* [PATCH 5.4 000/320] 5.4.174-rc1 review
@ 2022-01-24 18:39 Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 001/320] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
` (324 more replies)
0 siblings, 325 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
stable
This is the start of the stable review cycle for the 5.4.174 release.
There are 320 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.4.174-rc1
Masami Hiramatsu <mhiramat@kernel.org>
Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
Doyle, Patrick <pdoyle@irobot.com>
mtd: nand: bbt: Fix corner case in bad block table handling
Andrey Konovalov <andreyknvl@google.com>
lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
Miaoqian Lin <linmq006@gmail.com>
lib82596: Fix IRQ check in sni_82596_probe
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
scripts/dtc: dtx_diff: remove broken example from help text
Alexander Stein <alexander.stein@mailbox.org>
dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
Alexander Stein <alexander.stein@mailbox.org>
dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
Tom Rix <trix@redhat.com>
net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
Sergey Shtylyov <s.shtylyov@omp.ru>
bcmgenet: add WOL IRQ check
Kevin Bracey <kevin@bracey.fi>
net_sched: restore "mpu xxx" handling
David Heidelberg <david@ixit.cz>
arm64: dts: qcom: msm8996: drop not documented adreno properties
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix lld view setting
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Fix concurrency over xfers_list
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Print debug message after realeasing the lock
Tudor Ambarus <tudor.ambarus@microchip.com>
dmaengine: at_xdmac: Don't start transactions at tx_submit level
Adrian Hunter <adrian.hunter@intel.com>
perf script: Fix hex dump character output
Guillaume Nault <gnault@redhat.com>
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
Guillaume Nault <gnault@redhat.com>
gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
Guillaume Nault <gnault@redhat.com>
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
Eric Dumazet <edumazet@google.com>
netns: add schedule point in ops_exit_list()
Eric Dumazet <edumazet@google.com>
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
Laurence de Bruxelles <lfdebrux@gmail.com>
rtc: pxa: fix null pointer dereference
Robert Hancock <robert.hancock@calian.com>
net: axienet: increase default TX ring size to 128
Robert Hancock <robert.hancock@calian.com>
net: axienet: fix number of TX ring slots for available check
Robert Hancock <robert.hancock@calian.com>
net: axienet: limit minimum TX ring size
Robert Hancock <robert.hancock@calian.com>
clk: si5341: Fix clock HW provider cleanup
Eric Dumazet <edumazet@google.com>
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
Chao Yu <chao@kernel.org>
f2fs: fix to reserve space for IO align feature
Miaoqian Lin <linmq006@gmail.com>
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
Tobias Waldekranz <tobias@waldekranz.com>
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
Eric Dumazet <edumazet@google.com>
ipv4: avoid quadratic behavior in netns dismantle
Quentin Monnet <quentin@isovalent.com>
bpftool: Remove inclusion of utilities.mak from Makefiles
Tobias Waldekranz <tobias@waldekranz.com>
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
Anders Roxell <anders.roxell@linaro.org>
powerpc/cell: Fix clang -Wimplicit-fallthrough warning
Moshe Shemesh <moshe@nvidia.com>
Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
Amelie Delaunay <amelie.delaunay@foss.st.com>
dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
Chengguang Xu <cgxu519@mykernel.net>
RDMA/rxe: Fix a typo in opcode name
Yixing Liu <liuyixing1@huawei.com>
RDMA/hns: Modify the mapping attribute of doorbell to device
Bart Van Assche <bvanassche@acm.org>
scsi: core: Show SCMD_LAST in text form
Randy Dunlap <rdunlap@infradead.org>
Documentation: fix firewire.rst ABI file path error
Lukas Bulwahn <lukas.bulwahn@gmail.com>
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
Sakari Ailus <sakari.ailus@linux.intel.com>
Documentation: ACPI: Fix data node reference documentation
Daniel Thompson <daniel.thompson@linaro.org>
Documentation: dmaengine: Correctly describe dmatest with channel unset
Suresh Udipi <sudipi@jp.adit-jv.com>
media: rcar-csi2: Optimize the selection PHTW register
Ben Hutchings <ben@decadent.org.uk>
firmware: Update Kconfig help text for Google firmware
Baruch Siach <baruch@tkos.co.il>
of: base: Improve argument length mismatch error
Christian König <christian.koenig@amd.com>
drm/radeon: fix error handling in radeon_driver_open_kms
Theodore Ts'o <tytso@mit.edu>
ext4: don't use the orphan list when migrating an inode
Ye Bin <yebin10@huawei.com>
ext4: Fix BUG_ON in ext4_bread when write quota data
Luís Henriques <lhenriques@suse.de>
ext4: set csum seed in tmp inode while migrating to extents
Jan Kara <jack@suse.cz>
ext4: make sure quota gets properly shutdown on error
Jan Kara <jack@suse.cz>
ext4: make sure to reset inode lockdep class when quota enabling fails
Filipe Manana <fdmanana@suse.com>
btrfs: respect the max size in the header when activating swap file
Josef Bacik <josef@toxicpanda.com>
btrfs: check the root node for uptodate before returning it
Filipe Manana <fdmanana@suse.com>
btrfs: fix deadlock between quota enable and other quota operations
Ghalem Boudour <ghalem.boudour@6wind.com>
xfrm: fix policy lookup for ipv6 gre packets
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Correctly set PCIe capabilities
Pali Rohár <pali@kernel.org>
PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
Lukas Wunner <lukas@wunner.de>
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
John David Anglin <dave.anglin@bell.net>
parisc: Fix lpa and lpa_user defines
Brian Norris <briannorris@chromium.org>
drm/bridge: analogix_dp: Make PSR-exit block less
Ilia Mirkin <imirkin@alum.mit.edu>
drm/nouveau/kms/nv04: use vzalloc for nv04_display
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: limit submit sizes
Alexander Gordeev <agordeev@linux.ibm.com>
s390/mm: fix 2KB pgtable release race
Ilan Peer <ilan.peer@intel.com>
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
Xiangyang Zhang <xyz.sun.ok@gmail.com>
tracing/kprobes: 'nmissed' not showed correctly for kretprobe
Andrey Ryabinin <arbn@yandex-team.com>
cputime, cpuacct: Include guest time in user time in cpuacct.stat
Lukas Wunner <lukas@wunner.de>
serial: Fix incorrect rs485 polarity on uart open
Xie Yongji <xieyongji@bytedance.com>
fuse: Pass correct lend value to filemap_write_and_wait_range()
Petr Cvachoucek <cvachoucek@gmail.com>
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
Meng Li <Meng.Li@windriver.com>
crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
Marek Vasut <marex@denx.de>
crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
Heiner Kallweit <hkallweit1@gmail.com>
crypto: omap-aes - Fix broken pm_runtime_and_get() usage
Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
rpmsg: core: Clean up resources on announce_create failure.
Yauhen Kharuzhy <jekhor@gmail.com>
power: bq25890: Enable continuous conversion for ADC at charging
Tzung-Bi Shih <tzungbi@google.com>
ASoC: mediatek: mt8173: fix device_node leak
Christoph Hellwig <hch@lst.de>
scsi: sr: Don't use GFP_DMA
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
MIPS: Octeon: Fix build errors using clang
Lakshmi Sowjanya D <lakshmi.sowjanya.d@intel.com>
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
Ye Guojin <ye.guojin@zte.com.cn>
MIPS: OCTEON: add put_device() after of_find_device_by_node()
Hari Bathini <hbathini@linux.ibm.com>
powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
Takashi Iwai <tiwai@suse.de>
ALSA: seq: Set upper limit of processed events
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
Christophe Leroy <christophe.leroy@csgroup.eu>
w1: Misuse of get_user()/put_user() reported by sparse
Alexey Kardashevskiy <aik@ozlabs.ru>
KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/powermac: Add missing lockdep_register_key()
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
Joakim Tjernlund <joakim.tjernlund@infinera.com>
i2c: mpc: Correct I2C reset procedure
Michael Ellerman <mpe@ellerman.id.au>
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
Heiner Kallweit <hkallweit1@gmail.com>
i2c: i801: Don't silently correct invalid transfer size
Nicholas Piggin <npiggin@gmail.com>
powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/btext: add missing of_node_put
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/cell: add missing of_node_put
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/powernv: add missing of_node_put
Julia Lawall <Julia.Lawall@lip6.fr>
powerpc/6xx: add missing of_node_put
John David Anglin <dave.anglin@bell.net>
parisc: Avoid calling faulthandler_disabled() twice
Jason A. Donenfeld <Jason@zx2c4.com>
random: do not throw away excess input to crng_fast_load
Lukas Wunner <lukas@wunner.de>
serial: core: Keep mctrl register state and cached copy in sync
Lukas Wunner <lukas@wunner.de>
serial: pl010: Drop CR register reset on set_termios
Konrad Dybcio <konrad.dybcio@somainline.org>
regulator: qcom_smd: Align probe function with rpmh-regulator
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: gemini: allow any RGMII interface mode
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: phy: marvell: configure RGMII delays for 88E1118
Joe Thornber <ejt@redhat.com>
dm space map common: add bounds check to sm_ll_lookup_bitmap()
Joe Thornber <ejt@redhat.com>
dm btree: add a defensive bounds check to insert_at()
Ping-Ke Shih <pkshih@realtek.com>
mac80211: allow non-standard VHT MCS-10/11
Florian Fainelli <f.fainelli@gmail.com>
net: mdio: Demote probed message to debug print
Josef Bacik <josef@toxicpanda.com>
btrfs: remove BUG_ON(!eie) in find_parent_nodes
Josef Bacik <josef@toxicpanda.com>
btrfs: remove BUG_ON() in find_parent_nodes()
Thomas Weißschuh <linux@weissschuh.net>
ACPI: battery: Add the ThinkPad "Not Charging" quirk
Zongmin Zhou <zhouzongmin@kylinos.cn>
drm/amdgpu: fixup bad vram size on gmc v8
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
Sudeep Holla <sudeep.holla@arm.com>
ACPICA: Fix wrong interpretation of PCC address
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPICA: Utilities: Avoid deleting the same object twice in a row
Mark Langsdorf <mlangsdo@redhat.com>
ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
Kyeong Yoo <kyeong.yoo@alliedtelesis.co.nz>
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
Randy Dunlap <rdunlap@infradead.org>
um: registers: Rename function names to avoid conflicts and build problems
Ilan Peer <ilan.peer@intel.com>
iwlwifi: mvm: Fix calculation of frame length
Johannes Berg <johannes.berg@intel.com>
iwlwifi: remove module loading failure message
Johannes Berg <johannes.berg@intel.com>
iwlwifi: fix leaks/bad data after failed firmware load
Zekun Shen <bruceshenzk@gmail.com>
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
Kai-Heng Feng <kai.heng.feng@canonical.com>
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
cpufreq: Fix initialization of min and max frequency QoS requests
Thierry Reding <treding@nvidia.com>
arm64: tegra: Adjust length of CCPLEX cluster MMIO region
Biwen Li <biwen.li@nxp.com>
arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
Paul Moore <paul@paul-moore.com>
audit: ensure userspace is penalized the same as the kernel when under pressure
Ulf Hansson <ulf.hansson@linaro.org>
mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
Zhou Qingyang <zhou1615@umn.edu>
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
Sean Young <sean@mess.org>
media: igorplugusb: receiver overflow should be reported
Alistair Francis <alistair@alistair23.me>
HID: quirks: Allow inverting the absolute X/Y values
Paolo Abeni <pabeni@redhat.com>
bpf: Do not WARN in bpf_warn_invalid_xdp_action()
Suresh Kumar <surkumar@redhat.com>
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
Borislav Petkov <bp@suse.de>
x86/mce: Mark mce_read_aux() noinstr
Borislav Petkov <bp@suse.de>
x86/mce: Mark mce_end() noinstr
Borislav Petkov <bp@suse.de>
x86/mce: Mark mce_panic() noinstr
Iwona Winiarska <iwona.winiarska@intel.com>
gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: phy: prefer 1000baseT over 1000baseKX
Antoine Tenart <atenart@kernel.org>
net-sysfs: update the queue counts in the unregistration path
Sebastian Gottschall <s.gottschall@dd-wrt.com>
ath10k: Fix tx hanging
Johannes Berg <johannes.berg@intel.com>
iwlwifi: mvm: synchronize with FW after multicast commands
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
media: m920x: don't use stack on USB reads
Zhou Qingyang <zhou1615@umn.edu>
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
James Hilliard <james.hilliard1@gmail.com>
media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
Joerg Roedel <jroedel@suse.de>
x86/mm: Flush global TLB when switching to trampoline page-table
Xiongwei Song <sxwjean@gmail.com>
floppy: Add max size check for user space request
Neal Liu <neal_liu@aspeedtech.com>
usb: uhci: add aspeed ast2600 uhci support
Zekun Shen <bruceshenzk@gmail.com>
rsi: Fix out-of-bounds read in rsi_read_pkt()
Zekun Shen <bruceshenzk@gmail.com>
rsi: Fix use-after-free in rsi_rx_done_handler()
Zekun Shen <bruceshenzk@gmail.com>
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
Chengfeng Ye <cyeaa@connect.ust.hk>
HSI: core: Fix return freed object in hsi_new_client
Hans de Goede <hdegoede@redhat.com>
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
Martyn Welch <martyn.welch@collabora.com>
drm/bridge: megachips: Ensure both bridges are probed before registration
Danielle Ratson <danieller@nvidia.com>
mlxsw: pci: Add shutdown method in PCI driver
Lukas Bulwahn <lukas.bulwahn@gmail.com>
ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART
Dinh Nguyen <dinguyen@kernel.org>
EDAC/synopsys: Use the quirk for version instead of ddr version
Zheyu Ma <zheyuma97@gmail.com>
media: b2c2: Add missing check in flexcop_pci_isr:
José Expósito <jose.exposito89@gmail.com>
HID: apple: Do not reset quirks when the Fn key is not found
Hans de Goede <hdegoede@redhat.com>
drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
Pavankumar Kondeti <quic_pkondeti@quicinc.com>
usb: gadget: f_fs: Use stream_open() for endpoint files
Linus Lüssing <linus.luessing@c0d3.blue>
batman-adv: allow netlink usage in unprivileged containers
Wan Jiabing <wanjiabing@vivo.com>
ARM: shmobile: rcar-gen2: Add missing of_node_put()
Ben Skeggs <bskeggs@redhat.com>
drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
Zekun Shen <bruceshenzk@gmail.com>
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
Qiang Yu <yuq825@gmail.com>
drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
Andrii Nakryiko <andrii@kernel.org>
libbpf: Validate that .BTF and .BTF.ext sections contain data
Alexander Aring <aahringo@redhat.com>
fs: dlm: filter user dlm messages for kernel locks
Wei Yongjun <weiyongjun1@huawei.com>
Bluetooth: Fix debugfs entry leak in hci_register_dev()
Baruch Siach <baruch@tkos.co.il>
of: base: Fix phandle argument length mismatch error message
Kamal Heib <kamalheib1@gmail.com>
RDMA/cxgb4: Set queue pair state when being queried
Randy Dunlap <rdunlap@infradead.org>
mips: bcm63xx: add support for clk_set_parent()
Randy Dunlap <rdunlap@infradead.org>
mips: lantiq: add support for clk_set_parent()
Wei Yongjun <weiyongjun1@huawei.com>
misc: lattice-ecp3-config: Fix task hung when firmware load failed
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: samsung: idma: Check of ioremap return value
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: mediatek: Check for error clk pointer
Ryuta NAKANISHI <nakanishi.ryuta@socionext.com>
phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
Xiongfeng Wang <wangxiongfeng2@huawei.com>
iommu/iova: Fix race between FQ timeout and teardown
Arnd Bergmann <arnd@arndb.de>
dmaengine: pxa/mmp: stop referencing config->slave_id
Dillon Min <dillon.minfei@gmail.com>
clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: rt5663: Handle device_property_read_u32_array error codes
Avihai Horon <avihaih@nvidia.com>
RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
Avihai Horon <avihaih@nvidia.com>
RDMA/core: Let ib_find_gid() continue search even after empty entry
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/powermac: Add additional missing lockdep_register_key()
Thomas Gleixner <tglx@linutronix.de>
PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
Bart Van Assche <bvanassche@acm.org>
scsi: ufs: Fix race conditions related to driver data
Hector Martin <marcan@marcan.st>
iommu/io-pgtable-arm: Fix table descriptor paddr formatting
Jiasheng Jiang <jiasheng@iscas.ac.cn>
uio: uio_dmem_genirq: Catch the Exception
Todd Kjos <tkjos@google.com>
binder: fix handling of error during copy
Kees Cook <keescook@chromium.org>
char/mwave: Adjust io port register size
Bixuan Cui <cuibixuan@linux.alibaba.com>
ALSA: oss: fix compile error when OSS_DEBUG is enabled
Lukas Bulwahn <lukas.bulwahn@gmail.com>
ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
Peiwei Hu <jlu.hpw@foxmail.com>
powerpc/prom_init: Fix improper check of prom_getprop()
Adam Ford <aford173@gmail.com>
clk: imx8mn: Fix imx8mn_clko1_sels
Kamal Heib <kamalheib1@gmail.com>
RDMA/hns: Validate the pkey index
Takashi Iwai <tiwai@suse.de>
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
Takashi Iwai <tiwai@suse.de>
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
Takashi Iwai <tiwai@suse.de>
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
Jan Kara <jack@suse.cz>
ext4: avoid trim error on fs with small groups
Pavel Skripkin <paskripkin@gmail.com>
net: mcs7830: handle usb read errors properly
Dominik Brodowski <linux@dominikbrodowski.net>
pcmcia: fix setting of kthread task states
Jiasheng Jiang <jiasheng@iscas.ac.cn>
can: xilinx_can: xcan_probe(): check for error irq
Marc Kleine-Budde <mkl@pengutronix.de>
can: softing: softing_startstop(): fix set but not used variable warning
Chen Jun <chenjun102@huawei.com>
tpm: add request_locality before write TPM_INT_ENABLE
Miaoqian Lin <linmq006@gmail.com>
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
Moshe Shemesh <moshe@nvidia.com>
net/mlx5: Set command entry semaphore up once got index free
Aya Levin <ayal@nvidia.com>
Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
Maor Dickman <maord@nvidia.com>
net/mlx5e: Don't block routes with nexthop objects in SW
Michal Suchanek <msuchanek@suse.de>
debugfs: lockdown: Allow reading debugfs files that are not world readable
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
José Expósito <jose.exposito89@gmail.com>
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
Jiasheng Jiang <jiasheng@iscas.ac.cn>
Bluetooth: hci_bcm: Check for error irq
Jiasheng Jiang <jiasheng@iscas.ac.cn>
fsl/fman: Check for null pointer after calling devm_ioremap
Jiasheng Jiang <jiasheng@iscas.ac.cn>
staging: greybus: audio: Check null pointer
Dan Carpenter <dan.carpenter@oracle.com>
rocker: fix a sleeping in atomic bug
Eric Dumazet <edumazet@google.com>
ppp: ensure minimum packet size in ppp_write()
Kuniyuki Iwashima <kuniyu@amazon.co.jp>
bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
Xin Xiong <xiongx18@fudan.edu.cn>
netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
Zhou Qingyang <zhou1615@umn.edu>
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
Zhou Qingyang <zhou1615@umn.edu>
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
Hans de Goede <hdegoede@redhat.com>
ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
Zhang Zixun <zhang133010@icloud.com>
x86/mce/inject: Avoid out-of-bounds write when setting flags
Paul Chaignon <paul@isovalent.com>
bpftool: Enable line buffering for stdout
Bernard Zhao <bernard@vivo.com>
selinux: fix potential memleak in selinux_add_opt()
Sergey Shtylyov <s.shtylyov@omp.ru>
mmc: meson-mx-sdio: add IRQ check
Marek Behún <kabel@kernel.org>
ARM: dts: armada-38x: Add generic compatible to UART nodes
Wei Yongjun <weiyongjun1@huawei.com>
usb: ftdi-elan: fix memory leak on device disconnect
Andre Przywara <andre.przywara@arm.com>
ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
Antony Antony <antony.antony@secunet.com>
xfrm: state and policy should fail if XFRMA_IF_ID 0
Antony Antony <antony.antony@secunet.com>
xfrm: interface with if_id 0 should return error
Jernej Skrabec <jernej.skrabec@gmail.com>
media: hantro: Fix probe func error path
Stephen Boyd <swboyd@chromium.org>
drm/bridge: ti-sn65dsi86: Set max register for regmap
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dpu: fix safe status debugfs file
Jiasheng Jiang <jiasheng@iscas.ac.cn>
media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
Wang Hai <wanghai38@huawei.com>
media: msi001: fix possible null-ptr-deref in msi001_probe()
Anton Vasilyev <vasilyev@ispras.ru>
media: dw2102: Fix use after free
Christian Lamparter <chunkeey@gmail.com>
ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix lrw chaining mode
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix double pm exit
Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
Eric Dumazet <edumazet@google.com>
xfrm: fix a small bug in xfrm_sa_len()
Brian Norris <briannorris@chromium.org>
mwifiex: Fix possible ABBA deadlock
Frederic Weisbecker <frederic@kernel.org>
rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
Li Hua <hucool.lihua@huawei.com>
sched/rt: Try to restart rt period timer when rt runtime exceeded
Robert Schlabbach <robert_s@gmx.net>
media: si2157: Fix "warm" tuner state detection
Zhou Qingyang <zhou1615@umn.edu>
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
Zhou Qingyang <zhou1615@umn.edu>
media: dib8000: Fix a memleak in dib8000_init()
Sean Wang <sean.wang@mediatek.com>
Bluetooth: btmtksdio: fix resume failure
Yang Yingliang <yangyingliang@huawei.com>
staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
Yang Yingliang <yangyingliang@huawei.com>
staging: rtl8192e: return error code from rtllib_softmac_init()
Tasos Sahanidis <tasos@tasossah.com>
floppy: Fix hang in watchdog when disk is ejected
Lino Sanfilippo <LinoSanfilippo@gmx.de>
serial: amba-pl011: do not request memory region twice
Lizhi Hou <lizhi.hou@xilinx.com>
tty: serial: uartlite: allow 64 bit address
Nishanth Menon <nm@ti.com>
arm64: dts: ti: k3-j721e: Fix the L2 cache sets
Zhou Qingyang <zhou1615@umn.edu>
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
Zhou Qingyang <zhou1615@umn.edu>
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPI: EC: Rework flushing of EC work while suspended to idle
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
arm64: dts: qcom: msm8916: fix MMC controller aliases
Florian Westphal <fw@strlen.de>
netfilter: bridge: add support for pppoe filtering
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()'
Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
Yang Yingliang <yangyingliang@huawei.com>
media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
Fabio Estevam <festevam@denx.de>
media: imx-pxp: Initialize the spinlock prior to using it
Suresh Udipi <sudipi@jp.adit-jv.com>
media: rcar-csi2: Correct the selection of hsfreqrange
Tudor Ambarus <tudor.ambarus@microchip.com>
tty: serial: atmel: Call dma_async_issue_pending()
Tudor Ambarus <tudor.ambarus@microchip.com>
tty: serial: atmel: Check return code of dmaengine_submit()
Peng Fan <peng.fan@nxp.com>
arm64: dts: ti: k3-j721e: correct cache-sets info
Chengfeng Ye <cyeaa@connect.ust.hk>
crypto: qce - fix uaf on qce_ahash_register_one
Wang Hai <wanghai38@huawei.com>
media: dmxdev: fix UAF when dvb_register_device() fails
Jens Wiklander <jens.wiklander@linaro.org>
tee: fix put order in teedev_close_context()
Pavel Skripkin <paskripkin@gmail.com>
Bluetooth: stop proccessing malicious adv data
Christian Hewitt <christianshewitt@gmail.com>
arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
Christian Hewitt <christianshewitt@gmail.com>
arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
Jammy Huang <jammy_huang@aspeedtech.com>
media: aspeed: Update signal status immediately to ensure sane hw state
Dongliang Mu <mudongliangabcd@gmail.com>
media: em28xx: fix memory leak in em28xx_init_dev
Jammy Huang <jammy_huang@aspeedtech.com>
media: aspeed: fix mode-detect always time out at 2nd run
Dillon Min <dillon.minfei@gmail.com>
media: videobuf2: Fix the size printk format
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
wcn36xx: Release DMA channel descriptor allocations
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
Maxime Ripard <maxime@cerno.tech>
clk: bcm-2835: Remove rounding up the dividers
Maxime Ripard <maxime@cerno.tech>
clk: bcm-2835: Pick the closest clock rate
Wang Hai <wanghai38@huawei.com>
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
Brian Norris <briannorris@chromium.org>
drm/rockchip: dsi: Fix unbalanced clock on probe error
Brian Norris <briannorris@chromium.org>
drm/panel: innolux-p079zca: Delete panel on attach() failure
Brian Norris <briannorris@chromium.org>
drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
Brian Norris <briannorris@chromium.org>
drm/rockchip: dsi: Reconfigure hardware on resume()
Brian Norris <briannorris@chromium.org>
drm/rockchip: dsi: Hold pm-runtime across bind/unbind
Gang Li <ligang.bdlg@bytedance.com>
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
Baoquan He <bhe@redhat.com>
mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
Baoquan He <bhe@redhat.com>
mm_zone: add function to check if managed dma zone exists
Yifeng Li <tomli@tomli.me>
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
Thomas Hellström <thomas.hellstrom@linux.intel.com>
dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
Yunfei Wang <yf.wang@mediatek.com>
iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
Christophe Leroy <christophe.leroy@csgroup.eu>
lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
Johan Hovold <johan@kernel.org>
can: softing_cs: softingcs_probe(): fix memleak on registration failure
Johan Hovold <johan@kernel.org>
media: stk1160: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: pvrusb2: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: redrat3: fix control-message timeouts
Michael Kuron <michael.kuron@gmail.com>
media: dib0700: fix undefined behavior in tuner shutdown
Johan Hovold <johan@kernel.org>
media: s2255: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: cpia2: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: em28xx: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: mceusb: fix control-message timeouts
Johan Hovold <johan@kernel.org>
media: flexcop-usb: fix control-message timeouts
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
Mateusz Jończyk <mat.jonczyk@o2.pl>
rtc: cmos: take rtc_lock while reading from CMOS
Willy Tarreau <w@1wt.eu>
tools/nolibc: fix incorrect truncation of exit code
Willy Tarreau <w@1wt.eu>
tools/nolibc: i386: fix initial stack alignment
Ammar Faizi <ammar.faizi@students.amikom.ac.id>
tools/nolibc: x86-64: Fix startup code bug
Lucas De Marchi <lucas.demarchi@intel.com>
x86/gpu: Reserve stolen memory for first integrated Intel GPU
Stefan Riedmueller <s.riedmueller@phytec.de>
mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
Christian Eggers <ceggers@arri.de>
mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check in is_alive()
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Avoid using stale array indicies to read contact count
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Ignore the confidence flag when a touch is removed
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Reset expected and received contact counts at the same time
Jann Horn <jannh@google.com>
HID: uhid: Fix worker destroying device without any protection
-------------
Diffstat:
Documentation/admin-guide/hw-vuln/spectre.rst | 2 +-
.../bindings/display/amlogic,meson-dw-hdmi.yaml | 5 +
.../bindings/display/amlogic,meson-vpu.yaml | 6 +
Documentation/driver-api/dmaengine/dmatest.rst | 7 +-
Documentation/driver-api/firewire.rst | 4 +-
.../acpi/dsd/data-node-references.rst | 10 +-
Makefile | 4 +-
arch/arm/Kconfig.debug | 14 +-
arch/arm/boot/compressed/efi-header.S | 22 +-
arch/arm/boot/compressed/head.S | 3 +-
arch/arm/boot/dts/armada-38x.dtsi | 4 +-
arch/arm/boot/dts/gemini-nas4220b.dts | 2 +-
arch/arm/include/debug/imx-uart.h | 18 +-
arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c | 5 +-
arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi | 3 +
arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts | 14 +-
arch/arm64/boot/dts/nvidia/tegra186.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +-
arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 -
arch/arm64/boot/dts/ti/k3-j721e.dtsi | 6 +-
arch/ia64/kernel/kprobes.c | 78 ++++-
arch/mips/bcm63xx/clk.c | 6 +
arch/mips/cavium-octeon/octeon-platform.c | 2 +
arch/mips/cavium-octeon/octeon-usb.c | 1 +
arch/mips/include/asm/octeon/cvmx-bootinfo.h | 4 +-
arch/mips/lantiq/clk.c | 6 +
arch/parisc/include/asm/special_insns.h | 44 +--
arch/parisc/kernel/traps.c | 2 +-
arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi | 2 +
arch/powerpc/kernel/btext.c | 4 +-
arch/powerpc/kernel/prom_init.c | 2 +-
arch/powerpc/kernel/smp.c | 32 ++
arch/powerpc/kernel/watchdog.c | 41 ++-
arch/powerpc/kvm/book3s_hv_nested.c | 2 +-
arch/powerpc/platforms/cell/iommu.c | 1 +
arch/powerpc/platforms/cell/pervasive.c | 1 +
arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 1 +
arch/powerpc/platforms/powermac/low_i2c.c | 3 +
arch/powerpc/platforms/powernv/opal-lpc.c | 1 +
arch/s390/mm/pgalloc.c | 4 +-
arch/um/include/shared/registers.h | 4 +-
arch/um/os-Linux/registers.c | 4 +-
arch/um/os-Linux/start_up.c | 2 +-
arch/x86/include/asm/realmode.h | 1 +
arch/x86/kernel/cpu/mce/core.c | 31 +-
arch/x86/kernel/cpu/mce/inject.c | 2 +-
arch/x86/kernel/early-quirks.c | 10 +-
arch/x86/kernel/reboot.c | 12 +-
arch/x86/realmode/init.c | 26 ++
arch/x86/um/syscalls_64.c | 3 +-
drivers/acpi/acpica/exfield.c | 7 +-
drivers/acpi/acpica/exoparg1.c | 3 +-
drivers/acpi/acpica/hwesleep.c | 4 +-
drivers/acpi/acpica/hwsleep.c | 4 +-
drivers/acpi/acpica/hwxfsleep.c | 2 -
drivers/acpi/acpica/utdelete.c | 1 +
drivers/acpi/battery.c | 22 ++
drivers/acpi/ec.c | 57 +++-
drivers/acpi/internal.h | 2 +
drivers/acpi/scan.c | 13 +-
drivers/android/binder.c | 4 +-
drivers/block/floppy.c | 6 +-
drivers/bluetooth/btmtksdio.c | 2 +
drivers/bluetooth/hci_bcm.c | 7 +-
drivers/char/mwave/3780i.h | 2 +-
drivers/char/random.c | 19 +-
drivers/char/tpm/tpm_tis_core.c | 8 +
drivers/clk/bcm/clk-bcm2835.c | 13 +-
drivers/clk/clk-si5341.c | 2 +-
drivers/clk/clk-stm32f4.c | 4 -
drivers/clk/imx/clk-imx8mn.c | 6 +-
drivers/clk/meson/gxbb.c | 44 ++-
drivers/cpufreq/cpufreq.c | 4 +-
drivers/crypto/caam/caamalg_qi2.c | 2 +-
drivers/crypto/omap-aes.c | 2 +-
drivers/crypto/qce/sha.c | 2 +-
drivers/crypto/stm32/stm32-crc32.c | 4 +-
drivers/crypto/stm32/stm32-cryp.c | 6 +-
drivers/dma-buf/dma-fence-array.c | 6 +-
drivers/dma/at_xdmac.c | 49 +--
drivers/dma/mmp_pdma.c | 6 -
drivers/dma/pxa_dma.c | 7 -
drivers/dma/stm32-mdma.c | 2 +-
drivers/edac/synopsys_edac.c | 3 +-
drivers/firmware/google/Kconfig | 6 +-
drivers/gpio/gpio-aspeed.c | 52 ++--
drivers/gpio/gpiolib-acpi.c | 15 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 6 +
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 13 +-
drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 14 +-
.../drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 40 ++-
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 1 +
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 +
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 6 +
drivers/gpu/drm/lima/lima_device.c | 1 +
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 +-
drivers/gpu/drm/nouveau/dispnv04/disp.c | 4 +-
drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c | 37 ++-
drivers/gpu/drm/panel/panel-innolux-p079zca.c | 10 +-
drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c | 8 +-
drivers/gpu/drm/radeon/radeon_kms.c | 42 +--
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 80 +++--
drivers/hid/hid-apple.c | 2 +-
drivers/hid/hid-input.c | 6 +
drivers/hid/hid-uclogic-params.c | 31 +-
drivers/hid/uhid.c | 29 +-
drivers/hid/wacom_wac.c | 39 ++-
drivers/hsi/hsi_core.c | 1 +
drivers/i2c/busses/i2c-designware-pcidrv.c | 8 +-
drivers/i2c/busses/i2c-i801.c | 15 +-
drivers/i2c/busses/i2c-mpc.c | 23 +-
drivers/infiniband/core/cma.c | 12 +-
drivers/infiniband/core/device.c | 3 +-
drivers/infiniband/hw/cxgb4/qp.c | 1 +
drivers/infiniband/hw/hns/hns_roce_main.c | 5 +-
drivers/infiniband/sw/rxe/rxe_opcode.c | 2 +-
drivers/iommu/io-pgtable-arm-v7s.c | 6 +-
drivers/iommu/io-pgtable-arm.c | 9 +-
drivers/iommu/iova.c | 3 +-
drivers/md/persistent-data/dm-btree.c | 8 +-
drivers/md/persistent-data/dm-space-map-common.c | 5 +
drivers/media/common/saa7146/saa7146_fops.c | 2 +-
.../media/common/videobuf2/videobuf2-dma-contig.c | 8 +-
drivers/media/dvb-core/dmxdev.c | 18 +-
drivers/media/dvb-frontends/dib8000.c | 4 +-
drivers/media/pci/b2c2/flexcop-pci.c | 3 +
drivers/media/pci/saa7146/hexium_gemini.c | 7 +-
drivers/media/pci/saa7146/hexium_orion.c | 8 +-
drivers/media/pci/saa7146/mxb.c | 8 +-
drivers/media/platform/aspeed-video.c | 14 +-
drivers/media/platform/coda/imx-vdoa.c | 6 +-
drivers/media/platform/imx-pxp.c | 4 +-
.../media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c | 2 +-
drivers/media/platform/qcom/venus/core.c | 8 +-
drivers/media/platform/rcar-vin/rcar-csi2.c | 18 +-
drivers/media/radio/si470x/radio-si470x-i2c.c | 3 +-
drivers/media/rc/igorplugusb.c | 4 +-
drivers/media/rc/mceusb.c | 8 +-
drivers/media/rc/redrat3.c | 22 +-
drivers/media/tuners/msi001.c | 7 +
drivers/media/tuners/si2157.c | 2 +-
drivers/media/usb/b2c2/flexcop-usb.c | 10 +-
drivers/media/usb/b2c2/flexcop-usb.h | 12 +-
drivers/media/usb/cpia2/cpia2_usb.c | 4 +-
drivers/media/usb/dvb-usb/dib0700_core.c | 2 -
drivers/media/usb/dvb-usb/dw2102.c | 338 +++++++++++++--------
drivers/media/usb/dvb-usb/m920x.c | 12 +-
drivers/media/usb/em28xx/em28xx-cards.c | 18 +-
drivers/media/usb/em28xx/em28xx-core.c | 4 +-
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 8 +-
drivers/media/usb/s2255/s2255drv.c | 4 +-
drivers/media/usb/stk1160/stk1160-core.c | 4 +-
drivers/media/usb/uvc/uvcvideo.h | 2 +-
drivers/media/v4l2-core/v4l2-ioctl.c | 4 +-
drivers/misc/lattice-ecp3-config.c | 12 +-
drivers/misc/lkdtm/Makefile | 2 +-
drivers/mmc/core/sdio.c | 4 +-
drivers/mmc/host/meson-mx-sdio.c | 5 +
drivers/mtd/nand/bbt.c | 2 +-
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 37 ++-
drivers/net/bonding/bond_main.c | 6 +-
drivers/net/can/softing/softing_cs.c | 2 +-
drivers/net/can/softing/softing_fw.c | 11 +-
drivers/net/can/xilinx_can.c | 7 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 10 +-
drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | 3 +-
drivers/net/ethernet/cortina/gemini.c | 9 +-
drivers/net/ethernet/freescale/fman/mac.c | 21 +-
drivers/net/ethernet/freescale/xgmac_mdio.c | 3 +-
drivers/net/ethernet/i825xx/sni_82596.c | 3 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 36 +--
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +-
drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c | 6 +-
drivers/net/ethernet/mellanox/mlxsw/pci.c | 1 +
drivers/net/ethernet/rocker/rocker_ofdpa.c | 3 +-
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 10 +-
drivers/net/phy/marvell.c | 6 +
drivers/net/phy/mdio_bus.c | 2 +-
drivers/net/phy/phy-core.c | 2 +-
drivers/net/ppp/ppp_generic.c | 7 +-
drivers/net/usb/mcs7830.c | 12 +-
drivers/net/wireless/ath/ar5523/ar5523.c | 4 +
drivers/net/wireless/ath/ath10k/htt_tx.c | 3 +
drivers/net/wireless/ath/ath10k/txrx.c | 2 -
drivers/net/wireless/ath/ath9k/hif_usb.c | 7 +
drivers/net/wireless/ath/wcn36xx/dxe.c | 5 +
drivers/net/wireless/ath/wcn36xx/smd.c | 4 +-
drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 17 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 17 ++
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 27 ++
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
drivers/net/wireless/marvell/mwifiex/sta_event.c | 8 +-
drivers/net/wireless/marvell/mwifiex/usb.c | 3 +-
drivers/net/wireless/rsi/rsi_91x_main.c | 4 +
drivers/net/wireless/rsi/rsi_91x_usb.c | 9 +-
drivers/net/wireless/rsi/rsi_usb.h | 2 +
drivers/of/base.c | 11 +-
drivers/parisc/pdc_stable.c | 4 +-
drivers/pci/controller/pci-aardvark.c | 4 +-
drivers/pci/controller/pci-mvebu.c | 8 +
drivers/pci/hotplug/pciehp_hpc.c | 7 +-
drivers/pci/msi.c | 26 +-
drivers/pci/pci-bridge-emul.c | 27 +-
drivers/pci/quirks.c | 3 +
drivers/pcmcia/cs.c | 8 +-
drivers/pcmcia/rsrc_nonstatic.c | 6 +
drivers/phy/socionext/phy-uniphier-usb3ss.c | 10 +-
drivers/power/supply/bq25890_charger.c | 4 +-
drivers/regulator/qcom_smd-regulator.c | 100 ++++--
drivers/rpmsg/rpmsg_core.c | 20 +-
drivers/rtc/rtc-cmos.c | 3 +
drivers/rtc/rtc-pxa.c | 4 +
drivers/scsi/lpfc/lpfc.h | 2 +-
drivers/scsi/lpfc/lpfc_attr.c | 62 ++--
drivers/scsi/lpfc/lpfc_hbadisc.c | 8 +-
drivers/scsi/lpfc/lpfc_sli.c | 6 -
drivers/scsi/scsi_debugfs.c | 1 +
drivers/scsi/sr.c | 2 +-
drivers/scsi/sr_vendor.c | 4 +-
drivers/scsi/ufs/tc-dwc-g210-pci.c | 1 -
drivers/scsi/ufs/ufshcd-pltfrm.c | 2 -
drivers/scsi/ufs/ufshcd.c | 7 +
drivers/soc/mediatek/mtk-scpsys.c | 15 +-
drivers/spi/spi-meson-spifc.c | 1 +
drivers/staging/greybus/audio_topology.c | 15 +
drivers/staging/media/hantro/hantro_drv.c | 3 +-
drivers/staging/rtl8192e/rtllib.h | 2 +-
drivers/staging/rtl8192e/rtllib_module.c | 16 +-
drivers/staging/rtl8192e/rtllib_softmac.c | 6 +-
drivers/tee/tee_core.c | 4 +-
drivers/tty/serial/amba-pl010.c | 3 -
drivers/tty/serial/amba-pl011.c | 27 +-
drivers/tty/serial/atmel_serial.c | 14 +
drivers/tty/serial/serial_core.c | 7 +-
drivers/tty/serial/uartlite.c | 2 +-
drivers/uio/uio_dmem_genirq.c | 6 +-
drivers/usb/core/hub.c | 5 +-
drivers/usb/gadget/function/f_fs.c | 4 +-
drivers/usb/host/uhci-platform.c | 3 +-
drivers/usb/misc/ftdi-elan.c | 1 +
drivers/w1/slaves/w1_ds28e04.c | 26 +-
fs/btrfs/backref.c | 21 +-
fs/btrfs/ctree.c | 19 +-
fs/btrfs/inode.c | 11 +
fs/btrfs/qgroup.c | 19 ++
fs/debugfs/file.c | 2 +-
fs/dlm/lock.c | 9 +
fs/ext4/ioctl.c | 2 -
fs/ext4/mballoc.c | 8 +
fs/ext4/migrate.c | 23 +-
fs/ext4/super.c | 25 +-
fs/f2fs/f2fs.h | 11 +
fs/f2fs/gc.c | 3 +
fs/f2fs/segment.h | 3 +-
fs/f2fs/super.c | 44 +++
fs/f2fs/sysfs.c | 4 +-
fs/fuse/file.c | 2 +-
fs/jffs2/file.c | 40 ++-
fs/ubifs/super.c | 1 -
include/acpi/actypes.h | 10 +-
include/linux/hid.h | 2 +
include/linux/mmzone.h | 9 +
include/net/inet_frag.h | 11 +-
include/net/ipv6_frag.h | 3 +-
include/net/sch_generic.h | 5 +
kernel/audit.c | 18 +-
kernel/rcu/tree_exp.h | 1 +
kernel/sched/cputime.c | 4 +-
kernel/sched/rt.c | 23 +-
kernel/trace/trace_kprobe.c | 5 +-
lib/test_meminit.c | 1 +
mm/page_alloc.c | 19 +-
mm/shmem.c | 37 ++-
net/batman-adv/netlink.c | 30 +-
net/bluetooth/cmtp/core.c | 4 +-
net/bluetooth/hci_core.c | 1 +
net/bluetooth/hci_event.c | 8 +-
net/bridge/br_netfilter_hooks.c | 7 +-
net/core/filter.c | 8 +-
net/core/net-sysfs.c | 3 +
net/core/net_namespace.c | 4 +-
net/ipv4/fib_semantics.c | 36 ++-
net/ipv4/inet_fragment.c | 8 +-
net/ipv4/ip_fragment.c | 3 +-
net/ipv4/ip_gre.c | 5 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 5 +-
net/ipv6/ip6_gre.c | 5 +-
net/mac80211/rx.c | 2 +-
net/nfc/llcp_sock.c | 5 +
net/sched/sch_generic.c | 1 +
net/unix/garbage.c | 14 +-
net/unix/scm.c | 6 +-
net/xfrm/xfrm_interface.c | 14 +-
net/xfrm/xfrm_policy.c | 24 +-
net/xfrm/xfrm_user.c | 23 +-
scripts/dtc/dtx_diff | 8 +-
security/selinux/hooks.c | 12 +-
sound/core/jack.c | 3 +
sound/core/oss/pcm_oss.c | 2 +-
sound/core/pcm.c | 6 +-
sound/core/seq/seq_queue.c | 14 +-
sound/pci/hda/hda_codec.c | 3 +
sound/soc/codecs/rt5663.c | 12 +-
sound/soc/mediatek/mt8173/mt8173-max98090.c | 3 +
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | 2 +
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | 2 +
sound/soc/mediatek/mt8173/mt8173-rt5650.c | 2 +
sound/soc/samsung/idma.c | 2 +
sound/soc/uniphier/Kconfig | 2 -
tools/bpf/bpftool/Documentation/Makefile | 1 -
tools/bpf/bpftool/Makefile | 1 -
tools/bpf/bpftool/main.c | 2 +
tools/include/nolibc/nolibc.h | 33 +-
tools/lib/bpf/libbpf.c | 4 +
tools/perf/util/debug.c | 2 +-
316 files changed, 2448 insertions(+), 1053 deletions(-)
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 001/320] HID: uhid: Fix worker destroying device without any protection
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 002/320] HID: wacom: Reset expected and received contact counts at the same time Greg Kroah-Hartman
` (323 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jann Horn, Jiri Kosina
From: Jann Horn <jannh@google.com>
commit 4ea5763fb79ed89b3bdad455ebf3f33416a81624 upstream.
uhid has to run hid_add_device() from workqueue context while allowing
parallel use of the userspace API (which is protected with ->devlock).
But hid_add_device() can fail. Currently, that is handled by immediately
destroying the associated HID device, without using ->devlock - but if
there are concurrent requests from userspace, that's wrong and leads to
NULL dereferences and/or memory corruption (via use-after-free).
Fix it by leaving the HID device as-is in the worker. We can clean it up
later, either in the UHID_DESTROY command handler or in the ->release()
handler.
Cc: stable@vger.kernel.org
Fixes: 67f8ecc550b5 ("HID: uhid: fix timeout when probe races with IO")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/uhid.c | 29 +++++++++++++++++++++++++----
1 file changed, 25 insertions(+), 4 deletions(-)
--- a/drivers/hid/uhid.c
+++ b/drivers/hid/uhid.c
@@ -28,11 +28,22 @@
struct uhid_device {
struct mutex devlock;
+
+ /* This flag tracks whether the HID device is usable for commands from
+ * userspace. The flag is already set before hid_add_device(), which
+ * runs in workqueue context, to allow hid_add_device() to communicate
+ * with userspace.
+ * However, if hid_add_device() fails, the flag is cleared without
+ * holding devlock.
+ * We guarantee that if @running changes from true to false while you're
+ * holding @devlock, it's still fine to access @hid.
+ */
bool running;
__u8 *rd_data;
uint rd_size;
+ /* When this is NULL, userspace may use UHID_CREATE/UHID_CREATE2. */
struct hid_device *hid;
struct uhid_event input_buf;
@@ -63,9 +74,18 @@ static void uhid_device_add_worker(struc
if (ret) {
hid_err(uhid->hid, "Cannot register HID device: error %d\n", ret);
- hid_destroy_device(uhid->hid);
- uhid->hid = NULL;
+ /* We used to call hid_destroy_device() here, but that's really
+ * messy to get right because we have to coordinate with
+ * concurrent writes from userspace that might be in the middle
+ * of using uhid->hid.
+ * Just leave uhid->hid as-is for now, and clean it up when
+ * userspace tries to close or reinitialize the uhid instance.
+ *
+ * However, we do have to clear the ->running flag and do a
+ * wakeup to make sure userspace knows that the device is gone.
+ */
uhid->running = false;
+ wake_up_interruptible(&uhid->report_wait);
}
}
@@ -474,7 +494,7 @@ static int uhid_dev_create2(struct uhid_
void *rd_data;
int ret;
- if (uhid->running)
+ if (uhid->hid)
return -EALREADY;
rd_size = ev->u.create2.rd_size;
@@ -556,7 +576,7 @@ static int uhid_dev_create(struct uhid_d
static int uhid_dev_destroy(struct uhid_device *uhid)
{
- if (!uhid->running)
+ if (!uhid->hid)
return -EINVAL;
uhid->running = false;
@@ -565,6 +585,7 @@ static int uhid_dev_destroy(struct uhid_
cancel_work_sync(&uhid->worker);
hid_destroy_device(uhid->hid);
+ uhid->hid = NULL;
kfree(uhid->rd_data);
return 0;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 002/320] HID: wacom: Reset expected and received contact counts at the same time
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 001/320] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 003/320] HID: wacom: Ignore the confidence flag when a touch is removed Greg Kroah-Hartman
` (322 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Ping Cheng, Jiri Kosina
From: Jason Gerecke <killertofu@gmail.com>
commit 546e41ac994cc185ef3de610ca849a294b5df3ba upstream.
These two values go hand-in-hand and must be valid for the driver to
behave correctly. We are currently lazy about updating the values and
rely on the "expected" code flow to take care of making sure they're
valid at the point they're needed. The "expected" flow changed somewhat
with commit f8b6a74719b5 ("HID: wacom: generic: Support multiple tools
per report"), however. This led to problems with the DTH-2452 due (in
part) to *all* contacts being fully processed -- even those past the
expected contact count. Specifically, the received count gets reset to
0 once all expected fingers are processed, but not the expected count.
The rest of the contacts in the report are then *also* processed since
now the driver thinks we've only processed 0 of N expected contacts.
Later commits such as 7fb0413baa7f (HID: wacom: Use "Confidence" flag to
prevent reporting invalid contacts) worked around the DTH-2452 issue by
skipping the invalid contacts at the end of the report, but this is not
a complete fix. The confidence flag cannot be relied on when a contact
is removed (see the following patch), and dealing with that condition
re-introduces the DTH-2452 issue unless we also address this contact
count laziness. By resetting expected and received counts at the same
time we ensure the driver understands that there are 0 more contacts
expected in the report. Similarly, we also make sure to reset the
received count if for some reason we're out of sync in the pre-report
phase.
Link: https://github.com/linuxwacom/input-wacom/issues/288
Fixes: f8b6a74719b5 ("HID: wacom: generic: Support multiple tools per report")
CC: stable@vger.kernel.org
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2664,11 +2664,14 @@ static void wacom_wac_finger_pre_report(
hid_data->cc_index >= 0) {
struct hid_field *field = report->field[hid_data->cc_index];
int value = field->value[hid_data->cc_value_index];
- if (value)
+ if (value) {
hid_data->num_expected = value;
+ hid_data->num_received = 0;
+ }
}
else {
hid_data->num_expected = wacom_wac->features.touch_max;
+ hid_data->num_received = 0;
}
}
@@ -2692,6 +2695,7 @@ static void wacom_wac_finger_report(stru
input_sync(input);
wacom_wac->hid_data.num_received = 0;
+ wacom_wac->hid_data.num_expected = 0;
/* keep touch state for pen event */
wacom_wac->shared->touch_down = wacom_wac_finger_count_touches(wacom_wac);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 003/320] HID: wacom: Ignore the confidence flag when a touch is removed
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 001/320] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 002/320] HID: wacom: Reset expected and received contact counts at the same time Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 004/320] HID: wacom: Avoid using stale array indicies to read contact count Greg Kroah-Hartman
` (321 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Ping Cheng, Jiri Kosina
From: Jason Gerecke <killertofu@gmail.com>
commit df03e9bd6d4806619b4cdc91a3d7695818a8e2b7 upstream.
AES hardware may internally re-classify a contact that it thought was
intentional as a palm. Intentional contacts are reported as "down" with
the confidence bit set. When this re-classification occurs, however, the
state transitions to "up" with the confidence bit cleared. This kind of
transition appears to be legal according to Microsoft docs, but we do
not handle it correctly. Because the confidence bit is clear, we don't
call `wacom_wac_finger_slot` and update userspace. This causes hung
touches that confuse userspace and interfere with pen arbitration.
This commit adds a special case to ignore the confidence flag if a contact
is reported as removed. This ensures we do not leave a hung touch if one
of these re-classification events occured. Ideally we'd have some way to
also let userspace know that the touch has been re-classified as a palm
and needs to be canceled, but that's not possible right now :)
Link: https://github.com/linuxwacom/input-wacom/issues/288
Fixes: 7fb0413baa7f (HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts)
CC: stable@vger.kernel.org
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2566,6 +2566,24 @@ static void wacom_wac_finger_slot(struct
}
}
+static bool wacom_wac_slot_is_active(struct input_dev *dev, int key)
+{
+ struct input_mt *mt = dev->mt;
+ struct input_mt_slot *s;
+
+ if (!mt)
+ return false;
+
+ for (s = mt->slots; s != mt->slots + mt->num_slots; s++) {
+ if (s->key == key &&
+ input_mt_get_value(s, ABS_MT_TRACKING_ID) >= 0) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
static void wacom_wac_finger_event(struct hid_device *hdev,
struct hid_field *field, struct hid_usage *usage, __s32 value)
{
@@ -2613,9 +2631,14 @@ static void wacom_wac_finger_event(struc
}
if (usage->usage_index + 1 == field->report_count) {
- if (equivalent_usage == wacom_wac->hid_data.last_slot_field &&
- wacom_wac->hid_data.confidence)
- wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input);
+ if (equivalent_usage == wacom_wac->hid_data.last_slot_field) {
+ bool touch_removed = wacom_wac_slot_is_active(wacom_wac->touch_input,
+ wacom_wac->hid_data.id) && !wacom_wac->hid_data.tipswitch;
+
+ if (wacom_wac->hid_data.confidence || touch_removed) {
+ wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input);
+ }
+ }
}
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 004/320] HID: wacom: Avoid using stale array indicies to read contact count
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 003/320] HID: wacom: Ignore the confidence flag when a touch is removed Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 005/320] f2fs: fix to do sanity check in is_alive() Greg Kroah-Hartman
` (320 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Gerecke, Ping Cheng, Jiri Kosina
From: Jason Gerecke <killertofu@gmail.com>
commit 20f3cf5f860f9f267a6a6e5642d3d0525edb1814 upstream.
If we ever see a touch report with contact count data we initialize
several variables used to read the contact count in the pre-report
phase. These variables are never reset if we process a report which
doesn't contain a contact count, however. This can cause the pre-
report function to trigger a read of arbitrary memory (e.g. NULL
if we're lucky) and potentially crash the driver.
This commit restores resetting of the variables back to default
"none" values that were used prior to the commit mentioned
below.
Link: https://github.com/linuxwacom/input-wacom/issues/276
Fixes: 003f50ab673c (HID: wacom: Update last_slot_field during pre_report phase)
CC: stable@vger.kernel.org
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2654,6 +2654,10 @@ static void wacom_wac_finger_pre_report(
hid_data->confidence = true;
+ hid_data->cc_report = 0;
+ hid_data->cc_index = -1;
+ hid_data->cc_value_index = -1;
+
for (i = 0; i < report->maxfield; i++) {
struct hid_field *field = report->field[i];
int j;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 005/320] f2fs: fix to do sanity check in is_alive()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 004/320] HID: wacom: Avoid using stale array indicies to read contact count Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 006/320] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() Greg Kroah-Hartman
` (319 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 77900c45ee5cd5da63bd4d818a41dbdf367e81cd upstream.
In fuzzed image, SSA table may indicate that a data block belongs to
invalid node, which node ID is out-of-range (0, 1, 2 or max_nid), in
order to avoid migrating inconsistent data in such corrupted image,
let's do sanity check anyway before data block migration.
Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/gc.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/f2fs/gc.c
+++ b/fs/f2fs/gc.c
@@ -633,6 +633,9 @@ static bool is_alive(struct f2fs_sb_info
set_sbi_flag(sbi, SBI_NEED_FSCK);
}
+ if (f2fs_check_nid_range(sbi, dni->ino))
+ return false;
+
*nofs = ofs_of_node(node_page);
source_blkaddr = datablock_addr(NULL, node_page, ofs_in_node);
f2fs_put_page(node_page, 1);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 006/320] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 005/320] f2fs: fix to do sanity check in is_alive() Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 007/320] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings Greg Kroah-Hartman
` (318 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, David S. Miller,
syzbot+7f23bcddf626e0593a39
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
commit dded08927ca3c31a5c37f8e7f95fe98770475dd4 upstream.
Syzbot detected a NULL pointer dereference of nfc_llcp_sock->dev pointer
(which is a 'struct nfc_dev *') with calls to llcp_sock_sendmsg() after
a failed llcp_sock_bind(). The message being sent is a SOCK_DGRAM.
KASAN report:
BUG: KASAN: null-ptr-deref in nfc_alloc_send_skb+0x2d/0xc0
Read of size 4 at addr 00000000000005c8 by task llcp_sock_nfc_a/899
CPU: 5 PID: 899 Comm: llcp_sock_nfc_a Not tainted 5.16.0-rc6-next-20211224-00001-gc6437fbf18b0 #125
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x45/0x59
? nfc_alloc_send_skb+0x2d/0xc0
__kasan_report.cold+0x117/0x11c
? mark_lock+0x480/0x4f0
? nfc_alloc_send_skb+0x2d/0xc0
kasan_report+0x38/0x50
nfc_alloc_send_skb+0x2d/0xc0
nfc_llcp_send_ui_frame+0x18c/0x2a0
? nfc_llcp_send_i_frame+0x230/0x230
? __local_bh_enable_ip+0x86/0xe0
? llcp_sock_connect+0x470/0x470
? llcp_sock_connect+0x470/0x470
sock_sendmsg+0x8e/0xa0
____sys_sendmsg+0x253/0x3f0
...
The issue was visible only with multiple simultaneous calls to bind() and
sendmsg(), which resulted in most of the bind() calls to fail. The
bind() was failing on checking if there is available WKS/SDP/SAP
(respective bit in 'struct nfc_llcp_local' fields). When there was no
available WKS/SDP/SAP, the bind returned error but the sendmsg() to such
socket was able to trigger mentioned NULL pointer dereference of
nfc_llcp_sock->dev.
The code looks simply racy and currently it protects several paths
against race with checks for (!nfc_llcp_sock->local) which is NULL-ified
in error paths of bind(). The llcp_sock_sendmsg() did not have such
check but called function nfc_llcp_send_ui_frame() had, although not
protected with lock_sock().
Therefore the race could look like (same socket is used all the time):
CPU0 CPU1
==== ====
llcp_sock_bind()
- lock_sock()
- success
- release_sock()
- return 0
llcp_sock_sendmsg()
- lock_sock()
- release_sock()
llcp_sock_bind(), same socket
- lock_sock()
- error
- nfc_llcp_send_ui_frame()
- if (!llcp_sock->local)
- llcp_sock->local = NULL
- nfc_put_device(dev)
- dereference llcp_sock->dev
- release_sock()
- return -ERRNO
The nfc_llcp_send_ui_frame() checked llcp_sock->local outside of the
lock, which is racy and ineffective check. Instead, its caller
llcp_sock_sendmsg(), should perform the check inside lock_sock().
Reported-and-tested-by: syzbot+7f23bcddf626e0593a39@syzkaller.appspotmail.com
Fixes: b874dec21d1c ("NFC: Implement LLCP connection less Tx path")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/llcp_sock.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -789,6 +789,11 @@ static int llcp_sock_sendmsg(struct sock
lock_sock(sk);
+ if (!llcp_sock->local) {
+ release_sock(sk);
+ return -ENODEV;
+ }
+
if (sk->sk_type == SOCK_DGRAM) {
DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr,
msg->msg_name);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 007/320] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 006/320] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 20:41 ` Pavel Machek
2022-01-24 18:39 ` [PATCH 5.4 008/320] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 Greg Kroah-Hartman
` (317 subsequent siblings)
324 siblings, 1 reply; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Riedmueller, Christian Eggers,
Han Xu, Miquel Raynal
From: Christian Eggers <ceggers@arri.de>
commit f53d4c109a666bf1a4883b45d546fba079258717 upstream.
gpmi_io clock needs to be gated off when changing the parent/dividers of
enfc_clk_root (i.MX6Q/i.MX6UL) respectively qspi2_clk_root (i.MX6SX).
Otherwise this rate change can lead to an unresponsive GPMI core which
results in DMA timeouts and failed driver probe:
[ 4.072318] gpmi-nand 112000.gpmi-nand: DMA timeout, last DMA
...
[ 4.370355] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -110
...
[ 4.375988] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -22
[ 4.381524] gpmi-nand 112000.gpmi-nand: Error in ECC-based read: -22
[ 4.387988] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -22
[ 4.393535] gpmi-nand 112000.gpmi-nand: Chip: 0, Error -22
...
Other than stated in i.MX 6 erratum ERR007117, it should be sufficient
to gate only gpmi_io because all other bch/nand clocks are derived from
different clock roots.
The i.MX6 reference manuals state that changing clock muxers can cause
glitches but are silent about changing dividers. But tests showed that
these glitches can definitely happen on i.MX6ULL. For i.MX7D/8MM in turn,
the manual guarantees that no glitches can happen when changing
dividers.
Co-developed-by: Stefan Riedmueller <s.riedmueller@phytec.de>
Signed-off-by: Stefan Riedmueller <s.riedmueller@phytec.de>
Signed-off-by: Christian Eggers <ceggers@arri.de>
Cc: stable@vger.kernel.org
Acked-by: Han Xu <han.xu@nxp.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211102202022.15551-2-ceggers@arri.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
--- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
@@ -710,14 +710,32 @@ static void gpmi_nfc_compute_timings(str
(use_half_period ? BM_GPMI_CTRL1_HALF_PERIOD : 0);
}
-static void gpmi_nfc_apply_timings(struct gpmi_nand_data *this)
+static int gpmi_nfc_apply_timings(struct gpmi_nand_data *this)
{
struct gpmi_nfc_hardware_timing *hw = &this->hw;
struct resources *r = &this->resources;
void __iomem *gpmi_regs = r->gpmi_regs;
unsigned int dll_wait_time_us;
+ int ret;
+
+ /* Clock dividers do NOT guarantee a clean clock signal on its output
+ * during the change of the divide factor on i.MX6Q/UL/SX. On i.MX7/8,
+ * all clock dividers provide these guarantee.
+ */
+ if (GPMI_IS_MX6Q(this) || GPMI_IS_MX6SX(this))
+ clk_disable_unprepare(r->clock[0]);
+
+ ret = clk_set_rate(r->clock[0], hw->clk_rate);
+ if (ret) {
+ dev_err(this->dev, "cannot set clock rate to %lu Hz: %d\n", hw->clk_rate, ret);
+ return ret;
+ }
- clk_set_rate(r->clock[0], hw->clk_rate);
+ if (GPMI_IS_MX6Q(this) || GPMI_IS_MX6SX(this)) {
+ ret = clk_prepare_enable(r->clock[0]);
+ if (ret)
+ return ret;
+ }
writel(hw->timing0, gpmi_regs + HW_GPMI_TIMING0);
writel(hw->timing1, gpmi_regs + HW_GPMI_TIMING1);
@@ -736,6 +754,8 @@ static void gpmi_nfc_apply_timings(struc
/* Wait for the DLL to settle. */
udelay(dll_wait_time_us);
+
+ return 0;
}
static int gpmi_setup_data_interface(struct nand_chip *chip, int chipnr,
@@ -2429,7 +2449,9 @@ static int gpmi_nfc_exec_op(struct nand_
*/
if (this->hw.must_apply_timings) {
this->hw.must_apply_timings = false;
- gpmi_nfc_apply_timings(this);
+ ret = gpmi_nfc_apply_timings(this);
+ if (ret)
+ return ret;
}
dev_dbg(this->dev, "%s: %d instructions\n", __func__, op->ninstrs);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 008/320] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 007/320] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 009/320] x86/gpu: Reserve stolen memory for first integrated Intel GPU Greg Kroah-Hartman
` (316 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Riedmueller, Han Xu, Miquel Raynal
From: Stefan Riedmueller <s.riedmueller@phytec.de>
commit aa1baa0e6c1aa4872e481dce4fc7fd6f3dd8496b upstream.
There is no need to explicitly set the default gpmi clock rate during
boot for the i.MX 6 since this is done during nand_detect anyway.
Signed-off-by: Stefan Riedmueller <s.riedmueller@phytec.de>
Cc: stable@vger.kernel.org
Acked-by: Han Xu <han.xu@nxp.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211102202022.15551-1-ceggers@arri.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 9 ---------
1 file changed, 9 deletions(-)
--- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
@@ -1204,15 +1204,6 @@ static int gpmi_get_clks(struct gpmi_nan
r->clock[i] = clk;
}
- if (GPMI_IS_MX6(this))
- /*
- * Set the default value for the gpmi clock.
- *
- * If you want to use the ONFI nand which is in the
- * Synchronous Mode, you should change the clock as you need.
- */
- clk_set_rate(r->clock[0], 22000000);
-
return 0;
err_clock:
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 009/320] x86/gpu: Reserve stolen memory for first integrated Intel GPU
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 008/320] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 010/320] tools/nolibc: x86-64: Fix startup code bug Greg Kroah-Hartman
` (315 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lucas De Marchi, Bjorn Helgaas
From: Lucas De Marchi <lucas.demarchi@intel.com>
commit 9c494ca4d3a535f9ca11ad6af1813983c1c6cbdd upstream.
"Stolen memory" is memory set aside for use by an Intel integrated GPU.
The intel_graphics_quirks() early quirk reserves this memory when it is
called for a GPU that appears in the intel_early_ids[] table of integrated
GPUs.
Previously intel_graphics_quirks() was marked as QFLAG_APPLY_ONCE, so it
was called only for the first Intel GPU found. If a discrete GPU happened
to be enumerated first, intel_graphics_quirks() was called for it but not
for any integrated GPU found later. Therefore, stolen memory for such an
integrated GPU was never reserved.
For example, this problem occurs in this Alderlake-P (integrated) + DG2
(discrete) topology where the DG2 is found first, but stolen memory is
associated with the integrated GPU:
- 00:01.0 Bridge
`- 03:00.0 DG2 discrete GPU
- 00:02.0 Integrated GPU (with stolen memory)
Remove the QFLAG_APPLY_ONCE flag and call intel_graphics_quirks() for every
Intel GPU. Reserve stolen memory for the first GPU that appears in
intel_early_ids[].
[bhelgaas: commit log, add code comment, squash in
https://lore.kernel.org/r/20220118190558.2ququ4vdfjuahicm@ldmartin-desk2]
Link: https://lore.kernel.org/r/20220114002843.2083382-1-lucas.demarchi@intel.com
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/early-quirks.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -515,6 +515,7 @@ static const struct intel_early_ops gen1
.stolen_size = gen9_stolen_size,
};
+/* Intel integrated GPUs for which we need to reserve "stolen memory" */
static const struct pci_device_id intel_early_ids[] __initconst = {
INTEL_I830_IDS(&i830_early_ops),
INTEL_I845G_IDS(&i845_early_ops),
@@ -587,6 +588,13 @@ static void __init intel_graphics_quirks
u16 device;
int i;
+ /*
+ * Reserve "stolen memory" for an integrated GPU. If we've already
+ * found one, there's nothing to do for other (discrete) GPUs.
+ */
+ if (resource_size(&intel_graphics_stolen_res))
+ return;
+
device = read_pci_config_16(num, slot, func, PCI_DEVICE_ID);
for (i = 0; i < ARRAY_SIZE(intel_early_ids); i++) {
@@ -699,7 +707,7 @@ static struct chipset early_qrk[] __init
{ PCI_VENDOR_ID_INTEL, 0x3406, PCI_CLASS_BRIDGE_HOST,
PCI_BASE_CLASS_BRIDGE, 0, intel_remapping_check },
{ PCI_VENDOR_ID_INTEL, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA, PCI_ANY_ID,
- QFLAG_APPLY_ONCE, intel_graphics_quirks },
+ 0, intel_graphics_quirks },
/*
* HPET on the current version of the Baytrail platform has accuracy
* problems: it will halt in deep idle state - so we disable it.
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 010/320] tools/nolibc: x86-64: Fix startup code bug
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 009/320] x86/gpu: Reserve stolen memory for first integrated Intel GPU Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 011/320] tools/nolibc: i386: fix initial stack alignment Greg Kroah-Hartman
` (314 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bedirhan KURT, Louvian Lyndal,
Peter Cordes, Ammar Faizi, Willy Tarreau, Paul E. McKenney
From: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
commit 937ed91c712273131de6d2a02caafd3ee84e0c72 upstream.
Before this patch, the `_start` function looks like this:
```
0000000000001170 <_start>:
1170: pop %rdi
1171: mov %rsp,%rsi
1174: lea 0x8(%rsi,%rdi,8),%rdx
1179: and $0xfffffffffffffff0,%rsp
117d: sub $0x8,%rsp
1181: call 1000 <main>
1186: movzbq %al,%rdi
118a: mov $0x3c,%rax
1191: syscall
1193: hlt
1194: data16 cs nopw 0x0(%rax,%rax,1)
119f: nop
```
Note the "and" to %rsp with $-16, it makes the %rsp be 16-byte aligned,
but then there is a "sub" with $0x8 which makes the %rsp no longer
16-byte aligned, then it calls main. That's the bug!
What actually the x86-64 System V ABI mandates is that right before the
"call", the %rsp must be 16-byte aligned, not after the "call". So the
"sub" with $0x8 here breaks the alignment. Remove it.
An example where this rule matters is when the callee needs to align
its stack at 16-byte for aligned move instruction, like `movdqa` and
`movaps`. If the callee can't align its stack properly, it will result
in segmentation fault.
x86-64 System V ABI also mandates the deepest stack frame should be
zero. Just to be safe, let's zero the %rbp on startup as the content
of %rbp may be unspecified when the program starts. Now it looks like
this:
```
0000000000001170 <_start>:
1170: pop %rdi
1171: mov %rsp,%rsi
1174: lea 0x8(%rsi,%rdi,8),%rdx
1179: xor %ebp,%ebp # zero the %rbp
117b: and $0xfffffffffffffff0,%rsp # align the %rsp
117f: call 1000 <main>
1184: movzbq %al,%rdi
1188: mov $0x3c,%rax
118f: syscall
1191: hlt
1192: data16 cs nopw 0x0(%rax,%rax,1)
119d: nopl (%rax)
```
Cc: Bedirhan KURT <windowz414@gnuweeb.org>
Cc: Louvian Lyndal <louvianlyndal@gmail.com>
Reported-by: Peter Cordes <peter@cordes.ca>
Signed-off-by: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
[wt: I did this on purpose due to a misunderstanding of the spec, other
archs will thus have to be rechecked, particularly i386]
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/nolibc/nolibc.h | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/tools/include/nolibc/nolibc.h
+++ b/tools/include/nolibc/nolibc.h
@@ -422,14 +422,20 @@ struct stat {
})
/* startup code */
+/*
+ * x86-64 System V ABI mandates:
+ * 1) %rsp must be 16-byte aligned right before the function call.
+ * 2) The deepest stack frame should be zero (the %rbp).
+ *
+ */
asm(".section .text\n"
".global _start\n"
"_start:\n"
"pop %rdi\n" // argc (first arg, %rdi)
"mov %rsp, %rsi\n" // argv[] (second arg, %rsi)
"lea 8(%rsi,%rdi,8),%rdx\n" // then a NULL then envp (third arg, %rdx)
- "and $-16, %rsp\n" // x86 ABI : esp must be 16-byte aligned when
- "sub $8, %rsp\n" // entering the callee
+ "xor %ebp, %ebp\n" // zero the stack frame
+ "and $-16, %rsp\n" // x86 ABI : esp must be 16-byte aligned before call
"call main\n" // main() returns the status code, we'll exit with it.
"movzb %al, %rdi\n" // retrieve exit code from 8 lower bits
"mov $60, %rax\n" // NR_exit == 60
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 011/320] tools/nolibc: i386: fix initial stack alignment
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 010/320] tools/nolibc: x86-64: Fix startup code bug Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 012/320] tools/nolibc: fix incorrect truncation of exit code Greg Kroah-Hartman
` (313 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ammar Faizi, Willy Tarreau, Paul E. McKenney
From: Willy Tarreau <w@1wt.eu>
commit ebbe0d8a449d183fa43b42d84fcb248e25303985 upstream.
After re-checking in the spec and comparing stack offsets with glibc,
The last pushed argument must be 16-byte aligned (i.e. aligned before the
call) so that in the callee esp+4 is multiple of 16, so the principle is
the 32-bit equivalent to what Ammar fixed for x86_64. It's possible that
32-bit code using SSE2 or MMX could have been affected. In addition the
frame pointer ought to be zero at the deepest level.
Link: https://gitlab.com/x86-psABIs/i386-ABI/-/wikis/Intel386-psABI
Cc: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/nolibc/nolibc.h | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/tools/include/nolibc/nolibc.h
+++ b/tools/include/nolibc/nolibc.h
@@ -606,13 +606,21 @@ struct sys_stat_struct {
})
/* startup code */
+/*
+ * i386 System V ABI mandates:
+ * 1) last pushed argument must be 16-byte aligned.
+ * 2) The deepest stack frame should be set to zero
+ *
+ */
asm(".section .text\n"
".global _start\n"
"_start:\n"
"pop %eax\n" // argc (first arg, %eax)
"mov %esp, %ebx\n" // argv[] (second arg, %ebx)
"lea 4(%ebx,%eax,4),%ecx\n" // then a NULL then envp (third arg, %ecx)
- "and $-16, %esp\n" // x86 ABI : esp must be 16-byte aligned when
+ "xor %ebp, %ebp\n" // zero the stack frame
+ "and $-16, %esp\n" // x86 ABI : esp must be 16-byte aligned before
+ "sub $4, %esp\n" // the call instruction (args are aligned)
"push %ecx\n" // push all registers on the stack so that we
"push %ebx\n" // support both regparm and plain stack modes
"push %eax\n"
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 012/320] tools/nolibc: fix incorrect truncation of exit code
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 011/320] tools/nolibc: i386: fix initial stack alignment Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 013/320] rtc: cmos: take rtc_lock while reading from CMOS Greg Kroah-Hartman
` (312 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ammar Faizi, Willy Tarreau, Paul E. McKenney
From: Willy Tarreau <w@1wt.eu>
commit de0244ae40ae91145faaf164a4252347607c3711 upstream.
Ammar Faizi reported that our exit code handling is wrong. We truncate
it to the lowest 8 bits but the syscall itself is expected to take a
regular 32-bit signed integer, not an unsigned char. It's the kernel
that later truncates it to the lowest 8 bits. The difference is visible
in strace, where the program below used to show exit(255) instead of
exit(-1):
int main(void)
{
return -1;
}
This patch applies the fix to all archs. x86_64, i386, arm64, armv7 and
mips were all tested and confirmed to work fine now. Risc-v was not
tested but the change is trivial and exactly the same as for other archs.
Reported-by: Ammar Faizi <ammar.faizi@students.amikom.ac.id>
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/nolibc/nolibc.h | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
--- a/tools/include/nolibc/nolibc.h
+++ b/tools/include/nolibc/nolibc.h
@@ -437,7 +437,7 @@ asm(".section .text\n"
"xor %ebp, %ebp\n" // zero the stack frame
"and $-16, %rsp\n" // x86 ABI : esp must be 16-byte aligned before call
"call main\n" // main() returns the status code, we'll exit with it.
- "movzb %al, %rdi\n" // retrieve exit code from 8 lower bits
+ "mov %eax, %edi\n" // retrieve exit code (32 bit)
"mov $60, %rax\n" // NR_exit == 60
"syscall\n" // really exit
"hlt\n" // ensure it does not return
@@ -625,9 +625,9 @@ asm(".section .text\n"
"push %ebx\n" // support both regparm and plain stack modes
"push %eax\n"
"call main\n" // main() returns the status code in %eax
- "movzbl %al, %ebx\n" // retrieve exit code from lower 8 bits
- "movl $1, %eax\n" // NR_exit == 1
- "int $0x80\n" // exit now
+ "mov %eax, %ebx\n" // retrieve exit code (32-bit int)
+ "movl $1, %eax\n" // NR_exit == 1
+ "int $0x80\n" // exit now
"hlt\n" // ensure it does not
"");
@@ -811,7 +811,6 @@ asm(".section .text\n"
"and %r3, %r1, $-8\n" // AAPCS : sp must be 8-byte aligned in the
"mov %sp, %r3\n" // callee, an bl doesn't push (lr=pc)
"bl main\n" // main() returns the status code, we'll exit with it.
- "and %r0, %r0, $0xff\n" // limit exit code to 8 bits
"movs r7, $1\n" // NR_exit == 1
"svc $0x00\n"
"");
@@ -1008,7 +1007,6 @@ asm(".section .text\n"
"add x2, x2, x1\n" // + argv
"and sp, x1, -16\n" // sp must be 16-byte aligned in the callee
"bl main\n" // main() returns the status code, we'll exit with it.
- "and x0, x0, 0xff\n" // limit exit code to 8 bits
"mov x8, 93\n" // NR_exit == 93
"svc #0\n"
"");
@@ -1213,7 +1211,7 @@ asm(".section .text\n"
"addiu $sp,$sp,-16\n" // the callee expects to save a0..a3 there!
"jal main\n" // main() returns the status code, we'll exit with it.
"nop\n" // delayed slot
- "and $a0, $v0, 0xff\n" // limit exit code to 8 bits
+ "move $a0, $v0\n" // retrieve 32-bit exit code from v0
"li $v0, 4001\n" // NR_exit == 4001
"syscall\n"
".end __start\n"
@@ -1411,7 +1409,6 @@ asm(".section .text\n"
"add a2,a2,a1\n" // + argv
"andi sp,a1,-16\n" // sp must be 16-byte aligned
"call main\n" // main() returns the status code, we'll exit with it.
- "andi a0, a0, 0xff\n" // limit exit code to 8 bits
"li a7, 93\n" // NR_exit == 93
"ecall\n"
"");
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 013/320] rtc: cmos: take rtc_lock while reading from CMOS
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 012/320] tools/nolibc: fix incorrect truncation of exit code Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 014/320] media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE Greg Kroah-Hartman
` (311 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mateusz Jończyk,
Nobuhiro Iwamatsu, Alessandro Zummo, Alexandre Belloni
From: Mateusz Jończyk <mat.jonczyk@o2.pl>
commit 454f47ff464325223129b9b5b8d0b61946ec704d upstream.
Reading from the CMOS involves writing to the index register and then
reading from the data register. Therefore access to the CMOS has to be
serialized with rtc_lock. This invocation of CMOS_READ was not
serialized, which could cause trouble when other code is accessing CMOS
at the same time.
Use spin_lock_irq() like the rest of the function.
Nothing in kernel modifies the RTC_DM_BINARY bit, so there could be a
separate pair of spin_lock_irq() / spin_unlock_irq() before doing the
math.
Signed-off-by: Mateusz Jończyk <mat.jonczyk@o2.pl>
Reviewed-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: stable@vger.kernel.org
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20211210200131.153887-2-mat.jonczyk@o2.pl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-cmos.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -463,7 +463,10 @@ static int cmos_set_alarm(struct device
min = t->time.tm_min;
sec = t->time.tm_sec;
+ spin_lock_irq(&rtc_lock);
rtc_control = CMOS_READ(RTC_CONTROL);
+ spin_unlock_irq(&rtc_lock);
+
if (!(rtc_control & RTC_DM_BINARY) || RTC_ALWAYS_BCD) {
/* Writing 0xff means "don't care" or "match all". */
mon = (mon <= 12) ? bin2bcd(mon) : 0xff;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 014/320] media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 013/320] rtc: cmos: take rtc_lock while reading from CMOS Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 015/320] media: flexcop-usb: fix control-message timeouts Greg Kroah-Hartman
` (310 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
commit cd9d9377ed235b294a492a094e1666178a5e78fd upstream.
If V4L2_CAP_READWRITE is not set, then readbuffers must be set to 0,
otherwise v4l2-compliance will complain.
A note on the Fixes tag below: this patch does not really fix that commit,
but it can be applied from that commit onwards. For older code there is no
guarantee that device_caps is set, so even though this patch would apply,
it will not work reliably.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Fixes: 049e684f2de9 (media: v4l2-dev: fix WARN_ON(!vdev->device_caps))
Cc: <stable@vger.kernel.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/v4l2-core/v4l2-ioctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/media/v4l2-core/v4l2-ioctl.c
+++ b/drivers/media/v4l2-core/v4l2-ioctl.c
@@ -2046,6 +2046,7 @@ static int v4l_prepare_buf(const struct
static int v4l_g_parm(const struct v4l2_ioctl_ops *ops,
struct file *file, void *fh, void *arg)
{
+ struct video_device *vfd = video_devdata(file);
struct v4l2_streamparm *p = arg;
v4l2_std_id std;
int ret = check_fmt(file, p->type);
@@ -2057,7 +2058,8 @@ static int v4l_g_parm(const struct v4l2_
if (p->type != V4L2_BUF_TYPE_VIDEO_CAPTURE &&
p->type != V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE)
return -EINVAL;
- p->parm.capture.readbuffers = 2;
+ if (vfd->device_caps & V4L2_CAP_READWRITE)
+ p->parm.capture.readbuffers = 2;
ret = ops->vidioc_g_std(file, fh, &std);
if (ret == 0)
v4l2_video_std_frame_period(std, &p->parm.capture.timeperframe);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 015/320] media: flexcop-usb: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 014/320] media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE Greg Kroah-Hartman
@ 2022-01-24 18:39 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 016/320] media: mceusb: " Greg Kroah-Hartman
` (309 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:39 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit cd1798a387825cc4a51282f5a611ad05bb1ad75f upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Note that the driver was multiplying some of the timeout values with HZ
twice resulting in 3000-second timeouts with HZ=1000.
Also note that two of the timeout defines are currently unused.
Fixes: 2154be651b90 ("[media] redrat3: new rc-core IR transceiver device driver")
Cc: stable@vger.kernel.org # 3.0
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/b2c2/flexcop-usb.c | 10 +++++-----
drivers/media/usb/b2c2/flexcop-usb.h | 12 ++++++------
2 files changed, 11 insertions(+), 11 deletions(-)
--- a/drivers/media/usb/b2c2/flexcop-usb.c
+++ b/drivers/media/usb/b2c2/flexcop-usb.c
@@ -87,7 +87,7 @@ static int flexcop_usb_readwrite_dw(stru
0,
fc_usb->data,
sizeof(u32),
- B2C2_WAIT_FOR_OPERATION_RDW * HZ);
+ B2C2_WAIT_FOR_OPERATION_RDW);
if (ret != sizeof(u32)) {
err("error while %s dword from %d (%d).", read ? "reading" :
@@ -155,7 +155,7 @@ static int flexcop_usb_v8_memory_req(str
wIndex,
fc_usb->data,
buflen,
- nWaitTime * HZ);
+ nWaitTime);
if (ret != buflen)
ret = -EIO;
@@ -249,13 +249,13 @@ static int flexcop_usb_i2c_req(struct fl
/* DKT 020208 - add this to support special case of DiSEqC */
case USB_FUNC_I2C_CHECKWRITE:
pipe = B2C2_USB_CTRL_PIPE_OUT;
- nWaitTime = 2;
+ nWaitTime = 2000;
request_type |= USB_DIR_OUT;
break;
case USB_FUNC_I2C_READ:
case USB_FUNC_I2C_REPEATREAD:
pipe = B2C2_USB_CTRL_PIPE_IN;
- nWaitTime = 2;
+ nWaitTime = 2000;
request_type |= USB_DIR_IN;
break;
default:
@@ -282,7 +282,7 @@ static int flexcop_usb_i2c_req(struct fl
wIndex,
fc_usb->data,
buflen,
- nWaitTime * HZ);
+ nWaitTime);
if (ret != buflen)
ret = -EIO;
--- a/drivers/media/usb/b2c2/flexcop-usb.h
+++ b/drivers/media/usb/b2c2/flexcop-usb.h
@@ -91,13 +91,13 @@ typedef enum {
UTILITY_SRAM_TESTVERIFY = 0x16,
} flexcop_usb_utility_function_t;
-#define B2C2_WAIT_FOR_OPERATION_RW (1*HZ)
-#define B2C2_WAIT_FOR_OPERATION_RDW (3*HZ)
-#define B2C2_WAIT_FOR_OPERATION_WDW (1*HZ)
+#define B2C2_WAIT_FOR_OPERATION_RW 1000
+#define B2C2_WAIT_FOR_OPERATION_RDW 3000
+#define B2C2_WAIT_FOR_OPERATION_WDW 1000
-#define B2C2_WAIT_FOR_OPERATION_V8READ (3*HZ)
-#define B2C2_WAIT_FOR_OPERATION_V8WRITE (3*HZ)
-#define B2C2_WAIT_FOR_OPERATION_V8FLASH (3*HZ)
+#define B2C2_WAIT_FOR_OPERATION_V8READ 3000
+#define B2C2_WAIT_FOR_OPERATION_V8WRITE 3000
+#define B2C2_WAIT_FOR_OPERATION_V8FLASH 3000
typedef enum {
V8_MEMORY_PAGE_DVB_CI = 0x20,
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 016/320] media: mceusb: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-01-24 18:39 ` [PATCH 5.4 015/320] media: flexcop-usb: fix control-message timeouts Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 017/320] media: em28xx: " Greg Kroah-Hartman
` (308 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 16394e998cbb050730536bdf7e89f5a70efbd974 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 66e89522aff7 ("V4L/DVB: IR: add mceusb IR receiver driver")
Cc: stable@vger.kernel.org # 2.6.36
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/rc/mceusb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/media/rc/mceusb.c
+++ b/drivers/media/rc/mceusb.c
@@ -1430,7 +1430,7 @@ static void mceusb_gen1_init(struct mceu
*/
ret = usb_control_msg(ir->usbdev, usb_rcvctrlpipe(ir->usbdev, 0),
USB_REQ_SET_ADDRESS, USB_TYPE_VENDOR, 0, 0,
- data, USB_CTRL_MSG_SZ, HZ * 3);
+ data, USB_CTRL_MSG_SZ, 3000);
dev_dbg(dev, "set address - ret = %d", ret);
dev_dbg(dev, "set address - data[0] = %d, data[1] = %d",
data[0], data[1]);
@@ -1438,20 +1438,20 @@ static void mceusb_gen1_init(struct mceu
/* set feature: bit rate 38400 bps */
ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0),
USB_REQ_SET_FEATURE, USB_TYPE_VENDOR,
- 0xc04e, 0x0000, NULL, 0, HZ * 3);
+ 0xc04e, 0x0000, NULL, 0, 3000);
dev_dbg(dev, "set feature - ret = %d", ret);
/* bRequest 4: set char length to 8 bits */
ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0),
4, USB_TYPE_VENDOR,
- 0x0808, 0x0000, NULL, 0, HZ * 3);
+ 0x0808, 0x0000, NULL, 0, 3000);
dev_dbg(dev, "set char length - retB = %d", ret);
/* bRequest 2: set handshaking to use DTR/DSR */
ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0),
2, USB_TYPE_VENDOR,
- 0x0000, 0x0100, NULL, 0, HZ * 3);
+ 0x0000, 0x0100, NULL, 0, 3000);
dev_dbg(dev, "set handshake - retC = %d", ret);
/* device resume */
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 017/320] media: em28xx: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 016/320] media: mceusb: " Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 018/320] media: cpia2: " Greg Kroah-Hartman
` (307 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit d9b7e8df3aa9b8c10708aab60e72e79ac08237e4 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: a6c2ba283565 ("[PATCH] v4l: 716: support for em28xx board family")
Cc: stable@vger.kernel.org # 2.6.16
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/em28xx/em28xx-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/em28xx/em28xx-core.c
+++ b/drivers/media/usb/em28xx/em28xx-core.c
@@ -89,7 +89,7 @@ int em28xx_read_reg_req_len(struct em28x
mutex_lock(&dev->ctrl_urb_lock);
ret = usb_control_msg(udev, pipe, req,
USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0x0000, reg, dev->urb_buf, len, HZ);
+ 0x0000, reg, dev->urb_buf, len, 1000);
if (ret < 0) {
em28xx_regdbg("(pipe 0x%08x): IN: %02x %02x %02x %02x %02x %02x %02x %02x failed with error %i\n",
pipe,
@@ -158,7 +158,7 @@ int em28xx_write_regs_req(struct em28xx
memcpy(dev->urb_buf, buf, len);
ret = usb_control_msg(udev, pipe, req,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0x0000, reg, dev->urb_buf, len, HZ);
+ 0x0000, reg, dev->urb_buf, len, 1000);
mutex_unlock(&dev->ctrl_urb_lock);
if (ret < 0) {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 018/320] media: cpia2: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 017/320] media: em28xx: " Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 019/320] media: s2255: " Greg Kroah-Hartman
` (306 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 10729be03327f53258cb196362015ad5c6eabe02 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: ab33d5071de7 ("V4L/DVB (3376): Add cpia2 camera support")
Cc: stable@vger.kernel.org # 2.6.17
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/cpia2/cpia2_usb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/cpia2/cpia2_usb.c
+++ b/drivers/media/usb/cpia2/cpia2_usb.c
@@ -550,7 +550,7 @@ static int write_packet(struct usb_devic
0, /* index */
buf, /* buffer */
size,
- HZ);
+ 1000);
kfree(buf);
return ret;
@@ -582,7 +582,7 @@ static int read_packet(struct usb_device
0, /* index */
buf, /* buffer */
size,
- HZ);
+ 1000);
if (ret >= 0)
memcpy(registers, buf, size);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 019/320] media: s2255: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 018/320] media: cpia2: " Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 020/320] media: dib0700: fix undefined behavior in tuner shutdown Greg Kroah-Hartman
` (305 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit f71d272ad4e354097020a4e6b1dc6e4b59feb50f upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Use the common control-message timeout define for the five-second
timeouts.
Fixes: 38f993ad8b1f ("V4L/DVB (8125): This driver adds support for the Sensoray 2255 devices.")
Cc: stable@vger.kernel.org # 2.6.27
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/s2255/s2255drv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/s2255/s2255drv.c
+++ b/drivers/media/usb/s2255/s2255drv.c
@@ -1884,7 +1884,7 @@ static long s2255_vendor_req(struct s225
USB_TYPE_VENDOR | USB_RECIP_DEVICE |
USB_DIR_IN,
Value, Index, buf,
- TransferBufferLength, HZ * 5);
+ TransferBufferLength, USB_CTRL_SET_TIMEOUT);
if (r >= 0)
memcpy(TransferBuffer, buf, TransferBufferLength);
@@ -1893,7 +1893,7 @@ static long s2255_vendor_req(struct s225
r = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
Request, USB_TYPE_VENDOR | USB_RECIP_DEVICE,
Value, Index, buf,
- TransferBufferLength, HZ * 5);
+ TransferBufferLength, USB_CTRL_SET_TIMEOUT);
}
kfree(buf);
return r;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 020/320] media: dib0700: fix undefined behavior in tuner shutdown
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 019/320] media: s2255: " Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 021/320] media: redrat3: fix control-message timeouts Greg Kroah-Hartman
` (304 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Kuron, Mauro Carvalho Chehab
From: Michael Kuron <michael.kuron@gmail.com>
commit f7b77ebe6d2f49c7747b2d619586d1aa33f9ea91 upstream.
This fixes a problem where closing the tuner would leave it in a state
where it would not tune to any channel when reopened. This problem was
discovered as part of https://github.com/hselasky/webcamd/issues/16.
Since adap->id is 0 or 1, this bit-shift overflows, which is undefined
behavior. The driver still worked in practice as the overflow would in
most environments result in 0, which rendered the line a no-op. When
running the driver as part of webcamd however, the overflow could lead
to 0xff due to optimizations by the compiler, which would, in the end,
improperly shut down the tuner.
The bug is a regression introduced in the commit referenced below. The
present patch causes identical behavior to before that commit for
adap->id equal to 0 or 1. The driver does not contain support for
dib0700 devices with more adapters, assuming such even exist.
Tests have been performed with the Xbox One Digital TV Tuner on amd64.
Not all dib0700 devices are expected to be affected by the regression;
this code path is only taken by those with incorrect endpoint numbers.
Link: https://lore.kernel.org/linux-media/1d2fc36d94ced6f67c7cc21dcc469d5e5bdd8201.1632689033.git.mchehab+huawei@kernel.org
Cc: stable@vger.kernel.org
Fixes: 7757ddda6f4f ("[media] DiB0700: add function to change I2C-speed")
Signed-off-by: Michael Kuron <michael.kuron@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/dvb-usb/dib0700_core.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/media/usb/dvb-usb/dib0700_core.c
+++ b/drivers/media/usb/dvb-usb/dib0700_core.c
@@ -616,8 +616,6 @@ int dib0700_streaming_ctrl(struct dvb_us
deb_info("the endpoint number (%i) is not correct, use the adapter id instead", adap->fe_adap[0].stream.props.endpoint);
if (onoff)
st->channel_state |= 1 << (adap->id);
- else
- st->channel_state |= 1 << ~(adap->id);
} else {
if (onoff)
st->channel_state |= 1 << (adap->fe_adap[0].stream.props.endpoint-2);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 021/320] media: redrat3: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 020/320] media: dib0700: fix undefined behavior in tuner shutdown Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 022/320] media: pvrusb2: " Greg Kroah-Hartman
` (303 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 2adc965c8bfa224e11ecccf9c92fd458c4236428 upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 2154be651b90 ("[media] redrat3: new rc-core IR transceiver device driver")
Cc: stable@vger.kernel.org # 3.0
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/rc/redrat3.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
--- a/drivers/media/rc/redrat3.c
+++ b/drivers/media/rc/redrat3.c
@@ -405,7 +405,7 @@ static int redrat3_send_cmd(int cmd, str
udev = rr3->udev;
res = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), cmd,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- 0x0000, 0x0000, data, sizeof(u8), HZ * 10);
+ 0x0000, 0x0000, data, sizeof(u8), 10000);
if (res < 0) {
dev_err(rr3->dev, "%s: Error sending rr3 cmd res %d, data %d",
@@ -481,7 +481,7 @@ static u32 redrat3_get_timeout(struct re
pipe = usb_rcvctrlpipe(rr3->udev, 0);
ret = usb_control_msg(rr3->udev, pipe, RR3_GET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, HZ * 5);
+ RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, 5000);
if (ret != len)
dev_warn(rr3->dev, "Failed to read timeout from hardware\n");
else {
@@ -511,7 +511,7 @@ static int redrat3_set_timeout(struct rc
ret = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
RR3_IR_IO_SIG_TIMEOUT, 0, timeout, sizeof(*timeout),
- HZ * 25);
+ 25000);
dev_dbg(dev, "set ir parm timeout %d ret 0x%02x\n",
be32_to_cpu(*timeout), ret);
@@ -543,32 +543,32 @@ static void redrat3_reset(struct redrat3
*val = 0x01;
rc = usb_control_msg(udev, rxpipe, RR3_RESET,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- RR3_CPUCS_REG_ADDR, 0, val, len, HZ * 25);
+ RR3_CPUCS_REG_ADDR, 0, val, len, 25000);
dev_dbg(dev, "reset returned 0x%02x\n", rc);
*val = length_fuzz;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_LENGTH_FUZZ, 0, val, len, HZ * 25);
+ RR3_IR_IO_LENGTH_FUZZ, 0, val, len, 25000);
dev_dbg(dev, "set ir parm len fuzz %d rc 0x%02x\n", *val, rc);
*val = (65536 - (minimum_pause * 2000)) / 256;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_MIN_PAUSE, 0, val, len, HZ * 25);
+ RR3_IR_IO_MIN_PAUSE, 0, val, len, 25000);
dev_dbg(dev, "set ir parm min pause %d rc 0x%02x\n", *val, rc);
*val = periods_measure_carrier;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_PERIODS_MF, 0, val, len, HZ * 25);
+ RR3_IR_IO_PERIODS_MF, 0, val, len, 25000);
dev_dbg(dev, "set ir parm periods measure carrier %d rc 0x%02x", *val,
rc);
*val = RR3_DRIVER_MAXLENS;
rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
- RR3_IR_IO_MAX_LENGTHS, 0, val, len, HZ * 25);
+ RR3_IR_IO_MAX_LENGTHS, 0, val, len, 25000);
dev_dbg(dev, "set ir parm max lens %d rc 0x%02x\n", *val, rc);
kfree(val);
@@ -586,7 +586,7 @@ static void redrat3_get_firmware_rev(str
rc = usb_control_msg(rr3->udev, usb_rcvctrlpipe(rr3->udev, 0),
RR3_FW_VERSION,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- 0, 0, buffer, RR3_FW_VERSION_LEN, HZ * 5);
+ 0, 0, buffer, RR3_FW_VERSION_LEN, 5000);
if (rc >= 0)
dev_info(rr3->dev, "Firmware rev: %s", buffer);
@@ -826,14 +826,14 @@ static int redrat3_transmit_ir(struct rc
pipe = usb_sndbulkpipe(rr3->udev, rr3->ep_out->bEndpointAddress);
ret = usb_bulk_msg(rr3->udev, pipe, irdata,
- sendbuf_len, &ret_len, 10 * HZ);
+ sendbuf_len, &ret_len, 10000);
dev_dbg(dev, "sent %d bytes, (ret %d)\n", ret_len, ret);
/* now tell the hardware to transmit what we sent it */
pipe = usb_rcvctrlpipe(rr3->udev, 0);
ret = usb_control_msg(rr3->udev, pipe, RR3_TX_SEND_SIGNAL,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
- 0, 0, irdata, 2, HZ * 10);
+ 0, 0, irdata, 2, 10000);
if (ret < 0)
dev_err(dev, "Error: control msg send failed, rc %d\n", ret);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 022/320] media: pvrusb2: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 021/320] media: redrat3: fix control-message timeouts Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 023/320] media: stk1160: " Greg Kroah-Hartman
` (302 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit b82bf9b9dc305d7d3d93eab106d70dbf2171b43e upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: d855497edbfb ("V4L/DVB (4228a): pvrusb2 to kernel 2.6.18")
Cc: stable@vger.kernel.org # 2.6.18
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
@@ -1468,7 +1468,7 @@ static int pvr2_upload_firmware1(struct
for (address = 0; address < fwsize; address += 0x800) {
memcpy(fw_ptr, fw_entry->data + address, 0x800);
ret += usb_control_msg(hdw->usb_dev, pipe, 0xa0, 0x40, address,
- 0, fw_ptr, 0x800, HZ);
+ 0, fw_ptr, 0x800, 1000);
}
trace_firmware("Upload done, releasing device's CPU");
@@ -1606,7 +1606,7 @@ int pvr2_upload_firmware2(struct pvr2_hd
((u32 *)fw_ptr)[icnt] = swab32(((u32 *)fw_ptr)[icnt]);
ret |= usb_bulk_msg(hdw->usb_dev, pipe, fw_ptr,bcnt,
- &actual_length, HZ);
+ &actual_length, 1000);
ret |= (actual_length != bcnt);
if (ret) break;
fw_done += bcnt;
@@ -3439,7 +3439,7 @@ void pvr2_hdw_cpufw_set_enabled(struct p
0xa0,0xc0,
address,0,
hdw->fw_buffer+address,
- 0x800,HZ);
+ 0x800,1000);
if (ret < 0) break;
}
@@ -3978,7 +3978,7 @@ void pvr2_hdw_cpureset_assert(struct pvr
/* Write the CPUCS register on the 8051. The lsb of the register
is the reset bit; a 1 asserts reset while a 0 clears it. */
pipe = usb_sndctrlpipe(hdw->usb_dev, 0);
- ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,HZ);
+ ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,1000);
if (ret < 0) {
pvr2_trace(PVR2_TRACE_ERROR_LEGS,
"cpureset_assert(%d) error=%d",val,ret);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 023/320] media: stk1160: fix control-message timeouts
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 022/320] media: pvrusb2: " Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 024/320] can: softing_cs: softingcs_probe(): fix memleak on registration failure Greg Kroah-Hartman
` (301 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Hans Verkuil,
Mauro Carvalho Chehab
From: Johan Hovold <johan@kernel.org>
commit 6aa6e70cdb5b863a57bad61310bf89b6617a5d2d upstream.
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 9cb2173e6ea8 ("[media] media: Add stk1160 new driver (easycap replacement)")
Cc: stable@vger.kernel.org # 3.7
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/usb/stk1160/stk1160-core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/media/usb/stk1160/stk1160-core.c
+++ b/drivers/media/usb/stk1160/stk1160-core.c
@@ -65,7 +65,7 @@ int stk1160_read_reg(struct stk1160 *dev
return -ENOMEM;
ret = usb_control_msg(dev->udev, pipe, 0x00,
USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- 0x00, reg, buf, sizeof(u8), HZ);
+ 0x00, reg, buf, sizeof(u8), 1000);
if (ret < 0) {
stk1160_err("read failed on reg 0x%x (%d)\n",
reg, ret);
@@ -85,7 +85,7 @@ int stk1160_write_reg(struct stk1160 *de
ret = usb_control_msg(dev->udev, pipe, 0x01,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
- value, reg, NULL, 0, HZ);
+ value, reg, NULL, 0, 1000);
if (ret < 0) {
stk1160_err("write failed on reg 0x%x (%d)\n",
reg, ret);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 024/320] can: softing_cs: softingcs_probe(): fix memleak on registration failure
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 023/320] media: stk1160: " Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 025/320] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() Greg Kroah-Hartman
` (300 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Marc Kleine-Budde
From: Johan Hovold <johan@kernel.org>
commit ced4913efb0acc844ed65cc01d091a85d83a2082 upstream.
In case device registration fails during probe, the driver state and
the embedded platform device structure needs to be freed using
platform_device_put() to properly free all resources (e.g. the device
name).
Fixes: 0a0b7a5f7a04 ("can: add driver for Softing card")
Link: https://lore.kernel.org/all/20211222104843.6105-1-johan@kernel.org
Cc: stable@vger.kernel.org # 2.6.38
Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/softing/softing_cs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/can/softing/softing_cs.c
+++ b/drivers/net/can/softing/softing_cs.c
@@ -293,7 +293,7 @@ static int softingcs_probe(struct pcmcia
return 0;
platform_failed:
- kfree(dev);
+ platform_device_put(pdev);
mem_failed:
pcmcia_bad:
pcmcia_failed:
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 025/320] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 024/320] can: softing_cs: softingcs_probe(): fix memleak on registration failure Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 026/320] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure Greg Kroah-Hartman
` (299 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Arnd Bergmann,
Nick Desaulniers, Nathan Chancellor, Christophe Leroy
From: Christophe Leroy <christophe.leroy@csgroup.eu>
commit bc93a22a19eb2b68a16ecf04cdf4b2ed65aaf398 upstream.
On a kernel without CONFIG_STRICT_KERNEL_RWX, running EXEC_RODATA
test leads to "Illegal instruction" failure.
Looking at the content of rodata_objcopy.o, we see that the
function content zeroes only:
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 00 00 00 00 .long 0x0
Add the contents flag in order to keep the content of the section
while renaming it.
Disassembly of section .rodata:
0000000000000000 <.lkdtm_rodata_do_nothing>:
0: 4e 80 00 20 blr
Fixes: e9e08a07385e ("lkdtm: support llvm-objcopy")
Cc: stable@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/8900731fbc05fb8b0de18af7133a8fc07c3c53a1.1633712176.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/lkdtm/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/lkdtm/Makefile
+++ b/drivers/misc/lkdtm/Makefile
@@ -16,7 +16,7 @@ KCOV_INSTRUMENT_rodata.o := n
OBJCOPYFLAGS :=
OBJCOPYFLAGS_rodata_objcopy.o := \
- --rename-section .noinstr.text=.rodata,alloc,readonly,load
+ --rename-section .noinstr.text=.rodata,alloc,readonly,load,contents
targets += rodata.o rodata_objcopy.o
$(obj)/rodata_objcopy.o: $(obj)/rodata.o FORCE
$(call if_changed,objcopy)
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 026/320] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 025/320] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 027/320] dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() Greg Kroah-Hartman
` (298 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunfei Wang, Robin Murphy, Will Deacon
From: Yunfei Wang <yf.wang@mediatek.com>
commit a556cfe4cabc6d79cbb7733f118bbb420b376fe6 upstream.
In __arm_v7s_alloc_table function:
iommu call kmem_cache_alloc to allocate page table, this function
allocate memory may fail, when kmem_cache_alloc fails to allocate
table, call virt_to_phys will be abnomal and return unexpected phys
and goto out_free, then call kmem_cache_free to release table will
trigger KE, __get_free_pages and free_pages have similar problem,
so add error handle for page table allocation failure.
Fixes: 29859aeb8a6e ("iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE")
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
Cc: <stable@vger.kernel.org> # 5.10.*
Acked-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20211207113315.29109-1-yf.wang@mediatek.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/io-pgtable-arm-v7s.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/iommu/io-pgtable-arm-v7s.c
+++ b/drivers/iommu/io-pgtable-arm-v7s.c
@@ -244,13 +244,17 @@ static void *__arm_v7s_alloc_table(int l
__GFP_ZERO | ARM_V7S_TABLE_GFP_DMA, get_order(size));
else if (lvl == 2)
table = kmem_cache_zalloc(data->l2_tables, gfp);
+
+ if (!table)
+ return NULL;
+
phys = virt_to_phys(table);
if (phys != (arm_v7s_iopte)phys) {
/* Doesn't fit in PTE */
dev_err(dev, "Page table does not fit in PTE: %pa", &phys);
goto out_free;
}
- if (table && !cfg->coherent_walk) {
+ if (!cfg->coherent_walk) {
dma = dma_map_single(dev, table, size, DMA_TO_DEVICE);
if (dma_mapping_error(dev, dma))
goto out_free;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 027/320] dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 026/320] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 028/320] PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller Greg Kroah-Hartman
` (297 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chris Wilson, Sumit Semwal,
Gustavo Padovan, Christian König, linux-media, dri-devel,
linaro-mm-sig, Thomas Hellström
From: Thomas Hellström <thomas.hellstrom@linux.intel.com>
commit 95d35838880fb040ccb9fe4a48816bd0c8b62df5 upstream.
