bcache_device_idx,
807 first_minor_to_idx(disk->first_minor));
808 put_disk(disk);
809 }
[snipped]
816 }
At line 808, put_disk(disk) may encounter kobject refcount of 'disk'
being underflow.
Here is how to reproduce the issue,
- Attche the backing device to a cache device and do random write to
make the cache being dirty.
- Stop the bcache device while the cache device has dirty data of the
backing device.
- Only register the backing device back, NOT register cache device.
- The bcache device node /dev/bcache0 won't show up, because backing
device waits for the cache device shows up for the missing dirty
data.
- Now echo 1 into /sys/fs/bcache/pendings_cleanup, to stop the pending
backing device.
- After the pending backing device stopped, use 'dmesg' to check kernel
message, a use-after-free warning from KASA reported the refcount of
kobject linked to the 'disk' is underflow.
The dropping refcount at line 808 in the above code piece is added by
add_disk(d->disk) in bch_cached_dev_run(). But in the above condition
the cache device is not registered, bch_cached_dev_run() has no chance
to be called and the refcount is not added. The put_disk() for a non-
added refcount of gendisk kobject triggers a underflow warning.
This patch checks whether GENHD_FL_UP is set in disk->flags, if it is
not set then the bcache device was not added, don't call put_disk()
and the the underflow issue can be avoided.
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/super.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
index 5b5cbfadd003..68ebc2759c2e 100644
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -775,7 +775,9 @@ static void bcache_device_free(struct bcache_device *d)
bcache_device_detach(d);
if (disk) {
- if (disk->flags & GENHD_FL_UP)
+ bool disk_added = (disk->flags & GENHD_FL_UP) != 0;
+
+ if (disk_added)
del_gendisk(disk);
if (disk->queue)
@@ -783,7 +785,8 @@ static void bcache_device_free(struct bcache_device *d)
ida_simple_remove(&bcache_device_idx,
first_minor_to_idx(disk->first_minor));
- put_disk(disk);
+ if (disk_added)
+ put_disk(disk);
}
bioset_exit(&d->bio_split);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 177/267] mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 176/267] bcache: fix refcount underflow in bcache_device_free() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 178/267] staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core Greg Kroah-Hartman
` (91 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Veerabhadrarao Badiganti,
Adrian Hunter, Ulf Hansson, Sasha Levin
From: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
[ Upstream commit d863cb03fb2aac07f017b2a1d923cdbc35021280 ]
sdhci-msm can support auto cmd12.
So enable SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk.
Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/1587363626-20413-3-git-send-email-vbadigan@codeaurora.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-msm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
index 4cff758767cb..643fd1a1b88b 100644
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -1706,7 +1706,9 @@ static const struct sdhci_ops sdhci_msm_ops = {
static const struct sdhci_pltfm_data sdhci_msm_pdata = {
.quirks = SDHCI_QUIRK_BROKEN_CARD_DETECTION |
SDHCI_QUIRK_SINGLE_POWER_WRITE |
- SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN,
+ SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN |
+ SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12,
+
.quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN,
.ops = &sdhci_msm_ops,
};
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 178/267] staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 177/267] mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 179/267] mmc: via-sdmmc: " Greg Kroah-Hartman
` (90 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rui Miguel Silva, Johan Hovold,
Alex Elder, greybus-dev, Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit a389087ee9f195fcf2f31cd771e9ec5f02c16650 ]
Using a fixed 1s timeout for all commands is a bit problematic.
For some commands it means waiting longer than needed for the timeout to
expire, which may not a big issue, but still. For other commands, like for
an erase (CMD38) that uses a R1B response, may require longer timeouts than
1s. In these cases, we may end up treating the command as it failed, while
it just needed some more time to complete successfully.
Fix the problem by respecting the cmd->busy_timeout, which is provided by
the mmc core.
Cc: Rui Miguel Silva <rmfrfs@gmail.com>
Cc: Johan Hovold <johan@kernel.org>
Cc: Alex Elder <elder@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: greybus-dev@lists.linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Rui Miguel Silva <rmfrfs@gmail.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20200414161413.3036-20-ulf.hansson@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/greybus/sdio.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/greybus/sdio.c b/drivers/staging/greybus/sdio.c
index 38e85033fc4b..afb2e5e5111a 100644
--- a/drivers/staging/greybus/sdio.c
+++ b/drivers/staging/greybus/sdio.c
@@ -411,6 +411,7 @@ static int gb_sdio_command(struct gb_sdio_host *host, struct mmc_command *cmd)
struct gb_sdio_command_request request = {0};
struct gb_sdio_command_response response;
struct mmc_data *data = host->mrq->data;
+ unsigned int timeout_ms;
u8 cmd_flags;
u8 cmd_type;
int i;
@@ -469,9 +470,12 @@ static int gb_sdio_command(struct gb_sdio_host *host, struct mmc_command *cmd)
request.data_blksz = cpu_to_le16(data->blksz);
}
- ret = gb_operation_sync(host->connection, GB_SDIO_TYPE_COMMAND,
- &request, sizeof(request), &response,
- sizeof(response));
+ timeout_ms = cmd->busy_timeout ? cmd->busy_timeout :
+ GB_OPERATION_TIMEOUT_DEFAULT;
+
+ ret = gb_operation_sync_timeout(host->connection, GB_SDIO_TYPE_COMMAND,
+ &request, sizeof(request), &response,
+ sizeof(response), timeout_ms);
if (ret < 0)
goto out;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 179/267] mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 178/267] staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 180/267] ixgbe: fix signed-integer-overflow warning Greg Kroah-Hartman
` (89 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bruce Chang, Harald Welte,
Ulf Hansson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 966244ccd2919e28f25555a77f204cd1c109cad8 ]
Using a fixed 1s timeout for all commands (and data transfers) is a bit
problematic.
For some commands it means waiting longer than needed for the timer to
expire, which may not a big issue, but still. For other commands, like for
an erase (CMD38) that uses a R1B response, may require longer timeouts than
1s. In these cases, we may end up treating the command as it failed, while
it just needed some more time to complete successfully.
Fix the problem by respecting the cmd->busy_timeout, which is provided by
the mmc core.
Cc: Bruce Chang <brucechang@via.com.tw>
Cc: Harald Welte <HaraldWelte@viatech.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/20200414161413.3036-17-ulf.hansson@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/via-sdmmc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/via-sdmmc.c b/drivers/mmc/host/via-sdmmc.c
index 32c4211506fc..246dc6255e69 100644
--- a/drivers/mmc/host/via-sdmmc.c
+++ b/drivers/mmc/host/via-sdmmc.c
@@ -323,6 +323,8 @@ struct via_crdr_mmc_host {
/* some devices need a very long delay for power to stabilize */
#define VIA_CRDR_QUIRK_300MS_PWRDELAY 0x0001
+#define VIA_CMD_TIMEOUT_MS 1000
+
static const struct pci_device_id via_ids[] = {
{PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_9530,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0,},
@@ -555,14 +557,17 @@ static void via_sdc_send_command(struct via_crdr_mmc_host *host,
{
void __iomem *addrbase;
struct mmc_data *data;
+ unsigned int timeout_ms;
u32 cmdctrl = 0;
WARN_ON(host->cmd);
data = cmd->data;
- mod_timer(&host->timer, jiffies + HZ);
host->cmd = cmd;
+ timeout_ms = cmd->busy_timeout ? cmd->busy_timeout : VIA_CMD_TIMEOUT_MS;
+ mod_timer(&host->timer, jiffies + msecs_to_jiffies(timeout_ms));
+
/*Command index*/
cmdctrl = cmd->opcode << 8;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 180/267] ixgbe: fix signed-integer-overflow warning
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 179/267] mmc: via-sdmmc: " Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 181/267] mmc: sdhci-esdhc-imx: fix the mask for tuning start point Greg Kroah-Hartman
` (88 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Xie XiuQi, Andrew Bowers,
Jeff Kirsher, Sasha Levin
From: Xie XiuQi <xiexiuqi@huawei.com>
[ Upstream commit 3b70683fc4d68f5d915d9dc7e5ba72c732c7315c ]
ubsan report this warning, fix it by adding a unsigned suffix.
UBSAN: signed-integer-overflow in
drivers/net/ethernet/intel/ixgbe/ixgbe_common.c:2246:26
65535 * 65537 cannot be represented in type 'int'
CPU: 21 PID: 7 Comm: kworker/u256:0 Not tainted 5.7.0-rc3-debug+ #39
Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 03/27/2020
Workqueue: ixgbe ixgbe_service_task [ixgbe]
Call trace:
dump_backtrace+0x0/0x3f0
show_stack+0x28/0x38
dump_stack+0x154/0x1e4
ubsan_epilogue+0x18/0x60
handle_overflow+0xf8/0x148
__ubsan_handle_mul_overflow+0x34/0x48
ixgbe_fc_enable_generic+0x4d0/0x590 [ixgbe]
ixgbe_service_task+0xc20/0x1f78 [ixgbe]
process_one_work+0x8f0/0xf18
worker_thread+0x430/0x6d0
kthread+0x218/0x238
ret_from_fork+0x10/0x18
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Xie XiuQi <xiexiuqi@huawei.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
index 0bd1294ba517..39c5e6fdb72c 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
@@ -2243,7 +2243,7 @@ s32 ixgbe_fc_enable_generic(struct ixgbe_hw *hw)
}
/* Configure pause time (2 TCs per register) */
- reg = hw->fc.pause_time * 0x00010001;
+ reg = hw->fc.pause_time * 0x00010001U;
for (i = 0; i < (MAX_TRAFFIC_CLASS / 2); i++)
IXGBE_WRITE_REG(hw, IXGBE_FCTTV(i), reg);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 181/267] mmc: sdhci-esdhc-imx: fix the mask for tuning start point
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 180/267] ixgbe: fix signed-integer-overflow warning Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback Greg Kroah-Hartman
` (87 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haibo Chen, Ulf Hansson, Sasha Levin
From: Haibo Chen <haibo.chen@nxp.com>
[ Upstream commit 1194be8c949b8190b2882ad8335a5d98aa50c735 ]
According the RM, the bit[6~0] of register ESDHC_TUNING_CTRL is
TUNING_START_TAP, bit[7] of this register is to disable the command
CRC check for standard tuning. So fix it here.
Fixes: d87fc9663688 ("mmc: sdhci-esdhc-imx: support setting tuning start point")
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Link: https://lore.kernel.org/r/1590488522-9292-1-git-send-email-haibo.chen@nxp.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-esdhc-imx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c
index 629860f7327c..bd502f4f4704 100644
--- a/drivers/mmc/host/sdhci-esdhc-imx.c
+++ b/drivers/mmc/host/sdhci-esdhc-imx.c
@@ -82,7 +82,7 @@
#define ESDHC_STD_TUNING_EN (1 << 24)
/* NOTE: the minimum valid tuning start tap for mx6sl is 1 */
#define ESDHC_TUNING_START_TAP_DEFAULT 0x1
-#define ESDHC_TUNING_START_TAP_MASK 0xff
+#define ESDHC_TUNING_START_TAP_MASK 0x7f
#define ESDHC_TUNING_STEP_MASK 0x00070000
#define ESDHC_TUNING_STEP_SHIFT 16
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 181/267] mmc: sdhci-esdhc-imx: fix the mask for tuning start point Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 21:07 ` Pavel Machek
2020-06-19 14:32 ` [PATCH 4.19 183/267] cpuidle: Fix three reference count leaks Greg Kroah-Hartman
` (86 subsequent siblings)
268 siblings, 1 reply; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Serge Semin, Georgy Vlasov,
Ramil Zaripov, Alexey Malahov, Thomas Bogendoerfer,
Arnd Bergmann, Andy Shevchenko, Feng Tang, Rob Herring,
linux-mips, devicetree, Mark Brown, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit f0410bbf7d0fb80149e3b17d11d31f5b5197873e ]
DW APB SSI DMA-part of the driver may need to perform the requested
SPI-transfer synchronously. In that case the dma_transfer() callback
will return 0 as a marker of the SPI transfer being finished so the
SPI core doesn't need to wait and may proceed with the SPI message
trasnfers pumping procedure. This will be needed to fix the problem
when DMA transactions are finished, but there is still data left in
the SPI Tx/Rx FIFOs being sent/received. But for now make dma_transfer
to return 1 as the normal dw_spi_transfer_one() method.
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Cc: Georgy Vlasov <Georgy.Vlasov@baikalelectronics.ru>
Cc: Ramil Zaripov <Ramil.Zaripov@baikalelectronics.ru>
Cc: Alexey Malahov <Alexey.Malahov@baikalelectronics.ru>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Feng Tang <feng.tang@intel.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: devicetree@vger.kernel.org
Link: https://lore.kernel.org/r/20200529131205.31838-3-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-dw-mid.c | 2 +-
drivers/spi/spi-dw.c | 7 ++-----
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c
index e1b34ef9a31c..10f328558d55 100644
--- a/drivers/spi/spi-dw-mid.c
+++ b/drivers/spi/spi-dw-mid.c
@@ -274,7 +274,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, struct spi_transfer *xfer)
dma_async_issue_pending(dws->txchan);
}
- return 0;
+ return 1;
}
static void mid_spi_dma_stop(struct dw_spi *dws)
diff --git a/drivers/spi/spi-dw.c b/drivers/spi/spi-dw.c
index 3fbd6f01fb10..b1c137261d0f 100644
--- a/drivers/spi/spi-dw.c
+++ b/drivers/spi/spi-dw.c
@@ -383,11 +383,8 @@ static int dw_spi_transfer_one(struct spi_controller *master,
spi_enable_chip(dws, 1);
- if (dws->dma_mapped) {
- ret = dws->dma_ops->dma_transfer(dws, transfer);
- if (ret < 0)
- return ret;
- }
+ if (dws->dma_mapped)
+ return dws->dma_ops->dma_transfer(dws, transfer);
if (chip->poll_mode)
return poll_transfer(dws);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 183/267] cpuidle: Fix three reference count leaks
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 184/267] platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() Greg Kroah-Hartman
` (85 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qiushi Wu, Rafael J. Wysocki, Sasha Levin
From: Qiushi Wu <wu000273@umn.edu>
[ Upstream commit c343bf1ba5efcbf2266a1fe3baefec9cc82f867f ]
kobject_init_and_add() takes reference even when it fails.
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Previous commit "b8eb718348b8" fixed a similar problem.
Signed-off-by: Qiushi Wu <wu000273@umn.edu>
[ rjw: Subject ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpuidle/sysfs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
index e754c7aae7f7..66979dc33680 100644
--- a/drivers/cpuidle/sysfs.c
+++ b/drivers/cpuidle/sysfs.c
@@ -467,7 +467,7 @@ static int cpuidle_add_state_sysfs(struct cpuidle_device *device)
ret = kobject_init_and_add(&kobj->kobj, &ktype_state_cpuidle,
&kdev->kobj, "state%d", i);
if (ret) {
- kfree(kobj);
+ kobject_put(&kobj->kobj);
goto error_state;
}
cpuidle_add_s2idle_attr_group(kobj);
@@ -598,7 +598,7 @@ static int cpuidle_add_driver_sysfs(struct cpuidle_device *dev)
ret = kobject_init_and_add(&kdrv->kobj, &ktype_driver_cpuidle,
&kdev->kobj, "driver");
if (ret) {
- kfree(kdrv);
+ kobject_put(&kdrv->kobj);
return ret;
}
@@ -692,7 +692,7 @@ int cpuidle_add_sysfs(struct cpuidle_device *dev)
error = kobject_init_and_add(&kdev->kobj, &ktype_cpuidle, &cpu_dev->kobj,
"cpuidle");
if (error) {
- kfree(kdev);
+ kobject_put(&kdev->kobj);
return error;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 184/267] platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 183/267] cpuidle: Fix three reference count leaks Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 185/267] platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) Greg Kroah-Hartman
` (84 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 5cdc45ed3948042f0d73c6fec5ee9b59e637d0d2 ]
First of all, unsigned long can overflow u32 value on 64-bit machine.
Second, simple_strtoul() doesn't check for overflow in the input.
Convert simple_strtoul() to kstrtou32() to eliminate above issues.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/hp-wmi.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
index 06a3c1ef8eee..952544ca0d84 100644
--- a/drivers/platform/x86/hp-wmi.c
+++ b/drivers/platform/x86/hp-wmi.c
@@ -474,8 +474,14 @@ static ssize_t postcode_show(struct device *dev, struct device_attribute *attr,
static ssize_t als_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
- u32 tmp = simple_strtoul(buf, NULL, 10);
- int ret = hp_wmi_perform_query(HPWMI_ALS_QUERY, HPWMI_WRITE, &tmp,
+ u32 tmp;
+ int ret;
+
+ ret = kstrtou32(buf, 10, &tmp);
+ if (ret)
+ return ret;
+
+ ret = hp_wmi_perform_query(HPWMI_ALS_QUERY, HPWMI_WRITE, &tmp,
sizeof(tmp), sizeof(tmp));
if (ret)
return ret < 0 ? ret : -EINVAL;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 185/267] platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 184/267] platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 186/267] platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type Greg Kroah-Hartman
` (83 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nickolai Kozachenko, Andy Shevchenko,
Sasha Levin
From: Nickolai Kozachenko <daemongloom@gmail.com>
[ Upstream commit 8fe63eb757ac6e661a384cc760792080bdc738dc ]
HEBC method reports capabilities of 5 button array but HP Spectre X2 (2015)
does not have this control method (the same was for Wacom MobileStudio Pro).
Expand previous DMI quirk by Alex Hung to also enable 5 button array
for this system.
Signed-off-by: Nickolai Kozachenko <daemongloom@gmail.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel-hid.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/platform/x86/intel-hid.c b/drivers/platform/x86/intel-hid.c
index 3201a83073b5..c514cb73bb50 100644
--- a/drivers/platform/x86/intel-hid.c
+++ b/drivers/platform/x86/intel-hid.c
@@ -87,6 +87,13 @@ static const struct dmi_system_id button_array_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "Wacom MobileStudio Pro 16"),
},
},
+ {
+ .ident = "HP Spectre x2 (2015)",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "HP"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "HP Spectre x2 Detachable"),
+ },
+ },
{ }
};
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 186/267] platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 185/267] platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 187/267] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN Greg Kroah-Hartman
` (82 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mario Limonciello, Hans de Goede,
Mario Limonciello, Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit cfae58ed681c5fe0185db843013ecc71cd265ebf ]
The HP Stream x360 11-p000nd no longer report SW_TABLET_MODE state / events
with recent kernels. This model reports a chassis-type of 10 / "Notebook"
which is not on the recently introduced chassis-type whitelist
Commit de9647efeaa9 ("platform/x86: intel-vbtn: Only activate tablet mode
switch on 2-in-1's") added a chassis-type whitelist and only listed 31 /
"Convertible" as being capable of generating valid SW_TABLET_MOD events.
Commit 1fac39fd0316 ("platform/x86: intel-vbtn: Also handle tablet-mode
switch on "Detachable" and "Portable" chassis-types") extended the
whitelist with chassis-types 8 / "Portable" and 32 / "Detachable".
And now we need to exten the whitelist again with 10 / "Notebook"...
The issue original fixed by the whitelist is really a ACPI DSDT bug on
the Dell XPS 9360 where it has a VGBS which reports it is in tablet mode
even though it is not a 2-in-1 at all, but a regular laptop.
So since this is a workaround for a DSDT issue on that specific model,
instead of extending the whitelist over and over again, lets switch to
a blacklist and only blacklist the chassis-type of the model for which
the chassis-type check was added.
Note this also fixes the current version of the code no longer checking
if dmi_get_system_info(DMI_CHASSIS_TYPE) returns NULL.
Fixes: 1fac39fd0316 ("platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types")
Cc: Mario Limonciello <mario.limonciello@dell.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Mario Limonciello <Mario.limonciello@dell.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel-vbtn.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/drivers/platform/x86/intel-vbtn.c b/drivers/platform/x86/intel-vbtn.c
index 5f8120d12859..d122f33d43ac 100644
--- a/drivers/platform/x86/intel-vbtn.c
+++ b/drivers/platform/x86/intel-vbtn.c
@@ -157,21 +157,18 @@ static void detect_tablet_mode(struct platform_device *device)
static bool intel_vbtn_has_switches(acpi_handle handle)
{
const char *chassis_type = dmi_get_system_info(DMI_CHASSIS_TYPE);
- unsigned long chassis_type_int;
unsigned long long vgbs;
acpi_status status;
- if (kstrtoul(chassis_type, 10, &chassis_type_int))
- return false;
-
- switch (chassis_type_int) {
- case 8: /* Portable */
- case 31: /* Convertible */
- case 32: /* Detachable */
- break;
- default:
+ /*
+ * Some normal laptops have a VGBS method despite being non-convertible
+ * and their VGBS method always returns 0, causing detect_tablet_mode()
+ * to report SW_TABLET_MODE=1 to userspace, which causes issues.
+ * These laptops have a DMI chassis_type of 9 ("Laptop"), do not report
+ * switches on any devices with a DMI chassis_type of 9.
+ */
+ if (chassis_type && strcmp(chassis_type, "9") == 0)
return false;
- }
status = acpi_evaluate_integer(handle, "VGBS", NULL, &vgbs);
return ACPI_SUCCESS(status);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 187/267] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 186/267] platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 188/267] btrfs: include non-missing as a qualifier for the latest_bdev Greg Kroah-Hartman
` (81 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Axtens, Andrew Morton,
David Gow, Dmitry Vyukov, Daniel Micay, Andrey Ryabinin,
Alexander Potapenko, Linus Torvalds, Sasha Levin
From: Daniel Axtens <dja@axtens.net>
[ Upstream commit 47227d27e2fcb01a9e8f5958d8997cf47a820afc ]
The memcmp KASAN self-test fails on a kernel with both KASAN and
FORTIFY_SOURCE.
When FORTIFY_SOURCE is on, a number of functions are replaced with
fortified versions, which attempt to check the sizes of the operands.
However, these functions often directly invoke __builtin_foo() once they
have performed the fortify check. Using __builtins may bypass KASAN
checks if the compiler decides to inline it's own implementation as
sequence of instructions, rather than emit a function call that goes out
to a KASAN-instrumented implementation.
Why is only memcmp affected?
============================
Of the string and string-like functions that kasan_test tests, only memcmp
is replaced by an inline sequence of instructions in my testing on x86
with gcc version 9.2.1 20191008 (Ubuntu 9.2.1-9ubuntu2).
I believe this is due to compiler heuristics. For example, if I annotate
kmalloc calls with the alloc_size annotation (and disable some fortify
compile-time checking!), the compiler will replace every memset except the
one in kmalloc_uaf_memset with inline instructions. (I have some WIP
patches to add this annotation.)
Does this affect other functions in string.h?
=============================================
Yes. Anything that uses __builtin_* rather than __real_* could be
affected. This looks like:
- strncpy
- strcat
- strlen
- strlcpy maybe, under some circumstances?
- strncat under some circumstances
- memset
- memcpy
- memmove
- memcmp (as noted)
- memchr
- strcpy
Whether a function call is emitted always depends on the compiler. Most
bugs should get caught by FORTIFY_SOURCE, but the missed memcmp test shows
that this is not always the case.
Isn't FORTIFY_SOURCE disabled with KASAN?
========================================-
The string headers on all arches supporting KASAN disable fortify with
kasan, but only when address sanitisation is _also_ disabled. For example
from x86:
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
/*
* For files that are not instrumented (e.g. mm/slub.c) we
* should use not instrumented version of mem* functions.
*/
#define memcpy(dst, src, len) __memcpy(dst, src, len)
#define memmove(dst, src, len) __memmove(dst, src, len)
#define memset(s, c, n) __memset(s, c, n)
#ifndef __NO_FORTIFY
#define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */
#endif
#endif
This comes from commit 6974f0c4555e ("include/linux/string.h: add the
option of fortified string.h functions"), and doesn't work when KASAN is
enabled and the file is supposed to be sanitised - as with test_kasan.c
I'm pretty sure this is not wrong, but not as expansive it should be:
* we shouldn't use __builtin_memcpy etc in files where we don't have
instrumentation - it could devolve into a function call to memcpy,
which will be instrumented. Rather, we should use __memcpy which
by convention is not instrumented.
* we also shouldn't be using __builtin_memcpy when we have a KASAN
instrumented file, because it could be replaced with inline asm
that will not be instrumented.
What is correct behaviour?
==========================
Firstly, there is some overlap between fortification and KASAN: both
provide some level of _runtime_ checking. Only fortify provides
compile-time checking.
KASAN and fortify can pick up different things at runtime:
- Some fortify functions, notably the string functions, could easily be
modified to consider sub-object sizes (e.g. members within a struct),
and I have some WIP patches to do this. KASAN cannot detect these
because it cannot insert poision between members of a struct.
- KASAN can detect many over-reads/over-writes when the sizes of both
operands are unknown, which fortify cannot.
So there are a couple of options:
1) Flip the test: disable fortify in santised files and enable it in
unsanitised files. This at least stops us missing KASAN checking, but
we lose the fortify checking.
2) Make the fortify code always call out to real versions. Do this only
for KASAN, for fear of losing the inlining opportunities we get from
__builtin_*.
(We can't use kasan_check_{read,write}: because the fortify functions are
_extern inline_, you can't include _static_ inline functions without a
compiler warning. kasan_check_{read,write} are static inline so we can't
use them even when they would otherwise be suitable.)
Take approach 2 and call out to real versions when KASAN is enabled.
Use __underlying_foo to distinguish from __real_foo: __real_foo always
refers to the kernel's implementation of foo, __underlying_foo could be
either the kernel implementation or the __builtin_foo implementation.
This is sometimes enough to make the memcmp test succeed with
FORTIFY_SOURCE enabled. It is at least enough to get the function call
into the module. One more fix is needed to make it reliable: see the next
patch.
Fixes: 6974f0c4555e ("include/linux/string.h: add the option of fortified string.h functions")
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Tested-by: David Gow <davidgow@google.com>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Daniel Micay <danielmicay@gmail.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Link: http://lkml.kernel.org/r/20200423154503.5103-3-dja@axtens.net
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/string.h | 60 +++++++++++++++++++++++++++++++++---------
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/include/linux/string.h b/include/linux/string.h
index f58e1ef76572..4db285b83f44 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -239,6 +239,31 @@ void __read_overflow3(void) __compiletime_error("detected read beyond size of ob
void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter");
#if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE)
+
+#ifdef CONFIG_KASAN
+extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr);
+extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp);
+extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
+extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
+extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
+extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
+extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
+extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
+extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
+extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
+#else
+#define __underlying_memchr __builtin_memchr
+#define __underlying_memcmp __builtin_memcmp
+#define __underlying_memcpy __builtin_memcpy
+#define __underlying_memmove __builtin_memmove
+#define __underlying_memset __builtin_memset
+#define __underlying_strcat __builtin_strcat
+#define __underlying_strcpy __builtin_strcpy
+#define __underlying_strlen __builtin_strlen
+#define __underlying_strncat __builtin_strncat
+#define __underlying_strncpy __builtin_strncpy
+#endif
+
__FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
{
size_t p_size = __builtin_object_size(p, 0);
@@ -246,14 +271,14 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
__write_overflow();
if (p_size < size)
fortify_panic(__func__);
- return __builtin_strncpy(p, q, size);
+ return __underlying_strncpy(p, q, size);
}
__FORTIFY_INLINE char *strcat(char *p, const char *q)
{
size_t p_size = __builtin_object_size(p, 0);
if (p_size == (size_t)-1)
- return __builtin_strcat(p, q);
+ return __underlying_strcat(p, q);
if (strlcat(p, q, p_size) >= p_size)
fortify_panic(__func__);
return p;
@@ -267,7 +292,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p)
/* Work around gcc excess stack consumption issue */
if (p_size == (size_t)-1 ||
(__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0'))
- return __builtin_strlen(p);
+ return __underlying_strlen(p);
ret = strnlen(p, p_size);
if (p_size <= ret)
fortify_panic(__func__);
@@ -300,7 +325,7 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
__write_overflow();
if (len >= p_size)
fortify_panic(__func__);
- __builtin_memcpy(p, q, len);
+ __underlying_memcpy(p, q, len);
p[len] = '\0';
}
return ret;
@@ -313,12 +338,12 @@ __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count)
size_t p_size = __builtin_object_size(p, 0);
size_t q_size = __builtin_object_size(q, 0);
if (p_size == (size_t)-1 && q_size == (size_t)-1)
- return __builtin_strncat(p, q, count);
+ return __underlying_strncat(p, q, count);
p_len = strlen(p);
copy_len = strnlen(q, count);
if (p_size < p_len + copy_len + 1)
fortify_panic(__func__);
- __builtin_memcpy(p + p_len, q, copy_len);
+ __underlying_memcpy(p + p_len, q, copy_len);
p[p_len + copy_len] = '\0';
return p;
}
@@ -330,7 +355,7 @@ __FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size)
__write_overflow();
if (p_size < size)
fortify_panic(__func__);
- return __builtin_memset(p, c, size);
+ return __underlying_memset(p, c, size);
}
__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
@@ -345,7 +370,7 @@ __FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
}
if (p_size < size || q_size < size)
fortify_panic(__func__);
- return __builtin_memcpy(p, q, size);
+ return __underlying_memcpy(p, q, size);
}
__FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
@@ -360,7 +385,7 @@ __FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
}
if (p_size < size || q_size < size)
fortify_panic(__func__);
- return __builtin_memmove(p, q, size);
+ return __underlying_memmove(p, q, size);
}
extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan);
@@ -386,7 +411,7 @@ __FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size)
}
if (p_size < size || q_size < size)
fortify_panic(__func__);
- return __builtin_memcmp(p, q, size);
+ return __underlying_memcmp(p, q, size);
}
__FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
@@ -396,7 +421,7 @@ __FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
__read_overflow();
if (p_size < size)
fortify_panic(__func__);
- return __builtin_memchr(p, c, size);
+ return __underlying_memchr(p, c, size);
}
void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv);
@@ -427,11 +452,22 @@ __FORTIFY_INLINE char *strcpy(char *p, const char *q)
size_t p_size = __builtin_object_size(p, 0);
size_t q_size = __builtin_object_size(q, 0);
if (p_size == (size_t)-1 && q_size == (size_t)-1)
- return __builtin_strcpy(p, q);
+ return __underlying_strcpy(p, q);
memcpy(p, q, strlen(q) + 1);
return p;
}
+/* Don't use these outside the FORITFY_SOURCE implementation */
+#undef __underlying_memchr
+#undef __underlying_memcmp
+#undef __underlying_memcpy
+#undef __underlying_memmove
+#undef __underlying_memset
+#undef __underlying_strcat
+#undef __underlying_strcpy
+#undef __underlying_strlen
+#undef __underlying_strncat
+#undef __underlying_strncpy
#endif
/**
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 188/267] btrfs: include non-missing as a qualifier for the latest_bdev
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 187/267] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 189/267] btrfs: send: emit file capabilities after chown Greg Kroah-Hartman
` (80 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, Anand Jain, David Sterba
From: Anand Jain <anand.jain@oracle.com>
commit 998a0671961f66e9fad4990ed75f80ba3088c2f1 upstream.
btrfs_free_extra_devids() updates fs_devices::latest_bdev to point to
the bdev with greatest device::generation number. For a typical-missing
device the generation number is zero so fs_devices::latest_bdev will
never point to it.
But if the missing device is due to alienation [1], then
device::generation is not zero and if it is greater or equal to the rest
of device generations in the list, then fs_devices::latest_bdev ends up
pointing to the missing device and reports the error like [2].
[1] We maintain devices of a fsid (as in fs_device::fsid) in the
fs_devices::devices list, a device is considered as an alien device
if its fsid does not match with the fs_device::fsid
Consider a working filesystem with raid1:
$ mkfs.btrfs -f -d raid1 -m raid1 /dev/sda /dev/sdb
$ mount /dev/sda /mnt-raid1
$ umount /mnt-raid1
While mnt-raid1 was unmounted the user force-adds one of its devices to
another btrfs filesystem:
$ mkfs.btrfs -f /dev/sdc
$ mount /dev/sdc /mnt-single
$ btrfs dev add -f /dev/sda /mnt-single
Now the original mnt-raid1 fails to mount in degraded mode, because
fs_devices::latest_bdev is pointing to the alien device.
$ mount -o degraded /dev/sdb /mnt-raid1
[2]
mount: wrong fs type, bad option, bad superblock on /dev/sdb,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so.
kernel: BTRFS warning (device sdb): devid 1 uuid 072a0192-675b-4d5a-8640-a5cf2b2c704d is missing
kernel: BTRFS error (device sdb): failed to read devices
kernel: BTRFS error (device sdb): open_ctree failed
Fix the root cause by checking if the device is not missing before it
can be considered for the fs_devices::latest_bdev.
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/volumes.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -951,6 +951,8 @@ again:
&device->dev_state)) {
if (!test_bit(BTRFS_DEV_STATE_REPLACE_TGT,
&device->dev_state) &&
+ !test_bit(BTRFS_DEV_STATE_MISSING,
+ &device->dev_state) &&
(!latest_dev ||
device->generation > latest_dev->generation)) {
latest_dev = device;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 189/267] btrfs: send: emit file capabilities after chown
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 188/267] btrfs: include non-missing as a qualifier for the latest_bdev Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 190/267] mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() Greg Kroah-Hartman
` (79 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Marcos Paulo de Souza,
David Sterba
From: Marcos Paulo de Souza <mpdesouza@suse.com>
commit 89efda52e6b6930f80f5adda9c3c9edfb1397191 upstream.
Whenever a chown is executed, all capabilities of the file being touched
are lost. When doing incremental send with a file with capabilities,
there is a situation where the capability can be lost on the receiving
side. The sequence of actions bellow shows the problem:
$ mount /dev/sda fs1
$ mount /dev/sdb fs2
$ touch fs1/foo.bar
$ setcap cap_sys_nice+ep fs1/foo.bar
$ btrfs subvolume snapshot -r fs1 fs1/snap_init
$ btrfs send fs1/snap_init | btrfs receive fs2
$ chgrp adm fs1/foo.bar
$ setcap cap_sys_nice+ep fs1/foo.bar
$ btrfs subvolume snapshot -r fs1 fs1/snap_complete
$ btrfs subvolume snapshot -r fs1 fs1/snap_incremental
$ btrfs send fs1/snap_complete | btrfs receive fs2
$ btrfs send -p fs1/snap_init fs1/snap_incremental | btrfs receive fs2
At this point, only a chown was emitted by "btrfs send" since only the
group was changed. This makes the cap_sys_nice capability to be dropped
from fs2/snap_incremental/foo.bar
To fix that, only emit capabilities after chown is emitted. The current
code first checks for xattrs that are new/changed, emits them, and later
emit the chown. Now, __process_new_xattr skips capabilities, letting
only finish_inode_if_needed to emit them, if they exist, for the inode
being processed.
This behavior was being worked around in "btrfs receive" side by caching
the capability and only applying it after chown. Now, xattrs are only
emmited _after_ chown, making that workaround not needed anymore.
Link: https://github.com/kdave/btrfs-progs/issues/202
CC: stable@vger.kernel.org # 4.4+
Suggested-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/send.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -23,6 +23,7 @@
#include "btrfs_inode.h"
#include "transaction.h"
#include "compression.h"
+#include "xattr.h"
/*
* Maximum number of references an extent can have in order for us to attempt to
@@ -4543,6 +4544,10 @@ static int __process_new_xattr(int num,
struct fs_path *p;
struct posix_acl_xattr_header dummy_acl;
+ /* Capabilities are emitted by finish_inode_if_needed */
+ if (!strncmp(name, XATTR_NAME_CAPS, name_len))
+ return 0;
+
p = fs_path_alloc();
if (!p)
return -ENOMEM;
@@ -5105,6 +5110,64 @@ static int send_extent_data(struct send_
return 0;
}
+/*
+ * Search for a capability xattr related to sctx->cur_ino. If the capability is
+ * found, call send_set_xattr function to emit it.
+ *
+ * Return 0 if there isn't a capability, or when the capability was emitted
+ * successfully, or < 0 if an error occurred.
+ */
+static int send_capabilities(struct send_ctx *sctx)
+{
+ struct fs_path *fspath = NULL;
+ struct btrfs_path *path;
+ struct btrfs_dir_item *di;
+ struct extent_buffer *leaf;
+ unsigned long data_ptr;
+ char *buf = NULL;
+ int buf_len;
+ int ret = 0;
+
+ path = alloc_path_for_send();
+ if (!path)
+ return -ENOMEM;
+
+ di = btrfs_lookup_xattr(NULL, sctx->send_root, path, sctx->cur_ino,
+ XATTR_NAME_CAPS, strlen(XATTR_NAME_CAPS), 0);
+ if (!di) {
+ /* There is no xattr for this inode */
+ goto out;
+ } else if (IS_ERR(di)) {
+ ret = PTR_ERR(di);
+ goto out;
+ }
+
+ leaf = path->nodes[0];
+ buf_len = btrfs_dir_data_len(leaf, di);
+
+ fspath = fs_path_alloc();
+ buf = kmalloc(buf_len, GFP_KERNEL);
+ if (!fspath || !buf) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
+ ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, fspath);
+ if (ret < 0)
+ goto out;
+
+ data_ptr = (unsigned long)(di + 1) + btrfs_dir_name_len(leaf, di);
+ read_extent_buffer(leaf, buf, data_ptr, buf_len);
+
+ ret = send_set_xattr(sctx, fspath, XATTR_NAME_CAPS,
+ strlen(XATTR_NAME_CAPS), buf, buf_len);
+out:
+ kfree(buf);
+ fs_path_free(fspath);
+ btrfs_free_path(path);
+ return ret;
+}
+
static int clone_range(struct send_ctx *sctx,
struct clone_root *clone_root,
const u64 disk_byte,
@@ -5936,6 +5999,10 @@ static int finish_inode_if_needed(struct
goto out;
}
+ ret = send_capabilities(sctx);
+ if (ret < 0)
+ goto out;
+
/*
* If other directory inodes depended on our current directory
* inode's move/rename, now do their move/rename operations.
