Stable Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 5.5 000/120] 5.5.4-stable review
@ 2020-02-13 15:19 Greg Kroah-Hartman
  2020-02-13 15:19 ` [PATCH 5.5 001/120] IB/mlx4: Fix memory leak in add_gid error flow Greg Kroah-Hartman
                   ` (124 more replies)
  0 siblings, 125 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:19 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 5.5.4 release.
There are 120 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 5.5.4-rc1

Nicolai Stange <nstange@suse.de>
    libertas: make lbs_ibss_join_existing() return error code on rates overflow

Nicolai Stange <nstange@suse.de>
    libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held

Qing Xu <m1s5p6688@gmail.com>
    mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

Qing Xu <m1s5p6688@gmail.com>
    mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

Chuhong Yuan <hslester96@gmail.com>
    dmaengine: axi-dmac: add a check for devm_regmap_init_mmio

Jerome Brunet <jbrunet@baylibre.com>
    clk: meson: g12a: fix missing uart2 in regmap table

Bartosz Golaszewski <bgolaszewski@baylibre.com>
    mfd: max77650: Select REGMAP_IRQ in Kconfig

Ben Whitten <ben.whitten@gmail.com>
    regmap: fix writes to non incrementing registers

Stephen Boyd <swboyd@chromium.org>
    pinctrl: qcom: Don't lock around irq_set_irq_wake()

Geert Uytterhoeven <geert+renesas@glider.be>
    pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B

Geert Uytterhoeven <geert+renesas@glider.be>
    pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control

Andy Shevchenko <andriy.shevchenko@linux.intel.com>
    pinctrl: baytrail: Allocate IRQ chip dynamic

Stephen Smalley <sds@tycho.nsa.gov>
    selinux: fix regression introduced by move_mount(2) syscall

Stephen Smalley <sds@tycho.nsa.gov>
    selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"

Dave Hansen <dave.hansen@linux.intel.com>
    x86/alternatives: add missing insn.h include

Coly Li <colyli@suse.de>
    bcache: avoid unnecessary btree nodes flushing in btree_flush_write()

Shengjiu Wang <shengjiu.wang@nxp.com>
    ASoC: soc-generic-dmaengine-pcm: Fix error handling

Beniamin Bia <beniamin.bia@analog.com>
    dt-bindings: iio: adc: ad7606: Fix wrong maxItems value

Raul E Rangel <rrangel@chromium.org>
    i2c: cros-ec-tunnel: Fix ACPI identifier

Akshu Agrawal <akshu.agrawal@amd.com>
    i2c: cros-ec-tunnel: Fix slave device enumeration

Gustavo A. R. Silva <gustavo@embeddedor.com>
    media: i2c: adv748x: Fix unsafe macros

Christophe Roullier <christophe.roullier@st.com>
    drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe

Horia Geantă <horia.geanta@nxp.com>
    crypto: caam/qi2 - fix typo in algorithm's driver name

Eric Biggers <ebiggers@google.com>
    crypto: atmel-sha - fix error handling when setting hmac key

Eric Biggers <ebiggers@google.com>
    crypto: artpec6 - return correct error code for failed setkey()

Eric Biggers <ebiggers@google.com>
    crypto: testmgr - don't try to decrypt uninitialized buffers

YueHaibing <yuehaibing@huawei.com>
    mtd: sharpslpart: Fix unsigned comparison to zero

Nathan Chancellor <natechancellor@gmail.com>
    mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock

Russell King <rmk+kernel@armlinux.org.uk>
    arm64: kvm: Fix IDMAP overlap with HYP VA

Suzuki K Poulose <suzuki.poulose@arm.com>
    arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly

Alexandru Elisei <alexandru.elisei@arm.com>
    KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer

Eric Auger <eric.auger@redhat.com>
    KVM: arm64: pmu: Fix chained SW_INCR counters

Eric Auger <eric.auger@redhat.com>
    KVM: arm64: pmu: Don't increment SW_INCR if PMCR.E is unset

James Morse <james.morse@arm.com>
    KVM: arm: Make inject_abt32() inject an external abort instead

James Morse <james.morse@arm.com>
    KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests

Gavin Shan <gshan@redhat.com>
    KVM: arm/arm64: Fix young bit from mmu notifier

Ard Biesheuvel <ardb@kernel.org>
    crypto: arm/chacha - fix build failured when kernel mode NEON is disabled

Suzuki K Poulose <suzuki.poulose@arm.com>
    arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations

Suzuki K Poulose <suzuki.poulose@arm.com>
    arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly

Suzuki K Poulose <suzuki.poulose@arm.com>
    arm64: cpufeature: Fix the type of no FP/SIMD capability

Mark Brown <broonie@kernel.org>
    arm64: kernel: Correct annotation of end of el0_sync

Qais Yousef <qais.yousef@arm.com>
    sched/uclamp: Fix a bug in propagating uclamp value in new cgroups

Olof Johansson <olof@lixom.net>
    ARM: 8949/1: mm: mark free_memmap as __init

Eric Auger <eric.auger@redhat.com>
    KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections

Claudiu Beznea <claudiu.beznea@microchip.com>
    ARM: at91: pm: use of_device_id array to find the proper shdwc node

Claudiu Beznea <claudiu.beznea@microchip.com>
    ARM: at91: pm: use SAM9X60 PMC's compatible

Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
    iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA

Alexey Kardashevskiy <aik@ozlabs.ru>
    powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW

Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
    powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning

Vaibhav Jain <vaibhav@linux.ibm.com>
    powerpc/papr_scm: Fix leaking 'bus_desc.provider_name' in some paths

Christophe Leroy <christophe.leroy@c-s.fr>
    powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX

Christophe Leroy <christophe.leroy@c-s.fr>
    powerpc/ptdump: Fix W+X verification call in mark_rodata_ro()

Ram Pai <linuxram@us.ibm.com>
    Revert "powerpc/pseries/iommu: Don't use dma_iommu_ops on secure guests"

Douglas Anderson <dianders@chromium.org>
    soc: qcom: rpmhpd: Set 'active_only' for active only power domains

Zhengyuan Liu <liuzhengyuan@kylinos.cn>
    tools/power/acpi: fix compilation error

Alexandre Belloni <alexandre.belloni@bootlin.com>
    ARM: dts: at91: sama5d3: define clock rate range for tcb1

Alexandre Belloni <alexandre.belloni@bootlin.com>
    ARM: dts: at91: sama5d3: fix maximum peripheral clock rates

Martin Blumenstingl <martin.blumenstingl@googlemail.com>
    ARM: dts: meson8b: use the actual frequency for the GPU's 364MHz OPP

Martin Blumenstingl <martin.blumenstingl@googlemail.com>
    ARM: dts: meson8: use the actual frequency for the GPU's 182.1MHz OPP

Baruch Siach <baruch@tkos.co.il>
    arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node

Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
    arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound

Tero Kristo <t-kristo@ti.com>
    ARM: dts: am43xx: add support for clkout1 clock

Ingo van Lil <inguin@gmx.de>
    ARM: dts: at91: Reenable UART TX pull-ups

Bjorn Andersson <bjorn.andersson@linaro.org>
    arm64: dts: qcom: msm8998-mtp: Add alias for blsp1_uart3

Russell King <rmk+kernel@armlinux.org.uk>
    arm64: dts: uDPU: fix broken ethernet

Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
    arm64: dts: qcom: msm8998: Fix tcsr syscon size

Mika Westerberg <mika.westerberg@linux.intel.com>
    platform/x86: intel_mid_powerbtn: Take a copy of ddata

Jose Abreu <Jose.Abreu@synopsys.com>
    ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node

Tiezhu Yang <yangtiezhu@loongson.cn>
    MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()

Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
    watchdog: qcom: Use platform_get_irq_optional() for bark irq

Andy Shevchenko <andriy.shevchenko@linux.intel.com>
    rtc: cmos: Stop using shared IRQ

Geert Uytterhoeven <geert@linux-m68k.org>
    rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed

Paul Kocialkowski <paul.kocialkowski@bootlin.com>
    rtc: hym8563: Return -EINVAL if the time is known to be invalid

Wei Yongjun <weiyongjun1@huawei.com>
    rtc: mt6397: drop free_irq of devm_ allocated irq

Taehee Yoo <ap420073@gmail.com>
    netdevsim: use __GFP_NOWARN to avoid memalloc warning

Taehee Yoo <ap420073@gmail.com>
    netdevsim: fix panic in nsim_dev_take_snapshot_write()

Taehee Yoo <ap420073@gmail.com>
    netdevsim: disable devlink reload when resources are being used

Taehee Yoo <ap420073@gmail.com>
    netdevsim: fix using uninitialized resources

Lorenzo Bianconi <lorenzo@kernel.org>
    mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap

Lorenz Bauer <lmb@cloudflare.com>
    bpf, sockmap: Check update requirements after locking

Martin KaFai Lau <kafai@fb.com>
    bpf: Improve bucket_log calculation logic

Jakub Sitnicki <jakub@cloudflare.com>
    selftests/bpf: Test freeing sockmap/sockhash with a socket in it

Jakub Sitnicki <jakub@cloudflare.com>
    bpf, sockhash: Synchronize_rcu before free'ing map

Jakub Sitnicki <jakub@cloudflare.com>
    bpf, sockmap: Don't sleep while holding RCU lock on tear-down

Toke Høiland-Jørgensen <toke@redhat.com>
    bpftool: Don't crash on missing xlated program instructions

Steven Clarkson <sc@lambdal.com>
    x86/boot: Handle malformed SRAT tables during early ACPI parsing

Robert Milkowski <rmilkowski@gmail.com>
    NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals

Robert Milkowski <rmilkowski@gmail.com>
    NFSv4: try lease recovery on NFS4ERR_EXPIRED

Trond Myklebust <trondmy@gmail.com>
    NFSv4: pnfs_roc() must use cred_fscmp() to compare creds

Trond Myklebust <trondmy@gmail.com>
    NFS: Fix fix of show_nfs_errors

Trond Myklebust <trondmy@gmail.com>
    NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes()

Trond Myklebust <trondmy@gmail.com>
    NFS: Revalidate the file size on a fatal write error

Geert Uytterhoeven <geert+renesas@glider.be>
    nfs: NFS_SWAP should depend on SWAP

Olga Kornievskaia <kolga@netapp.com>
    NFSv4.x recover from pre-mature loss of openstateid

Paul Blakey <paulb@mellanox.com>
    netfilter: flowtable: Fix missing flush hardware on table free

Paul Blakey <paulb@mellanox.com>
    netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup

Pablo Neira Ayuso <pablo@netfilter.org>
    netfilter: flowtable: restrict flow dissector match on meta ingress device

Pablo Neira Ayuso <pablo@netfilter.org>
    netfilter: flowtable: fetch stats only if flow is still alive

Emmanuel Grumbach <emmanuel.grumbach@intel.com>
    iwlwifi: mvm: fix TDLS discovery with the new firmware API

Avraham Stern <avraham.stern@intel.com>
    iwlwifi: mvm: avoid use after free for pmsr request

Dongdong Liu <liudongdong3@huawei.com>
    PCI/AER: Initialize aer_fifo

Logan Gunthorpe <logang@deltatee.com>
    PCI: Don't disable bridge BARs when assigning bus resources

Marcel Ziswiler <marcel@ziswiler.com>
    PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30

Logan Gunthorpe <logang@deltatee.com>
    PCI/switchtec: Fix vep_vector_number ioread width

Wesley Sheng <wesley.sheng@microchip.com>
    PCI/switchtec: Use dma_set_mask_and_coherent()

Bryan O'Donoghue <bryan.odonoghue@linaro.org>
    ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe

Navid Emamdoost <navid.emamdoost@gmail.com>
    PCI/IOV: Fix memory leak in pci_iov_add_virtfn()

Bean Huo <beanhuo@micron.com>
    scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails

Artemy Kovalyov <artemyko@mellanox.com>
    RDMA/umem: Fix ib_umem_find_best_pgsz()

Parav Pandit <parav@mellanox.com>
    RDMA/cma: Fix unbalanced cm_id reference count during address resolve

Jason Gunthorpe <jgg@ziepe.ca>
    RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence

Jason Gunthorpe <jgg@ziepe.ca>
    RDMA/mlx5: Fix handling of IOVA != user_va in ODP paths

Michael Guralnik <michaelgur@mellanox.com>
    RDMA/uverbs: Verify MR access flags

Jason Gunthorpe <jgg@ziepe.ca>
    RDMA/core: Fix locking in ib_uverbs_event_read

Xiyu Yang <xiyuyang19@fudan.edu.cn>
    RDMA/i40iw: fix a potential NULL pointer dereference

Håkon Bugge <haakon.bugge@oracle.com>
    RDMA/netlink: Do not always generate an ACK for some netlink operations

Håkon Bugge <haakon.bugge@oracle.com>
    IB/mlx4: Fix leak in id_map_find_del

Danit Goldberg <danitg@mellanox.com>
    IB/mlx5: Return the administrative GUID if exists

Sergey Gorenko <sergeygo@mellanox.com>
    IB/srp: Never use immediate data if it is disabled by a user

Jack Morgenstein <jackm@dev.mellanox.co.il>
    IB/mlx4: Fix memory leak in add_gid error flow


-------------

Diffstat:

 .../devicetree/bindings/iio/adc/adi,ad7606.yaml    |  8 +--
 Makefile                                           |  4 +-
 arch/arc/boot/dts/axs10x_mb.dtsi                   |  1 +
 arch/arm/boot/dts/am43xx-clocks.dtsi               | 54 ++++++++++++++
 arch/arm/boot/dts/at91sam9260.dtsi                 | 12 ++--
 arch/arm/boot/dts/at91sam9261.dtsi                 |  6 +-
 arch/arm/boot/dts/at91sam9263.dtsi                 |  6 +-
 arch/arm/boot/dts/at91sam9g45.dtsi                 |  8 +--
 arch/arm/boot/dts/at91sam9rl.dtsi                  |  8 +--
 arch/arm/boot/dts/meson8.dtsi                      |  4 +-
 arch/arm/boot/dts/meson8b.dtsi                     |  4 +-
 arch/arm/boot/dts/sama5d3.dtsi                     | 28 ++++----
 arch/arm/boot/dts/sama5d3_can.dtsi                 |  4 +-
 arch/arm/boot/dts/sama5d3_tcb1.dtsi                |  1 +
 arch/arm/boot/dts/sama5d3_uart.dtsi                |  4 +-
 arch/arm/crypto/chacha-glue.c                      |  4 +-
 arch/arm/mach-at91/pm.c                            |  9 ++-
 arch/arm/mm/init.c                                 |  2 +-
 arch/arm64/boot/dts/marvell/armada-3720-uDPU.dts   |  4 ++
 .../dts/marvell/armada-8040-clearfog-gt-8k.dts     |  2 +
 arch/arm64/boot/dts/qcom/msm8998-mtp.dtsi          |  1 +
 arch/arm64/boot/dts/qcom/msm8998.dtsi              |  2 +-
 arch/arm64/boot/dts/renesas/r8a77990-ebisu.dts     |  1 -
 arch/arm64/kernel/cpufeature.c                     | 39 ++++++++--
 arch/arm64/kernel/entry.S                          |  5 +-
 arch/arm64/kernel/fpsimd.c                         | 30 +++++++-
 arch/arm64/kernel/ptrace.c                         | 21 ++++++
 arch/arm64/kvm/hyp/switch.c                        | 10 ++-
 arch/arm64/kvm/va_layout.c                         | 56 +++++++--------
 arch/mips/loongson64/platform.c                    |  3 +
 arch/powerpc/Kconfig.debug                         |  2 +-
 arch/powerpc/mm/pgtable_32.c                       |  1 +
 arch/powerpc/platforms/pseries/iommu.c             | 54 +++++++-------
 arch/powerpc/platforms/pseries/papr_scm.c          |  2 +
 arch/powerpc/platforms/pseries/vio.c               |  2 +
 arch/x86/boot/compressed/acpi.c                    |  6 ++
 arch/x86/kernel/alternative.c                      |  1 +
 crypto/testmgr.c                                   | 20 ++++--
 drivers/base/regmap/regmap.c                       | 17 +++--
 drivers/clk/meson/g12a.c                           |  1 +
 drivers/crypto/atmel-sha.c                         |  7 +-
 drivers/crypto/axis/artpec6_crypto.c               |  2 +-
 drivers/crypto/caam/caamalg_qi2.c                  |  2 +-
 drivers/dma/dma-axi-dmac.c                         | 10 ++-
 drivers/i2c/busses/i2c-cros-ec-tunnel.c            |  3 +-
 drivers/infiniband/core/addr.c                     |  2 +-
 drivers/infiniband/core/cma.c                      |  2 +
 drivers/infiniband/core/ib_core_uverbs.c           |  2 +
 drivers/infiniband/core/sa_query.c                 |  4 +-
 drivers/infiniband/core/umem.c                     |  9 ++-
 drivers/infiniband/core/uverbs_main.c              | 32 ++++-----
 drivers/infiniband/hw/i40iw/i40iw_main.c           |  2 +
 drivers/infiniband/hw/mlx4/cm.c                    | 29 +-------
 drivers/infiniband/hw/mlx4/main.c                  | 20 ++++--
 drivers/infiniband/hw/mlx5/ib_virt.c               | 28 ++++----
 drivers/infiniband/hw/mlx5/mr.c                    |  2 +
 drivers/infiniband/hw/mlx5/odp.c                   | 19 +++--
 drivers/infiniband/ulp/srp/ib_srp.c                |  3 +-
 drivers/iommu/arm-smmu-v3.c                        |  1 +
 drivers/md/bcache/journal.c                        | 80 +++++++++++++++++++--
 drivers/media/i2c/adv748x/adv748x.h                |  8 +--
 drivers/mfd/Kconfig                                |  1 +
 drivers/mtd/nand/onenand/onenand_base.c            | 82 +++++++++++-----------
 drivers/mtd/parsers/sharpslpart.c                  |  4 +-
 drivers/net/netdevsim/bus.c                        | 64 +++++++++++++++--
 drivers/net/netdevsim/dev.c                        | 13 +++-
 drivers/net/netdevsim/health.c                     |  2 +-
 drivers/net/netdevsim/netdevsim.h                  |  4 ++
 drivers/net/wireless/ath/ath10k/pci.c              | 19 ++++-
 .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c |  5 +-
 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c  |  2 +-
 drivers/net/wireless/intel/iwlwifi/mvm/tdls.c      | 10 ++-
 .../net/wireless/intel/iwlwifi/mvm/time-event.c    | 71 ++++++++++++++++---
 .../net/wireless/intel/iwlwifi/mvm/time-event.h    |  4 +-
 drivers/net/wireless/marvell/libertas/cfg.c        |  2 +
 drivers/net/wireless/marvell/mwifiex/scan.c        |  7 ++
 drivers/net/wireless/marvell/mwifiex/wmm.c         |  4 ++
 drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c |  3 +-
 drivers/pci/controller/pci-tegra.c                 |  2 +-
 drivers/pci/iov.c                                  |  9 ++-
 drivers/pci/pcie/aer.c                             |  1 +
 drivers/pci/setup-bus.c                            | 20 ++++--
 drivers/pci/switch/switchtec.c                     |  4 +-
 drivers/pinctrl/intel/pinctrl-baytrail.c           | 19 +++--
 drivers/pinctrl/qcom/pinctrl-msm.c                 |  5 --
 drivers/pinctrl/sh-pfc/pfc-r8a7778.c               |  4 +-
 drivers/pinctrl/sh-pfc/pfc-r8a77965.c              |  6 +-
 drivers/platform/x86/intel_mid_powerbtn.c          |  5 +-
 drivers/rtc/Kconfig                                |  8 ++-
 drivers/rtc/rtc-cmos.c                             |  2 +-
 drivers/rtc/rtc-hym8563.c                          |  2 +-
 drivers/rtc/rtc-mt6397.c                           | 10 +--
 drivers/scsi/ufs/ufshcd.c                          |  3 +-
 drivers/soc/qcom/rpmhpd.c                          |  2 +
 drivers/watchdog/qcom-wdt.c                        |  2 +-
 drivers/watchdog/stm32_iwdg.c                      | 18 +++++
 fs/nfs/Kconfig                                     |  2 +-
 fs/nfs/direct.c                                    |  4 +-
 fs/nfs/nfs3xdr.c                                   |  5 +-
 fs/nfs/nfs42proc.c                                 | 36 +++++++---
 fs/nfs/nfs4_fs.h                                   |  4 +-
 fs/nfs/nfs4proc.c                                  | 19 +++--
 fs/nfs/nfs4renewd.c                                |  5 +-
 fs/nfs/nfs4state.c                                 |  4 +-
 fs/nfs/nfs4trace.h                                 | 33 ++++-----
 fs/nfs/nfs4xdr.c                                   |  5 +-
 fs/nfs/pnfs.c                                      |  4 +-
 fs/nfs/pnfs_nfs.c                                  |  7 +-
 fs/nfs/write.c                                     | 12 +++-
 include/linux/mlx5/driver.h                        |  5 ++
 include/rdma/ib_verbs.h                            |  3 +
 kernel/sched/core.c                                |  6 ++
 net/core/bpf_sk_storage.c                          |  5 +-
 net/core/sock_map.c                                | 28 +++++---
 net/netfilter/nf_flow_table_core.c                 |  8 +--
 net/netfilter/nf_flow_table_offload.c              | 11 ++-
 security/selinux/avc.c                             | 24 ++++++-
 security/selinux/hooks.c                           | 15 +++-
 security/selinux/include/avc.h                     |  5 ++
 sound/soc/soc-generic-dmaengine-pcm.c              | 16 +++--
 tools/bpf/bpftool/prog.c                           |  2 +-
 tools/power/acpi/Makefile.config                   |  2 +-
 .../selftests/bpf/prog_tests/sockmap_basic.c       | 74 +++++++++++++++++++
 virt/kvm/arm/aarch32.c                             | 14 ++--
 virt/kvm/arm/arch_timer.c                          |  3 +-
 virt/kvm/arm/mmu.c                                 |  3 +-
 virt/kvm/arm/pmu.c                                 | 42 ++++++++---
 virt/kvm/arm/vgic/vgic-its.c                       |  3 +-
 128 files changed, 1099 insertions(+), 443 deletions(-)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 001/120] IB/mlx4: Fix memory leak in add_gid error flow
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
@ 2020-02-13 15:19 ` Greg Kroah-Hartman
  2020-02-13 15:19 ` [PATCH 5.5 002/120] IB/srp: Never use immediate data if it is disabled by a user Greg Kroah-Hartman
                   ` (123 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:19 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jack Morgenstein, Parav Pandit,
	Leon Romanovsky, Jason Gunthorpe

From: Jack Morgenstein <jackm@dev.mellanox.co.il>

commit eaad647e5cc27f7b46a27f3b85b14c4c8a64bffa upstream.

In procedure mlx4_ib_add_gid(), if the driver is unable to update the FW
gid table, there is a memory leak in the driver's copy of the gid table:
the gid entry's context buffer is not freed.

If such an error occurs, free the entry's context buffer, and mark the
entry as available (by setting its context pointer to NULL).

Fixes: e26be1bfef81 ("IB/mlx4: Implement ib_device callbacks")
Link: https://lore.kernel.org/r/20200115085050.73746-1-leon@kernel.org
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/hw/mlx4/main.c |   20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

--- a/drivers/infiniband/hw/mlx4/main.c
+++ b/drivers/infiniband/hw/mlx4/main.c
@@ -246,6 +246,13 @@ static int mlx4_ib_update_gids(struct gi
 	return mlx4_ib_update_gids_v1(gids, ibdev, port_num);
 }
 
+static void free_gid_entry(struct gid_entry *entry)
+{
+	memset(&entry->gid, 0, sizeof(entry->gid));
+	kfree(entry->ctx);
+	entry->ctx = NULL;
+}
+
 static int mlx4_ib_add_gid(const struct ib_gid_attr *attr, void **context)
 {
 	struct mlx4_ib_dev *ibdev = to_mdev(attr->device);
@@ -313,6 +320,8 @@ static int mlx4_ib_add_gid(const struct
 				     GFP_ATOMIC);
 		if (!gids) {
 			ret = -ENOMEM;
+			*context = NULL;
+			free_gid_entry(&port_gid_table->gids[free]);
 		} else {
 			for (i = 0; i < MLX4_MAX_PORT_GIDS; i++) {
 				memcpy(&gids[i].gid, &port_gid_table->gids[i].gid, sizeof(union ib_gid));
@@ -324,6 +333,12 @@ static int mlx4_ib_add_gid(const struct
 
 	if (!ret && hw_update) {
 		ret = mlx4_ib_update_gids(gids, ibdev, attr->port_num);
+		if (ret) {
+			spin_lock_bh(&iboe->lock);
+			*context = NULL;
+			free_gid_entry(&port_gid_table->gids[free]);
+			spin_unlock_bh(&iboe->lock);
+		}
 		kfree(gids);
 	}
 
@@ -353,10 +368,7 @@ static int mlx4_ib_del_gid(const struct
 		if (!ctx->refcount) {
 			unsigned int real_index = ctx->real_index;
 
-			memset(&port_gid_table->gids[real_index].gid, 0,
-			       sizeof(port_gid_table->gids[real_index].gid));
-			kfree(port_gid_table->gids[real_index].ctx);
-			port_gid_table->gids[real_index].ctx = NULL;
+			free_gid_entry(&port_gid_table->gids[real_index]);
 			hw_update = 1;
 		}
 	}



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 002/120] IB/srp: Never use immediate data if it is disabled by a user
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
  2020-02-13 15:19 ` [PATCH 5.5 001/120] IB/mlx4: Fix memory leak in add_gid error flow Greg Kroah-Hartman
@ 2020-02-13 15:19 ` Greg Kroah-Hartman
  2020-02-13 15:19 ` [PATCH 5.5 003/120] IB/mlx5: Return the administrative GUID if exists Greg Kroah-Hartman
                   ` (122 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:19 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sergey Gorenko, Bart Van Assche,
	Jason Gunthorpe

From: Sergey Gorenko <sergeygo@mellanox.com>

commit 0fbb37dd82998b5c83355997b3bdba2806968ac7 upstream.

Some SRP targets that do not support specification SRP-2, put the garbage
to the reserved bits of the SRP login response.  The problem was not
detected for a long time because the SRP initiator ignored those bits. But
now one of them is used as SRP_LOGIN_RSP_IMMED_SUPP. And it causes a
critical error on the target when the initiator sends immediate data.

The ib_srp module has a use_imm_date parameter to enable or disable
immediate data manually. But it does not help in the above case, because
use_imm_date is ignored at handling the SRP login response. The problem is
definitely caused by a bug on the target side, but the initiator's
behavior also does not look correct.  The initiator should not use
immediate data if use_imm_date is disabled by a user.

This commit adds an additional checking of use_imm_date at the handling of
SRP login response to avoid unexpected use of immediate data.

Fixes: 882981f4a411 ("RDMA/srp: Add support for immediate data")
Link: https://lore.kernel.org/r/20200115133055.30232-1-sergeygo@mellanox.com
Signed-off-by: Sergey Gorenko <sergeygo@mellanox.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/ulp/srp/ib_srp.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -2546,7 +2546,8 @@ static void srp_cm_rep_handler(struct ib
 	if (lrsp->opcode == SRP_LOGIN_RSP) {
 		ch->max_ti_iu_len = be32_to_cpu(lrsp->max_ti_iu_len);
 		ch->req_lim       = be32_to_cpu(lrsp->req_lim_delta);
-		ch->use_imm_data  = lrsp->rsp_flags & SRP_LOGIN_RSP_IMMED_SUPP;
+		ch->use_imm_data  = srp_use_imm_data &&
+			(lrsp->rsp_flags & SRP_LOGIN_RSP_IMMED_SUPP);
 		ch->max_it_iu_len = srp_max_it_iu_len(target->cmd_sg_cnt,
 						      ch->use_imm_data,
 						      target->max_it_iu_size);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 003/120] IB/mlx5: Return the administrative GUID if exists
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
  2020-02-13 15:19 ` [PATCH 5.5 001/120] IB/mlx4: Fix memory leak in add_gid error flow Greg Kroah-Hartman
  2020-02-13 15:19 ` [PATCH 5.5 002/120] IB/srp: Never use immediate data if it is disabled by a user Greg Kroah-Hartman
@ 2020-02-13 15:19 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 004/120] IB/mlx4: Fix leak in id_map_find_del Greg Kroah-Hartman
                   ` (121 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:19 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Danit Goldberg, Leon Romanovsky,
	Jason Gunthorpe

From: Danit Goldberg <danitg@mellanox.com>

commit 4bbd4923d1f5627b0c47a9d7dfb5cc91224cfe0c upstream.

A user can change the operational GUID (a.k.a affective GUID) through
link/infiniband. Therefore it is preferred to return the currently set
GUID if it exists instead of the operational.

This way the PF can query which VF GUID will be set in the next bind.  In
order to align with MAC address, zero is returned if administrative GUID
is not set.

For example, before setting administrative GUID:
 $ ip link show
 ib0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 4092 qdisc mq state UP mode DEFAULT group default qlen 256
 link/infiniband 00:00:00:08:fe:80:00:00:00:00:00:00:52:54:00:c0:fe:12:34:55 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
 vf 0     link/infiniband 00:00:00:08:fe:80:00:00:00:00:00:00:52:54:00:c0:fe:12:34:55 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff,
 spoof checking off, NODE_GUID 00:00:00:00:00:00:00:00, PORT_GUID 00:00:00:00:00:00:00:00, link-state auto, trust off, query_rss off

Then:

 $ ip link set ib0 vf 0 node_guid 11:00:af:21:cb:05:11:00
 $ ip link set ib0 vf 0 port_guid 22:11:af:21:cb:05:11:00

After setting administrative GUID:
 $ ip link show
 ib0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 4092 qdisc mq state UP mode DEFAULT group default qlen 256
 link/infiniband 00:00:00:08:fe:80:00:00:00:00:00:00:52:54:00:c0:fe:12:34:55 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
 vf 0     link/infiniband 00:00:00:08:fe:80:00:00:00:00:00:00:52:54:00:c0:fe:12:34:55 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff,
 spoof checking off, NODE_GUID 11:00:af:21:cb:05:11:00, PORT_GUID 22:11:af:21:cb:05:11:00, link-state auto, trust off, query_rss off

Fixes: 9c0015ef0928 ("IB/mlx5: Implement callbacks for getting VFs GUID attributes")
Link: https://lore.kernel.org/r/20200116120048.12744-1-leon@kernel.org
Signed-off-by: Danit Goldberg <danitg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/hw/mlx5/ib_virt.c |   28 ++++++++++++----------------
 include/linux/mlx5/driver.h          |    5 +++++
 2 files changed, 17 insertions(+), 16 deletions(-)

--- a/drivers/infiniband/hw/mlx5/ib_virt.c
+++ b/drivers/infiniband/hw/mlx5/ib_virt.c
@@ -164,8 +164,10 @@ static int set_vf_node_guid(struct ib_de
 	in->field_select = MLX5_HCA_VPORT_SEL_NODE_GUID;
 	in->node_guid = guid;
 	err = mlx5_core_modify_hca_vport_context(mdev, 1, 1, vf + 1, in);
-	if (!err)
+	if (!err) {
 		vfs_ctx[vf].node_guid = guid;
+		vfs_ctx[vf].node_guid_valid = 1;
+	}
 	kfree(in);
 	return err;
 }
@@ -185,8 +187,10 @@ static int set_vf_port_guid(struct ib_de
 	in->field_select = MLX5_HCA_VPORT_SEL_PORT_GUID;
 	in->port_guid = guid;
 	err = mlx5_core_modify_hca_vport_context(mdev, 1, 1, vf + 1, in);
-	if (!err)
+	if (!err) {
 		vfs_ctx[vf].port_guid = guid;
+		vfs_ctx[vf].port_guid_valid = 1;
+	}
 	kfree(in);
 	return err;
 }
@@ -208,20 +212,12 @@ int mlx5_ib_get_vf_guid(struct ib_device
 {
 	struct mlx5_ib_dev *dev = to_mdev(device);
 	struct mlx5_core_dev *mdev = dev->mdev;
-	struct mlx5_hca_vport_context *rep;
-	int err;
+	struct mlx5_vf_context *vfs_ctx = mdev->priv.sriov.vfs_ctx;
 
-	rep = kzalloc(sizeof(*rep), GFP_KERNEL);
-	if (!rep)
-		return -ENOMEM;
+	node_guid->guid =
+		vfs_ctx[vf].node_guid_valid ? vfs_ctx[vf].node_guid : 0;
+	port_guid->guid =
+		vfs_ctx[vf].port_guid_valid ? vfs_ctx[vf].port_guid : 0;
 
-	err = mlx5_query_hca_vport_context(mdev, 1, 1, vf+1, rep);
-	if (err)
-		goto ex;
-
-	port_guid->guid = rep->port_guid;
-	node_guid->guid = rep->node_guid;
-ex:
-	kfree(rep);
-	return err;
+	return 0;
 }
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -461,6 +461,11 @@ struct mlx5_vf_context {
 	int	enabled;
 	u64	port_guid;
 	u64	node_guid;
+	/* Valid bits are used to validate administrative guid only.
+	 * Enabled after ndo_set_vf_guid
+	 */
+	u8	port_guid_valid:1;
+	u8	node_guid_valid:1;
 	enum port_state_policy	policy;
 };
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 004/120] IB/mlx4: Fix leak in id_map_find_del
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2020-02-13 15:19 ` [PATCH 5.5 003/120] IB/mlx5: Return the administrative GUID if exists Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 005/120] RDMA/netlink: Do not always generate an ACK for some netlink operations Greg Kroah-Hartman
                   ` (120 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Håkon Bugge, Manjunath Patil,
	Rama Nichanamatlu, Jack Morgenstein, Jason Gunthorpe

From: Håkon Bugge <haakon.bugge@oracle.com>

commit ea660ad7c1c476fd6e5e3b17780d47159db71dea upstream.

Using CX-3 virtual functions, either from a bare-metal machine or
pass-through from a VM, MAD packets are proxied through the PF driver.

Since the VF drivers have separate name spaces for MAD Transaction Ids
(TIDs), the PF driver has to re-map the TIDs and keep the book keeping in
a cache.

Following the RDMA Connection Manager (CM) protocol, it is clear when an
entry has to evicted from the cache. When a DREP is sent from
mlx4_ib_multiplex_cm_handler(), id_map_find_del() is called. Similar when
a REJ is received by the mlx4_ib_demux_cm_handler(), id_map_find_del() is
called.

This function wipes out the TID in use from the IDR or XArray and removes
the id_map_entry from the table.

In short, it does everything except the topping of the cake, which is to
remove the entry from the list and free it. In other words, for the REJ
case enumerated above, one id_map_entry will be leaked.

For the other case above, a DREQ has been received first. The reception of
the DREQ will trigger queuing of a delayed work to delete the
id_map_entry, for the case where the VM doesn't send back a DREP.

In the normal case, the VM _will_ send back a DREP, and id_map_find_del()
will be called.

But this scenario introduces a secondary leak. First, when the DREQ is
received, a delayed work is queued. The VM will then return a DREP, which
will call id_map_find_del(). As stated above, this will free the TID used
from the XArray or IDR. Now, there is window where that particular TID can
be re-allocated, lets say by an outgoing REQ. This TID will later be wiped
out by the delayed work, when the function id_map_ent_timeout() is
called. But the id_map_entry allocated by the outgoing REQ will not be
de-allocated, and we have a leak.

Both leaks are fixed by removing the id_map_find_del() function and only
using schedule_delayed(). Of course, a check in schedule_delayed() to see
if the work already has been queued, has been added.

Another benefit of always using the delayed version for deleting entries,
is that we do get a TimeWait effect; a TID no longer in use, will occupy
the XArray or IDR for CM_CLEANUP_CACHE_TIMEOUT time, without any ability
of being re-used for that time period.

Fixes: 3cf69cc8dbeb ("IB/mlx4: Add CM paravirtualization")
Link: https://lore.kernel.org/r/20200123155521.1212288-1-haakon.bugge@oracle.com
Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com>
Signed-off-by: Manjunath Patil <manjunath.b.patil@oracle.com>
Reviewed-by: Rama Nichanamatlu <rama.nichanamatlu@oracle.com>
Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/hw/mlx4/cm.c |   29 +++--------------------------
 1 file changed, 3 insertions(+), 26 deletions(-)

--- a/drivers/infiniband/hw/mlx4/cm.c
+++ b/drivers/infiniband/hw/mlx4/cm.c
@@ -186,23 +186,6 @@ out:
 	kfree(ent);
 }
 
-static void id_map_find_del(struct ib_device *ibdev, int pv_cm_id)
-{
-	struct mlx4_ib_sriov *sriov = &to_mdev(ibdev)->sriov;
-	struct rb_root *sl_id_map = &sriov->sl_id_map;
-	struct id_map_entry *ent, *found_ent;
-
-	spin_lock(&sriov->id_map_lock);
-	ent = xa_erase(&sriov->pv_id_table, pv_cm_id);
-	if (!ent)
-		goto out;
-	found_ent = id_map_find_by_sl_id(ibdev, ent->slave_id, ent->sl_cm_id);
-	if (found_ent && found_ent == ent)
-		rb_erase(&found_ent->node, sl_id_map);
-out:
-	spin_unlock(&sriov->id_map_lock);
-}
-
 static void sl_id_map_add(struct ib_device *ibdev, struct id_map_entry *new)
 {
 	struct rb_root *sl_id_map = &to_mdev(ibdev)->sriov.sl_id_map;
@@ -294,7 +277,7 @@ static void schedule_delayed(struct ib_d
 	spin_lock(&sriov->id_map_lock);
 	spin_lock_irqsave(&sriov->going_down_lock, flags);
 	/*make sure that there is no schedule inside the scheduled work.*/
-	if (!sriov->is_going_down) {
+	if (!sriov->is_going_down && !id->scheduled_delete) {
 		id->scheduled_delete = 1;
 		schedule_delayed_work(&id->timeout, CM_CLEANUP_CACHE_TIMEOUT);
 	}
@@ -341,9 +324,6 @@ cont:
 
 	if (mad->mad_hdr.attr_id == CM_DREQ_ATTR_ID)
 		schedule_delayed(ibdev, id);
-	else if (mad->mad_hdr.attr_id == CM_DREP_ATTR_ID)
-		id_map_find_del(ibdev, pv_cm_id);
-
 	return 0;
 }
 
@@ -382,12 +362,9 @@ int mlx4_ib_demux_cm_handler(struct ib_d
 		*slave = id->slave_id;
 	set_remote_comm_id(mad, id->sl_cm_id);
 
-	if (mad->mad_hdr.attr_id == CM_DREQ_ATTR_ID)
+	if (mad->mad_hdr.attr_id == CM_DREQ_ATTR_ID ||
+	    mad->mad_hdr.attr_id == CM_REJ_ATTR_ID)
 		schedule_delayed(ibdev, id);
-	else if (mad->mad_hdr.attr_id == CM_REJ_ATTR_ID ||
-			mad->mad_hdr.attr_id == CM_DREP_ATTR_ID) {
-		id_map_find_del(ibdev, (int) pv_cm_id);
-	}
 
 	return 0;
 }



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 005/120] RDMA/netlink: Do not always generate an ACK for some netlink operations
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 004/120] IB/mlx4: Fix leak in id_map_find_del Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 006/120] RDMA/i40iw: fix a potential NULL pointer dereference Greg Kroah-Hartman
                   ` (119 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Mark Haywood, Håkon Bugge,
	Leon Romanovsky, Jason Gunthorpe

From: Håkon Bugge <haakon.bugge@oracle.com>

commit a242c36951ecd24bc16086940dbe6b522205c461 upstream.

In rdma_nl_rcv_skb(), the local variable err is assigned the return value
of the supplied callback function, which could be one of
ib_nl_handle_resolve_resp(), ib_nl_handle_set_timeout(), or
ib_nl_handle_ip_res_resp(). These three functions all return skb->len on
success.

rdma_nl_rcv_skb() is merely a copy of netlink_rcv_skb(). The callback
functions used by the latter have the convention: "Returns 0 on success or
a negative error code".

In particular, the statement (equal for both functions):

   if (nlh->nlmsg_flags & NLM_F_ACK || err)

implies that rdma_nl_rcv_skb() always will ack a message, independent of
the NLM_F_ACK being set in nlmsg_flags or not.

The fix could be to change the above statement, but it is better to keep
the two *_rcv_skb() functions equal in this respect and instead change the
three callback functions in the rdma subsystem to the correct convention.

Fixes: 2ca546b92a02 ("IB/sa: Route SA pathrecord query through netlink")
Fixes: ae43f8286730 ("IB/core: Add IP to GID netlink offload")
Link: https://lore.kernel.org/r/20191216120436.3204814-1-haakon.bugge@oracle.com
Suggested-by: Mark Haywood <mark.haywood@oracle.com>
Signed-off-by: Håkon Bugge <haakon.bugge@oracle.com>
Tested-by: Mark Haywood <mark.haywood@oracle.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/core/addr.c     |    2 +-
 drivers/infiniband/core/sa_query.c |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -139,7 +139,7 @@ int ib_nl_handle_ip_res_resp(struct sk_b
 	if (ib_nl_is_good_ip_resp(nlh))
 		ib_nl_process_good_ip_rsep(nlh);
 
-	return skb->len;
+	return 0;
 }
 
 static int ib_nl_ip_send_msg(struct rdma_dev_addr *dev_addr,
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -1068,7 +1068,7 @@ int ib_nl_handle_set_timeout(struct sk_b
 	}
 
 settimeout_out:
-	return skb->len;
+	return 0;
 }
 
 static inline int ib_nl_is_good_resolve_resp(const struct nlmsghdr *nlh)
@@ -1139,7 +1139,7 @@ int ib_nl_handle_resolve_resp(struct sk_
 	}
 
 resp_out:
-	return skb->len;
+	return 0;
 }
 
 static void free_sm_ah(struct kref *kref)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 006/120] RDMA/i40iw: fix a potential NULL pointer dereference
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 005/120] RDMA/netlink: Do not always generate an ACK for some netlink operations Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 007/120] RDMA/core: Fix locking in ib_uverbs_event_read Greg Kroah-Hartman
                   ` (118 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Xiyu Yang, Xin Tan, Leon Romanovsky,
	Jason Gunthorpe

From: Xiyu Yang <xiyuyang19@fudan.edu.cn>

commit 04db1580b5e48a79e24aa51ecae0cd4b2296ec23 upstream.

A NULL pointer can be returned by in_dev_get(). Thus add a corresponding
check so that a NULL pointer dereference will be avoided at this place.

Fixes: 8e06af711bf2 ("i40iw: add main, hdr, status")
Link: https://lore.kernel.org/r/1577672668-46499-1-git-send-email-xiyuyang19@fudan.edu.cn
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/hw/i40iw/i40iw_main.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/infiniband/hw/i40iw/i40iw_main.c
+++ b/drivers/infiniband/hw/i40iw/i40iw_main.c
@@ -1225,6 +1225,8 @@ static void i40iw_add_ipv4_addr(struct i
 			const struct in_ifaddr *ifa;
 
 			idev = in_dev_get(dev);
+			if (!idev)
+				continue;
 			in_dev_for_each_ifa_rtnl(ifa, idev) {
 				i40iw_debug(&iwdev->sc_dev, I40IW_DEBUG_CM,
 					    "IP=%pI4, vlan_id=%d, MAC=%pM\n", &ifa->ifa_address,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 007/120] RDMA/core: Fix locking in ib_uverbs_event_read
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 006/120] RDMA/i40iw: fix a potential NULL pointer dereference Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 008/120] RDMA/uverbs: Verify MR access flags Greg Kroah-Hartman
                   ` (117 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Yishai Hadas, Håkon Bugge,
	Jason Gunthorpe

From: Jason Gunthorpe <jgg@mellanox.com>

commit 14e23bd6d22123f6f3b2747701fa6cd4c6d05873 upstream.

This should not be using ib_dev to test for disassociation, during
disassociation is_closed is set under lock and the waitq is triggered.

Instead check is_closed and be sure to re-obtain the lock to test the
value after the wait_event returns.

