* [PATCH 5.4 000/411] 5.4.198-rc1 review
@ 2022-06-13 10:04 Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 001/411] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
` (415 more replies)
0 siblings, 416 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade
This is the start of the stable review cycle for the 5.4.198 release.
There are 411 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.198-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.4.198-rc1
Tokunori Ikegami <ikegami.t@gmail.com>
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
Pascal Hambourg <pascal@plouf.fr.eu.org>
md/raid0: Ignore RAID0 layout if the second zone has only one device
Michael Ellerman <mpe@ellerman.id.au>
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Mathias Nyman <mathias.nyman@linux.intel.com>
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
Olivier Matz <olivier.matz@6wind.com>
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
Olivier Matz <olivier.matz@6wind.com>
ixgbe: fix bcast packets Rx on VF after promisc removal
Martin Faltesek <mfaltesek@google.com>
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
Martin Faltesek <mfaltesek@google.com>
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
Adrian Hunter <adrian.hunter@intel.com>
mmc: block: Fix CQE recovery reset success
Sergey Shtylyov <s.shtylyov@omp.ru>
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
Shyam Prasad N <sprasad@microsoft.com>
cifs: return errors during session setup during reconnects
huangwenhui <huangwenhuia@uniontech.com>
ALSA: hda/conexant - Fix loopback issue with CX20632
Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
scripts/gdb: change kernel config dumping method
Xie Yongji <xieyongji@bytedance.com>
vringh: Fix loop descriptors check in the indirect cases
Kees Cook <keescook@chromium.org>
nodemask: Fix return values to be unsigned
Steve French <stfrench@microsoft.com>
cifs: version operations for smb20 unneeded when legacy support disabled
Christian Borntraeger <borntraeger@linux.ibm.com>
s390/gmap: voluntarily schedule during key setting
Yu Kuai <yukuai3@huawei.com>
nbd: fix io hung while disconnecting device
Yu Kuai <yukuai3@huawei.com>
nbd: fix race between nbd_alloc_config() and module removal
Yu Kuai <yukuai3@huawei.com>
nbd: call genl_unregister_family() first in nbd_cleanup()
Peter Zijlstra <peterz@infradead.org>
x86/cpu: Elide KCSAN for cpu_has() and friends
Masahiro Yamada <masahiroy@kernel.org>
modpost: fix undefined behavior of is_arm_mapping_symbol()
Gong Yuanjun <ruc_gongyuanjun@163.com>
drm/radeon: fix a possible null pointer dereference
Venky Shankar <vshankar@redhat.com>
ceph: allow ceph.dir.rctime xattr to be updatable
Michal Kubecek <mkubecek@suse.cz>
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
Hannes Reinecke <hare@suse.de>
scsi: myrb: Fix up null pointer access on myrb_cleanup()
Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
md: protect md_unregister_thread from reentrancy
Liu Xinpeng <liuxp11@chinatelecom.cn>
watchdog: wdat_wdt: Stop watchdog when rebooting the system
Hao Luo <haoluo@google.com>
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
John Ogness <john.ogness@linutronix.de>
serial: msm_serial: disable interrupts in __msm_console_write()
Wang Cheng <wanngchenng@gmail.com>
staging: rtl8712: fix uninit-value in r871xu_drv_init()
Wang Cheng <wanngchenng@gmail.com>
staging: rtl8712: fix uninit-value in usb_read8() and friends
Andre Przywara <andre.przywara@arm.com>
clocksource/drivers/sp804: Avoid error on multiple instances
bumwoo lee <bw365.lee@samsung.com>
extcon: Modify extcon device to be created after driver data is set
Shuah Khan <skhan@linuxfoundation.org>
misc: rtsx: set NULL intfdata when probe fails
Marek Szyprowski <m.szyprowski@samsung.com>
usb: dwc2: gadget: don't reset gadget's driver->bus
Evan Green <evgreen@chromium.org>
USB: hcd-pci: Fully suspend across freeze/thaw cycle
Duoming Zhou <duoming@zju.edu.cn>
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
Duoming Zhou <duoming@zju.edu.cn>
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
Zhen Ni <nizhen@uniontech.com>
USB: host: isp116x: check return value after calling platform_get_resource()
Duoming Zhou <duoming@zju.edu.cn>
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
Duoming Zhou <duoming@zju.edu.cn>
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
Huang Guobin <huangguobin4@huawei.com>
tty: Fix a possible resource leak in icom_probe
Zheyu Ma <zheyuma97@gmail.com>
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
Kees Cook <keescook@chromium.org>
lkdtm/usercopy: Expand size of "out of frame" object
Miquel Raynal <miquel.raynal@bootlin.com>
iio: st_sensors: Add a local lock for protecting odr
Xiaoke Wang <xkernel.wang@foxmail.com>
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
Linus Torvalds <torvalds@linux-foundation.org>
drm: imx: fix compiler warning with gcc-12
Miaoqian Lin <linmq006@gmail.com>
net: altera: Fix refcount leak in altera_tse_mdio_create
Willem de Bruijn <willemb@google.com>
ip_gre: test csum_start instead of transport header
Mark Bloch <mbloch@nvidia.com>
net/mlx5: fs, fail conflicting actions
Feras Daoud <ferasda@nvidia.com>
net/mlx5: Rearm the FW tracer after each tracer event
Masahiro Yamada <masahiroy@kernel.org>
net: ipv6: unexport __init-annotated seg6_hmac_init()
Masahiro Yamada <masahiroy@kernel.org>
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
Masahiro Yamada <masahiroy@kernel.org>
net: mdio: unexport __init-annotated mdio_bus_init()
Chuck Lever <chuck.lever@oracle.com>
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
Gal Pressman <gal@nvidia.com>
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
Miaoqian Lin <linmq006@gmail.com>
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
Eric Dumazet <edumazet@google.com>
bpf, arm64: Clear prog->jited_len along prog->jited
Kuniyuki Iwashima <kuniyu@amazon.com>
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
Masahiro Yamada <masahiroy@kernel.org>
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: memleak flow rule from commit path
Miaoqian Lin <linmq006@gmail.com>
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
Florian Westphal <fw@strlen.de>
netfilter: nat: really support inet nat without l3 address
Kinglong Mee <kinglongmee@gmail.com>
xprtrdma: treat all calls not a bcall when bc_serv is NULL
Yang Yingliang <yangyingliang@huawei.com>