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 190/267] mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 189/267] btrfs: send: emit file capabilities after chown Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 191/267] mm: initialize deferred pages with interrupts enabled Greg Kroah-Hartman
` (78 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrea Arcangeli, Jann Horn,
Kirill A. Shutemov, Linus Torvalds
From: Andrea Arcangeli <aarcange@redhat.com>
commit c444eb564fb16645c172d550359cb3d75fe8a040 upstream.
Write protect anon page faults require an accurate mapcount to decide
if to break the COW or not. This is implemented in the THP path with
reuse_swap_page() ->
page_trans_huge_map_swapcount()/page_trans_huge_mapcount().
If the COW triggers while the other processes sharing the page are
under a huge pmd split, to do an accurate reading, we must ensure the
mapcount isn't computed while it's being transferred from the head
page to the tail pages.
reuse_swap_cache() already runs serialized by the page lock, so it's
enough to add the page lock around __split_huge_pmd_locked too, in
order to add the missing serialization.
Note: the commit in "Fixes" is just to facilitate the backporting,
because the code before such commit didn't try to do an accurate THP
mapcount calculation and it instead used the page_count() to decide if
to COW or not. Both the page_count and the pin_count are THP-wide
refcounts, so they're inaccurate if used in
reuse_swap_page(). Reverting such commit (besides the unrelated fix to
the local anon_vma assignment) would have also opened the window for
memory corruption side effects to certain workloads as documented in
such commit header.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Suggested-by: Jann Horn <jannh@google.com>
Reported-by: Jann Horn <jannh@google.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Fixes: 6d0a07edd17c ("mm: thp: calculate the mapcount correctly for THP pages during WP faults")
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/huge_memory.c | 31 ++++++++++++++++++++++++++++---
1 file changed, 28 insertions(+), 3 deletions(-)
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2273,6 +2273,8 @@ void __split_huge_pmd(struct vm_area_str
spinlock_t *ptl;
struct mm_struct *mm = vma->vm_mm;
unsigned long haddr = address & HPAGE_PMD_MASK;
+ bool was_locked = false;
+ pmd_t _pmd;
mmu_notifier_invalidate_range_start(mm, haddr, haddr + HPAGE_PMD_SIZE);
ptl = pmd_lock(mm, pmd);
@@ -2282,11 +2284,32 @@ void __split_huge_pmd(struct vm_area_str
* pmd against. Otherwise we can end up replacing wrong page.
*/
VM_BUG_ON(freeze && !page);
- if (page && page != pmd_page(*pmd))
- goto out;
+ if (page) {
+ VM_WARN_ON_ONCE(!PageLocked(page));
+ was_locked = true;
+ if (page != pmd_page(*pmd))
+ goto out;
+ }
+repeat:
if (pmd_trans_huge(*pmd)) {
- page = pmd_page(*pmd);
+ if (!page) {
+ page = pmd_page(*pmd);
+ if (unlikely(!trylock_page(page))) {
+ get_page(page);
+ _pmd = *pmd;
+ spin_unlock(ptl);
+ lock_page(page);
+ spin_lock(ptl);
+ if (unlikely(!pmd_same(*pmd, _pmd))) {
+ unlock_page(page);
+ put_page(page);
+ page = NULL;
+ goto repeat;
+ }
+ put_page(page);
+ }
+ }
if (PageMlocked(page))
clear_page_mlock(page);
} else if (!(pmd_devmap(*pmd) || is_pmd_migration_entry(*pmd)))
@@ -2294,6 +2317,8 @@ void __split_huge_pmd(struct vm_area_str
__split_huge_pmd_locked(vma, pmd, haddr, freeze);
out:
spin_unlock(ptl);
+ if (!was_locked && page)
+ unlock_page(page);
/*
* No need to double call mmu_notifier->invalidate_range() callback.
* They are 3 cases to consider inside __split_huge_pmd_locked():
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 191/267] mm: initialize deferred pages with interrupts enabled
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 190/267] mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 192/267] MIPS: CPU_LOONGSON2EF need software to maintain cache consistency Greg Kroah-Hartman
` (77 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shile Zhang, Pavel Tatashin,
Andrew Morton, Daniel Jordan, David Hildenbrand, Michal Hocko,
Vlastimil Babka, Dan Williams, James Morris, Kirill Tkhai,
Sasha Levin, Yiqian Wei, Linus Torvalds
From: Pavel Tatashin <pasha.tatashin@soleen.com>
commit 3d060856adfc59afb9d029c233141334cfaba418 upstream.
Initializing struct pages is a long task and keeping interrupts disabled
for the duration of this operation introduces a number of problems.
1. jiffies are not updated for long period of time, and thus incorrect time
is reported. See proposed solution and discussion here:
lkml/20200311123848.118638-1-shile.zhang@linux.alibaba.com
2. It prevents farther improving deferred page initialization by allowing
intra-node multi-threading.
We are keeping interrupts disabled to solve a rather theoretical problem
that was never observed in real world (See 3a2d7fa8a3d5).
Let's keep interrupts enabled. In case we ever encounter a scenario where
an interrupt thread wants to allocate large amount of memory this early in
boot we can deal with that by growing zone (see deferred_grow_zone()) by
the needed amount before starting deferred_init_memmap() threads.
Before:
[ 1.232459] node 0 initialised, 12058412 pages in 1ms
After:
[ 1.632580] node 0 initialised, 12051227 pages in 436ms
Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages")
Reported-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Signed-off-by: Pavel Tatashin <pasha.tatashin@soleen.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Sasha Levin <sashal@kernel.org>
Cc: Yiqian Wei <yiwei@redhat.com>
Cc: <stable@vger.kernel.org> [4.17+]
Link: http://lkml.kernel.org/r/20200403140952.17177-3-pasha.tatashin@soleen.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mmzone.h | 2 ++
mm/page_alloc.c | 19 +++++++------------
2 files changed, 9 insertions(+), 12 deletions(-)
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -638,6 +638,8 @@ typedef struct pglist_data {
/*
* Must be held any time you expect node_start_pfn, node_present_pages
* or node_spanned_pages stay constant.
+ * Also synchronizes pgdat->first_deferred_pfn during deferred page
+ * init.
*
* pgdat_resize_lock() and pgdat_resize_unlock() are provided to
* manipulate node_size_lock without checking for CONFIG_MEMORY_HOTPLUG
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -1586,6 +1586,13 @@ static int __init deferred_init_memmap(v
BUG_ON(pgdat->first_deferred_pfn > pgdat_end_pfn(pgdat));
pgdat->first_deferred_pfn = ULONG_MAX;
+ /*
+ * Once we unlock here, the zone cannot be grown anymore, thus if an
+ * interrupt thread must allocate this early in boot, zone must be
+ * pre-grown prior to start of deferred page initialization.
+ */
+ pgdat_resize_unlock(pgdat, &flags);
+
/* Only the highest zone is deferred so find it */
for (zid = 0; zid < MAX_NR_ZONES; zid++) {
zone = pgdat->node_zones + zid;
@@ -1610,7 +1617,6 @@ static int __init deferred_init_memmap(v
epfn = min_t(unsigned long, zone_end_pfn(zone), PFN_DOWN(epa));
deferred_free_pages(nid, zid, spfn, epfn);
}
- pgdat_resize_unlock(pgdat, &flags);
/* Sanity check that the next zone really is unpopulated */
WARN_ON(++zid < MAX_NR_ZONES && populated_zone(++zone));
@@ -1657,17 +1663,6 @@ deferred_grow_zone(struct zone *zone, un
pgdat_resize_lock(pgdat, &flags);
/*
- * If deferred pages have been initialized while we were waiting for
- * the lock, return true, as the zone was grown. The caller will retry
- * this zone. We won't return to this function since the caller also
- * has this static branch.
- */
- if (!static_branch_unlikely(&deferred_pages)) {
- pgdat_resize_unlock(pgdat, &flags);
- return true;
- }
-
- /*
* If someone grew this zone while we were waiting for spinlock, return
* true, as there might be enough pages already.
*/
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 192/267] MIPS: CPU_LOONGSON2EF need software to maintain cache consistency
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 191/267] mm: initialize deferred pages with interrupts enabled Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 193/267] ima: Fix ima digest hash table key calculation Greg Kroah-Hartman
` (76 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lichao Liu, Jiaxun Yang, Thomas Bogendoerfer
From: Lichao Liu <liulichao@loongson.cn>
commit a202bf71f08b3ef15356db30535e30b03cf23aec upstream.
CPU_LOONGSON2EF need software to maintain cache consistency,
so modify the 'cpu_needs_post_dma_flush' function to return true
when the cpu type is CPU_LOONGSON2EF.
Cc: stable@vger.kernel.org
Signed-off-by: Lichao Liu <liulichao@loongson.cn>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/mm/dma-noncoherent.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/mips/mm/dma-noncoherent.c
+++ b/arch/mips/mm/dma-noncoherent.c
@@ -56,6 +56,7 @@ static inline bool cpu_needs_post_dma_fl
case CPU_R10000:
case CPU_R12000:
case CPU_BMIPS5000:
+ case CPU_LOONGSON2EF:
return true;
default:
/*
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 193/267] ima: Fix ima digest hash table key calculation
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 192/267] MIPS: CPU_LOONGSON2EF need software to maintain cache consistency Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 194/267] ima: Directly assign the ima_default_policy pointer to ima_rules Greg Kroah-Hartman
` (75 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roberto Sassu, Krzysztof Struczynski,
big endian system concerns, Mimi Zohar
From: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
commit 1129d31b55d509f15e72dc68e4b5c3a4d7b4da8d upstream.
Function hash_long() accepts unsigned long, while currently only one byte
is passed from ima_hash_key(), which calculates a key for ima_htable.
Given that hashing the digest does not give clear benefits compared to
using the digest itself, remove hash_long() and return the modulus
calculated on the first two bytes of the digest with the number of slots.
Also reduce the depth of the hash table by doubling the number of slots.
Cc: stable@vger.kernel.org
Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider")
Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
Acked-by: David.Laight@aculab.com (big endian system concerns)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/ima.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -40,7 +40,7 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 =
#define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE
#define IMA_EVENT_NAME_LEN_MAX 255
-#define IMA_HASH_BITS 9
+#define IMA_HASH_BITS 10
#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
#define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16
@@ -166,9 +166,10 @@ struct ima_h_table {
};
extern struct ima_h_table ima_htable;
-static inline unsigned long ima_hash_key(u8 *digest)
+static inline unsigned int ima_hash_key(u8 *digest)
{
- return hash_long(*digest, IMA_HASH_BITS);
+ /* there is no point in taking a hash of part of a digest */
+ return (digest[0] | digest[1] << 8) % IMA_MEASURE_HTABLE_SIZE;
}
#define __ima_hooks(hook) \
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 194/267] ima: Directly assign the ima_default_policy pointer to ima_rules
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 193/267] ima: Fix ima digest hash table key calculation Greg Kroah-Hartman
@ 2020-06-19 14:32 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 195/267] evm: Fix possible memory leak in evm_calc_hmac_or_hash() Greg Kroah-Hartman
` (74 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:32 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Roberto Sassu, Mimi Zohar
From: Roberto Sassu <roberto.sassu@huawei.com>
commit 067a436b1b0aafa593344fddd711a755a58afb3b upstream.
This patch prevents the following oops:
[ 10.771813] BUG: kernel NULL pointer dereference, address: 0000000000000
[...]
[ 10.779790] RIP: 0010:ima_match_policy+0xf7/0xb80
[...]
[ 10.798576] Call Trace:
[ 10.798993] ? ima_lsm_policy_change+0x2b0/0x2b0
[ 10.799753] ? inode_init_owner+0x1a0/0x1a0
[ 10.800484] ? _raw_spin_lock+0x7a/0xd0
[ 10.801592] ima_must_appraise.part.0+0xb6/0xf0
[ 10.802313] ? ima_fix_xattr.isra.0+0xd0/0xd0
[ 10.803167] ima_must_appraise+0x4f/0x70
[ 10.804004] ima_post_path_mknod+0x2e/0x80
[ 10.804800] do_mknodat+0x396/0x3c0
It occurs when there is a failure during IMA initialization, and
ima_init_policy() is not called. IMA hooks still call ima_match_policy()
but ima_rules is NULL. This patch prevents the crash by directly assigning
the ima_default_policy pointer to ima_rules when ima_rules is defined. This
wouldn't alter the existing behavior, as ima_rules is always set at the end
of ima_init_policy().
Cc: stable@vger.kernel.org # 3.7.x
Fixes: 07f6a79415d7d ("ima: add appraise action keywords and default rules")
Reported-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/ima_policy.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -196,7 +196,7 @@ static struct ima_rule_entry secure_boot
static LIST_HEAD(ima_default_rules);
static LIST_HEAD(ima_policy_rules);
static LIST_HEAD(ima_temp_rules);
-static struct list_head *ima_rules;
+static struct list_head *ima_rules = &ima_default_rules;
static int ima_policy __initdata;
@@ -544,7 +544,6 @@ void __init ima_init_policy(void)
temp_ima_appraise |= IMA_APPRAISE_POLICY;
}
- ima_rules = &ima_default_rules;
ima_update_policy_flag();
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 195/267] evm: Fix possible memory leak in evm_calc_hmac_or_hash()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2020-06-19 14:32 ` [PATCH 4.19 194/267] ima: Directly assign the ima_default_policy pointer to ima_rules Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 196/267] ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max Greg Kroah-Hartman
` (73 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roberto Sassu, Mimi Zohar
From: Roberto Sassu <roberto.sassu@huawei.com>
commit 0c4395fb2aa77341269ea619c5419ea48171883f upstream.
Don't immediately return if the signature is portable and security.ima is
not present. Just set error so that memory allocated is freed before
returning from evm_calc_hmac_or_hash().
Fixes: 50b977481fce9 ("EVM: Add support for portable signature format")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/evm/evm_crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -249,7 +249,7 @@ static int evm_calc_hmac_or_hash(struct
/* Portable EVM signatures must include an IMA hash */
if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
- return -EPERM;
+ error = -EPERM;
out:
kfree(xattr_value);
kfree(desc);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 196/267] ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 195/267] evm: Fix possible memory leak in evm_calc_hmac_or_hash() Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 197/267] ext4: fix error pointer dereference Greg Kroah-Hartman
` (72 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Harshad Shirwadkar, Theodore Tso, stable
From: Harshad Shirwadkar <harshadshirwadkar@gmail.com>
commit c36a71b4e35ab35340facdd6964a00956b9fef0a upstream.
If eh->eh_max is 0, EXT_MAX_EXTENT/INDEX would evaluate to unsigned
(-1) resulting in illegal memory accesses. Although there is no
consistent repro, we see that generic/019 sometimes crashes because of
this bug.
Ran gce-xfstests smoke and verified that there were no regressions.
Signed-off-by: Harshad Shirwadkar <harshadshirwadkar@gmail.com>
Link: https://lore.kernel.org/r/20200421023959.20879-2-harshadshirwadkar@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ext4_extents.h | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/fs/ext4/ext4_extents.h
+++ b/fs/ext4/ext4_extents.h
@@ -157,10 +157,13 @@ struct ext4_ext_path {
(EXT_FIRST_EXTENT((__hdr__)) + le16_to_cpu((__hdr__)->eh_entries) - 1)
#define EXT_LAST_INDEX(__hdr__) \
(EXT_FIRST_INDEX((__hdr__)) + le16_to_cpu((__hdr__)->eh_entries) - 1)
-#define EXT_MAX_EXTENT(__hdr__) \
- (EXT_FIRST_EXTENT((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1)
+#define EXT_MAX_EXTENT(__hdr__) \
+ ((le16_to_cpu((__hdr__)->eh_max)) ? \
+ ((EXT_FIRST_EXTENT((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1)) \
+ : 0)
#define EXT_MAX_INDEX(__hdr__) \
- (EXT_FIRST_INDEX((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1)
+ ((le16_to_cpu((__hdr__)->eh_max)) ? \
+ ((EXT_FIRST_INDEX((__hdr__)) + le16_to_cpu((__hdr__)->eh_max) - 1)) : 0)
static inline struct ext4_extent_header *ext_inode_hdr(struct inode *inode)
{
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 197/267] ext4: fix error pointer dereference
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 196/267] ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 198/267] ext4: fix race between ext4_sync_parent() and rename() Greg Kroah-Hartman
` (71 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeffle Xu, Joseph Qi, Ritesh Harjani,
Jan Kara, Theodore Tso, stable
From: Jeffle Xu <jefflexu@linux.alibaba.com>
commit 8418897f1bf87da0cb6936489d57a4320c32c0af upstream.
Don't pass error pointers to brelse().
commit 7159a986b420 ("ext4: fix some error pointer dereferences") has fixed
some cases, fix the remaining one case.
Once ext4_xattr_block_find()->ext4_sb_bread() failed, error pointer is
stored in @bs->bh, which will be passed to brelse() in the cleanup
routine of ext4_xattr_set_handle(). This will then cause a NULL panic
crash in __brelse().
BUG: unable to handle kernel NULL pointer dereference at 000000000000005b
RIP: 0010:__brelse+0x1b/0x50
Call Trace:
ext4_xattr_set_handle+0x163/0x5d0
ext4_xattr_set+0x95/0x110
__vfs_setxattr+0x6b/0x80
__vfs_setxattr_noperm+0x68/0x1b0
vfs_setxattr+0xa0/0xb0
setxattr+0x12c/0x1a0
path_setxattr+0x8d/0xc0
__x64_sys_setxattr+0x27/0x30
do_syscall_64+0x60/0x250
entry_SYSCALL_64_after_hwframe+0x49/0xbe
In this case, @bs->bh stores '-EIO' actually.
Fixes: fb265c9cb49e ("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases")
Signed-off-by: Jeffle Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: stable@kernel.org # 2.6.19
Reviewed-by: Ritesh Harjani <riteshh@linux.ibm.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/1587628004-95123-1-git-send-email-jefflexu@linux.alibaba.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1824,8 +1824,11 @@ ext4_xattr_block_find(struct inode *inod
if (EXT4_I(inode)->i_file_acl) {
/* The inode already has an extended attribute block. */
bs->bh = ext4_sb_bread(sb, EXT4_I(inode)->i_file_acl, REQ_PRIO);
- if (IS_ERR(bs->bh))
- return PTR_ERR(bs->bh);
+ if (IS_ERR(bs->bh)) {
+ error = PTR_ERR(bs->bh);
+ bs->bh = NULL;
+ return error;
+ }
ea_bdebug(bs->bh, "b_count=%d, refcount=%d",
atomic_read(&(bs->bh->b_count)),
le32_to_cpu(BHDR(bs->bh)->h_refcount));
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 198/267] ext4: fix race between ext4_sync_parent() and rename()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 197/267] ext4: fix error pointer dereference Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 199/267] PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect Greg Kroah-Hartman
` (70 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Biggers, Theodore Tso
From: Eric Biggers <ebiggers@google.com>
commit 08adf452e628b0e2ce9a01048cfbec52353703d7 upstream.
'igrab(d_inode(dentry->d_parent))' without holding dentry->d_lock is
broken because without d_lock, d_parent can be concurrently changed due
to a rename(). Then if the old directory is immediately deleted, old
d_parent->inode can be NULL. That causes a NULL dereference in igrab().
To fix this, use dget_parent() to safely grab a reference to the parent
dentry, which pins the inode. This also eliminates the need to use
d_find_any_alias() other than for the initial inode, as we no longer
throw away the dentry at each step.
This is an extremely hard race to hit, but it is possible. Adding a
udelay() in between the reads of ->d_parent and its ->d_inode makes it
reproducible on a no-journal filesystem using the following program:
#include <fcntl.h>
#include <unistd.h>
int main()
{
if (fork()) {
for (;;) {
mkdir("dir1", 0700);
int fd = open("dir1/file", O_RDWR|O_CREAT|O_SYNC);
write(fd, "X", 1);
close(fd);
}
} else {
mkdir("dir2", 0700);
for (;;) {
rename("dir1/file", "dir2/file");
rmdir("dir1");
}
}
}
Fixes: d59729f4e794 ("ext4: fix races in ext4_sync_parent()")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20200506183140.541194-1-ebiggers@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/fsync.c | 28 +++++++++++++---------------
1 file changed, 13 insertions(+), 15 deletions(-)
--- a/fs/ext4/fsync.c
+++ b/fs/ext4/fsync.c
@@ -44,30 +44,28 @@
*/
static int ext4_sync_parent(struct inode *inode)
{
- struct dentry *dentry = NULL;
- struct inode *next;
+ struct dentry *dentry, *next;
int ret = 0;
if (!ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
return 0;
- inode = igrab(inode);
+ dentry = d_find_any_alias(inode);
+ if (!dentry)
+ return 0;
while (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) {
ext4_clear_inode_state(inode, EXT4_STATE_NEWENTRY);
- dentry = d_find_any_alias(inode);
- if (!dentry)
- break;
- next = igrab(d_inode(dentry->d_parent));
+
+ next = dget_parent(dentry);
dput(dentry);
- if (!next)
- break;
- iput(inode);
- inode = next;
+ dentry = next;
+ inode = dentry->d_inode;
+
/*
* The directory inode may have gone through rmdir by now. But
* the inode itself and its blocks are still allocated (we hold
- * a reference to the inode so it didn't go through
- * ext4_evict_inode()) and so we are safe to flush metadata
- * blocks and the inode.
+ * a reference to the inode via its dentry), so it didn't go
+ * through ext4_evict_inode()) and so we are safe to flush
+ * metadata blocks and the inode.
*/
ret = sync_mapping_buffers(inode->i_mapping);
if (ret)
@@ -76,7 +74,7 @@ static int ext4_sync_parent(struct inode
if (ret)
break;
}
- iput(inode);
+ dput(dentry);
return ret;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 199/267] PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 198/267] ext4: fix race between ext4_sync_parent() and rename() Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 200/267] PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 Greg Kroah-Hartman
` (69 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Bjorn Helgaas, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 68f5fc4ea9ddf9f77720d568144219c4e6452cde ]
Both Pericom OHCI and EHCI devices advertise PME# support from all power
states:
06:00.0 USB controller [0c03]: Pericom Semiconductor PI7C9X442SL USB OHCI Controller [12d8:400e] (rev 01) (prog-if 10 [OHCI])
Subsystem: Pericom Semiconductor PI7C9X442SL USB OHCI Controller [12d8:400e]
Capabilities: [80] Power Management version 3
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
06:00.2 USB controller [0c03]: Pericom Semiconductor PI7C9X442SL USB EHCI Controller [12d8:400f] (rev 01) (prog-if 20 [EHCI])
Subsystem: Pericom Semiconductor PI7C9X442SL USB EHCI Controller [12d8:400f]
Capabilities: [80] Power Management version 3
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
But testing shows that it's unreliable: there is a 20% chance PME# won't be
asserted when a USB device is plugged.
Remove PME support for both devices to make USB plugging work reliably.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=205981
Link: https://lore.kernel.org/r/20200508065343.32751-2-kai.heng.feng@canonical.com
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index ca41cff2e68c..fb061e1bc084 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -5294,6 +5294,19 @@ static void pci_fixup_no_d0_pme(struct pci_dev *dev)
}
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ASMEDIA, 0x2142, pci_fixup_no_d0_pme);
+/*
+ * Device [12d8:0x400e] and [12d8:0x400f]
+ * These devices advertise PME# support in all power states but don't
+ * reliably assert it.
+ */
+static void pci_fixup_no_pme(struct pci_dev *dev)
+{
+ pci_info(dev, "PME# is unreliable, disabling it\n");
+ dev->pme_support = 0;
+}
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_PERICOM, 0x400e, pci_fixup_no_pme);
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_PERICOM, 0x400f, pci_fixup_no_pme);
+
static void apex_pci_fixup_class(struct pci_dev *pdev)
{
pdev->class = (PCI_CLASS_SYSTEM_OTHER << 8) | pdev->class;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 200/267] PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 199/267] PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 201/267] PCI: Avoid FLR for AMD Starship " Greg Kroah-Hartman
` (68 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marcos Scriven, Bjorn Helgaas, Sasha Levin
From: Marcos Scriven <marcos@scriven.org>
[ Upstream commit 0d14f06cd6657ba3446a5eb780672da487b068e7 ]
The AMD Matisse HD Audio & USB 3.0 devices advertise Function Level Reset
support, but hang when an FLR is triggered.
To reproduce the problem, attach the device to a VM, then detach and try to
attach again.
Rename the existing quirk_intel_no_flr(), which was not Intel-specific, to
quirk_no_flr(), and apply it to prevent the use of FLR on these AMD
devices.
Link: https://lore.kernel.org/r/CAAri2DpkcuQZYbT6XsALhx2e6vRqPHwtbjHYeiH7MNp4zmt1RA@mail.gmail.com
Signed-off-by: Marcos Scriven <marcos@scriven.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index fb061e1bc084..7a835c49409e 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4956,13 +4956,23 @@ static void quirk_intel_qat_vf_cap(struct pci_dev *pdev)
}
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x443, quirk_intel_qat_vf_cap);
-/* FLR may cause some 82579 devices to hang */
-static void quirk_intel_no_flr(struct pci_dev *dev)
+/*
+ * FLR may cause the following to devices to hang:
+ *
+ * AMD Starship/Matisse HD Audio Controller 0x1487
+ * AMD Matisse USB 3.0 Host Controller 0x149c
+ * Intel 82579LM Gigabit Ethernet Controller 0x1502
+ * Intel 82579V Gigabit Ethernet Controller 0x1503
+ *
+ */
+static void quirk_no_flr(struct pci_dev *dev)
{
dev->dev_flags |= PCI_DEV_FLAGS_NO_FLR_RESET;
}
-DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1502, quirk_intel_no_flr);
-DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1503, quirk_intel_no_flr);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_AMD, 0x1487, quirk_no_flr);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_AMD, 0x149c, quirk_no_flr);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1502, quirk_no_flr);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1503, quirk_no_flr);
static void quirk_no_ext_tags(struct pci_dev *pdev)
{
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 201/267] PCI: Avoid FLR for AMD Starship USB 3.0
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 200/267] PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 202/267] PCI: Add ACS quirk for iProc PAXB Greg Kroah-Hartman
` (67 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Buettner, Bjorn Helgaas, Sasha Levin
From: Kevin Buettner <kevinb@redhat.com>
[ Upstream commit 5727043c73fdfe04597971b5f3f4850d879c1f4f ]
The AMD Starship USB 3.0 host controller advertises Function Level Reset
support, but it apparently doesn't work. Add a quirk to prevent use of FLR
on this device.
Without this quirk, when attempting to assign (pass through) an AMD
Starship USB 3.0 host controller to a guest OS, the system becomes
increasingly unresponsive over the course of several minutes, eventually
requiring a hard reset. Shortly after attempting to start the guest, I see
these messages:
vfio-pci 0000:05:00.3: not ready 1023ms after FLR; waiting
vfio-pci 0000:05:00.3: not ready 2047ms after FLR; waiting
vfio-pci 0000:05:00.3: not ready 4095ms after FLR; waiting
vfio-pci 0000:05:00.3: not ready 8191ms after FLR; waiting
And then eventually:
vfio-pci 0000:05:00.3: not ready 65535ms after FLR; giving up
INFO: NMI handler (perf_event_nmi_handler) took too long to run: 0.000 msecs
perf: interrupt took too long (642744 > 2500), lowering kernel.perf_event_max_sample_rate to 1000
INFO: NMI handler (perf_event_nmi_handler) took too long to run: 82.270 msecs
INFO: NMI handler (perf_event_nmi_handler) took too long to run: 680.608 msecs
INFO: NMI handler (perf_event_nmi_handler) took too long to run: 100.952 msecs
...
watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [qemu-system-x86:7487]
Tested on a Micro-Star International Co., Ltd. MS-7C59/Creator TRX40
motherboard with an AMD Ryzen Threadripper 3970X.
Link: https://lore.kernel.org/r/20200524003529.598434ff@f31-4.lan
Signed-off-by: Kevin Buettner <kevinb@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 7a835c49409e..92892b1c35fa 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4960,6 +4960,7 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x443, quirk_intel_qat_vf_cap);
* FLR may cause the following to devices to hang:
*
* AMD Starship/Matisse HD Audio Controller 0x1487
+ * AMD Starship USB 3.0 Host Controller 0x148c
* AMD Matisse USB 3.0 Host Controller 0x149c
* Intel 82579LM Gigabit Ethernet Controller 0x1502
* Intel 82579V Gigabit Ethernet Controller 0x1503
@@ -4970,6 +4971,7 @@ static void quirk_no_flr(struct pci_dev *dev)
dev->dev_flags |= PCI_DEV_FLAGS_NO_FLR_RESET;
}
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_AMD, 0x1487, quirk_no_flr);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_AMD, 0x148c, quirk_no_flr);
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_AMD, 0x149c, quirk_no_flr);
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1502, quirk_no_flr);
DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x1503, quirk_no_flr);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 202/267] PCI: Add ACS quirk for iProc PAXB
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 201/267] PCI: Avoid FLR for AMD Starship " Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 203/267] PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints Greg Kroah-Hartman
` (66 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhinav Ratna, Srinath Mannam,
Bjorn Helgaas, Scott Branden, Sasha Levin
From: Abhinav Ratna <abhinav.ratna@broadcom.com>
[ Upstream commit 46b2c32df7a462d0e64b68c513e5c4c1b2a399a7 ]
iProc PAXB Root Ports don't advertise an ACS capability, but they do not
allow peer-to-peer transactions between Root Ports. Add an ACS quirk so
each Root Port can be in a separate IOMMU group.
[bhelgaas: commit log, comment, use common implementation style]
Link: https://lore.kernel.org/r/1566275985-25670-1-git-send-email-srinath.mannam@broadcom.com
Signed-off-by: Abhinav Ratna <abhinav.ratna@broadcom.com>
Signed-off-by: Srinath Mannam <srinath.mannam@broadcom.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Scott Branden <scott.branden@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 92892b1c35fa..013b84880e1d 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4543,6 +4543,19 @@ static int pci_quirk_mf_endpoint_acs(struct pci_dev *dev, u16 acs_flags)
return acs_flags ? 0 : 1;
}
+static int pci_quirk_brcm_acs(struct pci_dev *dev, u16 acs_flags)
+{
+ /*
+ * iProc PAXB Root Ports don't advertise an ACS capability, but
+ * they do not allow peer-to-peer transactions between Root Ports.
+ * Allow each Root Port to be in a separate IOMMU group by masking
+ * SV/RR/CR/UF bits.
+ */
+ acs_flags &= ~(PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
+
+ return acs_flags ? 0 : 1;
+}
+
static const struct pci_dev_acs_enabled {
u16 vendor;
u16 device;
@@ -4634,6 +4647,7 @@ static const struct pci_dev_acs_enabled {
{ PCI_VENDOR_ID_AMPERE, 0xE00A, pci_quirk_xgene_acs },
{ PCI_VENDOR_ID_AMPERE, 0xE00B, pci_quirk_xgene_acs },
{ PCI_VENDOR_ID_AMPERE, 0xE00C, pci_quirk_xgene_acs },
+ { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs },
{ 0 }
};
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 203/267] PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 202/267] PCI: Add ACS quirk for iProc PAXB Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 204/267] PCI: Remove unused NFP32xx IDs Greg Kroah-Hartman
` (65 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrel Goeddel, Ashok Raj,
Bjorn Helgaas, Alex Williamson, Lu Baolu, Romil Sharma,
Sasha Levin, Mark Scott
From: Ashok Raj <ashok.raj@intel.com>
[ Upstream commit 3247bd10a4502a3075ce8e1c3c7d31ef76f193ce ]
All Intel platforms guarantee that all root complex implementations must
send transactions up to IOMMU for address translations. Hence for Intel
RCiEP devices, we can assume some ACS-type isolation even without an ACS
capability.
>From the Intel VT-d spec, r3.1, sec 3.16 ("Root-Complex Peer to Peer
Considerations"):
When DMA remapping is enabled, peer-to-peer requests through the
Root-Complex must be handled as follows:
- The input address in the request is translated (through first-level,
second-level or nested translation) to a host physical address (HPA).
The address decoding for peer addresses must be done only on the
translated HPA. Hardware implementations are free to further limit
peer-to-peer accesses to specific host physical address regions (or
to completely disallow peer-forwarding of translated requests).
- Since address translation changes the contents (address field) of
the PCI Express Transaction Layer Packet (TLP), for PCI Express
peer-to-peer requests with ECRC, the Root-Complex hardware must use
the new ECRC (re-computed with the translated address) if it
decides to forward the TLP as a peer request.
- Root-ports, and multi-function root-complex integrated endpoints, may
support additional peer-to-peer control features by supporting PCI
Express Access Control Services (ACS) capability. Refer to ACS
capability in PCI Express specifications for details.
Since Linux didn't give special treatment to allow this exception, certain
RCiEP MFD devices were grouped in a single IOMMU group. This doesn't permit
a single device to be assigned to a guest for instance.
In one vendor system: Device 14.x were grouped in a single IOMMU group.
/sys/kernel/iommu_groups/5/devices/0000:00:14.0
/sys/kernel/iommu_groups/5/devices/0000:00:14.2
/sys/kernel/iommu_groups/5/devices/0000:00:14.3
After this patch:
/sys/kernel/iommu_groups/5/devices/0000:00:14.0
/sys/kernel/iommu_groups/5/devices/0000:00:14.2
/sys/kernel/iommu_groups/6/devices/0000:00:14.3 <<< new group
14.0 and 14.2 are integrated devices, but legacy end points, whereas 14.3
was a PCIe-compliant RCiEP.
00:14.3 Network controller: Intel Corporation Device 9df0 (rev 30)
Capabilities: [40] Express (v2) Root Complex Integrated Endpoint, MSI 00
This permits assigning this device to a guest VM.
[bhelgaas: drop "Fixes" tag since this doesn't fix a bug in that commit]
Link: https://lore.kernel.org/r/1590699462-7131-1-git-send-email-ashok.raj@intel.com
Tested-by: Darrel Goeddel <dgoeddel@forcepoint.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Cc: stable@vger.kernel.org
Cc: Lu Baolu <baolu.lu@linux.intel.com>
Cc: Mark Scott <mscott@forcepoint.com>,
Cc: Romil Sharma <rsharma@forcepoint.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 013b84880e1d..d6236bb26950 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4543,6 +4543,20 @@ static int pci_quirk_mf_endpoint_acs(struct pci_dev *dev, u16 acs_flags)
return acs_flags ? 0 : 1;
}
+static int pci_quirk_rciep_acs(struct pci_dev *dev, u16 acs_flags)
+{
+ /*
+ * Intel RCiEP's are required to allow p2p only on translated
+ * addresses. Refer to Intel VT-d specification, r3.1, sec 3.16,
+ * "Root-Complex Peer to Peer Considerations".