Fixes: 036b10635739 ("IB/uverbs: Enable device removal when there are active user space applications")
Link: https://lore.kernel.org/r/1578504126-9400-12-git-send-email-yishaih@mellanox.com
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Reviewed-by: Håkon Bugge <haakon.bugge@oracle.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/core/uverbs_main.c |   32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -220,7 +220,6 @@ void ib_uverbs_release_file(struct kref
 }
 
 static ssize_t ib_uverbs_event_read(struct ib_uverbs_event_queue *ev_queue,
-				    struct ib_uverbs_file *uverbs_file,
 				    struct file *filp, char __user *buf,
 				    size_t count, loff_t *pos,
 				    size_t eventsz)
@@ -238,19 +237,16 @@ static ssize_t ib_uverbs_event_read(stru
 
 		if (wait_event_interruptible(ev_queue->poll_wait,
 					     (!list_empty(&ev_queue->event_list) ||
-			/* The barriers built into wait_event_interruptible()
-			 * and wake_up() guarentee this will see the null set
-			 * without using RCU
-			 */
-					     !uverbs_file->device->ib_dev)))
+					      ev_queue->is_closed)))
 			return -ERESTARTSYS;
 
+		spin_lock_irq(&ev_queue->lock);
+
 		/* If device was disassociated and no event exists set an error */
-		if (list_empty(&ev_queue->event_list) &&
-		    !uverbs_file->device->ib_dev)
+		if (list_empty(&ev_queue->event_list) && ev_queue->is_closed) {
+			spin_unlock_irq(&ev_queue->lock);
 			return -EIO;
-
-		spin_lock_irq(&ev_queue->lock);
+		}
 	}
 
 	event = list_entry(ev_queue->event_list.next, struct ib_uverbs_event, list);
@@ -285,8 +281,7 @@ static ssize_t ib_uverbs_async_event_rea
 {
 	struct ib_uverbs_async_event_file *file = filp->private_data;
 
-	return ib_uverbs_event_read(&file->ev_queue, file->uverbs_file, filp,
-				    buf, count, pos,
+	return ib_uverbs_event_read(&file->ev_queue, filp, buf, count, pos,
 				    sizeof(struct ib_uverbs_async_event_desc));
 }
 
@@ -296,9 +291,8 @@ static ssize_t ib_uverbs_comp_event_read
 	struct ib_uverbs_completion_event_file *comp_ev_file =
 		filp->private_data;
 
-	return ib_uverbs_event_read(&comp_ev_file->ev_queue,
-				    comp_ev_file->uobj.ufile, filp,
-				    buf, count, pos,
+	return ib_uverbs_event_read(&comp_ev_file->ev_queue, filp, buf, count,
+				    pos,
 				    sizeof(struct ib_uverbs_comp_event_desc));
 }
 
@@ -321,7 +315,9 @@ static __poll_t ib_uverbs_event_poll(str
 static __poll_t ib_uverbs_async_event_poll(struct file *filp,
 					       struct poll_table_struct *wait)
 {
-	return ib_uverbs_event_poll(filp->private_data, filp, wait);
+	struct ib_uverbs_async_event_file *file = filp->private_data;
+
+	return ib_uverbs_event_poll(&file->ev_queue, filp, wait);
 }
 
 static __poll_t ib_uverbs_comp_event_poll(struct file *filp,
@@ -335,9 +331,9 @@ static __poll_t ib_uverbs_comp_event_pol
 
 static int ib_uverbs_async_event_fasync(int fd, struct file *filp, int on)
 {
-	struct ib_uverbs_event_queue *ev_queue = filp->private_data;
+	struct ib_uverbs_async_event_file *file = filp->private_data;
 
-	return fasync_helper(fd, filp, on, &ev_queue->async_queue);
+	return fasync_helper(fd, filp, on, &file->ev_queue.async_queue);
 }
 
 static int ib_uverbs_comp_event_fasync(int fd, struct file *filp, int on)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 008/120] RDMA/uverbs: Verify MR access flags
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 007/120] RDMA/core: Fix locking in ib_uverbs_event_read Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 009/120] RDMA/mlx5: Fix handling of IOVA != user_va in ODP paths Greg Kroah-Hartman
                   ` (116 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Michael Guralnik, Yishai Hadas,
	Jason Gunthorpe

From: Michael Guralnik <michaelgur@mellanox.com>

commit ca95c1411198c2d87217c19d44571052cdc94725 upstream.

Verify that MR access flags that are passed from user are all supported
ones, otherwise an error is returned.

Fixes: 4fca03778351 ("IB/uverbs: Move ib_access_flags and ib_read_counters_flags to uapi")
Link: https://lore.kernel.org/r/1578506740-22188-6-git-send-email-yishaih@mellanox.com
Signed-off-by: Michael Guralnik <michaelgur@mellanox.com>
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/rdma/ib_verbs.h |    3 +++
 1 file changed, 3 insertions(+)

--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -4300,6 +4300,9 @@ static inline int ib_check_mr_access(int
 	    !(flags & IB_ACCESS_LOCAL_WRITE))
 		return -EINVAL;
 
+	if (flags & ~IB_ACCESS_SUPPORTED)
+		return -EINVAL;
+
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 009/120] RDMA/mlx5: Fix handling of IOVA != user_va in ODP paths
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 008/120] RDMA/uverbs: Verify MR access flags Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 010/120] RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence Greg Kroah-Hartman
                   ` (115 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Moni Shoua, Jason Gunthorpe, Leon Romanovsky

From: Jason Gunthorpe <jgg@mellanox.com>

commit 8ffc32485158528f870b62707077ab494ba31deb upstream.

Till recently it was not possible for userspace to specify a different
IOVA, but with the new ibv_reg_mr_iova() library call this can be done.

To compute the user_va we must compute:
  user_va = (iova - iova_start) + user_va_start

while being cautious of overflow and other math problems.

The iova is not reliably stored in the mmkey when the MR is created. Only
the cached creation path (the common one) set it, so it must also be set
when creating uncached MRs.

Fix the weird use of iova when computing the starting page index in the
MR. In the normal case, when iova == umem.address:
  iova & (~(BIT(page_shift) - 1)) ==
  ALIGN_DOWN(umem.address, odp->page_size) ==
  ib_umem_start(odp)

And when iova is different using it in math with a user_va is wrong.

Finally, do not allow an implicit ODP to be created with a non-zero IOVA
as we have no support for that.

Fixes: 7bdf65d411c1 ("IB/mlx5: Handle page faults")
Signed-off-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/hw/mlx5/mr.c  |    2 ++
 drivers/infiniband/hw/mlx5/odp.c |   19 +++++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)

--- a/drivers/infiniband/hw/mlx5/mr.c
+++ b/drivers/infiniband/hw/mlx5/mr.c
@@ -1247,6 +1247,8 @@ struct ib_mr *mlx5_ib_reg_user_mr(struct
 
 	if (IS_ENABLED(CONFIG_INFINIBAND_ON_DEMAND_PAGING) && !start &&
 	    length == U64_MAX) {
+		if (virt_addr != start)
+			return ERR_PTR(-EINVAL);
 		if (!(access_flags & IB_ACCESS_ON_DEMAND) ||
 		    !(dev->odp_caps.general_caps & IB_ODP_SUPPORT_IMPLICIT))
 			return ERR_PTR(-EINVAL);
--- a/drivers/infiniband/hw/mlx5/odp.c
+++ b/drivers/infiniband/hw/mlx5/odp.c
@@ -624,11 +624,10 @@ static int pagefault_real_mr(struct mlx5
 	bool downgrade = flags & MLX5_PF_FLAGS_DOWNGRADE;
 	unsigned long current_seq;
 	u64 access_mask;
-	u64 start_idx, page_mask;
+	u64 start_idx;
 
 	page_shift = odp->page_shift;
-	page_mask = ~(BIT(page_shift) - 1);
-	start_idx = (user_va - (mr->mmkey.iova & page_mask)) >> page_shift;
+	start_idx = (user_va - ib_umem_start(odp)) >> page_shift;
 	access_mask = ODP_READ_ALLOWED_BIT;
 
 	if (odp->umem.writable && !downgrade)
@@ -767,11 +766,19 @@ static int pagefault_mr(struct mlx5_ib_m
 {
 	struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem);
 
+	if (unlikely(io_virt < mr->mmkey.iova))
+		return -EFAULT;
+
 	if (!odp->is_implicit_odp) {
-		if (unlikely(io_virt < ib_umem_start(odp) ||
-			     ib_umem_end(odp) - io_virt < bcnt))
+		u64 user_va;
+
+		if (check_add_overflow(io_virt - mr->mmkey.iova,
+				       (u64)odp->umem.address, &user_va))
+			return -EFAULT;
+		if (unlikely(user_va >= ib_umem_end(odp) ||
+			     ib_umem_end(odp) - user_va < bcnt))
 			return -EFAULT;
-		return pagefault_real_mr(mr, odp, io_virt, bcnt, bytes_mapped,
+		return pagefault_real_mr(mr, odp, user_va, bcnt, bytes_mapped,
 					 flags);
 	}
 	return pagefault_implicit_mr(mr, odp, io_virt, bcnt, bytes_mapped,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 010/120] RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 009/120] RDMA/mlx5: Fix handling of IOVA != user_va in ODP paths Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 011/120] RDMA/cma: Fix unbalanced cm_id reference count during address resolve Greg Kroah-Hartman
                   ` (114 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Gal Pressman, Michal Kalderon,
	Jason Gunthorpe

From: Jason Gunthorpe <jgg@mellanox.com>

commit 6b3712c0246ca7b2b8fa05eab2362cf267410f7e upstream.

The set of entry->driver_removed is missing locking, protect it with
xa_lock() which is held by the only reader.

Otherwise readers may continue to see driver_removed = false after
rdma_user_mmap_entry_remove() returns and may continue to try and
establish new mmaps.

Fixes: 3411f9f01b76 ("RDMA/core: Create mmap database and cookie helper functions")
Link: https://lore.kernel.org/r/20200115202041.GA17199@ziepe.ca
Reviewed-by: Gal Pressman <galpress@amazon.com>
Acked-by: Michal Kalderon <michal.kalderon@marvell.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/core/ib_core_uverbs.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/infiniband/core/ib_core_uverbs.c
+++ b/drivers/infiniband/core/ib_core_uverbs.c
@@ -232,7 +232,9 @@ void rdma_user_mmap_entry_remove(struct
 	if (!entry)
 		return;
 
+	xa_lock(&entry->ucontext->mmap_xa);
 	entry->driver_removed = true;
+	xa_unlock(&entry->ucontext->mmap_xa);
 	kref_put(&entry->ref, rdma_user_mmap_entry_free);
 }
 EXPORT_SYMBOL(rdma_user_mmap_entry_remove);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 011/120] RDMA/cma: Fix unbalanced cm_id reference count during address resolve
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 010/120] RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 012/120] RDMA/umem: Fix ib_umem_find_best_pgsz() Greg Kroah-Hartman
                   ` (113 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Parav Pandit, Leon Romanovsky,
	Jason Gunthorpe

From: Parav Pandit <parav@mellanox.com>

commit b4fb4cc5ba83b20dae13cef116c33648e81d2f44 upstream.

Below commit missed the AF_IB and loopback code flow in
rdma_resolve_addr().  This leads to an unbalanced cm_id refcount in
cma_work_handler() which puts the refcount which was not incremented prior
to queuing the work.

A call trace is observed with such code flow:

 BUG: unable to handle kernel NULL pointer dereference at (null)
 [<ffffffff96b67e16>] __mutex_lock_slowpath+0x166/0x1d0
 [<ffffffff96b6715f>] mutex_lock+0x1f/0x2f
 [<ffffffffc0beabb5>] cma_work_handler+0x25/0xa0
 [<ffffffff964b9ebf>] process_one_work+0x17f/0x440
 [<ffffffff964baf56>] worker_thread+0x126/0x3c0

Hence, hold the cm_id reference when scheduling the resolve work item.

Fixes: 722c7b2bfead ("RDMA/{cma, core}: Avoid callback on rdma_addr_cancel()")
Link: https://lore.kernel.org/r/20200126142652.104803-2-leon@kernel.org
Signed-off-by: Parav Pandit <parav@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/core/cma.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -3118,6 +3118,7 @@ static int cma_resolve_loopback(struct r
 	rdma_addr_get_sgid(&id_priv->id.route.addr.dev_addr, &gid);
 	rdma_addr_set_dgid(&id_priv->id.route.addr.dev_addr, &gid);
 
+	atomic_inc(&id_priv->refcount);
 	cma_init_resolve_addr_work(work, id_priv);
 	queue_work(cma_wq, &work->work);
 	return 0;
@@ -3144,6 +3145,7 @@ static int cma_resolve_ib_addr(struct rd
 	rdma_addr_set_dgid(&id_priv->id.route.addr.dev_addr, (union ib_gid *)
 		&(((struct sockaddr_ib *) &id_priv->id.route.addr.dst_addr)->sib_addr));
 
+	atomic_inc(&id_priv->refcount);
 	cma_init_resolve_addr_work(work, id_priv);
 	queue_work(cma_wq, &work->work);
 	return 0;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 012/120] RDMA/umem: Fix ib_umem_find_best_pgsz()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 011/120] RDMA/cma: Fix unbalanced cm_id reference count during address resolve Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 013/120] scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails Greg Kroah-Hartman
                   ` (112 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Artemy Kovalyov, Leon Romanovsky,
	Gal Pressman, Jason Gunthorpe

From: Artemy Kovalyov <artemyko@mellanox.com>

commit 36798d5ae1af62e830c5e045b2e41ce038690c61 upstream.

Except for the last entry, the ending iova alignment sets the maximum
possible page size as the low bits of the iova must be zero when starting
the next chunk.

Fixes: 4a35339958f1 ("RDMA/umem: Add API to find best driver supported page size in an MR")
Link: https://lore.kernel.org/r/20200128135612.174820-1-leon@kernel.org
Signed-off-by: Artemy Kovalyov <artemyko@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Tested-by: Gal Pressman <galpress@amazon.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/infiniband/core/umem.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -166,10 +166,13 @@ unsigned long ib_umem_find_best_pgsz(str
 		 * for any address.
 		 */
 		mask |= (sg_dma_address(sg) + pgoff) ^ va;
-		if (i && i != (umem->nmap - 1))
-			/* restrict by length as well for interior SGEs */
-			mask |= sg_dma_len(sg);
 		va += sg_dma_len(sg) - pgoff;
+		/* Except for the last entry, the ending iova alignment sets
+		 * the maximum possible page size as the low bits of the iova
+		 * must be zero when starting the next chunk.
+		 */
+		if (i != (umem->nmap - 1))
+			mask |= va;
 		pgoff = 0;
 	}
 	best_pg_bit = rdma_find_pg_bit(mask, pgsz_bitmap);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 013/120] scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 012/120] RDMA/umem: Fix ib_umem_find_best_pgsz() Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 014/120] PCI/IOV: Fix memory leak in pci_iov_add_virtfn() Greg Kroah-Hartman
                   ` (111 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Asutosh Das, Alim Akhtar,
	Stanley Chu, Bean Huo, Martin K. Petersen

From: Bean Huo <beanhuo@micron.com>

commit b9fc5320212efdfb4e08b825aaa007815fd11d16 upstream.

A non-zero error value likely being returned by ufshcd_scsi_add_wlus() in
case of failure of adding the WLs, but ufshcd_probe_hba() doesn't use this
value, and doesn't report this failure to upper caller.  This patch is to
fix this issue.

Fixes: 2a8fa600445c ("ufs: manually add well known logical units")
Link: https://lore.kernel.org/r/20200120130820.1737-2-huobean@gmail.com
Reviewed-by: Asutosh Das <asutoshd@codeaurora.org>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Reviewed-by: Stanley Chu <stanley.chu@mediatek.com>
Signed-off-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/scsi/ufs/ufshcd.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -7030,7 +7030,8 @@ static int ufshcd_probe_hba(struct ufs_h
 			ufshcd_init_icc_levels(hba);
 
 		/* Add required well known logical units to scsi mid layer */
-		if (ufshcd_scsi_add_wlus(hba))
+		ret = ufshcd_scsi_add_wlus(hba);
+		if (ret)
 			goto out;
 
 		/* Initialize devfreq after UFS device is detected */



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 014/120] PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 013/120] scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 015/120] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe Greg Kroah-Hartman
                   ` (110 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Navid Emamdoost, Bjorn Helgaas

From: Navid Emamdoost <navid.emamdoost@gmail.com>

commit 8c386cc817878588195dde38e919aa6ba9409d58 upstream.

In the implementation of pci_iov_add_virtfn() the allocated virtfn is
leaked if pci_setup_device() fails. The error handling is not calling
pci_stop_and_remove_bus_device(). Change the goto label to failed2.

Fixes: 156c55325d30 ("PCI: Check for pci_setup_device() failure in pci_iov_add_virtfn()")
Link: https://lore.kernel.org/r/20191125195255.23740-1-navid.emamdoost@gmail.com
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/iov.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

--- a/drivers/pci/iov.c
+++ b/drivers/pci/iov.c
@@ -186,10 +186,10 @@ int pci_iov_add_virtfn(struct pci_dev *d
 	sprintf(buf, "virtfn%u", id);
 	rc = sysfs_create_link(&dev->dev.kobj, &virtfn->dev.kobj, buf);
 	if (rc)
-		goto failed2;
+		goto failed1;
 	rc = sysfs_create_link(&virtfn->dev.kobj, &dev->dev.kobj, "physfn");
 	if (rc)
-		goto failed3;
+		goto failed2;
 
 	kobject_uevent(&virtfn->dev.kobj, KOBJ_CHANGE);
 
@@ -197,11 +197,10 @@ int pci_iov_add_virtfn(struct pci_dev *d
 
 	return 0;
 
-failed3:
-	sysfs_remove_link(&dev->dev.kobj, buf);
 failed2:
-	pci_stop_and_remove_bus_device(virtfn);
+	sysfs_remove_link(&dev->dev.kobj, buf);
 failed1:
+	pci_stop_and_remove_bus_device(virtfn);
 	pci_dev_put(dev);
 failed0:
 	virtfn_remove_bus(dev->bus, bus);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 015/120] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 014/120] PCI/IOV: Fix memory leak in pci_iov_add_virtfn() Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 016/120] PCI/switchtec: Use dma_set_mask_and_coherent() Greg Kroah-Hartman
                   ` (109 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, Kalle Valo

From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

commit d239380196c4e27a26fa4bea73d2bf994c14ec2d upstream.

ath10k_pci_dump_memory_reg() will try to access memory of type
ATH10K_MEM_REGION_TYPE_IOREG however, if a hardware restart is in progress
this can crash a system.

Individual ioread32() time has been observed to jump from 15-20 ticks to >
80k ticks followed by a secure-watchdog bite and a system reset.

Work around this corner case by only issuing the read transaction when the
driver state is ATH10K_STATE_ON.

Tested-on: QCA9988 PCI 10.4-3.9.0.2-00044

Fixes: 219cc084c6706 ("ath10k: add memory dump support QCA9984")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/ath/ath10k/pci.c |   19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

--- a/drivers/net/wireless/ath/ath10k/pci.c
+++ b/drivers/net/wireless/ath/ath10k/pci.c
@@ -1604,11 +1604,22 @@ static int ath10k_pci_dump_memory_reg(st
 {
 	struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
 	u32 i;
+	int ret;
+
+	mutex_lock(&ar->conf_mutex);
+	if (ar->state != ATH10K_STATE_ON) {
+		ath10k_warn(ar, "Skipping pci_dump_memory_reg invalid state\n");
+		ret = -EIO;
+		goto done;
+	}
 
 	for (i = 0; i < region->len; i += 4)
 		*(u32 *)(buf + i) = ioread32(ar_pci->mem + region->start + i);
 
-	return region->len;
+	ret = region->len;
+done:
+	mutex_unlock(&ar->conf_mutex);
+	return ret;
 }
 
 /* if an error happened returns < 0, otherwise the length */
@@ -1704,7 +1715,11 @@ static void ath10k_pci_dump_memory(struc
 			count = ath10k_pci_dump_memory_sram(ar, current_region, buf);
 			break;
 		case ATH10K_MEM_REGION_TYPE_IOREG:
-			count = ath10k_pci_dump_memory_reg(ar, current_region, buf);
+			ret = ath10k_pci_dump_memory_reg(ar, current_region, buf);
+			if (ret < 0)
+				break;
+
+			count = ret;
 			break;
 		default:
 			ret = ath10k_pci_dump_memory_generic(ar, current_region, buf);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 016/120] PCI/switchtec: Use dma_set_mask_and_coherent()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 015/120] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 017/120] PCI/switchtec: Fix vep_vector_number ioread width Greg Kroah-Hartman
                   ` (108 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Wesley Sheng, Logan Gunthorpe, Bjorn Helgaas

From: Wesley Sheng <wesley.sheng@microchip.com>

commit aa82130a22f77c1aa5794703730304d035a0c1f4 upstream.

Use dma_set_mask_and_coherent() instead of dma_set_coherent_mask() as the
Switchtec hardware fully supports 64bit addressing and we should set both
the streaming and coherent masks the same.

[logang@deltatee.com: reworked commit message]
Fixes: aff614c6339c ("switchtec: Set DMA coherent mask")
Link: https://lore.kernel.org/r/20200106190337.2428-2-logang@deltatee.com
Signed-off-by: Wesley Sheng <wesley.sheng@microchip.com>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/switch/switchtec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pci/switch/switchtec.c
+++ b/drivers/pci/switch/switchtec.c
@@ -1349,7 +1349,7 @@ static int switchtec_init_pci(struct swi
 	if (rc)
 		return rc;
 
-	rc = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(64));
+	rc = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));
 	if (rc)
 		return rc;
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 017/120] PCI/switchtec: Fix vep_vector_number ioread width
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 016/120] PCI/switchtec: Use dma_set_mask_and_coherent() Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 018/120] PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30 Greg Kroah-Hartman
                   ` (107 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Doug Meyer, Logan Gunthorpe, Bjorn Helgaas

From: Logan Gunthorpe <logang@deltatee.com>

commit 9375646b4cf03aee81bc6c305aa18cc80b682796 upstream.

vep_vector_number is actually a 16 bit register which should be read with
ioread16() instead of ioread32().

Fixes: 080b47def5e5 ("MicroSemi Switchtec management interface driver")
Link: https://lore.kernel.org/r/20200106190337.2428-3-logang@deltatee.com
Reported-by: Doug Meyer <dmeyer@gigaio.com>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/switch/switchtec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pci/switch/switchtec.c
+++ b/drivers/pci/switch/switchtec.c
@@ -1276,7 +1276,7 @@ static int switchtec_init_isr(struct swi
 	if (nvecs < 0)
 		return nvecs;
 
-	event_irq = ioread32(&stdev->mmio_part_cfg->vep_vector_number);
+	event_irq = ioread16(&stdev->mmio_part_cfg->vep_vector_number);
 	if (event_irq < 0 || event_irq >= nvecs)
 		return -EFAULT;
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 018/120] PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 017/120] PCI/switchtec: Fix vep_vector_number ioread width Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 019/120] PCI: Dont disable bridge BARs when assigning bus resources Greg Kroah-Hartman
                   ` (106 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Marcel Ziswiler, Lorenzo Pieralisi,
	Andrew Murray, Thierry Reding

From: Marcel Ziswiler <marcel@ziswiler.com>

commit 21a92676e1fe292acb077b13106b08c22ed36b14 upstream.

Fix AFI_PEX2_CTRL reg offset for Tegra30 by moving it from the Tegra20
SoC struct where it erroneously got added. This fixes the AFI_PEX2_CTRL
reg offset being uninitialised subsequently failing to bring up the
third PCIe port.

Fixes: adb2653b3d2e ("PCI: tegra: Add AFI_PEX2_CTRL reg offset as part of SoC struct")
Signed-off-by: Marcel Ziswiler <marcel@ziswiler.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Andrew Murray <andrew.murray@arm.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/controller/pci-tegra.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pci/controller/pci-tegra.c
+++ b/drivers/pci/controller/pci-tegra.c
@@ -2499,7 +2499,6 @@ static const struct tegra_pcie_soc tegra
 	.num_ports = 2,
 	.ports = tegra20_pcie_ports,
 	.msi_base_shift = 0,
-	.afi_pex2_ctrl = 0x128,
 	.pads_pll_ctl = PADS_PLL_CTL_TEGRA20,
 	.tx_ref_sel = PADS_PLL_CTL_TXCLKREF_DIV10,
 	.pads_refclk_cfg0 = 0xfa5cfa5c,
@@ -2528,6 +2527,7 @@ static const struct tegra_pcie_soc tegra
 	.num_ports = 3,
 	.ports = tegra30_pcie_ports,
 	.msi_base_shift = 8,
+	.afi_pex2_ctrl = 0x128,
 	.pads_pll_ctl = PADS_PLL_CTL_TEGRA30,
 	.tx_ref_sel = PADS_PLL_CTL_TXCLKREF_BUF_EN,
 	.pads_refclk_cfg0 = 0xfa5cfa5c,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 019/120] PCI: Dont disable bridge BARs when assigning bus resources
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 018/120] PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30 Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 020/120] PCI/AER: Initialize aer_fifo Greg Kroah-Hartman
                   ` (105 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kit Chow, Logan Gunthorpe, Bjorn Helgaas

From: Logan Gunthorpe <logang@deltatee.com>

commit 9db8dc6d0785225c42a37be7b44d1b07b31b8957 upstream.

Some PCI bridges implement BARs in addition to bridge windows.  For
example, here's a PLX switch:

  04:00.0 PCI bridge: PLX Technology, Inc. PEX 8724 24-Lane, 6-Port PCI
            Express Gen 3 (8 GT/s) Switch, 19 x 19mm FCBGA (rev ca)
	    (prog-if 00 [Normal decode])
      Flags: bus master, fast devsel, latency 0, IRQ 30, NUMA node 0
      Memory at 90a00000 (32-bit, non-prefetchable) [size=256K]
      Bus: primary=04, secondary=05, subordinate=0a, sec-latency=0
      I/O behind bridge: 00002000-00003fff
      Memory behind bridge: 90000000-909fffff
      Prefetchable memory behind bridge: 0000380000800000-0000380000bfffff

Previously, when the kernel assigned resource addresses (with the
pci=realloc command line parameter, for example) it could clear the struct
resource corresponding to the BAR.  When this happened, lspci would report
this BAR as "ignored":

   Region 0: Memory at <ignored> (32-bit, non-prefetchable) [size=256K]

This is because the kernel reports a zero start address and zero flags
in the corresponding sysfs resource file and in /proc/bus/pci/devices.
Investigation with 'lspci -x', however, shows the BIOS-assigned address
will still be programmed in the device's BAR registers.

It's clearly a bug that the kernel lost track of the BAR value, but in most
cases, this still won't result in a visible issue because nothing uses the
memory, so nothing is affected.  However, when an IOMMU is in use, it will
not reserve this space in the IOVA because the kernel no longer thinks the
range is valid.  (See dmar_init_reserved_ranges() for the Intel
implementation of this.)

Without the proper reserved range, a DMA mapping may allocate an IOVA that
matches a bridge BAR, which results in DMA accesses going to the BAR
instead of the intended RAM.

The problem was in pci_assign_unassigned_root_bus_resources().  When any
resource from a bridge device fails to get assigned, the code set the
resource's flags to zero.  This makes sense for bridge windows, as they
will be re-enabled later, but for regular BARs, it makes the kernel
permanently lose track of the fact that they decode address space.

Change pci_assign_unassigned_root_bus_resources() and
pci_assign_unassigned_bridge_resources() so they only clear "res->flags"
for bridge *windows*, not bridge BARs.

Fixes: da7822e5ad71 ("PCI: update bridge resources to get more big ranges when allocating space (again)")
Link: https://lore.kernel.org/r/20200108213208.4612-1-logang@deltatee.com
[bhelgaas: commit log, check for pci_is_bridge()]
Reported-by: Kit Chow <kchow@gigaio.com>
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/setup-bus.c |   20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

--- a/drivers/pci/setup-bus.c
+++ b/drivers/pci/setup-bus.c
@@ -1803,12 +1803,18 @@ again:
 	/* Restore size and flags */
 	list_for_each_entry(fail_res, &fail_head, list) {
 		struct resource *res = fail_res->res;
+		int idx;
 
 		res->start = fail_res->start;
 		res->end = fail_res->end;
 		res->flags = fail_res->flags;
-		if (fail_res->dev->subordinate)
-			res->flags = 0;
+
+		if (pci_is_bridge(fail_res->dev)) {
+			idx = res - &fail_res->dev->resource[0];
+			if (idx >= PCI_BRIDGE_RESOURCES &&
+			    idx <= PCI_BRIDGE_RESOURCE_END)
+				res->flags = 0;
+		}
 	}
 	free_list(&fail_head);
 
@@ -2055,12 +2061,18 @@ again:
 	/* Restore size and flags */
 	list_for_each_entry(fail_res, &fail_head, list) {
 		struct resource *res = fail_res->res;
+		int idx;
 
 		res->start = fail_res->start;
 		res->end = fail_res->end;
 		res->flags = fail_res->flags;
-		if (fail_res->dev->subordinate)
-			res->flags = 0;
+
+		if (pci_is_bridge(fail_res->dev)) {
+			idx = res - &fail_res->dev->resource[0];
+			if (idx >= PCI_BRIDGE_RESOURCES &&
+			    idx <= PCI_BRIDGE_RESOURCE_END)
+				res->flags = 0;
+		}
 	}
 	free_list(&fail_head);
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 020/120] PCI/AER: Initialize aer_fifo
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 019/120] PCI: Dont disable bridge BARs when assigning bus resources Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 021/120] iwlwifi: mvm: avoid use after free for pmsr request Greg Kroah-Hartman
                   ` (104 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dongdong Liu, Bjorn Helgaas

From: Dongdong Liu <liudongdong3@huawei.com>

commit d95f20c4f07020ebc605f3b46af4b6db9eb5fc99 upstream.

Previously we did not call INIT_KFIFO() for aer_fifo.  This leads to
kfifo_put() sometimes returning 0 (queue full) when in fact it is not.

It is easy to reproduce the problem by using aer-inject:

  $ aer-inject -s :82:00.0 multiple-corr-nonfatal

The content of the multiple-corr-nonfatal file is as below:

  AER
  COR RCVR
  HL 0 1 2 3
  AER
  UNCOR POISON_TLP
  HL 4 5 6 7

Fixes: 27c1ce8bbed7 ("PCI/AER: Use kfifo for tracking events instead of reimplementing it")
Link: https://lore.kernel.org/r/1579767991-103898-1-git-send-email-liudongdong3@huawei.com
Signed-off-by: Dongdong Liu <liudongdong3@huawei.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pci/pcie/aer.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/pci/pcie/aer.c
+++ b/drivers/pci/pcie/aer.c
@@ -1445,6 +1445,7 @@ static int aer_probe(struct pcie_device
 		return -ENOMEM;
 
 	rpc->rpd = port;
+	INIT_KFIFO(rpc->aer_fifo);
 	set_service_data(dev, rpc);
 
 	status = devm_request_threaded_irq(device, dev->irq, aer_irq, aer_isr,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 021/120] iwlwifi: mvm: avoid use after free for pmsr request
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 020/120] PCI/AER: Initialize aer_fifo Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 022/120] iwlwifi: mvm: fix TDLS discovery with the new firmware API Greg Kroah-Hartman
                   ` (103 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Avraham Stern, Luca Coelho, Kalle Valo

From: Avraham Stern <avraham.stern@intel.com>

commit cc4255eff523f25187bb95561642941de0e57497 upstream.

When a FTM request is aborted, the driver sends the abort command to
the fw and waits for a response. When the response arrives, the driver
calls cfg80211_pmsr_complete() for that request.
However, cfg80211 frees the requested data immediately after sending
the abort command, so this may lead to use after free.

Fix it by clearing the request data in the driver when the abort
command arrives and ignoring the fw notification that will come
afterwards.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Fixes: fc36ffda3267 ("iwlwifi: mvm: support FTM initiator")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c
@@ -8,6 +8,7 @@
  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
  * Copyright (C) 2018 Intel Corporation
  * Copyright (C) 2019 Intel Corporation
+ * Copyright (C) 2020 Intel Corporation
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -30,6 +31,7 @@
  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
  * Copyright (C) 2018 Intel Corporation
  * Copyright (C) 2019 Intel Corporation
+ * Copyright (C) 2020 Intel Corporation
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -389,6 +391,8 @@ void iwl_mvm_ftm_abort(struct iwl_mvm *m
 	if (req != mvm->ftm_initiator.req)
 		return;
 
+	iwl_mvm_ftm_reset(mvm);
+
 	if (iwl_mvm_send_cmd_pdu(mvm, iwl_cmd_id(TOF_RANGE_ABORT_CMD,
 						 LOCATION_GROUP, 0),
 				 0, sizeof(cmd), &cmd))
@@ -502,7 +506,6 @@ void iwl_mvm_ftm_range_resp(struct iwl_m
 	lockdep_assert_held(&mvm->mutex);
 
 	if (!mvm->ftm_initiator.req) {
-		IWL_ERR(mvm, "Got FTM response but have no request?\n");
 		return;
 	}
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 022/120] iwlwifi: mvm: fix TDLS discovery with the new firmware API
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 021/120] iwlwifi: mvm: avoid use after free for pmsr request Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 023/120] netfilter: flowtable: fetch stats only if flow is still alive Greg Kroah-Hartman
                   ` (102 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach, Luca Coelho, Kalle Valo

From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>

commit b5b878e36c1836c0195575132cc7c199e5a34a7b upstream.

I changed the API for asking for a session protection but
I omitted the TDLS flows. Fix that now.
Note that for the TDLS flow, we need to block until the
session protection actually starts, so add this option
to iwl_mvm_schedule_session_protection.
This patch fixes a firmware assert in the TDLS flow since
the old TIME_EVENT_CMD is not supported anymore by newer
firwmare versions.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Fixes: fe959c7b2049 ("iwlwifi: mvm: use the new session protection command")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c   |    2 
 drivers/net/wireless/intel/iwlwifi/mvm/tdls.c       |   10 ++
 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c |   71 ++++++++++++++++----
 drivers/net/wireless/intel/iwlwifi/mvm/time-event.h |    4 -
 4 files changed, 72 insertions(+), 15 deletions(-)

--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -3293,7 +3293,7 @@ static void iwl_mvm_mac_mgd_prepare_tx(s
 	if (fw_has_capa(&mvm->fw->ucode_capa,
 			IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD))
 		iwl_mvm_schedule_session_protection(mvm, vif, 900,
-						    min_duration);
+						    min_duration, false);
 	else
 		iwl_mvm_protect_session(mvm, vif, duration,
 					min_duration, 500, false);
--- a/drivers/net/wireless/intel/iwlwifi/mvm/tdls.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tdls.c
@@ -205,9 +205,15 @@ void iwl_mvm_mac_mgd_protect_tdls_discov
 	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
 	u32 duration = 2 * vif->bss_conf.dtim_period * vif->bss_conf.beacon_int;
 
-	mutex_lock(&mvm->mutex);
 	/* Protect the session to hear the TDLS setup response on the channel */
-	iwl_mvm_protect_session(mvm, vif, duration, duration, 100, true);
+	mutex_lock(&mvm->mutex);
+	if (fw_has_capa(&mvm->fw->ucode_capa,
+			IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD))
+		iwl_mvm_schedule_session_protection(mvm, vif, duration,
+						    duration, true);
+	else
+		iwl_mvm_protect_session(mvm, vif, duration,
+					duration, 100, true);
 	mutex_unlock(&mvm->mutex);
 }
 
--- a/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
@@ -1056,13 +1056,42 @@ int iwl_mvm_schedule_csa_period(struct i
 	return iwl_mvm_time_event_send_add(mvm, vif, te_data, &time_cmd);
 }
 
+static bool iwl_mvm_session_prot_notif(struct iwl_notif_wait_data *notif_wait,
+				       struct iwl_rx_packet *pkt, void *data)
+{
+	struct iwl_mvm *mvm =
+		container_of(notif_wait, struct iwl_mvm, notif_wait);
+	struct iwl_mvm_session_prot_notif *resp;
+	int resp_len = iwl_rx_packet_payload_len(pkt);
+
+	if (WARN_ON(pkt->hdr.cmd != SESSION_PROTECTION_NOTIF ||
+		    pkt->hdr.group_id != MAC_CONF_GROUP))
+		return true;
+
+	if (WARN_ON_ONCE(resp_len != sizeof(*resp))) {
+		IWL_ERR(mvm, "Invalid SESSION_PROTECTION_NOTIF response\n");
+		return true;
+	}
+
+	resp = (void *)pkt->data;
+
+	if (!resp->status)
+		IWL_ERR(mvm,
+			"TIME_EVENT_NOTIFICATION received but not executed\n");
+
+	return true;
+}
+
 void iwl_mvm_schedule_session_protection(struct iwl_mvm *mvm,
 					 struct ieee80211_vif *vif,
-					 u32 duration, u32 min_duration)
+					 u32 duration, u32 min_duration,
+					 bool wait_for_notif)
 {
 	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
 	struct iwl_mvm_time_event_data *te_data = &mvmvif->time_event_data;
-
+	const u16 notif[] = { iwl_cmd_id(SESSION_PROTECTION_NOTIF,
+					 MAC_CONF_GROUP, 0) };
+	struct iwl_notification_wait wait_notif;
 	struct iwl_mvm_session_prot_cmd cmd = {
 		.id_and_color =
 			cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id,
@@ -1071,7 +1100,6 @@ void iwl_mvm_schedule_session_protection
 		.conf_id = cpu_to_le32(SESSION_PROTECT_CONF_ASSOC),
 		.duration_tu = cpu_to_le32(MSEC_TO_TU(duration)),
 	};
-	int ret;
 
 	lockdep_assert_held(&mvm->mutex);
 
@@ -1092,14 +1120,35 @@ void iwl_mvm_schedule_session_protection
 	IWL_DEBUG_TE(mvm, "Add new session protection, duration %d TU\n",
 		     le32_to_cpu(cmd.duration_tu));
 
-	ret = iwl_mvm_send_cmd_pdu(mvm, iwl_cmd_id(SESSION_PROTECTION_CMD,
-						   MAC_CONF_GROUP, 0),
-				   0, sizeof(cmd), &cmd);
-	if (ret) {
+	if (!wait_for_notif) {
+		if (iwl_mvm_send_cmd_pdu(mvm,
+					 iwl_cmd_id(SESSION_PROTECTION_CMD,
+						    MAC_CONF_GROUP, 0),
+					 0, sizeof(cmd), &cmd)) {
+			IWL_ERR(mvm,
+				"Couldn't send the SESSION_PROTECTION_CMD\n");
+			spin_lock_bh(&mvm->time_event_lock);
+			iwl_mvm_te_clear_data(mvm, te_data);
+			spin_unlock_bh(&mvm->time_event_lock);
+		}
+
+		return;
+	}
+
+	iwl_init_notification_wait(&mvm->notif_wait, &wait_notif,
+				   notif, ARRAY_SIZE(notif),
+				   iwl_mvm_session_prot_notif, NULL);
+
+	if (iwl_mvm_send_cmd_pdu(mvm,
+				 iwl_cmd_id(SESSION_PROTECTION_CMD,
+					    MAC_CONF_GROUP, 0),
+				 0, sizeof(cmd), &cmd)) {
 		IWL_ERR(mvm,
-			"Couldn't send the SESSION_PROTECTION_CMD: %d\n", ret);
-		spin_lock_bh(&mvm->time_event_lock);
-		iwl_mvm_te_clear_data(mvm, te_data);
-		spin_unlock_bh(&mvm->time_event_lock);
+			"Couldn't send the SESSION_PROTECTION_CMD\n");
+		iwl_remove_notification(&mvm->notif_wait, &wait_notif);
+	} else if (iwl_wait_notification(&mvm->notif_wait, &wait_notif,
+					 TU_TO_JIFFIES(100))) {
+		IWL_ERR(mvm,
+			"Failed to protect session until session protection\n");
 	}
 }
--- a/drivers/net/wireless/intel/iwlwifi/mvm/time-event.h
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/time-event.h
@@ -250,10 +250,12 @@ iwl_mvm_te_scheduled(struct iwl_mvm_time
  * @mvm: the mvm component
  * @vif: the virtual interface for which the protection issued
  * @duration: the duration of the protection
+ * @wait_for_notif: if true, will block until the start of the protection
  */
 void iwl_mvm_schedule_session_protection(struct iwl_mvm *mvm,
 					 struct ieee80211_vif *vif,
-					 u32 duration, u32 min_duration);
+					 u32 duration, u32 min_duration,
+					 bool wait_for_notif);
 
 /**
  * iwl_mvm_rx_session_protect_notif - handles %SESSION_PROTECTION_NOTIF



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 023/120] netfilter: flowtable: fetch stats only if flow is still alive
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 022/120] iwlwifi: mvm: fix TDLS discovery with the new firmware API Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 024/120] netfilter: flowtable: restrict flow dissector match on meta ingress device Greg Kroah-Hartman
                   ` (101 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, wenxu

From: Pablo Neira Ayuso <pablo@netfilter.org>

commit 79b9b685dde1d1bf43cf84163c76953dc3781c85 upstream.

Do not fetch statistics if flow has expired since it might not in
hardware anymore. After this update, remove the FLOW_OFFLOAD_HW_DYING
check from nf_flow_offload_stats() since this flag is never set on.

Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/nf_flow_table_core.c    |    5 ++---
 net/netfilter/nf_flow_table_offload.c |    3 +--
 2 files changed, 3 insertions(+), 5 deletions(-)

--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -348,9 +348,6 @@ static void nf_flow_offload_gc_step(stru
 {
 	struct nf_flowtable *flow_table = data;
 
-	if (flow->flags & FLOW_OFFLOAD_HW)
-		nf_flow_offload_stats(flow_table, flow);
-
 	if (nf_flow_has_expired(flow) || nf_ct_is_dying(flow->ct) ||
 	    (flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN))) {
 		if (flow->flags & FLOW_OFFLOAD_HW) {
@@ -361,6 +358,8 @@ static void nf_flow_offload_gc_step(stru
 		} else {
 			flow_offload_del(flow_table, flow);
 		}
+	} else if (flow->flags & FLOW_OFFLOAD_HW) {
+		nf_flow_offload_stats(flow_table, flow);
 	}
 }
 
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -784,8 +784,7 @@ void nf_flow_offload_stats(struct nf_flo
 	__s32 delta;
 
 	delta = nf_flow_timeout_delta(flow->timeout);
-	if ((delta >= (9 * NF_FLOW_TIMEOUT) / 10) ||
-	    flow->flags & FLOW_OFFLOAD_HW_DYING)
+	if ((delta >= (9 * NF_FLOW_TIMEOUT) / 10))
 		return;
 
 	offload = kzalloc(sizeof(struct flow_offload_work), GFP_ATOMIC);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 024/120] netfilter: flowtable: restrict flow dissector match on meta ingress device
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 023/120] netfilter: flowtable: fetch stats only if flow is still alive Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 025/120] netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup Greg Kroah-Hartman
                   ` (100 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso

From: Pablo Neira Ayuso <pablo@netfilter.org>

commit a7521a60a5f3e1f58a015fedb6e69aed40455feb upstream.

Set on FLOW_DISSECTOR_KEY_META meta key using flow tuple ingress interface.

Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/nf_flow_table_offload.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -24,6 +24,7 @@ struct flow_offload_work {
 };
 
 struct nf_flow_key {
+	struct flow_dissector_key_meta			meta;
 	struct flow_dissector_key_control		control;
 	struct flow_dissector_key_basic			basic;
 	union {
@@ -55,6 +56,7 @@ static int nf_flow_rule_match(struct nf_
 	struct nf_flow_key *mask = &match->mask;
 	struct nf_flow_key *key = &match->key;
 
+	NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_META, meta);
 	NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_CONTROL, control);
 	NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_BASIC, basic);
 	NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
@@ -62,6 +64,9 @@ static int nf_flow_rule_match(struct nf_
 	NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_TCP, tcp);
 	NF_FLOW_DISSECTOR(match, FLOW_DISSECTOR_KEY_PORTS, tp);
 
+	key->meta.ingress_ifindex = tuple->iifidx;
+	mask->meta.ingress_ifindex = 0xffffffff;
+
 	switch (tuple->l3proto) {
 	case AF_INET:
 		key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
@@ -105,7 +110,8 @@ static int nf_flow_rule_match(struct nf_
 	key->tp.dst = tuple->dst_port;
 	mask->tp.dst = 0xffff;
 
-	match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_CONTROL) |
+	match->dissector.used_keys |= BIT(FLOW_DISSECTOR_KEY_META) |
+				      BIT(FLOW_DISSECTOR_KEY_CONTROL) |
 				      BIT(FLOW_DISSECTOR_KEY_BASIC) |
 				      BIT(FLOW_DISSECTOR_KEY_PORTS);
 	return 0;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 025/120] netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (23 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 024/120] netfilter: flowtable: restrict flow dissector match on meta ingress device Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 026/120] netfilter: flowtable: Fix missing flush hardware on table free Greg Kroah-Hartman
                   ` (99 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Blakey, Pablo Neira Ayuso

From: Paul Blakey <paulb@mellanox.com>

commit 91bfaa15a379e9af24f71fb4ee08d8019b6e8ec7 upstream.

On netdev down event, nf_flow_table_cleanup() is called for the relevant
device and it cleans all the tables that are on that device.
If one of those tables has hardware offload flag,
nf_flow_table_iterate_cleanup flushes hardware and then runs the gc.
But the gc can queue more hardware work, which will take time to execute.

Instead first add the work, then flush it, to execute it now.

Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/nf_flow_table_core.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -529,9 +529,9 @@ static void nf_flow_table_do_cleanup(str
 static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable,
 					  struct net_device *dev)
 {
-	nf_flow_table_offload_flush(flowtable);
 	nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev);
 	flush_delayed_work(&flowtable->gc_work);
+	nf_flow_table_offload_flush(flowtable);
 }
 
 void nf_flow_table_cleanup(struct net_device *dev)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 026/120] netfilter: flowtable: Fix missing flush hardware on table free
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (24 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 025/120] netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 027/120] NFSv4.x recover from pre-mature loss of openstateid Greg Kroah-Hartman
                   ` (98 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul Blakey, Pablo Neira Ayuso

From: Paul Blakey <paulb@mellanox.com>

commit 0f34f30a1be80f3f59efeaab596396bc698e7337 upstream.

If entries exist when freeing a hardware offload enabled table,
we queue work for hardware while running the gc iteration.

Execute it (flush) after queueing.

Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/nf_flow_table_core.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -553,6 +553,7 @@ void nf_flow_table_free(struct nf_flowta
 	cancel_delayed_work_sync(&flow_table->gc_work);
 	nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL);
 	nf_flow_table_iterate(flow_table, nf_flow_offload_gc_step, flow_table);
+	nf_flow_table_offload_flush(flow_table);
 	rhashtable_destroy(&flow_table->rhashtable);
 }
 EXPORT_SYMBOL_GPL(nf_flow_table_free);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 027/120] NFSv4.x recover from pre-mature loss of openstateid
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (25 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 026/120] netfilter: flowtable: Fix missing flush hardware on table free Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 028/120] nfs: NFS_SWAP should depend on SWAP Greg Kroah-Hartman
                   ` (97 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Olga Kornievskaia, Anna Schumaker

From: Olga Kornievskaia <kolga@netapp.com>

commit d826e5b827641ae1bebb33d23a774f4e9bb8e94f upstream.

Ever since the commit 0e0cb35b417f, it's possible to lose an open stateid
while retrying a CLOSE due to ERR_OLD_STATEID. Once that happens,
operations that require openstateid fail with EAGAIN which is propagated
to the application then tests like generic/446 and generic/168 fail with
"Resource temporarily unavailable".

Instead of returning this error, initiate state recovery when possible to
recover the open stateid and then try calling nfs4_select_rw_stateid()
again.