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4: Don't hold the layoutget locks across multiple RPC calls
Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
Greg Ungerer <gerg@linux-m68k.org>
m68knommu: fix undefined reference to `_init_sp'
Greg Ungerer <gerg@linux-m68k.org>
m68knommu: set ZERO_PAGE() to the allocated zeroed page
Lucas Tanure <tanureal@opensource.cirrus.com>
i2c: cadence: Increase timeout per message if necessary
Dongliang Mu <mudongliangabcd@gmail.com>
f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
Mark-PK Tsai <mark-pk.tsai@mediatek.com>
tracing: Avoid adding tracer option before update_tracer_options
Jun Miao <jun.miao@intel.com>
tracing: Fix sleeping function called from invalid context on RT kernel
Gong Yuanjun <ruc_gongyuanjun@163.com>
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
Leo Yan <leo.yan@linaro.org>
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
Hoang Le <hoang.h.le@dektech.com.au>
tipc: check attribute length for bearer name
David Howells <dhowells@redhat.com>
afs: Fix infinite loop found by xfstest generic/676
Eric Dumazet <edumazet@google.com>
tcp: tcp_rtx_synack() can be called from process context
Guoju Fang <gjfang@linux.alibaba.com>
net: sched: add barrier to fix packet stuck problem for lockless qdisc
Maxim Mikityanskiy <maximmi@nvidia.com>
net/mlx5e: Update netdev features after changing XDP state
Leon Romanovsky <leonro@nvidia.com>
net/mlx5: Don't use already freed action pointer
Yu Xiao <yu.xiao@corigine.com>
nfp: only report pause frame configuration for physical device
Zhihao Cheng <chengzhihao1@huawei.com>
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
Baokun Li <libaokun1@huawei.com>
jffs2: fix memory leak in jffs2_do_fill_super
Alexander Lobakin <alexandr.lobakin@intel.com>
modpost: fix removing numeric suffixes
Miaoqian Lin <linmq006@gmail.com>
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
Dan Carpenter <dan.carpenter@oracle.com>
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
Vincent Ray <vray@kalrayinc.com>
net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
Jann Horn <jannh@google.com>
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
Miaoqian Lin <linmq006@gmail.com>
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
Zhang Wensheng <zhangwensheng5@huawei.com>
driver core: fix deadlock in __device_attach
Schspa Shi <schspa@gmail.com>
driver: base: fix UAF when driver_attach failed
Tony Lindgren <tony@atomide.com>
bus: ti-sysc: Fix warnings for unbind for serial
Miaoqian Lin <linmq006@gmail.com>
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: stm32-usart: Correct CSIZE, bits, and parity
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: sifive: Sanitize CSIZE and c_iflag
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: sh-sci: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: txx9: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: rda-uart: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: digicolor-usart: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
John Ogness <john.ogness@linutronix.de>
serial: meson: acquire port->lock in startup()
Yang Yingliang <yangyingliang@huawei.com>
rtc: mt6397: check return value after calling platform_get_resource()
Samuel Holland <samuel@sholland.org>
clocksource/drivers/riscv: Events are stopped during CPU suspend
Miaoqian Lin <linmq006@gmail.com>
soc: rockchip: Fix refcount leak in rockchip_grf_init
Guilherme G. Piccoli <gpiccoli@igalia.com>
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
Maciej W. Rozycki <macro@orcam.me.uk>
serial: sifive: Report actual baud base rather than fixed 115200
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
Cixi Geng <cixi.geng1@unisoc.com>
iio: adc: sc27xx: Fine tune the scale calibration values
Cixi Geng <cixi.geng1@unisoc.com>
iio: adc: sc27xx: fix read big scale voltage not right
Miaoqian Lin <linmq006@gmail.com>
iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
Xiaomeng Tong <xiam0nd.tong@gmail.com>
firmware: stratix10-svc: fix a missing check on list iterator
Zheng Yongjun <zhengyongjun3@huawei.com>
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
pwm: lp3943: Fix duty calculation in case period was clamped
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
Miaoqian Lin <linmq006@gmail.com>
usb: musb: Fix missing of_node_put() in omap2430_probe
Lin Ma <linma@zju.edu.cn>
USB: storage: karma: fix rio_karma_init return
Niels Dossche <dossche.niels@gmail.com>
usb: usbip: add missing device lock on tweak configuration cmd
Hangyu Hua <hbh25y@gmail.com>
usb: usbip: fix a refcount leak in stub_probe()
Sherry Sun <sherry.sun@nxp.com>
tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
Miaoqian Lin <linmq006@gmail.com>
tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
Wang Weiyang <wangweiyang2@huawei.com>
tty: goldfish: Use tty_port_destroy() to destroy port
Alexandru Tachici <alexandru.tachici@analog.com>
iio: adc: ad7124: Remove shift from scan_type
Jakob Koschel <jakobkoschel@gmail.com>
staging: greybus: codecs: fix type confusion of list iterator variable
Randy Dunlap <rdunlap@infradead.org>
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
Jia-Ju Bai <baijiaju1990@gmail.com>
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
Jan Kara <jack@suse.cz>
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
Jan Kara <jack@suse.cz>
bfq: Make sure bfqg for which we are queueing requests is online
Jan Kara <jack@suse.cz>
bfq: Get rid of __bio_blkcg() usage
Jan Kara <jack@suse.cz>
bfq: Remove pointless bfq_init_rq() calls
Jan Kara <jack@suse.cz>
bfq: Drop pointless unlock-lock pair
Jan Kara <jack@suse.cz>
bfq: Avoid merging queues with different parents
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
Xiao Yang <yangx.jy@fujitsu.com>
RDMA/rxe: Generate a completion for unsupported/invalid opcode
Nick Desaulniers <ndesaulniers@google.com>
Kconfig: add config option for asm goto w/ outputs
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix reset-controller leak on probe errors
Tejun Heo <tj@kernel.org>
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
Dinh Nguyen <dinguyen@kernel.org>
dt-bindings: gpio: altera: correct interrupt-cells
Akira Yokosawa <akiyks@gmail.com>
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
Arnd Bergmann <arnd@arndb.de>
ARM: pxa: maybe fix gpio lookup tables
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix struct clk leak on probe errors
Kathiravan T <quic_kathirav@quicinc.com>