If a dma_fence_array is reported signaled by a call to
dma_fence_is_signaled(), it may leak the PENDING_ERROR status.
Fix this by clearing the PENDING_ERROR status if we return true in
dma_fence_array_signaled().
v2:
- Update Cc list, and add R-b.
Fixes: 1f70b8b812f3 ("dma-fence: Propagate errors to dma-fence-array container")
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Christian König <christian.koenig@amd.com>
Cc: "Christian König" <christian.koenig@amd.com>
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linaro-mm-sig@lists.linaro.org
Cc: <stable@vger.kernel.org> # v5.4+
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211129152727.448908-1-thomas.hellstrom@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma-buf/dma-fence-array.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/dma-buf/dma-fence-array.c
+++ b/drivers/dma-buf/dma-fence-array.c
@@ -104,7 +104,11 @@ static bool dma_fence_array_signaled(str
{
struct dma_fence_array *array = to_dma_fence_array(fence);
- return atomic_read(&array->num_pending) <= 0;
+ if (atomic_read(&array->num_pending) > 0)
+ return false;
+
+ dma_fence_array_clear_pending_error(array);
+ return true;
}
static void dma_fence_array_release(struct dma_fence *fence)
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 028/320] PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 027/320] dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 029/320] mm_zone: add function to check if managed dma zone exists Greg Kroah-Hartman
` (296 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sam Bingner, Yifeng Li,
Bjorn Helgaas, Krzysztof Wilczyński
From: Yifeng Li <tomli@tomli.me>
commit e445375882883f69018aa669b67cbb37ec873406 upstream.
Like other SATA controller chips in the Marvell 88SE91xx series, the
Marvell 88SE9125 has the same DMA requester ID hardware bug that prevents
it from working under IOMMU. Add it to the list of devices that need the
quirk.
Without this patch, device initialization fails with DMA errors:
ata8: softreset failed (1st FIS failed)
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Write NO_PASID] Request device [03:00.1] fault addr 0xfffc0000 [fault reason 0x02] Present bit in context entry is clear
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Read NO_PASID] Request device [03:00.1] fault addr 0xfffc0000 [fault reason 0x02] Present bit in context entry is clear
After applying the patch, the controller can be successfully initialized:
ata8: SATA link up 1.5 Gbps (SStatus 113 SControl 330)
ata8.00: ATAPI: PIONEER BD-RW BDR-207M, 1.21, max UDMA/100
ata8.00: configured for UDMA/100
scsi 7:0:0:0: CD-ROM PIONEER BD-RW BDR-207M 1.21 PQ: 0 ANSI: 5
Link: https://lore.kernel.org/r/YahpKVR+McJVDdkD@work
Reported-by: Sam Bingner <sam@bingner.com>
Tested-by: Sam Bingner <sam@bingner.com>
Tested-by: Yifeng Li <tomli@tomli.me>
Signed-off-by: Yifeng Li <tomli@tomli.me>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Krzysztof Wilczyński <kw@linux.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4134,6 +4134,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_M
quirk_dma_func1_alias);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9123,
quirk_dma_func1_alias);
+/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c136 */
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9125,
+ quirk_dma_func1_alias);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9128,
quirk_dma_func1_alias);
/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c14 */
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 029/320] mm_zone: add function to check if managed dma zone exists
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 028/320] PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 030/320] mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages Greg Kroah-Hartman
` (295 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, David Hildenbrand,
John Donnelly, Christoph Hellwig, Christoph Lameter,
Hyeonggon Yoo, Pekka Enberg, David Rientjes, Joonsoo Kim,
Vlastimil Babka, David Laight, Borislav Petkov, Marek Szyprowski,
Robin Murphy, Andrew Morton, Linus Torvalds
From: Baoquan He <bhe@redhat.com>
commit 62b3107073646e0946bd97ff926832bafb846d17 upstream.
Patch series "Handle warning of allocation failure on DMA zone w/o
managed pages", v4.
**Problem observed:
On x86_64, when crash is triggered and entering into kdump kernel, page
allocation failure can always be seen.
---------------------------------
DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
swapper/0: page allocation failure: order:5, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0
CPU: 0 PID: 1 Comm: swapper/0
Call Trace:
dump_stack+0x7f/0xa1
warn_alloc.cold+0x72/0xd6
......
__alloc_pages+0x24d/0x2c0
......
dma_atomic_pool_init+0xdb/0x176
do_one_initcall+0x67/0x320
? rcu_read_lock_sched_held+0x3f/0x80
kernel_init_freeable+0x290/0x2dc
? rest_init+0x24f/0x24f
kernel_init+0xa/0x111
ret_from_fork+0x22/0x30
Mem-Info:
------------------------------------
***Root cause:
In the current kernel, it assumes that DMA zone must have managed pages
and try to request pages if CONFIG_ZONE_DMA is enabled. While this is not
always true. E.g in kdump kernel of x86_64, only low 1M is presented and
locked down at very early stage of boot, so that this low 1M won't be
added into buddy allocator to become managed pages of DMA zone. This
exception will always cause page allocation failure if page is requested
from DMA zone.
***Investigation:
This failure happens since below commit merged into linus's tree.
1a6a9044b967 x86/setup: Remove CONFIG_X86_RESERVE_LOW and reservelow= options
23721c8e92f7 x86/crash: Remove crash_reserve_low_1M()
f1d4d47c5851 x86/setup: Always reserve the first 1M of RAM
7c321eb2b843 x86/kdump: Remove the backup region handling
6f599d84231f x86/kdump: Always reserve the low 1M when the crashkernel option is specified
Before them, on x86_64, the low 640K area will be reused by kdump kernel.
So in kdump kernel, the content of low 640K area is copied into a backup
region for dumping before jumping into kdump. Then except of those firmware
reserved region in [0, 640K], the left area will be added into buddy
allocator to become available managed pages of DMA zone.
However, after above commits applied, in kdump kernel of x86_64, the low
1M is reserved by memblock, but not released to buddy allocator. So any
later page allocation requested from DMA zone will fail.
At the beginning, if crashkernel is reserved, the low 1M need be locked
down because AMD SME encrypts memory making the old backup region
mechanims impossible when switching into kdump kernel.
Later, it was also observed that there are BIOSes corrupting memory
under 1M. To solve this, in commit f1d4d47c5851, the entire region of
low 1M is always reserved after the real mode trampoline is allocated.
Besides, recently, Intel engineer mentioned their TDX (Trusted domain
extensions) which is under development in kernel also needs to lock down
the low 1M. So we can't simply revert above commits to fix the page allocation
failure from DMA zone as someone suggested.
***Solution:
Currently, only DMA atomic pool and dma-kmalloc will initialize and
request page allocation with GFP_DMA during bootup.
So only initializ DMA atomic pool when DMA zone has available managed
pages, otherwise just skip the initialization.
For dma-kmalloc(), for the time being, let's mute the warning of
allocation failure if requesting pages from DMA zone while no manged
pages. Meanwhile, change code to use dma_alloc_xx/dma_map_xx API to
replace kmalloc(GFP_DMA), or do not use GFP_DMA when calling kmalloc() if
not necessary. Christoph is posting patches to fix those under
drivers/scsi/. Finally, we can remove the need of dma-kmalloc() as people
suggested.
This patch (of 3):
In some places of the current kernel, it assumes that dma zone must have
managed pages if CONFIG_ZONE_DMA is enabled. While this is not always
true. E.g in kdump kernel of x86_64, only low 1M is presented and locked
down at very early stage of boot, so that there's no managed pages at all
in DMA zone. This exception will always cause page allocation failure if
page is requested from DMA zone.
Here add function has_managed_dma() and the relevant helper functions to
check if there's DMA zone with managed pages. It will be used in later
patches.
Link: https://lkml.kernel.org/r/20211223094435.248523-1-bhe@redhat.com
Link: https://lkml.kernel.org/r/20211223094435.248523-2-bhe@redhat.com
Fixes: 6f599d84231f ("x86/kdump: Always reserve the low 1M when the crashkernel option is specified")
Signed-off-by: Baoquan He <bhe@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: John Donnelly <john.p.donnelly@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Christoph Lameter <cl@linux.com>
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mmzone.h | 9 +++++++++
mm/page_alloc.c | 15 +++++++++++++++
2 files changed, 24 insertions(+)
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -929,6 +929,15 @@ static inline int is_highmem_idx(enum zo
#endif
}
+#ifdef CONFIG_ZONE_DMA
+bool has_managed_dma(void);
+#else
+static inline bool has_managed_dma(void)
+{
+ return false;
+}
+#endif
+
/**
* is_highmem - helper function to quickly check if a struct zone is a
* highmem zone or not. This is an attempt to keep references
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -8694,3 +8694,18 @@ bool set_hwpoison_free_buddy_page(struct
return hwpoisoned;
}
#endif
+
+#ifdef CONFIG_ZONE_DMA
+bool has_managed_dma(void)
+{
+ struct pglist_data *pgdat;
+
+ for_each_online_pgdat(pgdat) {
+ struct zone *zone = &pgdat->node_zones[ZONE_DMA];
+
+ if (managed_zone(zone))
+ return true;
+ }
+ return false;
+}
+#endif /* CONFIG_ZONE_DMA */
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 030/320] mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 029/320] mm_zone: add function to check if managed dma zone exists Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 031/320] shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode Greg Kroah-Hartman
` (294 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, John Donnelly,
Hyeonggon Yoo, Christoph Lameter, Pekka Enberg, David Rientjes,
Joonsoo Kim, Vlastimil Babka, Borislav Petkov, Christoph Hellwig,
David Hildenbrand, David Laight, Marek Szyprowski, Robin Murphy,
Andrew Morton, Linus Torvalds
From: Baoquan He <bhe@redhat.com>
commit c4dc63f0032c77464fbd4e7a6afc22fa6913c4a7 upstream.
In kdump kernel of x86_64, page allocation failure is observed:
kworker/u2:2: page allocation failure: order:0, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0
CPU: 0 PID: 55 Comm: kworker/u2:2 Not tainted 5.16.0-rc4+ #5
Hardware name: AMD Dinar/Dinar, BIOS RDN1505B 06/05/2013
Workqueue: events_unbound async_run_entry_fn
Call Trace:
<TASK>
dump_stack_lvl+0x48/0x5e
warn_alloc.cold+0x72/0xd6
__alloc_pages_slowpath.constprop.0+0xc69/0xcd0
__alloc_pages+0x1df/0x210
new_slab+0x389/0x4d0
___slab_alloc+0x58f/0x770
__slab_alloc.constprop.0+0x4a/0x80
kmem_cache_alloc_trace+0x24b/0x2c0
sr_probe+0x1db/0x620
......
device_add+0x405/0x920
......
__scsi_add_device+0xe5/0x100
ata_scsi_scan_host+0x97/0x1d0
async_run_entry_fn+0x30/0x130
process_one_work+0x1e8/0x3c0
worker_thread+0x50/0x3b0
? rescuer_thread+0x350/0x350
kthread+0x16b/0x190
? set_kthread_struct+0x40/0x40
ret_from_fork+0x22/0x30
</TASK>
Mem-Info:
......
The above failure happened when calling kmalloc() to allocate buffer with
GFP_DMA. It requests to allocate slab page from DMA zone while no managed
pages at all in there.
sr_probe()
--> get_capabilities()
--> buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
Because in the current kernel, dma-kmalloc will be created as long as
CONFIG_ZONE_DMA is enabled. However, kdump kernel of x86_64 doesn't have
managed pages on DMA zone since commit 6f599d84231f ("x86/kdump: Always
reserve the low 1M when the crashkernel option is specified"). The
failure can be always reproduced.
For now, let's mute the warning of allocation failure if requesting pages
from DMA zone while no managed pages.
[akpm@linux-foundation.org: fix warning]
Link: https://lkml.kernel.org/r/20211223094435.248523-4-bhe@redhat.com
Fixes: 6f599d84231f ("x86/kdump: Always reserve the low 1M when the crashkernel option is specified")
Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: John Donnelly <john.p.donnelly@oracle.com>
Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Hildenbrand <david@redhat.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page_alloc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -3767,7 +3767,9 @@ void warn_alloc(gfp_t gfp_mask, nodemask
va_list args;
static DEFINE_RATELIMIT_STATE(nopage_rs, 10*HZ, 1);
- if ((gfp_mask & __GFP_NOWARN) || !__ratelimit(&nopage_rs))
+ if ((gfp_mask & __GFP_NOWARN) ||
+ !__ratelimit(&nopage_rs) ||
+ ((gfp_mask & __GFP_DMA) && !has_managed_dma()))
return;
va_start(args, fmt);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 031/320] shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 030/320] mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 032/320] drm/rockchip: dsi: Hold pm-runtime across bind/unbind Greg Kroah-Hartman
` (293 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gang Li, Muchun Song,
Kirill A. Shutemov, Hugh Dickins, Andrew Morton, Linus Torvalds
From: Gang Li <ligang.bdlg@bytedance.com>
commit 62c9827cbb996c2c04f615ecd783ce28bcea894b upstream.
Fix a data race in commit 779750d20b93 ("shmem: split huge pages beyond
i_size under memory pressure").
Here are call traces causing race:
Call Trace 1:
shmem_unused_huge_shrink+0x3ae/0x410
? __list_lru_walk_one.isra.5+0x33/0x160
super_cache_scan+0x17c/0x190
shrink_slab.part.55+0x1ef/0x3f0
shrink_node+0x10e/0x330
kswapd+0x380/0x740
kthread+0xfc/0x130
? mem_cgroup_shrink_node+0x170/0x170
? kthread_create_on_node+0x70/0x70
ret_from_fork+0x1f/0x30
Call Trace 2:
shmem_evict_inode+0xd8/0x190
evict+0xbe/0x1c0
do_unlinkat+0x137/0x330
do_syscall_64+0x76/0x120
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
A simple explanation:
Image there are 3 items in the local list (@list). In the first
traversal, A is not deleted from @list.
1) A->B->C
^
|
pos (leave)
In the second traversal, B is deleted from @list. Concurrently, A is
deleted from @list through shmem_evict_inode() since last reference
counter of inode is dropped by other thread. Then the @list is corrupted.
2) A->B->C
^ ^
| |
evict pos (drop)
We should make sure the inode is either on the global list or deleted from
any local list before iput().
Fixed by moving inodes back to global list before we put them.
[akpm@linux-foundation.org: coding style fixes]
Link: https://lkml.kernel.org/r/20211125064502.99983-1-ligang.bdlg@bytedance.com
Fixes: 779750d20b93 ("shmem: split huge pages beyond i_size under memory pressure")
Signed-off-by: Gang Li <ligang.bdlg@bytedance.com>
Reviewed-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/shmem.c | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -466,7 +466,7 @@ static unsigned long shmem_unused_huge_s
struct shmem_inode_info *info;
struct page *page;
unsigned long batch = sc ? sc->nr_to_scan : 128;
- int removed = 0, split = 0;
+ int split = 0;
if (list_empty(&sbinfo->shrinklist))
return SHRINK_STOP;
@@ -481,7 +481,6 @@ static unsigned long shmem_unused_huge_s
/* inode is about to be evicted */
if (!inode) {
list_del_init(&info->shrinklist);
- removed++;
goto next;
}
@@ -489,12 +488,12 @@ static unsigned long shmem_unused_huge_s
if (round_up(inode->i_size, PAGE_SIZE) ==
round_up(inode->i_size, HPAGE_PMD_SIZE)) {
list_move(&info->shrinklist, &to_remove);
- removed++;
goto next;
}
list_move(&info->shrinklist, &list);
next:
+ sbinfo->shrinklist_len--;
if (!--batch)
break;
}
@@ -514,7 +513,7 @@ next:
inode = &info->vfs_inode;
if (nr_to_split && split >= nr_to_split)
- goto leave;
+ goto move_back;
page = find_get_page(inode->i_mapping,
(inode->i_size & HPAGE_PMD_MASK) >> PAGE_SHIFT);
@@ -528,38 +527,44 @@ next:
}
/*
- * Leave the inode on the list if we failed to lock
- * the page at this time.
+ * Move the inode on the list back to shrinklist if we failed
+ * to lock the page at this time.
*
* Waiting for the lock may lead to deadlock in the
* reclaim path.
*/
if (!trylock_page(page)) {
put_page(page);
- goto leave;
+ goto move_back;
}
ret = split_huge_page(page);
unlock_page(page);
put_page(page);
- /* If split failed leave the inode on the list */
+ /* If split failed move the inode on the list back to shrinklist */
if (ret)
- goto leave;
+ goto move_back;
split++;
drop:
list_del_init(&info->shrinklist);
- removed++;
-leave:
+ goto put;
+move_back:
+ /*
+ * Make sure the inode is either on the global list or deleted
+ * from any local list before iput() since it could be deleted
+ * in another thread once we put the inode (then the local list
+ * is corrupted).
+ */
+ spin_lock(&sbinfo->shrinklist_lock);
+ list_move(&info->shrinklist, &sbinfo->shrinklist);
+ sbinfo->shrinklist_len++;
+ spin_unlock(&sbinfo->shrinklist_lock);
+put:
iput(inode);
}
- spin_lock(&sbinfo->shrinklist_lock);
- list_splice_tail(&list, &sbinfo->shrinklist);
- sbinfo->shrinklist_len -= removed;
- spin_unlock(&sbinfo->shrinklist_lock);
-
return split;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 032/320] drm/rockchip: dsi: Hold pm-runtime across bind/unbind
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 031/320] shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 033/320] drm/rockchip: dsi: Reconfigure hardware on resume() Greg Kroah-Hartman
` (292 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, aleksandr.o.makarov, Brian Norris,
Nícolas F . R . A . Prado, Chen-Yu Tsai, Heiko Stuebner
From: Brian Norris <briannorris@chromium.org>
commit 514db871922f103886ad4d221cf406b4fcc5e74a upstream.
In commit 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except
LCDC mux to bind()"), we moved most HW configuration to bind(), but we
didn't move the runtime PM management. Therefore, depending on initial
boot state, runtime-PM workqueue delays, and other timing factors, we
may disable our power domain in between the hardware configuration
(bind()) and when we enable the display. This can cause us to lose
hardware state and fail to configure our display. For example:
dw-mipi-dsi-rockchip ff968000.mipi: failed to write command FIFO
panel-innolux-p079zca ff960000.mipi.0: failed to write command 0
or:
dw-mipi-dsi-rockchip ff968000.mipi: failed to write command FIFO
panel-kingdisplay-kd097d04 ff960000.mipi.0: failed write init cmds: -110
We should match the runtime PM to the lifetime of the bind()/unbind()
cycle.
Tested on Acer Chrometab 10 (RK3399 Gru-Scarlet), with panel drivers
built either as modules or built-in.
Side notes: it seems one is more likely to see this problem when the
panel driver is built into the kernel. I've also seen this problem
bisect down to commits that simply changed Kconfig dependencies, because
it changed the order in which driver init functions were compiled into
the kernel, and therefore the ordering and timing of built-in device
probe.
Fixes: 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except LCDC mux to bind()")
Link: https://lore.kernel.org/linux-rockchip/9aedfb528600ecf871885f7293ca4207c84d16c1.camel@gmail.com/
Reported-by: <aleksandr.o.makarov@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20210928143413.v3.1.Ic2904d37f30013a7f3d8476203ad3733c186827e@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 37 ++++++++++++------------
1 file changed, 19 insertions(+), 18 deletions(-)
--- a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
+++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
@@ -625,10 +625,6 @@ static void dw_mipi_dsi_encoder_enable(s
if (mux < 0)
return;
- pm_runtime_get_sync(dsi->dev);
- if (dsi->slave)
- pm_runtime_get_sync(dsi->slave->dev);
-
/*
* For the RK3399, the clk of grf must be enabled before writing grf
* register. And for RK3288 or other soc, this grf_clk must be NULL,
@@ -647,20 +643,10 @@ static void dw_mipi_dsi_encoder_enable(s
clk_disable_unprepare(dsi->grf_clk);
}
-static void dw_mipi_dsi_encoder_disable(struct drm_encoder *encoder)
-{
- struct dw_mipi_dsi_rockchip *dsi = to_dsi(encoder);
-
- if (dsi->slave)
- pm_runtime_put(dsi->slave->dev);
- pm_runtime_put(dsi->dev);
-}
-
static const struct drm_encoder_helper_funcs
dw_mipi_dsi_encoder_helper_funcs = {
.atomic_check = dw_mipi_dsi_encoder_atomic_check,
.enable = dw_mipi_dsi_encoder_enable,
- .disable = dw_mipi_dsi_encoder_disable,
};
static const struct drm_encoder_funcs dw_mipi_dsi_encoder_funcs = {
@@ -795,10 +781,14 @@ static int dw_mipi_dsi_rockchip_bind(str
put_device(second);
}
+ pm_runtime_get_sync(dsi->dev);
+ if (dsi->slave)
+ pm_runtime_get_sync(dsi->slave->dev);
+
ret = clk_prepare_enable(dsi->pllref_clk);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to enable pllref_clk: %d\n", ret);
- return ret;
+ goto out_pm_runtime;
}
/*
@@ -810,7 +800,7 @@ static int dw_mipi_dsi_rockchip_bind(str
ret = clk_prepare_enable(dsi->grf_clk);
if (ret) {
DRM_DEV_ERROR(dsi->dev, "Failed to enable grf_clk: %d\n", ret);
- return ret;
+ goto out_pm_runtime;
}
dw_mipi_dsi_rockchip_config(dsi);
@@ -822,16 +812,23 @@ static int dw_mipi_dsi_rockchip_bind(str
ret = rockchip_dsi_drm_create_encoder(dsi, drm_dev);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to create drm encoder\n");
- return ret;
+ goto out_pm_runtime;
}
ret = dw_mipi_dsi_bind(dsi->dmd, &dsi->encoder);
if (ret) {
DRM_DEV_ERROR(dev, "Failed to bind: %d\n", ret);
- return ret;
+ goto out_pm_runtime;
}
return 0;
+
+out_pm_runtime:
+ pm_runtime_put(dsi->dev);
+ if (dsi->slave)
+ pm_runtime_put(dsi->slave->dev);
+
+ return ret;
}
static void dw_mipi_dsi_rockchip_unbind(struct device *dev,
@@ -846,6 +843,10 @@ static void dw_mipi_dsi_rockchip_unbind(
dw_mipi_dsi_unbind(dsi->dmd);
clk_disable_unprepare(dsi->pllref_clk);
+
+ pm_runtime_put(dsi->dev);
+ if (dsi->slave)
+ pm_runtime_put(dsi->slave->dev);
}
static const struct component_ops dw_mipi_dsi_rockchip_ops = {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 033/320] drm/rockchip: dsi: Reconfigure hardware on resume()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 032/320] drm/rockchip: dsi: Hold pm-runtime across bind/unbind Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 034/320] drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure Greg Kroah-Hartman
` (291 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Chen-Yu Tsai,
Nícolas F . R . A . Prado, Heiko Stuebner
From: Brian Norris <briannorris@chromium.org>
commit e584cdc1549932f87a2707b56bc588cfac5d89e0 upstream.
Since commit 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except
LCDC mux to bind()"), we perform most HW configuration in the bind()
function. This configuration may be lost on suspend/resume, so we
need to call it again. That may lead to errors like this after system
suspend/resume:
dw-mipi-dsi-rockchip ff968000.mipi: failed to write command FIFO
panel-kingdisplay-kd097d04 ff960000.mipi.0: failed write init cmds: -110
Tested on Acer Chromebook Tab 10 (RK3399 Gru-Scarlet).
Note that early mailing list versions of this driver borrowed Rockchip's
downstream/BSP solution, to do HW configuration in mode_set() (which
*is* called at the appropriate pre-enable() times), but that was
discarded along the way. I've avoided that still, because mode_set()
documentation doesn't suggest this kind of purpose as far as I can tell.
Fixes: 43c2de1002d2 ("drm/rockchip: dsi: move all lane config except LCDC mux to bind()")
Cc: <stable@vger.kernel.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20210928143413.v3.2.I4e9d93aadb00b1ffc7d506e3186a25492bf0b732@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 37 ++++++++++++++++++++++++
1 file changed, 37 insertions(+)
--- a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
+++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
@@ -231,6 +231,8 @@ struct dw_mipi_dsi_rockchip {
struct dw_mipi_dsi *dmd;
const struct rockchip_dw_dsi_chip_data *cdata;
struct dw_mipi_dsi_plat_data pdata;
+
+ bool dsi_bound;
};
struct dphy_pll_parameter_map {
@@ -821,6 +823,8 @@ static int dw_mipi_dsi_rockchip_bind(str
goto out_pm_runtime;
}
+ dsi->dsi_bound = true;
+
return 0;
out_pm_runtime:
@@ -840,6 +844,8 @@ static void dw_mipi_dsi_rockchip_unbind(
if (dsi->is_slave)
return;
+ dsi->dsi_bound = false;
+
dw_mipi_dsi_unbind(dsi->dmd);
clk_disable_unprepare(dsi->pllref_clk);
@@ -904,6 +910,36 @@ static const struct dw_mipi_dsi_host_ops
.detach = dw_mipi_dsi_rockchip_host_detach,
};
+static int __maybe_unused dw_mipi_dsi_rockchip_resume(struct device *dev)
+{
+ struct dw_mipi_dsi_rockchip *dsi = dev_get_drvdata(dev);
+ int ret;
+
+ /*
+ * Re-configure DSI state, if we were previously initialized. We need
+ * to do this before rockchip_drm_drv tries to re-enable() any panels.
+ */
+ if (dsi->dsi_bound) {
+ ret = clk_prepare_enable(dsi->grf_clk);
+ if (ret) {
+ DRM_DEV_ERROR(dsi->dev, "Failed to enable grf_clk: %d\n", ret);
+ return ret;
+ }
+
+ dw_mipi_dsi_rockchip_config(dsi);
+ if (dsi->slave)
+ dw_mipi_dsi_rockchip_config(dsi->slave);
+
+ clk_disable_unprepare(dsi->grf_clk);
+ }
+
+ return 0;
+}
+
+static const struct dev_pm_ops dw_mipi_dsi_rockchip_pm_ops = {
+ SET_LATE_SYSTEM_SLEEP_PM_OPS(NULL, dw_mipi_dsi_rockchip_resume)
+};
+
static int dw_mipi_dsi_rockchip_probe(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
@@ -1089,6 +1125,7 @@ struct platform_driver dw_mipi_dsi_rockc
.remove = dw_mipi_dsi_rockchip_remove,
.driver = {
.of_match_table = dw_mipi_dsi_rockchip_dt_ids,
+ .pm = &dw_mipi_dsi_rockchip_pm_ops,
.name = "dw-mipi-dsi-rockchip",
},
};
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 034/320] drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 033/320] drm/rockchip: dsi: Reconfigure hardware on resume() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 035/320] drm/panel: innolux-p079zca: " Greg Kroah-Hartman
` (290 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Sam Ravnborg, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 5f31dbeae8a88f31c3eb4eb526ab4807c40da241 ]
If we fail to attach (e.g., because 1 of 2 dual-DSI controllers aren't
ready), we leave a dangling drm_panel reference to freed memory. Clean
that up on failure.
Fixes: 2a994cbed6b2 ("drm/panel: Add Kingdisplay KD097D04 panel driver")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20210923173336.1.Icb4d9dbc1817f4e826361a4f1cea7461541668f0@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c b/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c
index 3ac04eb8d0fe5..1e7fecab72a9f 100644
--- a/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c
+++ b/drivers/gpu/drm/panel/panel-kingdisplay-kd097d04.c
@@ -424,7 +424,13 @@ static int kingdisplay_panel_probe(struct mipi_dsi_device *dsi)
if (err < 0)
return err;
- return mipi_dsi_attach(dsi);
+ err = mipi_dsi_attach(dsi);
+ if (err < 0) {
+ kingdisplay_panel_del(kingdisplay);
+ return err;
+ }
+
+ return 0;
}
static int kingdisplay_panel_remove(struct mipi_dsi_device *dsi)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 035/320] drm/panel: innolux-p079zca: Delete panel on attach() failure
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 034/320] drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 036/320] drm/rockchip: dsi: Fix unbalanced clock on probe error Greg Kroah-Hartman
` (289 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Sam Ravnborg, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 32a267e9c057e1636e7afdd20599aa5741a73079 ]
If we fail to attach (e.g., because 1 of 2 dual-DSI controllers aren't
ready), we leave a dangling drm_panel reference to freed memory. Clean
that up on failure.
This problem exists since the driver's introduction, but is especially
relevant after refactored for dual-DSI variants.
Fixes: 14c8f2e9f8ea ("drm/panel: add Innolux P079ZCA panel driver")
Fixes: 7ad4e4636c54 ("drm/panel: p079zca: Refactor panel driver to support multiple panels")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20210923173336.2.I9023cf8811a3abf4964ed84eb681721d8bb489d6@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-innolux-p079zca.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panel/panel-innolux-p079zca.c b/drivers/gpu/drm/panel/panel-innolux-p079zca.c
index d92d1c98878c1..df90b66079816 100644
--- a/drivers/gpu/drm/panel/panel-innolux-p079zca.c
+++ b/drivers/gpu/drm/panel/panel-innolux-p079zca.c
@@ -509,6 +509,7 @@ static void innolux_panel_del(struct innolux_panel *innolux)
static int innolux_panel_probe(struct mipi_dsi_device *dsi)
{
const struct panel_desc *desc;
+ struct innolux_panel *innolux;
int err;
desc = of_device_get_match_data(&dsi->dev);
@@ -520,7 +521,14 @@ static int innolux_panel_probe(struct mipi_dsi_device *dsi)
if (err < 0)
return err;
- return mipi_dsi_attach(dsi);
+ err = mipi_dsi_attach(dsi);
+ if (err < 0) {
+ innolux = mipi_dsi_get_drvdata(dsi);
+ innolux_panel_del(innolux);
+ return err;
+ }
+
+ return 0;
}
static int innolux_panel_remove(struct mipi_dsi_device *dsi)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 036/320] drm/rockchip: dsi: Fix unbalanced clock on probe error
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 035/320] drm/panel: innolux-p079zca: " Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 037/320] Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails Greg Kroah-Hartman
` (288 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Chen-Yu Tsai,
Nícolas F . R . A . Prado, Heiko Stuebner, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 251888398753924059f3bb247a44153a2853137f ]
Our probe() function never enabled this clock, so we shouldn't disable
it if we fail to probe the bridge.
Noted by inspection.
Fixes: 2d4f7bdafd70 ("drm/rockchip: dsi: migrate to use dw-mipi-dsi bridge driver")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20210928143413.v3.3.Ie8ceefb51ab6065a1151869b6fcda41a467d4d2c@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
+++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi-rockchip.c
@@ -1023,14 +1023,10 @@ static int dw_mipi_dsi_rockchip_probe(st
if (ret != -EPROBE_DEFER)
DRM_DEV_ERROR(dev,
"Failed to probe dw_mipi_dsi: %d\n", ret);
- goto err_clkdisable;
+ return ret;
}
return 0;
-
-err_clkdisable:
- clk_disable_unprepare(dsi->pllref_clk);
- return ret;
}
static int dw_mipi_dsi_rockchip_remove(struct platform_device *pdev)
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 037/320] Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 036/320] drm/rockchip: dsi: Fix unbalanced clock on probe error Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 038/320] clk: bcm-2835: Pick the closest clock rate Greg Kroah-Hartman
` (287 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai,
Marcel Holtmann, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 2a7ca7459d905febf519163bd9e3eed894de6bb7 ]
I got a kernel BUG report when doing fault injection test:
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:45!
...
RIP: 0010:__list_del_entry_valid.cold+0x12/0x4d
...
Call Trace:
proto_unregister+0x83/0x220
cmtp_cleanup_sockets+0x37/0x40 [cmtp]
cmtp_exit+0xe/0x1f [cmtp]
do_syscall_64+0x35/0xb0
entry_SYSCALL_64_after_hwframe+0x44/0xae
If cmtp_init_sockets() in cmtp_init() fails, cmtp_init() still returns
success. This will cause a kernel bug when accessing uncreated ctmp
related data when the module exits.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/cmtp/core.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 0a2d78e811cf5..83eb84e8e688f 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -501,9 +501,7 @@ static int __init cmtp_init(void)
{
BT_INFO("CMTP (CAPI Emulation) ver %s", VERSION);
- cmtp_init_sockets();
-
- return 0;
+ return cmtp_init_sockets();
}
static void __exit cmtp_exit(void)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 038/320] clk: bcm-2835: Pick the closest clock rate
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 037/320] Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 039/320] clk: bcm-2835: Remove rounding up the dividers Greg Kroah-Hartman
` (286 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Stephen Boyd,
Nicolas Saenz Julienne, Michael Stapelberg, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 5517357a4733d7cf7c17fc79d0530cfa47add372 ]
The driver currently tries to pick the closest rate that is lower than
the rate being requested.
This causes an issue with clk_set_min_rate() since it actively checks
for the rounded rate to be above the minimum that was just set.
Let's change the logic a bit to pick the closest rate to the requested
rate, no matter if it's actually higher or lower.
Fixes: 6d18b8adbe67 ("clk: bcm2835: Support for clock parent selection")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Tested-by: Nicolas Saenz Julienne <nsaenz@kernel.org> # boot and basic functionality
Tested-by: Michael Stapelberg <michael@stapelberg.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20210922125419.4125779-2-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index c5486537b9284..b2af320d1b6c5 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -1216,7 +1216,7 @@ static int bcm2835_clock_determine_rate(struct clk_hw *hw,
rate = bcm2835_clock_choose_div_and_prate(hw, i, req->rate,
&div, &prate,
&avgrate);
- if (rate > best_rate && rate <= req->rate) {
+ if (abs(req->rate - rate) < abs(req->rate - best_rate)) {
best_parent = parent;
best_prate = prate;
best_rate = rate;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 039/320] clk: bcm-2835: Remove rounding up the dividers
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 038/320] clk: bcm-2835: Pick the closest clock rate Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 040/320] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND Greg Kroah-Hartman
` (285 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Stephen Boyd,
Nicolas Saenz Julienne, Michael Stapelberg, Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 8ca011ef4af48a7af7b15afd8a4a44039dd04cea ]
The driver, once it found a divider, tries to round it up by increasing
the least significant bit of the fractional part by one when the
round_up argument is set and there's a remainder.
However, since it increases the divider it will actually reduce the
clock rate below what we were asking for, leading to issues with
clk_set_min_rate() that will complain that our rounded clock rate is
below the minimum of the rate.
Since the dividers are fairly precise already, let's remove that part so
that we can have clk_set_min_rate() working.
This is effectively a revert of 9c95b32ca093 ("clk: bcm2835: add a round
up ability to the clock divisor").
Fixes: 9c95b32ca093 ("clk: bcm2835: add a round up ability to the clock divisor")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Tested-by: Nicolas Saenz Julienne <nsaenz@kernel.org> # boot and basic functionality
Tested-by: Michael Stapelberg <michael@stapelberg.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20210922125419.4125779-3-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/bcm/clk-bcm2835.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c
index b2af320d1b6c5..e637bd6b295bd 100644
--- a/drivers/clk/bcm/clk-bcm2835.c
+++ b/drivers/clk/bcm/clk-bcm2835.c
@@ -932,8 +932,7 @@ static int bcm2835_clock_is_on(struct clk_hw *hw)
static u32 bcm2835_clock_choose_div(struct clk_hw *hw,
unsigned long rate,
- unsigned long parent_rate,
- bool round_up)
+ unsigned long parent_rate)
{
struct bcm2835_clock *clock = bcm2835_clock_from_hw(hw);
const struct bcm2835_clock_data *data = clock->data;
@@ -945,10 +944,6 @@ static u32 bcm2835_clock_choose_div(struct clk_hw *hw,
rem = do_div(temp, rate);
div = temp;
-
- /* Round up and mask off the unused bits */
- if (round_up && ((div & unused_frac_mask) != 0 || rem != 0))
- div += unused_frac_mask + 1;
div &= ~unused_frac_mask;
/* different clamping limits apply for a mash clock */
@@ -1079,7 +1074,7 @@ static int bcm2835_clock_set_rate(struct clk_hw *hw,
struct bcm2835_clock *clock = bcm2835_clock_from_hw(hw);
struct bcm2835_cprman *cprman = clock->cprman;
const struct bcm2835_clock_data *data = clock->data;
- u32 div = bcm2835_clock_choose_div(hw, rate, parent_rate, false);
+ u32 div = bcm2835_clock_choose_div(hw, rate, parent_rate);
u32 ctl;
spin_lock(&cprman->regs_lock);
@@ -1130,7 +1125,7 @@ static unsigned long bcm2835_clock_choose_div_and_prate(struct clk_hw *hw,
if (!(BIT(parent_idx) & data->set_rate_parent)) {
*prate = clk_hw_get_rate(parent);
- *div = bcm2835_clock_choose_div(hw, rate, *prate, true);
+ *div = bcm2835_clock_choose_div(hw, rate, *prate);
*avgrate = bcm2835_clock_rate_from_divisor(clock, *prate, *div);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 040/320] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 039/320] clk: bcm-2835: Remove rounding up the dividers Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 041/320] wcn36xx: Release DMA channel descriptor allocations Greg Kroah-Hartman
` (284 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, Kalle Valo, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit 588b45c88ae130fe373a8c50edaf54735c3f4fe3 ]
Firmware can trigger a missed beacon indication, this is not the same as a
lost signal.
Flag to Linux the missed beacon and let the WiFi stack decide for itself if
the link is up or down by sending its own probe to determine this.
We should only be signalling the link is lost when the firmware indicates
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211027232529.657764-1-bryan.odonoghue@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/smd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c b/drivers/net/wireless/ath/wcn36xx/smd.c
index a7532028bf9db..74cf173c186ff 100644
--- a/drivers/net/wireless/ath/wcn36xx/smd.c
+++ b/drivers/net/wireless/ath/wcn36xx/smd.c
@@ -2311,7 +2311,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn,
wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n",
tmp->bss_index);
vif = wcn36xx_priv_to_vif(tmp);
- ieee80211_connection_loss(vif);
+ ieee80211_beacon_loss(vif);
}
return 0;
}
@@ -2326,7 +2326,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn,
wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n",
rsp->bss_index);
vif = wcn36xx_priv_to_vif(tmp);
- ieee80211_connection_loss(vif);
+ ieee80211_beacon_loss(vif);
return 0;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 041/320] wcn36xx: Release DMA channel descriptor allocations
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 040/320] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 042/320] media: videobuf2: Fix the size printk format Greg Kroah-Hartman
` (283 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bryan ODonoghue, Kalle Valo, Sasha Levin
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
[ Upstream commit 3652096e5263ad67604b0323f71d133485f410e5 ]
When unloading the driver we are not releasing the DMA descriptors which we
previously allocated.
Fixes: 8e84c2582169 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211105122152.1580542-3-bryan.odonoghue@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wcn36xx/dxe.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/ath/wcn36xx/dxe.c b/drivers/net/wireless/ath/wcn36xx/dxe.c
index 4da25e84793b7..c400261352bc8 100644
--- a/drivers/net/wireless/ath/wcn36xx/dxe.c
+++ b/drivers/net/wireless/ath/wcn36xx/dxe.c
@@ -952,4 +952,9 @@ void wcn36xx_dxe_deinit(struct wcn36xx *wcn)
wcn36xx_dxe_ch_free_skbs(wcn, &wcn->dxe_rx_l_ch);
wcn36xx_dxe_ch_free_skbs(wcn, &wcn->dxe_rx_h_ch);
+
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_tx_l_ch);
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_tx_h_ch);
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_rx_l_ch);
+ wcn36xx_dxe_deinit_descs(wcn->dev, &wcn->dxe_rx_h_ch);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 042/320] media: videobuf2: Fix the size printk format
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 041/320] wcn36xx: Release DMA channel descriptor allocations Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 043/320] media: aspeed: fix mode-detect always time out at 2nd run Greg Kroah-Hartman
` (282 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dillon Min, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Dillon Min <dillon.minfei@gmail.com>
[ Upstream commit c9ee220d76775e42f35d634479c978d9350077d3 ]
Since the type of parameter size is unsigned long,
it should printk by %lu, instead of %ld, fix it.
Fixes: 7952be9b6ece ("media: drivers/media/common/videobuf2: rename from videobuf")
Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/common/videobuf2/videobuf2-dma-contig.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/media/common/videobuf2/videobuf2-dma-contig.c b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
index 44cd0e530bbd3..093ebe6f279f7 100644
--- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c
+++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c
@@ -154,7 +154,7 @@ static void *vb2_dc_alloc(struct device *dev, unsigned long attrs,
buf->cookie = dma_alloc_attrs(dev, size, &buf->dma_addr,
GFP_KERNEL | gfp_flags, buf->attrs);
if (!buf->cookie) {
- dev_err(dev, "dma_alloc_coherent of size %ld failed\n", size);
+ dev_err(dev, "dma_alloc_coherent of size %lu failed\n", size);
kfree(buf);
return ERR_PTR(-ENOMEM);
}
@@ -200,9 +200,9 @@ static int vb2_dc_mmap(void *buf_priv, struct vm_area_struct *vma)
vma->vm_ops->open(vma);
- pr_debug("%s: mapped dma addr 0x%08lx at 0x%08lx, size %ld\n",
- __func__, (unsigned long)buf->dma_addr, vma->vm_start,
- buf->size);
+ pr_debug("%s: mapped dma addr 0x%08lx at 0x%08lx, size %lu\n",
+ __func__, (unsigned long)buf->dma_addr, vma->vm_start,
+ buf->size);
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 043/320] media: aspeed: fix mode-detect always time out at 2nd run
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 042/320] media: videobuf2: Fix the size printk format Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 044/320] media: em28xx: fix memory leak in em28xx_init_dev Greg Kroah-Hartman
` (281 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jammy Huang, Paul Menzel,
Joel Stanley, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Jammy Huang <jammy_huang@aspeedtech.com>
[ Upstream commit 62cea52ad4bead0ae4be2cfe1142eb0aae0e9fbd ]
aspeed_video_get_resolution() will try to do res-detect again if the
timing got in last try is invalid. But it will always time out because
VE_SEQ_CTRL_TRIG_MODE_DET is only cleared after 1st mode-detect.
To fix the problem, just clear VE_SEQ_CTRL_TRIG_MODE_DET before setting
it in aspeed_video_enable_mode_detect().
Fixes: d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
Signed-off-by: Jammy Huang <jammy_huang@aspeedtech.com>
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/aspeed-video.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/media/platform/aspeed-video.c b/drivers/media/platform/aspeed-video.c
index 6dde49d9aa4c2..be1238f22b8ae 100644
--- a/drivers/media/platform/aspeed-video.c
+++ b/drivers/media/platform/aspeed-video.c
@@ -477,6 +477,10 @@ static void aspeed_video_enable_mode_detect(struct aspeed_video *video)
aspeed_video_update(video, VE_INTERRUPT_CTRL, 0,
VE_INTERRUPT_MODE_DETECT);
+ /* Disable mode detect in order to re-trigger */
+ aspeed_video_update(video, VE_SEQ_CTRL,
+ VE_SEQ_CTRL_TRIG_MODE_DET, 0);
+
/* Trigger mode detect */
aspeed_video_update(video, VE_SEQ_CTRL, 0, VE_SEQ_CTRL_TRIG_MODE_DET);
}
@@ -764,10 +768,6 @@ static void aspeed_video_get_resolution(struct aspeed_video *video)
return;
}
- /* Disable mode detect in order to re-trigger */
- aspeed_video_update(video, VE_SEQ_CTRL,
- VE_SEQ_CTRL_TRIG_MODE_DET, 0);
-
aspeed_video_check_and_set_polarity(video);
aspeed_video_enable_mode_detect(video);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 044/320] media: em28xx: fix memory leak in em28xx_init_dev
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 043/320] media: aspeed: fix mode-detect always time out at 2nd run Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 045/320] media: aspeed: Update signal status immediately to ensure sane hw state Greg Kroah-Hartman
` (280 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Dongliang Mu,
syzkaller, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 22be5a10d0b24eec9e45decd15d7e6112b25f080 ]
In the em28xx_init_rev, if em28xx_audio_setup fails, this function fails
to deallocate the media_dev allocated in the em28xx_media_device_init.
Fix this by adding em28xx_unregister_media_device to free media_dev.
BTW, this patch is tested in my local syzkaller instance, and it can
prevent the memory leak from occurring again.
CC: Pavel Skripkin <paskripkin@gmail.com>
Fixes: 37ecc7b1278f ("[media] em28xx: add media controller support")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/em28xx/em28xx-cards.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c
index 3e96b4b711d75..bfca9d0a1fe15 100644
--- a/drivers/media/usb/em28xx/em28xx-cards.c
+++ b/drivers/media/usb/em28xx/em28xx-cards.c
@@ -3515,8 +3515,10 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
if (dev->is_audio_only) {
retval = em28xx_audio_setup(dev);
- if (retval)
- return -ENODEV;
+ if (retval) {
+ retval = -ENODEV;
+ goto err_deinit_media;
+ }
em28xx_init_extension(dev);
return 0;
@@ -3535,7 +3537,7 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
dev_err(&dev->intf->dev,
"%s: em28xx_i2c_register bus 0 - error [%d]!\n",
__func__, retval);
- return retval;
+ goto err_deinit_media;
}
/* register i2c bus 1 */
@@ -3551,9 +3553,7 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
"%s: em28xx_i2c_register bus 1 - error [%d]!\n",
__func__, retval);
- em28xx_i2c_unregister(dev, 0);
-
- return retval;
+ goto err_unreg_i2c;
}
}
@@ -3561,6 +3561,12 @@ static int em28xx_init_dev(struct em28xx *dev, struct usb_device *udev,
em28xx_card_setup(dev);
return 0;
+
+err_unreg_i2c:
+ em28xx_i2c_unregister(dev, 0);
+err_deinit_media:
+ em28xx_unregister_media_device(dev);
+ return retval;
}
static int em28xx_duplicate_dev(struct em28xx *dev)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 045/320] media: aspeed: Update signal status immediately to ensure sane hw state
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 044/320] media: em28xx: fix memory leak in em28xx_init_dev Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 046/320] arm64: dts: meson-gxbb-wetek: fix HDMI in early boot Greg Kroah-Hartman
` (279 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jammy Huang, Paul Menzel,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Jammy Huang <jammy_huang@aspeedtech.com>
[ Upstream commit af6d1bde395cac174ee71adcd3fa43f6435c7206 ]
If res-chg, VE_INTERRUPT_MODE_DETECT_WD irq will be raised. But
v4l2_input_status won't be updated to no-signal immediately until
aspeed_video_get_resolution() in aspeed_video_resolution_work().
During the period of time, aspeed_video_start_frame() could be called
because it doesn't know signal becomes unstable now. If it goes with
aspeed_video_init_regs() of aspeed_video_irq_res_change()
simultaneously, it will mess up hw state.
To fix this problem, v4l2_input_status is updated to no-signal
immediately for VE_INTERRUPT_MODE_DETECT_WD irq.
Fixes: d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
Signed-off-by: Jammy Huang <jammy_huang@aspeedtech.com>
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/aspeed-video.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/aspeed-video.c b/drivers/media/platform/aspeed-video.c
index be1238f22b8ae..1e0867016bf37 100644
--- a/drivers/media/platform/aspeed-video.c
+++ b/drivers/media/platform/aspeed-video.c
@@ -533,6 +533,8 @@ static void aspeed_video_irq_res_change(struct aspeed_video *video, ulong delay)
set_bit(VIDEO_RES_CHANGE, &video->flags);
clear_bit(VIDEO_FRAME_INPRG, &video->flags);
+ video->v4l2_input_status = V4L2_IN_ST_NO_SIGNAL;
+
aspeed_video_off(video);
aspeed_video_bufs_done(video, VB2_BUF_STATE_ERROR);
@@ -1315,7 +1317,6 @@ static void aspeed_video_resolution_work(struct work_struct *work)
struct delayed_work *dwork = to_delayed_work(work);
struct aspeed_video *video = container_of(dwork, struct aspeed_video,
res_work);
- u32 input_status = video->v4l2_input_status;
aspeed_video_on(video);
@@ -1328,8 +1329,7 @@ static void aspeed_video_resolution_work(struct work_struct *work)
aspeed_video_get_resolution(video);
if (video->detected_timings.width != video->active_timings.width ||
- video->detected_timings.height != video->active_timings.height ||
- input_status != video->v4l2_input_status) {
+ video->detected_timings.height != video->active_timings.height) {
static const struct v4l2_event ev = {
.type = V4L2_EVENT_SOURCE_CHANGE,
.u.src_change.changes = V4L2_EVENT_SRC_CH_RESOLUTION,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 046/320] arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 045/320] media: aspeed: Update signal status immediately to ensure sane hw state Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 047/320] arm64: dts: meson-gxbb-wetek: fix missing GPIO binding Greg Kroah-Hartman
` (278 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Hewitt, Neil Armstrong,
Sasha Levin
From: Christian Hewitt <christianshewitt@gmail.com>
[ Upstream commit 8182a35868db5f053111d5d9d4da8fcb3f99259d ]
Mark the VDDIO_AO18 regulator always-on and set hdmi-supply for the hdmi_tx
node to ensure HDMI is powered in the early stages of boot.
Fixes: fb72c03e0e32 ("ARM64: dts: meson-gxbb-wetek: add a wetek specific dtsi to cleanup hub and play2")
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20211012052522.30873-2-christianshewitt@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
index e3d17569d98ad..d7d0b65713841 100644
--- a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
@@ -64,6 +64,7 @@
regulator-name = "VDDIO_AO18";
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <1800000>;
+ regulator-always-on;
};
vcc_3v3: regulator-vcc_3v3 {
@@ -157,6 +158,7 @@
status = "okay";
pinctrl-0 = <&hdmi_hpd_pins>, <&hdmi_i2c_pins>;
pinctrl-names = "default";
+ hdmi-supply = <&vddio_ao18>;
};
&hdmi_tx_tmds_port {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 047/320] arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 046/320] arm64: dts: meson-gxbb-wetek: fix HDMI in early boot Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 048/320] Bluetooth: stop proccessing malicious adv data Greg Kroah-Hartman
` (277 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Hewitt, Neil Armstrong,
Sasha Levin
From: Christian Hewitt <christianshewitt@gmail.com>
[ Upstream commit c019abb2feba3cbbd7cf7178f8e6499c4fa6fced ]
The absence of this binding appears to be harmless in Linux but it breaks
Ethernet support in mainline u-boot. So add the binding (which is present
in all other u-boot supported GXBB device-trees).
Fixes: fb72c03e0e32 ("ARM64: dts: meson-gxbb-wetek: add a wetek specific dtsi to cleanup hub and play2")
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20211012052522.30873-3-christianshewitt@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
index d7d0b65713841..e94f09c2d4e32 100644
--- a/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
+++ b/arch/arm64/boot/dts/amlogic/meson-gxbb-wetek.dtsi
@@ -6,6 +6,7 @@
*/
#include "meson-gxbb.dtsi"
+#include <dt-bindings/gpio/gpio.h>
/ {
aliases {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 048/320] Bluetooth: stop proccessing malicious adv data
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 047/320] arm64: dts: meson-gxbb-wetek: fix missing GPIO binding Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 049/320] tee: fix put order in teedev_close_context() Greg Kroah-Hartman
` (276 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Marcel Holtmann,
Sasha Levin, syzbot+e3fcb9c4f3c2a931dc40
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 3a56ef719f0b9682afb8a86d64b2399e36faa4e6 ]
Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The
problem was in missing validaion check.
We should check if data is not malicious and we can read next data block.
If we won't check ptr validness, code can read a way beyond skb->end and
it can cause problems, of course.
Fixes: e95beb414168 ("Bluetooth: hci_le_adv_report_evt code refactoring")
Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_event.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 31469ff084cd3..40f1593651e84 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -5506,7 +5506,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
struct hci_ev_le_advertising_info *ev = ptr;
s8 rssi;
- if (ev->length <= HCI_MAX_AD_LENGTH) {
+ if (ev->length <= HCI_MAX_AD_LENGTH &&
+ ev->data + ev->length <= skb_tail_pointer(skb)) {
rssi = ev->data[ev->length];
process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
ev->bdaddr_type, NULL, 0, rssi,
@@ -5516,6 +5517,11 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
}
ptr += sizeof(*ev) + ev->length + 1;
+
+ if (ptr > (void *) skb_tail_pointer(skb) - sizeof(*ev)) {
+ bt_dev_err(hdev, "Malicious advertising data. Stopping processing");
+ break;
+ }
}
hci_dev_unlock(hdev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 049/320] tee: fix put order in teedev_close_context()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 048/320] Bluetooth: stop proccessing malicious adv data Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 050/320] media: dmxdev: fix UAF when dvb_register_device() fails Greg Kroah-Hartman
` (275 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sumit Garg, Jens Wiklander, Sasha Levin
From: Jens Wiklander <jens.wiklander@linaro.org>
[ Upstream commit f18397ab3ae23e8e43bba9986e66af6d4497f2ad ]
Prior to this patch was teedev_close_context() calling tee_device_put()
before teedev_ctx_put() leading to teedev_ctx_release() accessing
ctx->teedev just after the reference counter was decreased on the
teedev. Fix this by calling teedev_ctx_put() before tee_device_put().
Fixes: 217e0250cccb ("tee: use reference counting for tee_context")
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tee/tee_core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index 0f16d9ffd8d12..85e0cef9e917e 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -84,8 +84,10 @@ void teedev_ctx_put(struct tee_context *ctx)
static void teedev_close_context(struct tee_context *ctx)
{
- tee_device_put(ctx->teedev);
+ struct tee_device *teedev = ctx->teedev;
+
teedev_ctx_put(ctx);
+ tee_device_put(teedev);
}
static int tee_open(struct inode *inode, struct file *filp)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 050/320] media: dmxdev: fix UAF when dvb_register_device() fails
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 049/320] tee: fix put order in teedev_close_context() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 051/320] crypto: qce - fix uaf on qce_ahash_register_one Greg Kroah-Hartman
` (274 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai,
Mauro Carvalho Chehab, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit ab599eb11882f834951c436cc080c3455ba32b9b ]
I got a use-after-free report:
dvbdev: dvb_register_device: failed to create device dvb1.dvr0 (-12)
...
==================================================================
BUG: KASAN: use-after-free in dvb_dmxdev_release+0xce/0x2f0
...
Call Trace:
dump_stack_lvl+0x6c/0x8b
print_address_description.constprop.0+0x48/0x70
kasan_report.cold+0x82/0xdb
__asan_load4+0x6b/0x90
dvb_dmxdev_release+0xce/0x2f0
...
Allocated by task 7666:
kasan_save_stack+0x23/0x50
__kasan_kmalloc+0x83/0xa0
kmem_cache_alloc_trace+0x22e/0x470
dvb_register_device+0x12f/0x980
dvb_dmxdev_init+0x1f3/0x230
...
Freed by task 7666:
kasan_save_stack+0x23/0x50
kasan_set_track+0x20/0x30
kasan_set_free_info+0x24/0x40
__kasan_slab_free+0xf2/0x130
kfree+0xd1/0x5c0
dvb_register_device.cold+0x1ac/0x1fa
dvb_dmxdev_init+0x1f3/0x230
...
When dvb_register_device() in dvb_dmxdev_init() fails, dvb_dmxdev_init()
does not return a failure, and the memory pointed to by dvbdev or
dvr_dvbdev is invalid at this point. If they are used subsequently, it
will result in UFA or null-ptr-deref.
If dvb_register_device() in dvb_dmxdev_init() fails, fix the bug by making
dvb_dmxdev_init() return an error as well.
Link: https://lore.kernel.org/linux-media/20211015085741.1203283-1-wanghai38@huawei.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-core/dmxdev.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c
index f14a872d12687..e58cb8434dafe 100644
--- a/drivers/media/dvb-core/dmxdev.c
+++ b/drivers/media/dvb-core/dmxdev.c
@@ -1413,7 +1413,7 @@ static const struct dvb_device dvbdev_dvr = {
};
int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter)
{
- int i;
+ int i, ret;
if (dmxdev->demux->open(dmxdev->demux) < 0)
return -EUSERS;
@@ -1432,14 +1432,26 @@ int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter)
DMXDEV_STATE_FREE);
}
- dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev,
+ ret = dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev,
DVB_DEVICE_DEMUX, dmxdev->filternum);
- dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr,
+ if (ret < 0)
+ goto err_register_dvbdev;
+
+ ret = dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr,
dmxdev, DVB_DEVICE_DVR, dmxdev->filternum);
+ if (ret < 0)
+ goto err_register_dvr_dvbdev;
dvb_ringbuffer_init(&dmxdev->dvr_buffer, NULL, 8192);
return 0;
+
+err_register_dvr_dvbdev:
+ dvb_unregister_device(dmxdev->dvbdev);
+err_register_dvbdev:
+ vfree(dmxdev->filter);
+ dmxdev->filter = NULL;
+ return ret;
}
EXPORT_SYMBOL(dvb_dmxdev_init);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 051/320] crypto: qce - fix uaf on qce_ahash_register_one
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 050/320] media: dmxdev: fix UAF when dvb_register_device() fails Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 052/320] arm64: dts: ti: k3-j721e: correct cache-sets info Greg Kroah-Hartman
` (273 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengfeng Ye, Thara Gopinath,
Herbert Xu, Sasha Levin
From: Chengfeng Ye <cyeaa@connect.ust.hk>
[ Upstream commit b4cb4d31631912842eb7dce02b4350cbb7562d5e ]
Pointer base points to sub field of tmpl, it
is dereferenced after tmpl is freed. Fix
this by accessing base before free tmpl.
Fixes: ec8f5d8f ("crypto: qce - Qualcomm crypto engine driver")
Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
Acked-by: Thara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/qce/sha.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c
index 0853e74583ade..29b0bad2507b1 100644
--- a/drivers/crypto/qce/sha.c
+++ b/drivers/crypto/qce/sha.c
@@ -512,8 +512,8 @@ static int qce_ahash_register_one(const struct qce_ahash_def *def,
ret = crypto_register_ahash(alg);
if (ret) {
- kfree(tmpl);
dev_err(qce->dev, "%s registration failed\n", base->cra_name);
+ kfree(tmpl);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 052/320] arm64: dts: ti: k3-j721e: correct cache-sets info
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 051/320] crypto: qce - fix uaf on qce_ahash_register_one Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 053/320] tty: serial: atmel: Check return code of dmaengine_submit() Greg Kroah-Hartman
` (272 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Fan, Nishanth Menon,
Vignesh Raghavendra, Sasha Levin
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 7a0df1f969c14939f60a7f9a6af72adcc314675f ]
A72 Cluster has 48KB Icache, 32KB Dcache and 1MB L2 Cache
- ICache is 3-way set-associative
- Dcache is 2-way set-associative
- Line size are 64bytes
So correct the cache-sets info.
Fixes: 2d87061e70dea ("arm64: dts: ti: Add Support for J721E SoC")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211112063155.3485777-1-peng.fan@oss.nxp.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j721e.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j721e.dtsi b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
index 43ea1ba979220..f4d8f3b37d5bb 100644
--- a/arch/arm64/boot/dts/ti/k3-j721e.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
@@ -60,7 +60,7 @@
i-cache-sets = <256>;
d-cache-size = <0x8000>;
d-cache-line-size = <64>;
- d-cache-sets = <128>;
+ d-cache-sets = <256>;
next-level-cache = <&L2_0>;
};
@@ -74,7 +74,7 @@
i-cache-sets = <256>;
d-cache-size = <0x8000>;
d-cache-line-size = <64>;
- d-cache-sets = <128>;
+ d-cache-sets = <256>;
next-level-cache = <&L2_0>;
};
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 053/320] tty: serial: atmel: Check return code of dmaengine_submit()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 052/320] arm64: dts: ti: k3-j721e: correct cache-sets info Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 054/320] tty: serial: atmel: Call dma_async_issue_pending() Greg Kroah-Hartman
` (271 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Richard Genoud, Sasha Levin
From: Tudor Ambarus <tudor.ambarus@microchip.com>
[ Upstream commit 1e67bd2b8cb90b66e89562598e9c2046246832d3 ]
The tx_submit() method of struct dma_async_tx_descriptor is entitled
to do sanity checks and return errors if encountered. It's not the
case for the DMA controller drivers that this client is using
(at_h/xdmac), because they currently don't do sanity checks and always
return a positive cookie at tx_submit() method. In case the controller
drivers will implement sanity checks and return errors, print a message
so that the client will be informed that something went wrong at
tx_submit() level.
Fixes: 08f738be88bb ("serial: at91: add tx dma support")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Richard Genoud <richard.genoud@gmail.com>
Link: https://lore.kernel.org/r/20211125090028.786832-3-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/atmel_serial.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
index 8a909d5561859..da076493b336a 100644
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1002,6 +1002,11 @@ static void atmel_tx_dma(struct uart_port *port)
desc->callback = atmel_complete_tx_dma;
desc->callback_param = atmel_port;
atmel_port->cookie_tx = dmaengine_submit(desc);
+ if (dma_submit_error(atmel_port->cookie_tx)) {
+ dev_err(port->dev, "dma_submit_error %d\n",
+ atmel_port->cookie_tx);
+ return;
+ }
}
if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
@@ -1262,6 +1267,11 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
desc->callback_param = port;
atmel_port->desc_rx = desc;
atmel_port->cookie_rx = dmaengine_submit(desc);
+ if (dma_submit_error(atmel_port->cookie_rx)) {
+ dev_err(port->dev, "dma_submit_error %d\n",
+ atmel_port->cookie_rx);
+ goto chan_err;
+ }
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 054/320] tty: serial: atmel: Call dma_async_issue_pending()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 053/320] tty: serial: atmel: Check return code of dmaengine_submit() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 055/320] media: rcar-csi2: Correct the selection of hsfreqrange Greg Kroah-Hartman
` (270 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Sasha Levin
From: Tudor Ambarus <tudor.ambarus@microchip.com>
[ Upstream commit 4f4b9b5895614eb2e2b5f4cab7858f44bd113e1b ]
The driver wrongly assummed that tx_submit() will start the transfer,
which is not the case, now that the at_xdmac driver is fixed. tx_submit
is supposed to push the current transaction descriptor to a pending queue,
waiting for issue_pending to be called. issue_pending must start the
transfer, not tx_submit.
Fixes: 34df42f59a60 ("serial: at91: add rx dma support")
Fixes: 08f738be88bb ("serial: at91: add tx dma support")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211125090028.786832-4-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/atmel_serial.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c
index da076493b336a..3b2c25bd2e06b 100644
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1007,6 +1007,8 @@ static void atmel_tx_dma(struct uart_port *port)
atmel_port->cookie_tx);
return;
}
+
+ dma_async_issue_pending(chan);
}
if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
@@ -1273,6 +1275,8 @@ static int atmel_prepare_rx_dma(struct uart_port *port)
goto chan_err;
}
+ dma_async_issue_pending(atmel_port->chan_rx);
+
return 0;
chan_err:
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 055/320] media: rcar-csi2: Correct the selection of hsfreqrange
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 054/320] tty: serial: atmel: Call dma_async_issue_pending() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 056/320] media: imx-pxp: Initialize the spinlock prior to using it Greg Kroah-Hartman
` (269 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Suresh Udipi, Kazuyoshi Akiyama,
Michael Rodin, Niklas Söderlund, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Suresh Udipi <sudipi@jp.adit-jv.com>
[ Upstream commit cee44d4fbacbbdfe62697ec94e76c6e4f726c5df ]
hsfreqrange should be chosen based on the calculated mbps which
is closer to the default bit rate and within the range as per
table[1]. But current calculation always selects first value which
is greater than or equal to the calculated mbps which may lead
to chosing a wrong range in some cases.
For example for 360 mbps for H3/M3N
Existing logic selects
Calculated value 360Mbps : Default 400Mbps Range [368.125 -433.125 mbps]
This hsfreqrange is out of range.
The logic is changed to get the default value which is closest to the
calculated value [1]
Calculated value 360Mbps : Default 350Mbps Range [320.625 -380.625 mpbs]
[1] specs r19uh0105ej0200-r-car-3rd-generation.pdf [Table 25.9]
Please note that According to Renesas in Table 25.9 the range for
220 default value is corrected as below
|Range (Mbps) | Default Bit rate (Mbps) |
-----------------------------------------------
| 197.125-244.125 | 220 |
-----------------------------------------------
Fixes: 769afd212b16 ("media: rcar-csi2: add Renesas R-Car MIPI CSI-2 receiver driver")
Signed-off-by: Suresh Udipi <sudipi@jp.adit-jv.com>
Signed-off-by: Kazuyoshi Akiyama <akiyama@nds-osk.co.jp>
Signed-off-by: Michael Rodin <mrodin@de.adit-jv.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rcar-vin/rcar-csi2.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/rcar-vin/rcar-csi2.c b/drivers/media/platform/rcar-vin/rcar-csi2.c
index e01f22bf826d4..99b28611eb12c 100644
--- a/drivers/media/platform/rcar-vin/rcar-csi2.c
+++ b/drivers/media/platform/rcar-vin/rcar-csi2.c
@@ -430,16 +430,23 @@ static int rcsi2_wait_phy_start(struct rcar_csi2 *priv)
static int rcsi2_set_phypll(struct rcar_csi2 *priv, unsigned int mbps)
{
const struct rcsi2_mbps_reg *hsfreq;
+ const struct rcsi2_mbps_reg *hsfreq_prev = NULL;
- for (hsfreq = priv->info->hsfreqrange; hsfreq->mbps != 0; hsfreq++)
+ for (hsfreq = priv->info->hsfreqrange; hsfreq->mbps != 0; hsfreq++) {
if (hsfreq->mbps >= mbps)
break;
+ hsfreq_prev = hsfreq;
+ }
if (!hsfreq->mbps) {
dev_err(priv->dev, "Unsupported PHY speed (%u Mbps)", mbps);
return -ERANGE;
}
+ if (hsfreq_prev &&
+ ((mbps - hsfreq_prev->mbps) <= (hsfreq->mbps - mbps)))
+ hsfreq = hsfreq_prev;
+
rcsi2_write(priv, PHYPLL_REG, PHYPLL_HSFREQRANGE(hsfreq->reg));
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 056/320] media: imx-pxp: Initialize the spinlock prior to using it
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 055/320] media: rcar-csi2: Correct the selection of hsfreqrange Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 057/320] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() Greg Kroah-Hartman
` (268 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Philipp Zabel,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Fabio Estevam <festevam@denx.de>
[ Upstream commit ed2f97ad4b21072f849cf4ae6645d1f2b1d3f550 ]
After devm_request_threaded_irq() is called there is a chance that an
interrupt may occur before the spinlock is initialized, which will trigger
a kernel oops.
To prevent that, move the initialization of the spinlock prior to
requesting the interrupts.
Fixes: 51abcf7fdb70 ("media: imx-pxp: add i.MX Pixel Pipeline driver")
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/imx-pxp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/imx-pxp.c b/drivers/media/platform/imx-pxp.c
index 38d9423223025..3c36cefddec7c 100644
--- a/drivers/media/platform/imx-pxp.c
+++ b/drivers/media/platform/imx-pxp.c
@@ -1664,6 +1664,8 @@ static int pxp_probe(struct platform_device *pdev)
if (irq < 0)
return irq;
+ spin_lock_init(&dev->irqlock);
+
ret = devm_request_threaded_irq(&pdev->dev, irq, NULL, pxp_irq_handler,
IRQF_ONESHOT, dev_name(&pdev->dev), dev);
if (ret < 0) {
@@ -1681,8 +1683,6 @@ static int pxp_probe(struct platform_device *pdev)
goto err_clk;
}
- spin_lock_init(&dev->irqlock);
-
ret = v4l2_device_register(&pdev->dev, &dev->v4l2_dev);
if (ret)
goto err_clk;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 057/320] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 056/320] media: imx-pxp: Initialize the spinlock prior to using it Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 058/320] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released Greg Kroah-Hartman
` (267 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit ef054e345ed8c79ce1121a3599b5a2dfd78e57a0 ]
n the 'radio->hdl.error' error handling, ctrl handler allocated by
v4l2_ctrl_new_std() does not released, and caused memory leak as
follows:
unreferenced object 0xffff888033d54200 (size 256):
comm "i2c-si470x-19", pid 909, jiffies 4294914203 (age 8.072s)
hex dump (first 32 bytes):
e8 69 11 03 80 88 ff ff 00 46 d5 33 80 88 ff ff .i.......F.3....
10 42 d5 33 80 88 ff ff 10 42 d5 33 80 88 ff ff .B.3.....B.3....
backtrace:
[<00000000086bd4ed>] __kmalloc_node+0x1eb/0x360
[<00000000bdb68871>] kvmalloc_node+0x66/0x120
[<00000000fac74e4c>] v4l2_ctrl_new+0x7b9/0x1c60 [videodev]
[<00000000693bf940>] v4l2_ctrl_new_std+0x19b/0x270 [videodev]
[<00000000c0cb91bc>] si470x_i2c_probe+0x2d3/0x9a0 [radio_si470x_i2c]
[<0000000056a6f01f>] i2c_device_probe+0x4d8/0xbe0
Fix the error handling path to avoid memory leak.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 8c081b6f9a9b ("media: radio: Critical v4l2 registration...")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/radio/si470x/radio-si470x-i2c.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/media/radio/si470x/radio-si470x-i2c.c b/drivers/media/radio/si470x/radio-si470x-i2c.c
index a972c0705ac79..76d39e2e87706 100644
--- a/drivers/media/radio/si470x/radio-si470x-i2c.c
+++ b/drivers/media/radio/si470x/radio-si470x-i2c.c
@@ -368,7 +368,7 @@ static int si470x_i2c_probe(struct i2c_client *client)
if (radio->hdl.error) {
retval = radio->hdl.error;
dev_err(&client->dev, "couldn't register control\n");
- goto err_dev;
+ goto err_all;
}
/* video device initialization */
@@ -463,7 +463,6 @@ static int si470x_i2c_probe(struct i2c_client *client)
return 0;
err_all:
v4l2_ctrl_handler_free(&radio->hdl);
-err_dev:
v4l2_device_unregister(&radio->v4l2_dev);
err_initial:
return retval;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 058/320] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 057/320] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 059/320] media: venus: core: Fix a resource leak in the error handling path of venus_probe() Greg Kroah-Hartman
` (266 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dafna Hirschfeld, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
[ Upstream commit 9f89c881bffbdffe4060ffaef3489a2830a6dd9c ]
The func v4l2_m2m_ctx_release waits for currently running jobs
to finish and then stop streaming both queues and frees the buffers.
All this should be done before the call to mtk_vcodec_enc_release
which frees the encoder handler. This fixes null-pointer dereference bug:
[ 638.028076] Mem abort info:
[ 638.030932] ESR = 0x96000004
[ 638.033978] EC = 0x25: DABT (current EL), IL = 32 bits
[ 638.039293] SET = 0, FnV = 0
[ 638.042338] EA = 0, S1PTW = 0
[ 638.045474] FSC = 0x04: level 0 translation fault
[ 638.050349] Data abort info:
[ 638.053224] ISV = 0, ISS = 0x00000004
[ 638.057055] CM = 0, WnR = 0
[ 638.060018] user pgtable: 4k pages, 48-bit VAs, pgdp=000000012b6db000
[ 638.066485] [00000000000001a0] pgd=0000000000000000, p4d=0000000000000000
[ 638.073277] Internal error: Oops: 96000004 [#1] SMP
[ 638.078145] Modules linked in: rfkill mtk_vcodec_dec mtk_vcodec_enc uvcvideo mtk_mdp mtk_vcodec_common videobuf2_dma_contig v4l2_h264 cdc_ether v4l2_mem2mem videobuf2_vmalloc usbnet videobuf2_memops videobuf2_v4l2 r8152 videobuf2_common videodev cros_ec_sensors cros_ec_sensors_core industrialio_triggered_buffer kfifo_buf elan_i2c elants_i2c sbs_battery mc cros_usbpd_charger cros_ec_chardev cros_usbpd_logger crct10dif_ce mtk_vpu fuse ip_tables x_tables ipv6
[ 638.118583] CPU: 0 PID: 212 Comm: kworker/u8:5 Not tainted 5.15.0-06427-g58a1d4dcfc74-dirty #109
[ 638.127357] Hardware name: Google Elm (DT)
[ 638.131444] Workqueue: mtk-vcodec-enc mtk_venc_worker [mtk_vcodec_enc]
[ 638.137974] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 638.144925] pc : vp8_enc_encode+0x34/0x2b0 [mtk_vcodec_enc]
[ 638.150493] lr : venc_if_encode+0xac/0x1b0 [mtk_vcodec_enc]
[ 638.156060] sp : ffff8000124d3c40
[ 638.159364] x29: ffff8000124d3c40 x28: 0000000000000000 x27: 0000000000000000
[ 638.166493] x26: 0000000000000000 x25: ffff0000e7f252d0 x24: ffff8000124d3d58
[ 638.173621] x23: ffff8000124d3d58 x22: ffff8000124d3d60 x21: 0000000000000001
[ 638.180750] x20: ffff80001137e000 x19: 0000000000000000 x18: 0000000000000001
[ 638.187878] x17: 000000040044ffff x16: 00400032b5503510 x15: 0000000000000000
[ 638.195006] x14: ffff8000118536c0 x13: ffff8000ee1da000 x12: 0000000030d4d91d
[ 638.202134] x11: 0000000000000000 x10: 0000000000000980 x9 : ffff8000124d3b20
[ 638.209262] x8 : ffff0000c18d4ea0 x7 : ffff0000c18d44c0 x6 : ffff0000c18d44c0
[ 638.216391] x5 : ffff80000904a3b0 x4 : ffff8000124d3d58 x3 : ffff8000124d3d60
[ 638.223519] x2 : ffff8000124d3d78 x1 : 0000000000000001 x0 : ffff80001137efb8
[ 638.230648] Call trace:
[ 638.233084] vp8_enc_encode+0x34/0x2b0 [mtk_vcodec_enc]
[ 638.238304] venc_if_encode+0xac/0x1b0 [mtk_vcodec_enc]
[ 638.243525] mtk_venc_worker+0x110/0x250 [mtk_vcodec_enc]
[ 638.248918] process_one_work+0x1f8/0x498
[ 638.252923] worker_thread+0x140/0x538
[ 638.256664] kthread+0x148/0x158
[ 638.259884] ret_from_fork+0x10/0x20
[ 638.263455] Code: f90023f9 2a0103f5 aa0303f6 aa0403f8 (f940d277)
[ 638.269538] ---[ end trace e374fc10f8e181f5 ]---
[gst-master] root@debian:~/gst-build# [ 638.019193] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a0
Fixes: 4e855a6efa547 ("[media] vcodec: mediatek: Add Mediatek V4L2 Video Encoder Driver")
Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
index 1d82aa2b6017c..dea0ee2cb7245 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c
@@ -209,11 +209,11 @@ static int fops_vcodec_release(struct file *file)
mtk_v4l2_debug(1, "[%d] encoder", ctx->id);
mutex_lock(&dev->dev_mutex);
+ v4l2_m2m_ctx_release(ctx->m2m_ctx);
mtk_vcodec_enc_release(ctx);
v4l2_fh_del(&ctx->fh);
v4l2_fh_exit(&ctx->fh);
v4l2_ctrl_handler_free(&ctx->ctrl_hdl);
- v4l2_m2m_ctx_release(ctx->m2m_ctx);
list_del_init(&ctx->list);
kfree(ctx);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 059/320] media: venus: core: Fix a resource leak in the error handling path of venus_probe()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 058/320] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 060/320] netfilter: bridge: add support for pppoe filtering Greg Kroah-Hartman
` (265 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
Stanimir Varbanov, Mauro Carvalho Chehab, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 8cc7a1b2aca067397a016cdb971a5e6ad9b640c7 ]
A successful 'of_platform_populate()' call should be balanced by a
corresponding 'of_platform_depopulate()' call in the error handling path
of the probe, as already done in the remove function.
A successful 'venus_firmware_init()' call should be balanced by a
corresponding 'venus_firmware_deinit()' call in the error handling path
of the probe, as already done in the remove function.
Update the error handling path accordingly.
Fixes: f9799fcce4bb ("media: venus: firmware: register separate platform_device for firmware loader")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c
index bbc430a003443..7b52d3e5d3f89 100644
--- a/drivers/media/platform/qcom/venus/core.c
+++ b/drivers/media/platform/qcom/venus/core.c
@@ -289,11 +289,11 @@ static int venus_probe(struct platform_device *pdev)
ret = venus_firmware_init(core);
if (ret)
- goto err_runtime_disable;
+ goto err_of_depopulate;
ret = venus_boot(core);
if (ret)
- goto err_runtime_disable;
+ goto err_firmware_deinit;
ret = hfi_core_resume(core, true);
if (ret)
@@ -329,6 +329,10 @@ err_core_deinit:
hfi_core_deinit(core, false);
err_venus_shutdown:
venus_shutdown(core);
+err_firmware_deinit:
+ venus_firmware_deinit(core);
+err_of_depopulate:
+ of_platform_depopulate(dev);
err_runtime_disable:
pm_runtime_put_noidle(dev);
pm_runtime_set_suspended(dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 060/320] netfilter: bridge: add support for pppoe filtering
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 059/320] media: venus: core: Fix a resource leak in the error handling path of venus_probe() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 061/320] arm64: dts: qcom: msm8916: fix MMC controller aliases Greg Kroah-Hartman
` (264 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Westphal, Pablo Neira Ayuso,
Sasha Levin, Amish Chana
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 28b78ecffea8078d81466b2e01bb5a154509f1ba ]
This makes 'bridge-nf-filter-pppoe-tagged' sysctl work for
bridged traffic.
Looking at the original commit it doesn't appear this ever worked:
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
[..]
if (skb->protocol == htons(ETH_P_8021Q)) {
skb_pull(skb, VLAN_HLEN);
skb->network_header += VLAN_HLEN;
+ } else if (skb->protocol == htons(ETH_P_PPP_SES)) {
+ skb_pull(skb, PPPOE_SES_HLEN);
+ skb->network_header += PPPOE_SES_HLEN;
}
[..]
NF_HOOK(... POST_ROUTING, ...)
... but the adjusted offsets are never restored.
The alternative would be to rip this code out for good,
but otoh we'd have to keep this anyway for the vlan handling
(which works because vlan tag info is in the skb, not the packet
payload).
Reported-and-tested-by: Amish Chana <amish@3g.co.za>
Fixes: 516299d2f5b6f97 ("[NETFILTER]: bridge-nf: filter bridged IPv4/IPv6 encapsulated in pppoe traffic")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bridge/br_netfilter_hooks.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 2371b833b2bcd..480e4111b24c1 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -743,6 +743,9 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
if (nf_bridge->frag_max_size && nf_bridge->frag_max_size < mtu)
mtu = nf_bridge->frag_max_size;
+ nf_bridge_update_protocol(skb);
+ nf_bridge_push_encap_header(skb);
+
if (skb_is_gso(skb) || skb->len + mtu_reserved <= mtu) {
nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(net, sk, skb);
@@ -760,8 +763,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
IPCB(skb)->frag_max_size = nf_bridge->frag_max_size;
- nf_bridge_update_protocol(skb);
-
data = this_cpu_ptr(&brnf_frag_data_storage);
if (skb_vlan_tag_present(skb)) {
@@ -789,8 +790,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size;
- nf_bridge_update_protocol(skb);
-
data = this_cpu_ptr(&brnf_frag_data_storage);
data->encap_size = nf_bridge_encap_header_len(skb);
data->size = ETH_HLEN + data->encap_size;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 061/320] arm64: dts: qcom: msm8916: fix MMC controller aliases
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 060/320] netfilter: bridge: add support for pppoe filtering Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 062/320] ACPI: EC: Rework flushing of EC work while suspended to idle Greg Kroah-Hartman
` (263 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Bjorn Andersson,
Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit b0293c19d42f6d6951c2fab9a47fed50baf2c14d ]
Change sdhcN aliases to mmcN to make them actually work. Currently the
board uses non-standard aliases sdhcN, which do not work, resulting in
mmc0 and mmc1 hosts randomly changing indices between boots.
Fixes: c4da5a561627 ("arm64: dts: qcom: Add msm8916 sdhci configuration nodes")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211201020559.1611890-1-dmitry.baryshkov@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi
index 449843f2184d8..301c1c467c0b7 100644
--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi
@@ -16,8 +16,8 @@
#size-cells = <2>;
aliases {
- sdhc1 = &sdhc_1; /* SDC1 eMMC slot */
- sdhc2 = &sdhc_2; /* SDC2 SD card slot */
+ mmc0 = &sdhc_1; /* SDC1 eMMC slot */
+ mmc1 = &sdhc_2; /* SDC2 SD card slot */
};
chosen { };
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 062/320] ACPI: EC: Rework flushing of EC work while suspended to idle
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 061/320] arm64: dts: qcom: msm8916: fix MMC controller aliases Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 063/320] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() Greg Kroah-Hartman
` (262 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 4a9af6cac050dce2e895ec3205c4615383ad9112 ]
The flushing of pending work in the EC driver uses drain_workqueue()
to flush the event handling work that can requeue itself via
advance_transaction(), but this is problematic, because that
work may also be requeued from the query workqueue.
Namely, if an EC transaction is carried out during the execution of
a query handler, it involves calling advance_transaction() which
may queue up the event handling work again. This causes the kernel
to complain about attempts to add a work item to the EC event
workqueue while it is being drained and worst-case it may cause a
valid event to be skipped.
To avoid this problem, introduce two new counters, events_in_progress
and queries_in_progress, incremented when a work item is queued on
the event workqueue or the query workqueue, respectively, and
decremented at the end of the corresponding work function, and make
acpi_ec_dispatch_gpe() the workqueues in a loop until the both of
these counters are zero (or system wakeup is pending) instead of
calling acpi_ec_flush_work().
At the same time, change __acpi_ec_flush_work() to call
flush_workqueue() instead of drain_workqueue() to flush the event
workqueue.
While at it, use the observation that the work item queued in
acpi_ec_query() cannot be pending at that time, because it is used
only once, to simplify the code in there.
Additionally, clean up a comment in acpi_ec_query() and adjust white
space in acpi_ec_event_processor().
Fixes: f0ac20c3f613 ("ACPI: EC: Fix flushing of pending work")
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/ec.c | 57 +++++++++++++++++++++++++++++++----------
drivers/acpi/internal.h | 2 ++
2 files changed, 45 insertions(+), 14 deletions(-)
diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
index 258a8df235cfb..e5b92958c299e 100644
--- a/drivers/acpi/ec.c
+++ b/drivers/acpi/ec.c
@@ -167,6 +167,7 @@ struct acpi_ec_query {
struct transaction transaction;
struct work_struct work;
struct acpi_ec_query_handler *handler;
+ struct acpi_ec *ec;
};
static int acpi_ec_query(struct acpi_ec *ec, u8 *data);
@@ -462,6 +463,7 @@ static void acpi_ec_submit_query(struct acpi_ec *ec)
ec_dbg_evt("Command(%s) submitted/blocked",
acpi_ec_cmd_string(ACPI_EC_COMMAND_QUERY));
ec->nr_pending_queries++;
+ ec->events_in_progress++;
queue_work(ec_wq, &ec->work);
}
}
@@ -528,7 +530,7 @@ static void acpi_ec_enable_event(struct acpi_ec *ec)
#ifdef CONFIG_PM_SLEEP
static void __acpi_ec_flush_work(void)
{
- drain_workqueue(ec_wq); /* flush ec->work */
+ flush_workqueue(ec_wq); /* flush ec->work */
flush_workqueue(ec_query_wq); /* flush queries */
}
@@ -1119,7 +1121,7 @@ void acpi_ec_remove_query_handler(struct acpi_ec *ec, u8 query_bit)
}
EXPORT_SYMBOL_GPL(acpi_ec_remove_query_handler);
-static struct acpi_ec_query *acpi_ec_create_query(u8 *pval)
+static struct acpi_ec_query *acpi_ec_create_query(struct acpi_ec *ec, u8 *pval)
{
struct acpi_ec_query *q;
struct transaction *t;
@@ -1127,11 +1129,13 @@ static struct acpi_ec_query *acpi_ec_create_query(u8 *pval)
q = kzalloc(sizeof (struct acpi_ec_query), GFP_KERNEL);
if (!q)
return NULL;
+
INIT_WORK(&q->work, acpi_ec_event_processor);
t = &q->transaction;
t->command = ACPI_EC_COMMAND_QUERY;
t->rdata = pval;
t->rlen = 1;
+ q->ec = ec;
return q;
}
@@ -1148,13 +1152,21 @@ static void acpi_ec_event_processor(struct work_struct *work)
{
struct acpi_ec_query *q = container_of(work, struct acpi_ec_query, work);
struct acpi_ec_query_handler *handler = q->handler;
+ struct acpi_ec *ec = q->ec;
ec_dbg_evt("Query(0x%02x) started", handler->query_bit);
+
if (handler->func)
handler->func(handler->data);
else if (handler->handle)
acpi_evaluate_object(handler->handle, NULL, NULL, NULL);
+
ec_dbg_evt("Query(0x%02x) stopped", handler->query_bit);
+
+ spin_lock_irq(&ec->lock);
+ ec->queries_in_progress--;
+ spin_unlock_irq(&ec->lock);
+
acpi_ec_delete_query(q);
}
@@ -1164,7 +1176,7 @@ static int acpi_ec_query(struct acpi_ec *ec, u8 *data)
int result;
struct acpi_ec_query *q;
- q = acpi_ec_create_query(&value);
+ q = acpi_ec_create_query(ec, &value);
if (!q)
return -ENOMEM;
@@ -1186,19 +1198,20 @@ static int acpi_ec_query(struct acpi_ec *ec, u8 *data)
}
/*
- * It is reported that _Qxx are evaluated in a parallel way on
- * Windows:
+ * It is reported that _Qxx are evaluated in a parallel way on Windows:
* https://bugzilla.kernel.org/show_bug.cgi?id=94411
*
- * Put this log entry before schedule_work() in order to make
- * it appearing before any other log entries occurred during the
- * work queue execution.
+ * Put this log entry before queue_work() to make it appear in the log
+ * before any other messages emitted during workqueue handling.
*/
ec_dbg_evt("Query(0x%02x) scheduled", value);
- if (!queue_work(ec_query_wq, &q->work)) {
- ec_dbg_evt("Query(0x%02x) overlapped", value);
- result = -EBUSY;
- }
+
+ spin_lock_irq(&ec->lock);
+
+ ec->queries_in_progress++;
+ queue_work(ec_query_wq, &q->work);
+
+ spin_unlock_irq(&ec->lock);
err_exit:
if (result)
@@ -1256,6 +1269,10 @@ static void acpi_ec_event_handler(struct work_struct *work)
ec_dbg_evt("Event stopped");
acpi_ec_check_event(ec);
+
+ spin_lock_irqsave(&ec->lock, flags);
+ ec->events_in_progress--;
+ spin_unlock_irqrestore(&ec->lock, flags);
}
static u32 acpi_ec_gpe_handler(acpi_handle gpe_device,
@@ -1972,6 +1989,7 @@ void acpi_ec_set_gpe_wake_mask(u8 action)
bool acpi_ec_dispatch_gpe(void)
{
+ bool work_in_progress;
u32 ret;
if (!first_ec)
@@ -1992,8 +2010,19 @@ bool acpi_ec_dispatch_gpe(void)
if (ret == ACPI_INTERRUPT_HANDLED)
pm_pr_dbg("EC GPE dispatched\n");
- /* Flush the event and query workqueues. */
- acpi_ec_flush_work();
+ /* Drain EC work. */
+ do {
+ acpi_ec_flush_work();
+
+ pm_pr_dbg("ACPI EC work flushed\n");
+
+ spin_lock_irq(&first_ec->lock);
+
+ work_in_progress = first_ec->events_in_progress +
+ first_ec->queries_in_progress > 0;
+
+ spin_unlock_irq(&first_ec->lock);
+ } while (work_in_progress && !pm_wakeup_pending());
return false;
}
diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h
index 159c422601bc4..62b6b36f3a37c 100644
--- a/drivers/acpi/internal.h
+++ b/drivers/acpi/internal.h
@@ -183,6 +183,8 @@ struct acpi_ec {
struct work_struct work;
unsigned long timestamp;
unsigned long nr_pending_queries;
+ unsigned int events_in_progress;
+ unsigned int queries_in_progress;
bool busy_polling;
unsigned int polling_guard;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 063/320] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 062/320] ACPI: EC: Rework flushing of EC work while suspended to idle Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 064/320] drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() Greg Kroah-Hartman
` (261 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Alex Deucher, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit b220110e4cd442156f36e1d9b4914bb9e87b0d00 ]
In amdgpu_connector_lcd_native_mode(), the return value of
drm_mode_duplicate() is assigned to mode, and there is a dereference
of it in amdgpu_connector_lcd_native_mode(), which will lead to a NULL
pointer dereference on failure of drm_mode_duplicate().
Fix this bug add a check of mode.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DRM_AMDGPU=m show no new warnings, and
our static analyzer no longer warns about this code.
Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
index 0d39e386f6e9c..0e1cacf731698 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
@@ -389,6 +389,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder)
native_mode->vdisplay != 0 &&
native_mode->clock != 0) {
mode = drm_mode_duplicate(dev, native_mode);
+ if (!mode)
+ return NULL;
+
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
drm_mode_set_name(mode);
@@ -403,6 +406,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder)
* simpler.
*/
mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false);
+ if (!mode)
+ return NULL;
+
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 064/320] drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 063/320] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 065/320] arm64: dts: ti: k3-j721e: Fix the L2 cache sets Greg Kroah-Hartman
` (260 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Zhou Qingyang,
Alex Deucher, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit ab50cb9df8896b39aae65c537a30de2c79c19735 ]
In radeon_driver_open_kms(), radeon_vm_bo_add() is assigned to
vm->ib_bo_va and passes and used in radeon_vm_bo_set_addr(). In
radeon_vm_bo_set_addr(), there is a dereference of vm->ib_bo_va,
which could lead to a NULL pointer dereference on failure of
radeon_vm_bo_add().
Fix this bug by adding a check of vm->ib_bo_va.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DRM_RADEON=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: cc9e67e3d700 ("drm/radeon: fix VM IB handling")
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_kms.c | 36 ++++++++++++++++-------------
1 file changed, 20 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c
index 03d3550ecc7cb..5d04dd744af3d 100644
--- a/drivers/gpu/drm/radeon/radeon_kms.c
+++ b/drivers/gpu/drm/radeon/radeon_kms.c
@@ -634,6 +634,8 @@ void radeon_driver_lastclose_kms(struct drm_device *dev)
int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
{
struct radeon_device *rdev = dev->dev_private;
+ struct radeon_fpriv *fpriv;
+ struct radeon_vm *vm;
int r;
file_priv->driver_priv = NULL;
@@ -646,8 +648,6 @@ int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
/* new gpu have virtual address space support */
if (rdev->family >= CHIP_CAYMAN) {
- struct radeon_fpriv *fpriv;
- struct radeon_vm *vm;
fpriv = kzalloc(sizeof(*fpriv), GFP_KERNEL);
if (unlikely(!fpriv)) {
@@ -658,35 +658,39 @@ int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
if (rdev->accel_working) {
vm = &fpriv->vm;
r = radeon_vm_init(rdev, vm);
- if (r) {
- kfree(fpriv);
- goto out_suspend;
- }
+ if (r)
+ goto out_fpriv;
r = radeon_bo_reserve(rdev->ring_tmp_bo.bo, false);
- if (r) {
- radeon_vm_fini(rdev, vm);
- kfree(fpriv);
- goto out_suspend;
- }
+ if (r)
+ goto out_vm_fini;
/* map the ib pool buffer read only into
* virtual address space */
vm->ib_bo_va = radeon_vm_bo_add(rdev, vm,
rdev->ring_tmp_bo.bo);
+ if (!vm->ib_bo_va) {
+ r = -ENOMEM;
+ goto out_vm_fini;
+ }
+
r = radeon_vm_bo_set_addr(rdev, vm->ib_bo_va,
RADEON_VA_IB_OFFSET,
RADEON_VM_PAGE_READABLE |
RADEON_VM_PAGE_SNOOPED);
- if (r) {
- radeon_vm_fini(rdev, vm);
- kfree(fpriv);
- goto out_suspend;
- }
+ if (r)
+ goto out_vm_fini;
}
file_priv->driver_priv = fpriv;
}
+ if (!r)
+ goto out_suspend;
+
+out_vm_fini:
+ radeon_vm_fini(rdev, vm);
+out_fpriv:
+ kfree(fpriv);
out_suspend:
pm_runtime_mark_last_busy(dev->dev);
pm_runtime_put_autosuspend(dev->dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 065/320] arm64: dts: ti: k3-j721e: Fix the L2 cache sets
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 064/320] drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 066/320] tty: serial: uartlite: allow 64 bit address Greg Kroah-Hartman
` (259 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Fan, Nishanth Menon,
Pratyush Yadav, Vignesh Raghavendra, Sasha Levin
From: Nishanth Menon <nm@ti.com>
[ Upstream commit e9ba3a5bc6fdc2c796c69fdaf5ed6c9957cf9f9d ]
A72's L2 cache[1] on J721e[2] is 1MB. A72's L2 is fixed line length of
64 bytes and 16-way set-associative cache structure.
1MB of L2 / 64 (line length) = 16384 ways
16384 ways / 16 = 1024 sets
Fix the l2 cache-sets.
[1] https://developer.arm.com/documentation/100095/0003/Level-2-Memory-System/About-the-L2-memory-system
[2] http://www.ti.com/lit/pdf/spruil1
Fixes: 2d87061e70de ("arm64: dts: ti: Add Support for J721E SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113043639.4413-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/ti/k3-j721e.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j721e.dtsi b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
index f4d8f3b37d5bb..5a6e74636d6fc 100644
--- a/arch/arm64/boot/dts/ti/k3-j721e.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j721e.dtsi
@@ -84,7 +84,7 @@
cache-level = <2>;
cache-size = <0x100000>;
cache-line-size = <64>;
- cache-sets = <2048>;
+ cache-sets = <1024>;
next-level-cache = <&msmc_l3>;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 066/320] tty: serial: uartlite: allow 64 bit address
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 065/320] arm64: dts: ti: k3-j721e: Fix the L2 cache sets Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 067/320] serial: amba-pl011: do not request memory region twice Greg Kroah-Hartman
` (258 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lizhi Hou, Sasha Levin
From: Lizhi Hou <lizhi.hou@xilinx.com>
[ Upstream commit 3672fb65155530b5eea6225685c75329b6debec3 ]
The base address of uartlite registers could be 64 bit address which is from
device resource. When ulite_probe() calls ulite_assign(), this 64 bit
address is casted to 32-bit. The fix is to replace "u32" type with
"phys_addr_t" type for the base address in ulite_assign() argument list.
Fixes: 8fa7b6100693 ("[POWERPC] Uartlite: Separate the bus binding from the driver proper")
Signed-off-by: Lizhi Hou <lizhi.hou@xilinx.com>
Link: https://lore.kernel.org/r/20211129202302.1319033-1-lizhi.hou@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/uartlite.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/uartlite.c b/drivers/tty/serial/uartlite.c
index 56066d93a65b8..9a4049c894f7a 100644
--- a/drivers/tty/serial/uartlite.c
+++ b/drivers/tty/serial/uartlite.c
@@ -618,7 +618,7 @@ static struct uart_driver ulite_uart_driver = {
*
* Returns: 0 on success, <0 otherwise
*/
-static int ulite_assign(struct device *dev, int id, u32 base, int irq,
+static int ulite_assign(struct device *dev, int id, phys_addr_t base, int irq,
struct uartlite_data *pdata)
{
struct uart_port *port;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 067/320] serial: amba-pl011: do not request memory region twice
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 066/320] tty: serial: uartlite: allow 64 bit address Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 068/320] floppy: Fix hang in watchdog when disk is ejected Greg Kroah-Hartman
` (257 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lino Sanfilippo, Sasha Levin
From: Lino Sanfilippo <LinoSanfilippo@gmx.de>
[ Upstream commit d1180405c7b5c7a1c6bde79d5fc24fe931430737 ]
With commit 3873e2d7f63a ("drivers: PL011: refactor pl011_probe()") the
function devm_ioremap() called from pl011_setup_port() was replaced with
devm_ioremap_resource(). Since this function not only remaps but also
requests the ports io memory region it now collides with the .config_port()
callback which requests the same region at uart port registration.
Since devm_ioremap_resource() already claims the memory successfully, the
request in .config_port() fails.
Later at uart port deregistration the attempt to release the unclaimed
memory also fails. The failure results in a “Trying to free nonexistent
resource" warning.
Fix these issues by removing the callbacks that implement the redundant
memory allocation/release. Also make sure that changing the drivers io
memory base address via TIOCSSERIAL is not allowed any more.
Fixes: 3873e2d7f63a ("drivers: PL011: refactor pl011_probe()")
Signed-off-by: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Link: https://lore.kernel.org/r/20211129174238.8333-1-LinoSanfilippo@gmx.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/amba-pl011.c | 27 +++------------------------
1 file changed, 3 insertions(+), 24 deletions(-)
diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c
index 6741d0f3daf94..0bd8c05d72d60 100644
--- a/drivers/tty/serial/amba-pl011.c
+++ b/drivers/tty/serial/amba-pl011.c
@@ -2094,32 +2094,13 @@ static const char *pl011_type(struct uart_port *port)
return uap->port.type == PORT_AMBA ? uap->type : NULL;
}
-/*
- * Release the memory region(s) being used by 'port'
- */
-static void pl011_release_port(struct uart_port *port)
-{
- release_mem_region(port->mapbase, SZ_4K);
-}
-
-/*
- * Request the memory region(s) being used by 'port'
- */
-static int pl011_request_port(struct uart_port *port)
-{
- return request_mem_region(port->mapbase, SZ_4K, "uart-pl011")
- != NULL ? 0 : -EBUSY;
-}
-
/*
* Configure/autoconfigure the port.
*/
static void pl011_config_port(struct uart_port *port, int flags)
{
- if (flags & UART_CONFIG_TYPE) {
+ if (flags & UART_CONFIG_TYPE)
port->type = PORT_AMBA;
- pl011_request_port(port);
- }
}
/*
@@ -2134,6 +2115,8 @@ static int pl011_verify_port(struct uart_port *port, struct serial_struct *ser)
ret = -EINVAL;
if (ser->baud_base < 9600)
ret = -EINVAL;
+ if (port->mapbase != (unsigned long) ser->iomem_base)
+ ret = -EINVAL;
return ret;
}
@@ -2151,8 +2134,6 @@ static const struct uart_ops amba_pl011_pops = {
.flush_buffer = pl011_dma_flush_buffer,
.set_termios = pl011_set_termios,
.type = pl011_type,
- .release_port = pl011_release_port,
- .request_port = pl011_request_port,
.config_port = pl011_config_port,
.verify_port = pl011_verify_port,
#ifdef CONFIG_CONSOLE_POLL
@@ -2182,8 +2163,6 @@ static const struct uart_ops sbsa_uart_pops = {
.shutdown = sbsa_uart_shutdown,
.set_termios = sbsa_uart_set_termios,
.type = pl011_type,
- .release_port = pl011_release_port,
- .request_port = pl011_request_port,
.config_port = pl011_config_port,
.verify_port = pl011_verify_port,
#ifdef CONFIG_CONSOLE_POLL
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 068/320] floppy: Fix hang in watchdog when disk is ejected
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 067/320] serial: amba-pl011: do not request memory region twice Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 069/320] staging: rtl8192e: return error code from rtllib_softmac_init() Greg Kroah-Hartman
` (256 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tasos Sahanidis, Denis Efremov,
Jens Axboe, Sasha Levin
From: Tasos Sahanidis <tasos@tasossah.com>
[ Upstream commit fb48febce7e30baed94dd791e19521abd2c3fd83 ]
When the watchdog detects a disk change, it calls cancel_activity(),
which in turn tries to cancel the fd_timer delayed work.
In the above scenario, fd_timer_fn is set to fd_watchdog(), meaning
it is trying to cancel its own work.
This results in a hang as cancel_delayed_work_sync() is waiting for the
watchdog (itself) to return, which never happens.
This can be reproduced relatively consistently by attempting to read a
broken floppy, and ejecting it while IO is being attempted and retried.
To resolve this, this patch calls cancel_delayed_work() instead, which
cancels the work without waiting for the watchdog to return and finish.
Before this regression was introduced, the code in this section used
del_timer(), and not del_timer_sync() to delete the watchdog timer.
Link: https://lore.kernel.org/r/399e486c-6540-db27-76aa-7a271b061f76@tasossah.com
Fixes: 070ad7e793dc ("floppy: convert to delayed work and single-thread wq")
Signed-off-by: Tasos Sahanidis <tasos@tasossah.com>
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/floppy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index ac97a1e2e5ddc..212a1e1ce0d9e 100644
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -1003,7 +1003,7 @@ static DECLARE_DELAYED_WORK(fd_timer, fd_timer_workfn);
static void cancel_activity(void)
{
do_floppy = NULL;
- cancel_delayed_work_sync(&fd_timer);
+ cancel_delayed_work(&fd_timer);
cancel_work_sync(&floppy_work);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 069/320] staging: rtl8192e: return error code from rtllib_softmac_init()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 068/320] floppy: Fix hang in watchdog when disk is ejected Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 070/320] staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() Greg Kroah-Hartman
` (255 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Pavel Skripkin,
Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 68bf78ff59a0891eb1239948e94ce10f73a9dd30 ]
If it fails to allocate 'dot11d_info', rtllib_softmac_init()
should return error code. And remove unneccessary error message.
Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-2-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib.h | 2 +-
drivers/staging/rtl8192e/rtllib_softmac.c | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/rtl8192e/rtllib.h b/drivers/staging/rtl8192e/rtllib.h
index 2eeb9a43734e3..49bf3ad31f912 100644
--- a/drivers/staging/rtl8192e/rtllib.h
+++ b/drivers/staging/rtl8192e/rtllib.h
@@ -1982,7 +1982,7 @@ void rtllib_softmac_xmit(struct rtllib_txb *txb, struct rtllib_device *ieee);
void rtllib_stop_send_beacons(struct rtllib_device *ieee);
void notify_wx_assoc_event(struct rtllib_device *ieee);
void rtllib_start_ibss(struct rtllib_device *ieee);
-void rtllib_softmac_init(struct rtllib_device *ieee);
+int rtllib_softmac_init(struct rtllib_device *ieee);
void rtllib_softmac_free(struct rtllib_device *ieee);
void rtllib_disassociate(struct rtllib_device *ieee);
void rtllib_stop_scan(struct rtllib_device *ieee);
diff --git a/drivers/staging/rtl8192e/rtllib_softmac.c b/drivers/staging/rtl8192e/rtllib_softmac.c
index f2f7529e7c80e..4ff8fd694c600 100644
--- a/drivers/staging/rtl8192e/rtllib_softmac.c
+++ b/drivers/staging/rtl8192e/rtllib_softmac.c
@@ -2952,7 +2952,7 @@ void rtllib_start_protocol(struct rtllib_device *ieee)
}
}
-void rtllib_softmac_init(struct rtllib_device *ieee)
+int rtllib_softmac_init(struct rtllib_device *ieee)
{
int i;
@@ -2963,7 +2963,8 @@ void rtllib_softmac_init(struct rtllib_device *ieee)
ieee->seq_ctrl[i] = 0;
ieee->dot11d_info = kzalloc(sizeof(struct rt_dot11d_info), GFP_ATOMIC);
if (!ieee->dot11d_info)
- netdev_err(ieee->dev, "Can't alloc memory for DOT11D\n");
+ return -ENOMEM;
+
ieee->LinkDetectInfo.SlotIndex = 0;
ieee->LinkDetectInfo.SlotNum = 2;
ieee->LinkDetectInfo.NumRecvBcnInPeriod = 0;
@@ -3031,6 +3032,7 @@ void rtllib_softmac_init(struct rtllib_device *ieee)
(void(*)(unsigned long)) rtllib_sta_ps,
(unsigned long)ieee);
+ return 0;
}
void rtllib_softmac_free(struct rtllib_device *ieee)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 070/320] staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 069/320] staging: rtl8192e: return error code from rtllib_softmac_init() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 071/320] Bluetooth: btmtksdio: fix resume failure Greg Kroah-Hartman
` (254 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Pavel Skripkin,
Yang Yingliang, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit e730cd57ac2dfe94bca0f14a3be8e1b21de41a9c ]
Some variables are leaked in the error handling in alloc_rtllib(), free
the variables in the error path.
Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-3-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib_module.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c
index 64d9feee1f392..f00ac94b2639b 100644
--- a/drivers/staging/rtl8192e/rtllib_module.c
+++ b/drivers/staging/rtl8192e/rtllib_module.c
@@ -88,7 +88,7 @@ struct net_device *alloc_rtllib(int sizeof_priv)
err = rtllib_networks_allocate(ieee);
if (err) {
pr_err("Unable to allocate beacon storage: %d\n", err);
- goto failed;
+ goto free_netdev;
}
rtllib_networks_initialize(ieee);
@@ -121,11 +121,13 @@ struct net_device *alloc_rtllib(int sizeof_priv)
ieee->hwsec_active = 0;
memset(ieee->swcamtable, 0, sizeof(struct sw_cam_table) * 32);
- rtllib_softmac_init(ieee);
+ err = rtllib_softmac_init(ieee);
+ if (err)
+ goto free_crypt_info;
ieee->pHTInfo = kzalloc(sizeof(struct rt_hi_throughput), GFP_KERNEL);
if (!ieee->pHTInfo)
- return NULL;
+ goto free_softmac;
HTUpdateDefaultSetting(ieee);
HTInitializeHTInfo(ieee);
@@ -141,8 +143,14 @@ struct net_device *alloc_rtllib(int sizeof_priv)
return dev;
- failed:
+free_softmac:
+ rtllib_softmac_free(ieee);
+free_crypt_info:
+ lib80211_crypt_info_free(&ieee->crypt_info);
+ rtllib_networks_free(ieee);
+free_netdev:
free_netdev(dev);
+
return NULL;
}
EXPORT_SYMBOL(alloc_rtllib);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 071/320] Bluetooth: btmtksdio: fix resume failure
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 070/320] staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 072/320] media: dib8000: Fix a memleak in dib8000_init() Greg Kroah-Hartman
` (253 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark-yw Chen, Sean Wang,
Marcel Holtmann, Sasha Levin
From: Sean Wang <sean.wang@mediatek.com>
[ Upstream commit 561ae1d46a8ddcbc13162d5771f5ed6c8249e730 ]
btmtksdio have to rely on MMC_PM_KEEP_POWER in pm_flags to avoid that
SDIO power is being shut off during the device is in suspend. That fixes
the SDIO command fails to access the bus after the device is resumed.
Fixes: 7f3c563c575e7 ("Bluetooth: btmtksdio: Add runtime PM support to SDIO based Bluetooth")
Co-developed-by: Mark-yw Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Mark-yw Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btmtksdio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/bluetooth/btmtksdio.c b/drivers/bluetooth/btmtksdio.c
index 304178be1ef40..c2eb64bcd5d5d 100644
--- a/drivers/bluetooth/btmtksdio.c
+++ b/drivers/bluetooth/btmtksdio.c
@@ -1041,6 +1041,8 @@ static int btmtksdio_runtime_suspend(struct device *dev)
if (!bdev)
return 0;
+ sdio_set_host_pm_flags(func, MMC_PM_KEEP_POWER);
+
sdio_claim_host(bdev->func);
sdio_writel(bdev->func, C_FW_OWN_REQ_SET, MTK_REG_CHLPCR, &err);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 072/320] media: dib8000: Fix a memleak in dib8000_init()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 071/320] Bluetooth: btmtksdio: fix resume failure Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 073/320] media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() Greg Kroah-Hartman
` (252 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 8dbdcc7269a83305ee9d677b75064d3530a48ee2 ]
In dib8000_init(), the variable fe is not freed or passed out on the
failure of dib8000_identify(&state->i2c), which could lead to a memleak.
Fix this bug by adding a kfree of fe in the error path.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DVB_DIB8000=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 77e2c0f5d471 ("V4L/DVB (12900): DiB8000: added support for DiBcom ISDB-T/ISDB-Tsb demodulator DiB8000")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/dvb-frontends/dib8000.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/dvb-frontends/dib8000.c b/drivers/media/dvb-frontends/dib8000.c
index bb02354a48b81..d67f2dd997d06 100644
--- a/drivers/media/dvb-frontends/dib8000.c
+++ b/drivers/media/dvb-frontends/dib8000.c
@@ -4473,8 +4473,10 @@ static struct dvb_frontend *dib8000_init(struct i2c_adapter *i2c_adap, u8 i2c_ad
state->timf_default = cfg->pll->timf;
- if (dib8000_identify(&state->i2c) == 0)
+ if (dib8000_identify(&state->i2c) == 0) {
+ kfree(fe);
goto error;
+ }
dibx000_init_i2c_master(&state->i2c_master, DIB8000, state->i2c.adap, state->i2c.addr);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 073/320] media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 072/320] media: dib8000: Fix a memleak in dib8000_init() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 074/320] media: si2157: Fix "warm" tuner state detection Greg Kroah-Hartman
` (251 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 0407c49ebe330333478440157c640fffd986f41b ]
In mxb_attach(dev, info), saa7146_vv_init() is called to allocate a
new memory for dev->vv_data. saa7146_vv_release() will be called on
failure of mxb_probe(dev). There is a dereference of dev->vv_data
in saa7146_vv_release(), which could lead to a NULL pointer dereference
on failure of saa7146_vv_init().
Fix this bug by adding a check of saa7146_vv_init().
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_VIDEO_MXB=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 03b1930efd3c ("V4L/DVB: saa7146: fix regression of the av7110/budget-av driver")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7146/mxb.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/pci/saa7146/mxb.c b/drivers/media/pci/saa7146/mxb.c
index 952ea250feda0..58fe4c1619eeb 100644
--- a/drivers/media/pci/saa7146/mxb.c
+++ b/drivers/media/pci/saa7146/mxb.c
@@ -683,10 +683,16 @@ static struct saa7146_ext_vv vv_data;
static int mxb_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info)
{
struct mxb *mxb;
+ int ret;
DEB_EE("dev:%p\n", dev);
- saa7146_vv_init(dev, &vv_data);
+ ret = saa7146_vv_init(dev, &vv_data);
+ if (ret) {
+ ERR("Error in saa7146_vv_init()");
+ return ret;
+ }
+
if (mxb_probe(dev)) {
saa7146_vv_release(dev);
return -1;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 074/320] media: si2157: Fix "warm" tuner state detection
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 073/320] media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 075/320] sched/rt: Try to restart rt period timer when rt runtime exceeded Greg Kroah-Hartman
` (250 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Schlabbach,
Mauro Carvalho Chehab, Sasha Levin
From: Robert Schlabbach <robert_s@gmx.net>
[ Upstream commit a6441ea29cb2c9314654e093a1cd8020b9b851c8 ]
Commit e955f959ac52 ("media: si2157: Better check for running tuner in
init") completely broke the "warm" tuner detection of the si2157 driver
due to a simple endian error: The Si2157 CRYSTAL_TRIM property code is
0x0402 and needs to be transmitted LSB first. However, it was inserted
MSB first, causing the warm detection to always fail and spam the kernel
log with tuner initialization messages each time the DVB frontend
device was closed and reopened:
[ 312.215682] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 312.264334] si2157 16-0060: firmware version: 3.0.5
[ 342.248593] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 342.295743] si2157 16-0060: firmware version: 3.0.5
[ 372.328574] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 372.385035] si2157 16-0060: firmware version: 3.0.5
Also, the reinitializations were observed disturb _other_ tuners on
multi-tuner cards such as the Hauppauge WinTV-QuadHD, leading to missed
or errored packets when one of the other DVB frontend devices on that
card was opened.
Fix the order of the property code bytes to make the warm detection work
again, also reducing the tuner initialization message in the kernel log
to once per power-on, as well as fixing the interference with other
tuners.
Link: https://lore.kernel.org/linux-media/trinity-2a86eb9d-6264-4387-95e1-ba7b79a4050f-1638392923493@3c-app-gmx-bap03
Fixes: e955f959ac52 ("media: si2157: Better check for running tuner in init")
Reported-by: Robert Schlabbach <robert_s@gmx.net>
Signed-off-by: Robert Schlabbach <robert_s@gmx.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/si2157.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c
index a39e1966816bf..8db9f0eb98b52 100644
--- a/drivers/media/tuners/si2157.c
+++ b/drivers/media/tuners/si2157.c
@@ -80,7 +80,7 @@ static int si2157_init(struct dvb_frontend *fe)
dev_dbg(&client->dev, "\n");
/* Try to get Xtal trim property, to verify tuner still running */
- memcpy(cmd.args, "\x15\x00\x04\x02", 4);
+ memcpy(cmd.args, "\x15\x00\x02\x04", 4);
cmd.wlen = 4;
cmd.rlen = 4;
ret = si2157_cmd_execute(client, &cmd);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 075/320] sched/rt: Try to restart rt period timer when rt runtime exceeded
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 074/320] media: si2157: Fix "warm" tuner state detection Greg Kroah-Hartman
@ 2022-01-24 18:40 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 076/320] rcu/exp: Mark current CPU as exp-QS in IPI loop second pass Greg Kroah-Hartman
` (249 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:40 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Li Hua,
Peter Zijlstra (Intel),
Sasha Levin
From: Li Hua <hucool.lihua@huawei.com>
[ Upstream commit 9b58e976b3b391c0cf02e038d53dd0478ed3013c ]
When rt_runtime is modified from -1 to a valid control value, it may
cause the task to be throttled all the time. Operations like the following
will trigger the bug. E.g:
1. echo -1 > /proc/sys/kernel/sched_rt_runtime_us
2. Run a FIFO task named A that executes while(1)
3. echo 950000 > /proc/sys/kernel/sched_rt_runtime_us
When rt_runtime is -1, The rt period timer will not be activated when task
A enqueued. And then the task will be throttled after setting rt_runtime to
950,000. The task will always be throttled because the rt period timer is
not activated.
Fixes: d0b27fa77854 ("sched: rt-group: synchonised bandwidth period")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Li Hua <hucool.lihua@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20211203033618.11895-1-hucool.lihua@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/rt.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 2dffb8762e16b..28c82dee13ea9 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -52,11 +52,8 @@ void init_rt_bandwidth(struct rt_bandwidth *rt_b, u64 period, u64 runtime)
rt_b->rt_period_timer.function = sched_rt_period_timer;
}
-static void start_rt_bandwidth(struct rt_bandwidth *rt_b)
+static inline void do_start_rt_bandwidth(struct rt_bandwidth *rt_b)
{
- if (!rt_bandwidth_enabled() || rt_b->rt_runtime == RUNTIME_INF)
- return;
-
raw_spin_lock(&rt_b->rt_runtime_lock);
if (!rt_b->rt_period_active) {
rt_b->rt_period_active = 1;
@@ -75,6 +72,14 @@ static void start_rt_bandwidth(struct rt_bandwidth *rt_b)
raw_spin_unlock(&rt_b->rt_runtime_lock);
}
+static void start_rt_bandwidth(struct rt_bandwidth *rt_b)
+{
+ if (!rt_bandwidth_enabled() || rt_b->rt_runtime == RUNTIME_INF)
+ return;
+
+ do_start_rt_bandwidth(rt_b);
+}
+
void init_rt_rq(struct rt_rq *rt_rq)
{
struct rt_prio_array *array;
@@ -983,13 +988,17 @@ static void update_curr_rt(struct rq *rq)
for_each_sched_rt_entity(rt_se) {
struct rt_rq *rt_rq = rt_rq_of_se(rt_se);
+ int exceeded;
if (sched_rt_runtime(rt_rq) != RUNTIME_INF) {
raw_spin_lock(&rt_rq->rt_runtime_lock);
rt_rq->rt_time += delta_exec;
- if (sched_rt_runtime_exceeded(rt_rq))
+ exceeded = sched_rt_runtime_exceeded(rt_rq);
+ if (exceeded)
resched_curr(rq);
raw_spin_unlock(&rt_rq->rt_runtime_lock);
+ if (exceeded)
+ do_start_rt_bandwidth(sched_rt_bandwidth(rt_rq));
}
}
}
@@ -2659,8 +2668,12 @@ static int sched_rt_global_validate(void)
static void sched_rt_do_global(void)
{
+ unsigned long flags;
+
+ raw_spin_lock_irqsave(&def_rt_bandwidth.rt_runtime_lock, flags);
def_rt_bandwidth.rt_runtime = global_rt_runtime();
def_rt_bandwidth.rt_period = ns_to_ktime(global_rt_period());
+ raw_spin_unlock_irqrestore(&def_rt_bandwidth.rt_runtime_lock, flags);
}
int sched_rt_handler(struct ctl_table *table, int write,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 076/320] rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-01-24 18:40 ` [PATCH 5.4 075/320] sched/rt: Try to restart rt period timer when rt runtime exceeded Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 077/320] mwifiex: Fix possible ABBA deadlock Greg Kroah-Hartman
` (248 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Neeraj Upadhyay, Frederic Weisbecker,
Uladzislau Rezki, Boqun Feng, Josh Triplett, Joel Fernandes,
Paul E. McKenney, Sasha Levin
From: Frederic Weisbecker <frederic@kernel.org>
[ Upstream commit 81f6d49cce2d2fe507e3fddcc4a6db021d9c2e7b ]
Expedited RCU grace periods invoke sync_rcu_exp_select_node_cpus(), which
takes two passes over the leaf rcu_node structure's CPUs. The first
pass gathers up the current CPU and CPUs that are in dynticks idle mode.
The workqueue will report a quiescent state on their behalf later.
The second pass sends IPIs to the rest of the CPUs, but excludes the
current CPU, incorrectly assuming it has been included in the first
pass's list of CPUs.
Unfortunately the current CPU may have changed between the first and
second pass, due to the fact that the various rcu_node structures'
->lock fields have been dropped, thus momentarily enabling preemption.
This means that if the second pass's CPU was not on the first pass's
list, it will be ignored completely. There will be no IPI sent to
it, and there will be no reporting of quiescent states on its behalf.
Unfortunately, the expedited grace period will nevertheless be waiting
for that CPU to report a quiescent state, but with that CPU having no
reason to believe that such a report is needed.
The result will be an expedited grace period stall.
Fix this by no longer excluding the current CPU from consideration during
the second pass.
Fixes: b9ad4d6ed18e ("rcu: Avoid self-IPI in sync_rcu_exp_select_node_cpus()")
Reviewed-by: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Cc: Uladzislau Rezki <urezki@gmail.com>
Cc: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree_exp.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/rcu/tree_exp.h b/kernel/rcu/tree_exp.h
index 4c4d7683a4e5b..173e3ce607900 100644
--- a/kernel/rcu/tree_exp.h
+++ b/kernel/rcu/tree_exp.h
@@ -382,6 +382,7 @@ retry_ipi:
continue;
}
if (get_cpu() == cpu) {
+ mask_ofl_test |= mask;
put_cpu();
continue;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 077/320] mwifiex: Fix possible ABBA deadlock
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 076/320] rcu/exp: Mark current CPU as exp-QS in IPI loop second pass Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 078/320] xfrm: fix a small bug in xfrm_sa_len() Greg Kroah-Hartman
` (247 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Anderson, TOTE Robot,
Brian Norris, Kalle Valo, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 1b8bb8919ef81bfc8873d223b9361f1685f2106d ]
Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
mwifiex_dequeue_tx_packet()
spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
mwifiex_send_addba()
spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
mwifiex_process_sta_tx_pause()
spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
mwifiex_update_ralist_tx_pause()
spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
Similar report for mwifiex_process_uap_tx_pause().
While the locking expectations in this driver are a bit unclear, the
Fixed commit only intended to protect the sta_ptr, so we can drop the
lock as soon as we're done with it.
IIUC, this deadlock cannot actually happen, because command event
processing (which calls mwifiex_process_sta_tx_pause()) is
sequentialized with TX packet processing (e.g.,
mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
But it's good not to leave this potential issue lurking.
Fixes: f0f7c2275fb9 ("mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
Cc: Douglas Anderson <dianders@chromium.org>
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/YaV0pllJ5p/EuUat@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/sta_event.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/sta_event.c b/drivers/net/wireless/marvell/mwifiex/sta_event.c
index 5fdffb114913d..fd12093863801 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_event.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_event.c
@@ -364,10 +364,12 @@ static void mwifiex_process_uap_tx_pause(struct mwifiex_private *priv,
sta_ptr = mwifiex_get_sta_entry(priv, tp->peermac);
if (sta_ptr && sta_ptr->tx_pause != tp->tx_pause) {
sta_ptr->tx_pause = tp->tx_pause;
+ spin_unlock_bh(&priv->sta_list_spinlock);
mwifiex_update_ralist_tx_pause(priv, tp->peermac,
tp->tx_pause);
+ } else {
+ spin_unlock_bh(&priv->sta_list_spinlock);
}
- spin_unlock_bh(&priv->sta_list_spinlock);
}
}
@@ -399,11 +401,13 @@ static void mwifiex_process_sta_tx_pause(struct mwifiex_private *priv,
sta_ptr = mwifiex_get_sta_entry(priv, tp->peermac);
if (sta_ptr && sta_ptr->tx_pause != tp->tx_pause) {
sta_ptr->tx_pause = tp->tx_pause;
+ spin_unlock_bh(&priv->sta_list_spinlock);
mwifiex_update_ralist_tx_pause(priv,
tp->peermac,
tp->tx_pause);
+ } else {
+ spin_unlock_bh(&priv->sta_list_spinlock);
}
- spin_unlock_bh(&priv->sta_list_spinlock);
}
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 078/320] xfrm: fix a small bug in xfrm_sa_len()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 077/320] mwifiex: Fix possible ABBA deadlock Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 079/320] crypto: stm32/cryp - fix xts and race condition in crypto_engine requests Greg Kroah-Hartman
` (246 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Steffen Klassert, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 7770a39d7c63faec6c4f33666d49a8cb664d0482 ]
copy_user_offload() will actually push a struct struct xfrm_user_offload,
which is different than (struct xfrm_state *)->xso
(struct xfrm_state_offload)
Fixes: d77e38e612a01 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 0cee2d3c6e452..ddcf569d852f7 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2816,7 +2816,7 @@ static inline unsigned int xfrm_sa_len(struct xfrm_state *x)
if (x->props.extra_flags)
l += nla_total_size(sizeof(x->props.extra_flags));
if (x->xso.dev)
- l += nla_total_size(sizeof(x->xso));
+ l += nla_total_size(sizeof(struct xfrm_user_offload));
if (x->props.smark.v | x->props.smark.m) {
l += nla_total_size(sizeof(x->props.smark.v));
l += nla_total_size(sizeof(x->props.smark.m));
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 079/320] crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 078/320] xfrm: fix a small bug in xfrm_sa_len() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 080/320] crypto: stm32/cryp - fix double pm exit Greg Kroah-Hartman
` (245 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit d703c7a994ee34b7fa89baf21631fca0aa9f17fc ]
Don't erase key:
If key is erased before the crypto_finalize_.*_request() call, some
pending process will run with a key={ 0 }.
Moreover if the key is reset at end of request, it breaks xts chaining
mode, as for last xts block (in case input len is not a multiple of
block) a new AES request is started without calling again set_key().
Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 9b3511236ba25..92472a48c0454 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -669,8 +669,6 @@ static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err)
else
crypto_finalize_ablkcipher_request(cryp->engine, cryp->req,
err);
-
- memset(cryp->ctx->key, 0, cryp->ctx->keylen);
}
static int stm32_cryp_cpu_start(struct stm32_cryp *cryp)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 080/320] crypto: stm32/cryp - fix double pm exit
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 079/320] crypto: stm32/cryp - fix xts and race condition in crypto_engine requests Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 081/320] crypto: stm32/cryp - fix lrw chaining mode Greg Kroah-Hartman
` (244 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Nicolas Toromanoff,
Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit 6c12e742785bf9333faf60bfb96575bdd763448e ]
Delete extraneous lines in probe error handling code: pm was
disabled twice.
Fixes: 65f9aa36ee47 ("crypto: stm32/cryp - Add power management support")
Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 92472a48c0454..c41e66211c5b4 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -2034,8 +2034,6 @@ err_engine1:
list_del(&cryp->list);
spin_unlock(&cryp_list.lock);
- pm_runtime_disable(dev);
- pm_runtime_put_noidle(dev);
pm_runtime_disable(dev);
pm_runtime_put_noidle(dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 081/320] crypto: stm32/cryp - fix lrw chaining mode
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 080/320] crypto: stm32/cryp - fix double pm exit Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 082/320] ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors Greg Kroah-Hartman
` (243 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Toromanoff, Herbert Xu, Sasha Levin
From: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
[ Upstream commit fa97dc2d48b476ea98199d808d3248d285987e99 ]
This fixes the lrw autotest if lrw uses the CRYP as the AES block cipher
provider (as ecb(aes)). At end of request, CRYP should not update the IV
in case of ECB chaining mode. Indeed the ECB chaining mode never uses
the IV, but the software LRW chaining mode uses the IV field as
a counter and due to the (unexpected) update done by CRYP while the AES
block process, the counter get a wrong value when the IV overflow.
Fixes: 5f49f18d27cd ("crypto: stm32/cryp - update to return iv_out")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/stm32/stm32-cryp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index c41e66211c5b4..69c2468f1053d 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -639,7 +639,7 @@ static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err)
/* Phase 4 : output tag */
err = stm32_cryp_read_auth_tag(cryp);
- if (!err && (!(is_gcm(cryp) || is_ccm(cryp))))
+ if (!err && (!(is_gcm(cryp) || is_ccm(cryp) || is_ecb(cryp))))
stm32_cryp_get_iv(cryp);
if (cryp->sgs_copied) {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 082/320] ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 081/320] crypto: stm32/cryp - fix lrw chaining mode Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 083/320] media: dw2102: Fix use after free Greg Kroah-Hartman
` (242 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Maddox, Christian Lamparter,
Linus Walleij, Arnd Bergmann, Sasha Levin
From: Christian Lamparter <chunkeey@gmail.com>
[ Upstream commit 4754eab7e5a78bdefe7a960c5c260c95ebbb5fa6 ]
Steven Maddox reported in the OpenWrt bugzilla, that his
RaidSonic IB-NAS4220-B was no longer booting with the new
OpenWrt 21.02 (uses linux 5.10's device-tree). However, it was
working with the previous OpenWrt 19.07 series (uses 4.14).
|[ 5.548038] No RedBoot partition table detected in 30000000.flash
|[ 5.618553] Searching for RedBoot partition table in 30000000.flash at offset 0x0
|[ 5.739093] No RedBoot partition table detected in 30000000.flash
|...
|[ 7.039504] Waiting for root device /dev/mtdblock3...
The provided bootlog shows that the RedBoot partition parser was
looking for the partition table "at offset 0x0". Which is strange
since the comment in the device-tree says it should be at 0xfe0000.
Further digging on the internet led to a review site that took
some useful PCB pictures of their review unit back in February 2009.
Their picture shows a Spansion S29GL128N11TFI01 flash chip.
>From Spansion's Datasheet:
"S29GL128N: One hundred twenty-eight 64 Kword (128 Kbyte) sectors"
Steven also provided a "cat /sys/class/mtd/mtd0/erasesize" from his
unit: "131072".
With the 128 KiB Sector/Erasesize in mind. This patch changes the
fis-index-block property to (0xfe0000 / 0x20000) = 0x7f.
Fixes: b5a923f8c739 ("ARM: dts: gemini: Switch to redboot partition parsing")
Reported-by: Steven Maddox <s.maddox@lantizia.me.uk>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Steven Maddox <s.maddox@lantizia.me.uk>
Link: https://lore.kernel.org/r/20211206004334.4169408-1-linus.walleij@linaro.org'
Bugzilla: https://bugs.openwrt.org/index.php?do=details&task_id=4137
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/gemini-nas4220b.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/gemini-nas4220b.dts b/arch/arm/boot/dts/gemini-nas4220b.dts
index e1020e07e1366..60cec653ac7c6 100644
--- a/arch/arm/boot/dts/gemini-nas4220b.dts
+++ b/arch/arm/boot/dts/gemini-nas4220b.dts
@@ -84,7 +84,7 @@
partitions {
compatible = "redboot-fis";
/* Eraseblock at 0xfe0000 */
- fis-index-block = <0x1fc>;
+ fis-index-block = <0x7f>;
};
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 083/320] media: dw2102: Fix use after free
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 082/320] ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 084/320] media: msi001: fix possible null-ptr-deref in msi001_probe() Greg Kroah-Hartman
` (241 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anton Vasilyev,
Mauro Carvalho Chehab, Sasha Levin
From: Anton Vasilyev <vasilyev@ispras.ru>
[ Upstream commit 589a9f0eb799f77de2c09583bf5bad221fa5d685 ]
dvb_usb_device_init stores parts of properties at d->props
and d->desc and uses it on dvb_usb_device_exit.
Free of properties on module probe leads to use after free.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204597
The patch makes properties static instead of allocated on heap to prevent
memleak and use after free.
Also fixes s421_properties.devices initialization to have 2 element
instead of 6 copied from p7500_properties.
[mchehab: fix function call alignments]
Link: https://lore.kernel.org/linux-media/20190822104147.4420-1-vasilyev@ispras.ru
Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Fixes: 299c7007e936 ("media: dw2102: Fix memleak on sequence of probes")
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/dw2102.c | 338 ++++++++++++++++++-----------
1 file changed, 215 insertions(+), 123 deletions(-)
diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c
index b960abd00d483..8493ebb377c4d 100644
--- a/drivers/media/usb/dvb-usb/dw2102.c
+++ b/drivers/media/usb/dvb-usb/dw2102.c
@@ -2098,46 +2098,153 @@ static struct dvb_usb_device_properties s6x0_properties = {
}
};
-static const struct dvb_usb_device_description d1100 = {
- "Prof 1100 USB ",
- {&dw2102_table[PROF_1100], NULL},
- {NULL},
-};
+static struct dvb_usb_device_properties p1100_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .firmware = P1100_FIRMWARE,
+ .no_reconnect = 1,
-static const struct dvb_usb_device_description d660 = {
- "TeVii S660 USB",
- {&dw2102_table[TEVII_S660], NULL},
- {NULL},
-};
+ .i2c_algo = &s6x0_i2c_algo,
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_TBS_NEC,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_NEC,
+ .rc_query = prof_rc_query,
+ },
-static const struct dvb_usb_device_description d480_1 = {
- "TeVii S480.1 USB",
- {&dw2102_table[TEVII_S480_1], NULL},
- {NULL},
+ .generic_bulk_ctrl_endpoint = 0x81,
+ .num_adapters = 1,
+ .download_firmware = dw2102_load_firmware,
+ .read_mac_address = s6x0_read_mac_address,
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .frontend_attach = stv0288_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ },
+ } },
+ }
+ },
+ .num_device_descs = 1,
+ .devices = {
+ {"Prof 1100 USB ",
+ {&dw2102_table[PROF_1100], NULL},
+ {NULL},
+ },
+ }
};
-static const struct dvb_usb_device_description d480_2 = {
- "TeVii S480.2 USB",
- {&dw2102_table[TEVII_S480_2], NULL},
- {NULL},
-};
+static struct dvb_usb_device_properties s660_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .firmware = S660_FIRMWARE,
+ .no_reconnect = 1,
-static const struct dvb_usb_device_description d7500 = {
- "Prof 7500 USB DVB-S2",
- {&dw2102_table[PROF_7500], NULL},
- {NULL},
-};
+ .i2c_algo = &s6x0_i2c_algo,
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_TEVII_NEC,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_NEC,
+ .rc_query = dw2102_rc_query,
+ },
-static const struct dvb_usb_device_description d421 = {
- "TeVii S421 PCI",
- {&dw2102_table[TEVII_S421], NULL},
- {NULL},
+ .generic_bulk_ctrl_endpoint = 0x81,
+ .num_adapters = 1,
+ .download_firmware = dw2102_load_firmware,
+ .read_mac_address = s6x0_read_mac_address,
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .frontend_attach = ds3000_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ },
+ } },
+ }
+ },
+ .num_device_descs = 3,
+ .devices = {
+ {"TeVii S660 USB",
+ {&dw2102_table[TEVII_S660], NULL},
+ {NULL},
+ },
+ {"TeVii S480.1 USB",
+ {&dw2102_table[TEVII_S480_1], NULL},
+ {NULL},
+ },
+ {"TeVii S480.2 USB",
+ {&dw2102_table[TEVII_S480_2], NULL},
+ {NULL},
+ },
+ }
};
-static const struct dvb_usb_device_description d632 = {
- "TeVii S632 USB",
- {&dw2102_table[TEVII_S632], NULL},
- {NULL},
+static struct dvb_usb_device_properties p7500_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .firmware = P7500_FIRMWARE,
+ .no_reconnect = 1,
+
+ .i2c_algo = &s6x0_i2c_algo,
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_TBS_NEC,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_NEC,
+ .rc_query = prof_rc_query,
+ },
+
+ .generic_bulk_ctrl_endpoint = 0x81,
+ .num_adapters = 1,
+ .download_firmware = dw2102_load_firmware,
+ .read_mac_address = s6x0_read_mac_address,
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .frontend_attach = prof_7500_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ },
+ } },
+ }
+ },
+ .num_device_descs = 1,
+ .devices = {
+ {"Prof 7500 USB DVB-S2",
+ {&dw2102_table[PROF_7500], NULL},
+ {NULL},
+ },
+ }
};
static struct dvb_usb_device_properties su3000_properties = {
@@ -2209,6 +2316,59 @@ static struct dvb_usb_device_properties su3000_properties = {
}
};
+static struct dvb_usb_device_properties s421_properties = {
+ .caps = DVB_USB_IS_AN_I2C_ADAPTER,
+ .usb_ctrl = DEVICE_SPECIFIC,
+ .size_of_priv = sizeof(struct dw2102_state),
+ .power_ctrl = su3000_power_ctrl,
+ .num_adapters = 1,
+ .identify_state = su3000_identify_state,
+ .i2c_algo = &su3000_i2c_algo,
+
+ .rc.core = {
+ .rc_interval = 150,
+ .rc_codes = RC_MAP_SU3000,
+ .module_name = "dw2102",
+ .allowed_protos = RC_PROTO_BIT_RC5,
+ .rc_query = su3000_rc_query,
+ },
+
+ .read_mac_address = su3000_read_mac_address,
+
+ .generic_bulk_ctrl_endpoint = 0x01,
+
+ .adapter = {
+ {
+ .num_frontends = 1,
+ .fe = {{
+ .streaming_ctrl = su3000_streaming_ctrl,
+ .frontend_attach = m88rs2000_frontend_attach,
+ .stream = {
+ .type = USB_BULK,
+ .count = 8,
+ .endpoint = 0x82,
+ .u = {
+ .bulk = {
+ .buffersize = 4096,
+ }
+ }
+ }
+ } },
+ }
+ },
+ .num_device_descs = 2,
+ .devices = {
+ { "TeVii S421 PCI",
+ { &dw2102_table[TEVII_S421], NULL },
+ { NULL },
+ },
+ { "TeVii S632 USB",
+ { &dw2102_table[TEVII_S632], NULL },
+ { NULL },
+ },
+ }
+};
+
static struct dvb_usb_device_properties t220_properties = {
.caps = DVB_USB_IS_AN_I2C_ADAPTER,
.usb_ctrl = DEVICE_SPECIFIC,
@@ -2326,101 +2486,33 @@ static struct dvb_usb_device_properties tt_s2_4600_properties = {
static int dw2102_probe(struct usb_interface *intf,
const struct usb_device_id *id)
{
- int retval = -ENOMEM;
- struct dvb_usb_device_properties *p1100;
- struct dvb_usb_device_properties *s660;
- struct dvb_usb_device_properties *p7500;
- struct dvb_usb_device_properties *s421;
-
- p1100 = kmemdup(&s6x0_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!p1100)
- goto err0;
-
- /* copy default structure */
- /* fill only different fields */
- p1100->firmware = P1100_FIRMWARE;
- p1100->devices[0] = d1100;
- p1100->rc.core.rc_query = prof_rc_query;
- p1100->rc.core.rc_codes = RC_MAP_TBS_NEC;
- p1100->adapter->fe[0].frontend_attach = stv0288_frontend_attach;
-
- s660 = kmemdup(&s6x0_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!s660)
- goto err1;
-
- s660->firmware = S660_FIRMWARE;
- s660->num_device_descs = 3;
- s660->devices[0] = d660;
- s660->devices[1] = d480_1;
- s660->devices[2] = d480_2;
- s660->adapter->fe[0].frontend_attach = ds3000_frontend_attach;
-
- p7500 = kmemdup(&s6x0_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!p7500)
- goto err2;
-
- p7500->firmware = P7500_FIRMWARE;
- p7500->devices[0] = d7500;
- p7500->rc.core.rc_query = prof_rc_query;
- p7500->rc.core.rc_codes = RC_MAP_TBS_NEC;
- p7500->adapter->fe[0].frontend_attach = prof_7500_frontend_attach;
-
-
- s421 = kmemdup(&su3000_properties,
- sizeof(struct dvb_usb_device_properties), GFP_KERNEL);
- if (!s421)
- goto err3;
-
- s421->num_device_descs = 2;
- s421->devices[0] = d421;
- s421->devices[1] = d632;
- s421->adapter->fe[0].frontend_attach = m88rs2000_frontend_attach;
-
- if (0 == dvb_usb_device_init(intf, &dw2102_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &dw2104_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &dw3101_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &s6x0_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, p1100,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, s660,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, p7500,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, s421,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &su3000_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &t220_properties,
- THIS_MODULE, NULL, adapter_nr) ||
- 0 == dvb_usb_device_init(intf, &tt_s2_4600_properties,
- THIS_MODULE, NULL, adapter_nr)) {
-
- /* clean up copied properties */
- kfree(s421);
- kfree(p7500);
- kfree(s660);
- kfree(p1100);
+ if (!(dvb_usb_device_init(intf, &dw2102_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &dw2104_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &dw3101_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &s6x0_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &p1100_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &s660_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &p7500_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &s421_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &su3000_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &t220_properties,
+ THIS_MODULE, NULL, adapter_nr) &&
+ dvb_usb_device_init(intf, &tt_s2_4600_properties,
+ THIS_MODULE, NULL, adapter_nr))) {
return 0;
}
- retval = -ENODEV;
- kfree(s421);
-err3:
- kfree(p7500);
-err2:
- kfree(s660);
-err1:
- kfree(p1100);
-err0:
- return retval;
+ return -ENODEV;
}
static void dw2102_disconnect(struct usb_interface *intf)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 084/320] media: msi001: fix possible null-ptr-deref in msi001_probe()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 083/320] media: dw2102: Fix use after free Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 085/320] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes Greg Kroah-Hartman
` (240 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wang Hai,
Mauro Carvalho Chehab, Sasha Levin
From: Wang Hai <wanghai38@huawei.com>
[ Upstream commit 3d5831a40d3464eea158180eb12cbd81c5edfb6a ]
I got a null-ptr-deref report:
BUG: kernel NULL pointer dereference, address: 0000000000000060
...
RIP: 0010:v4l2_ctrl_auto_cluster+0x57/0x270
...
Call Trace:
msi001_probe+0x13b/0x24b [msi001]
spi_probe+0xeb/0x130
...
do_syscall_64+0x35/0xb0
In msi001_probe(), if the creation of control for bandwidth_auto
fails, there will be a null-ptr-deref issue when it is used in
v4l2_ctrl_auto_cluster().
Check dev->hdl.error before v4l2_ctrl_auto_cluster() to fix this bug.
Link: https://lore.kernel.org/linux-media/20211026112348.2878040-1-wanghai38@huawei.com
Fixes: 93203dd6c7c4 ("[media] msi001: Mirics MSi001 silicon tuner driver")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/msi001.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/media/tuners/msi001.c b/drivers/media/tuners/msi001.c
index 78e6fd600d8ef..44247049a3190 100644
--- a/drivers/media/tuners/msi001.c
+++ b/drivers/media/tuners/msi001.c
@@ -442,6 +442,13 @@ static int msi001_probe(struct spi_device *spi)
V4L2_CID_RF_TUNER_BANDWIDTH_AUTO, 0, 1, 1, 1);
dev->bandwidth = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops,
V4L2_CID_RF_TUNER_BANDWIDTH, 200000, 8000000, 1, 200000);
+ if (dev->hdl.error) {
+ ret = dev->hdl.error;
+ dev_err(&spi->dev, "Could not initialize controls\n");
+ /* control init failed, free handler */
+ goto err_ctrl_handler_free;
+ }
+
v4l2_ctrl_auto_cluster(2, &dev->bandwidth_auto, 0, false);
dev->lna_gain = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops,
V4L2_CID_RF_TUNER_LNA_GAIN, 0, 1, 1, 1);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 085/320] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 084/320] media: msi001: fix possible null-ptr-deref in msi001_probe() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 086/320] drm/msm/dpu: fix safe status debugfs file Greg Kroah-Hartman
` (239 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang,
Mauro Carvalho Chehab, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 43f0633f89947df57fe0b5025bdd741768007708 ]
The return value of dma_set_coherent_mask() is not always 0.
To catch the exception in case that dma is not support the mask.
Link: https://lore.kernel.org/linux-media/20211206022201.1639460-1-jiasheng@iscas.ac.cn
Fixes: b0444f18e0b1 ("[media] coda: add i.MX6 VDOA driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/imx-vdoa.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/coda/imx-vdoa.c b/drivers/media/platform/coda/imx-vdoa.c
index 8bc0d83718193..dd6e2e320264e 100644
--- a/drivers/media/platform/coda/imx-vdoa.c
+++ b/drivers/media/platform/coda/imx-vdoa.c
@@ -287,7 +287,11 @@ static int vdoa_probe(struct platform_device *pdev)
struct resource *res;
int ret;
- dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
+ ret = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
+ if (ret) {
+ dev_err(&pdev->dev, "DMA enable failed\n");
+ return ret;
+ }
vdoa = devm_kzalloc(&pdev->dev, sizeof(*vdoa), GFP_KERNEL);
if (!vdoa)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 086/320] drm/msm/dpu: fix safe status debugfs file
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 085/320] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 087/320] drm/bridge: ti-sn65dsi86: Set max register for regmap Greg Kroah-Hartman
` (238 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Abhinav Kumar,
Rob Clark, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit f31b0e24d31e18b4503eeaf0032baeacc0beaff6 ]
Make safe_status debugfs fs file actually return safe status rather than
danger status data.
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Link: https://lore.kernel.org/r/20211201222633.2476780-3-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 58b0485dc3750..72f487692adbb 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -88,8 +88,8 @@ static int _dpu_danger_signal_status(struct seq_file *s,
&status);
} else {
seq_puts(s, "\nSafe signal status:\n");
- if (kms->hw_mdp->ops.get_danger_status)
- kms->hw_mdp->ops.get_danger_status(kms->hw_mdp,
+ if (kms->hw_mdp->ops.get_safe_status)
+ kms->hw_mdp->ops.get_safe_status(kms->hw_mdp,
&status);
}
pm_runtime_put_sync(&kms->pdev->dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 087/320] drm/bridge: ti-sn65dsi86: Set max register for regmap
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 086/320] drm/msm/dpu: fix safe status debugfs file Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 088/320] media: hantro: Fix probe func error path Greg Kroah-Hartman
` (237 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Clark, Douglas Anderson,
Laurent Pinchart, Stephen Boyd, Robert Foss, Sasha Levin
From: Stephen Boyd <swboyd@chromium.org>
[ Upstream commit 0b665d4af35837f0a0ae63135b84a3c187c1db3b ]
Set the maximum register to 0xff so we can dump the registers for this
device in debugfs.
Fixes: a095f15c00e2 ("drm/bridge: add support for sn65dsi86 bridge driver")
Cc: Rob Clark <robdclark@chromium.org>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211215002529.382383-1-swboyd@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi86.c b/drivers/gpu/drm/bridge/ti-sn65dsi86.c
index f1de4bb6558ca..dbb4a374cb646 100644
--- a/drivers/gpu/drm/bridge/ti-sn65dsi86.c
+++ b/drivers/gpu/drm/bridge/ti-sn65dsi86.c
@@ -115,6 +115,7 @@ static const struct regmap_config ti_sn_bridge_regmap_config = {
.val_bits = 8,
.volatile_table = &ti_sn_bridge_volatile_table,
.cache_type = REGCACHE_NONE,
+ .max_register = 0xFF,
};
static void ti_sn_bridge_write_u16(struct ti_sn_bridge *pdata,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 088/320] media: hantro: Fix probe func error path
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 087/320] drm/bridge: ti-sn65dsi86: Set max register for regmap Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 089/320] xfrm: interface with if_id 0 should return error Greg Kroah-Hartman
` (236 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jernej Skrabec,
Andrzej Pietrasiewicz, Ezequiel Garcia, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Jernej Skrabec <jernej.skrabec@gmail.com>
[ Upstream commit 37af43b250fda6162005d47bf7c959c70d52b107 ]
If clocks for some reason couldn't be enabled, probe function returns
immediately, without disabling PM. This obviously leaves PM ref counters
unbalanced.
Fix that by jumping to appropriate error path, so effects of PM functions
are reversed.
Fixes: 775fec69008d ("media: add Rockchip VPU JPEG encoder driver")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Acked-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/hantro/hantro_drv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/media/hantro/hantro_drv.c b/drivers/staging/media/hantro/hantro_drv.c
index 32e5966ba5c5f..58cf44045b396 100644
--- a/drivers/staging/media/hantro/hantro_drv.c
+++ b/drivers/staging/media/hantro/hantro_drv.c
@@ -823,7 +823,7 @@ static int hantro_probe(struct platform_device *pdev)
ret = clk_bulk_prepare(vpu->variant->num_clocks, vpu->clocks);
if (ret) {
dev_err(&pdev->dev, "Failed to prepare clocks\n");
- return ret;
+ goto err_pm_disable;
}
ret = v4l2_device_register(&pdev->dev, &vpu->v4l2_dev);
@@ -879,6 +879,7 @@ err_v4l2_unreg:
v4l2_device_unregister(&vpu->v4l2_dev);
err_clk_unprepare:
clk_bulk_unprepare(vpu->variant->num_clocks, vpu->clocks);
+err_pm_disable:
pm_runtime_dont_use_autosuspend(vpu->dev);
pm_runtime_disable(vpu->dev);
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 089/320] xfrm: interface with if_id 0 should return error
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 088/320] media: hantro: Fix probe func error path Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 090/320] xfrm: state and policy should fail if XFRMA_IF_ID 0 Greg Kroah-Hartman
` (235 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antony Antony, Eyal Birger,
Steffen Klassert, Sasha Levin
From: Antony Antony <antony.antony@secunet.com>
[ Upstream commit 8dce43919566f06e865f7e8949f5c10d8c2493f5 ]
xfrm interface if_id = 0 would cause xfrm policy lookup errors since
Commit 9f8550e4bd9d.
Now explicitly fail to create an xfrm interface when if_id = 0
With this commit:
ip link add ipsec0 type xfrm dev lo if_id 0
Error: if_id must be non zero.
v1->v2 change:
- add Fixes: tag
Fixes: 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_interface.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 74e90d78c3b46..08343201513a9 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -659,11 +659,16 @@ static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
struct netlink_ext_ack *extack)
{
struct net *net = dev_net(dev);
- struct xfrm_if_parms p;
+ struct xfrm_if_parms p = {};
struct xfrm_if *xi;
int err;
xfrmi_netlink_parms(data, &p);
+ if (!p.if_id) {
+ NL_SET_ERR_MSG(extack, "if_id must be non zero");
+ return -EINVAL;
+ }
+
xi = xfrmi_locate(net, &p);
if (xi)
return -EEXIST;
@@ -688,7 +693,12 @@ static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
{
struct xfrm_if *xi = netdev_priv(dev);
struct net *net = xi->net;
- struct xfrm_if_parms p;
+ struct xfrm_if_parms p = {};
+
+ if (!p.if_id) {
+ NL_SET_ERR_MSG(extack, "if_id must be non zero");
+ return -EINVAL;
+ }
xfrmi_netlink_parms(data, &p);
xi = xfrmi_locate(net, &p);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 090/320] xfrm: state and policy should fail if XFRMA_IF_ID 0
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 089/320] xfrm: interface with if_id 0 should return error Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 091/320] ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding Greg Kroah-Hartman
` (234 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antony Antony, Steffen Klassert, Sasha Levin
From: Antony Antony <antony.antony@secunet.com>
[ Upstream commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 ]
xfrm ineterface does not allow xfrm if_id = 0
fail to create or update xfrm state and policy.
With this commit:
ip xfrm policy add src 192.0.2.1 dst 192.0.2.2 dir out if_id 0
RTNETLINK answers: Invalid argument
ip xfrm state add src 192.0.2.1 dst 192.0.2.2 proto esp spi 1 \
reqid 1 mode tunnel aead 'rfc4106(gcm(aes))' \
0x1111111111111111111111111111111111111111 96 if_id 0
RTNETLINK answers: Invalid argument
v1->v2 change:
- add Fixes: tag
Fixes: 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xfrm/xfrm_user.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index ddcf569d852f7..42ff32700d68b 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -621,8 +621,13 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
xfrm_smark_init(attrs, &x->props.smark);
- if (attrs[XFRMA_IF_ID])
+ if (attrs[XFRMA_IF_ID]) {
x->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+ if (!x->if_id) {
+ err = -EINVAL;
+ goto error;
+ }
+ }
err = __xfrm_init_state(x, false, attrs[XFRMA_OFFLOAD_DEV]);
if (err)
@@ -1328,8 +1333,13 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
mark = xfrm_mark_get(attrs, &m);
- if (attrs[XFRMA_IF_ID])
+ if (attrs[XFRMA_IF_ID]) {
if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+ if (!if_id) {
+ err = -EINVAL;
+ goto out_noput;
+ }
+ }
if (p->info.seq) {
x = xfrm_find_acq_byseq(net, mark, p->info.seq);
@@ -1631,8 +1641,13 @@ static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_us
xfrm_mark_get(attrs, &xp->mark);
- if (attrs[XFRMA_IF_ID])
+ if (attrs[XFRMA_IF_ID]) {
xp->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
+ if (!xp->if_id) {
+ err = -EINVAL;
+ goto error;
+ }
+ }
return xp;
error:
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 091/320] ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 090/320] xfrm: state and policy should fail if XFRMA_IF_ID 0 Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 092/320] usb: ftdi-elan: fix memory leak on device disconnect Greg Kroah-Hartman
` (233 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andre Przywara, Adam Lackorzynski,
Peter Maydell, Ard Biesheuvel, Linus Walleij,
Russell King (Oracle),
Sasha Levin
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit a92882a4d270fbcc021ee6848de5e48b7f0d27f3 ]
In the decompressor's head.S we need to start with an instruction that
is some kind of NOP, but also mimics as the PE/COFF header, when the
kernel is linked as an UEFI application. The clever solution here is
"tstne r0, #0x4d000", which in the worst case just clobbers the
condition flags, and bears the magic "MZ" signature in the lowest 16 bits.
However the encoding used (0x13105a4d) is actually not valid, since bits
[15:12] are supposed to be 0 (written as "(0)" in the ARM ARM).
Violating this is UNPREDICTABLE, and *can* trigger an UNDEFINED
exception. Common Cortex cores seem to ignore those bits, but QEMU
chooses to trap, so the code goes fishing because of a missing exception
handler at this point. We are just saved by the fact that commonly (with
-kernel or when running from U-Boot) the "Z" bit is set, so the
instruction is never executed. See [0] for more details.
To make things more robust and avoid UNPREDICTABLE behaviour in the
kernel code, lets replace this with a "two-instruction NOP":
The first instruction is an exclusive OR, the effect of which the second
instruction reverts. This does not leave any trace, neither in a
register nor in the condition flags. Also it's a perfectly valid
encoding. Kudos to Peter Maydell for coming up with this gem.
[0] https://lore.kernel.org/qemu-devel/YTPIdbUCmwagL5%2FD@os.inf.tu-dresden.de/T/
Link: https://lore.kernel.org/linux-arm-kernel/20210908162617.104962-1-andre.przywara@arm.com/T/
Fixes: 81a0bc39ea19 ("ARM: add UEFI stub support")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reported-by: Adam Lackorzynski <adam@l4re.org>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
| 22 ++++++++++++++--------
arch/arm/boot/compressed/head.S | 3 ++-
2 files changed, 16 insertions(+), 9 deletions(-)
--git a/arch/arm/boot/compressed/efi-header.S b/arch/arm/boot/compressed/efi-header.S
index a5983588f96b8..dd53d6eb53ade 100644
--- a/arch/arm/boot/compressed/efi-header.S
+++ b/arch/arm/boot/compressed/efi-header.S
@@ -9,16 +9,22 @@
#include <linux/sizes.h>
.macro __nop
-#ifdef CONFIG_EFI_STUB
- @ This is almost but not quite a NOP, since it does clobber the
- @ condition flags. But it is the best we can do for EFI, since
- @ PE/COFF expects the magic string "MZ" at offset 0, while the
- @ ARM/Linux boot protocol expects an executable instruction
- @ there.
- .inst MZ_MAGIC | (0x1310 << 16) @ tstne r0, #0x4d000
-#else
AR_CLASS( mov r0, r0 )
M_CLASS( nop.w )
+ .endm
+
+ .macro __initial_nops
+#ifdef CONFIG_EFI_STUB
+ @ This is a two-instruction NOP, which happens to bear the
+ @ PE/COFF signature "MZ" in the first two bytes, so the kernel
+ @ is accepted as an EFI binary. Booting via the UEFI stub
+ @ will not execute those instructions, but the ARM/Linux
+ @ boot protocol does, so we need some NOPs here.
+ .inst MZ_MAGIC | (0xe225 << 16) @ eor r5, r5, 0x4d000
+ eor r5, r5, 0x4d000 @ undo previous insn
+#else
+ __nop
+ __nop
#endif
.endm
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index cbe126297f549..0a2410adc25b3 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -165,7 +165,8 @@ start:
* were patching the initial instructions of the kernel, i.e
* had started to exploit this "patch area".
*/
- .rept 7
+ __initial_nops
+ .rept 5
__nop
.endr
#ifndef CONFIG_THUMB2_KERNEL
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 092/320] usb: ftdi-elan: fix memory leak on device disconnect
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 091/320] ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 093/320] ARM: dts: armada-38x: Add generic compatible to UART nodes Greg Kroah-Hartman
` (232 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wei Yongjun, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 1646566b5e0c556f779180a8514e521ac735de1e ]
'ftdi' is alloced when probe device, but not free on device disconnect,
this cause a memory leak as follows:
unreferenced object 0xffff88800d584000 (size 8400):
comm "kworker/0:2", pid 3809, jiffies 4295453055 (age 13.784s)
hex dump (first 32 bytes):
00 40 58 0d 80 88 ff ff 00 40 58 0d 80 88 ff ff .@X......@X.....
00 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
backtrace:
[<000000000d47f947>] kmalloc_order_trace+0x19/0x110 mm/slab_common.c:960
[<000000008548ac68>] ftdi_elan_probe+0x8c/0x880 drivers/usb/misc/ftdi-elan.c:2647
[<000000007f73e422>] usb_probe_interface+0x31b/0x800 drivers/usb/core/driver.c:396
[<00000000fe8d07fc>] really_probe+0x299/0xc30 drivers/base/dd.c:517
[<0000000005da7d32>] __driver_probe_device+0x357/0x500 drivers/base/dd.c:751
[<000000003c2c9579>] driver_probe_device+0x4e/0x140 drivers/base/dd.c:781
Fix it by freeing 'ftdi' after nobody use it.
Fixes: a5c66e4b2418 ("USB: ftdi-elan: client driver for ELAN Uxxx adapters")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20211217083428.2441-1-weiyongjun1@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/misc/ftdi-elan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/misc/ftdi-elan.c b/drivers/usb/misc/ftdi-elan.c
index cdee3af33ad7b..684800c66bb4d 100644
--- a/drivers/usb/misc/ftdi-elan.c
+++ b/drivers/usb/misc/ftdi-elan.c
@@ -202,6 +202,7 @@ static void ftdi_elan_delete(struct kref *kref)
mutex_unlock(&ftdi_module_lock);
kfree(ftdi->bulk_in_buffer);
ftdi->bulk_in_buffer = NULL;
+ kfree(ftdi);
}
static void ftdi_elan_put_kref(struct usb_ftdi *ftdi)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 093/320] ARM: dts: armada-38x: Add generic compatible to UART nodes
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 092/320] usb: ftdi-elan: fix memory leak on device disconnect Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 094/320] mmc: meson-mx-sdio: add IRQ check Greg Kroah-Hartman
` (231 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Marek Behún,
Gregory CLEMENT, Sasha Levin
From: Marek Behún <kabel@kernel.org>
[ Upstream commit 62480772263ab6b52e758f2346c70a526abd1d28 ]
Add generic compatible string "ns16550a" to serial port nodes of Armada
38x.
This makes it possible to use earlycon.
Fixes: 0d3d96ab0059 ("ARM: mvebu: add Device Tree description of the Armada 380/385 SoCs")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/armada-38x.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/armada-38x.dtsi b/arch/arm/boot/dts/armada-38x.dtsi
index 669da3a33d82c..5b82e58a1cf06 100644
--- a/arch/arm/boot/dts/armada-38x.dtsi
+++ b/arch/arm/boot/dts/armada-38x.dtsi
@@ -165,7 +165,7 @@
};
uart0: serial@12000 {
- compatible = "marvell,armada-38x-uart";
+ compatible = "marvell,armada-38x-uart", "ns16550a";
reg = <0x12000 0x100>;
reg-shift = <2>;
interrupts = <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
@@ -175,7 +175,7 @@
};
uart1: serial@12100 {
- compatible = "marvell,armada-38x-uart";
+ compatible = "marvell,armada-38x-uart", "ns16550a";
reg = <0x12100 0x100>;
reg-shift = <2>;
interrupts = <GIC_SPI 13 IRQ_TYPE_LEVEL_HIGH>;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 094/320] mmc: meson-mx-sdio: add IRQ check
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 093/320] ARM: dts: armada-38x: Add generic compatible to UART nodes Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 095/320] selinux: fix potential memleak in selinux_add_opt() Greg Kroah-Hartman
` (230 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Martin Blumenstingl,
Ulf Hansson, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omp.ru>
[ Upstream commit 8fc9a77bc64e1f23d07953439817d8402ac9706f ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to devm_request_threaded_irq()
(which takes *unsigned* IRQ #), causing it to fail with -EINVAL, overriding
an original error code. Stop calling devm_request_threaded_irq() with the
invalid IRQ #s.
Fixes: ed80a13bb4c4 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoC")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Link: https://lore.kernel.org/r/20211217202717.10041-3-s.shtylyov@omp.ru
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/meson-mx-sdio.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/mmc/host/meson-mx-sdio.c b/drivers/mmc/host/meson-mx-sdio.c
index 360d523132bd5..780552a86ec08 100644
--- a/drivers/mmc/host/meson-mx-sdio.c
+++ b/drivers/mmc/host/meson-mx-sdio.c
@@ -665,6 +665,11 @@ static int meson_mx_mmc_probe(struct platform_device *pdev)
}
irq = platform_get_irq(pdev, 0);
+ if (irq < 0) {
+ ret = irq;
+ goto error_free_mmc;
+ }
+
ret = devm_request_threaded_irq(host->controller_dev, irq,
meson_mx_mmc_irq,
meson_mx_mmc_irq_thread, IRQF_ONESHOT,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 095/320] selinux: fix potential memleak in selinux_add_opt()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 094/320] mmc: meson-mx-sdio: add IRQ check Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 096/320] bpftool: Enable line buffering for stdout Greg Kroah-Hartman
` (229 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bernard Zhao, Paul Moore, Sasha Levin
From: Bernard Zhao <bernard@vivo.com>
[ Upstream commit 2e08df3c7c4e4e74e3dd5104c100f0bf6288aaa8 ]
This patch try to fix potential memleak in error branch.
Fixes: ba6418623385 ("selinux: new helper - selinux_add_opt()")
Signed-off-by: Bernard Zhao <bernard@vivo.com>
[PM: tweak the subject line, add Fixes tag]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/selinux/hooks.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 91f2ba0b225b7..56418cf72069d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -995,18 +995,22 @@ out:
static int selinux_add_opt(int token, const char *s, void **mnt_opts)
{
struct selinux_mnt_opts *opts = *mnt_opts;
+ bool is_alloc_opts = false;
if (token == Opt_seclabel) /* eaten and completely ignored */
return 0;
+ if (!s)
+ return -ENOMEM;
+
if (!opts) {
opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
if (!opts)
return -ENOMEM;
*mnt_opts = opts;
+ is_alloc_opts = true;
}
- if (!s)
- return -ENOMEM;
+
switch (token) {
case Opt_context:
if (opts->context || opts->defcontext)
@@ -1031,6 +1035,10 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
}
return 0;
Einval:
+ if (is_alloc_opts) {
+ kfree(opts);
+ *mnt_opts = NULL;
+ }
pr_warn(SEL_MOUNT_FAIL_MSG);
return -EINVAL;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 096/320] bpftool: Enable line buffering for stdout
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 095/320] selinux: fix potential memleak in selinux_add_opt() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 097/320] x86/mce/inject: Avoid out-of-bounds write when setting flags Greg Kroah-Hartman
` (228 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quentin Monnet, Paul Chaignon,
Andrii Nakryiko, Yonghong Song, Sasha Levin
From: Paul Chaignon <paul@isovalent.com>
[ Upstream commit 1a1a0b0364ad291bd8e509da104ac8b5b1afec5d ]
The output of bpftool prog tracelog is currently buffered, which is
inconvenient when piping the output into other commands. A simple
tracelog | grep will typically not display anything. This patch fixes it
by enabling line buffering on stdout for the whole bpftool binary.
Fixes: 30da46b5dc3a ("tools: bpftool: add a command to dump the trace pipe")
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Paul Chaignon <paul@isovalent.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20211220214528.GA11706@Mem
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/bpf/bpftool/main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/bpf/bpftool/main.c b/tools/bpf/bpftool/main.c
index 7d3cfb0ccbe61..4b03983acbefe 100644
--- a/tools/bpf/bpftool/main.c
+++ b/tools/bpf/bpftool/main.c
@@ -362,6 +362,8 @@ int main(int argc, char **argv)
};
int opt, ret;
+ setlinebuf(stdout);
+
last_do_help = do_help;
pretty_output = false;
json_output = false;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 097/320] x86/mce/inject: Avoid out-of-bounds write when setting flags
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 096/320] bpftool: Enable line buffering for stdout Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 098/320] ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes Greg Kroah-Hartman
` (227 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Zixun, Borislav Petkov, Sasha Levin
From: Zhang Zixun <zhang133010@icloud.com>
[ Upstream commit de768416b203ac84e02a757b782a32efb388476f ]
A contrived zero-length write, for example, by using write(2):
...
ret = write(fd, str, 0);
...
to the "flags" file causes:
BUG: KASAN: stack-out-of-bounds in flags_write
Write of size 1 at addr ffff888019be7ddf by task writefile/3787
CPU: 4 PID: 3787 Comm: writefile Not tainted 5.16.0-rc7+ #12
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
due to accessing buf one char before its start.
Prevent such out-of-bounds access.
[ bp: Productize into a proper patch. Link below is the next best
thing because the original mail didn't get archived on lore. ]
Fixes: 0451d14d0561 ("EDAC, mce_amd_inj: Modify flags attribute to use string arguments")
Signed-off-by: Zhang Zixun <zhang133010@icloud.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/linux-edac/YcnePfF1OOqoQwrX@zn.tnic/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/inject.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/mce/inject.c b/arch/x86/kernel/cpu/mce/inject.c
index eb2d41c1816d6..e1fda5b19b6f6 100644
--- a/arch/x86/kernel/cpu/mce/inject.c
+++ b/arch/x86/kernel/cpu/mce/inject.c
@@ -347,7 +347,7 @@ static ssize_t flags_write(struct file *filp, const char __user *ubuf,
char buf[MAX_FLAG_OPT_SIZE], *__buf;
int err;
- if (cnt > MAX_FLAG_OPT_SIZE)
+ if (!cnt || cnt > MAX_FLAG_OPT_SIZE)
return -EINVAL;
if (copy_from_user(&buf, ubuf, cnt))
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 098/320] ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 097/320] x86/mce/inject: Avoid out-of-bounds write when setting flags Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 099/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() Greg Kroah-Hartman
` (226 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Rafael J. Wysocki,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit f85196bdd5a50da74670250564740fc852b3c239 ]
BCM4752 and LNV4752 ACPI nodes describe a Broadcom 4752 GPS module
attached to an UART of the system.
The GPS modules talk a custom protocol which only works with a closed-
source Android gpsd daemon which knows this protocol.
The ACPI nodes also describe GPIOs to turn the GPS on/off these are
handled by the net/rfkill/rfkill-gpio.c code. This handling predates the
addition of enumeration of ACPI instantiated serdevs to the kernel and
was broken by that addition, because the ACPI scan code now no longer
instantiates platform_device-s for these nodes.
Rename the i2c_multi_instantiate_ids HID list to ignore_serial_bus_ids
and add the BCM4752 and LNV4752 HIDs, so that rfkill-gpio gets
a platform_device to bind to again; and so that a tty cdev for gpsd
gets created for these.
Fixes: e361d1f85855 ("ACPI / scan: Fix enumeration for special UART devices")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/scan.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 95d119ff76b65..5d4be80ee6cb4 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -1577,6 +1577,7 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device)
{
struct list_head resource_list;
bool is_serial_bus_slave = false;
+ static const struct acpi_device_id ignore_serial_bus_ids[] = {
/*
* These devices have multiple I2cSerialBus resources and an i2c-client
* must be instantiated for each, each with its own i2c_device_id.
@@ -1585,11 +1586,18 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device)
* drivers/platform/x86/i2c-multi-instantiate.c driver, which knows
* which i2c_device_id to use for each resource.
*/
- static const struct acpi_device_id i2c_multi_instantiate_ids[] = {
{"BSG1160", },
{"BSG2150", },
{"INT33FE", },
{"INT3515", },
+ /*
+ * HIDs of device with an UartSerialBusV2 resource for which userspace
+ * expects a regular tty cdev to be created (instead of the in kernel
+ * serdev) and which have a kernel driver which expects a platform_dev
+ * such as the rfkill-gpio driver.
+ */
+ {"BCM4752", },
+ {"LNV4752", },
{}
};
@@ -1603,8 +1611,7 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device)
fwnode_property_present(&device->fwnode, "baud")))
return true;
- /* Instantiate a pdev for the i2c-multi-instantiate drv to bind to */
- if (!acpi_match_device_ids(device, i2c_multi_instantiate_ids))
+ if (!acpi_match_device_ids(device, ignore_serial_bus_ids))
return false;
INIT_LIST_HEAD(&resource_list);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 099/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 098/320] ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 100/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() Greg Kroah-Hartman
` (225 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Dominik Brodowski,
Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit ca0fe0d7c35c97528bdf621fdca75f13157c27af ]
In __nonstatic_find_io_region(), pcmcia_make_resource() is assigned to
res and used in pci_bus_alloc_resource(). There is a dereference of res
in pci_bus_alloc_resource(), which could lead to a NULL pointer
dereference on failure of pcmcia_make_resource().
Fix this bug by adding a check of res.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_PCCARD_NONSTATIC=y show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
[linux@dominikbrodowski.net: Fix typo in commit message]
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pcmcia/rsrc_nonstatic.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/pcmcia/rsrc_nonstatic.c b/drivers/pcmcia/rsrc_nonstatic.c
index 9e6922c08ef62..03ae998675e87 100644
--- a/drivers/pcmcia/rsrc_nonstatic.c
+++ b/drivers/pcmcia/rsrc_nonstatic.c
@@ -690,6 +690,9 @@ static struct resource *__nonstatic_find_io_region(struct pcmcia_socket *s,
unsigned long min = base;
int ret;
+ if (!res)
+ return NULL;
+
data.mask = align - 1;
data.offset = base & data.mask;
data.map = &s_data->io_db;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 100/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 099/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 101/320] netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() Greg Kroah-Hartman
` (224 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Dominik Brodowski,
Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 977d2e7c63c3d04d07ba340b39987742e3241554 ]
In nonstatic_find_mem_region(), pcmcia_make_resource() is assigned to
res and used in pci_bus_alloc_resource(). There a dereference of res
in pci_bus_alloc_resource(), which could lead to a NULL pointer
dereference on failure of pcmcia_make_resource().
Fix this bug by adding a check of res.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_PCCARD_NONSTATIC=y show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pcmcia/rsrc_nonstatic.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/pcmcia/rsrc_nonstatic.c b/drivers/pcmcia/rsrc_nonstatic.c
index 03ae998675e87..3a512513cb32f 100644
--- a/drivers/pcmcia/rsrc_nonstatic.c
+++ b/drivers/pcmcia/rsrc_nonstatic.c
@@ -812,6 +812,9 @@ static struct resource *nonstatic_find_mem_region(u_long base, u_long num,
unsigned long min, max;
int ret, i, j;
+ if (!res)
+ return NULL;
+
low = low || !(s->features & SS_CAP_PAGE_REGS);
data.mask = align - 1;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 101/320] netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 100/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 102/320] bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt() Greg Kroah-Hartman
` (223 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xin Xiong, Xiyu Yang, Xin Tan,
Pablo Neira Ayuso, Sasha Levin
From: Xin Xiong <xiongx18@fudan.edu.cn>
[ Upstream commit d94a69cb2cfa77294921aae9afcfb866e723a2da ]
The issue takes place in one error path of clusterip_tg_check(). When
memcmp() returns nonzero, the function simply returns the error code,
forgetting to decrease the reference count of a clusterip_config
object, which is bumped earlier by clusterip_config_find_get(). This
may incur reference count leak.
Fix this issue by decrementing the refcount of the object in specific
error path.
Fixes: 06aa151ad1fc74 ("netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set")
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 6bdb1ab8af617..63ebb87d85331 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -505,8 +505,11 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
if (IS_ERR(config))
return PTR_ERR(config);
}
- } else if (memcmp(&config->clustermac, &cipinfo->clustermac, ETH_ALEN))
+ } else if (memcmp(&config->clustermac, &cipinfo->clustermac, ETH_ALEN)) {
+ clusterip_config_entry_put(config);
+ clusterip_config_put(config);
return -EINVAL;
+ }
ret = nf_ct_netns_get(par->net, par->family);
if (ret < 0) {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 102/320] bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 101/320] netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 103/320] ppp: ensure minimum packet size in ppp_write() Greg Kroah-Hartman
` (222 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuniyuki Iwashima,
Alexei Starovoitov, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
[ Upstream commit 04c350b1ae6bdb12b84009a4d0bf5ab4e621c47b ]
The commit 4057765f2dee ("sock: consistent handling of extreme
SO_SNDBUF/SO_RCVBUF values") added a change to prevent underflow
in setsockopt() around SO_SNDBUF/SO_RCVBUF.
This patch adds the same change to _bpf_setsockopt().
Fixes: 4057765f2dee ("sock: consistent handling of extreme SO_SNDBUF/SO_RCVBUF values")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220104013153.97906-2-kuniyu@amazon.co.jp
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index 5ebc973ed4c50..b90c0b5a10112 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4248,12 +4248,14 @@ BPF_CALL_5(bpf_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
switch (optname) {
case SO_RCVBUF:
val = min_t(u32, val, sysctl_rmem_max);
+ val = min_t(int, val, INT_MAX / 2);
sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
WRITE_ONCE(sk->sk_rcvbuf,
max_t(int, val * 2, SOCK_MIN_RCVBUF));
break;
case SO_SNDBUF:
val = min_t(u32, val, sysctl_wmem_max);
+ val = min_t(int, val, INT_MAX / 2);
sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
WRITE_ONCE(sk->sk_sndbuf,
max_t(int, val * 2, SOCK_MIN_SNDBUF));
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 103/320] ppp: ensure minimum packet size in ppp_write()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 102/320] bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 104/320] rocker: fix a sleeping in atomic bug Greg Kroah-Hartman
` (221 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Paul Mackerras,
linux-ppp, syzbot, Guillaume Nault, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 44073187990d5629804ce0627525f6ea5cfef171 ]
It seems pretty clear ppp layer assumed user space
would always be kind to provide enough data
in their write() to a ppp device.
This patch makes sure user provides at least
2 bytes.
It adds PPP_PROTO_LEN macro that could replace
in net-next many occurrences of hard-coded 2 value.
I replaced only one occurrence to ease backports
to stable kernels.
The bug manifests in the following report:
BUG: KMSAN: uninit-value in ppp_send_frame+0x28d/0x27c0 drivers/net/ppp/ppp_generic.c:1740
ppp_send_frame+0x28d/0x27c0 drivers/net/ppp/ppp_generic.c:1740
__ppp_xmit_process+0x23e/0x4b0 drivers/net/ppp/ppp_generic.c:1640
ppp_xmit_process+0x1fe/0x480 drivers/net/ppp/ppp_generic.c:1661
ppp_write+0x5cb/0x5e0 drivers/net/ppp/ppp_generic.c:513
do_iter_write+0xb0c/0x1500 fs/read_write.c:853
vfs_writev fs/read_write.c:924 [inline]
do_writev+0x645/0xe00 fs/read_write.c:967
__do_sys_writev fs/read_write.c:1040 [inline]
__se_sys_writev fs/read_write.c:1037 [inline]
__x64_sys_writev+0xe5/0x120 fs/read_write.c:1037
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x44/0xae
Uninit was created at:
slab_post_alloc_hook mm/slab.h:524 [inline]
slab_alloc_node mm/slub.c:3251 [inline]
__kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
kmalloc_reserve net/core/skbuff.c:354 [inline]
__alloc_skb+0x545/0xf90 net/core/skbuff.c:426
alloc_skb include/linux/skbuff.h:1126 [inline]
ppp_write+0x11d/0x5e0 drivers/net/ppp/ppp_generic.c:501
do_iter_write+0xb0c/0x1500 fs/read_write.c:853
vfs_writev fs/read_write.c:924 [inline]
do_writev+0x645/0xe00 fs/read_write.c:967
__do_sys_writev fs/read_write.c:1040 [inline]
__se_sys_writev fs/read_write.c:1037 [inline]
__x64_sys_writev+0xe5/0x120 fs/read_write.c:1037
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: linux-ppp@vger.kernel.org
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ppp/ppp_generic.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index c6c41a7836c93..a085213dc2eaa 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -69,6 +69,8 @@
#define MPHDRLEN 6 /* multilink protocol header length */
#define MPHDRLEN_SSN 4 /* ditto with short sequence numbers */
+#define PPP_PROTO_LEN 2
+
/*
* An instance of /dev/ppp can be associated with either a ppp
* interface unit or a ppp channel. In both cases, file->private_data
@@ -498,6 +500,9 @@ static ssize_t ppp_write(struct file *file, const char __user *buf,
if (!pf)
return -ENXIO;
+ /* All PPP packets should start with the 2-byte protocol */
+ if (count < PPP_PROTO_LEN)
+ return -EINVAL;
ret = -ENOMEM;
skb = alloc_skb(count + pf->hdrlen, GFP_KERNEL);
if (!skb)
@@ -1544,7 +1549,7 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
}
++ppp->stats64.tx_packets;
- ppp->stats64.tx_bytes += skb->len - 2;
+ ppp->stats64.tx_bytes += skb->len - PPP_PROTO_LEN;
switch (proto) {
case PPP_IP:
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 104/320] rocker: fix a sleeping in atomic bug
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 103/320] ppp: ensure minimum packet size in ppp_write() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 105/320] staging: greybus: audio: Check null pointer Greg Kroah-Hartman
` (220 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, David S. Miller, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 43d012123122cc69feacab55b71369f386c19566 ]
This code is holding the &ofdpa->flow_tbl_lock spinlock so it is not
allowed to sleep. That means we have to pass the OFDPA_OP_FLAG_NOWAIT
flag to ofdpa_flow_tbl_del().
Fixes: 936bd486564a ("rocker: use FIB notifications instead of switchdev calls")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/rocker/rocker_ofdpa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/rocker/rocker_ofdpa.c b/drivers/net/ethernet/rocker/rocker_ofdpa.c
index 7072b249c8bd6..8157666209798 100644
--- a/drivers/net/ethernet/rocker/rocker_ofdpa.c
+++ b/drivers/net/ethernet/rocker/rocker_ofdpa.c
@@ -2795,7 +2795,8 @@ static void ofdpa_fib4_abort(struct rocker *rocker)
if (!ofdpa_port)
continue;
nh->fib_nh_flags &= ~RTNH_F_OFFLOAD;
- ofdpa_flow_tbl_del(ofdpa_port, OFDPA_OP_FLAG_REMOVE,
+ ofdpa_flow_tbl_del(ofdpa_port,
+ OFDPA_OP_FLAG_REMOVE | OFDPA_OP_FLAG_NOWAIT,
flow_entry);
}
spin_unlock_irqrestore(&ofdpa->flow_tbl_lock, flags);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 105/320] staging: greybus: audio: Check null pointer
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 104/320] rocker: fix a sleeping in atomic bug Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 106/320] fsl/fman: Check for null pointer after calling devm_ioremap Greg Kroah-Hartman
` (219 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Elder, Jiasheng Jiang, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 2e81948177d769106754085c3e03534e6cc1f623 ]
As the possible alloc failure of devm_kcalloc(), it could return null
pointer.
Therefore, 'strings' should be checked and return NULL if alloc fails to
prevent the dereference of the NULL pointer.
Also, the caller should also deal with the return value of the
gb_generate_enum_strings() and return -ENOMEM if returns NULL.
Moreover, because the memory allocated with devm_kzalloc() will be
freed automatically when the last reference to the device is dropped,
the 'gbe' in gbaudio_tplg_create_enum_kctl() and
gbaudio_tplg_create_enum_ctl() do not need to free manually.
But the 'control' in gbaudio_tplg_create_widget() and
gbaudio_tplg_process_kcontrols() has a specially error handle to
cleanup.
So it should be better to cleanup 'control' when fails.
Fixes: e65579e335da ("greybus: audio: topology: Enable enumerated control support")
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220104150628.1987906-1-jiasheng@iscas.ac.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/greybus/audio_topology.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/staging/greybus/audio_topology.c b/drivers/staging/greybus/audio_topology.c
index a8cfea957868a..3e2fbcd20598a 100644
--- a/drivers/staging/greybus/audio_topology.c
+++ b/drivers/staging/greybus/audio_topology.c
@@ -145,6 +145,9 @@ static const char **gb_generate_enum_strings(struct gbaudio_module_info *gb,
items = le32_to_cpu(gbenum->items);
strings = devm_kcalloc(gb->dev, items, sizeof(char *), GFP_KERNEL);
+ if (!strings)
+ return NULL;
+
data = gbenum->names;
for (i = 0; i < items; i++) {
@@ -662,6 +665,8 @@ static int gbaudio_tplg_create_enum_kctl(struct gbaudio_module_info *gb,
/* since count=1, and reg is dummy */
gbe->max = le32_to_cpu(gb_enum->items);
gbe->texts = gb_generate_enum_strings(gb, gb_enum);
+ if (!gbe->texts)
+ return -ENOMEM;
/* debug enum info */
dev_dbg(gb->dev, "Max:%d, name_length:%d\n", gbe->max,
@@ -871,6 +876,8 @@ static int gbaudio_tplg_create_enum_ctl(struct gbaudio_module_info *gb,
/* since count=1, and reg is dummy */
gbe->max = le32_to_cpu(gb_enum->items);
gbe->texts = gb_generate_enum_strings(gb, gb_enum);
+ if (!gbe->texts)
+ return -ENOMEM;
/* debug enum info */
dev_dbg(gb->dev, "Max:%d, name_length:%d\n", gbe->max,
@@ -1081,6 +1088,10 @@ static int gbaudio_tplg_create_widget(struct gbaudio_module_info *module,
csize += le16_to_cpu(gbenum->names_length);
control->texts = (const char * const *)
gb_generate_enum_strings(module, gbenum);
+ if (!control->texts) {
+ ret = -ENOMEM;
+ goto error;
+ }
control->items = le32_to_cpu(gbenum->items);
} else {
csize = sizeof(struct gb_audio_control);
@@ -1190,6 +1201,10 @@ static int gbaudio_tplg_process_kcontrols(struct gbaudio_module_info *module,
csize += le16_to_cpu(gbenum->names_length);
control->texts = (const char * const *)
gb_generate_enum_strings(module, gbenum);
+ if (!control->texts) {
+ ret = -ENOMEM;
+ goto error;
+ }
control->items = le32_to_cpu(gbenum->items);
} else {
csize = sizeof(struct gb_audio_control);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 106/320] fsl/fman: Check for null pointer after calling devm_ioremap
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 105/320] staging: greybus: audio: Check null pointer Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 107/320] Bluetooth: hci_bcm: Check for error irq Greg Kroah-Hartman
` (218 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, David S. Miller, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit d5a73ec96cc57cf67e51b12820fc2354e7ca46f8 ]
As the possible failure of the allocation, the devm_ioremap() may return
NULL pointer.
Take tgec_initialization() as an example.
If allocation fails, the params->base_addr will be NULL pointer and will
be assigned to tgec->regs in tgec_config().
Then it will cause the dereference of NULL pointer in set_mac_address(),
which is called by tgec_init().
Therefore, it should be better to add the sanity check after the calling
of the devm_ioremap().
Fixes: 3933961682a3 ("fsl/fman: Add FMan MAC driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/fman/mac.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/freescale/fman/mac.c b/drivers/net/ethernet/freescale/fman/mac.c
index 7ab8095db1928..147126e79986c 100644
--- a/drivers/net/ethernet/freescale/fman/mac.c
+++ b/drivers/net/ethernet/freescale/fman/mac.c
@@ -94,14 +94,17 @@ static void mac_exception(void *handle, enum fman_mac_exceptions ex)
__func__, ex);
}
-static void set_fman_mac_params(struct mac_device *mac_dev,
- struct fman_mac_params *params)
+static int set_fman_mac_params(struct mac_device *mac_dev,
+ struct fman_mac_params *params)
{
struct mac_priv_s *priv = mac_dev->priv;
params->base_addr = (typeof(params->base_addr))
devm_ioremap(priv->dev, mac_dev->res->start,
resource_size(mac_dev->res));
+ if (!params->base_addr)
+ return -ENOMEM;
+
memcpy(¶ms->addr, mac_dev->addr, sizeof(mac_dev->addr));
params->max_speed = priv->max_speed;
params->phy_if = mac_dev->phy_if;
@@ -112,6 +115,8 @@ static void set_fman_mac_params(struct mac_device *mac_dev,
params->event_cb = mac_exception;
params->dev_id = mac_dev;
params->internal_phy_node = priv->internal_phy_node;
+
+ return 0;
}
static int tgec_initialization(struct mac_device *mac_dev)
@@ -123,7 +128,9 @@ static int tgec_initialization(struct mac_device *mac_dev)
priv = mac_dev->priv;
- set_fman_mac_params(mac_dev, ¶ms);
+ err = set_fman_mac_params(mac_dev, ¶ms);
+ if (err)
+ goto _return;
mac_dev->fman_mac = tgec_config(¶ms);
if (!mac_dev->fman_mac) {
@@ -169,7 +176,9 @@ static int dtsec_initialization(struct mac_device *mac_dev)
priv = mac_dev->priv;
- set_fman_mac_params(mac_dev, ¶ms);
+ err = set_fman_mac_params(mac_dev, ¶ms);
+ if (err)
+ goto _return;
mac_dev->fman_mac = dtsec_config(¶ms);
if (!mac_dev->fman_mac) {
@@ -218,7 +227,9 @@ static int memac_initialization(struct mac_device *mac_dev)
priv = mac_dev->priv;
- set_fman_mac_params(mac_dev, ¶ms);
+ err = set_fman_mac_params(mac_dev, ¶ms);
+ if (err)
+ goto _return;
if (priv->max_speed == SPEED_10000)
params.phy_if = PHY_INTERFACE_MODE_XGMII;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 107/320] Bluetooth: hci_bcm: Check for error irq
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 106/320] fsl/fman: Check for null pointer after calling devm_ioremap Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 108/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init Greg Kroah-Hartman
` (217 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Marcel Holtmann, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit b38cd3b42fba66cc538edb9cf77e07881f43f8e2 ]
For the possible failure of the platform_get_irq(), the returned irq
could be error number and will finally cause the failure of the
request_irq().
Consider that platform_get_irq() can now in certain cases return
-EPROBE_DEFER, and the consequences of letting request_irq() effectively
convert that into -EINVAL, even at probe time rather than later on.
So it might be better to check just now.
Fixes: 0395ffc1ee05 ("Bluetooth: hci_bcm: Add PM for BCM devices")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_bcm.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
index 94ed734c1d7eb..c6bb380806f9b 100644
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -1127,7 +1127,12 @@ static int bcm_probe(struct platform_device *pdev)
return -ENOMEM;
dev->dev = &pdev->dev;
- dev->irq = platform_get_irq(pdev, 0);
+
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ return ret;
+
+ dev->irq = ret;
if (has_acpi_companion(&pdev->dev)) {
ret = bcm_acpi_probe(dev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 108/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 107/320] Bluetooth: hci_bcm: Check for error irq Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 109/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc Greg Kroah-Hartman
` (216 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito, Jiri Kosina,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit f364c571a5c77e96de2d32062ff019d6b8d2e2bc ]
The function performs a check on its input parameters, however, the
hdev parameter is used before the check.
Initialize the stack variables after checking the input parameters to
avoid a possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443831 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-uclogic-params.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index ed4ede52b017f..0afd368115891 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -832,10 +832,10 @@ int uclogic_params_init(struct uclogic_params *params,
struct hid_device *hdev)
{
int rc;
- struct usb_device *udev = hid_to_usb_dev(hdev);
- __u8 bNumInterfaces = udev->config->desc.bNumInterfaces;
- struct usb_interface *iface = to_usb_interface(hdev->dev.parent);
- __u8 bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+ struct usb_device *udev;
+ __u8 bNumInterfaces;
+ struct usb_interface *iface;
+ __u8 bInterfaceNumber;
bool found;
/* The resulting parameters (noop) */
struct uclogic_params p = {0, };
@@ -846,6 +846,11 @@ int uclogic_params_init(struct uclogic_params *params,
goto cleanup;
}
+ udev = hid_to_usb_dev(hdev);
+ bNumInterfaces = udev->config->desc.bNumInterfaces;
+ iface = to_usb_interface(hdev->dev.parent);
+ bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+
/*
* Set replacement report descriptor if the original matches the
* specified size. Otherwise keep interface unchanged.
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 109/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 108/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 110/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init Greg Kroah-Hartman
` (215 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito, Jiri Kosina,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit 0a94131d6920916ccb6a357037c535533af08819 ]
The function performs a check on the hdev input parameters, however, it
is used before the check.
Initialize the udev variable after the sanity check to avoid a
possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443827 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-uclogic-params.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index 0afd368115891..1f3ea6c93ef44 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -65,7 +65,7 @@ static int uclogic_params_get_str_desc(__u8 **pbuf, struct hid_device *hdev,
__u8 idx, size_t len)
{
int rc;
- struct usb_device *udev = hid_to_usb_dev(hdev);
+ struct usb_device *udev;
__u8 *buf = NULL;
/* Check arguments */
@@ -74,6 +74,8 @@ static int uclogic_params_get_str_desc(__u8 **pbuf, struct hid_device *hdev,
goto cleanup;
}
+ udev = hid_to_usb_dev(hdev);
+
buf = kmalloc(len, GFP_KERNEL);
if (buf == NULL) {
rc = -ENOMEM;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 110/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 109/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 111/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad Greg Kroah-Hartman
` (214 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito, Jiri Kosina,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit ff6b548afe4d9d1ff3a0f6ef79e8cbca25d8f905 ]
The function performs a check on its input parameters, however, the
hdev parameter is used before the check.
Initialize the stack variables after checking the input parameters to
avoid a possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443804 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-uclogic-params.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index 1f3ea6c93ef44..0fdac91c5f510 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -707,9 +707,9 @@ static int uclogic_params_huion_init(struct uclogic_params *params,
struct hid_device *hdev)
{
int rc;
- struct usb_device *udev = hid_to_usb_dev(hdev);
- struct usb_interface *iface = to_usb_interface(hdev->dev.parent);
- __u8 bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+ struct usb_device *udev;
+ struct usb_interface *iface;
+ __u8 bInterfaceNumber;
bool found;
/* The resulting parameters (noop) */
struct uclogic_params p = {0, };
@@ -723,6 +723,10 @@ static int uclogic_params_huion_init(struct uclogic_params *params,
goto cleanup;
}
+ udev = hid_to_usb_dev(hdev);
+ iface = to_usb_interface(hdev->dev.parent);
+ bInterfaceNumber = iface->cur_altsetting->desc.bInterfaceNumber;
+
/* If it's not a pen interface */
if (bInterfaceNumber != 0) {
/* TODO: Consider marking the interface invalid */
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 111/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 110/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 112/320] debugfs: lockdown: Allow reading debugfs files that are not world readable Greg Kroah-Hartman
` (213 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito, Jiri Kosina,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit aa320fdbbbb482c19100f51461bd0069753ce3d7 ]
The function performs a check on the hdev input parameters, however, it
is used before the check.
Initialize the udev variable after the sanity check to avoid a
possible NULL pointer dereference.
Fixes: 9614219e9310e ("HID: uclogic: Extract tablet parameter discovery into a module")
Addresses-Coverity-ID: 1443763 ("Null pointer dereference")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-uclogic-params.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-uclogic-params.c b/drivers/hid/hid-uclogic-params.c
index 0fdac91c5f510..191aba9f6b497 100644
--- a/drivers/hid/hid-uclogic-params.c
+++ b/drivers/hid/hid-uclogic-params.c
@@ -451,7 +451,7 @@ static int uclogic_params_frame_init_v1_buttonpad(
{
int rc;
bool found = false;
- struct usb_device *usb_dev = hid_to_usb_dev(hdev);
+ struct usb_device *usb_dev;
char *str_buf = NULL;
const size_t str_len = 16;
@@ -461,6 +461,8 @@ static int uclogic_params_frame_init_v1_buttonpad(
goto cleanup;
}
+ usb_dev = hid_to_usb_dev(hdev);
+
/*
* Enable generic button mode
*/
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 112/320] debugfs: lockdown: Allow reading debugfs files that are not world readable
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 111/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 113/320] net/mlx5e: Dont block routes with nexthop objects in SW Greg Kroah-Hartman
` (212 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michal Suchanek, Sasha Levin
From: Michal Suchanek <msuchanek@suse.de>
[ Upstream commit 358fcf5ddbec4e6706405847d6a666f5933a6c25 ]
When the kernel is locked down the kernel allows reading only debugfs
files with mode 444. Mode 400 is also valid but is not allowed.
Make the 444 into a mask.
Fixes: 5496197f9b08 ("debugfs: Restrict debugfs when the kernel is locked down")
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Link: https://lore.kernel.org/r/20220104170505.10248-1-msuchanek@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/debugfs/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
index a32c5c7dcfd89..da87615ad69a7 100644
--- a/fs/debugfs/file.c
+++ b/fs/debugfs/file.c
@@ -146,7 +146,7 @@ static int debugfs_locked_down(struct inode *inode,
struct file *filp,
const struct file_operations *real_fops)
{
- if ((inode->i_mode & 07777) == 0444 &&
+ if ((inode->i_mode & 07777 & ~0444) == 0 &&
!(filp->f_mode & FMODE_WRITE) &&
!real_fops->unlocked_ioctl &&
!real_fops->compat_ioctl &&
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 113/320] net/mlx5e: Dont block routes with nexthop objects in SW
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 112/320] debugfs: lockdown: Allow reading debugfs files that are not world readable Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 114/320] Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels" Greg Kroah-Hartman
` (211 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maor Dickman, Roi Dayan,
Saeed Mahameed, Sasha Levin
From: Maor Dickman <maord@nvidia.com>
[ Upstream commit 9e72a55a3c9d54b38a704bb7292d984574a81d9d ]
Routes with nexthop objects is currently not supported by multipath offload
and any attempts to use it is blocked, however this also block adding SW
routes with nexthop.
Resolve this by returning NOTIFY_DONE instead of an error which will allow such
a route to be created in SW but not offloaded.
This fix also solve an issue which block adding such routes on different devices
due to missing check if the route FIB device is one of multipath devices.
Fixes: 6a87afc072c3 ("mlx5: Fail attempts to use routes with nexthop objects")
Signed-off-by: Maor Dickman <maord@nvidia.com>
Reviewed-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c b/drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c
index bdc7f915d80e3..101667c6b5843 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lag_mp.c
@@ -265,10 +265,8 @@ static int mlx5_lag_fib_event(struct notifier_block *nb,
fen_info = container_of(info, struct fib_entry_notifier_info,
info);
fi = fen_info->fi;
- if (fi->nh) {
- NL_SET_ERR_MSG_MOD(info->extack, "IPv4 route with nexthop objects is not supported");
- return notifier_from_errno(-EINVAL);
- }
+ if (fi->nh)
+ return NOTIFY_DONE;
fib_dev = fib_info_nh(fen_info->fi, 0)->fib_nh_dev;
if (fib_dev != ldev->pf[0].netdev &&
fib_dev != ldev->pf[1].netdev) {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 114/320] Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 113/320] net/mlx5e: Dont block routes with nexthop objects in SW Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 115/320] net/mlx5: Set command entry semaphore up once got index free Greg Kroah-Hartman
` (210 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aya Levin, Gal Pressman,
Saeed Mahameed, Sasha Levin
From: Aya Levin <ayal@nvidia.com>
[ Upstream commit 64050cdad0983ad8060e33c3f4b5aee2366bcebd ]
This reverts commit 6d6727dddc7f93fcc155cb8d0c49c29ae0e71122.
Although the NIC doesn't support offload of outer header CSUM, using
gso_partial_features allows offloading the tunnel's segmentation. The
driver relies on the stack CSUM calculation of the outer header. For
this, NETIF_F_GSO_UDP_TUNNEL_CSUM must be a member of the device's
features.
Fixes: 6d6727dddc7f ("net/mlx5e: Block offload of outer header csum for UDP tunnels")
Signed-off-by: Aya Levin <ayal@nvidia.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index dea884c94568c..2465165cbea73 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -5053,9 +5053,13 @@ static void mlx5e_build_nic_netdev(struct net_device *netdev)
}
if (mlx5_vxlan_allowed(mdev->vxlan) || mlx5_geneve_tx_allowed(mdev)) {
- netdev->hw_features |= NETIF_F_GSO_UDP_TUNNEL;
- netdev->hw_enc_features |= NETIF_F_GSO_UDP_TUNNEL;
- netdev->vlan_features |= NETIF_F_GSO_UDP_TUNNEL;
+ netdev->hw_features |= NETIF_F_GSO_UDP_TUNNEL |
+ NETIF_F_GSO_UDP_TUNNEL_CSUM;
+ netdev->hw_enc_features |= NETIF_F_GSO_UDP_TUNNEL |
+ NETIF_F_GSO_UDP_TUNNEL_CSUM;
+ netdev->gso_partial_features = NETIF_F_GSO_UDP_TUNNEL_CSUM;
+ netdev->vlan_features |= NETIF_F_GSO_UDP_TUNNEL |
+ NETIF_F_GSO_UDP_TUNNEL_CSUM;
}
if (mlx5e_tunnel_proto_supported(mdev, IPPROTO_GRE)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 115/320] net/mlx5: Set command entry semaphore up once got index free
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 114/320] Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels" Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 116/320] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe Greg Kroah-Hartman
` (209 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moshe Shemesh, Eran Ben Elisha,
Saeed Mahameed, Sasha Levin
From: Moshe Shemesh <moshe@nvidia.com>
[ Upstream commit 8e715cd613a1e872b9d918e912d90b399785761a ]
Avoid a race where command work handler may fail to allocate command
entry index, by holding the command semaphore down till command entry
index is being freed.
Fixes: 410bd754cd73 ("net/mlx5: Add retry mechanism to the command entry index allocation")
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Eran Ben Elisha <eranbe@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
index bf091a6c0cd2d..cedb102ce8d2f 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -147,8 +147,12 @@ static void cmd_ent_put(struct mlx5_cmd_work_ent *ent)
if (!refcount_dec_and_test(&ent->refcnt))
return;
- if (ent->idx >= 0)
- cmd_free_index(ent->cmd, ent->idx);
+ if (ent->idx >= 0) {
+ struct mlx5_cmd *cmd = ent->cmd;
+
+ cmd_free_index(cmd, ent->idx);
+ up(ent->page_queue ? &cmd->pages_sem : &cmd->sem);
+ }
cmd_free_ent(ent);
}
@@ -1577,8 +1581,6 @@ static void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec, bool force
vector = vec & 0xffffffff;
for (i = 0; i < (1 << cmd->log_sz); i++) {
if (test_bit(i, &vector)) {
- struct semaphore *sem;
-
ent = cmd->ent_arr[i];
/* if we already completed the command, ignore it */
@@ -1601,10 +1603,6 @@ static void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec, bool force
dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR)
cmd_ent_put(ent);
- if (ent->page_queue)
- sem = &cmd->pages_sem;
- else
- sem = &cmd->sem;
ent->ts2 = ktime_get_ns();
memcpy(ent->out->first.data, ent->lay->out, sizeof(ent->lay->out));
dump_command(dev, ent, 0);
@@ -1658,7 +1656,6 @@ static void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec, bool force
*/
complete(&ent->done);
}
- up(sem);
}
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 116/320] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 115/320] net/mlx5: Set command entry semaphore up once got index free Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 117/320] tpm: add request_locality before write TPM_INT_ENABLE Greg Kroah-Hartman
` (208 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 69c1b87516e327a60b39f96b778fe683259408bf ]
If the probe fails, we should use pm_runtime_disable() to balance
pm_runtime_enable().
Add missing pm_runtime_disable() for meson_spifc_probe.
Fixes: c3e4bc5434d2 ("spi: meson: Add support for Amlogic Meson SPIFC")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220107075424.7774-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-meson-spifc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-meson-spifc.c b/drivers/spi/spi-meson-spifc.c
index c7b0399802913..cae934464f3dd 100644
--- a/drivers/spi/spi-meson-spifc.c
+++ b/drivers/spi/spi-meson-spifc.c
@@ -349,6 +349,7 @@ static int meson_spifc_probe(struct platform_device *pdev)
return 0;
out_clk:
clk_disable_unprepare(spifc->clk);
+ pm_runtime_disable(spifc->dev);
out_err:
spi_master_put(master);
return ret;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 117/320] tpm: add request_locality before write TPM_INT_ENABLE
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 116/320] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 118/320] can: softing: softing_startstop(): fix set but not used variable warning Greg Kroah-Hartman
` (207 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Jun, Jarkko Sakkinen, Sasha Levin
From: Chen Jun <chenjun102@huawei.com>
[ Upstream commit 0ef333f5ba7f24f5d8478425c163d3097f1c7afd ]
Locality is not appropriately requested before writing the int mask.
Add the missing boilerplate.
Fixes: e6aef069b6e9 ("tpm_tis: convert to using locality callbacks")
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 2fe26ec03552b..70f7859942287 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -877,7 +877,15 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
intmask &= ~TPM_GLOBAL_INT_ENABLE;
+
+ rc = request_locality(chip, 0);
+ if (rc < 0) {
+ rc = -ENODEV;
+ goto out_err;
+ }
+
tpm_tis_write32(priv, TPM_INT_ENABLE(priv->locality), intmask);
+ release_locality(chip, 0);
rc = tpm_chip_start(chip);
if (rc)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 118/320] can: softing: softing_startstop(): fix set but not used variable warning
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 117/320] tpm: add request_locality before write TPM_INT_ENABLE Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 119/320] can: xilinx_can: xcan_probe(): check for error irq Greg Kroah-Hartman
` (206 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kurt Van Dijck, Marc Kleine-Budde,
Sasha Levin
From: Marc Kleine-Budde <mkl@pengutronix.de>
[ Upstream commit 370d988cc529598ebaec6487d4f84c2115dc696b ]
In the function softing_startstop() the variable error_reporting is
assigned but not used. The code that uses this variable is commented
out. Its stated that the functionality is not finally verified.
To fix the warning:
| drivers/net/can/softing/softing_fw.c:424:9: error: variable 'error_reporting' set but not used [-Werror,-Wunused-but-set-variable]
remove the comment, activate the code, but add a "0 &&" to the if
expression and rely on the optimizer rather than the preprocessor to
remove the code.
Link: https://lore.kernel.org/all/20220109103126.1872833-1-mkl@pengutronix.de
Fixes: 03fd3cf5a179 ("can: add driver for Softing card")
Cc: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/softing/softing_fw.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/can/softing/softing_fw.c b/drivers/net/can/softing/softing_fw.c
index 8f44fdd8804bf..1c2afa17c26d1 100644
--- a/drivers/net/can/softing/softing_fw.c
+++ b/drivers/net/can/softing/softing_fw.c
@@ -565,18 +565,19 @@ int softing_startstop(struct net_device *dev, int up)
if (ret < 0)
goto failed;
}
- /* enable_error_frame */
- /*
+
+ /* enable_error_frame
+ *
* Error reporting is switched off at the moment since
* the receiving of them is not yet 100% verified
* This should be enabled sooner or later
- *
- if (error_reporting) {
+ */
+ if (0 && error_reporting) {
ret = softing_fct_cmd(card, 51, "enable_error_frame");
if (ret < 0)
goto failed;
}
- */
+
/* initialize interface */
iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 2]);
iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 4]);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 119/320] can: xilinx_can: xcan_probe(): check for error irq
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 118/320] can: softing: softing_startstop(): fix set but not used variable warning Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 120/320] pcmcia: fix setting of kthread task states Greg Kroah-Hartman
` (205 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Marc Kleine-Budde,
Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit c6564c13dae25cd7f8e1de5127b4da4500ee5844 ]
For the possible failure of the platform_get_irq(), the returned irq
could be error number and will finally cause the failure of the
request_irq().
Consider that platform_get_irq() can now in certain cases return
-EPROBE_DEFER, and the consequences of letting request_irq()
effectively convert that into -EINVAL, even at probe time rather than
later on. So it might be better to check just now.
Fixes: b1201e44f50b ("can: xilinx CAN controller support")
Link: https://lore.kernel.org/all/20211224021324.1447494-1-jiasheng@iscas.ac.cn
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/xilinx_can.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/can/xilinx_can.c b/drivers/net/can/xilinx_can.c
index 0de39ebb35662..008d3d492bd1c 100644
--- a/drivers/net/can/xilinx_can.c
+++ b/drivers/net/can/xilinx_can.c
@@ -1753,7 +1753,12 @@ static int xcan_probe(struct platform_device *pdev)
spin_lock_init(&priv->tx_lock);
/* Get IRQ for the device */
- ndev->irq = platform_get_irq(pdev, 0);
+ ret = platform_get_irq(pdev, 0);
+ if (ret < 0)
+ goto err_free;
+
+ ndev->irq = ret;
+
ndev->flags |= IFF_ECHO; /* We support local echo */
platform_set_drvdata(pdev, ndev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 120/320] pcmcia: fix setting of kthread task states
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 119/320] can: xilinx_can: xcan_probe(): check for error irq Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 121/320] net: mcs7830: handle usb read errors properly Greg Kroah-Hartman
` (204 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Al Viro, Matthew Wilcox (Oracle),
Dominik Brodowski, Sasha Levin
From: Dominik Brodowski <linux@dominikbrodowski.net>
[ Upstream commit fbb3485f1f931102d8ba606f1c28123f5b48afa3 ]
We need to set TASK_INTERRUPTIBLE before calling kthread_should_stop().
Otherwise, kthread_stop() might see that the pccardd thread is still
in TASK_RUNNING state and fail to wake it up.
Additionally, we only need to set the state back to TASK_RUNNING if
kthread_should_stop() breaks the loop.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Fixes: d3046ba809ce ("pcmcia: fix a boot time warning in pcmcia cs code")
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pcmcia/cs.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/pcmcia/cs.c b/drivers/pcmcia/cs.c
index e211e2619680c..f70197154a362 100644
--- a/drivers/pcmcia/cs.c
+++ b/drivers/pcmcia/cs.c
@@ -666,18 +666,16 @@ static int pccardd(void *__skt)
if (events || sysfs_events)
continue;
+ set_current_state(TASK_INTERRUPTIBLE);
if (kthread_should_stop())
break;
- set_current_state(TASK_INTERRUPTIBLE);
-
schedule();
- /* make sure we are running */
- __set_current_state(TASK_RUNNING);
-
try_to_freeze();
}
+ /* make sure we are running before we exit */
+ __set_current_state(TASK_RUNNING);
/* shut down socket, if a device is still present */
if (skt->state & SOCKET_PRESENT) {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 121/320] net: mcs7830: handle usb read errors properly
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 120/320] pcmcia: fix setting of kthread task states Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 122/320] ext4: avoid trim error on fs with small groups Greg Kroah-Hartman
` (203 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Arnd Bergmann,
Jakub Kicinski, Sasha Levin, syzbot+003c0a286b9af5412510
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit d668769eb9c52b150753f1653f7f5a0aeb8239d2 ]
Syzbot reported uninit value in mcs7830_bind(). The problem was in
missing validation check for bytes read via usbnet_read_cmd().
usbnet_read_cmd() internally calls usb_control_msg(), that returns
number of bytes read. Code should validate that requested number of bytes
was actually read.
So, this patch adds missing size validation check inside
mcs7830_get_reg() to prevent uninit value bugs
Reported-and-tested-by: syzbot+003c0a286b9af5412510@syzkaller.appspotmail.com
Fixes: 2a36d7083438 ("USB: driver for mcs7830 (aka DeLOCK) USB ethernet adapter")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20220106225716.7425-1-paskripkin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/mcs7830.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
index 09bfa6a4dfbc1..7e40e2e2f3723 100644
--- a/drivers/net/usb/mcs7830.c
+++ b/drivers/net/usb/mcs7830.c
@@ -108,8 +108,16 @@ static const char driver_name[] = "MOSCHIP usb-ethernet driver";
static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data)
{
- return usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ,
- 0x0000, index, data, size);
+ int ret;
+
+ ret = usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ,
+ 0x0000, index, data, size);
+ if (ret < 0)
+ return ret;
+ else if (ret < size)
+ return -ENODATA;
+
+ return ret;
}
static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, const void *data)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 122/320] ext4: avoid trim error on fs with small groups
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 121/320] net: mcs7830: handle usb read errors properly Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 123/320] ALSA: jack: Add missing rwsem around snd_ctl_remove() calls Greg Kroah-Hartman
` (202 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Czerner, Jan Kara,
Theodore Tso, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit 173b6e383d2a204c9921ffc1eca3b87aa2106c33 ]
A user reported FITRIM ioctl failing for him on ext4 on some devices
without apparent reason. After some debugging we've found out that
these devices (being LVM volumes) report rather large discard
granularity of 42MB and the filesystem had 1k blocksize and thus group
size of 8MB. Because ext4 FITRIM implementation puts discard
granularity into minlen, ext4_trim_fs() declared the trim request as
invalid. However just silently doing nothing seems to be a more
appropriate reaction to such combination of parameters since user did
not specify anything wrong.