Fixes: 0e0cb35b417f ("NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/nfs42proc.c |   36 ++++++++++++++++++++++++++++--------
 fs/nfs/nfs4proc.c  |    2 ++
 fs/nfs/pnfs.c      |    2 --
 3 files changed, 30 insertions(+), 10 deletions(-)

--- a/fs/nfs/nfs42proc.c
+++ b/fs/nfs/nfs42proc.c
@@ -61,8 +61,11 @@ static int _nfs42_proc_fallocate(struct
 
 	status = nfs4_set_rw_stateid(&args.falloc_stateid, lock->open_context,
 			lock, FMODE_WRITE);
-	if (status)
+	if (status) {
+		if (status == -EAGAIN)
+			status = -NFS4ERR_BAD_STATEID;
 		return status;
+	}
 
 	res.falloc_fattr = nfs_alloc_fattr();
 	if (!res.falloc_fattr)
@@ -287,8 +290,11 @@ static ssize_t _nfs42_proc_copy(struct f
 	} else {
 		status = nfs4_set_rw_stateid(&args->src_stateid,
 				src_lock->open_context, src_lock, FMODE_READ);
-		if (status)
+		if (status) {
+			if (status == -EAGAIN)
+				status = -NFS4ERR_BAD_STATEID;
 			return status;
+		}
 	}
 	status = nfs_filemap_write_and_wait_range(file_inode(src)->i_mapping,
 			pos_src, pos_src + (loff_t)count - 1);
@@ -297,8 +303,11 @@ static ssize_t _nfs42_proc_copy(struct f
 
 	status = nfs4_set_rw_stateid(&args->dst_stateid, dst_lock->open_context,
 				     dst_lock, FMODE_WRITE);
-	if (status)
+	if (status) {
+		if (status == -EAGAIN)
+			status = -NFS4ERR_BAD_STATEID;
 		return status;
+	}
 
 	status = nfs_sync_inode(dst_inode);
 	if (status)
@@ -546,8 +555,11 @@ static int _nfs42_proc_copy_notify(struc
 	status = nfs4_set_rw_stateid(&args->cna_src_stateid, ctx, l_ctx,
 				     FMODE_READ);
 	nfs_put_lock_context(l_ctx);
-	if (status)
+	if (status) {
+		if (status == -EAGAIN)
+			status = -NFS4ERR_BAD_STATEID;
 		return status;
+	}
 
 	status = nfs4_call_sync(src_server->client, src_server, &msg,
 				&args->cna_seq_args, &res->cnr_seq_res, 0);
@@ -618,8 +630,11 @@ static loff_t _nfs42_proc_llseek(struct
 
 	status = nfs4_set_rw_stateid(&args.sa_stateid, lock->open_context,
 			lock, FMODE_READ);
-	if (status)
+	if (status) {
+		if (status == -EAGAIN)
+			status = -NFS4ERR_BAD_STATEID;
 		return status;
+	}
 
 	status = nfs_filemap_write_and_wait_range(inode->i_mapping,
 			offset, LLONG_MAX);
@@ -994,13 +1009,18 @@ static int _nfs42_proc_clone(struct rpc_
 
 	status = nfs4_set_rw_stateid(&args.src_stateid, src_lock->open_context,
 			src_lock, FMODE_READ);
-	if (status)
+	if (status) {
+		if (status == -EAGAIN)
+			status = -NFS4ERR_BAD_STATEID;
 		return status;
-
+	}
 	status = nfs4_set_rw_stateid(&args.dst_stateid, dst_lock->open_context,
 			dst_lock, FMODE_WRITE);
-	if (status)
+	if (status) {
+		if (status == -EAGAIN)
+			status = -NFS4ERR_BAD_STATEID;
 		return status;
+	}
 
 	res.dst_fattr = nfs_alloc_fattr();
 	if (!res.dst_fattr)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3239,6 +3239,8 @@ static int _nfs4_do_setattr(struct inode
 		nfs_put_lock_context(l_ctx);
 		if (status == -EIO)
 			return -EBADF;
+		else if (status == -EAGAIN)
+			goto zero_stateid;
 	} else {
 zero_stateid:
 		nfs4_stateid_copy(&arg->stateid, &zero_stateid);
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -1998,8 +1998,6 @@ lookup_again:
 			trace_pnfs_update_layout(ino, pos, count,
 					iomode, lo, lseg,
 					PNFS_UPDATE_LAYOUT_INVALID_OPEN);
-			if (status != -EAGAIN)
-				goto out_unlock;
 			spin_unlock(&ino->i_lock);
 			nfs4_schedule_stateid_recovery(server, ctx->state);
 			pnfs_clear_first_layoutget(lo);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 028/120] nfs: NFS_SWAP should depend on SWAP
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (26 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 027/120] NFSv4.x recover from pre-mature loss of openstateid Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 029/120] NFS: Revalidate the file size on a fatal write error Greg Kroah-Hartman
                   ` (96 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven, Anna Schumaker

From: Geert Uytterhoeven <geert+renesas@glider.be>

commit 474c4f306eefbb21b67ebd1de802d005c7d7ecdc upstream.

If CONFIG_SWAP=n, it does not make much sense to offer the user the
option to enable support for swapping over NFS, as that will still fail
at run time:

    # swapon /swap
    swapon: /swap: swapon failed: Function not implemented

Fix this by adding a dependency on CONFIG_SWAP.

Fixes: a564b8f0398636ba ("nfs: enable swap on NFS")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/nfs/Kconfig
+++ b/fs/nfs/Kconfig
@@ -90,7 +90,7 @@ config NFS_V4
 config NFS_SWAP
 	bool "Provide swap over NFS support"
 	default n
-	depends on NFS_FS
+	depends on NFS_FS && SWAP
 	select SUNRPC_SWAP
 	help
 	  This option enables swapon to work on files located on NFS mounts.



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 029/120] NFS: Revalidate the file size on a fatal write error
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (27 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 028/120] nfs: NFS_SWAP should depend on SWAP Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 030/120] NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() Greg Kroah-Hartman
                   ` (95 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker

From: Trond Myklebust <trondmy@gmail.com>

commit 0df68ced55443243951d02cc497be31fadf28173 upstream.

If we suffer a fatal error upon writing a file, which causes us to
need to revalidate the entire mapping, then we should also revalidate
the file size.

Fixes: d2ceb7e57086 ("NFS: Don't use page_file_mapping after removing the page")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/write.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -243,7 +243,15 @@ out:
 /* A writeback failed: mark the page as bad, and invalidate the page cache */
 static void nfs_set_pageerror(struct address_space *mapping)
 {
+	struct inode *inode = mapping->host;
+
 	nfs_zap_mapping(mapping->host, mapping);
+	/* Force file size revalidation */
+	spin_lock(&inode->i_lock);
+	NFS_I(inode)->cache_validity |= NFS_INO_REVAL_FORCED |
+					NFS_INO_REVAL_PAGECACHE |
+					NFS_INO_INVALID_SIZE;
+	spin_unlock(&inode->i_lock);
 }
 
 static void nfs_mapping_set_error(struct page *page, int error)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 030/120] NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (28 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 029/120] NFS: Revalidate the file size on a fatal write error Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 031/120] NFS: Fix fix of show_nfs_errors Greg Kroah-Hartman
                   ` (94 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker

From: Trond Myklebust <trondmy@gmail.com>

commit 221203ce6406273cf00e5c6397257d986c003ee6 upstream.

Instead of making assumptions about the commit verifier contents, change
the commit code to ensure we always check that the verifier was set
by the XDR code.

Fixes: f54bcf2ecee9 ("pnfs: Prepare for flexfiles by pulling out common code")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/direct.c   |    4 ++--
 fs/nfs/nfs3xdr.c  |    5 ++++-
 fs/nfs/nfs4xdr.c  |    5 ++++-
 fs/nfs/pnfs_nfs.c |    7 +++----
 fs/nfs/write.c    |    4 +++-
 5 files changed, 16 insertions(+), 9 deletions(-)

--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -245,10 +245,10 @@ static int nfs_direct_cmp_commit_data_ve
 					 data->ds_commit_index);
 
 	/* verifier not set so always fail */
-	if (verfp->committed < 0)
+	if (verfp->committed < 0 || data->res.verf->committed <= NFS_UNSTABLE)
 		return 1;
 
-	return nfs_direct_cmp_verf(verfp, &data->verf);
+	return nfs_direct_cmp_verf(verfp, data->res.verf);
 }
 
 /**
--- a/fs/nfs/nfs3xdr.c
+++ b/fs/nfs/nfs3xdr.c
@@ -2334,6 +2334,7 @@ static int nfs3_xdr_dec_commit3res(struc
 				   void *data)
 {
 	struct nfs_commitres *result = data;
+	struct nfs_writeverf *verf = result->verf;
 	enum nfs_stat status;
 	int error;
 
@@ -2346,7 +2347,9 @@ static int nfs3_xdr_dec_commit3res(struc
 	result->op_status = status;
 	if (status != NFS3_OK)
 		goto out_status;
-	error = decode_writeverf3(xdr, &result->verf->verifier);
+	error = decode_writeverf3(xdr, &verf->verifier);
+	if (!error)
+		verf->committed = NFS_FILE_SYNC;
 out:
 	return error;
 out_status:
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4313,11 +4313,14 @@ static int decode_write_verifier(struct
 
 static int decode_commit(struct xdr_stream *xdr, struct nfs_commitres *res)
 {
+	struct nfs_writeverf *verf = res->verf;
 	int status;
 
 	status = decode_op_hdr(xdr, OP_COMMIT);
 	if (!status)
-		status = decode_write_verifier(xdr, &res->verf->verifier);
+		status = decode_write_verifier(xdr, &verf->verifier);
+	if (!status)
+		verf->committed = NFS_FILE_SYNC;
 	return status;
 }
 
--- a/fs/nfs/pnfs_nfs.c
+++ b/fs/nfs/pnfs_nfs.c
@@ -31,12 +31,11 @@ EXPORT_SYMBOL_GPL(pnfs_generic_rw_releas
 /* Fake up some data that will cause nfs_commit_release to retry the writes. */
 void pnfs_generic_prepare_to_resend_writes(struct nfs_commit_data *data)
 {
-	struct nfs_page *first = nfs_list_entry(data->pages.next);
+	struct nfs_writeverf *verf = data->res.verf;
 
 	data->task.tk_status = 0;
-	memcpy(&data->verf.verifier, &first->wb_verf,
-	       sizeof(data->verf.verifier));
-	data->verf.verifier.data[0]++; /* ensure verifier mismatch */
+	memset(&verf->verifier, 0, sizeof(verf->verifier));
+	verf->committed = NFS_UNSTABLE;
 }
 EXPORT_SYMBOL_GPL(pnfs_generic_prepare_to_resend_writes);
 
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1837,6 +1837,7 @@ static void nfs_commit_done(struct rpc_t
 
 static void nfs_commit_release_pages(struct nfs_commit_data *data)
 {
+	const struct nfs_writeverf *verf = data->res.verf;
 	struct nfs_page	*req;
 	int status = data->task.tk_status;
 	struct nfs_commit_info cinfo;
@@ -1864,7 +1865,8 @@ static void nfs_commit_release_pages(str
 
 		/* Okay, COMMIT succeeded, apparently. Check the verifier
 		 * returned by the server against all stored verfs. */
-		if (!nfs_write_verifier_cmp(&req->wb_verf, &data->verf.verifier)) {
+		if (verf->committed > NFS_UNSTABLE &&
+		    !nfs_write_verifier_cmp(&req->wb_verf, &verf->verifier)) {
 			/* We have a match */
 			if (req->wb_page)
 				nfs_inode_remove_request(req);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 031/120] NFS: Fix fix of show_nfs_errors
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (29 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 030/120] NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 032/120] NFSv4: pnfs_roc() must use cred_fscmp() to compare creds Greg Kroah-Hartman
                   ` (93 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker

From: Trond Myklebust <trondmy@gmail.com>

commit 118b6292195cfb86a9f43cb65610fc6d980c65f4 upstream.

Casting a negative value to an unsigned long is not the same as
converting it to its absolute value.

Fixes: 96650e2effa2 ("NFS: Fix show_nfs_errors macros again")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/nfs4trace.h |   33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

--- a/fs/nfs/nfs4trace.h
+++ b/fs/nfs/nfs4trace.h
@@ -352,7 +352,7 @@ DECLARE_EVENT_CLASS(nfs4_clientid_event,
 		),
 
 		TP_fast_assign(
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__assign_str(dstaddr, clp->cl_hostname);
 		),
 
@@ -432,7 +432,8 @@ TRACE_EVENT(nfs4_sequence_done,
 			__entry->target_highest_slotid =
 					res->sr_target_highest_slotid;
 			__entry->status_flags = res->sr_status_flags;
-			__entry->error = res->sr_status;
+			__entry->error = res->sr_status < 0 ?
+					-res->sr_status : 0;
 		),
 		TP_printk(
 			"error=%ld (%s) session=0x%08x slot_nr=%u seq_nr=%u "
@@ -640,7 +641,7 @@ TRACE_EVENT(nfs4_state_mgr_failed,
 		),
 
 		TP_fast_assign(
-			__entry->error = status;
+			__entry->error = status < 0 ? -status : 0;
 			__entry->state = clp->cl_state;
 			__assign_str(hostname, clp->cl_hostname);
 			__assign_str(section, section);
@@ -659,7 +660,7 @@ TRACE_EVENT(nfs4_xdr_status,
 		TP_PROTO(
 			const struct xdr_stream *xdr,
 			u32 op,
-			int error
+			u32 error
 		),
 
 		TP_ARGS(xdr, op, error),
@@ -849,7 +850,7 @@ TRACE_EVENT(nfs4_close,
 			__entry->fileid = NFS_FILEID(inode);
 			__entry->fhandle = nfs_fhandle_hash(NFS_FH(inode));
 			__entry->fmode = (__force unsigned int)state->state;
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->stateid_seq =
 				be32_to_cpu(args->stateid.seqid);
 			__entry->stateid_hash =
@@ -914,7 +915,7 @@ DECLARE_EVENT_CLASS(nfs4_lock_event,
 		TP_fast_assign(
 			const struct inode *inode = state->inode;
 
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->cmd = cmd;
 			__entry->type = request->fl_type;
 			__entry->start = request->fl_start;
@@ -986,7 +987,7 @@ TRACE_EVENT(nfs4_set_lock,
 		TP_fast_assign(
 			const struct inode *inode = state->inode;
 
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->cmd = cmd;
 			__entry->type = request->fl_type;
 			__entry->start = request->fl_start;
@@ -1164,7 +1165,7 @@ TRACE_EVENT(nfs4_delegreturn_exit,
 		TP_fast_assign(
 			__entry->dev = res->server->s_dev;
 			__entry->fhandle = nfs_fhandle_hash(args->fhandle);
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->stateid_seq =
 				be32_to_cpu(args->stateid->seqid);
 			__entry->stateid_hash =
@@ -1204,7 +1205,7 @@ DECLARE_EVENT_CLASS(nfs4_test_stateid_ev
 		TP_fast_assign(
 			const struct inode *inode = state->inode;
 
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->dev = inode->i_sb->s_dev;
 			__entry->fileid = NFS_FILEID(inode);
 			__entry->fhandle = nfs_fhandle_hash(NFS_FH(inode));
@@ -1306,7 +1307,7 @@ TRACE_EVENT(nfs4_lookupp,
 		TP_fast_assign(
 			__entry->dev = inode->i_sb->s_dev;
 			__entry->ino = NFS_FILEID(inode);
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 		),
 
 		TP_printk(
@@ -1342,7 +1343,7 @@ TRACE_EVENT(nfs4_rename,
 			__entry->dev = olddir->i_sb->s_dev;
 			__entry->olddir = NFS_FILEID(olddir);
 			__entry->newdir = NFS_FILEID(newdir);
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__assign_str(oldname, oldname->name);
 			__assign_str(newname, newname->name);
 		),
@@ -1433,7 +1434,7 @@ DECLARE_EVENT_CLASS(nfs4_inode_stateid_e
 			__entry->dev = inode->i_sb->s_dev;
 			__entry->fileid = NFS_FILEID(inode);
 			__entry->fhandle = nfs_fhandle_hash(NFS_FH(inode));
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->stateid_seq =
 				be32_to_cpu(stateid->seqid);
 			__entry->stateid_hash =
@@ -1489,7 +1490,7 @@ DECLARE_EVENT_CLASS(nfs4_getattr_event,
 			__entry->valid = fattr->valid;
 			__entry->fhandle = nfs_fhandle_hash(fhandle);
 			__entry->fileid = (fattr->valid & NFS_ATTR_FATTR_FILEID) ? fattr->fileid : 0;
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 		),
 
 		TP_printk(
@@ -1536,7 +1537,7 @@ DECLARE_EVENT_CLASS(nfs4_inode_callback_
 		),
 
 		TP_fast_assign(
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->fhandle = nfs_fhandle_hash(fhandle);
 			if (!IS_ERR_OR_NULL(inode)) {
 				__entry->fileid = NFS_FILEID(inode);
@@ -1593,7 +1594,7 @@ DECLARE_EVENT_CLASS(nfs4_inode_stateid_c
 		),
 
 		TP_fast_assign(
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->fhandle = nfs_fhandle_hash(fhandle);
 			if (!IS_ERR_OR_NULL(inode)) {
 				__entry->fileid = NFS_FILEID(inode);
@@ -1896,7 +1897,7 @@ TRACE_EVENT(nfs4_layoutget,
 			__entry->iomode = args->iomode;
 			__entry->offset = args->offset;
 			__entry->count = args->length;
-			__entry->error = error;
+			__entry->error = error < 0 ? -error : 0;
 			__entry->stateid_seq =
 				be32_to_cpu(state->stateid.seqid);
 			__entry->stateid_hash =



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 032/120] NFSv4: pnfs_roc() must use cred_fscmp() to compare creds
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (30 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 031/120] NFS: Fix fix of show_nfs_errors Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 033/120] NFSv4: try lease recovery on NFS4ERR_EXPIRED Greg Kroah-Hartman
                   ` (92 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker

From: Trond Myklebust <trondmy@gmail.com>

commit 387122478775be5d9816c34aa29de53d0b926835 upstream.

When comparing two 'struct cred' for equality w.r.t. behaviour under
filesystem access, we need to use cred_fscmp().

Fixes: a52458b48af1 ("NFS/NFSD/SUNRPC: replace generic creds with 'struct cred'.")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/pnfs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -1425,7 +1425,7 @@ retry:
 	/* lo ref dropped in pnfs_roc_release() */
 	layoutreturn = pnfs_prepare_layoutreturn(lo, &stateid, &iomode);
 	/* If the creds don't match, we can't compound the layoutreturn */
-	if (!layoutreturn || cred != lo->plh_lc_cred)
+	if (!layoutreturn || cred_fscmp(cred, lo->plh_lc_cred) != 0)
 		goto out_noroc;
 
 	roc = layoutreturn;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 033/120] NFSv4: try lease recovery on NFS4ERR_EXPIRED
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (31 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 032/120] NFSv4: pnfs_roc() must use cred_fscmp() to compare creds Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 034/120] NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals Greg Kroah-Hartman
                   ` (91 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Robert Milkowski, Trond Myklebust,
	Anna Schumaker

From: Robert Milkowski <rmilkowski@gmail.com>

commit 924491f2e476f7234d722b24171a4daff61bbe13 upstream.

Currently, if an nfs server returns NFS4ERR_EXPIRED to open(),
we return EIO to applications without even trying to recover.

Fixes: 272289a3df72 ("NFSv4: nfs4_do_handle_exception() handle revoke/expiry of a single stateid")
Signed-off-by: Robert Milkowski <rmilkowski@gmail.com>
Reviewed-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/nfs4proc.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3187,6 +3187,11 @@ static struct nfs4_state *nfs4_do_open(s
 			exception.retry = 1;
 			continue;
 		}
+		if (status == -NFS4ERR_EXPIRED) {
+			nfs4_schedule_lease_recovery(server->nfs_client);
+			exception.retry = 1;
+			continue;
+		}
 		if (status == -EAGAIN) {
 			/* We must have found a delegation */
 			exception.retry = 1;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 034/120] NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (32 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 033/120] NFSv4: try lease recovery on NFS4ERR_EXPIRED Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 035/120] x86/boot: Handle malformed SRAT tables during early ACPI parsing Greg Kroah-Hartman
                   ` (90 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Milkowski, Anna Schumaker

From: Robert Milkowski <rmilkowski@gmail.com>

commit 7dc2993a9e51dd2eee955944efec65bef90265b7 upstream.

Currently, each time nfs4_do_fsinfo() is called it will do an implicit
NFS4 lease renewal, which is not compliant with the NFS4 specification.
This can result in a lease being expired by an NFS server.

Commit 83ca7f5ab31f ("NFS: Avoid PUTROOTFH when managing leases")
introduced implicit client lease renewal in nfs4_do_fsinfo(),
which can result in the NFSv4.0 lease to expire on a server side,
and servers returning NFS4ERR_EXPIRED or NFS4ERR_STALE_CLIENTID.

This can easily be reproduced by frequently unmounting a sub-mount,
then stat'ing it to get it mounted again, which will delay or even
completely prevent client from sending RENEW operations if no other
NFS operations are issued. Eventually nfs server will expire client's
lease and return an error on file access or next RENEW.

This can also happen when a sub-mount is automatically unmounted
due to inactivity (after nfs_mountpoint_expiry_timeout), then it is
mounted again via stat(). This can result in a short window during
which client's lease will expire on a server but not on a client.
This specific case was observed on production systems.

This patch removes the implicit lease renewal from nfs4_do_fsinfo().

Fixes: 83ca7f5ab31f ("NFS: Avoid PUTROOTFH when managing leases")
Signed-off-by: Robert Milkowski <rmilkowski@gmail.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/nfs4_fs.h    |    4 +---
 fs/nfs/nfs4proc.c   |   12 ++++++++----
 fs/nfs/nfs4renewd.c |    5 +----
 fs/nfs/nfs4state.c  |    4 +---
 4 files changed, 11 insertions(+), 14 deletions(-)

--- a/fs/nfs/nfs4_fs.h
+++ b/fs/nfs/nfs4_fs.h
@@ -446,9 +446,7 @@ extern void nfs4_schedule_state_renewal(
 extern void nfs4_renewd_prepare_shutdown(struct nfs_server *);
 extern void nfs4_kill_renewd(struct nfs_client *);
 extern void nfs4_renew_state(struct work_struct *);
-extern void nfs4_set_lease_period(struct nfs_client *clp,
-		unsigned long lease,
-		unsigned long lastrenewed);
+extern void nfs4_set_lease_period(struct nfs_client *clp, unsigned long lease);
 
 
 /* nfs4state.c */
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -5026,16 +5026,13 @@ static int nfs4_do_fsinfo(struct nfs_ser
 	struct nfs4_exception exception = {
 		.interruptible = true,
 	};
-	unsigned long now = jiffies;
 	int err;
 
 	do {
 		err = _nfs4_do_fsinfo(server, fhandle, fsinfo);
 		trace_nfs4_fsinfo(server, fhandle, fsinfo->fattr, err);
 		if (err == 0) {
-			nfs4_set_lease_period(server->nfs_client,
-					fsinfo->lease_time * HZ,
-					now);
+			nfs4_set_lease_period(server->nfs_client, fsinfo->lease_time * HZ);
 			break;
 		}
 		err = nfs4_handle_exception(server, err, &exception);
@@ -6091,6 +6088,7 @@ int nfs4_proc_setclientid(struct nfs_cli
 		.callback_data = &setclientid,
 		.flags = RPC_TASK_TIMEOUT | RPC_TASK_NO_ROUND_ROBIN,
 	};
+	unsigned long now = jiffies;
 	int status;
 
 	/* nfs_client_id4 */
@@ -6123,6 +6121,9 @@ int nfs4_proc_setclientid(struct nfs_cli
 		clp->cl_acceptor = rpcauth_stringify_acceptor(setclientid.sc_cred);
 		put_rpccred(setclientid.sc_cred);
 	}
+
+	if (status == 0)
+		do_renew_lease(clp, now);
 out:
 	trace_nfs4_setclientid(clp, status);
 	dprintk("NFS reply setclientid: %d\n", status);
@@ -8210,6 +8211,7 @@ static int _nfs4_proc_exchange_id(struct
 	struct rpc_task *task;
 	struct nfs41_exchange_id_args *argp;
 	struct nfs41_exchange_id_res *resp;
+	unsigned long now = jiffies;
 	int status;
 
 	task = nfs4_run_exchange_id(clp, cred, sp4_how, NULL);
@@ -8230,6 +8232,8 @@ static int _nfs4_proc_exchange_id(struct
 	if (status != 0)
 		goto out;
 
+	do_renew_lease(clp, now);
+
 	clp->cl_clientid = resp->clientid;
 	clp->cl_exchange_flags = resp->flags;
 	clp->cl_seqid = resp->seqid;
--- a/fs/nfs/nfs4renewd.c
+++ b/fs/nfs/nfs4renewd.c
@@ -138,15 +138,12 @@ nfs4_kill_renewd(struct nfs_client *clp)
  *
  * @clp: pointer to nfs_client
  * @lease: new value for lease period
- * @lastrenewed: time at which lease was last renewed
  */
 void nfs4_set_lease_period(struct nfs_client *clp,
-		unsigned long lease,
-		unsigned long lastrenewed)
+		unsigned long lease)
 {
 	spin_lock(&clp->cl_lock);
 	clp->cl_lease_time = lease;
-	clp->cl_last_renewal = lastrenewed;
 	spin_unlock(&clp->cl_lock);
 
 	/* Cap maximum reconnect timeout at 1/2 lease period */
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -92,17 +92,15 @@ static int nfs4_setup_state_renewal(stru
 {
 	int status;
 	struct nfs_fsinfo fsinfo;
-	unsigned long now;
 
 	if (!test_bit(NFS_CS_CHECK_LEASE_TIME, &clp->cl_res_state)) {
 		nfs4_schedule_state_renewal(clp);
 		return 0;
 	}
 
-	now = jiffies;
 	status = nfs4_proc_get_lease_time(clp, &fsinfo);
 	if (status == 0) {
-		nfs4_set_lease_period(clp, fsinfo.lease_time * HZ, now);
+		nfs4_set_lease_period(clp, fsinfo.lease_time * HZ);
 		nfs4_schedule_state_renewal(clp);
 	}
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 035/120] x86/boot: Handle malformed SRAT tables during early ACPI parsing
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (33 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 034/120] NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 036/120] bpftool: Dont crash on missing xlated program instructions Greg Kroah-Hartman
                   ` (89 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Steven Clarkson, Borislav Petkov,
	linux-acpi, Sasha Levin

From: Steven Clarkson <sc@lambdal.com>

[ Upstream commit 2b73ea3796242608b4ccf019ff217156c92e92fe ]

Break an infinite loop when early parsing of the SRAT table is caused
by a subtable with zero length. Known to affect the ASUS WS X299 SAGE
motherboard with firmware version 1201 which has a large block of
zeros in its SRAT table. The kernel could boot successfully on this
board/firmware prior to the introduction of early parsing this table or
after a BIOS update.

 [ bp: Fixup whitespace damage and commit message. Make it return 0 to
   denote that there are no immovable regions because who knows what
   else is broken in this BIOS. ]

Fixes: 02a3e3cdb7f1 ("x86/boot: Parse SRAT table and count immovable memory regions")
Signed-off-by: Steven Clarkson <sc@lambdal.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: linux-acpi@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206343
Link: https://lkml.kernel.org/r/CAHKq8taGzj0u1E_i=poHUam60Bko5BpiJ9jn0fAupFUYexvdUQ@mail.gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/boot/compressed/acpi.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
index 25019d42ae937..ef2ad7253cd5e 100644
--- a/arch/x86/boot/compressed/acpi.c
+++ b/arch/x86/boot/compressed/acpi.c
@@ -393,7 +393,13 @@ int count_immovable_mem_regions(void)
 	table = table_addr + sizeof(struct acpi_table_srat);
 
 	while (table + sizeof(struct acpi_subtable_header) < table_end) {
+
 		sub_table = (struct acpi_subtable_header *)table;
+		if (!sub_table->length) {
+			debug_putstr("Invalid zero length SRAT subtable.\n");
+			return 0;
+		}
+
 		if (sub_table->type == ACPI_SRAT_TYPE_MEMORY_AFFINITY) {
 			struct acpi_srat_mem_affinity *ma;
 
-- 
2.20.1




^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 036/120] bpftool: Dont crash on missing xlated program instructions
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (34 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 035/120] x86/boot: Handle malformed SRAT tables during early ACPI parsing Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 037/120] bpf, sockmap: Dont sleep while holding RCU lock on tear-down Greg Kroah-Hartman
                   ` (88 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Toke Høiland-Jørgensen,
	Daniel Borkmann, Quentin Monnet

From: Toke Høiland-Jørgensen <toke@redhat.com>

commit d95f1e8b462c4372ac409886070bb8719d8a4d3a upstream.

Turns out the xlated program instructions can also be missing if
kptr_restrict sysctl is set. This means that the previous fix to check the
jited_prog_insns pointer was insufficient; add another check of the
xlated_prog_insns pointer as well.

Fixes: 5b79bcdf0362 ("bpftool: Don't crash on missing jited insns or ksyms")
Fixes: cae73f233923 ("bpftool: use bpf_program__get_prog_info_linear() in prog.c:do_dump()")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Link: https://lore.kernel.org/bpf/20200206102906.112551-1-toke@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/bpf/bpftool/prog.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/bpf/bpftool/prog.c
+++ b/tools/bpf/bpftool/prog.c
@@ -500,7 +500,7 @@ static int do_dump(int argc, char **argv
 		buf = (unsigned char *)(info->jited_prog_insns);
 		member_len = info->jited_prog_len;
 	} else {	/* DUMP_XLATED */
-		if (info->xlated_prog_len == 0) {
+		if (info->xlated_prog_len == 0 || !info->xlated_prog_insns) {
 			p_err("error retrieving insn dump: kernel.kptr_restrict set?");
 			goto err_free;
 		}



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 037/120] bpf, sockmap: Dont sleep while holding RCU lock on tear-down
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (35 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 036/120] bpftool: Dont crash on missing xlated program instructions Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 038/120] bpf, sockhash: Synchronize_rcu before freeing map Greg Kroah-Hartman
                   ` (87 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jakub Sitnicki, Daniel Borkmann,
	John Fastabend

From: Jakub Sitnicki <jakub@cloudflare.com>

commit db6a5018b6e008c1d69c6628cdaa9541b8e70940 upstream.

rcu_read_lock is needed to protect access to psock inside sock_map_unref
when tearing down the map. However, we can't afford to sleep in lock_sock
while in RCU read-side critical section. Grab the RCU lock only after we
have locked the socket.

This fixes RCU warnings triggerable on a VM with 1 vCPU when free'ing a
sockmap/sockhash that contains at least one socket:

| =============================
| WARNING: suspicious RCU usage
| 5.5.0-04005-g8fc91b972b73 #450 Not tainted
| -----------------------------
| include/linux/rcupdate.h:272 Illegal context switch in RCU read-side critical section!
|
| other info that might help us debug this:
|
|
| rcu_scheduler_active = 2, debug_locks = 1
| 4 locks held by kworker/0:1/62:
|  #0: ffff88813b019748 ((wq_completion)events){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #1: ffffc900000abe50 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #2: ffffffff82065d20 (rcu_read_lock){....}, at: sock_map_free+0x5/0x170
|  #3: ffff8881368c5df8 (&stab->lock){+...}, at: sock_map_free+0x64/0x170
|
| stack backtrace:
| CPU: 0 PID: 62 Comm: kworker/0:1 Not tainted 5.5.0-04005-g8fc91b972b73 #450
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
| Workqueue: events bpf_map_free_deferred
| Call Trace:
|  dump_stack+0x71/0xa0
|  ___might_sleep+0x105/0x190
|  lock_sock_nested+0x28/0x90
|  sock_map_free+0x95/0x170
|  bpf_map_free_deferred+0x58/0x80
|  process_one_work+0x260/0x5e0
|  worker_thread+0x4d/0x3e0
|  kthread+0x108/0x140
|  ? process_one_work+0x5e0/0x5e0
|  ? kthread_park+0x90/0x90
|  ret_from_fork+0x3a/0x50

| =============================
| WARNING: suspicious RCU usage
| 5.5.0-04005-g8fc91b972b73-dirty #452 Not tainted
| -----------------------------
| include/linux/rcupdate.h:272 Illegal context switch in RCU read-side critical section!
|
| other info that might help us debug this:
|
|
| rcu_scheduler_active = 2, debug_locks = 1
| 4 locks held by kworker/0:1/62:
|  #0: ffff88813b019748 ((wq_completion)events){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #1: ffffc900000abe50 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x1d7/0x5e0
|  #2: ffffffff82065d20 (rcu_read_lock){....}, at: sock_hash_free+0x5/0x1d0
|  #3: ffff888139966e00 (&htab->buckets[i].lock){+...}, at: sock_hash_free+0x92/0x1d0
|
| stack backtrace:
| CPU: 0 PID: 62 Comm: kworker/0:1 Not tainted 5.5.0-04005-g8fc91b972b73-dirty #452
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
| Workqueue: events bpf_map_free_deferred
| Call Trace:
|  dump_stack+0x71/0xa0
|  ___might_sleep+0x105/0x190
|  lock_sock_nested+0x28/0x90
|  sock_hash_free+0xec/0x1d0
|  bpf_map_free_deferred+0x58/0x80
|  process_one_work+0x260/0x5e0
|  worker_thread+0x4d/0x3e0
|  kthread+0x108/0x140
|  ? process_one_work+0x5e0/0x5e0
|  ? kthread_park+0x90/0x90
|  ret_from_fork+0x3a/0x50

Fixes: 7e81a3530206 ("bpf: Sockmap, ensure sock lock held during tear down")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-2-jakub@cloudflare.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/core/sock_map.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -234,7 +234,6 @@ static void sock_map_free(struct bpf_map
 	int i;
 
 	synchronize_rcu();
-	rcu_read_lock();
 	raw_spin_lock_bh(&stab->lock);
 	for (i = 0; i < stab->map.max_entries; i++) {
 		struct sock **psk = &stab->sks[i];
@@ -243,12 +242,13 @@ static void sock_map_free(struct bpf_map
 		sk = xchg(psk, NULL);
 		if (sk) {
 			lock_sock(sk);
+			rcu_read_lock();
 			sock_map_unref(sk, psk);
+			rcu_read_unlock();
 			release_sock(sk);
 		}
 	}
 	raw_spin_unlock_bh(&stab->lock);
-	rcu_read_unlock();
 
 	synchronize_rcu();
 
@@ -859,19 +859,19 @@ static void sock_hash_free(struct bpf_ma
 	int i;
 
 	synchronize_rcu();
-	rcu_read_lock();
 	for (i = 0; i < htab->buckets_num; i++) {
 		bucket = sock_hash_select_bucket(htab, i);
 		raw_spin_lock_bh(&bucket->lock);
 		hlist_for_each_entry_safe(elem, node, &bucket->head, node) {
 			hlist_del_rcu(&elem->node);
 			lock_sock(elem->sk);
+			rcu_read_lock();
 			sock_map_unref(elem->sk, elem);
+			rcu_read_unlock();
 			release_sock(elem->sk);
 		}
 		raw_spin_unlock_bh(&bucket->lock);
 	}
-	rcu_read_unlock();
 
 	bpf_map_area_free(htab->buckets);
 	kfree(htab);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 038/120] bpf, sockhash: Synchronize_rcu before freeing map
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (36 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 037/120] bpf, sockmap: Dont sleep while holding RCU lock on tear-down Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 039/120] selftests/bpf: Test freeing sockmap/sockhash with a socket in it Greg Kroah-Hartman
                   ` (86 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jakub Sitnicki, Daniel Borkmann,
	John Fastabend

From: Jakub Sitnicki <jakub@cloudflare.com>

commit 0b2dc83906cf1e694e48003eae5df8fa63f76fd9 upstream.

We need to have a synchronize_rcu before free'ing the sockhash because any
outstanding psock references will have a pointer to the map and when they
use it, this could trigger a use after free.

This is a sister fix for sockhash, following commit 2bb90e5cc90e ("bpf:
sockmap, synchronize_rcu before free'ing map") which addressed sockmap,
which comes from a manual audit.

Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-3-jakub@cloudflare.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/core/sock_map.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -250,6 +250,7 @@ static void sock_map_free(struct bpf_map
 	}
 	raw_spin_unlock_bh(&stab->lock);
 
+	/* wait for psock readers accessing its map link */
 	synchronize_rcu();
 
 	bpf_map_area_free(stab->sks);
@@ -873,6 +874,9 @@ static void sock_hash_free(struct bpf_ma
 		raw_spin_unlock_bh(&bucket->lock);
 	}
 
+	/* wait for psock readers accessing its map link */
+	synchronize_rcu();
+
 	bpf_map_area_free(htab->buckets);
 	kfree(htab);
 }



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 039/120] selftests/bpf: Test freeing sockmap/sockhash with a socket in it
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (37 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 038/120] bpf, sockhash: Synchronize_rcu before freeing map Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 040/120] bpf: Improve bucket_log calculation logic Greg Kroah-Hartman
                   ` (85 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jakub Sitnicki, Daniel Borkmann,
	John Fastabend

From: Jakub Sitnicki <jakub@cloudflare.com>

commit 5d3919a953c3c96c02fc7a337f8376cde43ae31f upstream.

Commit 7e81a3530206 ("bpf: Sockmap, ensure sock lock held during tear
down") introduced sleeping issues inside RCU critical sections and while
holding a spinlock on sockmap/sockhash tear-down. There has to be at least
one socket in the map for the problem to surface.

This adds a test that triggers the warnings for broken locking rules. Not a
fix per se, but rather tooling to verify the accompanying fixes. Run on a
VM with 1 vCPU to reproduce the warnings.

Fixes: 7e81a3530206 ("bpf: Sockmap, ensure sock lock held during tear down")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-4-jakub@cloudflare.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/testing/selftests/bpf/prog_tests/sockmap_basic.c |   74 +++++++++++++++++
 1 file changed, 74 insertions(+)

--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c
@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: GPL-2.0
+// Copyright (c) 2020 Cloudflare
+
+#include "test_progs.h"
+
+static int connected_socket_v4(void)
+{
+	struct sockaddr_in addr = {
+		.sin_family = AF_INET,
+		.sin_port = htons(80),
+		.sin_addr = { inet_addr("127.0.0.1") },
+	};
+	socklen_t len = sizeof(addr);
+	int s, repair, err;
+
+	s = socket(AF_INET, SOCK_STREAM, 0);
+	if (CHECK_FAIL(s == -1))
+		goto error;
+
+	repair = TCP_REPAIR_ON;
+	err = setsockopt(s, SOL_TCP, TCP_REPAIR, &repair, sizeof(repair));
+	if (CHECK_FAIL(err))
+		goto error;
+
+	err = connect(s, (struct sockaddr *)&addr, len);
+	if (CHECK_FAIL(err))
+		goto error;
+
+	repair = TCP_REPAIR_OFF_NO_WP;
+	err = setsockopt(s, SOL_TCP, TCP_REPAIR, &repair, sizeof(repair));
+	if (CHECK_FAIL(err))
+		goto error;
+
+	return s;
+error:
+	perror(__func__);
+	close(s);
+	return -1;
+}
+
+/* Create a map, populate it with one socket, and free the map. */
+static void test_sockmap_create_update_free(enum bpf_map_type map_type)
+{
+	const int zero = 0;
+	int s, map, err;
+
+	s = connected_socket_v4();
+	if (CHECK_FAIL(s == -1))
+		return;
+
+	map = bpf_create_map(map_type, sizeof(int), sizeof(int), 1, 0);
+	if (CHECK_FAIL(map == -1)) {
+		perror("bpf_create_map");
+		goto out;
+	}
+
+	err = bpf_map_update_elem(map, &zero, &s, BPF_NOEXIST);
+	if (CHECK_FAIL(err)) {
+		perror("bpf_map_update");
+		goto out;
+	}
+
+out:
+	close(map);
+	close(s);
+}
+
+void test_sockmap_basic(void)
+{
+	if (test__start_subtest("sockmap create_update_free"))
+		test_sockmap_create_update_free(BPF_MAP_TYPE_SOCKMAP);
+	if (test__start_subtest("sockhash create_update_free"))
+		test_sockmap_create_update_free(BPF_MAP_TYPE_SOCKHASH);
+}



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 040/120] bpf: Improve bucket_log calculation logic
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (38 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 039/120] selftests/bpf: Test freeing sockmap/sockhash with a socket in it Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 041/120] bpf, sockmap: Check update requirements after locking Greg Kroah-Hartman
                   ` (84 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Luc Van Oostenryck,
	Linus Torvalds, Martin KaFai Lau, Daniel Borkmann

From: Martin KaFai Lau <kafai@fb.com>

commit 88d6f130e5632bbf419a2e184ec7adcbe241260b upstream.

It was reported that the max_t, ilog2, and roundup_pow_of_two macros have
exponential effects on the number of states in the sparse checker.

This patch breaks them up by calculating the "nbuckets" first so that the
"bucket_log" only needs to take ilog2().

In addition, Linus mentioned:

  Patch looks good, but I'd like to point out that it's not just sparse.

  You can see it with a simple

    make net/core/bpf_sk_storage.i
    grep 'smap->bucket_log = ' net/core/bpf_sk_storage.i | wc

  and see the end result:

      1  365071 2686974

  That's one line (the assignment line) that is 2,686,974 characters in
  length.

  Now, sparse does happen to react particularly badly to that (I didn't
  look to why, but I suspect it's just that evaluating all the types
  that don't actually ever end up getting used ends up being much more
  expensive than it should be), but I bet it's not good for gcc either.

Fixes: 6ac99e8f23d4 ("bpf: Introduce bpf sk local storage")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Link: https://lore.kernel.org/bpf/20200207081810.3918919-1-kafai@fb.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/core/bpf_sk_storage.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -643,9 +643,10 @@ static struct bpf_map *bpf_sk_storage_ma
 		return ERR_PTR(-ENOMEM);
 	bpf_map_init_from_attr(&smap->map, attr);
 
+	nbuckets = roundup_pow_of_two(num_possible_cpus());
 	/* Use at least 2 buckets, select_bucket() is undefined behavior with 1 bucket */
-	smap->bucket_log = max_t(u32, 1, ilog2(roundup_pow_of_two(num_possible_cpus())));
-	nbuckets = 1U << smap->bucket_log;
+	nbuckets = max_t(u32, 2, nbuckets);
+	smap->bucket_log = ilog2(nbuckets);
 	cost = sizeof(*smap->buckets) * nbuckets + sizeof(*smap);
 
 	ret = bpf_map_charge_init(&smap->map.memory, cost);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 041/120] bpf, sockmap: Check update requirements after locking
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (39 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 040/120] bpf: Improve bucket_log calculation logic Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 042/120] mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap Greg Kroah-Hartman
                   ` (83 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Lorenz Bauer, Daniel Borkmann,
	Jakub Sitnicki

From: Lorenz Bauer <lmb@cloudflare.com>

commit 85b8ac01a421791d66c3a458a7f83cfd173fe3fa upstream.

It's currently possible to insert sockets in unexpected states into
a sockmap, due to a TOCTTOU when updating the map from a syscall.
sock_map_update_elem checks that sk->sk_state == TCP_ESTABLISHED,
locks the socket and then calls sock_map_update_common. At this
point, the socket may have transitioned into another state, and
the earlier assumptions don't hold anymore. Crucially, it's
conceivable (though very unlikely) that a socket has become unhashed.
This breaks the sockmap's assumption that it will get a callback
via sk->sk_prot->unhash.

Fix this by checking the (fixed) sk_type and sk_protocol without the
lock, followed by a locked check of sk_state.

Unfortunately it's not possible to push the check down into
sock_(map|hash)_update_common, since BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
run before the socket has transitioned from TCP_SYN_RECV into
TCP_ESTABLISHED.

Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
Link: https://lore.kernel.org/bpf/20200207103713.28175-1-lmb@cloudflare.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/core/sock_map.c |   16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -417,14 +417,16 @@ static int sock_map_update_elem(struct b
 		ret = -EINVAL;
 		goto out;
 	}
-	if (!sock_map_sk_is_suitable(sk) ||
-	    sk->sk_state != TCP_ESTABLISHED) {
+	if (!sock_map_sk_is_suitable(sk)) {
 		ret = -EOPNOTSUPP;
 		goto out;
 	}
 
 	sock_map_sk_acquire(sk);
-	ret = sock_map_update_common(map, idx, sk, flags);
+	if (sk->sk_state != TCP_ESTABLISHED)
+		ret = -EOPNOTSUPP;
+	else
+		ret = sock_map_update_common(map, idx, sk, flags);
 	sock_map_sk_release(sk);
 out:
 	fput(sock->file);
@@ -740,14 +742,16 @@ static int sock_hash_update_elem(struct
 		ret = -EINVAL;
 		goto out;
 	}
-	if (!sock_map_sk_is_suitable(sk) ||
-	    sk->sk_state != TCP_ESTABLISHED) {
+	if (!sock_map_sk_is_suitable(sk)) {
 		ret = -EOPNOTSUPP;
 		goto out;
 	}
 
 	sock_map_sk_acquire(sk);
-	ret = sock_hash_update_common(map, key, sk, flags);
+	if (sk->sk_state != TCP_ESTABLISHED)
+		ret = -EOPNOTSUPP;
+	else
+		ret = sock_hash_update_common(map, key, sk, flags);
 	sock_map_sk_release(sk);
 out:
 	fput(sock->file);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 042/120] mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (40 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 041/120] bpf, sockmap: Check update requirements after locking Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 043/120] netdevsim: fix using uninitialized resources Greg Kroah-Hartman
                   ` (82 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lorenzo Bianconi, Kalle Valo

From: Lorenzo Bianconi <lorenzo@kernel.org>

commit d08f3010f4a32eec3c8aa771f03a1b342a1472fa upstream.