+ */
+ if (pci_pcie_type(dev) != PCI_EXP_TYPE_RC_END)
+ return -ENOTTY;
+
+ return pci_acs_ctrl_enabled(acs_flags,
+ PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
+}
+
static int pci_quirk_brcm_acs(struct pci_dev *dev, u16 acs_flags)
{
/*
@@ -4626,6 +4640,7 @@ static const struct pci_dev_acs_enabled {
/* I219 */
{ PCI_VENDOR_ID_INTEL, 0x15b7, pci_quirk_mf_endpoint_acs },
{ PCI_VENDOR_ID_INTEL, 0x15b8, pci_quirk_mf_endpoint_acs },
+ { PCI_VENDOR_ID_INTEL, PCI_ANY_ID, pci_quirk_rciep_acs },
/* QCOM QDF2xxx root ports */
{ PCI_VENDOR_ID_QCOM, 0x0400, pci_quirk_qcom_rp_acs },
{ PCI_VENDOR_ID_QCOM, 0x0401, pci_quirk_qcom_rp_acs },
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 204/267] PCI: Remove unused NFP32xx IDs
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 203/267] PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 205/267] pci:ipmi: Move IPMI PCI class id defines to pci_ids.h Greg Kroah-Hartman
` (64 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, Bjorn Helgaas, Sasha Levin
From: Jakub Kicinski <jakub.kicinski@netronome.com>
[ Upstream commit 1ccce46c5e8b8a0d2606fb8bb72bff069ffdc3ab ]
Defines for NFP32xx are no longer used anywhere, remove them.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/pci_ids.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index d157983b84cf..f4e278493f5b 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2539,8 +2539,6 @@
#define PCI_VENDOR_ID_HUAWEI 0x19e5
#define PCI_VENDOR_ID_NETRONOME 0x19ee
-#define PCI_DEVICE_ID_NETRONOME_NFP3200 0x3200
-#define PCI_DEVICE_ID_NETRONOME_NFP3240 0x3240
#define PCI_DEVICE_ID_NETRONOME_NFP4000 0x4000
#define PCI_DEVICE_ID_NETRONOME_NFP5000 0x5000
#define PCI_DEVICE_ID_NETRONOME_NFP6000 0x6000
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 205/267] pci:ipmi: Move IPMI PCI class id defines to pci_ids.h
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 204/267] PCI: Remove unused NFP32xx IDs Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 206/267] hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs Greg Kroah-Hartman
` (63 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corey Minyard, Bjorn Helgaas, Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 05c3d056086a6217a77937b7fa0df35ec75715e6 ]
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_si_pci.c | 5 -----
include/linux/pci_ids.h | 4 ++++
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_si_pci.c b/drivers/char/ipmi/ipmi_si_pci.c
index 022e03634ce2..9e9700b1a8e6 100644
--- a/drivers/char/ipmi/ipmi_si_pci.c
+++ b/drivers/char/ipmi/ipmi_si_pci.c
@@ -18,11 +18,6 @@ module_param_named(trypci, si_trypci, bool, 0);
MODULE_PARM_DESC(trypci, "Setting this to zero will disable the"
" default scan of the interfaces identified via pci");
-#define PCI_CLASS_SERIAL_IPMI 0x0c07
-#define PCI_CLASS_SERIAL_IPMI_SMIC 0x0c0700
-#define PCI_CLASS_SERIAL_IPMI_KCS 0x0c0701
-#define PCI_CLASS_SERIAL_IPMI_BT 0x0c0702
-
#define PCI_DEVICE_ID_HP_MMC 0x121A
static void ipmi_pci_cleanup(struct si_sm_io *io)
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index f4e278493f5b..861ee391dc33 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -117,6 +117,10 @@
#define PCI_CLASS_SERIAL_USB_DEVICE 0x0c03fe
#define PCI_CLASS_SERIAL_FIBER 0x0c04
#define PCI_CLASS_SERIAL_SMBUS 0x0c05
+#define PCI_CLASS_SERIAL_IPMI 0x0c07
+#define PCI_CLASS_SERIAL_IPMI_SMIC 0x0c0700
+#define PCI_CLASS_SERIAL_IPMI_KCS 0x0c0701
+#define PCI_CLASS_SERIAL_IPMI_BT 0x0c0702
#define PCI_BASE_CLASS_WIRELESS 0x0d
#define PCI_CLASS_WIRELESS_RF_CONTROLLER 0x0d10
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 206/267] hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 205/267] pci:ipmi: Move IPMI PCI class id defines to pci_ids.h Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 207/267] x86/amd_nb: Add PCI device IDs for family 17h, model 30h Greg Kroah-Hartman
` (62 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Woods, Borislav Petkov,
Guenter Roeck, Bjorn Helgaas, Clemens Ladisch, H. Peter Anvin,
Ingo Molnar, Jean Delvare, Jia Zhang, linux-hwmon, linux-pci,
Pu Wen, Thomas Gleixner, x86-ml, Sasha Levin
From: Woods, Brian <Brian.Woods@amd.com>
[ Upstream commit dedf7dce4cec5c0abe69f4fa6938d5100398220b ]
Consolidate shared PCI_DEVICE_IDs that were scattered through k10temp
and amd_nb, and move them into pci_ids.
Signed-off-by: Brian Woods <brian.woods@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Guenter Roeck <linux@roeck-us.net>
CC: Bjorn Helgaas <bhelgaas@google.com>
CC: Clemens Ladisch <clemens@ladisch.de>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Ingo Molnar <mingo@redhat.com>
CC: Jean Delvare <jdelvare@suse.com>
CC: Jia Zhang <qianyue.zj@alibaba-inc.com>
CC: <linux-hwmon@vger.kernel.org>
CC: <linux-pci@vger.kernel.org>
CC: Pu Wen <puwen@hygon.cn>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: x86-ml <x86@kernel.org>
Link: http://lkml.kernel.org/r/20181106200754.60722-2-brian.woods@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/amd_nb.c | 3 +--
drivers/hwmon/k10temp.c | 9 +--------
include/linux/pci_ids.h | 2 ++
3 files changed, 4 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index b481b95bd8f6..bf440af5ff9c 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -11,13 +11,12 @@
#include <linux/errno.h>
#include <linux/export.h>
#include <linux/spinlock.h>
+#include <linux/pci_ids.h>
#include <asm/amd_nb.h>
#define PCI_DEVICE_ID_AMD_17H_ROOT 0x1450
#define PCI_DEVICE_ID_AMD_17H_M10H_ROOT 0x15d0
-#define PCI_DEVICE_ID_AMD_17H_DF_F3 0x1463
#define PCI_DEVICE_ID_AMD_17H_DF_F4 0x1464
-#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F3 0x15eb
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F4 0x15ec
/* Protect the PCI config register pairs used for SMN and DF indirect access. */
diff --git a/drivers/hwmon/k10temp.c b/drivers/hwmon/k10temp.c
index 2cef0c37ff6f..bc6871c8dd4e 100644
--- a/drivers/hwmon/k10temp.c
+++ b/drivers/hwmon/k10temp.c
@@ -23,6 +23,7 @@
#include <linux/init.h>
#include <linux/module.h>
#include <linux/pci.h>
+#include <linux/pci_ids.h>
#include <asm/amd_nb.h>
#include <asm/processor.h>
@@ -41,14 +42,6 @@ static DEFINE_MUTEX(nb_smu_ind_mutex);
#define PCI_DEVICE_ID_AMD_15H_M70H_NB_F3 0x15b3
#endif
-#ifndef PCI_DEVICE_ID_AMD_17H_DF_F3
-#define PCI_DEVICE_ID_AMD_17H_DF_F3 0x1463
-#endif
-
-#ifndef PCI_DEVICE_ID_AMD_17H_M10H_DF_F3
-#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F3 0x15eb
-#endif
-
/* CPUID function 0x80000001, ebx */
#define CPUID_PKGTYPE_MASK 0xf0000000
#define CPUID_PKGTYPE_F 0x00000000
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 861ee391dc33..857cfd6281a0 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -545,6 +545,8 @@
#define PCI_DEVICE_ID_AMD_16H_NB_F4 0x1534
#define PCI_DEVICE_ID_AMD_16H_M30H_NB_F3 0x1583
#define PCI_DEVICE_ID_AMD_16H_M30H_NB_F4 0x1584
+#define PCI_DEVICE_ID_AMD_17H_DF_F3 0x1463
+#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F3 0x15eb
#define PCI_DEVICE_ID_AMD_CNB17H_F3 0x1703
#define PCI_DEVICE_ID_AMD_LANCE 0x2000
#define PCI_DEVICE_ID_AMD_LANCE_HOME 0x2001
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 207/267] x86/amd_nb: Add PCI device IDs for family 17h, model 30h
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 206/267] hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 208/267] PCI: add USR vendor id and use it in r8169 and w6692 driver Greg Kroah-Hartman
` (61 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Woods, Borislav Petkov,
Bjorn Helgaas, Clemens Ladisch, Guenter Roeck, H. Peter Anvin,
Ingo Molnar, Jean Delvare, Jia Zhang, linux-hwmon, linux-pci,
Pu Wen, Thomas Gleixner, x86-ml, Sasha Levin
From: Woods, Brian <Brian.Woods@amd.com>
[ Upstream commit be3518a16ef270e3b030a6ae96055f83f51bd3dd ]
Add the PCI device IDs for family 17h model 30h, since they are needed
for accessing various registers via the data fabric/SMN interface.
Signed-off-by: Brian Woods <brian.woods@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
CC: Bjorn Helgaas <bhelgaas@google.com>
CC: Clemens Ladisch <clemens@ladisch.de>
CC: Guenter Roeck <linux@roeck-us.net>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Ingo Molnar <mingo@redhat.com>
CC: Jean Delvare <jdelvare@suse.com>
CC: Jia Zhang <qianyue.zj@alibaba-inc.com>
CC: <linux-hwmon@vger.kernel.org>
CC: <linux-pci@vger.kernel.org>
CC: Pu Wen <puwen@hygon.cn>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: x86-ml <x86@kernel.org>
Link: http://lkml.kernel.org/r/20181106200754.60722-4-brian.woods@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/amd_nb.c | 6 ++++++
include/linux/pci_ids.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index bf440af5ff9c..b95db8ce83bf 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -16,8 +16,10 @@
#define PCI_DEVICE_ID_AMD_17H_ROOT 0x1450
#define PCI_DEVICE_ID_AMD_17H_M10H_ROOT 0x15d0
+#define PCI_DEVICE_ID_AMD_17H_M30H_ROOT 0x1480
#define PCI_DEVICE_ID_AMD_17H_DF_F4 0x1464
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F4 0x15ec
+#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F4 0x1494
/* Protect the PCI config register pairs used for SMN and DF indirect access. */
static DEFINE_MUTEX(smn_mutex);
@@ -27,9 +29,11 @@ static u32 *flush_words;
static const struct pci_device_id amd_root_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_ROOT) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_ROOT) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_ROOT) },
{}
};
+
#define PCI_DEVICE_ID_AMD_CNB17H_F4 0x1704
const struct pci_device_id amd_nb_misc_ids[] = {
@@ -43,6 +47,7 @@ const struct pci_device_id amd_nb_misc_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_M30H_NB_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_DF_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F3) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F3) },
{}
};
@@ -56,6 +61,7 @@ static const struct pci_device_id amd_nb_link_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_M30H_NB_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F4) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F4) },
{}
};
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 857cfd6281a0..81c7af243a31 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -547,6 +547,7 @@
#define PCI_DEVICE_ID_AMD_16H_M30H_NB_F4 0x1584
#define PCI_DEVICE_ID_AMD_17H_DF_F3 0x1463
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F3 0x15eb
+#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F3 0x1493
#define PCI_DEVICE_ID_AMD_CNB17H_F3 0x1703
#define PCI_DEVICE_ID_AMD_LANCE 0x2000
#define PCI_DEVICE_ID_AMD_LANCE_HOME 0x2001
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 208/267] PCI: add USR vendor id and use it in r8169 and w6692 driver
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 207/267] x86/amd_nb: Add PCI device IDs for family 17h, model 30h Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 209/267] PCI: Move Synopsys HAPS platform device IDs Greg Kroah-Hartman
` (60 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, David S. Miller,
Sasha Levin
From: Heiner Kallweit <hkallweit1@gmail.com>
[ Upstream commit 9206eb0bc5679d06d2f54b9db86fe2b9a55e07e4 ]
The PCI vendor id of U.S. Robotics isn't defined in pci_ids.h so far,
only ISDN driver w6692 has a private definition. Move the definition
to pci_ids.h and use it in the r8169 driver too.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/hardware/mISDN/w6692.c | 3 ---
drivers/net/ethernet/realtek/r8169.c | 2 +-
include/linux/pci_ids.h | 2 ++
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/isdn/hardware/mISDN/w6692.c b/drivers/isdn/hardware/mISDN/w6692.c
index 5acf6ab67cd3..6f60aced11c5 100644
--- a/drivers/isdn/hardware/mISDN/w6692.c
+++ b/drivers/isdn/hardware/mISDN/w6692.c
@@ -52,10 +52,7 @@ static const struct w6692map w6692_map[] =
{W6692_USR, "USR W6692"}
};
-#ifndef PCI_VENDOR_ID_USR
-#define PCI_VENDOR_ID_USR 0x16ec
#define PCI_DEVICE_ID_USR_6692 0x3409
-#endif
struct w6692_ch {
struct bchannel bch;
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
index 807ef43a3cda..6df404e3dd27 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -229,7 +229,7 @@ static const struct pci_device_id rtl8169_pci_tbl[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_DLINK, 0x4300), 0, 0, RTL_CFG_0 },
{ PCI_DEVICE(PCI_VENDOR_ID_DLINK, 0x4302), 0, 0, RTL_CFG_0 },
{ PCI_DEVICE(PCI_VENDOR_ID_AT, 0xc107), 0, 0, RTL_CFG_0 },
- { PCI_DEVICE(0x16ec, 0x0116), 0, 0, RTL_CFG_0 },
+ { PCI_DEVICE(PCI_VENDOR_ID_USR, 0x0116), 0, 0, RTL_CFG_0 },
{ PCI_VENDOR_ID_LINKSYS, 0x1032,
PCI_ANY_ID, 0x0024, 0, 0, RTL_CFG_0 },
{ 0x0001, 0x8168,
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 81c7af243a31..2792bca03088 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2362,6 +2362,8 @@
#define PCI_VENDOR_ID_SYNOPSYS 0x16c3
+#define PCI_VENDOR_ID_USR 0x16ec
+
#define PCI_VENDOR_ID_VITESSE 0x1725
#define PCI_DEVICE_ID_VITESSE_VSC7174 0x7174
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 209/267] PCI: Move Synopsys HAPS platform device IDs
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 208/267] PCI: add USR vendor id and use it in r8169 and w6692 driver Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 210/267] PCI: Move Rohm Vendor ID to generic list Greg Kroah-Hartman
` (59 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Bjorn Helgaas,
Felipe Balbi, Sasha Levin
From: Thinh Nguyen <thinh.nguyen@synopsys.com>
[ Upstream commit b6061b1e566d70c7686d194a6c47dc6ffa665c77 ]
Move Synopsys HAPS platform device IDs to pci_ids.h so that both
drivers/pci/quirks.c and dwc3-haps driver can reference these IDs.
Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/dwc3-haps.c | 4 ----
include/linux/pci_ids.h | 3 +++
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/dwc3/dwc3-haps.c b/drivers/usb/dwc3/dwc3-haps.c
index c9cc33881bef..02d57d98ef9b 100644
--- a/drivers/usb/dwc3/dwc3-haps.c
+++ b/drivers/usb/dwc3/dwc3-haps.c
@@ -15,10 +15,6 @@
#include <linux/platform_device.h>
#include <linux/property.h>
-#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 0xabcd
-#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI 0xabce
-#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31 0xabcf
-
/**
* struct dwc3_haps - Driver private structure
* @dwc3: child dwc3 platform_device
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 2792bca03088..05705d0b5689 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2361,6 +2361,9 @@
#define PCI_DEVICE_ID_CENATEK_IDE 0x0001
#define PCI_VENDOR_ID_SYNOPSYS 0x16c3
+#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 0xabcd
+#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI 0xabce
+#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31 0xabcf
#define PCI_VENDOR_ID_USR 0x16ec
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 210/267] PCI: Move Rohm Vendor ID to generic list
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 209/267] PCI: Move Synopsys HAPS platform device IDs Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 211/267] misc: pci_endpoint_test: Add the layerscape EP device support Greg Kroah-Hartman
` (58 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Bjorn Helgaas,
Mark Brown, Linus Walleij, Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 0ce26a1c31ca928df4dfc7504c8898b71ff9f5d5 ]
Move the Rohm Vendor ID to pci_ids.h instead of defining it in several
drivers.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Mark Brown <broonie@kernel.org>
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/pch_dma.c | 1 -
drivers/gpio/gpio-ml-ioh.c | 2 --
drivers/gpio/gpio-pch.c | 1 -
drivers/i2c/busses/i2c-eg20t.c | 1 -
drivers/misc/pch_phub.c | 1 -
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 7 ++-----
drivers/spi/spi-topcliff-pch.c | 1 -
drivers/tty/serial/pch_uart.c | 2 --
drivers/usb/gadget/udc/pch_udc.c | 1 -
include/linux/pci_ids.h | 2 ++
10 files changed, 4 insertions(+), 15 deletions(-)
diff --git a/drivers/dma/pch_dma.c b/drivers/dma/pch_dma.c
index 6e91584c3677..47c6e3ceac4d 100644
--- a/drivers/dma/pch_dma.c
+++ b/drivers/dma/pch_dma.c
@@ -972,7 +972,6 @@ static void pch_dma_remove(struct pci_dev *pdev)
}
/* PCI Device ID of DMA device */
-#define PCI_VENDOR_ID_ROHM 0x10DB
#define PCI_DEVICE_ID_EG20T_PCH_DMA_8CH 0x8810
#define PCI_DEVICE_ID_EG20T_PCH_DMA_4CH 0x8815
#define PCI_DEVICE_ID_ML7213_DMA1_8CH 0x8026
diff --git a/drivers/gpio/gpio-ml-ioh.c b/drivers/gpio/gpio-ml-ioh.c
index 51c7d1b84c2e..0c076dce9e17 100644
--- a/drivers/gpio/gpio-ml-ioh.c
+++ b/drivers/gpio/gpio-ml-ioh.c
@@ -31,8 +31,6 @@
#define IOH_IRQ_BASE 0
-#define PCI_VENDOR_ID_ROHM 0x10DB
-
struct ioh_reg_comn {
u32 ien;
u32 istatus;
diff --git a/drivers/gpio/gpio-pch.c b/drivers/gpio/gpio-pch.c
index ffce0ab912ed..8c7f3d20e30e 100644
--- a/drivers/gpio/gpio-pch.c
+++ b/drivers/gpio/gpio-pch.c
@@ -524,7 +524,6 @@ static int pch_gpio_resume(struct pci_dev *pdev)
#define pch_gpio_resume NULL
#endif
-#define PCI_VENDOR_ID_ROHM 0x10DB
static const struct pci_device_id pch_gpio_pcidev_id[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x8803) },
{ PCI_DEVICE(PCI_VENDOR_ID_ROHM, 0x8014) },
diff --git a/drivers/i2c/busses/i2c-eg20t.c b/drivers/i2c/busses/i2c-eg20t.c
index 835d54ac2971..231675b10376 100644
--- a/drivers/i2c/busses/i2c-eg20t.c
+++ b/drivers/i2c/busses/i2c-eg20t.c
@@ -177,7 +177,6 @@ static wait_queue_head_t pch_event;
static DEFINE_MUTEX(pch_mutex);
/* Definition for ML7213 by LAPIS Semiconductor */
-#define PCI_VENDOR_ID_ROHM 0x10DB
#define PCI_DEVICE_ID_ML7213_I2C 0x802D
#define PCI_DEVICE_ID_ML7223_I2C 0x8010
#define PCI_DEVICE_ID_ML7831_I2C 0x8817
diff --git a/drivers/misc/pch_phub.c b/drivers/misc/pch_phub.c
index 540845651b8c..309703e9c42e 100644
--- a/drivers/misc/pch_phub.c
+++ b/drivers/misc/pch_phub.c
@@ -64,7 +64,6 @@
#define CLKCFG_UARTCLKSEL (1 << 18)
/* Macros for ML7213 */
-#define PCI_VENDOR_ID_ROHM 0x10db
#define PCI_DEVICE_ID_ROHM_ML7213_PHUB 0x801A
/* Macros for ML7223 */
diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
index 43c0c10dfeb7..3a4225837049 100644
--- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
+++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
@@ -27,7 +27,6 @@
#define DRV_VERSION "1.01"
const char pch_driver_version[] = DRV_VERSION;
-#define PCI_DEVICE_ID_INTEL_IOH1_GBE 0x8802 /* Pci device ID */
#define PCH_GBE_MAR_ENTRIES 16
#define PCH_GBE_SHORT_PKT 64
#define DSC_INIT16 0xC000
@@ -37,11 +36,9 @@ const char pch_driver_version[] = DRV_VERSION;
#define PCH_GBE_PCI_BAR 1
#define PCH_GBE_RESERVE_MEMORY 0x200000 /* 2MB */
-/* Macros for ML7223 */
-#define PCI_VENDOR_ID_ROHM 0x10db
-#define PCI_DEVICE_ID_ROHM_ML7223_GBE 0x8013
+#define PCI_DEVICE_ID_INTEL_IOH1_GBE 0x8802
-/* Macros for ML7831 */
+#define PCI_DEVICE_ID_ROHM_ML7223_GBE 0x8013
#define PCI_DEVICE_ID_ROHM_ML7831_GBE 0x8802
#define PCH_GBE_TX_WEIGHT 64
diff --git a/drivers/spi/spi-topcliff-pch.c b/drivers/spi/spi-topcliff-pch.c
index fa730a871d25..8a5966963834 100644
--- a/drivers/spi/spi-topcliff-pch.c
+++ b/drivers/spi/spi-topcliff-pch.c
@@ -92,7 +92,6 @@
#define PCH_MAX_SPBR 1023
/* Definition for ML7213/ML7223/ML7831 by LAPIS Semiconductor */
-#define PCI_VENDOR_ID_ROHM 0x10DB
#define PCI_DEVICE_ID_ML7213_SPI 0x802c
#define PCI_DEVICE_ID_ML7223_SPI 0x800F
#define PCI_DEVICE_ID_ML7831_SPI 0x8816
diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c
index 3245cdbf9116..e5ff30544bd0 100644
--- a/drivers/tty/serial/pch_uart.c
+++ b/drivers/tty/serial/pch_uart.c
@@ -192,8 +192,6 @@ enum {
#define PCH_UART_HAL_LOOP (PCH_UART_MCR_LOOP)
#define PCH_UART_HAL_AFE (PCH_UART_MCR_AFE)
-#define PCI_VENDOR_ID_ROHM 0x10DB
-
#define BOTH_EMPTY (UART_LSR_TEMT | UART_LSR_THRE)
#define DEFAULT_UARTCLK 1843200 /* 1.8432 MHz */
diff --git a/drivers/usb/gadget/udc/pch_udc.c b/drivers/usb/gadget/udc/pch_udc.c
index 991184b8bb41..667011c99372 100644
--- a/drivers/usb/gadget/udc/pch_udc.c
+++ b/drivers/usb/gadget/udc/pch_udc.c
@@ -368,7 +368,6 @@ struct pch_udc_dev {
#define PCI_DEVICE_ID_INTEL_QUARK_X1000_UDC 0x0939
#define PCI_DEVICE_ID_INTEL_EG20T_UDC 0x8808
-#define PCI_VENDOR_ID_ROHM 0x10DB
#define PCI_DEVICE_ID_ML7213_IOH_UDC 0x801D
#define PCI_DEVICE_ID_ML7831_IOH_UDC 0x8808
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 05705d0b5689..5c395f52d681 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1140,6 +1140,8 @@
#define PCI_VENDOR_ID_TCONRAD 0x10da
#define PCI_DEVICE_ID_TCONRAD_TOKENRING 0x0508
+#define PCI_VENDOR_ID_ROHM 0x10db
+
#define PCI_VENDOR_ID_NVIDIA 0x10de
#define PCI_DEVICE_ID_NVIDIA_TNT 0x0020
#define PCI_DEVICE_ID_NVIDIA_TNT2 0x0028
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 211/267] misc: pci_endpoint_test: Add the layerscape EP device support
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 210/267] PCI: Move Rohm Vendor ID to generic list Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 212/267] misc: pci_endpoint_test: Add support to test PCI EP in AM654x Greg Kroah-Hartman
` (57 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaowei Bao, Lorenzo Pieralisi,
Minghuan Lian, Zhiqiang Hou, Sasha Levin
From: Xiaowei Bao <xiaowei.bao@nxp.com>
[ Upstream commit 85cef374d0ba93b8a2bd24850b97c1b34c666ccb ]
Add the layerscape EP device support in pci_endpoint_test driver.
Signed-off-by: Xiaowei Bao <xiaowei.bao@nxp.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Minghuan Lian <minghuan.lian@nxp.com>
Reviewed-by: Zhiqiang Hou <zhiqiang.hou@nxp.com>
Reviewed-by: Greg KH <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/pci_endpoint_test.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
index 727dc6ec427d..2b3d61d565f0 100644
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -795,6 +795,7 @@ static void pci_endpoint_test_remove(struct pci_dev *pdev)
static const struct pci_device_id pci_endpoint_test_tbl[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_DRA74x) },
{ PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_DRA72x) },
+ { PCI_DEVICE(PCI_VENDOR_ID_FREESCALE, 0x81c0) },
{ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS, 0xedda) },
{ }
};
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 212/267] misc: pci_endpoint_test: Add support to test PCI EP in AM654x
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 211/267] misc: pci_endpoint_test: Add the layerscape EP device support Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 213/267] PCI: Add Synopsys endpoint EDDA Device ID Greg Kroah-Hartman
` (56 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kishon Vijay Abraham I,
Lorenzo Pieralisi, Sasha Levin
From: Kishon Vijay Abraham I <kishon@ti.com>
[ Upstream commit 5bb04b19230c02cc1b450b029856cbe093e09908 ]
TI's AM654x PCIe EP has a restriction that BAR_0 is mapped to
application registers. "PCIe Inbound Address Translation" section in
AM65x Sitara Processors TRM (SPRUID7 – April 2018) describes BAR0 as
reserved.
Configure pci_endpoint_test to use BAR_2 instead.
Also set alignment to 64K since "PCIe Subsystem Address Translation"
section in TRM indicates minimum ATU window size is 64K.
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/pci_endpoint_test.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
index 2b3d61d565f0..2c472f9cc135 100644
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -75,6 +75,11 @@
#define PCI_ENDPOINT_TEST_IRQ_TYPE 0x24
#define PCI_ENDPOINT_TEST_IRQ_NUMBER 0x28
+#define PCI_DEVICE_ID_TI_AM654 0xb00c
+
+#define is_am654_pci_dev(pdev) \
+ ((pdev)->device == PCI_DEVICE_ID_TI_AM654)
+
static DEFINE_IDA(pci_endpoint_test_ida);
#define to_endpoint_test(priv) container_of((priv), struct pci_endpoint_test, \
@@ -593,6 +598,7 @@ static long pci_endpoint_test_ioctl(struct file *file, unsigned int cmd,
int ret = -EINVAL;
enum pci_barno bar;
struct pci_endpoint_test *test = to_endpoint_test(file->private_data);
+ struct pci_dev *pdev = test->pdev;
mutex_lock(&test->mutex);
switch (cmd) {
@@ -600,6 +606,8 @@ static long pci_endpoint_test_ioctl(struct file *file, unsigned int cmd,
bar = arg;
if (bar < 0 || bar > 5)
goto ret;
+ if (is_am654_pci_dev(pdev) && bar == BAR_0)
+ goto ret;
ret = pci_endpoint_test_bar(test, bar);
break;
case PCITEST_LEGACY_IRQ:
@@ -792,11 +800,20 @@ static void pci_endpoint_test_remove(struct pci_dev *pdev)
pci_disable_device(pdev);
}
+static const struct pci_endpoint_test_data am654_data = {
+ .test_reg_bar = BAR_2,
+ .alignment = SZ_64K,
+ .irq_type = IRQ_TYPE_MSI,
+};
+
static const struct pci_device_id pci_endpoint_test_tbl[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_DRA74x) },
{ PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_DRA72x) },
{ PCI_DEVICE(PCI_VENDOR_ID_FREESCALE, 0x81c0) },
{ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS, 0xedda) },
+ { PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_AM654),
+ .driver_data = (kernel_ulong_t)&am654_data
+ },
{ }
};
MODULE_DEVICE_TABLE(pci, pci_endpoint_test_tbl);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 213/267] PCI: Add Synopsys endpoint EDDA Device ID
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 212/267] misc: pci_endpoint_test: Add support to test PCI EP in AM654x Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 214/267] PCI: Add NVIDIA GPU multi-function power dependencies Greg Kroah-Hartman
` (55 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo Pimentel, Bjorn Helgaas,
Kishon Vijay Abraham I, Lorenzo Pieralisi, Joao Pinto,
Vinod Koul, Sasha Levin
From: Gustavo Pimentel <Gustavo.Pimentel@synopsys.com>
[ Upstream commit 1f418f46503d72594bbe6407d97fd2ae1ce15ee6 ]
Create and add Synopsys Endpoint EDDA Device ID to PCI ID list, since
this ID is now being use on two different drivers (pci_endpoint_test.ko
and dw-edma-pcie.ko).
Signed-off-by: Gustavo Pimentel <gustavo.pimentel@synopsys.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Kishon Vijay Abraham I <kishon@ti.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Joao Pinto <jpinto@synopsys.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/pci_endpoint_test.c | 2 +-
include/linux/pci_ids.h | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/pci_endpoint_test.c b/drivers/misc/pci_endpoint_test.c
index 2c472f9cc135..7d166f57f624 100644
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -810,7 +810,7 @@ static const struct pci_device_id pci_endpoint_test_tbl[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_DRA74x) },
{ PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_DRA72x) },
{ PCI_DEVICE(PCI_VENDOR_ID_FREESCALE, 0x81c0) },
- { PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS, 0xedda) },
+ { PCI_DEVICE_DATA(SYNOPSYS, EDDA, NULL) },
{ PCI_DEVICE(PCI_VENDOR_ID_TI, PCI_DEVICE_ID_TI_AM654),
.driver_data = (kernel_ulong_t)&am654_data
},
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 5c395f52d681..47833d8f8928 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2366,6 +2366,7 @@
#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 0xabcd
#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI 0xabce
#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31 0xabcf
+#define PCI_DEVICE_ID_SYNOPSYS_EDDA 0xedda
#define PCI_VENDOR_ID_USR 0x16ec
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 214/267] PCI: Add NVIDIA GPU multi-function power dependencies
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 213/267] PCI: Add Synopsys endpoint EDDA Device ID Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 215/267] PCI: Enable NVIDIA HDA controllers Greg Kroah-Hartman
` (54 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhishek Sahu, Bjorn Helgaas, Sasha Levin
From: Abhishek Sahu <abhsahu@nvidia.com>
[ Upstream commit 6d2e369f0d4c3e6125c886847c04106b03d2609e ]
The NVIDIA Turing GPU is a multi-function PCI device with the following
functions:
- Function 0: VGA display controller
- Function 1: Audio controller
- Function 2: USB xHCI Host controller
- Function 3: USB Type-C UCSI controller
Function 0 is tightly coupled with other functions in the hardware. When
function 0 is in D3, it gates power for hardware blocks used by other
functions, which means those functions only work when function 0 is in D0.
If any of these functions (1/2/3) are in D0, then function 0 should also be
in D0.
Commit 07f4f97d7b4b ("vga_switcheroo: Use device link for HDA controller")
already creates a device link to show the dependency of function 1 on
function 0 of this GPU. Create additional device links to express the
dependencies of functions 2 and 3 on function 0. This means function 0
will be in D0 if any other function is in D0.
[bhelgaas: I think the PCI spec expectation is that functions can be
power-managed independently, so I don't think this device is technically
compliant. For example, the PCIe r5.0 spec, sec 1.4, says "the PCI/PCIe
hardware/software model includes architectural constructs necessary to
discover, configure, and use a Function, without needing Function-specific
knowledge" and sec 5.1 says "D states are associated with a particular
Function" and "PM provides ... a mechanism to identify power management
capabilities of a given Function [and] the ability to transition a Function
into a certain power management state."]
Link: https://lore.kernel.org/lkml/20190606092225.17960-3-abhsahu@nvidia.com
Signed-off-by: Abhishek Sahu <abhsahu@nvidia.com>
[bhelgaas: commit log]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index d6236bb26950..8ac2d5a4a224 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -5094,6 +5094,32 @@ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_AMD, PCI_ANY_ID,
DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
PCI_CLASS_MULTIMEDIA_HD_AUDIO, 8, quirk_gpu_hda);
+/*
+ * Create device link for NVIDIA GPU with integrated USB xHCI Host
+ * controller to VGA.
+ */
+static void quirk_gpu_usb(struct pci_dev *usb)
+{
+ pci_create_device_link(usb, 2, 0, PCI_BASE_CLASS_DISPLAY, 16);
+}
+DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
+ PCI_CLASS_SERIAL_USB, 8, quirk_gpu_usb);
+
+/*
+ * Create device link for NVIDIA GPU with integrated Type-C UCSI controller
+ * to VGA. Currently there is no class code defined for UCSI device over PCI
+ * so using UNKNOWN class for now and it will be updated when UCSI
+ * over PCI gets a class code.
+ */
+#define PCI_CLASS_SERIAL_UNKNOWN 0x0c80
+static void quirk_gpu_usb_typec_ucsi(struct pci_dev *ucsi)
+{
+ pci_create_device_link(ucsi, 3, 0, PCI_BASE_CLASS_DISPLAY, 16);
+}
+DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
+ PCI_CLASS_SERIAL_UNKNOWN, 8,
+ quirk_gpu_usb_typec_ucsi);
+
/*
* Some IDT switches incorrectly flag an ACS Source Validation error on
* completions for config read requests even though PCIe r4.0, sec
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 215/267] PCI: Enable NVIDIA HDA controllers
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 214/267] PCI: Add NVIDIA GPU multi-function power dependencies Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 216/267] PCI: mediatek: Add controller support for MT7629 Greg Kroah-Hartman
` (53 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Daniel Drake,
Bjorn Helgaas, Aaron Plattner, Peter Wu, Ilia Mirkin,
Karol Herbst, Maik Freudenberg, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit b516ea586d717472178e6ef1c152e85608b0ce32 ]
Many NVIDIA GPUs can be configured as either a single-function video device
or a multi-function device with video at function 0 and an HDA audio
controller at function 1. The HDA controller can be enabled or disabled by
a bit in the function 0 config space.
Some BIOSes leave the HDA disabled, which means the HDMI connector from the
NVIDIA GPU may not work. Sometimes the BIOS enables the HDA if an HDMI
cable is connected at boot time, but that doesn't handle hotplug cases.
Enable the HDA controller on device enumeration and resume and re-read the
header type, which tells us whether the GPU is a multi-function device.
This quirk is limited to NVIDIA PCI devices with the VGA Controller device
class. This is expected to correspond to product configurations where the
NVIDIA GPU has connectors attached. Other products where the device class
is 3D Controller are expected to correspond to configurations where the
NVIDIA GPU is dedicated (dGPU) and has no connectors. See original post
(URL below) for more details.
This commit takes inspiration from an earlier patch by Daniel Drake.
Link: https://lore.kernel.org/r/20190708051744.24039-1-drake@endlessm.com v2
Link: https://lore.kernel.org/r/20190613063514.15317-1-drake@endlessm.com v1
Link: https://devtalk.nvidia.com/default/topic/1024022
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=75985
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Daniel Drake <drake@endlessm.com>
[bhelgaas: commit log, log message, return early if already enabled]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Aaron Plattner <aplattner@nvidia.com>
Cc: Peter Wu <peter@lekensteyn.nl>
Cc: Ilia Mirkin <imirkin@alum.mit.edu>
Cc: Karol Herbst <kherbst@redhat.com>
Cc: Maik Freudenberg <hhfeuer@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 30 ++++++++++++++++++++++++++++++
include/linux/pci_ids.h | 1 +
2 files changed, 31 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 8ac2d5a4a224..502dca568d6c 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -5120,6 +5120,36 @@ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
PCI_CLASS_SERIAL_UNKNOWN, 8,
quirk_gpu_usb_typec_ucsi);
+/*
+ * Enable the NVIDIA GPU integrated HDA controller if the BIOS left it
+ * disabled. https://devtalk.nvidia.com/default/topic/1024022
+ */
+static void quirk_nvidia_hda(struct pci_dev *gpu)
+{
+ u8 hdr_type;
+ u32 val;
+
+ /* There was no integrated HDA controller before MCP89 */
+ if (gpu->device < PCI_DEVICE_ID_NVIDIA_GEFORCE_320M)
+ return;
+
+ /* Bit 25 at offset 0x488 enables the HDA controller */
+ pci_read_config_dword(gpu, 0x488, &val);
+ if (val & BIT(25))
+ return;
+
+ pci_info(gpu, "Enabling HDA controller\n");
+ pci_write_config_dword(gpu, 0x488, val | BIT(25));
+
+ /* The GPU becomes a multi-function device when the HDA is enabled */
+ pci_read_config_byte(gpu, PCI_HEADER_TYPE, &hdr_type);
+ gpu->multifunction = !!(hdr_type & 0x80);
+}
+DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
+ PCI_BASE_CLASS_DISPLAY, 16, quirk_nvidia_hda);
+DECLARE_PCI_FIXUP_CLASS_RESUME_EARLY(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
+ PCI_BASE_CLASS_DISPLAY, 16, quirk_nvidia_hda);
+
/*
* Some IDT switches incorrectly flag an ACS Source Validation error on
* completions for config read requests even though PCIe r4.0, sec
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 47833d8f8928..b952f1557f5d 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1336,6 +1336,7 @@
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP78S_SMBUS 0x0752
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP77_IDE 0x0759
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP73_SMBUS 0x07D8
+#define PCI_DEVICE_ID_NVIDIA_GEFORCE_320M 0x08A0
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP79_SMBUS 0x0AA2
#define PCI_DEVICE_ID_NVIDIA_NFORCE_MCP89_SATA 0x0D85
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 216/267] PCI: mediatek: Add controller support for MT7629
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 215/267] PCI: Enable NVIDIA HDA controllers Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 217/267] x86/amd_nb: Add PCI device IDs for family 17h, model 70h Greg Kroah-Hartman
` (52 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianjun Wang, Lorenzo Pieralisi,
Andrew Murray, Ryder Lee, Sasha Levin
From: Jianjun Wang <jianjun.wang@mediatek.com>
[ Upstream commit 0cccd42e6193e168cbecc271dae464e4a53fd7b3 ]
MT7629 is an ARM platform SoC which has the same PCIe IP as MT7622.