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
Xiaomeng Tong <xiam0nd.tong@gmail.com>
gma500: fix an incorrect NULL check on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
Jiri Slaby <jslaby@suse.cz>
serial: pch: don't overwrite xmit->buf[0] by x_char
Xiaomeng Tong <xiam0nd.tong@gmail.com>
carl9170: tx: fix an incorrect use of list iterator
Mark Brown <broonie@kernel.org>
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
Alexander Wetzel <alexander@wetzel-home.de>
rtl818x: Prevent using not initialized queues
Mike Kravetz <mike.kravetz@oracle.com>
hugetlb: fix huge_pmd_unshare address update
Christophe de Dinechin <dinechin@redhat.com>
nodemask.h: fix compilation error with GCC12
Xiaomeng Tong <xiam0nd.tong@gmail.com>
iommu/msm: Fix an incorrect NULL check on list iterator
Vincent Whitchurch <vincent.whitchurch@axis.com>
um: Fix out-of-bounds read in LDT setup
Johannes Berg <johannes.berg@intel.com>
um: chan_user: Fix winch_tramp() return value
Felix Fietkau <nbd@nbd.name>
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
Max Filippov <jcmvbkbc@gmail.com>
irqchip: irq-xtensa-mx: fix initial IRQ affinity
Pali Rohár <pali@kernel.org>
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
RDMA/hfi1: Fix potential integer multiplication overflow errors
Sean Christopherson <seanjc@google.com>
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: coda: Add more H264 levels for CODA960
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: coda: Fix reported H264 profile
Tokunori Ikegami <ikegami.t@gmail.com>
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
Xiaomeng Tong <xiam0nd.tong@gmail.com>
md: fix an incorrect NULL check in md_reload_sb
Xiaomeng Tong <xiam0nd.tong@gmail.com>
md: fix an incorrect NULL check in does_sb_need_changing
Brian Norris <briannorris@chromium.org>
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
Xiaomeng Tong <xiam0nd.tong@gmail.com>
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
Dave Airlie <airlied@redhat.com>
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
Xiaomeng Tong <xiam0nd.tong@gmail.com>
scsi: dc395x: Fix a missing check on list iterator
Junxiao Bi via Ocfs2-devel <ocfs2-devel@oss.oracle.com>
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
Alexander Aring <aahringo@redhat.com>
dlm: fix missing lkb refcount handling
Alexander Aring <aahringo@redhat.com>
dlm: fix plock invalid read
Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
mm, compaction: fast_find_migrateblock() should return pfn in the target zone
Johan Hovold <johan+linaro@kernel.org>
PCI: qcom: Fix unbalanced PHY init on probe errors
Johan Hovold <johan+linaro@kernel.org>
PCI: qcom: Fix runtime PM imbalance on probe errors
Bjorn Helgaas <bhelgaas@google.com>
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
tracing: Fix potential double free in create_var_ref()
Sakari Ailus <sakari.ailus@linux.intel.com>
ACPI: property: Release subnode properties with data nodes
Jan Kara <jack@suse.cz>
ext4: avoid cycles in directory h-tree
Jan Kara <jack@suse.cz>
ext4: verify dir block before splitting it
Ye Bin <yebin10@huawei.com>
ext4: fix bug_on in ext4_writepages
Ye Bin <yebin10@huawei.com>
ext4: fix warning in ext4_handle_inode_extension
Ye Bin <yebin10@huawei.com>
ext4: fix use-after-free in ext4_rename_dir_prepare
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: disallow non-stateful expression in sets earlier
Jan Kara <jack@suse.cz>
bfq: Track whether bfq_group is still online
Jan Kara <jack@suse.cz>
bfq: Update cgroup information before merging bio
Jan Kara <jack@suse.cz>
bfq: Split shared queues on move between cgroups
Aditya Garg <gargaditya08@live.com>
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Zhihao Cheng <chengzhihao1@huawei.com>
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: fix assert 1F04 upon reconfig
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: fix use-after-free in chanctx code
Chao Yu <chao@kernel.org>
f2fs: fix fallocate to use file_modified to update permissions consistently
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: don't need inode lock for system hidden quota
Chao Yu <chao@kernel.org>
f2fs: fix deadloop in foreground GC
Chao Yu <chao@kernel.org>
f2fs: fix to clear dirty inode in f2fs_evict_inode()
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
Chao Yu <chao@kernel.org>
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
Zhengjun Xing <zhengjun.xing@linux.intel.com>
perf jevents: Fix event syntax error caused by ExtSel
Leo Yan <leo.yan@linaro.org>
perf c2c: Use stdio interface if slang is not supported
Joerg Roedel <jroedel@suse.de>
iommu/amd: Increase timeout waiting for GA log enablement
Amelie Delaunay <amelie.delaunay@foss.st.com>
dmaengine: stm32-mdma: remove GISR1 register
Miaoqian Lin <linmq006@gmail.com>
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Don't report errors from nfs_pageio_complete() more than once
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Do not report flush errors in nfs_write_end()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Do not report EINTR/ERESTARTSYS as mapping errors
Nathan Chancellor <nathan@kernel.org>
i2c: at91: Initialize dma_buf in at91_twi_xfer()
Michael Walle <michael@walle.cc>
i2c: at91: use dma safe buffers
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek: Add list_del in mtk_iommu_remove
Jakob Koschel <jakobkoschel@gmail.com>
f2fs: fix dereference of stale list iterator after loop body
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Input: stmfts - do not leave device disabled in stmfts_input_open
Douglas Miller <doug.miller@cornelisnetworks.com>
RDMA/hfi1: Prevent use of lock before it is initialized
Björn Ardö <bjorn.ardo@axis.com>
mailbox: forward the hrtimer if not queued and under a lock
Yang Yingliang <yangyingliang@huawei.com>
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
Miaoqian Lin <linmq006@gmail.com>
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
Randy Dunlap <rdunlap@infradead.org>
macintosh: via-pmu and via-cuda need RTC_LIB
Kajol Jain <kjain@linux.ibm.com>
powerpc/perf: Fix the threshold compare group constraint for power9
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64: Only WARN if __pa()/__va() called with bad addresses
Miaoqian Lin <linmq006@gmail.com>
Input: sparcspkr - fix refcount leak in bbc_beep_probe
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
crypto: cryptd - Protect per-CPU resource by disabling BH.