Fix u8 cast reading max_nss from MT_TOP_STRAP_STA register in
mt7615_eeprom_parse_hw_cap routine

Fixes: acf5457fd99db ("mt76: mt7615: read {tx,rx} mask from eeprom")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c
@@ -92,8 +92,9 @@ static int mt7615_check_eeprom(struct mt
 
 static void mt7615_eeprom_parse_hw_cap(struct mt7615_dev *dev)
 {
-	u8 val, *eeprom = dev->mt76.eeprom.data;
+	u8 *eeprom = dev->mt76.eeprom.data;
 	u8 tx_mask, rx_mask, max_nss;
+	u32 val;
 
 	val = FIELD_GET(MT_EE_NIC_WIFI_CONF_BAND_SEL,
 			eeprom[MT_EE_WIFI_CONF]);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 043/120] netdevsim: fix using uninitialized resources
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (41 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 042/120] mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 044/120] netdevsim: disable devlink reload when resources are being used Greg Kroah-Hartman
                   ` (81 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Jakub Kicinski

From: Taehee Yoo <ap420073@gmail.com>

commit f5cd21605ecd249e5fc715411df22cc1bc877b32 upstream.

When module is being initialized, __init() calls bus_register() and
driver_register().
These functions internally create various resources and sysfs files.
The sysfs files are used for basic operations(add/del device).
/sys/bus/netdevsim/new_device
/sys/bus/netdevsim/del_device

These sysfs files use netdevsim resources, they are mostly allocated
and initialized in ->probe() function, which is nsim_dev_probe().
But, sysfs files could be executed before ->probe() is finished.
So, accessing uninitialized data would occur.

Another problem is very similar.
/sys/bus/netdevsim/new_device internally creates sysfs files.
/sys/devices/netdevsim<id>/new_port
/sys/devices/netdevsim<id>/del_port

These sysfs files also use netdevsim resources, they are mostly allocated
and initialized in creating device routine, which is nsim_bus_dev_new().
But they also could be executed before nsim_bus_dev_new() is finished.
So, accessing uninitialized data would occur.

To fix these problems, this patch adds flags, which means whether the
operation is finished or not.
The flag variable 'nsim_bus_enable' means whether netdevsim bus was
initialized or not.
This is protected by nsim_bus_dev_list_lock.
The flag variable 'nsim_bus_dev->init' means whether nsim_bus_dev was
initialized or not.
This could be used in {new/del}_port_store() with no lock.

Test commands:
    #SHELL1
    modprobe netdevsim
    while :
    do
        echo "1 1" > /sys/bus/netdevsim/new_device
        echo "1 1" > /sys/bus/netdevsim/del_device
    done

    #SHELL2
    while :
    do
        echo 1 > /sys/devices/netdevsim1/new_port
        echo 1 > /sys/devices/netdevsim1/del_port
    done

Splat looks like:
[   47.508954][ T1008] general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 I
[   47.510793][ T1008] KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]
[   47.511963][ T1008] CPU: 2 PID: 1008 Comm: bash Not tainted 5.5.0+ #322
[   47.512823][ T1008] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[   47.514041][ T1008] RIP: 0010:__mutex_lock+0x10a/0x14b0
[   47.514699][ T1008] Code: 08 84 d2 0f 85 7f 12 00 00 44 8b 0d 10 23 65 02 45 85 c9 75 29 49 8d 7f 68 48 b8 00 00 00 0f
[   47.517163][ T1008] RSP: 0018:ffff888059b4fbb0 EFLAGS: 00010206
[   47.517802][ T1008] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   47.518941][ T1008] RDX: 0000000000000021 RSI: ffffffff85926440 RDI: 0000000000000108
[   47.519732][ T1008] RBP: ffff888059b4fd30 R08: ffffffffc073fad0 R09: 0000000000000000
[   47.520729][ T1008] R10: ffff888059b4fd50 R11: ffff88804bb38040 R12: 0000000000000000
[   47.521702][ T1008] R13: dffffc0000000000 R14: ffffffff871976c0 R15: 00000000000000a0
[   47.522760][ T1008] FS:  00007fd4be05a740(0000) GS:ffff88806c800000(0000) knlGS:0000000000000000
[   47.523877][ T1008] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   47.524627][ T1008] CR2: 0000561c82b69cf0 CR3: 0000000065dd6004 CR4: 00000000000606e0
[   47.527662][ T1008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   47.528604][ T1008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   47.529531][ T1008] Call Trace:
[   47.529874][ T1008]  ? nsim_dev_port_add+0x50/0x150 [netdevsim]
[   47.530470][ T1008]  ? mutex_lock_io_nested+0x1380/0x1380
[   47.531018][ T1008]  ? _kstrtoull+0x76/0x160
[   47.531449][ T1008]  ? _parse_integer+0xf0/0xf0
[   47.531874][ T1008]  ? kernfs_fop_write+0x1cf/0x410
[   47.532330][ T1008]  ? sysfs_file_ops+0x160/0x160
[   47.532773][ T1008]  ? kstrtouint+0x86/0x110
[   47.533168][ T1008]  ? nsim_dev_port_add+0x50/0x150 [netdevsim]
[   47.533721][ T1008]  nsim_dev_port_add+0x50/0x150 [netdevsim]
[   47.534336][ T1008]  ? sysfs_file_ops+0x160/0x160
[   47.534858][ T1008]  new_port_store+0x99/0xb0 [netdevsim]
[   47.535439][ T1008]  ? del_port_store+0xb0/0xb0 [netdevsim]
[   47.536035][ T1008]  ? sysfs_file_ops+0x112/0x160
[   47.536544][ T1008]  ? sysfs_kf_write+0x3b/0x180
[   47.537029][ T1008]  kernfs_fop_write+0x276/0x410
[   47.537548][ T1008]  ? __sb_start_write+0x215/0x2e0
[   47.538110][ T1008]  vfs_write+0x197/0x4a0
[ ... ]

Fixes: f9d9db47d3ba ("netdevsim: add bus attributes to add new and delete devices")
Fixes: 794b2c05ca1c ("netdevsim: extend device attrs to support port addition and deletion")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/netdevsim/bus.c       |   43 +++++++++++++++++++++++++++++++++++---
 drivers/net/netdevsim/netdevsim.h |    1 
 2 files changed, 41 insertions(+), 3 deletions(-)

--- a/drivers/net/netdevsim/bus.c
+++ b/drivers/net/netdevsim/bus.c
@@ -17,6 +17,7 @@
 static DEFINE_IDA(nsim_bus_dev_ids);
 static LIST_HEAD(nsim_bus_dev_list);
 static DEFINE_MUTEX(nsim_bus_dev_list_lock);
+static bool nsim_bus_enable;
 
 static struct nsim_bus_dev *to_nsim_bus_dev(struct device *dev)
 {
@@ -99,6 +100,9 @@ new_port_store(struct device *dev, struc
 	unsigned int port_index;
 	int ret;
 
+	/* Prevent to use nsim_bus_dev before initialization. */
+	if (!smp_load_acquire(&nsim_bus_dev->init))
+		return -EBUSY;
 	ret = kstrtouint(buf, 0, &port_index);
 	if (ret)
 		return ret;
@@ -116,6 +120,9 @@ del_port_store(struct device *dev, struc
 	unsigned int port_index;
 	int ret;
 
+	/* Prevent to use nsim_bus_dev before initialization. */
+	if (!smp_load_acquire(&nsim_bus_dev->init))
+		return -EBUSY;
 	ret = kstrtouint(buf, 0, &port_index);
 	if (ret)
 		return ret;
@@ -179,15 +186,30 @@ new_device_store(struct bus_type *bus, c
 		pr_err("Format for adding new device is \"id port_count\" (uint uint).\n");
 		return -EINVAL;
 	}
-	nsim_bus_dev = nsim_bus_dev_new(id, port_count);
-	if (IS_ERR(nsim_bus_dev))
-		return PTR_ERR(nsim_bus_dev);
 
 	mutex_lock(&nsim_bus_dev_list_lock);
+	/* Prevent to use resource before initialization. */
+	if (!smp_load_acquire(&nsim_bus_enable)) {
+		err = -EBUSY;
+		goto err;
+	}
+
+	nsim_bus_dev = nsim_bus_dev_new(id, port_count);
+	if (IS_ERR(nsim_bus_dev)) {
+		err = PTR_ERR(nsim_bus_dev);
+		goto err;
+	}
+
+	/* Allow using nsim_bus_dev */
+	smp_store_release(&nsim_bus_dev->init, true);
+
 	list_add_tail(&nsim_bus_dev->list, &nsim_bus_dev_list);
 	mutex_unlock(&nsim_bus_dev_list_lock);
 
 	return count;
+err:
+	mutex_unlock(&nsim_bus_dev_list_lock);
+	return err;
 }
 static BUS_ATTR_WO(new_device);
 
@@ -215,6 +237,11 @@ del_device_store(struct bus_type *bus, c
 
 	err = -ENOENT;
 	mutex_lock(&nsim_bus_dev_list_lock);
+	/* Prevent to use resource before initialization. */
+	if (!smp_load_acquire(&nsim_bus_enable)) {
+		mutex_unlock(&nsim_bus_dev_list_lock);
+		return -EBUSY;
+	}
 	list_for_each_entry_safe(nsim_bus_dev, tmp, &nsim_bus_dev_list, list) {
 		if (nsim_bus_dev->dev.id != id)
 			continue;
@@ -284,6 +311,8 @@ nsim_bus_dev_new(unsigned int id, unsign
 	nsim_bus_dev->dev.type = &nsim_bus_dev_type;
 	nsim_bus_dev->port_count = port_count;
 	nsim_bus_dev->initial_net = current->nsproxy->net_ns;
+	/* Disallow using nsim_bus_dev */
+	smp_store_release(&nsim_bus_dev->init, false);
 
 	err = device_register(&nsim_bus_dev->dev);
 	if (err)
@@ -299,6 +328,8 @@ err_nsim_bus_dev_free:
 
 static void nsim_bus_dev_del(struct nsim_bus_dev *nsim_bus_dev)
 {
+	/* Disallow using nsim_bus_dev */
+	smp_store_release(&nsim_bus_dev->init, false);
 	device_unregister(&nsim_bus_dev->dev);
 	ida_free(&nsim_bus_dev_ids, nsim_bus_dev->dev.id);
 	kfree(nsim_bus_dev);
@@ -320,6 +351,8 @@ int nsim_bus_init(void)
 	err = driver_register(&nsim_driver);
 	if (err)
 		goto err_bus_unregister;
+	/* Allow using resources */
+	smp_store_release(&nsim_bus_enable, true);
 	return 0;
 
 err_bus_unregister:
@@ -331,12 +364,16 @@ void nsim_bus_exit(void)
 {
 	struct nsim_bus_dev *nsim_bus_dev, *tmp;
 
+	/* Disallow using resources */
+	smp_store_release(&nsim_bus_enable, false);
+
 	mutex_lock(&nsim_bus_dev_list_lock);
 	list_for_each_entry_safe(nsim_bus_dev, tmp, &nsim_bus_dev_list, list) {
 		list_del(&nsim_bus_dev->list);
 		nsim_bus_dev_del(nsim_bus_dev);
 	}
 	mutex_unlock(&nsim_bus_dev_list_lock);
+
 	driver_unregister(&nsim_driver);
 	bus_unregister(&nsim_bus);
 }
--- a/drivers/net/netdevsim/netdevsim.h
+++ b/drivers/net/netdevsim/netdevsim.h
@@ -240,6 +240,7 @@ struct nsim_bus_dev {
 				  */
 	unsigned int num_vfs;
 	struct nsim_vf_config *vfconfigs;
+	bool init;
 };
 
 int nsim_bus_init(void);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 044/120] netdevsim: disable devlink reload when resources are being used
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (42 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 043/120] netdevsim: fix using uninitialized resources Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 045/120] netdevsim: fix panic in nsim_dev_take_snapshot_write() Greg Kroah-Hartman
                   ` (80 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Jakub Kicinski

From: Taehee Yoo <ap420073@gmail.com>

commit 6ab63366e1ec4ec1900f253aa64727b4b5f4ee73 upstream.

devlink reload destroys resources and allocates resources again.
So, when devices and ports resources are being used, devlink reload
function should not be executed. In order to avoid this race, a new
lock is added and new_port() and del_port() call devlink_reload_disable()
and devlink_reload_enable().

Thread0                      Thread1
{new/del}_port()             {new/del}_port()
devlink_reload_disable()
                             devlink_reload_disable()
devlink_reload_enable()
                             //here
                             devlink_reload_enable()

Before Thread1's devlink_reload_enable(), the devlink is already allowed
to execute reload because Thread0 allows it. devlink reload disable/enable
variable type is bool. So the above case would exist.
So, disable/enable should be executed atomically.
In order to do that, a new lock is used.

Test commands:
    modprobe netdevsim
    echo 1 > /sys/bus/netdevsim/new_device
    while :
    do
        echo 1 > /sys/devices/netdevsim1/new_port &
        echo 1 > /sys/devices/netdevsim1/del_port &
        devlink dev reload netdevsim/netdevsim1 &
    done

Splat looks like:
[   23.342145][  T932] DEBUG_LOCKS_WARN_ON(mutex_is_locked(lock))
[   23.342159][  T932] WARNING: CPU: 0 PID: 932 at kernel/locking/mutex-debug.c:103 mutex_destroy+0xc7/0xf0
[   23.344182][  T932] Modules linked in: netdevsim openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_dx
[   23.346485][  T932] CPU: 0 PID: 932 Comm: devlink Not tainted 5.5.0+ #322
[   23.347696][  T932] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[   23.348893][  T932] RIP: 0010:mutex_destroy+0xc7/0xf0
[   23.349505][  T932] Code: e0 07 83 c0 03 38 d0 7c 04 84 d2 75 2e 8b 05 00 ac b0 02 85 c0 75 8b 48 c7 c6 00 5e 07 96 40
[   23.351887][  T932] RSP: 0018:ffff88806208f810 EFLAGS: 00010286
[   23.353963][  T932] RAX: dffffc0000000008 RBX: ffff888067f6f2c0 RCX: ffffffff942c4bd4
[   23.355222][  T932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff96dac5b4
[   23.356169][  T932] RBP: ffff888067f6f000 R08: fffffbfff2d235a5 R09: fffffbfff2d235a5
[   23.357160][  T932] R10: 0000000000000001 R11: fffffbfff2d235a4 R12: ffff888067f6f208
[   23.358288][  T932] R13: ffff88806208fa70 R14: ffff888067f6f000 R15: ffff888069ce3800
[   23.359307][  T932] FS:  00007fe2a3876740(0000) GS:ffff88806c000000(0000) knlGS:0000000000000000
[   23.360473][  T932] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.361319][  T932] CR2: 00005561357aa000 CR3: 000000005227a006 CR4: 00000000000606f0
[   23.362323][  T932] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.363417][  T932] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.364414][  T932] Call Trace:
[   23.364828][  T932]  nsim_dev_reload_destroy+0x77/0xb0 [netdevsim]
[   23.365655][  T932]  nsim_dev_reload_down+0x84/0xb0 [netdevsim]
[   23.366433][  T932]  devlink_reload+0xb1/0x350
[   23.367010][  T932]  genl_rcv_msg+0x580/0xe90

[ ...]

[   23.531729][ T1305] kernel BUG at lib/list_debug.c:53!
[   23.532523][ T1305] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
[   23.533467][ T1305] CPU: 2 PID: 1305 Comm: bash Tainted: G        W         5.5.0+ #322
[   23.534962][ T1305] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[   23.536503][ T1305] RIP: 0010:__list_del_entry_valid+0xe6/0x150
[   23.538346][ T1305] Code: 89 ea 48 c7 c7 00 73 1e 96 e8 df f7 4c ff 0f 0b 48 c7 c7 60 73 1e 96 e8 d1 f7 4c ff 0f 0b 44
[   23.541068][ T1305] RSP: 0018:ffff888047c27b58 EFLAGS: 00010282
[   23.542001][ T1305] RAX: 0000000000000054 RBX: ffff888067f6f318 RCX: 0000000000000000
[   23.543051][ T1305] RDX: 0000000000000054 RSI: 0000000000000008 RDI: ffffed1008f84f61
[   23.544072][ T1305] RBP: ffff88804aa0fca0 R08: ffffed100d940539 R09: ffffed100d940539
[   23.545085][ T1305] R10: 0000000000000001 R11: ffffed100d940538 R12: ffff888047c27cb0
[   23.546422][ T1305] R13: ffff88806208b840 R14: ffffffff981976c0 R15: ffff888067f6f2c0
[   23.547406][ T1305] FS:  00007f76c0431740(0000) GS:ffff88806c800000(0000) knlGS:0000000000000000
[   23.548527][ T1305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.549389][ T1305] CR2: 00007f5048f1a2f8 CR3: 000000004b310006 CR4: 00000000000606e0
[   23.550636][ T1305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.551578][ T1305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.552597][ T1305] Call Trace:
[   23.553004][ T1305]  mutex_remove_waiter+0x101/0x520
[   23.553646][ T1305]  __mutex_lock+0xac7/0x14b0
[   23.554218][ T1305]  ? nsim_dev_port_del+0x4e/0x140 [netdevsim]
[   23.554908][ T1305]  ? mutex_lock_io_nested+0x1380/0x1380
[   23.555570][ T1305]  ? _parse_integer+0xf0/0xf0
[   23.556043][ T1305]  ? kstrtouint+0x86/0x110
[   23.556504][ T1305]  ? nsim_dev_port_del+0x4e/0x140 [netdevsim]
[   23.557133][ T1305]  nsim_dev_port_del+0x4e/0x140 [netdevsim]
[   23.558024][ T1305]  del_port_store+0xcc/0xf0 [netdevsim]
[ ... ]

Fixes: 75ba029f3c07 ("netdevsim: implement proper devlink reload")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/netdevsim/bus.c       |   19 +++++++++++++++++++
 drivers/net/netdevsim/netdevsim.h |    2 ++
 2 files changed, 21 insertions(+)

--- a/drivers/net/netdevsim/bus.c
+++ b/drivers/net/netdevsim/bus.c
@@ -97,6 +97,8 @@ new_port_store(struct device *dev, struc
 	       const char *buf, size_t count)
 {
 	struct nsim_bus_dev *nsim_bus_dev = to_nsim_bus_dev(dev);
+	struct nsim_dev *nsim_dev = dev_get_drvdata(dev);
+	struct devlink *devlink;
 	unsigned int port_index;
 	int ret;
 
@@ -106,7 +108,14 @@ new_port_store(struct device *dev, struc
 	ret = kstrtouint(buf, 0, &port_index);
 	if (ret)
 		return ret;
+
+	devlink = priv_to_devlink(nsim_dev);
+
+	mutex_lock(&nsim_bus_dev->nsim_bus_reload_lock);
+	devlink_reload_disable(devlink);
 	ret = nsim_dev_port_add(nsim_bus_dev, port_index);
+	devlink_reload_enable(devlink);
+	mutex_unlock(&nsim_bus_dev->nsim_bus_reload_lock);
 	return ret ? ret : count;
 }
 
@@ -117,6 +126,8 @@ del_port_store(struct device *dev, struc
 	       const char *buf, size_t count)
 {
 	struct nsim_bus_dev *nsim_bus_dev = to_nsim_bus_dev(dev);
+	struct nsim_dev *nsim_dev = dev_get_drvdata(dev);
+	struct devlink *devlink;
 	unsigned int port_index;
 	int ret;
 
@@ -126,7 +137,14 @@ del_port_store(struct device *dev, struc
 	ret = kstrtouint(buf, 0, &port_index);
 	if (ret)
 		return ret;
+
+	devlink = priv_to_devlink(nsim_dev);
+
+	mutex_lock(&nsim_bus_dev->nsim_bus_reload_lock);
+	devlink_reload_disable(devlink);
 	ret = nsim_dev_port_del(nsim_bus_dev, port_index);
+	devlink_reload_enable(devlink);
+	mutex_unlock(&nsim_bus_dev->nsim_bus_reload_lock);
 	return ret ? ret : count;
 }
 
@@ -311,6 +329,7 @@ nsim_bus_dev_new(unsigned int id, unsign
 	nsim_bus_dev->dev.type = &nsim_bus_dev_type;
 	nsim_bus_dev->port_count = port_count;
 	nsim_bus_dev->initial_net = current->nsproxy->net_ns;
+	mutex_init(&nsim_bus_dev->nsim_bus_reload_lock);
 	/* Disallow using nsim_bus_dev */
 	smp_store_release(&nsim_bus_dev->init, false);
 
--- a/drivers/net/netdevsim/netdevsim.h
+++ b/drivers/net/netdevsim/netdevsim.h
@@ -240,6 +240,8 @@ struct nsim_bus_dev {
 				  */
 	unsigned int num_vfs;
 	struct nsim_vf_config *vfconfigs;
+	/* Lock for devlink->reload_enabled in netdevsim module */
+	struct mutex nsim_bus_reload_lock;
 	bool init;
 };
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 045/120] netdevsim: fix panic in nsim_dev_take_snapshot_write()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (43 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 044/120] netdevsim: disable devlink reload when resources are being used Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 046/120] netdevsim: use __GFP_NOWARN to avoid memalloc warning Greg Kroah-Hartman
                   ` (79 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Jakub Kicinski

From: Taehee Yoo <ap420073@gmail.com>

commit 8526ad9646b17c59b6d430d8baa8f152a14fe177 upstream.

nsim_dev_take_snapshot_write() uses nsim_dev and nsim_dev->dummy_region.
So, during this function, these data shouldn't be removed.
But there is no protecting stuff in this function.

There are two similar cases.
1. reload case
reload could be called during nsim_dev_take_snapshot_write().
When reload is being executed, nsim_dev_reload_down() is called and it
calls nsim_dev_reload_destroy(). nsim_dev_reload_destroy() calls
devlink_region_destroy() to destroy nsim_dev->dummy_region.
So, during nsim_dev_take_snapshot_write(), nsim_dev->dummy_region()
would be removed.
At this point, snapshot_write() would access freed pointer.
In order to fix this case, take_snapshot file will be removed before
devlink_region_destroy().
The take_snapshot file will be re-created by ->reload_up().

2. del_device_store case
del_device_store() also could call nsim_dev_reload_destroy()
during nsim_dev_take_snapshot_write(). If so, panic would occur.
This problem is actually the same problem with the first case.
So, this problem will be fixed by the first case's solution.

Test commands:
    modprobe netdevsim
    while :
    do
        echo 1 > /sys/bus/netdevsim/new_device &
        echo 1 > /sys/bus/netdevsim/del_device &
	devlink dev reload netdevsim/netdevsim1 &
	echo 1 > /sys/kernel/debug/netdevsim/netdevsim1/take_snapshot &
    done

Splat looks like:
[   45.564513][  T975] general protection fault, probably for non-canonical address 0xdffffc000000003a: 0000 [#1] SMP DEI
[   45.566131][  T975] KASAN: null-ptr-deref in range [0x00000000000001d0-0x00000000000001d7]
[   45.566135][  T975] CPU: 1 PID: 975 Comm: bash Not tainted 5.5.0+ #322
[   45.569020][  T975] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[   45.569026][  T975] RIP: 0010:__mutex_lock+0x10a/0x14b0
[   45.570518][  T975] Code: 08 84 d2 0f 85 7f 12 00 00 44 8b 0d 10 23 65 02 45 85 c9 75 29 49 8d 7f 68 48 b8 00 00 00 0f
[   45.570522][  T975] RSP: 0018:ffff888046ccfbf0 EFLAGS: 00010206
[   45.572305][  T975] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   45.572308][  T975] RDX: 000000000000003a RSI: ffffffffac926440 RDI: 00000000000001d0
[   45.576843][  T975] RBP: ffff888046ccfd70 R08: ffffffffab610645 R09: 0000000000000000
[   45.576847][  T975] R10: ffff888046ccfd90 R11: ffffed100d6360ad R12: 0000000000000000
[   45.578471][  T975] R13: dffffc0000000000 R14: ffffffffae1976c0 R15: 0000000000000168
[   45.578475][  T975] FS:  00007f614d6e7740(0000) GS:ffff88806c400000(0000) knlGS:0000000000000000
[   45.581492][  T975] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.582942][  T975] CR2: 00005618677d1cf0 CR3: 000000005fb9c002 CR4: 00000000000606e0
[   45.584543][  T975] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.586633][  T975] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   45.589889][  T975] Call Trace:
[   45.591445][  T975]  ? devlink_region_snapshot_create+0x55/0x4a0
[   45.601250][  T975]  ? mutex_lock_io_nested+0x1380/0x1380
[   45.602817][  T975]  ? mutex_lock_io_nested+0x1380/0x1380
[   45.603875][  T975]  ? mark_held_locks+0xa5/0xe0
[   45.604769][  T975]  ? _raw_spin_unlock_irqrestore+0x2d/0x50
[   45.606147][  T975]  ? __mutex_unlock_slowpath+0xd0/0x670
[   45.607723][  T975]  ? crng_backtrack_protect+0x80/0x80
[   45.613530][  T975]  ? wait_for_completion+0x390/0x390
[   45.615152][  T975]  ? devlink_region_snapshot_create+0x55/0x4a0
[   45.616834][  T975]  devlink_region_snapshot_create+0x55/0x4a0
[ ... ]

Fixes: 4418f862d675 ("netdevsim: implement support for devlink region and snapshots")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/netdevsim/dev.c       |   13 +++++++++++--
 drivers/net/netdevsim/netdevsim.h |    1 +
 2 files changed, 12 insertions(+), 2 deletions(-)

--- a/drivers/net/netdevsim/dev.c
+++ b/drivers/net/netdevsim/dev.c
@@ -88,8 +88,11 @@ static int nsim_dev_debugfs_init(struct
 			   &nsim_dev->max_macs);
 	debugfs_create_bool("test1", 0600, nsim_dev->ddir,
 			    &nsim_dev->test1);
-	debugfs_create_file("take_snapshot", 0200, nsim_dev->ddir, nsim_dev,
-			    &nsim_dev_take_snapshot_fops);
+	nsim_dev->take_snapshot = debugfs_create_file("take_snapshot",
+						      0200,
+						      nsim_dev->ddir,
+						      nsim_dev,
+						&nsim_dev_take_snapshot_fops);
 	debugfs_create_bool("dont_allow_reload", 0600, nsim_dev->ddir,
 			    &nsim_dev->dont_allow_reload);
 	debugfs_create_bool("fail_reload", 0600, nsim_dev->ddir,
@@ -740,6 +743,11 @@ static int nsim_dev_reload_create(struct
 	if (err)
 		goto err_health_exit;
 
+	nsim_dev->take_snapshot = debugfs_create_file("take_snapshot",
+						      0200,
+						      nsim_dev->ddir,
+						      nsim_dev,
+						&nsim_dev_take_snapshot_fops);
 	return 0;
 
 err_health_exit:
@@ -853,6 +861,7 @@ static void nsim_dev_reload_destroy(stru
 
 	if (devlink_is_reload_failed(devlink))
 		return;
+	debugfs_remove(nsim_dev->take_snapshot);
 	nsim_dev_port_del_all(nsim_dev);
 	nsim_dev_health_exit(nsim_dev);
 	nsim_dev_traps_exit(devlink);
--- a/drivers/net/netdevsim/netdevsim.h
+++ b/drivers/net/netdevsim/netdevsim.h
@@ -160,6 +160,7 @@ struct nsim_dev {
 	struct nsim_trap_data *trap_data;
 	struct dentry *ddir;
 	struct dentry *ports_ddir;
+	struct dentry *take_snapshot;
 	struct bpf_offload_dev *bpf_dev;
 	bool bpf_bind_accept;
 	u32 bpf_bind_verifier_delay;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 046/120] netdevsim: use __GFP_NOWARN to avoid memalloc warning
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (44 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 045/120] netdevsim: fix panic in nsim_dev_take_snapshot_write() Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 047/120] rtc: mt6397: drop free_irq of devm_ allocated irq Greg Kroah-Hartman
                   ` (78 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, Taehee Yoo

From: Taehee Yoo <ap420073@gmail.com>

commit 83cf4213bafc4e3c747f0a25ad22cfbf55af7e84 upstream.

vfnum buffer size and binary_len buffer size is received by user-space.
So, this buffer size could be too large. If so, kmalloc will internally
print a warning message.
This warning message is actually not necessary for the netdevsim module.
So, this patch adds __GFP_NOWARN.

Test commands:
    modprobe netdevsim
    echo 1 > /sys/bus/netdevsim/new_device
    echo 1000000000 > /sys/devices/netdevsim1/sriov_numvfs

Splat looks like:
[  357.847266][ T1000] WARNING: CPU: 0 PID: 1000 at mm/page_alloc.c:4738 __alloc_pages_nodemask+0x2f3/0x740
[  357.850273][ T1000] Modules linked in: netdevsim veth openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrx
[  357.852989][ T1000] CPU: 0 PID: 1000 Comm: bash Tainted: G    B             5.5.0-rc5+ #270
[  357.854334][ T1000] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[  357.855703][ T1000] RIP: 0010:__alloc_pages_nodemask+0x2f3/0x740
[  357.856669][ T1000] Code: 64 fe ff ff 65 48 8b 04 25 c0 0f 02 00 48 05 f0 12 00 00 41 be 01 00 00 00 49 89 47 0
[  357.860272][ T1000] RSP: 0018:ffff8880b7f47bd8 EFLAGS: 00010246
[  357.861009][ T1000] RAX: ffffed1016fe8f80 RBX: 1ffff11016fe8fae RCX: 0000000000000000
[  357.861843][ T1000] RDX: 0000000000000000 RSI: 0000000000000017 RDI: 0000000000000000
[  357.862661][ T1000] RBP: 0000000000040dc0 R08: 1ffff11016fe8f67 R09: dffffc0000000000
[  357.863509][ T1000] R10: ffff8880b7f47d68 R11: fffffbfff2798180 R12: 1ffff11016fe8f80
[  357.864355][ T1000] R13: 0000000000000017 R14: 0000000000000017 R15: ffff8880c2038d68
[  357.865178][ T1000] FS:  00007fd9a5b8c740(0000) GS:ffff8880d9c00000(0000) knlGS:0000000000000000
[  357.866248][ T1000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  357.867531][ T1000] CR2: 000055ce01ba8100 CR3: 00000000b7dbe005 CR4: 00000000000606f0
[  357.868972][ T1000] Call Trace:
[  357.869423][ T1000]  ? lock_contended+0xcd0/0xcd0
[  357.870001][ T1000]  ? __alloc_pages_slowpath+0x21d0/0x21d0
[  357.870673][ T1000]  ? _kstrtoull+0x76/0x160
[  357.871148][ T1000]  ? alloc_pages_current+0xc1/0x1a0
[  357.871704][ T1000]  kmalloc_order+0x22/0x80
[  357.872184][ T1000]  kmalloc_order_trace+0x1d/0x140
[  357.872733][ T1000]  __kmalloc+0x302/0x3a0
[  357.873204][ T1000]  nsim_bus_dev_numvfs_store+0x1ab/0x260 [netdevsim]
[  357.873919][ T1000]  ? kernfs_get_active+0x12c/0x180
[  357.874459][ T1000]  ? new_device_store+0x450/0x450 [netdevsim]
[  357.875111][ T1000]  ? kernfs_get_parent+0x70/0x70
[  357.875632][ T1000]  ? sysfs_file_ops+0x160/0x160
[  357.876152][ T1000]  kernfs_fop_write+0x276/0x410
[  357.876680][ T1000]  ? __sb_start_write+0x1ba/0x2e0
[  357.877225][ T1000]  vfs_write+0x197/0x4a0
[  357.877671][ T1000]  ksys_write+0x141/0x1d0
[ ... ]

Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Fixes: 79579220566c ("netdevsim: add SR-IOV functionality")
Fixes: 82c93a87bf8b ("netdevsim: implement couple of testing devlink health reporters")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/netdevsim/bus.c    |    2 +-
 drivers/net/netdevsim/health.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/net/netdevsim/bus.c
+++ b/drivers/net/netdevsim/bus.c
@@ -29,7 +29,7 @@ static int nsim_bus_dev_vfs_enable(struc
 {
 	nsim_bus_dev->vfconfigs = kcalloc(num_vfs,
 					  sizeof(struct nsim_vf_config),
-					  GFP_KERNEL);
+					  GFP_KERNEL | __GFP_NOWARN);
 	if (!nsim_bus_dev->vfconfigs)
 		return -ENOMEM;
 	nsim_bus_dev->num_vfs = num_vfs;
--- a/drivers/net/netdevsim/health.c
+++ b/drivers/net/netdevsim/health.c
@@ -82,7 +82,7 @@ static int nsim_dev_dummy_fmsg_put(struc
 	if (err)
 		return err;
 
-	binary = kmalloc(binary_len, GFP_KERNEL);
+	binary = kmalloc(binary_len, GFP_KERNEL | __GFP_NOWARN);
 	if (!binary)
 		return -ENOMEM;
 	get_random_bytes(binary, binary_len);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 047/120] rtc: mt6397: drop free_irq of devm_ allocated irq
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (45 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 046/120] netdevsim: use __GFP_NOWARN to avoid memalloc warning Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 048/120] rtc: hym8563: Return -EINVAL if the time is known to be invalid Greg Kroah-Hartman
                   ` (77 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wei Yongjun, Alexandre Belloni

From: Wei Yongjun <weiyongjun1@huawei.com>

commit 751438bc0f10f75633144acd6ff145f7260706d5 upstream.

The devm_request_threaded_irq function allocates irq that is
released when a driver detaches. Thus, there is no reason to
explicitly call free_irq in probe function.

Fixes: 851b87148aa2 ("rtc: mt6397: improvements of rtc driver")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20191113021720.9527-1-weiyongjun1@huawei.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/rtc/rtc-mt6397.c |   10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

--- a/drivers/rtc/rtc-mt6397.c
+++ b/drivers/rtc/rtc-mt6397.c
@@ -297,15 +297,7 @@ static int mtk_rtc_probe(struct platform
 
 	rtc->rtc_dev->ops = &mtk_rtc_ops;
 
-	ret = rtc_register_device(rtc->rtc_dev);
-	if (ret)
-		goto out_free_irq;
-
-	return 0;
-
-out_free_irq:
-	free_irq(rtc->irq, rtc);
-	return ret;
+	return rtc_register_device(rtc->rtc_dev);
 }
 
 #ifdef CONFIG_PM_SLEEP



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 048/120] rtc: hym8563: Return -EINVAL if the time is known to be invalid
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (46 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 047/120] rtc: mt6397: drop free_irq of devm_ allocated irq Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 049/120] rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed Greg Kroah-Hartman
                   ` (76 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paul Kocialkowski, Alexandre Belloni

From: Paul Kocialkowski <paul.kocialkowski@bootlin.com>

commit f236a2a2ebabad0848ad0995af7ad1dc7029e895 upstream.

The current code returns -EPERM when the voltage loss bit is set.
Since the bit indicates that the time value is not valid, return
-EINVAL instead, which is the appropriate error code for this
situation.

Fixes: dcaf03849352 ("rtc: add hym8563 rtc-driver")
Signed-off-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Link: https://lore.kernel.org/r/20191212153111.966923-1-paul.kocialkowski@bootlin.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/rtc/rtc-hym8563.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/rtc/rtc-hym8563.c
+++ b/drivers/rtc/rtc-hym8563.c
@@ -97,7 +97,7 @@ static int hym8563_rtc_read_time(struct
 
 	if (!hym8563->valid) {
 		dev_warn(&client->dev, "no valid clock/calendar values available\n");
-		return -EPERM;
+		return -EINVAL;
 	}
 
 	ret = i2c_smbus_read_i2c_block_data(client, HYM8563_SEC, 7, buf);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 049/120] rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (47 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 048/120] rtc: hym8563: Return -EINVAL if the time is known to be invalid Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 050/120] rtc: cmos: Stop using shared IRQ Greg Kroah-Hartman
                   ` (75 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven,
	kbuild test robot, Alexandre Belloni

From: Geert Uytterhoeven <geert@linux-m68k.org>

commit 34719de919af07682861cb0fa2bcf64da33ecf44 upstream.

Merely enabling I2C and RTC selects REGMAP_I2C and REGMAP_SPI, even when
no driver needs it.  While the former can be moduler, the latter cannot,
and thus becomes built-in.

Fix this by moving the select statements for REGMAP_I2C and REGMAP_SPI
from the RTC_I2C_AND_SPI helper to the individual drivers that depend on
it.

Note that the comment for RTC_I2C_AND_SPI refers to SND_SOC_I2C_AND_SPI
for more information, but the latter does not select REGMAP_{I2C,SPI}
itself, and defers that to the individual drivers, too.

Fixes: 080481f54ef62121 ("rtc: merge ds3232 and ds3234")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: kbuild test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20200112171349.22268-1-geert@linux-m68k.org
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/rtc/Kconfig |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/drivers/rtc/Kconfig
+++ b/drivers/rtc/Kconfig
@@ -848,14 +848,14 @@ config RTC_I2C_AND_SPI
 	default m if I2C=m
 	default y if I2C=y
 	default y if SPI_MASTER=y
-	select REGMAP_I2C if I2C
-	select REGMAP_SPI if SPI_MASTER
 
 comment "SPI and I2C RTC drivers"
 
 config RTC_DRV_DS3232
 	tristate "Dallas/Maxim DS3232/DS3234"
 	depends on RTC_I2C_AND_SPI
+	select REGMAP_I2C if I2C
+	select REGMAP_SPI if SPI_MASTER
 	help
 	  If you say yes here you get support for Dallas Semiconductor
 	  DS3232 and DS3234 real-time clock chips. If an interrupt is associated
@@ -875,6 +875,8 @@ config RTC_DRV_DS3232_HWMON
 config RTC_DRV_PCF2127
 	tristate "NXP PCF2127"
 	depends on RTC_I2C_AND_SPI
+	select REGMAP_I2C if I2C
+	select REGMAP_SPI if SPI_MASTER
 	select WATCHDOG_CORE if WATCHDOG
 	help
 	  If you say yes here you get support for the NXP PCF2127/29 RTC
@@ -891,6 +893,8 @@ config RTC_DRV_PCF2127
 config RTC_DRV_RV3029C2
 	tristate "Micro Crystal RV3029/3049"
 	depends on RTC_I2C_AND_SPI
+	select REGMAP_I2C if I2C
+	select REGMAP_SPI if SPI_MASTER
 	help
 	  If you say yes here you get support for the Micro Crystal
 	  RV3029 and RV3049 RTC chips.



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 050/120] rtc: cmos: Stop using shared IRQ
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (48 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 049/120] rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 051/120] watchdog: qcom: Use platform_get_irq_optional() for bark irq Greg Kroah-Hartman
                   ` (74 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Guilherme G. Piccoli, Hans de Goede,
	Andy Shevchenko, Alexandre Belloni

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

commit b6da197a2e9670df6f07e6698629e9ce95ab614e upstream.

As reported by Guilherme G. Piccoli:

---8<---8<---8<---

The rtc-cmos interrupt setting was changed in the commit 079062b28fb4
("rtc: cmos: prevent kernel warning on IRQ flags mismatch") in order
to allow shared interrupts; according to that commit's description,
some machine got kernel warnings due to the interrupt line being shared
between rtc-cmos and other hardware, and rtc-cmos didn't allow IRQ sharing
that time.

After the aforementioned commit though it was observed a huge increase
in lost HPET interrupts in some systems, observed through the following
kernel message:

[...] hpet1: lost 35 rtc interrupts

After investigation, it was narrowed down to the shared interrupts
usage when having the kernel option "irqpoll" enabled. In this case,
all IRQ handlers are called for non-timer interrupts, if such handlers
are setup in shared IRQ lines. The rtc-cmos IRQ handler could be set to
hpet_rtc_interrupt(), which will produce the kernel "lost interrupts"
message after doing work - lots of readl/writel to HPET registers, which
are known to be slow.

Although "irqpoll" is not a default kernel option, it's used in some contexts,
one being the kdump kernel (which is an already "impaired" kernel usually
running with 1 CPU available), so the performance burden could be considerable.
Also, the same issue would happen (in a shorter extent though) when using
"irqfixup" kernel option.

In a quick experiment, a virtual machine with uptime of 2 minutes produced
>300 calls to hpet_rtc_interrupt() when "irqpoll" was set, whereas without
sharing interrupts this number reduced to 1 interrupt. Machines with more
hardware than a VM should generate even more unnecessary HPET interrupts
in this scenario.

---8<---8<---8<---

After looking into the rtc-cmos driver history and DSDT table from
the Microsoft Surface 3, we may notice that Hans de Goede submitted
a correct fix (see dependency below). Thus, we simply revert
the culprit commit.

Fixes: 079062b28fb4 ("rtc: cmos: prevent kernel warning on IRQ flags mismatch")
Depends-on: a1e23a42f1bd ("rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs")
Reported-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20200123131437.28157-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/rtc/rtc-cmos.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -850,7 +850,7 @@ cmos_do_probe(struct device *dev, struct
 			rtc_cmos_int_handler = cmos_interrupt;
 
 		retval = request_irq(rtc_irq, rtc_cmos_int_handler,
-				IRQF_SHARED, dev_name(&cmos_rtc.rtc->dev),
+				0, dev_name(&cmos_rtc.rtc->dev),
 				cmos_rtc.rtc);
 		if (retval < 0) {
 			dev_dbg(dev, "IRQ %d is already in use\n", rtc_irq);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 051/120] watchdog: qcom: Use platform_get_irq_optional() for bark irq
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (49 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 050/120] rtc: cmos: Stop using shared IRQ Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 052/120] MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init() Greg Kroah-Hartman
                   ` (73 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sai Prakash Ranjan, Bjorn Andersson,
	Guenter Roeck, Stephen Boyd, Wim Van Sebroeck

From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>

commit e0b4f4e0cf7fa9d62628d4249c765ec18dffd143 upstream.

platform_get_irq() prints an error message when the interrupt
is not available. So on platforms where bark interrupt is
not specified, following error message is observed on SDM845.

[    2.975888] qcom_wdt 17980000.watchdog: IRQ index 0 not found

This is also seen on SC7180, SM8150 SoCs as well.
Fix this by using platform_get_irq_optional() instead.

Fixes: 36375491a4395654 ("watchdog: qcom: support pre-timeout when the bark irq is available")
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Link: https://lore.kernel.org/r/20191213064934.4112-1-saiprakash.ranjan@codeaurora.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/watchdog/qcom-wdt.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/watchdog/qcom-wdt.c
+++ b/drivers/watchdog/qcom-wdt.c
@@ -246,7 +246,7 @@ static int qcom_wdt_probe(struct platfor
 	}
 
 	/* check if there is pretimeout support */
-	irq = platform_get_irq(pdev, 0);
+	irq = platform_get_irq_optional(pdev, 0);
 	if (irq > 0) {
 		ret = devm_request_irq(dev, irq, qcom_wdt_isr,
 				       IRQF_TRIGGER_RISING,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 052/120] MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (50 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 051/120] watchdog: qcom: Use platform_get_irq_optional() for bark irq Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 053/120] ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node Greg Kroah-Hartman
                   ` (72 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tiezhu Yang, Paul Burton,
	Ralf Baechle, Huacai Chen, Jiaxun Yang, linux-mips

From: Tiezhu Yang <yangtiezhu@loongson.cn>

commit 72d052e28d1d2363f9107be63ef3a3afdea6143c upstream.

If kzalloc fails, it should return -ENOMEM, otherwise may trigger a NULL
pointer dereference.

Fixes: 3adeb2566b9b ("MIPS: Loongson: Improve LEFI firmware interface")
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Paul Burton <paulburton@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Huacai Chen <chenhc@lemote.com>
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/loongson64/platform.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/arch/mips/loongson64/platform.c
+++ b/arch/mips/loongson64/platform.c
@@ -27,6 +27,9 @@ static int __init loongson3_platform_ini
 			continue;
 
 		pdev = kzalloc(sizeof(struct platform_device), GFP_KERNEL);
+		if (!pdev)
+			return -ENOMEM;
+
 		pdev->name = loongson_sysconf.sensors[i].name;
 		pdev->id = loongson_sysconf.sensors[i].id;
 		pdev->dev.platform_data = &loongson_sysconf.sensors[i];



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 053/120] ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (51 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 052/120] MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init() Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 054/120] platform/x86: intel_mid_powerbtn: Take a copy of ddata Greg Kroah-Hartman
                   ` (71 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexey Brodkin, Jose Abreu, Vineet Gupta

From: Jose Abreu <Jose.Abreu@synopsys.com>

commit 7980dff398f86a618f502378fa27cf7e77449afa upstream.

Add a missing property to GMAC node so that multicast filtering works
correctly.

Fixes: 556cc1c5f528 ("ARC: [axs101] Add support for AXS101 SDP (software development platform)")
Acked-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Jose Abreu <Jose.Abreu@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arc/boot/dts/axs10x_mb.dtsi |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arc/boot/dts/axs10x_mb.dtsi
+++ b/arch/arc/boot/dts/axs10x_mb.dtsi
@@ -78,6 +78,7 @@
 			interrupt-names = "macirq";
 			phy-mode = "rgmii";
 			snps,pbl = < 32 >;
+			snps,multicast-filter-bins = <256>;
 			clocks = <&apbclk>;
 			clock-names = "stmmaceth";
 			max-speed = <100>;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 054/120] platform/x86: intel_mid_powerbtn: Take a copy of ddata
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (52 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 053/120] ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 055/120] arm64: dts: qcom: msm8998: Fix tcsr syscon size Greg Kroah-Hartman
                   ` (70 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mika Westerberg, Andy Shevchenko

From: Mika Westerberg <mika.westerberg@linux.intel.com>

commit 5e0c94d3aeeecc68c573033f08d9678fecf253bd upstream.

The driver gets driver_data from memory that is marked as const (which
is probably put to read-only memory) and it then modifies it. This
likely causes some sort of fault to happen.

Fix this by taking a copy of the structure.

Fixes: c94a8ff14de3 ("platform/x86: intel_mid_powerbtn: make mid_pb_ddata const")
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/platform/x86/intel_mid_powerbtn.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/platform/x86/intel_mid_powerbtn.c
+++ b/drivers/platform/x86/intel_mid_powerbtn.c
@@ -146,9 +146,10 @@ static int mid_pb_probe(struct platform_
 
 	input_set_capability(input, EV_KEY, KEY_POWER);
 
-	ddata = (struct mid_pb_ddata *)id->driver_data;
+	ddata = devm_kmemdup(&pdev->dev, (void *)id->driver_data,
+			     sizeof(*ddata), GFP_KERNEL);
 	if (!ddata)
-		return -ENODATA;
+		return -ENOMEM;
 
 	ddata->dev = &pdev->dev;
 	ddata->irq = irq;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 055/120] arm64: dts: qcom: msm8998: Fix tcsr syscon size
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (53 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 054/120] platform/x86: intel_mid_powerbtn: Take a copy of ddata Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 056/120] arm64: dts: uDPU: fix broken ethernet Greg Kroah-Hartman
                   ` (69 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeffrey Hugo, Bjorn Andersson

From: Jeffrey Hugo <jeffrey.l.hugo@gmail.com>

commit 05caa5bf9cab9983dd7a50428c46b7e617ba20d6 upstream.