The HW default value of its PCI host controller Device ID is invalid,
fix it to match the hardware implementation.
Signed-off-by: Jianjun Wang <jianjun.wang@mediatek.com>
[lorenzo.pieralisi@arm.com: commit log/minor spelling update]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Andrew Murray <andrew.murray@arm.com>
Acked-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-mediatek.c | 18 ++++++++++++++++++
include/linux/pci_ids.h | 1 +
2 files changed, 19 insertions(+)
diff --git a/drivers/pci/controller/pcie-mediatek.c b/drivers/pci/controller/pcie-mediatek.c
index 1bfbceb9f445..ca06d8bc01e7 100644
--- a/drivers/pci/controller/pcie-mediatek.c
+++ b/drivers/pci/controller/pcie-mediatek.c
@@ -72,6 +72,7 @@
#define PCIE_MSI_VECTOR 0x0c0
#define PCIE_CONF_VEND_ID 0x100
+#define PCIE_CONF_DEVICE_ID 0x102
#define PCIE_CONF_CLASS_ID 0x106
#define PCIE_INT_MASK 0x420
@@ -134,12 +135,16 @@ struct mtk_pcie_port;
/**
* struct mtk_pcie_soc - differentiate between host generations
* @need_fix_class_id: whether this host's class ID needed to be fixed or not
+ * @need_fix_device_id: whether this host's device ID needed to be fixed or not
+ * @device_id: device ID which this host need to be fixed
* @ops: pointer to configuration access functions
* @startup: pointer to controller setting functions
* @setup_irq: pointer to initialize IRQ functions
*/
struct mtk_pcie_soc {
bool need_fix_class_id;
+ bool need_fix_device_id;
+ unsigned int device_id;
struct pci_ops *ops;
int (*startup)(struct mtk_pcie_port *port);
int (*setup_irq)(struct mtk_pcie_port *port, struct device_node *node);
@@ -678,6 +683,9 @@ static int mtk_pcie_startup_port_v2(struct mtk_pcie_port *port)
writew(val, port->base + PCIE_CONF_CLASS_ID);
}
+ if (soc->need_fix_device_id)
+ writew(soc->device_id, port->base + PCIE_CONF_DEVICE_ID);
+
/* 100ms timeout value should be enough for Gen1/2 training */
err = readl_poll_timeout(port->base + PCIE_LINK_STATUS_V2, val,
!!(val & PCIE_PORT_LINKUP_V2), 20,
@@ -1213,11 +1221,21 @@ static const struct mtk_pcie_soc mtk_pcie_soc_mt7622 = {
.setup_irq = mtk_pcie_setup_irq,
};
+static const struct mtk_pcie_soc mtk_pcie_soc_mt7629 = {
+ .need_fix_class_id = true,
+ .need_fix_device_id = true,
+ .device_id = PCI_DEVICE_ID_MEDIATEK_7629,
+ .ops = &mtk_pcie_ops_v2,
+ .startup = mtk_pcie_startup_port_v2,
+ .setup_irq = mtk_pcie_setup_irq,
+};
+
static const struct of_device_id mtk_pcie_ids[] = {
{ .compatible = "mediatek,mt2701-pcie", .data = &mtk_pcie_soc_v1 },
{ .compatible = "mediatek,mt7623-pcie", .data = &mtk_pcie_soc_v1 },
{ .compatible = "mediatek,mt2712-pcie", .data = &mtk_pcie_soc_mt2712 },
{ .compatible = "mediatek,mt7622-pcie", .data = &mtk_pcie_soc_mt7622 },
+ { .compatible = "mediatek,mt7629-pcie", .data = &mtk_pcie_soc_mt7629 },
{},
};
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index b952f1557f5d..a7abaaa9bc27 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2132,6 +2132,7 @@
#define PCI_VENDOR_ID_MYRICOM 0x14c1
#define PCI_VENDOR_ID_MEDIATEK 0x14c3
+#define PCI_DEVICE_ID_MEDIATEK_7629 0x7629
#define PCI_VENDOR_ID_TITAN 0x14D2
#define PCI_DEVICE_ID_TITAN_010L 0x8001
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 217/267] x86/amd_nb: Add PCI device IDs for family 17h, model 70h
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 216/267] PCI: mediatek: Add controller support for MT7629 Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 218/267] ALSA: lx6464es - add support for LX6464ESe pci express variant Greg Kroah-Hartman
` (51 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vicki Pfau, Marcel Bocu,
Thomas Gleixner, Brian Woods, Ingo Molnar, Borislav Petkov,
H. Peter Anvin, x86, Woods, Brian, Clemens Ladisch, Jean Delvare,
Guenter Roeck, linux-hwmon, Sasha Levin, Bjorn Helgaas
From: Marcel Bocu <marcel.p.bocu@gmail.com>
[ Upstream commit af4e1c5eca95bed1192d8dc45c8ed63aea2209e8 ]
The AMD Ryzen gen 3 processors came with a different PCI IDs for the
function 3 & 4 which are used to access the SMN interface. The root
PCI address however remained at the same address as the model 30h.
Adding the F3/F4 PCI IDs respectively to the misc and link ids appear
to be sufficient for k10temp, so let's add them and follow up on the
patch if other functions need more tweaking.
Vicki Pfau sent an identical patch after I checked that no-one had
written this patch. I would have been happy about dropping my patch but
unlike for his patch series, I had already Cc:ed the x86 people and
they already reviewed the changes. Since Vicki has not answered to
any email after his initial series, let's assume she is on vacation
and let's avoid duplication of reviews from the maintainers and merge
my series. To acknowledge Vicki's anteriority, I added her S-o-b to
the patch.
v2, suggested by Guenter Roeck and Brian Woods:
- rename from 71h to 70h
Signed-off-by: Vicki Pfau <vi@endrift.com>
Signed-off-by: Marcel Bocu <marcel.p.bocu@gmail.com>
Tested-by: Marcel Bocu <marcel.p.bocu@gmail.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Brian Woods <brian.woods@amd.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com> # pci_ids.h
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Cc: "Woods, Brian" <Brian.Woods@amd.com>
Cc: Clemens Ladisch <clemens@ladisch.de>
Cc: Jean Delvare <jdelvare@suse.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: linux-hwmon@vger.kernel.org
Link: https://lore.kernel.org/r/20190722174510.2179-1-marcel.p.bocu@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/amd_nb.c | 3 +++
include/linux/pci_ids.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index b95db8ce83bf..be1d15a27079 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -20,6 +20,7 @@
#define PCI_DEVICE_ID_AMD_17H_DF_F4 0x1464
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F4 0x15ec
#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F4 0x1494
+#define PCI_DEVICE_ID_AMD_17H_M70H_DF_F4 0x1444
/* Protect the PCI config register pairs used for SMN and DF indirect access. */
static DEFINE_MUTEX(smn_mutex);
@@ -49,6 +50,7 @@ const struct pci_device_id amd_nb_misc_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F3) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M70H_DF_F3) },
{}
};
EXPORT_SYMBOL_GPL(amd_nb_misc_ids);
@@ -62,6 +64,7 @@ static const struct pci_device_id amd_nb_link_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F4) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M70H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F4) },
{}
};
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index a7abaaa9bc27..81ddbd891202 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -548,6 +548,7 @@
#define PCI_DEVICE_ID_AMD_17H_DF_F3 0x1463
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F3 0x15eb
#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F3 0x1493
+#define PCI_DEVICE_ID_AMD_17H_M70H_DF_F3 0x1443
#define PCI_DEVICE_ID_AMD_CNB17H_F3 0x1703
#define PCI_DEVICE_ID_AMD_LANCE 0x2000
#define PCI_DEVICE_ID_AMD_LANCE_HOME 0x2001
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 218/267] ALSA: lx6464es - add support for LX6464ESe pci express variant
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 217/267] x86/amd_nb: Add PCI device IDs for family 17h, model 70h Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 219/267] PCI: Add Genesys Logic, Inc. Vendor ID Greg Kroah-Hartman
` (50 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tim Blechmann, Takashi Iwai, Sasha Levin
From: Tim Blechmann <tim@klingt.org>
[ Upstream commit 789492f0c86505e63369907bcb1afdf52dec9366 ]
The pci express variant of the digigram lx6464es card has a different
device ID, but works without changes to the driver.
Thanks to Nikolas Slottke for reporting and testing.
Signed-off-by: Tim Blechmann <tim@klingt.org>
Link: https://lore.kernel.org/r/20190906082119.40971-1-tim@klingt.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/pci_ids.h | 2 ++
sound/pci/lx6464es/lx6464es.c | 8 ++++++++
2 files changed, 10 insertions(+)
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 81ddbd891202..bd682fcb9768 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1952,6 +1952,8 @@
#define PCI_VENDOR_ID_DIGIGRAM 0x1369
#define PCI_SUBDEVICE_ID_DIGIGRAM_LX6464ES_SERIAL_SUBSYSTEM 0xc001
#define PCI_SUBDEVICE_ID_DIGIGRAM_LX6464ES_CAE_SERIAL_SUBSYSTEM 0xc002
+#define PCI_SUBDEVICE_ID_DIGIGRAM_LX6464ESE_SERIAL_SUBSYSTEM 0xc021
+#define PCI_SUBDEVICE_ID_DIGIGRAM_LX6464ESE_CAE_SERIAL_SUBSYSTEM 0xc022
#define PCI_VENDOR_ID_KAWASAKI 0x136b
#define PCI_DEVICE_ID_MCHIP_KL5A72002 0xff01
diff --git a/sound/pci/lx6464es/lx6464es.c b/sound/pci/lx6464es/lx6464es.c
index 54f6252faca6..daf25655f635 100644
--- a/sound/pci/lx6464es/lx6464es.c
+++ b/sound/pci/lx6464es/lx6464es.c
@@ -65,6 +65,14 @@ static const struct pci_device_id snd_lx6464es_ids[] = {
PCI_VENDOR_ID_DIGIGRAM,
PCI_SUBDEVICE_ID_DIGIGRAM_LX6464ES_CAE_SERIAL_SUBSYSTEM),
}, /* LX6464ES-CAE */
+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_PLX, PCI_DEVICE_ID_PLX_LX6464ES,
+ PCI_VENDOR_ID_DIGIGRAM,
+ PCI_SUBDEVICE_ID_DIGIGRAM_LX6464ESE_SERIAL_SUBSYSTEM),
+ }, /* LX6464ESe */
+ { PCI_DEVICE_SUB(PCI_VENDOR_ID_PLX, PCI_DEVICE_ID_PLX_LX6464ES,
+ PCI_VENDOR_ID_DIGIGRAM,
+ PCI_SUBDEVICE_ID_DIGIGRAM_LX6464ESE_CAE_SERIAL_SUBSYSTEM),
+ }, /* LX6464ESe-CAE */
{ 0, },
};
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 219/267] PCI: Add Genesys Logic, Inc. Vendor ID
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 218/267] ALSA: lx6464es - add support for LX6464ESe pci express variant Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 220/267] PCI: Add Amazons Annapurna Labs vendor ID Greg Kroah-Hartman
` (49 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Chuang, Michael K Johnson,
Adrian Hunter, Ulf Hansson, Sasha Levin
From: Ben Chuang <ben.chuang@genesyslogic.com.tw>
[ Upstream commit 4460d68f0b2f9092273531fbc65613e1855c2e07 ]
Add the Genesys Logic, Inc. vendor ID to pci_ids.h.
Signed-off-by: Ben Chuang <ben.chuang@genesyslogic.com.tw>
Co-developed-by: Michael K Johnson <johnsonm@danlj.org>
Signed-off-by: Michael K Johnson <johnsonm@danlj.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/pci_ids.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index bd682fcb9768..3329387261df 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2409,6 +2409,8 @@
#define PCI_DEVICE_ID_RDC_R6061 0x6061
#define PCI_DEVICE_ID_RDC_D1010 0x1010
+#define PCI_VENDOR_ID_GLI 0x17a0
+
#define PCI_VENDOR_ID_LENOVO 0x17aa
#define PCI_VENDOR_ID_QCOM 0x17cb
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 220/267] PCI: Add Amazons Annapurna Labs vendor ID
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 219/267] PCI: Add Genesys Logic, Inc. Vendor ID Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 221/267] PCI: vmd: Add device id for VMD device 8086:9A0B Greg Kroah-Hartman
` (48 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Chocron, Lorenzo Pieralisi,
Andrew Murray, Bjorn Helgaas, Sasha Levin
From: Jonathan Chocron <jonnyc@amazon.com>
[ Upstream commit 4a36a60c34f42f75e8b4f8cd24fcfade26111334 ]
Add Amazon's Annapurna Labs vendor ID to pci_ids.h.
Signed-off-by: Jonathan Chocron <jonnyc@amazon.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Andrew Murray <andrew.murray@arm.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/pci_ids.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 3329387261df..b047b0af530d 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2576,6 +2576,8 @@
#define PCI_VENDOR_ID_ASMEDIA 0x1b21
+#define PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS 0x1c36
+
#define PCI_VENDOR_ID_CIRCUITCO 0x1cc8
#define PCI_SUBSYSTEM_ID_CIRCUITCO_MINNOWBOARD 0x0001
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 221/267] PCI: vmd: Add device id for VMD device 8086:9A0B
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 220/267] PCI: Add Amazons Annapurna Labs vendor ID Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 222/267] x86/amd_nb: Add Family 19h PCI IDs Greg Kroah-Hartman
` (47 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jon Derrick, Lorenzo Pieralisi, Sasha Levin
From: Jon Derrick <jonathan.derrick@intel.com>
[ Upstream commit ec11e5c213cc20cac5e8310728b06793448b9f6d ]
This patch adds support for this VMD device which supports the bus
restriction mode.
Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/vmd.c | 2 ++
include/linux/pci_ids.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/drivers/pci/controller/vmd.c b/drivers/pci/controller/vmd.c
index ab36e5ca1aca..b52885020c85 100644
--- a/drivers/pci/controller/vmd.c
+++ b/drivers/pci/controller/vmd.c
@@ -866,6 +866,8 @@ static const struct pci_device_id vmd_ids[] = {
{PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_VMD_28C0),
.driver_data = VMD_FEAT_HAS_MEMBAR_SHADOW |
VMD_FEAT_HAS_BUS_RESTRICTIONS,},
+ {PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_VMD_9A0B),
+ .driver_data = VMD_FEAT_HAS_BUS_RESTRICTIONS,},
{0,}
};
MODULE_DEVICE_TABLE(pci, vmd_ids);
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index b047b0af530d..8d3b39028968 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -3003,6 +3003,7 @@
#define PCI_DEVICE_ID_INTEL_84460GX 0x84ea
#define PCI_DEVICE_ID_INTEL_IXP4XX 0x8500
#define PCI_DEVICE_ID_INTEL_IXP2800 0x9004
+#define PCI_DEVICE_ID_INTEL_VMD_9A0B 0x9a0b
#define PCI_DEVICE_ID_INTEL_S21152BB 0xb152
#define PCI_VENDOR_ID_SCALEMP 0x8686
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 222/267] x86/amd_nb: Add Family 19h PCI IDs
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 221/267] PCI: vmd: Add device id for VMD device 8086:9A0B Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 223/267] PCI: Add Loongson vendor ID Greg Kroah-Hartman
` (46 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yazen Ghannam, Borislav Petkov, Sasha Levin
From: Yazen Ghannam <yazen.ghannam@amd.com>
[ Upstream commit b3f79ae45904ae987a7c06a9e8d6084d7b73e67f ]
Add the new PCI Device 18h IDs for AMD Family 19h systems. Note that
Family 19h systems will not have a new PCI root device ID.
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20200110015651.14887-4-Yazen.Ghannam@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/amd_nb.c | 3 +++
include/linux/pci_ids.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
index be1d15a27079..923b4bac9613 100644
--- a/arch/x86/kernel/amd_nb.c
+++ b/arch/x86/kernel/amd_nb.c
@@ -21,6 +21,7 @@
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F4 0x15ec
#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F4 0x1494
#define PCI_DEVICE_ID_AMD_17H_M70H_DF_F4 0x1444
+#define PCI_DEVICE_ID_AMD_19H_DF_F4 0x1654
/* Protect the PCI config register pairs used for SMN and DF indirect access. */
static DEFINE_MUTEX(smn_mutex);
@@ -51,6 +52,7 @@ const struct pci_device_id amd_nb_misc_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F3) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M70H_DF_F3) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_DF_F3) },
{}
};
EXPORT_SYMBOL_GPL(amd_nb_misc_ids);
@@ -65,6 +67,7 @@ static const struct pci_device_id amd_nb_link_ids[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M10H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M30H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_17H_M70H_DF_F4) },
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_19H_DF_F4) },
{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_CNB17H_F4) },
{}
};
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 8d3b39028968..a81fcb2f2cb7 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -549,6 +549,7 @@
#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F3 0x15eb
#define PCI_DEVICE_ID_AMD_17H_M30H_DF_F3 0x1493
#define PCI_DEVICE_ID_AMD_17H_M70H_DF_F3 0x1443
+#define PCI_DEVICE_ID_AMD_19H_DF_F3 0x1653
#define PCI_DEVICE_ID_AMD_CNB17H_F3 0x1703
#define PCI_DEVICE_ID_AMD_LANCE 0x2000
#define PCI_DEVICE_ID_AMD_LANCE_HOME 0x2001
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 223/267] PCI: Add Loongson vendor ID
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 222/267] x86/amd_nb: Add Family 19h PCI IDs Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 224/267] serial: 8250_pci: Move Pericom IDs to pci_ids.h Greg Kroah-Hartman
` (45 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tiezhu Yang, Jens Axboe, Sasha Levin
From: Tiezhu Yang <yangtiezhu@loongson.cn>
[ Upstream commit 9acb9fe18d863aacc99948963f8d5d447dc311be ]
Add the Loongson vendor ID to pci_ids.h to be used by the controller
driver in the future.
The Loongson vendor ID can be found at the following link:
https://git.kernel.org/pub/scm/utils/pciutils/pciutils.git/tree/pci.ids
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/pci_ids.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index a81fcb2f2cb7..14baae112a54 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -148,6 +148,8 @@
/* Vendors and devices. Sort key: vendor first, device next. */
+#define PCI_VENDOR_ID_LOONGSON 0x0014
+
#define PCI_VENDOR_ID_TTTECH 0x0357
#define PCI_DEVICE_ID_TTTECH_MC322 0x000a
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 224/267] serial: 8250_pci: Move Pericom IDs to pci_ids.h
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 223/267] PCI: Add Loongson vendor ID Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 225/267] PCI: Make ACS quirk implementations more uniform Greg Kroah-Hartman
` (44 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Bjorn Helgaas, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 62a7f3009a460001eb46984395280dd900bc4ef4 ]
Move the IDs to pci_ids.h so it can be used by next patch.
Link: https://lore.kernel.org/r/20200508065343.32751-1-kai.heng.feng@canonical.com
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_pci.c | 6 ------
include/linux/pci_ids.h | 6 ++++++
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c
index bbe5cba21522..02091782bc1e 100644
--- a/drivers/tty/serial/8250/8250_pci.c
+++ b/drivers/tty/serial/8250/8250_pci.c
@@ -1690,12 +1690,6 @@ pci_wch_ch38x_setup(struct serial_private *priv,
#define PCIE_DEVICE_ID_WCH_CH384_4S 0x3470
#define PCIE_DEVICE_ID_WCH_CH382_2S 0x3253
-#define PCI_VENDOR_ID_PERICOM 0x12D8
-#define PCI_DEVICE_ID_PERICOM_PI7C9X7951 0x7951
-#define PCI_DEVICE_ID_PERICOM_PI7C9X7952 0x7952
-#define PCI_DEVICE_ID_PERICOM_PI7C9X7954 0x7954
-#define PCI_DEVICE_ID_PERICOM_PI7C9X7958 0x7958
-
#define PCI_VENDOR_ID_ACCESIO 0x494f
#define PCI_DEVICE_ID_ACCESIO_PCIE_COM_2SDB 0x1051
#define PCI_DEVICE_ID_ACCESIO_MPCIE_COM_2S 0x1053
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 14baae112a54..c0dd2f749d3f 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1833,6 +1833,12 @@
#define PCI_VENDOR_ID_NVIDIA_SGS 0x12d2
#define PCI_DEVICE_ID_NVIDIA_SGS_RIVA128 0x0018
+#define PCI_VENDOR_ID_PERICOM 0x12D8
+#define PCI_DEVICE_ID_PERICOM_PI7C9X7951 0x7951
+#define PCI_DEVICE_ID_PERICOM_PI7C9X7952 0x7952
+#define PCI_DEVICE_ID_PERICOM_PI7C9X7954 0x7954
+#define PCI_DEVICE_ID_PERICOM_PI7C9X7958 0x7958
+
#define PCI_SUBVENDOR_ID_CHASE_PCIFAST 0x12E0
#define PCI_SUBDEVICE_ID_CHASE_PCIFAST4 0x0031
#define PCI_SUBDEVICE_ID_CHASE_PCIFAST8 0x0021
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 225/267] PCI: Make ACS quirk implementations more uniform
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 224/267] serial: 8250_pci: Move Pericom IDs to pci_ids.h Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 226/267] PCI: Unify ACS quirk desired vs provided checking Greg Kroah-Hartman
` (43 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas, Logan Gunthorpe,
Alex Williamson, Sasha Levin
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit c8de8ed2dcaac82e5d76d467dc0b02e0ee79809b ]
The ACS quirks differ in needless ways, which makes them look more
different than they really are.
Reorder the ACS flags in order of definitions in the spec:
PCI_ACS_SV Source Validation
PCI_ACS_TB Translation Blocking
PCI_ACS_RR P2P Request Redirect
PCI_ACS_CR P2P Completion Redirect
PCI_ACS_UF Upstream Forwarding
PCI_ACS_EC P2P Egress Control
PCI_ACS_DT Direct Translated P2P
(PCIe r5.0, sec 7.7.8.2) and use similar code structure in all. No
functional change intended.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 41 +++++++++++++++++++----------------------
1 file changed, 19 insertions(+), 22 deletions(-)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 502dca568d6c..ae62c0b058dd 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4333,18 +4333,18 @@ static bool pci_quirk_cavium_acs_match(struct pci_dev *dev)
static int pci_quirk_cavium_acs(struct pci_dev *dev, u16 acs_flags)
{
+ if (!pci_quirk_cavium_acs_match(dev))
+ return -ENOTTY;
+
/*
- * Cavium root ports don't advertise an ACS capability. However,
+ * Cavium Root Ports don't advertise an ACS capability. However,
* the RTL internally implements similar protection as if ACS had
- * Request Redirection, Completion Redirection, Source Validation,
+ * Source Validation, Request Redirection, Completion Redirection,
* and Upstream Forwarding features enabled. Assert that the
* hardware implements and enables equivalent ACS functionality for
* these flags.
*/
- acs_flags &= ~(PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_SV | PCI_ACS_UF);
-
- if (!pci_quirk_cavium_acs_match(dev))
- return -ENOTTY;
+ acs_flags &= ~(PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
return acs_flags ? 0 : 1;
}
@@ -4362,7 +4362,7 @@ static int pci_quirk_xgene_acs(struct pci_dev *dev, u16 acs_flags)
}
/*
- * Many Intel PCH root ports do provide ACS-like features to disable peer
+ * Many Intel PCH Root Ports do provide ACS-like features to disable peer
* transactions and validate bus numbers in requests, but do not provide an
* actual PCIe ACS capability. This is the list of device IDs known to fall
* into that category as provided by Intel in Red Hat bugzilla 1037684.
@@ -4410,37 +4410,34 @@ static bool pci_quirk_intel_pch_acs_match(struct pci_dev *dev)
return false;
}
-#define INTEL_PCH_ACS_FLAGS (PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF | PCI_ACS_SV)
+#define INTEL_PCH_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
static int pci_quirk_intel_pch_acs(struct pci_dev *dev, u16 acs_flags)
{
- u16 flags = dev->dev_flags & PCI_DEV_FLAGS_ACS_ENABLED_QUIRK ?
- INTEL_PCH_ACS_FLAGS : 0;
-
if (!pci_quirk_intel_pch_acs_match(dev))
return -ENOTTY;
- return acs_flags & ~flags ? 0 : 1;
+ if (dev->dev_flags & PCI_DEV_FLAGS_ACS_ENABLED_QUIRK)
+ acs_flags &= ~(INTEL_PCH_ACS_FLAGS);
+
+ return acs_flags ? 0 : 1;
}
/*
- * These QCOM root ports do provide ACS-like features to disable peer
+ * These QCOM Root Ports do provide ACS-like features to disable peer
* transactions and validate bus numbers in requests, but do not provide an
* actual PCIe ACS capability. Hardware supports source validation but it
* will report the issue as Completer Abort instead of ACS Violation.
- * Hardware doesn't support peer-to-peer and each root port is a root
- * complex with unique segment numbers. It is not possible for one root
- * port to pass traffic to another root port. All PCIe transactions are
- * terminated inside the root port.
+ * Hardware doesn't support peer-to-peer and each Root Port is a Root
+ * Complex with unique segment numbers. It is not possible for one Root
+ * Port to pass traffic to another Root Port. All PCIe transactions are
+ * terminated inside the Root Port.
*/
static int pci_quirk_qcom_rp_acs(struct pci_dev *dev, u16 acs_flags)
{
- u16 flags = (PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF | PCI_ACS_SV);
- int ret = acs_flags & ~flags ? 0 : 1;
-
- pci_info(dev, "Using QCOM ACS Quirk (%d)\n", ret);
+ acs_flags &= ~(PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
- return ret;
+ return acs_flags ? 0 : 1;
}
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 226/267] PCI: Unify ACS quirk desired vs provided checking
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 225/267] PCI: Make ACS quirk implementations more uniform Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 227/267] PCI: Generalize multi-function power dependency device links Greg Kroah-Hartman
` (42 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas, Logan Gunthorpe,
Alex Williamson, Sasha Levin
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit 7cf2cba43f15c74bac46dc5f0326805d25ef514d ]
Most of the ACS quirks have a similar pattern of:
acs_flags &= ~( <controls provided by this device> );
return acs_flags ? 0 : 1;
Pull this out into a helper function to simplify the quirks slightly. The
helper function is also a convenient place for comments about what the list
of ACS controls means. No functional change intended.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 67 +++++++++++++++++++++++++++++---------------
1 file changed, 45 insertions(+), 22 deletions(-)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index ae62c0b058dd..0704025a2160 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4263,6 +4263,24 @@ static void quirk_chelsio_T5_disable_root_port_attributes(struct pci_dev *pdev)
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_CHELSIO, PCI_ANY_ID,
quirk_chelsio_T5_disable_root_port_attributes);
+/*
+ * pci_acs_ctrl_enabled - compare desired ACS controls with those provided
+ * by a device
+ * @acs_ctrl_req: Bitmask of desired ACS controls
+ * @acs_ctrl_ena: Bitmask of ACS controls enabled or provided implicitly by
+ * the hardware design
+ *
+ * Return 1 if all ACS controls in the @acs_ctrl_req bitmask are included
+ * in @acs_ctrl_ena, i.e., the device provides all the access controls the
+ * caller desires. Return 0 otherwise.
+ */
+static int pci_acs_ctrl_enabled(u16 acs_ctrl_req, u16 acs_ctrl_ena)
+{
+ if ((acs_ctrl_req & acs_ctrl_ena) == acs_ctrl_req)
+ return 1;
+ return 0;
+}
+
/*
* AMD has indicated that the devices below do not support peer-to-peer
* in any system where they are found in the southbridge with an AMD
@@ -4306,7 +4324,7 @@ static int pci_quirk_amd_sb_acs(struct pci_dev *dev, u16 acs_flags)
/* Filter out flags not applicable to multifunction */
acs_flags &= (PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_EC | PCI_ACS_DT);
- return acs_flags & ~(PCI_ACS_RR | PCI_ACS_CR) ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags, PCI_ACS_RR | PCI_ACS_CR);
#else
return -ENODEV;
#endif
@@ -4344,9 +4362,8 @@ static int pci_quirk_cavium_acs(struct pci_dev *dev, u16 acs_flags)
* hardware implements and enables equivalent ACS functionality for
* these flags.
*/
- acs_flags &= ~(PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
-
- return acs_flags ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags,
+ PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
}
static int pci_quirk_xgene_acs(struct pci_dev *dev, u16 acs_flags)
@@ -4356,9 +4373,8 @@ static int pci_quirk_xgene_acs(struct pci_dev *dev, u16 acs_flags)
* transactions with others, allowing masking out these bits as if they
* were unimplemented in the ACS capability.
*/
- acs_flags &= ~(PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
-
- return acs_flags ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags,
+ PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
}
/*
@@ -4410,17 +4426,16 @@ static bool pci_quirk_intel_pch_acs_match(struct pci_dev *dev)
return false;
}
-#define INTEL_PCH_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
-
static int pci_quirk_intel_pch_acs(struct pci_dev *dev, u16 acs_flags)
{
if (!pci_quirk_intel_pch_acs_match(dev))
return -ENOTTY;
if (dev->dev_flags & PCI_DEV_FLAGS_ACS_ENABLED_QUIRK)
- acs_flags &= ~(INTEL_PCH_ACS_FLAGS);
+ return pci_acs_ctrl_enabled(acs_flags,
+ PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
- return acs_flags ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags, 0);
}
/*
@@ -4435,9 +4450,8 @@ static int pci_quirk_intel_pch_acs(struct pci_dev *dev, u16 acs_flags)
*/
static int pci_quirk_qcom_rp_acs(struct pci_dev *dev, u16 acs_flags)
{
- acs_flags &= ~(PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
-
- return acs_flags ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags,
+ PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
}
/*
@@ -4520,7 +4534,7 @@ static int pci_quirk_intel_spt_pch_acs(struct pci_dev *dev, u16 acs_flags)
pci_read_config_dword(dev, pos + INTEL_SPT_ACS_CTRL, &ctrl);
- return acs_flags & ~ctrl ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags, ctrl);
}
static int pci_quirk_mf_endpoint_acs(struct pci_dev *dev, u16 acs_flags)
@@ -4534,10 +4548,9 @@ static int pci_quirk_mf_endpoint_acs(struct pci_dev *dev, u16 acs_flags)
* perform peer-to-peer with other functions, allowing us to mask out
* these bits as if they were unimplemented in the ACS capability.
*/
- acs_flags &= ~(PCI_ACS_SV | PCI_ACS_TB | PCI_ACS_RR |
- PCI_ACS_CR | PCI_ACS_UF | PCI_ACS_DT);
-
- return acs_flags ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags,
+ PCI_ACS_SV | PCI_ACS_TB | PCI_ACS_RR |
+ PCI_ACS_CR | PCI_ACS_UF | PCI_ACS_DT);
}
static int pci_quirk_rciep_acs(struct pci_dev *dev, u16 acs_flags)
@@ -4562,9 +4575,8 @@ static int pci_quirk_brcm_acs(struct pci_dev *dev, u16 acs_flags)
* Allow each Root Port to be in a separate IOMMU group by masking
* SV/RR/CR/UF bits.
*/
- acs_flags &= ~(PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
-
- return acs_flags ? 0 : 1;
+ return pci_acs_ctrl_enabled(acs_flags,
+ PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF);
}
static const struct pci_dev_acs_enabled {
@@ -4663,6 +4675,17 @@ static const struct pci_dev_acs_enabled {
{ 0 }
};
+/*
+ * pci_dev_specific_acs_enabled - check whether device provides ACS controls
+ * @dev: PCI device
+ * @acs_flags: Bitmask of desired ACS controls
+ *
+ * Returns:
+ * -ENOTTY: No quirk applies to this device; we can't tell whether the
+ * device provides the desired controls
+ * 0: Device does not provide all the desired controls
+ * >0: Device provides all the controls in @acs_flags
+ */
int pci_dev_specific_acs_enabled(struct pci_dev *dev, u16 acs_flags)
{
const struct pci_dev_acs_enabled *i;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 227/267] PCI: Generalize multi-function power dependency device links
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 226/267] PCI: Unify ACS quirk desired vs provided checking Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 228/267] btrfs: fix error handling when submitting direct I/O bio Greg Kroah-Hartman
` (41 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhishek Sahu, Bjorn Helgaas, Sasha Levin
From: Abhishek Sahu <abhsahu@nvidia.com>
[ Upstream commit a17beb1a0882a544523dcb5d0da4801272dfd43a ]
Although not allowed by the PCI specs, some multi-function devices have
power dependencies between the functions. For example, function 1 may not
work unless function 0 is in the D0 power state.
The existing quirk_gpu_hda() adds a device link to express this dependency
for GPU and HDA devices, but it really is not specific to those device
types.
Generalize it and rename it to pci_create_device_link() so we can create
dependencies between any "consumer" and "producer" functions of a
multi-function device, where the consumer is only functional if the
producer is in D0. This reorganization should not affect any
functionality.
Link: https://lore.kernel.org/lkml/20190606092225.17960-2-abhsahu@nvidia.com
Signed-off-by: Abhishek Sahu <abhsahu@nvidia.com>
[bhelgaas: commit log, reword diagnostic]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 54 ++++++++++++++++++++++++++++----------------
1 file changed, 34 insertions(+), 20 deletions(-)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 0704025a2160..0862cb633849 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -5077,35 +5077,49 @@ static void quirk_fsl_no_msi(struct pci_dev *pdev)
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_FREESCALE, PCI_ANY_ID, quirk_fsl_no_msi);
/*
- * GPUs with integrated HDA controller for streaming audio to attached displays
- * need a device link from the HDA controller (consumer) to the GPU (supplier)
- * so that the GPU is powered up whenever the HDA controller is accessed.
- * The GPU and HDA controller are functions 0 and 1 of the same PCI device.
- * The device link stays in place until shutdown (or removal of the PCI device
- * if it's hotplugged). Runtime PM is allowed by default on the HDA controller
- * to prevent it from permanently keeping the GPU awake.
+ * Although not allowed by the spec, some multi-function devices have
+ * dependencies of one function (consumer) on another (supplier). For the
+ * consumer to work in D0, the supplier must also be in D0. Create a
+ * device link from the consumer to the supplier to enforce this
+ * dependency. Runtime PM is allowed by default on the consumer to prevent
+ * it from permanently keeping the supplier awake.
*/
-static void quirk_gpu_hda(struct pci_dev *hda)
+static void pci_create_device_link(struct pci_dev *pdev, unsigned int consumer,
+ unsigned int supplier, unsigned int class,
+ unsigned int class_shift)
{
- struct pci_dev *gpu;
+ struct pci_dev *supplier_pdev;
- if (PCI_FUNC(hda->devfn) != 1)
+ if (PCI_FUNC(pdev->devfn) != consumer)
return;
- gpu = pci_get_domain_bus_and_slot(pci_domain_nr(hda->bus),
- hda->bus->number,
- PCI_DEVFN(PCI_SLOT(hda->devfn), 0));
- if (!gpu || (gpu->class >> 16) != PCI_BASE_CLASS_DISPLAY) {
- pci_dev_put(gpu);
+ supplier_pdev = pci_get_domain_bus_and_slot(pci_domain_nr(pdev->bus),
+ pdev->bus->number,
+ PCI_DEVFN(PCI_SLOT(pdev->devfn), supplier));
+ if (!supplier_pdev || (supplier_pdev->class >> class_shift) != class) {
+ pci_dev_put(supplier_pdev);
return;
}
- if (!device_link_add(&hda->dev, &gpu->dev,
- DL_FLAG_STATELESS | DL_FLAG_PM_RUNTIME))
- pci_err(hda, "cannot link HDA to GPU %s\n", pci_name(gpu));
+ if (device_link_add(&pdev->dev, &supplier_pdev->dev,
+ DL_FLAG_STATELESS | DL_FLAG_PM_RUNTIME))
+ pci_info(pdev, "D0 power state depends on %s\n",
+ pci_name(supplier_pdev));
+ else
+ pci_err(pdev, "Cannot enforce power dependency on %s\n",
+ pci_name(supplier_pdev));
+
+ pm_runtime_allow(&pdev->dev);
+ pci_dev_put(supplier_pdev);
+}
- pm_runtime_allow(&hda->dev);
- pci_dev_put(gpu);
+/*
+ * Create device link for GPUs with integrated HDA controller for streaming
+ * audio to attached displays.