Qi Zheng <zhengqi.arch@bytedance.com>
tty: fix deadlock caused by calling printk() under tty_port->lock
Francesco Dolcini <francesco.dolcini@toradex.com>
PCI: imx6: Fix PERST# start-up sequence
Waiman Long <longman@redhat.com>
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
Alexey Dobriyan <adobriyan@gmail.com>
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
Randy Dunlap <rdunlap@infradead.org>
powerpc/4xx/cpm: Fix return value of __setup() handler
Randy Dunlap <rdunlap@infradead.org>
powerpc/idle: Fix return value of __setup() handler
Randy Dunlap <rdunlap@infradead.org>
powerpc/8xx: export 'cpm_setbrg' for modules
Muchun Song <songmuchun@bytedance.com>
dax: fix cache flush on PMD-mapped pages
Miaohe Lin <linmiaohe@huawei.com>
drivers/base/node.c: fix compaction sysfs file leak
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
Dan Williams <dan.j.williams@intel.com>
nvdimm: Allow overwrite in the presence of disabled dimms
Cristian Marussi <cristian.marussi@arm.com>
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
Gustavo A. R. Silva <gustavoars@kernel.org>
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
Lv Ruyi <lv.ruyi@zte.com.cn>
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: fix PT_LOAD segment for boot memory area
Chuanhong Guo <gch981213@gmail.com>
arm: mediatek: select arch timer for mt7629
Corentin Labbe <clabbe@baylibre.com>
crypto: marvell/cesa - ECB does not IV
Hangyu Hua <hbh25y@gmail.com>
misc: ocxl: fix possible double free in ocxl_file_register_afu
Stefan Wahren <stefan.wahren@i2se.com>
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
Marc Kleine-Budde <mkl@pengutronix.de>
can: xilinx_can: mark bit timing constants as const
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
Dan Carpenter <dan.carpenter@oracle.com>
PCI: rockchip: Fix find_first_zero_bit() limit
Dan Carpenter <dan.carpenter@oracle.com>
PCI: cadence: Fix find_first_zero_bit() limit
Miaoqian Lin <linmq006@gmail.com>
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
Miaoqian Lin <linmq006@gmail.com>
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
Andre Przywara <andre.przywara@arm.com>
ARM: dts: suniv: F1C100: fix watchdog compatible
Shawn Lin <shawn.lin@rock-chips.com>
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
liuyacan <liuyacan@corp.netease.com>
net/smc: postpone sk_refcnt increment in connect()
David Howells <dhowells@redhat.com>
rxrpc: Fix decision on when to generate an IDLE ACK
David Howells <dhowells@redhat.com>
rxrpc: Don't let ack.previousPacket regress
David Howells <dhowells@redhat.com>
rxrpc: Fix overlapping ACK accounting
David Howells <dhowells@redhat.com>
rxrpc: Don't try to resend the request if we're receiving the reply
David Howells <dhowells@redhat.com>
rxrpc: Fix listen() setting the bar too high for the prealloc rings
Duoming Zhou <duoming@zju.edu.cn>
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
Yang Yingliang <yangyingliang@huawei.com>
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
Zheng Yongjun <zhengyongjun3@huawei.com>
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
Hangyu Hua <hbh25y@gmail.com>
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
Miaoqian Lin <linmq006@gmail.com>
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
Eric Biggers <ebiggers@google.com>
ext4: reject the 'commit' option on ext2 filesystems
Dongliang Mu <mudongliangabcd@gmail.com>
media: ov7670: remove ov7670_power_off from ov7670_remove
Eric Dumazet <edumazet@google.com>
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
Geert Uytterhoeven <geert@linux-m68k.org>
m68k: math-emu: Fix dependencies of math emulation support
Ying Hsu <yinghsu@chromium.org>
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
Michael Rodin <mrodin@de.adit-jv.com>
media: vsp1: Fix offset calculation for plane cropping
Pavel Skripkin <paskripkin@gmail.com>
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
Miaoqian Lin <linmq006@gmail.com>
media: exynos4-is: Change clk_disable to clk_disable_unprepare
Miaoqian Lin <linmq006@gmail.com>
media: st-delta: Fix PM disable depth imbalance in delta_probe
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: aspeed: Fix an error handling path in aspeed_video_probe()
Josh Poimboeuf <jpoimboe@kernel.org>
scripts/faddr2line: Fix overlapping text section failures
Miaoqian Lin <linmq006@gmail.com>
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
Miaoqian Lin <linmq006@gmail.com>
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
Ravi Bangoria <ravi.bangoria@amd.com>
perf/amd/ibs: Use interrupt regs ip for stack unwinding
Viresh Kumar <viresh.kumar@linaro.org>
Revert "cpufreq: Fix possible race in cpufreq online error path"
Andreas Gruenbacher <agruenba@redhat.com>
iomap: iomap_write_failed fix
Xiaomeng Tong <xiam0nd.tong@gmail.com>
media: uvcvideo: Fix missing check to determine if element is found in list
Dan Carpenter <dan.carpenter@oracle.com>
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
Jessica Zhang <quic_jesszhan@quicinc.com>
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
Jessica Zhang <quic_jesszhan@quicinc.com>
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
Zev Weiss <zev@bewilderbeest.net>
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
Randy Dunlap <rdunlap@infradead.org>
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
Daniel Thompson <daniel.thompson@linaro.org>
irqchip/exiu: Fix acknowledgment of edge triggered interrupts
Randy Dunlap <rdunlap@infradead.org>
x86: Fix return value of __setup handlers
Christoph Hellwig <hch@lst.de>
virtio_blk: fix the discard_granularity and discard_alignment queue limits
Yang Yingliang <yangyingliang@huawei.com>
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
Lv Ruyi <lv.ruyi@zte.com.cn>
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
Yang Yingliang <yangyingliang@huawei.com>
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dsi: fix error checks and return values for DSI xmit functions
Vinod Polimera <quic_vpolimer@quicinc.com>
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
Yang Jihong <yangjihong1@huawei.com>
perf tools: Add missing headers needed by util/data.h
Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
ASoC: rk3328: fix disabling mclk on pclk probe failure
Josh Poimboeuf <jpoimboe@redhat.com>
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
Matthieu Baerts <matthieu.baerts@tessares.net>
x86/pm: Fix false positive kmemleak report in msr_build_context()
Kiwoong Kim <kwmad.kim@samsung.com>
scsi: ufs: core: Exclude UECxx from SFR dump list
Nuno Sá <nuno.sa@analog.com>
of: overlay: do not break notify on NOTIFY_{OK|STOP}
Amir Goldstein <amir73il@gmail.com>
fsnotify: fix wrong lockdep annotations
Amir Goldstein <amir73il@gmail.com>
inotify: show inotify mask flags in proc fdinfo
Dan Carpenter <dan.carpenter@oracle.com>
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
Schspa Shi <schspa@gmail.com>
cpufreq: Fix possible race in cpufreq online error path
Zheng Yongjun <zhengyongjun3@huawei.com>
spi: img-spfi: Fix pm_runtime_get_sync() error checking