The tcsr syscon region is really 0x40000 in size.  We need access to the
full region so that we can access the axi resets when managing the
modem subsystem.

Fixes: c7833949564e ("arm64: dts: qcom: msm8998: Add smem related nodes")
Signed-off-by: Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
Link: https://lore.kernel.org/r/20191107045948.4341-1-jeffrey.l.hugo@gmail.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/boot/dts/qcom/msm8998.dtsi |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm64/boot/dts/qcom/msm8998.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi
@@ -987,7 +987,7 @@
 
 		tcsr_mutex_regs: syscon@1f40000 {
 			compatible = "syscon";
-			reg = <0x01f40000 0x20000>;
+			reg = <0x01f40000 0x40000>;
 		};
 
 		tlmm: pinctrl@3400000 {



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 056/120] arm64: dts: uDPU: fix broken ethernet
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (54 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 055/120] arm64: dts: qcom: msm8998: Fix tcsr syscon size Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 057/120] arm64: dts: qcom: msm8998-mtp: Add alias for blsp1_uart3 Greg Kroah-Hartman
                   ` (68 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Russell King, Gregory CLEMENT

From: Russell King <rmk+kernel@armlinux.org.uk>

commit 1eebac0240580b531954b02c05068051df41142a upstream.

The uDPU uses both ethernet controllers, which ties up COMPHY 0 for
eth1 and COMPHY 1 for eth0, with no USB3 comphy.  The addition of
COMPHY support made the kernel override the setup by the boot loader
breaking this platform by assuming that COMPHY 0 was always used for
USB3.  Delete the USB3 COMPHY definition at platform level, and add
phy specifications for the ethernet channels.

Fixes: bd3d25b07342 ("arm64: dts: marvell: armada-37xx: link USB hosts with their PHYs")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/boot/dts/marvell/armada-3720-uDPU.dts |    4 ++++
 1 file changed, 4 insertions(+)

--- a/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dts
+++ b/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dts
@@ -143,6 +143,7 @@
 	phy-mode = "sgmii";
 	status = "okay";
 	managed = "in-band-status";
+	phys = <&comphy1 0>;
 	sfp = <&sfp_eth0>;
 };
 
@@ -150,11 +151,14 @@
 	phy-mode = "sgmii";
 	status = "okay";
 	managed = "in-band-status";
+	phys = <&comphy0 1>;
 	sfp = <&sfp_eth1>;
 };
 
 &usb3 {
 	status = "okay";
+	phys = <&usb2_utmi_otg_phy>;
+	phy-names = "usb2-utmi-otg-phy";
 };
 
 &uart0 {



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 057/120] arm64: dts: qcom: msm8998-mtp: Add alias for blsp1_uart3
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (55 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 056/120] arm64: dts: uDPU: fix broken ethernet Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 058/120] ARM: dts: at91: Reenable UART TX pull-ups Greg Kroah-Hartman
                   ` (67 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjorn Andersson, Jeffrey Hugo

From: Bjorn Andersson <bjorn.andersson@linaro.org>

commit c9ec155b5962233aff3df65210bd6a4788dee21c upstream.

The msm_serial driver has a predefined set of uart ports defined, which
is allocated either by reading aliases or if no match is found a simple
counter, starting at index 0. But there's no logic in place to prevent
these two allocation mechanism from colliding. As a result either none
or all of the active msm_serial instances must be listed as aliases.

Define blsp1_uart3 as "serial1" to mitigate this problem.

Fixes: 4cffb9f2c700 ("arm64: dts: qcom: msm8998-mtp: Enable bluetooth")
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Jeffrey Hugo <jeffrey.l.hugo@gmail.com>
Link: https://lore.kernel.org/r/20191119011823.379100-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/boot/dts/qcom/msm8998-mtp.dtsi |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm64/boot/dts/qcom/msm8998-mtp.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8998-mtp.dtsi
@@ -9,6 +9,7 @@
 / {
 	aliases {
 		serial0 = &blsp2_uart1;
+		serial1 = &blsp1_uart3;
 	};
 
 	chosen {



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 058/120] ARM: dts: at91: Reenable UART TX pull-ups
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (56 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 057/120] arm64: dts: qcom: msm8998-mtp: Add alias for blsp1_uart3 Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 059/120] ARM: dts: am43xx: add support for clkout1 clock Greg Kroah-Hartman
                   ` (66 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ingo van Lil, Peter Rosin, Alexandre Belloni

From: Ingo van Lil <inguin@gmx.de>

commit 9d39d86cd4af2b17b970d63307daad71f563d207 upstream.

Pull-ups for SAM9 UART/USART TX lines were disabled in a previous
commit. However, several chips in the SAM9 family require pull-ups to
prevent the TX lines from falling (and causing an endless break
condition) when the transceiver is disabled.

>From the SAM9G20 datasheet, 32.5.1: "To prevent the TXD line from
falling when the USART is disabled, the use of an internal pull up
is mandatory.". This commit reenables the pull-ups for all chips having
that sentence in their datasheets.

Fixes: 5e04822f7db5 ("ARM: dts: at91: fixes uart pinctrl, set pullup on rx, clear pullup on tx")
Signed-off-by: Ingo van Lil <inguin@gmx.de>
Cc: Peter Rosin <peda@axentia.se>
Link: https://lore.kernel.org/r/20191203142147.875227-1-inguin@gmx.de
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/at91sam9260.dtsi |   12 ++++++------
 arch/arm/boot/dts/at91sam9261.dtsi |    6 +++---
 arch/arm/boot/dts/at91sam9263.dtsi |    6 +++---
 arch/arm/boot/dts/at91sam9g45.dtsi |    8 ++++----
 arch/arm/boot/dts/at91sam9rl.dtsi  |    8 ++++----
 5 files changed, 20 insertions(+), 20 deletions(-)

--- a/arch/arm/boot/dts/at91sam9260.dtsi
+++ b/arch/arm/boot/dts/at91sam9260.dtsi
@@ -187,7 +187,7 @@
 				usart0 {
 					pinctrl_usart0: usart0-0 {
 						atmel,pins =
-							<AT91_PIOB 4 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 4 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 5 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -221,7 +221,7 @@
 				usart1 {
 					pinctrl_usart1: usart1-0 {
 						atmel,pins =
-							<AT91_PIOB 6 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 6 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 7 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -239,7 +239,7 @@
 				usart2 {
 					pinctrl_usart2: usart2-0 {
 						atmel,pins =
-							<AT91_PIOB 8 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 8 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 9 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -257,7 +257,7 @@
 				usart3 {
 					pinctrl_usart3: usart3-0 {
 						atmel,pins =
-							<AT91_PIOB 10 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 10 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 11 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -275,7 +275,7 @@
 				uart0 {
 					pinctrl_uart0: uart0-0 {
 						atmel,pins =
-							<AT91_PIOA 31 AT91_PERIPH_B AT91_PINCTRL_NONE
+							<AT91_PIOA 31 AT91_PERIPH_B AT91_PINCTRL_PULL_UP
 							 AT91_PIOA 30 AT91_PERIPH_B AT91_PINCTRL_PULL_UP>;
 					};
 				};
@@ -283,7 +283,7 @@
 				uart1 {
 					pinctrl_uart1: uart1-0 {
 						atmel,pins =
-							<AT91_PIOB 12 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 12 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 13 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 				};
--- a/arch/arm/boot/dts/at91sam9261.dtsi
+++ b/arch/arm/boot/dts/at91sam9261.dtsi
@@ -329,7 +329,7 @@
 				usart0 {
 					pinctrl_usart0: usart0-0 {
 						atmel,pins =
-							<AT91_PIOC 8 AT91_PERIPH_A AT91_PINCTRL_NONE>,
+							<AT91_PIOC 8 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>,
 							<AT91_PIOC 9 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -347,7 +347,7 @@
 				usart1 {
 					pinctrl_usart1: usart1-0 {
 						atmel,pins =
-							<AT91_PIOC 12 AT91_PERIPH_A AT91_PINCTRL_NONE>,
+							<AT91_PIOC 12 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>,
 							<AT91_PIOC 13 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -365,7 +365,7 @@
 				usart2 {
 					pinctrl_usart2: usart2-0 {
 						atmel,pins =
-							<AT91_PIOC 14 AT91_PERIPH_A AT91_PINCTRL_NONE>,
+							<AT91_PIOC 14 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>,
 							<AT91_PIOC 15 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
--- a/arch/arm/boot/dts/at91sam9263.dtsi
+++ b/arch/arm/boot/dts/at91sam9263.dtsi
@@ -183,7 +183,7 @@
 				usart0 {
 					pinctrl_usart0: usart0-0 {
 						atmel,pins =
-							<AT91_PIOA 26 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOA 26 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOA 27 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -201,7 +201,7 @@
 				usart1 {
 					pinctrl_usart1: usart1-0 {
 						atmel,pins =
-							<AT91_PIOD 0 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOD 0 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOD 1 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -219,7 +219,7 @@
 				usart2 {
 					pinctrl_usart2: usart2-0 {
 						atmel,pins =
-							<AT91_PIOD 2 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOD 2 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOD 3 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
--- a/arch/arm/boot/dts/at91sam9g45.dtsi
+++ b/arch/arm/boot/dts/at91sam9g45.dtsi
@@ -556,7 +556,7 @@
 				usart0 {
 					pinctrl_usart0: usart0-0 {
 						atmel,pins =
-							<AT91_PIOB 19 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 19 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 18 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -574,7 +574,7 @@
 				usart1 {
 					pinctrl_usart1: usart1-0 {
 						atmel,pins =
-							<AT91_PIOB 4 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 4 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 5 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -592,7 +592,7 @@
 				usart2 {
 					pinctrl_usart2: usart2-0 {
 						atmel,pins =
-							<AT91_PIOB 6 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 6 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 7 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -610,7 +610,7 @@
 				usart3 {
 					pinctrl_usart3: usart3-0 {
 						atmel,pins =
-							<AT91_PIOB 8 AT91_PERIPH_A AT91_PINCTRL_NONE
+							<AT91_PIOB 8 AT91_PERIPH_A AT91_PINCTRL_PULL_UP
 							 AT91_PIOB 9 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
--- a/arch/arm/boot/dts/at91sam9rl.dtsi
+++ b/arch/arm/boot/dts/at91sam9rl.dtsi
@@ -682,7 +682,7 @@
 				usart0 {
 					pinctrl_usart0: usart0-0 {
 						atmel,pins =
-							<AT91_PIOA 6 AT91_PERIPH_A AT91_PINCTRL_NONE>,
+							<AT91_PIOA 6 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>,
 							<AT91_PIOA 7 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -721,7 +721,7 @@
 				usart1 {
 					pinctrl_usart1: usart1-0 {
 						atmel,pins =
-							<AT91_PIOA 11 AT91_PERIPH_A AT91_PINCTRL_NONE>,
+							<AT91_PIOA 11 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>,
 							<AT91_PIOA 12 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -744,7 +744,7 @@
 				usart2 {
 					pinctrl_usart2: usart2-0 {
 						atmel,pins =
-							<AT91_PIOA 13 AT91_PERIPH_A AT91_PINCTRL_NONE>,
+							<AT91_PIOA 13 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>,
 							<AT91_PIOA 14 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 
@@ -767,7 +767,7 @@
 				usart3 {
 					pinctrl_usart3: usart3-0 {
 						atmel,pins =
-							<AT91_PIOB 0 AT91_PERIPH_A AT91_PINCTRL_NONE>,
+							<AT91_PIOB 0 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>,
 							<AT91_PIOB 1 AT91_PERIPH_A AT91_PINCTRL_PULL_UP>;
 					};
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 059/120] ARM: dts: am43xx: add support for clkout1 clock
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (57 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 058/120] ARM: dts: at91: Reenable UART TX pull-ups Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 060/120] arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound Greg Kroah-Hartman
                   ` (65 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tero Kristo, Benoit Parrot, Tony Lindgren

From: Tero Kristo <t-kristo@ti.com>

commit 01053dadb79d63b65f7b353e68b4b6ccf4effedb upstream.

clkout1 clock node and its generation tree was missing. Add this based
on the data on TRM and PRCM functional spec.

commit 664ae1ab2536 ("ARM: dts: am43xx: add clkctrl nodes") effectively
reverted this commit 8010f13a40d3 ("ARM: dts: am43xx: add support for
clkout1 clock") which is needed for the ov2659 camera sensor clock
definition hence it is being re-applied here.

Note that because of the current dts node name dependency for mapping to
clock domain, we must still use "clkout1-*ck" naming instead of generic
"clock@" naming for the node. And because of this, it's probably best to
apply the dts node addition together along with the other clock changes.

Fixes: 664ae1ab2536 ("ARM: dts: am43xx: add clkctrl nodes")
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Tested-by: Benoit Parrot <bparrot@ti.com>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Benoit Parrot <bparrot@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/am43xx-clocks.dtsi |   54 +++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

--- a/arch/arm/boot/dts/am43xx-clocks.dtsi
+++ b/arch/arm/boot/dts/am43xx-clocks.dtsi
@@ -704,6 +704,60 @@
 		ti,bit-shift = <8>;
 		reg = <0x2a48>;
 	};
+
+	clkout1_osc_div_ck: clkout1-osc-div-ck {
+		#clock-cells = <0>;
+		compatible = "ti,divider-clock";
+		clocks = <&sys_clkin_ck>;
+		ti,bit-shift = <20>;
+		ti,max-div = <4>;
+		reg = <0x4100>;
+	};
+
+	clkout1_src2_mux_ck: clkout1-src2-mux-ck {
+		#clock-cells = <0>;
+		compatible = "ti,mux-clock";
+		clocks = <&clk_rc32k_ck>, <&sysclk_div>, <&dpll_ddr_m2_ck>,
+			 <&dpll_per_m2_ck>, <&dpll_disp_m2_ck>,
+			 <&dpll_mpu_m2_ck>;
+		reg = <0x4100>;
+	};
+
+	clkout1_src2_pre_div_ck: clkout1-src2-pre-div-ck {
+		#clock-cells = <0>;
+		compatible = "ti,divider-clock";
+		clocks = <&clkout1_src2_mux_ck>;
+		ti,bit-shift = <4>;
+		ti,max-div = <8>;
+		reg = <0x4100>;
+	};
+
+	clkout1_src2_post_div_ck: clkout1-src2-post-div-ck {
+		#clock-cells = <0>;
+		compatible = "ti,divider-clock";
+		clocks = <&clkout1_src2_pre_div_ck>;
+		ti,bit-shift = <8>;
+		ti,max-div = <32>;
+		ti,index-power-of-two;
+		reg = <0x4100>;
+	};
+
+	clkout1_mux_ck: clkout1-mux-ck {
+		#clock-cells = <0>;
+		compatible = "ti,mux-clock";
+		clocks = <&clkout1_osc_div_ck>, <&clk_rc32k_ck>,
+			 <&clkout1_src2_post_div_ck>, <&dpll_extdev_m2_ck>;
+		ti,bit-shift = <16>;
+		reg = <0x4100>;
+	};
+
+	clkout1_ck: clkout1-ck {
+		#clock-cells = <0>;
+		compatible = "ti,gate-clock";
+		clocks = <&clkout1_mux_ck>;
+		ti,bit-shift = <23>;
+		reg = <0x4100>;
+	};
 };
 
 &prcm {



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 060/120] arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (58 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 059/120] ARM: dts: am43xx: add support for clkout1 clock Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 061/120] arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node Greg Kroah-Hartman
                   ` (64 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kuninori Morimoto, Geert Uytterhoeven

From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>

commit bf2b74ce9b33a2edd6ba1930ce60a71830790910 upstream.

rcar_sound doesn't support clkout-lr-synchronous in upstream.
It was supported under out-of-tree rcar_sound.
upstream rcar_sound is supporting
	- clkout-lr-synchronous
	+ clkout-lr-asynchronous

Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/87mubt3tux.wl-kuninori.morimoto.gx@renesas.com
Fixes: 56629fcba94c698d ("arm64: dts: renesas: ebisu: Enable Audio")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/boot/dts/renesas/r8a77990-ebisu.dts |    1 -
 1 file changed, 1 deletion(-)

--- a/arch/arm64/boot/dts/renesas/r8a77990-ebisu.dts
+++ b/arch/arm64/boot/dts/renesas/r8a77990-ebisu.dts
@@ -636,7 +636,6 @@
 	/* audio_clkout0/1/2/3 */
 	#clock-cells = <1>;
 	clock-frequency = <12288000 11289600>;
-	clkout-lr-synchronous;
 
 	status = "okay";
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 061/120] arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (59 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 060/120] arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 062/120] ARM: dts: meson8: use the actual frequency for the GPUs 182.1MHz OPP Greg Kroah-Hartman
                   ` (63 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Denis Odintsov, Baruch Siach,
	Andrew Lunn, Gregory CLEMENT

From: Baruch Siach <baruch@tkos.co.il>

commit 62bba54d99407aedfe9b0a02e72e23c06e2b0116 upstream.

Explicitly set the switch cpu (upstream) port phy-mode and managed
properties. This fixes the Marvell 88E6141 switch serdes configuration
with the recently enabled phylink layer.

Fixes: a6120833272c ("arm64: dts: add support for SolidRun Clearfog GT 8K")
Reported-by: Denis Odintsov <d.odintsov@traviangames.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/boot/dts/marvell/armada-8040-clearfog-gt-8k.dts |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/arm64/boot/dts/marvell/armada-8040-clearfog-gt-8k.dts
+++ b/arch/arm64/boot/dts/marvell/armada-8040-clearfog-gt-8k.dts
@@ -408,6 +408,8 @@
 				reg = <5>;
 				label = "cpu";
 				ethernet = <&cp1_eth2>;
+				phy-mode = "2500base-x";
+				managed = "in-band-status";
 			};
 		};
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 062/120] ARM: dts: meson8: use the actual frequency for the GPUs 182.1MHz OPP
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (60 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 061/120] arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:20 ` [PATCH 5.5 063/120] ARM: dts: meson8b: use the actual frequency for the GPUs 364MHz OPP Greg Kroah-Hartman
                   ` (62 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Martin Blumenstingl, Kevin Hilman

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

commit fe634a7a9a57fb736e39fb71aa9adc6448a90f94 upstream.

The clock setup on Meson8 cannot achieve a Mali frequency of exactly
182.15MHz. The vendor driver uses "FCLK_DIV7 / 2" for this frequency,
which translates to 2550MHz / 7 / 2 = 182142857Hz.
Update the GPU operating point to that specific frequency to not confuse
myself when comparing the frequency from the .dts with the actual clock
rate on the system.

Fixes: 7d3f6b536e72c9 ("ARM: dts: meson8: add the Mali-450 MP6 GPU")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/meson8.dtsi |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/arm/boot/dts/meson8.dtsi
+++ b/arch/arm/boot/dts/meson8.dtsi
@@ -129,8 +129,8 @@
 	gpu_opp_table: gpu-opp-table {
 		compatible = "operating-points-v2";
 
-		opp-182150000 {
-			opp-hz = /bits/ 64 <182150000>;
+		opp-182142857 {
+			opp-hz = /bits/ 64 <182142857>;
 			opp-microvolt = <1150000>;
 		};
 		opp-318750000 {



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 063/120] ARM: dts: meson8b: use the actual frequency for the GPUs 364MHz OPP
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (61 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 062/120] ARM: dts: meson8: use the actual frequency for the GPUs 182.1MHz OPP Greg Kroah-Hartman
@ 2020-02-13 15:20 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 064/120] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates Greg Kroah-Hartman
                   ` (61 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:20 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Martin Blumenstingl, Kevin Hilman

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

commit c3dd3315ab58b2cfa1916df55b0d0f9fbd94266f upstream.

The clock setup on Meson8 cannot achieve a Mali frequency of exactly
182.15MHz. The vendor driver uses "FCLK_DIV7 / 1" for this frequency,
which translates to 2550MHz / 7 / 1 = 364285714Hz.
Update the GPU operating point to that specific frequency to not confuse
myself when comparing the frequency from the .dts with the actual clock
rate on the system.

Fixes: c3ea80b6138cae ("ARM: dts: meson8b: add the Mali-450 MP2 GPU")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/meson8b.dtsi |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/arm/boot/dts/meson8b.dtsi
+++ b/arch/arm/boot/dts/meson8b.dtsi
@@ -125,8 +125,8 @@
 			opp-hz = /bits/ 64 <255000000>;
 			opp-microvolt = <1100000>;
 		};
-		opp-364300000 {
-			opp-hz = /bits/ 64 <364300000>;
+		opp-364285714 {
+			opp-hz = /bits/ 64 <364285714>;
 			opp-microvolt = <1100000>;
 		};
 		opp-425000000 {



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 064/120] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (62 preceding siblings ...)
  2020-02-13 15:20 ` [PATCH 5.5 063/120] ARM: dts: meson8b: use the actual frequency for the GPUs 364MHz OPP Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 065/120] ARM: dts: at91: sama5d3: define clock rate range for tcb1 Greg Kroah-Hartman
                   ` (60 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Karl Rudbæk Olsen, Alexandre Belloni

From: Alexandre Belloni <alexandre.belloni@bootlin.com>

commit ee0aa926ddb0bd8ba59e33e3803b3b5804e3f5da upstream.

Currently the maximum rate for peripheral clock is calculated based on a
typical 133MHz MCK. The maximum frequency is defined in the datasheet as a
ratio to MCK. Some sama5d3 platforms are using a 166MHz MCK. Update the
device trees to match the maximum rate based on 166MHz.

Reported-by: Karl Rudbæk Olsen <karl@micro-technic.com>
Fixes: d2e8190b7916 ("ARM: at91/dt: define sama5d3 clocks")
Link: https://lore.kernel.org/r/20200110172007.1253659-1-alexandre.belloni@bootlin.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/sama5d3.dtsi      |   28 ++++++++++++++--------------
 arch/arm/boot/dts/sama5d3_can.dtsi  |    4 ++--
 arch/arm/boot/dts/sama5d3_uart.dtsi |    4 ++--
 3 files changed, 18 insertions(+), 18 deletions(-)

--- a/arch/arm/boot/dts/sama5d3.dtsi
+++ b/arch/arm/boot/dts/sama5d3.dtsi
@@ -1188,49 +1188,49 @@
 					usart0_clk: usart0_clk {
 						#clock-cells = <0>;
 						reg = <12>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					usart1_clk: usart1_clk {
 						#clock-cells = <0>;
 						reg = <13>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					usart2_clk: usart2_clk {
 						#clock-cells = <0>;
 						reg = <14>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					usart3_clk: usart3_clk {
 						#clock-cells = <0>;
 						reg = <15>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					uart0_clk: uart0_clk {
 						#clock-cells = <0>;
 						reg = <16>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					twi0_clk: twi0_clk {
 						reg = <18>;
 						#clock-cells = <0>;
-						atmel,clk-output-range = <0 16625000>;
+						atmel,clk-output-range = <0 41500000>;
 					};
 
 					twi1_clk: twi1_clk {
 						#clock-cells = <0>;
 						reg = <19>;
-						atmel,clk-output-range = <0 16625000>;
+						atmel,clk-output-range = <0 41500000>;
 					};
 
 					twi2_clk: twi2_clk {
 						#clock-cells = <0>;
 						reg = <20>;
-						atmel,clk-output-range = <0 16625000>;
+						atmel,clk-output-range = <0 41500000>;
 					};
 
 					mci0_clk: mci0_clk {
@@ -1246,19 +1246,19 @@
 					spi0_clk: spi0_clk {
 						#clock-cells = <0>;
 						reg = <24>;
-						atmel,clk-output-range = <0 133000000>;
+						atmel,clk-output-range = <0 166000000>;
 					};
 
 					spi1_clk: spi1_clk {
 						#clock-cells = <0>;
 						reg = <25>;
-						atmel,clk-output-range = <0 133000000>;
+						atmel,clk-output-range = <0 166000000>;
 					};
 
 					tcb0_clk: tcb0_clk {
 						#clock-cells = <0>;
 						reg = <26>;
-						atmel,clk-output-range = <0 133000000>;
+						atmel,clk-output-range = <0 166000000>;
 					};
 
 					pwm_clk: pwm_clk {
@@ -1269,7 +1269,7 @@
 					adc_clk: adc_clk {
 						#clock-cells = <0>;
 						reg = <29>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					dma0_clk: dma0_clk {
@@ -1300,13 +1300,13 @@
 					ssc0_clk: ssc0_clk {
 						#clock-cells = <0>;
 						reg = <38>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					ssc1_clk: ssc1_clk {
 						#clock-cells = <0>;
 						reg = <39>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					sha_clk: sha_clk {
--- a/arch/arm/boot/dts/sama5d3_can.dtsi
+++ b/arch/arm/boot/dts/sama5d3_can.dtsi
@@ -36,13 +36,13 @@
 					can0_clk: can0_clk {
 						#clock-cells = <0>;
 						reg = <40>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					can1_clk: can1_clk {
 						#clock-cells = <0>;
 						reg = <41>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 				};
 			};
--- a/arch/arm/boot/dts/sama5d3_uart.dtsi
+++ b/arch/arm/boot/dts/sama5d3_uart.dtsi
@@ -41,13 +41,13 @@
 					uart0_clk: uart0_clk {
 						#clock-cells = <0>;
 						reg = <16>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 
 					uart1_clk: uart1_clk {
 						#clock-cells = <0>;
 						reg = <17>;
-						atmel,clk-output-range = <0 66000000>;
+						atmel,clk-output-range = <0 83000000>;
 					};
 				};
 			};



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 065/120] ARM: dts: at91: sama5d3: define clock rate range for tcb1
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (63 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 064/120] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 066/120] tools/power/acpi: fix compilation error Greg Kroah-Hartman
                   ` (59 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Karl Rudbæk Olsen, Alexandre Belloni

From: Alexandre Belloni <alexandre.belloni@bootlin.com>

commit a7e0f3fc01df4b1b7077df777c37feae8c9e8b6d upstream.

The clock rate range for the TCB1 clock is missing. define it in the device
tree.

Reported-by: Karl Rudbæk Olsen <karl@micro-technic.com>
Fixes: d2e8190b7916 ("ARM: at91/dt: define sama5d3 clocks")
Link: https://lore.kernel.org/r/20200110172007.1253659-2-alexandre.belloni@bootlin.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/sama5d3_tcb1.dtsi |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm/boot/dts/sama5d3_tcb1.dtsi
+++ b/arch/arm/boot/dts/sama5d3_tcb1.dtsi
@@ -22,6 +22,7 @@
 					tcb1_clk: tcb1_clk {
 						#clock-cells = <0>;
 						reg = <27>;
+						atmel,clk-output-range = <0 166000000>;
 					};
 				};
 			};



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 066/120] tools/power/acpi: fix compilation error
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (64 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 065/120] ARM: dts: at91: sama5d3: define clock rate range for tcb1 Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 067/120] soc: qcom: rpmhpd: Set active_only for active only power domains Greg Kroah-Hartman
                   ` (58 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhengyuan Liu, Rafael J. Wysocki

From: Zhengyuan Liu <liuzhengyuan@kylinos.cn>

commit 1985f8c7f9a42a651a9750d6fcadc74336d182df upstream.

If we compile tools/acpi target in the top source directory, we'd get a
compilation error showing as bellow:

	# make tools/acpi
	  DESCEND  power/acpi
	  DESCEND  tools/acpidbg
	  CC       tools/acpidbg/acpidbg.o
	Assembler messages:
	Fatal error: can't create /home/lzy/kernel-upstream/power/acpi/\
			tools/acpidbg/acpidbg.o: No such file or directory
	../../Makefile.rules:26: recipe for target '/home/lzy/kernel-upstream/\
			power/acpi/tools/acpidbg/acpidbg.o' failed
	make[3]: *** [/home/lzy/kernel-upstream//power/acpi/tools/acpidbg/\
			acpidbg.o] Error 1
	Makefile:19: recipe for target 'acpidbg' failed
	make[2]: *** [acpidbg] Error 2
	Makefile:54: recipe for target 'acpi' failed
	make[1]: *** [acpi] Error 2
	Makefile:1607: recipe for target 'tools/acpi' failed
	make: *** [tools/acpi] Error 2

Fixes: d5a4b1a540b8 ("tools/power/acpi: Remove direct kernel source include reference")
Signed-off-by: Zhengyuan Liu <liuzhengyuan@kylinos.cn>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 tools/power/acpi/Makefile.config |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/power/acpi/Makefile.config
+++ b/tools/power/acpi/Makefile.config
@@ -15,7 +15,7 @@ include $(srctree)/../../scripts/Makefil
 
 OUTPUT=$(srctree)/
 ifeq ("$(origin O)", "command line")
-	OUTPUT := $(O)/power/acpi/
+	OUTPUT := $(O)/tools/power/acpi/
 endif
 #$(info Determined 'OUTPUT' to be $(OUTPUT))
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 067/120] soc: qcom: rpmhpd: Set active_only for active only power domains
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (65 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 066/120] tools/power/acpi: fix compilation error Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 068/120] Revert "powerpc/pseries/iommu: Dont use dma_iommu_ops on secure guests" Greg Kroah-Hartman
                   ` (57 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Rajendra Nayak, Stephen Boyd,
	Douglas Anderson, Bjorn Andersson

From: Douglas Anderson <dianders@chromium.org>

commit 5d0d4d42bed0090d3139e7c5ca1587d76d48add6 upstream.

The 'active_only' attribute was accidentally never set to true for any
power domains meaning that all the code handling this attribute was
dead.

NOTE that the RPM power domain code (as opposed to the RPMh one) gets
this right.

Acked-by: Rajendra Nayak <rnayak@codeaurora.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Fixes: 279b7e8a62cc ("soc: qcom: rpmhpd: Add RPMh power domain driver")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20190214173633.211000-1-dianders@chromium.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/soc/qcom/rpmhpd.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/soc/qcom/rpmhpd.c
+++ b/drivers/soc/qcom/rpmhpd.c
@@ -93,6 +93,7 @@ static struct rpmhpd sdm845_mx = {
 
 static struct rpmhpd sdm845_mx_ao = {
 	.pd = { .name = "mx_ao", },
+	.active_only = true,
 	.peer = &sdm845_mx,
 	.res_name = "mx.lvl",
 };
@@ -107,6 +108,7 @@ static struct rpmhpd sdm845_cx = {
 
 static struct rpmhpd sdm845_cx_ao = {
 	.pd = { .name = "cx_ao", },
+	.active_only = true,
 	.peer = &sdm845_cx,
 	.parent = &sdm845_mx_ao.pd,
 	.res_name = "cx.lvl",



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 068/120] Revert "powerpc/pseries/iommu: Dont use dma_iommu_ops on secure guests"
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (66 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 067/120] soc: qcom: rpmhpd: Set active_only for active only power domains Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 069/120] powerpc/ptdump: Fix W+X verification call in mark_rodata_ro() Greg Kroah-Hartman
                   ` (56 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ram Pai, Alexey Kardashevskiy,
	Thiago Jung Bauermann, Michael Ellerman

From: Ram Pai <linuxram@us.ibm.com>

commit d862b44133b7a1d7de25288e09eabf4df415e971 upstream.

This reverts commit edea902c1c1efb855f77e041f9daf1abe7a9768a.

At the time the change allowed direct DMA ops for secure VMs; however
since then we switched on using SWIOTLB backed with IOMMU (direct mapping)
and to make this work, we need dma_iommu_ops which handles all cases
including TCE mapping I/O pages in the presence of an IOMMU.

Fixes: edea902c1c1e ("powerpc/pseries/iommu: Don't use dma_iommu_ops on secure guests")
Signed-off-by: Ram Pai <linuxram@us.ibm.com>
[aik: added "revert" and "fixes:"]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Tested-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20191216041924.42318-2-aik@ozlabs.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/pseries/iommu.c |   11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

--- a/arch/powerpc/platforms/pseries/iommu.c
+++ b/arch/powerpc/platforms/pseries/iommu.c
@@ -36,7 +36,6 @@
 #include <asm/udbg.h>
 #include <asm/mmzone.h>
 #include <asm/plpar_wrappers.h>
-#include <asm/svm.h>
 
 #include "pseries.h"
 
@@ -1320,15 +1319,7 @@ void iommu_init_early_pSeries(void)
 	of_reconfig_notifier_register(&iommu_reconfig_nb);
 	register_memory_notifier(&iommu_mem_nb);
 
-	/*
-	 * Secure guest memory is inacessible to devices so regular DMA isn't
-	 * possible.
-	 *
-	 * In that case keep devices' dma_map_ops as NULL so that the generic
-	 * DMA code path will use SWIOTLB to bounce buffers for DMA.
-	 */
-	if (!is_secure_guest())
-		set_pci_dma_ops(&dma_iommu_ops);
+	set_pci_dma_ops(&dma_iommu_ops);
 }
 
 static int __init disable_multitce(char *str)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 069/120] powerpc/ptdump: Fix W+X verification call in mark_rodata_ro()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (67 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 068/120] Revert "powerpc/pseries/iommu: Dont use dma_iommu_ops on secure guests" Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 070/120] powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX Greg Kroah-Hartman
                   ` (55 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman

From: Christophe Leroy <christophe.leroy@c-s.fr>

commit e26ad936dd89d79f66c2b567f700e0c2a7103070 upstream.

ptdump_check_wx() also have to be called when pages are mapped
by blocks.

Fixes: 453d87f6a8ae ("powerpc/mm: Warn if W+X pages found on boot")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/37517da8310f4457f28921a4edb88fb21d27b62a.1578989531.git.christophe.leroy@c-s.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/mm/pgtable_32.c |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/powerpc/mm/pgtable_32.c
+++ b/arch/powerpc/mm/pgtable_32.c
@@ -218,6 +218,7 @@ void mark_rodata_ro(void)
 
 	if (v_block_mapped((unsigned long)_sinittext)) {
 		mmu_mark_rodata_ro();
+		ptdump_check_wx();
 		return;
 	}
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 070/120] powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (68 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 069/120] powerpc/ptdump: Fix W+X verification call in mark_rodata_ro() Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 071/120] powerpc/papr_scm: Fix leaking bus_desc.provider_name in some paths Greg Kroah-Hartman
                   ` (54 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman

From: Christophe Leroy <christophe.leroy@c-s.fr>

commit f509247b08f2dcf7754d9ed85ad69a7972aa132b upstream.

ptdump_check_wx() is called from mark_rodata_ro() which only exists
when CONFIG_STRICT_KERNEL_RWX is selected.

Fixes: 453d87f6a8ae ("powerpc/mm: Warn if W+X pages found on boot")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/922d4939c735c6b52b4137838bcc066fffd4fc33.1578989545.git.christophe.leroy@c-s.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/Kconfig.debug |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -371,7 +371,7 @@ config PPC_PTDUMP
 
 config PPC_DEBUG_WX
 	bool "Warn on W+X mappings at boot"
-	depends on PPC_PTDUMP
+	depends on PPC_PTDUMP && STRICT_KERNEL_RWX
 	help
 	  Generate a warning if any W+X mappings are found at boot.
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 071/120] powerpc/papr_scm: Fix leaking bus_desc.provider_name in some paths
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (69 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 070/120] powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 072/120] powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning Greg Kroah-Hartman
                   ` (53 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vaibhav Jain, Michael Ellerman

From: Vaibhav Jain <vaibhav@linux.ibm.com>

commit 5649607a8d0b0e019a4db14aab3de1e16c3a2b4f upstream.

String 'bus_desc.provider_name' allocated inside
papr_scm_nvdimm_init() will leaks in case call to
nvdimm_bus_register() fails or when papr_scm_remove() is called.

This minor patch ensures that 'bus_desc.provider_name' is freed in
error path for nvdimm_bus_register() as well as in papr_scm_remove().

Fixes: b5beae5e224f ("powerpc/pseries: Add driver for PAPR SCM regions")
Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200122155140.120429-1-vaibhav@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/pseries/papr_scm.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/powerpc/platforms/pseries/papr_scm.c
+++ b/arch/powerpc/platforms/pseries/papr_scm.c
@@ -322,6 +322,7 @@ static int papr_scm_nvdimm_init(struct p
 	p->bus = nvdimm_bus_register(NULL, &p->bus_desc);
 	if (!p->bus) {
 		dev_err(dev, "Error creating nvdimm bus %pOF\n", p->dn);
+		kfree(p->bus_desc.provider_name);
 		return -ENXIO;
 	}
 
@@ -477,6 +478,7 @@ static int papr_scm_remove(struct platfo
 
 	nvdimm_bus_unregister(p->bus);
 	drc_pmem_unbind(p);
+	kfree(p->bus_desc.provider_name);
 	kfree(p);
 
 	return 0;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 072/120] powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (70 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 071/120] powerpc/papr_scm: Fix leaking bus_desc.provider_name in some paths Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 073/120] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW Greg Kroah-Hartman
                   ` (52 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tyrel Datwyler, Alexey Kardashevskiy,
	Michael Ellerman

From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>

commit aff8c8242bc638ba57247ae1ec5f272ac3ed3b92 upstream.

Commit e5afdf9dd515 ("powerpc/vfio_spapr_tce: Add reference counting to
iommu_table") missed an iommu_table allocation in the pseries vio code.
The iommu_table is allocated with kzalloc and as a result the associated
kref gets a value of zero. This has the side effect that during a DLPAR
remove of the associated virtual IOA the iommu_tce_table_put() triggers
a use-after-free underflow warning.

Call Trace:
[c0000002879e39f0] [c00000000071ecb4] refcount_warn_saturate+0x184/0x190
(unreliable)
[c0000002879e3a50] [c0000000000500ac] iommu_tce_table_put+0x9c/0xb0
[c0000002879e3a70] [c0000000000f54e4] vio_dev_release+0x34/0x70
[c0000002879e3aa0] [c00000000087cfa4] device_release+0x54/0xf0
[c0000002879e3b10] [c000000000d64c84] kobject_cleanup+0xa4/0x240
[c0000002879e3b90] [c00000000087d358] put_device+0x28/0x40
[c0000002879e3bb0] [c0000000007a328c] dlpar_remove_slot+0x15c/0x250
[c0000002879e3c50] [c0000000007a348c] remove_slot_store+0xac/0xf0
[c0000002879e3cd0] [c000000000d64220] kobj_attr_store+0x30/0x60
[c0000002879e3cf0] [c0000000004ff13c] sysfs_kf_write+0x6c/0xa0
[c0000002879e3d10] [c0000000004fde4c] kernfs_fop_write+0x18c/0x260
[c0000002879e3d60] [c000000000410f3c] __vfs_write+0x3c/0x70
[c0000002879e3d80] [c000000000415408] vfs_write+0xc8/0x250
[c0000002879e3dd0] [c0000000004157dc] ksys_write+0x7c/0x120
[c0000002879e3e20] [c00000000000b278] system_call+0x5c/0x68

Further, since the refcount was always zero the iommu_tce_table_put()
fails to call the iommu_table release function resulting in a leak.

Fix this issue be initilizing the iommu_table kref immediately after
allocation.

Fixes: e5afdf9dd515 ("powerpc/vfio_spapr_tce: Add reference counting to iommu_table")
Signed-off-by: Tyrel Datwyler <tyreld@linux.ibm.com>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1579558202-26052-1-git-send-email-tyreld@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/pseries/vio.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/powerpc/platforms/pseries/vio.c
+++ b/arch/powerpc/platforms/pseries/vio.c
@@ -1176,6 +1176,8 @@ static struct iommu_table *vio_build_iom
 	if (tbl == NULL)
 		return NULL;
 
+	kref_init(&tbl->it_kref);
+
 	of_parse_dma_window(dev->dev.of_node, dma_window,
 			    &tbl->it_index, &offset, &size);
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 073/120] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (71 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 072/120] powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 074/120] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA Greg Kroah-Hartman
                   ` (51 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Alexey Kardashevskiy,
	Thiago Jung Bauermann, Michael Ellerman

From: Alexey Kardashevskiy <aik@ozlabs.ru>

commit 7559d3d295f3365ea7ac0c0274c05e633fe4f594 upstream.

By default a pseries guest supports a H_PUT_TCE hypercall which maps
a single IOMMU page in a DMA window. Additionally the hypervisor may
support H_PUT_TCE_INDIRECT/H_STUFF_TCE which update multiple TCEs at once;
this is advertised via the device tree /rtas/ibm,hypertas-functions
property which Linux converts to FW_FEATURE_MULTITCE.

FW_FEATURE_MULTITCE is checked when dma_iommu_ops is used; however
the code managing the huge DMA window (DDW) ignores it and calls
H_PUT_TCE_INDIRECT even if it is explicitly disabled via
the "multitce=off" kernel command line parameter.

This adds FW_FEATURE_MULTITCE checking to the DDW code path.

This changes tce_build_pSeriesLP to take liobn and page size as
the huge window does not have iommu_table descriptor which usually
the place to store these numbers.

Fixes: 4e8b0cf46b25 ("powerpc/pseries: Add support for dynamic dma windows")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Tested-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20191216041924.42318-3-aik@ozlabs.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/powerpc/platforms/pseries/iommu.c |   43 ++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 14 deletions(-)

--- a/arch/powerpc/platforms/pseries/iommu.c
+++ b/arch/powerpc/platforms/pseries/iommu.c
@@ -132,10 +132,10 @@ static unsigned long tce_get_pseries(str
 	return be64_to_cpu(*tcep);
 }
 
-static void tce_free_pSeriesLP(struct iommu_table*, long, long);
+static void tce_free_pSeriesLP(unsigned long liobn, long, long);
 static void tce_freemulti_pSeriesLP(struct iommu_table*, long, long);
 
-static int tce_build_pSeriesLP(struct iommu_table *tbl, long tcenum,
+static int tce_build_pSeriesLP(unsigned long liobn, long tcenum, long tceshift,
 				long npages, unsigned long uaddr,
 				enum dma_data_direction direction,
 				unsigned long attrs)
@@ -146,25 +146,25 @@ static int tce_build_pSeriesLP(struct io
 	int ret = 0;
 	long tcenum_start = tcenum, npages_start = npages;
 
-	rpn = __pa(uaddr) >> TCE_SHIFT;
+	rpn = __pa(uaddr) >> tceshift;
 	proto_tce = TCE_PCI_READ;
 	if (direction != DMA_TO_DEVICE)
 		proto_tce |= TCE_PCI_WRITE;
 
 	while (npages--) {
-		tce = proto_tce | (rpn & TCE_RPN_MASK) << TCE_RPN_SHIFT;
-		rc = plpar_tce_put((u64)tbl->it_index, (u64)tcenum << 12, tce);
+		tce = proto_tce | (rpn & TCE_RPN_MASK) << tceshift;
+		rc = plpar_tce_put((u64)liobn, (u64)tcenum << tceshift, tce);
 
 		if (unlikely(rc == H_NOT_ENOUGH_RESOURCES)) {
 			ret = (int)rc;
-			tce_free_pSeriesLP(tbl, tcenum_start,
+			tce_free_pSeriesLP(liobn, tcenum_start,
 			                   (npages_start - (npages + 1)));
 			break;
 		}
 
 		if (rc && printk_ratelimit()) {
 			printk("tce_build_pSeriesLP: plpar_tce_put failed. rc=%lld\n", rc);
-			printk("\tindex   = 0x%llx\n", (u64)tbl->it_index);
+			printk("\tindex   = 0x%llx\n", (u64)liobn);
 			printk("\ttcenum  = 0x%llx\n", (u64)tcenum);
 			printk("\ttce val = 0x%llx\n", tce );
 			dump_stack();
@@ -193,7 +193,8 @@ static int tce_buildmulti_pSeriesLP(stru
 	unsigned long flags;
 
 	if ((npages == 1) || !firmware_has_feature(FW_FEATURE_MULTITCE)) {
-		return tce_build_pSeriesLP(tbl, tcenum, npages, uaddr,
+		return tce_build_pSeriesLP(tbl->it_index, tcenum,
+					   tbl->it_page_shift, npages, uaddr,
 		                           direction, attrs);
 	}
 
@@ -209,8 +210,9 @@ static int tce_buildmulti_pSeriesLP(stru
 		/* If allocation fails, fall back to the loop implementation */
 		if (!tcep) {
 			local_irq_restore(flags);
-			return tce_build_pSeriesLP(tbl, tcenum, npages, uaddr,
-					    direction, attrs);
+			return tce_build_pSeriesLP(tbl->it_index, tcenum,
+					tbl->it_page_shift,
+					npages, uaddr, direction, attrs);
 		}
 		__this_cpu_write(tce_page, tcep);
 	}
@@ -261,16 +263,16 @@ static int tce_buildmulti_pSeriesLP(stru
 	return ret;
 }
 
-static void tce_free_pSeriesLP(struct iommu_table *tbl, long tcenum, long npages)
+static void tce_free_pSeriesLP(unsigned long liobn, long tcenum, long npages)
 {
 	u64 rc;
 
 	while (npages--) {
-		rc = plpar_tce_put((u64)tbl->it_index, (u64)tcenum << 12, 0);
+		rc = plpar_tce_put((u64)liobn, (u64)tcenum << 12, 0);
 
 		if (rc && printk_ratelimit()) {
 			printk("tce_free_pSeriesLP: plpar_tce_put failed. rc=%lld\n", rc);
-			printk("\tindex   = 0x%llx\n", (u64)tbl->it_index);
+			printk("\tindex   = 0x%llx\n", (u64)liobn);
 			printk("\ttcenum  = 0x%llx\n", (u64)tcenum);
 			dump_stack();
 		}
@@ -285,7 +287,7 @@ static void tce_freemulti_pSeriesLP(stru
 	u64 rc;
 
 	if (!firmware_has_feature(FW_FEATURE_MULTITCE))
-		return tce_free_pSeriesLP(tbl, tcenum, npages);
+		return tce_free_pSeriesLP(tbl->it_index, tcenum, npages);
 
 	rc = plpar_tce_stuff((u64)tbl->it_index, (u64)tcenum << 12, 0, npages);
 
@@ -400,6 +402,19 @@ static int tce_setrange_multi_pSeriesLP(
 	u64 rc = 0;
 	long l, limit;
 
+	if (!firmware_has_feature(FW_FEATURE_MULTITCE)) {
+		unsigned long tceshift = be32_to_cpu(maprange->tce_shift);
+		unsigned long dmastart = (start_pfn << PAGE_SHIFT) +
+				be64_to_cpu(maprange->dma_base);
+		unsigned long tcenum = dmastart >> tceshift;
+		unsigned long npages = num_pfn << PAGE_SHIFT >> tceshift;
+		void *uaddr = __va(start_pfn << PAGE_SHIFT);
+
+		return tce_build_pSeriesLP(be32_to_cpu(maprange->liobn),
+				tcenum, tceshift, npages, (unsigned long) uaddr,
+				DMA_BIDIRECTIONAL, 0);
+	}
+
 	local_irq_disable();	/* to protect tcep and the page behind it */
 	tcep = __this_cpu_read(tce_page);
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 074/120] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (72 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 073/120] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 075/120] ARM: at91: pm: use SAM9X60 PMCs compatible Greg Kroah-Hartman
                   ` (50 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shameer Kolothum, Will Deacon

From: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>

commit 935d43ba272e0001f8ef446a3eff15d8175cb11b upstream.