+ */
+static void quirk_gpu_hda(struct pci_dev *hda)
+{
+ pci_create_device_link(hda, 1, 0, PCI_BASE_CLASS_DISPLAY, 16);
}
DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_ATI, PCI_ANY_ID,
PCI_CLASS_MULTIMEDIA_HD_AUDIO, 8, quirk_gpu_hda);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 228/267] btrfs: fix error handling when submitting direct I/O bio
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 227/267] PCI: Generalize multi-function power dependency device links Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 229/267] btrfs: fix wrong file range cleanup after an error filling dealloc range Greg Kroah-Hartman
` (40 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Josef Bacik,
Johannes Thumshirn, Omar Sandoval, David Sterba, Sasha Levin
From: Omar Sandoval <osandov@fb.com>
[ Upstream commit 6d3113a193e3385c72240096fe397618ecab6e43 ]
In btrfs_submit_direct_hook(), if a direct I/O write doesn't span a RAID
stripe or chunk, we submit orig_bio without cloning it. In this case, we
don't increment pending_bios. Then, if btrfs_submit_dio_bio() fails, we
decrement pending_bios to -1, and we never complete orig_bio. Fix it by
initializing pending_bios to 1 instead of incrementing later.
Fixing this exposes another bug: we put orig_bio prematurely and then
put it again from end_io. Fix it by not putting orig_bio.
After this change, pending_bios is really more of a reference count, but
I'll leave that cleanup separate to keep the fix small.
Fixes: e65e15355429 ("btrfs: fix panic caused by direct IO")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/inode.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index c69e5b255745..b4f295a058d8 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -8399,7 +8399,6 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip)
/* bio split */
ASSERT(map_length <= INT_MAX);
- atomic_inc(&dip->pending_bios);
do {
clone_len = min_t(int, submit_len, map_length);
@@ -8450,7 +8449,8 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip)
if (!status)
return 0;
- bio_put(bio);
+ if (bio != orig_bio)
+ bio_put(bio);
out_err:
dip->errors = 1;
/*
@@ -8491,7 +8491,7 @@ static void btrfs_submit_direct(struct bio *dio_bio, struct inode *inode,
bio->bi_private = dip;
dip->orig_bio = bio;
dip->dio_bio = dio_bio;
- atomic_set(&dip->pending_bios, 0);
+ atomic_set(&dip->pending_bios, 1);
io_bio = btrfs_io_bio(bio);
io_bio->logical = file_offset;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 229/267] btrfs: fix wrong file range cleanup after an error filling dealloc range
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 228/267] btrfs: fix error handling when submitting direct I/O bio Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 230/267] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() Greg Kroah-Hartman
` (39 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit e2c8e92d1140754073ad3799eb6620c76bab2078 ]
If an error happens while running dellaloc in COW mode for a range, we can
end up calling extent_clear_unlock_delalloc() for a range that goes beyond
our range's end offset by 1 byte, which affects 1 extra page. This results
in clearing bits and doing page operations (such as a page unlock) outside
our target range.
Fix that by calling extent_clear_unlock_delalloc() with an inclusive end
offset, instead of an exclusive end offset, at cow_file_range().
Fixes: a315e68f6e8b30 ("Btrfs: fix invalid attempt to free reserved space on failure to cow range")
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/inode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index b4f295a058d8..887f9ebc2bc2 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -1136,8 +1136,8 @@ static noinline int cow_file_range(struct inode *inode,
*/
if (extent_reserved) {
extent_clear_unlock_delalloc(inode, start,
- start + cur_alloc_size,
- start + cur_alloc_size,
+ start + cur_alloc_size - 1,
+ start + cur_alloc_size - 1,
locked_page,
clear_bits,
page_ops);
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 230/267] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 229/267] btrfs: fix wrong file range cleanup after an error filling dealloc range Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 231/267] PCI: Program MPS for RCiEP devices Greg Kroah-Hartman
` (38 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Roberto Sassu,
Mimi Zohar, Sasha Levin
From: Roberto Sassu <roberto.sassu@huawei.com>
[ Upstream commit 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 ]
If the template field 'd' is chosen and the digest to be added to the
measurement entry was not calculated with SHA1 or MD5, it is
recalculated with SHA1, by using the passed file descriptor. However, this
cannot be done for boot_aggregate, because there is no file descriptor.
This patch adds a call to ima_calc_boot_aggregate() in
ima_eventdigest_init(), so that the digest can be recalculated also for the
boot_aggregate entry.
Cc: stable@vger.kernel.org # 3.13.x
Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers")
Reported-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/ima/ima.h | 3 ++-
security/integrity/ima/ima_crypto.c | 6 +++---
security/integrity/ima/ima_init.c | 2 +-
security/integrity/ima/ima_template_lib.c | 18 ++++++++++++++++++
4 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index e7dfd460fe1d..d12b07eb3a58 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -56,6 +56,7 @@ extern int ima_policy_flag;
extern int ima_hash_algo;
extern int ima_appraise;
extern struct tpm_chip *ima_tpm_chip;
+extern const char boot_aggregate_name[];
/* IMA event related data */
struct ima_event_data {
@@ -139,7 +140,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len,
int ima_calc_field_array_hash(struct ima_field_data *field_data,
struct ima_template_desc *desc, int num_fields,
struct ima_digest_data *hash);
-int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
+int ima_calc_boot_aggregate(struct ima_digest_data *hash);
void ima_add_violation(struct file *file, const unsigned char *filename,
struct integrity_iint_cache *iint,
const char *op, const char *cause);
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 6a6d19ada66a..c5dd05ace28c 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -663,8 +663,8 @@ static void __init ima_pcrread(int idx, u8 *pcr)
/*
* Calculate the boot aggregate hash
*/
-static int __init ima_calc_boot_aggregate_tfm(char *digest,
- struct crypto_shash *tfm)
+static int ima_calc_boot_aggregate_tfm(char *digest,
+ struct crypto_shash *tfm)
{
u8 pcr_i[TPM_DIGEST_SIZE];
int rc, i;
@@ -688,7 +688,7 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest,
return rc;
}
-int __init ima_calc_boot_aggregate(struct ima_digest_data *hash)
+int ima_calc_boot_aggregate(struct ima_digest_data *hash)
{
struct crypto_shash *tfm;
int rc;
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index faac9ecaa0ae..a2bc4cb4482a 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -25,7 +25,7 @@
#include "ima.h"
/* name for boot aggregate entry */
-static const char *boot_aggregate_name = "boot_aggregate";
+const char boot_aggregate_name[] = "boot_aggregate";
struct tpm_chip *ima_tpm_chip;
/* Add the boot aggregate to the IMA measurement list and extend
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 43752002c222..48c5a1be88ac 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -284,6 +284,24 @@ int ima_eventdigest_init(struct ima_event_data *event_data,
goto out;
}
+ if ((const char *)event_data->filename == boot_aggregate_name) {
+ if (ima_tpm_chip) {
+ hash.hdr.algo = HASH_ALGO_SHA1;
+ result = ima_calc_boot_aggregate(&hash.hdr);
+
+ /* algo can change depending on available PCR banks */
+ if (!result && hash.hdr.algo != HASH_ALGO_SHA1)
+ result = -EINVAL;
+
+ if (result < 0)
+ memset(&hash, 0, sizeof(hash));
+ }
+
+ cur_digest = hash.hdr.digest;
+ cur_digestsize = hash_digest_size[HASH_ALGO_SHA1];
+ goto out;
+ }
+
if (!event_data->file) /* missing info to re-calculate the digest */
return -EINVAL;
--
2.25.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* [PATCH 4.19 231/267] PCI: Program MPS for RCiEP devices
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 230/267] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 232/267] e1000e: Disable TSO for buffer overrun workaround Greg Kroah-Hartman
` (37 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Jiang, Ashok Raj, Bjorn Helgaas
From: Ashok Raj <ashok.raj@intel.com>
commit aa0ce96d72dd2e1b0dfd0fb868f82876e7790878 upstream.
Root Complex Integrated Endpoints (RCiEPs) do not have an upstream bridge,
so pci_configure_mps() previously ignored them, which may result in reduced
performance.
Instead, program the Max_Payload_Size of RCiEPs to the maximum supported
value (unless it is limited for the PCIE_BUS_PEER2PEER case). This also
affects the subsequent programming of Max_Read_Request_Size because Linux
programs MRRS based on the MPS value.
Fixes: 9dae3a97297f ("PCI: Move MPS configuration check to pci_configure_device()")
Link: https://lore.kernel.org/r/1585343775-4019-1-git-send-email-ashok.raj@intel.com
Tested-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/probe.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1748,13 +1748,33 @@ static void pci_configure_mps(struct pci
struct pci_dev *bridge = pci_upstream_bridge(dev);
int mps, mpss, p_mps, rc;
- if (!pci_is_pcie(dev) || !bridge || !pci_is_pcie(bridge))
+ if (!pci_is_pcie(dev))
return;
/* MPS and MRRS fields are of type 'RsvdP' for VFs, short-circuit out */
if (dev->is_virtfn)
return;
+ /*
+ * For Root Complex Integrated Endpoints, program the maximum
+ * supported value unless limited by the PCIE_BUS_PEER2PEER case.
+ */
+ if (pci_pcie_type(dev) == PCI_EXP_TYPE_RC_END) {
+ if (pcie_bus_config == PCIE_BUS_PEER2PEER)
+ mps = 128;
+ else
+ mps = 128 << dev->pcie_mpss;
+ rc = pcie_set_mps(dev, mps);
+ if (rc) {
+ pci_warn(dev, "can't set Max Payload Size to %d; if necessary, use \"pci=pcie_bus_safe\" and report a bug\n",
+ mps);
+ }
+ return;
+ }
+
+ if (!bridge || !pci_is_pcie(bridge))
+ return;
+
mps = pcie_get_mps(dev);
p_mps = pcie_get_mps(bridge);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 232/267] e1000e: Disable TSO for buffer overrun workaround
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 231/267] PCI: Program MPS for RCiEP devices Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 233/267] e1000e: Relax condition to trigger reset for ME workaround Greg Kroah-Hartman
` (36 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kai-Heng Feng, Aaron Brown, Jeff Kirsher
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit f29801030ac67bf98b7a65d3aea67b30769d4f7c upstream.
Commit b10effb92e27 ("e1000e: fix buffer overrun while the I219 is
processing DMA transactions") imposes roughly 30% performance penalty.
The commit log states that "Disabling TSO eliminates performance loss
for TCP traffic without a noticeable impact on CPU performance", so
let's disable TSO by default to regain the loss.
CC: stable <stable@vger.kernel.org>
Fixes: b10effb92e27 ("e1000e: fix buffer overrun while the I219 is processing DMA transactions")
BugLink: https://bugs.launchpad.net/bugs/1802691
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/e1000e/netdev.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -5251,6 +5251,10 @@ static void e1000_watchdog_task(struct w
/* oops */
break;
}
+ if (hw->mac.type == e1000_pch_spt) {
+ netdev->features &= ~NETIF_F_TSO;
+ netdev->features &= ~NETIF_F_TSO6;
+ }
}
/* enable transmits in the hardware, need to do this
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 233/267] e1000e: Relax condition to trigger reset for ME workaround
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 232/267] e1000e: Disable TSO for buffer overrun workaround Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 234/267] carl9170: remove P2P_GO support Greg Kroah-Hartman
` (35 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Punit Agrawal, Alexander Duyck,
Aaron Brown, Jeff Kirsher
From: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
commit d601afcae2febc49665008e9a79e701248d56c50 upstream.
It's an error if the value of the RX/TX tail descriptor does not match
what was written. The error condition is true regardless the duration
of the interference from ME. But the driver only performs the reset if
E1000_ICH_FWSM_PCIM2PCI_COUNT (2000) iterations of 50us delay have
transpired. The extra condition can lead to inconsistency between the
state of hardware as expected by the driver.
Fix this by dropping the check for number of delay iterations.
While at it, also make __ew32_prepare() static as it's not used
anywhere else.
CC: stable <stable@vger.kernel.org>
Signed-off-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/e1000e/e1000.h | 1 -
drivers/net/ethernet/intel/e1000e/netdev.c | 12 +++++-------
2 files changed, 5 insertions(+), 8 deletions(-)
--- a/drivers/net/ethernet/intel/e1000e/e1000.h
+++ b/drivers/net/ethernet/intel/e1000e/e1000.h
@@ -574,7 +574,6 @@ static inline u32 __er32(struct e1000_hw
#define er32(reg) __er32(hw, E1000_##reg)
-s32 __ew32_prepare(struct e1000_hw *hw);
void __ew32(struct e1000_hw *hw, unsigned long reg, u32 val);
#define ew32(reg, val) __ew32(hw, E1000_##reg, (val))
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -119,14 +119,12 @@ static const struct e1000_reg_info e1000
* has bit 24 set while ME is accessing MAC CSR registers, wait if it is set
* and try again a number of times.
**/
-s32 __ew32_prepare(struct e1000_hw *hw)
+static void __ew32_prepare(struct e1000_hw *hw)
{
s32 i = E1000_ICH_FWSM_PCIM2PCI_COUNT;
while ((er32(FWSM) & E1000_ICH_FWSM_PCIM2PCI) && --i)
udelay(50);
-
- return i;
}
void __ew32(struct e1000_hw *hw, unsigned long reg, u32 val)
@@ -607,11 +605,11 @@ static void e1000e_update_rdt_wa(struct
{
struct e1000_adapter *adapter = rx_ring->adapter;
struct e1000_hw *hw = &adapter->hw;
- s32 ret_val = __ew32_prepare(hw);
+ __ew32_prepare(hw);
writel(i, rx_ring->tail);
- if (unlikely(!ret_val && (i != readl(rx_ring->tail)))) {
+ if (unlikely(i != readl(rx_ring->tail))) {
u32 rctl = er32(RCTL);
ew32(RCTL, rctl & ~E1000_RCTL_EN);
@@ -624,11 +622,11 @@ static void e1000e_update_tdt_wa(struct
{
struct e1000_adapter *adapter = tx_ring->adapter;
struct e1000_hw *hw = &adapter->hw;
- s32 ret_val = __ew32_prepare(hw);
+ __ew32_prepare(hw);
writel(i, tx_ring->tail);
- if (unlikely(!ret_val && (i != readl(tx_ring->tail)))) {
+ if (unlikely(i != readl(tx_ring->tail))) {
u32 tctl = er32(TCTL);
ew32(TCTL, tctl & ~E1000_TCTL_EN);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 234/267] carl9170: remove P2P_GO support
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 233/267] e1000e: Relax condition to trigger reset for ME workaround Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 235/267] media: go7007: fix a miss of snd_card_free Greg Kroah-Hartman
` (34 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frank Schäfer,
Christian Lamparter, Kalle Valo
From: Christian Lamparter <chunkeey@gmail.com>
commit b14fba7ebd04082f7767a11daea7f12f3593de22 upstream.
This patch follows up on a bug-report by Frank Schäfer that
discovered P2P GO wasn't working with wpa_supplicant.
This patch removes part of the broken P2P GO support but
keeps the vif switchover code in place.
Cc: <stable@vger.kernel.org>
Link: <https://lkml.kernel.org/r/3a9d86b6-744f-e670-8792-9167257edef8@googlemail.com>
Reported-by: Frank Schäfer <fschaefer.oss@googlemail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200425092811.9494-1-chunkeey@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/carl9170/fw.c | 4 +---
drivers/net/wireless/ath/carl9170/main.c | 21 ++++-----------------
2 files changed, 5 insertions(+), 20 deletions(-)
--- a/drivers/net/wireless/ath/carl9170/fw.c
+++ b/drivers/net/wireless/ath/carl9170/fw.c
@@ -351,9 +351,7 @@ static int carl9170_fw(struct ar9170 *ar
ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
if (SUPP(CARL9170FW_WLANTX_CAB)) {
- if_comb_types |=
- BIT(NL80211_IFTYPE_AP) |
- BIT(NL80211_IFTYPE_P2P_GO);
+ if_comb_types |= BIT(NL80211_IFTYPE_AP);
#ifdef CONFIG_MAC80211_MESH
if_comb_types |=
--- a/drivers/net/wireless/ath/carl9170/main.c
+++ b/drivers/net/wireless/ath/carl9170/main.c
@@ -582,11 +582,10 @@ static int carl9170_init_interface(struc
ar->disable_offload |= ((vif->type != NL80211_IFTYPE_STATION) &&
(vif->type != NL80211_IFTYPE_AP));
- /* While the driver supports HW offload in a single
- * P2P client configuration, it doesn't support HW
- * offload in the favourit, concurrent P2P GO+CLIENT
- * configuration. Hence, HW offload will always be
- * disabled for P2P.
+ /* The driver used to have P2P GO+CLIENT support,
+ * but since this was dropped and we don't know if
+ * there are any gremlins lurking in the shadows,
+ * so best we keep HW offload disabled for P2P.
*/
ar->disable_offload |= vif->p2p;
@@ -639,18 +638,6 @@ static int carl9170_op_add_interface(str
if (vif->type == NL80211_IFTYPE_STATION)
break;
- /* P2P GO [master] use-case
- * Because the P2P GO station is selected dynamically
- * by all participating peers of a WIFI Direct network,
- * the driver has be able to change the main interface
- * operating mode on the fly.
- */
- if (main_vif->p2p && vif->p2p &&
- vif->type == NL80211_IFTYPE_AP) {
- old_main = main_vif;
- break;
- }
-
err = -EBUSY;
rcu_read_unlock();
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 235/267] media: go7007: fix a miss of snd_card_free
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 234/267] carl9170: remove P2P_GO support Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 236/267] Bluetooth: hci_bcm: fix freeing not-requested IRQ Greg Kroah-Hartman
` (33 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuhong Yuan, Hans Verkuil,
Mauro Carvalho Chehab, Salvatore Bonaccorso
From: Chuhong Yuan <hslester96@gmail.com>
commit 9453264ef58638ce8976121ac44c07a3ef375983 upstream.
go7007_snd_init() misses a snd_card_free() in an error path.
Add the missed call to fix it.
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
[Salvatore Bonaccorso: Adjust context for backport to versions which do
not contain c0decac19da3 ("media: use strscpy() instead of strlcpy()")
and ba78170ef153 ("media: go7007: Fix misuse of strscpy")]
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/go7007/snd-go7007.c | 35 ++++++++++++++++------------------
1 file changed, 17 insertions(+), 18 deletions(-)
--- a/drivers/media/usb/go7007/snd-go7007.c
+++ b/drivers/media/usb/go7007/snd-go7007.c
@@ -244,22 +244,18 @@ int go7007_snd_init(struct go7007 *go)
gosnd->capturing = 0;
ret = snd_card_new(go->dev, index[dev], id[dev], THIS_MODULE, 0,
&gosnd->card);
- if (ret < 0) {
- kfree(gosnd);
- return ret;
- }
+ if (ret < 0)
+ goto free_snd;
+
ret = snd_device_new(gosnd->card, SNDRV_DEV_LOWLEVEL, go,
&go7007_snd_device_ops);
- if (ret < 0) {
- kfree(gosnd);
- return ret;
- }
+ if (ret < 0)
+ goto free_card;
+
ret = snd_pcm_new(gosnd->card, "go7007", 0, 0, 1, &gosnd->pcm);
- if (ret < 0) {
- snd_card_free(gosnd->card);
- kfree(gosnd);
- return ret;
- }
+ if (ret < 0)
+ goto free_card;
+
strlcpy(gosnd->card->driver, "go7007", sizeof(gosnd->card->driver));
strlcpy(gosnd->card->shortname, go->name, sizeof(gosnd->card->driver));
strlcpy(gosnd->card->longname, gosnd->card->shortname,
@@ -270,11 +266,8 @@ int go7007_snd_init(struct go7007 *go)
&go7007_snd_capture_ops);
ret = snd_card_register(gosnd->card);
- if (ret < 0) {
- snd_card_free(gosnd->card);
- kfree(gosnd);
- return ret;
- }
+ if (ret < 0)
+ goto free_card;
gosnd->substream = NULL;
go->snd_context = gosnd;
@@ -282,6 +275,12 @@ int go7007_snd_init(struct go7007 *go)
++dev;
return 0;
+
+free_card:
+ snd_card_free(gosnd->card);
+free_snd:
+ kfree(gosnd);
+ return ret;
}
EXPORT_SYMBOL(go7007_snd_init);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 236/267] Bluetooth: hci_bcm: fix freeing not-requested IRQ
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 235/267] media: go7007: fix a miss of snd_card_free Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 237/267] b43legacy: Fix case where channel status is corrupted Greg Kroah-Hartman
` (32 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michał Mirosław, Marcel Holtmann
From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
commit 81bd5d0c62437c02caac6b3f942fcda874063cb0 upstream.
When BT module can't be initialized, but it has an IRQ, unloading
the driver WARNs when trying to free not-yet-requested IRQ. Fix it by
noting whether the IRQ was requested.
WARNING: CPU: 2 PID: 214 at kernel/irq/devres.c:144 devm_free_irq+0x49/0x4ca
[...]
WARNING: CPU: 2 PID: 214 at kernel/irq/manage.c:1746 __free_irq+0x8b/0x27c
Trying to free already-free IRQ 264
Modules linked in: hci_uart(-) btbcm bluetooth ecdh_generic ecc libaes
CPU: 2 PID: 214 Comm: rmmod Tainted: G W 5.6.1mq-00044-ga5f9ea098318-dirty #928
[...]
[<b016aefb>] (devm_free_irq) from [<af8ba1ff>] (bcm_close+0x97/0x118 [hci_uart])
[<af8ba1ff>] (bcm_close [hci_uart]) from [<af8b736f>] (hci_uart_unregister_device+0x33/0x3c [hci_uart])
[<af8b736f>] (hci_uart_unregister_device [hci_uart]) from [<b035930b>] (serdev_drv_remove+0x13/0x20)
[<b035930b>] (serdev_drv_remove) from [<b037093b>] (device_release_driver_internal+0x97/0x118)
[<b037093b>] (device_release_driver_internal) from [<b0370a0b>] (driver_detach+0x2f/0x58)
[<b0370a0b>] (driver_detach) from [<b036f855>] (bus_remove_driver+0x41/0x94)
[<b036f855>] (bus_remove_driver) from [<af8ba8db>] (bcm_deinit+0x1b/0x740 [hci_uart])
[<af8ba8db>] (bcm_deinit [hci_uart]) from [<af8ba86f>] (hci_uart_exit+0x13/0x30 [hci_uart])
[<af8ba86f>] (hci_uart_exit [hci_uart]) from [<b01900bd>] (sys_delete_module+0x109/0x1d0)
[<b01900bd>] (sys_delete_module) from [<b0101001>] (ret_fast_syscall+0x1/0x5a)
[...]
Cc: stable@vger.kernel.org
Fixes: 6cc4396c8829 ("Bluetooth: hci_bcm: Add wake-up capability")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bluetooth/hci_bcm.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -115,6 +115,7 @@ struct bcm_device {
u32 oper_speed;
int irq;
bool irq_active_low;
+ bool irq_acquired;
#ifdef CONFIG_PM
struct hci_uart *hu;
@@ -288,6 +289,8 @@ static int bcm_request_irq(struct bcm_da
goto unlock;
}
+ bdev->irq_acquired = true;
+
device_init_wakeup(bdev->dev, true);
pm_runtime_set_autosuspend_delay(bdev->dev,
@@ -456,7 +459,7 @@ static int bcm_close(struct hci_uart *hu
}
if (bdev) {
- if (IS_ENABLED(CONFIG_PM) && bdev->irq > 0) {
+ if (IS_ENABLED(CONFIG_PM) && bdev->irq_acquired) {
devm_free_irq(bdev->dev, bdev->irq, bdev);
device_init_wakeup(bdev->dev, false);
pm_runtime_disable(bdev->dev);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 237/267] b43legacy: Fix case where channel status is corrupted
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 236/267] Bluetooth: hci_bcm: fix freeing not-requested IRQ Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 238/267] b43: Fix connection problem with WPA3 Greg Kroah-Hartman
` (31 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Larry Finger, Kalle Valo
From: Larry Finger <Larry.Finger@lwfinger.net>
commit ec4d3e3a054578de34cd0b587ab8a1ac36f629d9 upstream.
This patch fixes commit 75388acd0cd8 ("add mac80211-based driver for
legacy BCM43xx devices")
In https://bugzilla.kernel.org/show_bug.cgi?id=207093, a defect in
b43legacy is reported. Upon testing, thus problem exists on PPC and
X86 platforms, is present in the oldest kernel tested (3.2), and
has been present in the driver since it was first added to the kernel.
The problem is a corrupted channel status received from the device.
Both the internal card in a PowerBook G4 and the PCMCIA version
(Broadcom BCM4306 with PCI ID 14e4:4320) have the problem. Only Rev, 2
(revision 4 of the 802.11 core) of the chip has been tested. No other
devices using b43legacy are available for testing.
Various sources of the problem were considered. Buffer overrun and
other sources of corruption within the driver were rejected because
the faulty channel status is always the same, not a random value.
It was concluded that the faulty data is coming from the device, probably
due to a firmware bug. As that source is not available, the driver
must take appropriate action to recover.
At present, the driver reports the error, and them continues to process
the bad packet. This is believed that to be a mistake, and the correct
action is to drop the correpted packet.
Fixes: 75388acd0cd8 ("add mac80211-based driver for legacy BCM43xx devices")
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-and-tested by: F. Erhard <erhard_f@mailbox.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200407190043.1686-1-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/b43legacy/xmit.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/broadcom/b43legacy/xmit.c
+++ b/drivers/net/wireless/broadcom/b43legacy/xmit.c
@@ -571,6 +571,7 @@ void b43legacy_rx(struct b43legacy_wldev
default:
b43legacywarn(dev->wl, "Unexpected value for chanstat (0x%X)\n",
chanstat);
+ goto drop;
}
memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 238/267] b43: Fix connection problem with WPA3
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 237/267] b43legacy: Fix case where channel status is corrupted Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 239/267] b43_legacy: " Greg Kroah-Hartman
` (30 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Larry Finger, Kalle Valo, Rui Salvaterra
From: Larry Finger <Larry.Finger@lwfinger.net>
commit 75d057bda1fbca6ade21378aa45db712e5f7d962 upstream.
Since the driver was first introduced into the kernel, it has only
handled the ciphers associated with WEP, WPA, and WPA2. It fails with
WPA3 even though mac80211 can handle those additional ciphers in software,
b43 did not report that it could handle them. By setting MFP_CAPABLE using
ieee80211_set_hw(), the problem is fixed.
With this change, b43 will handle the ciphers it knows in hardware,
and let mac80211 handle the others in software. It is not necessary to
use the module parameter NOHWCRYPT to turn hardware encryption off.
Although this change essentially eliminates that module parameter,
I am choosing to keep it for cases where the hardware is broken,
and software encryption is required for all ciphers.
Reported-and-tested-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200526155909.5807-2-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/b43/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/broadcom/b43/main.c
+++ b/drivers/net/wireless/broadcom/b43/main.c
@@ -5596,7 +5596,7 @@ static struct b43_wl *b43_wireless_init(
/* fill hw info */
ieee80211_hw_set(hw, RX_INCLUDES_FCS);
ieee80211_hw_set(hw, SIGNAL_DBM);
-
+ ieee80211_hw_set(hw, MFP_CAPABLE);
hw->wiphy->interface_modes =
BIT(NL80211_IFTYPE_AP) |
BIT(NL80211_IFTYPE_MESH_POINT) |
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 239/267] b43_legacy: Fix connection problem with WPA3
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 238/267] b43: Fix connection problem with WPA3 Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 240/267] media: ov5640: fix use of destroyed mutex Greg Kroah-Hartman
` (29 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Larry Finger, Kalle Valo
From: Larry Finger <Larry.Finger@lwfinger.net>
commit 6a29d134c04a8acebb7a95251acea7ad7abba106 upstream.
Since the driver was first introduced into the kernel, it has only
handled the ciphers associated with WEP, WPA, and WPA2. It fails with
WPA3 even though mac80211 can handle those additional ciphers in software,
b43legacy did not report that it could handle them. By setting MFP_CAPABLE using
ieee80211_set_hw(), the problem is fixed.
With this change, b43legacy will handle the ciphers it knows in hardware,
and let mac80211 handle the others in software. It is not necessary to
use the module parameter NOHWCRYPT to turn hardware encryption off.
Although this change essentially eliminates that module parameter,
I am choosing to keep it for cases where the hardware is broken,
and software encryption is required for all ciphers.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200526155909.5807-3-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/broadcom/b43legacy/main.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/wireless/broadcom/b43legacy/main.c
+++ b/drivers/net/wireless/broadcom/b43legacy/main.c
@@ -3835,6 +3835,7 @@ static int b43legacy_wireless_init(struc
/* fill hw info */
ieee80211_hw_set(hw, RX_INCLUDES_FCS);
ieee80211_hw_set(hw, SIGNAL_DBM);
+ ieee80211_hw_set(hw, MFP_CAPABLE); /* Allow WPA3 in software */
hw->wiphy->interface_modes =
BIT(NL80211_IFTYPE_AP) |
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 240/267] media: ov5640: fix use of destroyed mutex
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 239/267] b43_legacy: " Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 241/267] igb: Report speed and duplex as unknown when device is runtime suspended Greg Kroah-Hartman
` (28 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomi Valkeinen, Laurent Pinchart,
Benoit Parrot, Sakari Ailus, Mauro Carvalho Chehab
From: Tomi Valkeinen <tomi.valkeinen@ti.com>
commit bfcba38d95a0aed146a958a84a2177af1459eddc upstream.
v4l2_ctrl_handler_free() uses hdl->lock, which in ov5640 driver is set
to sensor's own sensor->lock. In ov5640_remove(), the driver destroys the
sensor->lock first, and then calls v4l2_ctrl_handler_free(), resulting
in the use of the destroyed mutex.
Fix this by calling moving the mutex_destroy() to the end of the cleanup
sequence, as there's no need to destroy the mutex as early as possible.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: stable@vger.kernel.org # v4.14+
Reviewed-by: Benoit Parrot <bparrot@ti.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/i2c/ov5640.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/i2c/ov5640.c
+++ b/drivers/media/i2c/ov5640.c
@@ -2829,8 +2829,8 @@ static int ov5640_probe(struct i2c_clien
free_ctrls:
v4l2_ctrl_handler_free(&sensor->ctrls.handler);
entity_cleanup:
- mutex_destroy(&sensor->lock);
media_entity_cleanup(&sensor->sd.entity);
+ mutex_destroy(&sensor->lock);
return ret;
}
@@ -2840,9 +2840,9 @@ static int ov5640_remove(struct i2c_clie
struct ov5640_dev *sensor = to_ov5640_dev(sd);
v4l2_async_unregister_subdev(&sensor->sd);
- mutex_destroy(&sensor->lock);
media_entity_cleanup(&sensor->sd.entity);
v4l2_ctrl_handler_free(&sensor->ctrls.handler);
+ mutex_destroy(&sensor->lock);
return 0;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 241/267] igb: Report speed and duplex as unknown when device is runtime suspended
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 240/267] media: ov5640: fix use of destroyed mutex Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 242/267] power: vexpress: add suppress_bind_attrs to true Greg Kroah-Hartman
` (27 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Duyck, Kai-Heng Feng,
Aaron Brown, Jeff Kirsher
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
commit 165ae7a8feb53dc47fb041357e4b253bfc927cf9 upstream.
igb device gets runtime suspended when there's no link partner. We can't
get correct speed under that state:
$ cat /sys/class/net/enp3s0/speed
1000
In addition to that, an error can also be spotted in dmesg:
[ 385.991957] igb 0000:03:00.0 enp3s0: PCIe link lost
Since device can only be runtime suspended when there's no link partner,
we can skip reading register and let the following logic set speed and
duplex with correct status.
The more generic approach will be wrap get_link_ksettings() with begin()
and complete() callbacks. However, for this particular issue, begin()
calls igb_runtime_resume() , which tries to rtnl_lock() while the lock
is already hold by upper ethtool layer.
So let's take this approach until the igb_runtime_resume() no longer
needs to hold rtnl_lock.
CC: stable <stable@vger.kernel.org>
Suggested-by: Alexander Duyck <alexander.duyck@gmail.com>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/igb/igb_ethtool.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/intel/igb/igb_ethtool.c
+++ b/drivers/net/ethernet/intel/igb/igb_ethtool.c
@@ -143,7 +143,8 @@ static int igb_get_link_ksettings(struct
u32 speed;
u32 supported, advertising;
- status = rd32(E1000_STATUS);
+ status = pm_runtime_suspended(&adapter->pdev->dev) ?
+ 0 : rd32(E1000_STATUS);
if (hw->phy.media_type == e1000_media_type_copper) {
supported = (SUPPORTED_10baseT_Half |
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 242/267] power: vexpress: add suppress_bind_attrs to true
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 241/267] igb: Report speed and duplex as unknown when device is runtime suspended Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 243/267] pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 Greg Kroah-Hartman
` (26 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Anders Roxell, Arnd Bergmann
From: Anders Roxell <anders.roxell@linaro.org>
commit 73174acc9c75960af2daa7dcbdb9781fc0d135cb upstream.
Make sure that the POWER_RESET_VEXPRESS driver won't have bind/unbind
attributes available via the sysfs, so lets be explicit here and use
".suppress_bind_attrs = true" to prevent userspace from doing something
silly.
Link: https://lore.kernel.org/r/20200527112608.3886105-2-anders.roxell@linaro.org
Cc: stable@vger.kernel.org
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/power/reset/vexpress-poweroff.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/power/reset/vexpress-poweroff.c
+++ b/drivers/power/reset/vexpress-poweroff.c
@@ -150,6 +150,7 @@ static struct platform_driver vexpress_r
.driver = {
.name = "vexpress-reset",
.of_match_table = vexpress_reset_of_match,
+ .suppress_bind_attrs = true,
},
};
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 243/267] pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 242/267] power: vexpress: add suppress_bind_attrs to true Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 244/267] pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs Greg Kroah-Hartman
` (25 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Bakker, Krzysztof Kozlowski
From: Jonathan Bakker <xc-racer2@live.ca>
commit b577a279914085c6b657c33e9f39ef56d96a3302 upstream.
Commit a8be2af0218c ("pinctrl: samsung: Write external wakeup interrupt
mask") started writing the eint wakeup mask from the pinctrl driver.
Unfortunately, it made the assumption that the private retention data
was always a regmap while in the case of s5pv210 it is a raw pointer
to the clock base (as the eint wakeup mask not in the PMU as with newer
Exynos platforms).