CC: Lukas Czerner <lczerner@redhat.com>
Fixes: 5c2ed62fd447 ("ext4: Adjust minlen with discard_granularity in the FITRIM ioctl")
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20211112152202.26614-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/ioctl.c | 2 --
fs/ext4/mballoc.c | 8 ++++++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index ba13fbb443d58..9fa20f9ba52b5 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -1120,8 +1120,6 @@ resizefs_out:
sizeof(range)))
return -EFAULT;
- range.minlen = max((unsigned int)range.minlen,
- q->limits.discard_granularity);
ret = ext4_trim_fs(sb, &range);
if (ret < 0)
return ret;
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index b67ea979f0cf7..0307702d114db 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -5270,6 +5270,7 @@ out:
*/
int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range)
{
+ struct request_queue *q = bdev_get_queue(sb->s_bdev);
struct ext4_group_info *grp;
ext4_group_t group, first_group, last_group;
ext4_grpblk_t cnt = 0, first_cluster, last_cluster;
@@ -5288,6 +5289,13 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range)
start >= max_blks ||
range->len < sb->s_blocksize)
return -EINVAL;
+ /* No point to try to trim less than discard granularity */
+ if (range->minlen < q->limits.discard_granularity) {
+ minlen = EXT4_NUM_B2C(EXT4_SB(sb),
+ q->limits.discard_granularity >> sb->s_blocksize_bits);
+ if (minlen > EXT4_CLUSTERS_PER_GROUP(sb))
+ goto out;
+ }
if (end >= max_blks)
end = max_blks - 1;
if (end <= first_data_blk)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 123/320] ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 122/320] ext4: avoid trim error on fs with small groups Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 124/320] ALSA: PCM: " Greg Kroah-Hartman
` (201 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 06764dc931848c3a9bc01a63bbf76a605408bb54 ]
snd_ctl_remove() has to be called with card->controls_rwsem held (when
called after the card instantiation). This patch add the missing
rwsem calls around it.
Fixes: 9058cbe1eed2 ("ALSA: jack: implement kctl creating for jack devices")
Link: https://lore.kernel.org/r/20211116071314.15065-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/jack.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/core/jack.c b/sound/core/jack.c
index 8b209750c7a9c..b00ae6f39f054 100644
--- a/sound/core/jack.c
+++ b/sound/core/jack.c
@@ -54,10 +54,13 @@ static int snd_jack_dev_free(struct snd_device *device)
struct snd_card *card = device->card;
struct snd_jack_kctl *jack_kctl, *tmp_jack_kctl;
+ down_write(&card->controls_rwsem);
list_for_each_entry_safe(jack_kctl, tmp_jack_kctl, &jack->kctl_list, list) {
list_del_init(&jack_kctl->list);
snd_ctl_remove(card, jack_kctl->kctl);
}
+ up_write(&card->controls_rwsem);
+
if (jack->private_free)
jack->private_free(jack);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 124/320] ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 123/320] ALSA: jack: Add missing rwsem around snd_ctl_remove() calls Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 125/320] ALSA: hda: " Greg Kroah-Hartman
` (200 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 5471e9762e1af4b7df057a96bfd46cc250979b88 ]
snd_ctl_remove() has to be called with card->controls_rwsem held (when
called after the card instantiation). This patch add the missing
rwsem calls around it.
Fixes: a8ff48cb7083 ("ALSA: pcm: Free chmap at PCM free callback, too")
Link: https://lore.kernel.org/r/20211116071314.15065-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/pcm.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/core/pcm.c b/sound/core/pcm.c
index 9a72d641743d9..f8ce961c28d6e 100644
--- a/sound/core/pcm.c
+++ b/sound/core/pcm.c
@@ -810,7 +810,11 @@ EXPORT_SYMBOL(snd_pcm_new_internal);
static void free_chmap(struct snd_pcm_str *pstr)
{
if (pstr->chmap_kctl) {
- snd_ctl_remove(pstr->pcm->card, pstr->chmap_kctl);
+ struct snd_card *card = pstr->pcm->card;
+
+ down_write(&card->controls_rwsem);
+ snd_ctl_remove(card, pstr->chmap_kctl);
+ up_write(&card->controls_rwsem);
pstr->chmap_kctl = NULL;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 125/320] ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 124/320] ALSA: PCM: " Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 126/320] RDMA/hns: Validate the pkey index Greg Kroah-Hartman
` (199 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 80bd64af75b4bb11c0329bc66c35da2ddfb66d88 ]
snd_ctl_remove() has to be called with card->controls_rwsem held (when
called after the card instantiation). This patch add the missing
rwsem calls around it.
Fixes: d13bd412dce2 ("ALSA: hda - Manage kcontrol lists")
Link: https://lore.kernel.org/r/20211116071314.15065-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/hda_codec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 326f95ce5ceb1..c8847de8388f0 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -1721,8 +1721,11 @@ void snd_hda_ctls_clear(struct hda_codec *codec)
{
int i;
struct hda_nid_item *items = codec->mixers.list;
+
+ down_write(&codec->card->controls_rwsem);
for (i = 0; i < codec->mixers.used; i++)
snd_ctl_remove(codec->card, items[i].kctl);
+ up_write(&codec->card->controls_rwsem);
snd_array_free(&codec->mixers);
snd_array_free(&codec->nids);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 126/320] RDMA/hns: Validate the pkey index
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 125/320] ALSA: hda: " Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 127/320] clk: imx8mn: Fix imx8mn_clko1_sels Greg Kroah-Hartman
` (198 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kamal Heib, Jason Gunthorpe, Sasha Levin
From: Kamal Heib <kamalheib1@gmail.com>
[ Upstream commit 2a67fcfa0db6b4075515bd23497750849b88850f ]
Before query pkey, make sure that the queried index is valid.
Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver")
Link: https://lore.kernel.org/r/20211117145954.123893-1-kamalheib1@gmail.com
Signed-off-by: Kamal Heib <kamalheib1@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/infiniband/hw/hns/hns_roce_main.c b/drivers/infiniband/hw/hns/hns_roce_main.c
index f23a341400c06..a360e214deaa8 100644
--- a/drivers/infiniband/hw/hns/hns_roce_main.c
+++ b/drivers/infiniband/hw/hns/hns_roce_main.c
@@ -279,6 +279,9 @@ static enum rdma_link_layer hns_roce_get_link_layer(struct ib_device *device,
static int hns_roce_query_pkey(struct ib_device *ib_dev, u8 port, u16 index,
u16 *pkey)
{
+ if (index > 0)
+ return -EINVAL;
+
*pkey = PKEY_ID;
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 127/320] clk: imx8mn: Fix imx8mn_clko1_sels
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 126/320] RDMA/hns: Validate the pkey index Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 128/320] powerpc/prom_init: Fix improper check of prom_getprop() Greg Kroah-Hartman
` (197 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adam Ford, Fabio Estevam, Abel Vesa,
Sasha Levin
From: Adam Ford <aford173@gmail.com>
[ Upstream commit 570727e9acfac1c2330a01dd5e1272e9c3acec08 ]
When attempting to use sys_pll1_80m as the parent for clko1, the
system hangs. This is due to the fact that the source select
for sys_pll1_80m was incorrectly pointing to m7_alt_pll_clk, which
doesn't yet exist.
According to Rev 3 of the TRM, The imx8mn_clko1_sels also incorrectly
references an osc_27m which does not exist, nor does an entry for
source select bits 010b. Fix both by inserting a dummy clock into
the missing space in the table and renaming the incorrectly name clock
with dummy.
Fixes: 96d6392b54db ("clk: imx: Add support for i.MX8MN clock driver")
Signed-off-by: Adam Ford <aford173@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20211117133202.775633-1-aford173@gmail.com
Signed-off-by: Abel Vesa <abel.vesa@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/imx/clk-imx8mn.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/imx/clk-imx8mn.c b/drivers/clk/imx/clk-imx8mn.c
index 58b5acee38306..882b42efd2582 100644
--- a/drivers/clk/imx/clk-imx8mn.c
+++ b/drivers/clk/imx/clk-imx8mn.c
@@ -358,9 +358,9 @@ static const char * const imx8mn_pdm_sels[] = {"osc_24m", "sys_pll2_100m", "audi
static const char * const imx8mn_dram_core_sels[] = {"dram_pll_out", "dram_alt_root", };
-static const char * const imx8mn_clko1_sels[] = {"osc_24m", "sys_pll1_800m", "osc_27m",
- "sys_pll1_200m", "audio_pll2_out", "vpu_pll",
- "sys_pll1_80m", };
+static const char * const imx8mn_clko1_sels[] = {"osc_24m", "sys_pll1_800m", "dummy",
+ "sys_pll1_200m", "audio_pll2_out", "sys_pll2_500m",
+ "dummy", "sys_pll1_80m", };
static const char * const imx8mn_clko2_sels[] = {"osc_24m", "sys_pll2_200m", "sys_pll1_400m",
"sys_pll2_166m", "sys_pll3_out", "audio_pll1_out",
"video_pll1_out", "osc_32k", };
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 128/320] powerpc/prom_init: Fix improper check of prom_getprop()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 127/320] clk: imx8mn: Fix imx8mn_clko1_sels Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 129/320] ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA Greg Kroah-Hartman
` (196 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peiwei Hu, Michael Ellerman, Sasha Levin
From: Peiwei Hu <jlu.hpw@foxmail.com>
[ Upstream commit 869fb7e5aecbc163003f93f36dcc26d0554319f6 ]
prom_getprop() can return PROM_ERROR. Binary operator can not identify
it.
Fixes: 94d2dde738a5 ("[POWERPC] Efika: prune fixups and make them more carefull")
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/tencent_BA28CC6897B7C95A92EB8C580B5D18589105@qq.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/prom_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
index 1b65fb7c0bdaa..7f4e2c031a9ab 100644
--- a/arch/powerpc/kernel/prom_init.c
+++ b/arch/powerpc/kernel/prom_init.c
@@ -2919,7 +2919,7 @@ static void __init fixup_device_tree_efika_add_phy(void)
/* Check if the phy-handle property exists - bail if it does */
rv = prom_getprop(node, "phy-handle", prop, sizeof(prop));
- if (!rv)
+ if (rv <= 0)
return;
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 129/320] ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 128/320] powerpc/prom_init: Fix improper check of prom_getprop() Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 130/320] ALSA: oss: fix compile error when OSS_DEBUG is enabled Greg Kroah-Hartman
` (195 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Bulwahn, Mark Brown, Sasha Levin
From: Lukas Bulwahn <lukas.bulwahn@gmail.com>
[ Upstream commit 49f893253ab43566e34332a969324531fea463f6 ]
Commit f37fe2f9987b ("ASoC: uniphier: add support for UniPhier AIO common
driver") adds configs SND_SOC_UNIPHIER_{LD11,PXS2}, which select the
non-existing config SND_SOC_UNIPHIER_AIO_DMA.
Hence, ./scripts/checkkconfigsymbols.py warns:
SND_SOC_UNIPHIER_AIO_DMA
Referencing files: sound/soc/uniphier/Kconfig
Probably, there is actually no further config intended to be selected
here. So, just drop selecting the non-existing config.
Fixes: f37fe2f9987b ("ASoC: uniphier: add support for UniPhier AIO common driver")
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Link: https://lore.kernel.org/r/20211125095158.8394-2-lukas.bulwahn@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/uniphier/Kconfig | 2 --
1 file changed, 2 deletions(-)
diff --git a/sound/soc/uniphier/Kconfig b/sound/soc/uniphier/Kconfig
index aa3592ee1358b..ddfa6424c656b 100644
--- a/sound/soc/uniphier/Kconfig
+++ b/sound/soc/uniphier/Kconfig
@@ -23,7 +23,6 @@ config SND_SOC_UNIPHIER_LD11
tristate "UniPhier LD11/LD20 Device Driver"
depends on SND_SOC_UNIPHIER
select SND_SOC_UNIPHIER_AIO
- select SND_SOC_UNIPHIER_AIO_DMA
help
This adds ASoC driver for Socionext UniPhier LD11/LD20
input and output that can be used with other codecs.
@@ -34,7 +33,6 @@ config SND_SOC_UNIPHIER_PXS2
tristate "UniPhier PXs2 Device Driver"
depends on SND_SOC_UNIPHIER
select SND_SOC_UNIPHIER_AIO
- select SND_SOC_UNIPHIER_AIO_DMA
help
This adds ASoC driver for Socionext UniPhier PXs2
input and output that can be used with other codecs.
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 130/320] ALSA: oss: fix compile error when OSS_DEBUG is enabled
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 129/320] ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 131/320] char/mwave: Adjust io port register size Greg Kroah-Hartman
` (194 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bixuan Cui, Takashi Iwai, Sasha Levin
From: Bixuan Cui <cuibixuan@linux.alibaba.com>
[ Upstream commit 8e7daf318d97f25e18b2fc7eb5909e34cd903575 ]
Fix compile error when OSS_DEBUG is enabled:
sound/core/oss/pcm_oss.c: In function 'snd_pcm_oss_set_trigger':
sound/core/oss/pcm_oss.c:2055:10: error: 'substream' undeclared (first
use in this function); did you mean 'csubstream'?
pcm_dbg(substream->pcm, "pcm_oss: trigger = 0x%x\n", trigger);
^
Fixes: 61efcee8608c ("ALSA: oss: Use standard printk helpers")
Signed-off-by: Bixuan Cui <cuibixuan@linux.alibaba.com>
Link: https://lore.kernel.org/r/1638349134-110369-1-git-send-email-cuibixuan@linux.alibaba.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/oss/pcm_oss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
index 9e31f4bd43826..841c0a12cc929 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -2055,7 +2055,7 @@ static int snd_pcm_oss_set_trigger(struct snd_pcm_oss_file *pcm_oss_file, int tr
int err, cmd;
#ifdef OSS_DEBUG
- pcm_dbg(substream->pcm, "pcm_oss: trigger = 0x%x\n", trigger);
+ pr_debug("pcm_oss: trigger = 0x%x\n", trigger);
#endif
psubstream = pcm_oss_file->streams[SNDRV_PCM_STREAM_PLAYBACK];
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 131/320] char/mwave: Adjust io port register size
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 130/320] ALSA: oss: fix compile error when OSS_DEBUG is enabled Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 132/320] binder: fix handling of error during copy Greg Kroah-Hartman
` (193 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit f5912cc19acd7c24b2dbf65a6340bf194244f085 ]
Using MKWORD() on a byte-sized variable results in OOB read. Expand the
size of the reserved area so both MKWORD and MKBYTE continue to work
without overflow. Silences this warning on a -Warray-bounds build:
drivers/char/mwave/3780i.h:346:22: error: array subscript 'short unsigned int[0]' is partly outside array bounds of 'DSP_ISA_SLAVE_CONTROL[1]' [-Werror=array-bounds]
346 | #define MKWORD(var) (*((unsigned short *)(&var)))
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/char/mwave/3780i.h:356:40: note: in definition of macro 'OutWordDsp'
356 | #define OutWordDsp(index,value) outw(value,usDspBaseIO+index)
| ^~~~~
drivers/char/mwave/3780i.c:373:41: note: in expansion of macro 'MKWORD'
373 | OutWordDsp(DSP_IsaSlaveControl, MKWORD(rSlaveControl));
| ^~~~~~
drivers/char/mwave/3780i.c:358:31: note: while referencing 'rSlaveControl'
358 | DSP_ISA_SLAVE_CONTROL rSlaveControl;
| ^~~~~~~~~~~~~
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20211203084206.3104326-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/mwave/3780i.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/mwave/3780i.h b/drivers/char/mwave/3780i.h
index 9ccb6b270b071..95164246afd1a 100644
--- a/drivers/char/mwave/3780i.h
+++ b/drivers/char/mwave/3780i.h
@@ -68,7 +68,7 @@ typedef struct {
unsigned char ClockControl:1; /* RW: Clock control: 0=normal, 1=stop 3780i clocks */
unsigned char SoftReset:1; /* RW: Soft reset 0=normal, 1=soft reset active */
unsigned char ConfigMode:1; /* RW: Configuration mode, 0=normal, 1=config mode */
- unsigned char Reserved:5; /* 0: Reserved */
+ unsigned short Reserved:13; /* 0: Reserved */
} DSP_ISA_SLAVE_CONTROL;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 132/320] binder: fix handling of error during copy
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 131/320] char/mwave: Adjust io port register size Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 133/320] uio: uio_dmem_genirq: Catch the Exception Greg Kroah-Hartman
` (192 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Christian Brauner,
Todd Kjos, Sasha Levin
From: Todd Kjos <tkjos@google.com>
[ Upstream commit fe6b1869243f23a485a106c214bcfdc7aa0ed593 ]
If a memory copy function fails to copy the whole buffer,
a positive integar with the remaining bytes is returned.
In binder_translate_fd_array() this can result in an fd being
skipped due to the failed copy, but the loop continues
processing fds since the early return condition expects a
negative integer on error.
Fix by returning "ret > 0 ? -EINVAL : ret" to handle this case.
Fixes: bb4a2e48d510 ("binder: return errors from buffer copy functions")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20211130185152.437403-2-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/android/binder.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 0512af0f04646..b9fb2a9269443 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -2660,8 +2660,8 @@ static int binder_translate_fd_array(struct binder_fd_array_object *fda,
if (!ret)
ret = binder_translate_fd(fd, offset, t, thread,
in_reply_to);
- if (ret < 0)
- return ret;
+ if (ret)
+ return ret > 0 ? -EINVAL : ret;
}
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 133/320] uio: uio_dmem_genirq: Catch the Exception
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 132/320] binder: fix handling of error during copy Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 134/320] iommu/io-pgtable-arm: Fix table descriptor paddr formatting Greg Kroah-Hartman
` (191 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit eec91694f927d1026974444eb6a3adccd4f1cbc2 ]
The return value of dma_set_coherent_mask() is not always 0.
To catch the exception in case that dma is not support the mask.
Fixes: 0a0c3b5a24bd ("Add new uio device for dynamic memory allocation")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20211204000326.1592687-1-jiasheng@iscas.ac.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/uio/uio_dmem_genirq.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/uio/uio_dmem_genirq.c b/drivers/uio/uio_dmem_genirq.c
index 44858f70f5f52..bdba9dc06f63b 100644
--- a/drivers/uio/uio_dmem_genirq.c
+++ b/drivers/uio/uio_dmem_genirq.c
@@ -192,7 +192,11 @@ static int uio_dmem_genirq_probe(struct platform_device *pdev)
goto bad0;
}
- dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
+ ret = dma_set_coherent_mask(&pdev->dev, DMA_BIT_MASK(32));
+ if (ret) {
+ dev_err(&pdev->dev, "DMA enable failed\n");
+ return ret;
+ }
priv->uioinfo = uioinfo;
spin_lock_init(&priv->lock);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 134/320] iommu/io-pgtable-arm: Fix table descriptor paddr formatting
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 133/320] uio: uio_dmem_genirq: Catch the Exception Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 135/320] scsi: ufs: Fix race conditions related to driver data Greg Kroah-Hartman
` (190 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robin Murphy, Hector Martin,
Joerg Roedel, Sasha Levin
From: Hector Martin <marcan@marcan.st>
[ Upstream commit 9abe2ac834851a7d0b0756e295cf7a292c45ca53 ]
Table descriptors were being installed without properly formatting the
address using paddr_to_iopte, which does not match up with the
iopte_deref in __arm_lpae_map. This is incorrect for the LPAE pte
format, as it does not handle the high bits properly.
This was found on Apple T6000 DARTs, which require a new pte format
(different shift); adding support for that to
paddr_to_iopte/iopte_to_paddr caused it to break badly, as even <48-bit
addresses would end up incorrect in that case.
Fixes: 6c89928ff7a0 ("iommu/io-pgtable-arm: Support 52-bit physical address")
Acked-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Hector Martin <marcan@marcan.st>
Link: https://lore.kernel.org/r/20211120031343.88034-1-marcan@marcan.st
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/io-pgtable-arm.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
index ca51036aa53c7..975237ca03267 100644
--- a/drivers/iommu/io-pgtable-arm.c
+++ b/drivers/iommu/io-pgtable-arm.c
@@ -351,11 +351,12 @@ static int arm_lpae_init_pte(struct arm_lpae_io_pgtable *data,
static arm_lpae_iopte arm_lpae_install_table(arm_lpae_iopte *table,
arm_lpae_iopte *ptep,
arm_lpae_iopte curr,
- struct io_pgtable_cfg *cfg)
+ struct arm_lpae_io_pgtable *data)
{
arm_lpae_iopte old, new;
+ struct io_pgtable_cfg *cfg = &data->iop.cfg;
- new = __pa(table) | ARM_LPAE_PTE_TYPE_TABLE;
+ new = paddr_to_iopte(__pa(table), data) | ARM_LPAE_PTE_TYPE_TABLE;
if (cfg->quirks & IO_PGTABLE_QUIRK_ARM_NS)
new |= ARM_LPAE_PTE_NSTABLE;
@@ -406,7 +407,7 @@ static int __arm_lpae_map(struct arm_lpae_io_pgtable *data, unsigned long iova,
if (!cptep)
return -ENOMEM;
- pte = arm_lpae_install_table(cptep, ptep, 0, cfg);
+ pte = arm_lpae_install_table(cptep, ptep, 0, data);
if (pte)
__arm_lpae_free_pages(cptep, tblsz, cfg);
} else if (!cfg->coherent_walk && !(pte & ARM_LPAE_PTE_SW_SYNC)) {
@@ -575,7 +576,7 @@ static size_t arm_lpae_split_blk_unmap(struct arm_lpae_io_pgtable *data,
__arm_lpae_init_pte(data, blk_paddr, pte, lvl, &tablep[i]);
}
- pte = arm_lpae_install_table(tablep, ptep, blk_pte, cfg);
+ pte = arm_lpae_install_table(tablep, ptep, blk_pte, data);
if (pte != blk_pte) {
__arm_lpae_free_pages(tablep, tablesz, cfg);
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 135/320] scsi: ufs: Fix race conditions related to driver data
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 134/320] iommu/io-pgtable-arm: Fix table descriptor paddr formatting Greg Kroah-Hartman
@ 2022-01-24 18:41 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 136/320] PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() Greg Kroah-Hartman
` (189 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:41 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Dobriyan, Bean Huo,
Bart Van Assche, Martin K. Petersen, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 21ad0e49085deb22c094f91f9da57319a97188e4 ]
The driver data pointer must be set before any callbacks are registered
that use that pointer. Hence move the initialization of that pointer from
after the ufshcd_init() call to inside ufshcd_init().
Link: https://lore.kernel.org/r/20211203231950.193369-7-bvanassche@acm.org
Fixes: 3b1d05807a9a ("[SCSI] ufs: Segregate PCI Specific Code")
Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
Tested-by: Bean Huo <beanhuo@micron.com>
Reviewed-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/tc-dwc-g210-pci.c | 1 -
drivers/scsi/ufs/ufshcd-pltfrm.c | 2 --
drivers/scsi/ufs/ufshcd.c | 7 +++++++
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/ufs/tc-dwc-g210-pci.c b/drivers/scsi/ufs/tc-dwc-g210-pci.c
index 67a6a61154b71..4e471484539d2 100644
--- a/drivers/scsi/ufs/tc-dwc-g210-pci.c
+++ b/drivers/scsi/ufs/tc-dwc-g210-pci.c
@@ -135,7 +135,6 @@ tc_dwc_g210_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
return err;
}
- pci_set_drvdata(pdev, hba);
pm_runtime_put_noidle(&pdev->dev);
pm_runtime_allow(&pdev->dev);
diff --git a/drivers/scsi/ufs/ufshcd-pltfrm.c b/drivers/scsi/ufs/ufshcd-pltfrm.c
index 8d40dc918f4e1..10eec501f6b39 100644
--- a/drivers/scsi/ufs/ufshcd-pltfrm.c
+++ b/drivers/scsi/ufs/ufshcd-pltfrm.c
@@ -436,8 +436,6 @@ int ufshcd_pltfrm_init(struct platform_device *pdev,
goto dealloc_host;
}
- platform_set_drvdata(pdev, hba);
-
pm_runtime_set_active(&pdev->dev);
pm_runtime_enable(&pdev->dev);
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 29c7a76d2c658..ebf7ae1ef70d4 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -8328,6 +8328,13 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq)
struct Scsi_Host *host = hba->host;
struct device *dev = hba->dev;
+ /*
+ * dev_set_drvdata() must be called before any callbacks are registered
+ * that use dev_get_drvdata() (frequency scaling, clock scaling, hwmon,
+ * sysfs).
+ */
+ dev_set_drvdata(dev, hba);
+
if (!mmio_base) {
dev_err(hba->dev,
"Invalid memory reference for mmio_base is NULL\n");
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 136/320] PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-01-24 18:41 ` [PATCH 5.4 135/320] scsi: ufs: Fix race conditions related to driver data Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 137/320] powerpc/powermac: Add additional missing lockdep_register_key() Greg Kroah-Hartman
` (188 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Juergen Gross,
Jason Gunthorpe, Bjorn Helgaas, Sasha Levin
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 29bbc35e29d9b6347780dcacde2deb4b39344167 ]
pci_irq_vector() and pci_irq_get_affinity() use the list position to find the
MSI-X descriptor at a given index. That's correct for the normal case where
the entry number is the same as the list position.
But it's wrong for cases where MSI-X was allocated with an entries array
describing sparse entry numbers into the hardware message descriptor
table. That's inconsistent at best.
Make it always check the entry number because that's what the zero base
index really means. This change won't break existing users which use a
sparse entries array for allocation because these users retrieve the Linux
interrupt number from the entries array after allocation and none of them
uses pci_irq_vector() or pci_irq_get_affinity().
Fixes: aff171641d18 ("PCI: Provide sensible IRQ vector alloc/free routines")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Link: https://lore.kernel.org/r/20211206210223.929792157@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/msi.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
index 7dc10c2b4785d..715c85d4e688d 100644
--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -1294,19 +1294,24 @@ EXPORT_SYMBOL(pci_free_irq_vectors);
/**
* pci_irq_vector - return Linux IRQ number of a device vector
- * @dev: PCI device to operate on
- * @nr: device-relative interrupt vector index (0-based).
+ * @dev: PCI device to operate on
+ * @nr: Interrupt vector index (0-based)
+ *
+ * @nr has the following meanings depending on the interrupt mode:
+ * MSI-X: The index in the MSI-X vector table
+ * MSI: The index of the enabled MSI vectors
+ * INTx: Must be 0
+ *
+ * Return: The Linux interrupt number or -EINVAl if @nr is out of range.
*/
int pci_irq_vector(struct pci_dev *dev, unsigned int nr)
{
if (dev->msix_enabled) {
struct msi_desc *entry;
- int i = 0;
for_each_pci_msi_entry(entry, dev) {
- if (i == nr)
+ if (entry->msi_attrib.entry_nr == nr)
return entry->irq;
- i++;
}
WARN_ON_ONCE(1);
return -EINVAL;
@@ -1330,17 +1335,22 @@ EXPORT_SYMBOL(pci_irq_vector);
* pci_irq_get_affinity - return the affinity of a particular MSI vector
* @dev: PCI device to operate on
* @nr: device-relative interrupt vector index (0-based).
+ *
+ * @nr has the following meanings depending on the interrupt mode:
+ * MSI-X: The index in the MSI-X vector table
+ * MSI: The index of the enabled MSI vectors
+ * INTx: Must be 0
+ *
+ * Return: A cpumask pointer or NULL if @nr is out of range
*/
const struct cpumask *pci_irq_get_affinity(struct pci_dev *dev, int nr)
{
if (dev->msix_enabled) {
struct msi_desc *entry;
- int i = 0;
for_each_pci_msi_entry(entry, dev) {
- if (i == nr)
+ if (entry->msi_attrib.entry_nr == nr)
return &entry->affinity->mask;
- i++;
}
WARN_ON_ONCE(1);
return NULL;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 137/320] powerpc/powermac: Add additional missing lockdep_register_key()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 136/320] PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 138/320] RDMA/core: Let ib_find_gid() continue search even after empty entry Greg Kroah-Hartman
` (187 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erhard Furtner, Christophe Leroy,
Michael Ellerman, Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit b149d5d45ac9171ed699a256f026c8ebef901112 ]
Commit df1f679d19ed ("powerpc/powermac: Add missing
lockdep_register_key()") fixed a problem that was causing a WARNING.
There are two other places in the same file with the same problem
originating from commit 9e607f72748d ("i2c_powermac: shut up lockdep
warning").
Add missing lockdep_register_key()
Fixes: 9e607f72748d ("i2c_powermac: shut up lockdep warning")
Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Depends-on: df1f679d19ed ("powerpc/powermac: Add missing lockdep_register_key()")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=200055
Link: https://lore.kernel.org/r/2c7e421874e21b2fb87813d768cf662f630c2ad4.1638984999.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powermac/low_i2c.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/platforms/powermac/low_i2c.c b/arch/powerpc/platforms/powermac/low_i2c.c
index bf4be4b53b44d..a366233d8ac2d 100644
--- a/arch/powerpc/platforms/powermac/low_i2c.c
+++ b/arch/powerpc/platforms/powermac/low_i2c.c
@@ -811,6 +811,7 @@ static void __init pmu_i2c_probe(void)
bus->hostdata = bus + 1;
bus->xfer = pmu_i2c_xfer;
mutex_init(&bus->mutex);
+ lockdep_register_key(&bus->lock_key);
lockdep_set_class(&bus->mutex, &bus->lock_key);
bus->flags = pmac_i2c_multibus;
list_add(&bus->link, &pmac_i2c_busses);
@@ -934,6 +935,7 @@ static void __init smu_i2c_probe(void)
bus->hostdata = bus + 1;
bus->xfer = smu_i2c_xfer;
mutex_init(&bus->mutex);
+ lockdep_register_key(&bus->lock_key);
lockdep_set_class(&bus->mutex, &bus->lock_key);
bus->flags = 0;
list_add(&bus->link, &pmac_i2c_busses);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 138/320] RDMA/core: Let ib_find_gid() continue search even after empty entry
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 137/320] powerpc/powermac: Add additional missing lockdep_register_key() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 139/320] RDMA/cma: Let cma_resolve_ib_dev() " Greg Kroah-Hartman
` (186 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Avihai Horon, Mark Zhang,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
From: Avihai Horon <avihaih@nvidia.com>
[ Upstream commit 483d805191a23191f8294bbf9b4e94836f5d92e4 ]
Currently, ib_find_gid() will stop searching after encountering the first
empty GID table entry. This behavior is wrong since neither IB nor RoCE
spec enforce tightly packed GID tables.
For example, when a valid GID entry exists at index N, and if a GID entry
is empty at index N-1, ib_find_gid() will fail to find the valid entry.
Fix it by making ib_find_gid() continue searching even after encountering
missing entries.
Fixes: 5eb620c81ce3 ("IB/core: Add helpers for uncached GID and P_Key searches")
Link: https://lore.kernel.org/r/e55d331b96cecfc2cf19803d16e7109ea966882d.1639055490.git.leonro@nvidia.com
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c
index 256d379bba676..de66d7da1bf6e 100644
--- a/drivers/infiniband/core/device.c
+++ b/drivers/infiniband/core/device.c
@@ -2438,7 +2438,8 @@ int ib_find_gid(struct ib_device *device, union ib_gid *gid,
++i) {
ret = rdma_query_gid(device, port, i, &tmp_gid);
if (ret)
- return ret;
+ continue;
+
if (!memcmp(&tmp_gid, gid, sizeof *gid)) {
*port_num = port;
if (index)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 139/320] RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 138/320] RDMA/core: Let ib_find_gid() continue search even after empty entry Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 140/320] ASoC: rt5663: Handle device_property_read_u32_array error codes Greg Kroah-Hartman
` (185 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Avihai Horon, Mark Zhang,
Leon Romanovsky, Jason Gunthorpe, Sasha Levin
From: Avihai Horon <avihaih@nvidia.com>
[ Upstream commit 20679094a0161c94faf77e373fa3f7428a8e14bd ]
Currently, when cma_resolve_ib_dev() searches for a matching GID it will
stop searching after encountering the first empty GID table entry. This
behavior is wrong since neither IB nor RoCE spec enforce tightly packed
GID tables.
For example, when the matching valid GID entry exists at index N, and if a
GID entry is empty at index N-1, cma_resolve_ib_dev() will fail to find
the matching valid entry.
Fix it by making cma_resolve_ib_dev() continue searching even after
encountering missing entries.
Fixes: f17df3b0dede ("RDMA/cma: Add support for AF_IB to rdma_resolve_addr()")
Link: https://lore.kernel.org/r/b7346307e3bb396c43d67d924348c6c496493991.1639055490.git.leonro@nvidia.com
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cma.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index ec9e9598894f6..5e2b688e36fca 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -820,6 +820,7 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
u16 pkey, index;
u8 p;
enum ib_port_state port_state;
+ int ret;
int i;
cma_dev = NULL;
@@ -838,9 +839,14 @@ static int cma_resolve_ib_dev(struct rdma_id_private *id_priv)
if (ib_get_cached_port_state(cur_dev->device, p, &port_state))
continue;
- for (i = 0; !rdma_query_gid(cur_dev->device,
- p, i, &gid);
- i++) {
+
+ for (i = 0; i < cur_dev->device->port_data[p].immutable.gid_tbl_len;
+ ++i) {
+ ret = rdma_query_gid(cur_dev->device, p, i,
+ &gid);
+ if (ret)
+ continue;
+
if (!memcmp(&gid, dgid, sizeof(gid))) {
cma_dev = cur_dev;
sgid = gid;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 140/320] ASoC: rt5663: Handle device_property_read_u32_array error codes
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 139/320] RDMA/cma: Let cma_resolve_ib_dev() " Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 141/320] clk: stm32: Fix ltdcs clock turn off by clk_disable_unused() after system enter shell Greg Kroah-Hartman
` (184 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 2167c0b205960607fb136b4bb3c556a62be1569a ]
The return value of device_property_read_u32_array() is not always 0.
To catch the exception in case that devm_kzalloc failed and the
rt5663->imp_table was NULL, which caused the failure of
device_property_read_u32_array.
Fixes: 450f0f6a8fb4 ("ASoC: rt5663: Add the manual offset field to compensate the DC offset")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20211215031550.70702-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5663.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/rt5663.c b/sound/soc/codecs/rt5663.c
index 2943692f66edd..3610be1590fcc 100644
--- a/sound/soc/codecs/rt5663.c
+++ b/sound/soc/codecs/rt5663.c
@@ -3461,6 +3461,7 @@ static void rt5663_calibrate(struct rt5663_priv *rt5663)
static int rt5663_parse_dp(struct rt5663_priv *rt5663, struct device *dev)
{
int table_size;
+ int ret;
device_property_read_u32(dev, "realtek,dc_offset_l_manual",
&rt5663->pdata.dc_offset_l_manual);
@@ -3477,9 +3478,11 @@ static int rt5663_parse_dp(struct rt5663_priv *rt5663, struct device *dev)
table_size = sizeof(struct impedance_mapping_table) *
rt5663->pdata.impedance_sensing_num;
rt5663->imp_table = devm_kzalloc(dev, table_size, GFP_KERNEL);
- device_property_read_u32_array(dev,
+ ret = device_property_read_u32_array(dev,
"realtek,impedance_sensing_table",
(u32 *)rt5663->imp_table, table_size);
+ if (ret)
+ return ret;
}
return 0;
@@ -3504,8 +3507,11 @@ static int rt5663_i2c_probe(struct i2c_client *i2c,
if (pdata)
rt5663->pdata = *pdata;
- else
- rt5663_parse_dp(rt5663, &i2c->dev);
+ else {
+ ret = rt5663_parse_dp(rt5663, &i2c->dev);
+ if (ret)
+ return ret;
+ }
for (i = 0; i < ARRAY_SIZE(rt5663->supplies); i++)
rt5663->supplies[i].supply = rt5663_supply_names[i];
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 141/320] clk: stm32: Fix ltdcs clock turn off by clk_disable_unused() after system enter shell
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 140/320] ASoC: rt5663: Handle device_property_read_u32_array error codes Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 142/320] dmaengine: pxa/mmp: stop referencing config->slave_id Greg Kroah-Hartman
` (183 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dillon Min, Patrice Chotard,
Gabriel Fernandez, Stephen Boyd, Sasha Levin
From: Dillon Min <dillon.minfei@gmail.com>
[ Upstream commit 6fc058a72f3b7b07fc4de6d66ad1f68951b00f6e ]
stm32's clk driver register two ltdc gate clk to clk core by
clk_hw_register_gate() and clk_hw_register_composite()
first: 'stm32f429_gates[]', clk name is 'ltdc', which no user to use.
second: 'stm32f429_aux_clk[]', clk name is 'lcd-tft', used by ltdc driver
both of them point to the same offset of stm32's RCC register. after
kernel enter console, clk core turn off ltdc's clk as 'stm32f429_gates[]'
is no one to use. but, actually 'stm32f429_aux_clk[]' is in use.
stm32f469/746/769 have the same issue, fix it.
Fixes: daf2d117cbca ("clk: stm32f4: Add lcd-tft clock")
Link: https://lore.kernel.org/linux-arm-kernel/1590564453-24499-7-git-send-email-dillon.minfei@gmail.com/
Link: https://lore.kernel.org/lkml/CAPTRvHkf0cK_4ZidM17rPo99gWDmxgqFt4CDUjqFFwkOeQeFDg@mail.gmail.com/
Signed-off-by: Dillon Min <dillon.minfei@gmail.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Acked-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/1635232282-3992-10-git-send-email-dillon.minfei@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/clk-stm32f4.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/clk/clk-stm32f4.c b/drivers/clk/clk-stm32f4.c
index 5c75e3d906c20..682a18b392f08 100644
--- a/drivers/clk/clk-stm32f4.c
+++ b/drivers/clk/clk-stm32f4.c
@@ -129,7 +129,6 @@ static const struct stm32f4_gate_data stm32f429_gates[] __initconst = {
{ STM32F4_RCC_APB2ENR, 20, "spi5", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 21, "spi6", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 22, "sai1", "apb2_div" },
- { STM32F4_RCC_APB2ENR, 26, "ltdc", "apb2_div" },
};
static const struct stm32f4_gate_data stm32f469_gates[] __initconst = {
@@ -211,7 +210,6 @@ static const struct stm32f4_gate_data stm32f469_gates[] __initconst = {
{ STM32F4_RCC_APB2ENR, 20, "spi5", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 21, "spi6", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 22, "sai1", "apb2_div" },
- { STM32F4_RCC_APB2ENR, 26, "ltdc", "apb2_div" },
};
static const struct stm32f4_gate_data stm32f746_gates[] __initconst = {
@@ -286,7 +284,6 @@ static const struct stm32f4_gate_data stm32f746_gates[] __initconst = {
{ STM32F4_RCC_APB2ENR, 21, "spi6", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 22, "sai1", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 23, "sai2", "apb2_div" },
- { STM32F4_RCC_APB2ENR, 26, "ltdc", "apb2_div" },
};
static const struct stm32f4_gate_data stm32f769_gates[] __initconst = {
@@ -364,7 +361,6 @@ static const struct stm32f4_gate_data stm32f769_gates[] __initconst = {
{ STM32F4_RCC_APB2ENR, 21, "spi6", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 22, "sai1", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 23, "sai2", "apb2_div" },
- { STM32F4_RCC_APB2ENR, 26, "ltdc", "apb2_div" },
{ STM32F4_RCC_APB2ENR, 30, "mdio", "apb2_div" },
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 142/320] dmaengine: pxa/mmp: stop referencing config->slave_id
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 141/320] clk: stm32: Fix ltdcs clock turn off by clk_disable_unused() after system enter shell Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 143/320] iommu/iova: Fix race between FQ timeout and teardown Greg Kroah-Hartman
` (182 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann, Mark Brown,
Vinod Koul, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 134c37fa250a87a7e77c80a7c59ae16c462e46e0 ]
The last driver referencing the slave_id on Marvell PXA and MMP platforms
was the SPI driver, but this stopped doing so a long time ago, so the
TODO from the earlier patch can no be removed.
Fixes: b729bf34535e ("spi/pxa2xx: Don't use slave_id of dma_slave_config")
Fixes: 13b3006b8ebd ("dma: mmp_pdma: add filter function")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20211122222203.4103644-7-arnd@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/mmp_pdma.c | 6 ------
drivers/dma/pxa_dma.c | 7 -------
2 files changed, 13 deletions(-)
diff --git a/drivers/dma/mmp_pdma.c b/drivers/dma/mmp_pdma.c
index 7fe494fc50d4e..ec186cf8b8af1 100644
--- a/drivers/dma/mmp_pdma.c
+++ b/drivers/dma/mmp_pdma.c
@@ -728,12 +728,6 @@ static int mmp_pdma_config_write(struct dma_chan *dchan,
chan->dir = direction;
chan->dev_addr = addr;
- /* FIXME: drivers should be ported over to use the filter
- * function. Once that's done, the following two lines can
- * be removed.
- */
- if (cfg->slave_id)
- chan->drcmr = cfg->slave_id;
return 0;
}
diff --git a/drivers/dma/pxa_dma.c b/drivers/dma/pxa_dma.c
index 349fb312c8725..b4ef4f19f7dec 100644
--- a/drivers/dma/pxa_dma.c
+++ b/drivers/dma/pxa_dma.c
@@ -911,13 +911,6 @@ static void pxad_get_config(struct pxad_chan *chan,
*dcmd |= PXA_DCMD_BURST16;
else if (maxburst == 32)
*dcmd |= PXA_DCMD_BURST32;
-
- /* FIXME: drivers should be ported over to use the filter
- * function. Once that's done, the following two lines can
- * be removed.
- */
- if (chan->cfg.slave_id)
- chan->drcmr = chan->cfg.slave_id;
}
static struct dma_async_tx_descriptor *
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 143/320] iommu/iova: Fix race between FQ timeout and teardown
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 142/320] dmaengine: pxa/mmp: stop referencing config->slave_id Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 144/320] phy: uniphier-usb3ss: fix unintended writing zeros to PHY register Greg Kroah-Hartman
` (181 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Garry, Xiongfeng Wang,
Robin Murphy, Joerg Roedel, Sasha Levin
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ Upstream commit d7061627d701c90e1cac1e1e60c45292f64f3470 ]
It turns out to be possible for hotplugging out a device to reach the
stage of tearing down the device's group and default domain before the
domain's flush queue has drained naturally. At this point, it is then
possible for the timeout to expire just before the del_timer() call
in free_iova_flush_queue(), such that we then proceed to free the FQ
resources while fq_flush_timeout() is still accessing them on another
CPU. Crashes due to this have been observed in the wild while removing
NVMe devices.
Close the race window by using del_timer_sync() to safely wait for any
active timeout handler to finish before we start to free things. We
already avoid any locking in free_iova_flush_queue() since the FQ is
supposed to be inactive anyway, so the potential deadlock scenario does
not apply.
Fixes: 9a005a800ae8 ("iommu/iova: Add flush timer")
Reviewed-by: John Garry <john.garry@huawei.com>
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
[ rm: rewrite commit message ]
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/0a365e5b07f14b7344677ad6a9a734966a8422ce.1639753638.git.robin.murphy@arm.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/iova.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c
index 612cbf668adf8..906582a21124d 100644
--- a/drivers/iommu/iova.c
+++ b/drivers/iommu/iova.c
@@ -64,8 +64,7 @@ static void free_iova_flush_queue(struct iova_domain *iovad)
if (!has_iova_flush_queue(iovad))
return;
- if (timer_pending(&iovad->fq_timer))
- del_timer(&iovad->fq_timer);
+ del_timer_sync(&iovad->fq_timer);
fq_destroy_all_entries(iovad);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 144/320] phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 143/320] iommu/iova: Fix race between FQ timeout and teardown Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 145/320] ASoC: mediatek: Check for error clk pointer Greg Kroah-Hartman
` (180 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ryuta NAKANISHI, Kunihiko Hayashi,
Vinod Koul, Sasha Levin
From: Ryuta NAKANISHI <nakanishi.ryuta@socionext.com>
[ Upstream commit 898c7a9ec81620125f2463714a0f4dea18ad6e54 ]
Similar to commit 4a90bbb478db ("phy: uniphier-pcie: Fix updating phy
parameters"), in function uniphier_u3ssphy_set_param(), unintentionally
write zeros to other fields when writing PHY registers.
Fixes: 5ab43d0f8697 ("phy: socionext: add USB3 PHY driver for UniPhier SoC")
Signed-off-by: Ryuta NAKANISHI <nakanishi.ryuta@socionext.com>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Link: https://lore.kernel.org/r/1640150369-4134-1-git-send-email-hayashi.kunihiko@socionext.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/socionext/phy-uniphier-usb3ss.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/phy/socionext/phy-uniphier-usb3ss.c b/drivers/phy/socionext/phy-uniphier-usb3ss.c
index a7577e316baf5..e63648b5c7547 100644
--- a/drivers/phy/socionext/phy-uniphier-usb3ss.c
+++ b/drivers/phy/socionext/phy-uniphier-usb3ss.c
@@ -22,11 +22,13 @@
#include <linux/reset.h>
#define SSPHY_TESTI 0x0
-#define SSPHY_TESTO 0x4
#define TESTI_DAT_MASK GENMASK(13, 6)
#define TESTI_ADR_MASK GENMASK(5, 1)
#define TESTI_WR_EN BIT(0)
+#define SSPHY_TESTO 0x4
+#define TESTO_DAT_MASK GENMASK(7, 0)
+
#define PHY_F(regno, msb, lsb) { (regno), (msb), (lsb) }
#define CDR_CPD_TRIM PHY_F(7, 3, 0) /* RxPLL charge pump current */
@@ -84,12 +86,12 @@ static void uniphier_u3ssphy_set_param(struct uniphier_u3ssphy_priv *priv,
val = FIELD_PREP(TESTI_DAT_MASK, 1);
val |= FIELD_PREP(TESTI_ADR_MASK, p->field.reg_no);
uniphier_u3ssphy_testio_write(priv, val);
- val = readl(priv->base + SSPHY_TESTO);
+ val = readl(priv->base + SSPHY_TESTO) & TESTO_DAT_MASK;
/* update value */
- val &= ~FIELD_PREP(TESTI_DAT_MASK, field_mask);
+ val &= ~field_mask;
data = field_mask & (p->value << p->field.lsb);
- val = FIELD_PREP(TESTI_DAT_MASK, data);
+ val = FIELD_PREP(TESTI_DAT_MASK, data | val);
val |= FIELD_PREP(TESTI_ADR_MASK, p->field.reg_no);
uniphier_u3ssphy_testio_write(priv, val);
uniphier_u3ssphy_testio_write(priv, val | TESTI_WR_EN);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 145/320] ASoC: mediatek: Check for error clk pointer
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 144/320] phy: uniphier-usb3ss: fix unintended writing zeros to PHY register Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 146/320] ASoC: samsung: idma: Check of ioremap return value Greg Kroah-Hartman
` (179 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 9de2b9286a6dd16966959b3cb34fc2ddfd39213e ]
Yes, you are right and now the return code depending on the
init_clks().
Fixes: 6078c651947a ("soc: mediatek: Refine scpsys to support multiple platform")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20211222015157.1025853-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/mediatek/mtk-scpsys.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/soc/mediatek/mtk-scpsys.c b/drivers/soc/mediatek/mtk-scpsys.c
index 75f25f08245fd..71afa2a99b17f 100644
--- a/drivers/soc/mediatek/mtk-scpsys.c
+++ b/drivers/soc/mediatek/mtk-scpsys.c
@@ -333,12 +333,17 @@ out:
return ret;
}
-static void init_clks(struct platform_device *pdev, struct clk **clk)
+static int init_clks(struct platform_device *pdev, struct clk **clk)
{
int i;
- for (i = CLK_NONE + 1; i < CLK_MAX; i++)
+ for (i = CLK_NONE + 1; i < CLK_MAX; i++) {
clk[i] = devm_clk_get(&pdev->dev, clk_names[i]);
+ if (IS_ERR(clk[i]))
+ return PTR_ERR(clk[i]);
+ }
+
+ return 0;
}
static struct scp *init_scp(struct platform_device *pdev,
@@ -348,7 +353,7 @@ static struct scp *init_scp(struct platform_device *pdev,
{
struct genpd_onecell_data *pd_data;
struct resource *res;
- int i, j;
+ int i, j, ret;
struct scp *scp;
struct clk *clk[CLK_MAX];
@@ -403,7 +408,9 @@ static struct scp *init_scp(struct platform_device *pdev,
pd_data->num_domains = num;
- init_clks(pdev, clk);
+ ret = init_clks(pdev, clk);
+ if (ret)
+ return ERR_PTR(ret);
for (i = 0; i < num; i++) {
struct scp_domain *scpd = &scp->domains[i];
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 146/320] ASoC: samsung: idma: Check of ioremap return value
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 145/320] ASoC: mediatek: Check for error clk pointer Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 147/320] misc: lattice-ecp3-config: Fix task hung when firmware load failed Greg Kroah-Hartman
` (178 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Krzysztof Kozlowski,
Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 3ecb46755eb85456b459a1a9f952c52986bce8ec ]
Because of the potential failure of the ioremap(), the buf->area could
be NULL.
Therefore, we need to check it and return -ENOMEM in order to transfer
the error.
Fixes: f09aecd50f39 ("ASoC: SAMSUNG: Add I2S0 internal dma driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Link: https://lore.kernel.org/r/20211228034026.1659385-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/samsung/idma.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/samsung/idma.c b/sound/soc/samsung/idma.c
index 65497cd477a50..47f6f5d70853d 100644
--- a/sound/soc/samsung/idma.c
+++ b/sound/soc/samsung/idma.c
@@ -363,6 +363,8 @@ static int preallocate_idma_buffer(struct snd_pcm *pcm, int stream)
buf->addr = idma.lp_tx_addr;
buf->bytes = idma_hardware.buffer_bytes_max;
buf->area = (unsigned char * __force)ioremap(buf->addr, buf->bytes);
+ if (!buf->area)
+ return -ENOMEM;
return 0;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 147/320] misc: lattice-ecp3-config: Fix task hung when firmware load failed
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 146/320] ASoC: samsung: idma: Check of ioremap return value Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 148/320] mips: lantiq: add support for clk_set_parent() Greg Kroah-Hartman
` (177 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Wei Yongjun, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit fcee5ce50bdb21116711e38635e3865594af907e ]
When firmware load failed, kernel report task hung as follows:
INFO: task xrun:5191 blocked for more than 147 seconds.
Tainted: G W 5.16.0-rc5-next-20211220+ #11
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:xrun state:D stack: 0 pid: 5191 ppid: 270 flags:0x00000004
Call Trace:
__schedule+0xc12/0x4b50 kernel/sched/core.c:4986
schedule+0xd7/0x260 kernel/sched/core.c:6369 (discriminator 1)
schedule_timeout+0x7aa/0xa80 kernel/time/timer.c:1857
wait_for_completion+0x181/0x290 kernel/sched/completion.c:85
lattice_ecp3_remove+0x32/0x40 drivers/misc/lattice-ecp3-config.c:221
spi_remove+0x72/0xb0 drivers/spi/spi.c:409
lattice_ecp3_remove() wait for signals from firmware loading, but when
load failed, firmware_load() does not send this signal. This cause
device remove hung. Fix it by sending signal even if load failed.
Fixes: 781551df57c7 ("misc: Add Lattice ECP3 FPGA configuration via SPI")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20211228125522.3122284-1-weiyongjun1@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/lattice-ecp3-config.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/misc/lattice-ecp3-config.c b/drivers/misc/lattice-ecp3-config.c
index 884485c3f7232..3a0d2b052ed29 100644
--- a/drivers/misc/lattice-ecp3-config.c
+++ b/drivers/misc/lattice-ecp3-config.c
@@ -77,12 +77,12 @@ static void firmware_load(const struct firmware *fw, void *context)
if (fw == NULL) {
dev_err(&spi->dev, "Cannot load firmware, aborting\n");
- return;
+ goto out;
}
if (fw->size == 0) {
dev_err(&spi->dev, "Error: Firmware size is 0!\n");
- return;
+ goto out;
}
/* Fill dummy data (24 stuffing bits for commands) */
@@ -104,7 +104,7 @@ static void firmware_load(const struct firmware *fw, void *context)
dev_err(&spi->dev,
"Error: No supported FPGA detected (JEDEC_ID=%08x)!\n",
jedec_id);
- return;
+ goto out;
}
dev_info(&spi->dev, "FPGA %s detected\n", ecp3_dev[i].name);
@@ -117,7 +117,7 @@ static void firmware_load(const struct firmware *fw, void *context)
buffer = kzalloc(fw->size + 8, GFP_KERNEL);
if (!buffer) {
dev_err(&spi->dev, "Error: Can't allocate memory!\n");
- return;
+ goto out;
}
/*
@@ -156,7 +156,7 @@ static void firmware_load(const struct firmware *fw, void *context)
"Error: Timeout waiting for FPGA to clear (status=%08x)!\n",
status);
kfree(buffer);
- return;
+ goto out;
}
dev_info(&spi->dev, "Configuring the FPGA...\n");
@@ -182,7 +182,7 @@ static void firmware_load(const struct firmware *fw, void *context)
release_firmware(fw);
kfree(buffer);
-
+out:
complete(&data->fw_loaded);
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 148/320] mips: lantiq: add support for clk_set_parent()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 147/320] misc: lattice-ecp3-config: Fix task hung when firmware load failed Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 149/320] mips: bcm63xx: " Greg Kroah-Hartman
` (176 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Jonathan Cameron, Thomas Bogendoerfer, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 76f66dfd60dc5d2f9dec22d99091fea1035c5d03 ]
Provide a simple implementation of clk_set_parent() in the lantiq
subarch so that callers of it will build without errors.
Fixes these build errors:
ERROR: modpost: "clk_set_parent" [sound/soc/jz4740/snd-soc-jz4740-i2s.ko] undefined!
ERROR: modpost: "clk_set_parent" [sound/soc/atmel/snd-soc-atmel-i2s.ko] undefined!
Fixes: 171bb2f19ed6 ("MIPS: Lantiq: Add initial support for Lantiq SoCs")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
--to=linux-mips@vger.kernel.org --cc="John Crispin <john@phrozen.org>" --cc="Jonathan Cameron <jic23@kernel.org>" --cc="Russell King <linux@armlinux.org.uk>" --cc="Andy Shevchenko <andy.shevchenko@gmail.com>" --cc=alsa-devel@alsa-project.org --to="Thomas Bogendoerfer <tsbogend@alpha.franken.de>"
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/lantiq/clk.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/mips/lantiq/clk.c b/arch/mips/lantiq/clk.c
index 4916cccf378fd..7a623684d9b5e 100644
--- a/arch/mips/lantiq/clk.c
+++ b/arch/mips/lantiq/clk.c
@@ -164,6 +164,12 @@ struct clk *clk_get_parent(struct clk *clk)
}
EXPORT_SYMBOL(clk_get_parent);
+int clk_set_parent(struct clk *clk, struct clk *parent)
+{
+ return 0;
+}
+EXPORT_SYMBOL(clk_set_parent);
+
static inline u32 get_counter_resolution(void)
{
u32 res;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 149/320] mips: bcm63xx: add support for clk_set_parent()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 148/320] mips: lantiq: add support for clk_set_parent() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 150/320] RDMA/cxgb4: Set queue pair state when being queried Greg Kroah-Hartman
` (175 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Jonathan Cameron,
Florian Fainelli, Thomas Bogendoerfer, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 6f03055d508ff4feb8db02ba3df9303a1db8d381 ]
The MIPS BMC63XX subarch does not provide/support clk_set_parent().
This causes build errors in a few drivers, so add a simple implementation
of that function so that callers of it will build without errors.
Fixes these build errors:
ERROR: modpost: "clk_set_parent" [sound/soc/jz4740/snd-soc-jz4740-i2s.ko] undefined!
ERROR: modpost: "clk_set_parent" [sound/soc/atmel/snd-soc-atmel-i2s.ko] undefined!
Fixes: e7300d04bd08 ("MIPS: BCM63xx: Add support for the Broadcom BCM63xx family of SOCs." )
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/bcm63xx/clk.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/mips/bcm63xx/clk.c b/arch/mips/bcm63xx/clk.c
index aba6e2d6a736c..dcfa0ea912fe1 100644
--- a/arch/mips/bcm63xx/clk.c
+++ b/arch/mips/bcm63xx/clk.c
@@ -387,6 +387,12 @@ struct clk *clk_get_parent(struct clk *clk)
}
EXPORT_SYMBOL(clk_get_parent);
+int clk_set_parent(struct clk *clk, struct clk *parent)
+{
+ return 0;
+}
+EXPORT_SYMBOL(clk_set_parent);
+
unsigned long clk_get_rate(struct clk *clk)
{
if (!clk)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 150/320] RDMA/cxgb4: Set queue pair state when being queried
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 149/320] mips: bcm63xx: " Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 151/320] of: base: Fix phandle argument length mismatch error message Greg Kroah-Hartman
` (174 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kamal Heib, Leon Romanovsky,
Jason Gunthorpe, Sasha Levin
From: Kamal Heib <kamalheib1@gmail.com>
[ Upstream commit e375b9c92985e409c4bb95dd43d34915ea7f5e28 ]
The API for ib_query_qp requires the driver to set cur_qp_state on return,
add the missing set.
Fixes: 67bbc05512d8 ("RDMA/cxgb4: Add query_qp support")
Link: https://lore.kernel.org/r/20211220152530.60399-1-kamalheib1@gmail.com
Signed-off-by: Kamal Heib <kamalheib1@gmail.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/cxgb4/qp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c
index 3ac08f47a8ce4..b3fbafbf66555 100644
--- a/drivers/infiniband/hw/cxgb4/qp.c
+++ b/drivers/infiniband/hw/cxgb4/qp.c
@@ -2469,6 +2469,7 @@ int c4iw_ib_query_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr,
memset(attr, 0, sizeof(*attr));
memset(init_attr, 0, sizeof(*init_attr));
attr->qp_state = to_ib_qp_state(qhp->attr.state);
+ attr->cur_qp_state = to_ib_qp_state(qhp->attr.state);
init_attr->cap.max_send_wr = qhp->attr.sq_num_entries;
init_attr->cap.max_recv_wr = qhp->attr.rq_num_entries;
init_attr->cap.max_send_sge = qhp->attr.sq_max_sges;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 151/320] of: base: Fix phandle argument length mismatch error message
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 150/320] RDMA/cxgb4: Set queue pair state when being queried Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 152/320] Bluetooth: Fix debugfs entry leak in hci_register_dev() Greg Kroah-Hartman
` (173 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Baruch Siach,
Rob Herring, Sasha Levin
From: Baruch Siach <baruch@tkos.co.il>
[ Upstream commit 94a4950a4acff39b5847cc1fee4f65e160813493 ]
The cell_count field of of_phandle_iterator is the number of cells we
expect in the phandle arguments list when cells_name is missing. The
error message should show the number of cells we actually see.
Fixes: af3be70a3211 ("of: Improve of_phandle_iterator_next() error message")
Cc: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/96519ac55be90a63fa44afe01480c30d08535465.1640881913.git.baruch@tkos.co.il
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/base.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/of/base.c b/drivers/of/base.c
index 1d667eb730e19..a240211653789 100644
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -1366,9 +1366,9 @@ int of_phandle_iterator_next(struct of_phandle_iterator *it)
* property data length
*/
if (it->cur + count > it->list_end) {
- pr_err("%pOF: %s = %d found %d\n",
+ pr_err("%pOF: %s = %d found %td\n",
it->parent, it->cells_name,
- count, it->cell_count);
+ count, it->list_end - it->cur);
goto err;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 152/320] Bluetooth: Fix debugfs entry leak in hci_register_dev()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 151/320] of: base: Fix phandle argument length mismatch error message Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 153/320] fs: dlm: filter user dlm messages for kernel locks Greg Kroah-Hartman
` (172 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wei Yongjun, Marcel Holtmann, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 5a4bb6a8e981d3d0d492aa38412ee80b21033177 ]
Fault injection test report debugfs entry leak as follows:
debugfs: Directory 'hci0' with parent 'bluetooth' already present!
When register_pm_notifier() failed in hci_register_dev(), the debugfs
create by debugfs_create_dir() do not removed in the error handing path.
Add the remove debugfs code to fix it.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c50e3e8afbd34..2edaa601df13a 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -3387,6 +3387,7 @@ int hci_register_dev(struct hci_dev *hdev)
return id;
err_wqueue:
+ debugfs_remove_recursive(hdev->debugfs);
destroy_workqueue(hdev->workqueue);
destroy_workqueue(hdev->req_workqueue);
err:
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 153/320] fs: dlm: filter user dlm messages for kernel locks
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 152/320] Bluetooth: Fix debugfs entry leak in hci_register_dev() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 154/320] libbpf: Validate that .BTF and .BTF.ext sections contain data Greg Kroah-Hartman
` (171 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland, Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 6c2e3bf68f3e5e5a647aa52be246d5f552d7496d ]
This patch fixes the following crash by receiving a invalid message:
[ 160.672220] ==================================================================
[ 160.676206] BUG: KASAN: user-memory-access in dlm_user_add_ast+0xc3/0x370
[ 160.679659] Read of size 8 at addr 00000000deadbeef by task kworker/u32:13/319
[ 160.681447]
[ 160.681824] CPU: 10 PID: 319 Comm: kworker/u32:13 Not tainted 5.14.0-rc2+ #399
[ 160.683472] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.14.0-1.module+el8.6.0+12648+6ede71a5 04/01/2014
[ 160.685574] Workqueue: dlm_recv process_recv_sockets
[ 160.686721] Call Trace:
[ 160.687310] dump_stack_lvl+0x56/0x6f
[ 160.688169] ? dlm_user_add_ast+0xc3/0x370
[ 160.689116] kasan_report.cold.14+0x116/0x11b
[ 160.690138] ? dlm_user_add_ast+0xc3/0x370
[ 160.690832] dlm_user_add_ast+0xc3/0x370
[ 160.691502] _receive_unlock_reply+0x103/0x170
[ 160.692241] _receive_message+0x11df/0x1ec0
[ 160.692926] ? rcu_read_lock_sched_held+0xa1/0xd0
[ 160.693700] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 160.694427] ? lock_acquire+0x175/0x400
[ 160.695058] ? do_purge.isra.51+0x200/0x200
[ 160.695744] ? lock_acquired+0x360/0x5d0
[ 160.696400] ? lock_contended+0x6a0/0x6a0
[ 160.697055] ? lock_release+0x21d/0x5e0
[ 160.697686] ? lock_is_held_type+0xe0/0x110
[ 160.698352] ? lock_is_held_type+0xe0/0x110
[ 160.699026] ? ___might_sleep+0x1cc/0x1e0
[ 160.699698] ? dlm_wait_requestqueue+0x94/0x140
[ 160.700451] ? dlm_process_requestqueue+0x240/0x240
[ 160.701249] ? down_write_killable+0x2b0/0x2b0
[ 160.701988] ? do_raw_spin_unlock+0xa2/0x130
[ 160.702690] dlm_receive_buffer+0x1a5/0x210
[ 160.703385] dlm_process_incoming_buffer+0x726/0x9f0
[ 160.704210] receive_from_sock+0x1c0/0x3b0
[ 160.704886] ? dlm_tcp_shutdown+0x30/0x30
[ 160.705561] ? lock_acquire+0x175/0x400
[ 160.706197] ? rcu_read_lock_sched_held+0xa1/0xd0
[ 160.706941] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 160.707681] process_recv_sockets+0x32/0x40
[ 160.708366] process_one_work+0x55e/0xad0
[ 160.709045] ? pwq_dec_nr_in_flight+0x110/0x110
[ 160.709820] worker_thread+0x65/0x5e0
[ 160.710423] ? process_one_work+0xad0/0xad0
[ 160.711087] kthread+0x1ed/0x220
[ 160.711628] ? set_kthread_struct+0x80/0x80
[ 160.712314] ret_from_fork+0x22/0x30
The issue is that we received a DLM message for a user lock but the
destination lock is a kernel lock. Note that the address which is trying
to derefence is 00000000deadbeef, which is in a kernel lock
lkb->lkb_astparam, this field should never be derefenced by the DLM
kernel stack. In case of a user lock lkb->lkb_astparam is lkb->lkb_ua
(memory is shared by a union field). The struct lkb_ua will be handled
by the DLM kernel stack but on a kernel lock it will contain invalid
data and ends in most likely crashing the kernel.
It can be reproduced with two cluster nodes.
node 2:
dlm_tool join test
echo "862 fooobaar 1 2 1" > /sys/kernel/debug/dlm/test_locks
echo "862 3 1" > /sys/kernel/debug/dlm/test_waiters
node 1:
dlm_tool join test
python:
foo = DLM(h_cmd=3, o_nextcmd=1, h_nodeid=1, h_lockspace=0x77222027, \
m_type=7, m_flags=0x1, m_remid=0x862, m_result=0xFFFEFFFE)
newFile = open("/sys/kernel/debug/dlm/comms/2/rawmsg", "wb")
newFile.write(bytes(foo))
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/lock.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c
index 18d81599522f3..53500b555bfa8 100644
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -3975,6 +3975,14 @@ static int validate_message(struct dlm_lkb *lkb, struct dlm_message *ms)
int from = ms->m_header.h_nodeid;
int error = 0;
+ /* currently mixing of user/kernel locks are not supported */
+ if (ms->m_flags & DLM_IFL_USER && ~lkb->lkb_flags & DLM_IFL_USER) {
+ log_error(lkb->lkb_resource->res_ls,
+ "got user dlm message for a kernel lock");
+ error = -EINVAL;
+ goto out;
+ }
+
switch (ms->m_type) {
case DLM_MSG_CONVERT:
case DLM_MSG_UNLOCK:
@@ -4003,6 +4011,7 @@ static int validate_message(struct dlm_lkb *lkb, struct dlm_message *ms)
error = -EINVAL;
}
+out:
if (error)
log_error(lkb->lkb_resource->res_ls,
"ignore invalid message %d from %d %x %x %x %d",
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 154/320] libbpf: Validate that .BTF and .BTF.ext sections contain data
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 153/320] fs: dlm: filter user dlm messages for kernel locks Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 155/320] drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y Greg Kroah-Hartman
` (170 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrii Nakryiko, Alexei Starovoitov,
Yonghong Song, Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 62554d52e71797eefa3fc15b54008038837bb2d4 ]
.BTF and .BTF.ext ELF sections should have SHT_PROGBITS type and contain
data. If they are not, ELF is invalid or corrupted, so bail out.
Otherwise this can lead to data->d_buf being NULL and SIGSEGV later on.
Reported by oss-fuzz project.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20211103173213.1376990-4-andrii@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 2a1dbf52fc9a5..54e776886bf1e 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -1578,8 +1578,12 @@ static int bpf_object__elf_collect(struct bpf_object *obj, int flags)
} else if (strcmp(name, MAPS_ELF_SEC) == 0) {
obj->efile.btf_maps_shndx = idx;
} else if (strcmp(name, BTF_ELF_SEC) == 0) {
+ if (sh->sh_type != SHT_PROGBITS)
+ return -LIBBPF_ERRNO__FORMAT;
btf_data = data;
} else if (strcmp(name, BTF_EXT_ELF_SEC) == 0) {
+ if (sh->sh_type != SHT_PROGBITS)
+ return -LIBBPF_ERRNO__FORMAT;
btf_ext_data = data;
} else if (sh.sh_type == SHT_SYMTAB) {
if (obj->efile.symbols) {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 155/320] drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 154/320] libbpf: Validate that .BTF and .BTF.ext sections contain data Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 156/320] ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply Greg Kroah-Hartman
` (169 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vasily Khoruzhick, Roman Stratiienko,
Qiang Yu, Sasha Levin
From: Qiang Yu <yuq825@gmail.com>
[ Upstream commit 89636a06fa2ee7826a19c39c19a9bc99ab9340a9 ]
Otherwise get following warning:
DMA-API: lima 1c40000.gpu: mapping sg segment longer than device claims to support [len=4149248] [max=65536]
See: https://gitlab.freedesktop.org/mesa/mesa/-/issues/5496
Reviewed-by: Vasily Khoruzhick <anarsoul@gmail.com>
Reported-by: Roman Stratiienko <r.stratiienko@gmail.com>
Signed-off-by: Qiang Yu <yuq825@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211031041604.187216-1-yuq825@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/lima/lima_device.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/lima/lima_device.c b/drivers/gpu/drm/lima/lima_device.c
index d86b8d81a483a..155971c57b2d5 100644
--- a/drivers/gpu/drm/lima/lima_device.c
+++ b/drivers/gpu/drm/lima/lima_device.c
@@ -293,6 +293,7 @@ int lima_device_init(struct lima_device *ldev)
struct resource *res;
dma_set_coherent_mask(ldev->dev, DMA_BIT_MASK(32));
+ dma_set_max_seg_size(ldev->dev, UINT_MAX);
err = lima_clk_init(ldev);
if (err)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 156/320] ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 155/320] drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 157/320] drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR Greg Kroah-Hartman
` (168 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zekun Shen, Kalle Valo, Sasha Levin
From: Zekun Shen <bruceshenzk@gmail.com>
[ Upstream commit ae80b6033834342601e99f74f6a62ff5092b1cee ]
Unexpected WDCMSG_TARGET_START replay can lead to null-ptr-deref
when ar->tx_cmd->odata is NULL. The patch adds a null check to
prevent such case.
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
ar5523_cmd+0x46a/0x581 [ar5523]
ar5523_probe.cold+0x1b7/0x18da [ar5523]
? ar5523_cmd_rx_cb+0x7a0/0x7a0 [ar5523]
? __pm_runtime_set_status+0x54a/0x8f0
? _raw_spin_trylock_bh+0x120/0x120
? pm_runtime_barrier+0x220/0x220
? __pm_runtime_resume+0xb1/0xf0
usb_probe_interface+0x25b/0x710
really_probe+0x209/0x5d0
driver_probe_device+0xc6/0x1b0
device_driver_attach+0xe2/0x120
I found the bug using a custome USBFuzz port. It's a research work
to fuzz USB stack/drivers. I modified it to fuzz ath9k driver only,
providing hand-crafted usb descriptors to QEMU.
After fixing the code (fourth byte in usb packet) to WDCMSG_TARGET_START,
I got the null-ptr-deref bug. I believe the bug is triggerable whenever
cmd->odata is NULL. After patching, I tested with the same input and no
longer see the KASAN report.
This was NOT tested on a real device.
Signed-off-by: Zekun Shen <bruceshenzk@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/YXsmPQ3awHFLuAj2@10-18-43-117.dynapool.wireless.nyu.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ar5523/ar5523.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c
index 4c57e79e5779a..58e189ec672f9 100644
--- a/drivers/net/wireless/ath/ar5523/ar5523.c
+++ b/drivers/net/wireless/ath/ar5523/ar5523.c
@@ -153,6 +153,10 @@ static void ar5523_cmd_rx_cb(struct urb *urb)
ar5523_err(ar, "Invalid reply to WDCMSG_TARGET_START");
return;
}
+ if (!cmd->odata) {
+ ar5523_err(ar, "Unexpected WDCMSG_TARGET_START reply");
+ return;
+ }
memcpy(cmd->odata, hdr + 1, sizeof(u32));
cmd->olen = sizeof(u32);
cmd->res = 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 157/320] drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 156/320] ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 158/320] ARM: shmobile: rcar-gen2: Add missing of_node_put() Greg Kroah-Hartman
` (167 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Diego Viola, Ben Skeggs,
Karol Herbst, Sasha Levin
From: Ben Skeggs <bskeggs@redhat.com>
[ Upstream commit 1d2271d2fb85e54bfc9630a6c30ac0feb9ffb983 ]
There have been reports of the WFI timing out on some boards, and a
patch was proposed to just remove it. This stuff is rather fragile,
and I believe the WFI might be needed with our FW prior to GM200.
However, we probably should not be touching PMU during init on GPUs
where we depend on NVIDIA FW, outside of limited circumstances, so
this should be a somewhat safer change that achieves the desired
result.
Reported-by: Diego Viola <diego.viola@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Reviewed-by: Karol Herbst <kherbst@redhat.com>
Signed-off-by: Karol Herbst <kherbst@redhat.com>
Link: https://gitlab.freedesktop.org/drm/nouveau/-/merge_requests/10
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/nouveau/nvkm/subdev/pmu/base.c | 37 +++++++++++--------
1 file changed, 21 insertions(+), 16 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
index ea2e11771bca5..105b4be467a3e 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c
@@ -88,20 +88,13 @@ nvkm_pmu_fini(struct nvkm_subdev *subdev, bool suspend)
return 0;
}
-static int
+static void
nvkm_pmu_reset(struct nvkm_pmu *pmu)
{
struct nvkm_device *device = pmu->subdev.device;
if (!pmu->func->enabled(pmu))
- return 0;
-
- /* Inhibit interrupts, and wait for idle. */
- nvkm_wr32(device, 0x10a014, 0x0000ffff);
- nvkm_msec(device, 2000,
- if (!nvkm_rd32(device, 0x10a04c))
- break;
- );
+ return;
/* Reset. */
if (pmu->func->reset)
@@ -112,25 +105,37 @@ nvkm_pmu_reset(struct nvkm_pmu *pmu)
if (!(nvkm_rd32(device, 0x10a10c) & 0x00000006))
break;
);
-
- return 0;
}
static int
nvkm_pmu_preinit(struct nvkm_subdev *subdev)
{
struct nvkm_pmu *pmu = nvkm_pmu(subdev);
- return nvkm_pmu_reset(pmu);
+ nvkm_pmu_reset(pmu);
+ return 0;
}
static int
nvkm_pmu_init(struct nvkm_subdev *subdev)
{
struct nvkm_pmu *pmu = nvkm_pmu(subdev);
- int ret = nvkm_pmu_reset(pmu);
- if (ret == 0 && pmu->func->init)
- ret = pmu->func->init(pmu);
- return ret;
+ struct nvkm_device *device = pmu->subdev.device;
+
+ if (!pmu->func->init)
+ return 0;
+
+ if (pmu->func->enabled(pmu)) {
+ /* Inhibit interrupts, and wait for idle. */
+ nvkm_wr32(device, 0x10a014, 0x0000ffff);
+ nvkm_msec(device, 2000,
+ if (!nvkm_rd32(device, 0x10a04c))
+ break;
+ );
+
+ nvkm_pmu_reset(pmu);
+ }
+
+ return pmu->func->init(pmu);
}
static int
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 158/320] ARM: shmobile: rcar-gen2: Add missing of_node_put()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 157/320] drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 159/320] batman-adv: allow netlink usage in unprivileged containers Greg Kroah-Hartman
` (166 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wan Jiabing, Geert Uytterhoeven, Sasha Levin
From: Wan Jiabing <wanjiabing@vivo.com>
[ Upstream commit 85744f2d938c5f3cfc44cb6533c157469634da93 ]
Fix following coccicheck warning:
./arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c:156:1-33: Function
for_each_matching_node_and_match should have of_node_put() before break
and goto.
Early exits from for_each_matching_node_and_match() should decrement the
node reference counter.
Signed-off-by: Wan Jiabing <wanjiabing@vivo.com>
Link: https://lore.kernel.org/r/20211018014503.7598-1-wanjiabing@vivo.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c b/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
index ee949255ced3f..09ef73b99dd86 100644
--- a/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
+++ b/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
@@ -154,8 +154,10 @@ static int __init rcar_gen2_regulator_quirk(void)
return -ENODEV;
for_each_matching_node_and_match(np, rcar_gen2_quirk_match, &id) {
- if (!of_device_is_available(np))
+ if (!of_device_is_available(np)) {
+ of_node_put(np);
break;
+ }
ret = of_property_read_u32(np, "reg", &addr);
if (ret) /* Skip invalid entry and continue */
@@ -164,6 +166,7 @@ static int __init rcar_gen2_regulator_quirk(void)
quirk = kzalloc(sizeof(*quirk), GFP_KERNEL);
if (!quirk) {
ret = -ENOMEM;
+ of_node_put(np);
goto err_mem;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 159/320] batman-adv: allow netlink usage in unprivileged containers
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 158/320] ARM: shmobile: rcar-gen2: Add missing of_node_put() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 160/320] usb: gadget: f_fs: Use stream_open() for endpoint files Greg Kroah-Hartman
` (165 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tycho Andersen, Linus Lüssing,
Sven Eckelmann, Simon Wunderlich, Sasha Levin
From: Linus Lüssing <linus.luessing@c0d3.blue>
[ Upstream commit 9057d6c23e7388ee9d037fccc9a7bc8557ce277b ]
Currently, creating a batman-adv interface in an unprivileged LXD
container and attaching secondary interfaces to it with "ip" or "batctl"
works fine. However all batctl debug and configuration commands
fail:
root@container:~# batctl originators
Error received: Operation not permitted
root@container:~# batctl orig_interval
1000
root@container:~# batctl orig_interval 2000
root@container:~# batctl orig_interval
1000
To fix this change the generic netlink permissions from GENL_ADMIN_PERM
to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully
maintainable as root from within a user namespace, from an unprivileged
container.
All except one batman-adv netlink setting are per interface and do not
leak information or change settings from the host system and are
therefore save to retrieve or modify as root from within an unprivileged
container.
"batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only
exception: It provides the batman-adv kernel module wide default routing
algorithm. However it is read-only from netlink and an unprivileged
container is still not allowed to modify
/sys/module/batman_adv/parameters/routing_algo. Instead it is advised to
use the newly introduced "batctl if create routing_algo RA_NAME" /
IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface
creation, which already works fine in an unprivileged container.
Cc: Tycho Andersen <tycho@tycho.pizza>
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/batman-adv/netlink.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c
index 7e052d6f759b6..e59c5aa27ee0b 100644
--- a/net/batman-adv/netlink.c
+++ b/net/batman-adv/netlink.c
@@ -1351,21 +1351,21 @@ static const struct genl_ops batadv_netlink_ops[] = {
{
.cmd = BATADV_CMD_TP_METER,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_tp_meter_start,
.internal_flags = BATADV_FLAG_NEED_MESH,
},
{
.cmd = BATADV_CMD_TP_METER_CANCEL,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_tp_meter_cancel,
.internal_flags = BATADV_FLAG_NEED_MESH,
},
{
.cmd = BATADV_CMD_GET_ROUTING_ALGOS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_algo_dump,
},
{
@@ -1380,68 +1380,68 @@ static const struct genl_ops batadv_netlink_ops[] = {
{
.cmd = BATADV_CMD_GET_TRANSTABLE_LOCAL,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_tt_local_dump,
},
{
.cmd = BATADV_CMD_GET_TRANSTABLE_GLOBAL,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_tt_global_dump,
},
{
.cmd = BATADV_CMD_GET_ORIGINATORS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_orig_dump,
},
{
.cmd = BATADV_CMD_GET_NEIGHBORS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_hardif_neigh_dump,
},
{
.cmd = BATADV_CMD_GET_GATEWAYS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_gw_dump,
},
{
.cmd = BATADV_CMD_GET_BLA_CLAIM,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_bla_claim_dump,
},
{
.cmd = BATADV_CMD_GET_BLA_BACKBONE,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_bla_backbone_dump,
},
{
.cmd = BATADV_CMD_GET_DAT_CACHE,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_dat_cache_dump,
},
{
.cmd = BATADV_CMD_GET_MCAST_FLAGS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_mcast_flags_dump,
},
{
.cmd = BATADV_CMD_SET_MESH,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_set_mesh,
.internal_flags = BATADV_FLAG_NEED_MESH,
},
{
.cmd = BATADV_CMD_SET_HARDIF,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_set_hardif,
.internal_flags = BATADV_FLAG_NEED_MESH |
BATADV_FLAG_NEED_HARDIF,
@@ -1457,7 +1457,7 @@ static const struct genl_ops batadv_netlink_ops[] = {
{
.cmd = BATADV_CMD_SET_VLAN,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_set_vlan,
.internal_flags = BATADV_FLAG_NEED_MESH |
BATADV_FLAG_NEED_VLAN,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 160/320] usb: gadget: f_fs: Use stream_open() for endpoint files
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 159/320] batman-adv: allow netlink usage in unprivileged containers Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 161/320] drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L Greg Kroah-Hartman
` (164 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Keeping, Pavankumar Kondeti,
Sasha Levin
From: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
[ Upstream commit c76ef96fc00eb398c8fc836b0eb2f82bcc619dc7 ]
Function fs endpoint file operations are synchronized via an interruptible
mutex wait. However we see threads that do ep file operations concurrently
are getting blocked for the mutex lock in __fdget_pos(). This is an
uninterruptible wait and we see hung task warnings and kernel panic
if hung_task_panic systcl is enabled if host does not send/receive
the data for long time.
The reason for threads getting blocked in __fdget_pos() is due to
the file position protection introduced by the commit 9c225f2655e3
("vfs: atomic f_pos accesses as per POSIX"). Since function fs
endpoint files does not have the notion of the file position, switch
to the stream mode. This will bypass the file position mutex and
threads will be blocked in interruptible state for the function fs
mutex.
It should not affects user space as we are only changing the task state
changes the task state from UNINTERRUPTIBLE to INTERRUPTIBLE while waiting
for the USB transfers to be finished. However there is a slight change to
the O_NONBLOCK behavior. Earlier threads that are using O_NONBLOCK are also
getting blocked inside fdget_pos(). Now they reach to function fs and error
code is returned. The non blocking behavior is actually honoured now.
Reviewed-by: John Keeping <john@metanate.com>
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
Link: https://lore.kernel.org/r/1636712682-1226-1-git-send-email-quic_pkondeti@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/f_fs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 3f5c21f7f9905..2bea33b41553b 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -614,7 +614,7 @@ static int ffs_ep0_open(struct inode *inode, struct file *file)
file->private_data = ffs;
ffs_data_opened(ffs);
- return 0;
+ return stream_open(inode, file);
}
static int ffs_ep0_release(struct inode *inode, struct file *file)
@@ -1156,7 +1156,7 @@ ffs_epfile_open(struct inode *inode, struct file *file)
file->private_data = epfile;
ffs_data_opened(epfile->ffs);
- return 0;
+ return stream_open(inode, file);
}
static int ffs_aio_cancel(struct kiocb *kiocb)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 161/320] drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 160/320] usb: gadget: f_fs: Use stream_open() for endpoint files Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 162/320] HID: apple: Do not reset quirks when the Fn key is not found Greg Kroah-Hartman
` (163 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yauhen Kharuzhy, Hans de Goede,
Simon Ser, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit bc30c3b0c8a1904d83d5f0d60fb8650a334b207b ]
The Lenovo Yoga Book X91F/L uses a panel which has been mounted
90 degrees rotated. Add a quirk for this.
Cc: Yauhen Kharuzhy <jekhor@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Simon Ser <contact@emersion.fr>
Tested-by: Yauhen Kharuzhy <jekhor@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211106130227.11927-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index a950d5db211c5..9d1bd8f491ad7 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -248,6 +248,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_VERSION, "Lenovo ideapad D330-10IGM"),
},
.driver_data = (void *)&lcd1200x1920_rightside_up,
+ }, { /* Lenovo Yoga Book X90F / X91F / X91L */
+ .matches = {
+ /* Non exact match to match all versions */
+ DMI_MATCH(DMI_PRODUCT_NAME, "Lenovo YB1-X9"),
+ },
+ .driver_data = (void *)&lcd1200x1920_rightside_up,
}, { /* OneGX1 Pro */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "SYSTEM_MANUFACTURER"),
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 162/320] HID: apple: Do not reset quirks when the Fn key is not found
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 161/320] drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 163/320] media: b2c2: Add missing check in flexcop_pci_isr: Greg Kroah-Hartman
` (162 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, José Expósito, Jiri Kosina,
Sasha Levin
From: José Expósito <jose.exposito89@gmail.com>
[ Upstream commit a5fe7864d8ada170f19cc47d176bf8260ffb4263 ]
When a keyboard without a function key is detected, instead of removing
all quirks, remove only the APPLE_HAS_FN quirk.
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-apple.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c
index 07df64daf7dae..efce31d035ef5 100644
--- a/drivers/hid/hid-apple.c
+++ b/drivers/hid/hid-apple.c
@@ -389,7 +389,7 @@ static int apple_input_configured(struct hid_device *hdev,
if ((asc->quirks & APPLE_HAS_FN) && !asc->fn_found) {
hid_info(hdev, "Fn key not found (Apple Wireless Keyboard clone?), disabling Fn key handling\n");
- asc->quirks = 0;
+ asc->quirks &= ~APPLE_HAS_FN;
}
return 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 163/320] media: b2c2: Add missing check in flexcop_pci_isr:
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 162/320] HID: apple: Do not reset quirks when the Fn key is not found Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 164/320] EDAC/synopsys: Use the quirk for version instead of ddr version Greg Kroah-Hartman
` (161 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit b13203032e679674c7c518f52a7ec0801ca3a829 ]
A out-of-bounds bug can be triggered by an interrupt, the reason for
this bug is the lack of checking of register values.
In flexcop_pci_isr, the driver reads value from a register and uses it as
a dma address. Finally, this address will be passed to the count parameter
of find_next_packet. If this value is larger than the size of dma, the
index of buffer will be out-of-bounds.
Fix this by adding a check after reading the value of the register.
The following KASAN report reveals it:
BUG: KASAN: slab-out-of-bounds in find_next_packet
drivers/media/dvb-core/dvb_demux.c:528 [inline]
BUG: KASAN: slab-out-of-bounds in _dvb_dmx_swfilter
drivers/media/dvb-core/dvb_demux.c:572 [inline]
BUG: KASAN: slab-out-of-bounds in dvb_dmx_swfilter+0x3fa/0x420
drivers/media/dvb-core/dvb_demux.c:603
Read of size 1 at addr ffff8880608c00a0 by task swapper/2/0
CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef #25
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xec/0x156 lib/dump_stack.c:118
print_address_description+0x78/0x290 mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report+0x25b/0x380 mm/kasan/report.c:412
__asan_report_load1_noabort+0x19/0x20 mm/kasan/report.c:430
find_next_packet drivers/media/dvb-core/dvb_demux.c:528 [inline]
_dvb_dmx_swfilter drivers/media/dvb-core/dvb_demux.c:572 [inline]
dvb_dmx_swfilter+0x3fa/0x420 drivers/media/dvb-core/dvb_demux.c:603
flexcop_pass_dmx_data+0x2e/0x40 drivers/media/common/b2c2/flexcop.c:167
flexcop_pci_isr+0x3d1/0x5d0 drivers/media/pci/b2c2/flexcop-pci.c:212
__handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149
handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189
handle_irq_event+0xac/0x140 kernel/irq/handle.c:206
handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725
generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]
handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87
do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670
</IRQ>
RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61
Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 62 2f 8c 48 89 e5 e8 fb 31
e8 f8 8b 05 75 4f 8e 03 85 c0 7e 07 0f 00 2d 8a 61 66 00 fb f4 <5d> c3
90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde
RAX: 0000000000000000 RBX: ffffffff8bde44c8 RCX: ffffffff88a11285
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2f6200
RBP: ffff88806b71fcc8 R08: fffffbfff185ec40 R09: fffffbfff185ec40
R10: 0000000000000001 R11: fffffbfff185ec40 R12: 0000000000000002
R13: ffffffff8be9d6e0 R14: 0000000000000000 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0x6f/0x360 arch/x86/kernel/process.c:557
arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548
default_idle_call+0x3b/0x60 kernel/sched/idle.c:93
cpuidle_idle_call kernel/sched/idle.c:153 [inline]
do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263
cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369
start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Allocated by task 1:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:553
kasan_slab_alloc+0x11/0x20 mm/kasan/kasan.c:490
slab_post_alloc_hook mm/slab.h:445 [inline]
slab_alloc_node mm/slub.c:2741 [inline]
slab_alloc mm/slub.c:2749 [inline]
kmem_cache_alloc+0xeb/0x280 mm/slub.c:2754
kmem_cache_zalloc include/linux/slab.h:699 [inline]
__kernfs_new_node+0xe2/0x6f0 fs/kernfs/dir.c:633
kernfs_new_node+0x9a/0x120 fs/kernfs/dir.c:693
__kernfs_create_file+0x5f/0x340 fs/kernfs/file.c:992
sysfs_add_file_mode_ns+0x22a/0x4e0 fs/sysfs/file.c:306
create_files fs/sysfs/group.c:63 [inline]
internal_create_group+0x34e/0xc30 fs/sysfs/group.c:147
sysfs_create_group fs/sysfs/group.c:173 [inline]
sysfs_create_groups+0x9c/0x140 fs/sysfs/group.c:200
driver_add_groups+0x3e/0x50 drivers/base/driver.c:129
bus_add_driver+0x3a5/0x790 drivers/base/bus.c:684
driver_register+0x1cd/0x410 drivers/base/driver.c:170
__pci_register_driver+0x197/0x200 drivers/pci/pci-driver.c:1411
cx88_audio_pci_driver_init+0x23/0x25 drivers/media/pci/cx88/cx88-alsa.c:
1017
do_one_initcall+0xe0/0x610 init/main.c:884
do_initcall_level init/main.c:952 [inline]
do_initcalls init/main.c:960 [inline]
do_basic_setup init/main.c:978 [inline]
kernel_init_freeable+0x4d0/0x592 init/main.c:1145
kernel_init+0x18/0x190 init/main.c:1062
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Freed by task 0:
(stack is not available)
The buggy address belongs to the object at ffff8880608c0000
which belongs to the cache kernfs_node_cache of size 160
The buggy address is located 0 bytes to the right of
160-byte region [ffff8880608c0000, ffff8880608c00a0)
The buggy address belongs to the page:
page:ffffea0001823000 count:1 mapcount:0 mapping:ffff88806bed1e00
index:0x0 compound_mapcount: 0
flags: 0x100000000008100(slab|head)
raw: 0100000000008100 dead000000000100 dead000000000200 ffff88806bed1e00
raw: 0000000000000000 0000000000240024 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880608bff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8880608c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8880608c0080: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00
^
ffff8880608c0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8880608c0180: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
==================================================================
Link: https://lore.kernel.org/linux-media/1620723603-30912-1-git-send-email-zheyuma97@gmail.com
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/b2c2/flexcop-pci.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/pci/b2c2/flexcop-pci.c b/drivers/media/pci/b2c2/flexcop-pci.c
index a9d9520a94c6d..c9e6c7d663768 100644
--- a/drivers/media/pci/b2c2/flexcop-pci.c
+++ b/drivers/media/pci/b2c2/flexcop-pci.c
@@ -185,6 +185,8 @@ static irqreturn_t flexcop_pci_isr(int irq, void *dev_id)
dma_addr_t cur_addr =
fc->read_ibi_reg(fc,dma1_008).dma_0x8.dma_cur_addr << 2;
u32 cur_pos = cur_addr - fc_pci->dma[0].dma_addr0;
+ if (cur_pos > fc_pci->dma[0].size * 2)
+ goto error;
deb_irq("%u irq: %08x cur_addr: %llx: cur_pos: %08x, last_cur_pos: %08x ",
jiffies_to_usecs(jiffies - fc_pci->last_irq),
@@ -225,6 +227,7 @@ static irqreturn_t flexcop_pci_isr(int irq, void *dev_id)
ret = IRQ_NONE;
}
+error:
spin_unlock_irqrestore(&fc_pci->irq_lock, flags);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 164/320] EDAC/synopsys: Use the quirk for version instead of ddr version
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 163/320] media: b2c2: Add missing check in flexcop_pci_isr: Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 165/320] ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART Greg Kroah-Hartman
` (160 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dinh Nguyen, Borislav Petkov,
Michal Simek, Sasha Levin
From: Dinh Nguyen <dinguyen@kernel.org>
[ Upstream commit bd1d6da17c296bd005bfa656952710d256e77dd3 ]
Version 2.40a supports DDR_ECC_INTR_SUPPORT for a quirk, so use that
quirk to determine a call to setup_address_map().
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
Link: https://lkml.kernel.org/r/20211012190709.1504152-1-dinguyen@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/synopsys_edac.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/edac/synopsys_edac.c b/drivers/edac/synopsys_edac.c
index 6becf3363ad57..d23a0782fb49c 100644
--- a/drivers/edac/synopsys_edac.c
+++ b/drivers/edac/synopsys_edac.c
@@ -1351,8 +1351,7 @@ static int mc_probe(struct platform_device *pdev)
}
}
- if (of_device_is_compatible(pdev->dev.of_node,
- "xlnx,zynqmp-ddrc-2.40a"))
+ if (priv->p_data->quirks & DDR_ECC_INTR_SUPPORT)
setup_address_map(priv);
#endif
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 165/320] ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 164/320] EDAC/synopsys: Use the quirk for version instead of ddr version Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 166/320] mlxsw: pci: Add shutdown method in PCI driver Greg Kroah-Hartman
` (159 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lukas Bulwahn, Arnd Bergmann,
Shawn Guo, Sasha Levin
From: Lukas Bulwahn <lukas.bulwahn@gmail.com>
[ Upstream commit b0100bce4ff82ec1ccd3c1f3d339fd2df6a81784 ]
Since commit 4b563a066611 ("ARM: imx: Remove imx21 support"), the config
DEBUG_IMX21_IMX27_UART is really only debug support for IMX27.
So, rename this option to DEBUG_IMX27_UART and adjust dependencies in
Kconfig and rename the definitions to IMX27 as further clean-up.
This issue was discovered with ./scripts/checkkconfigsymbols.py, which
reported that DEBUG_IMX21_IMX27_UART depends on the non-existing config
SOC_IMX21.
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/Kconfig.debug | 14 +++++++-------
arch/arm/include/debug/imx-uart.h | 18 +++++++++---------
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
index 8bcbd0cd739b5..5e2b44a9df18c 100644
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -400,12 +400,12 @@ choice
Say Y here if you want kernel low-level debugging support
on i.MX25.
- config DEBUG_IMX21_IMX27_UART
- bool "i.MX21 and i.MX27 Debug UART"
- depends on SOC_IMX21 || SOC_IMX27
+ config DEBUG_IMX27_UART
+ bool "i.MX27 Debug UART"
+ depends on SOC_IMX27
help
Say Y here if you want kernel low-level debugging support
- on i.MX21 or i.MX27.
+ on i.MX27.
config DEBUG_IMX28_UART
bool "i.MX28 Debug UART"
@@ -1472,7 +1472,7 @@ config DEBUG_IMX_UART_PORT
int "i.MX Debug UART Port Selection"
depends on DEBUG_IMX1_UART || \
DEBUG_IMX25_UART || \
- DEBUG_IMX21_IMX27_UART || \
+ DEBUG_IMX27_UART || \
DEBUG_IMX31_UART || \
DEBUG_IMX35_UART || \
DEBUG_IMX50_UART || \
@@ -1529,12 +1529,12 @@ config DEBUG_LL_INCLUDE
default "debug/icedcc.S" if DEBUG_ICEDCC
default "debug/imx.S" if DEBUG_IMX1_UART || \
DEBUG_IMX25_UART || \
- DEBUG_IMX21_IMX27_UART || \
+ DEBUG_IMX27_UART || \
DEBUG_IMX31_UART || \
DEBUG_IMX35_UART || \
DEBUG_IMX50_UART || \
DEBUG_IMX51_UART || \
- DEBUG_IMX53_UART ||\
+ DEBUG_IMX53_UART || \
DEBUG_IMX6Q_UART || \
DEBUG_IMX6SL_UART || \
DEBUG_IMX6SX_UART || \
diff --git a/arch/arm/include/debug/imx-uart.h b/arch/arm/include/debug/imx-uart.h
index c8eb83d4b8964..3edbb3c5b42bf 100644
--- a/arch/arm/include/debug/imx-uart.h
+++ b/arch/arm/include/debug/imx-uart.h
@@ -11,13 +11,6 @@
#define IMX1_UART_BASE_ADDR(n) IMX1_UART##n##_BASE_ADDR
#define IMX1_UART_BASE(n) IMX1_UART_BASE_ADDR(n)
-#define IMX21_UART1_BASE_ADDR 0x1000a000
-#define IMX21_UART2_BASE_ADDR 0x1000b000
-#define IMX21_UART3_BASE_ADDR 0x1000c000
-#define IMX21_UART4_BASE_ADDR 0x1000d000
-#define IMX21_UART_BASE_ADDR(n) IMX21_UART##n##_BASE_ADDR
-#define IMX21_UART_BASE(n) IMX21_UART_BASE_ADDR(n)
-
#define IMX25_UART1_BASE_ADDR 0x43f90000
#define IMX25_UART2_BASE_ADDR 0x43f94000
#define IMX25_UART3_BASE_ADDR 0x5000c000
@@ -26,6 +19,13 @@
#define IMX25_UART_BASE_ADDR(n) IMX25_UART##n##_BASE_ADDR
#define IMX25_UART_BASE(n) IMX25_UART_BASE_ADDR(n)
+#define IMX27_UART1_BASE_ADDR 0x1000a000
+#define IMX27_UART2_BASE_ADDR 0x1000b000
+#define IMX27_UART3_BASE_ADDR 0x1000c000
+#define IMX27_UART4_BASE_ADDR 0x1000d000
+#define IMX27_UART_BASE_ADDR(n) IMX27_UART##n##_BASE_ADDR
+#define IMX27_UART_BASE(n) IMX27_UART_BASE_ADDR(n)
+
#define IMX31_UART1_BASE_ADDR 0x43f90000
#define IMX31_UART2_BASE_ADDR 0x43f94000
#define IMX31_UART3_BASE_ADDR 0x5000c000
@@ -112,10 +112,10 @@
#ifdef CONFIG_DEBUG_IMX1_UART
#define UART_PADDR IMX_DEBUG_UART_BASE(IMX1)
-#elif defined(CONFIG_DEBUG_IMX21_IMX27_UART)
-#define UART_PADDR IMX_DEBUG_UART_BASE(IMX21)
#elif defined(CONFIG_DEBUG_IMX25_UART)
#define UART_PADDR IMX_DEBUG_UART_BASE(IMX25)
+#elif defined(CONFIG_DEBUG_IMX27_UART)
+#define UART_PADDR IMX_DEBUG_UART_BASE(IMX27)
#elif defined(CONFIG_DEBUG_IMX31_UART)
#define UART_PADDR IMX_DEBUG_UART_BASE(IMX31)
#elif defined(CONFIG_DEBUG_IMX35_UART)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 166/320] mlxsw: pci: Add shutdown method in PCI driver
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 165/320] ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 167/320] drm/bridge: megachips: Ensure both bridges are probed before registration Greg Kroah-Hartman
` (158 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biederman, Danielle Ratson,
Ido Schimmel, David S. Miller, Sasha Levin
From: Danielle Ratson <danieller@nvidia.com>
[ Upstream commit c1020d3cf4752f61a6a413f632ea2ce2370e150d ]
On an arm64 platform with the Spectrum ASIC, after loading and executing
a new kernel via kexec, the following trace [1] is observed. This seems
to be caused by the fact that the device is not properly shutdown before
executing the new kernel.
Fix this by implementing a shutdown method which mirrors the remove
method, as recommended by the kexec maintainer [2][3].
[1]
BUG: Bad page state in process devlink pfn:22f73d
page:fffffe00089dcf40 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x2ffff00000000000()
raw: 2ffff00000000000 0000000000000000 ffffffff089d0201 0000000000000000
raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000
page dumped because: nonzero _refcount
Modules linked in:
CPU: 1 PID: 16346 Comm: devlink Tainted: G B 5.8.0-rc6-custom-273020-gac6b365b1bf5 #44
Hardware name: Marvell Armada 7040 TX4810M (DT)
Call trace:
dump_backtrace+0x0/0x1d0
show_stack+0x1c/0x28
dump_stack+0xbc/0x118
bad_page+0xcc/0xf8
check_free_page_bad+0x80/0x88
__free_pages_ok+0x3f8/0x418
__free_pages+0x38/0x60
kmem_freepages+0x200/0x2a8
slab_destroy+0x28/0x68
slabs_destroy+0x60/0x90
___cache_free+0x1b4/0x358
kfree+0xc0/0x1d0
skb_free_head+0x2c/0x38
skb_release_data+0x110/0x1a0
skb_release_all+0x2c/0x38
consume_skb+0x38/0x130
__dev_kfree_skb_any+0x44/0x50
mlxsw_pci_rdq_fini+0x8c/0xb0
mlxsw_pci_queue_fini.isra.0+0x28/0x58
mlxsw_pci_queue_group_fini+0x58/0x88
mlxsw_pci_aqs_fini+0x2c/0x60
mlxsw_pci_fini+0x34/0x50
mlxsw_core_bus_device_unregister+0x104/0x1d0
mlxsw_devlink_core_bus_device_reload_down+0x2c/0x48
devlink_reload+0x44/0x158
devlink_nl_cmd_reload+0x270/0x290
genl_rcv_msg+0x188/0x2f0
netlink_rcv_skb+0x5c/0x118
genl_rcv+0x3c/0x50
netlink_unicast+0x1bc/0x278
netlink_sendmsg+0x194/0x390
__sys_sendto+0xe0/0x158
__arm64_sys_sendto+0x2c/0x38
el0_svc_common.constprop.0+0x70/0x168
do_el0_svc+0x28/0x88
el0_sync_handler+0x88/0x190
el0_sync+0x140/0x180
[2]
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1195432.html
[3]
https://patchwork.kernel.org/project/linux-scsi/patch/20170212214920.28866-1-anton@ozlabs.org/#20116693
Cc: Eric Biederman <ebiederm@xmission.com>
Signed-off-by: Danielle Ratson <danieller@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/pci.c b/drivers/net/ethernet/mellanox/mlxsw/pci.c
index aa4fef7890841..ff331251a019a 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/pci.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/pci.c
@@ -1876,6 +1876,7 @@ int mlxsw_pci_driver_register(struct pci_driver *pci_driver)
{
pci_driver->probe = mlxsw_pci_probe;
pci_driver->remove = mlxsw_pci_remove;
+ pci_driver->shutdown = mlxsw_pci_remove;
return pci_register_driver(pci_driver);
}
EXPORT_SYMBOL(mlxsw_pci_driver_register);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 167/320] drm/bridge: megachips: Ensure both bridges are probed before registration
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 166/320] mlxsw: pci: Add shutdown method in PCI driver Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 168/320] gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use Greg Kroah-Hartman
` (157 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martyn Welch, Peter Senna Tschudin,
Martyn Welch, Neil Armstrong, Robert Foss, Laurent Pinchart,
Jonas Karlman, Jernej Skrabec, Sasha Levin
From: Martyn Welch <martyn.welch@collabora.com>
[ Upstream commit 11632d4aa2b3f126790e81a4415d6c23103cf8bb ]
In the configuration used by the b850v3, the STDP2690 is used to read EDID
data whilst it's the STDP4028 which can detect when monitors are connected.