Chengming Zhou <zhouchengming@bytedance.com>
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
Miaoqian Lin <linmq006@gmail.com>
drm/bridge: Fix error handling in analogix_dp_probe
Miaoqian Lin <linmq006@gmail.com>
HID: elan: Fix potential double free in elan_input_configured
Jonathan Teh <jonathan.teh@outlook.com>
HID: hid-led: fix maximum brightness for Dream Cheeky
Arnd Bergmann <arnd@arndb.de>
drbd: fix duplicate array initializer
Jan Kiszka <jan.kiszka@siemens.com>
efi: Add missing prototype for efi_capsule_setup_info
Lin Ma <linma@zju.edu.cn>
NFC: NULL out the dev->rfkill to prevent UAF
Miaoqian Lin <linmq006@gmail.com>
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
Jiasheng Jiang <jiasheng@iscas.ac.cn>
drm: mali-dp: potential dereference of null pointer
Zhou Qingyang <zhou1615@umn.edu>
drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
Johannes Berg <johannes.berg@intel.com>
nl80211: show SSID for P2P_GO interfaces
Yuntao Wang <ytcoode@gmail.com>
bpf: Fix excessive memory allocation in stack_map_alloc()
Maxime Ripard <maxime@cerno.tech>
drm/vc4: txp: Force alpha to be 0xff if it's disabled
Maxime Ripard <maxime@cerno.tech>
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
Miles Chen <miles.chen@mediatek.com>
drm/mediatek: Fix mtk_cec_mask()
Ammar Faizi <ammarfaizi2@gnuweeb.org>
x86/delay: Fix the wrong asm constraint in delay_loop()
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
Lucas Stach <l.stach@pengutronix.de>
drm/bridge: adv7511: clean up CEC adapter when probe fails
Jani Nikula <jani.nikula@intel.com>
drm/edid: fix invalid EDID extension block filtering
Wenli Looi <wlooi@ucalgary.ca>
ath9k: fix ar9003_get_eepmisc
Linus Torvalds <torvalds@linux-foundation.org>
drm: fix EDID struct for old ARM OABI format
Douglas Miller <doug.miller@cornelisnetworks.com>
RDMA/hfi1: Prevent panic when SDMA is disabled
Peng Wu <wupeng58@huawei.com>
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
Finn Thain <fthain@linux-m68k.org>
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
Lv Ruyi <lv.ruyi@zte.com.cn>
powerpc/powernv: fix missing of_node_put in uv_init()
Lv Ruyi <lv.ruyi@zte.com.cn>
powerpc/xics: fix refcount leak in icp_opal_init()
Vasily Averin <vvs@openvz.org>
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
Yicong Yang <yangyicong@hisilicon.com>
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
Peng Wu <wupeng58@huawei.com>
ARM: hisi: Add missing of_node_put after of_find_compatible_node
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
Peng Wu <wupeng58@huawei.com>
ARM: versatile: Add missing of_node_put in dcscb_init
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
fat: add ratelimit to fat*_ent_bread()
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: Fix fadump to work with a different endian capture kernel
Janusz Krzysztofik <jmkrzyszt@gmail.com>
ARM: OMAP1: clock: Fix UART rate reporting algorithm
Zixuan Fu <r33s3n6@gmail.com>
fs: jfs: fix possible NULL pointer dereference in dbFree()
Brian Norris <briannorris@chromium.org>
PM / devfreq: rk3399_dmc: Disable edev on remove()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: ox820: align interrupt controller node name with dtschema
Niels Dossche <dossche.niels@gmail.com>
IB/rdmavt: add missing locks in rvt_ruc_loopback
Yonghong Song <yhs@fb.com>
selftests/bpf: fix btf_dump/btf_dump due to recent clang change
Jakub Kicinski <kuba@kernel.org>
eth: tg3: silence the GCC 12 array-bounds warning
David Howells <dhowells@redhat.com>
rxrpc: Return an error to sendmsg if call failed
Guenter Roeck <linux@roeck-us.net>
hwmon: Make chip parameter for with_info API mandatory
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: max98357a: remove dependency on GPIOLIB
Kwanghoon Son <k.son@samsung.com>
media: exynos4-is: Fix compile warning
Fabio Estevam <festevam@denx.de>
net: phy: micrel: Allow probing without .driver_data
Xie Yongji <xieyongji@bytedance.com>
nbd: Fix hung on disconnect request if socket is closed before
Lin Ma <linma@zju.edu.cn>
ASoC: rt5645: Fix errorenous cleanup order
Smith, Kyle Miller (Nimble Kernel) <kyles@hpe.com>
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
Jason A. Donenfeld <Jason@zx2c4.com>
openrisc: start CPU timer early in boot
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: cec-adap.c: fix is_configuring state
Philipp Zabel <p.zabel@pengutronix.de>
media: coda: limit frame interval enumeration to supported encoder frame sizes
Dongliang Mu <mudongliangabcd@gmail.com>
rtlwifi: Use pr_warn instead of WARN_ONCE
Corey Minyard <cminyard@mvista.com>
ipmi: Fix pr_fmt to avoid compilation issues
Corey Minyard <cminyard@mvista.com>
ipmi:ssif: Check for NULL msg when handling events and messages
Mario Limonciello <mario.limonciello@amd.com>
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
Mikulas Patocka <mpatocka@redhat.com>
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
Patrice Chotard <patrice.chotard@foss.st.com>
spi: stm32-qspi: Fix wait_cmd timeout in APM mode
Heiko Carstens <hca@linux.ibm.com>
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
Dongliang Mu <mudongliangabcd@gmail.com>
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
Alice Wong <shiwei.wong@amd.com>
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
Petr Machata <petrm@nvidia.com>
mlxsw: spectrum_dcb: Do not warn about priority changes
Mark Brown <broonie@kernel.org>
ASoC: dapm: Don't fold register value changes into notifications
Mark Bloch <mbloch@nvidia.com>
net/mlx5: fs, delete the FTE when there are no rules attached to it
jianghaoran <jianghaoran@kylinos.cn>
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
Lv Ruyi <lv.ruyi@zte.com.cn>
drm: msm: fix error check return value of irq_of_parse_and_map()
Alexandru Elisei <alexandru.elisei@arm.com>
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
Evan Quan <evan.quan@amd.com>
drm/amd/pm: fix the compile warning
Steven Price <steven.price@arm.com>
drm/plane: Move range check for format_count earlier
Lv Ruyi <lv.ruyi@zte.com.cn>
scsi: megaraid: Fix error check return value of register_chrdev()
Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
mmc: jz4740: Apply DMA engine limits to maximum segment size
Heming Zhao <heming.zhao@suse.com>
md/bitmap: don't set sb values if can't pass sanity check
Zheyu Ma <zheyuma97@gmail.com>
media: cx25821: Fix the warning when removing the module
Zheyu Ma <zheyuma97@gmail.com>
media: pci: cx23885: Fix the error handling in cx23885_initdev()
Luca Weiss <luca.weiss@fairphone.com>
media: venus: hfi: avoid null dereference in deinit
Thibaut VARÈNE <hacks+kernel@slashdirt.org>
ath9k: fix QCA9561 PA bias level
Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
drm/amd/pm: fix double free in si_parse_power_table()
Len Brown <len.brown@intel.com>
tools/power turbostat: fix ICX DRAM power numbers
Biju Das <biju.das.jz@bp.renesas.com>
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ALSA: jack: Access input_dev under mutex
Liviu Dudau <liviu.dudau@arm.com>
drm/komeda: return early if drm_universal_plane_init() fails.