Fixes: a8be2af0218c ("pinctrl: samsung: Write external wakeup interrupt mask")
Cc: <stable@vger.kernel.org>
Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/samsung/pinctrl-exynos.c | 73 ++++++++++++++++++++-----------
1 file changed, 49 insertions(+), 24 deletions(-)
--- a/drivers/pinctrl/samsung/pinctrl-exynos.c
+++ b/drivers/pinctrl/samsung/pinctrl-exynos.c
@@ -40,6 +40,8 @@ struct exynos_irq_chip {
u32 eint_pend;
u32 eint_wake_mask_value;
u32 eint_wake_mask_reg;
+ void (*set_eint_wakeup_mask)(struct samsung_pinctrl_drv_data *drvdata,
+ struct exynos_irq_chip *irq_chip);
};
static inline struct exynos_irq_chip *to_exynos_irq_chip(struct irq_chip *chip)
@@ -350,6 +352,47 @@ static int exynos_wkup_irq_set_wake(stru
return 0;
}
+static void
+exynos_pinctrl_set_eint_wakeup_mask(struct samsung_pinctrl_drv_data *drvdata,
+ struct exynos_irq_chip *irq_chip)
+{
+ struct regmap *pmu_regs;
+
+ if (!drvdata->retention_ctrl || !drvdata->retention_ctrl->priv) {
+ dev_warn(drvdata->dev,
+ "No retention data configured bank with external wakeup interrupt. Wake-up mask will not be set.\n");
+ return;
+ }
+
+ pmu_regs = drvdata->retention_ctrl->priv;
+ dev_info(drvdata->dev,
+ "Setting external wakeup interrupt mask: 0x%x\n",
+ irq_chip->eint_wake_mask_value);
+
+ regmap_write(pmu_regs, irq_chip->eint_wake_mask_reg,
+ irq_chip->eint_wake_mask_value);
+}
+
+static void
+s5pv210_pinctrl_set_eint_wakeup_mask(struct samsung_pinctrl_drv_data *drvdata,
+ struct exynos_irq_chip *irq_chip)
+
+{
+ void __iomem *clk_base;
+
+ if (!drvdata->retention_ctrl || !drvdata->retention_ctrl->priv) {
+ dev_warn(drvdata->dev,
+ "No retention data configured bank with external wakeup interrupt. Wake-up mask will not be set.\n");
+ return;
+ }
+
+
+ clk_base = (void __iomem *) drvdata->retention_ctrl->priv;
+
+ __raw_writel(irq_chip->eint_wake_mask_value,
+ clk_base + irq_chip->eint_wake_mask_reg);
+}
+
/*
* irq_chip for wakeup interrupts
*/
@@ -368,8 +411,9 @@ static const struct exynos_irq_chip s5pv
.eint_mask = EXYNOS_WKUP_EMASK_OFFSET,
.eint_pend = EXYNOS_WKUP_EPEND_OFFSET,
.eint_wake_mask_value = EXYNOS_EINT_WAKEUP_MASK_DISABLED,
- /* Only difference with exynos4210_wkup_irq_chip: */
+ /* Only differences with exynos4210_wkup_irq_chip: */
.eint_wake_mask_reg = S5PV210_EINT_WAKEUP_MASK,
+ .set_eint_wakeup_mask = s5pv210_pinctrl_set_eint_wakeup_mask,
};
static const struct exynos_irq_chip exynos4210_wkup_irq_chip __initconst = {
@@ -388,6 +432,7 @@ static const struct exynos_irq_chip exyn
.eint_pend = EXYNOS_WKUP_EPEND_OFFSET,
.eint_wake_mask_value = EXYNOS_EINT_WAKEUP_MASK_DISABLED,
.eint_wake_mask_reg = EXYNOS_EINT_WAKEUP_MASK,
+ .set_eint_wakeup_mask = exynos_pinctrl_set_eint_wakeup_mask,
};
static const struct exynos_irq_chip exynos7_wkup_irq_chip __initconst = {
@@ -406,6 +451,7 @@ static const struct exynos_irq_chip exyn
.eint_pend = EXYNOS7_WKUP_EPEND_OFFSET,
.eint_wake_mask_value = EXYNOS_EINT_WAKEUP_MASK_DISABLED,
.eint_wake_mask_reg = EXYNOS5433_EINT_WAKEUP_MASK,
+ .set_eint_wakeup_mask = exynos_pinctrl_set_eint_wakeup_mask,
};
/* list of external wakeup controllers supported */
@@ -582,27 +628,6 @@ int exynos_eint_wkup_init(struct samsung
return 0;
}
-static void
-exynos_pinctrl_set_eint_wakeup_mask(struct samsung_pinctrl_drv_data *drvdata,
- struct exynos_irq_chip *irq_chip)
-{
- struct regmap *pmu_regs;
-
- if (!drvdata->retention_ctrl || !drvdata->retention_ctrl->priv) {
- dev_warn(drvdata->dev,
- "No retention data configured bank with external wakeup interrupt. Wake-up mask will not be set.\n");
- return;
- }
-
- pmu_regs = drvdata->retention_ctrl->priv;
- dev_info(drvdata->dev,
- "Setting external wakeup interrupt mask: 0x%x\n",
- irq_chip->eint_wake_mask_value);
-
- regmap_write(pmu_regs, irq_chip->eint_wake_mask_reg,
- irq_chip->eint_wake_mask_value);
-}
-
static void exynos_pinctrl_suspend_bank(
struct samsung_pinctrl_drv_data *drvdata,
struct samsung_pin_bank *bank)
@@ -634,8 +659,8 @@ void exynos_pinctrl_suspend(struct samsu
else if (bank->eint_type == EINT_TYPE_WKUP) {
if (!irq_chip) {
irq_chip = bank->irq_chip;
- exynos_pinctrl_set_eint_wakeup_mask(drvdata,
- irq_chip);
+ irq_chip->set_eint_wakeup_mask(drvdata,
+ irq_chip);
} else if (bank->irq_chip != irq_chip) {
dev_warn(drvdata->dev,
"More than one external wakeup interrupt chip configured (bank: %s). This is not supported by hardware nor by driver.\n",
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 244/267] pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 243/267] pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 245/267] gnss: sirf: fix error return code in sirf_probe() Greg Kroah-Hartman
` (24 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Bakker, Krzysztof Kozlowski
From: Jonathan Bakker <xc-racer2@live.ca>
commit f354157a7d184db430c1a564c506434e33b1bec5 upstream.
Currently, for EINT_TYPE GPIOs, the CON and FLTCON registers
are saved and restored over a suspend/resume cycle. However, the
EINT_MASK registers are not.
On S5PV210 at the very least, these registers are not retained over
suspend, leading to the interrupts remaining masked upon resume and
therefore no interrupts being triggered for the device. There should
be no effect on any SoCs that do retain these registers as theoretically
we would just be re-writing what was already there.
Fixes: 7ccbc60cd9c2 ("pinctrl: exynos: Handle suspend/resume of GPIO EINT registers")
Cc: <stable@vger.kernel.org>
Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/samsung/pinctrl-exynos.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/pinctrl/samsung/pinctrl-exynos.c
+++ b/drivers/pinctrl/samsung/pinctrl-exynos.c
@@ -267,6 +267,7 @@ struct exynos_eint_gpio_save {
u32 eint_con;
u32 eint_fltcon0;
u32 eint_fltcon1;
+ u32 eint_mask;
};
/*
@@ -641,10 +642,13 @@ static void exynos_pinctrl_suspend_bank(
+ 2 * bank->eint_offset);
save->eint_fltcon1 = readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET
+ 2 * bank->eint_offset + 4);
+ save->eint_mask = readl(regs + bank->irq_chip->eint_mask
+ + bank->eint_offset);
pr_debug("%s: save con %#010x\n", bank->name, save->eint_con);
pr_debug("%s: save fltcon0 %#010x\n", bank->name, save->eint_fltcon0);
pr_debug("%s: save fltcon1 %#010x\n", bank->name, save->eint_fltcon1);
+ pr_debug("%s: save mask %#010x\n", bank->name, save->eint_mask);
}
void exynos_pinctrl_suspend(struct samsung_pinctrl_drv_data *drvdata)
@@ -686,6 +690,9 @@ static void exynos_pinctrl_resume_bank(
pr_debug("%s: fltcon1 %#010x => %#010x\n", bank->name,
readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET
+ 2 * bank->eint_offset + 4), save->eint_fltcon1);
+ pr_debug("%s: mask %#010x => %#010x\n", bank->name,
+ readl(regs + bank->irq_chip->eint_mask
+ + bank->eint_offset), save->eint_mask);
writel(save->eint_con, regs + EXYNOS_GPIO_ECON_OFFSET
+ bank->eint_offset);
@@ -693,6 +700,8 @@ static void exynos_pinctrl_resume_bank(
+ 2 * bank->eint_offset);
writel(save->eint_fltcon1, regs + EXYNOS_GPIO_EFLTCON_OFFSET
+ 2 * bank->eint_offset + 4);
+ writel(save->eint_mask, regs + bank->irq_chip->eint_mask
+ + bank->eint_offset);
}
void exynos_pinctrl_resume(struct samsung_pinctrl_drv_data *drvdata)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 245/267] gnss: sirf: fix error return code in sirf_probe()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 244/267] pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 246/267] sparc32: fix register window handling in genregs32_[gs]et() Greg Kroah-Hartman
` (23 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wei Yongjun, Johan Hovold
From: Wei Yongjun <weiyongjun1@huawei.com>
commit 43d7ce70ae43dd8523754b17f567417e0e75dbce upstream.
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
This avoids a use-after-free in case the driver is later unbound.
Fixes: d2efbbd18b1e ("gnss: add driver for sirfstar-based receivers")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
[ johan: amend commit message; mention potential use-after-free ]
Cc: stable <stable@vger.kernel.org> # 4.19
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gnss/sirf.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/gnss/sirf.c
+++ b/drivers/gnss/sirf.c
@@ -292,14 +292,18 @@ static int sirf_probe(struct serdev_devi
data->on_off = devm_gpiod_get_optional(dev, "sirf,onoff",
GPIOD_OUT_LOW);
- if (IS_ERR(data->on_off))
+ if (IS_ERR(data->on_off)) {
+ ret = PTR_ERR(data->on_off);
goto err_put_device;
+ }
if (data->on_off) {
data->wakeup = devm_gpiod_get_optional(dev, "sirf,wakeup",
GPIOD_IN);
- if (IS_ERR(data->wakeup))
+ if (IS_ERR(data->wakeup)) {
+ ret = PTR_ERR(data->wakeup);
goto err_put_device;
+ }
/*
* Configurations where WAKEUP has been left not connected,
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 246/267] sparc32: fix register window handling in genregs32_[gs]et()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 245/267] gnss: sirf: fix error return code in sirf_probe() Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 247/267] sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() Greg Kroah-Hartman
` (22 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Al Viro
From: Al Viro <viro@zeniv.linux.org.uk>
commit cf51e129b96847f969bfb8af1ee1516a01a70b39 upstream.
It needs access_process_vm() if the traced process does not share
mm with the caller. Solution is similar to what sparc64 does.
Note that genregs32_set() is only ever called with pos being 0
or 32 * sizeof(u32) (the latter - as part of PTRACE_SETREGS
handling).
Cc: stable@kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/sparc/kernel/ptrace_32.c | 230 ++++++++++++++++++------------------------
1 file changed, 99 insertions(+), 131 deletions(-)
--- a/arch/sparc/kernel/ptrace_32.c
+++ b/arch/sparc/kernel/ptrace_32.c
@@ -46,82 +46,79 @@ enum sparc_regset {
REGSET_FP,
};
+static int regwindow32_get(struct task_struct *target,
+ const struct pt_regs *regs,
+ u32 *uregs)
+{
+ unsigned long reg_window = regs->u_regs[UREG_I6];
+ int size = 16 * sizeof(u32);
+
+ if (target == current) {
+ if (copy_from_user(uregs, (void __user *)reg_window, size))
+ return -EFAULT;
+ } else {
+ if (access_process_vm(target, reg_window, uregs, size,
+ FOLL_FORCE) != size)
+ return -EFAULT;
+ }
+ return 0;
+}
+
+static int regwindow32_set(struct task_struct *target,
+ const struct pt_regs *regs,
+ u32 *uregs)
+{
+ unsigned long reg_window = regs->u_regs[UREG_I6];
+ int size = 16 * sizeof(u32);
+
+ if (target == current) {
+ if (copy_to_user((void __user *)reg_window, uregs, size))
+ return -EFAULT;
+ } else {
+ if (access_process_vm(target, reg_window, uregs, size,
+ FOLL_FORCE | FOLL_WRITE) != size)
+ return -EFAULT;
+ }
+ return 0;
+}
+
static int genregs32_get(struct task_struct *target,
const struct user_regset *regset,
unsigned int pos, unsigned int count,
void *kbuf, void __user *ubuf)
{
const struct pt_regs *regs = target->thread.kregs;
- unsigned long __user *reg_window;
- unsigned long *k = kbuf;
- unsigned long __user *u = ubuf;
- unsigned long reg;
+ u32 uregs[16];
+ int ret;
if (target == current)
flush_user_windows();
- pos /= sizeof(reg);
- count /= sizeof(reg);
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ regs->u_regs,
+ 0, 16 * sizeof(u32));
+ if (ret || !count)
+ return ret;
- if (kbuf) {
- for (; count > 0 && pos < 16; count--)
- *k++ = regs->u_regs[pos++];
-
- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
- reg_window -= 16;
- for (; count > 0 && pos < 32; count--) {
- if (get_user(*k++, ®_window[pos++]))
- return -EFAULT;
- }
- } else {
- for (; count > 0 && pos < 16; count--) {
- if (put_user(regs->u_regs[pos++], u++))
- return -EFAULT;
- }
-
- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
- reg_window -= 16;
- for (; count > 0 && pos < 32; count--) {
- if (get_user(reg, ®_window[pos++]) ||
- put_user(reg, u++))
- return -EFAULT;
- }
- }
- while (count > 0) {
- switch (pos) {
- case 32: /* PSR */
- reg = regs->psr;
- break;
- case 33: /* PC */
- reg = regs->pc;
- break;
- case 34: /* NPC */
- reg = regs->npc;
- break;
- case 35: /* Y */
- reg = regs->y;
- break;
- case 36: /* WIM */
- case 37: /* TBR */
- reg = 0;
- break;
- default:
- goto finish;
- }
-
- if (kbuf)
- *k++ = reg;
- else if (put_user(reg, u++))
+ if (pos < 32 * sizeof(u32)) {
+ if (regwindow32_get(target, regs, uregs))
return -EFAULT;
- pos++;
- count--;
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ uregs,
+ 16 * sizeof(u32), 32 * sizeof(u32));
+ if (ret || !count)
+ return ret;
}
-finish:
- pos *= sizeof(reg);
- count *= sizeof(reg);
- return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
- 38 * sizeof(reg), -1);
+ uregs[0] = regs->psr;
+ uregs[1] = regs->pc;
+ uregs[2] = regs->npc;
+ uregs[3] = regs->y;
+ uregs[4] = 0; /* WIM */
+ uregs[5] = 0; /* TBR */
+ return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ uregs,
+ 32 * sizeof(u32), 38 * sizeof(u32));
}
static int genregs32_set(struct task_struct *target,
@@ -130,82 +127,53 @@ static int genregs32_set(struct task_str
const void *kbuf, const void __user *ubuf)
{
struct pt_regs *regs = target->thread.kregs;
- unsigned long __user *reg_window;
- const unsigned long *k = kbuf;
- const unsigned long __user *u = ubuf;
- unsigned long reg;
+ u32 uregs[16];
+ u32 psr;
+ int ret;
if (target == current)
flush_user_windows();
- pos /= sizeof(reg);
- count /= sizeof(reg);
-
- if (kbuf) {
- for (; count > 0 && pos < 16; count--)
- regs->u_regs[pos++] = *k++;
-
- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
- reg_window -= 16;
- for (; count > 0 && pos < 32; count--) {
- if (put_user(*k++, ®_window[pos++]))
- return -EFAULT;
- }
- } else {
- for (; count > 0 && pos < 16; count--) {
- if (get_user(reg, u++))
- return -EFAULT;
- regs->u_regs[pos++] = reg;
- }
-
- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
- reg_window -= 16;
- for (; count > 0 && pos < 32; count--) {
- if (get_user(reg, u++) ||
- put_user(reg, ®_window[pos++]))
- return -EFAULT;
- }
- }
- while (count > 0) {
- unsigned long psr;
-
- if (kbuf)
- reg = *k++;
- else if (get_user(reg, u++))
- return -EFAULT;
-
- switch (pos) {
- case 32: /* PSR */
- psr = regs->psr;
- psr &= ~(PSR_ICC | PSR_SYSCALL);
- psr |= (reg & (PSR_ICC | PSR_SYSCALL));
- regs->psr = psr;
- break;
- case 33: /* PC */
- regs->pc = reg;
- break;
- case 34: /* NPC */
- regs->npc = reg;
- break;
- case 35: /* Y */
- regs->y = reg;
- break;
- case 36: /* WIM */
- case 37: /* TBR */
- break;
- default:
- goto finish;
- }
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ regs->u_regs,
+ 0, 16 * sizeof(u32));
+ if (ret || !count)
+ return ret;
- pos++;
- count--;
+ if (pos < 32 * sizeof(u32)) {
+ if (regwindow32_get(target, regs, uregs))
+ return -EFAULT;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ uregs,
+ 16 * sizeof(u32), 32 * sizeof(u32));
+ if (ret)
+ return ret;
+ if (regwindow32_set(target, regs, uregs))
+ return -EFAULT;
+ if (!count)
+ return 0;
}
-finish:
- pos *= sizeof(reg);
- count *= sizeof(reg);
-
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ &psr,
+ 32 * sizeof(u32), 33 * sizeof(u32));
+ if (ret)
+ return ret;
+ regs->psr = (regs->psr & ~(PSR_ICC | PSR_SYSCALL)) |
+ (psr & (PSR_ICC | PSR_SYSCALL));
+ if (!count)
+ return 0;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ ®s->pc,
+ 33 * sizeof(u32), 34 * sizeof(u32));
+ if (ret || !count)
+ return ret;
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+ ®s->y,
+ 34 * sizeof(u32), 35 * sizeof(u32));
+ if (ret || !count)
+ return ret;
return user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
- 38 * sizeof(reg), -1);
+ 35 * sizeof(u32), 38 * sizeof(u32));
}
static int fpregs32_get(struct task_struct *target,
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 247/267] sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 246/267] sparc32: fix register window handling in genregs32_[gs]et() Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 248/267] dm crypt: avoid truncating the logical block size Greg Kroah-Hartman
` (21 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Al Viro
From: Al Viro <viro@zeniv.linux.org.uk>
commit 142cd25293f6a7ecbdff4fb0af17de6438d46433 upstream.
We do need access_process_vm() to access the target's reg_window.
However, access to caller's memory (storing the result in
genregs32_get(), fetching the new values in case of genregs32_set())
should be done by normal uaccess primitives.
Fixes: ad4f95764040 ([SPARC64]: Fix user accesses in regset code.)
Cc: stable@kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/sparc/kernel/ptrace_64.c | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
--- a/arch/sparc/kernel/ptrace_64.c
+++ b/arch/sparc/kernel/ptrace_64.c
@@ -571,19 +571,13 @@ static int genregs32_get(struct task_str
for (; count > 0 && pos < 32; count--) {
if (access_process_vm(target,
(unsigned long)
- ®_window[pos],
+ ®_window[pos++],
®, sizeof(reg),
FOLL_FORCE)
!= sizeof(reg))
return -EFAULT;
- if (access_process_vm(target,
- (unsigned long) u,
- ®, sizeof(reg),
- FOLL_FORCE | FOLL_WRITE)
- != sizeof(reg))
+ if (put_user(reg, u++))
return -EFAULT;
- pos++;
- u++;
}
}
}
@@ -683,12 +677,7 @@ static int genregs32_set(struct task_str
}
} else {
for (; count > 0 && pos < 32; count--) {
- if (access_process_vm(target,
- (unsigned long)
- u,
- ®, sizeof(reg),
- FOLL_FORCE)
- != sizeof(reg))
+ if (get_user(reg, u++))
return -EFAULT;
if (access_process_vm(target,
(unsigned long)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 248/267] dm crypt: avoid truncating the logical block size
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 247/267] sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 249/267] alpha: fix memory barriers so that they conform to the specification Greg Kroah-Hartman
` (20 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, Mikulas Patocka, Mike Snitzer
From: Eric Biggers <ebiggers@google.com>
commit 64611a15ca9da91ff532982429c44686f4593b5f upstream.
queue_limits::logical_block_size got changed from unsigned short to
unsigned int, but it was forgotten to update crypt_io_hints() to use the
new type. Fix it.
Fixes: ad6bf88a6c19 ("block: fix an integer overflow in logical block size")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-crypt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -3078,7 +3078,7 @@ static void crypt_io_hints(struct dm_tar
limits->max_segment_size = PAGE_SIZE;
limits->logical_block_size =
- max_t(unsigned short, limits->logical_block_size, cc->sector_size);
+ max_t(unsigned, limits->logical_block_size, cc->sector_size);
limits->physical_block_size =
max_t(unsigned, limits->physical_block_size, cc->sector_size);
limits->io_min = max_t(unsigned, limits->io_min, cc->sector_size);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 249/267] alpha: fix memory barriers so that they conform to the specification
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 248/267] dm crypt: avoid truncating the logical block size Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 250/267] kernel/cpu_pm: Fix uninitted local in cpu_pm Greg Kroah-Hartman
` (19 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Ivan Kokshaysky,
Maciej W. Rozycki, Matt Turner
From: Mikulas Patocka <mpatocka@redhat.com>
commit 54505a1e2083fc54cbe8779b97479f969cd30a00 upstream.
The commits cd0e00c10672 and 92d7223a7423 broke boot on the Alpha Avanti
platform. The patches move memory barriers after a write before the write.
The result is that if there's iowrite followed by ioread, there is no
barrier between them.
The Alpha architecture allows reordering of the accesses to the I/O space,
and the missing barrier between write and read causes hang with serial
port and real time clock.
This patch makes barriers confiorm to the specification.
1. We add mb() before readX_relaxed and writeX_relaxed -
memory-barriers.txt claims that these functions must be ordered w.r.t.
each other. Alpha doesn't order them, so we need an explicit barrier.
2. We add mb() before reads from the I/O space - so that if there's a
write followed by a read, there should be a barrier between them.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Fixes: cd0e00c10672 ("alpha: io: reorder barriers to guarantee writeX() and iowriteX() ordering")
Fixes: 92d7223a7423 ("alpha: io: reorder barriers to guarantee writeX() and iowriteX() ordering #2")
Cc: stable@vger.kernel.org # v4.17+
Acked-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Reviewed-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/alpha/include/asm/io.h | 74 +++++++++++++++++++++++++++++++++++---------
arch/alpha/kernel/io.c | 60 +++++++++++++++++++++++++++++++----
2 files changed, 112 insertions(+), 22 deletions(-)
--- a/arch/alpha/include/asm/io.h
+++ b/arch/alpha/include/asm/io.h
@@ -327,14 +327,18 @@ static inline int __is_mmio(const volati
#if IO_CONCAT(__IO_PREFIX,trivial_io_bw)
extern inline unsigned int ioread8(void __iomem *addr)
{
- unsigned int ret = IO_CONCAT(__IO_PREFIX,ioread8)(addr);
+ unsigned int ret;
+ mb();
+ ret = IO_CONCAT(__IO_PREFIX,ioread8)(addr);
mb();
return ret;
}
extern inline unsigned int ioread16(void __iomem *addr)
{
- unsigned int ret = IO_CONCAT(__IO_PREFIX,ioread16)(addr);
+ unsigned int ret;
+ mb();
+ ret = IO_CONCAT(__IO_PREFIX,ioread16)(addr);
mb();
return ret;
}
@@ -375,7 +379,9 @@ extern inline void outw(u16 b, unsigned
#if IO_CONCAT(__IO_PREFIX,trivial_io_lq)
extern inline unsigned int ioread32(void __iomem *addr)
{
- unsigned int ret = IO_CONCAT(__IO_PREFIX,ioread32)(addr);
+ unsigned int ret;
+ mb();
+ ret = IO_CONCAT(__IO_PREFIX,ioread32)(addr);
mb();
return ret;
}
@@ -420,14 +426,18 @@ extern inline void __raw_writew(u16 b, v
extern inline u8 readb(const volatile void __iomem *addr)
{
- u8 ret = __raw_readb(addr);
+ u8 ret;
+ mb();
+ ret = __raw_readb(addr);
mb();
return ret;
}
extern inline u16 readw(const volatile void __iomem *addr)
{
- u16 ret = __raw_readw(addr);
+ u16 ret;
+ mb();
+ ret = __raw_readw(addr);
mb();
return ret;
}
@@ -468,14 +478,18 @@ extern inline void __raw_writeq(u64 b, v
extern inline u32 readl(const volatile void __iomem *addr)
{
- u32 ret = __raw_readl(addr);
+ u32 ret;
+ mb();
+ ret = __raw_readl(addr);
mb();
return ret;
}
extern inline u64 readq(const volatile void __iomem *addr)
{
- u64 ret = __raw_readq(addr);
+ u64 ret;
+ mb();
+ ret = __raw_readq(addr);
mb();
return ret;
}
@@ -504,14 +518,44 @@ extern inline void writeq(u64 b, volatil
#define outb_p outb
#define outw_p outw
#define outl_p outl
-#define readb_relaxed(addr) __raw_readb(addr)
-#define readw_relaxed(addr) __raw_readw(addr)
-#define readl_relaxed(addr) __raw_readl(addr)
-#define readq_relaxed(addr) __raw_readq(addr)
-#define writeb_relaxed(b, addr) __raw_writeb(b, addr)
-#define writew_relaxed(b, addr) __raw_writew(b, addr)
-#define writel_relaxed(b, addr) __raw_writel(b, addr)
-#define writeq_relaxed(b, addr) __raw_writeq(b, addr)
+
+extern u8 readb_relaxed(const volatile void __iomem *addr);
+extern u16 readw_relaxed(const volatile void __iomem *addr);
+extern u32 readl_relaxed(const volatile void __iomem *addr);
+extern u64 readq_relaxed(const volatile void __iomem *addr);
+
+#if IO_CONCAT(__IO_PREFIX,trivial_io_bw)
+extern inline u8 readb_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readb(addr);
+}
+
+extern inline u16 readw_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readw(addr);
+}
+#endif
+
+#if IO_CONCAT(__IO_PREFIX,trivial_io_lq)
+extern inline u32 readl_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readl(addr);
+}
+
+extern inline u64 readq_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readq(addr);
+}
+#endif
+
+#define writeb_relaxed writeb
+#define writew_relaxed writew
+#define writel_relaxed writel
+#define writeq_relaxed writeq
#define mmiowb()
--- a/arch/alpha/kernel/io.c
+++ b/arch/alpha/kernel/io.c
@@ -16,21 +16,27 @@
unsigned int
ioread8(void __iomem *addr)
{
- unsigned int ret = IO_CONCAT(__IO_PREFIX,ioread8)(addr);
+ unsigned int ret;
+ mb();
+ ret = IO_CONCAT(__IO_PREFIX,ioread8)(addr);
mb();
return ret;
}
unsigned int ioread16(void __iomem *addr)
{
- unsigned int ret = IO_CONCAT(__IO_PREFIX,ioread16)(addr);
+ unsigned int ret;
+ mb();
+ ret = IO_CONCAT(__IO_PREFIX,ioread16)(addr);
mb();
return ret;
}
unsigned int ioread32(void __iomem *addr)
{
- unsigned int ret = IO_CONCAT(__IO_PREFIX,ioread32)(addr);
+ unsigned int ret;
+ mb();
+ ret = IO_CONCAT(__IO_PREFIX,ioread32)(addr);
mb();
return ret;
}
@@ -148,28 +154,36 @@ EXPORT_SYMBOL(__raw_writeq);
u8 readb(const volatile void __iomem *addr)
{
- u8 ret = __raw_readb(addr);
+ u8 ret;
+ mb();
+ ret = __raw_readb(addr);
mb();
return ret;
}
u16 readw(const volatile void __iomem *addr)
{
- u16 ret = __raw_readw(addr);
+ u16 ret;
+ mb();
+ ret = __raw_readw(addr);
mb();
return ret;
}
u32 readl(const volatile void __iomem *addr)
{
- u32 ret = __raw_readl(addr);
+ u32 ret;
+ mb();
+ ret = __raw_readl(addr);
mb();
return ret;
}
u64 readq(const volatile void __iomem *addr)
{
- u64 ret = __raw_readq(addr);
+ u64 ret;
+ mb();
+ ret = __raw_readq(addr);
mb();
return ret;
}
@@ -207,6 +221,38 @@ EXPORT_SYMBOL(writew);
EXPORT_SYMBOL(writel);
EXPORT_SYMBOL(writeq);
+/*
+ * The _relaxed functions must be ordered w.r.t. each other, but they don't
+ * have to be ordered w.r.t. other memory accesses.
+ */
+u8 readb_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readb(addr);
+}
+
+u16 readw_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readw(addr);
+}
+
+u32 readl_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readl(addr);
+}
+
+u64 readq_relaxed(const volatile void __iomem *addr)
+{
+ mb();
+ return __raw_readq(addr);
+}
+
+EXPORT_SYMBOL(readb_relaxed);
+EXPORT_SYMBOL(readw_relaxed);
+EXPORT_SYMBOL(readl_relaxed);
+EXPORT_SYMBOL(readq_relaxed);
/*
* Read COUNT 8-bit bytes from port PORT into memory starting at SRC.
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 250/267] kernel/cpu_pm: Fix uninitted local in cpu_pm
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 249/267] alpha: fix memory barriers so that they conform to the specification Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 251/267] ARM: tegra: Correct PL310 Auxiliary Control Register initialization Greg Kroah-Hartman
` (18 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki, Stephen Boyd,
Douglas Anderson, Bjorn Andersson
From: Douglas Anderson <dianders@chromium.org>
commit b5945214b76a1f22929481724ffd448000ede914 upstream.
cpu_pm_notify() is basically a wrapper of notifier_call_chain().
notifier_call_chain() doesn't initialize *nr_calls to 0 before it
starts incrementing it--presumably it's up to the callers to do this.
Unfortunately the callers of cpu_pm_notify() don't init *nr_calls.
This potentially means you could get too many or two few calls to
CPU_PM_ENTER_FAILED or CPU_CLUSTER_PM_ENTER_FAILED depending on the
luck of the stack.
Let's fix this.
Fixes: ab10023e0088 ("cpu_pm: Add cpu power management notifiers")
Cc: stable@vger.kernel.org
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20200504104917.v6.3.I2d44fc0053d019f239527a4e5829416714b7e299@changeid
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/cpu_pm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/cpu_pm.c
+++ b/kernel/cpu_pm.c
@@ -89,7 +89,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_unregister_noti
*/
int cpu_pm_enter(void)
{
- int nr_calls;
+ int nr_calls = 0;
int ret = 0;
ret = cpu_pm_notify(CPU_PM_ENTER, -1, &nr_calls);
@@ -140,7 +140,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_exit);
*/
int cpu_cluster_pm_enter(void)
{
- int nr_calls;
+ int nr_calls = 0;
int ret = 0;
ret = cpu_pm_notify(CPU_CLUSTER_PM_ENTER, -1, &nr_calls);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 251/267] ARM: tegra: Correct PL310 Auxiliary Control Register initialization
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 250/267] kernel/cpu_pm: Fix uninitted local in cpu_pm Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 252/267] ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensors bus Greg Kroah-Hartman
` (17 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Osipenko, Nicolas Chauvet,
Thierry Reding
From: Dmitry Osipenko <digetx@gmail.com>
commit 35509737c8f958944e059d501255a0bf18361ba0 upstream.
The PL310 Auxiliary Control Register shouldn't have the "Full line of
zero" optimization bit being set before L2 cache is enabled. The L2X0
driver takes care of enabling the optimization by itself.
This patch fixes a noisy error message on Tegra20 and Tegra30 telling
that cache optimization is erroneously enabled without enabling it for
the CPU:
L2C-310: enabling full line of zeros but not enabled in Cortex-A9
Cc: <stable@vger.kernel.org>
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Tested-by: Nicolas Chauvet <kwizart@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-tegra/tegra.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/mach-tegra/tegra.c
+++ b/arch/arm/mach-tegra/tegra.c
@@ -112,8 +112,8 @@ static const char * const tegra_dt_board
};
DT_MACHINE_START(TEGRA_DT, "NVIDIA Tegra SoC (Flattened Device Tree)")
- .l2c_aux_val = 0x3c400001,
- .l2c_aux_mask = 0xc20fc3fe,
+ .l2c_aux_val = 0x3c400000,
+ .l2c_aux_mask = 0xc20fc3ff,
.smp = smp_ops(tegra_smp_ops),
.map_io = tegra_map_common_io,
.init_early = tegra_init_early,
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 252/267] ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensors bus
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 251/267] ARM: tegra: Correct PL310 Auxiliary Control Register initialization Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 253/267] ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin Greg Kroah-Hartman
` (16 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Krzysztof Kozlowski
From: Marek Szyprowski <m.szyprowski@samsung.com>
commit 8807d356bfea92b0a8f04ce421800ed83400cd22 upstream.
GPIO lines for the CM36651 sensor I2C bus use the normal not the inverted
polarity. This bug has been there since adding the CM36651 sensor by
commit 85cb4e0bd229 ("ARM: dts: add cm36651 light/proximity sensor node
for exynos4412-trats2"), but went unnoticed because the "i2c-gpio"
driver ignored the GPIO polarity specified in the device-tree.
The recent conversion of "i2c-gpio" driver to the new, descriptor based
GPIO API, automatically made it the DT-specified polarity aware, what
broke the CM36651 sensor operation.
Fixes: 85cb4e0bd229 ("ARM: dts: add cm36651 light/proximity sensor node for exynos4412-trats2")
CC: stable@vger.kernel.org # 4.16+
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/exynos4412-galaxy-s3.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/exynos4412-galaxy-s3.dtsi
+++ b/arch/arm/boot/dts/exynos4412-galaxy-s3.dtsi
@@ -50,7 +50,7 @@
i2c_cm36651: i2c-gpio-2 {
compatible = "i2c-gpio";
- gpios = <&gpf0 0 GPIO_ACTIVE_LOW>, <&gpf0 1 GPIO_ACTIVE_LOW>;
+ gpios = <&gpf0 0 GPIO_ACTIVE_HIGH>, <&gpf0 1 GPIO_ACTIVE_HIGH>;
i2c-gpio,delay-us = <2>;
#address-cells = <1>;
#size-cells = <0>;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 253/267] ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 252/267] ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensors bus Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 254/267] ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries Greg Kroah-Hartman
` (15 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ludovic Desroches, Alexandre Belloni
From: Ludovic Desroches <ludovic.desroches@microchip.com>
commit baa998aecb75c04d62be0a4ab6b724af6d73a0f9 upstream.
The gpio property for the vbus pin doesn't match the pinctrl and is
not correct.
Signed-off-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Fixes: 42ed535595ec "ARM: dts: at91: introduce the sama5d2 ptc ek board"
Cc: stable@vger.kernel.org # 4.19 and later
Link: https://lore.kernel.org/r/20200401221947.41502-1-ludovic.desroches@microchip.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts
+++ b/arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts
@@ -40,7 +40,7 @@
ahb {
usb0: gadget@300000 {
- atmel,vbus-gpio = <&pioA PIN_PA27 GPIO_ACTIVE_HIGH>;
+ atmel,vbus-gpio = <&pioA PIN_PB11 GPIO_ACTIVE_HIGH>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_usba_vbus>;
status = "okay";
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 254/267] ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 253/267] ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin Greg Kroah-Hartman
@ 2020-06-19 14:33 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 255/267] drivers/macintosh: Fix memleak in windfarm_pm112 driver Greg Kroah-Hartman
` (14 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:33 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Bakker, Krzysztof Kozlowski
From: Jonathan Bakker <xc-racer2@live.ca>
commit 869d42e6eba821905e1a0950623aadafe1a6e6d3 upstream.
SDHCI1 is connected to a BCM4329 WiFi/BT chip which requires
power to be kept over suspend. As the surrounding hardware supports
this, mark it as such. This fixes WiFi after a suspend/resume cycle.
Fixes: 170642468a51 ("ARM: dts: s5pv210: Add initial DTS for Samsung Aries based phones")
Cc: <stable@vger.kernel.org>
Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/s5pv210-aries.dtsi | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm/boot/dts/s5pv210-aries.dtsi
+++ b/arch/arm/boot/dts/s5pv210-aries.dtsi
@@ -374,6 +374,7 @@
pinctrl-names = "default";
cap-sd-highspeed;
cap-mmc-highspeed;
+ keep-power-in-suspend;
mmc-pwrseq = <&wifi_pwrseq>;
non-removable;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 255/267] drivers/macintosh: Fix memleak in windfarm_pm112 driver
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2020-06-19 14:33 ` [PATCH 4.19 254/267] ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 256/267] powerpc/64s: Dont let DT CPU features set FSCR_DSCR Greg Kroah-Hartman
` (13 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Erhard F., Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 93900337b9ac2f4eca427eff6d187be2dc3b5551 upstream.
create_cpu_loop() calls smu_sat_get_sdb_partition() which does
kmalloc() and returns the allocated buffer. In fact it's called twice,
and neither buffer is freed.
This results in a memory leak as reported by Erhard:
unreferenced object 0xc00000047081f840 (size 32):
comm "kwindfarm", pid 203, jiffies 4294880630 (age 5552.877s)
hex dump (first 32 bytes):
c8 06 02 7f ff 02 ff 01 fb bf 00 41 00 20 00 00 ...........A. ..
00 07 89 37 00 a0 00 00 00 00 00 00 00 00 00 00 ...7............
backtrace:
[<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat]
[<000000003010fcb7>] .pm112_wf_notify+0x104c/0x13bc [windfarm_pm112]
[<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180
[<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90
[<00000000131d8149>] .wf_thread_func+0x114/0x1a0
[<000000000d54838d>] .kthread+0x13c/0x190
[<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64
unreferenced object 0xc0000004737089f0 (size 16):
comm "kwindfarm", pid 203, jiffies 4294880879 (age 5552.050s)
hex dump (first 16 bytes):
c4 04 01 7f 22 11 e0 e6 ff 55 7b 12 ec 11 00 00 ...."....U{.....
backtrace:
[<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat]
[<00000000b94ef7e1>] .pm112_wf_notify+0x1294/0x13bc [windfarm_pm112]
[<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180
[<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90
[<00000000131d8149>] .wf_thread_func+0x114/0x1a0
[<000000000d54838d>] .kthread+0x13c/0x190
[<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64
Fix it by rearranging the logic so we deal with each buffer
separately, which then makes it easy to free the buffer once we're
done with it.
Fixes: ac171c46667c ("[PATCH] powerpc: Thermal control for dual core G5s")
Cc: stable@vger.kernel.org # v2.6.16+
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Tested-by: Erhard F. <erhard_f@mailbox.org>
Link: https://lore.kernel.org/r/20200423060038.3308530-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/macintosh/windfarm_pm112.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
--- a/drivers/macintosh/windfarm_pm112.c
+++ b/drivers/macintosh/windfarm_pm112.c
@@ -133,14 +133,6 @@ static int create_cpu_loop(int cpu)
s32 tmax;
int fmin;
- /* Get PID params from the appropriate SAT */
- hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL);
- if (hdr == NULL) {
- printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n");
- return -EINVAL;
- }
- piddata = (struct smu_sdbp_cpupiddata *)&hdr[1];
-
/* Get FVT params to get Tmax; if not found, assume default */
hdr = smu_sat_get_sdb_partition(chip, 0xC4 + core, NULL);
if (hdr) {
@@ -153,6 +145,16 @@ static int create_cpu_loop(int cpu)
if (tmax < cpu_all_tmax)
cpu_all_tmax = tmax;
+ kfree(hdr);
+
+ /* Get PID params from the appropriate SAT */
+ hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL);
+ if (hdr == NULL) {
+ printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n");
+ return -EINVAL;
+ }
+ piddata = (struct smu_sdbp_cpupiddata *)&hdr[1];
+
/*
* Darwin has a minimum fan speed of 1000 rpm for the 4-way and
* 515 for the 2-way. That appears to be overkill, so for now,
@@ -175,6 +177,9 @@ static int create_cpu_loop(int cpu)
pid.min = fmin;
wf_cpu_pid_init(&cpu_pid[cpu], &pid);
+
+ kfree(hdr);
+
return 0;
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 256/267] powerpc/64s: Dont let DT CPU features set FSCR_DSCR
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 255/267] drivers/macintosh: Fix memleak in windfarm_pm112 driver Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 257/267] powerpc/64s: Save FSCR to init_task.thread.fscr after feature init Greg Kroah-Hartman
` (12 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 993e3d96fd08c3ebf7566e43be9b8cd622063e6d upstream.