This can result in problems at boot with monitors connected when the
STDP4028 is probed first, a monitor is detected and an attempt is made to
read the EDID data before the STDP2690 has probed:
[ 3.795721] Unable to handle kernel NULL pointer dereference at virtual address 00000018
[ 3.803845] pgd = (ptrval)
[ 3.806581] [00000018] *pgd=00000000
[ 3.810180] Internal error: Oops: 5 [#1] SMP ARM
[ 3.814813] Modules linked in:
[ 3.817879] CPU: 0 PID: 64 Comm: kworker/u4:1 Not tainted 5.15.0 #1
[ 3.824161] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[ 3.830705] Workqueue: events_unbound deferred_probe_work_func
[ 3.836565] PC is at stdp2690_get_edid+0x44/0x19c
[ 3.841286] LR is at ge_b850v3_lvds_get_modes+0x2c/0x5c
[ 3.846526] pc : [<805eae10>] lr : [<805eb138>] psr: 80000013
[ 3.852802] sp : 81c359d0 ip : 7dbb550b fp : 81c35a1c
[ 3.858037] r10: 81c73840 r9 : 81c73894 r8 : 816d9800
[ 3.863270] r7 : 00000000 r6 : 81c34000 r5 : 00000000 r4 : 810c35f0
[ 3.869808] r3 : 80e3e294 r2 : 00000080 r1 : 00000cc0 r0 : 81401180
[ 3.876349] Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 3.883499] Control: 10c5387d Table: 1000404a DAC: 00000051
[ 3.889254] Register r0 information: slab kmem_cache start 81401180 pointer offset 0
[ 3.897034] Register r1 information: non-paged memory
[ 3.902097] Register r2 information: non-paged memory
[ 3.907160] Register r3 information: non-slab/vmalloc memory
[ 3.912832] Register r4 information: non-slab/vmalloc memory
[ 3.918503] Register r5 information: NULL pointer
[ 3.923217] Register r6 information: non-slab/vmalloc memory
[ 3.928887] Register r7 information: NULL pointer
[ 3.933601] Register r8 information: slab kmalloc-1k start 816d9800 pointer offset 0 size 1024
[ 3.942244] Register r9 information: slab kmalloc-2k start 81c73800 pointer offset 148 size 2048
[ 3.951058] Register r10 information: slab kmalloc-2k start 81c73800 pointer offset 64 size 2048
[ 3.959873] Register r11 information: non-slab/vmalloc memory
[ 3.965632] Register r12 information: non-paged memory
[ 3.970781] Process kworker/u4:1 (pid: 64, stack limit = 0x(ptrval))
[ 3.977148] Stack: (0x81c359d0 to 0x81c36000)
[ 3.981517] 59c0: 80b2b668 80b2b5bc 000002e2 0000034e
[ 3.989712] 59e0: 81c35a8c 816d98e8 81c35a14 7dbb550b 805bfcd0 810c35f0 81c73840 824addc0
[ 3.997906] 5a00: 00001000 816d9800 81c73894 81c73840 81c35a34 81c35a20 805eb138 805eadd8
[ 4.006099] 5a20: 810c35f0 00000045 81c35adc 81c35a38 80594188 805eb118 80d7c788 80dd1848
[ 4.014292] 5a40: 00000000 81c35a50 80dca950 811194d3 80dca7c4 80dca944 80dca91c 816d9800
[ 4.022485] 5a60: 81c34000 81c760a8 816d9800 80c58c98 810c35f0 816d98e8 00001000 00001000
[ 4.030678] 5a80: 00000000 00000000 8017712c 81c60000 00000002 00000001 00000000 00000000
[ 4.038870] 5aa0: 816d9900 816d9900 00000000 7dbb550b 805c700c 00000008 826282c8 826282c8
[ 4.047062] 5ac0: 00001000 81e1ce40 00001000 00000002 81c35bf4 81c35ae0 805d9694 80593fc0
[ 4.055255] 5ae0: 8017a970 80179ad8 00000179 00000000 81c35bcc 81c35b00 80177108 8017a950
[ 4.063447] 5b00: 00000000 81c35b10 81c34000 00000000 81004fd8 81010a38 00000000 00000059
[ 4.071639] 5b20: 816d98d4 81fbb718 00000013 826282c8 8017a940 81c35b40 81134448 00000400
[ 4.079831] 5b40: 00000178 00000000 e063b9c1 00000000 c2000049 00000040 00000000 00000008
[ 4.088024] 5b60: 82628300 82628380 00000000 00000000 81c34000 00000000 81fbb700 82628340
[ 4.096216] 5b80: 826283c0 00001000 00000000 00000010 816d9800 826282c0 801766f8 00000000
[ 4.104408] 5ba0: 00000000 81004fd8 00000049 00000000 00000000 00000001 80dcf940 80178de4
[ 4.112601] 5bc0: 81c35c0c 7dbb550b 80178de4 81fbb700 00000010 00000010 810c35f4 81e1ce40
[ 4.120793] 5be0: 81c40908 0000000c 81c35c64 81c35bf8 805a7f18 805d94a0 81c35c3c 816d9800
[ 4.128985] 5c00: 00000010 81c34000 81c35c2c 81c35c18 8012fce0 805be90c 81c35c3c 81c35c28
[ 4.137178] 5c20: 805be90c 80173210 81fbb600 81fbb6b4 81c35c5c 7dbb550b 81c35c64 81fbb700
[ 4.145370] 5c40: 816d9800 00000010 810c35f4 81e1ce40 81c40908 0000000c 81c35c84 81c35c68
[ 4.153565] 5c60: 805a8c78 805a7ed0 816d9800 81fbb700 00000010 00000000 81c35cac 81c35c88
[ 4.161758] 5c80: 805a8dc4 805a8b68 816d9800 00000000 816d9800 00000000 8179f810 810c42d0
[ 4.169950] 5ca0: 81c35ccc 81c35cb0 805e47b0 805a8d18 824aa240 81e1ea80 81c40908 81126b60
[ 4.178144] 5cc0: 81c35d14 81c35cd0 8060db1c 805e46cc 81c35d14 81c35ce0 80dd90f8 810c4d58
[ 4.186338] 5ce0: 80dd90dc 81fe9740 fffffffe 81fe9740 81e1ea80 00000000 810c4d6c 80c4b95c
[ 4.194531] 5d00: 80dd9a3c 815c6810 81c35d34 81c35d18 8060dc9c 8060d8fc 8246b440 815c6800
[ 4.202724] 5d20: 815c6810 eefd8e00 81c35d44 81c35d38 8060dd80 8060dbec 81c35d6c 81c35d48
[ 4.210918] 5d40: 805e98a4 8060dd70 00000000 815c6810 810c45b0 81126e90 81126e90 80dd9a3c
[ 4.219112] 5d60: 81c35d8c 81c35d70 80619574 805e9808 815c6810 00000000 810c45b0 81126e90
[ 4.227305] 5d80: 81c35db4 81c35d90 806168dc 80619514 80625df0 80623c80 815c6810 810c45b0
[ 4.235498] 5da0: 81c35e6c 815c6810 81c35dec 81c35db8 80616d04 80616800 81c35de4 81c35dc8
[ 4.243691] 5dc0: 808382b0 80b2f444 8116e310 8116e314 81c35e6c 815c6810 00000003 80dd9a3c
[ 4.251884] 5de0: 81c35e14 81c35df0 80616ec8 80616c60 00000001 810c45b0 81c35e6c 815c6810
[ 4.260076] 5e00: 00000001 80dd9a3c 81c35e34 81c35e18 80617338 80616e90 00000000 81c35e6c
[ 4.268269] 5e20: 80617284 81c34000 81c35e64 81c35e38 80614730 80617290 81c35e64 8171a06c
[ 4.276461] 5e40: 81e220b8 7dbb550b 815c6810 81c34000 815c6854 81126e90 81c35e9c 81c35e68
[ 4.284654] 5e60: 8061673c 806146a8 8060f5e0 815c6810 00000001 7dbb550b 00000000 810c5080
[ 4.292847] 5e80: 810c5320 815c6810 81126e90 00000000 81c35eac 81c35ea0 80617554 80616650
[ 4.301040] 5ea0: 81c35ecc 81c35eb0 80615694 80617544 810c5080 810c5080 810c5094 81126e90
[ 4.309233] 5ec0: 81c35efc 81c35ed0 80615c6c 8061560c 80615bc0 810c50c0 817eeb00 81412800
[ 4.317425] 5ee0: 814c3000 00000000 814c300d 81119a60 81c35f3c 81c35f00 80141488 80615bcc
[ 4.325618] 5f00: 81c60000 81c34000 81c35f24 81c35f18 80143078 817eeb00 81412800 817eeb18
[ 4.333811] 5f20: 81412818 81003d00 00000088 81412800 81c35f74 81c35f40 80141a48 80141298
[ 4.342005] 5f40: 81c35f74 81c34000 801481ac 817efa40 817efc00 801417d8 817eeb00 00000000
[ 4.350199] 5f60: 815a7e7c 81c34000 81c35fac 81c35f78 80149b1c 801417e4 817efc20 817efc20
[ 4.358391] 5f80: ffffe000 817efa40 801499a8 00000000 00000000 00000000 00000000 00000000
[ 4.366583] 5fa0: 00000000 81c35fb0 80100130 801499b4 00000000 00000000 00000000 00000000
[ 4.374774] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 4.382966] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[ 4.391155] Backtrace:
[ 4.393613] [<805eadcc>] (stdp2690_get_edid) from [<805eb138>] (ge_b850v3_lvds_get_modes+0x2c/0x5c)
[ 4.402691] r10:81c73840 r9:81c73894 r8:816d9800 r7:00001000 r6:824addc0 r5:81c73840
[ 4.410534] r4:810c35f0
[ 4.413073] [<805eb10c>] (ge_b850v3_lvds_get_modes) from [<80594188>] (drm_helper_probe_single_connector_modes+0x1d4/0x84c)
[ 4.424240] r5:00000045 r4:810c35f0
[ 4.427822] [<80593fb4>] (drm_helper_probe_single_connector_modes) from [<805d9694>] (drm_client_modeset_probe+0x200/0x1384)
[ 4.439074] r10:00000002 r9:00001000 r8:81e1ce40 r7:00001000 r6:826282c8 r5:826282c8
[ 4.446917] r4:00000008
[ 4.449455] [<805d9494>] (drm_client_modeset_probe) from [<805a7f18>] (__drm_fb_helper_initial_config_and_unlock+0x54/0x5b4)
[ 4.460713] r10:0000000c r9:81c40908 r8:81e1ce40 r7:810c35f4 r6:00000010 r5:00000010
[ 4.468556] r4:81fbb700
[ 4.471095] [<805a7ec4>] (__drm_fb_helper_initial_config_and_unlock) from [<805a8c78>] (drm_fbdev_client_hotplug+0x11c/0x1b0)
[ 4.482434] r10:0000000c r9:81c40908 r8:81e1ce40 r7:810c35f4 r6:00000010 r5:816d9800
[ 4.490276] r4:81fbb700
[ 4.492814] [<805a8b5c>] (drm_fbdev_client_hotplug) from [<805a8dc4>] (drm_fbdev_generic_setup+0xb8/0x1a4)
[ 4.502494] r7:00000000 r6:00000010 r5:81fbb700 r4:816d9800
[ 4.508160] [<805a8d0c>] (drm_fbdev_generic_setup) from [<805e47b0>] (imx_drm_bind+0xf0/0x130)
[ 4.516805] r7:810c42d0 r6:8179f810 r5:00000000 r4:816d9800
[ 4.522474] [<805e46c0>] (imx_drm_bind) from [<8060db1c>] (try_to_bring_up_master+0x22c/0x2f0)
[ 4.531116] r7:81126b60 r6:81c40908 r5:81e1ea80 r4:824aa240
[ 4.536783] [<8060d8f0>] (try_to_bring_up_master) from [<8060dc9c>] (__component_add+0xbc/0x184)
[ 4.545597] r10:815c6810 r9:80dd9a3c r8:80c4b95c r7:810c4d6c r6:00000000 r5:81e1ea80
[ 4.553440] r4:81fe9740
[ 4.555980] [<8060dbe0>] (__component_add) from [<8060dd80>] (component_add+0x1c/0x20)
[ 4.563921] r7:eefd8e00 r6:815c6810 r5:815c6800 r4:8246b440
[ 4.569589] [<8060dd64>] (component_add) from [<805e98a4>] (dw_hdmi_imx_probe+0xa8/0xe8)
[ 4.577702] [<805e97fc>] (dw_hdmi_imx_probe) from [<80619574>] (platform_probe+0x6c/0xc8)
[ 4.585908] r9:80dd9a3c r8:81126e90 r7:81126e90 r6:810c45b0 r5:815c6810 r4:00000000
[ 4.593662] [<80619508>] (platform_probe) from [<806168dc>] (really_probe+0xe8/0x460)
[ 4.601524] r7:81126e90 r6:810c45b0 r5:00000000 r4:815c6810
[ 4.607191] [<806167f4>] (really_probe) from [<80616d04>] (__driver_probe_device+0xb0/0x230)
[ 4.615658] r7:815c6810 r6:81c35e6c r5:810c45b0 r4:815c6810
[ 4.621326] [<80616c54>] (__driver_probe_device) from [<80616ec8>] (driver_probe_device+0x44/0xe0)
[ 4.630313] r9:80dd9a3c r8:00000003 r7:815c6810 r6:81c35e6c r5:8116e314 r4:8116e310
[ 4.638068] [<80616e84>] (driver_probe_device) from [<80617338>] (__device_attach_driver+0xb4/0x12c)
[ 4.647227] r9:80dd9a3c r8:00000001 r7:815c6810 r6:81c35e6c r5:810c45b0 r4:00000001
[ 4.654981] [<80617284>] (__device_attach_driver) from [<80614730>] (bus_for_each_drv+0x94/0xd8)
[ 4.663794] r7:81c34000 r6:80617284 r5:81c35e6c r4:00000000
[ 4.669461] [<8061469c>] (bus_for_each_drv) from [<8061673c>] (__device_attach+0xf8/0x190)
[ 4.677753] r7:81126e90 r6:815c6854 r5:81c34000 r4:815c6810
[ 4.683419] [<80616644>] (__device_attach) from [<80617554>] (device_initial_probe+0x1c/0x20)
[ 4.691971] r8:00000000 r7:81126e90 r6:815c6810 r5:810c5320 r4:810c5080
[ 4.698681] [<80617538>] (device_initial_probe) from [<80615694>] (bus_probe_device+0x94/0x9c)
[ 4.707318] [<80615600>] (bus_probe_device) from [<80615c6c>] (deferred_probe_work_func+0xac/0xf0)
[ 4.716305] r7:81126e90 r6:810c5094 r5:810c5080 r4:810c5080
[ 4.721973] [<80615bc0>] (deferred_probe_work_func) from [<80141488>] (process_one_work+0x1fc/0x54c)
[ 4.731139] r10:81119a60 r9:814c300d r8:00000000 r7:814c3000 r6:81412800 r5:817eeb00
[ 4.738981] r4:810c50c0 r3:80615bc0
[ 4.742563] [<8014128c>] (process_one_work) from [<80141a48>] (worker_thread+0x270/0x570)
[ 4.750765] r10:81412800 r9:00000088 r8:81003d00 r7:81412818 r6:817eeb18 r5:81412800
[ 4.758608] r4:817eeb00
[ 4.761147] [<801417d8>] (worker_thread) from [<80149b1c>] (kthread+0x174/0x190)
[ 4.768574] r10:81c34000 r9:815a7e7c r8:00000000 r7:817eeb00 r6:801417d8 r5:817efc00
[ 4.776417] r4:817efa40
[ 4.778955] [<801499a8>] (kthread) from [<80100130>] (ret_from_fork+0x14/0x24)
[ 4.786201] Exception stack(0x81c35fb0 to 0x81c35ff8)
[ 4.791266] 5fa0: 00000000 00000000 00000000 00000000
[ 4.799459] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 4.807651] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 4.814279] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:801499a8
[ 4.822120] r4:817efa40
[ 4.824664] Code: e3a02080 e593001c e3a01d33 e3a05000 (e5979018)
Split the registration from the STDP4028 probe routine and only perform
registration once both the STDP4028 and STDP2690 have probed.
Signed-off-by: Martyn Welch <martyn.welch@collabora.com>
CC: Peter Senna Tschudin <peter.senna@gmail.com>
CC: Martyn Welch <martyn.welch@collabora.co.uk>
CC: Neil Armstrong <narmstrong@baylibre.com>
CC: Robert Foss <robert.foss@linaro.org>
CC: Laurent Pinchart <Laurent.pinchart@ideasonboard.com>
CC: Jonas Karlman <jonas@kwiboo.se>
CC: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/43552c3404e8fdf92d8bc5658fac24e9f03c2c57.1637836606.git.martyn.welch@collabora.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../bridge/megachips-stdpxxxx-ge-b850v3-fw.c | 40 +++++++++++++------
1 file changed, 28 insertions(+), 12 deletions(-)
diff --git a/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c b/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
index b050fd1f3d201..5302dd90a7a5f 100644
--- a/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
+++ b/drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c
@@ -291,19 +291,10 @@ out:
mutex_unlock(&ge_b850v3_lvds_dev_mutex);
}
-static int stdp4028_ge_b850v3_fw_probe(struct i2c_client *stdp4028_i2c,
- const struct i2c_device_id *id)
+static int ge_b850v3_register(void)
{
+ struct i2c_client *stdp4028_i2c = ge_b850v3_lvds_ptr->stdp4028_i2c;
struct device *dev = &stdp4028_i2c->dev;
- int ret;
-
- ret = ge_b850v3_lvds_init(dev);
-
- if (ret)
- return ret;
-
- ge_b850v3_lvds_ptr->stdp4028_i2c = stdp4028_i2c;
- i2c_set_clientdata(stdp4028_i2c, ge_b850v3_lvds_ptr);
/* drm bridge initialization */
ge_b850v3_lvds_ptr->bridge.funcs = &ge_b850v3_lvds_funcs;
@@ -325,6 +316,27 @@ static int stdp4028_ge_b850v3_fw_probe(struct i2c_client *stdp4028_i2c,
"ge-b850v3-lvds-dp", ge_b850v3_lvds_ptr);
}
+static int stdp4028_ge_b850v3_fw_probe(struct i2c_client *stdp4028_i2c,
+ const struct i2c_device_id *id)
+{
+ struct device *dev = &stdp4028_i2c->dev;
+ int ret;
+
+ ret = ge_b850v3_lvds_init(dev);
+
+ if (ret)
+ return ret;
+
+ ge_b850v3_lvds_ptr->stdp4028_i2c = stdp4028_i2c;
+ i2c_set_clientdata(stdp4028_i2c, ge_b850v3_lvds_ptr);
+
+ /* Only register after both bridges are probed */
+ if (!ge_b850v3_lvds_ptr->stdp2690_i2c)
+ return 0;
+
+ return ge_b850v3_register();
+}
+
static int stdp4028_ge_b850v3_fw_remove(struct i2c_client *stdp4028_i2c)
{
ge_b850v3_lvds_remove();
@@ -368,7 +380,11 @@ static int stdp2690_ge_b850v3_fw_probe(struct i2c_client *stdp2690_i2c,
ge_b850v3_lvds_ptr->stdp2690_i2c = stdp2690_i2c;
i2c_set_clientdata(stdp2690_i2c, ge_b850v3_lvds_ptr);
- return 0;
+ /* Only register after both bridges are probed */
+ if (!ge_b850v3_lvds_ptr->stdp4028_i2c)
+ return 0;
+
+ return ge_b850v3_register();
}
static int stdp2690_ge_b850v3_fw_remove(struct i2c_client *stdp2690_i2c)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 168/320] gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 167/320] drm/bridge: megachips: Ensure both bridges are probed before registration Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 169/320] HSI: core: Fix return freed object in hsi_new_client Greg Kroah-Hartman
` (156 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Andy Shevchenko, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit bdfd6ab8fdccd8b138837efff66f4a1911496378 ]
If the IRQ is already in use, then acpi_dev_gpio_irq_get_by() really
should not change the type underneath the current owner.
I specifically hit an issue with this an a Chuwi Hi8 Super (CWI509) Bay
Trail tablet, when the Boot OS selection in the BIOS is set to Android.
In this case _STA for a MAX17047 ACPI I2C device wrongly returns 0xf and
the _CRS resources for this device include a GpioInt pointing to a GPIO
already in use by an _AEI handler, with a different type then specified
in the _CRS for the MAX17047 device. Leading to the acpi_dev_gpio_irq_get()
call done by the i2c-core-acpi.c code changing the type breaking the
_AEI handler.
Now this clearly is a bug in the DSDT of this tablet (in Android mode),
but in general calling irq_set_irq_type() on an IRQ which already is
in use seems like a bad idea.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpiolib-acpi.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c
index e3ddc99c105d4..13c6eee481da7 100644
--- a/drivers/gpio/gpiolib-acpi.c
+++ b/drivers/gpio/gpiolib-acpi.c
@@ -953,10 +953,17 @@ int acpi_dev_gpio_irq_get(struct acpi_device *adev, int index)
irq_flags = acpi_dev_get_irq_type(info.triggering,
info.polarity);
- /* Set type if specified and different than the current one */
- if (irq_flags != IRQ_TYPE_NONE &&
- irq_flags != irq_get_trigger_type(irq))
- irq_set_irq_type(irq, irq_flags);
+ /*
+ * If the IRQ is not already in use then set type
+ * if specified and different than the current one.
+ */
+ if (can_request_irq(irq, irq_flags)) {
+ if (irq_flags != IRQ_TYPE_NONE &&
+ irq_flags != irq_get_trigger_type(irq))
+ irq_set_irq_type(irq, irq_flags);
+ } else {
+ dev_dbg(&adev->dev, "IRQ %d already in use\n", irq);
+ }
return irq;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 169/320] HSI: core: Fix return freed object in hsi_new_client
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 168/320] gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 170/320] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() Greg Kroah-Hartman
` (155 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengfeng Ye, Sebastian Reichel, Sasha Levin
From: Chengfeng Ye <cyeaa@connect.ust.hk>
[ Upstream commit a1ee1c08fcd5af03187dcd41dcab12fd5b379555 ]
cl is freed on error of calling device_register, but this
object is return later, which will cause uaf issue. Fix it
by return NULL on error.
Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hsi/hsi_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/hsi/hsi_core.c b/drivers/hsi/hsi_core.c
index a5f92e2889cb8..a330f58d45fc6 100644
--- a/drivers/hsi/hsi_core.c
+++ b/drivers/hsi/hsi_core.c
@@ -102,6 +102,7 @@ struct hsi_client *hsi_new_client(struct hsi_port *port,
if (device_register(&cl->device) < 0) {
pr_err("hsi: failed to register client: %s\n", info->name);
put_device(&cl->device);
+ goto err;
}
return cl;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 170/320] mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 169/320] HSI: core: Fix return freed object in hsi_new_client Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 171/320] rsi: Fix use-after-free in rsi_rx_done_handler() Greg Kroah-Hartman
` (154 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brendan Dolan-Gavitt, Zekun Shen,
Kalle Valo, Sasha Levin
From: Zekun Shen <bruceshenzk@gmail.com>
[ Upstream commit 04d80663f67ccef893061b49ec8a42ff7045ae84 ]
Currently, with an unknown recv_type, mwifiex_usb_recv
just return -1 without restoring the skb. Next time
mwifiex_usb_rx_complete is invoked with the same skb,
calling skb_put causes skb_over_panic.
The bug is triggerable with a compromised/malfunctioning
usb device. After applying the patch, skb_over_panic
no longer shows up with the same input.
Attached is the panic report from fuzzing.
skbuff: skb_over_panic: text:000000003bf1b5fa
len:2048 put:4 head:00000000dd6a115b data:000000000a9445d8
tail:0x844 end:0x840 dev:<NULL>
kernel BUG at net/core/skbuff.c:109!
invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 PID: 198 Comm: in:imklog Not tainted 5.6.0 #60
RIP: 0010:skb_panic+0x15f/0x161
Call Trace:
<IRQ>
? mwifiex_usb_rx_complete+0x26b/0xfcd [mwifiex_usb]
skb_put.cold+0x24/0x24
mwifiex_usb_rx_complete+0x26b/0xfcd [mwifiex_usb]
__usb_hcd_giveback_urb+0x1e4/0x380
usb_giveback_urb_bh+0x241/0x4f0
? __hrtimer_run_queues+0x316/0x740
? __usb_hcd_giveback_urb+0x380/0x380
tasklet_action_common.isra.0+0x135/0x330
__do_softirq+0x18c/0x634
irq_exit+0x114/0x140
smp_apic_timer_interrupt+0xde/0x380
apic_timer_interrupt+0xf/0x20
</IRQ>
Reported-by: Brendan Dolan-Gavitt <brendandg@nyu.edu>
Signed-off-by: Zekun Shen <bruceshenzk@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/usb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/usb.c b/drivers/net/wireless/marvell/mwifiex/usb.c
index cb8a9ad40cfe9..39cf713d5054c 100644
--- a/drivers/net/wireless/marvell/mwifiex/usb.c
+++ b/drivers/net/wireless/marvell/mwifiex/usb.c
@@ -130,7 +130,8 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter,
default:
mwifiex_dbg(adapter, ERROR,
"unknown recv_type %#x\n", recv_type);
- return -1;
+ ret = -1;
+ goto exit_restore_skb;
}
break;
case MWIFIEX_USB_EP_DATA:
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 171/320] rsi: Fix use-after-free in rsi_rx_done_handler()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 170/320] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 172/320] rsi: Fix out-of-bounds read in rsi_read_pkt() Greg Kroah-Hartman
` (153 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brendan Dolan-Gavitt, Zekun Shen,
Kalle Valo, Sasha Levin
From: Zekun Shen <bruceshenzk@gmail.com>
[ Upstream commit b07e3c6ebc0c20c772c0f54042e430acec2945c3 ]
When freeing rx_cb->rx_skb, the pointer is not set to NULL,
a later rsi_rx_done_handler call will try to read the freed
address.
This bug will very likley lead to double free, although
detected early as use-after-free bug.
The bug is triggerable with a compromised/malfunctional usb
device. After applying the patch, the same input no longer
triggers the use-after-free.
Attached is the kasan report from fuzzing.
BUG: KASAN: use-after-free in rsi_rx_done_handler+0x354/0x430 [rsi_usb]
Read of size 4 at addr ffff8880188e5930 by task modprobe/231
Call Trace:
<IRQ>
dump_stack+0x76/0xa0
print_address_description.constprop.0+0x16/0x200
? rsi_rx_done_handler+0x354/0x430 [rsi_usb]
? rsi_rx_done_handler+0x354/0x430 [rsi_usb]
__kasan_report.cold+0x37/0x7c
? dma_direct_unmap_page+0x90/0x110
? rsi_rx_done_handler+0x354/0x430 [rsi_usb]
kasan_report+0xe/0x20
rsi_rx_done_handler+0x354/0x430 [rsi_usb]
__usb_hcd_giveback_urb+0x1e4/0x380
usb_giveback_urb_bh+0x241/0x4f0
? __usb_hcd_giveback_urb+0x380/0x380
? apic_timer_interrupt+0xa/0x20
tasklet_action_common.isra.0+0x135/0x330
__do_softirq+0x18c/0x634
? handle_irq_event+0xcd/0x157
? handle_edge_irq+0x1eb/0x7b0
irq_exit+0x114/0x140
do_IRQ+0x91/0x1e0
common_interrupt+0xf/0xf
</IRQ>
Reported-by: Brendan Dolan-Gavitt <brendandg@nyu.edu>
Signed-off-by: Zekun Shen <bruceshenzk@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/YXxQL/vIiYcZUu/j@10-18-43-117.dynapool.wireless.nyu.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/rsi/rsi_91x_usb.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_usb.c b/drivers/net/wireless/rsi/rsi_91x_usb.c
index 68ce3d2bc5357..730d7bf86c40c 100644
--- a/drivers/net/wireless/rsi/rsi_91x_usb.c
+++ b/drivers/net/wireless/rsi/rsi_91x_usb.c
@@ -261,8 +261,12 @@ static void rsi_rx_done_handler(struct urb *urb)
struct rsi_91x_usbdev *dev = (struct rsi_91x_usbdev *)rx_cb->data;
int status = -EINVAL;
+ if (!rx_cb->rx_skb)
+ return;
+
if (urb->status) {
dev_kfree_skb(rx_cb->rx_skb);
+ rx_cb->rx_skb = NULL;
return;
}
@@ -286,8 +290,10 @@ out:
if (rsi_rx_urb_submit(dev->priv, rx_cb->ep_num, GFP_ATOMIC))
rsi_dbg(ERR_ZONE, "%s: Failed in urb submission", __func__);
- if (status)
+ if (status) {
dev_kfree_skb(rx_cb->rx_skb);
+ rx_cb->rx_skb = NULL;
+ }
}
static void rsi_rx_urb_kill(struct rsi_hw *adapter, u8 ep_num)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 172/320] rsi: Fix out-of-bounds read in rsi_read_pkt()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 171/320] rsi: Fix use-after-free in rsi_rx_done_handler() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 173/320] usb: uhci: add aspeed ast2600 uhci support Greg Kroah-Hartman
` (152 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brendan Dolan-Gavitt, Zekun Shen,
Kalle Valo, Sasha Levin
From: Zekun Shen <bruceshenzk@gmail.com>
[ Upstream commit f1cb3476e48b60c450ec3a1d7da0805bffc6e43a ]
rsi_get_* functions rely on an offset variable from usb
input. The size of usb input is RSI_MAX_RX_USB_PKT_SIZE(3000),
while 2-byte offset can be up to 0xFFFF. Thus a large offset
can cause out-of-bounds read.
The patch adds a bound checking condition when rcv_pkt_len is 0,
indicating it's USB. It's unclear whether this is triggerable
from other type of bus. The following check might help in that case.
offset > rcv_pkt_len - FRAME_DESC_SZ
The bug is trigerrable with conpromised/malfunctioning USB devices.
I tested the patch with the crashing input and got no more bug report.
Attached is the KASAN report from fuzzing.
BUG: KASAN: slab-out-of-bounds in rsi_read_pkt+0x42e/0x500 [rsi_91x]
Read of size 2 at addr ffff888019439fdb by task RX-Thread/227
CPU: 0 PID: 227 Comm: RX-Thread Not tainted 5.6.0 #66
Call Trace:
dump_stack+0x76/0xa0
print_address_description.constprop.0+0x16/0x200
? rsi_read_pkt+0x42e/0x500 [rsi_91x]
? rsi_read_pkt+0x42e/0x500 [rsi_91x]
__kasan_report.cold+0x37/0x7c
? rsi_read_pkt+0x42e/0x500 [rsi_91x]
kasan_report+0xe/0x20
rsi_read_pkt+0x42e/0x500 [rsi_91x]
rsi_usb_rx_thread+0x1b1/0x2fc [rsi_usb]
? rsi_probe+0x16a0/0x16a0 [rsi_usb]
? _raw_spin_lock_irqsave+0x7b/0xd0
? _raw_spin_trylock_bh+0x120/0x120
? __wake_up_common+0x10b/0x520
? rsi_probe+0x16a0/0x16a0 [rsi_usb]
kthread+0x2b5/0x3b0
? kthread_create_on_node+0xd0/0xd0
ret_from_fork+0x22/0x40
Reported-by: Brendan Dolan-Gavitt <brendandg@nyu.edu>
Signed-off-by: Zekun Shen <bruceshenzk@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/YXxXS4wgu2OsmlVv@10-18-43-117.dynapool.wireless.nyu.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/rsi/rsi_91x_main.c | 4 ++++
drivers/net/wireless/rsi/rsi_91x_usb.c | 1 -
drivers/net/wireless/rsi/rsi_usb.h | 2 ++
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_main.c b/drivers/net/wireless/rsi/rsi_91x_main.c
index 441fda71f6289..d92337169ee3a 100644
--- a/drivers/net/wireless/rsi/rsi_91x_main.c
+++ b/drivers/net/wireless/rsi/rsi_91x_main.c
@@ -23,6 +23,7 @@
#include "rsi_common.h"
#include "rsi_coex.h"
#include "rsi_hal.h"
+#include "rsi_usb.h"
u32 rsi_zone_enabled = /* INFO_ZONE |
INIT_ZONE |
@@ -167,6 +168,9 @@ int rsi_read_pkt(struct rsi_common *common, u8 *rx_pkt, s32 rcv_pkt_len)
frame_desc = &rx_pkt[index];
actual_length = *(u16 *)&frame_desc[0];
offset = *(u16 *)&frame_desc[2];
+ if (!rcv_pkt_len && offset >
+ RSI_MAX_RX_USB_PKT_SIZE - FRAME_DESC_SZ)
+ goto fail;
queueno = rsi_get_queueno(frame_desc, offset);
length = rsi_get_length(frame_desc, offset);
diff --git a/drivers/net/wireless/rsi/rsi_91x_usb.c b/drivers/net/wireless/rsi/rsi_91x_usb.c
index 730d7bf86c40c..94bf2a7ca635d 100644
--- a/drivers/net/wireless/rsi/rsi_91x_usb.c
+++ b/drivers/net/wireless/rsi/rsi_91x_usb.c
@@ -320,7 +320,6 @@ static int rsi_rx_urb_submit(struct rsi_hw *adapter, u8 ep_num, gfp_t mem_flags)
struct sk_buff *skb;
u8 dword_align_bytes = 0;
-#define RSI_MAX_RX_USB_PKT_SIZE 3000
skb = dev_alloc_skb(RSI_MAX_RX_USB_PKT_SIZE);
if (!skb)
return -ENOMEM;
diff --git a/drivers/net/wireless/rsi/rsi_usb.h b/drivers/net/wireless/rsi/rsi_usb.h
index 8702f434b5699..ad88f8c70a351 100644
--- a/drivers/net/wireless/rsi/rsi_usb.h
+++ b/drivers/net/wireless/rsi/rsi_usb.h
@@ -44,6 +44,8 @@
#define RSI_USB_BUF_SIZE 4096
#define RSI_USB_CTRL_BUF_SIZE 0x04
+#define RSI_MAX_RX_USB_PKT_SIZE 3000
+
struct rx_usb_ctrl_block {
u8 *data;
struct urb *rx_urb;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 173/320] usb: uhci: add aspeed ast2600 uhci support
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 172/320] rsi: Fix out-of-bounds read in rsi_read_pkt() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 174/320] floppy: Add max size check for user space request Greg Kroah-Hartman
` (151 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Neal Liu, Sasha Levin
From: Neal Liu <neal_liu@aspeedtech.com>
[ Upstream commit 554abfe2eadec97d12c71d4a69da1518478f69eb ]
Enable ast2600 uhci quirks.
Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Link: https://lore.kernel.org/r/20211126100021.2331024-1-neal_liu@aspeedtech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/uhci-platform.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/uhci-platform.c b/drivers/usb/host/uhci-platform.c
index 70dbd95c3f063..be9e9db7cad10 100644
--- a/drivers/usb/host/uhci-platform.c
+++ b/drivers/usb/host/uhci-platform.c
@@ -113,7 +113,8 @@ static int uhci_hcd_platform_probe(struct platform_device *pdev)
num_ports);
}
if (of_device_is_compatible(np, "aspeed,ast2400-uhci") ||
- of_device_is_compatible(np, "aspeed,ast2500-uhci")) {
+ of_device_is_compatible(np, "aspeed,ast2500-uhci") ||
+ of_device_is_compatible(np, "aspeed,ast2600-uhci")) {
uhci->is_aspeed = 1;
dev_info(&pdev->dev,
"Enabled Aspeed implementation workarounds\n");
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 174/320] floppy: Add max size check for user space request
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 173/320] usb: uhci: add aspeed ast2600 uhci support Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 175/320] x86/mm: Flush global TLB when switching to trampoline page-table Greg Kroah-Hartman
` (150 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+23a02c7df2cf2bc93fa2,
Xiongwei Song, Denis Efremov, Jens Axboe, Sasha Levin
From: Xiongwei Song <sxwjean@gmail.com>
[ Upstream commit 545a32498c536ee152331cd2e7d2416aa0f20e01 ]
We need to check the max request size that is from user space before
allocating pages. If the request size exceeds the limit, return -EINVAL.
This check can avoid the warning below from page allocator.
WARNING: CPU: 3 PID: 16525 at mm/page_alloc.c:5344 current_gfp_context include/linux/sched/mm.h:195 [inline]
WARNING: CPU: 3 PID: 16525 at mm/page_alloc.c:5344 __alloc_pages+0x45d/0x500 mm/page_alloc.c:5356
Modules linked in:
CPU: 3 PID: 16525 Comm: syz-executor.3 Not tainted 5.15.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:__alloc_pages+0x45d/0x500 mm/page_alloc.c:5344
Code: be c9 00 00 00 48 c7 c7 20 4a 97 89 c6 05 62 32 a7 0b 01 e8 74 9a 42 07 e9 6a ff ff ff 0f 0b e9 a0 fd ff ff 40 80 e5 3f eb 88 <0f> 0b e9 18 ff ff ff 4c 89 ef 44 89 e6 45 31 ed e8 1e 76 ff ff e9
RSP: 0018:ffffc90023b87850 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 1ffff92004770f0b RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000033 RDI: 0000000000010cc1
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff81bb4686 R11: 0000000000000001 R12: ffffffff902c1960
R13: 0000000000000033 R14: 0000000000000000 R15: ffff88804cf64a30
FS: 0000000000000000(0000) GS:ffff88802cd00000(0063) knlGS:00000000f44b4b40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 000000002c921000 CR3: 000000004f507000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
alloc_pages+0x1a7/0x300 mm/mempolicy.c:2191
__get_free_pages+0x8/0x40 mm/page_alloc.c:5418
raw_cmd_copyin drivers/block/floppy.c:3113 [inline]
raw_cmd_ioctl drivers/block/floppy.c:3160 [inline]
fd_locked_ioctl+0x12e5/0x2820 drivers/block/floppy.c:3528
fd_ioctl drivers/block/floppy.c:3555 [inline]
fd_compat_ioctl+0x891/0x1b60 drivers/block/floppy.c:3869
compat_blkdev_ioctl+0x3b8/0x810 block/ioctl.c:662
__do_compat_sys_ioctl+0x1c7/0x290 fs/ioctl.c:972
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
Reported-by: syzbot+23a02c7df2cf2bc93fa2@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20211116131033.27685-1-sxwjean@me.com
Signed-off-by: Xiongwei Song <sxwjean@gmail.com>
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/floppy.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
index 212a1e1ce0d9e..02af4f109e59f 100644
--- a/drivers/block/floppy.c
+++ b/drivers/block/floppy.c
@@ -3112,6 +3112,8 @@ static void raw_cmd_free(struct floppy_raw_cmd **ptr)
}
}
+#define MAX_LEN (1UL << MAX_ORDER << PAGE_SHIFT)
+
static int raw_cmd_copyin(int cmd, void __user *param,
struct floppy_raw_cmd **rcmd)
{
@@ -3149,7 +3151,7 @@ loop:
ptr->resultcode = 0;
if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) {
- if (ptr->length <= 0)
+ if (ptr->length <= 0 || ptr->length >= MAX_LEN)
return -EINVAL;
ptr->kernel_data = (char *)fd_dma_mem_alloc(ptr->length);
fallback_on_nodma_alloc(&ptr->kernel_data, ptr->length);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 175/320] x86/mm: Flush global TLB when switching to trampoline page-table
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 174/320] floppy: Add max size check for user space request Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 176/320] media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds Greg Kroah-Hartman
` (149 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joerg Roedel, Borislav Petkov, Sasha Levin
From: Joerg Roedel <jroedel@suse.de>
[ Upstream commit 71d5049b053876afbde6c3273250b76935494ab2 ]
Move the switching code into a function so that it can be re-used and
add a global TLB flush. This makes sure that usage of memory which is
not mapped in the trampoline page-table is reliably caught.
Also move the clearing of CR4.PCIDE before the CR3 switch because the
cr4_clear_bits() function will access data not mapped into the
trampoline page-table.
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211202153226.22946-4-joro@8bytes.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/realmode.h | 1 +
arch/x86/kernel/reboot.c | 12 ++----------
arch/x86/realmode/init.c | 26 ++++++++++++++++++++++++++
3 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 09ecc32f65248..52d7512ea91ab 100644
--- a/arch/x86/include/asm/realmode.h
+++ b/arch/x86/include/asm/realmode.h
@@ -82,6 +82,7 @@ static inline void set_real_mode_mem(phys_addr_t mem)
}
void reserve_real_mode(void);
+void load_trampoline_pgtable(void);
#endif /* __ASSEMBLY__ */
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index d65d1afb27161..fdef27a84d713 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -113,17 +113,9 @@ void __noreturn machine_real_restart(unsigned int type)
spin_unlock(&rtc_lock);
/*
- * Switch back to the initial page table.
+ * Switch to the trampoline page table.
*/
-#ifdef CONFIG_X86_32
- load_cr3(initial_page_table);
-#else
- write_cr3(real_mode_header->trampoline_pgd);
-
- /* Exiting long mode will fail if CR4.PCIDE is set. */
- if (boot_cpu_has(X86_FEATURE_PCID))
- cr4_clear_bits(X86_CR4_PCIDE);
-#endif
+ load_trampoline_pgtable();
/* Jump to the identity-mapped low memory code */
#ifdef CONFIG_X86_32
diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
index de371e52cfa85..fac50ebb122b5 100644
--- a/arch/x86/realmode/init.c
+++ b/arch/x86/realmode/init.c
@@ -16,6 +16,32 @@ u32 *trampoline_cr4_features;
/* Hold the pgd entry used on booting additional CPUs */
pgd_t trampoline_pgd_entry;
+void load_trampoline_pgtable(void)
+{
+#ifdef CONFIG_X86_32
+ load_cr3(initial_page_table);
+#else
+ /*
+ * This function is called before exiting to real-mode and that will
+ * fail with CR4.PCIDE still set.
+ */
+ if (boot_cpu_has(X86_FEATURE_PCID))
+ cr4_clear_bits(X86_CR4_PCIDE);
+
+ write_cr3(real_mode_header->trampoline_pgd);
+#endif
+
+ /*
+ * The CR3 write above will not flush global TLB entries.
+ * Stale, global entries from previous page tables may still be
+ * present. Flush those stale entries.
+ *
+ * This ensures that memory accessed while running with
+ * trampoline_pgd is *actually* mapped into trampoline_pgd.
+ */
+ __flush_tlb_all();
+}
+
void __init reserve_real_mode(void)
{
phys_addr_t mem;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 176/320] media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 175/320] x86/mm: Flush global TLB when switching to trampoline page-table Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 177/320] media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() Greg Kroah-Hartman
` (148 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Hilliard, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
From: James Hilliard <james.hilliard1@gmail.com>
[ Upstream commit c8ed7d2f614cd8b315981d116c7a2fb01829500d ]
Some uvc devices appear to require the maximum allowed USB timeout
for GET_CUR/SET_CUR requests.
So lets just bump the UVC control timeout to 5 seconds which is the
same as the usb ctrl get/set defaults:
USB_CTRL_GET_TIMEOUT 5000
USB_CTRL_SET_TIMEOUT 5000
It fixes the following runtime warnings:
Failed to query (GET_CUR) UVC control 11 on unit 2: -110 (exp. 1).
Failed to query (SET_CUR) UVC control 3 on unit 2: -110 (exp. 2).
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/uvc/uvcvideo.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h
index 24e3d8c647e77..5f137400bebd6 100644
--- a/drivers/media/usb/uvc/uvcvideo.h
+++ b/drivers/media/usb/uvc/uvcvideo.h
@@ -179,7 +179,7 @@
/* Maximum status buffer size in bytes of interrupt URB. */
#define UVC_MAX_STATUS_SIZE 16
-#define UVC_CTRL_CONTROL_TIMEOUT 500
+#define UVC_CTRL_CONTROL_TIMEOUT 5000
#define UVC_CTRL_STREAMING_TIMEOUT 5000
/* Maximum allowed number of control mappings per device */
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 177/320] media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 176/320] media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 178/320] media: m920x: dont use stack on USB reads Greg Kroah-Hartman
` (147 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 348df8035301dd212e3cc2860efe4c86cb0d3303 ]
In hexium_attach(dev, info), saa7146_vv_init() is called to allocate
a new memory for dev->vv_data. In hexium_detach(), saa7146_vv_release()
will be called and there is a dereference of dev->vv_data in
saa7146_vv_release(), which could lead to a NULL pointer dereference
on failure of saa7146_vv_init() according to the following logic.
Both hexium_attach() and hexium_detach() are callback functions of
the variable 'extension', so there exists a possible call chain directly
from hexium_attach() to hexium_detach():
hexium_attach(dev, info) -- fail to alloc memory to dev->vv_data
| in saa7146_vv_init().
|
|
hexium_detach() -- a dereference of dev->vv_data in saa7146_vv_release()
Fix this bug by adding a check of saa7146_vv_init().
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_VIDEO_HEXIUM_ORION=m show no new warnings,
and our static analyzer no longer warns about this code.
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/saa7146/hexium_orion.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/pci/saa7146/hexium_orion.c b/drivers/media/pci/saa7146/hexium_orion.c
index bf5e55348f159..31388597386aa 100644
--- a/drivers/media/pci/saa7146/hexium_orion.c
+++ b/drivers/media/pci/saa7146/hexium_orion.c
@@ -355,10 +355,16 @@ static struct saa7146_ext_vv vv_data;
static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info)
{
struct hexium *hexium = (struct hexium *) dev->ext_priv;
+ int ret;
DEB_EE("\n");
- saa7146_vv_init(dev, &vv_data);
+ ret = saa7146_vv_init(dev, &vv_data);
+ if (ret) {
+ pr_err("Error in saa7146_vv_init()\n");
+ return ret;
+ }
+
vv_data.vid_ops.vidioc_enum_input = vidioc_enum_input;
vv_data.vid_ops.vidioc_g_input = vidioc_g_input;
vv_data.vid_ops.vidioc_s_input = vidioc_s_input;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 178/320] media: m920x: dont use stack on USB reads
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 177/320] media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 179/320] iwlwifi: mvm: synchronize with FW after multicast commands Greg Kroah-Hartman
` (146 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, rkardell, Mauro Carvalho Chehab, Sasha Levin
From: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
[ Upstream commit a2ab06d7c4d6bfd0b545a768247a70463e977e27 ]
Using stack-allocated pointers for USB message data don't work.
This driver is almost OK with that, except for the I2C read
logic.
Fix it by using a temporary read buffer, just like on all other
calls to m920x_read().
Link: https://lore.kernel.org/all/ccc99e48-de4f-045e-0fe4-61e3118e3f74@mida.se/
Reported-by: rkardell@mida.se
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb/m920x.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb/m920x.c b/drivers/media/usb/dvb-usb/m920x.c
index d866a1990a7d2..7282f60226558 100644
--- a/drivers/media/usb/dvb-usb/m920x.c
+++ b/drivers/media/usb/dvb-usb/m920x.c
@@ -274,6 +274,13 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu
/* Should check for ack here, if we knew how. */
}
if (msg[i].flags & I2C_M_RD) {
+ char *read = kmalloc(1, GFP_KERNEL);
+ if (!read) {
+ ret = -ENOMEM;
+ kfree(read);
+ goto unlock;
+ }
+
for (j = 0; j < msg[i].len; j++) {
/* Last byte of transaction?
* Send STOP, otherwise send ACK. */
@@ -281,9 +288,12 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu
if ((ret = m920x_read(d->udev, M9206_I2C, 0x0,
0x20 | stop,
- &msg[i].buf[j], 1)) != 0)
+ read, 1)) != 0)
goto unlock;
+ msg[i].buf[j] = read[0];
}
+
+ kfree(read);
} else {
for (j = 0; j < msg[i].len; j++) {
/* Last byte of transaction? Then send STOP. */
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 179/320] iwlwifi: mvm: synchronize with FW after multicast commands
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 178/320] media: m920x: dont use stack on USB reads Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 180/320] ath10k: Fix tx hanging Greg Kroah-Hartman
` (145 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach,
Maximilian Ernestus, Johannes Berg, Luca Coelho, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit db66abeea3aefed481391ecc564fb7b7fb31d742 ]
If userspace installs a lot of multicast groups very quickly, then
we may run out of command queue space as we send the updates in an
asynchronous fashion (due to locking concerns), and the CPU can
create them faster than the firmware can process them. This is true
even when mac80211 has a work struct that gets scheduled.
Fix this by synchronizing with the firmware after sending all those
commands - outside of the iteration we can send a synchronous echo
command that just has the effect of the CPU waiting for the prior
asynchronous commands to finish. This also will cause fewer of the
commands to be sent to the firmware overall, because the work will
only run once when rescheduled multiple times while it's running.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=213649
Suggested-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reported-by: Maximilian Ernestus <maximilian@ernestus.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211204083238.51aea5b79ea4.I88a44798efda16e9fe480fb3e94224931d311b29@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/intel/iwlwifi/mvm/mac80211.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index c942255aa1dbc..29ad7804d77aa 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1696,6 +1696,7 @@ static void iwl_mvm_recalc_multicast(struct iwl_mvm *mvm)
struct iwl_mvm_mc_iter_data iter_data = {
.mvm = mvm,
};
+ int ret;
lockdep_assert_held(&mvm->mutex);
@@ -1705,6 +1706,22 @@ static void iwl_mvm_recalc_multicast(struct iwl_mvm *mvm)
ieee80211_iterate_active_interfaces_atomic(
mvm->hw, IEEE80211_IFACE_ITER_NORMAL,
iwl_mvm_mc_iface_iterator, &iter_data);
+
+ /*
+ * Send a (synchronous) ech command so that we wait for the
+ * multiple asynchronous MCAST_FILTER_CMD commands sent by
+ * the interface iterator. Otherwise, we might get here over
+ * and over again (by userspace just sending a lot of these)
+ * and the CPU can send them faster than the firmware can
+ * process them.
+ * Note that the CPU is still faster - but with this we'll
+ * actually send fewer commands overall because the CPU will
+ * not schedule the work in mac80211 as frequently if it's
+ * still running when rescheduled (possibly multiple times).
+ */
+ ret = iwl_mvm_send_cmd_pdu(mvm, ECHO_CMD, 0, 0, NULL);
+ if (ret)
+ IWL_ERR(mvm, "Failed to synchronize multicast groups update\n");
}
static u64 iwl_mvm_prepare_multicast(struct ieee80211_hw *hw,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 180/320] ath10k: Fix tx hanging
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 179/320] iwlwifi: mvm: synchronize with FW after multicast commands Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 181/320] net-sysfs: update the queue counts in the unregistration path Greg Kroah-Hartman
` (144 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Gottschall, Kalle Valo,
Sasha Levin
From: Sebastian Gottschall <s.gottschall@dd-wrt.com>
[ Upstream commit e8a91863eba3966a447d2daa1526082d52b5db2a ]
While running stress tests in roaming scenarios (switching ap's every 5
seconds, we discovered a issue which leads to tx hangings of exactly 5
seconds while or after scanning for new accesspoints. We found out that
this hanging is triggered by ath10k_mac_wait_tx_complete since the
empty_tx_wq was not wake when the num_tx_pending counter reaches zero.
To fix this, we simply move the wake_up call to htt_tx_dec_pending,
since this call was missed on several locations within the ath10k code.
Signed-off-by: Sebastian Gottschall <s.gottschall@dd-wrt.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20210505085806.11474-1-s.gottschall@dd-wrt.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/htt_tx.c | 3 +++
drivers/net/wireless/ath/ath10k/txrx.c | 2 --
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c
index c38e1963ebc05..f73ed1044390c 100644
--- a/drivers/net/wireless/ath/ath10k/htt_tx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
@@ -147,6 +147,9 @@ void ath10k_htt_tx_dec_pending(struct ath10k_htt *htt)
htt->num_pending_tx--;
if (htt->num_pending_tx == htt->max_num_pending_tx - 1)
ath10k_mac_tx_unlock(htt->ar, ATH10K_TX_PAUSE_Q_FULL);
+
+ if (htt->num_pending_tx == 0)
+ wake_up(&htt->empty_tx_wq);
}
int ath10k_htt_tx_inc_pending(struct ath10k_htt *htt)
diff --git a/drivers/net/wireless/ath/ath10k/txrx.c b/drivers/net/wireless/ath/ath10k/txrx.c
index f46b9083bbf10..2c254f43790d2 100644
--- a/drivers/net/wireless/ath/ath10k/txrx.c
+++ b/drivers/net/wireless/ath/ath10k/txrx.c
@@ -80,8 +80,6 @@ int ath10k_txrx_tx_unref(struct ath10k_htt *htt,
ath10k_htt_tx_free_msdu_id(htt, tx_done->msdu_id);
ath10k_htt_tx_dec_pending(htt);
- if (htt->num_pending_tx == 0)
- wake_up(&htt->empty_tx_wq);
spin_unlock_bh(&htt->tx_lock);
rcu_read_lock();
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 181/320] net-sysfs: update the queue counts in the unregistration path
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 180/320] ath10k: Fix tx hanging Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 182/320] net: phy: prefer 1000baseT over 1000baseKX Greg Kroah-Hartman
` (143 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antoine Tenart, Jakub Kicinski, Sasha Levin
From: Antoine Tenart <atenart@kernel.org>
[ Upstream commit d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 ]
When updating Rx and Tx queue kobjects, the queue count should always be
updated to match the queue kobjects count. This was not done in the net
device unregistration path, fix it. Tracking all queue count updates
will allow in a following up patch to detect illegal updates.
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/net-sysfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 05b0c60bfba2b..bcad7028bbf45 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -1661,6 +1661,9 @@ static void remove_queue_kobjects(struct net_device *dev)
net_rx_queue_update_kobjects(dev, real_rx, 0);
netdev_queue_update_kobjects(dev, real_tx, 0);
+
+ dev->real_num_rx_queues = 0;
+ dev->real_num_tx_queues = 0;
#ifdef CONFIG_SYSFS
kset_unregister(dev->queues_kset);
#endif
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 182/320] net: phy: prefer 1000baseT over 1000baseKX
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 181/320] net-sysfs: update the queue counts in the unregistration path Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 183/320] gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock Greg Kroah-Hartman
` (142 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Lendacky, Russell King (Oracle),
Andrew Lunn, Florian Fainelli, Jakub Kicinski, Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit f20f94f7f52c4685c81754f489ffcc72186e8bdb ]
The PHY settings table is supposed to be sorted by descending match
priority - in other words, earlier entries are preferred over later
entries.
The order of 1000baseKX/Full and 1000baseT/Full is such that we
prefer 1000baseKX/Full over 1000baseT/Full, but 1000baseKX/Full is
a lot rarer than 1000baseT/Full, and thus is much less likely to
be preferred.
This causes phylink problems - it means a fixed link specifying a
speed of 1G and full duplex gets an ethtool linkmode of 1000baseKX/Full
rather than 1000baseT/Full as would be expected - and since we offer
userspace a software emulation of a conventional copper PHY, we want
to offer copper modes in preference to anything else. However, we do
still want to allow the rarer modes as well.
Hence, let's reorder these two modes to prefer copper.
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reported-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/E1muvFO-00F6jY-1K@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/phy-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/phy/phy-core.c b/drivers/net/phy/phy-core.c
index 9412669b579c7..84064120918f0 100644
--- a/drivers/net/phy/phy-core.c
+++ b/drivers/net/phy/phy-core.c
@@ -128,11 +128,11 @@ static const struct phy_setting settings[] = {
PHY_SETTING( 2500, FULL, 2500baseT_Full ),
PHY_SETTING( 2500, FULL, 2500baseX_Full ),
/* 1G */
- PHY_SETTING( 1000, FULL, 1000baseKX_Full ),
PHY_SETTING( 1000, FULL, 1000baseT_Full ),
PHY_SETTING( 1000, HALF, 1000baseT_Half ),
PHY_SETTING( 1000, FULL, 1000baseT1_Full ),
PHY_SETTING( 1000, FULL, 1000baseX_Full ),
+ PHY_SETTING( 1000, FULL, 1000baseKX_Full ),
/* 100M */
PHY_SETTING( 100, FULL, 100baseT_Full ),
PHY_SETTING( 100, FULL, 100baseT1_Full ),
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 183/320] gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 182/320] net: phy: prefer 1000baseT over 1000baseKX Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 184/320] x86/mce: Mark mce_panic() noinstr Greg Kroah-Hartman
` (141 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Iwona Winiarska, Bartosz Golaszewski,
Sasha Levin
From: Iwona Winiarska <iwona.winiarska@intel.com>
[ Upstream commit 61a7904b6ace99b1bde0d0e867fa3097f5c8cee2 ]
The gpio-aspeed driver implements an irq_chip which need to be invoked
from hardirq context. Since spin_lock() can sleep with PREEMPT_RT, it is
no longer legal to invoke it while interrupts are disabled.
This also causes lockdep to complain about:
[ 0.649797] [ BUG: Invalid wait context ]
because aspeed_gpio.lock (spin_lock_t) is taken under irq_desc.lock
(raw_spinlock_t).
Let's use of raw_spinlock_t instead of spinlock_t.
Signed-off-by: Iwona Winiarska <iwona.winiarska@intel.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-aspeed.c | 52 +++++++++++++++++++-------------------
1 file changed, 26 insertions(+), 26 deletions(-)
diff --git a/drivers/gpio/gpio-aspeed.c b/drivers/gpio/gpio-aspeed.c
index 2820c59b5f071..22e0d6fcab1c4 100644
--- a/drivers/gpio/gpio-aspeed.c
+++ b/drivers/gpio/gpio-aspeed.c
@@ -53,7 +53,7 @@ struct aspeed_gpio_config {
struct aspeed_gpio {
struct gpio_chip chip;
struct irq_chip irqc;
- spinlock_t lock;
+ raw_spinlock_t lock;
void __iomem *base;
int irq;
const struct aspeed_gpio_config *config;
@@ -413,14 +413,14 @@ static void aspeed_gpio_set(struct gpio_chip *gc, unsigned int offset,
unsigned long flags;
bool copro;
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
copro = aspeed_gpio_copro_request(gpio, offset);
__aspeed_gpio_set(gc, offset, val);
if (copro)
aspeed_gpio_copro_release(gpio, offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
}
static int aspeed_gpio_dir_in(struct gpio_chip *gc, unsigned int offset)
@@ -435,7 +435,7 @@ static int aspeed_gpio_dir_in(struct gpio_chip *gc, unsigned int offset)
if (!have_input(gpio, offset))
return -ENOTSUPP;
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
reg = ioread32(addr);
reg &= ~GPIO_BIT(offset);
@@ -445,7 +445,7 @@ static int aspeed_gpio_dir_in(struct gpio_chip *gc, unsigned int offset)
if (copro)
aspeed_gpio_copro_release(gpio, offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return 0;
}
@@ -463,7 +463,7 @@ static int aspeed_gpio_dir_out(struct gpio_chip *gc,
if (!have_output(gpio, offset))
return -ENOTSUPP;
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
reg = ioread32(addr);
reg |= GPIO_BIT(offset);
@@ -474,7 +474,7 @@ static int aspeed_gpio_dir_out(struct gpio_chip *gc,
if (copro)
aspeed_gpio_copro_release(gpio, offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return 0;
}
@@ -492,11 +492,11 @@ static int aspeed_gpio_get_direction(struct gpio_chip *gc, unsigned int offset)
if (!have_output(gpio, offset))
return 1;
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
val = ioread32(bank_reg(gpio, bank, reg_dir)) & GPIO_BIT(offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return !val;
@@ -540,14 +540,14 @@ static void aspeed_gpio_irq_ack(struct irq_data *d)
status_addr = bank_reg(gpio, bank, reg_irq_status);
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
copro = aspeed_gpio_copro_request(gpio, offset);
iowrite32(bit, status_addr);
if (copro)
aspeed_gpio_copro_release(gpio, offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
}
static void aspeed_gpio_irq_set_mask(struct irq_data *d, bool set)
@@ -566,7 +566,7 @@ static void aspeed_gpio_irq_set_mask(struct irq_data *d, bool set)
addr = bank_reg(gpio, bank, reg_irq_enable);
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
copro = aspeed_gpio_copro_request(gpio, offset);
reg = ioread32(addr);
@@ -578,7 +578,7 @@ static void aspeed_gpio_irq_set_mask(struct irq_data *d, bool set)
if (copro)
aspeed_gpio_copro_release(gpio, offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
}
static void aspeed_gpio_irq_mask(struct irq_data *d)
@@ -630,7 +630,7 @@ static int aspeed_gpio_set_type(struct irq_data *d, unsigned int type)
return -EINVAL;
}
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
copro = aspeed_gpio_copro_request(gpio, offset);
addr = bank_reg(gpio, bank, reg_irq_type0);
@@ -650,7 +650,7 @@ static int aspeed_gpio_set_type(struct irq_data *d, unsigned int type)
if (copro)
aspeed_gpio_copro_release(gpio, offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
irq_set_handler_locked(d, handler);
@@ -720,7 +720,7 @@ static int aspeed_gpio_reset_tolerance(struct gpio_chip *chip,
treg = bank_reg(gpio, to_bank(offset), reg_tolerance);
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
copro = aspeed_gpio_copro_request(gpio, offset);
val = readl(treg);
@@ -734,7 +734,7 @@ static int aspeed_gpio_reset_tolerance(struct gpio_chip *chip,
if (copro)
aspeed_gpio_copro_release(gpio, offset);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return 0;
}
@@ -860,7 +860,7 @@ static int enable_debounce(struct gpio_chip *chip, unsigned int offset,
return rc;
}
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
if (timer_allocation_registered(gpio, offset)) {
rc = unregister_allocated_timer(gpio, offset);
@@ -920,7 +920,7 @@ static int enable_debounce(struct gpio_chip *chip, unsigned int offset,
configure_timer(gpio, offset, i);
out:
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return rc;
}
@@ -931,13 +931,13 @@ static int disable_debounce(struct gpio_chip *chip, unsigned int offset)
unsigned long flags;
int rc;
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
rc = unregister_allocated_timer(gpio, offset);
if (!rc)
configure_timer(gpio, offset, 0);
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return rc;
}
@@ -1019,7 +1019,7 @@ int aspeed_gpio_copro_grab_gpio(struct gpio_desc *desc,
return -EINVAL;
bindex = offset >> 3;
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
/* Sanity check, this shouldn't happen */
if (gpio->cf_copro_bankmap[bindex] == 0xff) {
@@ -1040,7 +1040,7 @@ int aspeed_gpio_copro_grab_gpio(struct gpio_desc *desc,
if (bit)
*bit = GPIO_OFFSET(offset);
bail:
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return rc;
}
EXPORT_SYMBOL_GPL(aspeed_gpio_copro_grab_gpio);
@@ -1064,7 +1064,7 @@ int aspeed_gpio_copro_release_gpio(struct gpio_desc *desc)
return -EINVAL;
bindex = offset >> 3;
- spin_lock_irqsave(&gpio->lock, flags);
+ raw_spin_lock_irqsave(&gpio->lock, flags);
/* Sanity check, this shouldn't happen */
if (gpio->cf_copro_bankmap[bindex] == 0) {
@@ -1078,7 +1078,7 @@ int aspeed_gpio_copro_release_gpio(struct gpio_desc *desc)
aspeed_gpio_change_cmd_source(gpio, bank, bindex,
GPIO_CMDSRC_ARM);
bail:
- spin_unlock_irqrestore(&gpio->lock, flags);
+ raw_spin_unlock_irqrestore(&gpio->lock, flags);
return rc;
}
EXPORT_SYMBOL_GPL(aspeed_gpio_copro_release_gpio);
@@ -1151,7 +1151,7 @@ static int __init aspeed_gpio_probe(struct platform_device *pdev)
if (IS_ERR(gpio->base))
return PTR_ERR(gpio->base);
- spin_lock_init(&gpio->lock);
+ raw_spin_lock_init(&gpio->lock);
gpio_id = of_match_node(aspeed_gpio_of_table, pdev->dev.of_node);
if (!gpio_id)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 184/320] x86/mce: Mark mce_panic() noinstr
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 183/320] gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 185/320] x86/mce: Mark mce_end() noinstr Greg Kroah-Hartman
` (140 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Borislav Petkov, Sasha Levin
From: Borislav Petkov <bp@suse.de>
[ Upstream commit 3c7ce80a818fa7950be123cac80cd078e5ac1013 ]
And allow instrumentation inside it because it does calls to other
facilities which will not be tagged noinstr.
Fixes
vmlinux.o: warning: objtool: do_machine_check()+0xc73: call to mce_panic() leaves .noinstr.text section
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211208111343.8130-8-bp@alien8.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/core.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index c2a9762d278dd..290d64e04ab20 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -310,11 +310,17 @@ static void wait_for_panic(void)
panic("Panicing machine check CPU died");
}
-static void mce_panic(const char *msg, struct mce *final, char *exp)
+static noinstr void mce_panic(const char *msg, struct mce *final, char *exp)
{
- int apei_err = 0;
struct llist_node *pending;
struct mce_evt_llist *l;
+ int apei_err = 0;
+
+ /*
+ * Allow instrumentation around external facilities usage. Not that it
+ * matters a whole lot since the machine is going to panic anyway.
+ */
+ instrumentation_begin();
if (!fake_panic) {
/*
@@ -329,7 +335,7 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
} else {
/* Don't log too much for fake panic */
if (atomic_inc_return(&mce_fake_panicked) > 1)
- return;
+ goto out;
}
pending = mce_gen_pool_prepare_records();
/* First print corrected ones that are still unlogged */
@@ -367,6 +373,9 @@ static void mce_panic(const char *msg, struct mce *final, char *exp)
panic(msg);
} else
pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
+
+out:
+ instrumentation_end();
}
/* Support code for software error injection */
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 185/320] x86/mce: Mark mce_end() noinstr
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 184/320] x86/mce: Mark mce_panic() noinstr Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 186/320] x86/mce: Mark mce_read_aux() noinstr Greg Kroah-Hartman
` (139 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Borislav Petkov, Sasha Levin
From: Borislav Petkov <bp@suse.de>
[ Upstream commit b4813539d37fa31fed62cdfab7bd2dd8929c5b2e ]
It is called by the #MC handler which is noinstr.
Fixes
vmlinux.o: warning: objtool: do_machine_check()+0xbd6: call to memset() leaves .noinstr.text section
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211208111343.8130-9-bp@alien8.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/core.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 290d64e04ab20..a0f6c574c3783 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -1080,10 +1080,13 @@ static int mce_start(int *no_way_out)
* Synchronize between CPUs after main scanning loop.
* This invokes the bulk of the Monarch processing.
*/
-static int mce_end(int order)
+static noinstr int mce_end(int order)
{
- int ret = -1;
u64 timeout = (u64)mca_cfg.monarch_timeout * NSEC_PER_USEC;
+ int ret = -1;
+
+ /* Allow instrumentation around external facilities. */
+ instrumentation_begin();
if (!timeout)
goto reset;
@@ -1127,7 +1130,8 @@ static int mce_end(int order)
/*
* Don't reset anything. That's done by the Monarch.
*/
- return 0;
+ ret = 0;
+ goto out;
}
/*
@@ -1142,6 +1146,10 @@ reset:
* Let others run again.
*/
atomic_set(&mce_executing, 0);
+
+out:
+ instrumentation_end();
+
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 186/320] x86/mce: Mark mce_read_aux() noinstr
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 185/320] x86/mce: Mark mce_end() noinstr Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 187/320] net: bonding: debug: avoid printing debug logs when bond is not notifying peers Greg Kroah-Hartman
` (138 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Borislav Petkov, Sasha Levin
From: Borislav Petkov <bp@suse.de>
[ Upstream commit db6c996d6ce45dfb44891f0824a65ecec216f47a ]
Fixes
vmlinux.o: warning: objtool: do_machine_check()+0x681: call to mce_read_aux() leaves .noinstr.text section
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20211208111343.8130-10-bp@alien8.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/mce/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index a0f6c574c3783..8a2b8e7913149 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -700,7 +700,7 @@ static struct notifier_block mce_default_nb = {
/*
* Read ADDR and MISC registers.
*/
-static void mce_read_aux(struct mce *m, int i)
+static noinstr void mce_read_aux(struct mce *m, int i)
{
if (m->status & MCI_STATUS_MISCV)
m->misc = mce_rdmsrl(msr_ops.misc(i));
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 187/320] net: bonding: debug: avoid printing debug logs when bond is not notifying peers
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 186/320] x86/mce: Mark mce_read_aux() noinstr Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 188/320] bpf: Do not WARN in bpf_warn_invalid_xdp_action() Greg Kroah-Hartman
` (137 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Suresh Kumar, David S. Miller, Sasha Levin
From: Suresh Kumar <surkumar@redhat.com>
[ Upstream commit fee32de284ac277ba434a2d59f8ce46528ff3946 ]
Currently "bond_should_notify_peers: slave ..." messages are printed whenever
"bond_should_notify_peers" function is called.
+++
Dec 12 12:33:26 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:26 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:26 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:26 node1 kernel: bond0: (slave enp0s25): Received LACPDU on port 1
Dec 12 12:33:26 node1 kernel: bond0: (slave enp0s25): Rx Machine: Port=1, Last State=6, Curr State=6
Dec 12 12:33:26 node1 kernel: bond0: (slave enp0s25): partner sync=1
Dec 12 12:33:26 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:26 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:26 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
...
Dec 12 12:33:30 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:30 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:30 node1 kernel: bond0: (slave enp4s3): Received LACPDU on port 2
Dec 12 12:33:30 node1 kernel: bond0: (slave enp4s3): Rx Machine: Port=2, Last State=6, Curr State=6
Dec 12 12:33:30 node1 kernel: bond0: (slave enp4s3): partner sync=1
Dec 12 12:33:30 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:30 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
Dec 12 12:33:30 node1 kernel: bond0: bond_should_notify_peers: slave enp0s25
+++
This is confusing and can also clutter up debug logs.
Print logs only when the peer notification happens.
Signed-off-by: Suresh Kumar <suresh2514@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index a7eaf80f500c0..ff50ccc7dceb1 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -792,9 +792,6 @@ static bool bond_should_notify_peers(struct bonding *bond)
slave = rcu_dereference(bond->curr_active_slave);
rcu_read_unlock();
- netdev_dbg(bond->dev, "bond_should_notify_peers: slave %s\n",
- slave ? slave->dev->name : "NULL");
-
if (!slave || !bond->send_peer_notif ||
bond->send_peer_notif %
max(1, bond->params.peer_notif_delay) != 0 ||
@@ -802,6 +799,9 @@ static bool bond_should_notify_peers(struct bonding *bond)
test_bit(__LINK_STATE_LINKWATCH_PENDING, &slave->dev->state))
return false;
+ netdev_dbg(bond->dev, "bond_should_notify_peers: slave %s\n",
+ slave ? slave->dev->name : "NULL");
+
return true;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 188/320] bpf: Do not WARN in bpf_warn_invalid_xdp_action()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 187/320] net: bonding: debug: avoid printing debug logs when bond is not notifying peers Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 189/320] HID: quirks: Allow inverting the absolute X/Y values Greg Kroah-Hartman
` (136 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Abeni, Daniel Borkmann,
Toke Høiland-Jørgensen, Sasha Levin
From: Paolo Abeni <pabeni@redhat.com>
[ Upstream commit 2cbad989033bff0256675c38f96f5faab852af4b ]
The WARN_ONCE() in bpf_warn_invalid_xdp_action() can be triggered by
any bugged program, and even attaching a correct program to a NIC
not supporting the given action.
The resulting splat, beyond polluting the logs, fouls automated tools:
e.g. a syzkaller reproducers using an XDP program returning an
unsupported action will never pass validation.
Replace the WARN_ONCE with a less intrusive pr_warn_once().
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/bpf/016ceec56e4817ebb2a9e35ce794d5c917df572c.1638189075.git.pabeni@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index b90c0b5a10112..92ce4d46f02e4 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -6912,9 +6912,9 @@ void bpf_warn_invalid_xdp_action(u32 act)
{
const u32 act_max = XDP_REDIRECT;
- WARN_ONCE(1, "%s XDP return value %u, expect packet loss!\n",
- act > act_max ? "Illegal" : "Driver unsupported",
- act);
+ pr_warn_once("%s XDP return value %u, expect packet loss!\n",
+ act > act_max ? "Illegal" : "Driver unsupported",
+ act);
}
EXPORT_SYMBOL_GPL(bpf_warn_invalid_xdp_action);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 189/320] HID: quirks: Allow inverting the absolute X/Y values
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 188/320] bpf: Do not WARN in bpf_warn_invalid_xdp_action() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 190/320] media: igorplugusb: receiver overflow should be reported Greg Kroah-Hartman
` (135 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alistair Francis, Benjamin Tissoires,
Sasha Levin
From: Alistair Francis <alistair@alistair23.me>
[ Upstream commit fd8d135b2c5e88662f2729e034913f183455a667 ]
Add a HID_QUIRK_X_INVERT/HID_QUIRK_Y_INVERT quirk that can be used
to invert the X/Y values.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
[bentiss: silence checkpatch warning]
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20211208124045.61815-2-alistair@alistair23.me
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-input.c | 6 ++++++
include/linux/hid.h | 2 ++
2 files changed, 8 insertions(+)
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index ea4c97f5b0736..749558aa27e78 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -1288,6 +1288,12 @@ void hidinput_hid_event(struct hid_device *hid, struct hid_field *field, struct
input = field->hidinput->input;
+ if (usage->type == EV_ABS &&
+ (((*quirks & HID_QUIRK_X_INVERT) && usage->code == ABS_X) ||
+ ((*quirks & HID_QUIRK_Y_INVERT) && usage->code == ABS_Y))) {
+ value = field->logical_maximum - value;
+ }
+
if (usage->hat_min < usage->hat_max || usage->hat_dir) {
int hat_dir = usage->hat_dir;
if (!hat_dir)
diff --git a/include/linux/hid.h b/include/linux/hid.h
index ad46ed41e8836..d5f9bbf8afa51 100644
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
@@ -344,6 +344,8 @@ struct hid_item {
/* BIT(9) reserved for backward compatibility, was NO_INIT_INPUT_REPORTS */
#define HID_QUIRK_ALWAYS_POLL BIT(10)
#define HID_QUIRK_INPUT_PER_APP BIT(11)
+#define HID_QUIRK_X_INVERT BIT(12)
+#define HID_QUIRK_Y_INVERT BIT(13)
#define HID_QUIRK_SKIP_OUTPUT_REPORTS BIT(16)
#define HID_QUIRK_SKIP_OUTPUT_REPORT_ID BIT(17)
#define HID_QUIRK_NO_OUTPUT_REPORTS_ON_INTR_EP BIT(18)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 190/320] media: igorplugusb: receiver overflow should be reported
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 189/320] HID: quirks: Allow inverting the absolute X/Y values Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 191/320] media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() Greg Kroah-Hartman
` (134 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Young, Mauro Carvalho Chehab,
Sasha Levin
From: Sean Young <sean@mess.org>
[ Upstream commit 8fede658e7ddb605bbd68ed38067ddb0af033db4 ]
Without this, some IR will be missing mid-stream and we might decode
something which never really occurred.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/igorplugusb.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/rc/igorplugusb.c b/drivers/media/rc/igorplugusb.c
index b981f7290c1b2..1e8276040ea5b 100644
--- a/drivers/media/rc/igorplugusb.c
+++ b/drivers/media/rc/igorplugusb.c
@@ -64,9 +64,11 @@ static void igorplugusb_irdata(struct igorplugusb *ir, unsigned len)
if (start >= len) {
dev_err(ir->dev, "receive overflow invalid: %u", overflow);
} else {
- if (overflow > 0)
+ if (overflow > 0) {
dev_warn(ir->dev, "receive overflow, at least %u lost",
overflow);
+ ir_raw_event_reset(ir->rc);
+ }
do {
rawir.duration = ir->buf_in[i] * 85333;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 191/320] media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 190/320] media: igorplugusb: receiver overflow should be reported Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 192/320] mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO Greg Kroah-Hartman
` (133 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Mauro Carvalho Chehab,
Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit 3af86b046933ba513d08399dba0d4d8b50d607d0 ]
In hexium_attach(dev, info), saa7146_vv_init() is called to allocate
a new memory for dev->vv_data. saa7146_vv_release() will be called on
failure of saa7146_register_device(). There is a dereference of
dev->vv_data in saa7146_vv_release(), which could lead to a NULL
pointer dereference on failure of saa7146_vv_init().
Fix this bug by adding a check of saa7146_vv_init().
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_VIDEO_HEXIUM_GEMINI=m show no new warnings,
and our static analyzer no longer warns about this code.
Link: https://lore.kernel.org/linux-media/20211203154030.111210-1-zhou1615@umn.edu
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/common/saa7146/saa7146_fops.c | 2 +-
drivers/media/pci/saa7146/hexium_gemini.c | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/media/common/saa7146/saa7146_fops.c b/drivers/media/common/saa7146/saa7146_fops.c
index aabb830e74689..4b332ea986168 100644
--- a/drivers/media/common/saa7146/saa7146_fops.c
+++ b/drivers/media/common/saa7146/saa7146_fops.c
@@ -525,7 +525,7 @@ int saa7146_vv_init(struct saa7146_dev* dev, struct saa7146_ext_vv *ext_vv)
ERR("out of memory. aborting.\n");
kfree(vv);
v4l2_ctrl_handler_free(hdl);
- return -1;
+ return -ENOMEM;
}
saa7146_video_uops.init(dev,vv);
diff --git a/drivers/media/pci/saa7146/hexium_gemini.c b/drivers/media/pci/saa7146/hexium_gemini.c
index f962269306707..86d4e2abed82a 100644
--- a/drivers/media/pci/saa7146/hexium_gemini.c
+++ b/drivers/media/pci/saa7146/hexium_gemini.c
@@ -284,7 +284,12 @@ static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_d
hexium_set_input(hexium, 0);
hexium->cur_input = 0;
- saa7146_vv_init(dev, &vv_data);
+ ret = saa7146_vv_init(dev, &vv_data);
+ if (ret) {
+ i2c_del_adapter(&hexium->i2c_adapter);
+ kfree(hexium);
+ return ret;
+ }
vv_data.vid_ops.vidioc_enum_input = vidioc_enum_input;
vv_data.vid_ops.vidioc_g_input = vidioc_g_input;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 192/320] mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 191/320] media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 193/320] audit: ensure userspace is penalized the same as the kernel when under pressure Greg Kroah-Hartman
` (132 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, H. Nikolaus Schaller, Ulf Hansson,
Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit 8c3e5b74b9e2146f564905e50ca716591c76d4f1 ]
The mmc core takes a specific path to support initializing of a
non-standard SDIO card. This is triggered by looking for the card-quirk,
MMC_QUIRK_NONSTD_SDIO.
In mmc_sdio_init_card() this gets rather messy, as it causes the code to
bail out earlier, compared to the usual path. This leads to that the OCR
doesn't get saved properly in card->ocr. Fortunately, only omap_hsmmc has
been using the MMC_QUIRK_NONSTD_SDIO and is dealing with the issue, by
assigning a hardcoded value (0x80) to card->ocr from an ->init_card() ops.
To make the behaviour consistent, let's instead rely on the core to save
the OCR in card->ocr during initialization.
Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Link: https://lore.kernel.org/r/e7936cff7fc24d187ef2680d3b4edb0ade58f293.1636564631.git.hns@goldelico.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/sdio.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c
index 0bf33786fc5c5..9e0791332ef38 100644
--- a/drivers/mmc/core/sdio.c
+++ b/drivers/mmc/core/sdio.c
@@ -626,6 +626,8 @@ try_again:
if (host->ops->init_card)
host->ops->init_card(host, card);
+ card->ocr = ocr_card;
+
/*
* If the host and card support UHS-I mode request the card
* to switch to 1.8V signaling level. No 1.8v signalling if
@@ -738,7 +740,7 @@ try_again:
goto mismatch;
}
}
- card->ocr = ocr_card;
+
mmc_fixup_device(card, sdio_fixup_methods);
if (card->type == MMC_TYPE_SD_COMBO) {
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 193/320] audit: ensure userspace is penalized the same as the kernel when under pressure
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 192/320] mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 194/320] arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus Greg Kroah-Hartman
` (131 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gaosheng Cui, Richard Guy Briggs,
Paul Moore, Sasha Levin
From: Paul Moore <paul@paul-moore.com>
[ Upstream commit 8f110f530635af44fff1f4ee100ecef0bac62510 ]
Due to the audit control mutex necessary for serializing audit
userspace messages we haven't been able to block/penalize userspace
processes that attempt to send audit records while the system is
under audit pressure. The result is that privileged userspace
applications have a priority boost with respect to audit as they are
not bound by the same audit queue throttling as the other tasks on
the system.
This patch attempts to restore some balance to the system when under
audit pressure by blocking these privileged userspace tasks after
they have finished their audit processing, and dropped the audit
control mutex, but before they return to userspace.
Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/audit.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index d67fce9e3f8b8..146edff0c73ec 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1528,6 +1528,20 @@ static void audit_receive(struct sk_buff *skb)
nlh = nlmsg_next(nlh, &len);
}
audit_ctl_unlock();
+
+ /* can't block with the ctrl lock, so penalize the sender now */
+ if (audit_backlog_limit &&
+ (skb_queue_len(&audit_queue) > audit_backlog_limit)) {
+ DECLARE_WAITQUEUE(wait, current);
+
+ /* wake kauditd to try and flush the queue */
+ wake_up_interruptible(&kauditd_wait);
+
+ add_wait_queue_exclusive(&audit_backlog_wait, &wait);
+ set_current_state(TASK_UNINTERRUPTIBLE);
+ schedule_timeout(audit_backlog_wait_time);
+ remove_wait_queue(&audit_backlog_wait, &wait);
+ }
}
/* Run custom bind function on netlink socket group connect or bind requests. */
@@ -1772,7 +1786,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
* task_tgid_vnr() since auditd_pid is set in audit_receive_msg()
* using a PID anchored in the caller's namespace
* 2. generator holding the audit_cmd_mutex - we don't want to block
- * while holding the mutex */
+ * while holding the mutex, although we do penalize the sender
+ * later in audit_receive() when it is safe to block
+ */
if (!(auditd_test_task(current) || audit_ctl_owner_current())) {
long stime = audit_backlog_wait_time;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 194/320] arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 193/320] audit: ensure userspace is penalized the same as the kernel when under pressure Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 195/320] arm64: tegra: Adjust length of CCPLEX cluster MMIO region Greg Kroah-Hartman
` (130 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biwen Li, Li Yang, Shawn Guo, Sasha Levin
From: Biwen Li <biwen.li@nxp.com>
[ Upstream commit cbe9d948eadfe352ad45495a7cc5bf20a1b29d90 ]
The i2c rtc is on i2c2 bus not i2c1 bus, so fix it in dts.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Li Yang <leoyang.lil@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts b/arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts
index 078a5010228cd..0b3a93c4155d2 100644
--- a/arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts
+++ b/arch/arm64/boot/dts/freescale/fsl-ls1028a-qds.dts
@@ -161,11 +161,6 @@
vcc-supply = <&sb_3v3>;
};
- rtc@51 {
- compatible = "nxp,pcf2129";
- reg = <0x51>;
- };
-
eeprom@56 {
compatible = "atmel,24c512";
reg = <0x56>;
@@ -209,6 +204,15 @@
};
+&i2c1 {
+ status = "okay";
+
+ rtc@51 {
+ compatible = "nxp,pcf2129";
+ reg = <0x51>;
+ };
+};
+
&enetc_port1 {
phy-handle = <&qds_phy1>;
phy-connection-type = "rgmii-id";
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 195/320] arm64: tegra: Adjust length of CCPLEX cluster MMIO region
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 194/320] arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus Greg Kroah-Hartman
@ 2022-01-24 18:42 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 196/320] cpufreq: Fix initialization of min and max frequency QoS requests Greg Kroah-Hartman
` (129 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:42 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thierry Reding, Sasha Levin
From: Thierry Reding <treding@nvidia.com>
[ Upstream commit 2b14cbd643feea5fc17c6e8bead4e71088c69acd ]
The Tegra186 CCPLEX cluster register region is 4 MiB is length, not 4
MiB - 1. This was likely presumed to be the "limit" rather than length.
Fix it up.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/nvidia/tegra186.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/nvidia/tegra186.dtsi b/arch/arm64/boot/dts/nvidia/tegra186.dtsi
index 9abf0cb1dd67f..4457262750734 100644
--- a/arch/arm64/boot/dts/nvidia/tegra186.dtsi
+++ b/arch/arm64/boot/dts/nvidia/tegra186.dtsi
@@ -709,7 +709,7 @@
ccplex@e000000 {
compatible = "nvidia,tegra186-ccplex-cluster";
- reg = <0x0 0x0e000000 0x0 0x3fffff>;
+ reg = <0x0 0x0e000000 0x0 0x400000>;
nvidia,bpmp = <&bpmp>;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 196/320] cpufreq: Fix initialization of min and max frequency QoS requests
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-01-24 18:42 ` [PATCH 5.4 195/320] arm64: tegra: Adjust length of CCPLEX cluster MMIO region Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 197/320] usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 Greg Kroah-Hartman
` (128 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Pandruvada,
Rafael J. Wysocki, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 521223d8b3ec078f670c7c35a1a04b1b2af07966 ]
The min and max frequency QoS requests in the cpufreq core are
initialized to whatever the current min and max frequency values are
at the init time, but if any of these values change later (for
example, cpuinfo.max_freq is updated by the driver), these initial
request values will be limiting the CPU frequency unnecessarily
unless they are changed by user space via sysfs.
To address this, initialize min_freq_req and max_freq_req to
FREQ_QOS_MIN_DEFAULT_VALUE and FREQ_QOS_MAX_DEFAULT_VALUE,
respectively, so they don't really limit anything until user
space updates them.
Reported-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Tested-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index cb7949a2ac0ca..af9f348048629 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1393,7 +1393,7 @@ static int cpufreq_online(unsigned int cpu)
ret = freq_qos_add_request(&policy->constraints,
policy->min_freq_req, FREQ_QOS_MIN,
- policy->min);
+ FREQ_QOS_MIN_DEFAULT_VALUE);
if (ret < 0) {
/*
* So we don't call freq_qos_remove_request() for an
@@ -1413,7 +1413,7 @@ static int cpufreq_online(unsigned int cpu)
ret = freq_qos_add_request(&policy->constraints,
policy->max_freq_req, FREQ_QOS_MAX,
- policy->max);
+ FREQ_QOS_MAX_DEFAULT_VALUE);
if (ret < 0) {
policy->max_freq_req = NULL;
goto out_destroy_policy;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 197/320] usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 196/320] cpufreq: Fix initialization of min and max frequency QoS requests Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 198/320] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream Greg Kroah-Hartman
` (127 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Kai-Heng Feng, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 00558586382891540c59c9febc671062425a6e47 ]
When a new USB device gets plugged to nested hubs, the affected hub,
which connects to usb 2-1.4-port2, doesn't report there's any change,
hence the nested hubs go back to runtime suspend like nothing happened:
[ 281.032951] usb usb2: usb wakeup-resume
[ 281.032959] usb usb2: usb auto-resume
[ 281.032974] hub 2-0:1.0: hub_resume
[ 281.033011] usb usb2-port1: status 0263 change 0000
[ 281.033077] hub 2-0:1.0: state 7 ports 4 chg 0000 evt 0000
[ 281.049797] usb 2-1: usb wakeup-resume
[ 281.069800] usb 2-1: Waited 0ms for CONNECT
[ 281.069810] usb 2-1: finish resume
[ 281.070026] hub 2-1:1.0: hub_resume
[ 281.070250] usb 2-1-port4: status 0203 change 0000
[ 281.070272] usb usb2-port1: resume, status 0
[ 281.070282] hub 2-1:1.0: state 7 ports 4 chg 0010 evt 0000
[ 281.089813] usb 2-1.4: usb wakeup-resume
[ 281.109792] usb 2-1.4: Waited 0ms for CONNECT
[ 281.109801] usb 2-1.4: finish resume
[ 281.109991] hub 2-1.4:1.0: hub_resume
[ 281.110147] usb 2-1.4-port2: status 0263 change 0000
[ 281.110234] usb 2-1-port4: resume, status 0
[ 281.110239] usb 2-1-port4: status 0203, change 0000, 10.0 Gb/s
[ 281.110266] hub 2-1.4:1.0: state 7 ports 4 chg 0000 evt 0000
[ 281.110426] hub 2-1.4:1.0: hub_suspend
[ 281.110565] usb 2-1.4: usb auto-suspend, wakeup 1
[ 281.130998] hub 2-1:1.0: hub_suspend
[ 281.137788] usb 2-1: usb auto-suspend, wakeup 1
[ 281.142935] hub 2-0:1.0: state 7 ports 4 chg 0000 evt 0000
[ 281.177828] usb 2-1: usb wakeup-resume
[ 281.197839] usb 2-1: Waited 0ms for CONNECT
[ 281.197850] usb 2-1: finish resume
[ 281.197984] hub 2-1:1.0: hub_resume
[ 281.198203] usb 2-1-port4: status 0203 change 0000
[ 281.198228] usb usb2-port1: resume, status 0
[ 281.198237] hub 2-1:1.0: state 7 ports 4 chg 0010 evt 0000
[ 281.217835] usb 2-1.4: usb wakeup-resume
[ 281.237834] usb 2-1.4: Waited 0ms for CONNECT
[ 281.237845] usb 2-1.4: finish resume
[ 281.237990] hub 2-1.4:1.0: hub_resume
[ 281.238067] usb 2-1.4-port2: status 0263 change 0000
[ 281.238148] usb 2-1-port4: resume, status 0
[ 281.238152] usb 2-1-port4: status 0203, change 0000, 10.0 Gb/s
[ 281.238166] hub 2-1.4:1.0: state 7 ports 4 chg 0000 evt 0000
[ 281.238385] hub 2-1.4:1.0: hub_suspend
[ 281.238523] usb 2-1.4: usb auto-suspend, wakeup 1
[ 281.258076] hub 2-1:1.0: hub_suspend
[ 281.265744] usb 2-1: usb auto-suspend, wakeup 1
[ 281.285976] hub 2-0:1.0: hub_suspend
[ 281.285988] usb usb2: bus auto-suspend, wakeup 1
USB 3.2 spec, 9.2.5.4 "Changing Function Suspend State" says that "If
the link is in a non-U0 state, then the device must transition the link
to U0 prior to sending the remote wake message", but the hub only
transits the link to U0 after signaling remote wakeup.
So be more forgiving and use a 20ms delay to let the link transit to U0
for remote wakeup.
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Link: https://lore.kernel.org/r/20211215120108.336597-1-kai.heng.feng@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/core/hub.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 69dd48f9507e5..4cf0dc7f330dd 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1108,7 +1108,10 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
} else {
hub_power_on(hub, true);
}
- }
+ /* Give some time on remote wakeup to let links to transit to U0 */
+ } else if (hub_is_superspeed(hub->hdev))
+ msleep(20);
+
init2:
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 198/320] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 197/320] usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 199/320] iwlwifi: fix leaks/bad data after failed firmware load Greg Kroah-Hartman
` (126 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zekun Shen, Kalle Valo, Sasha Levin
From: Zekun Shen <bruceshenzk@gmail.com>
[ Upstream commit 6ce708f54cc8d73beca213cec66ede5ce100a781 ]
Large pkt_len can lead to out-out-bound memcpy. Current
ath9k_hif_usb_rx_stream allows combining the content of two urb
inputs to one pkt. The first input can indicate the size of the
pkt. Any remaining size is saved in hif_dev->rx_remain_len.
While processing the next input, memcpy is used with rx_remain_len.
4-byte pkt_len can go up to 0xffff, while a single input is 0x4000
maximum in size (MAX_RX_BUF_SIZE). Thus, the patch adds a check for
pkt_len which must not exceed 2 * MAX_RX_BUG_SIZE.
BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x490/0xed7 [ath9k_htc]
Read of size 46393 at addr ffff888018798000 by task kworker/0:1/23
CPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 5.6.0 #63
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
Workqueue: events request_firmware_work_func
Call Trace:
<IRQ>
dump_stack+0x76/0xa0
print_address_description.constprop.0+0x16/0x200
? ath9k_hif_usb_rx_cb+0x490/0xed7 [ath9k_htc]
? ath9k_hif_usb_rx_cb+0x490/0xed7 [ath9k_htc]
__kasan_report.cold+0x37/0x7c
? ath9k_hif_usb_rx_cb+0x490/0xed7 [ath9k_htc]
kasan_report+0xe/0x20
check_memory_region+0x15a/0x1d0
memcpy+0x20/0x50
ath9k_hif_usb_rx_cb+0x490/0xed7 [ath9k_htc]
? hif_usb_mgmt_cb+0x2d9/0x2d9 [ath9k_htc]
? _raw_spin_lock_irqsave+0x7b/0xd0
? _raw_spin_trylock_bh+0x120/0x120
? __usb_unanchor_urb+0x12f/0x210
__usb_hcd_giveback_urb+0x1e4/0x380
usb_giveback_urb_bh+0x241/0x4f0
? __hrtimer_run_queues+0x316/0x740
? __usb_hcd_giveback_urb+0x380/0x380
tasklet_action_common.isra.0+0x135/0x330
__do_softirq+0x18c/0x634
irq_exit+0x114/0x140
smp_apic_timer_interrupt+0xde/0x380
apic_timer_interrupt+0xf/0x20
I found the bug using a custome USBFuzz port. It's a research work
to fuzz USB stack/drivers. I modified it to fuzz ath9k driver only,
providing hand-crafted usb descriptors to QEMU.
After fixing the value of pkt_tag to ATH_USB_RX_STREAM_MODE_TAG in QEMU
emulation, I found the KASAN report. The bug is triggerable whenever
pkt_len is above two MAX_RX_BUG_SIZE. I used the same input that crashes
to test the driver works when applying the patch.
Signed-off-by: Zekun Shen <bruceshenzk@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/YXsidrRuK6zBJicZ@10-18-43-117.dynapool.wireless.nyu.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/hif_usb.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c
index 2ed98aaed6fb5..c8c7afe0e343e 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -590,6 +590,13 @@ static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev,
return;
}
+ if (pkt_len > 2 * MAX_RX_BUF_SIZE) {
+ dev_err(&hif_dev->udev->dev,
+ "ath9k_htc: invalid pkt_len (%x)\n", pkt_len);
+ RX_STAT_INC(skb_dropped);
+ return;
+ }
+
pad_len = 4 - (pkt_len & 0x3);
if (pad_len == 4)
pad_len = 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 199/320] iwlwifi: fix leaks/bad data after failed firmware load
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 198/320] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 200/320] iwlwifi: remove module loading failure message Greg Kroah-Hartman
` (125 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Luca Coelho, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit ab07506b0454bea606095951e19e72c282bfbb42 ]
If firmware load fails after having loaded some parts of the
firmware, e.g. the IML image, then this would leak. For the
host command list we'd end up running into a WARN on the next
attempt to load another firmware image.
Fix this by calling iwl_dealloc_ucode() on failures, and make
that also clear the data so we start fresh on the next round.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211210110539.1f742f0eb58a.I1315f22f6aa632d94ae2069f85e1bca5e734dce0@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
index e68366f248fe3..c1a2fb154fe91 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -183,6 +183,9 @@ static void iwl_dealloc_ucode(struct iwl_drv *drv)
for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
iwl_free_fw_img(drv, drv->fw.img + i);
+
+ /* clear the data for the aborted load case */
+ memset(&drv->fw, 0, sizeof(drv->fw));
}
static int iwl_alloc_fw_desc(struct iwl_drv *drv, struct fw_desc *desc,
@@ -1338,6 +1341,7 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
int i;
bool load_module = false;
bool usniffer_images = false;
+ bool failure = true;
fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH;
fw->ucode_capa.standard_phy_calibration_size =
@@ -1604,6 +1608,7 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
op->name, err);
#endif
}
+ failure = false;
goto free;
try_again:
@@ -1619,6 +1624,9 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
complete(&drv->request_firmware_complete);
device_release_driver(drv->trans->dev);
free:
+ if (failure)
+ iwl_dealloc_ucode(drv);
+
if (pieces) {
for (i = 0; i < ARRAY_SIZE(pieces->img); i++)
kfree(pieces->img[i].sec);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 200/320] iwlwifi: remove module loading failure message
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 199/320] iwlwifi: fix leaks/bad data after failed firmware load Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 201/320] iwlwifi: mvm: Fix calculation of frame length Greg Kroah-Hartman
` (124 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Luca Coelho, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 6518f83ffa51131daaf439b66094f684da3fb0ae ]
When CONFIG_DEBUG_TEST_DRIVER_REMOVE is set, iwlwifi crashes
when the opmode module cannot be loaded, due to completing
the completion before using drv->dev, which can then already
be freed.
Fix this by removing the (fairly useless) message. Moving the
completion later causes a deadlock instead, so that's not an
option.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/20211210091245.289008-2-luca@coelho.fi
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
index c1a2fb154fe91..83cb2ad03451b 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -1599,15 +1599,8 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
* else from proceeding if the module fails to load
* or hangs loading.
*/
- if (load_module) {
+ if (load_module)
request_module("%s", op->name);
-#ifdef CONFIG_IWLWIFI_OPMODE_MODULAR
- if (err)
- IWL_ERR(drv,
- "failed to load module %s (error %d), is dynamic loading enabled?\n",
- op->name, err);
-#endif
- }
failure = false;
goto free;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 201/320] iwlwifi: mvm: Fix calculation of frame length
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 200/320] iwlwifi: remove module loading failure message Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 202/320] um: registers: Rename function names to avoid conflicts and build problems Greg Kroah-Hartman
` (123 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ilan Peer, Luca Coelho, Sasha Levin
From: Ilan Peer <ilan.peer@intel.com>
[ Upstream commit 40a0b38d7a7f91a6027287e0df54f5f547e8d27e ]
The RADA might include in the Rx frame the MIC and CRC bytes.
These bytes should be removed for non monitor interfaces and
should not be passed to mac80211.
Fix the Rx processing to remove the extra bytes on non monitor
cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211219121514.098be12c801e.I1d81733d8a75b84c3b20eb6e0d14ab3405ca6a86@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 27 +++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
index a6e2a30eb3109..52c6edc621ced 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -177,12 +177,39 @@ static int iwl_mvm_create_skb(struct iwl_mvm *mvm, struct sk_buff *skb,
struct iwl_rx_mpdu_desc *desc = (void *)pkt->data;
unsigned int headlen, fraglen, pad_len = 0;
unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
+ u8 mic_crc_len = u8_get_bits(desc->mac_flags1,
+ IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK) << 1;
if (desc->mac_flags2 & IWL_RX_MPDU_MFLG2_PAD) {
len -= 2;
pad_len = 2;
}
+ /*
+ * For non monitor interface strip the bytes the RADA might not have
+ * removed. As monitor interface cannot exist with other interfaces
+ * this removal is safe.
+ */
+ if (mic_crc_len && !ieee80211_hw_check(mvm->hw, RX_INCLUDES_FCS)) {
+ u32 pkt_flags = le32_to_cpu(pkt->len_n_flags);
+
+ /*
+ * If RADA was not enabled then decryption was not performed so
+ * the MIC cannot be removed.
+ */
+ if (!(pkt_flags & FH_RSCSR_RADA_EN)) {
+ if (WARN_ON(crypt_len > mic_crc_len))
+ return -EINVAL;
+
+ mic_crc_len -= crypt_len;
+ }
+
+ if (WARN_ON(mic_crc_len > len))
+ return -EINVAL;
+
+ len -= mic_crc_len;
+ }
+
/* If frame is small enough to fit in skb->head, pull it completely.
* If not, only pull ieee80211_hdr (including crypto if present, and
* an additional 8 bytes for SNAP/ethertype, see below) so that
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 202/320] um: registers: Rename function names to avoid conflicts and build problems
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 201/320] iwlwifi: mvm: Fix calculation of frame length Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 203/320] jffs2: GC deadlock reading a page that is used in jffs2_write_begin() Greg Kroah-Hartman
` (122 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Jeff Dike,
Richard Weinberger, Anton Ivanov, linux-um, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 077b7320942b64b0da182aefd83c374462a65535 ]
The function names init_registers() and restore_registers() are used
in several net/ethernet/ and gpu/drm/ drivers for other purposes (not
calls to UML functions), so rename them.
This fixes multiple build errors.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: linux-um@lists.infradead.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/include/shared/registers.h | 4 ++--
arch/um/os-Linux/registers.c | 4 ++--
arch/um/os-Linux/start_up.c | 2 +-
arch/x86/um/syscalls_64.c | 3 ++-
4 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/arch/um/include/shared/registers.h b/arch/um/include/shared/registers.h
index 0c50fa6e8a55b..fbb709a222839 100644
--- a/arch/um/include/shared/registers.h
+++ b/arch/um/include/shared/registers.h
@@ -16,8 +16,8 @@ extern int restore_fp_registers(int pid, unsigned long *fp_regs);
extern int save_fpx_registers(int pid, unsigned long *fp_regs);
extern int restore_fpx_registers(int pid, unsigned long *fp_regs);
extern int save_registers(int pid, struct uml_pt_regs *regs);
-extern int restore_registers(int pid, struct uml_pt_regs *regs);
-extern int init_registers(int pid);
+extern int restore_pid_registers(int pid, struct uml_pt_regs *regs);
+extern int init_pid_registers(int pid);
extern void get_safe_registers(unsigned long *regs, unsigned long *fp_regs);
extern unsigned long get_thread_reg(int reg, jmp_buf *buf);
extern int get_fp_registers(int pid, unsigned long *regs);
diff --git a/arch/um/os-Linux/registers.c b/arch/um/os-Linux/registers.c
index 2d9270508e156..b123955be7acc 100644
--- a/arch/um/os-Linux/registers.c
+++ b/arch/um/os-Linux/registers.c
@@ -21,7 +21,7 @@ int save_registers(int pid, struct uml_pt_regs *regs)
return 0;
}
-int restore_registers(int pid, struct uml_pt_regs *regs)
+int restore_pid_registers(int pid, struct uml_pt_regs *regs)
{
int err;
@@ -36,7 +36,7 @@ int restore_registers(int pid, struct uml_pt_regs *regs)
static unsigned long exec_regs[MAX_REG_NR];
static unsigned long exec_fp_regs[FP_SIZE];
-int init_registers(int pid)
+int init_pid_registers(int pid)
{
int err;
diff --git a/arch/um/os-Linux/start_up.c b/arch/um/os-Linux/start_up.c
index f79dc338279e6..b28373a2b8d2d 100644
--- a/arch/um/os-Linux/start_up.c
+++ b/arch/um/os-Linux/start_up.c
@@ -336,7 +336,7 @@ void __init os_early_checks(void)
check_tmpexec();
pid = start_ptraced_child();
- if (init_registers(pid))
+ if (init_pid_registers(pid))
fatal("Failed to initialize default registers");
stop_ptraced_child(pid, 1, 1);
}
diff --git a/arch/x86/um/syscalls_64.c b/arch/x86/um/syscalls_64.c
index 58f51667e2e4b..8249685b40960 100644
--- a/arch/x86/um/syscalls_64.c
+++ b/arch/x86/um/syscalls_64.c
@@ -11,6 +11,7 @@
#include <linux/uaccess.h>
#include <asm/prctl.h> /* XXX This should get the constants from libc */
#include <os.h>
+#include <registers.h>
long arch_prctl(struct task_struct *task, int option,
unsigned long __user *arg2)
@@ -35,7 +36,7 @@ long arch_prctl(struct task_struct *task, int option,
switch (option) {
case ARCH_SET_FS:
case ARCH_SET_GS:
- ret = restore_registers(pid, ¤t->thread.regs.regs);
+ ret = restore_pid_registers(pid, ¤t->thread.regs.regs);
if (ret)
return ret;
break;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 203/320] jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 202/320] um: registers: Rename function names to avoid conflicts and build problems Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 204/320] ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions Greg Kroah-Hartman
` (121 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kyeong Yoo, Richard Weinberger, Sasha Levin
From: Kyeong Yoo <kyeong.yoo@alliedtelesis.co.nz>
[ Upstream commit aa39cc675799bc92da153af9a13d6f969c348e82 ]
GC task can deadlock in read_cache_page() because it may attempt
to release a page that is actually allocated by another task in
jffs2_write_begin().
The reason is that in jffs2_write_begin() there is a small window
a cache page is allocated for use but not set Uptodate yet.
This ends up with a deadlock between two tasks:
1) A task (e.g. file copy)
- jffs2_write_begin() locks a cache page
- jffs2_write_end() tries to lock "alloc_sem" from
jffs2_reserve_space() <-- STUCK
2) GC task (jffs2_gcd_mtd3)
- jffs2_garbage_collect_pass() locks "alloc_sem"
- try to lock the same cache page in read_cache_page() <-- STUCK
So to avoid this deadlock, hold "alloc_sem" in jffs2_write_begin()
while reading data in a cache page.