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
ACPICA: Avoid cache flush inside virtual machines
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: Consistently protect deferred_takeover with console_lock()
Niels Dossche <dossche.niels@gmail.com>
ipv6: fix locking issues with loops over idev->addr_list
Haowen Bai <baihaowen@meizu.com>
ipw2x00: Fix potential NULL dereference in libipw_xmit()
Haowen Bai <baihaowen@meizu.com>
b43: Fix assigning negative value to unsigned variable
Haowen Bai <baihaowen@meizu.com>
b43legacy: Fix assigning negative value to unsigned variable
Niels Dossche <dossche.niels@gmail.com>
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
Liu Zixian <liuzixian4@huawei.com>
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
Qu Wenruo <wqu@suse.com>
btrfs: repair super block num_devices automatically
Qu Wenruo <wqu@suse.com>
btrfs: add "0x" prefix for unsupported optional features
Eric W. Biederman <ebiederm@xmission.com>
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
Eric W. Biederman <ebiederm@xmission.com>
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
Eric W. Biederman <ebiederm@xmission.com>
ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Fix event constraints for ICL
Kishon Vijay Abraham I <kishon@ti.com>
usb: core: hcd: Add support for deferring roothub registration
Monish Kumar R <monish.kumar.r@intel.com>
USB: new quirk for Dell Gen 2 devices
Carl Yin(殷张成) <carl.yin@quectel.com>
USB: serial: option: add Quectel BG95 modem
Marios Levogiannis <marios.levogiannis@gmail.com>
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
Niklas Cassel <niklas.cassel@wdc.com>
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
-------------
Diffstat:
Documentation/ABI/testing/sysfs-ata | 11 +-
Documentation/conf.py | 2 +-
.../devicetree/bindings/gpio/gpio-altera.txt | 5 +-
Documentation/hwmon/hwmon-kernel-api.rst | 2 +-
Makefile | 4 +-
arch/arm/boot/dts/bcm2835-rpi-b.dts | 13 +-
arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 22 +--
arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts | 2 +-
arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 4 +-
arch/arm/boot/dts/exynos5250-smdk5250.dts | 4 +-
arch/arm/boot/dts/ox820.dtsi | 2 +-
arch/arm/boot/dts/suniv-f1c100s.dtsi | 4 +-
arch/arm/mach-hisi/platsmp.c | 4 +
arch/arm/mach-mediatek/Kconfig | 1 +
arch/arm/mach-omap1/clock.c | 2 +-
arch/arm/mach-pxa/cm-x300.c | 8 +-
arch/arm/mach-pxa/magician.c | 2 +-
arch/arm/mach-pxa/tosa.c | 4 +-
arch/arm/mach-vexpress/dcscb.c | 1 +
arch/arm64/Kconfig.platforms | 1 +
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 2 +-
arch/arm64/kernel/sys_compat.c | 2 +-
arch/arm64/net/bpf_jit_comp.c | 1 +
arch/m68k/Kconfig.cpu | 2 +-
arch/m68k/Kconfig.machine | 1 +
arch/m68k/include/asm/pgtable_no.h | 3 +-
.../include/asm/mach-ip27/cpu-feature-overrides.h | 1 -
arch/mips/kernel/mips-cpc.c | 1 +
arch/openrisc/include/asm/timex.h | 1 +
arch/openrisc/kernel/head.S | 9 ++
arch/powerpc/include/asm/page.h | 7 +-
arch/powerpc/kernel/fadump.c | 8 +-
arch/powerpc/kernel/idle.c | 2 +-
arch/powerpc/kernel/ptrace.c | 21 ++-
arch/powerpc/perf/isa207-common.c | 3 +-
arch/powerpc/platforms/4xx/cpm.c | 2 +-
arch/powerpc/platforms/8xx/cpm1.c | 1 +
arch/powerpc/platforms/powernv/opal-fadump.c | 94 +++++++------
arch/powerpc/platforms/powernv/opal-fadump.h | 10 +-
arch/powerpc/platforms/powernv/ultravisor.c | 1 +
arch/powerpc/sysdev/dart_iommu.c | 6 +-
arch/powerpc/sysdev/fsl_rio.c | 2 +
arch/powerpc/sysdev/xics/icp-opal.c | 1 +
arch/s390/crypto/aes_s390.c | 4 +-
arch/s390/include/asm/preempt.h | 15 ++-
arch/s390/mm/gmap.c | 14 ++
arch/um/drivers/chan_user.c | 9 +-
arch/um/include/asm/thread_info.h | 2 +
arch/um/kernel/exec.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/um/kernel/ptrace.c | 8 +-
arch/um/kernel/signal.c | 4 +-
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/events/amd/ibs.c | 18 +++
arch/x86/events/intel/core.c | 2 +-
arch/x86/include/asm/acenv.h | 14 +-
arch/x86/include/asm/cpufeature.h | 2 +-
arch/x86/include/asm/suspend_32.h | 2 +-
arch/x86/include/asm/suspend_64.h | 12 +-
arch/x86/kernel/apic/apic.c | 2 +-
arch/x86/kernel/cpu/intel.c | 2 +-
arch/x86/kernel/step.c | 3 +-
arch/x86/kernel/sys_x86_64.c | 7 +-
arch/x86/kvm/vmx/nested.c | 15 ++-
arch/x86/lib/delay.c | 4 +-
arch/x86/mm/pat.c | 2 +-
arch/x86/um/ldt.c | 6 +-
arch/xtensa/kernel/ptrace.c | 4 +-
arch/xtensa/kernel/signal.c | 4 +-