The device tree CPU features binding includes FSCR bit numbers which
Linux is instructed to set by firmware.
Whether that's a good idea or not, in the case of the DSCR the Linux
implementation has a hard requirement that the FSCR_DSCR bit not be
set by default. We use it to track when a process reads/writes to
DSCR, so it must be clear to begin with.
So if firmware tells us to set FSCR_DSCR we must ignore it.
Currently this does not cause a bug in our DSCR handling because the
value of FSCR that the device tree CPU features code establishes is
only used by swapper. All other tasks use the value hard coded in
init_task.thread.fscr.
However we'd like to fix that in a future commit, at which point this
will become necessary.
Fixes: 5a61ef74f269 ("powerpc/64s: Support new device tree binding for discovering CPU features")
Cc: stable@vger.kernel.org # v4.12+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200527145843.2761782-2-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/dt_cpu_ftrs.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/arch/powerpc/kernel/dt_cpu_ftrs.c
+++ b/arch/powerpc/kernel/dt_cpu_ftrs.c
@@ -346,6 +346,14 @@ static int __init feat_enable_dscr(struc
{
u64 lpcr;
+ /*
+ * Linux relies on FSCR[DSCR] being clear, so that we can take the
+ * facility unavailable interrupt and track the task's usage of DSCR.
+ * See facility_unavailable_exception().
+ * Clear the bit here so that feat_enable() doesn't set it.
+ */
+ f->fscr_bit_nr = -1;
+
feat_enable(f);
lpcr = mfspr(SPRN_LPCR);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 257/267] powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 256/267] powerpc/64s: Dont let DT CPU features set FSCR_DSCR Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 258/267] kbuild: force to build vmlinux if CONFIG_MODVERSION=y Greg Kroah-Hartman
` (11 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 912c0a7f2b5daa3cbb2bc10f303981e493de73bd upstream.
At boot the FSCR is initialised via one of two paths. On most systems
it's set to a hard coded value in __init_FSCR().
On newer skiboot systems we use the device tree CPU features binding,
where firmware can tell Linux what bits to set in FSCR (and HFSCR).
In both cases the value that's configured at boot is not propagated
into the init_task.thread.fscr value prior to the initial fork of init
(pid 1), which means the value is not used by any processes other than
swapper (the idle task).
For the __init_FSCR() case this is OK, because the value in
init_task.thread.fscr is initialised to something sensible. However it
does mean that the value set in __init_FSCR() is not used other than
for swapper, which is odd and confusing.
The bigger problem is for the device tree CPU features case it
prevents firmware from setting (or clearing) FSCR bits for use by user
space. This means all existing kernels can not have features
enabled/disabled by firmware if those features require
setting/clearing FSCR bits.
We can handle both cases by saving the FSCR value into
init_task.thread.fscr after we have initialised it at boot. This fixes
the bug for device tree CPU features, and will allow us to simplify
the initialisation for the __init_FSCR() case in a future patch.
Fixes: 5a61ef74f269 ("powerpc/64s: Support new device tree binding for discovering CPU features")
Cc: stable@vger.kernel.org # v4.12+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200527145843.2761782-3-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/prom.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -685,6 +685,23 @@ static void __init tm_init(void)
static void tm_init(void) { }
#endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
+#ifdef CONFIG_PPC64
+static void __init save_fscr_to_task(void)
+{
+ /*
+ * Ensure the init_task (pid 0, aka swapper) uses the value of FSCR we
+ * have configured via the device tree features or via __init_FSCR().
+ * That value will then be propagated to pid 1 (init) and all future
+ * processes.
+ */
+ if (early_cpu_has_feature(CPU_FTR_ARCH_207S))
+ init_task.thread.fscr = mfspr(SPRN_FSCR);
+}
+#else
+static inline void save_fscr_to_task(void) {};
+#endif
+
+
void __init early_init_devtree(void *params)
{
phys_addr_t limit;
@@ -770,6 +787,8 @@ void __init early_init_devtree(void *par
BUG();
}
+ save_fscr_to_task();
+
#if defined(CONFIG_SMP) && defined(CONFIG_PPC64)
/* We'll later wait for secondaries to check in; there are
* NCPUS-1 non-boot CPUs :-)
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 258/267] kbuild: force to build vmlinux if CONFIG_MODVERSION=y
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 257/267] powerpc/64s: Save FSCR to init_task.thread.fscr after feature init Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 259/267] sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations Greg Kroah-Hartman
` (10 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Masahiro Yamada
From: Masahiro Yamada <masahiroy@kernel.org>
commit 4b50c8c4eaf06a825d1c005c0b1b4a8307087b83 upstream.
This code does not work as stated in the comment.
$(CONFIG_MODVERSIONS) is always empty because it is expanded before
include/config/auto.conf is included. Hence, 'make modules' with
CONFIG_MODVERSION=y cannot record the version CRCs.
This has been broken since 2003, commit ("kbuild: Enable modules to be
build using the "make dir/" syntax"). [1]
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=15c6240cdc44bbeef3c4797ec860f9765ef4f1a7
Cc: linux-stable <stable@vger.kernel.org> # v2.5.71+
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Makefile | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -554,12 +554,8 @@ KBUILD_MODULES :=
KBUILD_BUILTIN := 1
# If we have only "make modules", don't compile built-in objects.
-# When we're building modules with modversions, we need to consider
-# the built-in objects during the descend as well, in order to
-# make sure the checksums are up to date before we record them.
-
ifeq ($(MAKECMDGOALS),modules)
- KBUILD_BUILTIN := $(if $(CONFIG_MODVERSIONS),1)
+ KBUILD_BUILTIN :=
endif
# If we have "make <whatever> modules", compile modules
@@ -1229,6 +1225,13 @@ ifdef CONFIG_MODULES
all: modules
+# When we're building modules with modversions, we need to consider
+# the built-in objects during the descend as well, in order to
+# make sure the checksums are up to date before we record them.
+ifdef CONFIG_MODVERSIONS
+ KBUILD_BUILTIN := 1
+endif
+
# Build modules
#
# A module can be listed more than once in obj-m resulting in
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 259/267] sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 258/267] kbuild: force to build vmlinux if CONFIG_MODVERSION=y Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 260/267] sunrpc: clean up properly in gss_mech_unregister() Greg Kroah-Hartman
` (9 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, J. Bruce Fields
From: NeilBrown <neilb@suse.de>
commit d47a5dc2888fd1b94adf1553068b8dad76cec96c upstream.
There is no valid case for supporting duplicate pseudoflavor
registrations.
Currently the silent acceptance of such registrations is hiding a bug.
The rpcsec_gss_krb5 module registers 2 flavours but does not unregister
them, so if you load, unload, reload the module, it will happily
continue to use the old registration which now has pointers to the
memory were the module was originally loaded. This could lead to
unexpected results.
So disallow duplicate registrations.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651
Cc: stable@vger.kernel.org (v2.6.12+)
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/auth_gss/svcauth_gss.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -796,9 +796,11 @@ svcauth_gss_register_pseudoflavor(u32 ps
new->h.flavour = &svcauthops_gss;
new->pseudoflavor = pseudoflavor;
- stat = 0;
test = auth_domain_lookup(name, &new->h);
- if (test != &new->h) { /* Duplicate registration */
+ if (test != &new->h) {
+ pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n",
+ name);
+ stat = -EADDRINUSE;
auth_domain_put(test);
kfree(new->h.name);
goto out_free_dom;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 260/267] sunrpc: clean up properly in gss_mech_unregister()
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 259/267] sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 261/267] mtd: rawnand: brcmnand: fix hamming oob layout Greg Kroah-Hartman
` (8 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, J. Bruce Fields
From: NeilBrown <neilb@suse.de>
commit 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 upstream.
gss_mech_register() calls svcauth_gss_register_pseudoflavor() for each
flavour, but gss_mech_unregister() does not call auth_domain_put().
This is unbalanced and makes it impossible to reload the module.
Change svcauth_gss_register_pseudoflavor() to return the registered
auth_domain, and save it for later release.
Cc: stable@vger.kernel.org (v2.6.12+)
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/sunrpc/gss_api.h | 1 +
include/linux/sunrpc/svcauth_gss.h | 3 ++-
net/sunrpc/auth_gss/gss_mech_switch.c | 12 +++++++++---
net/sunrpc/auth_gss/svcauth_gss.c | 12 ++++++------
4 files changed, 18 insertions(+), 10 deletions(-)
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -83,6 +83,7 @@ struct pf_desc {
u32 service;
char *name;
char *auth_domain_name;
+ struct auth_domain *domain;
bool datatouch;
};
--- a/include/linux/sunrpc/svcauth_gss.h
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -21,7 +21,8 @@ int gss_svc_init(void);
void gss_svc_shutdown(void);
int gss_svc_init_net(struct net *net);
void gss_svc_shutdown_net(struct net *net);
-int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
+struct auth_domain *svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
+ char *name);
u32 svcauth_gss_flavor(struct auth_domain *dom);
#endif /* __KERNEL__ */
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -61,6 +61,8 @@ gss_mech_free(struct gss_api_mech *gm)
for (i = 0; i < gm->gm_pf_num; i++) {
pf = &gm->gm_pfs[i];
+ if (pf->domain)
+ auth_domain_put(pf->domain);
kfree(pf->auth_domain_name);
pf->auth_domain_name = NULL;
}
@@ -83,6 +85,7 @@ make_auth_domain_name(char *name)
static int
gss_mech_svc_setup(struct gss_api_mech *gm)
{
+ struct auth_domain *dom;
struct pf_desc *pf;
int i, status;
@@ -92,10 +95,13 @@ gss_mech_svc_setup(struct gss_api_mech *
status = -ENOMEM;
if (pf->auth_domain_name == NULL)
goto out;
- status = svcauth_gss_register_pseudoflavor(pf->pseudoflavor,
- pf->auth_domain_name);
- if (status)
+ dom = svcauth_gss_register_pseudoflavor(
+ pf->pseudoflavor, pf->auth_domain_name);
+ if (IS_ERR(dom)) {
+ status = PTR_ERR(dom);
goto out;
+ }
+ pf->domain = dom;
}
return 0;
out:
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -779,7 +779,7 @@ u32 svcauth_gss_flavor(struct auth_domai
EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
-int
+struct auth_domain *
svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
{
struct gss_domain *new;
@@ -802,17 +802,17 @@ svcauth_gss_register_pseudoflavor(u32 ps
name);
stat = -EADDRINUSE;
auth_domain_put(test);
- kfree(new->h.name);
- goto out_free_dom;
+ goto out_free_name;
}
- return 0;
+ return test;
+out_free_name:
+ kfree(new->h.name);
out_free_dom:
kfree(new);
out:
- return stat;
+ return ERR_PTR(stat);
}
-
EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);
static inline int
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 261/267] mtd: rawnand: brcmnand: fix hamming oob layout
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 260/267] sunrpc: clean up properly in gss_mech_unregister() Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 262/267] mtd: rawnand: pasemi: Fix the probe error path Greg Kroah-Hartman
` (7 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Álvaro Fernández Rojas,
Miquel Raynal
From: Álvaro Fernández Rojas <noltari@gmail.com>
commit 130bbde4809b011faf64f99dddc14b4b01f440c3 upstream.
First 2 bytes are used in large-page nand.
Fixes: ef5eeea6e911 ("mtd: nand: brcm: switch to mtd_ooblayout_ops")
Cc: stable@vger.kernel.org
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20200512075733.745374-2-noltari@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
@@ -911,11 +911,14 @@ static int brcmnand_hamming_ooblayout_fr
if (!section) {
/*
* Small-page NAND use byte 6 for BBI while large-page
- * NAND use byte 0.
+ * NAND use bytes 0 and 1.
*/
- if (cfg->page_size > 512)
- oobregion->offset++;
- oobregion->length--;
+ if (cfg->page_size > 512) {
+ oobregion->offset += 2;
+ oobregion->length -= 2;
+ } else {
+ oobregion->length--;
+ }
}
}
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 262/267] mtd: rawnand: pasemi: Fix the probe error path
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 261/267] mtd: rawnand: brcmnand: fix hamming oob layout Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 263/267] w1: omap-hdq: cleanup to add missing newline for some dev_dbg Greg Kroah-Hartman
` (6 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miquel Raynal
From: Miquel Raynal <miquel.raynal@bootlin.com>
commit f51466901c07e6930435d30b02a21f0841174f61 upstream.
nand_cleanup() is supposed to be called on error after a successful
call to nand_scan() to free all NAND resources.
There is no real Fixes tag applying here as the use of nand_release()
in this driver predates by far the introduction of nand_cleanup() in
commit d44154f969a4 ("mtd: nand: Provide nand_cleanup() function to free NAND related resources")
which makes this change possible, hence pointing it as the commit to
fix for backporting purposes, even if this commit is not introducing
any bug.
Fixes: d44154f969a4 ("mtd: nand: Provide nand_cleanup() function to free NAND related resources")
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/linux-mtd/20200519130035.1883-41-miquel.raynal@bootlin.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/pasemi_nand.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/mtd/nand/raw/pasemi_nand.c
+++ b/drivers/mtd/nand/raw/pasemi_nand.c
@@ -163,7 +163,7 @@ static int pasemi_nand_probe(struct plat
if (mtd_device_register(pasemi_nand_mtd, NULL, 0)) {
dev_err(dev, "Unable to register MTD device\n");
err = -ENODEV;
- goto out_lpc;
+ goto out_cleanup_nand;
}
dev_info(dev, "PA Semi NAND flash at %pR, control at I/O %x\n", &res,
@@ -171,6 +171,8 @@ static int pasemi_nand_probe(struct plat
return 0;
+ out_cleanup_nand:
+ nand_cleanup(chip);
out_lpc:
release_region(lpcctl, 4);
out_ior:
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 263/267] w1: omap-hdq: cleanup to add missing newline for some dev_dbg
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 262/267] mtd: rawnand: pasemi: Fix the probe error path Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 264/267] perf probe: Do not show the skipped events Greg Kroah-Hartman
` (5 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Lindgren, H. Nikolaus Schaller
From: H. Nikolaus Schaller <hns@goldelico.com>
commit 5e02f3b31704e24537697bce54f8156bdb72b7a6 upstream.
Otherwise it will corrupt the console log during debugging.
Fixes: 7b5362a603a1 ("w1: omap_hdq: Fix some error/debug handling.")
Cc: stable@vger.kernel.org
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Link: https://lore.kernel.org/r/cd0d55749a091214106575f6e1d363c6db56622f.1590255176.git.hns@goldelico.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/w1/masters/omap_hdq.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/w1/masters/omap_hdq.c
+++ b/drivers/w1/masters/omap_hdq.c
@@ -176,7 +176,7 @@ static int hdq_write_byte(struct hdq_dat
/* check irqstatus */
if (!(*status & OMAP_HDQ_INT_STATUS_TXCOMPLETE)) {
dev_dbg(hdq_data->dev, "timeout waiting for"
- " TXCOMPLETE/RXCOMPLETE, %x", *status);
+ " TXCOMPLETE/RXCOMPLETE, %x\n", *status);
ret = -ETIMEDOUT;
goto out;
}
@@ -187,7 +187,7 @@ static int hdq_write_byte(struct hdq_dat
OMAP_HDQ_FLAG_CLEAR, &tmp_status);
if (ret) {
dev_dbg(hdq_data->dev, "timeout waiting GO bit"
- " return to zero, %x", tmp_status);
+ " return to zero, %x\n", tmp_status);
}
out:
@@ -203,7 +203,7 @@ static irqreturn_t hdq_isr(int irq, void
spin_lock_irqsave(&hdq_data->hdq_spinlock, irqflags);
hdq_data->hdq_irqstatus = hdq_reg_in(hdq_data, OMAP_HDQ_INT_STATUS);
spin_unlock_irqrestore(&hdq_data->hdq_spinlock, irqflags);
- dev_dbg(hdq_data->dev, "hdq_isr: %x", hdq_data->hdq_irqstatus);
+ dev_dbg(hdq_data->dev, "hdq_isr: %x\n", hdq_data->hdq_irqstatus);
if (hdq_data->hdq_irqstatus &
(OMAP_HDQ_INT_STATUS_TXCOMPLETE | OMAP_HDQ_INT_STATUS_RXCOMPLETE
@@ -311,7 +311,7 @@ static int omap_hdq_break(struct hdq_dat
tmp_status = hdq_data->hdq_irqstatus;
/* check irqstatus */
if (!(tmp_status & OMAP_HDQ_INT_STATUS_TIMEOUT)) {
- dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x",
+ dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x\n",
tmp_status);
ret = -ETIMEDOUT;
goto out;
@@ -338,7 +338,7 @@ static int omap_hdq_break(struct hdq_dat
&tmp_status);
if (ret)
dev_dbg(hdq_data->dev, "timeout waiting INIT&GO bits"
- " return to zero, %x", tmp_status);
+ " return to zero, %x\n", tmp_status);
out:
mutex_unlock(&hdq_data->hdq_mutex);
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 264/267] perf probe: Do not show the skipped events
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 263/267] w1: omap-hdq: cleanup to add missing newline for some dev_dbg Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 265/267] perf probe: Fix to check blacklist address correctly Greg Kroah-Hartman
` (4 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu,
Arnaldo Carvalho de Melo, Jiri Olsa, Namhyung Kim
From: Masami Hiramatsu <mhiramat@kernel.org>
commit f41ebe9defacddeae96a872a33f0f22ced0bfcef upstream.
When a probe point is expanded to several places (like inlined) and if
some of them are skipped because of blacklisted or __init function,
those trace_events has no event name. It must be skipped while showing
results.
Without this fix, you can see "(null):(null)" on the list,
# ./perf probe request_resource
reserve_setup is out of .text, skip it.
Added new events:
(null):(null) (on request_resource)
probe:request_resource (on request_resource)
You can now use it in all perf tools, such as:
perf record -e probe:request_resource -aR sleep 1
#
With this fix, it is ignored:
# ./perf probe request_resource
reserve_setup is out of .text, skip it.
Added new events:
probe:request_resource (on request_resource)
You can now use it in all perf tools, such as:
perf record -e probe:request_resource -aR sleep 1
#
Fixes: 5a51fcd1f30c ("perf probe: Skip kernel symbols which is out of .text")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: http://lore.kernel.org/lkml/158763968263.30755.12800484151476026340.stgit@devnote2
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/builtin-probe.c | 3 +++
1 file changed, 3 insertions(+)
--- a/tools/perf/builtin-probe.c
+++ b/tools/perf/builtin-probe.c
@@ -376,6 +376,9 @@ static int perf_add_probe_events(struct
for (k = 0; k < pev->ntevs; k++) {
struct probe_trace_event *tev = &pev->tevs[k];
+ /* Skipped events have no event name */
+ if (!tev->event)
+ continue;
/* We use tev's name for showing new events */
show_perf_probe_event(tev->group, tev->event, pev,
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 265/267] perf probe: Fix to check blacklist address correctly
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 264/267] perf probe: Do not show the skipped events Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 266/267] perf probe: Check address correctness by map instead of _etext Greg Kroah-Hartman
` (3 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu,
Arnaldo Carvalho de Melo, Jiri Olsa, Namhyung Kim
From: Masami Hiramatsu <mhiramat@kernel.org>
commit 80526491c2ca6abc028c0f0dbb0707a1f35fb18a upstream.
Fix to check kprobe blacklist address correctly with relocated address
by adjusting debuginfo address.
Since the address in the debuginfo is same as objdump, it is different
from relocated kernel address with KASLR. Thus, 'perf probe' always
misses to catch the blacklisted addresses.
Without this patch, 'perf probe' can not detect the blacklist addresses
on a KASLR enabled kernel.
# perf probe kprobe_dispatcher
Failed to write event: Invalid argument
Error: Failed to add events.
#
With this patch, it correctly shows the error message.
# perf probe kprobe_dispatcher
kprobe_dispatcher is blacklisted function, skip it.
Probe point 'kprobe_dispatcher' not found.
Error: Failed to add events.
#
Fixes: 9aaf5a5f479b ("perf probe: Check kprobes blacklist when adding new events")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: http://lore.kernel.org/lkml/158763966411.30755.5882376357738273695.stgit@devnote2
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/probe-event.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
--- a/tools/perf/util/probe-event.c
+++ b/tools/perf/util/probe-event.c
@@ -111,7 +111,7 @@ void exit_probe_symbol_maps(void)
symbol__exit();
}
-static struct ref_reloc_sym *kernel_get_ref_reloc_sym(void)
+static struct ref_reloc_sym *kernel_get_ref_reloc_sym(struct map **pmap)
{
/* kmap->ref_reloc_sym should be set if host_machine is initialized */
struct kmap *kmap;
@@ -123,6 +123,10 @@ static struct ref_reloc_sym *kernel_get_
kmap = map__kmap(map);
if (!kmap)
return NULL;
+
+ if (pmap)
+ *pmap = map;
+
return kmap->ref_reloc_sym;
}
@@ -134,7 +138,7 @@ static int kernel_get_symbol_address_by_
struct map *map;
/* ref_reloc_sym is just a label. Need a special fix*/
- reloc_sym = kernel_get_ref_reloc_sym();
+ reloc_sym = kernel_get_ref_reloc_sym(NULL);
if (reloc_sym && strcmp(name, reloc_sym->name) == 0)
*addr = (reloc) ? reloc_sym->addr : reloc_sym->unrelocated_addr;
else {
@@ -751,6 +755,7 @@ post_process_kernel_probe_trace_events(s
int ntevs)
{
struct ref_reloc_sym *reloc_sym;
+ struct map *map;
char *tmp;
int i, skipped = 0;
@@ -759,7 +764,7 @@ post_process_kernel_probe_trace_events(s
return post_process_offline_probe_trace_events(tevs, ntevs,
symbol_conf.vmlinux_name);
- reloc_sym = kernel_get_ref_reloc_sym();
+ reloc_sym = kernel_get_ref_reloc_sym(&map);
if (!reloc_sym) {
pr_warning("Relocated base symbol is not found!\n");
return -EINVAL;
@@ -770,9 +775,13 @@ post_process_kernel_probe_trace_events(s
continue;
if (tevs[i].point.retprobe && !kretprobe_offset_is_supported())
continue;
- /* If we found a wrong one, mark it by NULL symbol */
+ /*
+ * If we found a wrong one, mark it by NULL symbol.
+ * Since addresses in debuginfo is same as objdump, we need
+ * to convert it to addresses on memory.
+ */
if (kprobe_warn_out_range(tevs[i].point.symbol,
- tevs[i].point.address)) {
+ map__objdump_2mem(map, tevs[i].point.address))) {
tmp = NULL;
skipped++;
} else {
@@ -2887,7 +2896,7 @@ static int find_probe_trace_events_from_
/* Note that the symbols in the kmodule are not relocated */
if (!pev->uprobes && !pev->target &&
(!pp->retprobe || kretprobe_offset_is_supported())) {
- reloc_sym = kernel_get_ref_reloc_sym();
+ reloc_sym = kernel_get_ref_reloc_sym(NULL);
if (!reloc_sym) {
pr_warning("Relocated base symbol is not found!\n");
ret = -EINVAL;
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 266/267] perf probe: Check address correctness by map instead of _etext
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 265/267] perf probe: Fix to check blacklist address correctly Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 267/267] perf symbols: Fix debuginfo search for Ubuntu Greg Kroah-Hartman
` (2 subsequent siblings)
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnaldo Carvalho de Melo,
Masami Hiramatsu, Arnaldo Carvalho de Melo, Jiri Olsa,
Namhyung Kim
From: Masami Hiramatsu <mhiramat@kernel.org>
commit 2ae5d0d7d8868df7c05c2013c0b9cddd4d40610e upstream.
Since commit 03db8b583d1c ("perf tools: Fix
maps__find_symbol_by_name()") introduced map address range check in
maps__find_symbol_by_name(), we can not get "_etext" from kernel map
because _etext is placed on the edge of the kernel .text section (=
kernel map in perf.)
To fix this issue, this checks the address correctness by map address
range information (map->start and map->end) instead of using _etext
address.
This can cause an error if the target inlined function is embedded in
both __init function and normal function.
For exaample, request_resource() is a normal function but also embedded
in __init reserve_setup(). In this case, the probe point in
reserve_setup() must be skipped.
However, without this fix, it failes to setup all probe points:
# ./perf probe -v request_resource
probe-definition(0): request_resource
symbol:request_resource file:(null) line:0 offset:0 return:0 lazy:(null)
0 arguments
Looking at the vmlinux_path (8 entries long)
Using /usr/lib/debug/lib/modules/5.5.17-200.fc31.x86_64/vmlinux for symbols
Open Debuginfo file: /usr/lib/debug/lib/modules/5.5.17-200.fc31.x86_64/vmlinux
Try to find probe point from debuginfo.
Matched function: request_resource [15e29ad]
found inline addr: 0xffffffff82fbf892
Probe point found: reserve_setup+204
found inline addr: 0xffffffff810e9790
Probe point found: request_resource+0
Found 2 probe_trace_events.
Opening /sys/kernel/debug/tracing//kprobe_events write=1
Opening /sys/kernel/debug/tracing//README write=0
Writing event: p:probe/request_resource _text+33290386
Failed to write event: Invalid argument
Error: Failed to add events. Reason: Invalid argument (Code: -22)
#
With this fix,
# ./perf probe request_resource
reserve_setup is out of .text, skip it.
Added new events:
(null):(null) (on request_resource)
probe:request_resource (on request_resource)
You can now use it in all perf tools, such as:
perf record -e probe:request_resource -aR sleep 1
#
Fixes: 03db8b583d1c ("perf tools: Fix maps__find_symbol_by_name()")
Reported-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: http://lore.kernel.org/lkml/158763967332.30755.4922496724365529088.stgit@devnote2
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/probe-event.c | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
--- a/tools/perf/util/probe-event.c
+++ b/tools/perf/util/probe-event.c
@@ -245,21 +245,22 @@ static void clear_probe_trace_events(str
static bool kprobe_blacklist__listed(unsigned long address);
static bool kprobe_warn_out_range(const char *symbol, unsigned long address)
{
- u64 etext_addr = 0;
- int ret;
+ struct map *map;
+ bool ret = false;
- /* Get the address of _etext for checking non-probable text symbol */
- ret = kernel_get_symbol_address_by_name("_etext", &etext_addr,
- false, false);
-
- if (ret == 0 && etext_addr < address)
- pr_warning("%s is out of .text, skip it.\n", symbol);
- else if (kprobe_blacklist__listed(address))
+ map = kernel_get_module_map(NULL);
+ if (map) {
+ ret = address <= map->start || map->end < address;
+ if (ret)
+ pr_warning("%s is out of .text, skip it.\n", symbol);
+ map__put(map);
+ }
+ if (!ret && kprobe_blacklist__listed(address)) {
pr_warning("%s is blacklisted function, skip it.\n", symbol);
- else
- return false;
+ ret = true;
+ }
- return true;
+ return ret;
}
/*
^ permalink raw reply [flat|nested] 280+ messages in thread
* [PATCH 4.19 267/267] perf symbols: Fix debuginfo search for Ubuntu
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 266/267] perf probe: Check address correctness by map instead of _etext Greg Kroah-Hartman
@ 2020-06-19 14:34 ` Greg Kroah-Hartman
2020-06-19 23:48 ` [PATCH 4.19 000/267] 4.19.129-rc1 review Guenter Roeck
2020-06-20 4:09 ` Daniel Díaz
268 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-19 14:34 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Travis Downs, Adrian Hunter,
Jiri Olsa, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 85afd35575a3c1a3a905722dde5ee70b49282e70 upstream.
Reportedly, from 19.10 Ubuntu has begun mixing up the location of some
debug symbol files, putting files expected to be in
/usr/lib/debug/usr/lib into /usr/lib/debug/lib instead. Fix by adding
another dso_binary_type.
Example on Ubuntu 20.04
Before:
$ perf record -e intel_pt//u uname
Linux
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.030 MB perf.data ]
$ perf script --call-trace | head -5
uname 14003 [005] 15321.764958566: cbr: 42 freq: 4219 MHz (156%)
uname 14003 [005] 15321.764958566: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) 7f1e71cc4100
uname 14003 [005] 15321.764961566: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) 7f1e71cc4df0
uname 14003 [005] 15321.764961900: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) 7f1e71cc4e18
uname 14003 [005] 15321.764963233: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) 7f1e71cc5128
After:
$ perf script --call-trace | head -5
uname 14003 [005] 15321.764958566: cbr: 42 freq: 4219 MHz (156%)
uname 14003 [005] 15321.764958566: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) _start
uname 14003 [005] 15321.764961566: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) _dl_start
uname 14003 [005] 15321.764961900: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) _dl_start
uname 14003 [005] 15321.764963233: (/usr/lib/x86_64-linux-gnu/ld-2.31.so ) _dl_start
Reported-by: Travis Downs <travis.downs@gmail.com>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: stable@vger.kernel.org
Link: http://lore.kernel.org/lkml/20200526155207.9172-1-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/dso.c | 16 ++++++++++++++++
tools/perf/util/dso.h | 1 +
tools/perf/util/probe-finder.c | 1 +
tools/perf/util/symbol.c | 2 ++
4 files changed, 20 insertions(+)
--- a/tools/perf/util/dso.c
+++ b/tools/perf/util/dso.c
@@ -38,6 +38,7 @@ char dso__symtab_origin(const struct dso
[DSO_BINARY_TYPE__BUILD_ID_CACHE_DEBUGINFO] = 'D',
[DSO_BINARY_TYPE__FEDORA_DEBUGINFO] = 'f',
[DSO_BINARY_TYPE__UBUNTU_DEBUGINFO] = 'u',
+ [DSO_BINARY_TYPE__MIXEDUP_UBUNTU_DEBUGINFO] = 'x',
[DSO_BINARY_TYPE__OPENEMBEDDED_DEBUGINFO] = 'o',
[DSO_BINARY_TYPE__BUILDID_DEBUGINFO] = 'b',
[DSO_BINARY_TYPE__SYSTEM_PATH_DSO] = 'd',
@@ -120,6 +121,21 @@ int dso__read_binary_type_filename(const
snprintf(filename + len, size - len, "%s", dso->long_name);
break;
+ case DSO_BINARY_TYPE__MIXEDUP_UBUNTU_DEBUGINFO:
+ /*
+ * Ubuntu can mixup /usr/lib with /lib, putting debuginfo in
+ * /usr/lib/debug/lib when it is expected to be in
+ * /usr/lib/debug/usr/lib
+ */
+ if (strlen(dso->long_name) < 9 ||
+ strncmp(dso->long_name, "/usr/lib/", 9)) {
+ ret = -1;
+ break;
+ }
+ len = __symbol__join_symfs(filename, size, "/usr/lib/debug");
+ snprintf(filename + len, size - len, "%s", dso->long_name + 4);
+ break;
+
case DSO_BINARY_TYPE__OPENEMBEDDED_DEBUGINFO:
{
const char *last_slash;
--- a/tools/perf/util/dso.h
+++ b/tools/perf/util/dso.h
@@ -25,6 +25,7 @@ enum dso_binary_type {
DSO_BINARY_TYPE__BUILD_ID_CACHE_DEBUGINFO,
DSO_BINARY_TYPE__FEDORA_DEBUGINFO,
DSO_BINARY_TYPE__UBUNTU_DEBUGINFO,
+ DSO_BINARY_TYPE__MIXEDUP_UBUNTU_DEBUGINFO,
DSO_BINARY_TYPE__BUILDID_DEBUGINFO,
DSO_BINARY_TYPE__SYSTEM_PATH_DSO,
DSO_BINARY_TYPE__GUEST_KMODULE,
--- a/tools/perf/util/probe-finder.c
+++ b/tools/perf/util/probe-finder.c
@@ -114,6 +114,7 @@ enum dso_binary_type distro_dwarf_types[
DSO_BINARY_TYPE__UBUNTU_DEBUGINFO,
DSO_BINARY_TYPE__OPENEMBEDDED_DEBUGINFO,
DSO_BINARY_TYPE__BUILDID_DEBUGINFO,
+ DSO_BINARY_TYPE__MIXEDUP_UBUNTU_DEBUGINFO,
DSO_BINARY_TYPE__NOT_FOUND,
};
--- a/tools/perf/util/symbol.c
+++ b/tools/perf/util/symbol.c
@@ -65,6 +65,7 @@ static enum dso_binary_type binary_type_
DSO_BINARY_TYPE__SYSTEM_PATH_KMODULE,
DSO_BINARY_TYPE__SYSTEM_PATH_KMODULE_COMP,
DSO_BINARY_TYPE__OPENEMBEDDED_DEBUGINFO,
+ DSO_BINARY_TYPE__MIXEDUP_UBUNTU_DEBUGINFO,
DSO_BINARY_TYPE__NOT_FOUND,
};
@@ -1419,6 +1420,7 @@ static bool dso__is_compatible_symtab_ty
case DSO_BINARY_TYPE__SYSTEM_PATH_DSO:
case DSO_BINARY_TYPE__FEDORA_DEBUGINFO:
case DSO_BINARY_TYPE__UBUNTU_DEBUGINFO:
+ case DSO_BINARY_TYPE__MIXEDUP_UBUNTU_DEBUGINFO:
case DSO_BINARY_TYPE__BUILDID_DEBUGINFO:
case DSO_BINARY_TYPE__OPENEMBEDDED_DEBUGINFO:
return !kmod && dso->kernel == DSO_TYPE_USER;
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 157/267] mt76: avoid rx reorder buffer overflow
2020-06-19 14:32 ` [PATCH 4.19 157/267] mt76: avoid rx reorder buffer overflow Greg Kroah-Hartman
@ 2020-06-19 15:39 ` Felix Fietkau
0 siblings, 0 replies; 280+ messages in thread
From: Felix Fietkau @ 2020-06-19 15:39 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, Chih-Min Chen, Ryder Lee, Sasha Levin
On 2020-06-19 16:32, Greg Kroah-Hartman wrote:
> From: Ryder Lee <ryder.lee@mediatek.com>
>
> [ Upstream commit 7c4f744d6703757be959f521a7a441bf34745d99 ]
>
> Enlarge slot to support 11ax 256 BA (256 MPDUs in an AMPDU)
>
> Signed-off-by: Chih-Min Chen <chih-min.chen@mediatek.com>
> Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
> Signed-off-by: Felix Fietkau <nbd@nbd.name>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
It does not make sense to backport this commit. It doesn't fix anything,
it's just preparation work for the mt7915 driver.
- Felix
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 172/267] net: ethernet: fec: move GPR register offset and bit into DT
2020-06-19 14:32 ` [PATCH 4.19 172/267] net: ethernet: fec: move GPR register offset and bit into DT Greg Kroah-Hartman
@ 2020-06-19 21:04 ` Pavel Machek
2020-06-20 8:02 ` Greg Kroah-Hartman
0 siblings, 1 reply; 280+ messages in thread
From: Pavel Machek @ 2020-06-19 21:04 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Fugang Duan, David S. Miller, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 1356 bytes --]
Hi!
> [ Upstream commit 8a448bf832af537d26aa557d183a16943dce4510 ]
>
> The commit da722186f654 (net: fec: set GPR bit on suspend by DT
> configuration) set the GPR reigster offset and bit in driver for
> wake on lan feature.
>
> But it introduces two issues here:
> - one SOC has two instances, they have different bit
> - different SOCs may have different offset and bit
>
> So to support wake-on-lan feature on other i.MX platforms, it should
> configure the GPR reigster offset and bit from DT.
Ok, so this really is not a bugfix.
Plus, it really depends on dts changes...
> --- a/drivers/net/ethernet/freescale/fec_main.c
> {
> struct device_node *gpr_np;
> + u32 out_val[3];
> int ret = 0;
>
> - if (!dev_info)
> - return 0;
> -
> - gpr_np = of_parse_phandle(np, "gpr", 0);
> + gpr_np = of_parse_phandle(np, "fsl,stop-mode", 0);
> if (!gpr_np)
> return 0;
>
...and those changes are not present in v4.19. There's no
fsl,stop-mode in v4.19, unlike mainline.
pavel@amd:~/cip/krc$ grep -ri fsl,stop-mode arch/arm*/boot/dts
pavel@amd:~/cip/krc$
This will break driver for everyone, AFAICT. Please drop it from
stable.