Signed-off-by: Kyeong Yoo <kyeong.yoo@alliedtelesis.co.nz>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jffs2/file.c | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index f8fb89b10227c..34880a4c21732 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -135,20 +135,15 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
struct page *pg;
struct inode *inode = mapping->host;
struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
+ struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
pgoff_t index = pos >> PAGE_SHIFT;
uint32_t pageofs = index << PAGE_SHIFT;
int ret = 0;
- pg = grab_cache_page_write_begin(mapping, index, flags);
- if (!pg)
- return -ENOMEM;
- *pagep = pg;
-
jffs2_dbg(1, "%s()\n", __func__);
if (pageofs > inode->i_size) {
/* Make new hole frag from old EOF to new page */
- struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
struct jffs2_raw_inode ri;
struct jffs2_full_dnode *fn;
uint32_t alloc_len;
@@ -159,7 +154,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len,
ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
if (ret)
- goto out_page;
+ goto out_err;
mutex_lock(&f->sem);
memset(&ri, 0, sizeof(ri));
@@ -189,7 +184,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
ret = PTR_ERR(fn);
jffs2_complete_reservation(c);
mutex_unlock(&f->sem);
- goto out_page;
+ goto out_err;
}
ret = jffs2_add_full_dnode_to_inode(c, f, fn);
if (f->metadata) {
@@ -204,13 +199,26 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
jffs2_free_full_dnode(fn);
jffs2_complete_reservation(c);
mutex_unlock(&f->sem);
- goto out_page;
+ goto out_err;
}
jffs2_complete_reservation(c);
inode->i_size = pageofs;
mutex_unlock(&f->sem);
}
+ /*
+ * While getting a page and reading data in, lock c->alloc_sem until
+ * the page is Uptodate. Otherwise GC task may attempt to read the same
+ * page in read_cache_page(), which causes a deadlock.
+ */
+ mutex_lock(&c->alloc_sem);
+ pg = grab_cache_page_write_begin(mapping, index, flags);
+ if (!pg) {
+ ret = -ENOMEM;
+ goto release_sem;
+ }
+ *pagep = pg;
+
/*
* Read in the page if it wasn't already present. Cannot optimize away
* the whole page write case until jffs2_write_end can handle the
@@ -220,15 +228,17 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
mutex_lock(&f->sem);
ret = jffs2_do_readpage_nolock(inode, pg);
mutex_unlock(&f->sem);
- if (ret)
- goto out_page;
+ if (ret) {
+ unlock_page(pg);
+ put_page(pg);
+ goto release_sem;
+ }
}
jffs2_dbg(1, "end write_begin(). pg->flags %lx\n", pg->flags);
- return ret;
-out_page:
- unlock_page(pg);
- put_page(pg);
+release_sem:
+ mutex_unlock(&c->alloc_sem);
+out_err:
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 204/320] ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 203/320] jffs2: GC deadlock reading a page that is used in jffs2_write_begin() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 205/320] ACPICA: Utilities: Avoid deleting the same object twice in a row Greg Kroah-Hartman
` (120 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Langsdorf, Bob Moore,
Rafael J. Wysocki, Sasha Levin
From: Mark Langsdorf <mlangsdo@redhat.com>
[ Upstream commit f81bdeaf816142e0729eea0cc84c395ec9673151 ]
ACPICA commit bc02c76d518135531483dfc276ed28b7ee632ce1
The current ACPI_ACCESS_*_WIDTH defines do not provide a way to
test that size is small enough to not cause an overflow when
applied to a 32-bit integer.
Rather than adding more magic numbers, add ACPI_ACCESS_*_SHIFT,
ACPI_ACCESS_*_MAX, and ACPI_ACCESS_*_DEFAULT #defines and
redefine ACPI_ACCESS_*_WIDTH in terms of the new #defines.
This was inititally reported on Linux where a size of 102 in
ACPI_ACCESS_BIT_WIDTH caused an overflow error in the SPCR
initialization code.
Link: https://github.com/acpica/acpica/commit/bc02c76d
Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/acpi/actypes.h | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h
index 9373662cdb44f..ff5fecff51167 100644
--- a/include/acpi/actypes.h
+++ b/include/acpi/actypes.h
@@ -536,8 +536,14 @@ typedef u64 acpi_integer;
* Can be used with access_width of struct acpi_generic_address and access_size of
* struct acpi_resource_generic_register.
*/
-#define ACPI_ACCESS_BIT_WIDTH(size) (1 << ((size) + 2))
-#define ACPI_ACCESS_BYTE_WIDTH(size) (1 << ((size) - 1))
+#define ACPI_ACCESS_BIT_SHIFT 2
+#define ACPI_ACCESS_BYTE_SHIFT -1
+#define ACPI_ACCESS_BIT_MAX (31 - ACPI_ACCESS_BIT_SHIFT)
+#define ACPI_ACCESS_BYTE_MAX (31 - ACPI_ACCESS_BYTE_SHIFT)
+#define ACPI_ACCESS_BIT_DEFAULT (8 - ACPI_ACCESS_BIT_SHIFT)
+#define ACPI_ACCESS_BYTE_DEFAULT (8 - ACPI_ACCESS_BYTE_SHIFT)
+#define ACPI_ACCESS_BIT_WIDTH(size) (1 << ((size) + ACPI_ACCESS_BIT_SHIFT))
+#define ACPI_ACCESS_BYTE_WIDTH(size) (1 << ((size) + ACPI_ACCESS_BYTE_SHIFT))
/*******************************************************************************
*
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 205/320] ACPICA: Utilities: Avoid deleting the same object twice in a row
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 204/320] ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 206/320] ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() Greg Kroah-Hartman
` (119 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Asselstine, Rafael J. Wysocki,
Bob Moore, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 1cdfe9e346b4c5509ffe19ccde880fd259d9f7a3 ]
ACPICA commit c11af67d8f7e3d381068ce7771322f2b5324d687
If original_count is 0 in acpi_ut_update_ref_count (),
acpi_ut_delete_internal_obj () is invoked for the target object, which is
incorrect, because that object has been deleted once already and the
memory allocated to store it may have been reclaimed and allocated
for a different purpose by the host OS. Moreover, a confusing debug
message following the "Reference Count is already zero, cannot
decrement" warning is printed in that case.
To fix this issue, make acpi_ut_update_ref_count () return after finding
that original_count is 0 and printing the above warning.
Link: https://github.com/acpica/acpica/commit/c11af67d
Link: https://github.com/acpica/acpica/pull/652
Reported-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/utdelete.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/acpi/acpica/utdelete.c b/drivers/acpi/acpica/utdelete.c
index 72d2c0b656339..cb1750e7a6281 100644
--- a/drivers/acpi/acpica/utdelete.c
+++ b/drivers/acpi/acpica/utdelete.c
@@ -422,6 +422,7 @@ acpi_ut_update_ref_count(union acpi_operand_object *object, u32 action)
ACPI_WARNING((AE_INFO,
"Obj %p, Reference Count is already zero, cannot decrement\n",
object));
+ return;
}
ACPI_DEBUG_PRINT_RAW((ACPI_DB_ALLOCATIONS,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 206/320] ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 205/320] ACPICA: Utilities: Avoid deleting the same object twice in a row Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 207/320] ACPICA: Fix wrong interpretation of PCC address Greg Kroah-Hartman
` (118 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lenny Szubowicz, Rafael J. Wysocki,
Bob Moore, Sasha Levin
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 24ea5f90ec9548044a6209685c5010edd66ffe8f ]
ACPICA commit d984f12041392fa4156b52e2f7e5c5e7bc38ad9e
If Operand[0] is a reference of the ACPI_REFCLASS_REFOF class,
acpi_ex_opcode_1A_0T_1R () calls acpi_ns_get_attached_object () to
obtain return_desc which may require additional resolution with
the help of acpi_ex_read_data_from_field (). If the latter fails,
the reference counter of the original return_desc is decremented
which is incorrect, because acpi_ns_get_attached_object () does not
increment the reference counter of the object returned by it.
This issue may lead to premature deletion of the attached object
while it is still attached and a use-after-free and crash in the
host OS. For example, this may happen when on evaluation of ref_of()
a local region field where there is no registered handler for the
given Operation Region.
Fix it by making acpi_ex_opcode_1A_0T_1R () return Status right away
after a acpi_ex_read_data_from_field () failure.
Link: https://github.com/acpica/acpica/commit/d984f120
Link: https://github.com/acpica/acpica/pull/685
Reported-by: Lenny Szubowicz <lszubowi@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/exoparg1.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/acpica/exoparg1.c b/drivers/acpi/acpica/exoparg1.c
index 06e35ea098234..6d84618ba3871 100644
--- a/drivers/acpi/acpica/exoparg1.c
+++ b/drivers/acpi/acpica/exoparg1.c
@@ -1007,7 +1007,8 @@ acpi_status acpi_ex_opcode_1A_0T_1R(struct acpi_walk_state *walk_state)
(walk_state, return_desc,
&temp_desc);
if (ACPI_FAILURE(status)) {
- goto cleanup;
+ return_ACPI_STATUS
+ (status);
}
return_desc = temp_desc;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 207/320] ACPICA: Fix wrong interpretation of PCC address
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 206/320] ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 208/320] ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 Greg Kroah-Hartman
` (117 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sudeep Holla, Bob Moore,
Rafael J. Wysocki, Sasha Levin
From: Sudeep Holla <sudeep.holla@arm.com>
[ Upstream commit 9a3b8655db1ada31c82189ae13f40eb25da48c35 ]
ACPICA commit 41be6afacfdaec2dba3a5ed368736babc2a7aa5c
With the PCC Opregion in the firmware and we are hitting below kernel crash:
-->8
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
Workqueue: pm pm_runtime_work
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __memcpy+0x54/0x260
lr : acpi_ex_write_data_to_field+0xb8/0x194
Call trace:
__memcpy+0x54/0x260
acpi_ex_store_object_to_node+0xa4/0x1d4
acpi_ex_store+0x44/0x164
acpi_ex_opcode_1A_1T_1R+0x25c/0x508
acpi_ds_exec_end_op+0x1b4/0x44c
acpi_ps_parse_loop+0x3a8/0x614
acpi_ps_parse_aml+0x90/0x2f4
acpi_ps_execute_method+0x11c/0x19c
acpi_ns_evaluate+0x1ec/0x2b0
acpi_evaluate_object+0x170/0x2b0
acpi_device_set_power+0x118/0x310
acpi_dev_suspend+0xd4/0x180
acpi_subsys_runtime_suspend+0x28/0x38
__rpm_callback+0x74/0x328
rpm_suspend+0x2d8/0x624
pm_runtime_work+0xa4/0xb8
process_one_work+0x194/0x25c
worker_thread+0x260/0x49c
kthread+0x14c/0x30c
ret_from_fork+0x10/0x20
Code: f9000006 f81f80a7 d65f03c0 361000c2 (b9400026)
---[ end trace 24d8a032fa77b68a ]---
The reason for the crash is that the PCC channel index passed via region.address
in acpi_ex_store_object_to_node is interpreted as the channel subtype
incorrectly.
Assuming the PCC op_region support is not used by any other type, let us
remove the subtype check as the AML has no access to the subtype information.
Once we remove it, the kernel crash disappears and correctly complains about
missing PCC Opregion handler.
ACPI Error: No handler for Region [PFRM] ((____ptrval____)) [PCC] (20210730/evregion-130)
ACPI Error: Region PCC (ID=10) has no handler (20210730/exfldio-261)
ACPI Error: Aborting method \_SB.ETH0._PS3 due to previous error (AE_NOT_EXIST) (20210730/psparse-531)
Link: https://github.com/acpica/acpica/commit/41be6afa
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/exfield.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/acpi/acpica/exfield.c b/drivers/acpi/acpica/exfield.c
index d3d2dbfba680c..cd3debefe990d 100644
--- a/drivers/acpi/acpica/exfield.c
+++ b/drivers/acpi/acpica/exfield.c
@@ -320,12 +320,7 @@ acpi_ex_write_data_to_field(union acpi_operand_object *source_desc,
obj_desc->field.base_byte_offset,
source_desc->buffer.pointer, data_length);
- if ((obj_desc->field.region_obj->region.address ==
- PCC_MASTER_SUBSPACE
- && MASTER_SUBSPACE_COMMAND(obj_desc->field.
- base_byte_offset))
- || GENERIC_SUBSPACE_COMMAND(obj_desc->field.
- base_byte_offset)) {
+ if (MASTER_SUBSPACE_COMMAND(obj_desc->field.base_byte_offset)) {
/* Perform the write */
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 208/320] ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 207/320] ACPICA: Fix wrong interpretation of PCC address Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 209/320] drm/amdgpu: fixup bad vram size on gmc v8 Greg Kroah-Hartman
` (116 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kirill A. Shutemov,
Rafael J. Wysocki, Bob Moore, Sasha Levin
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Upstream commit 1d4e0b3abb168b2ee1eca99c527cffa1b80b6161 ]
ACPICA commit 3dd7e1f3996456ef81bfe14cba29860e8d42949e
According to ACPI 6.4, Section 16.2, the CPU cache flushing is
required on entering to S1, S2, and S3, but the ACPICA code
flushes the CPU cache regardless of the sleep state.
Blind cache flush on entering S5 causes problems for TDX.
Flushing happens with WBINVD that is not supported in the TDX
environment.
TDX only supports S5 and adjusting ACPICA code to conform to the
spec more strictly fixes the issue.
Link: https://github.com/acpica/acpica/commit/3dd7e1f3
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ rjw: Subject and changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpica/hwesleep.c | 4 +++-
drivers/acpi/acpica/hwsleep.c | 4 +++-
drivers/acpi/acpica/hwxfsleep.c | 2 --
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/acpi/acpica/hwesleep.c b/drivers/acpi/acpica/hwesleep.c
index aa502ae3b6b31..de0a59878e52d 100644
--- a/drivers/acpi/acpica/hwesleep.c
+++ b/drivers/acpi/acpica/hwesleep.c
@@ -104,7 +104,9 @@ acpi_status acpi_hw_extended_sleep(u8 sleep_state)
/* Flush caches, as per ACPI specification */
- ACPI_FLUSH_CPU_CACHE();
+ if (sleep_state < ACPI_STATE_S4) {
+ ACPI_FLUSH_CPU_CACHE();
+ }
status = acpi_os_enter_sleep(sleep_state, sleep_control, 0);
if (status == AE_CTRL_TERMINATE) {
diff --git a/drivers/acpi/acpica/hwsleep.c b/drivers/acpi/acpica/hwsleep.c
index 5f7d63badbe9d..321aaad97e2f7 100644
--- a/drivers/acpi/acpica/hwsleep.c
+++ b/drivers/acpi/acpica/hwsleep.c
@@ -110,7 +110,9 @@ acpi_status acpi_hw_legacy_sleep(u8 sleep_state)
/* Flush caches, as per ACPI specification */
- ACPI_FLUSH_CPU_CACHE();
+ if (sleep_state < ACPI_STATE_S4) {
+ ACPI_FLUSH_CPU_CACHE();
+ }
status = acpi_os_enter_sleep(sleep_state, pm1a_control, pm1b_control);
if (status == AE_CTRL_TERMINATE) {
diff --git a/drivers/acpi/acpica/hwxfsleep.c b/drivers/acpi/acpica/hwxfsleep.c
index 79731efbe8fe2..4e3398819718d 100644
--- a/drivers/acpi/acpica/hwxfsleep.c
+++ b/drivers/acpi/acpica/hwxfsleep.c
@@ -162,8 +162,6 @@ acpi_status acpi_enter_sleep_state_s4bios(void)
return_ACPI_STATUS(status);
}
- ACPI_FLUSH_CPU_CACHE();
-
status = acpi_hw_write_port(acpi_gbl_FADT.smi_command,
(u32)acpi_gbl_FADT.s4_bios_request, 8);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 209/320] drm/amdgpu: fixup bad vram size on gmc v8
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 208/320] ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 210/320] ACPI: battery: Add the ThinkPad "Not Charging" quirk Greg Kroah-Hartman
` (115 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zongmin Zhou, Alex Deucher, Sasha Levin
From: Zongmin Zhou <zhouzongmin@kylinos.cn>
[ Upstream commit 11544d77e3974924c5a9c8a8320b996a3e9b2f8b ]
Some boards(like RX550) seem to have garbage in the upper
16 bits of the vram size register. Check for
this and clamp the size properly. Fixes
boards reporting bogus amounts of vram.
after add this patch,the maximum GPU VRAM size is 64GB,
otherwise only 64GB vram size will be used.
Signed-off-by: Zongmin Zhou<zhouzongmin@kylinos.cn>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
index ea764dd9245db..2975331a7b867 100644
--- a/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
@@ -524,10 +524,10 @@ static void gmc_v8_0_mc_program(struct amdgpu_device *adev)
static int gmc_v8_0_mc_init(struct amdgpu_device *adev)
{
int r;
+ u32 tmp;
adev->gmc.vram_width = amdgpu_atombios_get_vram_width(adev);
if (!adev->gmc.vram_width) {
- u32 tmp;
int chansize, numchan;
/* Get VRAM informations */
@@ -571,8 +571,15 @@ static int gmc_v8_0_mc_init(struct amdgpu_device *adev)
adev->gmc.vram_width = numchan * chansize;
}
/* size in MB on si */
- adev->gmc.mc_vram_size = RREG32(mmCONFIG_MEMSIZE) * 1024ULL * 1024ULL;
- adev->gmc.real_vram_size = RREG32(mmCONFIG_MEMSIZE) * 1024ULL * 1024ULL;
+ tmp = RREG32(mmCONFIG_MEMSIZE);
+ /* some boards may have garbage in the upper 16 bits */
+ if (tmp & 0xffff0000) {
+ DRM_INFO("Probable bad vram size: 0x%08x\n", tmp);
+ if (tmp & 0xffff)
+ tmp &= 0xffff;
+ }
+ adev->gmc.mc_vram_size = tmp * 1024ULL * 1024ULL;
+ adev->gmc.real_vram_size = adev->gmc.mc_vram_size;
if (!(adev->flags & AMD_IS_APU)) {
r = amdgpu_device_resize_fb_bar(adev);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 210/320] ACPI: battery: Add the ThinkPad "Not Charging" quirk
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 209/320] drm/amdgpu: fixup bad vram size on gmc v8 Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 211/320] btrfs: remove BUG_ON() in find_parent_nodes() Greg Kroah-Hartman
` (114 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Weißschuh, Hans de Goede,
Rafael J. Wysocki, Sasha Levin
From: Thomas Weißschuh <linux@weissschuh.net>
[ Upstream commit e96c1197aca628f7d2480a1cc3214912b40b3414 ]
The EC/ACPI firmware on Lenovo ThinkPads used to report a status
of "Unknown" when the battery is between the charge start and
charge stop thresholds. On Windows, it reports "Not Charging"
so the quirk has been added to also report correctly.
Now the "status" attribute returns "Not Charging" when the
battery on ThinkPads is not physicaly charging.
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/battery.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
index 6e96ed68b3379..4e0aea5f008e3 100644
--- a/drivers/acpi/battery.c
+++ b/drivers/acpi/battery.c
@@ -65,6 +65,7 @@ static int battery_bix_broken_package;
static int battery_notification_delay_ms;
static int battery_ac_is_broken;
static int battery_check_pmic = 1;
+static int battery_quirk_notcharging;
static unsigned int cache_time = 1000;
module_param(cache_time, uint, 0644);
MODULE_PARM_DESC(cache_time, "cache time in milliseconds");
@@ -233,6 +234,8 @@ static int acpi_battery_get_property(struct power_supply *psy,
val->intval = POWER_SUPPLY_STATUS_CHARGING;
else if (acpi_battery_is_charged(battery))
val->intval = POWER_SUPPLY_STATUS_FULL;
+ else if (battery_quirk_notcharging)
+ val->intval = POWER_SUPPLY_STATUS_NOT_CHARGING;
else
val->intval = POWER_SUPPLY_STATUS_UNKNOWN;
break;
@@ -1337,6 +1340,12 @@ battery_do_not_check_pmic_quirk(const struct dmi_system_id *d)
return 0;
}
+static int __init battery_quirk_not_charging(const struct dmi_system_id *d)
+{
+ battery_quirk_notcharging = 1;
+ return 0;
+}
+
static const struct dmi_system_id bat_dmi_table[] __initconst = {
{
/* NEC LZ750/LS */
@@ -1381,6 +1390,19 @@ static const struct dmi_system_id bat_dmi_table[] __initconst = {
DMI_EXACT_MATCH(DMI_PRODUCT_VERSION, "Lenovo MIIX 320-10ICR"),
},
},
+ {
+ /*
+ * On Lenovo ThinkPads the BIOS specification defines
+ * a state when the bits for charging and discharging
+ * are both set to 0. That state is "Not Charging".
+ */
+ .callback = battery_quirk_not_charging,
+ .ident = "Lenovo ThinkPad",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad"),
+ },
+ },
{},
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 211/320] btrfs: remove BUG_ON() in find_parent_nodes()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 210/320] ACPI: battery: Add the ThinkPad "Not Charging" quirk Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 212/320] btrfs: remove BUG_ON(!eie) in find_parent_nodes Greg Kroah-Hartman
` (113 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, David Sterba, Sasha Levin
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit fcba0120edf88328524a4878d1d6f4ad39f2ec81 ]
We search for an extent entry with .offset = -1, which shouldn't be a
thing, but corruption happens. Add an ASSERT() for the developers,
return -EUCLEAN for mortals.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/backref.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index 7f644a58db511..9044e7282d0b2 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -1208,7 +1208,12 @@ again:
ret = btrfs_search_slot(trans, fs_info->extent_root, &key, path, 0, 0);
if (ret < 0)
goto out;
- BUG_ON(ret == 0);
+ if (ret == 0) {
+ /* This shouldn't happen, indicates a bug or fs corruption. */
+ ASSERT(ret != 0);
+ ret = -EUCLEAN;
+ goto out;
+ }
#ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS
if (trans && likely(trans->type != __TRANS_DUMMY) &&
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 212/320] btrfs: remove BUG_ON(!eie) in find_parent_nodes
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 211/320] btrfs: remove BUG_ON() in find_parent_nodes() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 213/320] net: mdio: Demote probed message to debug print Greg Kroah-Hartman
` (112 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Josef Bacik, David Sterba, Sasha Levin
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit 9f05c09d6baef789726346397438cca4ec43c3ee ]
If we're looking for leafs that point to a data extent we want to record
the extent items that point at our bytenr. At this point we have the
reference and we know for a fact that this leaf should have a reference
to our bytenr. However if there's some sort of corruption we may not
find any references to our leaf, and thus could end up with eie == NULL.
Replace this BUG_ON() with an ASSERT() and then return -EUCLEAN for the
mortals.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/backref.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index 9044e7282d0b2..c701a19fac533 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -1361,10 +1361,18 @@ again:
goto out;
if (!ret && extent_item_pos) {
/*
- * we've recorded that parent, so we must extend
- * its inode list here
+ * We've recorded that parent, so we must extend
+ * its inode list here.
+ *
+ * However if there was corruption we may not
+ * have found an eie, return an error in this
+ * case.
*/
- BUG_ON(!eie);
+ ASSERT(eie);
+ if (!eie) {
+ ret = -EUCLEAN;
+ goto out;
+ }
while (eie->next)
eie = eie->next;
eie->next = ref->inode_list;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 213/320] net: mdio: Demote probed message to debug print
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 212/320] btrfs: remove BUG_ON(!eie) in find_parent_nodes Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 214/320] mac80211: allow non-standard VHT MCS-10/11 Greg Kroah-Hartman
` (111 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Bizon, Florian Fainelli,
Andrew Lunn, Jakub Kicinski, Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 7590fc6f80ac2cbf23e6b42b668bbeded070850b ]
On systems with large numbers of MDIO bus/muxes the message indicating
that a given MDIO bus has been successfully probed is repeated for as
many buses we have, which can eat up substantial boot time for no
reason, demote to a debug print.
Reported-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220103194024.2620-1-f.fainelli@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/mdio_bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index bec73f0640d03..b0a439248ff69 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -433,7 +433,7 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner)
mdiobus_setup_mdiodev_from_board_info(bus, mdiobus_create_device);
bus->state = MDIOBUS_REGISTERED;
- pr_info("%s: probed\n", bus->name);
+ dev_dbg(&bus->dev, "probed\n");
return 0;
error:
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 214/320] mac80211: allow non-standard VHT MCS-10/11
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 213/320] net: mdio: Demote probed message to debug print Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 215/320] dm btree: add a defensive bounds check to insert_at() Greg Kroah-Hartman
` (110 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Goldwyn Rodrigues, Ping-Ke Shih,
Johannes Berg, Sasha Levin
From: Ping-Ke Shih <pkshih@realtek.com>
[ Upstream commit 04be6d337d37400ad5b3d5f27ca87645ee5a18a3 ]
Some AP can possibly try non-standard VHT rate and mac80211 warns and drops
packets, and leads low TCP throughput.
Rate marked as a VHT rate but data is invalid: MCS: 10, NSS: 2
WARNING: CPU: 1 PID: 7817 at net/mac80211/rx.c:4856 ieee80211_rx_list+0x223/0x2f0 [mac8021
Since commit c27aa56a72b8 ("cfg80211: add VHT rate entries for MCS-10 and MCS-11")
has added, mac80211 adds this support as well.
After this patch, throughput is good and iw can get the bitrate:
rx bitrate: 975.1 MBit/s VHT-MCS 10 80MHz short GI VHT-NSS 2
or
rx bitrate: 1083.3 MBit/s VHT-MCS 11 80MHz short GI VHT-NSS 2
Buglink: https://bugzilla.suse.com/show_bug.cgi?id=1192891
Reported-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://lore.kernel.org/r/20220103013623.17052-1-pkshih@realtek.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 282bf336b15a4..464029892478f 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4693,7 +4693,7 @@ void ieee80211_rx_napi(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta,
goto drop;
break;
case RX_ENC_VHT:
- if (WARN_ONCE(status->rate_idx > 9 ||
+ if (WARN_ONCE(status->rate_idx > 11 ||
!status->nss ||
status->nss > 8,
"Rate marked as a VHT rate but data is invalid: MCS: %d, NSS: %d\n",
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 215/320] dm btree: add a defensive bounds check to insert_at()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 214/320] mac80211: allow non-standard VHT MCS-10/11 Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 216/320] dm space map common: add bounds check to sm_ll_lookup_bitmap() Greg Kroah-Hartman
` (109 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Thornber, Mike Snitzer, Sasha Levin
From: Joe Thornber <ejt@redhat.com>
[ Upstream commit 85bca3c05b6cca31625437eedf2060e846c4bbad ]
Corrupt metadata could trigger an out of bounds write.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/persistent-data/dm-btree.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
index 8aae0624a2971..6383afb88f319 100644
--- a/drivers/md/persistent-data/dm-btree.c
+++ b/drivers/md/persistent-data/dm-btree.c
@@ -83,14 +83,16 @@ void inc_children(struct dm_transaction_manager *tm, struct btree_node *n,
}
static int insert_at(size_t value_size, struct btree_node *node, unsigned index,
- uint64_t key, void *value)
- __dm_written_to_disk(value)
+ uint64_t key, void *value)
+ __dm_written_to_disk(value)
{
uint32_t nr_entries = le32_to_cpu(node->header.nr_entries);
+ uint32_t max_entries = le32_to_cpu(node->header.max_entries);
__le64 key_le = cpu_to_le64(key);
if (index > nr_entries ||
- index >= le32_to_cpu(node->header.max_entries)) {
+ index >= max_entries ||
+ nr_entries >= max_entries) {
DMERR("too many entries in btree node for insert");
__dm_unbless_for_disk(value);
return -ENOMEM;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 216/320] dm space map common: add bounds check to sm_ll_lookup_bitmap()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 215/320] dm btree: add a defensive bounds check to insert_at() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 217/320] net: phy: marvell: configure RGMII delays for 88E1118 Greg Kroah-Hartman
` (108 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Thornber, Mike Snitzer, Sasha Levin
From: Joe Thornber <ejt@redhat.com>
[ Upstream commit cba23ac158db7f3cd48a923d6861bee2eb7a2978 ]
Corrupted metadata could warrant returning error from sm_ll_lookup_bitmap().
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/persistent-data/dm-space-map-common.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/md/persistent-data/dm-space-map-common.c b/drivers/md/persistent-data/dm-space-map-common.c
index a213bf11738fb..85853ab629717 100644
--- a/drivers/md/persistent-data/dm-space-map-common.c
+++ b/drivers/md/persistent-data/dm-space-map-common.c
@@ -281,6 +281,11 @@ int sm_ll_lookup_bitmap(struct ll_disk *ll, dm_block_t b, uint32_t *result)
struct disk_index_entry ie_disk;
struct dm_block *blk;
+ if (b >= ll->nr_blocks) {
+ DMERR_LIMIT("metadata block out of bounds");
+ return -EINVAL;
+ }
+
b = do_div(index, ll->entries_per_block);
r = ll->load_ie(ll, index, &ie_disk);
if (r < 0)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 217/320] net: phy: marvell: configure RGMII delays for 88E1118
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 216/320] dm space map common: add bounds check to sm_ll_lookup_bitmap() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 218/320] net: gemini: allow any RGMII interface mode Greg Kroah-Hartman
` (107 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Russell King (Oracle),
Andrew Lunn, Jakub Kicinski, Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit f22725c95ececb703c3f741e8f946d23705630b7 ]
Corentin Labbe reports that the SSI 1328 does not work when allowing
the PHY to operate at gigabit speeds, but does work with the generic
PHY driver.
This appears to be because m88e1118_config_init() writes a fixed value
to the MSCR register, claiming that this is to enable 1G speeds.
However, this always sets bits 4 and 5, enabling RGMII transmit and
receive delays. The suspicion is that the original board this was
added for required the delays to make 1G speeds work.
Add the necessary configuration for RGMII delays for the 88E1118 to
bring this into line with the requirements for RGMII support, and thus
make the SSI 1328 work.
Corentin Labbe has tested this on gemini-ssi1328 and gemini-ns2502.
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/marvell.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/phy/marvell.c b/drivers/net/phy/marvell.c
index 9dbe625ad4477..a69317e944229 100644
--- a/drivers/net/phy/marvell.c
+++ b/drivers/net/phy/marvell.c
@@ -917,6 +917,12 @@ static int m88e1118_config_init(struct phy_device *phydev)
if (err < 0)
return err;
+ if (phy_interface_is_rgmii(phydev)) {
+ err = m88e1121_config_aneg_rgmii_delays(phydev);
+ if (err < 0)
+ return err;
+ }
+
/* Adjust LED Control */
if (phydev->dev_flags & MARVELL_PHY_M1118_DNS323_LEDS)
err = phy_write(phydev, 0x10, 0x1100);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 218/320] net: gemini: allow any RGMII interface mode
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 217/320] net: phy: marvell: configure RGMII delays for 88E1118 Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 219/320] regulator: qcom_smd: Align probe function with rpmh-regulator Greg Kroah-Hartman
` (106 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King (Oracle),
Linus Walleij, Corentin Labbe, Jakub Kicinski, Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit 4e4f325a0a55907b14f579e6b1a38c53755e3de2 ]
The four RGMII interface modes take care of the required RGMII delay
configuration at the PHY and should not be limited by the network MAC
driver. Sadly, gemini was only permitting RGMII mode with no delays,
which would require the required delay to be inserted via PCB tracking
or by the MAC.
However, there are designs that require the PHY to add the delay, which
is impossible without Gemini permitting the other three PHY interface
modes. Fix the driver to allow these.
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Link: https://lore.kernel.org/r/E1n4mpT-002PLd-Ha@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/cortina/gemini.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c
index c9fb1ec625d8b..a8a8b77c1611e 100644
--- a/drivers/net/ethernet/cortina/gemini.c
+++ b/drivers/net/ethernet/cortina/gemini.c
@@ -304,21 +304,21 @@ static void gmac_speed_set(struct net_device *netdev)
switch (phydev->speed) {
case 1000:
status.bits.speed = GMAC_SPEED_1000;
- if (phydev->interface == PHY_INTERFACE_MODE_RGMII)
+ if (phy_interface_mode_is_rgmii(phydev->interface))
status.bits.mii_rmii = GMAC_PHY_RGMII_1000;
netdev_dbg(netdev, "connect %s to RGMII @ 1Gbit\n",
phydev_name(phydev));
break;
case 100:
status.bits.speed = GMAC_SPEED_100;
- if (phydev->interface == PHY_INTERFACE_MODE_RGMII)
+ if (phy_interface_mode_is_rgmii(phydev->interface))
status.bits.mii_rmii = GMAC_PHY_RGMII_100_10;
netdev_dbg(netdev, "connect %s to RGMII @ 100 Mbit\n",
phydev_name(phydev));
break;
case 10:
status.bits.speed = GMAC_SPEED_10;
- if (phydev->interface == PHY_INTERFACE_MODE_RGMII)
+ if (phy_interface_mode_is_rgmii(phydev->interface))
status.bits.mii_rmii = GMAC_PHY_RGMII_100_10;
netdev_dbg(netdev, "connect %s to RGMII @ 10 Mbit\n",
phydev_name(phydev));
@@ -388,6 +388,9 @@ static int gmac_setup_phy(struct net_device *netdev)
status.bits.mii_rmii = GMAC_PHY_GMII;
break;
case PHY_INTERFACE_MODE_RGMII:
+ case PHY_INTERFACE_MODE_RGMII_ID:
+ case PHY_INTERFACE_MODE_RGMII_TXID:
+ case PHY_INTERFACE_MODE_RGMII_RXID:
netdev_dbg(netdev,
"RGMII: set GMAC0 and GMAC1 to MII/RGMII mode\n");
status.bits.mii_rmii = GMAC_PHY_RGMII_100_10;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 219/320] regulator: qcom_smd: Align probe function with rpmh-regulator
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 218/320] net: gemini: allow any RGMII interface mode Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 220/320] serial: pl010: Drop CR register reset on set_termios Greg Kroah-Hartman
` (105 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konrad Dybcio, Mark Brown, Sasha Levin
From: Konrad Dybcio <konrad.dybcio@somainline.org>
[ Upstream commit 14e2976fbabdacb01335d7f91eeebbc89c67ddb1 ]
The RPMh regulator driver is much newer and gets more attention, which in
consequence makes it do a few things better. Update qcom_smd-regulator's
probe function to mimic what rpmh-regulator does to address a couple of
issues:
- Probe defer now works correctly, before it used to, well,
kinda just die.. This fixes reliable probing on (at least) PM8994,
because Linux apparently cannot deal with supply map dependencies yet..
- Regulator data is now matched more sanely: regulator data is matched
against each individual regulator node name and throwing an -EINVAL if
data is missing, instead of just assuming everything is fine and
iterating over all subsequent array members.
- status = "disabled" will now work for disabling individual regulators in
DT. Previously it didn't seem to do much if anything at all.
Signed-off-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Link: https://lore.kernel.org/r/20211230023442.1123424-1-konrad.dybcio@somainline.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/qcom_smd-regulator.c | 100 +++++++++++++++++--------
1 file changed, 70 insertions(+), 30 deletions(-)
diff --git a/drivers/regulator/qcom_smd-regulator.c b/drivers/regulator/qcom_smd-regulator.c
index 3b0828c79e2b5..e6601c28ab431 100644
--- a/drivers/regulator/qcom_smd-regulator.c
+++ b/drivers/regulator/qcom_smd-regulator.c
@@ -9,6 +9,7 @@
#include <linux/of_device.h>
#include <linux/platform_device.h>
#include <linux/regulator/driver.h>
+#include <linux/regulator/of_regulator.h>
#include <linux/soc/qcom/smd-rpm.h>
struct qcom_rpm_reg {
@@ -776,52 +777,91 @@ static const struct of_device_id rpm_of_match[] = {
};
MODULE_DEVICE_TABLE(of, rpm_of_match);
-static int rpm_reg_probe(struct platform_device *pdev)
+/**
+ * rpm_regulator_init_vreg() - initialize all attributes of a qcom_smd-regulator
+ * @vreg: Pointer to the individual qcom_smd-regulator resource
+ * @dev: Pointer to the top level qcom_smd-regulator PMIC device
+ * @node: Pointer to the individual qcom_smd-regulator resource
+ * device node
+ * @rpm: Pointer to the rpm bus node
+ * @pmic_rpm_data: Pointer to a null-terminated array of qcom_smd-regulator
+ * resources defined for the top level PMIC device
+ *
+ * Return: 0 on success, errno on failure
+ */
+static int rpm_regulator_init_vreg(struct qcom_rpm_reg *vreg, struct device *dev,
+ struct device_node *node, struct qcom_smd_rpm *rpm,
+ const struct rpm_regulator_data *pmic_rpm_data)
{
- const struct rpm_regulator_data *reg;
- const struct of_device_id *match;
- struct regulator_config config = { };
+ struct regulator_config config = {};
+ const struct rpm_regulator_data *rpm_data;
struct regulator_dev *rdev;
+ int ret;
+
+ for (rpm_data = pmic_rpm_data; rpm_data->name; rpm_data++)
+ if (of_node_name_eq(node, rpm_data->name))
+ break;
+
+ if (!rpm_data->name) {
+ dev_err(dev, "Unknown regulator %pOFn\n", node);
+ return -EINVAL;
+ }
+
+ vreg->dev = dev;
+ vreg->rpm = rpm;
+ vreg->type = rpm_data->type;
+ vreg->id = rpm_data->id;
+
+ memcpy(&vreg->desc, rpm_data->desc, sizeof(vreg->desc));
+ vreg->desc.name = rpm_data->name;
+ vreg->desc.supply_name = rpm_data->supply;
+ vreg->desc.owner = THIS_MODULE;
+ vreg->desc.type = REGULATOR_VOLTAGE;
+ vreg->desc.of_match = rpm_data->name;
+
+ config.dev = dev;
+ config.of_node = node;
+ config.driver_data = vreg;
+
+ rdev = devm_regulator_register(dev, &vreg->desc, &config);
+ if (IS_ERR(rdev)) {
+ ret = PTR_ERR(rdev);
+ dev_err(dev, "%pOFn: devm_regulator_register() failed, ret=%d\n", node, ret);
+ return ret;
+ }
+
+ return 0;
+}
+
+static int rpm_reg_probe(struct platform_device *pdev)
+{
+ struct device *dev = &pdev->dev;
+ const struct rpm_regulator_data *vreg_data;
+ struct device_node *node;
struct qcom_rpm_reg *vreg;
struct qcom_smd_rpm *rpm;
+ int ret;
rpm = dev_get_drvdata(pdev->dev.parent);
if (!rpm) {
- dev_err(&pdev->dev, "unable to retrieve handle to rpm\n");
+ dev_err(&pdev->dev, "Unable to retrieve handle to rpm\n");
return -ENODEV;
}
- match = of_match_device(rpm_of_match, &pdev->dev);
- if (!match) {
- dev_err(&pdev->dev, "failed to match device\n");
+ vreg_data = of_device_get_match_data(dev);
+ if (!vreg_data)
return -ENODEV;
- }
- for (reg = match->data; reg->name; reg++) {
+ for_each_available_child_of_node(dev->of_node, node) {
vreg = devm_kzalloc(&pdev->dev, sizeof(*vreg), GFP_KERNEL);
if (!vreg)
return -ENOMEM;
- vreg->dev = &pdev->dev;
- vreg->type = reg->type;
- vreg->id = reg->id;
- vreg->rpm = rpm;
-
- memcpy(&vreg->desc, reg->desc, sizeof(vreg->desc));
-
- vreg->desc.id = -1;
- vreg->desc.owner = THIS_MODULE;
- vreg->desc.type = REGULATOR_VOLTAGE;
- vreg->desc.name = reg->name;
- vreg->desc.supply_name = reg->supply;
- vreg->desc.of_match = reg->name;
-
- config.dev = &pdev->dev;
- config.driver_data = vreg;
- rdev = devm_regulator_register(&pdev->dev, &vreg->desc, &config);
- if (IS_ERR(rdev)) {
- dev_err(&pdev->dev, "failed to register %s\n", reg->name);
- return PTR_ERR(rdev);
+ ret = rpm_regulator_init_vreg(vreg, dev, node, rpm, vreg_data);
+
+ if (ret < 0) {
+ of_node_put(node);
+ return ret;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 220/320] serial: pl010: Drop CR register reset on set_termios
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 219/320] regulator: qcom_smd: Align probe function with rpmh-regulator Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 221/320] serial: core: Keep mctrl register state and cached copy in sync Greg Kroah-Hartman
` (104 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Russell King, Lukas Wunner, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 08a0c6dff91c965e39905cf200d22db989203ccb ]
pl010_set_termios() briefly resets the CR register to zero.
Where does this register write come from?
The PL010 driver's IRQ handler ambauart_int() originally modified the CR
register without holding the port spinlock. ambauart_set_termios() also
modified that register. To prevent concurrent read-modify-writes by the
IRQ handler and to prevent transmission while changing baudrate,
ambauart_set_termios() had to disable interrupts. That is achieved by
writing zero to the CR register.
However in 2004 the PL010 driver was amended to acquire the port
spinlock in the IRQ handler, obviating the need to disable interrupts in
->set_termios():
https://git.kernel.org/history/history/c/157c0342e591
That rendered the CR register write obsolete. Drop it.
Cc: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/fcaff16e5b1abb4cc3da5a2879ac13f278b99ed0.1641128728.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/amba-pl010.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/tty/serial/amba-pl010.c b/drivers/tty/serial/amba-pl010.c
index 2c37d11726aba..13f882e5e7b76 100644
--- a/drivers/tty/serial/amba-pl010.c
+++ b/drivers/tty/serial/amba-pl010.c
@@ -452,14 +452,11 @@ pl010_set_termios(struct uart_port *port, struct ktermios *termios,
if ((termios->c_cflag & CREAD) == 0)
uap->port.ignore_status_mask |= UART_DUMMY_RSR_RX;
- /* first, disable everything */
old_cr = readb(uap->port.membase + UART010_CR) & ~UART010_CR_MSIE;
if (UART_ENABLE_MS(port, termios->c_cflag))
old_cr |= UART010_CR_MSIE;
- writel(0, uap->port.membase + UART010_CR);
-
/* Set baud rate */
quot -= 1;
writel((quot & 0xf00) >> 8, uap->port.membase + UART010_LCRM);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 221/320] serial: core: Keep mctrl register state and cached copy in sync
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 220/320] serial: pl010: Drop CR register reset on set_termios Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 222/320] random: do not throw away excess input to crng_fast_load Greg Kroah-Hartman
` (103 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lukas Wunner, Sasha Levin
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit 93a770b7e16772530196674ffc79bb13fa927dc6 ]
struct uart_port contains a cached copy of the Modem Control signals.
It is used to skip register writes in uart_update_mctrl() if the new
signal state equals the old signal state. It also avoids a register
read to obtain the current state of output signals.
When a uart_port is registered, uart_configure_port() changes signal
state but neglects to keep the cached copy in sync. That may cause
a subsequent register write to be incorrectly skipped. Fix it before
it trips somebody up.
This behavior has been present ever since the serial core was introduced
in 2002:
https://git.kernel.org/history/history/c/33c0d1b0c3eb
So far it was never an issue because the cached copy is initialized to 0
by kzalloc() and when uart_configure_port() is executed, at most DTR has
been set by uart_set_options() or sunsu_console_setup(). Therefore,
a stable designation seems unnecessary.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/bceeaba030b028ed810272d55d5fc6f3656ddddb.1641129752.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index aad640b9e3f4b..c8a047ba76ebe 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -2395,7 +2395,8 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state,
* We probably don't need a spinlock around this, but
*/
spin_lock_irqsave(&port->lock, flags);
- port->ops->set_mctrl(port, port->mctrl & TIOCM_DTR);
+ port->mctrl &= TIOCM_DTR;
+ port->ops->set_mctrl(port, port->mctrl);
spin_unlock_irqrestore(&port->lock, flags);
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 222/320] random: do not throw away excess input to crng_fast_load
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 221/320] serial: core: Keep mctrl register state and cached copy in sync Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 223/320] parisc: Avoid calling faulthandler_disabled() twice Greg Kroah-Hartman
` (102 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dominik Brodowski,
Jason A. Donenfeld, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 73c7733f122e8d0107f88655a12011f68f69e74b ]
When crng_fast_load() is called by add_hwgenerator_randomness(), we
currently will advance to crng_init==1 once we've acquired 64 bytes, and
then throw away the rest of the buffer. Usually, that is not a problem:
When add_hwgenerator_randomness() gets called via EFI or DT during
setup_arch(), there won't be any IRQ randomness. Therefore, the 64 bytes
passed by EFI exactly matches what is needed to advance to crng_init==1.
Usually, DT seems to pass 64 bytes as well -- with one notable exception
being kexec, which hands over 128 bytes of entropy to the kexec'd kernel.
In that case, we'll advance to crng_init==1 once 64 of those bytes are
consumed by crng_fast_load(), but won't continue onward feeding in bytes
to progress to crng_init==2. This commit fixes the issue by feeding
any leftover bytes into the next phase in add_hwgenerator_randomness().
[linux@dominikbrodowski.net: rewrite commit message]
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/random.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 60b39af1279a4..19bfbaf135989 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -975,12 +975,14 @@ static struct crng_state *select_crng(void)
/*
* crng_fast_load() can be called by code in the interrupt service
- * path. So we can't afford to dilly-dally.
+ * path. So we can't afford to dilly-dally. Returns the number of
+ * bytes processed from cp.
*/
-static int crng_fast_load(const char *cp, size_t len)
+static size_t crng_fast_load(const char *cp, size_t len)
{
unsigned long flags;
char *p;
+ size_t ret = 0;
if (!spin_trylock_irqsave(&primary_crng.lock, flags))
return 0;
@@ -991,7 +993,7 @@ static int crng_fast_load(const char *cp, size_t len)
p = (unsigned char *) &primary_crng.state[4];
while (len > 0 && crng_init_cnt < CRNG_INIT_CNT_THRESH) {
p[crng_init_cnt % CHACHA_KEY_SIZE] ^= *cp;
- cp++; crng_init_cnt++; len--;
+ cp++; crng_init_cnt++; len--; ret++;
}
spin_unlock_irqrestore(&primary_crng.lock, flags);
if (crng_init_cnt >= CRNG_INIT_CNT_THRESH) {
@@ -1000,7 +1002,7 @@ static int crng_fast_load(const char *cp, size_t len)
wake_up_interruptible(&crng_init_wait);
pr_notice("random: fast init done\n");
}
- return 1;
+ return ret;
}
/*
@@ -1353,7 +1355,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
if (unlikely(crng_init == 0)) {
if ((fast_pool->count >= 64) &&
crng_fast_load((char *) fast_pool->pool,
- sizeof(fast_pool->pool))) {
+ sizeof(fast_pool->pool)) > 0) {
fast_pool->count = 0;
fast_pool->last = now;
}
@@ -2501,8 +2503,11 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
struct entropy_store *poolp = &input_pool;
if (unlikely(crng_init == 0)) {
- crng_fast_load(buffer, count);
- return;
+ size_t ret = crng_fast_load(buffer, count);
+ count -= ret;
+ buffer += ret;
+ if (!count || crng_init == 0)
+ return;
}
/* Suspend writing if we're above the trickle threshold.
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 223/320] parisc: Avoid calling faulthandler_disabled() twice
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 222/320] random: do not throw away excess input to crng_fast_load Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 224/320] powerpc/6xx: add missing of_node_put Greg Kroah-Hartman
` (101 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John David Anglin, Helge Deller, Sasha Levin
From: John David Anglin <dave.anglin@bell.net>
[ Upstream commit 9e9d4b460f23bab61672eae397417d03917d116c ]
In handle_interruption(), we call faulthandler_disabled() to check whether the
fault handler is not disabled. If the fault handler is disabled, we immediately
call do_page_fault(). It then calls faulthandler_disabled(). If disabled,
do_page_fault() attempts to fixup the exception by jumping to no_context:
no_context:
if (!user_mode(regs) && fixup_exception(regs)) {
return;
}
parisc_terminate("Bad Address (null pointer deref?)", regs, code, address);
Apart from the error messages, the two blocks of code perform the same
function.
We can avoid two calls to faulthandler_disabled() by a simple revision
to the code in handle_interruption().
Note: I didn't try to fix the formatting of this code block.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/kernel/traps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
index 82fc011894889..2a1060d747a5d 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
@@ -783,7 +783,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
* unless pagefault_disable() was called before.
*/
- if (fault_space == 0 && !faulthandler_disabled())
+ if (faulthandler_disabled() || fault_space == 0)
{
/* Clean up and return if in exception table. */
if (fixup_exception(regs))
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 224/320] powerpc/6xx: add missing of_node_put
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 223/320] parisc: Avoid calling faulthandler_disabled() twice Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 225/320] powerpc/powernv: " Greg Kroah-Hartman
` (100 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julia Lawall, Michael Ellerman, Sasha Levin
From: Julia Lawall <Julia.Lawall@lip6.fr>
[ Upstream commit f6e82647ff71d427d4148964b71f239fba9d7937 ]
for_each_compatible_node performs an of_node_get on each iteration, so
a break out of the loop requires an of_node_put.
A simplified version of the semantic patch that fixes this problem is as
follows (http://coccinelle.lip6.fr):
// <smpl>
@@
expression e;
local idexpression n;
@@
@@
local idexpression n;
expression e;
@@
for_each_compatible_node(n,...) {
...
(
of_node_put(n);
|
e = n
|
+ of_node_put(n);
? break;
)
...
}
... when != n
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1448051604-25256-2-git-send-email-Julia.Lawall@lip6.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c
index a1b7f79a8a152..de10c13de15c6 100644
--- a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c
+++ b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c
@@ -215,6 +215,7 @@ void hlwd_pic_probe(void)
irq_set_chained_handler(cascade_virq,
hlwd_pic_irq_cascade);
hlwd_irq_host = host;
+ of_node_put(np);
break;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 225/320] powerpc/powernv: add missing of_node_put
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 224/320] powerpc/6xx: add missing of_node_put Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 226/320] powerpc/cell: " Greg Kroah-Hartman
` (99 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julia Lawall, Michael Ellerman, Sasha Levin
From: Julia Lawall <Julia.Lawall@lip6.fr>
[ Upstream commit 7d405a939ca960162eb30c1475759cb2fdf38f8c ]
for_each_compatible_node performs an of_node_get on each iteration, so
a break out of the loop requires an of_node_put.
A simplified version of the semantic patch that fixes this problem is as
follows (http://coccinelle.lip6.fr):
// <smpl>
@@
local idexpression n;
expression e;
@@
for_each_compatible_node(n,...) {
...
(
of_node_put(n);
|
e = n
|
+ of_node_put(n);
? break;
)
...
}
... when != n
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1448051604-25256-4-git-send-email-Julia.Lawall@lip6.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/opal-lpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/powernv/opal-lpc.c b/arch/powerpc/platforms/powernv/opal-lpc.c
index 608569082ba0b..123a0e799b7bd 100644
--- a/arch/powerpc/platforms/powernv/opal-lpc.c
+++ b/arch/powerpc/platforms/powernv/opal-lpc.c
@@ -396,6 +396,7 @@ void __init opal_lpc_init(void)
if (!of_get_property(np, "primary", NULL))
continue;
opal_lpc_chip_id = of_get_ibm_chip_id(np);
+ of_node_put(np);
break;
}
if (opal_lpc_chip_id < 0)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 226/320] powerpc/cell: add missing of_node_put
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 225/320] powerpc/powernv: " Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 227/320] powerpc/btext: " Greg Kroah-Hartman
` (98 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julia Lawall, Michael Ellerman, Sasha Levin
From: Julia Lawall <Julia.Lawall@lip6.fr>
[ Upstream commit a841fd009e51c8c0a8f07c942e9ab6bb48da8858 ]
for_each_node_by_name performs an of_node_get on each iteration, so
a break out of the loop requires an of_node_put.
A simplified version of the semantic patch that fixes this problem is as
follows (http://coccinelle.lip6.fr):
// <smpl>
@@
expression e,e1;
local idexpression n;
@@
for_each_node_by_name(n, e1) {
... when != of_node_put(n)
when != e = n
(
return n;
|
+ of_node_put(n);
? return ...;
)
...
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1448051604-25256-7-git-send-email-Julia.Lawall@lip6.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/cell/iommu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/cell/iommu.c b/arch/powerpc/platforms/cell/iommu.c
index ca9ffc1c8685d..a6a60e2b8f453 100644
--- a/arch/powerpc/platforms/cell/iommu.c
+++ b/arch/powerpc/platforms/cell/iommu.c
@@ -976,6 +976,7 @@ static int __init cell_iommu_fixed_mapping_init(void)
if (hbase < dbase || (hend > (dbase + dsize))) {
pr_debug("iommu: hash window doesn't fit in"
"real DMA window\n");
+ of_node_put(np);
return -1;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 227/320] powerpc/btext: add missing of_node_put
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 226/320] powerpc/cell: " Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 228/320] powerpc/watchdog: Fix missed watchdog reset due to memory ordering race Greg Kroah-Hartman
` (97 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Julia Lawall, Michael Ellerman, Sasha Levin
From: Julia Lawall <Julia.Lawall@lip6.fr>
[ Upstream commit a1d2b210ffa52d60acabbf7b6af3ef7e1e69cda0 ]
for_each_node_by_type performs an of_node_get on each iteration, so
a break out of the loop requires an of_node_put.
A simplified version of the semantic patch that fixes this problem is as
follows (http://coccinelle.lip6.fr):
// <smpl>
@@
local idexpression n;
expression e;
@@
for_each_node_by_type(n,...) {
...
(
of_node_put(n);
|
e = n
|
+ of_node_put(n);
? break;
)
...
}
... when != n
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1448051604-25256-6-git-send-email-Julia.Lawall@lip6.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/btext.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/btext.c b/arch/powerpc/kernel/btext.c
index 6dfceaa820e42..b0e0b3cd91eec 100644
--- a/arch/powerpc/kernel/btext.c
+++ b/arch/powerpc/kernel/btext.c
@@ -250,8 +250,10 @@ int __init btext_find_display(int allow_nonstdout)
rc = btext_initialize(np);
printk("result: %d\n", rc);
}
- if (rc == 0)
+ if (rc == 0) {
+ of_node_put(np);
break;
+ }
}
return rc;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 228/320] powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 227/320] powerpc/btext: " Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 229/320] i2c: i801: Dont silently correct invalid transfer size Greg Kroah-Hartman
` (96 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicholas Piggin, Laurent Dufour,
Michael Ellerman, Sasha Levin
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 5dad4ba68a2483fc80d70b9dc90bbe16e1f27263 ]
It is possible for all CPUs to miss the pending cpumask becoming clear,
and then nobody resetting it, which will cause the lockup detector to
stop working. It will eventually expire, but watchdog_smp_panic will
avoid doing anything if the pending mask is clear and it will never be
reset.
Order the cpumask clear vs the subsequent test to close this race.
Add an extra check for an empty pending mask when the watchdog fires and
finds its bit still clear, to try to catch any other possible races or
bugs here and keep the watchdog working. The extra test in
arch_touch_nmi_watchdog is required to prevent the new warning from
firing off.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Laurent Dufour <ldufour@linux.ibm.com>
Debugged-by: Laurent Dufour <ldufour@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211110025056.2084347-2-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/watchdog.c | 41 +++++++++++++++++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/watchdog.c b/arch/powerpc/kernel/watchdog.c
index af3c15a1d41eb..75b2a6c4db5a5 100644
--- a/arch/powerpc/kernel/watchdog.c
+++ b/arch/powerpc/kernel/watchdog.c
@@ -132,6 +132,10 @@ static void set_cpumask_stuck(const struct cpumask *cpumask, u64 tb)
{
cpumask_or(&wd_smp_cpus_stuck, &wd_smp_cpus_stuck, cpumask);
cpumask_andnot(&wd_smp_cpus_pending, &wd_smp_cpus_pending, cpumask);
+ /*
+ * See wd_smp_clear_cpu_pending()
+ */
+ smp_mb();
if (cpumask_empty(&wd_smp_cpus_pending)) {
wd_smp_last_reset_tb = tb;
cpumask_andnot(&wd_smp_cpus_pending,
@@ -217,13 +221,44 @@ static void wd_smp_clear_cpu_pending(int cpu, u64 tb)
cpumask_clear_cpu(cpu, &wd_smp_cpus_stuck);
wd_smp_unlock(&flags);
+ } else {
+ /*
+ * The last CPU to clear pending should have reset the
+ * watchdog so we generally should not find it empty
+ * here if our CPU was clear. However it could happen
+ * due to a rare race with another CPU taking the
+ * last CPU out of the mask concurrently.
+ *
+ * We can't add a warning for it. But just in case
+ * there is a problem with the watchdog that is causing
+ * the mask to not be reset, try to kick it along here.
+ */
+ if (unlikely(cpumask_empty(&wd_smp_cpus_pending)))
+ goto none_pending;
}
return;
}
+
cpumask_clear_cpu(cpu, &wd_smp_cpus_pending);
+
+ /*
+ * Order the store to clear pending with the load(s) to check all
+ * words in the pending mask to check they are all empty. This orders
+ * with the same barrier on another CPU. This prevents two CPUs
+ * clearing the last 2 pending bits, but neither seeing the other's
+ * store when checking if the mask is empty, and missing an empty
+ * mask, which ends with a false positive.
+ */
+ smp_mb();
if (cpumask_empty(&wd_smp_cpus_pending)) {
unsigned long flags;
+none_pending:
+ /*
+ * Double check under lock because more than one CPU could see
+ * a clear mask with the lockless check after clearing their
+ * pending bits.
+ */
wd_smp_lock(&flags);
if (cpumask_empty(&wd_smp_cpus_pending)) {
wd_smp_last_reset_tb = tb;
@@ -314,8 +349,12 @@ void arch_touch_nmi_watchdog(void)
{
unsigned long ticks = tb_ticks_per_usec * wd_timer_period_ms * 1000;
int cpu = smp_processor_id();
- u64 tb = get_tb();
+ u64 tb;
+ if (!cpumask_test_cpu(cpu, &watchdog_cpumask))
+ return;
+
+ tb = get_tb();
if (tb - per_cpu(wd_timer_tb, cpu) >= ticks) {
per_cpu(wd_timer_tb, cpu) = tb;
wd_smp_clear_cpu_pending(cpu, tb);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 229/320] i2c: i801: Dont silently correct invalid transfer size
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 228/320] powerpc/watchdog: Fix missed watchdog reset due to memory ordering race Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 230/320] powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING Greg Kroah-Hartman
` (95 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, Jean Delvare,
Wolfram Sang, Sasha Levin
From: Heiner Kallweit <hkallweit1@gmail.com>
[ Upstream commit effa453168a7eeb8a562ff4edc1dbf9067360a61 ]
If an invalid block size is provided, reject it instead of silently
changing it to a supported value. Especially critical I see the case of
a write transfer with block length 0. In this case we have no guarantee
that the byte we would write is valid. When silently reducing a read to
32 bytes then we don't return an error and the caller may falsely
assume that we returned the full requested data.
If this change should break any (broken) caller, then I think we should
fix the caller.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-i801.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c
index a959062ded4f8..4e6d0b722ddcd 100644
--- a/drivers/i2c/busses/i2c-i801.c
+++ b/drivers/i2c/busses/i2c-i801.c
@@ -785,6 +785,11 @@ static int i801_block_transaction(struct i801_priv *priv,
int result = 0;
unsigned char hostc;
+ if (read_write == I2C_SMBUS_READ && command == I2C_SMBUS_BLOCK_DATA)
+ data->block[0] = I2C_SMBUS_BLOCK_MAX;
+ else if (data->block[0] < 1 || data->block[0] > I2C_SMBUS_BLOCK_MAX)
+ return -EPROTO;
+
if (command == I2C_SMBUS_I2C_BLOCK_DATA) {
if (read_write == I2C_SMBUS_WRITE) {
/* set I2C_EN bit in configuration register */
@@ -798,16 +803,6 @@ static int i801_block_transaction(struct i801_priv *priv,
}
}
- if (read_write == I2C_SMBUS_WRITE
- || command == I2C_SMBUS_I2C_BLOCK_DATA) {
- if (data->block[0] < 1)
- data->block[0] = 1;
- if (data->block[0] > I2C_SMBUS_BLOCK_MAX)
- data->block[0] = I2C_SMBUS_BLOCK_MAX;
- } else {
- data->block[0] = 32; /* max for SMBus block reads */
- }
-
/* Experience has shown that the block buffer can only be used for
SMBus (not I2C) block transactions, even though the datasheet
doesn't mention this limitation. */
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 230/320] powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 229/320] i2c: i801: Dont silently correct invalid transfer size Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 231/320] i2c: mpc: Correct I2C reset procedure Greg Kroah-Hartman
` (94 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit a4ac0d249a5db80e79d573db9e4ad29354b643a8 ]
setup_profiling_timer() is only needed when CONFIG_PROFILING is enabled.
Fixes the following W=1 warning when CONFIG_PROFILING=n:
linux/arch/powerpc/kernel/smp.c:1638:5: error: no previous prototype for ‘setup_profiling_timer’
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211124093254.1054750-5-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/smp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c
index c06cac543f188..82dff003a7fd6 100644
--- a/arch/powerpc/kernel/smp.c
+++ b/arch/powerpc/kernel/smp.c
@@ -1296,10 +1296,12 @@ void start_secondary(void *unused)
BUG();
}
+#ifdef CONFIG_PROFILING
int setup_profiling_timer(unsigned int multiplier)
{
return 0;
}
+#endif
#ifdef CONFIG_SCHED_SMT
/* cpumask of CPUs with asymetric SMT dependancy */
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 231/320] i2c: mpc: Correct I2C reset procedure
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 230/320] powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 232/320] clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB Greg Kroah-Hartman
` (93 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joakim Tjernlund, Scott Wood,
Wolfram Sang, Sasha Levin
From: Joakim Tjernlund <joakim.tjernlund@infinera.com>
[ Upstream commit ebe82cf92cd4825c3029434cabfcd2f1780e64be ]
Current I2C reset procedure is broken in two ways:
1) It only generate 1 START instead of 9 STARTs and STOP.
2) It leaves the bus Busy so every I2C xfer after the first
fixup calls the reset routine again, for every xfer there after.
This fixes both errors.
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Acked-by: Scott Wood <oss@buserror.net>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-mpc.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/drivers/i2c/busses/i2c-mpc.c b/drivers/i2c/busses/i2c-mpc.c
index af349661fd769..8de8296d25831 100644
--- a/drivers/i2c/busses/i2c-mpc.c
+++ b/drivers/i2c/busses/i2c-mpc.c
@@ -105,23 +105,30 @@ static irqreturn_t mpc_i2c_isr(int irq, void *dev_id)
/* Sometimes 9th clock pulse isn't generated, and slave doesn't release
* the bus, because it wants to send ACK.
* Following sequence of enabling/disabling and sending start/stop generates
- * the 9 pulses, so it's all OK.
+ * the 9 pulses, each with a START then ending with STOP, so it's all OK.
*/
static void mpc_i2c_fixup(struct mpc_i2c *i2c)
{
int k;
- u32 delay_val = 1000000 / i2c->real_clk + 1;
-
- if (delay_val < 2)
- delay_val = 2;
+ unsigned long flags;
for (k = 9; k; k--) {
writeccr(i2c, 0);
- writeccr(i2c, CCR_MSTA | CCR_MTX | CCR_MEN);
+ writeb(0, i2c->base + MPC_I2C_SR); /* clear any status bits */
+ writeccr(i2c, CCR_MEN | CCR_MSTA); /* START */
+ readb(i2c->base + MPC_I2C_DR); /* init xfer */
+ udelay(15); /* let it hit the bus */
+ local_irq_save(flags); /* should not be delayed further */
+ writeccr(i2c, CCR_MEN | CCR_MSTA | CCR_RSTA); /* delay SDA */
readb(i2c->base + MPC_I2C_DR);
- writeccr(i2c, CCR_MEN);
- udelay(delay_val << 1);
+ if (k != 1)
+ udelay(5);
+ local_irq_restore(flags);
}
+ writeccr(i2c, CCR_MEN); /* Initiate STOP */
+ readb(i2c->base + MPC_I2C_DR);
+ udelay(15); /* Let STOP propagate */
+ writeccr(i2c, 0);
}
static int i2c_wait(struct mpc_i2c *i2c, unsigned timeout, int writing)
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 232/320] clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 231/320] i2c: mpc: Correct I2C reset procedure Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 233/320] powerpc/powermac: Add missing lockdep_register_key() Greg Kroah-Hartman
` (92 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Hewitt,
Martin Blumenstingl, Jerome Brunet, Sasha Levin
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit ff54938dd190d85f740b9bf9dde59b550936b621 ]
There are reports that 48kHz audio does not work on the WeTek Play 2
(which uses a GXBB SoC), while 44.1kHz audio works fine on the same
board. There are also reports of 48kHz audio working fine on GXL and
GXM SoCs, which are using an (almost) identical AIU (audio controller).
Experimenting has shown that MPLL0 is causing this problem. In the .dts
we have by default:
assigned-clocks = <&clkc CLKID_MPLL0>,
<&clkc CLKID_MPLL1>,
<&clkc CLKID_MPLL2>;
assigned-clock-rates = <294912000>,
<270950400>,
<393216000>;
The MPLL0 rate is divisible by 48kHz without remainder and the MPLL1
rate is divisible by 44.1kHz without remainder. Swapping these two clock
rates "fixes" 48kHz audio but breaks 44.1kHz audio.
Everything looks normal when looking at the info provided by the common
clock framework while playing 48kHz audio (via I2S with mclk-fs = 256):
mpll_prediv 1 1 0 2000000000
mpll0_div 1 1 0 294909641
mpll0 1 1 0 294909641
cts_amclk_sel 1 1 0 294909641
cts_amclk_div 1 1 0 12287902
cts_amclk 1 1 0 12287902
meson-clk-msr however shows that the actual MPLL0 clock is off by more
than 38MHz:
mp0_out 333322917 +/-10416Hz
The rate seen by meson-clk-msr is very close to what we would get when
SDM (the fractional part) was ignored:
(2000000000Hz * 16384) / ((16384 * 6) = 333.33MHz
If SDM was considered the we should get close to:
(2000000000Hz * 16384) / ((16384 * 6) + 12808) = 294.9MHz
Further experimenting shows that HHI_MPLL_CNTL7[15] does not have any
effect on the rate of MPLL0 as seen my meson-clk-msr (regardless of
whether that bit is zero or one the rate is always the same according to
meson-clk-msr). Using HHI_MPLL_CNTL[25] on the other hand as SDM_EN
results in SDM being considered for the rate output by the hardware. The
rate - as seen by meson-clk-msr - matches with what we expect when
SDM_EN is enabled (fractional part is being considered, resulting in a
294.9MHz output) or disable (fractional part being ignored, resulting in
a 333.33MHz output).
Reported-by: Christian Hewitt <christianshewitt@gmail.com>
Tested-by: Christian Hewitt <christianshewitt@gmail.com>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Link: https://lore.kernel.org/r/20211031135006.1508796-1-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/meson/gxbb.c | 44 +++++++++++++++++++++++++++++++++++++---
1 file changed, 41 insertions(+), 3 deletions(-)
diff --git a/drivers/clk/meson/gxbb.c b/drivers/clk/meson/gxbb.c
index 1f9c056e684ce..e8e36ec70b27f 100644
--- a/drivers/clk/meson/gxbb.c
+++ b/drivers/clk/meson/gxbb.c
@@ -712,6 +712,35 @@ static struct clk_regmap gxbb_mpll_prediv = {
};
static struct clk_regmap gxbb_mpll0_div = {
+ .data = &(struct meson_clk_mpll_data){
+ .sdm = {
+ .reg_off = HHI_MPLL_CNTL7,
+ .shift = 0,
+ .width = 14,
+ },
+ .sdm_en = {
+ .reg_off = HHI_MPLL_CNTL,
+ .shift = 25,
+ .width = 1,
+ },
+ .n2 = {
+ .reg_off = HHI_MPLL_CNTL7,
+ .shift = 16,
+ .width = 9,
+ },
+ .lock = &meson_clk_lock,
+ },
+ .hw.init = &(struct clk_init_data){
+ .name = "mpll0_div",
+ .ops = &meson_clk_mpll_ops,
+ .parent_hws = (const struct clk_hw *[]) {
+ &gxbb_mpll_prediv.hw
+ },
+ .num_parents = 1,
+ },
+};
+
+static struct clk_regmap gxl_mpll0_div = {
.data = &(struct meson_clk_mpll_data){
.sdm = {
.reg_off = HHI_MPLL_CNTL7,
@@ -748,7 +777,16 @@ static struct clk_regmap gxbb_mpll0 = {
.hw.init = &(struct clk_init_data){
.name = "mpll0",
.ops = &clk_regmap_gate_ops,
- .parent_hws = (const struct clk_hw *[]) { &gxbb_mpll0_div.hw },
+ .parent_data = &(const struct clk_parent_data) {
+ /*
+ * Note:
+ * GXL and GXBB have different SDM_EN registers. We
+ * fallback to the global naming string mechanism so
+ * mpll0_div picks up the appropriate one.
+ */
+ .name = "mpll0_div",
+ .index = -1,
+ },
.num_parents = 1,
.flags = CLK_SET_RATE_PARENT,
},
@@ -3036,7 +3074,7 @@ static struct clk_hw_onecell_data gxl_hw_onecell_data = {
[CLKID_VAPB_1] = &gxbb_vapb_1.hw,
[CLKID_VAPB_SEL] = &gxbb_vapb_sel.hw,
[CLKID_VAPB] = &gxbb_vapb.hw,
- [CLKID_MPLL0_DIV] = &gxbb_mpll0_div.hw,
+ [CLKID_MPLL0_DIV] = &gxl_mpll0_div.hw,
[CLKID_MPLL1_DIV] = &gxbb_mpll1_div.hw,
[CLKID_MPLL2_DIV] = &gxbb_mpll2_div.hw,
[CLKID_MPLL_PREDIV] = &gxbb_mpll_prediv.hw,
@@ -3430,7 +3468,7 @@ static struct clk_regmap *const gxl_clk_regmaps[] = {
&gxbb_mpll0,
&gxbb_mpll1,
&gxbb_mpll2,
- &gxbb_mpll0_div,
+ &gxl_mpll0_div,
&gxbb_mpll1_div,
&gxbb_mpll2_div,
&gxbb_cts_amclk_div,
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 233/320] powerpc/powermac: Add missing lockdep_register_key()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 232/320] clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 234/320] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Greg Kroah-Hartman
` (91 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erhard Furtner, Christophe Leroy,
Michael Ellerman, Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit df1f679d19edb9eeb67cc2f96b29375f21991945 ]
KeyWest i2c @0xf8001003 irq 42 /uni-n@f8000000/i2c@f8001000
BUG: key c2d00cbc has not been registered!
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 0 PID: 1 at kernel/locking/lockdep.c:4801 lockdep_init_map_type+0x4c0/0xb4c
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.5-gentoo-PowerMacG4 #9
NIP: c01a9428 LR: c01a9428 CTR: 00000000
REGS: e1033cf0 TRAP: 0700 Not tainted (5.15.5-gentoo-PowerMacG4)
MSR: 00029032 <EE,ME,IR,DR,RI> CR: 24002002 XER: 00000000
GPR00: c01a9428 e1033db0 c2d1cf20 00000016 00000004 00000001 c01c0630 e1033a73
GPR08: 00000000 00000000 00000000 e1033db0 24002004 00000000 f8729377 00000003
GPR16: c1829a9c 00000000 18305357 c1416fc0 c1416f80 c006ac60 c2d00ca8 c1416f00
GPR24: 00000000 c21586f0 c2160000 00000000 c2d00cbc c2170000 c216e1a0 c2160000
NIP [c01a9428] lockdep_init_map_type+0x4c0/0xb4c
LR [c01a9428] lockdep_init_map_type+0x4c0/0xb4c
Call Trace:
[e1033db0] [c01a9428] lockdep_init_map_type+0x4c0/0xb4c (unreliable)
[e1033df0] [c1c177b8] kw_i2c_add+0x334/0x424
[e1033e20] [c1c18294] pmac_i2c_init+0x9ec/0xa9c
[e1033e80] [c1c1a790] smp_core99_probe+0xbc/0x35c
[e1033eb0] [c1c03cb0] kernel_init_freeable+0x190/0x5a4
[e1033f10] [c000946c] kernel_init+0x28/0x154
[e1033f30] [c0035148] ret_from_kernel_thread+0x14/0x1c
Add missing lockdep_register_key()
Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/69e4f55565bb45ebb0843977801b245af0c666fe.1638264741.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powermac/low_i2c.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/powermac/low_i2c.c b/arch/powerpc/platforms/powermac/low_i2c.c
index a366233d8ac2d..210435a43bf95 100644
--- a/arch/powerpc/platforms/powermac/low_i2c.c
+++ b/arch/powerpc/platforms/powermac/low_i2c.c
@@ -582,6 +582,7 @@ static void __init kw_i2c_add(struct pmac_i2c_host_kw *host,
bus->close = kw_i2c_close;
bus->xfer = kw_i2c_xfer;
mutex_init(&bus->mutex);
+ lockdep_register_key(&bus->lock_key);
lockdep_set_class(&bus->mutex, &bus->lock_key);
if (controller == busnode)
bus->flags = pmac_i2c_multibus;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 234/320] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 233/320] powerpc/powermac: Add missing lockdep_register_key() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 235/320] w1: Misuse of get_user()/put_user() reported by sparse Greg Kroah-Hartman
` (90 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Kardashevskiy, Fabiano Rosas,
Michael Ellerman, Sasha Levin
From: Alexey Kardashevskiy <aik@ozlabs.ru>
[ Upstream commit 792020907b11c6f9246c21977cab3bad985ae4b6 ]
H_COPY_TOFROM_GUEST is an hcall for an upper level VM to access its nested
VMs memory. The userspace can trigger WARN_ON_ONCE(!(gfp & __GFP_NOWARN))
in __alloc_pages() by constructing a tiny VM which only does
H_COPY_TOFROM_GUEST with a too big GPR9 (number of bytes to copy).
This silences the warning by adding __GFP_NOWARN.
Spotted by syzkaller.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210901084550.1658699-1-aik@ozlabs.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kvm/book3s_hv_nested.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kvm/book3s_hv_nested.c b/arch/powerpc/kvm/book3s_hv_nested.c
index 9906d203d9d39..613d24b707abe 100644
--- a/arch/powerpc/kvm/book3s_hv_nested.c
+++ b/arch/powerpc/kvm/book3s_hv_nested.c
@@ -510,7 +510,7 @@ long kvmhv_copy_tofrom_guest_nested(struct kvm_vcpu *vcpu)
if (eaddr & (0xFFFUL << 52))
return H_PARAMETER;
- buf = kzalloc(n, GFP_KERNEL);
+ buf = kzalloc(n, GFP_KERNEL | __GFP_NOWARN);
if (!buf)
return H_NO_MEM;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 235/320] w1: Misuse of get_user()/put_user() reported by sparse
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 234/320] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 236/320] scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup Greg Kroah-Hartman
` (89 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Christophe Leroy,
Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 33dc3e3e99e626ce51f462d883b05856c6c30b1d ]
sparse warnings: (new ones prefixed by >>)
>> drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char [noderef] __user *_pu_addr @@ got char *buf @@
drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: expected char [noderef] __user *_pu_addr
drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: got char *buf
>> drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char const [noderef] __user *_gu_addr @@ got char const *buf @@
drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: expected char const [noderef] __user *_gu_addr
drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: got char const *buf
The buffer buf is a failsafe buffer in kernel space, it's not user
memory hence doesn't deserve the use of get_user() or put_user().
Access 'buf' content directly.
Link: https://lore.kernel.org/lkml/202111190526.K5vb7NWC-lkp@intel.com/T/
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Link: https://lore.kernel.org/r/d14ed8d71ad4372e6839ae427f91441d3ba0e94d.1637946316.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/w1/slaves/w1_ds28e04.c | 26 ++++++--------------------
1 file changed, 6 insertions(+), 20 deletions(-)
diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c
index 8a640f1590784..06a9966f8c933 100644
--- a/drivers/w1/slaves/w1_ds28e04.c
+++ b/drivers/w1/slaves/w1_ds28e04.c
@@ -32,7 +32,7 @@ static int w1_strong_pullup = 1;
module_param_named(strong_pullup, w1_strong_pullup, int, 0);
/* enable/disable CRC checking on DS28E04-100 memory accesses */
-static char w1_enable_crccheck = 1;
+static bool w1_enable_crccheck = true;
#define W1_EEPROM_SIZE 512
#define W1_PAGE_COUNT 16
@@ -339,32 +339,18 @@ static BIN_ATTR_RW(pio, 1);
static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- if (put_user(w1_enable_crccheck + 0x30, buf))
- return -EFAULT;
-
- return sizeof(w1_enable_crccheck);
+ return sysfs_emit(buf, "%d\n", w1_enable_crccheck);
}
static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
- char val;
-
- if (count != 1 || !buf)
- return -EINVAL;
+ int err = kstrtobool(buf, &w1_enable_crccheck);
- if (get_user(val, buf))
- return -EFAULT;
+ if (err)
+ return err;
- /* convert to decimal */
- val = val - 0x30;
- if (val != 0 && val != 1)
- return -EINVAL;
-
- /* set the new value */
- w1_enable_crccheck = val;
-
- return sizeof(w1_enable_crccheck);
+ return count;
}
static DEVICE_ATTR_RW(crccheck);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 236/320] scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 235/320] w1: Misuse of get_user()/put_user() reported by sparse Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 237/320] ALSA: seq: Set upper limit of processed events Greg Kroah-Hartman
` (88 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 7dd2e2a923173d637c272e483966be8e96a72b64 ]
Extraneous teardown routines are present in the firmware dump path causing
altered states in firmware captures.
When a firmware dump is requested via sysfs, trigger the dump immediately
without tearing down structures and changing adapter state.
The driver shall rely on pre-existing firmware error state clean up
handlers to restore the adapter.
Link: https://lore.kernel.org/r/20211204002644.116455-6-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc.h | 2 +-
drivers/scsi/lpfc/lpfc_attr.c | 62 ++++++++++++++++++++------------
drivers/scsi/lpfc/lpfc_hbadisc.c | 8 ++++-
drivers/scsi/lpfc/lpfc_sli.c | 6 ----
4 files changed, 48 insertions(+), 30 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
index 8943d42fc406e..0b69f4f713778 100644
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
@@ -735,7 +735,6 @@ struct lpfc_hba {
#define HBA_DEVLOSS_TMO 0x2000 /* HBA in devloss timeout */
#define HBA_RRQ_ACTIVE 0x4000 /* process the rrq active list */
#define HBA_IOQ_FLUSH 0x8000 /* FCP/NVME I/O queues being flushed */
-#define HBA_FW_DUMP_OP 0x10000 /* Skips fn reset before FW dump */
#define HBA_RECOVERABLE_UE 0x20000 /* Firmware supports recoverable UE */
#define HBA_FORCED_LINK_SPEED 0x40000 /*
* Firmware supports Forced Link Speed
@@ -744,6 +743,7 @@ struct lpfc_hba {
#define HBA_FLOGI_ISSUED 0x100000 /* FLOGI was issued */
#define HBA_DEFER_FLOGI 0x800000 /* Defer FLOGI till read_sparm cmpl */
+ struct completion *fw_dump_cmpl; /* cmpl event tracker for fw_dump */
uint32_t fcp_ring_in_use; /* When polling test if intr-hndlr active*/
struct lpfc_dmabuf slim2p;
diff --git a/drivers/scsi/lpfc/lpfc_attr.c b/drivers/scsi/lpfc/lpfc_attr.c
index f0ecfe565660a..1c541a600149b 100644
--- a/drivers/scsi/lpfc/lpfc_attr.c
+++ b/drivers/scsi/lpfc/lpfc_attr.c
@@ -1537,25 +1537,25 @@ lpfc_sli4_pdev_reg_request(struct lpfc_hba *phba, uint32_t opcode)
before_fc_flag = phba->pport->fc_flag;
sriov_nr_virtfn = phba->cfg_sriov_nr_virtfn;
- /* Disable SR-IOV virtual functions if enabled */
- if (phba->cfg_sriov_nr_virtfn) {
- pci_disable_sriov(pdev);
- phba->cfg_sriov_nr_virtfn = 0;
- }
+ if (opcode == LPFC_FW_DUMP) {
+ init_completion(&online_compl);
+ phba->fw_dump_cmpl = &online_compl;
+ } else {
+ /* Disable SR-IOV virtual functions if enabled */
+ if (phba->cfg_sriov_nr_virtfn) {
+ pci_disable_sriov(pdev);
+ phba->cfg_sriov_nr_virtfn = 0;
+ }
- if (opcode == LPFC_FW_DUMP)
- phba->hba_flag |= HBA_FW_DUMP_OP;
+ status = lpfc_do_offline(phba, LPFC_EVT_OFFLINE);
- status = lpfc_do_offline(phba, LPFC_EVT_OFFLINE);
+ if (status != 0)
+ return status;
- if (status != 0) {
- phba->hba_flag &= ~HBA_FW_DUMP_OP;
- return status;
+ /* wait for the device to be quiesced before firmware reset */
+ msleep(100);
}
- /* wait for the device to be quiesced before firmware reset */
- msleep(100);
-
reg_val = readl(phba->sli4_hba.conf_regs_memmap_p +
LPFC_CTL_PDEV_CTL_OFFSET);
@@ -1584,24 +1584,42 @@ lpfc_sli4_pdev_reg_request(struct lpfc_hba *phba, uint32_t opcode)
lpfc_printf_log(phba, KERN_ERR, LOG_SLI,
"3153 Fail to perform the requested "
"access: x%x\n", reg_val);
+ if (phba->fw_dump_cmpl)
+ phba->fw_dump_cmpl = NULL;
return rc;
}
/* keep the original port state */
- if (before_fc_flag & FC_OFFLINE_MODE)
- goto out;
-
- init_completion(&online_compl);
- job_posted = lpfc_workq_post_event(phba, &status, &online_compl,
- LPFC_EVT_ONLINE);
- if (!job_posted)
+ if (before_fc_flag & FC_OFFLINE_MODE) {
+ if (phba->fw_dump_cmpl)
+ phba->fw_dump_cmpl = NULL;
goto out;
+ }
- wait_for_completion(&online_compl);
+ /* Firmware dump will trigger an HA_ERATT event, and
+ * lpfc_handle_eratt_s4 routine already handles bringing the port back
+ * online.
+ */
+ if (opcode == LPFC_FW_DUMP) {
+ wait_for_completion(phba->fw_dump_cmpl);
+ } else {
+ init_completion(&online_compl);
+ job_posted = lpfc_workq_post_event(phba, &status, &online_compl,
+ LPFC_EVT_ONLINE);
+ if (!job_posted)
+ goto out;
+ wait_for_completion(&online_compl);
+ }
out:
/* in any case, restore the virtual functions enabled as before */
if (sriov_nr_virtfn) {
+ /* If fw_dump was performed, first disable to clean up */
+ if (opcode == LPFC_FW_DUMP) {
+ pci_disable_sriov(pdev);
+ phba->cfg_sriov_nr_virtfn = 0;
+ }
+
sriov_err =
lpfc_sli_probe_sriov_nr_virtfn(phba, sriov_nr_virtfn);
if (!sriov_err)
diff --git a/drivers/scsi/lpfc/lpfc_hbadisc.c b/drivers/scsi/lpfc/lpfc_hbadisc.c
index 0dc1d56ff4709..0abce779fbb13 100644
--- a/drivers/scsi/lpfc/lpfc_hbadisc.c
+++ b/drivers/scsi/lpfc/lpfc_hbadisc.c
@@ -628,10 +628,16 @@ lpfc_work_done(struct lpfc_hba *phba)
if (phba->pci_dev_grp == LPFC_PCI_DEV_OC)
lpfc_sli4_post_async_mbox(phba);
- if (ha_copy & HA_ERATT)
+ if (ha_copy & HA_ERATT) {
/* Handle the error attention event */
lpfc_handle_eratt(phba);
+ if (phba->fw_dump_cmpl) {
+ complete(phba->fw_dump_cmpl);
+ phba->fw_dump_cmpl = NULL;
+ }
+ }
+
if (ha_copy & HA_MBATT)
lpfc_sli_handle_mb_event(phba);
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index 51bab0979527b..bd908dd273078 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -4498,12 +4498,6 @@ lpfc_sli4_brdreset(struct lpfc_hba *phba)
phba->fcf.fcf_flag = 0;
spin_unlock_irq(&phba->hbalock);
- /* SLI4 INTF 2: if FW dump is being taken skip INIT_PORT */
- if (phba->hba_flag & HBA_FW_DUMP_OP) {
- phba->hba_flag &= ~HBA_FW_DUMP_OP;
- return rc;
- }
-
/* Now physically reset the device */
lpfc_printf_log(phba, KERN_INFO, LOG_INIT,
"0389 Performing PCI function reset!\n");
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 237/320] ALSA: seq: Set upper limit of processed events
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 236/320] scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 238/320] powerpc: handle kdump appropriately with crash_kexec_post_notifiers option Greg Kroah-Hartman
` (87 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zqiang, syzbot+bb950e68b400ab4f65f8,
Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 6fadb494a638d8b8a55864ecc6ac58194f03f327 ]
Currently ALSA sequencer core tries to process the queued events as
much as possible when they become dispatchable. If applications try
to queue too massive events to be processed at the very same timing,
the sequencer core would still try to process such all events, either
in the interrupt context or via some notifier; in either away, it
might be a cause of RCU stall or such problems.
As a potential workaround for those problems, this patch adds the
upper limit of the amount of events to be processed. The remaining
events are processed in the next batch, so they won't be lost.
For the time being, it's limited up to 1000 events per queue, which
should be high enough for any normal usages.
Reported-by: Zqiang <qiang.zhang1211@gmail.com>
Reported-by: syzbot+bb950e68b400ab4f65f8@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20211102033222.3849-1-qiang.zhang1211@gmail.com
Link: https://lore.kernel.org/r/20211207165146.2888-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/seq/seq_queue.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c
index 71a6ea62c3be7..4ff0b927230c2 100644
--- a/sound/core/seq/seq_queue.c
+++ b/sound/core/seq/seq_queue.c
@@ -234,12 +234,15 @@ struct snd_seq_queue *snd_seq_queue_find_name(char *name)
/* -------------------------------------------------------- */
+#define MAX_CELL_PROCESSES_IN_QUEUE 1000
+
void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop)
{
unsigned long flags;
struct snd_seq_event_cell *cell;
snd_seq_tick_time_t cur_tick;
snd_seq_real_time_t cur_time;
+ int processed = 0;
if (q == NULL)
return;
@@ -262,6 +265,8 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop)
if (!cell)
break;
snd_seq_dispatch_event(cell, atomic, hop);
+ if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE)
+ goto out; /* the rest processed at the next batch */
}
/* Process time queue... */
@@ -271,14 +276,19 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop)
if (!cell)
break;
snd_seq_dispatch_event(cell, atomic, hop);
+ if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE)
+ goto out; /* the rest processed at the next batch */
}
+ out:
/* free lock */
spin_lock_irqsave(&q->check_lock, flags);
if (q->check_again) {
q->check_again = 0;
- spin_unlock_irqrestore(&q->check_lock, flags);
- goto __again;
+ if (processed < MAX_CELL_PROCESSES_IN_QUEUE) {
+ spin_unlock_irqrestore(&q->check_lock, flags);
+ goto __again;
+ }
}
q->check_blocked = 0;
spin_unlock_irqrestore(&q->check_lock, flags);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 238/320] powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 237/320] ALSA: seq: Set upper limit of processed events Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 239/320] MIPS: OCTEON: add put_device() after of_find_device_by_node() Greg Kroah-Hartman
` (86 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Hari Bathini,
Michael Ellerman, Sasha Levin
From: Hari Bathini <hbathini@linux.ibm.com>
[ Upstream commit 219572d2fc4135b5ce65c735d881787d48b10e71 ]
Kdump can be triggered after panic_notifers since commit f06e5153f4ae2
("kernel/panic.c: add "crash_kexec_post_notifiers" option for kdump
after panic_notifers") introduced crash_kexec_post_notifiers option.
But using this option would mean smp_send_stop(), that marks all other
CPUs as offline, gets called before kdump is triggered. As a result,
kdump routines fail to save other CPUs' registers. To fix this, kdump
friendly crash_smp_send_stop() function was introduced with kernel
commit 0ee59413c967 ("x86/panic: replace smp_send_stop() with kdump
friendly version in panic path"). Override this kdump friendly weak
function to handle crash_kexec_post_notifiers option appropriately
on powerpc.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
[Fixed signature of crash_stop_this_cpu() - reported by lkp@intel.com]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211207103719.91117-1-hbathini@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/smp.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c
index 82dff003a7fd6..4de63ec2e1551 100644
--- a/arch/powerpc/kernel/smp.c
+++ b/arch/powerpc/kernel/smp.c
@@ -582,6 +582,36 @@ void crash_send_ipi(void (*crash_ipi_callback)(struct pt_regs *))
}
#endif
+#ifdef CONFIG_NMI_IPI
+static void crash_stop_this_cpu(struct pt_regs *regs)
+#else
+static void crash_stop_this_cpu(void *dummy)
+#endif
+{
+ /*
+ * Just busy wait here and avoid marking CPU as offline to ensure
+ * register data is captured appropriately.
+ */
+ while (1)
+ cpu_relax();
+}
+
+void crash_smp_send_stop(void)
+{
+ static bool stopped = false;
+
+ if (stopped)
+ return;
+
+ stopped = true;
+
+#ifdef CONFIG_NMI_IPI
+ smp_send_nmi_ipi(NMI_IPI_ALL_OTHERS, crash_stop_this_cpu, 1000000);
+#else
+ smp_call_function(crash_stop_this_cpu, NULL, 0);
+#endif /* CONFIG_NMI_IPI */
+}
+
#ifdef CONFIG_NMI_IPI
static void nmi_stop_this_cpu(struct pt_regs *regs)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 239/320] MIPS: OCTEON: add put_device() after of_find_device_by_node()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 238/320] powerpc: handle kdump appropriately with crash_kexec_post_notifiers option Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 240/320] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters Greg Kroah-Hartman
` (85 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Ye Guojin,
Thomas Bogendoerfer, Sasha Levin
From: Ye Guojin <ye.guojin@zte.com.cn>
[ Upstream commit 858779df1c0787d3fec827fb705708df9ebdb15b ]
This was found by coccicheck:
./arch/mips/cavium-octeon/octeon-platform.c, 332, 1-7, ERROR missing
put_device; call of_find_device_by_node on line 324, but without a
corresponding object release within this function.
./arch/mips/cavium-octeon/octeon-platform.c, 395, 1-7, ERROR missing
put_device; call of_find_device_by_node on line 387, but without a
corresponding object release within this function.
./arch/mips/cavium-octeon/octeon-usb.c, 512, 3-9, ERROR missing
put_device; call of_find_device_by_node on line 515, but without a
corresponding object release within this function.
./arch/mips/cavium-octeon/octeon-usb.c, 543, 1-7, ERROR missing
put_device; call of_find_device_by_node on line 515, but without a
corresponding object release within this function.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Ye Guojin <ye.guojin@zte.com.cn>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/cavium-octeon/octeon-platform.c | 2 ++
arch/mips/cavium-octeon/octeon-usb.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/arch/mips/cavium-octeon/octeon-platform.c b/arch/mips/cavium-octeon/octeon-platform.c
index 51685f893eab0..c214fe4e678bb 100644
--- a/arch/mips/cavium-octeon/octeon-platform.c
+++ b/arch/mips/cavium-octeon/octeon-platform.c
@@ -328,6 +328,7 @@ static int __init octeon_ehci_device_init(void)
pd->dev.platform_data = &octeon_ehci_pdata;
octeon_ehci_hw_start(&pd->dev);
+ put_device(&pd->dev);
return ret;
}
@@ -391,6 +392,7 @@ static int __init octeon_ohci_device_init(void)
pd->dev.platform_data = &octeon_ohci_pdata;
octeon_ohci_hw_start(&pd->dev);
+ put_device(&pd->dev);
return ret;
}
diff --git a/arch/mips/cavium-octeon/octeon-usb.c b/arch/mips/cavium-octeon/octeon-usb.c
index 4017398519cf9..e092d86e63581 100644
--- a/arch/mips/cavium-octeon/octeon-usb.c
+++ b/arch/mips/cavium-octeon/octeon-usb.c
@@ -544,6 +544,7 @@ static int __init dwc3_octeon_device_init(void)
devm_iounmap(&pdev->dev, base);
devm_release_mem_region(&pdev->dev, res->start,
resource_size(res));
+ put_device(&pdev->dev);
}
} while (node != NULL);
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 240/320] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 239/320] MIPS: OCTEON: add put_device() after of_find_device_by_node() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 241/320] MIPS: Octeon: Fix build errors using clang Greg Kroah-Hartman
` (84 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wolfram Sang, Lakshmi Sowjanya D,
Andy Shevchenko, Jarkko Nikula, Sasha Levin
From: Lakshmi Sowjanya D <lakshmi.sowjanya.d@intel.com>
[ Upstream commit d52097010078c1844348dc0e467305e5f90fd317 ]
The data type of hcnt and lcnt in the struct dw_i2c_dev is of type u16.
It's better to have same data type in struct dw_scl_sda_cfg as well.
Reported-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Lakshmi Sowjanya D <lakshmi.sowjanya.d@intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-designware-pcidrv.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c
index 05b35ac33ce33..735326e5eb8cf 100644
--- a/drivers/i2c/busses/i2c-designware-pcidrv.c
+++ b/drivers/i2c/busses/i2c-designware-pcidrv.c
@@ -37,10 +37,10 @@ enum dw_pci_ctl_id_t {
};
struct dw_scl_sda_cfg {
- u32 ss_hcnt;
- u32 fs_hcnt;
- u32 ss_lcnt;
- u32 fs_lcnt;
+ u16 ss_hcnt;
+ u16 fs_hcnt;
+ u16 ss_lcnt;
+ u16 fs_lcnt;
u32 sda_hold;
};
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 241/320] MIPS: Octeon: Fix build errors using clang
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 240/320] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 242/320] scsi: sr: Dont use GFP_DMA Greg Kroah-Hartman
` (83 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tianjia Zhang, Nathan Chancellor,
Philippe Mathieu-Daudé,
Thomas Bogendoerfer, Sasha Levin
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
[ Upstream commit 95339b70677dc6f9a2d669c4716058e71b8dc1c7 ]
A large number of the following errors is reported when compiling
with clang:
cvmx-bootinfo.h:326:3: error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int]
ENUM_BRD_TYPE_CASE(CVMX_BOARD_TYPE_NULL)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cvmx-bootinfo.h:321:20: note: expanded from macro 'ENUM_BRD_TYPE_CASE'
case x: return(#x + 16); /* Skip CVMX_BOARD_TYPE_ */
~~~^~~~
cvmx-bootinfo.h:326:3: note: use array indexing to silence this warning
cvmx-bootinfo.h:321:20: note: expanded from macro 'ENUM_BRD_TYPE_CASE'
case x: return(#x + 16); /* Skip CVMX_BOARD_TYPE_ */
^
Follow the prompts to use the address operator '&' to fix this error.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/octeon/cvmx-bootinfo.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/include/asm/octeon/cvmx-bootinfo.h b/arch/mips/include/asm/octeon/cvmx-bootinfo.h
index 62787765575ef..ce6e5fddce0bf 100644
--- a/arch/mips/include/asm/octeon/cvmx-bootinfo.h
+++ b/arch/mips/include/asm/octeon/cvmx-bootinfo.h
@@ -315,7 +315,7 @@ enum cvmx_chip_types_enum {
/* Functions to return string based on type */
#define ENUM_BRD_TYPE_CASE(x) \
- case x: return(#x + 16); /* Skip CVMX_BOARD_TYPE_ */
+ case x: return (&#x[16]); /* Skip CVMX_BOARD_TYPE_ */
static inline const char *cvmx_board_type_to_string(enum
cvmx_board_types_enum type)
{
@@ -404,7 +404,7 @@ static inline const char *cvmx_board_type_to_string(enum
}
#define ENUM_CHIP_TYPE_CASE(x) \
- case x: return(#x + 15); /* Skip CVMX_CHIP_TYPE */
+ case x: return (&#x[15]); /* Skip CVMX_CHIP_TYPE */
static inline const char *cvmx_chip_type_to_string(enum
cvmx_chip_types_enum type)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 242/320] scsi: sr: Dont use GFP_DMA
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 241/320] MIPS: Octeon: Fix build errors using clang Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 243/320] ASoC: mediatek: mt8173: fix device_node leak Greg Kroah-Hartman
` (82 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baoquan He, Christoph Hellwig,
Martin K. Petersen, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit d94d94969a4ba07a43d62429c60372320519c391 ]
The allocated buffers are used as a command payload, for which the block
layer and/or DMA API do the proper bounce buffering if needed.
Link: https://lore.kernel.org/r/20211222090842.920724-1-hch@lst.de
Reported-by: Baoquan He <bhe@redhat.com>
Reviewed-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/sr.c | 2 +-
drivers/scsi/sr_vendor.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
index 279dea628620d..310da62cda263 100644
--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
@@ -887,7 +887,7 @@ static void get_capabilities(struct scsi_cd *cd)
/* allocate transfer buffer */
- buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
+ buffer = kmalloc(512, GFP_KERNEL);
if (!buffer) {
sr_printk(KERN_ERR, cd, "out of memory.\n");
return;
diff --git a/drivers/scsi/sr_vendor.c b/drivers/scsi/sr_vendor.c
index b9db2ec6d0361..996bccadd3866 100644
--- a/drivers/scsi/sr_vendor.c
+++ b/drivers/scsi/sr_vendor.c
@@ -113,7 +113,7 @@ int sr_set_blocklength(Scsi_CD *cd, int blocklength)
if (cd->vendor == VENDOR_TOSHIBA)
density = (blocklength > 2048) ? 0x81 : 0x83;
- buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
+ buffer = kmalloc(512, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
@@ -161,7 +161,7 @@ int sr_cd_check(struct cdrom_device_info *cdi)
if (cd->cdi.mask & CDC_MULTI_SESSION)
return 0;
- buffer = kmalloc(512, GFP_KERNEL | GFP_DMA);
+ buffer = kmalloc(512, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 243/320] ASoC: mediatek: mt8173: fix device_node leak
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 242/320] scsi: sr: Dont use GFP_DMA Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 244/320] power: bq25890: Enable continuous conversion for ADC at charging Greg Kroah-Hartman
` (81 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tzung-Bi Shih, Mark Brown, Sasha Levin
From: Tzung-Bi Shih <tzungbi@google.com>
[ Upstream commit 493433785df0075afc0c106ab65f10a605d0b35d ]
Fixes the device_node leak.
Signed-off-by: Tzung-Bi Shih <tzungbi@google.com>
Link: https://lore.kernel.org/r/20211224064719.2031210-2-tzungbi@google.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8173/mt8173-max98090.c | 3 +++
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | 2 ++
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | 2 ++
sound/soc/mediatek/mt8173/mt8173-rt5650.c | 2 ++
4 files changed, 9 insertions(+)
diff --git a/sound/soc/mediatek/mt8173/mt8173-max98090.c b/sound/soc/mediatek/mt8173/mt8173-max98090.c
index 22c00600c999f..de1410c2c446f 100644
--- a/sound/soc/mediatek/mt8173/mt8173-max98090.c
+++ b/sound/soc/mediatek/mt8173/mt8173-max98090.c
@@ -180,6 +180,9 @@ static int mt8173_max98090_dev_probe(struct platform_device *pdev)
if (ret)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+
+ of_node_put(codec_node);
+ of_node_put(platform_node);
return ret;
}
diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c
index 8717e87bfe264..6f8542329bab9 100644
--- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c
+++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c
@@ -218,6 +218,8 @@ static int mt8173_rt5650_rt5514_dev_probe(struct platform_device *pdev)
if (ret)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+
+ of_node_put(platform_node);
return ret;
}
diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c
index 9d4dd97211548..727ff0f7f20b1 100644
--- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c
+++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c
@@ -285,6 +285,8 @@ static int mt8173_rt5650_rt5676_dev_probe(struct platform_device *pdev)
if (ret)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+
+ of_node_put(platform_node);
return ret;
}
diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650.c b/sound/soc/mediatek/mt8173/mt8173-rt5650.c
index ef6f236752867..21e7d4d3ded5a 100644
--- a/sound/soc/mediatek/mt8173/mt8173-rt5650.c
+++ b/sound/soc/mediatek/mt8173/mt8173-rt5650.c
@@ -309,6 +309,8 @@ static int mt8173_rt5650_dev_probe(struct platform_device *pdev)
if (ret)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+
+ of_node_put(platform_node);
return ret;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 244/320] power: bq25890: Enable continuous conversion for ADC at charging
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 243/320] ASoC: mediatek: mt8173: fix device_node leak Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 245/320] rpmsg: core: Clean up resources on announce_create failure Greg Kroah-Hartman
` (80 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yauhen Kharuzhy, Hans de Goede,
Sebastian Reichel, Sasha Levin
From: Yauhen Kharuzhy <jekhor@gmail.com>
[ Upstream commit 80211be1b9dec04cc2805d3d81e2091ecac289a1 ]
Instead of one shot run of ADC at beginning of charging, run continuous
conversion to ensure that all charging-related values are monitored
properly (input voltage, input current, themperature etc.).
Signed-off-by: Yauhen Kharuzhy <jekhor@gmail.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/bq25890_charger.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/power/supply/bq25890_charger.c b/drivers/power/supply/bq25890_charger.c
index 9d1ec8d677de6..5afe55119fe65 100644
--- a/drivers/power/supply/bq25890_charger.c
+++ b/drivers/power/supply/bq25890_charger.c
@@ -531,12 +531,12 @@ static void bq25890_handle_state_change(struct bq25890_device *bq,
if (!new_state->online) { /* power removed */
/* disable ADC */
- ret = bq25890_field_write(bq, F_CONV_START, 0);
+ ret = bq25890_field_write(bq, F_CONV_RATE, 0);
if (ret < 0)
goto error;
} else if (!old_state.online) { /* power inserted */
/* enable ADC, to have control of charge current/voltage */
- ret = bq25890_field_write(bq, F_CONV_START, 1);
+ ret = bq25890_field_write(bq, F_CONV_RATE, 1);
if (ret < 0)
goto error;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 334+ messages in thread
* [PATCH 5.4 245/320] rpmsg: core: Clean up resources on announce_create failure.
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 244/320] power: bq25890: Enable continuous conversion for ADC at charging Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 246/320] crypto: omap-aes - Fix broken pm_runtime_and_get() usage Greg Kroah-Hartman
` (79 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Andersson, Arnaud Pouliquen,
Mathieu Poirier
From: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
commit 8066c615cb69b7da8a94f59379847b037b3a5e46 upstream.
During the rpmsg_dev_probe, if rpdev->ops->announce_create returns an
error, the rpmsg device and default endpoint should be freed before
exiting the function.
Fixes: 5e619b48677c ("rpmsg: Split rpmsg core and virtio backend")
Suggested-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211206190758.10004-1-arnaud.pouliquen@foss.st.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rpmsg/rpmsg_core.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/drivers/rpmsg/rpmsg_core.c
+++ b/drivers/rpmsg/rpmsg_core.c
@@ -473,13 +473,25 @@ static int rpmsg_dev_probe(struct device
err = rpdrv->probe(rpdev);
if (err) {
dev_err(dev, "%s: failed: %d\n", __func__, err);
- if (ept)
- rpmsg_destroy_ept(ept);
- goto out;
+ goto destroy_ept;
}
- if (ept && rpdev->ops->announce_create)
+ if (ept && rpdev->ops->announce_create) {
err = rpdev->ops->announce_create(rpdev);
+ if (err) {
+ dev_err(dev, "failed to announce creation\n");
+ goto remove_rpdev;
+ }
+ }
+
+ return 0;
+
+remove_rpdev:
+ if (rpdrv->remove)
+ rpdrv->remove(rpdev);
+destroy_ept:
+ if (ept)
+ rpmsg_destroy_ept(ept);
out:
return err;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 246/320] crypto: omap-aes - Fix broken pm_runtime_and_get() usage
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 245/320] rpmsg: core: Clean up resources on announce_create failure Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 247/320] crypto: stm32/crc32 - Fix kernel BUG triggered in probe() Greg Kroah-Hartman
` (78 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, Herbert Xu
From: Heiner Kallweit <hkallweit1@gmail.com>
commit c2aec59be093bd44627bc4f6bc67e4614a93a7b6 upstream.
This fix is basically the same as 3d6b661330a7 ("crypto: stm32 -
Revert broken pm_runtime_resume_and_get changes"), just for the omap
driver. If the return value isn't used, then pm_runtime_get_sync()
has to be used for ensuring that the usage count is balanced.