CMDQ_OP_TLBI_NH_VA requires VMID and this was missing since
commit 1c27df1c0a82 ("iommu/arm-smmu: Use correct address mask
for CMD_TLBI_S2_IPA"). Add it back.

Fixes: 1c27df1c0a82 ("iommu/arm-smmu: Use correct address mask for CMD_TLBI_S2_IPA")
Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/iommu/arm-smmu-v3.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -856,6 +856,7 @@ static int arm_smmu_cmdq_build_cmd(u64 *
 		cmd[1] |= FIELD_PREP(CMDQ_CFGI_1_RANGE, 31);
 		break;
 	case CMDQ_OP_TLBI_NH_VA:
+		cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_VMID, ent->tlbi.vmid);
 		cmd[0] |= FIELD_PREP(CMDQ_TLBI_0_ASID, ent->tlbi.asid);
 		cmd[1] |= FIELD_PREP(CMDQ_TLBI_1_LEAF, ent->tlbi.leaf);
 		cmd[1] |= ent->tlbi.addr & CMDQ_TLBI_1_VA_MASK;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 075/120] ARM: at91: pm: use SAM9X60 PMCs compatible
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (73 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 074/120] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 076/120] ARM: at91: pm: use of_device_id array to find the proper shdwc node Greg Kroah-Hartman
                   ` (49 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Alexandre Belloni

From: Claudiu Beznea <claudiu.beznea@microchip.com>

commit 6b9dfd986a81a999a27b6ed9dbe91203089c62dd upstream.

SAM9X60 PMC's has a different PMC. It was not integrated at the moment
commit 01c7031cfa73 ("ARM: at91: pm: initial PM support for SAM9X60")
was published.

Fixes: 01c7031cfa73 ("ARM: at91: pm: initial PM support for SAM9X60")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/1576062248-18514-2-git-send-email-claudiu.beznea@microchip.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mach-at91/pm.c |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm/mach-at91/pm.c
+++ b/arch/arm/mach-at91/pm.c
@@ -751,6 +751,7 @@ static const struct of_device_id atmel_p
 	{ .compatible = "atmel,sama5d3-pmc", .data = &pmc_infos[1] },
 	{ .compatible = "atmel,sama5d4-pmc", .data = &pmc_infos[1] },
 	{ .compatible = "atmel,sama5d2-pmc", .data = &pmc_infos[1] },
+	{ .compatible = "microchip,sam9x60-pmc", .data = &pmc_infos[1] },
 	{ /* sentinel */ },
 };
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 076/120] ARM: at91: pm: use of_device_id array to find the proper shdwc node
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (74 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 075/120] ARM: at91: pm: use SAM9X60 PMCs compatible Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 077/120] KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections Greg Kroah-Hartman
                   ` (48 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Claudiu Beznea, Alexandre Belloni

From: Claudiu Beznea <claudiu.beznea@microchip.com>

commit ec6e618c8c018c1361d77789a100a5f6f6317178 upstream.

Use of_device_id array to find the proper shdwc compatibile node.
SAM9X60's shdwc changes were not integrated when
commit eaedc0d379da ("ARM: at91: pm: add ULP1 support for SAM9X60")
was integrated.

Fixes: eaedc0d379da ("ARM: at91: pm: add ULP1 support for SAM9X60")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/1576062248-18514-3-git-send-email-claudiu.beznea@microchip.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mach-at91/pm.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/arch/arm/mach-at91/pm.c
+++ b/arch/arm/mach-at91/pm.c
@@ -691,6 +691,12 @@ static void __init at91_pm_use_default_m
 		soc_pm.data.suspend_mode = AT91_PM_ULP0;
 }
 
+static const struct of_device_id atmel_shdwc_ids[] = {
+	{ .compatible = "atmel,sama5d2-shdwc" },
+	{ .compatible = "microchip,sam9x60-shdwc" },
+	{ /* sentinel. */ }
+};
+
 static void __init at91_pm_modes_init(void)
 {
 	struct device_node *np;
@@ -700,7 +706,7 @@ static void __init at91_pm_modes_init(vo
 	    !at91_is_pm_mode_active(AT91_PM_ULP1))
 		return;
 
-	np = of_find_compatible_node(NULL, NULL, "atmel,sama5d2-shdwc");
+	np = of_find_matching_node(NULL, atmel_shdwc_ids);
 	if (!np) {
 		pr_warn("%s: failed to find shdwc!\n", __func__);
 		goto ulp1_default;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 077/120] KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (75 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 076/120] ARM: at91: pm: use of_device_id array to find the proper shdwc node Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 078/120] ARM: 8949/1: mm: mark free_memmap as __init Greg Kroah-Hartman
                   ` (47 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Auger, Marc Zyngier, Zenghui Yu

From: Eric Auger <eric.auger@redhat.com>

commit 8c58be34494b7f1b2adb446e2d8beeb90e5de65b upstream.

Saving/restoring an unmapped collection is a valid scenario. For
example this happens if a MAPTI command was sent, featuring an
unmapped collection. At the moment the CTE fails to be restored.
Only compare against the number of online vcpus if the rdist
base is set.

Fixes: ea1ad53e1e31a ("KVM: arm64: vgic-its: Collection table save/restore")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
Link: https://lore.kernel.org/r/20191213094237.19627-1-eric.auger@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/arm/vgic/vgic-its.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/virt/kvm/arm/vgic/vgic-its.c
+++ b/virt/kvm/arm/vgic/vgic-its.c
@@ -2475,7 +2475,8 @@ static int vgic_its_restore_cte(struct v
 	target_addr = (u32)(val >> KVM_ITS_CTE_RDBASE_SHIFT);
 	coll_id = val & KVM_ITS_CTE_ICID_MASK;
 
-	if (target_addr >= atomic_read(&kvm->online_vcpus))
+	if (target_addr != COLLECTION_NOT_MAPPED &&
+	    target_addr >= atomic_read(&kvm->online_vcpus))
 		return -EINVAL;
 
 	collection = find_collection(its, coll_id);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 078/120] ARM: 8949/1: mm: mark free_memmap as __init
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (76 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 077/120] KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 079/120] sched/uclamp: Fix a bug in propagating uclamp value in new cgroups Greg Kroah-Hartman
                   ` (46 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Olof Johansson, Russell King

From: Olof Johansson <olof@lixom.net>

commit 31f3010e60522ede237fb145a63b4af5a41718c2 upstream.

As of commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING
forcibly"), free_memmap() might not always be inlined, and thus is
triggering a section warning:

WARNING: vmlinux.o(.text.unlikely+0x904): Section mismatch in reference from the function free_memmap() to the function .meminit.text:memblock_free()

Mark it as __init, since the faller (free_unused_memmap) already is.

Fixes: ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING forcibly")
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/mm/init.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -324,7 +324,7 @@ static inline void poison_init_mem(void
 		*p++ = 0xe7fddef0;
 }
 
-static inline void
+static inline void __init
 free_memmap(unsigned long start_pfn, unsigned long end_pfn)
 {
 	struct page *start_pg, *end_pg;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 079/120] sched/uclamp: Fix a bug in propagating uclamp value in new cgroups
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (77 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 078/120] ARM: 8949/1: mm: mark free_memmap as __init Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 080/120] arm64: kernel: Correct annotation of end of el0_sync Greg Kroah-Hartman
                   ` (45 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Doug Smythies, Qais Yousef,
	Peter Zijlstra (Intel)

From: Qais Yousef <qais.yousef@arm.com>

commit 7226017ad37a888915628e59a84a2d1e57b40707 upstream.

When a new cgroup is created, the effective uclamp value wasn't updated
with a call to cpu_util_update_eff() that looks at the hierarchy and
update to the most restrictive values.

Fix it by ensuring to call cpu_util_update_eff() when a new cgroup
becomes online.

Without this change, the newly created cgroup uses the default
root_task_group uclamp values, which is 1024 for both uclamp_{min, max},
which will cause the rq to to be clamped to max, hence cause the
system to run at max frequency.

The problem was observed on Ubuntu server and was reproduced on Debian
and Buildroot rootfs.

By default, Ubuntu and Debian create a cpu controller cgroup hierarchy
and add all tasks to it - which creates enough noise to keep the rq
uclamp value at max most of the time. Imitating this behavior makes the
problem visible in Buildroot too which otherwise looks fine since it's a
minimal userspace.

Fixes: 0b60ba2dd342 ("sched/uclamp: Propagate parent clamps")
Reported-by: Doug Smythies <dsmythies@telus.net>
Signed-off-by: Qais Yousef <qais.yousef@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Doug Smythies <dsmythies@telus.net>
Link: https://lore.kernel.org/lkml/000701d5b965$361b6c60$a2524520$@net/
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/sched/core.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -7100,6 +7100,12 @@ static int cpu_cgroup_css_online(struct
 
 	if (parent)
 		sched_online_group(tg, parent);
+
+#ifdef CONFIG_UCLAMP_TASK_GROUP
+	/* Propagate the effective uclamp value for the new group */
+	cpu_util_update_eff(css);
+#endif
+
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 080/120] arm64: kernel: Correct annotation of end of el0_sync
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (78 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 079/120] sched/uclamp: Fix a bug in propagating uclamp value in new cgroups Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 081/120] arm64: cpufeature: Fix the type of no FP/SIMD capability Greg Kroah-Hartman
                   ` (44 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown, Will Deacon

From: Mark Brown <broonie@kernel.org>

commit 73d6890fe8ff40e357039b626537ac82d8782aeb upstream.

Commit 582f95835a8fc812c ("arm64: entry: convert el0_sync to C") caused
the ENDPROC() annotating the end of el0_sync to be placed after the code
for el0_sync_compat. This replaced the previous annotation where it was
located after all the cases that are now converted to C, including after
the currently unannotated el0_irq_compat and el0_error_compat. Move the
annotation to the end of the function and add separate annotations for
the _compat ones.

Fixes: 582f95835a8fc812c (arm64: entry: convert el0_sync to C)
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/entry.S |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -653,6 +653,7 @@ el0_sync:
 	mov	x0, sp
 	bl	el0_sync_handler
 	b	ret_to_user
+ENDPROC(el0_sync)
 
 #ifdef CONFIG_COMPAT
 	.align	6
@@ -661,16 +662,18 @@ el0_sync_compat:
 	mov	x0, sp
 	bl	el0_sync_compat_handler
 	b	ret_to_user
-ENDPROC(el0_sync)
+ENDPROC(el0_sync_compat)
 
 	.align	6
 el0_irq_compat:
 	kernel_entry 0, 32
 	b	el0_irq_naked
+ENDPROC(el0_irq_compat)
 
 el0_error_compat:
 	kernel_entry 0, 32
 	b	el0_error_naked
+ENDPROC(el0_error_compat)
 #endif
 
 	.align	6



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 081/120] arm64: cpufeature: Fix the type of no FP/SIMD capability
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (79 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 080/120] arm64: kernel: Correct annotation of end of el0_sync Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 082/120] arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly Greg Kroah-Hartman
                   ` (43 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Will Deacon, Mark Rutland,
	Ard Biesheuvel, Catalin Marinas, Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 449443c03d8cfdacf7313e17779a2594ebf87e6d upstream.

The NO_FPSIMD capability is defined with scope SYSTEM, which implies
that the "absence" of FP/SIMD on at least one CPU is detected only
after all the SMP CPUs are brought up. However, we use the status
of this capability for every context switch. So, let us change
the scope to LOCAL_CPU to allow the detection of this capability
as and when the first CPU without FP is brought up.

Also, the current type allows hotplugged CPU to be brought up without
FP/SIMD when all the current CPUs have FP/SIMD and we have the userspace
up. Fix both of these issues by changing the capability to
BOOT_RESTRICTED_LOCAL_CPU_FEATURE.

Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD")
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/cpufeature.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1368,7 +1368,7 @@ static const struct arm64_cpu_capabiliti
 	{
 		/* FP/SIMD is not implemented */
 		.capability = ARM64_HAS_NO_FPSIMD,
-		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.type = ARM64_CPUCAP_BOOT_RESTRICTED_CPU_LOCAL_FEATURE,
 		.min_field_value = 0,
 		.matches = has_no_fpsimd,
 	},



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 082/120] arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (80 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 081/120] arm64: cpufeature: Fix the type of no FP/SIMD capability Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 083/120] arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations Greg Kroah-Hartman
                   ` (42 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Will Deacon, Mark Rutland,
	Ard Biesheuvel, Catalin Marinas, Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 7559950aef1ab8792c50797c6c5c7c5150a02460 upstream.

We set the compat_elf_hwcap bits unconditionally on arm64 to
include the VFP and NEON support. However, the FP/SIMD unit
is optional on Arm v8 and thus could be missing. We already
handle this properly in the kernel, but still advertise to
the COMPAT applications that the VFP is available. Fix this
to make sure we only advertise when we really have them.

Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD")
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/cpufeature.c |   37 ++++++++++++++++++++++++++++++++++---
 1 file changed, 34 insertions(+), 3 deletions(-)

--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -32,9 +32,7 @@ static unsigned long elf_hwcap __read_mo
 #define COMPAT_ELF_HWCAP_DEFAULT	\
 				(COMPAT_HWCAP_HALF|COMPAT_HWCAP_THUMB|\
 				 COMPAT_HWCAP_FAST_MULT|COMPAT_HWCAP_EDSP|\
-				 COMPAT_HWCAP_TLS|COMPAT_HWCAP_VFP|\
-				 COMPAT_HWCAP_VFPv3|COMPAT_HWCAP_VFPv4|\
-				 COMPAT_HWCAP_NEON|COMPAT_HWCAP_IDIV|\
+				 COMPAT_HWCAP_TLS|COMPAT_HWCAP_IDIV|\
 				 COMPAT_HWCAP_LPAE)
 unsigned int compat_elf_hwcap __read_mostly = COMPAT_ELF_HWCAP_DEFAULT;
 unsigned int compat_elf_hwcap2 __read_mostly;
@@ -1596,6 +1594,12 @@ static const struct arm64_cpu_capabiliti
 		.match_list = list,						\
 	}
 
+#define HWCAP_CAP_MATCH(match, cap_type, cap)					\
+	{									\
+		__HWCAP_CAP(#cap, cap_type, cap)				\
+		.matches = match,						\
+	}
+
 #ifdef CONFIG_ARM64_PTR_AUTH
 static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = {
 	{
@@ -1669,8 +1673,35 @@ static const struct arm64_cpu_capabiliti
 	{},
 };
 
+#ifdef CONFIG_COMPAT
+static bool compat_has_neon(const struct arm64_cpu_capabilities *cap, int scope)
+{
+	/*
+	 * Check that all of MVFR1_EL1.{SIMDSP, SIMDInt, SIMDLS} are available,
+	 * in line with that of arm32 as in vfp_init(). We make sure that the
+	 * check is future proof, by making sure value is non-zero.
+	 */
+	u32 mvfr1;
+
+	WARN_ON(scope == SCOPE_LOCAL_CPU && preemptible());
+	if (scope == SCOPE_SYSTEM)
+		mvfr1 = read_sanitised_ftr_reg(SYS_MVFR1_EL1);
+	else
+		mvfr1 = read_sysreg_s(SYS_MVFR1_EL1);
+
+	return cpuid_feature_extract_unsigned_field(mvfr1, MVFR1_SIMDSP_SHIFT) &&
+		cpuid_feature_extract_unsigned_field(mvfr1, MVFR1_SIMDINT_SHIFT) &&
+		cpuid_feature_extract_unsigned_field(mvfr1, MVFR1_SIMDLS_SHIFT);
+}
+#endif
+
 static const struct arm64_cpu_capabilities compat_elf_hwcaps[] = {
 #ifdef CONFIG_COMPAT
+	HWCAP_CAP_MATCH(compat_has_neon, CAP_COMPAT_HWCAP, COMPAT_HWCAP_NEON),
+	HWCAP_CAP(SYS_MVFR1_EL1, MVFR1_SIMDFMAC_SHIFT, FTR_UNSIGNED, 1, CAP_COMPAT_HWCAP, COMPAT_HWCAP_VFPv4),
+	/* Arm v8 mandates MVFR0.FPDP == {0, 2}. So, piggy back on this for the presence of VFP support */
+	HWCAP_CAP(SYS_MVFR0_EL1, MVFR0_FPDP_SHIFT, FTR_UNSIGNED, 2, CAP_COMPAT_HWCAP, COMPAT_HWCAP_VFP),
+	HWCAP_CAP(SYS_MVFR0_EL1, MVFR0_FPDP_SHIFT, FTR_UNSIGNED, 2, CAP_COMPAT_HWCAP, COMPAT_HWCAP_VFPv3),
 	HWCAP_CAP(SYS_ID_ISAR5_EL1, ID_ISAR5_AES_SHIFT, FTR_UNSIGNED, 2, CAP_COMPAT_HWCAP2, COMPAT_HWCAP2_PMULL),
 	HWCAP_CAP(SYS_ID_ISAR5_EL1, ID_ISAR5_AES_SHIFT, FTR_UNSIGNED, 1, CAP_COMPAT_HWCAP2, COMPAT_HWCAP2_AES),
 	HWCAP_CAP(SYS_ID_ISAR5_EL1, ID_ISAR5_SHA1_SHIFT, FTR_UNSIGNED, 1, CAP_COMPAT_HWCAP2, COMPAT_HWCAP2_SHA1),



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 083/120] arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (81 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 082/120] arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 084/120] crypto: arm/chacha - fix build failured when kernel mode NEON is disabled Greg Kroah-Hartman
                   ` (41 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Will Deacon, Mark Rutland,
	Ard Biesheuvel, Catalin Marinas, Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit c9d66999f064947e6b577ceacc1eb2fbca6a8d3c upstream.

When fp/simd is not supported on the system, fail the operations
of FP/SIMD regsets.

Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD")
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/ptrace.c |   21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -615,6 +615,13 @@ static int gpr_set(struct task_struct *t
 	return 0;
 }
 
+static int fpr_active(struct task_struct *target, const struct user_regset *regset)
+{
+	if (!system_supports_fpsimd())
+		return -ENODEV;
+	return regset->n;
+}
+
 /*
  * TODO: update fp accessors for lazy context switching (sync/flush hwstate)
  */
@@ -637,6 +644,9 @@ static int fpr_get(struct task_struct *t
 		   unsigned int pos, unsigned int count,
 		   void *kbuf, void __user *ubuf)
 {
+	if (!system_supports_fpsimd())
+		return -EINVAL;
+
 	if (target == current)
 		fpsimd_preserve_current_state();
 
@@ -676,6 +686,9 @@ static int fpr_set(struct task_struct *t
 {
 	int ret;
 
+	if (!system_supports_fpsimd())
+		return -EINVAL;
+
 	ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 0);
 	if (ret)
 		return ret;
@@ -1134,6 +1147,7 @@ static const struct user_regset aarch64_
 		 */
 		.size = sizeof(u32),
 		.align = sizeof(u32),
+		.active = fpr_active,
 		.get = fpr_get,
 		.set = fpr_set
 	},
@@ -1348,6 +1362,9 @@ static int compat_vfp_get(struct task_st
 	compat_ulong_t fpscr;
 	int ret, vregs_end_pos;
 
+	if (!system_supports_fpsimd())
+		return -EINVAL;
+
 	uregs = &target->thread.uw.fpsimd_state;
 
 	if (target == current)
@@ -1381,6 +1398,9 @@ static int compat_vfp_set(struct task_st
 	compat_ulong_t fpscr;
 	int ret, vregs_end_pos;
 
+	if (!system_supports_fpsimd())
+		return -EINVAL;
+
 	uregs = &target->thread.uw.fpsimd_state;
 
 	vregs_end_pos = VFP_STATE_SIZE - sizeof(compat_ulong_t);
@@ -1438,6 +1458,7 @@ static const struct user_regset aarch32_
 		.n = VFP_STATE_SIZE / sizeof(compat_ulong_t),
 		.size = sizeof(compat_ulong_t),
 		.align = sizeof(compat_ulong_t),
+		.active = fpr_active,
 		.get = compat_vfp_get,
 		.set = compat_vfp_set
 	},



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 084/120] crypto: arm/chacha - fix build failured when kernel mode NEON is disabled
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (82 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 083/120] arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 085/120] KVM: arm/arm64: Fix young bit from mmu notifier Greg Kroah-Hartman
                   ` (40 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Russell King, Arnd Bergmann,
	Ard Biesheuvel, Herbert Xu

From: Ard Biesheuvel <ardb@kernel.org>

commit 0bc81767c5bd9d005fae1099fb39eb3688370cb1 upstream.

When the ARM accelerated ChaCha driver is built as part of a configuration
that has kernel mode NEON disabled, we expect the compiler to propagate
the build time constant expression IS_ENABLED(CONFIG_KERNEL_MODE_NEON) in
a way that eliminates all the cross-object references to the actual NEON
routines, which allows the chacha-neon-core.o object to be omitted from
the build entirely.

Unfortunately, this fails to work as expected in some cases, and we may
end up with a build error such as

  chacha-glue.c:(.text+0xc0): undefined reference to `chacha_4block_xor_neon'

caused by the fact that chacha_doneon() has not been eliminated from the
object code, even though it will never be called in practice.

Let's fix this by adding some IS_ENABLED(CONFIG_KERNEL_MODE_NEON) tests
that are not strictly needed from a logical point of view, but should
help the compiler infer that the NEON code paths are unreachable in
those cases.

Fixes: b36d8c09e710c71f ("crypto: arm/chacha - remove dependency on generic ...")
Reported-by: Russell King <linux@armlinux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/crypto/chacha-glue.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/arm/crypto/chacha-glue.c
+++ b/arch/arm/crypto/chacha-glue.c
@@ -115,7 +115,7 @@ static int chacha_stream_xor(struct skci
 		if (nbytes < walk.total)
 			nbytes = round_down(nbytes, walk.stride);
 
-		if (!neon) {
+		if (!IS_ENABLED(CONFIG_KERNEL_MODE_NEON) || !neon) {
 			chacha_doarm(walk.dst.virt.addr, walk.src.virt.addr,
 				     nbytes, state, ctx->nrounds);
 			state[12] += DIV_ROUND_UP(nbytes, CHACHA_BLOCK_SIZE);
@@ -159,7 +159,7 @@ static int do_xchacha(struct skcipher_re
 
 	chacha_init_generic(state, ctx->key, req->iv);
 
-	if (!neon) {
+	if (!IS_ENABLED(CONFIG_KERNEL_MODE_NEON) || !neon) {
 		hchacha_block_arm(state, subctx.key, ctx->nrounds);
 	} else {
 		kernel_neon_begin();



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 085/120] KVM: arm/arm64: Fix young bit from mmu notifier
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (83 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 084/120] crypto: arm/chacha - fix build failured when kernel mode NEON is disabled Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 086/120] KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests Greg Kroah-Hartman
                   ` (39 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gavin Shan, Marc Zyngier

From: Gavin Shan <gshan@redhat.com>

commit cf2d23e0bac9f6b5cd1cba8898f5f05ead40e530 upstream.

kvm_test_age_hva() is called upon mmu_notifier_test_young(), but wrong
address range has been passed to handle_hva_to_gpa(). With the wrong
address range, no young bits will be checked in handle_hva_to_gpa().
It means zero is always returned from mmu_notifier_test_young().

This fixes the issue by passing correct address range to the underly
function handle_hva_to_gpa(), so that the hardware young (access) bit
will be visited.

Fixes: 35307b9a5f7e ("arm/arm64: KVM: Implement Stage-2 page aging")
Signed-off-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200121055659.19560-1-gshan@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/arm/mmu.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/virt/kvm/arm/mmu.c
+++ b/virt/kvm/arm/mmu.c
@@ -2147,7 +2147,8 @@ int kvm_test_age_hva(struct kvm *kvm, un
 	if (!kvm->arch.pgd)
 		return 0;
 	trace_kvm_test_age_hva(hva);
-	return handle_hva_to_gpa(kvm, hva, hva, kvm_test_age_hva_handler, NULL);
+	return handle_hva_to_gpa(kvm, hva, hva + PAGE_SIZE,
+				 kvm_test_age_hva_handler, NULL);
 }
 
 void kvm_mmu_free_memory_caches(struct kvm_vcpu *vcpu)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 086/120] KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (84 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 085/120] KVM: arm/arm64: Fix young bit from mmu notifier Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 087/120] KVM: arm: Make inject_abt32() inject an external abort instead Greg Kroah-Hartman
                   ` (38 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Beata Michalska, James Morse, Marc Zyngier

From: James Morse <james.morse@arm.com>

commit 018f22f95e8a6c3e27188b7317ef2c70a34cb2cd upstream.

Beata reports that KVM_SET_VCPU_EVENTS doesn't inject the expected
exception to a non-LPAE aarch32 guest.

The host intends to inject DFSR.FS=0x14 "IMPLEMENTATION DEFINED fault
(Lockdown fault)", but the guest receives DFSR.FS=0x04 "Fault on
instruction cache maintenance". This fault is hooked by
do_translation_fault() since ARMv6, which goes on to silently 'handle'
the exception, and restart the faulting instruction.

It turns out, when TTBCR.EAE is clear DFSR is split, and FS[4] has
to shuffle up to DFSR[10].

As KVM only does this in one place, fix up the static values. We
now get the expected:
| Unhandled fault: lock abort (0x404) at 0x9c800f00

Fixes: 74a64a981662a ("KVM: arm/arm64: Unify 32bit fault injection")
Reported-by: Beata Michalska <beata.michalska@linaro.org>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200121123356.203000-2-james.morse@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/arm/aarch32.c |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

--- a/virt/kvm/arm/aarch32.c
+++ b/virt/kvm/arm/aarch32.c
@@ -181,10 +181,12 @@ static void inject_abt32(struct kvm_vcpu
 
 	/* Give the guest an IMPLEMENTATION DEFINED exception */
 	is_lpae = (vcpu_cp15(vcpu, c2_TTBCR) >> 31);
-	if (is_lpae)
+	if (is_lpae) {
 		*fsr = 1 << 9 | 0x34;
-	else
-		*fsr = 0x14;
+	} else {
+		/* Surprise! DFSR's FS[4] lives in bit 10 */
+		*fsr = BIT(10) | 0x4; /* 0x14 */
+	}
 }
 
 void kvm_inject_dabt32(struct kvm_vcpu *vcpu, unsigned long addr)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 087/120] KVM: arm: Make inject_abt32() inject an external abort instead
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (85 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 086/120] KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 088/120] KVM: arm64: pmu: Dont increment SW_INCR if PMCR.E is unset Greg Kroah-Hartman
                   ` (37 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Beata Michalska, James Morse, Marc Zyngier

From: James Morse <james.morse@arm.com>

commit 21aecdbd7f3ab02c9b82597dc733ee759fb8b274 upstream.

KVM's inject_abt64() injects an external-abort into an aarch64 guest.
The KVM_CAP_ARM_INJECT_EXT_DABT is intended to do exactly this, but
for an aarch32 guest inject_abt32() injects an implementation-defined
exception, 'Lockdown fault'.

Change this to external abort. For non-LPAE we now get the documented:
| Unhandled fault: external abort on non-linefetch (0x008) at 0x9c800f00
and for LPAE:
| Unhandled fault: synchronous external abort (0x210) at 0x9c800f00

Fixes: 74a64a981662a ("KVM: arm/arm64: Unify 32bit fault injection")
Reported-by: Beata Michalska <beata.michalska@linaro.org>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200121123356.203000-3-james.morse@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/arm/aarch32.c |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

--- a/virt/kvm/arm/aarch32.c
+++ b/virt/kvm/arm/aarch32.c
@@ -15,6 +15,10 @@
 #include <asm/kvm_emulate.h>
 #include <asm/kvm_hyp.h>
 
+#define DFSR_FSC_EXTABT_LPAE	0x10
+#define DFSR_FSC_EXTABT_nLPAE	0x08
+#define DFSR_LPAE		BIT(9)
+
 /*
  * Table taken from ARMv8 ARM DDI0487B-B, table G1-10.
  */
@@ -182,10 +186,10 @@ static void inject_abt32(struct kvm_vcpu
 	/* Give the guest an IMPLEMENTATION DEFINED exception */
 	is_lpae = (vcpu_cp15(vcpu, c2_TTBCR) >> 31);
 	if (is_lpae) {
-		*fsr = 1 << 9 | 0x34;
+		*fsr = DFSR_LPAE | DFSR_FSC_EXTABT_LPAE;
 	} else {
-		/* Surprise! DFSR's FS[4] lives in bit 10 */
-		*fsr = BIT(10) | 0x4; /* 0x14 */
+		/* no need to shuffle FS[4] into DFSR[10] as its 0 */
+		*fsr = DFSR_FSC_EXTABT_nLPAE;
 	}
 }
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 088/120] KVM: arm64: pmu: Dont increment SW_INCR if PMCR.E is unset
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (86 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 087/120] KVM: arm: Make inject_abt32() inject an external abort instead Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 089/120] KVM: arm64: pmu: Fix chained SW_INCR counters Greg Kroah-Hartman
                   ` (36 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Eric Auger, Marc Zyngier, Andrew Murray

From: Eric Auger <eric.auger@redhat.com>

commit 3837407c1aa1101ed5e214c7d6041e7a23335c6e upstream.

The specification says PMSWINC increments PMEVCNTR<n>_EL1 by 1
if PMEVCNTR<n>_EL0 is enabled and configured to count SW_INCR.

For PMEVCNTR<n>_EL0 to be enabled, we need both PMCNTENSET to
be set for the corresponding event counter but we also need
the PMCR.E bit to be set.

Fixes: 7a0adc7064b8 ("arm64: KVM: Add access handler for PMSWINC register")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Andrew Murray <andrew.murray@arm.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200124142535.29386-2-eric.auger@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/arm/pmu.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/virt/kvm/arm/pmu.c
+++ b/virt/kvm/arm/pmu.c
@@ -486,6 +486,9 @@ void kvm_pmu_software_increment(struct k
 	if (val == 0)
 		return;
 
+	if (!(__vcpu_sys_reg(vcpu, PMCR_EL0) & ARMV8_PMU_PMCR_E))
+		return;
+
 	enable = __vcpu_sys_reg(vcpu, PMCNTENSET_EL0);
 	for (i = 0; i < ARMV8_PMU_CYCLE_IDX; i++) {
 		if (!(val & BIT(i)))



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 089/120] KVM: arm64: pmu: Fix chained SW_INCR counters
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (87 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 088/120] KVM: arm64: pmu: Dont increment SW_INCR if PMCR.E is unset Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 090/120] KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer Greg Kroah-Hartman
                   ` (35 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Auger, Marc Zyngier

From: Eric Auger <eric.auger@redhat.com>

commit aa76829171e98bd75a0cc00b6248eca269ac7f4f upstream.

At the moment a SW_INCR counter always overflows on 32-bit
boundary, independently on whether the n+1th counter is
programmed as CHAIN.

Check whether the SW_INCR counter is a 64b counter and if so,
implement the 64b logic.

Fixes: 80f393a23be6 ("KVM: arm/arm64: Support chained PMU counters")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20200124142535.29386-4-eric.auger@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/arm/pmu.c |   43 ++++++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 13 deletions(-)

--- a/virt/kvm/arm/pmu.c
+++ b/virt/kvm/arm/pmu.c
@@ -480,28 +480,45 @@ static void kvm_pmu_perf_overflow(struct
  */
 void kvm_pmu_software_increment(struct kvm_vcpu *vcpu, u64 val)
 {
+	struct kvm_pmu *pmu = &vcpu->arch.pmu;
 	int i;
-	u64 type, enable, reg;
-
-	if (val == 0)
-		return;
 
 	if (!(__vcpu_sys_reg(vcpu, PMCR_EL0) & ARMV8_PMU_PMCR_E))
 		return;
 
-	enable = __vcpu_sys_reg(vcpu, PMCNTENSET_EL0);
+	/* Weed out disabled counters */
+	val &= __vcpu_sys_reg(vcpu, PMCNTENSET_EL0);
+
 	for (i = 0; i < ARMV8_PMU_CYCLE_IDX; i++) {
+		u64 type, reg;
+
 		if (!(val & BIT(i)))
 			continue;
-		type = __vcpu_sys_reg(vcpu, PMEVTYPER0_EL0 + i)
-		       & ARMV8_PMU_EVTYPE_EVENT;
-		if ((type == ARMV8_PMUV3_PERFCTR_SW_INCR)
-		    && (enable & BIT(i))) {
-			reg = __vcpu_sys_reg(vcpu, PMEVCNTR0_EL0 + i) + 1;
+
+		/* PMSWINC only applies to ... SW_INC! */
+		type = __vcpu_sys_reg(vcpu, PMEVTYPER0_EL0 + i);
+		type &= ARMV8_PMU_EVTYPE_EVENT;
+		if (type != ARMV8_PMUV3_PERFCTR_SW_INCR)
+			continue;
+
+		/* increment this even SW_INC counter */
+		reg = __vcpu_sys_reg(vcpu, PMEVCNTR0_EL0 + i) + 1;
+		reg = lower_32_bits(reg);
+		__vcpu_sys_reg(vcpu, PMEVCNTR0_EL0 + i) = reg;
+
+		if (reg) /* no overflow on the low part */
+			continue;
+
+		if (kvm_pmu_pmc_is_chained(&pmu->pmc[i])) {
+			/* increment the high counter */
+			reg = __vcpu_sys_reg(vcpu, PMEVCNTR0_EL0 + i + 1) + 1;
 			reg = lower_32_bits(reg);
-			__vcpu_sys_reg(vcpu, PMEVCNTR0_EL0 + i) = reg;
-			if (!reg)
-				__vcpu_sys_reg(vcpu, PMOVSSET_EL0) |= BIT(i);
+			__vcpu_sys_reg(vcpu, PMEVCNTR0_EL0 + i + 1) = reg;
+			if (!reg) /* mark overflow on the high counter */
+				__vcpu_sys_reg(vcpu, PMOVSSET_EL0) |= BIT(i + 1);
+		} else {
+			/* mark overflow on low counter */
+			__vcpu_sys_reg(vcpu, PMOVSSET_EL0) |= BIT(i);
 		}
 	}
 }



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 090/120] KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (88 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 089/120] KVM: arm64: pmu: Fix chained SW_INCR counters Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 091/120] arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly Greg Kroah-Hartman
                   ` (34 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexandru Elisei, Marc Zyngier

From: Alexandru Elisei <alexandru.elisei@arm.com>

commit 4a267aa707953a9a73d1f5dc7f894dd9024a92be upstream.

According to the ARM ARM, registers CNT{P,V}_TVAL_EL0 have bits [63:32]
RES0 [1]. When reading the register, the value is truncated to the least
significant 32 bits [2], and on writes, TimerValue is treated as a signed
32-bit integer [1, 2].

When the guest behaves correctly and writes 32-bit values, treating TVAL
as an unsigned 64 bit register works as expected. However, things start
to break down when the guest writes larger values, because
(u64)0x1_ffff_ffff = 8589934591. but (s32)0x1_ffff_ffff = -1, and the
former will cause the timer interrupt to be asserted in the future, but
the latter will cause it to be asserted now.  Let's treat TVAL as a
signed 32-bit register on writes, to match the behaviour described in
the architecture, and the behaviour experimentally exhibited by the
virtual timer on a non-vhe host.

[1] Arm DDI 0487E.a, section D13.8.18
[2] Arm DDI 0487E.a, section D11.2.4

Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
[maz: replaced the read-side mask with lower_32_bits]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Fixes: 8fa761624871 ("KVM: arm/arm64: arch_timer: Fix CNTP_TVAL calculation")
Link: https://lore.kernel.org/r/20200127103652.2326-1-alexandru.elisei@arm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 virt/kvm/arm/arch_timer.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/virt/kvm/arm/arch_timer.c
+++ b/virt/kvm/arm/arch_timer.c
@@ -805,6 +805,7 @@ static u64 kvm_arm_timer_read(struct kvm
 	switch (treg) {
 	case TIMER_REG_TVAL:
 		val = timer->cnt_cval - kvm_phys_timer_read() + timer->cntvoff;
+		val &= lower_32_bits(val);
 		break;
 
 	case TIMER_REG_CTL:
@@ -850,7 +851,7 @@ static void kvm_arm_timer_write(struct k
 {
 	switch (treg) {
 	case TIMER_REG_TVAL:
-		timer->cnt_cval = kvm_phys_timer_read() - timer->cntvoff + val;
+		timer->cnt_cval = kvm_phys_timer_read() - timer->cntvoff + (s32)val;
 		break;
 
 	case TIMER_REG_CTL:



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 091/120] arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (89 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 090/120] KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 092/120] arm64: kvm: Fix IDMAP overlap with HYP VA Greg Kroah-Hartman
                   ` (33 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Will Deacon, Mark Rutland,
	Ard Biesheuvel, Catalin Marinas, Marc Zyngier, Suzuki K Poulose

From: Suzuki K Poulose <suzuki.poulose@arm.com>

commit 52f73c383b2418f2d31b798e765ae7d596c35021 upstream.

We detect the absence of FP/SIMD after an incapable CPU is brought up,
and by then we have kernel threads running already with TIF_FOREIGN_FPSTATE set
which could be set for early userspace applications (e.g, modprobe triggered
from initramfs) and init. This could cause the applications to loop forever in
do_nofity_resume() as we never clear the TIF flag, once we now know that
we don't support FP.

Fix this by making sure that we clear the TIF_FOREIGN_FPSTATE flag
for tasks which may have them set, as we would have done in the normal
case, but avoiding touching the hardware state (since we don't support any).

Also to make sure we handle the cases seemlessly we categorise the
helper functions to two :
 1) Helpers for common core code, which calls into take appropriate
    actions without knowing the current FPSIMD state of the CPU/task.

    e.g fpsimd_restore_current_state(), fpsimd_flush_task_state(),
        fpsimd_save_and_flush_cpu_state().

    We bail out early for these functions, taking any appropriate actions
    (e.g, clearing the TIF flag) where necessary to hide the handling
    from core code.

 2) Helpers used when the presence of FP/SIMD is apparent.
    i.e, save/restore the FP/SIMD register state, modify the CPU/task
    FP/SIMD state.
    e.g,

    fpsimd_save(), task_fpsimd_load() - save/restore task FP/SIMD registers

    fpsimd_bind_task_to_cpu()  \
                                - Update the "state" metadata for CPU/task.
    fpsimd_bind_state_to_cpu() /

    fpsimd_update_current_state() - Update the fp/simd state for the current
                                    task from memory.

    These must not be called in the absence of FP/SIMD. Put in a WARNING
    to make sure they are not invoked in the absence of FP/SIMD.

KVM also uses the TIF_FOREIGN_FPSTATE flag to manage the FP/SIMD state
on the CPU. However, without FP/SIMD support we trap all accesses and
inject undefined instruction. Thus we should never "load" guest state.
Add a sanity check to make sure this is valid.

Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD")
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/fpsimd.c  |   30 +++++++++++++++++++++++++++---
 arch/arm64/kvm/hyp/switch.c |   10 +++++++++-
 2 files changed, 36 insertions(+), 4 deletions(-)

--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -269,6 +269,7 @@ static void sve_free(struct task_struct
  */
 static void task_fpsimd_load(void)
 {
+	WARN_ON(!system_supports_fpsimd());
 	WARN_ON(!have_cpu_fpsimd_context());
 
 	if (system_supports_sve() && test_thread_flag(TIF_SVE))
@@ -289,6 +290,7 @@ static void fpsimd_save(void)
 		this_cpu_ptr(&fpsimd_last_state);
 	/* set by fpsimd_bind_task_to_cpu() or fpsimd_bind_state_to_cpu() */
 
+	WARN_ON(!system_supports_fpsimd());
 	WARN_ON(!have_cpu_fpsimd_context());
 
 	if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {
@@ -1092,6 +1094,7 @@ void fpsimd_bind_task_to_cpu(void)
 	struct fpsimd_last_state_struct *last =
 		this_cpu_ptr(&fpsimd_last_state);
 
+	WARN_ON(!system_supports_fpsimd());
 	last->st = &current->thread.uw.fpsimd_state;
 	last->sve_state = current->thread.sve_state;
 	last->sve_vl = current->thread.sve_vl;
@@ -1114,6 +1117,7 @@ void fpsimd_bind_state_to_cpu(struct use
 	struct fpsimd_last_state_struct *last =
 		this_cpu_ptr(&fpsimd_last_state);
 
+	WARN_ON(!system_supports_fpsimd());
 	WARN_ON(!in_softirq() && !irqs_disabled());
 
 	last->st = st;
@@ -1128,8 +1132,19 @@ void fpsimd_bind_state_to_cpu(struct use
  */
 void fpsimd_restore_current_state(void)
 {
-	if (!system_supports_fpsimd())
+	/*
+	 * For the tasks that were created before we detected the absence of
+	 * FP/SIMD, the TIF_FOREIGN_FPSTATE could be set via fpsimd_thread_switch(),
+	 * e.g, init. This could be then inherited by the children processes.
+	 * If we later detect that the system doesn't support FP/SIMD,
+	 * we must clear the flag for  all the tasks to indicate that the
+	 * FPSTATE is clean (as we can't have one) to avoid looping for ever in
+	 * do_notify_resume().
+	 */
+	if (!system_supports_fpsimd()) {
+		clear_thread_flag(TIF_FOREIGN_FPSTATE);
 		return;
+	}
 
 	get_cpu_fpsimd_context();
 
@@ -1148,7 +1163,7 @@ void fpsimd_restore_current_state(void)
  */
 void fpsimd_update_current_state(struct user_fpsimd_state const *state)
 {
-	if (!system_supports_fpsimd())
+	if (WARN_ON(!system_supports_fpsimd()))
 		return;
 
 	get_cpu_fpsimd_context();
@@ -1179,7 +1194,13 @@ void fpsimd_update_current_state(struct
 void fpsimd_flush_task_state(struct task_struct *t)
 {
 	t->thread.fpsimd_cpu = NR_CPUS;
-
+	/*
+	 * If we don't support fpsimd, bail out after we have
+	 * reset the fpsimd_cpu for this task and clear the
+	 * FPSTATE.
+	 */
+	if (!system_supports_fpsimd())
+		return;
 	barrier();
 	set_tsk_thread_flag(t, TIF_FOREIGN_FPSTATE);
 
@@ -1193,6 +1214,7 @@ void fpsimd_flush_task_state(struct task
  */
 static void fpsimd_flush_cpu_state(void)
 {
+	WARN_ON(!system_supports_fpsimd());
 	__this_cpu_write(fpsimd_last_state.st, NULL);
 	set_thread_flag(TIF_FOREIGN_FPSTATE);
 }
@@ -1203,6 +1225,8 @@ static void fpsimd_flush_cpu_state(void)
  */
 void fpsimd_save_and_flush_cpu_state(void)
 {
+	if (!system_supports_fpsimd())
+		return;
 	WARN_ON(preemptible());
 	__get_cpu_fpsimd_context();
 	fpsimd_save();
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -28,7 +28,15 @@
 /* Check whether the FP regs were dirtied while in the host-side run loop: */
 static bool __hyp_text update_fp_enabled(struct kvm_vcpu *vcpu)
 {
-	if (vcpu->arch.host_thread_info->flags & _TIF_FOREIGN_FPSTATE)
+	/*
+	 * When the system doesn't support FP/SIMD, we cannot rely on
+	 * the _TIF_FOREIGN_FPSTATE flag. However, we always inject an
+	 * abort on the very first access to FP and thus we should never
+	 * see KVM_ARM64_FP_ENABLED. For added safety, make sure we always
+	 * trap the accesses.
+	 */
+	if (!system_supports_fpsimd() ||
+	    vcpu->arch.host_thread_info->flags & _TIF_FOREIGN_FPSTATE)
 		vcpu->arch.flags &= ~(KVM_ARM64_FP_ENABLED |
 				      KVM_ARM64_FP_HOST);
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 092/120] arm64: kvm: Fix IDMAP overlap with HYP VA
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (90 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 091/120] arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 093/120] mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock Greg Kroah-Hartman
                   ` (32 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Russell King, Marc Zyngier

From: Russell King <rmk+kernel@armlinux.org.uk>

commit f5523423defb0d929e23813c8dd16c0131043a8c upstream.

Booting 5.4 on LX2160A reveals that KVM is non-functional:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP intersecting with HYP VA, unable to continue
kvm [1]: error initializing Hyp mode: -22

Debugging shows:

kvm [1]: IDMAP page: 81a26000
kvm [1]: HYP VA range: 0:22ffffffff

as RAM is located at:

80000000-fbdfffff : System RAM
2080000000-237fffffff : System RAM

Comparing this with the same kernel on Armada 8040 shows:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP page: 2a26000
kvm [1]: HYP VA range: 4800000000:493fffffff
...
kvm [1]: Hyp mode initialized successfully

which indicates that hyp_va_msb is set, and is always set to the
opposite value of the idmap page to avoid the overlap. This does not
happen with the LX2160A.