block/bfq-cgroup.c | 111 +++++++++------
block/bfq-iosched.c | 46 ++++---
block/bfq-iosched.h | 6 +-
block/bio.c | 2 +-
block/blk-iolatency.c | 122 +++++++++--------
crypto/cryptd.c | 23 ++--
drivers/acpi/property.c | 18 ++-
drivers/acpi/sleep.c | 12 ++
drivers/ata/libata-transport.c | 2 +-
drivers/ata/pata_octeon_cf.c | 3 +
drivers/base/bus.c | 4 +-
drivers/base/dd.c | 5 +-
drivers/base/node.c | 1 +
drivers/block/drbd/drbd_main.c | 11 +-
drivers/block/nbd.c | 50 ++++---
drivers/block/virtio_blk.c | 7 +-
drivers/bus/ti-sysc.c | 4 +-
drivers/char/ipmi/ipmi_msghandler.c | 4 +-
drivers/char/ipmi/ipmi_ssif.c | 23 ++++
drivers/clocksource/timer-oxnas-rps.c | 2 +-
drivers/clocksource/timer-riscv.c | 2 +-
drivers/clocksource/timer-sp804.c | 10 +-
drivers/crypto/marvell/cipher.c | 1 -
drivers/devfreq/rk3399_dmc.c | 2 +
drivers/dma/stm32-mdma.c | 21 +--
drivers/dma/xilinx/zynqmp_dma.c | 5 +-
drivers/extcon/extcon.c | 29 ++--
drivers/firmware/arm_scmi/base.c | 2 +-
drivers/firmware/dmi-sysfs.c | 2 +-
drivers/firmware/stratix10-svc.c | 12 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +-
drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 14 +-
drivers/gpu/drm/amd/amdgpu/si_dpm.c | 8 +-
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 10 +-
drivers/gpu/drm/arm/malidp_crtc.c | 5 +-
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 1 +
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 31 ++++-
drivers/gpu/drm/drm_edid.c | 6 +-
drivers/gpu/drm/drm_plane.c | 14 +-
drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 6 +
drivers/gpu/drm/gma500/psb_intel_display.c | 7 +-
drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +-
drivers/gpu/drm/mediatek/mtk_cec.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 +
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 14 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 6 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c | 15 ++-
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h | 4 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 15 ++-
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h | 2 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 20 ++-
drivers/gpu/drm/msm/dsi/dsi_host.c | 21 ++-
drivers/gpu/drm/msm/hdmi/hdmi.c | 10 +-
drivers/gpu/drm/msm/msm_gem_prime.c | 2 +-
drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 +-
drivers/gpu/drm/radeon/radeon_connectors.c | 4 +
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 2 +-
drivers/gpu/drm/tilcdc/tilcdc_external.c | 8 +-
drivers/gpu/drm/vc4/vc4_txp.c | 8 +-
drivers/gpu/drm/virtio/virtgpu_display.c | 2 +
drivers/hid/hid-bigbenff.c | 6 +
drivers/hid/hid-elan.c | 2 -
drivers/hid/hid-led.c | 2 +-
drivers/hwmon/hwmon.c | 16 +--
drivers/hwtracing/coresight/coresight-cpu-debug.c | 7 +-
drivers/i2c/busses/i2c-at91-master.c | 11 ++
drivers/i2c/busses/i2c-cadence.c | 12 +-
drivers/iio/adc/ad7124.c | 1 -
drivers/iio/adc/sc27xx_adc.c | 20 +--
drivers/iio/adc/stmpe-adc.c | 8 +-
drivers/iio/common/st_sensors/st_sensors_core.c | 24 +++-
drivers/iio/dummy/iio_simple_dummy.c | 20 +--
drivers/infiniband/hw/hfi1/file_ops.c | 2 +
drivers/infiniband/hw/hfi1/init.c | 2 +-
drivers/infiniband/hw/hfi1/sdma.c | 12 +-
drivers/infiniband/sw/rdmavt/qp.c | 6 +-
drivers/infiniband/sw/rxe/rxe_req.c | 2 +-
drivers/input/misc/sparcspkr.c | 1 +
drivers/input/mouse/bcm5974.c | 7 +-
drivers/input/touchscreen/stmfts.c | 16 +--
drivers/iommu/amd_iommu_init.c | 2 +-
drivers/iommu/msm_iommu.c | 11 +-
drivers/iommu/mtk_iommu.c | 3 +-
drivers/irqchip/irq-armada-370-xp.c | 11 +-
drivers/irqchip/irq-aspeed-i2c-ic.c | 4 +-
drivers/irqchip/irq-sni-exiu.c | 25 +++-
drivers/irqchip/irq-xtensa-mx.c | 18 ++-
drivers/macintosh/Kconfig | 6 +
drivers/macintosh/Makefile | 3 +-
drivers/macintosh/via-pmu.c | 2 +-
drivers/mailbox/mailbox.c | 19 ++-
drivers/md/bcache/request.c | 6 +
drivers/md/md-bitmap.c | 44 +++---
drivers/md/md.c | 33 +++--
drivers/md/raid0.c | 31 ++---
drivers/media/cec/cec-adap.c | 6 +-
drivers/media/i2c/ov7670.c | 1 -
drivers/media/pci/cx23885/cx23885-core.c | 6 +-
drivers/media/pci/cx25821/cx25821-core.c | 2 +-
drivers/media/platform/aspeed-video.c | 4 +-
drivers/media/platform/coda/coda-common.c | 35 +++--
drivers/media/platform/exynos4-is/fimc-is.c | 2 +-
drivers/media/platform/exynos4-is/fimc-isp-video.h | 2 +-
drivers/media/platform/qcom/venus/hfi.c | 3 +
drivers/media/platform/sti/delta/delta-v4l2.c | 6 +-