Fixes: 1f34cc4a8da3 ("crypto: omap-aes - Fix PM reference leak on omap-aes.c")
Cc: stable@vger.kernel.org
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/omap-aes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -1318,7 +1318,7 @@ static int omap_aes_suspend(struct devic
static int omap_aes_resume(struct device *dev)
{
- pm_runtime_resume_and_get(dev);
+ pm_runtime_get_sync(dev);
return 0;
}
#endif
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 247/320] crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 246/320] crypto: omap-aes - Fix broken pm_runtime_and_get() usage Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 248/320] crypto: caam - replace this_cpu_ptr with raw_cpu_ptr Greg Kroah-Hartman
` (77 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel, linux-crypto
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Alexandre Torgue,
Fabien Dessenne, Herbert Xu, Lionel Debieve, Nicolas Toromanoff,
linux-arm-kernel, linux-stm32, Nicolas Toromanoff
From: Marek Vasut <marex@denx.de>
commit 29009604ad4e3ef784fd9b9fef6f23610ddf633d upstream.
The include/linux/crypto.h struct crypto_alg field cra_driver_name description
states "Unique name of the transformation provider. " ... " this contains the
name of the chip or provider and the name of the transformation algorithm."
In case of the stm32-crc driver, field cra_driver_name is identical for all
registered transformation providers and set to the name of the driver itself,
which is incorrect. This patch fixes it by assigning a unique cra_driver_name
to each registered transformation provider.
The kernel crash is triggered when the driver calls crypto_register_shashes()
which calls crypto_register_shash(), which calls crypto_register_alg(), which
calls __crypto_register_alg(), which returns -EEXIST, which is propagated
back through this call chain. Upon -EEXIST from crypto_register_shash(), the
crypto_register_shashes() starts unregistering the providers back, and calls
crypto_unregister_shash(), which calls crypto_unregister_alg(), and this is
where the BUG() triggers due to incorrect cra_refcnt.
Fixes: b51dbe90912a ("crypto: stm32 - Support for STM32 CRC32 crypto module")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: <stable@vger.kernel.org> # 4.12+
Cc: Alexandre Torgue <alexandre.torgue@foss.st.com>
Cc: Fabien Dessenne <fabien.dessenne@st.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Lionel Debieve <lionel.debieve@st.com>
Cc: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-stm32@st-md-mailman.stormreply.com
To: linux-crypto@vger.kernel.org
Acked-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/stm32/stm32-crc32.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/crypto/stm32/stm32-crc32.c
+++ b/drivers/crypto/stm32/stm32-crc32.c
@@ -230,7 +230,7 @@ static struct shash_alg algs[] = {
.digestsize = CHKSUM_DIGEST_SIZE,
.base = {
.cra_name = "crc32",
- .cra_driver_name = DRIVER_NAME,
+ .cra_driver_name = "stm32-crc32-crc32",
.cra_priority = 200,
.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
.cra_blocksize = CHKSUM_BLOCK_SIZE,
@@ -252,7 +252,7 @@ static struct shash_alg algs[] = {
.digestsize = CHKSUM_DIGEST_SIZE,
.base = {
.cra_name = "crc32c",
- .cra_driver_name = DRIVER_NAME,
+ .cra_driver_name = "stm32-crc32-crc32c",
.cra_priority = 200,
.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
.cra_blocksize = CHKSUM_BLOCK_SIZE,
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 248/320] crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 247/320] crypto: stm32/crc32 - Fix kernel BUG triggered in probe() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 249/320] ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers Greg Kroah-Hartman
` (76 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Meng Li, Horia Geantă, Herbert Xu
From: Meng Li <Meng.Li@windriver.com>
commit efd21e10fc3bf4c6da122470a5ae89ec4ed8d180 upstream.
When enable the kernel debug config, there is below calltrace detected:
BUG: using smp_processor_id() in preemptible [00000000] code: cryptomgr_test/339
caller is debug_smp_processor_id+0x20/0x30
CPU: 9 PID: 339 Comm: cryptomgr_test Not tainted 5.10.63-yocto-standard #1
Hardware name: NXP Layerscape LX2160ARDB (DT)
Call trace:
dump_backtrace+0x0/0x1a0
show_stack+0x24/0x30
dump_stack+0xf0/0x13c
check_preemption_disabled+0x100/0x110
debug_smp_processor_id+0x20/0x30
dpaa2_caam_enqueue+0x10c/0x25c
......
cryptomgr_test+0x38/0x60
kthread+0x158/0x164
ret_from_fork+0x10/0x38
According to the comment in commit ac5d15b4519f("crypto: caam/qi2
- use affine DPIOs "), because preemption is no longer disabled
while trying to enqueue an FQID, it might be possible to run the
enqueue on a different CPU(due to migration, when in process context),
however this wouldn't be a functionality issue. But there will be
above calltrace when enable kernel debug config. So, replace this_cpu_ptr
with raw_cpu_ptr to avoid above call trace.
Fixes: ac5d15b4519f ("crypto: caam/qi2 - use affine DPIOs")
Cc: stable@vger.kernel.org
Signed-off-by: Meng Li <Meng.Li@windriver.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/caam/caamalg_qi2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -5421,7 +5421,7 @@ int dpaa2_caam_enqueue(struct device *de
dpaa2_fd_set_len(&fd, dpaa2_fl_get_len(&req->fd_flt[1]));
dpaa2_fd_set_flc(&fd, req->flc_dma);
- ppriv = this_cpu_ptr(priv->ppriv);
+ ppriv = raw_cpu_ptr(priv->ppriv);
for (i = 0; i < (priv->dpseci_attr.num_tx_queues << 1); i++) {
err = dpaa2_io_service_enqueue_fq(ppriv->dpio, ppriv->req_fqid,
&fd);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 249/320] ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 248/320] crypto: caam - replace this_cpu_ptr with raw_cpu_ptr Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 250/320] fuse: Pass correct lend value to filemap_write_and_wait_range() Greg Kroah-Hartman
` (75 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Petr Cvachoucek, Richard Weinberger
From: Petr Cvachoucek <cvachoucek@gmail.com>
commit 3fea4d9d160186617ff40490ae01f4f4f36b28ff upstream.
it seems freeing the write buffers in the error path of the
ubifs_remount_rw() is wrong. It leads later to a kernel oops like this:
[10016.431274] UBIFS (ubi0:0): start fixing up free space
[10090.810042] UBIFS (ubi0:0): free space fixup complete
[10090.814623] UBIFS error (ubi0:0 pid 512): ubifs_remount_fs: cannot
spawn "ubifs_bgt0_0", error -4
[10101.915108] UBIFS (ubi0:0): background thread "ubifs_bgt0_0" started,
PID 517
[10105.275498] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000030
[10105.284352] Mem abort info:
[10105.287160] ESR = 0x96000006
[10105.290252] EC = 0x25: DABT (current EL), IL = 32 bits
[10105.295592] SET = 0, FnV = 0
[10105.298652] EA = 0, S1PTW = 0
[10105.301848] Data abort info:
[10105.304723] ISV = 0, ISS = 0x00000006
[10105.308573] CM = 0, WnR = 0
[10105.311564] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000f03d1000
[10105.318034] [0000000000000030] pgd=00000000f6cee003,
pud=00000000f4884003, pmd=0000000000000000
[10105.326783] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[10105.332355] Modules linked in: ath10k_pci ath10k_core ath mac80211
libarc4 cfg80211 nvme nvme_core cryptodev(O)
[10105.342468] CPU: 3 PID: 518 Comm: touch Tainted: G O
5.4.3 #1
[10105.349517] Hardware name: HYPEX CPU (DT)
[10105.353525] pstate: 40000005 (nZcv daif -PAN -UAO)
[10105.358324] pc : atomic64_try_cmpxchg_acquire.constprop.22+0x8/0x34
[10105.364596] lr : mutex_lock+0x1c/0x34
[10105.368253] sp : ffff000075633aa0
[10105.371563] x29: ffff000075633aa0 x28: 0000000000000001
[10105.376874] x27: ffff000076fa80c8 x26: 0000000000000004
[10105.382185] x25: 0000000000000030 x24: 0000000000000000
[10105.387495] x23: 0000000000000000 x22: 0000000000000038
[10105.392807] x21: 000000000000000c x20: ffff000076fa80c8
[10105.398119] x19: ffff000076fa8000 x18: 0000000000000000
[10105.403429] x17: 0000000000000000 x16: 0000000000000000
[10105.408741] x15: 0000000000000000 x14: fefefefefefefeff
[10105.414052] x13: 0000000000000000 x12: 0000000000000fe0
[10105.419364] x11: 0000000000000fe0 x10: ffff000076709020
[10105.424675] x9 : 0000000000000000 x8 : 00000000000000a0
[10105.429986] x7 : ffff000076fa80f4 x6 : 0000000000000030
[10105.435297] x5 : 0000000000000000 x4 : 0000000000000000
[10105.440609] x3 : 0000000000000000 x2 : ffff00006f276040
[10105.445920] x1 : ffff000075633ab8 x0 : 0000000000000030
[10105.451232] Call trace:
[10105.453676] atomic64_try_cmpxchg_acquire.constprop.22+0x8/0x34
[10105.459600] ubifs_garbage_collect+0xb4/0x334
[10105.463956] ubifs_budget_space+0x398/0x458
[10105.468139] ubifs_create+0x50/0x180
[10105.471712] path_openat+0x6a0/0x9b0
[10105.475284] do_filp_open+0x34/0x7c
[10105.478771] do_sys_open+0x78/0xe4
[10105.482170] __arm64_sys_openat+0x1c/0x24
[10105.486180] el0_svc_handler+0x84/0xc8
[10105.489928] el0_svc+0x8/0xc
[10105.492808] Code: 52800013 17fffffb d2800003 f9800011 (c85ffc05)
[10105.498903] ---[ end trace 46b721d93267a586 ]---
To reproduce the problem:
1. Filesystem initially mounted read-only, free space fixup flag set.
2. mount -o remount,rw <mountpoint>
3. it takes some time (free space fixup running)
... try to terminate running mount by CTRL-C
... does not respond, only after free space fixup is complete
... then "ubifs_remount_fs: cannot spawn "ubifs_bgt0_0", error -4"
4. mount -o remount,rw <mountpoint>
... now finished instantly (fixup already done).
5. Create file or just unmount the filesystem and we get the oops.
Cc: <stable@vger.kernel.org>
Fixes: b50b9f408502 ("UBIFS: do not free write-buffers when in R/O mode")
Signed-off-by: Petr Cvachoucek <cvachoucek@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/super.c | 1 -
1 file changed, 1 deletion(-)
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1835,7 +1835,6 @@ out:
kthread_stop(c->bgt);
c->bgt = NULL;
}
- free_wbufs(c);
kfree(c->write_reserve_buf);
c->write_reserve_buf = NULL;
vfree(c->ileb_buf);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 250/320] fuse: Pass correct lend value to filemap_write_and_wait_range()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 249/320] ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 251/320] serial: Fix incorrect rs485 polarity on uart open Greg Kroah-Hartman
` (74 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xie Yongji, Miklos Szeredi
From: Xie Yongji <xieyongji@bytedance.com>
commit e388164ea385f04666c4633f5dc4f951fca71890 upstream.
The acceptable maximum value of lend parameter in
filemap_write_and_wait_range() is LLONG_MAX rather than -1. And there is
also some logic depending on LLONG_MAX check in write_cache_pages(). So
let's pass LLONG_MAX to filemap_write_and_wait_range() in
fuse_writeback_range() instead.
Fixes: 59bda8ecee2f ("fuse: flush extending writes")
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Cc: <stable@vger.kernel.org> # v5.15
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -3188,7 +3188,7 @@ fuse_direct_IO(struct kiocb *iocb, struc
static int fuse_writeback_range(struct inode *inode, loff_t start, loff_t end)
{
- int err = filemap_write_and_wait_range(inode->i_mapping, start, -1);
+ int err = filemap_write_and_wait_range(inode->i_mapping, start, LLONG_MAX);
if (!err)
fuse_sync_writes(inode);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 251/320] serial: Fix incorrect rs485 polarity on uart open
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 250/320] fuse: Pass correct lend value to filemap_write_and_wait_range() Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 252/320] cputime, cpuacct: Include guest time in user time in cpuacct.stat Greg Kroah-Hartman
` (73 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rafael Gago Castano, Jan Kiszka,
Su Bao Cheng, Lukas Wunner
From: Lukas Wunner <lukas@wunner.de>
commit d3b3404df318504ec084213ab1065b73f49b0f1d upstream.
Commit a6845e1e1b78 ("serial: core: Consider rs485 settings to drive
RTS") sought to deassert RTS when opening an rs485-enabled uart port.
That way, the transceiver does not occupy the bus until it transmits
data.
Unfortunately, the commit mixed up the logic and *asserted* RTS instead
of *deasserting* it:
The commit amended uart_port_dtr_rts(), which raises DTR and RTS when
opening an rs232 port. "Raising" actually means lowering the signal
that's coming out of the uart, because an rs232 transceiver not only
changes a signal's voltage level, it also *inverts* the signal. See
the simplified schematic in the MAX232 datasheet for an example:
https://www.ti.com/lit/ds/symlink/max232.pdf
So, to raise RTS on an rs232 port, TIOCM_RTS is *set* in port->mctrl
and that results in the signal being driven low.
In contrast to rs232, the signal level for rs485 Transmit Enable is the
identity, not the inversion: If the transceiver expects a "high" RTS
signal for Transmit Enable, the signal coming out of the uart must also
be high, so TIOCM_RTS must be *cleared* in port->mctrl.
The commit did the exact opposite, but it's easy to see why given the
confusing semantics of rs232 and rs485. Fix it.
Fixes: a6845e1e1b78 ("serial: core: Consider rs485 settings to drive RTS")
Cc: stable@vger.kernel.org # v4.14+
Cc: Rafael Gago Castano <rgc@hms.se>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Su Bao Cheng <baocheng.su@siemens.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Link: https://lore.kernel.org/r/9395767847833f2f3193c49cde38501eeb3b5669.1639821059.git.lukas@wunner.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/serial_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -160,7 +160,7 @@ static void uart_port_dtr_rts(struct uar
int RTS_after_send = !!(uport->rs485.flags & SER_RS485_RTS_AFTER_SEND);
if (raise) {
- if (rs485_on && !RTS_after_send) {
+ if (rs485_on && RTS_after_send) {
uart_set_mctrl(uport, TIOCM_DTR);
uart_clear_mctrl(uport, TIOCM_RTS);
} else {
@@ -169,7 +169,7 @@ static void uart_port_dtr_rts(struct uar
} else {
unsigned int clear = TIOCM_DTR;
- clear |= (!rs485_on || !RTS_after_send) ? TIOCM_RTS : 0;
+ clear |= (!rs485_on || RTS_after_send) ? TIOCM_RTS : 0;
uart_clear_mctrl(uport, clear);
}
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 252/320] cputime, cpuacct: Include guest time in user time in cpuacct.stat
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 251/320] serial: Fix incorrect rs485 polarity on uart open Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 253/320] tracing/kprobes: nmissed not showed correctly for kretprobe Greg Kroah-Hartman
` (72 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrey Ryabinin,
Peter Zijlstra (Intel),
Daniel Jordan, Tejun Heo
From: Andrey Ryabinin <arbn@yandex-team.com>
commit 9731698ecb9c851f353ce2496292ff9fcea39dff upstream.
cpuacct.stat in no-root cgroups shows user time without guest time
included int it. This doesn't match with user time shown in root
cpuacct.stat and /proc/<pid>/stat. This also affects cgroup2's cpu.stat
in the same way.
Make account_guest_time() to add user time to cgroup's cpustat to
fix this.
Fixes: ef12fefabf94 ("cpuacct: add per-cgroup utime/stime statistics")
Signed-off-by: Andrey Ryabinin <arbn@yandex-team.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211115164607.23784-1-arbn@yandex-team.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/sched/cputime.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/sched/cputime.c
+++ b/kernel/sched/cputime.c
@@ -147,10 +147,10 @@ void account_guest_time(struct task_stru
/* Add guest time to cpustat. */
if (task_nice(p) > 0) {
- cpustat[CPUTIME_NICE] += cputime;
+ task_group_account_field(p, CPUTIME_NICE, cputime);
cpustat[CPUTIME_GUEST_NICE] += cputime;
} else {
- cpustat[CPUTIME_USER] += cputime;
+ task_group_account_field(p, CPUTIME_USER, cputime);
cpustat[CPUTIME_GUEST] += cputime;
}
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 253/320] tracing/kprobes: nmissed not showed correctly for kretprobe
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 252/320] cputime, cpuacct: Include guest time in user time in cpuacct.stat Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 254/320] iwlwifi: mvm: Increase the scan timeout guard to 30 seconds Greg Kroah-Hartman
` (71 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu, Xiangyang Zhang,
Steven Rostedt
From: Xiangyang Zhang <xyz.sun.ok@gmail.com>
commit dfea08a2116fe327f79d8f4d4b2cf6e0c88be11f upstream.
The 'nmissed' column of the 'kprobe_profile' file for kretprobe is
not showed correctly, kretprobe can be skipped by two reasons,
shortage of kretprobe_instance which is counted by tk->rp.nmissed,
and kprobe itself is missed by some reason, so to show the sum.
Link: https://lkml.kernel.org/r/20220107150242.5019-1-xyz.sun.ok@gmail.com
Cc: stable@vger.kernel.org
Fixes: 4a846b443b4e ("tracing/kprobes: Cleanup kprobe tracer code")
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Xiangyang Zhang <xyz.sun.ok@gmail.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_kprobe.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -999,15 +999,18 @@ static int probes_profile_seq_show(struc
{
struct dyn_event *ev = v;
struct trace_kprobe *tk;
+ unsigned long nmissed;
if (!is_trace_kprobe(ev))
return 0;
tk = to_trace_kprobe(ev);
+ nmissed = trace_kprobe_is_return(tk) ?
+ tk->rp.kp.nmissed + tk->rp.nmissed : tk->rp.kp.nmissed;
seq_printf(m, " %-44s %15lu %15lu\n",
trace_probe_name(&tk->tp),
trace_kprobe_nhit(tk),
- tk->rp.kp.nmissed);
+ nmissed);
return 0;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 254/320] iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 253/320] tracing/kprobes: nmissed not showed correctly for kretprobe Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 255/320] s390/mm: fix 2KB pgtable release race Greg Kroah-Hartman
` (70 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ilan Peer, Luca Coelho
From: Ilan Peer <ilan.peer@intel.com>
commit ced50f1133af12f7521bb777fcf4046ca908fb77 upstream.
With the introduction of 6GHz channels the scan guard timeout should
be adjusted to account for the following extreme case:
- All 6GHz channels are scanned passively: 58 channels.
- The scan is fragmented with the following parameters: 3 fragments,
95 TUs suspend time, 44 TUs maximal out of channel time.
The above would result with scan time of more than 24 seconds. Thus,
set the timeout to 30 seconds.
Cc: stable@vger.kernel.org
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211210090244.3c851b93aef5.I346fa2e1d79220a6770496e773c6f87a2ad9e6c4@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
@@ -1700,7 +1700,7 @@ static int iwl_mvm_check_running_scans(s
return -EIO;
}
-#define SCAN_TIMEOUT 20000
+#define SCAN_TIMEOUT 30000
void iwl_mvm_scan_timeout_wk(struct work_struct *work)
{
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 255/320] s390/mm: fix 2KB pgtable release race
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 254/320] iwlwifi: mvm: Increase the scan timeout guard to 30 seconds Greg Kroah-Hartman
@ 2022-01-24 18:43 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 256/320] drm/etnaviv: limit submit sizes Greg Kroah-Hartman
` (69 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:43 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vlastimil Babka, Gerald Schaefer,
Alexander Gordeev, Heiko Carstens
From: Alexander Gordeev <agordeev@linux.ibm.com>
commit c2c224932fd0ee6854d6ebfc8d059c2bcad86606 upstream.
There is a race on concurrent 2KB-pgtables release paths when
both upper and lower halves of the containing parent page are
freed, one via page_table_free_rcu() + __tlb_remove_table(),
and the other via page_table_free(). The race might lead to a
corruption as result of remove of list item in page_table_free()
concurrently with __free_page() in __tlb_remove_table().
Let's assume first the lower and next the upper 2KB-pgtables are
freed from a page. Since both halves of the page are allocated
the tracking byte (bits 24-31 of the page _refcount) has value
of 0x03 initially:
CPU0 CPU1
---- ----
page_table_free_rcu() // lower half
{
// _refcount[31..24] == 0x03
...
atomic_xor_bits(&page->_refcount,
0x11U << (0 + 24));
// _refcount[31..24] <= 0x12
...
table = table | (1U << 0);
tlb_remove_table(tlb, table);
}
...
__tlb_remove_table()
{
// _refcount[31..24] == 0x12
mask = _table & 3;
// mask <= 0x01
...
page_table_free() // upper half
{
// _refcount[31..24] == 0x12
...
atomic_xor_bits(
&page->_refcount,
1U << (1 + 24));
// _refcount[31..24] <= 0x10
// mask <= 0x10
...
atomic_xor_bits(&page->_refcount,
mask << (4 + 24));
// _refcount[31..24] <= 0x00
// mask <= 0x00
...
if (mask != 0) // == false
break;
fallthrough;
...
if (mask & 3) // == false
...
else
__free_page(page); list_del(&page->lru);
^^^^^^^^^^^^^^^^^^ RACE! ^^^^^^^^^^^^^^^^^^^^^
} ...
}
The problem is page_table_free() releases the page as result of
lower nibble unset and __tlb_remove_table() observing zero too
early. With this update page_table_free() will use the similar
logic as page_table_free_rcu() + __tlb_remove_table(), and mark
the fragment as pending for removal in the upper nibble until
after the list_del().
In other words, the parent page is considered as unreferenced and
safe to release only when the lower nibble is cleared already and
unsetting a bit in upper nibble results in that nibble turned zero.
Cc: stable@vger.kernel.org
Suggested-by: Vlastimil Babka <vbabka@suse.com>
Reviewed-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/mm/pgalloc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/s390/mm/pgalloc.c
+++ b/arch/s390/mm/pgalloc.c
@@ -255,13 +255,15 @@ void page_table_free(struct mm_struct *m
/* Free 2K page table fragment of a 4K page */
bit = (__pa(table) & ~PAGE_MASK)/(PTRS_PER_PTE*sizeof(pte_t));
spin_lock_bh(&mm->context.lock);
- mask = atomic_xor_bits(&page->_refcount, 1U << (bit + 24));
+ mask = atomic_xor_bits(&page->_refcount, 0x11U << (bit + 24));
mask >>= 24;
if (mask & 3)
list_add(&page->lru, &mm->context.pgtable_list);
else
list_del(&page->lru);
spin_unlock_bh(&mm->context.lock);
+ mask = atomic_xor_bits(&page->_refcount, 0x10U << (bit + 24));
+ mask >>= 24;
if (mask != 0)
return;
} else {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 256/320] drm/etnaviv: limit submit sizes
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-01-24 18:43 ` [PATCH 5.4 255/320] s390/mm: fix 2KB pgtable release race Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 257/320] drm/nouveau/kms/nv04: use vzalloc for nv04_display Greg Kroah-Hartman
` (68 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Lucas Stach,
Christian Gmeiner
From: Lucas Stach <l.stach@pengutronix.de>
commit 6dfa2fab8ddd46faa771a102672176bee7a065de upstream.
Currently we allow rediculous amounts of kernel memory being allocated
via the etnaviv GEM_SUBMIT ioctl, which is a pretty easy DoS vector. Put
some reasonable limits in to fix this.
The commandstream size is limited to 64KB, which was already a soft limit
on older kernels after which the kernel only took submits on a best effort
base, so there is no userspace that tries to submit commandstreams larger
than this. Even if the whole commandstream is a single incrementing address
load, the size limit also limits the number of potential relocs and
referenced buffers to slightly under 64K, so use the same limit for those
arguments. The performance monitoring infrastructure currently supports
less than 50 performance counter signals, so limiting them to 128 on a
single submit seems like a reasonably future-proof number for now. This
number can be bumped if needed without breaking the interface.
Cc: stable@vger.kernel.org
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
@@ -471,6 +471,12 @@ int etnaviv_ioctl_gem_submit(struct drm_
return -EINVAL;
}
+ if (args->stream_size > SZ_64K || args->nr_relocs > SZ_64K ||
+ args->nr_bos > SZ_64K || args->nr_pmrs > 128) {
+ DRM_ERROR("submit arguments out of size limits\n");
+ return -EINVAL;
+ }
+
/*
* Copy the command submission and bo array to kernel space in
* one go, and do this outside of any locks.
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 257/320] drm/nouveau/kms/nv04: use vzalloc for nv04_display
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 256/320] drm/etnaviv: limit submit sizes Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 258/320] drm/bridge: analogix_dp: Make PSR-exit block less Greg Kroah-Hartman
` (67 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan E. Egge, Ilia Mirkin,
Ben Skeggs, Karol Herbst
From: Ilia Mirkin <imirkin@alum.mit.edu>
commit bd6e07e72f37f34535bec7eebc807e5fcfe37b43 upstream.
The struct is giant, and triggers an order-7 allocation (512K). There is
no reason for this to be kmalloc-type memory, so switch to vmalloc. This
should help loading nouveau on low-memory and/or long-running systems.
Reported-by: Nathan E. Egge <unlord@xiph.org>
Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Reviewed-by: Karol Herbst <kherbst@redhat.com>
Signed-off-by: Karol Herbst <kherbst@redhat.com>
Link: https://gitlab.freedesktop.org/drm/nouveau/-/merge_requests/10
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/dispnv04/disp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/nouveau/dispnv04/disp.c
+++ b/drivers/gpu/drm/nouveau/dispnv04/disp.c
@@ -179,7 +179,7 @@ nv04_display_destroy(struct drm_device *
nvif_notify_fini(&disp->flip);
nouveau_display(dev)->priv = NULL;
- kfree(disp);
+ vfree(disp);
nvif_object_unmap(&drm->client.device.object);
}
@@ -197,7 +197,7 @@ nv04_display_create(struct drm_device *d
struct nv04_display *disp;
int i, ret;
- disp = kzalloc(sizeof(*disp), GFP_KERNEL);
+ disp = vzalloc(sizeof(*disp));
if (!disp)
return -ENOMEM;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 258/320] drm/bridge: analogix_dp: Make PSR-exit block less
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 257/320] drm/nouveau/kms/nv04: use vzalloc for nv04_display Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 259/320] parisc: Fix lpa and lpa_user defines Greg Kroah-Hartman
` (66 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zain Wang, Tomasz Figa,
Heiko Stuebner, Sean Paul, Brian Norris, Robert Foss
From: Brian Norris <briannorris@chromium.org>
commit c4c6ef229593366ab593d4d424addc7025b54a76 upstream.
Prior to commit 6c836d965bad ("drm/rockchip: Use the helpers for PSR"),
"PSR exit" used non-blocking analogix_dp_send_psr_spd(). The refactor
started using the blocking variant, for a variety of reasons -- quoting
Sean Paul's potentially-faulty memory:
"""
- To avoid racing a subsequent PSR entry (if exit takes a long time)
- To avoid racing disable/modeset
- We're not displaying new content while exiting PSR anyways, so there
is minimal utility in allowing frames to be submitted
- We're lying to userspace telling them frames are on the screen when
we're just dropping them on the floor
"""
However, I'm finding that this blocking transition is causing upwards of
60+ ms of unneeded latency on PSR-exit, to the point that initial cursor
movements when leaving PSR are unbearably jumpy.
It turns out that we need to meet in the middle somewhere: Sean is right
that we were "lying to userspace" with a non-blocking PSR-exit, but the
new blocking behavior is also waiting too long:
According to the eDP specification, the sink device must support PSR
entry transitions from both state 4 (ACTIVE_RESYNC) and state 0
(INACTIVE). It also states that in ACTIVE_RESYNC, "the Sink device must
display the incoming active frames from the Source device with no
visible glitches and/or artifacts."
Thus, for our purposes, we only need to wait for ACTIVE_RESYNC before
moving on; we are ready to display video, and subsequent PSR-entry is
safe.
Tested on a Samsung Chromebook Plus (i.e., Rockchip RK3399 Gru Kevin),
where this saves about 60ms of latency, for PSR-exit that used to
take about 80ms.
Fixes: 6c836d965bad ("drm/rockchip: Use the helpers for PSR")
Cc: <stable@vger.kernel.org>
Cc: Zain Wang <wzz@rock-chips.com>
Cc: Tomasz Figa <tfiga@chromium.org>
Cc: Heiko Stuebner <heiko@sntech.de>
Cc: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211103135112.v3.1.I67612ea073c3306c71b46a87be894f79707082df@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c
+++ b/drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c
@@ -1086,11 +1086,21 @@ int analogix_dp_send_psr_spd(struct anal
if (!blocking)
return 0;
+ /*
+ * db[1]!=0: entering PSR, wait for fully active remote frame buffer.
+ * db[1]==0: exiting PSR, wait for either
+ * (a) ACTIVE_RESYNC - the sink "must display the
+ * incoming active frames from the Source device with no visible
+ * glitches and/or artifacts", even though timings may still be
+ * re-synchronizing; or
+ * (b) INACTIVE - the transition is fully complete.
+ */
ret = readx_poll_timeout(analogix_dp_get_psr_status, dp, psr_status,
psr_status >= 0 &&
((vsc->db[1] && psr_status == DP_PSR_SINK_ACTIVE_RFB) ||
- (!vsc->db[1] && psr_status == DP_PSR_SINK_INACTIVE)), 1500,
- DP_TIMEOUT_PSR_LOOP_MS * 1000);
+ (!vsc->db[1] && (psr_status == DP_PSR_SINK_ACTIVE_RESYNC ||
+ psr_status == DP_PSR_SINK_INACTIVE))),
+ 1500, DP_TIMEOUT_PSR_LOOP_MS * 1000);
if (ret) {
dev_warn(dp->dev, "Failed to apply PSR %d\n", ret);
return ret;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 259/320] parisc: Fix lpa and lpa_user defines
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 258/320] drm/bridge: analogix_dp: Make PSR-exit block less Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 260/320] PCI: pciehp: Fix infinite loop in IRQ handler upon power fault Greg Kroah-Hartman
` (65 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, John David Anglin, Helge Deller
From: John David Anglin <dave.anglin@bell.net>
commit db19c6f1a2a353cc8dec35b4789733a3cf6e2838 upstream.
While working on the rewrite to the light-weight syscall and futex code, I
experimented with using a hash index based on the user physical address of
atomic variable. This exposed two problems with the lpa and lpa_user defines.
Because of the copy instruction, the pa argument needs to be an early clobber
argument. This prevents gcc from allocating the va and pa arguments to the same
register.
Secondly, the lpa instruction can cause a page fault so we need to catch
exceptions.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Fixes: 116d753308cf ("parisc: Use lpa instruction to load physical addresses in driver code")
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.2+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/special_insns.h | 44 +++++++++++++++++---------------
1 file changed, 24 insertions(+), 20 deletions(-)
--- a/arch/parisc/include/asm/special_insns.h
+++ b/arch/parisc/include/asm/special_insns.h
@@ -2,28 +2,32 @@
#ifndef __PARISC_SPECIAL_INSNS_H
#define __PARISC_SPECIAL_INSNS_H
-#define lpa(va) ({ \
- unsigned long pa; \
- __asm__ __volatile__( \
- "copy %%r0,%0\n\t" \
- "lpa %%r0(%1),%0" \
- : "=r" (pa) \
- : "r" (va) \
- : "memory" \
- ); \
- pa; \
+#define lpa(va) ({ \
+ unsigned long pa; \
+ __asm__ __volatile__( \
+ "copy %%r0,%0\n" \
+ "8:\tlpa %%r0(%1),%0\n" \
+ "9:\n" \
+ ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
+ : "=&r" (pa) \
+ : "r" (va) \
+ : "memory" \
+ ); \
+ pa; \
})
-#define lpa_user(va) ({ \
- unsigned long pa; \
- __asm__ __volatile__( \
- "copy %%r0,%0\n\t" \
- "lpa %%r0(%%sr3,%1),%0" \
- : "=r" (pa) \
- : "r" (va) \
- : "memory" \
- ); \
- pa; \
+#define lpa_user(va) ({ \
+ unsigned long pa; \
+ __asm__ __volatile__( \
+ "copy %%r0,%0\n" \
+ "8:\tlpa %%r0(%%sr3,%1),%0\n" \
+ "9:\n" \
+ ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
+ : "=&r" (pa) \
+ : "r" (va) \
+ : "memory" \
+ ); \
+ pa; \
})
#define mfctl(reg) ({ \
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 260/320] PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 259/320] parisc: Fix lpa and lpa_user defines Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-25 12:22 ` Bjorn Helgaas
2022-01-24 18:44 ` [PATCH 5.4 261/320] PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space Greg Kroah-Hartman
` (64 subsequent siblings)
324 siblings, 1 reply; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joseph Bao, Lukas Wunner,
Bjorn Helgaas, Stuart Hayes
From: Lukas Wunner <lukas@wunner.de>
commit 23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12 upstream.
The Power Fault Detected bit in the Slot Status register differs from
all other hotplug events in that it is sticky: It can only be cleared
after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:
If a power controller detects a main power fault on the hot-plug slot,
it must automatically set its internal main power fault latch [...].
The main power fault latch is cleared when software turns off power to
the hot-plug slot.
The stickiness used to cause interrupt storms and infinite loops which
were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault
interrupt storm problem") and 99f0169c17f3 ("PCI: pciehp: enable
software notification on empty slots").
Unfortunately in 2020 the infinite loop issue was inadvertently
reintroduced by commit 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt
race"): The hardirq handler pciehp_isr() clears the PFD bit until
pciehp's power_fault_detected flag is set. That happens in the IRQ
thread pciehp_ist(), which never learns of the event because the hardirq
handler is stuck in an infinite loop. Fix by setting the
power_fault_detected flag already in the hardirq handler.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=214989
Link: https://lore.kernel.org/linux-pci/DM8PR11MB5702255A6A92F735D90A4446868B9@DM8PR11MB5702.namprd11.prod.outlook.com
Fixes: 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt race")
Link: https://lore.kernel.org/r/66eaeef31d4997ceea357ad93259f290ededecfd.1637187226.git.lukas@wunner.de
Reported-by: Joseph Bao <joseph.bao@intel.com>
Tested-by: Joseph Bao <joseph.bao@intel.com>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org # v4.19+
Cc: Stuart Hayes <stuart.w.hayes@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/hotplug/pciehp_hpc.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -577,6 +577,8 @@ read_status:
*/
if (ctrl->power_fault_detected)
status &= ~PCI_EXP_SLTSTA_PFD;
+ else if (status & PCI_EXP_SLTSTA_PFD)
+ ctrl->power_fault_detected = true;
events |= status;
if (!events) {
@@ -586,7 +588,7 @@ read_status:
}
if (status) {
- pcie_capability_write_word(pdev, PCI_EXP_SLTSTA, events);
+ pcie_capability_write_word(pdev, PCI_EXP_SLTSTA, status);
/*
* In MSI mode, all event bits must be zero before the port
@@ -660,8 +662,7 @@ static irqreturn_t pciehp_ist(int irq, v
}
/* Check Power Fault Detected */
- if ((events & PCI_EXP_SLTSTA_PFD) && !ctrl->power_fault_detected) {
- ctrl->power_fault_detected = 1;
+ if (events & PCI_EXP_SLTSTA_PFD) {
ctrl_err(ctrl, "Slot(%s): Power fault\n", slot_name(ctrl));
pciehp_set_indicators(ctrl, PCI_EXP_SLTCTL_PWR_IND_OFF,
PCI_EXP_SLTCTL_ATTN_IND_ON);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 261/320] PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 260/320] PCI: pciehp: Fix infinite loop in IRQ handler upon power fault Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 262/320] PCI: pci-bridge-emul: Correctly set PCIe capabilities Greg Kroah-Hartman
` (63 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Lorenzo Pieralisi
From: Pali Rohár <pali@kernel.org>
commit 7b067ac63a5730d2fae18399fed7e45f23d36912 upstream.
Some bits in PCI config space are reserved when device is PCIe. Properly
define behavior of PCI registers for PCIe emulated bridge and ensure that
it would not be possible change these reserved bits.
Link: https://lore.kernel.org/r/20211124155944.1290-3-pali@kernel.org
Fixes: 23a5fba4d941 ("PCI: Introduce PCI bridge emulated config space common logic")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci-bridge-emul.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/drivers/pci/pci-bridge-emul.c
+++ b/drivers/pci/pci-bridge-emul.c
@@ -300,6 +300,27 @@ int pci_bridge_emul_init(struct pci_brid
kfree(bridge->pci_regs_behavior);
return -ENOMEM;
}
+ /* These bits are applicable only for PCI and reserved on PCIe */
+ bridge->pci_regs_behavior[PCI_CACHE_LINE_SIZE / 4].ro &=
+ ~GENMASK(15, 8);
+ bridge->pci_regs_behavior[PCI_COMMAND / 4].ro &=
+ ~((PCI_COMMAND_SPECIAL | PCI_COMMAND_INVALIDATE |
+ PCI_COMMAND_VGA_PALETTE | PCI_COMMAND_WAIT |
+ PCI_COMMAND_FAST_BACK) |
+ (PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK |
+ PCI_STATUS_DEVSEL_MASK) << 16);
+ bridge->pci_regs_behavior[PCI_PRIMARY_BUS / 4].ro &=
+ ~GENMASK(31, 24);
+ bridge->pci_regs_behavior[PCI_IO_BASE / 4].ro &=
+ ~((PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK |
+ PCI_STATUS_DEVSEL_MASK) << 16);
+ bridge->pci_regs_behavior[PCI_INTERRUPT_LINE / 4].rw &=
+ ~((PCI_BRIDGE_CTL_MASTER_ABORT |
+ BIT(8) | BIT(9) | BIT(11)) << 16);
+ bridge->pci_regs_behavior[PCI_INTERRUPT_LINE / 4].ro &=
+ ~((PCI_BRIDGE_CTL_FAST_BACK) << 16);
+ bridge->pci_regs_behavior[PCI_INTERRUPT_LINE / 4].w1c &=
+ ~(BIT(10) << 16);
}
if (flags & PCI_BRIDGE_EMUL_NO_PREFETCHABLE_BAR) {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 262/320] PCI: pci-bridge-emul: Correctly set PCIe capabilities
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 261/320] PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 263/320] PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device Greg Kroah-Hartman
` (62 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Lorenzo Pieralisi
From: Pali Rohár <pali@kernel.org>
commit 1f1050c5e1fefb34ac90a506b43e9da803b5f8f7 upstream.
Older mvebu hardware provides PCIe Capability structure only in version 1.
New mvebu and aardvark hardware provides it in version 2. So do not force
version to 2 in pci_bridge_emul_init() and rather allow drivers to set
correct version. Drivers need to set version in pcie_conf.cap field without
overwriting PCI_CAP_LIST_ID register. Both drivers (mvebu and aardvark) do
not provide slot support yet, so do not set PCI_EXP_FLAGS_SLOT flag.
Link: https://lore.kernel.org/r/20211124155944.1290-6-pali@kernel.org
Fixes: 23a5fba4d941 ("PCI: Introduce PCI bridge emulated config space common logic")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pci-aardvark.c | 4 +++-
drivers/pci/controller/pci-mvebu.c | 8 ++++++++
drivers/pci/pci-bridge-emul.c | 5 +----
3 files changed, 12 insertions(+), 5 deletions(-)
--- a/drivers/pci/controller/pci-aardvark.c
+++ b/drivers/pci/controller/pci-aardvark.c
@@ -863,7 +863,6 @@ advk_pci_bridge_emul_pcie_conf_read(stru
return PCI_BRIDGE_EMUL_HANDLED;
}
- case PCI_CAP_LIST_ID:
case PCI_EXP_DEVCAP:
case PCI_EXP_DEVCTL:
*value = advk_readl(pcie, PCIE_CORE_PCIEXP_CAP + reg);
@@ -944,6 +943,9 @@ static int advk_sw_pci_bridge_init(struc
/* Support interrupt A for MSI feature */
bridge->conf.intpin = PCIE_CORE_INT_A_ASSERT_ENABLE;
+ /* Aardvark HW provides PCIe Capability structure in version 2 */
+ bridge->pcie_conf.cap = cpu_to_le16(2);
+
/* Indicates supports for Completion Retry Status */
bridge->pcie_conf.rootcap = cpu_to_le16(PCI_EXP_RTCAP_CRSVIS);
--- a/drivers/pci/controller/pci-mvebu.c
+++ b/drivers/pci/controller/pci-mvebu.c
@@ -576,6 +576,8 @@ struct pci_bridge_emul_ops mvebu_pci_bri
static void mvebu_pci_bridge_emul_init(struct mvebu_pcie_port *port)
{
struct pci_bridge_emul *bridge = &port->bridge;
+ u32 pcie_cap = mvebu_readl(port, PCIE_CAP_PCIEXP);
+ u8 pcie_cap_ver = ((pcie_cap >> 16) & PCI_EXP_FLAGS_VERS);
bridge->conf.vendor = PCI_VENDOR_ID_MARVELL;
bridge->conf.device = mvebu_readl(port, PCIE_DEV_ID_OFF) >> 16;
@@ -588,6 +590,12 @@ static void mvebu_pci_bridge_emul_init(s
bridge->conf.iolimit = PCI_IO_RANGE_TYPE_32;
}
+ /*
+ * Older mvebu hardware provides PCIe Capability structure only in
+ * version 1. New hardware provides it in version 2.
+ */
+ bridge->pcie_conf.cap = cpu_to_le16(pcie_cap_ver);
+
bridge->has_pcie = true;
bridge->data = port;
bridge->ops = &mvebu_pci_bridge_emul_ops;
--- a/drivers/pci/pci-bridge-emul.c
+++ b/drivers/pci/pci-bridge-emul.c
@@ -288,10 +288,7 @@ int pci_bridge_emul_init(struct pci_brid
if (bridge->has_pcie) {
bridge->conf.capabilities_pointer = PCI_CAP_PCIE_START;
bridge->pcie_conf.cap_id = PCI_CAP_ID_EXP;
- /* Set PCIe v2, root port, slot support */
- bridge->pcie_conf.cap =
- cpu_to_le16(PCI_EXP_TYPE_ROOT_PORT << 4 | 2 |
- PCI_EXP_FLAGS_SLOT);
+ bridge->pcie_conf.cap |= cpu_to_le16(PCI_EXP_TYPE_ROOT_PORT << 4);
bridge->pcie_cap_regs_behavior =
kmemdup(pcie_cap_regs_behavior,
sizeof(pcie_cap_regs_behavior),
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 263/320] PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 262/320] PCI: pci-bridge-emul: Correctly set PCIe capabilities Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 264/320] xfrm: fix policy lookup for ipv6 gre packets Greg Kroah-Hartman
` (61 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Lorenzo Pieralisi
From: Pali Rohár <pali@kernel.org>
commit 3be9d243b21724d49b65043d4520d688b6040b36 upstream.
Since all PCI Express device Functions are required to implement the PCI
Express Capability structure, Capabilities List bit in PCI Status Register
must be hardwired to 1b. Capabilities Pointer register (which is already
set by pci-bride-emul.c driver) is valid only when Capabilities List is set
to 1b.
Link: https://lore.kernel.org/r/20211124155944.1290-7-pali@kernel.org
Fixes: 23a5fba4d941 ("PCI: Introduce PCI bridge emulated config space common logic")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci-bridge-emul.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/pci/pci-bridge-emul.c
+++ b/drivers/pci/pci-bridge-emul.c
@@ -287,6 +287,7 @@ int pci_bridge_emul_init(struct pci_brid
if (bridge->has_pcie) {
bridge->conf.capabilities_pointer = PCI_CAP_PCIE_START;
+ bridge->conf.status |= cpu_to_le16(PCI_STATUS_CAP_LIST);
bridge->pcie_conf.cap_id = PCI_CAP_ID_EXP;
bridge->pcie_conf.cap |= cpu_to_le16(PCI_EXP_TYPE_ROOT_PORT << 4);
bridge->pcie_cap_regs_behavior =
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 264/320] xfrm: fix policy lookup for ipv6 gre packets
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 263/320] PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 265/320] btrfs: fix deadlock between quota enable and other quota operations Greg Kroah-Hartman
` (60 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ghalem Boudour, Nicolas Dichtel,
Steffen Klassert
From: Ghalem Boudour <ghalem.boudour@6wind.com>
commit bcf141b2eb551b3477b24997ebc09c65f117a803 upstream.
On egress side, xfrm lookup is called from __gre6_xmit() with the
fl6_gre_key field not initialized leading to policies selectors check
failure. Consequently, gre packets are sent without encryption.
On ingress side, INET6_PROTO_NOPOLICY was set, thus packets were not
checked against xfrm policies. Like for egress side, fl6_gre_key should be
correctly set, this is now done in decode_session6().
Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Cc: stable@vger.kernel.org
Signed-off-by: Ghalem Boudour <ghalem.boudour@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_gre.c | 5 ++++-
net/xfrm/xfrm_policy.c | 21 +++++++++++++++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -743,6 +743,7 @@ static netdev_tx_t __gre6_xmit(struct sk
fl6->daddr = key->u.ipv6.dst;
fl6->flowlabel = key->label;
fl6->flowi6_uid = sock_net_uid(dev_net(dev), NULL);
+ fl6->fl6_gre_key = tunnel_id_to_key32(key->tun_id);
dsfield = key->tos;
flags = key->tun_flags &
@@ -978,6 +979,7 @@ static netdev_tx_t ip6erspan_tunnel_xmit
fl6.daddr = key->u.ipv6.dst;
fl6.flowlabel = key->label;
fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL);
+ fl6.fl6_gre_key = tunnel_id_to_key32(key->tun_id);
dsfield = key->tos;
if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))
@@ -1085,6 +1087,7 @@ static void ip6gre_tnl_link_config_commo
fl6->flowi6_oif = p->link;
fl6->flowlabel = 0;
fl6->flowi6_proto = IPPROTO_GRE;
+ fl6->fl6_gre_key = t->parms.o_key;
if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS))
fl6->flowlabel |= IPV6_TCLASS_MASK & p->flowinfo;
@@ -1530,7 +1533,7 @@ static void ip6gre_fb_tunnel_init(struct
static struct inet6_protocol ip6gre_protocol __read_mostly = {
.handler = gre_rcv,
.err_handler = ip6gre_err,
- .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
+ .flags = INET6_PROTO_FINAL,
};
static void ip6gre_destroy_tunnels(struct net *net, struct list_head *head)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -33,6 +33,7 @@
#include <net/flow.h>
#include <net/xfrm.h>
#include <net/ip.h>
+#include <net/gre.h>
#if IS_ENABLED(CONFIG_IPV6_MIP6)
#include <net/mip6.h>
#endif
@@ -3443,6 +3444,26 @@ decode_session6(struct sk_buff *skb, str
}
fl6->flowi6_proto = nexthdr;
return;
+ case IPPROTO_GRE:
+ if (!onlyproto &&
+ (nh + offset + 12 < skb->data ||
+ pskb_may_pull(skb, nh + offset + 12 - skb->data))) {
+ struct gre_base_hdr *gre_hdr;
+ __be32 *gre_key;
+
+ nh = skb_network_header(skb);
+ gre_hdr = (struct gre_base_hdr *)(nh + offset);
+ gre_key = (__be32 *)(gre_hdr + 1);
+
+ if (gre_hdr->flags & GRE_KEY) {
+ if (gre_hdr->flags & GRE_CSUM)
+ gre_key++;
+ fl6->fl6_gre_key = *gre_key;
+ }
+ }
+ fl6->flowi6_proto = nexthdr;
+ return;
+
#if IS_ENABLED(CONFIG_IPV6_MIP6)
case IPPROTO_MH:
offset += ipv6_optlen(exthdr);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 265/320] btrfs: fix deadlock between quota enable and other quota operations
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 264/320] xfrm: fix policy lookup for ipv6 gre packets Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 266/320] btrfs: check the root node for uptodate before returning it Greg Kroah-Hartman
` (59 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hao Sun, Qu Wenruo, Filipe Manana,
David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 232796df8c1437c41d308d161007f0715bac0a54 upstream.
When enabling quotas, we attempt to commit a transaction while holding the
mutex fs_info->qgroup_ioctl_lock. This can result on a deadlock with other
quota operations such as:
- qgroup creation and deletion, ioctl BTRFS_IOC_QGROUP_CREATE;
- adding and removing qgroup relations, ioctl BTRFS_IOC_QGROUP_ASSIGN.
This is because these operations join a transaction and after that they
attempt to lock the mutex fs_info->qgroup_ioctl_lock. Acquiring that mutex
after joining or starting a transaction is a pattern followed everywhere
in qgroups, so the quota enablement operation is the one at fault here,
and should not commit a transaction while holding that mutex.
Fix this by making the transaction commit while not holding the mutex.
We are safe from two concurrent tasks trying to enable quotas because
we are serialized by the rw semaphore fs_info->subvol_sem at
btrfs_ioctl_quota_ctl(), which is the only call site for enabling
quotas.
When this deadlock happens, it produces a trace like the following:
INFO: task syz-executor:25604 blocked for more than 143 seconds.
Not tainted 5.15.0-rc6 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24800 pid:25604 ppid: 24873 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xcd9/0x2530 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
btrfs_commit_transaction+0x994/0x2e90 fs/btrfs/transaction.c:2201
btrfs_quota_enable+0x95c/0x1790 fs/btrfs/qgroup.c:1120
btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:4229 [inline]
btrfs_ioctl+0x637e/0x7b70 fs/btrfs/ioctl.c:5010
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f86920b2c4d
RSP: 002b:00007f868f61ac58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f86921d90a0 RCX: 00007f86920b2c4d
RDX: 0000000020005e40 RSI: 00000000c0109428 RDI: 0000000000000008
RBP: 00007f869212bd80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f86921d90a0
R13: 00007fff6d233e4f R14: 00007fff6d233ff0 R15: 00007f868f61adc0
INFO: task syz-executor:25628 blocked for more than 143 seconds.
Not tainted 5.15.0-rc6 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:29080 pid:25628 ppid: 24873 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xcd9/0x2530 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xc96/0x1680 kernel/locking/mutex.c:729
btrfs_remove_qgroup+0xb7/0x7d0 fs/btrfs/qgroup.c:1548
btrfs_ioctl_qgroup_create fs/btrfs/ioctl.c:4333 [inline]
btrfs_ioctl+0x683c/0x7b70 fs/btrfs/ioctl.c:5014
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Reported-by: Hao Sun <sunhao.th@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CACkBjsZQF19bQ1C6=yetF3BvL10OSORpFUcWXTP6HErshDB4dQ@mail.gmail.com/
Fixes: 340f1aa27f36 ("btrfs: qgroups: Move transaction management inside btrfs_quota_enable/disable")
CC: stable@vger.kernel.org # 4.19
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -890,6 +890,14 @@ int btrfs_quota_enable(struct btrfs_fs_i
int ret = 0;
int slot;
+ /*
+ * We need to have subvol_sem write locked, to prevent races between
+ * concurrent tasks trying to enable quotas, because we will unlock
+ * and relock qgroup_ioctl_lock before setting fs_info->quota_root
+ * and before setting BTRFS_FS_QUOTA_ENABLED.
+ */
+ lockdep_assert_held_write(&fs_info->subvol_sem);
+
mutex_lock(&fs_info->qgroup_ioctl_lock);
if (fs_info->quota_root)
goto out;
@@ -1035,8 +1043,19 @@ out_add_root:
goto out_free_path;
}
+ mutex_unlock(&fs_info->qgroup_ioctl_lock);
+ /*
+ * Commit the transaction while not holding qgroup_ioctl_lock, to avoid
+ * a deadlock with tasks concurrently doing other qgroup operations, such
+ * adding/removing qgroups or adding/deleting qgroup relations for example,
+ * because all qgroup operations first start or join a transaction and then
+ * lock the qgroup_ioctl_lock mutex.
+ * We are safe from a concurrent task trying to enable quotas, by calling
+ * this function, since we are serialized by fs_info->subvol_sem.
+ */
ret = btrfs_commit_transaction(trans);
trans = NULL;
+ mutex_lock(&fs_info->qgroup_ioctl_lock);
if (ret)
goto out_free_path;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 266/320] btrfs: check the root node for uptodate before returning it
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 265/320] btrfs: fix deadlock between quota enable and other quota operations Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 267/320] btrfs: respect the max size in the header when activating swap file Greg Kroah-Hartman
` (58 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Josef Bacik, David Sterba
From: Josef Bacik <josef@toxicpanda.com>
commit 120de408e4b97504a2d9b5ca534b383de2c73d49 upstream.
Now that we clear the extent buffer uptodate if we fail to write it out
we need to check to see if our root node is uptodate before we search
down it. Otherwise we could return stale data (or potentially corrupt
data that was caught by the write verification step) and think that the
path is OK to search down.
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ctree.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2658,12 +2658,9 @@ static struct extent_buffer *btrfs_searc
{
struct btrfs_fs_info *fs_info = root->fs_info;
struct extent_buffer *b;
- int root_lock;
+ int root_lock = 0;
int level = 0;
- /* We try very hard to do read locks on the root */
- root_lock = BTRFS_READ_LOCK;
-
if (p->search_commit_root) {
/*
* The commit roots are read only so we always do read locks,
@@ -2701,6 +2698,9 @@ static struct extent_buffer *btrfs_searc
goto out;
}
+ /* We try very hard to do read locks on the root */
+ root_lock = BTRFS_READ_LOCK;
+
/*
* If the level is set to maximum, we can skip trying to get the read
* lock.
@@ -2727,6 +2727,17 @@ static struct extent_buffer *btrfs_searc
level = btrfs_header_level(b);
out:
+ /*
+ * The root may have failed to write out at some point, and thus is no
+ * longer valid, return an error in this case.
+ */
+ if (!extent_buffer_uptodate(b)) {
+ if (root_lock)
+ btrfs_tree_unlock_rw(b, root_lock);
+ free_extent_buffer(b);
+ return ERR_PTR(-EIO);
+ }
+
p->nodes[level] = b;
if (!p->skip_locking)
p->locks[level] = root_lock;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 267/320] btrfs: respect the max size in the header when activating swap file
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 266/320] btrfs: check the root node for uptodate before returning it Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 268/320] ext4: make sure to reset inode lockdep class when quota enabling fails Greg Kroah-Hartman
` (57 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit c2f822635df873c510bda6fb7fd1b10b7c31be2d upstream.
If we extended the size of a swapfile after its header was created (by the
mkswap utility) and then try to activate it, we will map the entire file
when activating the swap file, instead of limiting to the max size defined
in the swap file's header.
Currently test case generic/643 from fstests fails because we do not
respect that size limit defined in the swap file's header.
So fix this by not mapping file ranges beyond the max size defined in the
swap header.
This is the same type of bug that iomap used to have, and was fixed in
commit 36ca7943ac18ae ("mm/swap: consider max pages in
iomap_swapfile_add_extent").
Fixes: ed46ff3d423780 ("Btrfs: support swap files")
CC: stable@vger.kernel.org # 5.4+
Reviewed-and-tested-by: Josef Bacik <josef@toxicpanda.com
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -10808,9 +10808,19 @@ static int btrfs_add_swap_extent(struct
struct btrfs_swap_info *bsi)
{
unsigned long nr_pages;
+ unsigned long max_pages;
u64 first_ppage, first_ppage_reported, next_ppage;
int ret;
+ /*
+ * Our swapfile may have had its size extended after the swap header was
+ * written. In that case activating the swapfile should not go beyond
+ * the max size set in the swap header.
+ */
+ if (bsi->nr_pages >= sis->max)
+ return 0;
+
+ max_pages = sis->max - bsi->nr_pages;
first_ppage = ALIGN(bsi->block_start, PAGE_SIZE) >> PAGE_SHIFT;
next_ppage = ALIGN_DOWN(bsi->block_start + bsi->block_len,
PAGE_SIZE) >> PAGE_SHIFT;
@@ -10818,6 +10828,7 @@ static int btrfs_add_swap_extent(struct
if (first_ppage >= next_ppage)
return 0;
nr_pages = next_ppage - first_ppage;
+ nr_pages = min(nr_pages, max_pages);
first_ppage_reported = first_ppage;
if (bsi->start == 0)
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 268/320] ext4: make sure to reset inode lockdep class when quota enabling fails
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 267/320] btrfs: respect the max size in the header when activating swap file Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 269/320] ext4: make sure quota gets properly shutdown on error Greg Kroah-Hartman
` (56 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kara, stable, Theodore Tso,
syzbot+3b6f9218b1301ddda3e2
From: Jan Kara <jack@suse.cz>
commit 4013d47a5307fdb5c13370b5392498b00fedd274 upstream.
When we succeed in enabling some quota type but fail to enable another
one with quota feature, we correctly disable all enabled quota types.
However we forget to reset i_data_sem lockdep class. When the inode gets
freed and reused, it will inherit this lockdep class (i_data_sem is
initialized only when a slab is created) and thus eventually lockdep
barfs about possible deadlocks.
Reported-and-tested-by: syzbot+3b6f9218b1301ddda3e2@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20211007155336.12493-3-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -5998,8 +5998,19 @@ static int ext4_enable_quotas(struct sup
"Failed to enable quota tracking "
"(type=%d, err=%d). Please run "
"e2fsck to fix.", type, err);
- for (type--; type >= 0; type--)
+ for (type--; type >= 0; type--) {
+ struct inode *inode;
+
+ inode = sb_dqopt(sb)->files[type];
+ if (inode)
+ inode = igrab(inode);
dquot_quota_off(sb, type);
+ if (inode) {
+ lockdep_set_quota_inode(inode,
+ I_DATA_SEM_NORMAL);
+ iput(inode);
+ }
+ }
return err;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 269/320] ext4: make sure quota gets properly shutdown on error
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 268/320] ext4: make sure to reset inode lockdep class when quota enabling fails Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 270/320] ext4: set csum seed in tmp inode while migrating to extents Greg Kroah-Hartman
` (55 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, stable, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 15fc69bbbbbc8c72e5f6cc4e1be0f51283c5448e upstream.
When we hit an error when enabling quotas and setting inode flags, we do
not properly shutdown quota subsystem despite returning error from
Q_QUOTAON quotactl. This can lead to some odd situations like kernel
using quota file while it is still writeable for userspace. Make sure we
properly cleanup the quota subsystem in case of error.
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20211007155336.12493-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -5912,10 +5912,7 @@ static int ext4_quota_on(struct super_bl
lockdep_set_quota_inode(path->dentry->d_inode, I_DATA_SEM_QUOTA);
err = dquot_quota_on(sb, type, format_id, path);
- if (err) {
- lockdep_set_quota_inode(path->dentry->d_inode,
- I_DATA_SEM_NORMAL);
- } else {
+ if (!err) {
struct inode *inode = d_inode(path->dentry);
handle_t *handle;
@@ -5935,7 +5932,12 @@ static int ext4_quota_on(struct super_bl
ext4_journal_stop(handle);
unlock_inode:
inode_unlock(inode);
+ if (err)
+ dquot_quota_off(sb, type);
}
+ if (err)
+ lockdep_set_quota_inode(path->dentry->d_inode,
+ I_DATA_SEM_NORMAL);
return err;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 270/320] ext4: set csum seed in tmp inode while migrating to extents
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 269/320] ext4: make sure quota gets properly shutdown on error Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 271/320] ext4: Fix BUG_ON in ext4_bread when write quota data Greg Kroah-Hartman
` (54 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeroen van Wolffelaar,
Luís Henriques, Theodore Tso, stable
From: Luís Henriques <lhenriques@suse.de>
commit e81c9302a6c3c008f5c30beb73b38adb0170ff2d upstream.
When migrating to extents, the temporary inode will have it's own checksum
seed. This means that, when swapping the inodes data, the inode checksums
will be incorrect.
This can be fixed by recalculating the extents checksums again. Or simply
by copying the seed into the temporary inode.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=213357
Reported-by: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Signed-off-by: Luís Henriques <lhenriques@suse.de>
Link: https://lore.kernel.org/r/20211214175058.19511-1-lhenriques@suse.de
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/migrate.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/fs/ext4/migrate.c
+++ b/fs/ext4/migrate.c
@@ -477,6 +477,17 @@ int ext4_ext_migrate(struct inode *inode
ext4_journal_stop(handle);
goto out_unlock;
}
+ /*
+ * Use the correct seed for checksum (i.e. the seed from 'inode'). This
+ * is so that the metadata blocks will have the correct checksum after
+ * the migration.
+ *
+ * Note however that, if a crash occurs during the migration process,
+ * the recovery process is broken because the tmp_inode checksums will
+ * be wrong and the orphans cleanup will fail.
+ */
+ ei = EXT4_I(inode);
+ EXT4_I(tmp_inode)->i_csum_seed = ei->i_csum_seed;
i_size_write(tmp_inode, i_size_read(inode));
/*
* Set the i_nlink to zero so it will be deleted later
@@ -520,7 +531,6 @@ int ext4_ext_migrate(struct inode *inode
goto out_tmp_inode;
}
- ei = EXT4_I(inode);
i_data = ei->i_data;
memset(&lb, 0, sizeof(lb));
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 271/320] ext4: Fix BUG_ON in ext4_bread when write quota data
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 270/320] ext4: set csum seed in tmp inode while migrating to extents Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 272/320] ext4: dont use the orphan list when migrating an inode Greg Kroah-Hartman
` (53 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Bin, Jan Kara, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit 380a0091cab482489e9b19e07f2a166ad2b76d5c upstream.
We got issue as follows when run syzkaller:
[ 167.936972] EXT4-fs error (device loop0): __ext4_remount:6314: comm rep: Abort forced by user
[ 167.938306] EXT4-fs (loop0): Remounting filesystem read-only
[ 167.981637] Assertion failure in ext4_getblk() at fs/ext4/inode.c:847: '(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_FC_REPLAY) || handle != NULL || create == 0'
[ 167.983601] ------------[ cut here ]------------
[ 167.984245] kernel BUG at fs/ext4/inode.c:847!
[ 167.984882] invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[ 167.985624] CPU: 7 PID: 2290 Comm: rep Tainted: G B 5.16.0-rc5-next-20211217+ #123
[ 167.986823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
[ 167.988590] RIP: 0010:ext4_getblk+0x17e/0x504
[ 167.989189] Code: c6 01 74 28 49 c7 c0 a0 a3 5c 9b b9 4f 03 00 00 48 c7 c2 80 9c 5c 9b 48 c7 c6 40 b6 5c 9b 48 c7 c7 20 a4 5c 9b e8 77 e3 fd ff <0f> 0b 8b 04 244
[ 167.991679] RSP: 0018:ffff8881736f7398 EFLAGS: 00010282
[ 167.992385] RAX: 0000000000000094 RBX: 1ffff1102e6dee75 RCX: 0000000000000000
[ 167.993337] RDX: 0000000000000001 RSI: ffffffff9b6e29e0 RDI: ffffed102e6dee66
[ 167.994292] RBP: ffff88816a076210 R08: 0000000000000094 R09: ffffed107363fa09
[ 167.995252] R10: ffff88839b1fd047 R11: ffffed107363fa08 R12: ffff88816a0761e8
[ 167.996205] R13: 0000000000000000 R14: 0000000000000021 R15: 0000000000000001
[ 167.997158] FS: 00007f6a1428c740(0000) GS:ffff88839b000000(0000) knlGS:0000000000000000
[ 167.998238] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 167.999025] CR2: 00007f6a140716c8 CR3: 0000000133216000 CR4: 00000000000006e0
[ 167.999987] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 168.000944] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 168.001899] Call Trace:
[ 168.002235] <TASK>
[ 168.007167] ext4_bread+0xd/0x53
[ 168.007612] ext4_quota_write+0x20c/0x5c0
[ 168.010457] write_blk+0x100/0x220
[ 168.010944] remove_free_dqentry+0x1c6/0x440
[ 168.011525] free_dqentry.isra.0+0x565/0x830
[ 168.012133] remove_tree+0x318/0x6d0
[ 168.014744] remove_tree+0x1eb/0x6d0
[ 168.017346] remove_tree+0x1eb/0x6d0
[ 168.019969] remove_tree+0x1eb/0x6d0
[ 168.022128] qtree_release_dquot+0x291/0x340
[ 168.023297] v2_release_dquot+0xce/0x120
[ 168.023847] dquot_release+0x197/0x3e0
[ 168.024358] ext4_release_dquot+0x22a/0x2d0
[ 168.024932] dqput.part.0+0x1c9/0x900
[ 168.025430] __dquot_drop+0x120/0x190
[ 168.025942] ext4_clear_inode+0x86/0x220
[ 168.026472] ext4_evict_inode+0x9e8/0xa22
[ 168.028200] evict+0x29e/0x4f0
[ 168.028625] dispose_list+0x102/0x1f0
[ 168.029148] evict_inodes+0x2c1/0x3e0
[ 168.030188] generic_shutdown_super+0xa4/0x3b0
[ 168.030817] kill_block_super+0x95/0xd0
[ 168.031360] deactivate_locked_super+0x85/0xd0
[ 168.031977] cleanup_mnt+0x2bc/0x480
[ 168.033062] task_work_run+0xd1/0x170
[ 168.033565] do_exit+0xa4f/0x2b50
[ 168.037155] do_group_exit+0xef/0x2d0
[ 168.037666] __x64_sys_exit_group+0x3a/0x50
[ 168.038237] do_syscall_64+0x3b/0x90
[ 168.038751] entry_SYSCALL_64_after_hwframe+0x44/0xae
In order to reproduce this problem, the following conditions need to be met:
1. Ext4 filesystem with no journal;
2. Filesystem image with incorrect quota data;
3. Abort filesystem forced by user;
4. umount filesystem;
As in ext4_quota_write:
...
if (EXT4_SB(sb)->s_journal && !handle) {
ext4_msg(sb, KERN_WARNING, "Quota write (off=%llu, len=%llu)"
" cancelled because transaction is not started",
(unsigned long long)off, (unsigned long long)len);
return -EIO;
}
...
We only check handle if NULL when filesystem has journal. There is need
check handle if NULL even when filesystem has no journal.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20211223015506.297766-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6114,7 +6114,7 @@ static ssize_t ext4_quota_write(struct s
struct buffer_head *bh;
handle_t *handle = journal_current_handle();
- if (EXT4_SB(sb)->s_journal && !handle) {
+ if (!handle) {
ext4_msg(sb, KERN_WARNING, "Quota write (off=%llu, len=%llu)"
" cancelled because transaction is not started",
(unsigned long long)off, (unsigned long long)len);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 272/320] ext4: dont use the orphan list when migrating an inode
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 271/320] ext4: Fix BUG_ON in ext4_bread when write quota data Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 273/320] drm/radeon: fix error handling in radeon_driver_open_kms Greg Kroah-Hartman
` (52 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Theodore Tso, Lukas Czerner, stable
From: Theodore Ts'o <tytso@mit.edu>
commit 6eeaf88fd586f05aaf1d48cb3a139d2a5c6eb055 upstream.
We probably want to remove the indirect block to extents migration
feature after a deprecation window, but until then, let's fix a
potential data loss problem caused by the fact that we put the
tmp_inode on the orphan list. In the unlikely case where we crash and
do a journal recovery, the data blocks belonging to the inode being
migrated are also represented in the tmp_inode on the orphan list ---
and so its data blocks will get marked unallocated, and available for
reuse.
Instead, stop putting the tmp_inode on the oprhan list. So in the
case where we crash while migrating the inode, we'll leak an inode,
which is not a disaster. It will be easily fixed the next time we run
fsck, and it's better than potentially having blocks getting claimed
by two different files, and losing data as a result.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/migrate.c | 19 ++++---------------
1 file changed, 4 insertions(+), 15 deletions(-)
--- a/fs/ext4/migrate.c
+++ b/fs/ext4/migrate.c
@@ -455,12 +455,12 @@ int ext4_ext_migrate(struct inode *inode
percpu_down_write(&sbi->s_writepages_rwsem);
/*
- * Worst case we can touch the allocation bitmaps, a bgd
- * block, and a block to link in the orphan list. We do need
- * need to worry about credits for modifying the quota inode.
+ * Worst case we can touch the allocation bitmaps and a block
+ * group descriptor block. We do need need to worry about
+ * credits for modifying the quota inode.
*/
handle = ext4_journal_start(inode, EXT4_HT_MIGRATE,
- 4 + EXT4_MAXQUOTAS_TRANS_BLOCKS(inode->i_sb));
+ 3 + EXT4_MAXQUOTAS_TRANS_BLOCKS(inode->i_sb));
if (IS_ERR(handle)) {
retval = PTR_ERR(handle);
@@ -481,10 +481,6 @@ int ext4_ext_migrate(struct inode *inode
* Use the correct seed for checksum (i.e. the seed from 'inode'). This
* is so that the metadata blocks will have the correct checksum after
* the migration.
- *
- * Note however that, if a crash occurs during the migration process,
- * the recovery process is broken because the tmp_inode checksums will
- * be wrong and the orphans cleanup will fail.
*/
ei = EXT4_I(inode);
EXT4_I(tmp_inode)->i_csum_seed = ei->i_csum_seed;
@@ -496,7 +492,6 @@ int ext4_ext_migrate(struct inode *inode
clear_nlink(tmp_inode);
ext4_ext_tree_init(handle, tmp_inode);
- ext4_orphan_add(handle, tmp_inode);
ext4_journal_stop(handle);
/*
@@ -521,12 +516,6 @@ int ext4_ext_migrate(struct inode *inode
handle = ext4_journal_start(inode, EXT4_HT_MIGRATE, 1);
if (IS_ERR(handle)) {
- /*
- * It is impossible to update on-disk structures without
- * a handle, so just rollback in-core changes and live other
- * work to orphan_list_cleanup()
- */
- ext4_orphan_del(NULL, tmp_inode);
retval = PTR_ERR(handle);
goto out_tmp_inode;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 273/320] drm/radeon: fix error handling in radeon_driver_open_kms
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 272/320] ext4: dont use the orphan list when migrating an inode Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 274/320] of: base: Improve argument length mismatch error Greg Kroah-Hartman
` (51 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian König, Jan Stancek,
Borislav Petkov, Alex Deucher
From: Christian König <christian.koenig@amd.com>
commit 4722f463896cc0ef1a6f1c3cb2e171e949831249 upstream.
The return value was never initialized so the cleanup code executed when
it isn't even necessary.
Just add proper error handling.
Fixes: ab50cb9df889 ("drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()")
Signed-off-by: Christian König <christian.koenig@amd.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/radeon/radeon_kms.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
--- a/drivers/gpu/drm/radeon/radeon_kms.c
+++ b/drivers/gpu/drm/radeon/radeon_kms.c
@@ -652,18 +652,18 @@ int radeon_driver_open_kms(struct drm_de
fpriv = kzalloc(sizeof(*fpriv), GFP_KERNEL);
if (unlikely(!fpriv)) {
r = -ENOMEM;
- goto out_suspend;
+ goto err_suspend;
}
if (rdev->accel_working) {
vm = &fpriv->vm;
r = radeon_vm_init(rdev, vm);
if (r)
- goto out_fpriv;
+ goto err_fpriv;
r = radeon_bo_reserve(rdev->ring_tmp_bo.bo, false);
if (r)
- goto out_vm_fini;
+ goto err_vm_fini;
/* map the ib pool buffer read only into
* virtual address space */
@@ -671,7 +671,7 @@ int radeon_driver_open_kms(struct drm_de
rdev->ring_tmp_bo.bo);
if (!vm->ib_bo_va) {
r = -ENOMEM;
- goto out_vm_fini;
+ goto err_vm_fini;
}
r = radeon_vm_bo_set_addr(rdev, vm->ib_bo_va,
@@ -679,19 +679,21 @@ int radeon_driver_open_kms(struct drm_de
RADEON_VM_PAGE_READABLE |
RADEON_VM_PAGE_SNOOPED);
if (r)
- goto out_vm_fini;
+ goto err_vm_fini;
}
file_priv->driver_priv = fpriv;
}
- if (!r)
- goto out_suspend;
+ pm_runtime_mark_last_busy(dev->dev);
+ pm_runtime_put_autosuspend(dev->dev);
+ return 0;
-out_vm_fini:
+err_vm_fini:
radeon_vm_fini(rdev, vm);
-out_fpriv:
+err_fpriv:
kfree(fpriv);
-out_suspend:
+
+err_suspend:
pm_runtime_mark_last_busy(dev->dev);
pm_runtime_put_autosuspend(dev->dev);
return r;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 274/320] of: base: Improve argument length mismatch error
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 273/320] drm/radeon: fix error handling in radeon_driver_open_kms Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 275/320] firmware: Update Kconfig help text for Google firmware Greg Kroah-Hartman
` (50 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Baruch Siach, Rob Herring
From: Baruch Siach <baruch@tkos.co.il>
commit 5d05b811b5acb92fc581a7b328b36646c86f5ab9 upstream.
The cells_name field of of_phandle_iterator might be NULL. Use the
phandle name instead. With this change instead of:
OF: /soc/pinctrl@1000000: (null) = 3 found 2
We get:
OF: /soc/pinctrl@1000000: phandle pinctrl@1000000 needs 3, found 2
Which is a more helpful messages making DT debugging easier.
In this particular example the phandle name looks like duplicate of the
same node name. But note that the first node is the parent node
(it->parent), while the second is the phandle target (it->node). They
happen to be the same in the case that triggered this improvement. See
commit 72cb4c48a46a ("arm64: dts: qcom: ipq6018: Fix gpio-ranges
property").
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/f6a68e0088a552ea9dfd4d8e3b5b586d92594738.1640881913.git.baruch@tkos.co.il
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/base.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -1366,9 +1366,14 @@ int of_phandle_iterator_next(struct of_p
* property data length
*/
if (it->cur + count > it->list_end) {
- pr_err("%pOF: %s = %d found %td\n",
- it->parent, it->cells_name,
- count, it->list_end - it->cur);
+ if (it->cells_name)
+ pr_err("%pOF: %s = %d found %td\n",
+ it->parent, it->cells_name,
+ count, it->list_end - it->cur);
+ else
+ pr_err("%pOF: phandle %s needs %d, found %td\n",
+ it->parent, of_node_full_name(it->node),
+ count, it->list_end - it->cur);
goto err;
}
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 275/320] firmware: Update Kconfig help text for Google firmware
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 274/320] of: base: Improve argument length mismatch error Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 276/320] media: rcar-csi2: Optimize the selection PHTW register Greg Kroah-Hartman
` (49 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Julius Werner, Ben Hutchings
From: Ben Hutchings <ben@decadent.org.uk>
commit d185a3466f0cd5af8f1c5c782c53bc0e6f2e7136 upstream.
The help text for GOOGLE_FIRMWARE states that it should only be
enabled when building a kernel for Google's own servers. However,
many of the drivers dependent on it are also useful on Chromebooks or
on any platform using coreboot.
Update the help text to reflect this double duty.
Fixes: d384d6f43d1e ("firmware: google memconsole: Add coreboot support")
Reviewed-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Link: https://lore.kernel.org/r/20180618225540.GD14131@decadent.org.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/google/Kconfig | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/firmware/google/Kconfig
+++ b/drivers/firmware/google/Kconfig
@@ -3,9 +3,9 @@ menuconfig GOOGLE_FIRMWARE
bool "Google Firmware Drivers"
default n
help
- These firmware drivers are used by Google's servers. They are
- only useful if you are working directly on one of their
- proprietary servers. If in doubt, say "N".
+ These firmware drivers are used by Google servers,
+ Chromebooks and other devices using coreboot firmware.
+ If in doubt, say "N".
if GOOGLE_FIRMWARE
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 276/320] media: rcar-csi2: Optimize the selection PHTW register
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 275/320] firmware: Update Kconfig help text for Google firmware Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 277/320] Documentation: dmaengine: Correctly describe dmatest with channel unset Greg Kroah-Hartman
` (48 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Suresh Udipi, Michael Rodin,
Niklas Söderlund, Hans Verkuil, Mauro Carvalho Chehab
From: Suresh Udipi <sudipi@jp.adit-jv.com>
commit 549cc89cd09a85aaa16dc07ef3db811d5cf9bcb1 upstream.
PHTW register is selected based on default bit rate from Table[1].
for the bit rates less than or equal to 250. Currently first
value of default bit rate which is greater than or equal to
the caculated mbps is selected. This selection can be further
improved by selecting the default bit rate which is nearest to
the calculated value.
[1] specs r19uh0105ej0200-r-car-3rd-generation.pdf [Table 25.12]
Fixes: 769afd212b16 ("media: rcar-csi2: add Renesas R-Car MIPI CSI-2 receiver driver")
Signed-off-by: Suresh Udipi <sudipi@jp.adit-jv.com>
Signed-off-by: Michael Rodin <mrodin@de.adit-jv.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/rcar-vin/rcar-csi2.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/media/platform/rcar-vin/rcar-csi2.c
+++ b/drivers/media/platform/rcar-vin/rcar-csi2.c
@@ -911,10 +911,17 @@ static int rcsi2_phtw_write_mbps(struct
const struct rcsi2_mbps_reg *values, u16 code)
{
const struct rcsi2_mbps_reg *value;
+ const struct rcsi2_mbps_reg *prev_value = NULL;
- for (value = values; value->mbps; value++)
+ for (value = values; value->mbps; value++) {
if (value->mbps >= mbps)
break;
+ prev_value = value;
+ }
+
+ if (prev_value &&
+ ((mbps - prev_value->mbps) <= (value->mbps - mbps)))
+ value = prev_value;
if (!value->mbps) {
dev_err(priv->dev, "Unsupported PHY speed (%u Mbps)", mbps);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 277/320] Documentation: dmaengine: Correctly describe dmatest with channel unset
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 276/320] media: rcar-csi2: Optimize the selection PHTW register Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 278/320] Documentation: ACPI: Fix data node reference documentation Greg Kroah-Hartman
` (47 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Thompson, Vinod Koul
From: Daniel Thompson <daniel.thompson@linaro.org>
commit c61d7b2ef141abf81140756b45860a2306f395a2 upstream.
Currently the documentation states that channels must be configured before
running the dmatest. This has not been true since commit 6b41030fdc79
("dmaengine: dmatest: Restore default for channel"). Fix accordingly.
Fixes: 6b41030fdc79 ("dmaengine: dmatest: Restore default for channel")
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Link: https://lore.kernel.org/r/20211118100952.27268-3-daniel.thompson@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/driver-api/dmaengine/dmatest.rst | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/Documentation/driver-api/dmaengine/dmatest.rst
+++ b/Documentation/driver-api/dmaengine/dmatest.rst
@@ -143,13 +143,14 @@ Part 5 - Handling channel allocation
Allocating Channels
-------------------
-Channels are required to be configured prior to starting the test run.
-Attempting to run the test without configuring the channels will fail.
+Channels do not need to be configured prior to starting a test run. Attempting
+to run the test without configuring the channels will result in testing any
+channels that are available.
Example::
% echo 1 > /sys/module/dmatest/parameters/run
- dmatest: Could not start test, no channels configured
+ dmatest: No channels configured, continue with any
Channels are registered using the "channel" parameter. Channels can be requested by their
name, once requested, the channel is registered and a pending thread is added to the test list.
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 278/320] Documentation: ACPI: Fix data node reference documentation
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 277/320] Documentation: dmaengine: Correctly describe dmatest with channel unset Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 279/320] Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization Greg Kroah-Hartman
` (46 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Andy Shevchenko,
Rafael J. Wysocki
From: Sakari Ailus <sakari.ailus@linux.intel.com>
commit a11174952205d082f1658fab4314f0caf706e0a8 upstream.
The data node reference documentation was missing a package that must
contain the property values, instead property name and multiple values
being present in a single package. This is not aligned with the _DSD
spec.
Fix it by adding the package for the values.
Also add the missing "reg" properties to two numbered nodes.
Fixes: b10134a3643d ("ACPI: property: Document hierarchical data extension references")
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/firmware-guide/acpi/dsd/data-node-references.rst | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/Documentation/firmware-guide/acpi/dsd/data-node-references.rst
+++ b/Documentation/firmware-guide/acpi/dsd/data-node-references.rst
@@ -5,7 +5,7 @@
Referencing hierarchical data nodes
===================================
-:Copyright: |copy| 2018 Intel Corporation
+:Copyright: |copy| 2018, 2021 Intel Corporation
:Author: Sakari Ailus <sakari.ailus@linux.intel.com>
ACPI in general allows referring to device objects in the tree only.
@@ -52,12 +52,14 @@ the ANOD object which is also the final
Name (NOD0, Package() {
ToUUID("daffd814-6eba-4d8c-8a91-bc9bbf4aa301"),
Package () {
+ Package () { "reg", 0 },
Package () { "random-property", 3 },
}
})
Name (NOD1, Package() {
ToUUID("dbb8e3e6-5886-4ba6-8795-1319f52a966b"),
Package () {
+ Package () { "reg", 1 },
Package () { "anothernode", "ANOD" },
}
})
@@ -74,7 +76,11 @@ the ANOD object which is also the final
Name (_DSD, Package () {
ToUUID("daffd814-6eba-4d8c-8a91-bc9bbf4aa301"),
Package () {
- Package () { "reference", ^DEV0, "node@1", "anothernode" },
+ Package () {
+ "reference", Package () {
+ ^DEV0, "node@1", "anothernode"
+ }
+ },
}
})
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 279/320] Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 278/320] Documentation: ACPI: Fix data node reference documentation Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 280/320] Documentation: fix firewire.rst ABI file path error Greg Kroah-Hartman
` (45 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lukas Bulwahn, Jonathan Corbet
From: Lukas Bulwahn <lukas.bulwahn@gmail.com>
commit 82ca67321f55a8d1da6ac3ed611da3c32818bb37 upstream.
The config RANDOMIZE_SLAB does not exist, the authors probably intended to
refer to the config RANDOMIZE_BASE, which provides kernel address-space
randomization. They probably just confused SLAB with BASE (these two
four-letter words coincidentally share three common letters), as they also
point out the config SLAB_FREELIST_RANDOM as further randomization within
the same sentence.
Fix the reference of the config for kernel address-space randomization to
the config that provides that.
Fixes: 6e88559470f5 ("Documentation: Add section about CPU vulnerabilities for Spectre")
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Link: https://lore.kernel.org/r/20211230171940.27558-1-lukas.bulwahn@gmail.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/admin-guide/hw-vuln/spectre.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/admin-guide/hw-vuln/spectre.rst
+++ b/Documentation/admin-guide/hw-vuln/spectre.rst
@@ -468,7 +468,7 @@ Spectre variant 2
before invoking any firmware code to prevent Spectre variant 2 exploits
using the firmware.
- Using kernel address space randomization (CONFIG_RANDOMIZE_SLAB=y
+ Using kernel address space randomization (CONFIG_RANDOMIZE_BASE=y
and CONFIG_SLAB_FREELIST_RANDOM=y in the kernel configuration) makes
attacks on the kernel generally more difficult.
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 280/320] Documentation: fix firewire.rst ABI file path error
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 279/320] Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 281/320] scsi: core: Show SCMD_LAST in text form Greg Kroah-Hartman
` (44 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Akira Yokosawa,
Jonathan Corbet
From: Randy Dunlap <rdunlap@infradead.org>
commit b0ac702f3329cdc8a06dcaac73183d4b5a2b942d upstream.
Adjust the path of the ABI files for firewire.rst to prevent a
documentation build error. Prevents this problem:
Sphinx parallel build error:
docutils.utils.SystemMessage: Documentation/driver-api/firewire.rst:22: (SEVERE/4) Problems with "include" directive path:
InputError: [Errno 2] No such file or directory: '../Documentation/driver-api/ABI/stable/firewire-cdev'.
Fixes: 2f4830ef96d2 ("FireWire: add driver-api Introduction section")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Akira Yokosawa <akiyks@gmail.com>
Link: https://lore.kernel.org/r/20220119033905.4779-1-rdunlap@infradead.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/driver-api/firewire.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/Documentation/driver-api/firewire.rst
+++ b/Documentation/driver-api/firewire.rst
@@ -19,7 +19,7 @@ of kernel interfaces is available via ex
Firewire char device data structures
====================================
-.. include:: /ABI/stable/firewire-cdev
+.. include:: ../ABI/stable/firewire-cdev
:literal:
.. kernel-doc:: include/uapi/linux/firewire-cdev.h
@@ -28,7 +28,7 @@ Firewire char device data structures
Firewire device probing and sysfs interfaces
============================================
-.. include:: /ABI/stable/sysfs-bus-firewire
+.. include:: ../ABI/stable/sysfs-bus-firewire
:literal:
.. kernel-doc:: drivers/firewire/core-device.c
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 281/320] scsi: core: Show SCMD_LAST in text form
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 280/320] Documentation: fix firewire.rst ABI file path error Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 282/320] RDMA/hns: Modify the mapping attribute of doorbell to device Greg Kroah-Hartman
` (43 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bart Van Assche, Martin K. Petersen
From: Bart Van Assche <bvanassche@acm.org>
commit 3369046e54ca8f82e0cb17740643da2d80d3cfa8 upstream.
The SCSI debugfs code supports showing information about pending commands,
including translating SCSI command flags from numeric into text format.
Also convert the SCMD_LAST flag from numeric into text form.
Link: https://lore.kernel.org/r/20211129194609.3466071-4-bvanassche@acm.org
Fixes: 8930a6c20791 ("scsi: core: add support for request batching")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/scsi_debugfs.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/scsi/scsi_debugfs.c
+++ b/drivers/scsi/scsi_debugfs.c
@@ -10,6 +10,7 @@ static const char *const scsi_cmd_flags[
SCSI_CMD_FLAG_NAME(TAGGED),
SCSI_CMD_FLAG_NAME(UNCHECKED_ISA_DMA),
SCSI_CMD_FLAG_NAME(INITIALIZED),
+ SCSI_CMD_FLAG_NAME(LAST),
};
#undef SCSI_CMD_FLAG_NAME
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 282/320] RDMA/hns: Modify the mapping attribute of doorbell to device
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 281/320] scsi: core: Show SCMD_LAST in text form Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 283/320] RDMA/rxe: Fix a typo in opcode name Greg Kroah-Hartman
` (42 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yixing Liu, Wenpeng Liang, Jason Gunthorpe
From: Yixing Liu <liuyixing1@huawei.com>
commit 39d5534b1302189c809e90641ffae8cbdc42a8fc upstream.
It is more general for ARM device drivers to use the device attribute to
map PCI BAR spaces.
Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver")
Link: https://lore.kernel.org/r/20211206133652.27476-1-liangwenpeng@huawei.com
Signed-off-by: Yixing Liu <liuyixing1@huawei.com>
Signed-off-by: Wenpeng Liang <liangwenpeng@huawei.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hns/hns_roce_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/hw/hns/hns_roce_main.c
+++ b/drivers/infiniband/hw/hns/hns_roce_main.c
@@ -362,7 +362,7 @@ static int hns_roce_mmap(struct ib_ucont
return rdma_user_mmap_io(context, vma,
to_hr_ucontext(context)->uar.pfn,
PAGE_SIZE,
- pgprot_noncached(vma->vm_page_prot));
+ pgprot_device(vma->vm_page_prot));
/* vm_pgoff: 1 -- TPTR */
case 1:
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 283/320] RDMA/rxe: Fix a typo in opcode name
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 282/320] RDMA/hns: Modify the mapping attribute of doorbell to device Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 284/320] dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK Greg Kroah-Hartman
` (41 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengguang Xu, Zhu Yanjun,
Bob Pearson, Jason Gunthorpe
From: Chengguang Xu <cgxu519@mykernel.net>
commit 8d1cfb884e881efd69a3be4ef10772c71cb22216 upstream.
There is a redundant ']' in the name of opcode IB_OPCODE_RC_SEND_MIDDLE,
so just fix it.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20211218112320.3558770-1-cgxu519@mykernel.net
Signed-off-by: Chengguang Xu <cgxu519@mykernel.net>
Acked-by: Zhu Yanjun <zyjzyj2000@gmail.com>
Reviewed-by: Bob Pearson <rpearsonhpe@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/sw/rxe/rxe_opcode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/sw/rxe/rxe_opcode.c
+++ b/drivers/infiniband/sw/rxe/rxe_opcode.c
@@ -137,7 +137,7 @@ struct rxe_opcode_info rxe_opcode[RXE_NU
}
},
[IB_OPCODE_RC_SEND_MIDDLE] = {
- .name = "IB_OPCODE_RC_SEND_MIDDLE]",
+ .name = "IB_OPCODE_RC_SEND_MIDDLE",
.mask = RXE_PAYLOAD_MASK | RXE_REQ_MASK | RXE_SEND_MASK
| RXE_MIDDLE_MASK,
.length = RXE_BTH_BYTES,
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 284/320] dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 283/320] RDMA/rxe: Fix a typo in opcode name Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 285/320] Revert "net/mlx5: Add retry mechanism to the command entry index allocation" Greg Kroah-Hartman
` (40 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Amelie Delaunay, Vinod Koul
From: Amelie Delaunay <amelie.delaunay@foss.st.com>
commit e7f110889a87307fb0fed408a5dee1707796ca04 upstream.
This patch fixes STM32_MDMA_CTBR_TSEL_MASK, which is [5:0], not [7:0].
Fixes: a4ffb13c8946 ("dmaengine: Add STM32 MDMA driver")
Signed-off-by: Amelie Delaunay <amelie.delaunay@foss.st.com>
Link: https://lore.kernel.org/r/20211220165827.1238097-1-amelie.delaunay@foss.st.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/stm32-mdma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/dma/stm32-mdma.c
+++ b/drivers/dma/stm32-mdma.c
@@ -184,7 +184,7 @@
#define STM32_MDMA_CTBR(x) (0x68 + 0x40 * (x))
#define STM32_MDMA_CTBR_DBUS BIT(17)
#define STM32_MDMA_CTBR_SBUS BIT(16)
-#define STM32_MDMA_CTBR_TSEL_MASK GENMASK(7, 0)
+#define STM32_MDMA_CTBR_TSEL_MASK GENMASK(5, 0)
#define STM32_MDMA_CTBR_TSEL(n) STM32_MDMA_SET(n, \
STM32_MDMA_CTBR_TSEL_MASK)
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 285/320] Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 284/320] dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 286/320] powerpc/cell: Fix clang -Wimplicit-fallthrough warning Greg Kroah-Hartman
` (39 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Moshe Shemesh, Eran Ben Elisha,
Saeed Mahameed
From: Moshe Shemesh <moshe@nvidia.com>
commit 4f6626b0e140867fd6d5a2e9d4ceaef97f10f46a upstream.
This reverts commit 410bd754cd73c4a2ac3856d9a03d7b08f9c906bf.
The reverted commit had added a retry mechanism to the command entry
index allocation. The previous patch ensures that there is a free
command entry index once the command work handler holds the command
semaphore. Thus the retry mechanism is not needed.
Fixes: 410bd754cd73 ("net/mlx5: Add retry mechanism to the command entry index allocation")
Signed-off-by: Moshe Shemesh <moshe@nvidia.com>
Reviewed-by: Eran Ben Elisha <eranbe@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 21 +--------------------
1 file changed, 1 insertion(+), 20 deletions(-)
--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c
@@ -887,25 +887,6 @@ static bool opcode_allowed(struct mlx5_c
return cmd->allowed_opcode == opcode;
}
-static int cmd_alloc_index_retry(struct mlx5_cmd *cmd)
-{
- unsigned long alloc_end = jiffies + msecs_to_jiffies(1000);
- int idx;
-
-retry:
- idx = cmd_alloc_index(cmd);
- if (idx < 0 && time_before(jiffies, alloc_end)) {
- /* Index allocation can fail on heavy load of commands. This is a temporary
- * situation as the current command already holds the semaphore, meaning that
- * another command completion is being handled and it is expected to release
- * the entry index soon.
- */
- cpu_relax();
- goto retry;
- }
- return idx;
-}
-
static void cmd_work_handler(struct work_struct *work)
{
struct mlx5_cmd_work_ent *ent = container_of(work, struct mlx5_cmd_work_ent, work);
@@ -923,7 +904,7 @@ static void cmd_work_handler(struct work
sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem;
down(sem);
if (!ent->page_queue) {
- alloc_ret = cmd_alloc_index_retry(cmd);
+ alloc_ret = cmd_alloc_index(cmd);
if (alloc_ret < 0) {
mlx5_core_err(dev, "failed to allocate command entry\n");
if (ent->callback) {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 286/320] powerpc/cell: Fix clang -Wimplicit-fallthrough warning
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 285/320] Revert "net/mlx5: Add retry mechanism to the command entry index allocation" Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 287/320] powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses Greg Kroah-Hartman
` (38 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naresh Kamboju, Anders Roxell,
Nathan Chancellor, Arnd Bergmann, Michael Ellerman
From: Anders Roxell <anders.roxell@linaro.org>
commit e89257e28e844f5d1d39081bb901d9f1183a7705 upstream.
Clang warns:
arch/powerpc/platforms/cell/pervasive.c:81:2: error: unannotated fall-through between switch labels
case SRR1_WAKEEE:
^
arch/powerpc/platforms/cell/pervasive.c:81:2: note: insert 'break;' to avoid fall-through
case SRR1_WAKEEE:
^
break;
1 error generated.
Clang is more pedantic than GCC, which does not warn when failing
through to a case that is just break or return. Clang's version is more
in line with the kernel's own stance in deprecated.rst. Add athe missing
break to silence the warning.
Fixes: 6e83985b0f6e ("powerpc/cbe: Do not process external or decremeter interrupts from sreset")
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211207110228.698956-1-anders.roxell@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/cell/pervasive.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/powerpc/platforms/cell/pervasive.c
+++ b/arch/powerpc/platforms/cell/pervasive.c
@@ -77,6 +77,7 @@ static int cbe_system_reset_exception(st
switch (regs->msr & SRR1_WAKEMASK) {
case SRR1_WAKEDEC:
set_dec(1);
+ break;
case SRR1_WAKEEE:
/*
* Handle these when interrupts get re-enabled and we take
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 287/320] powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 286/320] powerpc/cell: Fix clang -Wimplicit-fallthrough warning Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 288/320] bpftool: Remove inclusion of utilities.mak from Makefiles Greg Kroah-Hartman
` (37 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Waldekranz, Jakub Kicinski
From: Tobias Waldekranz <tobias@waldekranz.com>
commit 0d375d610fa96524e2ee2b46830a46a7bfa92a9f upstream.
This block is used in (at least) T1024 and T1040, including their
variants like T1023 etc.
Fixes: d55ad2967d89 ("powerpc/mpc85xx: Create dts components for the FSL QorIQ DPAA FMan")
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi
+++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi
@@ -79,6 +79,7 @@ fman0: fman@400000 {
#size-cells = <0>;
compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio";
reg = <0xfc000 0x1000>;
+ fsl,erratum-a009885;
};
xmdio0: mdio@fd000 {
@@ -86,6 +87,7 @@ fman0: fman@400000 {
#size-cells = <0>;
compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio";
reg = <0xfd000 0x1000>;
+ fsl,erratum-a009885;
};
};
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 288/320] bpftool: Remove inclusion of utilities.mak from Makefiles
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 287/320] powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 289/320] ipv4: avoid quadratic behavior in netns dismantle Greg Kroah-Hartman
` (36 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Quentin Monnet, Andrii Nakryiko
From: Quentin Monnet <quentin@isovalent.com>
commit 48f5aef4c458c19ab337eed8c95a6486cc014aa3 upstream.
Bpftool's Makefile, and the Makefile for its documentation, both include
scripts/utilities.mak, but they use none of the items defined in this
file. Remove the includes.
Fixes: 71bb428fe2c1 ("tools: bpf: add bpftool")
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20211110114632.24537-3-quentin@isovalent.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/bpf/bpftool/Documentation/Makefile | 1 -
tools/bpf/bpftool/Makefile | 1 -
2 files changed, 2 deletions(-)
--- a/tools/bpf/bpftool/Documentation/Makefile
+++ b/tools/bpf/bpftool/Documentation/Makefile
@@ -1,6 +1,5 @@
# SPDX-License-Identifier: GPL-2.0-only
include ../../../scripts/Makefile.include
-include ../../../scripts/utilities.mak
INSTALL ?= install
RM ?= rm -f
--- a/tools/bpf/bpftool/Makefile
+++ b/tools/bpf/bpftool/Makefile
@@ -1,6 +1,5 @@
# SPDX-License-Identifier: GPL-2.0-only
include ../../scripts/Makefile.include
-include ../../scripts/utilities.mak
ifeq ($(srctree),)
srctree := $(patsubst %/,%,$(dir $(CURDIR)))
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 289/320] ipv4: avoid quadratic behavior in netns dismantle
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 288/320] bpftool: Remove inclusion of utilities.mak from Makefiles Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 290/320] net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module Greg Kroah-Hartman
` (35 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David Ahern, Jakub Kicinski
From: Eric Dumazet <edumazet@google.com>
commit d07418afea8f1d9896aaf9dc5ae47ac4f45b220c upstream.
net/ipv4/fib_semantics.c uses an hash table of 256 slots,
keyed by device ifindexes: fib_info_devhash[DEVINDEX_HASHSIZE]
Problem is that with network namespaces, devices tend
to use the same ifindex.
lo device for instance has a fixed ifindex of one,
for all network namespaces.
This means that hosts with thousands of netns spend
a lot of time looking at some hash buckets with thousands
of elements, notably at netns dismantle.
Simply add a per netns perturbation (net_hash_mix())
to spread elements more uniformely.
Also change fib_devindex_hashfn() to use more entropy.
Fixes: aa79e66eee5d ("net: Make ifindex generation per-net namespace")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/fib_semantics.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -29,6 +29,7 @@
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/netlink.h>
+#include <linux/hash.h>
#include <net/arp.h>
#include <net/ip.h>
@@ -318,11 +319,15 @@ static inline int nh_comp(struct fib_inf
static inline unsigned int fib_devindex_hashfn(unsigned int val)
{
- unsigned int mask = DEVINDEX_HASHSIZE - 1;
+ return hash_32(val, DEVINDEX_HASHBITS);
+}
+
+static struct hlist_head *
+fib_info_devhash_bucket(const struct net_device *dev)
+{
+ u32 val = net_hash_mix(dev_net(dev)) ^ dev->ifindex;
- return (val ^
- (val >> DEVINDEX_HASHBITS) ^
- (val >> (DEVINDEX_HASHBITS * 2))) & mask;
+ return &fib_info_devhash[fib_devindex_hashfn(val)];
}
static unsigned int fib_info_hashfn_1(int init_val, u8 protocol, u8 scope,
@@ -432,12 +437,11 @@ int ip_fib_check_default(__be32 gw, stru
{
struct hlist_head *head;
struct fib_nh *nh;
- unsigned int hash;
spin_lock(&fib_info_lock);
- hash = fib_devindex_hashfn(dev->ifindex);
- head = &fib_info_devhash[hash];
+ head = fib_info_devhash_bucket(dev);
+
hlist_for_each_entry(nh, head, nh_hash) {
if (nh->fib_nh_dev == dev &&
nh->fib_nh_gw4 == gw &&
@@ -1594,12 +1598,10 @@ link_it:
} else {
change_nexthops(fi) {
struct hlist_head *head;
- unsigned int hash;
if (!nexthop_nh->fib_nh_dev)
continue;
- hash = fib_devindex_hashfn(nexthop_nh->fib_nh_dev->ifindex);
- head = &fib_info_devhash[hash];
+ head = fib_info_devhash_bucket(nexthop_nh->fib_nh_dev);
hlist_add_head(&nexthop_nh->nh_hash, head);
} endfor_nexthops(fi)
}
@@ -1940,8 +1942,7 @@ void fib_nhc_update_mtu(struct fib_nh_co
void fib_sync_mtu(struct net_device *dev, u32 orig_mtu)
{
- unsigned int hash = fib_devindex_hashfn(dev->ifindex);
- struct hlist_head *head = &fib_info_devhash[hash];
+ struct hlist_head *head = fib_info_devhash_bucket(dev);
struct fib_nh *nh;
hlist_for_each_entry(nh, head, nh_hash) {
@@ -1960,12 +1961,11 @@ void fib_sync_mtu(struct net_device *dev
*/
int fib_sync_down_dev(struct net_device *dev, unsigned long event, bool force)
{
- int ret = 0;
- int scope = RT_SCOPE_NOWHERE;
+ struct hlist_head *head = fib_info_devhash_bucket(dev);
struct fib_info *prev_fi = NULL;
- unsigned int hash = fib_devindex_hashfn(dev->ifindex);
- struct hlist_head *head = &fib_info_devhash[hash];
+ int scope = RT_SCOPE_NOWHERE;
struct fib_nh *nh;
+ int ret = 0;
if (force)
scope = -1;
@@ -2110,7 +2110,6 @@ out:
int fib_sync_up(struct net_device *dev, unsigned char nh_flags)
{
struct fib_info *prev_fi;
- unsigned int hash;
struct hlist_head *head;
struct fib_nh *nh;
int ret;
@@ -2126,8 +2125,7 @@ int fib_sync_up(struct net_device *dev,
}
prev_fi = NULL;
- hash = fib_devindex_hashfn(dev->ifindex);
- head = &fib_info_devhash[hash];
+ head = fib_info_devhash_bucket(dev);
ret = 0;
hlist_for_each_entry(nh, head, nh_hash) {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 290/320] net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 289/320] ipv4: avoid quadratic behavior in netns dismantle Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 291/320] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries Greg Kroah-Hartman
` (34 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tobias Waldekranz, Andrew Lunn,
Jakub Kicinski
From: Tobias Waldekranz <tobias@waldekranz.com>
commit 3f7c239c7844d2044ed399399d97a5f1c6008e1b upstream.
As reported by sparse: In the remove path, the driver would attempt to
unmap its own priv pointer - instead of the io memory that it mapped
in probe.
Fixes: 9f35a7342cff ("net/fsl: introduce Freescale 10G MDIO driver")
Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/xgmac_mdio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/freescale/xgmac_mdio.c
+++ b/drivers/net/ethernet/freescale/xgmac_mdio.c
@@ -301,9 +301,10 @@ err_ioremap:
static int xgmac_mdio_remove(struct platform_device *pdev)
{
struct mii_bus *bus = platform_get_drvdata(pdev);
+ struct mdio_fsl_priv *priv = bus->priv;
mdiobus_unregister(bus);
- iounmap(bus->priv);
+ iounmap(priv->mdio_base);
mdiobus_free(bus);
return 0;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 291/320] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 290/320] net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 292/320] f2fs: fix to reserve space for IO align feature Greg Kroah-Hartman
` (33 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Helge Deller
From: Miaoqian Lin <linmq006@gmail.com>
commit d24846a4246b6e61ecbd036880a4adf61681d241 upstream.
kobject_init_and_add() takes reference even when it fails.
According to the doc of kobject_init_and_add():
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Fix memory leak by calling kobject_put().