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-19 14:32 ` [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback Greg Kroah-Hartman
@ 2020-06-19 21:07 ` Pavel Machek
2020-06-22 20:51 ` Serge Semin
0 siblings, 1 reply; 280+ messages in thread
From: Pavel Machek @ 2020-06-19 21:07 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Serge Semin, Georgy Vlasov, Ramil Zaripov,
Alexey Malahov, Thomas Bogendoerfer, Arnd Bergmann,
Andy Shevchenko, Feng Tang, Rob Herring, linux-mips, devicetree,
Mark Brown, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 1574 bytes --]
On Fri 2020-06-19 16:32:47, Greg Kroah-Hartman wrote:
> From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
>
> [ Upstream commit f0410bbf7d0fb80149e3b17d11d31f5b5197873e ]
>
> DW APB SSI DMA-part of the driver may need to perform the requested
> SPI-transfer synchronously. In that case the dma_transfer() callback
> will return 0 as a marker of the SPI transfer being finished so the
> SPI core doesn't need to wait and may proceed with the SPI message
> trasnfers pumping procedure. This will be needed to fix the problem
> when DMA transactions are finished, but there is still data left in
> the SPI Tx/Rx FIFOs being sent/received. But for now make dma_transfer
> to return 1 as the normal dw_spi_transfer_one() method.
As far as I understand, this is support for new SoC, not a fix?
> +++ b/drivers/spi/spi-dw.c
> @@ -383,11 +383,8 @@ static int dw_spi_transfer_one(struct spi_controller *master,
>
> spi_enable_chip(dws, 1);
>
> - if (dws->dma_mapped) {
> - ret = dws->dma_ops->dma_transfer(dws, transfer);
> - if (ret < 0)
> - return ret;
> - }
> + if (dws->dma_mapped)
> + return dws->dma_ops->dma_transfer(dws, transfer);
>
> if (chip->poll_mode)
> return poll_transfer(dws);
Mainline patch simply changes return value, but code is different in
v4.19, and poll_transfer will now be avoided when dws->dma_mapped. Is
that a problem?
Best regards,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 000/267] 4.19.129-rc1 review
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2020-06-19 14:34 ` [PATCH 4.19 267/267] perf symbols: Fix debuginfo search for Ubuntu Greg Kroah-Hartman
@ 2020-06-19 23:48 ` Guenter Roeck
2020-06-20 4:09 ` Daniel Díaz
268 siblings, 0 replies; 280+ messages in thread
From: Guenter Roeck @ 2020-06-19 23:48 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
lkft-triage, stable
On Fri, Jun 19, 2020 at 04:29:45PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.129 release.
> There are 267 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 21 Jun 2020 14:15:50 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 155 pass: 144 fail: 11
Failed builds:
<most mips>
Qemu test results:
total: 420 pass: 360 fail: 60
Failed tests:
<all mips>
arch/mips/mm/dma-noncoherent.c: In function 'cpu_needs_post_dma_flush':
arch/mips/mm/dma-noncoherent.c:59:7: error: 'CPU_LOONGSON2EF' undeclared
Guenter
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 000/267] 4.19.129-rc1 review
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2020-06-19 23:48 ` [PATCH 4.19 000/267] 4.19.129-rc1 review Guenter Roeck
@ 2020-06-20 4:09 ` Daniel Díaz
268 siblings, 0 replies; 280+ messages in thread
From: Daniel Díaz @ 2020-06-20 4:09 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
lkft-triage, stable
Hello!
On 6/19/20 9:29 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.129 release.
> There are 267 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sun, 21 Jun 2020 14:15:50 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.129-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 4.19.129-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.19.y
git commit: a00c59b6375644f707a3554536d03d4ecaf17c05
git describe: v4.19.128-268-ga00c59b63756
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.19-oe/build/v4.19.128-268-ga00c59b63756
No regressions (compared to build v4.19.128)
No fixes (compared to build v4.19.128)
Ran 34131 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- juno-r2-compat
- juno-r2-kasan
- nxp-ls2088
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15 - arm
- x86_64
- x86-kasan
Test Suites
-----------
* build
* kselftest
* kselftest/drivers
* kselftest/filesystems
* kselftest/net
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-native/drivers
* kselftest-vsyscall-mode-native/filesystems
* kselftest-vsyscall-mode-native/net
* kselftest-vsyscall-mode-none
* kselftest-vsyscall-mode-none/drivers
* kselftest-vsyscall-mode-none/filesystems
* kselftest-vsyscall-mode-none/net
* kvm-unit-tests
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fs-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* network-basic-tests
* perf
* v4l2-compliance
Greetings!
Daniel Díaz
daniel.diaz@linaro.org
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 172/267] net: ethernet: fec: move GPR register offset and bit into DT
2020-06-19 21:04 ` Pavel Machek
@ 2020-06-20 8:02 ` Greg Kroah-Hartman
0 siblings, 0 replies; 280+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-20 8:02 UTC (permalink / raw)
To: Pavel Machek
Cc: linux-kernel, stable, Fugang Duan, David S. Miller, Sasha Levin
On Fri, Jun 19, 2020 at 11:04:32PM +0200, Pavel Machek wrote:
> Hi!
>
> > [ Upstream commit 8a448bf832af537d26aa557d183a16943dce4510 ]
> >
> > The commit da722186f654 (net: fec: set GPR bit on suspend by DT
> > configuration) set the GPR reigster offset and bit in driver for
> > wake on lan feature.
> >
> > But it introduces two issues here:
> > - one SOC has two instances, they have different bit
> > - different SOCs may have different offset and bit
> >
> > So to support wake-on-lan feature on other i.MX platforms, it should
> > configure the GPR reigster offset and bit from DT.
>
> Ok, so this really is not a bugfix.
>
> Plus, it really depends on dts changes...
>
> > --- a/drivers/net/ethernet/freescale/fec_main.c
> > {
> > struct device_node *gpr_np;
> > + u32 out_val[3];
> > int ret = 0;
> >
> > - if (!dev_info)
> > - return 0;
> > -
> > - gpr_np = of_parse_phandle(np, "gpr", 0);
> > + gpr_np = of_parse_phandle(np, "fsl,stop-mode", 0);
> > if (!gpr_np)
> > return 0;
> >
>
> ...and those changes are not present in v4.19. There's no
> fsl,stop-mode in v4.19, unlike mainline.
>
> pavel@amd:~/cip/krc$ grep -ri fsl,stop-mode arch/arm*/boot/dts
> pavel@amd:~/cip/krc$
>
> This will break driver for everyone, AFAICT. Please drop it from
> stable.
Thanks for the report, dropping it from everywhere.
greg k-h
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-19 21:07 ` Pavel Machek
@ 2020-06-22 20:51 ` Serge Semin
2020-06-26 15:18 ` Ralph Siemsen
0 siblings, 1 reply; 280+ messages in thread
From: Serge Semin @ 2020-06-22 20:51 UTC (permalink / raw)
To: Pavel Machek
Cc: Serge Semin, Greg Kroah-Hartman, linux-kernel, stable,
Georgy Vlasov, Ramil Zaripov, Alexey Malahov,
Thomas Bogendoerfer, Arnd Bergmann, Andy Shevchenko, Feng Tang,
Rob Herring, linux-mips, devicetree, Mark Brown, Sasha Levin
Hello Pavel
On Fri, Jun 19, 2020 at 11:07:19PM +0200, Pavel Machek wrote:
> On Fri 2020-06-19 16:32:47, Greg Kroah-Hartman wrote:
> > From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
> >
> > [ Upstream commit f0410bbf7d0fb80149e3b17d11d31f5b5197873e ]
> >
> > DW APB SSI DMA-part of the driver may need to perform the requested
> > SPI-transfer synchronously. In that case the dma_transfer() callback
> > will return 0 as a marker of the SPI transfer being finished so the
> > SPI core doesn't need to wait and may proceed with the SPI message
> > trasnfers pumping procedure. This will be needed to fix the problem
> > when DMA transactions are finished, but there is still data left in
> > the SPI Tx/Rx FIFOs being sent/received. But for now make dma_transfer
> > to return 1 as the normal dw_spi_transfer_one() method.
>
> As far as I understand, this is support for new SoC, not a fix?
Not really. That patch is a first one of a series fixing a problem with
SPI transfer completion:
33726eff3d98 spi: dw: Add SPI Rx-done wait method to DMA-based transfer
1ade2d8a72f9 spi: dw: Add SPI Tx-done wait method to DMA-based transfer
bdbdf0f06337 spi: dw: Locally wait for the DMA transfers completion
f0410bbf7d0f spi: dw: Return any value retrieved from the dma_transfer callback
In anyway having just first commit applied is harmless, though pretty much
pointless in fixing the problem it had been originally introduced for. But it
can be useful for something else. See my comment below.
>
> > +++ b/drivers/spi/spi-dw.c
> > @@ -383,11 +383,8 @@ static int dw_spi_transfer_one(struct spi_controller *master,
> >
> > spi_enable_chip(dws, 1);
> >
> > - if (dws->dma_mapped) {
> > - ret = dws->dma_ops->dma_transfer(dws, transfer);
> > - if (ret < 0)
> > - return ret;
> > - }
> > + if (dws->dma_mapped)
> > + return dws->dma_ops->dma_transfer(dws, transfer);
> >
> > if (chip->poll_mode)
> > return poll_transfer(dws);
>
> Mainline patch simply changes return value, but code is different in
> v4.19, and poll_transfer will now be avoided when dws->dma_mapped. Is
> that a problem?
Actually no.) In that old 4.19 context it's even better to return straight away
no matter what value is returned by the dma_transfer() callback. In the code
without this patch applied, the transfer_one() method will check the poll_mode
flag state even if the dma_transfer() returns a positive value. The positive
value (1) means that the DMA transfer has been executed and the SPI core must
wait for its completion. Needless to say, that if the poll_mode flag state
gets to be true, then a poll-transfer will be executed alongside with the DMA
transfer. Which as you understand will be very wrong. So by having this patch
applied we implicitly fix that problem. Although a probability of the
problematic situation is very low, since the DW APB SSI driver poll-mode hasn't
been utilized by any SPI client driver since long time ago...
-Sergey
>
> Best regards,
> Pavel
> --
> (english) http://www.livejournal.com/~pavelmachek
> (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-22 20:51 ` Serge Semin
@ 2020-06-26 15:18 ` Ralph Siemsen
2020-06-26 20:07 ` Sasha Levin
2020-06-29 14:26 ` Sasha Levin
0 siblings, 2 replies; 280+ messages in thread
From: Ralph Siemsen @ 2020-06-26 15:18 UTC (permalink / raw)
To: Serge Semin
Cc: Pavel Machek, Serge Semin, Greg Kroah-Hartman, linux-kernel,
stable, Georgy Vlasov, Ramil Zaripov, Alexey Malahov,
Thomas Bogendoerfer, Arnd Bergmann, Andy Shevchenko, Feng Tang,
Rob Herring, linux-mips, devicetree, Mark Brown, Sasha Levin
Hi Serge, Pavel, Greg,
On Mon, Jun 22, 2020 at 11:51:21PM +0300, Serge Semin wrote:
>Hello Pavel
>
>On Fri, Jun 19, 2020 at 11:07:19PM +0200, Pavel Machek wrote:
>
>> Mainline patch simply changes return value, but code is different in
>> v4.19, and poll_transfer will now be avoided when dws->dma_mapped. Is
>> that a problem?
>
>Actually no.) In that old 4.19 context it's even better to return straight away
>no matter what value is returned by the dma_transfer() callback.
This patch changes the return dma_transfer return value from 0 to 1,
however it was only done in spi-dw-mid.c func mid_spi_dma_transfer().
There is an identical function in spi-dw-mmio.c that needs the same
treatment, otherwise access to the SPI device becomes erratic and even
causes kernel to hang. Guess how I found this ;-)
So the following patch is needed as well, at least in 4.9 and 4.19, I
did not check/test other versions. Mainline does not need this, since
the code seems to have been refactored to avoid the duplication.
Regards,
-Ralph
diff --git a/drivers/spi/spi-dw-mmio.c b/drivers/spi/spi-dw-mmio.c
index c563c2815093..99641c485288 100644
--- a/drivers/spi/spi-dw-mmio.c
+++ b/drivers/spi/spi-dw-mmio.c
@@ -358,7 +358,7 @@ static int mmio_spi_dma_transfer(struct dw_spi *dws, struct spi_transfer *xfer)
dma_async_issue_pending(dws->txchan);
}
- return 0;
+ return 1;
}
static void mmio_spi_dma_stop(struct dw_spi *dws)
--
2.17.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-26 15:18 ` Ralph Siemsen
@ 2020-06-26 20:07 ` Sasha Levin
2020-06-27 18:22 ` Ralph Siemsen
2020-06-29 14:26 ` Sasha Levin
1 sibling, 1 reply; 280+ messages in thread
From: Sasha Levin @ 2020-06-26 20:07 UTC (permalink / raw)
To: Ralph Siemsen
Cc: Serge Semin, Pavel Machek, Serge Semin, Greg Kroah-Hartman,
linux-kernel, stable, Georgy Vlasov, Ramil Zaripov,
Alexey Malahov, Thomas Bogendoerfer, Arnd Bergmann,
Andy Shevchenko, Feng Tang, Rob Herring, linux-mips, devicetree,
Mark Brown
On Fri, Jun 26, 2020 at 11:18:00AM -0400, Ralph Siemsen wrote:
>Hi Serge, Pavel, Greg,
>
>On Mon, Jun 22, 2020 at 11:51:21PM +0300, Serge Semin wrote:
>>Hello Pavel
>>
>>On Fri, Jun 19, 2020 at 11:07:19PM +0200, Pavel Machek wrote:
>>
>>>Mainline patch simply changes return value, but code is different in
>>>v4.19, and poll_transfer will now be avoided when dws->dma_mapped. Is
>>>that a problem?
>>
>>Actually no.) In that old 4.19 context it's even better to return straight away
>>no matter what value is returned by the dma_transfer() callback.
>
>This patch changes the return dma_transfer return value from 0 to 1,
>however it was only done in spi-dw-mid.c func mid_spi_dma_transfer().
>
>There is an identical function in spi-dw-mmio.c that needs the same
>treatment, otherwise access to the SPI device becomes erratic and even
>causes kernel to hang. Guess how I found this ;-)
>
>So the following patch is needed as well, at least in 4.9 and 4.19, I
>did not check/test other versions. Mainline does not need this, since
>the code seems to have been refactored to avoid the duplication.
Could you add your signed-off-by tag please? :)
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-26 20:07 ` Sasha Levin
@ 2020-06-27 18:22 ` Ralph Siemsen
0 siblings, 0 replies; 280+ messages in thread
From: Ralph Siemsen @ 2020-06-27 18:22 UTC (permalink / raw)
To: Sasha Levin
Cc: Serge Semin, Pavel Machek, Serge Semin, Greg Kroah-Hartman,
linux-kernel, stable, Georgy Vlasov, Ramil Zaripov,
Alexey Malahov, Thomas Bogendoerfer, Arnd Bergmann,
Andy Shevchenko, Feng Tang, Rob Herring, linux-mips, devicetree,
Mark Brown
Hi Sasha,
On Fri, Jun 26, 2020 at 04:07:10PM -0400, Sasha Levin wrote:
>On Fri, Jun 26, 2020 at 11:18:00AM -0400, Ralph Siemsen wrote:
>>
>>So the following patch is needed as well, at least in 4.9 and 4.19,
>>I did not check/test other versions. Mainline does not need this,
>>since the code seems to have been refactored to avoid the
>>duplication.
>
>Could you add your signed-off-by tag please? :)
Whoops, for some reason I snipped it out... sorry about that!
Here it is again, with the commit message tweaked for clarity.
Subject: [PATCH] spi: dw: Fix return value of dma_transfer callback
Earlier commit "spi: dw: Return any value retrieved from the
dma_transfer callback" changed the return code of mid_spi_dma_transfer()
from 0 to 1 in drivers/spi/spi-dw-mid.c.
A similar change is needed spi-dw-mmio.c for mmio_spi_dma_transfer()
function. Note this only applies to older branches, as mainline has
refactored the code to avoid duplication.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
drivers/spi/spi-dw-mmio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-dw-mmio.c b/drivers/spi/spi-dw-mmio.c
index c563c2815093..99641c485288 100644
--- a/drivers/spi/spi-dw-mmio.c
+++ b/drivers/spi/spi-dw-mmio.c
@@ -358,7 +358,7 @@ static int mmio_spi_dma_transfer(struct dw_spi *dws, struct spi_transfer *xfer)
dma_async_issue_pending(dws->txchan);
}
- return 0;
+ return 1;
}
static void mmio_spi_dma_stop(struct dw_spi *dws)
--
2.17.1
^ permalink raw reply related [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-26 15:18 ` Ralph Siemsen
2020-06-26 20:07 ` Sasha Levin
@ 2020-06-29 14:26 ` Sasha Levin
2020-06-30 1:36 ` Ralph Siemsen
1 sibling, 1 reply; 280+ messages in thread
From: Sasha Levin @ 2020-06-29 14:26 UTC (permalink / raw)
To: Ralph Siemsen
Cc: Serge Semin, Pavel Machek, Serge Semin, Greg Kroah-Hartman,
linux-kernel, stable, Georgy Vlasov, Ramil Zaripov,
Alexey Malahov, Thomas Bogendoerfer, Arnd Bergmann,
Andy Shevchenko, Feng Tang, Rob Herring, linux-mips, devicetree,
Mark Brown
On Fri, Jun 26, 2020 at 11:18:00AM -0400, Ralph Siemsen wrote:
>Hi Serge, Pavel, Greg,
>
>On Mon, Jun 22, 2020 at 11:51:21PM +0300, Serge Semin wrote:
>>Hello Pavel
>>
>>On Fri, Jun 19, 2020 at 11:07:19PM +0200, Pavel Machek wrote:
>>
>>>Mainline patch simply changes return value, but code is different in
>>>v4.19, and poll_transfer will now be avoided when dws->dma_mapped. Is
>>>that a problem?
>>
>>Actually no.) In that old 4.19 context it's even better to return straight away
>>no matter what value is returned by the dma_transfer() callback.
>
>This patch changes the return dma_transfer return value from 0 to 1,
>however it was only done in spi-dw-mid.c func mid_spi_dma_transfer().
>
>There is an identical function in spi-dw-mmio.c that needs the same
>treatment, otherwise access to the SPI device becomes erratic and even
>causes kernel to hang. Guess how I found this ;-)
>
>So the following patch is needed as well, at least in 4.9 and 4.19, I
>did not check/test other versions. Mainline does not need this, since
>the code seems to have been refactored to avoid the duplication.
>
>Regards,
>-Ralph
>
>diff --git a/drivers/spi/spi-dw-mmio.c b/drivers/spi/spi-dw-mmio.c
>index c563c2815093..99641c485288 100644
>--- a/drivers/spi/spi-dw-mmio.c
>+++ b/drivers/spi/spi-dw-mmio.c
>@@ -358,7 +358,7 @@ static int mmio_spi_dma_transfer(struct dw_spi *dws, struct spi_transfer *xfer)
Um, I can't find this function anywhere... what am I missing?
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 280+ messages in thread
* Re: [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback
2020-06-29 14:26 ` Sasha Levin
@ 2020-06-30 1:36 ` Ralph Siemsen
0 siblings, 0 replies; 280+ messages in thread
From: Ralph Siemsen @ 2020-06-30 1:36 UTC (permalink / raw)
To: Sasha Levin
Cc: Serge Semin, Pavel Machek, Serge Semin, Greg Kroah-Hartman,
linux-kernel, stable, Georgy Vlasov, Ramil Zaripov,
Alexey Malahov, Thomas Bogendoerfer, Arnd Bergmann,
Andy Shevchenko, Feng Tang, Rob Herring, linux-mips, devicetree,
Mark Brown
On Mon, Jun 29, 2020 at 10:26:06AM -0400, Sasha Levin wrote:
>>diff --git a/drivers/spi/spi-dw-mmio.c b/drivers/spi/spi-dw-mmio.c
>>index c563c2815093..99641c485288 100644
>>--- a/drivers/spi/spi-dw-mmio.c
>>+++ b/drivers/spi/spi-dw-mmio.c
>>@@ -358,7 +358,7 @@ static int mmio_spi_dma_transfer(struct dw_spi *dws, struct spi_transfer *xfer)
>
>Um, I can't find this function anywhere... what am I missing?
Nothing... my bad. The code in question was added on a vendor branch
(https://github.com/renesas-rz/rzn1_linux/blob/rzn1-stable-v4.19/drivers/spi/spi-dw-mmio.c#L338
if you are curious).
I'm very sorry for wasting your time... please disregard the patch!
-Ralph
^ permalink raw reply [flat|nested] 280+ messages in thread
end of thread, other threads:[~2020-06-30 1:36 UTC | newest]
Thread overview: 280+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-19 14:29 [PATCH 4.19 000/267] 4.19.129-rc1 review Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 001/267] ipv6: fix IPV6_ADDRFORM operation logic Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 002/267] net_failover: fixed rollback in net_failover_open() Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 003/267] bridge: Avoid infinite loop when suppressing NS messages with invalid options Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 004/267] vxlan: " Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 005/267] tun: correct header offsets in napi frags mode Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 006/267] selftests: bpf: fix use of undeclared RET_IF macro Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 007/267] make user_access_begin() do access_ok() Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 008/267] Fix acccess_ok() on alpha and SH Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 009/267] arch/openrisc: Fix issues with access_ok() Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 010/267] x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 011/267] lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 012/267] btrfs: merge btrfs_find_device and find_device Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 013/267] btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Greg Kroah-Hartman
2020-06-19 14:29 ` [PATCH 4.19 014/267] crypto: talitos - fix ECB and CBC algs ivsize Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 015/267] Input: mms114 - fix handling of mms345l Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 016/267] ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 017/267] sched/fair: Dont NUMA balance for kthreads Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 018/267] Input: synaptics - add a second working PNP_ID for Lenovo T470s Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 019/267] drivers/net/ibmvnic: Update VNIC protocol version reporting Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 020/267] powerpc/xive: Clear the page tables for the ESB IO mapping Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 021/267] ath9k_htc: Silence undersized packet warnings Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 022/267] RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 023/267] x86/cpu/amd: Make erratum #1054 a legacy erratum Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 024/267] perf probe: Accept the instance number of kretprobe event Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 025/267] mm: add kvfree_sensitive() for freeing sensitive data objects Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 026/267] aio: fix async fsync creds Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 027/267] btrfs: tree-checker: Check level for leaves and nodes Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 028/267] x86_64: Fix jiffies ODR violation Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 029/267] x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 030/267] x86/speculation: Prevent rogue cross-process SSBD shutdown Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 031/267] x86/reboot/quirks: Add MacBook6,1 reboot quirk Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 032/267] efi/efivars: Add missing kobject_put() in sysfs entry creation error path Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 033/267] ALSA: es1688: Add the missed snd_card_free() Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 034/267] ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 035/267] ALSA: usb-audio: Fix inconsistent card PM state after resume Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 036/267] ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 037/267] ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 038/267] ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 039/267] ACPI: GED: add support for _Exx / _Lxx handler methods Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 040/267] ACPI: PM: Avoid using power resources if there are none for D0 Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 041/267] cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 042/267] nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 043/267] spi: dw: Fix controller unregister order Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 044/267] spi: bcm2835aux: " Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 045/267] spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 046/267] PM: runtime: clk: Fix clk_pm_runtime_get() error path Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 047/267] crypto: cavium/nitrox - Fix nitrox_get_first_device() when ndevlist is fully iterated Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 048/267] ALSA: pcm: disallow linking stream to itself Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 049/267] x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 050/267] KVM: x86: Fix APIC page invalidation race Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 051/267] kvm: x86: Fix L1TF mitigation for shadow MMU Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 052/267] KVM: x86/mmu: Consolidate "is MMIO SPTE" code Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 053/267] KVM: x86: only do L1TF workaround on affected processors Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 054/267] x86/speculation: Change misspelled STIPB to STIBP Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 055/267] x86/speculation: Add support for STIBP always-on preferred mode Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 056/267] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 057/267] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 058/267] spi: No need to assign dummy value in spi_unregister_controller() Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 059/267] spi: Fix controller unregister order Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 060/267] spi: pxa2xx: " Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 061/267] spi: bcm2835: " Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 062/267] spi: pxa2xx: Balance runtime PM enable/disable on error Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 063/267] spi: pxa2xx: Fix runtime PM ref imbalance on probe error Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 064/267] crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 065/267] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 066/267] crypto: virtio: Fix dest length " Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 067/267] selftests/net: in rxtimestamp getopt_long needs terminating null entry Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 068/267] ovl: initialize error in ovl_copy_xattr Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 069/267] proc: Use new_inode not new_inode_pseudo Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 070/267] video: fbdev: w100fb: Fix a potential double free Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 071/267] KVM: nSVM: fix condition for filtering async PF Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 072/267] KVM: nSVM: leave ASID aside in copy_vmcb_control_area Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 073/267] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Greg Kroah-Hartman
2020-06-19 14:30 ` [PATCH 4.19 074/267] KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 075/267] KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 076/267] KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 077/267] scsi: megaraid_sas: TM command refire leads to controller firmware crash Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 078/267] ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 079/267] ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 080/267] ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 081/267] ath9k: Fix general protection fault " Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 082/267] Smack: slab-out-of-bounds in vsscanf Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 083/267] drm/vkms: Hold gem object while still in-use Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 084/267] mm/slub: fix a memory leak in sysfs_slab_add() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 085/267] fat: dont allow to mount if the FAT length == 0 Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 086/267] perf: Add cond_resched() to task_function_call() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 087/267] agp/intel: Reinforce the barrier after GTT updates Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 088/267] mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 089/267] ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 090/267] mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 091/267] xen/pvcalls-back: test for errors when calling backend_connect() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 092/267] KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 093/267] ACPI: GED: use correct trigger type field in _Exx / _Lxx handling Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 094/267] drm: bridge: adv7511: Extend list of audio sample rates Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 095/267] crypto: ccp -- dont "select" CONFIG_DMADEVICES Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 096/267] media: si2157: Better check for running tuner in init Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 097/267] objtool: Ignore empty alternatives Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 098/267] spi: pxa2xx: Apply CS clk quirk to BXT Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 099/267] net: atlantic: make hw_get_regs optional Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 100/267] net: ena: fix error returning in ena_com_get_hash_function() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 101/267] efi/libstub/x86: Work around LLVM ELF quirk build regression Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 102/267] arm64: cacheflush: Fix KGDB trap detection Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 103/267] spi: dw: Zero DMA Tx and Rx configurations on stack Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 104/267] arm64: insn: Fix two bugs in encoding 32-bit logical immediates Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 105/267] ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 106/267] MIPS: Loongson: Build ATI Radeon GPU driver as module Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 107/267] Bluetooth: Add SCO fallback for invalid LMP parameters error Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 108/267] kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 109/267] kgdb: Prevent infinite recursive entries to the debugger Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 110/267] spi: dw: Enable interrupts in accordance with DMA xfer mode Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 111/267] clocksource: dw_apb_timer: Make CPU-affiliation being optional Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 112/267] clocksource: dw_apb_timer_of: Fix missing clockevent timers Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 113/267] btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 114/267] ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 115/267] batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 116/267] mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 117/267] spi: dw: Fix Rx-only DMA transfers Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 118/267] x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 119/267] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 120/267] staging: android: ion: use vmap instead of vm_map_ram Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 121/267] brcmfmac: fix wrong location to get firmware feature Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 122/267] tools api fs: Make xxx__mountpoint() more scalable Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 123/267] e1000: Distribute switch variables for initialization Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 124/267] dt-bindings: display: mediatek: control dpi pins mode to avoid leakage Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 125/267] audit: fix a net reference leak in audit_send_reply() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 126/267] media: dvb: return -EREMOTEIO on i2c transfer failure Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 127/267] media: platform: fcp: Set appropriate DMA parameters Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 128/267] MIPS: Make sparse_init() using top-down allocation Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 129/267] Bluetooth: btbcm: Add 2 missing models to subver tables Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 130/267] audit: fix a net reference leak in audit_list_rules_send() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 131/267] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 132/267] selftests/bpf: Fix memory leak in extract_build_id() Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 133/267] net: bcmgenet: set Rx mode before starting netif Greg Kroah-Hartman
2020-06-19 14:31 ` [PATCH 4.19 134/267] lib/mpi: Fix 64-bit MIPS build with Clang Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 135/267] exit: Move preemption fixup up, move blocking operations down Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 136/267] sched/core: Fix illegal RCU from offline CPUs Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 137/267] drivers/perf: hisi: Fix typo in events attribute array Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 138/267] net: lpc-enet: fix error return code in lpc_mii_init() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 139/267] media: cec: silence shift wrapping warning in __cec_s_log_addrs() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 140/267] net: allwinner: Fix use correct return type for ndo_start_xmit() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 141/267] powerpc/spufs: fix copy_to_user while atomic Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 142/267] xfs: clean up the error handling in xfs_swap_extents Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 143/267] Crypto/chcr: fix for ccm(aes) failed test Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 144/267] MIPS: Truncate link address into 32bit for 32bit kernel Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 145/267] mips: cm: Fix an invalid error code of INTVN_*_ERR Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 146/267] kgdb: Fix spurious true from in_dbg_master() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 147/267] xfs: reset buffer write failure state on successful completion Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 148/267] xfs: fix duplicate verification from xfs_qm_dqflush() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 149/267] platform/x86: intel-vbtn: Use acpi_evaluate_integer() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 150/267] platform/x86: intel-vbtn: Split keymap into buttons and switches parts Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 151/267] platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 152/267] platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 153/267] nvme: refine the Qemu Identify CNS quirk Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 154/267] ath10k: Remove msdu from idr when management pkt send fails Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 155/267] wcn36xx: Fix error handling path in wcn36xx_probe() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 156/267] net: qed*: Reduce RX and TX default ring count when running inside kdump kernel Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 157/267] mt76: avoid rx reorder buffer overflow Greg Kroah-Hartman
2020-06-19 15:39 ` Felix Fietkau
2020-06-19 14:32 ` [PATCH 4.19 158/267] md: dont flush workqueue unconditionally in md_open Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 159/267] veth: Adjust hard_start offset on redirect XDP frames Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 160/267] net/mlx5e: IPoIB, Drop multicast packets that this interface sent Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 161/267] rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 162/267] mwifiex: Fix memory corruption in dump_station Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 163/267] x86/boot: Correct relocation destination on old linkers Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 164/267] mips: MAAR: Use more precise address mask Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 165/267] mips: Add udelay lpj numbers adjustment Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 166/267] crypto: stm32/crc32 - fix ext4 chksum BUG_ON() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 167/267] crypto: stm32/crc32 - fix run-time self test issue Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 168/267] crypto: stm32/crc32 - fix multi-instance Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 169/267] x86/mm: Stop printing BRK addresses Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 170/267] m68k: mac: Dont call via_flush_cache() on Mac IIfx Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 171/267] btrfs: qgroup: mark qgroup inconsistent if were inherting snapshot to a new qgroup Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 172/267] net: ethernet: fec: move GPR register offset and bit into DT Greg Kroah-Hartman
2020-06-19 21:04 ` Pavel Machek
2020-06-20 8:02 ` Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 173/267] macvlan: Skip loopback packets in RX handler Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 174/267] PCI: Dont disable decoding when mmio_always_on is set Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 175/267] MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 176/267] bcache: fix refcount underflow in bcache_device_free() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 177/267] mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 178/267] staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 179/267] mmc: via-sdmmc: " Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 180/267] ixgbe: fix signed-integer-overflow warning Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 181/267] mmc: sdhci-esdhc-imx: fix the mask for tuning start point Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 182/267] spi: dw: Return any value retrieved from the dma_transfer callback Greg Kroah-Hartman
2020-06-19 21:07 ` Pavel Machek
2020-06-22 20:51 ` Serge Semin
2020-06-26 15:18 ` Ralph Siemsen
2020-06-26 20:07 ` Sasha Levin
2020-06-27 18:22 ` Ralph Siemsen
2020-06-29 14:26 ` Sasha Levin
2020-06-30 1:36 ` Ralph Siemsen
2020-06-19 14:32 ` [PATCH 4.19 183/267] cpuidle: Fix three reference count leaks Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 184/267] platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 185/267] platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 186/267] platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 187/267] string.h: fix incompatibility between FORTIFY_SOURCE and KASAN Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 188/267] btrfs: include non-missing as a qualifier for the latest_bdev Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 189/267] btrfs: send: emit file capabilities after chown Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 190/267] mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 191/267] mm: initialize deferred pages with interrupts enabled Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 192/267] MIPS: CPU_LOONGSON2EF need software to maintain cache consistency Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 193/267] ima: Fix ima digest hash table key calculation Greg Kroah-Hartman
2020-06-19 14:32 ` [PATCH 4.19 194/267] ima: Directly assign the ima_default_policy pointer to ima_rules Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 195/267] evm: Fix possible memory leak in evm_calc_hmac_or_hash() Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 196/267] ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 197/267] ext4: fix error pointer dereference Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 198/267] ext4: fix race between ext4_sync_parent() and rename() Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 199/267] PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 200/267] PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 201/267] PCI: Avoid FLR for AMD Starship " Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 202/267] PCI: Add ACS quirk for iProc PAXB Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 203/267] PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 204/267] PCI: Remove unused NFP32xx IDs Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 205/267] pci:ipmi: Move IPMI PCI class id defines to pci_ids.h Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 206/267] hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 207/267] x86/amd_nb: Add PCI device IDs for family 17h, model 30h Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 208/267] PCI: add USR vendor id and use it in r8169 and w6692 driver Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 209/267] PCI: Move Synopsys HAPS platform device IDs Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 210/267] PCI: Move Rohm Vendor ID to generic list Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 211/267] misc: pci_endpoint_test: Add the layerscape EP device support Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 212/267] misc: pci_endpoint_test: Add support to test PCI EP in AM654x Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 213/267] PCI: Add Synopsys endpoint EDDA Device ID Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 214/267] PCI: Add NVIDIA GPU multi-function power dependencies Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 215/267] PCI: Enable NVIDIA HDA controllers Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 216/267] PCI: mediatek: Add controller support for MT7629 Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 217/267] x86/amd_nb: Add PCI device IDs for family 17h, model 70h Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 218/267] ALSA: lx6464es - add support for LX6464ESe pci express variant Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 219/267] PCI: Add Genesys Logic, Inc. Vendor ID Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 220/267] PCI: Add Amazons Annapurna Labs vendor ID Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 221/267] PCI: vmd: Add device id for VMD device 8086:9A0B Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 222/267] x86/amd_nb: Add Family 19h PCI IDs Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 223/267] PCI: Add Loongson vendor ID Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 224/267] serial: 8250_pci: Move Pericom IDs to pci_ids.h Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 225/267] PCI: Make ACS quirk implementations more uniform Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 226/267] PCI: Unify ACS quirk desired vs provided checking Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 227/267] PCI: Generalize multi-function power dependency device links Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 228/267] btrfs: fix error handling when submitting direct I/O bio Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 229/267] btrfs: fix wrong file range cleanup after an error filling dealloc range Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 230/267] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 231/267] PCI: Program MPS for RCiEP devices Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 232/267] e1000e: Disable TSO for buffer overrun workaround Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 233/267] e1000e: Relax condition to trigger reset for ME workaround Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 234/267] carl9170: remove P2P_GO support Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 235/267] media: go7007: fix a miss of snd_card_free Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 236/267] Bluetooth: hci_bcm: fix freeing not-requested IRQ Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 237/267] b43legacy: Fix case where channel status is corrupted Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 238/267] b43: Fix connection problem with WPA3 Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 239/267] b43_legacy: " Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 240/267] media: ov5640: fix use of destroyed mutex Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 241/267] igb: Report speed and duplex as unknown when device is runtime suspended Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 242/267] power: vexpress: add suppress_bind_attrs to true Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 243/267] pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 244/267] pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 245/267] gnss: sirf: fix error return code in sirf_probe() Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 246/267] sparc32: fix register window handling in genregs32_[gs]et() Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 247/267] sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 248/267] dm crypt: avoid truncating the logical block size Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 249/267] alpha: fix memory barriers so that they conform to the specification Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 250/267] kernel/cpu_pm: Fix uninitted local in cpu_pm Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 251/267] ARM: tegra: Correct PL310 Auxiliary Control Register initialization Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 252/267] ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensors bus Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 253/267] ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin Greg Kroah-Hartman
2020-06-19 14:33 ` [PATCH 4.19 254/267] ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 255/267] drivers/macintosh: Fix memleak in windfarm_pm112 driver Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 256/267] powerpc/64s: Dont let DT CPU features set FSCR_DSCR Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 257/267] powerpc/64s: Save FSCR to init_task.thread.fscr after feature init Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 258/267] kbuild: force to build vmlinux if CONFIG_MODVERSION=y Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 259/267] sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 260/267] sunrpc: clean up properly in gss_mech_unregister() Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 261/267] mtd: rawnand: brcmnand: fix hamming oob layout Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 262/267] mtd: rawnand: pasemi: Fix the probe error path Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 263/267] w1: omap-hdq: cleanup to add missing newline for some dev_dbg Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 264/267] perf probe: Do not show the skipped events Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 265/267] perf probe: Fix to check blacklist address correctly Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 266/267] perf probe: Check address correctness by map instead of _etext Greg Kroah-Hartman
2020-06-19 14:34 ` [PATCH 4.19 267/267] perf symbols: Fix debuginfo search for Ubuntu Greg Kroah-Hartman
2020-06-19 23:48 ` [PATCH 4.19 000/267] 4.19.129-rc1 review Guenter Roeck
2020-06-20 4:09 ` Daniel Díaz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).