Further debugging shows vabits_actual = 39, kva_msb = 38 on LX2160A and
kva_msb = 33 on Armada 8040. Looking at the bit layout of the HYP VA,
there is still one bit available for hyp_va_msb. Set this bit
appropriately. This allows KVM to be functional on the LX2160A, but
without any HYP VA randomisation:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP page: 81a24000
kvm [1]: HYP VA range: 4000000000:62ffffffff
...
kvm [1]: Hyp mode initialized successfully

Fixes: ed57cac83e05 ("arm64: KVM: Introduce EL2 VA randomisation")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
[maz: small additional cleanups, preserved case where the tag
 is legitimately 0 and we can just use the mask, Fixes tag]
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/E1ilAiY-0000MA-RG@rmk-PC.armlinux.org.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kvm/va_layout.c |   56 ++++++++++++++++++++-------------------------
 1 file changed, 25 insertions(+), 31 deletions(-)

--- a/arch/arm64/kvm/va_layout.c
+++ b/arch/arm64/kvm/va_layout.c
@@ -13,52 +13,46 @@
 #include <asm/kvm_mmu.h>
 
 /*
- * The LSB of the random hyp VA tag or 0 if no randomization is used.
+ * The LSB of the HYP VA tag
  */
 static u8 tag_lsb;
 /*
- * The random hyp VA tag value with the region bit if hyp randomization is used
+ * The HYP VA tag value with the region bit
  */
 static u64 tag_val;
 static u64 va_mask;
 
+/*
+ * We want to generate a hyp VA with the following format (with V ==
+ * vabits_actual):
+ *
+ *  63 ... V |     V-1    | V-2 .. tag_lsb | tag_lsb - 1 .. 0
+ *  ---------------------------------------------------------
+ * | 0000000 | hyp_va_msb |   random tag   |  kern linear VA |
+ *           |--------- tag_val -----------|----- va_mask ---|
+ *
+ * which does not conflict with the idmap regions.
+ */
 __init void kvm_compute_layout(void)
 {
 	phys_addr_t idmap_addr = __pa_symbol(__hyp_idmap_text_start);
 	u64 hyp_va_msb;
-	int kva_msb;
 
 	/* Where is my RAM region? */
 	hyp_va_msb  = idmap_addr & BIT(vabits_actual - 1);
 	hyp_va_msb ^= BIT(vabits_actual - 1);
 
-	kva_msb = fls64((u64)phys_to_virt(memblock_start_of_DRAM()) ^
+	tag_lsb = fls64((u64)phys_to_virt(memblock_start_of_DRAM()) ^
 			(u64)(high_memory - 1));
 
-	if (kva_msb == (vabits_actual - 1)) {
-		/*
-		 * No space in the address, let's compute the mask so
-		 * that it covers (vabits_actual - 1) bits, and the region
-		 * bit. The tag stays set to zero.
-		 */
-		va_mask  = BIT(vabits_actual - 1) - 1;
-		va_mask |= hyp_va_msb;
-	} else {
-		/*
-		 * We do have some free bits to insert a random tag.
-		 * Hyp VAs are now created from kernel linear map VAs
-		 * using the following formula (with V == vabits_actual):
-		 *
-		 *  63 ... V |     V-1    | V-2 .. tag_lsb | tag_lsb - 1 .. 0
-		 *  ---------------------------------------------------------
-		 * | 0000000 | hyp_va_msb |    random tag  |  kern linear VA |
-		 */
-		tag_lsb = kva_msb;
-		va_mask = GENMASK_ULL(tag_lsb - 1, 0);
-		tag_val = get_random_long() & GENMASK_ULL(vabits_actual - 2, tag_lsb);
-		tag_val |= hyp_va_msb;
-		tag_val >>= tag_lsb;
+	va_mask = GENMASK_ULL(tag_lsb - 1, 0);
+	tag_val = hyp_va_msb;
+
+	if (tag_lsb != (vabits_actual - 1)) {
+		/* We have some free bits to insert a random tag. */
+		tag_val |= get_random_long() & GENMASK_ULL(vabits_actual - 2, tag_lsb);
 	}
+	tag_val >>= tag_lsb;
 }
 
 static u32 compute_instruction(int n, u32 rd, u32 rn)
@@ -117,11 +111,11 @@ void __init kvm_update_va_mask(struct al
 		 * VHE doesn't need any address translation, let's NOP
 		 * everything.
 		 *
-		 * Alternatively, if we don't have any spare bits in
-		 * the address, NOP everything after masking that
-		 * kernel VA.
+		 * Alternatively, if the tag is zero (because the layout
+		 * dictates it and we don't have any spare bits in the
+		 * address), NOP everything after masking the kernel VA.
 		 */
-		if (has_vhe() || (!tag_lsb && i > 0)) {
+		if (has_vhe() || (!tag_val && i > 0)) {
 			updptr[i] = cpu_to_le32(aarch64_insn_gen_nop());
 			continue;
 		}



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 093/120] mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (91 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 092/120] arm64: kvm: Fix IDMAP overlap with HYP VA Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 094/120] mtd: sharpslpart: Fix unsigned comparison to zero Greg Kroah-Hartman
                   ` (31 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Miquel Raynal

From: Nathan Chancellor <natechancellor@gmail.com>

commit 0e7ca83e82d021c928dadf4c13c137d57337540d upstream.

Clang warns:

../drivers/mtd/nand/onenand/onenand_base.c:1269:3: warning: misleading
indentation; statement is not part of the previous 'if'
[-Wmisleading-indentation]
        while (!ret) {
        ^
../drivers/mtd/nand/onenand/onenand_base.c:1266:2: note: previous
statement is here
        if (column + thislen > writesize)
        ^
1 warning generated.

This warning occurs because there is a space before the tab of the while
loop. There are spaces at the beginning of a lot of the lines in this
block, remove them so that the indentation is consistent with the Linux
kernel coding style and clang no longer warns.

Fixes: a8de85d55700 ("[MTD] OneNAND: Implement read-while-load")
Link: https://github.com/ClangBuiltLinux/linux/issues/794
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mtd/nand/onenand/onenand_base.c |   82 ++++++++++++++++----------------
 1 file changed, 41 insertions(+), 41 deletions(-)

--- a/drivers/mtd/nand/onenand/onenand_base.c
+++ b/drivers/mtd/nand/onenand/onenand_base.c
@@ -1248,44 +1248,44 @@ static int onenand_read_ops_nolock(struc
 
 	stats = mtd->ecc_stats;
 
- 	/* Read-while-load method */
+	/* Read-while-load method */
 
- 	/* Do first load to bufferRAM */
- 	if (read < len) {
- 		if (!onenand_check_bufferram(mtd, from)) {
+	/* Do first load to bufferRAM */
+	if (read < len) {
+		if (!onenand_check_bufferram(mtd, from)) {
 			this->command(mtd, ONENAND_CMD_READ, from, writesize);
- 			ret = this->wait(mtd, FL_READING);
- 			onenand_update_bufferram(mtd, from, !ret);
+			ret = this->wait(mtd, FL_READING);
+			onenand_update_bufferram(mtd, from, !ret);
 			if (mtd_is_eccerr(ret))
 				ret = 0;
- 		}
- 	}
+		}
+	}
 
 	thislen = min_t(int, writesize, len - read);
 	column = from & (writesize - 1);
 	if (column + thislen > writesize)
 		thislen = writesize - column;
 
- 	while (!ret) {
- 		/* If there is more to load then start next load */
- 		from += thislen;
- 		if (read + thislen < len) {
+	while (!ret) {
+		/* If there is more to load then start next load */
+		from += thislen;
+		if (read + thislen < len) {
 			this->command(mtd, ONENAND_CMD_READ, from, writesize);
- 			/*
- 			 * Chip boundary handling in DDP
- 			 * Now we issued chip 1 read and pointed chip 1
+			/*
+			 * Chip boundary handling in DDP
+			 * Now we issued chip 1 read and pointed chip 1
 			 * bufferram so we have to point chip 0 bufferram.
- 			 */
- 			if (ONENAND_IS_DDP(this) &&
- 			    unlikely(from == (this->chipsize >> 1))) {
- 				this->write_word(ONENAND_DDP_CHIP0, this->base + ONENAND_REG_START_ADDRESS2);
- 				boundary = 1;
- 			} else
- 				boundary = 0;
- 			ONENAND_SET_PREV_BUFFERRAM(this);
- 		}
- 		/* While load is going, read from last bufferRAM */
- 		this->read_bufferram(mtd, ONENAND_DATARAM, buf, column, thislen);
+			 */
+			if (ONENAND_IS_DDP(this) &&
+			    unlikely(from == (this->chipsize >> 1))) {
+				this->write_word(ONENAND_DDP_CHIP0, this->base + ONENAND_REG_START_ADDRESS2);
+				boundary = 1;
+			} else
+				boundary = 0;
+			ONENAND_SET_PREV_BUFFERRAM(this);
+		}
+		/* While load is going, read from last bufferRAM */
+		this->read_bufferram(mtd, ONENAND_DATARAM, buf, column, thislen);
 
 		/* Read oob area if needed */
 		if (oobbuf) {
@@ -1301,24 +1301,24 @@ static int onenand_read_ops_nolock(struc
 			oobcolumn = 0;
 		}
 
- 		/* See if we are done */
- 		read += thislen;
- 		if (read == len)
- 			break;
- 		/* Set up for next read from bufferRAM */
- 		if (unlikely(boundary))
- 			this->write_word(ONENAND_DDP_CHIP1, this->base + ONENAND_REG_START_ADDRESS2);
- 		ONENAND_SET_NEXT_BUFFERRAM(this);
- 		buf += thislen;
+		/* See if we are done */
+		read += thislen;
+		if (read == len)
+			break;
+		/* Set up for next read from bufferRAM */
+		if (unlikely(boundary))
+			this->write_word(ONENAND_DDP_CHIP1, this->base + ONENAND_REG_START_ADDRESS2);
+		ONENAND_SET_NEXT_BUFFERRAM(this);
+		buf += thislen;
 		thislen = min_t(int, writesize, len - read);
- 		column = 0;
- 		cond_resched();
- 		/* Now wait for load */
- 		ret = this->wait(mtd, FL_READING);
- 		onenand_update_bufferram(mtd, from, !ret);
+		column = 0;
+		cond_resched();
+		/* Now wait for load */
+		ret = this->wait(mtd, FL_READING);
+		onenand_update_bufferram(mtd, from, !ret);
 		if (mtd_is_eccerr(ret))
 			ret = 0;
- 	}
+	}
 
 	/*
 	 * Return success, if no ECC failures, else -EBADMSG



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 094/120] mtd: sharpslpart: Fix unsigned comparison to zero
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (92 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 093/120] mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 095/120] crypto: testmgr - dont try to decrypt uninitialized buffers Greg Kroah-Hartman
                   ` (30 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, YueHaibing, Miquel Raynal

From: YueHaibing <yuehaibing@huawei.com>

commit f33113b542219448fa02d77ca1c6f4265bd7f130 upstream.

The unsigned variable log_num is being assigned a return value
from the call to sharpsl_nand_get_logical_num that can return
-EINVAL.

Detected using Coccinelle:
./drivers/mtd/parsers/sharpslpart.c:207:6-13: WARNING: Unsigned expression compared with zero: log_num > 0

Fixes: 8a4580e4d298 ("mtd: sharpslpart: Add sharpslpart partition parser")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mtd/parsers/sharpslpart.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/mtd/parsers/sharpslpart.c
+++ b/drivers/mtd/parsers/sharpslpart.c
@@ -165,10 +165,10 @@ static int sharpsl_nand_get_logical_num(
 
 static int sharpsl_nand_init_ftl(struct mtd_info *mtd, struct sharpsl_ftl *ftl)
 {
-	unsigned int block_num, log_num, phymax;
+	unsigned int block_num, phymax;
+	int i, ret, log_num;
 	loff_t block_adr;
 	u8 *oob;
-	int i, ret;
 
 	oob = kzalloc(mtd->oobsize, GFP_KERNEL);
 	if (!oob)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 095/120] crypto: testmgr - dont try to decrypt uninitialized buffers
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (93 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 094/120] mtd: sharpslpart: Fix unsigned comparison to zero Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 096/120] crypto: artpec6 - return correct error code for failed setkey() Greg Kroah-Hartman
                   ` (29 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Pascal Van Leeuwen, Eric Biggers, Herbert Xu

From: Eric Biggers <ebiggers@google.com>

commit eb455dbd02cb1074b37872ffca30a81cb2a18eaa upstream.

Currently if the comparison fuzz tests encounter an encryption error
when generating an skcipher or AEAD test vector, they will still test
the decryption side (passing it the uninitialized ciphertext buffer)
and expect it to fail with the same error.

This is sort of broken because it's not well-defined usage of the API to
pass an uninitialized buffer, and furthermore in the AEAD case it's
acceptable for the decryption error to be EBADMSG (meaning "inauthentic
input") even if the encryption error was something else like EINVAL.

Fix this for skcipher by explicitly initializing the ciphertext buffer
on error, and for AEAD by skipping the decryption test on error.

Reported-by: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
Fixes: d435e10e67be ("crypto: testmgr - fuzz skciphers against their generic implementation")
Fixes: 40153b10d91c ("crypto: testmgr - fuzz AEADs against their generic implementation")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/testmgr.c |   20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2102,6 +2102,7 @@ static void generate_random_aead_testvec
 	 * If the key or authentication tag size couldn't be set, no need to
 	 * continue to encrypt.
 	 */
+	vec->crypt_error = 0;
 	if (vec->setkey_error || vec->setauthsize_error)
 		goto done;
 
@@ -2245,10 +2246,12 @@ static int test_aead_vs_generic_impl(con
 					req, tsgls);
 		if (err)
 			goto out;
-		err = test_aead_vec_cfg(driver, DECRYPT, &vec, vec_name, cfg,
-					req, tsgls);
-		if (err)
-			goto out;
+		if (vec.crypt_error == 0) {
+			err = test_aead_vec_cfg(driver, DECRYPT, &vec, vec_name,
+						cfg, req, tsgls);
+			if (err)
+				goto out;
+		}
 		cond_resched();
 	}
 	err = 0;
@@ -2678,6 +2681,15 @@ static void generate_random_cipher_testv
 	skcipher_request_set_callback(req, 0, crypto_req_done, &wait);
 	skcipher_request_set_crypt(req, &src, &dst, vec->len, iv);
 	vec->crypt_error = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
+	if (vec->crypt_error != 0) {
+		/*
+		 * The only acceptable error here is for an invalid length, so
+		 * skcipher decryption should fail with the same error too.
+		 * We'll test for this.  But to keep the API usage well-defined,
+		 * explicitly initialize the ciphertext buffer too.
+		 */
+		memset((u8 *)vec->ctext, 0, vec->len);
+	}
 done:
 	snprintf(name, max_namelen, "\"random: len=%u klen=%u\"",
 		 vec->len, vec->klen);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 096/120] crypto: artpec6 - return correct error code for failed setkey()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (94 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 095/120] crypto: testmgr - dont try to decrypt uninitialized buffers Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 097/120] crypto: atmel-sha - fix error handling when setting hmac key Greg Kroah-Hartman
                   ` (28 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Jesper Nilsson, Lars Persson,
	Eric Biggers, Herbert Xu

From: Eric Biggers <ebiggers@google.com>

commit b828f905904cd76424230c69741a4cabb0174168 upstream.

->setkey() is supposed to retun -EINVAL for invalid key lengths, not -1.

Fixes: a21eb94fc4d3 ("crypto: axis - add ARTPEC-6/7 crypto accelerator driver")
Cc: Jesper Nilsson <jesper.nilsson@axis.com>
Cc: Lars Persson <lars.persson@axis.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Lars Persson <lars.persson@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/crypto/axis/artpec6_crypto.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/crypto/axis/artpec6_crypto.c
+++ b/drivers/crypto/axis/artpec6_crypto.c
@@ -1251,7 +1251,7 @@ static int artpec6_crypto_aead_set_key(s
 
 	if (len != 16 && len != 24 && len != 32) {
 		crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
-		return -1;
+		return -EINVAL;
 	}
 
 	ctx->key_length = len;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 097/120] crypto: atmel-sha - fix error handling when setting hmac key
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (95 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 096/120] crypto: artpec6 - return correct error code for failed setkey() Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 098/120] crypto: caam/qi2 - fix typo in algorithms driver name Greg Kroah-Hartman
                   ` (27 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicolas Ferre, Alexandre Belloni,
	Ludovic Desroches, Eric Biggers, Tudor Ambarus, Herbert Xu

From: Eric Biggers <ebiggers@google.com>

commit b529f1983b2dcc46354f311feda92e07b6e9e2da upstream.

HMAC keys can be of any length, and atmel_sha_hmac_key_set() can only
fail due to -ENOMEM.  But atmel_sha_hmac_setkey() incorrectly treated
any error as a "bad key length" error.  Fix it to correctly propagate
the -ENOMEM error code and not set any tfm result flags.

Fixes: 81d8750b2b59 ("crypto: atmel-sha - add support to hmac(shaX)")
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/crypto/atmel-sha.c |    7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

--- a/drivers/crypto/atmel-sha.c
+++ b/drivers/crypto/atmel-sha.c
@@ -1918,12 +1918,7 @@ static int atmel_sha_hmac_setkey(struct
 {
 	struct atmel_sha_hmac_ctx *hmac = crypto_ahash_ctx(tfm);
 
-	if (atmel_sha_hmac_key_set(&hmac->hkey, key, keylen)) {
-		crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
-		return -EINVAL;
-	}
-
-	return 0;
+	return atmel_sha_hmac_key_set(&hmac->hkey, key, keylen);
 }
 
 static int atmel_sha_hmac_init(struct ahash_request *req)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 098/120] crypto: caam/qi2 - fix typo in algorithms driver name
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (96 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 097/120] crypto: atmel-sha - fix error handling when setting hmac key Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 099/120] drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe Greg Kroah-Hartman
                   ` (26 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Horia Geantă, Herbert Xu

From: Horia Geantă <horia.geanta@nxp.com>

commit 53146d152510584c2034c62778a7cbca25743ce9 upstream.

Fixes: 8d818c105501 ("crypto: caam/qi2 - add DPAA2-CAAM driver")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/crypto/caam/caamalg_qi2.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -2481,7 +2481,7 @@ static struct caam_aead_alg driver_aeads
 				.cra_name = "echainiv(authenc(hmac(sha256),"
 					    "cbc(des)))",
 				.cra_driver_name = "echainiv-authenc-"
-						   "hmac-sha256-cbc-desi-"
+						   "hmac-sha256-cbc-des-"
 						   "caam-qi2",
 				.cra_blocksize = DES_BLOCK_SIZE,
 			},



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 099/120] drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (97 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 098/120] crypto: caam/qi2 - fix typo in algorithms driver name Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 100/120] media: i2c: adv748x: Fix unsafe macros Greg Kroah-Hartman
                   ` (25 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Christophe Roullier, Guenter Roeck,
	Wim Van Sebroeck

From: Christophe Roullier <christophe.roullier@st.com>

commit 85fdc63fe256b595f923a69848cd99972ff446d8 upstream.

If the watchdog hardware is already enabled during the boot process,
when the Linux watchdog driver loads, it should start/reset the watchdog
and tell the watchdog framework. As a result, ping can be generated from
the watchdog framework (if CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED is set),
until the userspace watchdog daemon takes over control

Fixes:4332d113c66a ("watchdog: Add STM32 IWDG driver")

Signed-off-by: Christophe Roullier <christophe.roullier@st.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20191122132246.8473-1-christophe.roullier@st.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/watchdog/stm32_iwdg.c |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

--- a/drivers/watchdog/stm32_iwdg.c
+++ b/drivers/watchdog/stm32_iwdg.c
@@ -262,6 +262,24 @@ static int stm32_iwdg_probe(struct platf
 	watchdog_set_nowayout(wdd, WATCHDOG_NOWAYOUT);
 	watchdog_init_timeout(wdd, 0, dev);
 
+	/*
+	 * In case of CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED is set
+	 * (Means U-Boot/bootloaders leaves the watchdog running)
+	 * When we get here we should make a decision to prevent
+	 * any side effects before user space daemon will take care of it.
+	 * The best option, taking into consideration that there is no
+	 * way to read values back from hardware, is to enforce watchdog
+	 * being run with deterministic values.
+	 */
+	if (IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED)) {
+		ret = stm32_iwdg_start(wdd);
+		if (ret)
+			return ret;
+
+		/* Make sure the watchdog is serviced */
+		set_bit(WDOG_HW_RUNNING, &wdd->status);
+	}
+
 	ret = devm_watchdog_register_device(dev, wdd);
 	if (ret)
 		return ret;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 100/120] media: i2c: adv748x: Fix unsafe macros
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (98 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 099/120] drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 101/120] i2c: cros-ec-tunnel: Fix slave device enumeration Greg Kroah-Hartman
                   ` (24 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Vyukov, Gustavo A. R. Silva,
	Kieran Bingham, Hans Verkuil, Mauro Carvalho Chehab

From: Gustavo A. R. Silva <gustavo@embeddedor.com>

commit 0d962e061abcf1b9105f88fb850158b5887fbca3 upstream.

Enclose multiple macro parameters in parentheses in order to
make such macros safer and fix the Clang warning below:

drivers/media/i2c/adv748x/adv748x-afe.c:452:12: warning: operator '?:'
has lower precedence than '|'; '|' will be evaluated first
[-Wbitwise-conditional-parentheses]

ret = sdp_clrset(state, ADV748X_SDP_FRP, ADV748X_SDP_FRP_MASK, enable
? ctrl->val - 1 : 0);

Fixes: 3e89586a64df ("media: i2c: adv748x: add adv748x driver")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/media/i2c/adv748x/adv748x.h |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/media/i2c/adv748x/adv748x.h
+++ b/drivers/media/i2c/adv748x/adv748x.h
@@ -394,10 +394,10 @@ int adv748x_write_block(struct adv748x_s
 
 #define io_read(s, r) adv748x_read(s, ADV748X_PAGE_IO, r)
 #define io_write(s, r, v) adv748x_write(s, ADV748X_PAGE_IO, r, v)
-#define io_clrset(s, r, m, v) io_write(s, r, (io_read(s, r) & ~m) | v)
+#define io_clrset(s, r, m, v) io_write(s, r, (io_read(s, r) & ~(m)) | (v))
 
 #define hdmi_read(s, r) adv748x_read(s, ADV748X_PAGE_HDMI, r)
-#define hdmi_read16(s, r, m) (((hdmi_read(s, r) << 8) | hdmi_read(s, r+1)) & m)
+#define hdmi_read16(s, r, m) (((hdmi_read(s, r) << 8) | hdmi_read(s, (r)+1)) & (m))
 #define hdmi_write(s, r, v) adv748x_write(s, ADV748X_PAGE_HDMI, r, v)
 
 #define repeater_read(s, r) adv748x_read(s, ADV748X_PAGE_REPEATER, r)
@@ -405,11 +405,11 @@ int adv748x_write_block(struct adv748x_s
 
 #define sdp_read(s, r) adv748x_read(s, ADV748X_PAGE_SDP, r)
 #define sdp_write(s, r, v) adv748x_write(s, ADV748X_PAGE_SDP, r, v)
-#define sdp_clrset(s, r, m, v) sdp_write(s, r, (sdp_read(s, r) & ~m) | v)
+#define sdp_clrset(s, r, m, v) sdp_write(s, r, (sdp_read(s, r) & ~(m)) | (v))
 
 #define cp_read(s, r) adv748x_read(s, ADV748X_PAGE_CP, r)
 #define cp_write(s, r, v) adv748x_write(s, ADV748X_PAGE_CP, r, v)
-#define cp_clrset(s, r, m, v) cp_write(s, r, (cp_read(s, r) & ~m) | v)
+#define cp_clrset(s, r, m, v) cp_write(s, r, (cp_read(s, r) & ~(m)) | (v))
 
 #define tx_read(t, r) adv748x_read(t->state, t->page, r)
 #define tx_write(t, r, v) adv748x_write(t->state, t->page, r, v)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 101/120] i2c: cros-ec-tunnel: Fix slave device enumeration
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (99 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 100/120] media: i2c: adv748x: Fix unsafe macros Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 102/120] i2c: cros-ec-tunnel: Fix ACPI identifier Greg Kroah-Hartman
                   ` (23 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Akshu Agrawal, Raul E Rangel,
	Enric Balletbo i Serra, Wolfram Sang

From: Akshu Agrawal <akshu.agrawal@amd.com>

commit 8ff2d7ca4a55dfabf12e876369835bd024eb4621 upstream.

During adding of the adapter the slave device registration
use to fail as the acpi companion field was not populated.

Fixes: 9af1563a5486 ("i2c: cros-ec-tunnel: Make the device acpi compatible")
Signed-off-by: Akshu Agrawal <akshu.agrawal@amd.com>
Acked-by: Raul E Rangel <rrangel@chromium.org>
Reviewed-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/i2c/busses/i2c-cros-ec-tunnel.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/i2c/busses/i2c-cros-ec-tunnel.c
+++ b/drivers/i2c/busses/i2c-cros-ec-tunnel.c
@@ -273,6 +273,7 @@ static int ec_i2c_probe(struct platform_
 	bus->adap.dev.parent = &pdev->dev;
 	bus->adap.dev.of_node = pdev->dev.of_node;
 	bus->adap.retries = I2C_MAX_RETRIES;
+	ACPI_COMPANION_SET(&bus->adap.dev, ACPI_COMPANION(&pdev->dev));
 
 	err = i2c_add_adapter(&bus->adap);
 	if (err)



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 102/120] i2c: cros-ec-tunnel: Fix ACPI identifier
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (100 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 101/120] i2c: cros-ec-tunnel: Fix slave device enumeration Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 103/120] dt-bindings: iio: adc: ad7606: Fix wrong maxItems value Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Raul E Rangel,
	Enric Balletbo i Serra, Wolfram Sang

From: Raul E Rangel <rrangel@chromium.org>

commit b49f8e0e7bd17b968129790e40f9e2566f4f95ec upstream.

The initial patch was using the incorrect identifier.

Fixes: 9af1563a5486 ("i2c: cros-ec-tunnel: Make the device acpi compatible")
Signed-off-by: Raul E Rangel <rrangel@chromium.org>
Acked-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/i2c/busses/i2c-cros-ec-tunnel.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/i2c/busses/i2c-cros-ec-tunnel.c
+++ b/drivers/i2c/busses/i2c-cros-ec-tunnel.c
@@ -299,7 +299,7 @@ static const struct of_device_id cros_ec
 MODULE_DEVICE_TABLE(of, cros_ec_i2c_of_match);
 
 static const struct acpi_device_id cros_ec_i2c_tunnel_acpi_id[] = {
-	{ "GOOG001A", 0 },
+	{ "GOOG0012", 0 },
 	{ }
 };
 MODULE_DEVICE_TABLE(acpi, cros_ec_i2c_tunnel_acpi_id);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 103/120] dt-bindings: iio: adc: ad7606: Fix wrong maxItems value
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (101 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 102/120] i2c: cros-ec-tunnel: Fix ACPI identifier Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 104/120] ASoC: soc-generic-dmaengine-pcm: Fix error handling Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Beniamin Bia, Rob Herring

From: Beniamin Bia <beniamin.bia@analog.com>

commit a6c4f77cb3b11f81077b53c4a38f21b92d41f21e upstream.

This patch set the correct value for oversampling maxItems. In the
original example, appears 3 items for oversampling while the maxItems
is set to 1, this patch fixes those issues.

Fixes: 416f882c3b40 ("dt-bindings: iio: adc: Migrate AD7606 documentation to yaml")
Signed-off-by: Beniamin Bia <beniamin.bia@analog.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 Documentation/devicetree/bindings/iio/adc/adi,ad7606.yaml |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/Documentation/devicetree/bindings/iio/adc/adi,ad7606.yaml
+++ b/Documentation/devicetree/bindings/iio/adc/adi,ad7606.yaml
@@ -82,7 +82,7 @@ properties:
       Must be the device tree identifier of the over-sampling
       mode pins. As the line is active high, it should be marked
       GPIO_ACTIVE_HIGH.
-    maxItems: 1
+    maxItems: 3
 
   adi,sw-mode:
     description:
@@ -125,9 +125,9 @@ examples:
                 adi,conversion-start-gpios = <&gpio 17 GPIO_ACTIVE_HIGH>;
                 reset-gpios = <&gpio 27 GPIO_ACTIVE_HIGH>;
                 adi,first-data-gpios = <&gpio 22 GPIO_ACTIVE_HIGH>;
-                adi,oversampling-ratio-gpios = <&gpio 18 GPIO_ACTIVE_HIGH
-                                                &gpio 23 GPIO_ACTIVE_HIGH
-                                                &gpio 26 GPIO_ACTIVE_HIGH>;
+                adi,oversampling-ratio-gpios = <&gpio 18 GPIO_ACTIVE_HIGH>,
+                                               <&gpio 23 GPIO_ACTIVE_HIGH>,
+                                               <&gpio 26 GPIO_ACTIVE_HIGH>;
                 standby-gpios = <&gpio 24 GPIO_ACTIVE_LOW>;
                 adi,sw-mode;
         };



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 104/120] ASoC: soc-generic-dmaengine-pcm: Fix error handling
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (102 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 103/120] dt-bindings: iio: adc: ad7606: Fix wrong maxItems value Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 105/120] bcache: avoid unnecessary btree nodes flushing in btree_flush_write() Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Shengjiu Wang, John Stultz, Mark Brown

From: Shengjiu Wang <shengjiu.wang@nxp.com>

commit 130128098a4e5ce9a0dfbdf9a7e27a43579901fd upstream.

Remove the return value checking, that is to align with the code
before adding snd_dmaengine_pcm_refine_runtime_hwparams function.

Otherwise it causes a regression on the HiKey board:

[   17.721424] hi6210_i2s f7118000.i2s: ASoC: can't open component f7118000.i2s: -6

Fixes: e957204e732b ("ASoC: pcm_dmaengine: Extract snd_dmaengine_pcm_refine_runtime_hwparams")
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Reported-by: John Stultz <john.stultz@linaro.org>
Link: https://lore.kernel.org/r/1579505286-32085-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/soc/soc-generic-dmaengine-pcm.c |   16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

--- a/sound/soc/soc-generic-dmaengine-pcm.c
+++ b/sound/soc/soc-generic-dmaengine-pcm.c
@@ -117,7 +117,6 @@ dmaengine_pcm_set_runtime_hwparams(struc
 	struct dma_chan *chan = pcm->chan[substream->stream];
 	struct snd_dmaengine_dai_dma_data *dma_data;
 	struct snd_pcm_hardware hw;
-	int ret;
 
 	if (pcm->config && pcm->config->pcm_hardware)
 		return snd_soc_set_runtime_hwparams(substream,
@@ -138,12 +137,15 @@ dmaengine_pcm_set_runtime_hwparams(struc
 	if (pcm->flags & SND_DMAENGINE_PCM_FLAG_NO_RESIDUE)
 		hw.info |= SNDRV_PCM_INFO_BATCH;
 
-	ret = snd_dmaengine_pcm_refine_runtime_hwparams(substream,
-							dma_data,
-							&hw,
-							chan);
-	if (ret)
-		return ret;
+	/**
+	 * FIXME: Remove the return value check to align with the code
+	 * before adding snd_dmaengine_pcm_refine_runtime_hwparams
+	 * function.
+	 */
+	snd_dmaengine_pcm_refine_runtime_hwparams(substream,
+						  dma_data,
+						  &hw,
+						  chan);
 
 	return snd_soc_set_runtime_hwparams(substream, &hw);
 }



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 105/120] bcache: avoid unnecessary btree nodes flushing in btree_flush_write()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (103 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 104/120] ASoC: soc-generic-dmaengine-pcm: Fix error handling Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 106/120] x86/alternatives: add missing insn.h include Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Guoju Fang, Shuang Li, Coly Li, Jens Axboe

From: Coly Li <colyli@suse.de>

commit 2aa8c529387c25606fdc1484154b92f8bfbc5746 upstream.

the commit 91be66e1318f ("bcache: performance improvement for
btree_flush_write()") was an effort to flushing btree node with oldest
btree node faster in following methods,
- Only iterate dirty btree nodes in c->btree_cache, avoid scanning a lot
  of clean btree nodes.
- Take c->btree_cache as a LRU-like list, aggressively flushing all
  dirty nodes from tail of c->btree_cache util the btree node with
  oldest journal entry is flushed. This is to reduce the time of holding
  c->bucket_lock.

Guoju Fang and Shuang Li reported that they observe unexptected extra
write I/Os on cache device after applying the above patch. Guoju Fang
provideed more detailed diagnose information that the aggressive
btree nodes flushing may cause 10x more btree nodes to flush in his
workload. He points out when system memory is large enough to hold all
btree nodes in memory, c->btree_cache is not a LRU-like list any more.
Then the btree node with oldest journal entry is very probably not-
close to the tail of c->btree_cache list. In such situation much more
dirty btree nodes will be aggressively flushed before the target node
is flushed. When slow SATA SSD is used as cache device, such over-
aggressive flushing behavior will cause performance regression.

After spending a lot of time on debug and diagnose, I find the real
condition is more complicated, aggressive flushing dirty btree nodes
from tail of c->btree_cache list is not a good solution.
- When all btree nodes are cached in memory, c->btree_cache is not
  a LRU-like list, the btree nodes with oldest journal entry won't
  be close to the tail of the list.
- There can be hundreds dirty btree nodes reference the oldest journal
  entry, before flushing all the nodes the oldest journal entry cannot
  be reclaimed.
When the above two conditions mixed together, a simply flushing from
tail of c->btree_cache list is really NOT a good idea.

Fortunately there is still chance to make btree_flush_write() work
better. Here is how this patch avoids unnecessary btree nodes flushing,
- Only acquire c->journal.lock when getting oldest journal entry of
  fifo c->journal.pin. In rested locations check the journal entries
  locklessly, so their values can be changed on other cores
  in parallel.
- In loop list_for_each_entry_safe_reverse(), checking latest front
  point of fifo c->journal.pin. If it is different from the original
  point which we get with locking c->journal.lock, it means the oldest
  journal entry is reclaim on other cores. At this moment, all selected
  dirty nodes recorded in array btree_nodes[] are all flushed and clean
  on other CPU cores, it is unncessary to iterate c->btree_cache any
  longer. Just quit the list_for_each_entry_safe_reverse() loop and
  the following for-loop will skip all the selected clean nodes.
- Find a proper time to quit the list_for_each_entry_safe_reverse()
  loop. Check the refcount value of orignial fifo front point, if the
  value is larger than selected node number of btree_nodes[], it means
  more matching btree nodes should be scanned. Otherwise it means no
  more matching btee nodes in rest of c->btree_cache list, the loop
  can be quit. If the original oldest journal entry is reclaimed and
  fifo front point is updated, the refcount of original fifo front point
  will be 0, then the loop will be quit too.
- Not hold c->bucket_lock too long time. c->bucket_lock is also required
  for space allocation for cached data, hold it for too long time will
  block regular I/O requests. When iterating list c->btree_cache, even
  there are a lot of maching btree nodes, in order to not holding
  c->bucket_lock for too long time, only BTREE_FLUSH_NR nodes are
  selected and to flush in following for-loop.
With this patch, only btree nodes referencing oldest journal entry
are flushed to cache device, no aggressive flushing for  unnecessary
btree node any more. And in order to avoid blocking regluar I/O
requests, each time when btree_flush_write() called, at most only
BTREE_FLUSH_NR btree nodes are selected to flush, even there are more
maching btree nodes in list c->btree_cache.

At last, one more thing to explain: Why it is safe to read front point
of c->journal.pin without holding c->journal.lock inside the
list_for_each_entry_safe_reverse() loop ?

Here is my answer: When reading the front point of fifo c->journal.pin,
we don't need to know the exact value of front point, we just want to
check whether the value is different from the original front point
(which is accurate value because we get it while c->jouranl.lock is
held). For such purpose, it works as expected without holding
c->journal.lock. Even the front point is changed on other CPU core and
not updated to local core, and current iterating btree node has
identical journal entry local as original fetched fifo front point, it
is still safe. Because after holding mutex b->write_lock (with memory
barrier) this btree node can be found as clean and skipped, the loop
will quite latter when iterate on next node of list c->btree_cache.

Fixes: 91be66e1318f ("bcache: performance improvement for btree_flush_write()")
Reported-by: Guoju Fang <fangguoju@gmail.com>
Reported-by: Shuang Li <psymon@bonuscloud.io>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/bcache/journal.c |   80 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 75 insertions(+), 5 deletions(-)

--- a/drivers/md/bcache/journal.c
+++ b/drivers/md/bcache/journal.c
@@ -417,10 +417,14 @@ err:
 
 /* Journalling */
 
+#define nr_to_fifo_front(p, front_p, mask)	(((p) - (front_p)) & (mask))
+
 static void btree_flush_write(struct cache_set *c)
 {
 	struct btree *b, *t, *btree_nodes[BTREE_FLUSH_NR];
-	unsigned int i, n;
+	unsigned int i, nr, ref_nr;
+	atomic_t *fifo_front_p, *now_fifo_front_p;
+	size_t mask;
 
 	if (c->journal.btree_flushing)
 		return;
@@ -433,12 +437,50 @@ static void btree_flush_write(struct cac
 	c->journal.btree_flushing = true;
 	spin_unlock(&c->journal.flush_write_lock);
 
+	/* get the oldest journal entry and check its refcount */
+	spin_lock(&c->journal.lock);
+	fifo_front_p = &fifo_front(&c->journal.pin);
+	ref_nr = atomic_read(fifo_front_p);
+	if (ref_nr <= 0) {
+		/*
+		 * do nothing if no btree node references
+		 * the oldest journal entry
+		 */
+		spin_unlock(&c->journal.lock);
+		goto out;
+	}
+	spin_unlock(&c->journal.lock);
+
+	mask = c->journal.pin.mask;
+	nr = 0;
 	atomic_long_inc(&c->flush_write);
 	memset(btree_nodes, 0, sizeof(btree_nodes));
-	n = 0;
 
 	mutex_lock(&c->bucket_lock);
 	list_for_each_entry_safe_reverse(b, t, &c->btree_cache, list) {
+		/*
+		 * It is safe to get now_fifo_front_p without holding
+		 * c->journal.lock here, because we don't need to know
+		 * the exactly accurate value, just check whether the
+		 * front pointer of c->journal.pin is changed.
+		 */
+		now_fifo_front_p = &fifo_front(&c->journal.pin);
+		/*
+		 * If the oldest journal entry is reclaimed and front
+		 * pointer of c->journal.pin changes, it is unnecessary
+		 * to scan c->btree_cache anymore, just quit the loop and
+		 * flush out what we have already.
+		 */
+		if (now_fifo_front_p != fifo_front_p)
+			break;
+		/*
+		 * quit this loop if all matching btree nodes are
+		 * scanned and record in btree_nodes[] already.
+		 */
+		ref_nr = atomic_read(fifo_front_p);
+		if (nr >= ref_nr)
+			break;
+
 		if (btree_node_journal_flush(b))
 			pr_err("BUG: flush_write bit should not be set here!");
 
@@ -454,17 +496,44 @@ static void btree_flush_write(struct cac
 			continue;
 		}
 
+		/*
+		 * Only select the btree node which exactly references
+		 * the oldest journal entry.
+		 *
+		 * If the journal entry pointed by fifo_front_p is
+		 * reclaimed in parallel, don't worry:
+		 * - the list_for_each_xxx loop will quit when checking
+		 *   next now_fifo_front_p.
+		 * - If there are matched nodes recorded in btree_nodes[],
+		 *   they are clean now (this is why and how the oldest
+		 *   journal entry can be reclaimed). These selected nodes
+		 *   will be ignored and skipped in the folowing for-loop.
+		 */
+		if (nr_to_fifo_front(btree_current_write(b)->journal,
+				     fifo_front_p,
+				     mask) != 0) {
+			mutex_unlock(&b->write_lock);
+			continue;
+		}
+
 		set_btree_node_journal_flush(b);
 
 		mutex_unlock(&b->write_lock);
 
-		btree_nodes[n++] = b;
-		if (n == BTREE_FLUSH_NR)
+		btree_nodes[nr++] = b;
+		/*
+		 * To avoid holding c->bucket_lock too long time,
+		 * only scan for BTREE_FLUSH_NR matched btree nodes
+		 * at most. If there are more btree nodes reference
+		 * the oldest journal entry, try to flush them next
+		 * time when btree_flush_write() is called.
+		 */
+		if (nr == BTREE_FLUSH_NR)
 			break;
 	}
 	mutex_unlock(&c->bucket_lock);
 
-	for (i = 0; i < n; i++) {
+	for (i = 0; i < nr; i++) {
 		b = btree_nodes[i];
 		if (!b) {
 			pr_err("BUG: btree_nodes[%d] is NULL", i);
@@ -497,6 +566,7 @@ static void btree_flush_write(struct cac
 		mutex_unlock(&b->write_lock);
 	}
 
+out:
 	spin_lock(&c->journal.flush_write_lock);
 	c->journal.btree_flushing = false;
 	spin_unlock(&c->journal.flush_write_lock);



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 106/120] x86/alternatives: add missing insn.h include
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (104 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 105/120] bcache: avoid unnecessary btree nodes flushing in btree_flush_write() Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 107/120] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Borislav Petkov,
	Peter Zijlstra (Intel),
	Andy Lutomirski, x86, Linus Torvalds, Andrew Morton, Dave Hansen

From: Dave Hansen <dave.hansen@linux.intel.com>

commit 3a1255396b5aba40299d5dd5bde67b160a44117f upstream.

From: Dave Hansen <dave.hansen@linux.intel.com>

While testing my MPX removal series, Borislav noted compilation
failure with an allnoconfig build.

Turned out to be a missing include of insn.h in alternative.c.
With MPX, it got it implicitly from:

	asm/mmu_context.h -> asm/mpx.h -> asm/insn.h

Fixes: c3d6324f841b ("x86/alternatives: Teach text_poke_bp() to emulate instructions")
Reported-by: Borislav Petkov <bp@alien8.de>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: x86@kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/kernel/alternative.c |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -23,6 +23,7 @@
 #include <asm/nmi.h>
 #include <asm/cacheflush.h>
 #include <asm/tlbflush.h>
+#include <asm/insn.h>
 #include <asm/io.h>
 #include <asm/fixmap.h>
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 107/120] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (105 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 106/120] x86/alternatives: add missing insn.h include Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 108/120] selinux: fix regression introduced by move_mount(2) syscall Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Will Deacon, Stephen Smalley, Paul Moore

From: Stephen Smalley <sds@tycho.nsa.gov>

commit 1a37079c236d55fb31ebbf4b59945dab8ec8764c upstream.

This reverts commit e46e01eebbbc ("selinux: stop passing MAY_NOT_BLOCK
to the AVC upon follow_link"). The correct fix is to instead fall
back to ref-walk if audit is required irrespective of the specific
audit data type.  This is done in the next commit.

Fixes: e46e01eebbbc ("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link")
Reported-by: Will Deacon <will@kernel.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/selinux/avc.c         |   24 ++++++++++++++++++++++--
 security/selinux/hooks.c       |    5 +++--
 security/selinux/include/avc.h |    5 +++++
 3 files changed, 30 insertions(+), 4 deletions(-)

--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -862,8 +862,9 @@ static int avc_update_node(struct selinu
 	 * permissive mode that only appear when in enforcing mode.
 	 *
 	 * See the corresponding handling in slow_avc_audit(), and the
-	 * logic in selinux_inode_permission for the MAY_NOT_BLOCK flag,
-	 * which is transliterated into AVC_NONBLOCKING.
+	 * logic in selinux_inode_follow_link and selinux_inode_permission
+	 * for the VFS MAY_NOT_BLOCK flag, which is transliterated into
+	 * AVC_NONBLOCKING for avc_has_perm_noaudit().
 	 */
 	if (flags & AVC_NONBLOCKING)
 		return 0;
@@ -1203,6 +1204,25 @@ int avc_has_perm(struct selinux_state *s
 	if (rc2)
 		return rc2;
 	return rc;
+}
+
+int avc_has_perm_flags(struct selinux_state *state,
+		       u32 ssid, u32 tsid, u16 tclass, u32 requested,
+		       struct common_audit_data *auditdata,
+		       int flags)
+{
+	struct av_decision avd;
+	int rc, rc2;
+
+	rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested,
+				  (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,
+				  &avd);
+
+	rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
+			auditdata, flags);
+	if (rc2)
+		return rc2;
+	return rc;
 }
 
 u32 avc_policy_seqno(struct selinux_state *state)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3004,8 +3004,9 @@ static int selinux_inode_follow_link(str
 	if (IS_ERR(isec))
 		return PTR_ERR(isec);
 
-	return avc_has_perm(&selinux_state,
-			    sid, isec->sid, isec->sclass, FILE__READ, &ad);
+	return avc_has_perm_flags(&selinux_state,
+				  sid, isec->sid, isec->sclass, FILE__READ, &ad,
+				  rcu ? MAY_NOT_BLOCK : 0);
 }
 
 static noinline int audit_inode_permission(struct inode *inode,
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -153,6 +153,11 @@ int avc_has_perm(struct selinux_state *s
 		 u32 ssid, u32 tsid,
 		 u16 tclass, u32 requested,
 		 struct common_audit_data *auditdata);
+int avc_has_perm_flags(struct selinux_state *state,
+		       u32 ssid, u32 tsid,
+		       u16 tclass, u32 requested,
+		       struct common_audit_data *auditdata,
+		       int flags);
 
 int avc_has_extended_perms(struct selinux_state *state,
 			   u32 ssid, u32 tsid, u16 tclass, u32 requested,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 108/120] selinux: fix regression introduced by move_mount(2) syscall
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (106 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 107/120] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 109/120] pinctrl: baytrail: Allocate IRQ chip dynamic Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Stephen Smalley, Ondrej Mosnacek, Paul Moore

From: Stephen Smalley <sds@tycho.nsa.gov>

commit 98aa00345de54b8340dc2ddcd87f446d33387b5e upstream.

commit 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
introduced a new move_mount(2) system call and a corresponding new LSM
security_move_mount hook but did not implement this hook for any existing
LSM.  This creates a regression for SELinux with respect to consistent
checking of mounts; the existing selinux_mount hook checks mounton
permission to the mount point path.  Provide a SELinux hook
implementation for move_mount that applies this same check for
consistency.  In the future we may wish to add a new move_mount
filesystem permission and check as well, but this addresses
the immediate regression.

Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/selinux/hooks.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2762,6 +2762,14 @@ static int selinux_mount(const char *dev
 		return path_has_perm(cred, path, FILE__MOUNTON);
 }
 
+static int selinux_move_mount(const struct path *from_path,
+			      const struct path *to_path)
+{
+	const struct cred *cred = current_cred();
+
+	return path_has_perm(cred, to_path, FILE__MOUNTON);
+}
+
 static int selinux_umount(struct vfsmount *mnt, int flags)
 {
 	const struct cred *cred = current_cred();
@@ -6904,6 +6912,8 @@ static struct security_hook_list selinux
 	LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
 	LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
 
+	LSM_HOOK_INIT(move_mount, selinux_move_mount),
+
 	LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
 	LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 109/120] pinctrl: baytrail: Allocate IRQ chip dynamic
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (107 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 108/120] selinux: fix regression introduced by move_mount(2) syscall Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 110/120] pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Mika Westerberg

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

commit 539d8bde72c22d760013bf81436d6bb94eb67aed upstream.

Keeping the IRQ chip definition static shares it with multiple instances
of the GPIO chip in the system. This is bad and now we get this warning
from GPIO library:

"detected irqchip that is shared with multiple gpiochips: please fix the driver."

Hence, move the IRQ chip definition from being driver static into the struct
intel_pinctrl. So a unique IRQ chip is used for each GPIO chip instance.

Fixes: 9f573b98ca50 ("pinctrl: baytrail: Update irq chip operations")
Depends-on: ca8a958e2acb ("pinctrl: baytrail: Pass irqchip when adding gpiochip")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pinctrl/intel/pinctrl-baytrail.c |   19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

--- a/drivers/pinctrl/intel/pinctrl-baytrail.c
+++ b/drivers/pinctrl/intel/pinctrl-baytrail.c
@@ -107,6 +107,7 @@ struct byt_gpio_pin_context {
 
 struct byt_gpio {
 	struct gpio_chip chip;
+	struct irq_chip irqchip;
 	struct platform_device *pdev;
 	struct pinctrl_dev *pctl_dev;
 	struct pinctrl_desc pctl_desc;
@@ -1395,15 +1396,6 @@ static int byt_irq_type(struct irq_data
 	return 0;
 }
 
-static struct irq_chip byt_irqchip = {
-	.name		= "BYT-GPIO",
-	.irq_ack	= byt_irq_ack,
-	.irq_mask	= byt_irq_mask,
-	.irq_unmask	= byt_irq_unmask,
-	.irq_set_type	= byt_irq_type,
-	.flags		= IRQCHIP_SKIP_SET_WAKE,
-};
-
 static void byt_gpio_irq_handler(struct irq_desc *desc)
 {
 	struct irq_data *data = irq_desc_get_irq_data(desc);
@@ -1551,8 +1543,15 @@ static int byt_gpio_probe(struct byt_gpi
 	if (irq_rc && irq_rc->start) {
 		struct gpio_irq_chip *girq;
 
+		vg->irqchip.name = "BYT-GPIO",
+		vg->irqchip.irq_ack = byt_irq_ack,
+		vg->irqchip.irq_mask = byt_irq_mask,
+		vg->irqchip.irq_unmask = byt_irq_unmask,
+		vg->irqchip.irq_set_type = byt_irq_type,
+		vg->irqchip.flags = IRQCHIP_SKIP_SET_WAKE,
+
 		girq = &gc->irq;
-		girq->chip = &byt_irqchip;
+		girq->chip = &vg->irqchip;
 		girq->init_hw = byt_gpio_irq_init_hw;
 		girq->parent_handler = byt_gpio_irq_handler;
 		girq->num_parents = 1;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 110/120] pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (108 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 109/120] pinctrl: baytrail: Allocate IRQ chip dynamic Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 111/120] pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven

From: Geert Uytterhoeven <geert+renesas@glider.be>

commit a34cd9dfd03fa9ec380405969f1d638bc63b8d63 upstream.

R-Car Gen3 Hardware Manual Errata for Rev. 2.00 of October 24, 2019
changed the configuration bits for drive and bias control for the
DU_DOTCLKIN3 pin on R-Car M3-N, to match the same pin on R-Car H3.
Update the driver to reflect this.

After this, the handling of drive and bias control for the various
DU_DOTCLKINx pins is consistent across all of the R-Car H3, M3-W,
M3-W+, and M3-N SoCs.

Fixes: 86c045c2e4201e94 ("pinctrl: sh-pfc: r8a77965: Replace DU_DOTCLKIN2 by DU_DOTCLKIN3")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20191113101653.28428-1-geert+renesas@glider.be
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pinctrl/sh-pfc/pfc-r8a77965.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/pinctrl/sh-pfc/pfc-r8a77965.c
+++ b/drivers/pinctrl/sh-pfc/pfc-r8a77965.c
@@ -5998,7 +5998,7 @@ static const struct pinmux_drive_reg pin
 		{ PIN_DU_DOTCLKIN1,    0, 2 },	/* DU_DOTCLKIN1 */
 	} },
 	{ PINMUX_DRIVE_REG("DRVCTRL12", 0xe6060330) {
-		{ PIN_DU_DOTCLKIN3,   28, 2 },	/* DU_DOTCLKIN3 */
+		{ PIN_DU_DOTCLKIN3,   24, 2 },	/* DU_DOTCLKIN3 */
 		{ PIN_FSCLKST,        20, 2 },	/* FSCLKST */
 		{ PIN_TMS,             4, 2 },	/* TMS */
 	} },
@@ -6254,8 +6254,8 @@ static const struct pinmux_bias_reg pinm
 		[31] = PIN_DU_DOTCLKIN1,	/* DU_DOTCLKIN1 */
 	} },
 	{ PINMUX_BIAS_REG("PUEN3", 0xe606040c, "PUD3", 0xe606044c) {
-		[ 0] = PIN_DU_DOTCLKIN3,	/* DU_DOTCLKIN3 */
-		[ 1] = SH_PFC_PIN_NONE,
+		[ 0] = SH_PFC_PIN_NONE,
+		[ 1] = PIN_DU_DOTCLKIN3,	/* DU_DOTCLKIN3 */
 		[ 2] = PIN_FSCLKST,		/* FSCLKST */
 		[ 3] = PIN_EXTALR,		/* EXTALR*/
 		[ 4] = PIN_TRST_N,		/* TRST# */



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 111/120] pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (109 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 110/120] pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 112/120] pinctrl: qcom: Dont lock around irq_set_irq_wake() Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Geert Uytterhoeven

From: Geert Uytterhoeven <geert+renesas@glider.be>

commit 805f635703b2562b5ddd822c62fc9124087e5dd5 upstream.

The FN_SDSELF_B and FN_SD1_CLK_B enum IDs are used twice, which means
one set of users must be wrong.  Replace them by the correct enum IDs.

Fixes: 87f8c988636db0d4 ("sh-pfc: Add r8a7778 pinmux support")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20191218194812.12741-2-geert+renesas@glider.be
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pinctrl/sh-pfc/pfc-r8a7778.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/pinctrl/sh-pfc/pfc-r8a7778.c
+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7778.c
@@ -2305,7 +2305,7 @@ static const struct pinmux_cfg_reg pinmu
 		FN_ATAG0_A,	0,		FN_REMOCON_B,	0,
 		/* IP0_11_8 [4] */
 		FN_SD1_DAT2_A,	FN_MMC_D2,	0,		FN_BS,
-		FN_ATADIR0_A,	0,		FN_SDSELF_B,	0,
+		FN_ATADIR0_A,	0,		FN_SDSELF_A,	0,
 		FN_PWM4_B,	0,		0,		0,
 		0,		0,		0,		0,
 		/* IP0_7_5 [3] */
@@ -2349,7 +2349,7 @@ static const struct pinmux_cfg_reg pinmu
 		FN_TS_SDAT0_A,	0,		0,		0,
 		0,		0,		0,		0,
 		/* IP1_10_8 [3] */
-		FN_SD1_CLK_B,	FN_MMC_D6,	0,		FN_A24,
+		FN_SD1_CD_A,	FN_MMC_D6,	0,		FN_A24,
 		FN_DREQ1_A,	0,		FN_HRX0_B,	FN_TS_SPSYNC0_A,
 		/* IP1_7_5 [3] */
 		FN_A23,		FN_HTX0_B,	FN_TX2_B,	FN_DACK2_A,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 112/120] pinctrl: qcom: Dont lock around irq_set_irq_wake()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (110 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 111/120] pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 113/120] regmap: fix writes to non incrementing registers Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Douglas Anderson, Brian Masney,
	Lina Iyer, Maulik Shah, Stephen Boyd, Bjorn Andersson,
	Linus Walleij

From: Stephen Boyd <swboyd@chromium.org>

commit 1d44616e7549d0154c1224a3eee3c407029294dc upstream.

We don't need to hold the local pinctrl lock here to set irq wake on the
summary irq line. Doing so only leads to lockdep warnings instead of
protecting us from anything. Remove the locking.

 WARNING: possible circular locking dependency detected
 5.4.11 #2 Tainted: G        W
 ------------------------------------------------------
 cat/3083 is trying to acquire lock:
 ffffff81f4fa58c0 (&irq_desc_lock_class){-.-.}, at: __irq_get_desc_lock+0x64/0x94

 but task is already holding lock:
 ffffff81f4880c18 (&pctrl->lock){-.-.}, at: msm_gpio_irq_set_wake+0x48/0x7c

 which lock already depends on the new lock.

 the existing dependency chain (in reverse order) is:

 -> #1 (&pctrl->lock){-.-.}:
        _raw_spin_lock_irqsave+0x64/0x80
        msm_gpio_irq_ack+0x68/0xf4
        __irq_do_set_handler+0xe0/0x180
        __irq_set_handler+0x60/0x9c
        irq_domain_set_info+0x90/0xb4
        gpiochip_hierarchy_irq_domain_alloc+0x110/0x200
        __irq_domain_alloc_irqs+0x130/0x29c
        irq_create_fwspec_mapping+0x1f0/0x300
        irq_create_of_mapping+0x70/0x98
        of_irq_get+0xa4/0xd4
        spi_drv_probe+0x4c/0xb0
        really_probe+0x138/0x3f0
        driver_probe_device+0x70/0x140
        __device_attach_driver+0x9c/0x110
        bus_for_each_drv+0x88/0xd0
        __device_attach+0xb0/0x160
        device_initial_probe+0x20/0x2c
        bus_probe_device+0x34/0x94
        device_add+0x35c/0x3f0
        spi_add_device+0xbc/0x194
        of_register_spi_devices+0x2c8/0x408
        spi_register_controller+0x57c/0x6fc
        spi_geni_probe+0x260/0x328
        platform_drv_probe+0x90/0xb0
        really_probe+0x138/0x3f0
        driver_probe_device+0x70/0x140
        device_driver_attach+0x4c/0x6c
        __driver_attach+0xcc/0x154
        bus_for_each_dev+0x84/0xcc
        driver_attach+0x2c/0x38
        bus_add_driver+0x108/0x1fc
        driver_register+0x64/0xf8
        __platform_driver_register+0x4c/0x58
        spi_geni_driver_init+0x1c/0x24
        do_one_initcall+0x1a4/0x3e8
        do_initcall_level+0xb4/0xcc
        do_basic_setup+0x30/0x48
        kernel_init_freeable+0x124/0x1a8
        kernel_init+0x14/0x100
        ret_from_fork+0x10/0x18

 -> #0 (&irq_desc_lock_class){-.-.}:
        __lock_acquire+0xeb4/0x2388
        lock_acquire+0x1cc/0x210
        _raw_spin_lock_irqsave+0x64/0x80
        __irq_get_desc_lock+0x64/0x94
        irq_set_irq_wake+0x40/0x144
        msm_gpio_irq_set_wake+0x5c/0x7c
        set_irq_wake_real+0x40/0x5c
        irq_set_irq_wake+0x70/0x144
        cros_ec_rtc_suspend+0x38/0x4c
        platform_pm_suspend+0x34/0x60
        dpm_run_callback+0x64/0xcc
        __device_suspend+0x310/0x41c
        dpm_suspend+0xf8/0x298
        dpm_suspend_start+0x84/0xb4
        suspend_devices_and_enter+0xbc/0x620
        pm_suspend+0x210/0x348
        state_store+0xb0/0x108
        kobj_attr_store+0x14/0x24
        sysfs_kf_write+0x4c/0x64
        kernfs_fop_write+0x15c/0x1fc
        __vfs_write+0x54/0x18c
        vfs_write+0xe4/0x1a4
        ksys_write+0x7c/0xe4
        __arm64_sys_write+0x20/0x2c
        el0_svc_common+0xa8/0x160
        el0_svc_handler+0x7c/0x98
        el0_svc+0x8/0xc

 other info that might help us debug this:

  Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock(&pctrl->lock);
                                lock(&irq_desc_lock_class);
                                lock(&pctrl->lock);
   lock(&irq_desc_lock_class);

  *** DEADLOCK ***

 7 locks held by cat/3083:
  #0: ffffff81f06d1420 (sb_writers#7){.+.+}, at: vfs_write+0xd0/0x1a4
  #1: ffffff81c8935680 (&of->mutex){+.+.}, at: kernfs_fop_write+0x12c/0x1fc
  #2: ffffff81f4c322f0 (kn->count#337){.+.+}, at: kernfs_fop_write+0x134/0x1fc
  #3: ffffffe89a641d60 (system_transition_mutex){+.+.}, at: pm_suspend+0x108/0x348
  #4: ffffff81f190e970 (&dev->mutex){....}, at: __device_suspend+0x168/0x41c
  #5: ffffff81f183d8c0 (lock_class){-.-.}, at: __irq_get_desc_lock+0x64/0x94
  #6: ffffff81f4880c18 (&pctrl->lock){-.-.}, at: msm_gpio_irq_set_wake+0x48/0x7c

 stack backtrace:
 CPU: 4 PID: 3083 Comm: cat Tainted: G        W         5.4.11 #2
 Hardware name: Google Cheza (rev3+) (DT)
 Call trace:
  dump_backtrace+0x0/0x174
  show_stack+0x20/0x2c
  dump_stack+0xc8/0x124
  print_circular_bug+0x2ac/0x2c4
  check_noncircular+0x1a0/0x1a8
  __lock_acquire+0xeb4/0x2388
  lock_acquire+0x1cc/0x210
  _raw_spin_lock_irqsave+0x64/0x80
  __irq_get_desc_lock+0x64/0x94
  irq_set_irq_wake+0x40/0x144
  msm_gpio_irq_set_wake+0x5c/0x7c
  set_irq_wake_real+0x40/0x5c
  irq_set_irq_wake+0x70/0x144
  cros_ec_rtc_suspend+0x38/0x4c
  platform_pm_suspend+0x34/0x60
  dpm_run_callback+0x64/0xcc
  __device_suspend+0x310/0x41c
  dpm_suspend+0xf8/0x298
  dpm_suspend_start+0x84/0xb4
  suspend_devices_and_enter+0xbc/0x620
  pm_suspend+0x210/0x348
  state_store+0xb0/0x108
  kobj_attr_store+0x14/0x24
  sysfs_kf_write+0x4c/0x64
  kernfs_fop_write+0x15c/0x1fc
  __vfs_write+0x54/0x18c
  vfs_write+0xe4/0x1a4
  ksys_write+0x7c/0xe4
  __arm64_sys_write+0x20/0x2c
  el0_svc_common+0xa8/0x160
  el0_svc_handler+0x7c/0x98
  el0_svc+0x8/0xc

Fixes: 6aced33f4974 ("pinctrl: msm: drop wake_irqs bitmap")
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Brian Masney <masneyb@onstation.org>
Cc: Lina Iyer <ilina@codeaurora.org>
Cc: Maulik Shah <mkshah@codeaurora.org>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Link: https://lore.kernel.org/r/20200121180950.36959-1-swboyd@chromium.org
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/pinctrl/qcom/pinctrl-msm.c |    5 -----
 1 file changed, 5 deletions(-)

--- a/drivers/pinctrl/qcom/pinctrl-msm.c
+++ b/drivers/pinctrl/qcom/pinctrl-msm.c
@@ -960,7 +960,6 @@ static int msm_gpio_irq_set_wake(struct
 {
 	struct gpio_chip *gc = irq_data_get_irq_chip_data(d);
 	struct msm_pinctrl *pctrl = gpiochip_get_data(gc);
-	unsigned long flags;
 
 	/*
 	 * While they may not wake up when the TLMM is powered off,
@@ -971,12 +970,8 @@ static int msm_gpio_irq_set_wake(struct
 	if (d->parent_data)
 		irq_chip_set_wake_parent(d, on);
 
-	raw_spin_lock_irqsave(&pctrl->lock, flags);
-
 	irq_set_irq_wake(pctrl->irq, on);
 
-	raw_spin_unlock_irqrestore(&pctrl->lock, flags);
-
 	return 0;
 }
 



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 113/120] regmap: fix writes to non incrementing registers
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (111 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 112/120] pinctrl: qcom: Dont lock around irq_set_irq_wake() Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 114/120] mfd: max77650: Select REGMAP_IRQ in Kconfig Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Whitten, Mark Brown

From: Ben Whitten <ben.whitten@gmail.com>

commit 2e31aab08bad0d4ee3d3d890a7b74cb6293e0a41 upstream.

When checking if a register block is writable we must ensure that the
block does not start with or contain a non incrementing register.

Fixes: 8b9f9d4dc511 ("regmap: verify if register is writeable before writing operations")
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Link: https://lore.kernel.org/r/20200118205625.14532-1-ben.whitten@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/base/regmap/regmap.c |   17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -1488,11 +1488,18 @@ static int _regmap_raw_write_impl(struct
 
 	WARN_ON(!map->bus);
 
-	/* Check for unwritable registers before we start */
-	for (i = 0; i < val_len / map->format.val_bytes; i++)
-		if (!regmap_writeable(map,
-				     reg + regmap_get_offset(map, i)))
-			return -EINVAL;
+	/* Check for unwritable or noinc registers in range
+	 * before we start
+	 */
+	if (!regmap_writeable_noinc(map, reg)) {
+		for (i = 0; i < val_len / map->format.val_bytes; i++) {
+			unsigned int element =
+				reg + regmap_get_offset(map, i);
+			if (!regmap_writeable(map, element) ||
+				regmap_writeable_noinc(map, element))
+				return -EINVAL;
+		}
+	}
 
 	if (!map->cache_bypass && map->format.parse_val) {
 		unsigned int ival;



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 114/120] mfd: max77650: Select REGMAP_IRQ in Kconfig
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (112 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 113/120] regmap: fix writes to non incrementing registers Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 115/120] clk: meson: g12a: fix missing uart2 in regmap table Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Paul Gazzillo, Bartosz Golaszewski,
	Lee Jones

From: Bartosz Golaszewski <bgolaszewski@baylibre.com>

commit cb7a374a5e7a5af3f8c839f74439193add6d0589 upstream.

MAX77650 MFD driver uses regmap_irq API but doesn't select the required
REGMAP_IRQ option in Kconfig. This can cause the following build error
if regmap irq is not enabled implicitly by someone else:

    ld: drivers/mfd/max77650.o: in function `max77650_i2c_probe':
    max77650.c:(.text+0xcb): undefined reference to `devm_regmap_add_irq_chip'
    ld: max77650.c:(.text+0xdb): undefined reference to `regmap_irq_get_domain'
    make: *** [Makefile:1079: vmlinux] Error 1

Fix it by adding the missing option.

Fixes: d0f60334500b ("mfd: Add new driver for MAX77650 PMIC")
Reported-by: Paul Gazzillo <paul@pgazz.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mfd/Kconfig |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/mfd/Kconfig
+++ b/drivers/mfd/Kconfig
@@ -758,6 +758,7 @@ config MFD_MAX77650
 	depends on OF || COMPILE_TEST
 	select MFD_CORE
 	select REGMAP_I2C
+	select REGMAP_IRQ
 	help
 	  Say Y here to add support for Maxim Semiconductor MAX77650 and
 	  MAX77651 Power Management ICs. This is the core multifunction



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 115/120] clk: meson: g12a: fix missing uart2 in regmap table
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (113 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 114/120] mfd: max77650: Select REGMAP_IRQ in Kconfig Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 116/120] dmaengine: axi-dmac: add a check for devm_regmap_init_mmio Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Dmitry Shmidt, Neil Armstrong,
	Kevin Hilman, Jerome Brunet

From: Jerome Brunet <jbrunet@baylibre.com>

commit b1b3f0622a9d52ac19a63619911823c89a4d85a4 upstream.

UART2 peripheral is missing from the regmap fixup table of the g12a family
clock controller. As it is, any access to this clock would Oops, which is
not great.

Add the clock to the table to fix the problem.

Fixes: 085a4ea93d54 ("clk: meson: g12a: add peripheral clock controller")
Reported-by: Dmitry Shmidt <dimitrysh@google.com>
Tested-by: Dmitry Shmidt <dimitrysh@google.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/clk/meson/g12a.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/clk/meson/g12a.c
+++ b/drivers/clk/meson/g12a.c
@@ -4692,6 +4692,7 @@ static struct clk_regmap *const g12a_clk
 	&g12a_bt656,
 	&g12a_usb1_to_ddr,
 	&g12a_mmc_pclk,
+	&g12a_uart2,
 	&g12a_vpu_intr,
 	&g12a_gic,
 	&g12a_sd_emmc_a_clk0,



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 116/120] dmaengine: axi-dmac: add a check for devm_regmap_init_mmio
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (114 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 115/120] clk: meson: g12a: fix missing uart2 in regmap table Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 117/120] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Chuhong Yuan, Alexandru Ardelean, Vinod Koul

From: Chuhong Yuan <hslester96@gmail.com>

commit a5b982af953bcc838cd198b0434834cc1dff14ec upstream.

The driver misses checking the result of devm_regmap_init_mmio().
Add a check to fix it.

Fixes: fc15be39a827 ("dmaengine: axi-dmac: add regmap support")
Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
Reviewed-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Link: https://lore.kernel.org/r/20191209085711.16001-1-hslester96@gmail.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/dma/dma-axi-dmac.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/drivers/dma/dma-axi-dmac.c
+++ b/drivers/dma/dma-axi-dmac.c
@@ -830,6 +830,7 @@ static int axi_dmac_probe(struct platfor
 	struct dma_device *dma_dev;
 	struct axi_dmac *dmac;
 	struct resource *res;
+	struct regmap *regmap;
 	int ret;
 
 	dmac = devm_kzalloc(&pdev->dev, sizeof(*dmac), GFP_KERNEL);
@@ -921,10 +922,17 @@ static int axi_dmac_probe(struct platfor
 
 	platform_set_drvdata(pdev, dmac);
 
-	devm_regmap_init_mmio(&pdev->dev, dmac->base, &axi_dmac_regmap_config);
+	regmap = devm_regmap_init_mmio(&pdev->dev, dmac->base,
+		 &axi_dmac_regmap_config);
+	if (IS_ERR(regmap)) {
+		ret = PTR_ERR(regmap);
+		goto err_free_irq;
+	}
 
 	return 0;
 
+err_free_irq:
+	free_irq(dmac->irq, dmac);
 err_unregister_of:
 	of_dma_controller_free(pdev->dev.of_node);
 err_unregister_device:



^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 117/120] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (115 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 116/120] dmaengine: axi-dmac: add a check for devm_regmap_init_mmio Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 118/120] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qing Xu, Kalle Valo, Sasha Levin

From: Qing Xu <m1s5p6688@gmail.com>

[ Upstream commit 3a9b153c5591548612c3955c9600a98150c81875 ]

mwifiex_ret_wmm_get_status() calls memcpy() without checking the
destination size.Since the source is given from remote AP which
contains illegal wmm elements , this may trigger a heap buffer
overflow.
Fix it by putting the length check before calling memcpy().

Signed-off-by: Qing Xu <m1s5p6688@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/marvell/mwifiex/wmm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/marvell/mwifiex/wmm.c b/drivers/net/wireless/marvell/mwifiex/wmm.c
index 41f0231376c01..132f9e8ed68c1 100644
--- a/drivers/net/wireless/marvell/mwifiex/wmm.c
+++ b/drivers/net/wireless/marvell/mwifiex/wmm.c
@@ -970,6 +970,10 @@ int mwifiex_ret_wmm_get_status(struct mwifiex_private *priv,
 				    "WMM Parameter Set Count: %d\n",
 				    wmm_param_ie->qos_info_bitmap & mask);
 
+			if (wmm_param_ie->vend_hdr.len + 2 >
+				sizeof(struct ieee_types_wmm_parameter))
+				break;
+
 			memcpy((u8 *) &priv->curr_bss_params.bss_descriptor.
 			       wmm_ie, wmm_param_ie,
 			       wmm_param_ie->vend_hdr.len + 2);
-- 
2.20.1




^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 118/120] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (116 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 117/120] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 119/120] libertas: dont exit from lbs_ibss_join_existing() with RCU read lock held Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qing Xu, Kalle Valo, Sasha Levin

From: Qing Xu <m1s5p6688@gmail.com>

[ Upstream commit b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d ]

mwifiex_cmd_append_vsie_tlv() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().

Signed-off-by: Qing Xu <m1s5p6688@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/marvell/mwifiex/scan.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index 98f942b797f7b..a7968a84aaf88 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -2884,6 +2884,13 @@ mwifiex_cmd_append_vsie_tlv(struct mwifiex_private *priv,
 			vs_param_set->header.len =
 				cpu_to_le16((((u16) priv->vs_ie[id].ie[1])
 				& 0x00FF) + 2);
+			if (le16_to_cpu(vs_param_set->header.len) >
+				MWIFIEX_MAX_VSIE_LEN) {
+				mwifiex_dbg(priv->adapter, ERROR,
+					    "Invalid param length!\n");
+				break;
+			}
+
 			memcpy(vs_param_set->ie, priv->vs_ie[id].ie,
 			       le16_to_cpu(vs_param_set->header.len));
 			*buffer += le16_to_cpu(vs_param_set->header.len) +
-- 
2.20.1




^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 119/120] libertas: dont exit from lbs_ibss_join_existing() with RCU read lock held
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (117 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 118/120] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-13 15:21 ` [PATCH 5.5 120/120] libertas: make lbs_ibss_join_existing() return error code on rates overflow Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicolai Stange, Kalle Valo, Sasha Levin

From: Nicolai Stange <nstange@suse.de>

[ Upstream commit c7bf1fb7ddca331780b9a733ae308737b39f1ad4 ]

Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing().

Unfortunately, it introduced a return path from within a RCU read side
critical section without a corresponding rcu_read_unlock(). Fix this.

Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor")
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/marvell/libertas/cfg.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c
index c9401c121a14e..68985d7663491 100644
--- a/drivers/net/wireless/marvell/libertas/cfg.c
+++ b/drivers/net/wireless/marvell/libertas/cfg.c
@@ -1785,6 +1785,7 @@ static int lbs_ibss_join_existing(struct lbs_private *priv,
 		rates_max = rates_eid[1];
 		if (rates_max > MAX_RATES) {
 			lbs_deb_join("invalid rates");
+			rcu_read_unlock();
 			goto out;
 		}
 		rates = cmd.bss.rates;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 131+ messages in thread

* [PATCH 5.5 120/120] libertas: make lbs_ibss_join_existing() return error code on rates overflow
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (118 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 119/120] libertas: dont exit from lbs_ibss_join_existing() with RCU read lock held Greg Kroah-Hartman
@ 2020-02-13 15:21 ` Greg Kroah-Hartman
  2020-02-14  0:40 ` [PATCH 5.5 000/120] 5.5.4-stable review shuah
                   ` (4 subsequent siblings)
  124 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-13 15:21 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nicolai Stange, Kalle Valo, Sasha Levin

From: Nicolai Stange <nstange@suse.de>

[ Upstream commit 1754c4f60aaf1e17d886afefee97e94d7f27b4cb ]

Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing() and made it to return on overflow.

However, the aforementioned commit doesn't set the return value accordingly
and thus, lbs_ibss_join_existing() would return with zero even though it
failed.

Make lbs_ibss_join_existing return -EINVAL in case the bounds check on the
number of supplied rates fails.

Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor")
Signed-off-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/marvell/libertas/cfg.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c
index 68985d7663491..4e3de684928bf 100644
--- a/drivers/net/wireless/marvell/libertas/cfg.c
+++ b/drivers/net/wireless/marvell/libertas/cfg.c
@@ -1786,6 +1786,7 @@ static int lbs_ibss_join_existing(struct lbs_private *priv,
 		if (rates_max > MAX_RATES) {
 			lbs_deb_join("invalid rates");
 			rcu_read_unlock();
+			ret = -EINVAL;
 			goto out;
 		}
 		rates = cmd.bss.rates;
-- 
2.20.1




^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (119 preceding siblings ...)
  2020-02-13 15:21 ` [PATCH 5.5 120/120] libertas: make lbs_ibss_join_existing() return error code on rates overflow Greg Kroah-Hartman
@ 2020-02-14  0:40 ` shuah
  2020-02-14 15:22   ` Greg Kroah-Hartman
  2020-02-14 10:20 ` Naresh Kamboju
                   ` (3 subsequent siblings)
  124 siblings, 1 reply; 131+ messages in thread
From: shuah @ 2020-02-14  0:40 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
	stable, shuah

On 2/13/20 8:19 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.5.4 release.
> There are 120 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (120 preceding siblings ...)
  2020-02-14  0:40 ` [PATCH 5.5 000/120] 5.5.4-stable review shuah
@ 2020-02-14 10:20 ` Naresh Kamboju
  2020-02-14 15:22   ` Greg Kroah-Hartman
  2020-02-14 10:27 ` Jon Hunter
                   ` (2 subsequent siblings)
  124 siblings, 1 reply; 131+ messages in thread
From: Naresh Kamboju @ 2020-02-14 10:20 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: open list, Shuah Khan, patches, lkft-triage, Ben Hutchings,
	linux- stable, Andrew Morton, Linus Torvalds, Guenter Roeck

On Thu, 13 Feb 2020 at 21:00, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.5.4 release.
> There are 120 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> or in the git tree and branch at:
>         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Summary
------------------------------------------------------------------------

kernel: 5.5.4-rc2
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.5.y
git commit: ed6d023a1817c7e6a969bda2fd46d6a161cfd914
git describe: v5.5.3-121-ged6d023a1817
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.5-oe/build/v5.5.3-121-ged6d023a1817

No regressions (compared to build v5.5.3)

No fixes (compared to build v5.5.3)


Ran 24221 total tests in the following environments and test suites.

Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86

Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* linux-log-parser
* ltp-cap_bounds-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* v4l2-compliance
* ltp-commands-tests
* ltp-math-tests
* ltp-cve-tests
* ltp-fs-tests
* ltp-open-posix-tests
* network-basic-tests
* perf
* spectre-meltdown-checker-test
* kvm-unit-tests
* ssuite
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (121 preceding siblings ...)
  2020-02-14 10:20 ` Naresh Kamboju
@ 2020-02-14 10:27 ` Jon Hunter
  2020-02-14 15:28   ` Greg Kroah-Hartman
  2020-02-14 15:58 ` Jeffrin Jose
  2020-02-14 16:28 ` Guenter Roeck
  124 siblings, 1 reply; 131+ messages in thread
From: Jon Hunter @ 2020-02-14 10:27 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, shuah, patches, ben.hutchings,
	lkft-triage, stable, linux-tegra


On 13/02/2020 15:19, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.5.4 release.
> There are 120 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h

All tests are passing for Tegra ...

Test results for stable-v5.5:
    13 builds:	13 pass, 0 fail
    22 boots:	22 pass, 0 fail
    40 tests:	40 pass, 0 fail

Linux version:	5.5.4-rc2-ged6d023a1817
Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
                tegra194-p2972-0000, tegra20-ventana,
                tegra210-p2371-2180, tegra210-p3450-0000,
                tegra30-cardhu-a04

Cheers
Jon

-- 
nvpublic

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-14 10:20 ` Naresh Kamboju
@ 2020-02-14 15:22   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-14 15:22 UTC (permalink / raw)
  To: Naresh Kamboju
  Cc: open list, Shuah Khan, patches, lkft-triage, Ben Hutchings,
	linux- stable, Andrew Morton, Linus Torvalds, Guenter Roeck

On Fri, Feb 14, 2020 at 03:50:33PM +0530, Naresh Kamboju wrote:
> On Thu, 13 Feb 2020 at 21:00, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > This is the start of the stable review cycle for the 5.5.4 release.
> > There are 120 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> >         https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> > or in the git tree and branch at:
> >         git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
> 
> Results from Linaro’s test farm.
> No regressions on arm64, arm, x86_64, and i386.

Thanks for testing all of tehse and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-14  0:40 ` [PATCH 5.5 000/120] 5.5.4-stable review shuah
@ 2020-02-14 15:22   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-14 15:22 UTC (permalink / raw)
  To: shuah
  Cc: linux-kernel, torvalds, akpm, linux, patches, ben.hutchings,
	lkft-triage, stable

On Thu, Feb 13, 2020 at 05:40:48PM -0700, shuah wrote:
> On 2/13/20 8:19 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.5.4 release.
> > There are 120 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> > or in the git tree and branch at:
> > 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> > and the diffstat can be found below.
> > 
> > thanks,
> > 
> > greg k-h
> > 
> 
> Compiled and booted on my test system. No dmesg regressions.

Thanks for testing all of these and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-14 10:27 ` Jon Hunter
@ 2020-02-14 15:28   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-14 15:28 UTC (permalink / raw)
  To: Jon Hunter
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable, linux-tegra

On Fri, Feb 14, 2020 at 10:27:39AM +0000, Jon Hunter wrote:
> 
> On 13/02/2020 15:19, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.5.4 release.
> > There are 120 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> > or in the git tree and branch at:
> > 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> > and the diffstat can be found below.
> > 
> > thanks,
> > 
> > greg k-h
> 
> All tests are passing for Tegra ...
> 
> Test results for stable-v5.5:
>     13 builds:	13 pass, 0 fail
>     22 boots:	22 pass, 0 fail
>     40 tests:	40 pass, 0 fail
> 
> Linux version:	5.5.4-rc2-ged6d023a1817
> Boards tested:	tegra124-jetson-tk1, tegra186-p2771-0000,
>                 tegra194-p2972-0000, tegra20-ventana,
>                 tegra210-p2371-2180, tegra210-p3450-0000,
>                 tegra30-cardhu-a04
> 

Thanks for testing all of these and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (122 preceding siblings ...)
  2020-02-14 10:27 ` Jon Hunter
@ 2020-02-14 15:58 ` Jeffrin Jose
  2020-02-14 21:17   ` Greg Kroah-Hartman
  2020-02-14 16:28 ` Guenter Roeck
  124 siblings, 1 reply; 131+ messages in thread
From: Jeffrin Jose @ 2020-02-14 15:58 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable, jeffrin

On Thu, Feb 13, 2020 at 07:19:56AM -0800, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.5.4 release.
> There are 120 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> or in the git tree and branch at:
> 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> and the diffstat can be found below.
> 

hello,

compiled and booted 5.5.4-rc1+ . No new errors according to "dmesg -l err"


--
software engineer
rajagiri school of engineering and technology

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
                   ` (123 preceding siblings ...)
  2020-02-14 15:58 ` Jeffrin Jose
@ 2020-02-14 16:28 ` Guenter Roeck
  2020-02-14 21:18   ` Greg Kroah-Hartman
  124 siblings, 1 reply; 131+ messages in thread
From: Guenter Roeck @ 2020-02-14 16:28 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Thu, Feb 13, 2020 at 07:19:56AM -0800, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.5.4 release.
> There are 120 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> Anything received after that time might be too late.
> 

For v5.5.3-121-ged6d023a1817:

Build results:
	total: 157 pass: 157 fail: 0
Qemu test results:
	total: 400 pass: 400 fail: 0

Guenter

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-14 15:58 ` Jeffrin Jose
@ 2020-02-14 21:17   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-14 21:17 UTC (permalink / raw)
  To: Jeffrin Jose
  Cc: linux-kernel, torvalds, akpm, linux, shuah, patches,
	ben.hutchings, lkft-triage, stable

On Fri, Feb 14, 2020 at 09:28:34PM +0530, Jeffrin Jose wrote:
> On Thu, Feb 13, 2020 at 07:19:56AM -0800, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.5.4 release.
> > There are 120 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.5.4-rc1.gz
> > or in the git tree and branch at:
> > 	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.5.y
> > and the diffstat can be found below.
> > 
> 
> hello,
> 
> compiled and booted 5.5.4-rc1+ . No new errors according to "dmesg -l err"

Wonderful, thanks for testing and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 131+ messages in thread

* Re: [PATCH 5.5 000/120] 5.5.4-stable review
  2020-02-14 16:28 ` Guenter Roeck
@ 2020-02-14 21:18   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 131+ messages in thread
From: Greg Kroah-Hartman @ 2020-02-14 21:18 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: linux-kernel, torvalds, akpm, shuah, patches, ben.hutchings,
	lkft-triage, stable

On Fri, Feb 14, 2020 at 08:28:29AM -0800, Guenter Roeck wrote:
> On Thu, Feb 13, 2020 at 07:19:56AM -0800, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.5.4 release.
> > There are 120 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Sat, 15 Feb 2020 15:16:41 +0000.
> > Anything received after that time might be too late.
> > 
> 
> For v5.5.3-121-ged6d023a1817:
> 
> Build results:
> 	total: 157 pass: 157 fail: 0
> Qemu test results:
> 	total: 400 pass: 400 fail: 0

Great, thanks for testing all of these and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 131+ messages in thread

end of thread, back to index

Thread overview: 131+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-13 15:19 [PATCH 5.5 000/120] 5.5.4-stable review Greg Kroah-Hartman
2020-02-13 15:19 ` [PATCH 5.5 001/120] IB/mlx4: Fix memory leak in add_gid error flow Greg Kroah-Hartman
2020-02-13 15:19 ` [PATCH 5.5 002/120] IB/srp: Never use immediate data if it is disabled by a user Greg Kroah-Hartman
2020-02-13 15:19 ` [PATCH 5.5 003/120] IB/mlx5: Return the administrative GUID if exists Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 004/120] IB/mlx4: Fix leak in id_map_find_del Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 005/120] RDMA/netlink: Do not always generate an ACK for some netlink operations Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 006/120] RDMA/i40iw: fix a potential NULL pointer dereference Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 007/120] RDMA/core: Fix locking in ib_uverbs_event_read Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 008/120] RDMA/uverbs: Verify MR access flags Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 009/120] RDMA/mlx5: Fix handling of IOVA != user_va in ODP paths Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 010/120] RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 011/120] RDMA/cma: Fix unbalanced cm_id reference count during address resolve Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 012/120] RDMA/umem: Fix ib_umem_find_best_pgsz() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 013/120] scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 014/120] PCI/IOV: Fix memory leak in pci_iov_add_virtfn() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 015/120] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 016/120] PCI/switchtec: Use dma_set_mask_and_coherent() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 017/120] PCI/switchtec: Fix vep_vector_number ioread width Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 018/120] PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30 Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 019/120] PCI: Dont disable bridge BARs when assigning bus resources Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 020/120] PCI/AER: Initialize aer_fifo Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 021/120] iwlwifi: mvm: avoid use after free for pmsr request Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 022/120] iwlwifi: mvm: fix TDLS discovery with the new firmware API Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 023/120] netfilter: flowtable: fetch stats only if flow is still alive Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 024/120] netfilter: flowtable: restrict flow dissector match on meta ingress device Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 025/120] netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 026/120] netfilter: flowtable: Fix missing flush hardware on table free Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 027/120] NFSv4.x recover from pre-mature loss of openstateid Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 028/120] nfs: NFS_SWAP should depend on SWAP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 029/120] NFS: Revalidate the file size on a fatal write error Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 030/120] NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 031/120] NFS: Fix fix of show_nfs_errors Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 032/120] NFSv4: pnfs_roc() must use cred_fscmp() to compare creds Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 033/120] NFSv4: try lease recovery on NFS4ERR_EXPIRED Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 034/120] NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 035/120] x86/boot: Handle malformed SRAT tables during early ACPI parsing Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 036/120] bpftool: Dont crash on missing xlated program instructions Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 037/120] bpf, sockmap: Dont sleep while holding RCU lock on tear-down Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 038/120] bpf, sockhash: Synchronize_rcu before freeing map Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 039/120] selftests/bpf: Test freeing sockmap/sockhash with a socket in it Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 040/120] bpf: Improve bucket_log calculation logic Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 041/120] bpf, sockmap: Check update requirements after locking Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 042/120] mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 043/120] netdevsim: fix using uninitialized resources Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 044/120] netdevsim: disable devlink reload when resources are being used Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 045/120] netdevsim: fix panic in nsim_dev_take_snapshot_write() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 046/120] netdevsim: use __GFP_NOWARN to avoid memalloc warning Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 047/120] rtc: mt6397: drop free_irq of devm_ allocated irq Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 048/120] rtc: hym8563: Return -EINVAL if the time is known to be invalid Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 049/120] rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 050/120] rtc: cmos: Stop using shared IRQ Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 051/120] watchdog: qcom: Use platform_get_irq_optional() for bark irq Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 052/120] MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 053/120] ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 054/120] platform/x86: intel_mid_powerbtn: Take a copy of ddata Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 055/120] arm64: dts: qcom: msm8998: Fix tcsr syscon size Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 056/120] arm64: dts: uDPU: fix broken ethernet Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 057/120] arm64: dts: qcom: msm8998-mtp: Add alias for blsp1_uart3 Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 058/120] ARM: dts: at91: Reenable UART TX pull-ups Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 059/120] ARM: dts: am43xx: add support for clkout1 clock Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 060/120] arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 061/120] arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 062/120] ARM: dts: meson8: use the actual frequency for the GPUs 182.1MHz OPP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.5 063/120] ARM: dts: meson8b: use the actual frequency for the GPUs 364MHz OPP Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 064/120] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 065/120] ARM: dts: at91: sama5d3: define clock rate range for tcb1 Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 066/120] tools/power/acpi: fix compilation error Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 067/120] soc: qcom: rpmhpd: Set active_only for active only power domains Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 068/120] Revert "powerpc/pseries/iommu: Dont use dma_iommu_ops on secure guests" Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 069/120] powerpc/ptdump: Fix W+X verification call in mark_rodata_ro() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 070/120] powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 071/120] powerpc/papr_scm: Fix leaking bus_desc.provider_name in some paths Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 072/120] powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 073/120] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 074/120] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 075/120] ARM: at91: pm: use SAM9X60 PMCs compatible Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 076/120] ARM: at91: pm: use of_device_id array to find the proper shdwc node Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 077/120] KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 078/120] ARM: 8949/1: mm: mark free_memmap as __init Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 079/120] sched/uclamp: Fix a bug in propagating uclamp value in new cgroups Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 080/120] arm64: kernel: Correct annotation of end of el0_sync Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 081/120] arm64: cpufeature: Fix the type of no FP/SIMD capability Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 082/120] arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 083/120] arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 084/120] crypto: arm/chacha - fix build failured when kernel mode NEON is disabled Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 085/120] KVM: arm/arm64: Fix young bit from mmu notifier Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 086/120] KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 087/120] KVM: arm: Make inject_abt32() inject an external abort instead Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 088/120] KVM: arm64: pmu: Dont increment SW_INCR if PMCR.E is unset Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 089/120] KVM: arm64: pmu: Fix chained SW_INCR counters Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 090/120] KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 091/120] arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 092/120] arm64: kvm: Fix IDMAP overlap with HYP VA Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 093/120] mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 094/120] mtd: sharpslpart: Fix unsigned comparison to zero Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 095/120] crypto: testmgr - dont try to decrypt uninitialized buffers Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 096/120] crypto: artpec6 - return correct error code for failed setkey() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 097/120] crypto: atmel-sha - fix error handling when setting hmac key Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 098/120] crypto: caam/qi2 - fix typo in algorithms driver name Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 099/120] drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 100/120] media: i2c: adv748x: Fix unsafe macros Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 101/120] i2c: cros-ec-tunnel: Fix slave device enumeration Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 102/120] i2c: cros-ec-tunnel: Fix ACPI identifier Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 103/120] dt-bindings: iio: adc: ad7606: Fix wrong maxItems value Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 104/120] ASoC: soc-generic-dmaengine-pcm: Fix error handling Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 105/120] bcache: avoid unnecessary btree nodes flushing in btree_flush_write() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 106/120] x86/alternatives: add missing insn.h include Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 107/120] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 108/120] selinux: fix regression introduced by move_mount(2) syscall Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 109/120] pinctrl: baytrail: Allocate IRQ chip dynamic Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 110/120] pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 111/120] pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 112/120] pinctrl: qcom: Dont lock around irq_set_irq_wake() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 113/120] regmap: fix writes to non incrementing registers Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 114/120] mfd: max77650: Select REGMAP_IRQ in Kconfig Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 115/120] clk: meson: g12a: fix missing uart2 in regmap table Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 116/120] dmaengine: axi-dmac: add a check for devm_regmap_init_mmio Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 117/120] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 118/120] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 119/120] libertas: dont exit from lbs_ibss_join_existing() with RCU read lock held Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.5 120/120] libertas: make lbs_ibss_join_existing() return error code on rates overflow Greg Kroah-Hartman
2020-02-14  0:40 ` [PATCH 5.5 000/120] 5.5.4-stable review shuah
2020-02-14 15:22   ` Greg Kroah-Hartman
2020-02-14 10:20 ` Naresh Kamboju
2020-02-14 15:22   ` Greg Kroah-Hartman
2020-02-14 10:27 ` Jon Hunter
2020-02-14 15:28   ` Greg Kroah-Hartman
2020-02-14 15:58 ` Jeffrin Jose
2020-02-14 21:17   ` Greg Kroah-Hartman
2020-02-14 16:28 ` Guenter Roeck
2020-02-14 21:18   ` Greg Kroah-Hartman

Stable Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ https://lore.kernel.org/stable \
		stable@vger.kernel.org
	public-inbox-index stable

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.stable


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git