Fixes: 73f368cf679b ("Kobject: change drivers/parisc/pdc_stable.c to use kobject_init_and_add")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/parisc/pdc_stable.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/parisc/pdc_stable.c
+++ b/drivers/parisc/pdc_stable.c
@@ -979,8 +979,10 @@ pdcs_register_pathentries(void)
entry->kobj.kset = paths_kset;
err = kobject_init_and_add(&entry->kobj, &ktype_pdcspath, NULL,
"%s", entry->name);
- if (err)
+ if (err) {
+ kobject_put(&entry->kobj);
return err;
+ }
/* kobject is now registered */
write_lock(&entry->rw_lock);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 292/320] f2fs: fix to reserve space for IO align feature
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 291/320] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 293/320] af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress Greg Kroah-Hartman
` (32 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable
From: Chao Yu <chao@kernel.org>
commit 300a842937fbcfb5a189cea9ba15374fdb0b5c6b upstream.
https://bugzilla.kernel.org/show_bug.cgi?id=204137
With below script, we will hit panic during new segment allocation:
DISK=bingo.img
MOUNT_DIR=/mnt/f2fs
dd if=/dev/zero of=$DISK bs=1M count=105
mkfs.f2fe -a 1 -o 19 -t 1 -z 1 -f -q $DISK
mount -t f2fs $DISK $MOUNT_DIR -o "noinline_dentry,flush_merge,noextent_cache,mode=lfs,io_bits=7,fsync_mode=strict"
for (( i = 0; i < 4096; i++ )); do
name=`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 10`
mkdir $MOUNT_DIR/$name
done
umount $MOUNT_DIR
rm $DISK
---
fs/f2fs/f2fs.h | 11 +++++++++++
fs/f2fs/segment.h | 3 ++-
fs/f2fs/super.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
fs/f2fs/sysfs.c | 4 +++-
4 files changed, 60 insertions(+), 2 deletions(-)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -931,6 +931,7 @@ struct f2fs_sm_info {
unsigned int segment_count; /* total # of segments */
unsigned int main_segments; /* # of segments in main area */
unsigned int reserved_segments; /* # of reserved segments */
+ unsigned int additional_reserved_segments;/* reserved segs for IO align feature */
unsigned int ovp_segments; /* # of overprovision segments */
/* a threshold to reclaim prefree segments */
@@ -1800,6 +1801,11 @@ static inline int inc_valid_block_count(
if (!__allow_reserved_blocks(sbi, inode, true))
avail_user_block_count -= F2FS_OPTION(sbi).root_reserved_blocks;
+
+ if (F2FS_IO_ALIGNED(sbi))
+ avail_user_block_count -= sbi->blocks_per_seg *
+ SM_I(sbi)->additional_reserved_segments;
+
if (unlikely(is_sbi_flag_set(sbi, SBI_CP_DISABLED))) {
if (avail_user_block_count > sbi->unusable_block_count)
avail_user_block_count -= sbi->unusable_block_count;
@@ -2045,6 +2051,11 @@ static inline int inc_valid_node_count(s
if (!__allow_reserved_blocks(sbi, inode, false))
valid_block_count += F2FS_OPTION(sbi).root_reserved_blocks;
+
+ if (F2FS_IO_ALIGNED(sbi))
+ valid_block_count += sbi->blocks_per_seg *
+ SM_I(sbi)->additional_reserved_segments;
+
user_block_count = sbi->user_block_count;
if (unlikely(is_sbi_flag_set(sbi, SBI_CP_DISABLED)))
user_block_count -= sbi->unusable_block_count;
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -508,7 +508,8 @@ static inline unsigned int free_segments
static inline int reserved_segments(struct f2fs_sb_info *sbi)
{
- return SM_I(sbi)->reserved_segments;
+ return SM_I(sbi)->reserved_segments +
+ SM_I(sbi)->additional_reserved_segments;
}
static inline unsigned int free_sections(struct f2fs_sb_info *sbi)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -277,6 +277,46 @@ static inline void limit_reserve_root(st
F2FS_OPTION(sbi).s_resgid));
}
+static inline int adjust_reserved_segment(struct f2fs_sb_info *sbi)
+{
+ unsigned int sec_blks = sbi->blocks_per_seg * sbi->segs_per_sec;
+ unsigned int avg_vblocks;
+ unsigned int wanted_reserved_segments;
+ block_t avail_user_block_count;
+
+ if (!F2FS_IO_ALIGNED(sbi))
+ return 0;
+
+ /* average valid block count in section in worst case */
+ avg_vblocks = sec_blks / F2FS_IO_SIZE(sbi);
+
+ /*
+ * we need enough free space when migrating one section in worst case
+ */
+ wanted_reserved_segments = (F2FS_IO_SIZE(sbi) / avg_vblocks) *
+ reserved_segments(sbi);
+ wanted_reserved_segments -= reserved_segments(sbi);
+
+ avail_user_block_count = sbi->user_block_count -
+ sbi->current_reserved_blocks -
+ F2FS_OPTION(sbi).root_reserved_blocks;
+
+ if (wanted_reserved_segments * sbi->blocks_per_seg >
+ avail_user_block_count) {
+ f2fs_err(sbi, "IO align feature can't grab additional reserved segment: %u, available segments: %u",
+ wanted_reserved_segments,
+ avail_user_block_count >> sbi->log_blocks_per_seg);
+ return -ENOSPC;
+ }
+
+ SM_I(sbi)->additional_reserved_segments = wanted_reserved_segments;
+
+ f2fs_info(sbi, "IO align feature needs additional reserved segment: %u",
+ wanted_reserved_segments);
+
+ return 0;
+}
+
static inline void adjust_unusable_cap_perc(struct f2fs_sb_info *sbi)
{
if (!F2FS_OPTION(sbi).unusable_cap_perc)
@@ -3450,6 +3490,10 @@ try_onemore:
goto free_nm;
}
+ err = adjust_reserved_segment(sbi);
+ if (err)
+ goto free_nm;
+
/* For write statistics */
if (sb->s_bdev->bd_part)
sbi->sectors_written_start =
--- a/fs/f2fs/sysfs.c
+++ b/fs/f2fs/sysfs.c
@@ -262,7 +262,9 @@ out:
if (a->struct_type == RESERVED_BLOCKS) {
spin_lock(&sbi->stat_lock);
if (t > (unsigned long)(sbi->user_block_count -
- F2FS_OPTION(sbi).root_reserved_blocks)) {
+ F2FS_OPTION(sbi).root_reserved_blocks -
+ sbi->blocks_per_seg *
+ SM_I(sbi)->additional_reserved_segments)) {
spin_unlock(&sbi->stat_lock);
return -EINVAL;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 293/320] af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 292/320] f2fs: fix to reserve space for IO align feature Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 294/320] clk: si5341: Fix clock HW provider cleanup Greg Kroah-Hartman
` (31 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, syzbot, Jakub Kicinski
From: Eric Dumazet <edumazet@google.com>
commit 9d6d7f1cb67cdee15f1a0e85aacfb924e0e02435 upstream.
wait_for_unix_gc() reads unix_tot_inflight & gc_in_progress
without synchronization.
Adds READ_ONCE()/WRITE_ONCE() and their associated comments
to better document the intent.
BUG: KCSAN: data-race in unix_inflight / wait_for_unix_gc
write to 0xffffffff86e2b7c0 of 4 bytes by task 9380 on cpu 0:
unix_inflight+0x1e8/0x260 net/unix/scm.c:63
unix_attach_fds+0x10c/0x1e0 net/unix/scm.c:121
unix_scm_to_skb net/unix/af_unix.c:1674 [inline]
unix_dgram_sendmsg+0x679/0x16b0 net/unix/af_unix.c:1817
unix_seqpacket_sendmsg+0xcc/0x110 net/unix/af_unix.c:2258
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x39a/0x510 net/socket.c:2409
___sys_sendmsg net/socket.c:2463 [inline]
__sys_sendmmsg+0x267/0x4c0 net/socket.c:2549
__do_sys_sendmmsg net/socket.c:2578 [inline]
__se_sys_sendmmsg net/socket.c:2575 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2575
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffffffff86e2b7c0 of 4 bytes by task 9375 on cpu 1:
wait_for_unix_gc+0x24/0x160 net/unix/garbage.c:196
unix_dgram_sendmsg+0x8e/0x16b0 net/unix/af_unix.c:1772
unix_seqpacket_sendmsg+0xcc/0x110 net/unix/af_unix.c:2258
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x39a/0x510 net/socket.c:2409
___sys_sendmsg net/socket.c:2463 [inline]
__sys_sendmmsg+0x267/0x4c0 net/socket.c:2549
__do_sys_sendmmsg net/socket.c:2578 [inline]
__se_sys_sendmmsg net/socket.c:2575 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2575
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00000002 -> 0x00000004
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 9375 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes: 9915672d4127 ("af_unix: limit unix_tot_inflight")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Link: https://lore.kernel.org/r/20220114164328.2038499-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/unix/garbage.c | 14 +++++++++++---
net/unix/scm.c | 6 ++++--
2 files changed, 15 insertions(+), 5 deletions(-)
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -192,8 +192,11 @@ void wait_for_unix_gc(void)
{
/* If number of inflight sockets is insane,
* force a garbage collect right now.
+ * Paired with the WRITE_ONCE() in unix_inflight(),
+ * unix_notinflight() and gc_in_progress().
*/
- if (unix_tot_inflight > UNIX_INFLIGHT_TRIGGER_GC && !gc_in_progress)
+ if (READ_ONCE(unix_tot_inflight) > UNIX_INFLIGHT_TRIGGER_GC &&
+ !READ_ONCE(gc_in_progress))
unix_gc();
wait_event(unix_gc_wait, gc_in_progress == false);
}
@@ -213,7 +216,9 @@ void unix_gc(void)
if (gc_in_progress)
goto out;
- gc_in_progress = true;
+ /* Paired with READ_ONCE() in wait_for_unix_gc(). */
+ WRITE_ONCE(gc_in_progress, true);
+
/* First, select candidates for garbage collection. Only
* in-flight sockets are considered, and from those only ones
* which don't have any external reference.
@@ -299,7 +304,10 @@ void unix_gc(void)
/* All candidates should have been detached by now. */
BUG_ON(!list_empty(&gc_candidates));
- gc_in_progress = false;
+
+ /* Paired with READ_ONCE() in wait_for_unix_gc(). */
+ WRITE_ONCE(gc_in_progress, false);
+
wake_up(&unix_gc_wait);
out:
--- a/net/unix/scm.c
+++ b/net/unix/scm.c
@@ -59,7 +59,8 @@ void unix_inflight(struct user_struct *u
} else {
BUG_ON(list_empty(&u->link));
}
- unix_tot_inflight++;
+ /* Paired with READ_ONCE() in wait_for_unix_gc() */
+ WRITE_ONCE(unix_tot_inflight, unix_tot_inflight + 1);
}
user->unix_inflight++;
spin_unlock(&unix_gc_lock);
@@ -79,7 +80,8 @@ void unix_notinflight(struct user_struct
if (atomic_long_dec_and_test(&u->inflight))
list_del_init(&u->link);
- unix_tot_inflight--;
+ /* Paired with READ_ONCE() in wait_for_unix_gc() */
+ WRITE_ONCE(unix_tot_inflight, unix_tot_inflight - 1);
}
user->unix_inflight--;
spin_unlock(&unix_gc_lock);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 294/320] clk: si5341: Fix clock HW provider cleanup
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 293/320] af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 295/320] net: axienet: limit minimum TX ring size Greg Kroah-Hartman
` (30 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Hancock, Stephen Boyd
From: Robert Hancock <robert.hancock@calian.com>
commit 49a8f2bc8d88702783c7e163ec84374e9a022f71 upstream.
The call to of_clk_add_hw_provider was not undone on remove or on probe
failure, which could cause an oops on a subsequent attempt to retrieve
clocks for the removed device. Switch to the devm version of the
function to avoid this issue.
Fixes: 3044a860fd09 ("clk: Add Si5341/Si5340 driver")
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Link: https://lore.kernel.org/r/20220112203816.1784610-1-robert.hancock@calian.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/clk-si5341.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/clk/clk-si5341.c
+++ b/drivers/clk/clk-si5341.c
@@ -1303,7 +1303,7 @@ static int si5341_probe(struct i2c_clien
clk_prepare(data->clk[i].hw.clk);
}
- err = of_clk_add_hw_provider(client->dev.of_node, of_clk_si5341_get,
+ err = devm_of_clk_add_hw_provider(&client->dev, of_clk_si5341_get,
data);
if (err) {
dev_err(&client->dev, "unable to add clk provider\n");
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 295/320] net: axienet: limit minimum TX ring size
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 294/320] clk: si5341: Fix clock HW provider cleanup Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 296/320] net: axienet: fix number of TX ring slots for available check Greg Kroah-Hartman
` (29 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Hancock, David S. Miller
From: Robert Hancock <robert.hancock@calian.com>
commit 70f5817deddbc6ef3faa35841cab83c280cc653a upstream.
The driver will not work properly if the TX ring size is set to below
MAX_SKB_FRAGS + 1 since it needs to hold at least one full maximally
fragmented packet in the TX ring. Limit setting the ring size to below
this value.
Fixes: 8b09ca823ffb4 ("net: axienet: Make RX/TX ring sizes configurable")
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
@@ -43,6 +43,7 @@
/* Descriptors defines for Tx and Rx DMA */
#define TX_BD_NUM_DEFAULT 64
#define RX_BD_NUM_DEFAULT 1024
+#define TX_BD_NUM_MIN (MAX_SKB_FRAGS + 1)
#define TX_BD_NUM_MAX 4096
#define RX_BD_NUM_MAX 4096
@@ -1223,7 +1224,8 @@ static int axienet_ethtools_set_ringpara
if (ering->rx_pending > RX_BD_NUM_MAX ||
ering->rx_mini_pending ||
ering->rx_jumbo_pending ||
- ering->rx_pending > TX_BD_NUM_MAX)
+ ering->tx_pending < TX_BD_NUM_MIN ||
+ ering->tx_pending > TX_BD_NUM_MAX)
return -EINVAL;
if (netif_running(ndev))
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 296/320] net: axienet: fix number of TX ring slots for available check
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 295/320] net: axienet: limit minimum TX ring size Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 297/320] net: axienet: increase default TX ring size to 128 Greg Kroah-Hartman
` (28 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Hancock, David S. Miller
From: Robert Hancock <robert.hancock@calian.com>
commit aba57a823d2985a2cc8c74a2535f3a88e68d9424 upstream.
The check for the number of available TX ring slots was off by 1 since a
slot is required for the skb header as well as each fragment. This could
result in overwriting a TX ring slot that was still in use.
Fixes: 8a3b7a252dca9 ("drivers/net/ethernet/xilinx: added Xilinx AXI Ethernet driver")
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
@@ -636,7 +636,7 @@ axienet_start_xmit(struct sk_buff *skb,
num_frag = skb_shinfo(skb)->nr_frags;
cur_p = &lp->tx_bd_v[lp->tx_bd_tail];
- if (axienet_check_tx_bd_space(lp, num_frag)) {
+ if (axienet_check_tx_bd_space(lp, num_frag + 1)) {
if (netif_queue_stopped(ndev))
return NETDEV_TX_BUSY;
@@ -646,7 +646,7 @@ axienet_start_xmit(struct sk_buff *skb,
smp_mb();
/* Space might have just been freed - check again */
- if (axienet_check_tx_bd_space(lp, num_frag))
+ if (axienet_check_tx_bd_space(lp, num_frag + 1))
return NETDEV_TX_BUSY;
netif_wake_queue(ndev);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 297/320] net: axienet: increase default TX ring size to 128
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 296/320] net: axienet: fix number of TX ring slots for available check Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 298/320] rtc: pxa: fix null pointer dereference Greg Kroah-Hartman
` (27 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Robert Hancock, David S. Miller
From: Robert Hancock <robert.hancock@calian.com>
commit 2d19c3fd80178160dd505ccd7fed1643831227a5 upstream.
With previous changes to make the driver handle the TX ring size more
correctly, the default TX ring size of 64 appears to significantly
bottleneck TX performance to around 600 Mbps on a 1 Gbps link on ZynqMP.
Increasing this to 128 seems to bring performance up to near line rate and
shouldn't cause excess bufferbloat (this driver doesn't yet support modern
byte-based queue management).
Fixes: 8a3b7a252dca9 ("drivers/net/ethernet/xilinx: added Xilinx AXI Ethernet driver")
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
@@ -41,7 +41,7 @@
#include "xilinx_axienet.h"
/* Descriptors defines for Tx and Rx DMA */
-#define TX_BD_NUM_DEFAULT 64
+#define TX_BD_NUM_DEFAULT 128
#define RX_BD_NUM_DEFAULT 1024
#define TX_BD_NUM_MIN (MAX_SKB_FRAGS + 1)
#define TX_BD_NUM_MAX 4096
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 298/320] rtc: pxa: fix null pointer dereference
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 297/320] net: axienet: increase default TX ring size to 128 Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 299/320] inet: frags: annotate races around fqdir->dead and fqdir->high_thresh Greg Kroah-Hartman
` (26 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurence de Bruxelles, Alexandre Belloni
From: Laurence de Bruxelles <lfdebrux@gmail.com>
commit 34127b3632b21e5c391756e724b1198eb9917981 upstream.
With the latest stable kernel versions the rtc on the PXA based
Zaurus does not work, when booting I see the following kernel messages:
pxa-rtc pxa-rtc: failed to find rtc clock source
pxa-rtc pxa-rtc: Unable to init SA1100 RTC sub-device
pxa-rtc: probe of pxa-rtc failed with error -2
hctosys: unable to open rtc device (rtc0)
I think this is because commit f2997775b111 ("rtc: sa1100: fix possible
race condition") moved the allocation of the rtc_device struct out of
sa1100_rtc_init and into sa1100_rtc_probe. This means that pxa_rtc_probe
also needs to do allocation for the rtc_device struct, otherwise
sa1100_rtc_init will try to dereference a null pointer. This patch adds
that allocation by copying how sa1100_rtc_probe in
drivers/rtc/rtc-sa1100.c does it; after the IRQs are set up a managed
rtc_device is allocated.
I've tested this patch with `qemu-system-arm -machine akita` and with a
real Zaurus SL-C1000 applied to 4.19, 5.4, and 5.10.
Signed-off-by: Laurence de Bruxelles <lfdebrux@gmail.com>
Fixes: f2997775b111 ("rtc: sa1100: fix possible race condition")
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20220101154149.12026-1-lfdebrux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/rtc/rtc-pxa.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/rtc/rtc-pxa.c
+++ b/drivers/rtc/rtc-pxa.c
@@ -330,6 +330,10 @@ static int __init pxa_rtc_probe(struct p
if (sa1100_rtc->irq_alarm < 0)
return -ENXIO;
+ sa1100_rtc->rtc = devm_rtc_allocate_device(&pdev->dev);
+ if (IS_ERR(sa1100_rtc->rtc))
+ return PTR_ERR(sa1100_rtc->rtc);
+
pxa_rtc->base = devm_ioremap(dev, pxa_rtc->ress->start,
resource_size(pxa_rtc->ress));
if (!pxa_rtc->base) {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 299/320] inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 298/320] rtc: pxa: fix null pointer dereference Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 300/320] netns: add schedule point in ops_exit_list() Greg Kroah-Hartman
` (25 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 91341fa0003befd097e190ec2a4bf63ad957c49a upstream.
Both fields can be read/written without synchronization,
add proper accessors and documentation.
Fixes: d5dd88794a13 ("inet: fix various use-after-free in defrags units")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/inet_frag.h | 11 +++++++++--
include/net/ipv6_frag.h | 3 ++-
net/ipv4/inet_fragment.c | 8 +++++---
net/ipv4/ip_fragment.c | 3 ++-
4 files changed, 18 insertions(+), 7 deletions(-)
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -116,8 +116,15 @@ int fqdir_init(struct fqdir **fqdirp, st
static inline void fqdir_pre_exit(struct fqdir *fqdir)
{
- fqdir->high_thresh = 0; /* prevent creation of new frags */
- fqdir->dead = true;
+ /* Prevent creation of new frags.
+ * Pairs with READ_ONCE() in inet_frag_find().
+ */
+ WRITE_ONCE(fqdir->high_thresh, 0);
+
+ /* Pairs with READ_ONCE() in inet_frag_kill(), ip_expire()
+ * and ip6frag_expire_frag_queue().
+ */
+ WRITE_ONCE(fqdir->dead, true);
}
void fqdir_exit(struct fqdir *fqdir);
--- a/include/net/ipv6_frag.h
+++ b/include/net/ipv6_frag.h
@@ -67,7 +67,8 @@ ip6frag_expire_frag_queue(struct net *ne
struct sk_buff *head;
rcu_read_lock();
- if (fq->q.fqdir->dead)
+ /* Paired with the WRITE_ONCE() in fqdir_pre_exit(). */
+ if (READ_ONCE(fq->q.fqdir->dead))
goto out_rcu_unlock;
spin_lock(&fq->q.lock);
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -204,9 +204,9 @@ void inet_frag_kill(struct inet_frag_que
/* The RCU read lock provides a memory barrier
* guaranteeing that if fqdir->dead is false then
* the hash table destruction will not start until
- * after we unlock. Paired with inet_frags_exit_net().
+ * after we unlock. Paired with fqdir_pre_exit().
*/
- if (!fqdir->dead) {
+ if (!READ_ONCE(fqdir->dead)) {
rhashtable_remove_fast(&fqdir->rhashtable, &fq->node,
fqdir->f->rhash_params);
refcount_dec(&fq->refcnt);
@@ -321,9 +321,11 @@ static struct inet_frag_queue *inet_frag
/* TODO : call from rcu_read_lock() and no longer use refcount_inc_not_zero() */
struct inet_frag_queue *inet_frag_find(struct fqdir *fqdir, void *key)
{
+ /* This pairs with WRITE_ONCE() in fqdir_pre_exit(). */
+ long high_thresh = READ_ONCE(fqdir->high_thresh);
struct inet_frag_queue *fq = NULL, *prev;
- if (!fqdir->high_thresh || frag_mem_limit(fqdir) > fqdir->high_thresh)
+ if (!high_thresh || frag_mem_limit(fqdir) > high_thresh)
return NULL;
rcu_read_lock();
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -144,7 +144,8 @@ static void ip_expire(struct timer_list
rcu_read_lock();
- if (qp->q.fqdir->dead)
+ /* Paired with WRITE_ONCE() in fqdir_pre_exit(). */
+ if (READ_ONCE(qp->q.fqdir->dead))
goto out_rcu_unlock;
spin_lock(&qp->q.lock);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 300/320] netns: add schedule point in ops_exit_list()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 299/320] inet: frags: annotate races around fqdir->dead and fqdir->high_thresh Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 301/320] xfrm: Dont accidentally set RTO_ONLINK in decode_session4() Greg Kroah-Hartman
` (24 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Eric W. Biederman,
David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 2836615aa22de55b8fca5e32fe1b27a67cda625e upstream.
When under stress, cleanup_net() can have to dismantle
netns in big numbers. ops_exit_list() currently calls
many helpers [1] that have no schedule point, and we can
end up with soft lockups, particularly on hosts
with many cpus.
Even for moderate amount of netns processed by cleanup_net()
this patch avoids latency spikes.
[1] Some of these helpers like fib_sync_up() and fib_sync_down_dev()
are very slow because net/ipv4/fib_semantics.c uses host-wide hash tables,
and ifindex is used as the only input of two hash functions.
ifindexes tend to be the same for all netns (lo.ifindex==1 per instance)
This will be fixed in a separate patch.
Fixes: 72ad937abd0a ("net: Add support for batching network namespace cleanups")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/net_namespace.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -168,8 +168,10 @@ static void ops_exit_list(const struct p
{
struct net *net;
if (ops->exit) {
- list_for_each_entry(net, net_exit_list, exit_list)
+ list_for_each_entry(net, net_exit_list, exit_list) {
ops->exit(net);
+ cond_resched();
+ }
}
if (ops->exit_batch)
ops->exit_batch(net_exit_list);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 301/320] xfrm: Dont accidentally set RTO_ONLINK in decode_session4()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 300/320] netns: add schedule point in ops_exit_list() Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 302/320] gre: Dont accidentally set RTO_ONLINK in gre_fill_metadata_dst() Greg Kroah-Hartman
` (23 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guillaume Nault, Jakub Kicinski
From: Guillaume Nault <gnault@redhat.com>
commit 23e7b1bfed61e301853b5e35472820d919498278 upstream.
Similar to commit 94e2238969e8 ("xfrm4: strip ECN bits from tos field"),
clear the ECN bits from iph->tos when setting ->flowi4_tos.
This ensures that the last bit of ->flowi4_tos is cleared, so
ip_route_output_key_hash() isn't going to restrict the scope of the
route lookup.
Use ~INET_ECN_MASK instead of IPTOS_RT_MASK, because we have no reason
to clear the high order bits.
Found by code inspection, compile tested only.
Fixes: 4da3089f2b58 ("[IPSEC]: Use TOS when doing tunnel lookups")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_policy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -31,6 +31,7 @@
#include <linux/if_tunnel.h>
#include <net/dst.h>
#include <net/flow.h>
+#include <net/inet_ecn.h>
#include <net/xfrm.h>
#include <net/ip.h>
#include <net/gre.h>
@@ -3282,7 +3283,7 @@ decode_session4(struct sk_buff *skb, str
fl4->flowi4_proto = iph->protocol;
fl4->daddr = reverse ? iph->saddr : iph->daddr;
fl4->saddr = reverse ? iph->daddr : iph->saddr;
- fl4->flowi4_tos = iph->tos;
+ fl4->flowi4_tos = iph->tos & ~INET_ECN_MASK;
if (!ip_is_fragment(iph)) {
switch (iph->protocol) {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 302/320] gre: Dont accidentally set RTO_ONLINK in gre_fill_metadata_dst()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 301/320] xfrm: Dont accidentally set RTO_ONLINK in decode_session4() Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 303/320] libcxgb: Dont accidentally set RTO_ONLINK in cxgb_find_route() Greg Kroah-Hartman
` (22 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guillaume Nault, Jakub Kicinski
From: Guillaume Nault <gnault@redhat.com>
commit f7716b318568b22fbf0e3be99279a979e217cf71 upstream.
Mask the ECN bits before initialising ->flowi4_tos. The tunnel key may
have the last ECN bit set, which will interfere with the route lookup
process as ip_route_output_key_hash() interpretes this bit specially
(to restrict the route scope).
Found by code inspection, compile tested only.
Fixes: 962924fa2b7a ("ip_gre: Refactor collect metatdata mode tunnel xmit to ip_md_tunnel_xmit")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_gre.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -577,8 +577,9 @@ static int gre_fill_metadata_dst(struct
key = &info->key;
ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src,
- tunnel_id_to_key32(key->tun_id), key->tos, 0,
- skb->mark, skb_get_hash(skb));
+ tunnel_id_to_key32(key->tun_id),
+ key->tos & ~INET_ECN_MASK, 0, skb->mark,
+ skb_get_hash(skb));
rt = ip_route_output_key(dev_net(dev), &fl4);
if (IS_ERR(rt))
return PTR_ERR(rt);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 303/320] libcxgb: Dont accidentally set RTO_ONLINK in cxgb_find_route()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 302/320] gre: Dont accidentally set RTO_ONLINK in gre_fill_metadata_dst() Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 304/320] perf script: Fix hex dump character output Greg Kroah-Hartman
` (21 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guillaume Nault, Jakub Kicinski
From: Guillaume Nault <gnault@redhat.com>
commit a915deaa9abe4fb3a440312c954253a6a733608e upstream.
Mask the ECN bits before calling ip_route_output_ports(). The tos
variable might be passed directly from an IPv4 header, so it may have
the last ECN bit set. This interferes with the route lookup process as
ip_route_output_key_hash() interpretes this bit specially (to restrict
the route scope).
Found by code inspection, compile tested only.
Fixes: 804c2f3e36ef ("libcxgb,iw_cxgb4,cxgbit: add cxgb_find_route()")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c
+++ b/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c
@@ -32,6 +32,7 @@
#include <linux/tcp.h>
#include <linux/ipv6.h>
+#include <net/inet_ecn.h>
#include <net/route.h>
#include <net/ip6_route.h>
@@ -99,7 +100,7 @@ cxgb_find_route(struct cxgb4_lld_info *l
rt = ip_route_output_ports(&init_net, &fl4, NULL, peer_ip, local_ip,
peer_port, local_port, IPPROTO_TCP,
- tos, 0);
+ tos & ~INET_ECN_MASK, 0);
if (IS_ERR(rt))
return NULL;
n = dst_neigh_lookup(&rt->dst, &peer_ip);
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 304/320] perf script: Fix hex dump character output
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 303/320] libcxgb: Dont accidentally set RTO_ONLINK in cxgb_find_route() Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 305/320] dmaengine: at_xdmac: Dont start transactions at tx_submit level Greg Kroah-Hartman
` (20 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Jiri Olsa,
Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 62942e9fda9fd1def10ffcbd5e1c025b3c9eec17 upstream.
Using grep -C with perf script -D can give erroneous results as grep loses
lines due to non-printable characters, for example, below the 0020, 0060
and 0070 lines are missing:
$ perf script -D | grep -C10 AUX | head
. 0010: 08 00 00 00 00 00 00 00 1f 00 00 00 00 00 00 00 ................
. 0030: 01 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 ................
. 0040: 00 08 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ................
. 0050: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
. 0080: 02 00 00 00 00 00 00 00 1b 00 00 00 00 00 00 00 ................
. 0090: 00 00 00 00 00 00 00 00 ........
0 0 0x450 [0x98]: PERF_RECORD_AUXTRACE_INFO type: 1
PMU Type 8
Time Shift 31
perf's isprint() is a custom implementation from the kernel, but the
kernel's _ctype appears to include characters from Latin-1 Supplement which
is not compatible with, for example, UTF-8. Fix by checking also isascii().
After:
$ tools/perf/perf script -D | grep -C10 AUX | head
. 0010: 08 00 00 00 00 00 00 00 1f 00 00 00 00 00 00 00 ................
. 0020: 03 84 32 2f 00 00 00 00 63 7c 4f d2 fa ff ff ff ..2/....c|O.....
. 0030: 01 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 ................
. 0040: 00 08 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ................
. 0050: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
. 0060: 00 02 00 00 00 00 00 00 00 c0 03 00 00 00 00 00 ................
. 0070: e2 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ................
. 0080: 02 00 00 00 00 00 00 00 1b 00 00 00 00 00 00 00 ................
. 0090: 00 00 00 00 00 00 00 00 ........
Fixes: 3052ba56bcb58904 ("tools perf: Move from sane_ctype.h obtained from git to the Linux's original")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Link: http://lore.kernel.org/lkml/20220112085057.277205-1-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/util/debug.c
+++ b/tools/perf/util/debug.c
@@ -143,7 +143,7 @@ static int trace_event_printer(enum bina
break;
case BINARY_PRINT_CHAR_DATA:
printed += color_fprintf(fp, color, "%c",
- isprint(ch) ? ch : '.');
+ isprint(ch) && isascii(ch) ? ch : '.');
break;
case BINARY_PRINT_CHAR_PAD:
printed += color_fprintf(fp, color, " ");
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 305/320] dmaengine: at_xdmac: Dont start transactions at tx_submit level
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 304/320] perf script: Fix hex dump character output Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 306/320] dmaengine: at_xdmac: Print debug message after realeasing the lock Greg Kroah-Hartman
` (19 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Vinod Koul
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit bccfb96b59179d4f96cbbd1ddff8fac6d335eae4 upstream.
tx_submit is supposed to push the current transaction descriptor to a
pending queue, waiting for issue_pending() to be called. issue_pending()
must start the transfer, not tx_submit(), thus remove
at_xdmac_start_xfer() from at_xdmac_tx_submit(). Clients of at_xdmac that
assume that tx_submit() starts the transfer must be updated and call
dma_async_issue_pending() if they miss to call it (one example is
atmel_serial).
As the at_xdmac_start_xfer() is now called only from
at_xdmac_advance_work() when !at_xdmac_chan_is_enabled(), the
at_xdmac_chan_is_enabled() check is no longer needed in
at_xdmac_start_xfer(), thus remove it.
Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211215110115.191749-2-tudor.ambarus@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 6 ------
1 file changed, 6 deletions(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -338,9 +338,6 @@ static void at_xdmac_start_xfer(struct a
dev_vdbg(chan2dev(&atchan->chan), "%s: desc 0x%p\n", __func__, first);
- if (at_xdmac_chan_is_enabled(atchan))
- return;
-
/* Set transfer as active to not try to start it again. */
first->active_xfer = true;
@@ -430,9 +427,6 @@ static dma_cookie_t at_xdmac_tx_submit(s
dev_vdbg(chan2dev(tx->chan), "%s: atchan 0x%p, add desc 0x%p to xfers_list\n",
__func__, atchan, desc);
list_add_tail(&desc->xfer_node, &atchan->xfers_list);
- if (list_is_singular(&atchan->xfers_list))
- at_xdmac_start_xfer(atchan, desc);
-
spin_unlock_irqrestore(&atchan->lock, irqflags);
return cookie;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 306/320] dmaengine: at_xdmac: Print debug message after realeasing the lock
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 305/320] dmaengine: at_xdmac: Dont start transactions at tx_submit level Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 307/320] dmaengine: at_xdmac: Fix concurrency over xfers_list Greg Kroah-Hartman
` (18 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Vinod Koul
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 5edc24ac876a928f36f407a0fcdb33b94a3a210f upstream.
It is desirable to do the prints without the lock held if possible, so
move the print after the lock is released.
Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211215110115.191749-4-tudor.ambarus@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -424,10 +424,12 @@ static dma_cookie_t at_xdmac_tx_submit(s
spin_lock_irqsave(&atchan->lock, irqflags);
cookie = dma_cookie_assign(tx);
- dev_vdbg(chan2dev(tx->chan), "%s: atchan 0x%p, add desc 0x%p to xfers_list\n",
- __func__, atchan, desc);
list_add_tail(&desc->xfer_node, &atchan->xfers_list);
spin_unlock_irqrestore(&atchan->lock, irqflags);
+
+ dev_vdbg(chan2dev(tx->chan), "%s: atchan 0x%p, add desc 0x%p to xfers_list\n",
+ __func__, atchan, desc);
+
return cookie;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 307/320] dmaengine: at_xdmac: Fix concurrency over xfers_list
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 306/320] dmaengine: at_xdmac: Print debug message after realeasing the lock Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 308/320] dmaengine: at_xdmac: Fix lld view setting Greg Kroah-Hartman
` (17 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Vinod Koul
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 18deddea9184b62941395889ff7659529c877326 upstream.
Since tx_submit can be called from a hard IRQ, xfers_list must be
protected with a lock to avoid concurency on the list's elements.
Since at_xdmac_handle_cyclic() is called from a tasklet, spin_lock_irq
is enough to protect from a hard IRQ.
Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211215110115.191749-8-tudor.ambarus@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -1564,14 +1564,17 @@ static void at_xdmac_handle_cyclic(struc
struct at_xdmac_desc *desc;
struct dma_async_tx_descriptor *txd;
- if (!list_empty(&atchan->xfers_list)) {
- desc = list_first_entry(&atchan->xfers_list,
- struct at_xdmac_desc, xfer_node);
- txd = &desc->tx_dma_desc;
-
- if (txd->flags & DMA_PREP_INTERRUPT)
- dmaengine_desc_get_callback_invoke(txd, NULL);
+ spin_lock_irq(&atchan->lock);
+ if (list_empty(&atchan->xfers_list)) {
+ spin_unlock_irq(&atchan->lock);
+ return;
}
+ desc = list_first_entry(&atchan->xfers_list, struct at_xdmac_desc,
+ xfer_node);
+ spin_unlock_irq(&atchan->lock);
+ txd = &desc->tx_dma_desc;
+ if (txd->flags & DMA_PREP_INTERRUPT)
+ dmaengine_desc_get_callback_invoke(txd, NULL);
}
static void at_xdmac_handle_error(struct at_xdmac_chan *atchan)
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 308/320] dmaengine: at_xdmac: Fix lld view setting
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 307/320] dmaengine: at_xdmac: Fix concurrency over xfers_list Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 309/320] dmaengine: at_xdmac: Fix at_xdmac_lld struct definition Greg Kroah-Hartman
` (16 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Vinod Koul
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 1385eb4d14d447cc5d744bc2ac34f43be66c9963 upstream.
AT_XDMAC_CNDC_NDVIEW_NDV3 was set even for AT_XDMAC_MBR_UBC_NDV2,
because of the wrong bit handling. Fix it.
Fixes: ee0fe35c8dcd ("dmaengine: xdmac: Handle descriptor's view 3 registers")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211215110115.191749-10-tudor.ambarus@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -89,6 +89,7 @@
#define AT_XDMAC_CNDC_NDE (0x1 << 0) /* Channel x Next Descriptor Enable */
#define AT_XDMAC_CNDC_NDSUP (0x1 << 1) /* Channel x Next Descriptor Source Update */
#define AT_XDMAC_CNDC_NDDUP (0x1 << 2) /* Channel x Next Descriptor Destination Update */
+#define AT_XDMAC_CNDC_NDVIEW_MASK GENMASK(28, 27)
#define AT_XDMAC_CNDC_NDVIEW_NDV0 (0x0 << 3) /* Channel x Next Descriptor View 0 */
#define AT_XDMAC_CNDC_NDVIEW_NDV1 (0x1 << 3) /* Channel x Next Descriptor View 1 */
#define AT_XDMAC_CNDC_NDVIEW_NDV2 (0x2 << 3) /* Channel x Next Descriptor View 2 */
@@ -353,7 +354,8 @@ static void at_xdmac_start_xfer(struct a
*/
if (at_xdmac_chan_is_cyclic(atchan))
reg = AT_XDMAC_CNDC_NDVIEW_NDV1;
- else if (first->lld.mbr_ubc & AT_XDMAC_MBR_UBC_NDV3)
+ else if ((first->lld.mbr_ubc &
+ AT_XDMAC_CNDC_NDVIEW_MASK) == AT_XDMAC_MBR_UBC_NDV3)
reg = AT_XDMAC_CNDC_NDVIEW_NDV3;
else
reg = AT_XDMAC_CNDC_NDVIEW_NDV2;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 309/320] dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 308/320] dmaengine: at_xdmac: Fix lld view setting Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 310/320] arm64: dts: qcom: msm8996: drop not documented adreno properties Greg Kroah-Hartman
` (15 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tudor Ambarus, Vinod Koul
From: Tudor Ambarus <tudor.ambarus@microchip.com>
commit 912f7c6f7fac273f40e621447cf17d14b50d6e5b upstream.
The hardware channel next descriptor view structure contains just
fields of 32 bits, while dma_addr_t can be of type u64 or u32
depending on CONFIG_ARCH_DMA_ADDR_T_64BIT. Force u32 to comply with
what the hardware expects.
Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver")
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20211215110115.191749-11-tudor.ambarus@microchip.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/dma/at_xdmac.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/drivers/dma/at_xdmac.c
+++ b/drivers/dma/at_xdmac.c
@@ -221,15 +221,15 @@ struct at_xdmac {
/* Linked List Descriptor */
struct at_xdmac_lld {
- dma_addr_t mbr_nda; /* Next Descriptor Member */
- u32 mbr_ubc; /* Microblock Control Member */
- dma_addr_t mbr_sa; /* Source Address Member */
- dma_addr_t mbr_da; /* Destination Address Member */
- u32 mbr_cfg; /* Configuration Register */
- u32 mbr_bc; /* Block Control Register */
- u32 mbr_ds; /* Data Stride Register */
- u32 mbr_sus; /* Source Microblock Stride Register */
- u32 mbr_dus; /* Destination Microblock Stride Register */
+ u32 mbr_nda; /* Next Descriptor Member */
+ u32 mbr_ubc; /* Microblock Control Member */
+ u32 mbr_sa; /* Source Address Member */
+ u32 mbr_da; /* Destination Address Member */
+ u32 mbr_cfg; /* Configuration Register */
+ u32 mbr_bc; /* Block Control Register */
+ u32 mbr_ds; /* Data Stride Register */
+ u32 mbr_sus; /* Source Microblock Stride Register */
+ u32 mbr_dus; /* Destination Microblock Stride Register */
};
/* 64-bit alignment needed to update CNDA and CUBC registers in an atomic way. */
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 310/320] arm64: dts: qcom: msm8996: drop not documented adreno properties
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 309/320] dmaengine: at_xdmac: Fix at_xdmac_lld struct definition Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 311/320] net_sched: restore "mpu xxx" handling Greg Kroah-Hartman
` (14 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Heidelberg, Bjorn Andersson
From: David Heidelberg <david@ixit.cz>
commit c41910f257a22dc406c60d8826b4a3b5398003a3 upstream.
These properties aren't documented nor implemented in the driver.
Drop them.
Fixes warnings as:
$ make dtbs_check DT_SCHEMA_FILES=Documentation/devicetree/bindings/display/msm/gpu.yaml
...
arch/arm64/boot/dts/qcom/msm8996-mtp.dt.yaml: gpu@b00000: 'qcom,gpu-quirk-fault-detect-mask', 'qcom,gpu-quirk-two-pass-use-wfi' do not match any of the regexes: 'pinctrl-[0-9]+'
From schema: Documentation/devicetree/bindings/display/msm/gpu.yaml
...
Fixes: 69cc3114ab0f ("arm64: dts: Add Adreno GPU definitions")
Signed-off-by: David Heidelberg <david@ixit.cz>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211030100413.28370-1-david@ixit.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 ---
1 file changed, 3 deletions(-)
--- a/arch/arm64/boot/dts/qcom/msm8996.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi
@@ -2098,9 +2098,6 @@
nvmem-cells = <&gpu_speed_bin>;
nvmem-cell-names = "speed_bin";
- qcom,gpu-quirk-two-pass-use-wfi;
- qcom,gpu-quirk-fault-detect-mask;
-
operating-points-v2 = <&gpu_opp_table>;
gpu_opp_table: opp-table {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 311/320] net_sched: restore "mpu xxx" handling
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 310/320] arm64: dts: qcom: msm8996: drop not documented adreno properties Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 312/320] bcmgenet: add WOL IRQ check Greg Kroah-Hartman
` (13 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kevin Bracey, Eric Dumazet,
Jiri Pirko, Vimalkumar, Jakub Kicinski
From: Kevin Bracey <kevin@bracey.fi>
commit fb80445c438c78b40b547d12b8d56596ce4ccfeb upstream.
commit 56b765b79e9a ("htb: improved accuracy at high rates") broke
"overhead X", "linklayer atm" and "mpu X" attributes.
"overhead X" and "linklayer atm" have already been fixed. This restores
the "mpu X" handling, as might be used by DOCSIS or Ethernet shaping:
tc class add ... htb rate X overhead 4 mpu 64
The code being fixed is used by htb, tbf and act_police. Cake has its
own mpu handling. qdisc_calculate_pkt_len still uses the size table
containing values adjusted for mpu by user space.
iproute2 tc has always passed mpu into the kernel via a tc_ratespec
structure, but the kernel never directly acted on it, merely stored it
so that it could be read back by `tc class show`.
Rather, tc would generate length-to-time tables that included the mpu
(and linklayer) in their construction, and the kernel used those tables.
Since v3.7, the tables were no longer used. Along with "mpu", this also
broke "overhead" and "linklayer" which were fixed in 01cb71d2d47b
("net_sched: restore "overhead xxx" handling", v3.10) and 8a8e3d84b171
("net_sched: restore "linklayer atm" handling", v3.11).
"overhead" was fixed by simply restoring use of tc_ratespec::overhead -
this had originally been used by the kernel but was initially omitted
from the new non-table-based calculations.
"linklayer" had been handled in the table like "mpu", but the mode was
not originally passed in tc_ratespec. The new implementation was made to
handle it by getting new versions of tc to pass the mode in an extended
tc_ratespec, and for older versions of tc the table contents were analysed
at load time to deduce linklayer.
As "mpu" has always been given to the kernel in tc_ratespec,
accompanying the mpu-based table, we can restore system functionality
with no userspace change by making the kernel act on the tc_ratespec
value.
Fixes: 56b765b79e9a ("htb: improved accuracy at high rates")
Signed-off-by: Kevin Bracey <kevin@bracey.fi>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Vimalkumar <j.vimal@gmail.com>
Link: https://lore.kernel.org/r/20220112170210.1014351-1-kevin@bracey.fi
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/sch_generic.h | 5 +++++
net/sched/sch_generic.c | 1 +
2 files changed, 6 insertions(+)
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -1264,6 +1264,7 @@ struct psched_ratecfg {
u64 rate_bytes_ps; /* bytes per second */
u32 mult;
u16 overhead;
+ u16 mpu;
u8 linklayer;
u8 shift;
};
@@ -1273,6 +1274,9 @@ static inline u64 psched_l2t_ns(const st
{
len += r->overhead;
+ if (len < r->mpu)
+ len = r->mpu;
+
if (unlikely(r->linklayer == TC_LINKLAYER_ATM))
return ((u64)(DIV_ROUND_UP(len,48)*53) * r->mult) >> r->shift;
@@ -1295,6 +1299,7 @@ static inline void psched_ratecfg_getrat
res->rate = min_t(u64, r->rate_bytes_ps, ~0U);
res->overhead = r->overhead;
+ res->mpu = r->mpu;
res->linklayer = (r->linklayer & TC_LINKLAYER_MASK);
}
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -1396,6 +1396,7 @@ void psched_ratecfg_precompute(struct ps
{
memset(r, 0, sizeof(*r));
r->overhead = conf->overhead;
+ r->mpu = conf->mpu;
r->rate_bytes_ps = max_t(u64, conf->rate, rate64);
r->linklayer = (conf->linklayer & TC_LINKLAYER_MASK);
r->mult = 1;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 312/320] bcmgenet: add WOL IRQ check
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 311/320] net_sched: restore "mpu xxx" handling Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 313/320] net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() Greg Kroah-Hartman
` (12 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Florian Fainelli,
David S. Miller
From: Sergey Shtylyov <s.shtylyov@omp.ru>
commit 9deb48b53e7f4056c2eaa2dc2ee3338df619e4f6 upstream.
The driver neglects to check the result of platform_get_irq_optional()'s
call and blithely passes the negative error codes to devm_request_irq()
(which takes *unsigned* IRQ #), causing it to fail with -EINVAL.
Stop calling devm_request_irq() with the invalid IRQ #s.
Fixes: 8562056f267d ("net: bcmgenet: request Wake-on-LAN interrupt")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
@@ -3507,10 +3507,12 @@ static int bcmgenet_probe(struct platfor
/* Request the WOL interrupt and advertise suspend if available */
priv->wol_irq_disabled = true;
- err = devm_request_irq(&pdev->dev, priv->wol_irq, bcmgenet_wol_isr, 0,
- dev->name, priv);
- if (!err)
- device_set_wakeup_capable(&pdev->dev, 1);
+ if (priv->wol_irq > 0) {
+ err = devm_request_irq(&pdev->dev, priv->wol_irq,
+ bcmgenet_wol_isr, 0, dev->name, priv);
+ if (!err)
+ device_set_wakeup_capable(&pdev->dev, 1);
+ }
/* Set the needed headroom to account for any possible
* features enabling/disabling at runtime
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 313/320] net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 312/320] bcmgenet: add WOL IRQ check Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 314/320] dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property Greg Kroah-Hartman
` (11 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tom Rix, David S. Miller
From: Tom Rix <trix@redhat.com>
commit 214b3369ab9b0a6f28d6c970220c209417edbc65 upstream.
Clang static analysis reports this problem
mtk_eth_soc.c:394:7: warning: Branch condition evaluates
to a garbage value
if (err)
^~~
err is not initialized and only conditionally set.
So intitialize err.
Fixes: 7e538372694b ("net: ethernet: mediatek: Re-add support SGMII")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -215,7 +215,7 @@ static void mtk_mac_config(struct phylin
phylink_config);
struct mtk_eth *eth = mac->hw;
u32 mcr_cur, mcr_new, sid, i;
- int val, ge_mode, err;
+ int val, ge_mode, err = 0;
/* MT76x8 has no hardware settings between for the MAC */
if (!MTK_HAS_CAPS(eth->soc->caps, MTK_SOC_MT7628) &&
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 314/320] dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 313/320] net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 315/320] dt-bindings: display: meson-vpu: Add missing amlogic,canvas property Greg Kroah-Hartman
` (10 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Stein, Neil Armstrong
From: Alexander Stein <alexander.stein@mailbox.org>
commit 22bf4047d26980807611b7e2030803db375afd87 upstream.
This is used in meson-gx and meson-g12. Add the property to the binding.
This fixes the dtschema warning:
hdmi-tx@c883a000: 'sound-name-prefix' does not match any of the
regexes: 'pinctrl-[0-9]+'
Signed-off-by: Alexander Stein <alexander.stein@mailbox.org>
Fixes: 376bf52deef5 ("dt-bindings: display: amlogic, meson-dw-hdmi: convert to yaml")
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211223122434.39378-2-alexander.stein@mailbox.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/display/amlogic,meson-dw-hdmi.yaml | 5 +++++
1 file changed, 5 insertions(+)
--- a/Documentation/devicetree/bindings/display/amlogic,meson-dw-hdmi.yaml
+++ b/Documentation/devicetree/bindings/display/amlogic,meson-dw-hdmi.yaml
@@ -10,6 +10,9 @@ title: Amlogic specific extensions to th
maintainers:
- Neil Armstrong <narmstrong@baylibre.com>
+allOf:
+ - $ref: /schemas/sound/name-prefix.yaml#
+
description: |
The Amlogic Meson Synopsys Designware Integration is composed of
- A Synopsys DesignWare HDMI Controller IP
@@ -101,6 +104,8 @@ properties:
"#sound-dai-cells":
const: 0
+ sound-name-prefix: true
+
required:
- compatible
- reg
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 315/320] dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 314/320] dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property Greg Kroah-Hartman
@ 2022-01-24 18:44 ` Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 316/320] scripts/dtc: dtx_diff: remove broken example from help text Greg Kroah-Hartman
` (9 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:44 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Rob Herring,
Neil Armstrong, Martin Blumenstingl
From: Alexander Stein <alexander.stein@mailbox.org>
commit 640f35b871d29cd685ce0ea0762636381beeb98a upstream.
This property was already mentioned in the old textual bindings
amlogic,meson-vpu.txt, but got dropped during conversion.
Adding it back similar to amlogic,gx-vdec.yaml.
Fixes: 6b9ebf1e0e67 ("dt-bindings: display: amlogic, meson-vpu: convert to yaml")
Signed-off-by: Alexander Stein <alexander.stein@mailbox.org>
Acked-by: Rob Herring <robh@kernel.org>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211219094155.177206-1-alexander.stein@mailbox.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/display/amlogic,meson-vpu.yaml | 6 ++++++
1 file changed, 6 insertions(+)
--- a/Documentation/devicetree/bindings/display/amlogic,meson-vpu.yaml
+++ b/Documentation/devicetree/bindings/display/amlogic,meson-vpu.yaml
@@ -78,6 +78,10 @@ properties:
interrupts:
maxItems: 1
+ amlogic,canvas:
+ description: should point to a canvas provider node
+ $ref: /schemas/types.yaml#/definitions/phandle
+
power-domains:
maxItems: 1
description: phandle to the associated power domain
@@ -106,6 +110,7 @@ required:
- port@1
- "#address-cells"
- "#size-cells"
+ - amlogic,canvas
examples:
- |
@@ -116,6 +121,7 @@ examples:
interrupts = <3>;
#address-cells = <1>;
#size-cells = <0>;
+ amlogic,canvas = <&canvas>;
/* CVBS VDAC output port */
port@0 {
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 316/320] scripts/dtc: dtx_diff: remove broken example from help text
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-01-24 18:44 ` [PATCH 5.4 315/320] dt-bindings: display: meson-vpu: Add missing amlogic,canvas property Greg Kroah-Hartman
@ 2022-01-24 18:45 ` Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 317/320] lib82596: Fix IRQ check in sni_82596_probe Greg Kroah-Hartman
` (8 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthias Schiffer, Frank Rowand, Rob Herring
From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
commit d8adf5b92a9d2205620874d498c39923ecea8749 upstream.
dtx_diff suggests to use <(...) syntax to pipe two inputs into it, but
this has never worked: The /proc/self/fds/... paths passed by the shell
will fail the `[ -f "${dtx}" ] && [ -r "${dtx}" ]` check in compile_to_dts,
but even with this check removed, the function cannot work: hexdump will
eat up the DTB magic, making the subsequent dtc call fail, as a pipe
cannot be rewound.
Simply remove this broken example, as there is already an alternative one
that works fine.
Fixes: 10eadc253ddf ("dtc: create tool to diff device trees")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20220113081918.10387-1-matthias.schiffer@ew.tq-group.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/dtc/dtx_diff | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/scripts/dtc/dtx_diff
+++ b/scripts/dtc/dtx_diff
@@ -56,12 +56,8 @@ Otherwise DTx is treated as a dts source
or '/include/' to be processed.
If DTx_1 and DTx_2 are in different architectures, then this script
- may not work since \${ARCH} is part of the include path. Two possible
- workarounds:
-
- `basename $0` \\
- <(ARCH=arch_of_dtx_1 `basename $0` DTx_1) \\
- <(ARCH=arch_of_dtx_2 `basename $0` DTx_2)
+ may not work since \${ARCH} is part of the include path. The following
+ workaround can be used:
`basename $0` ARCH=arch_of_dtx_1 DTx_1 >tmp_dtx_1.dts
`basename $0` ARCH=arch_of_dtx_2 DTx_2 >tmp_dtx_2.dts
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 317/320] lib82596: Fix IRQ check in sni_82596_probe
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-01-24 18:45 ` [PATCH 5.4 316/320] scripts/dtc: dtx_diff: remove broken example from help text Greg Kroah-Hartman
@ 2022-01-24 18:45 ` Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 318/320] lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test Greg Kroah-Hartman
` (7 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:45 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, David S. Miller
From: Miaoqian Lin <linmq006@gmail.com>
commit 99218cbf81bf21355a3de61cd46a706d36e900e6 upstream.
platform_get_irq() returns negative error number instead 0 on failure.
And the doc of platform_get_irq() provides a usage example:
int irq = platform_get_irq(pdev, 0);
if (irq < 0)
return irq;
Fix the check of return value to catch errors correctly.
Fixes: 115978859272 ("i825xx: Move the Intel 82586/82593/82596 based drivers")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/i825xx/sni_82596.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/i825xx/sni_82596.c
+++ b/drivers/net/ethernet/i825xx/sni_82596.c
@@ -123,9 +123,10 @@ static int sni_82596_probe(struct platfo
netdevice->dev_addr[5] = readb(eth_addr + 0x06);
iounmap(eth_addr);
- if (!netdevice->irq) {
+ if (netdevice->irq < 0) {
printk(KERN_ERR "%s: IRQ not found for i82596 at 0x%lx\n",
__FILE__, netdevice->base_addr);
+ retval = netdevice->irq;
goto probe_failed;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 318/320] lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-01-24 18:45 ` [PATCH 5.4 317/320] lib82596: Fix IRQ check in sni_82596_probe Greg Kroah-Hartman
@ 2022-01-24 18:45 ` Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 319/320] mtd: nand: bbt: Fix corner case in bad block table handling Greg Kroah-Hartman
` (6 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrey Konovalov, Marco Elver,
Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin,
Andrew Morton, Linus Torvalds
From: Andrey Konovalov <andreyknvl@google.com>
commit e073e5ef90298d2d6e5e7f04b545a0815e92110c upstream.
Make do_kmem_cache_size_bulk() destroy the cache it creates.
Link: https://lkml.kernel.org/r/aced20a94bf04159a139f0846e41d38a1537debb.1640018297.git.andreyknvl@google.com
Fixes: 03a9349ac0e0 ("lib/test_meminit: add a kmem_cache_alloc_bulk() test")
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/test_meminit.c | 1 +
1 file changed, 1 insertion(+)
--- a/lib/test_meminit.c
+++ b/lib/test_meminit.c
@@ -319,6 +319,7 @@ static int __init do_kmem_cache_size_bul
if (num)
kmem_cache_free_bulk(c, num, objects);
}
+ kmem_cache_destroy(c);
*total_failures += fail;
return 1;
}
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 319/320] mtd: nand: bbt: Fix corner case in bad block table handling
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-01-24 18:45 ` [PATCH 5.4 318/320] lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test Greg Kroah-Hartman
@ 2022-01-24 18:45 ` Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 320/320] Revert "ia64: kprobes: Use generic kretprobe trampoline handler" Greg Kroah-Hartman
` (5 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrick Doyle, Richard Weinberger,
Yoshio Furuyama, Miquel Raynal, Frieder Schrempf
From: Doyle, Patrick <pdoyle@irobot.com>
commit fd0d8d85f7230052e638a56d1bfea170c488e6bc upstream.
In the unlikely event that both blocks 10 and 11 are marked as bad (on a
32 bit machine), then the process of marking block 10 as bad stomps on
cached entry for block 11. There are (of course) other examples.
Signed-off-by: Patrick Doyle <pdoyle@irobot.com>
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Yoshio Furuyama <ytc-mb-yfuruyama7@kioxia.com>
[<miquel.raynal@bootlin.com>: Fixed the title]
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Frieder Schrempf <frieder.schrempf@kontron.de>
Link: https://lore.kernel.org/linux-mtd/774a92693f311e7de01e5935e720a179fb1b2468.1616635406.git.ytc-mb-yfuruyama7@kioxia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/bbt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mtd/nand/bbt.c
+++ b/drivers/mtd/nand/bbt.c
@@ -123,7 +123,7 @@ int nanddev_bbt_set_block_status(struct
unsigned int rbits = bits_per_block + offs - BITS_PER_LONG;
pos[1] &= ~GENMASK(rbits - 1, 0);
- pos[1] |= val >> rbits;
+ pos[1] |= val >> (bits_per_block - rbits);
}
return 0;
^ permalink raw reply [flat|nested] 334+ messages in thread
* [PATCH 5.4 320/320] Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-01-24 18:45 ` [PATCH 5.4 319/320] mtd: nand: bbt: Fix corner case in bad block table handling Greg Kroah-Hartman
@ 2022-01-24 18:45 ` Greg Kroah-Hartman
2022-01-24 23:39 ` [PATCH 5.4 000/320] 5.4.174-rc1 review Daniel Díaz
` (4 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-24 18:45 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Masami Hiramatsu
From: Masami Hiramatsu <mhiramat@kernel.org>
This reverts commit 77fa5e15c933a1ec812de61ad709c00aa51e96ae.
Since the upstream commit e792ff804f49720ce003b3e4c618b5d996256a18
depends on the generic kretprobe trampoline handler, which was
introduced by commit 66ada2ccae4e ("kprobes: Add generic kretprobe
trampoline handler") but that is not ported to the stable kernel
because it is not a bugfix series.
So revert this commit to fix a build error.
NOTE: I keep commit a7fe2378454c ("ia64: kprobes: Fix to pass
correct trampoline address to the handler") on the tree, that seems
just a cleanup without the original reverted commit, but it would
be better to use dereference_function_descriptor() macro instead
of accessing descriptor's field directly.
Fixes: 77fa5e15c933 ("ia64: kprobes: Use generic kretprobe trampoline handler")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/ia64/kernel/kprobes.c | 78 +++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 75 insertions(+), 3 deletions(-)
--- a/arch/ia64/kernel/kprobes.c
+++ b/arch/ia64/kernel/kprobes.c
@@ -396,10 +396,83 @@ static void kretprobe_trampoline(void)
{
}
+/*
+ * At this point the target function has been tricked into
+ * returning into our trampoline. Lookup the associated instance
+ * and then:
+ * - call the handler function
+ * - cleanup by marking the instance as unused
+ * - long jump back to the original return address
+ */
int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
{
- regs->cr_iip = __kretprobe_trampoline_handler(regs,
- dereference_function_descriptor(kretprobe_trampoline), NULL);
+ struct kretprobe_instance *ri = NULL;
+ struct hlist_head *head, empty_rp;
+ struct hlist_node *tmp;
+ unsigned long flags, orig_ret_address = 0;
+ unsigned long trampoline_address =
+ (unsigned long)dereference_function_descriptor(kretprobe_trampoline);
+
+ INIT_HLIST_HEAD(&empty_rp);
+ kretprobe_hash_lock(current, &head, &flags);
+
+ /*
+ * It is possible to have multiple instances associated with a given
+ * task either because an multiple functions in the call path
+ * have a return probe installed on them, and/or more than one return
+ * return probe was registered for a target function.
+ *
+ * We can handle this because:
+ * - instances are always inserted at the head of the list
+ * - when multiple return probes are registered for the same
+ * function, the first instance's ret_addr will point to the
+ * real return address, and all the rest will point to
+ * kretprobe_trampoline
+ */
+ hlist_for_each_entry_safe(ri, tmp, head, hlist) {
+ if (ri->task != current)
+ /* another task is sharing our hash bucket */
+ continue;
+
+ orig_ret_address = (unsigned long)ri->ret_addr;
+ if (orig_ret_address != trampoline_address)
+ /*
+ * This is the real return address. Any other
+ * instances associated with this task are for
+ * other calls deeper on the call stack
+ */
+ break;
+ }
+
+ regs->cr_iip = orig_ret_address;
+
+ hlist_for_each_entry_safe(ri, tmp, head, hlist) {
+ if (ri->task != current)
+ /* another task is sharing our hash bucket */
+ continue;
+
+ if (ri->rp && ri->rp->handler)
+ ri->rp->handler(ri, regs);
+
+ orig_ret_address = (unsigned long)ri->ret_addr;
+ recycle_rp_inst(ri, &empty_rp);
+
+ if (orig_ret_address != trampoline_address)
+ /*
+ * This is the real return address. Any other
+ * instances associated with this task are for
+ * other calls deeper on the call stack
+ */
+ break;
+ }
+ kretprobe_assert(ri, orig_ret_address, trampoline_address);
+
+ kretprobe_hash_unlock(current, &flags);
+
+ hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
+ hlist_del(&ri->hlist);
+ kfree(ri);
+ }
/*
* By returning a non-zero value, we are telling
* kprobe_handler() that we don't want the post_handler
@@ -412,7 +485,6 @@ void __kprobes arch_prepare_kretprobe(st
struct pt_regs *regs)
{
ri->ret_addr = (kprobe_opcode_t *)regs->b0;
- ri->fp = NULL;
/* Replace the return addr with trampoline addr */
regs->b0 = (unsigned long)dereference_function_descriptor(kretprobe_trampoline);
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 007/320] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
2022-01-24 18:39 ` [PATCH 5.4 007/320] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings Greg Kroah-Hartman
@ 2022-01-24 20:41 ` Pavel Machek
2022-01-24 21:01 ` Christian Eggers
0 siblings, 1 reply; 334+ messages in thread
From: Pavel Machek @ 2022-01-24 20:41 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Stefan Riedmueller, Christian Eggers,
Han Xu, Miquel Raynal
[-- Attachment #1: Type: text/plain, Size: 1601 bytes --]
Hi!
> commit f53d4c109a666bf1a4883b45d546fba079258717 upstream.
>
> gpmi_io clock needs to be gated off when changing the parent/dividers of
> enfc_clk_root (i.MX6Q/i.MX6UL) respectively qspi2_clk_root (i.MX6SX).
> Otherwise this rate change can lead to an unresponsive GPMI core which
> results in DMA timeouts and failed driver probe:
...
> @@ -2429,7 +2449,9 @@ static int gpmi_nfc_exec_op(struct nand_
> */
> if (this->hw.must_apply_timings) {
> this->hw.must_apply_timings = false;
> - gpmi_nfc_apply_timings(this);
> + ret = gpmi_nfc_apply_timings(this);
> + if (ret)
> + return ret;
> }
>
> dev_dbg(this->dev, "%s: %d instructions\n", __func__, op->ninstrs);
>
AFAICT this leaks pm reference in the error case. Not sure what
variant is right, there, so...
Best regards,
Pavel
diff --git a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
index 1b64c5a5140d..06840cff6945 100644
--- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
@@ -2284,8 +2284,10 @@ static int gpmi_nfc_exec_op(struct nand_chip *chip,
if (this->hw.must_apply_timings) {
this->hw.must_apply_timings = false;
ret = gpmi_nfc_apply_timings(this);
- if (ret)
+ if (ret) {
+ pm_runtime_put_....(this->dev);
return ret;
+ }
}
dev_dbg(this->dev, "%s: %d instructions\n", __func__, op->ninstrs);
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply related [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 007/320] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
2022-01-24 20:41 ` Pavel Machek
@ 2022-01-24 21:01 ` Christian Eggers
0 siblings, 0 replies; 334+ messages in thread
From: Christian Eggers @ 2022-01-24 21:01 UTC (permalink / raw)
To: Greg Kroah-Hartman, Pavel Machek
Cc: linux-kernel, stable, Stefan Riedmueller, Han Xu, Miquel Raynal
Hi Pavel,
On Monday, 24 January 2022, 21:41:48 CET, Pavel Machek wrote:
> Hi!
>
> > commit f53d4c109a666bf1a4883b45d546fba079258717 upstream.
> >
> > gpmi_io clock needs to be gated off when changing the parent/dividers of
> > enfc_clk_root (i.MX6Q/i.MX6UL) respectively qspi2_clk_root (i.MX6SX).
> > Otherwise this rate change can lead to an unresponsive GPMI core which
> > results in DMA timeouts and failed driver probe:
> ...
>
> > @@ -2429,7 +2449,9 @@ static int gpmi_nfc_exec_op(struct nand_
> > */
> > if (this->hw.must_apply_timings) {
> > this->hw.must_apply_timings = false;
> > - gpmi_nfc_apply_timings(this);
> > + ret = gpmi_nfc_apply_timings(this);
> > + if (ret)
> > + return ret;
> > }
> >
> > dev_dbg(this->dev, "%s: %d instructions\n", __func__, op->ninstrs);
> >
>
> AFAICT this leaks pm reference in the error case. Not sure what
> variant is right, there, so...
You're right, thanks for pointing this out. I think that the error path
currently should not appear in practice, but I plan to add further patches
in future where this could happen then.
Although there's a potential new error, I think that this patch should
improve the situation.
>
> Best regards,
> Pavel
>
> diff --git a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
> index 1b64c5a5140d..06840cff6945 100644
> --- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
> +++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
> @@ -2284,8 +2284,10 @@ static int gpmi_nfc_exec_op(struct nand_chip *chip,
> if (this->hw.must_apply_timings) {
> this->hw.must_apply_timings = false;
> ret = gpmi_nfc_apply_timings(this);
> - if (ret)
> + if (ret) {
> + pm_runtime_put_....(this->dev);
> return ret;
> + }
> }
>
> dev_dbg(this->dev, "%s: %d instructions\n", __func__, op->ninstrs);
I'll prepare and send a new patch tomorrow.
regards
Christian
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-01-24 18:45 ` [PATCH 5.4 320/320] Revert "ia64: kprobes: Use generic kretprobe trampoline handler" Greg Kroah-Hartman
@ 2022-01-24 23:39 ` Daniel Díaz
2022-01-25 7:19 ` Naresh Kamboju
2022-01-25 11:11 ` Greg Kroah-Hartman
2022-01-25 1:49 ` Shuah Khan
` (3 subsequent siblings)
324 siblings, 2 replies; 334+ messages in thread
From: Daniel Díaz @ 2022-01-24 23:39 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, stable
Hello!
On 1/24/22 12:39, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.174 release.
> There are 320 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Regressions detected on arm, arm64, i386, x86, parisc.
This is on Perf on arm, arm64, i386, x86:
libbpf.c: In function 'bpf_object__elf_collect':
libbpf.c:1581:31: error: invalid type argument of '->' (have 'GElf_Shdr' {aka 'Elf64_Shdr'})
1581 | if (sh->sh_type != SHT_PROGBITS)
| ^~
libbpf.c:1585:31: error: invalid type argument of '->' (have 'GElf_Shdr' {aka 'Elf64_Shdr'})
1585 | if (sh->sh_type != SHT_PROGBITS)
| ^~
make[4]: *** [/builds/linux/tools/build/Makefile.build:97: /home/tuxbuild/.cache/tuxmake/builds/current/staticobjs/libbpf.o] Error 1
This is from PA-RISC with gcc-8, gcc-9, gcc-10, gcc-11:
/builds/linux/drivers/parisc/sba_iommu.c: In function 'sba_io_pdir_entry':
/builds/linux/arch/parisc/include/asm/special_insns.h:11:3: error: expected ':' or ')' before 'ASM_EXCEPTIONTABLE_ENTRY'
ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
^~~~~~~~~~~~~~~~~~~~~~~~
Bisection of the latter points to "parisc: Fix lpa and lpa_user defines".
Greetings!
Daniel Díaz
daniel.diaz@linaro.org
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-01-24 23:39 ` [PATCH 5.4 000/320] 5.4.174-rc1 review Daniel Díaz
@ 2022-01-25 1:49 ` Shuah Khan
2022-01-25 3:42 ` Florian Fainelli
` (2 subsequent siblings)
324 siblings, 0 replies; 334+ messages in thread
From: Shuah Khan @ 2022-01-25 1:49 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, stable, Shuah Khan
On 1/24/22 11:39 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.174 release.
> There are 320 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-01-25 1:49 ` Shuah Khan
@ 2022-01-25 3:42 ` Florian Fainelli
2022-01-25 11:12 ` Greg Kroah-Hartman
2022-01-25 8:32 ` Samuel Zou
2022-01-25 15:10 ` Sudip Mukherjee
324 siblings, 1 reply; 334+ messages in thread
From: Florian Fainelli @ 2022-01-25 3:42 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, sudipm.mukherjee, stable
On 1/24/2022 10:39 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.174 release.
> There are 320 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
same perf/libbpf error as reported by Daniel for arm64.
--
Florian
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-24 23:39 ` [PATCH 5.4 000/320] 5.4.174-rc1 review Daniel Díaz
@ 2022-01-25 7:19 ` Naresh Kamboju
2022-01-25 14:48 ` Helge Deller
2022-01-25 11:11 ` Greg Kroah-Hartman
1 sibling, 1 reply; 334+ messages in thread
From: Naresh Kamboju @ 2022-01-25 7:19 UTC (permalink / raw)
To: Greg Kroah-Hartman, John David Anglin, Helge Deller,
Andrii Nakryiko, Alexei Starovoitov
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, stable,
Daniel Díaz, Yonghong Song
On Tue, 25 Jan 2022 at 05:10, Daniel Díaz <daniel.diaz@linaro.org> wrote:
>
> Hello!
>
> On 1/24/22 12:39, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.4.174 release.
> > There are 320 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
Regressions detected on arm, arm64, i386, x86, parisc.
There are two build breaks,
This is on Perf on arm, arm64, i386, x86:
>
> libbpf.c: In function 'bpf_object__elf_collect':
> libbpf.c:1581:31: error: i nvalid type argument of '->' (have 'GElf_Shdr' {aka 'Elf64_Shdr'})
> 1581 | if (sh->sh_type != SHT_PROGBITS)
> | ^~
> libbpf.c:1585:31: error: invalid type argument of '->' (have 'GElf_Shdr' {aka 'Elf64_Shdr'})
> 1585 | if (sh->sh_type != SHT_PROGBITS)
> | ^~
> make[4]: *** [/builds/linux/tools/build/Makefile.build:97: /home/tuxbuild/.cache/tuxmake/builds/current/staticobjs/libbpf.o] Error 1
This is due to,
commit b98ad671ae465a1a4f76d1438b97cd8172e0ce14
libbpf: Validate that .BTF and .BTF.ext sections contain data
[ Upstream commit 62554d52e71797eefa3fc15b54008038837bb2d4 ]
This is from PA-RISC with gcc-8, gcc-9, gcc-10, gcc-11:
> /builds/linux/drivers/parisc/sba_iommu.c: In function 'sba_io_pdir_entry':
> /builds/linux/arch/parisc/include/asm/special_insns.h:11:3: error: expected ':' or ')' before 'ASM_EXCEPTIONTABLE_ENTRY'
> ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
> ^~~~~~~~~~~~~~~~~~~~~~~~
>
>
Bisection of the latter points to "parisc: Fix lpa and lpa_user defines".
commit 73c8c7ecdc141c20c9dbc8f3ec176e233942b0d9
parisc: Fix lpa and lpa_user defines
[ commit db19c6f1a2a353cc8dec35b4789733a3cf6e2838 upstream ]
>
> Greetings!
>
> Daniel Díaz
> daniel.diaz@linaro.org
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-01-25 3:42 ` Florian Fainelli
@ 2022-01-25 8:32 ` Samuel Zou
2022-01-25 15:10 ` Sudip Mukherjee
324 siblings, 0 replies; 334+ messages in thread
From: Samuel Zou @ 2022-01-25 8:32 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, stable
On 2022/1/25 2:39, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.174 release.
> There are 320 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Tested on arm64 and x86 for 5.4.174-rc1,
Kernel repo:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Branch: linux-5.4.y
Version: 5.4.174-rc1
Commit: 34a12dd3db7fef70acea32b5c7797ef9b9a8b196
Compiler: gcc version 7.3.0 (GCC)
arm64:
--------------------------------------------------------------------
Testcase Result Summary:
total: 9014
passed: 9014
failed: 0
timeout: 0
--------------------------------------------------------------------
x86:
--------------------------------------------------------------------
Testcase Result Summary:
total: 9014
passed: 9014
failed: 0
timeout: 0
--------------------------------------------------------------------
Tested-by: Hulk Robot <hulkrobot@huawei.com>
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-24 23:39 ` [PATCH 5.4 000/320] 5.4.174-rc1 review Daniel Díaz
2022-01-25 7:19 ` Naresh Kamboju
@ 2022-01-25 11:11 ` Greg Kroah-Hartman
1 sibling, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-25 11:11 UTC (permalink / raw)
To: Daniel Díaz
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, stable
On Mon, Jan 24, 2022 at 05:39:58PM -0600, Daniel Díaz wrote:
> Hello!
>
> On 1/24/22 12:39, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.4.174 release.
> > There are 320 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> Regressions detected on arm, arm64, i386, x86, parisc.
>
> This is on Perf on arm, arm64, i386, x86:
>
> libbpf.c: In function 'bpf_object__elf_collect':
> libbpf.c:1581:31: error: invalid type argument of '->' (have 'GElf_Shdr' {aka 'Elf64_Shdr'})
> 1581 | if (sh->sh_type != SHT_PROGBITS)
> | ^~
> libbpf.c:1585:31: error: invalid type argument of '->' (have 'GElf_Shdr' {aka 'Elf64_Shdr'})
> 1585 | if (sh->sh_type != SHT_PROGBITS)
> | ^~
> make[4]: *** [/builds/linux/tools/build/Makefile.build:97: /home/tuxbuild/.cache/tuxmake/builds/current/staticobjs/libbpf.o] Error 1
libbpf is not perf :)
Anyway, I'll go drop the offending libbpf patch, thanks.
> This is from PA-RISC with gcc-8, gcc-9, gcc-10, gcc-11:
>
> /builds/linux/drivers/parisc/sba_iommu.c: In function 'sba_io_pdir_entry':
> /builds/linux/arch/parisc/include/asm/special_insns.h:11:3: error: expected ':' or ')' before 'ASM_EXCEPTIONTABLE_ENTRY'
> ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
> ^~~~~~~~~~~~~~~~~~~~~~~~
>
>
> Bisection of the latter points to "parisc: Fix lpa and lpa_user defines".
thanks, will go drop this one from 5.4.
greg k-h
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-25 3:42 ` Florian Fainelli
@ 2022-01-25 11:12 ` Greg Kroah-Hartman
0 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-25 11:12 UTC (permalink / raw)
To: Florian Fainelli
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, sudipm.mukherjee, stable
On Mon, Jan 24, 2022 at 07:42:11PM -0800, Florian Fainelli wrote:
>
>
> On 1/24/2022 10:39 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.4.174 release.
> > There are 320 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> same perf/libbpf error as reported by Daniel for arm64.
What is the perf issue?
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 260/320] PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
2022-01-24 18:44 ` [PATCH 5.4 260/320] PCI: pciehp: Fix infinite loop in IRQ handler upon power fault Greg Kroah-Hartman
@ 2022-01-25 12:22 ` Bjorn Helgaas
0 siblings, 0 replies; 334+ messages in thread
From: Bjorn Helgaas @ 2022-01-25 12:22 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Joseph Bao, Lukas Wunner, Bjorn Helgaas,
Stuart Hayes
On Mon, Jan 24, 2022 at 07:44:04PM +0100, Greg Kroah-Hartman wrote:
> From: Lukas Wunner <lukas@wunner.de>
>
> commit 23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12 upstream.
I would hold off on backporting the pciehp changes until we resolve
this regression in v5.17-rc1:
https://bugzilla.kernel.org/show_bug.cgi?id=215525
> The Power Fault Detected bit in the Slot Status register differs from
> all other hotplug events in that it is sticky: It can only be cleared
> after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:
>
> If a power controller detects a main power fault on the hot-plug slot,
> it must automatically set its internal main power fault latch [...].
> The main power fault latch is cleared when software turns off power to
> the hot-plug slot.
>
> The stickiness used to cause interrupt storms and infinite loops which
> were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault
> interrupt storm problem") and 99f0169c17f3 ("PCI: pciehp: enable
> software notification on empty slots").
>
> Unfortunately in 2020 the infinite loop issue was inadvertently
> reintroduced by commit 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt
> race"): The hardirq handler pciehp_isr() clears the PFD bit until
> pciehp's power_fault_detected flag is set. That happens in the IRQ
> thread pciehp_ist(), which never learns of the event because the hardirq
> handler is stuck in an infinite loop. Fix by setting the
> power_fault_detected flag already in the hardirq handler.
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=214989
> Link: https://lore.kernel.org/linux-pci/DM8PR11MB5702255A6A92F735D90A4446868B9@DM8PR11MB5702.namprd11.prod.outlook.com
> Fixes: 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt race")
> Link: https://lore.kernel.org/r/66eaeef31d4997ceea357ad93259f290ededecfd.1637187226.git.lukas@wunner.de
> Reported-by: Joseph Bao <joseph.bao@intel.com>
> Tested-by: Joseph Bao <joseph.bao@intel.com>
> Signed-off-by: Lukas Wunner <lukas@wunner.de>
> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
> Cc: stable@vger.kernel.org # v4.19+
> Cc: Stuart Hayes <stuart.w.hayes@gmail.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> drivers/pci/hotplug/pciehp_hpc.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> --- a/drivers/pci/hotplug/pciehp_hpc.c
> +++ b/drivers/pci/hotplug/pciehp_hpc.c
> @@ -577,6 +577,8 @@ read_status:
> */
> if (ctrl->power_fault_detected)
> status &= ~PCI_EXP_SLTSTA_PFD;
> + else if (status & PCI_EXP_SLTSTA_PFD)
> + ctrl->power_fault_detected = true;
>
> events |= status;
> if (!events) {
> @@ -586,7 +588,7 @@ read_status:
> }
>
> if (status) {
> - pcie_capability_write_word(pdev, PCI_EXP_SLTSTA, events);
> + pcie_capability_write_word(pdev, PCI_EXP_SLTSTA, status);
>
> /*
> * In MSI mode, all event bits must be zero before the port
> @@ -660,8 +662,7 @@ static irqreturn_t pciehp_ist(int irq, v
> }
>
> /* Check Power Fault Detected */
> - if ((events & PCI_EXP_SLTSTA_PFD) && !ctrl->power_fault_detected) {
> - ctrl->power_fault_detected = 1;
> + if (events & PCI_EXP_SLTSTA_PFD) {
> ctrl_err(ctrl, "Slot(%s): Power fault\n", slot_name(ctrl));
> pciehp_set_indicators(ctrl, PCI_EXP_SLTCTL_PWR_IND_OFF,
> PCI_EXP_SLTCTL_ATTN_IND_ON);
>
>
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-25 7:19 ` Naresh Kamboju
@ 2022-01-25 14:48 ` Helge Deller
2022-01-25 15:51 ` Greg Kroah-Hartman
0 siblings, 1 reply; 334+ messages in thread
From: Helge Deller @ 2022-01-25 14:48 UTC (permalink / raw)
To: Naresh Kamboju
Cc: Greg Kroah-Hartman, John David Anglin, Helge Deller,
Andrii Nakryiko, Alexei Starovoitov, linux-kernel, torvalds,
akpm, linux, shuah, patches, lkft-triage, pavel, jonathanh,
f.fainelli, sudipm.mukherjee, stable, Daniel Díaz,
Yonghong Song
* Naresh Kamboju <naresh.kamboju@linaro.org>:
> > On 1/24/22 12:39, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 5.4.174 release.
> > > There are 320 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > > and the diffstat can be found below.
> > >
> > > thanks,
> > >
> > > greg k-h
> >
>
> [...]
>
> This is from PA-RISC with gcc-8, gcc-9, gcc-10, gcc-11:
>
> > /builds/linux/drivers/parisc/sba_iommu.c: In function 'sba_io_pdir_entry':
> > /builds/linux/arch/parisc/include/asm/special_insns.h:11:3: error: expected ':' or ')' before 'ASM_EXCEPTIONTABLE_ENTRY'
> > ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
> > ^~~~~~~~~~~~~~~~~~~~~~~~
>
> Bisection of the latter points to "parisc: Fix lpa and lpa_user defines".
>
> commit 73c8c7ecdc141c20c9dbc8f3ec176e233942b0d9
> parisc: Fix lpa and lpa_user defines
> [ commit db19c6f1a2a353cc8dec35b4789733a3cf6e2838 upstream ]
Naresh, thanks for noticing and bisecting!
The problem is, that in v5.4.x we are missing to include a header file
which is probably already indirectly included in the other Linux versions.
Greg, can you either drop this commit:
commit 73c8c7ecdc141c20c9dbc8f3ec176e233942b0d9
parisc: Fix lpa and lpa_user defines
or simply add the patch below to the commit?
Either solution which is easier for you is ok.
Thanks,
Helge
diff --git a/drivers/parisc/sba_iommu.c b/drivers/parisc/sba_iommu.c
index e410033b6df0..e72990c92add 100644
--- a/drivers/parisc/sba_iommu.c
+++ b/drivers/parisc/sba_iommu.c
@@ -31,6 +31,7 @@
#include <asm/byteorder.h>
#include <asm/io.h>
#include <asm/dma.h> /* for DMA_CHUNK_SIZE */
+#include <asm/uaccess.h>
#include <asm/hardware.h> /* for register_parisc_driver() stuff */
^ permalink raw reply related [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-01-25 8:32 ` Samuel Zou
@ 2022-01-25 15:10 ` Sudip Mukherjee
324 siblings, 0 replies; 334+ messages in thread
From: Sudip Mukherjee @ 2022-01-25 15:10 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, stable
Hi Greg,
On Mon, Jan 24, 2022 at 07:39:44PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.174 release.
> There are 320 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> Anything received after that time might be too late.
Build test:
mips (gcc version 11.2.1 20220121): 65 configs -> no new failure
arm (gcc version 11.2.1 20220121): 107 configs -> no new failure
arm64 (gcc version 11.2.1 20220121): 2 configs -> no failure
x86_64 (gcc version 11.2.1 20220121): 4 configs -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
[1]. https://openqa.qa.codethink.co.uk/tests/652
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 334+ messages in thread
* Re: [PATCH 5.4 000/320] 5.4.174-rc1 review
2022-01-25 14:48 ` Helge Deller
@ 2022-01-25 15:51 ` Greg Kroah-Hartman
0 siblings, 0 replies; 334+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-25 15:51 UTC (permalink / raw)
To: Helge Deller
Cc: Naresh Kamboju, John David Anglin, Andrii Nakryiko,
Alexei Starovoitov, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, stable, Daniel Díaz, Yonghong Song
On Tue, Jan 25, 2022 at 03:48:31PM +0100, Helge Deller wrote:
> * Naresh Kamboju <naresh.kamboju@linaro.org>:
> > > On 1/24/22 12:39, Greg Kroah-Hartman wrote:
> > > > This is the start of the stable review cycle for the 5.4.174 release.
> > > > There are 320 patches in this series, all will be posted as a response
> > > > to this one. If anyone has any issues with these being applied, please
> > > > let me know.
> > > >
> > > > Responses should be made by Wed, 26 Jan 2022 18:39:11 +0000.
> > > > Anything received after that time might be too late.
> > > >
> > > > The whole patch series can be found in one patch at:
> > > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.174-rc1.gz
> > > > or in the git tree and branch at:
> > > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> > > > and the diffstat can be found below.
> > > >
> > > > thanks,
> > > >
> > > > greg k-h
> > >
> >
> > [...]
> >
> > This is from PA-RISC with gcc-8, gcc-9, gcc-10, gcc-11:
> >
> > > /builds/linux/drivers/parisc/sba_iommu.c: In function 'sba_io_pdir_entry':
> > > /builds/linux/arch/parisc/include/asm/special_insns.h:11:3: error: expected ':' or ')' before 'ASM_EXCEPTIONTABLE_ENTRY'
> > > ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
> > > ^~~~~~~~~~~~~~~~~~~~~~~~
> >
> > Bisection of the latter points to "parisc: Fix lpa and lpa_user defines".
> >
> > commit 73c8c7ecdc141c20c9dbc8f3ec176e233942b0d9
> > parisc: Fix lpa and lpa_user defines
> > [ commit db19c6f1a2a353cc8dec35b4789733a3cf6e2838 upstream ]
>
> Naresh, thanks for noticing and bisecting!
>
> The problem is, that in v5.4.x we are missing to include a header file
> which is probably already indirectly included in the other Linux versions.
>
> Greg, can you either drop this commit:
>
> commit 73c8c7ecdc141c20c9dbc8f3ec176e233942b0d9
> parisc: Fix lpa and lpa_user defines
>
> or simply add the patch below to the commit?
>
> Either solution which is easier for you is ok.
I've just dropped it now, thanks.
greg k-h
^ permalink raw reply [flat|nested] 334+ messages in thread
end of thread, other threads:[~2022-01-25 15:53 UTC | newest]
Thread overview: 334+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-24 18:39 [PATCH 5.4 000/320] 5.4.174-rc1 review Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 001/320] HID: uhid: Fix worker destroying device without any protection Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 002/320] HID: wacom: Reset expected and received contact counts at the same time Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 003/320] HID: wacom: Ignore the confidence flag when a touch is removed Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 004/320] HID: wacom: Avoid using stale array indicies to read contact count Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 005/320] f2fs: fix to do sanity check in is_alive() Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 006/320] nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 007/320] mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings Greg Kroah-Hartman
2022-01-24 20:41 ` Pavel Machek
2022-01-24 21:01 ` Christian Eggers
2022-01-24 18:39 ` [PATCH 5.4 008/320] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 009/320] x86/gpu: Reserve stolen memory for first integrated Intel GPU Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 010/320] tools/nolibc: x86-64: Fix startup code bug Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 011/320] tools/nolibc: i386: fix initial stack alignment Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 012/320] tools/nolibc: fix incorrect truncation of exit code Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 013/320] rtc: cmos: take rtc_lock while reading from CMOS Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 014/320] media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE Greg Kroah-Hartman
2022-01-24 18:39 ` [PATCH 5.4 015/320] media: flexcop-usb: fix control-message timeouts Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 016/320] media: mceusb: " Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 017/320] media: em28xx: " Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 018/320] media: cpia2: " Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 019/320] media: s2255: " Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 020/320] media: dib0700: fix undefined behavior in tuner shutdown Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 021/320] media: redrat3: fix control-message timeouts Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 022/320] media: pvrusb2: " Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 023/320] media: stk1160: " Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 024/320] can: softing_cs: softingcs_probe(): fix memleak on registration failure Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 025/320] lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 026/320] iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 027/320] dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 028/320] PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 029/320] mm_zone: add function to check if managed dma zone exists Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 030/320] mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 031/320] shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 032/320] drm/rockchip: dsi: Hold pm-runtime across bind/unbind Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 033/320] drm/rockchip: dsi: Reconfigure hardware on resume() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 034/320] drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 035/320] drm/panel: innolux-p079zca: " Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 036/320] drm/rockchip: dsi: Fix unbalanced clock on probe error Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 037/320] Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 038/320] clk: bcm-2835: Pick the closest clock rate Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 039/320] clk: bcm-2835: Remove rounding up the dividers Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 040/320] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 041/320] wcn36xx: Release DMA channel descriptor allocations Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 042/320] media: videobuf2: Fix the size printk format Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 043/320] media: aspeed: fix mode-detect always time out at 2nd run Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 044/320] media: em28xx: fix memory leak in em28xx_init_dev Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 045/320] media: aspeed: Update signal status immediately to ensure sane hw state Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 046/320] arm64: dts: meson-gxbb-wetek: fix HDMI in early boot Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 047/320] arm64: dts: meson-gxbb-wetek: fix missing GPIO binding Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 048/320] Bluetooth: stop proccessing malicious adv data Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 049/320] tee: fix put order in teedev_close_context() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 050/320] media: dmxdev: fix UAF when dvb_register_device() fails Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 051/320] crypto: qce - fix uaf on qce_ahash_register_one Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 052/320] arm64: dts: ti: k3-j721e: correct cache-sets info Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 053/320] tty: serial: atmel: Check return code of dmaengine_submit() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 054/320] tty: serial: atmel: Call dma_async_issue_pending() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 055/320] media: rcar-csi2: Correct the selection of hsfreqrange Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 056/320] media: imx-pxp: Initialize the spinlock prior to using it Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 057/320] media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 058/320] media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 059/320] media: venus: core: Fix a resource leak in the error handling path of venus_probe() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 060/320] netfilter: bridge: add support for pppoe filtering Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 061/320] arm64: dts: qcom: msm8916: fix MMC controller aliases Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 062/320] ACPI: EC: Rework flushing of EC work while suspended to idle Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 063/320] drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 064/320] drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 065/320] arm64: dts: ti: k3-j721e: Fix the L2 cache sets Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 066/320] tty: serial: uartlite: allow 64 bit address Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 067/320] serial: amba-pl011: do not request memory region twice Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 068/320] floppy: Fix hang in watchdog when disk is ejected Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 069/320] staging: rtl8192e: return error code from rtllib_softmac_init() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 070/320] staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 071/320] Bluetooth: btmtksdio: fix resume failure Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 072/320] media: dib8000: Fix a memleak in dib8000_init() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 073/320] media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 074/320] media: si2157: Fix "warm" tuner state detection Greg Kroah-Hartman
2022-01-24 18:40 ` [PATCH 5.4 075/320] sched/rt: Try to restart rt period timer when rt runtime exceeded Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 076/320] rcu/exp: Mark current CPU as exp-QS in IPI loop second pass Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 077/320] mwifiex: Fix possible ABBA deadlock Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 078/320] xfrm: fix a small bug in xfrm_sa_len() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 079/320] crypto: stm32/cryp - fix xts and race condition in crypto_engine requests Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 080/320] crypto: stm32/cryp - fix double pm exit Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 081/320] crypto: stm32/cryp - fix lrw chaining mode Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 082/320] ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 083/320] media: dw2102: Fix use after free Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 084/320] media: msi001: fix possible null-ptr-deref in msi001_probe() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 085/320] media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 086/320] drm/msm/dpu: fix safe status debugfs file Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 087/320] drm/bridge: ti-sn65dsi86: Set max register for regmap Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 088/320] media: hantro: Fix probe func error path Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 089/320] xfrm: interface with if_id 0 should return error Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 090/320] xfrm: state and policy should fail if XFRMA_IF_ID 0 Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 091/320] ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 092/320] usb: ftdi-elan: fix memory leak on device disconnect Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 093/320] ARM: dts: armada-38x: Add generic compatible to UART nodes Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 094/320] mmc: meson-mx-sdio: add IRQ check Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 095/320] selinux: fix potential memleak in selinux_add_opt() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 096/320] bpftool: Enable line buffering for stdout Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 097/320] x86/mce/inject: Avoid out-of-bounds write when setting flags Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 098/320] ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 099/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 100/320] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 101/320] netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 102/320] bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 103/320] ppp: ensure minimum packet size in ppp_write() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 104/320] rocker: fix a sleeping in atomic bug Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 105/320] staging: greybus: audio: Check null pointer Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 106/320] fsl/fman: Check for null pointer after calling devm_ioremap Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 107/320] Bluetooth: hci_bcm: Check for error irq Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 108/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 109/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 110/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 111/320] HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 112/320] debugfs: lockdown: Allow reading debugfs files that are not world readable Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 113/320] net/mlx5e: Dont block routes with nexthop objects in SW Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 114/320] Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels" Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 115/320] net/mlx5: Set command entry semaphore up once got index free Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 116/320] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 117/320] tpm: add request_locality before write TPM_INT_ENABLE Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 118/320] can: softing: softing_startstop(): fix set but not used variable warning Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 119/320] can: xilinx_can: xcan_probe(): check for error irq Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 120/320] pcmcia: fix setting of kthread task states Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 121/320] net: mcs7830: handle usb read errors properly Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 122/320] ext4: avoid trim error on fs with small groups Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 123/320] ALSA: jack: Add missing rwsem around snd_ctl_remove() calls Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 124/320] ALSA: PCM: " Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 125/320] ALSA: hda: " Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 126/320] RDMA/hns: Validate the pkey index Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 127/320] clk: imx8mn: Fix imx8mn_clko1_sels Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 128/320] powerpc/prom_init: Fix improper check of prom_getprop() Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 129/320] ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 130/320] ALSA: oss: fix compile error when OSS_DEBUG is enabled Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 131/320] char/mwave: Adjust io port register size Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 132/320] binder: fix handling of error during copy Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 133/320] uio: uio_dmem_genirq: Catch the Exception Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 134/320] iommu/io-pgtable-arm: Fix table descriptor paddr formatting Greg Kroah-Hartman
2022-01-24 18:41 ` [PATCH 5.4 135/320] scsi: ufs: Fix race conditions related to driver data Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 136/320] PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 137/320] powerpc/powermac: Add additional missing lockdep_register_key() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 138/320] RDMA/core: Let ib_find_gid() continue search even after empty entry Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 139/320] RDMA/cma: Let cma_resolve_ib_dev() " Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 140/320] ASoC: rt5663: Handle device_property_read_u32_array error codes Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 141/320] clk: stm32: Fix ltdcs clock turn off by clk_disable_unused() after system enter shell Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 142/320] dmaengine: pxa/mmp: stop referencing config->slave_id Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 143/320] iommu/iova: Fix race between FQ timeout and teardown Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 144/320] phy: uniphier-usb3ss: fix unintended writing zeros to PHY register Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 145/320] ASoC: mediatek: Check for error clk pointer Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 146/320] ASoC: samsung: idma: Check of ioremap return value Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 147/320] misc: lattice-ecp3-config: Fix task hung when firmware load failed Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 148/320] mips: lantiq: add support for clk_set_parent() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 149/320] mips: bcm63xx: " Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 150/320] RDMA/cxgb4: Set queue pair state when being queried Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 151/320] of: base: Fix phandle argument length mismatch error message Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 152/320] Bluetooth: Fix debugfs entry leak in hci_register_dev() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 153/320] fs: dlm: filter user dlm messages for kernel locks Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 154/320] libbpf: Validate that .BTF and .BTF.ext sections contain data Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 155/320] drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 156/320] ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 157/320] drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 158/320] ARM: shmobile: rcar-gen2: Add missing of_node_put() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 159/320] batman-adv: allow netlink usage in unprivileged containers Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 160/320] usb: gadget: f_fs: Use stream_open() for endpoint files Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 161/320] drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 162/320] HID: apple: Do not reset quirks when the Fn key is not found Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 163/320] media: b2c2: Add missing check in flexcop_pci_isr: Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 164/320] EDAC/synopsys: Use the quirk for version instead of ddr version Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 165/320] ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 166/320] mlxsw: pci: Add shutdown method in PCI driver Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 167/320] drm/bridge: megachips: Ensure both bridges are probed before registration Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 168/320] gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 169/320] HSI: core: Fix return freed object in hsi_new_client Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 170/320] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 171/320] rsi: Fix use-after-free in rsi_rx_done_handler() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 172/320] rsi: Fix out-of-bounds read in rsi_read_pkt() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 173/320] usb: uhci: add aspeed ast2600 uhci support Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 174/320] floppy: Add max size check for user space request Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 175/320] x86/mm: Flush global TLB when switching to trampoline page-table Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 176/320] media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 177/320] media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 178/320] media: m920x: dont use stack on USB reads Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 179/320] iwlwifi: mvm: synchronize with FW after multicast commands Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 180/320] ath10k: Fix tx hanging Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 181/320] net-sysfs: update the queue counts in the unregistration path Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 182/320] net: phy: prefer 1000baseT over 1000baseKX Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 183/320] gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 184/320] x86/mce: Mark mce_panic() noinstr Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 185/320] x86/mce: Mark mce_end() noinstr Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 186/320] x86/mce: Mark mce_read_aux() noinstr Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 187/320] net: bonding: debug: avoid printing debug logs when bond is not notifying peers Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 188/320] bpf: Do not WARN in bpf_warn_invalid_xdp_action() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 189/320] HID: quirks: Allow inverting the absolute X/Y values Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 190/320] media: igorplugusb: receiver overflow should be reported Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 191/320] media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 192/320] mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 193/320] audit: ensure userspace is penalized the same as the kernel when under pressure Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 194/320] arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus Greg Kroah-Hartman
2022-01-24 18:42 ` [PATCH 5.4 195/320] arm64: tegra: Adjust length of CCPLEX cluster MMIO region Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 196/320] cpufreq: Fix initialization of min and max frequency QoS requests Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 197/320] usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 198/320] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 199/320] iwlwifi: fix leaks/bad data after failed firmware load Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 200/320] iwlwifi: remove module loading failure message Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 201/320] iwlwifi: mvm: Fix calculation of frame length Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 202/320] um: registers: Rename function names to avoid conflicts and build problems Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 203/320] jffs2: GC deadlock reading a page that is used in jffs2_write_begin() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 204/320] ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 205/320] ACPICA: Utilities: Avoid deleting the same object twice in a row Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 206/320] ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 207/320] ACPICA: Fix wrong interpretation of PCC address Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 208/320] ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 209/320] drm/amdgpu: fixup bad vram size on gmc v8 Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 210/320] ACPI: battery: Add the ThinkPad "Not Charging" quirk Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 211/320] btrfs: remove BUG_ON() in find_parent_nodes() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 212/320] btrfs: remove BUG_ON(!eie) in find_parent_nodes Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 213/320] net: mdio: Demote probed message to debug print Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 214/320] mac80211: allow non-standard VHT MCS-10/11 Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 215/320] dm btree: add a defensive bounds check to insert_at() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 216/320] dm space map common: add bounds check to sm_ll_lookup_bitmap() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 217/320] net: phy: marvell: configure RGMII delays for 88E1118 Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 218/320] net: gemini: allow any RGMII interface mode Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 219/320] regulator: qcom_smd: Align probe function with rpmh-regulator Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 220/320] serial: pl010: Drop CR register reset on set_termios Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 221/320] serial: core: Keep mctrl register state and cached copy in sync Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 222/320] random: do not throw away excess input to crng_fast_load Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 223/320] parisc: Avoid calling faulthandler_disabled() twice Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 224/320] powerpc/6xx: add missing of_node_put Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 225/320] powerpc/powernv: " Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 226/320] powerpc/cell: " Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 227/320] powerpc/btext: " Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 228/320] powerpc/watchdog: Fix missed watchdog reset due to memory ordering race Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 229/320] i2c: i801: Dont silently correct invalid transfer size Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 230/320] powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 231/320] i2c: mpc: Correct I2C reset procedure Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 232/320] clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 233/320] powerpc/powermac: Add missing lockdep_register_key() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 234/320] KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 235/320] w1: Misuse of get_user()/put_user() reported by sparse Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 236/320] scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 237/320] ALSA: seq: Set upper limit of processed events Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 238/320] powerpc: handle kdump appropriately with crash_kexec_post_notifiers option Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 239/320] MIPS: OCTEON: add put_device() after of_find_device_by_node() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 240/320] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 241/320] MIPS: Octeon: Fix build errors using clang Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 242/320] scsi: sr: Dont use GFP_DMA Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 243/320] ASoC: mediatek: mt8173: fix device_node leak Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 244/320] power: bq25890: Enable continuous conversion for ADC at charging Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 245/320] rpmsg: core: Clean up resources on announce_create failure Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 246/320] crypto: omap-aes - Fix broken pm_runtime_and_get() usage Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 247/320] crypto: stm32/crc32 - Fix kernel BUG triggered in probe() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 248/320] crypto: caam - replace this_cpu_ptr with raw_cpu_ptr Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 249/320] ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 250/320] fuse: Pass correct lend value to filemap_write_and_wait_range() Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 251/320] serial: Fix incorrect rs485 polarity on uart open Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 252/320] cputime, cpuacct: Include guest time in user time in cpuacct.stat Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 253/320] tracing/kprobes: nmissed not showed correctly for kretprobe Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 254/320] iwlwifi: mvm: Increase the scan timeout guard to 30 seconds Greg Kroah-Hartman
2022-01-24 18:43 ` [PATCH 5.4 255/320] s390/mm: fix 2KB pgtable release race Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 256/320] drm/etnaviv: limit submit sizes Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 257/320] drm/nouveau/kms/nv04: use vzalloc for nv04_display Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 258/320] drm/bridge: analogix_dp: Make PSR-exit block less Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 259/320] parisc: Fix lpa and lpa_user defines Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 260/320] PCI: pciehp: Fix infinite loop in IRQ handler upon power fault Greg Kroah-Hartman
2022-01-25 12:22 ` Bjorn Helgaas
2022-01-24 18:44 ` [PATCH 5.4 261/320] PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 262/320] PCI: pci-bridge-emul: Correctly set PCIe capabilities Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 263/320] PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 264/320] xfrm: fix policy lookup for ipv6 gre packets Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 265/320] btrfs: fix deadlock between quota enable and other quota operations Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 266/320] btrfs: check the root node for uptodate before returning it Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 267/320] btrfs: respect the max size in the header when activating swap file Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 268/320] ext4: make sure to reset inode lockdep class when quota enabling fails Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 269/320] ext4: make sure quota gets properly shutdown on error Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 270/320] ext4: set csum seed in tmp inode while migrating to extents Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 271/320] ext4: Fix BUG_ON in ext4_bread when write quota data Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 272/320] ext4: dont use the orphan list when migrating an inode Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 273/320] drm/radeon: fix error handling in radeon_driver_open_kms Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 274/320] of: base: Improve argument length mismatch error Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 275/320] firmware: Update Kconfig help text for Google firmware Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 276/320] media: rcar-csi2: Optimize the selection PHTW register Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 277/320] Documentation: dmaengine: Correctly describe dmatest with channel unset Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 278/320] Documentation: ACPI: Fix data node reference documentation Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 279/320] Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 280/320] Documentation: fix firewire.rst ABI file path error Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 281/320] scsi: core: Show SCMD_LAST in text form Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 282/320] RDMA/hns: Modify the mapping attribute of doorbell to device Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 283/320] RDMA/rxe: Fix a typo in opcode name Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 284/320] dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 285/320] Revert "net/mlx5: Add retry mechanism to the command entry index allocation" Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 286/320] powerpc/cell: Fix clang -Wimplicit-fallthrough warning Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 287/320] powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 288/320] bpftool: Remove inclusion of utilities.mak from Makefiles Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 289/320] ipv4: avoid quadratic behavior in netns dismantle Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 290/320] net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 291/320] parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 292/320] f2fs: fix to reserve space for IO align feature Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 293/320] af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 294/320] clk: si5341: Fix clock HW provider cleanup Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 295/320] net: axienet: limit minimum TX ring size Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 296/320] net: axienet: fix number of TX ring slots for available check Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 297/320] net: axienet: increase default TX ring size to 128 Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 298/320] rtc: pxa: fix null pointer dereference Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 299/320] inet: frags: annotate races around fqdir->dead and fqdir->high_thresh Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 300/320] netns: add schedule point in ops_exit_list() Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 301/320] xfrm: Dont accidentally set RTO_ONLINK in decode_session4() Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 302/320] gre: Dont accidentally set RTO_ONLINK in gre_fill_metadata_dst() Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 303/320] libcxgb: Dont accidentally set RTO_ONLINK in cxgb_find_route() Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 304/320] perf script: Fix hex dump character output Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 305/320] dmaengine: at_xdmac: Dont start transactions at tx_submit level Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 306/320] dmaengine: at_xdmac: Print debug message after realeasing the lock Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 307/320] dmaengine: at_xdmac: Fix concurrency over xfers_list Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 308/320] dmaengine: at_xdmac: Fix lld view setting Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 309/320] dmaengine: at_xdmac: Fix at_xdmac_lld struct definition Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 310/320] arm64: dts: qcom: msm8996: drop not documented adreno properties Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 311/320] net_sched: restore "mpu xxx" handling Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 312/320] bcmgenet: add WOL IRQ check Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 313/320] net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 314/320] dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property Greg Kroah-Hartman
2022-01-24 18:44 ` [PATCH 5.4 315/320] dt-bindings: display: meson-vpu: Add missing amlogic,canvas property Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 316/320] scripts/dtc: dtx_diff: remove broken example from help text Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 317/320] lib82596: Fix IRQ check in sni_82596_probe Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 318/320] lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 319/320] mtd: nand: bbt: Fix corner case in bad block table handling Greg Kroah-Hartman
2022-01-24 18:45 ` [PATCH 5.4 320/320] Revert "ia64: kprobes: Use generic kretprobe trampoline handler" Greg Kroah-Hartman
2022-01-24 23:39 ` [PATCH 5.4 000/320] 5.4.174-rc1 review Daniel Díaz
2022-01-25 7:19 ` Naresh Kamboju
2022-01-25 14:48 ` Helge Deller
2022-01-25 15:51 ` Greg Kroah-Hartman
2022-01-25 11:11 ` Greg Kroah-Hartman
2022-01-25 1:49 ` Shuah Khan
2022-01-25 3:42 ` Florian Fainelli
2022-01-25 11:12 ` Greg Kroah-Hartman
2022-01-25 8:32 ` Samuel Zou
2022-01-25 15:10 ` Sudip Mukherjee
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).