drivers/media/platform/vsp1/vsp1_rpf.c | 6 +-
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 7 +-
drivers/media/usb/uvc/uvc_v4l2.c | 20 +--
drivers/mfd/davinci_voicecodec.c | 6 +-
drivers/mfd/ipaq-micro.c | 2 +-
drivers/misc/cardreader/rtsx_usb.c | 1 +
drivers/misc/lkdtm/usercopy.c | 17 ++-
drivers/misc/ocxl/file.c | 2 +
drivers/mmc/core/block.c | 3 +-
drivers/mmc/host/jz4740_mmc.c | 20 +++
drivers/mtd/chips/cfi_cmdset_0002.c | 103 +++++++-------
drivers/mtd/ubi/vmt.c | 1 -
drivers/net/can/xilinx_can.c | 4 +-
drivers/net/dsa/lantiq_gswip.c | 4 +-
drivers/net/dsa/mv88e6xxx/chip.c | 1 +
drivers/net/ethernet/altera/altera_tse_main.c | 6 +-
drivers/net/ethernet/broadcom/Makefile | 5 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +-
.../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 7 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 +
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 45 +++++--
.../ethernet/mellanox/mlx5/core/steering/fs_dr.c | 9 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | 13 --
.../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 4 +-
drivers/net/phy/mdio_bus.c | 1 -
drivers/net/phy/micrel.c | 11 +-
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c | 2 +-
drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 8 ++
drivers/net/wireless/ath/carl9170/tx.c | 3 +
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
drivers/net/wireless/broadcom/b43legacy/phy.c | 2 +-
drivers/net/wireless/intel/ipw2x00/libipw_tx.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/power.c | 3 +
drivers/net/wireless/marvell/mwifiex/11h.c | 2 +
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 8 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +-
drivers/nfc/st21nfca/se.c | 32 ++++-
drivers/nfc/st21nfca/st21nfca.h | 1 +
drivers/nvdimm/security.c | 5 -
drivers/nvme/host/pci.c | 1 +
drivers/of/overlay.c | 4 +-
drivers/pci/controller/dwc/pci-imx6.c | 23 ++--
drivers/pci/controller/dwc/pcie-qcom.c | 9 +-
drivers/pci/controller/pcie-cadence-ep.c | 3 +-
drivers/pci/controller/pcie-rockchip-ep.c | 3 +-
drivers/pci/pci.c | 12 +-
drivers/pcmcia/Kconfig | 2 +-
drivers/phy/qualcomm/phy-qcom-qmp.c | 13 +-
drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 2 +-
drivers/pwm/pwm-lp3943.c | 1 +
drivers/regulator/core.c | 7 +-
drivers/regulator/pfuze100-regulator.c | 2 +
drivers/rpmsg/qcom_smd.c | 4 +-
drivers/rtc/rtc-mt6397.c | 2 +
drivers/scsi/dc395x.c | 15 ++-
drivers/scsi/fcoe/fcoe_ctlr.c | 2 +-
drivers/scsi/megaraid.c | 2 +-
drivers/scsi/myrb.c | 11 +-
drivers/scsi/ufs/ufs-qcom.c | 7 +-
drivers/scsi/ufs/ufshcd.c | 7 +-
drivers/soc/qcom/smp2p.c | 1 +
drivers/soc/qcom/smsm.c | 1 +
drivers/soc/rockchip/grf.c | 2 +
drivers/spi/spi-img-spfi.c | 2 +-
drivers/spi/spi-rspi.c | 15 +--
drivers/spi/spi-stm32-qspi.c | 3 +-
drivers/spi/spi-ti-qspi.c | 5 +-
drivers/staging/fieldbus/anybuss/host.c | 2 +-
drivers/staging/greybus/audio_codec.c | 4 +-
drivers/staging/rtl8192e/rtllib_softmac.c | 2 +-
.../staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +-
drivers/staging/rtl8712/usb_intf.c | 6 +-
drivers/staging/rtl8712/usb_ops.c | 27 ++--
drivers/thermal/broadcom/sr-thermal.c | 3 +
drivers/tty/goldfish.c | 2 +
drivers/tty/serial/8250/8250_fintek.c | 8 +-
drivers/tty/serial/digicolor-usart.c | 2 +
drivers/tty/serial/fsl_lpuart.c | 24 +---
drivers/tty/serial/icom.c | 2 +-
drivers/tty/serial/meson_uart.c | 13 ++
drivers/tty/serial/msm_serial.c | 5 +
drivers/tty/serial/owl-uart.c | 1 +
drivers/tty/serial/pch_uart.c | 27 +---
drivers/tty/serial/rda-uart.c | 2 +
drivers/tty/serial/sa1100.c | 4 +-
drivers/tty/serial/serial_txx9.c | 2 +
drivers/tty/serial/sh-sci.c | 6 +-
drivers/tty/serial/sifive.c | 8 +-
drivers/tty/serial/st-asc.c | 4 +
drivers/tty/serial/stm32-usart.c | 15 ++-
drivers/tty/synclink_gt.c | 2 +
drivers/tty/tty_buffer.c | 3 +-
drivers/usb/core/hcd-pci.c | 4 +-
drivers/usb/core/hcd.c | 29 +++-
drivers/usb/core/quirks.c | 3 +
drivers/usb/dwc2/gadget.c | 1 -
drivers/usb/dwc3/dwc3-pci.c | 2 +-
drivers/usb/host/isp116x-hcd.c | 6 +-
drivers/usb/host/oxu210hp-hcd.c | 2 +
drivers/usb/musb/omap2430.c | 1 +
drivers/usb/serial/option.c | 2 +
drivers/usb/storage/karma.c | 15 ++-
drivers/usb/usbip/stub_dev.c | 2 +-
drivers/usb/usbip/stub_rx.c | 2 +
drivers/vhost/vringh.c | 10 +-
drivers/video/fbdev/amba-clcd.c | 5 +-
drivers/video/fbdev/core/fbcon.c | 5 +-
drivers/video/fbdev/pxa3xx-gcu.c | 12 +-
drivers/watchdog/ts4800_wdt.c | 5 +-
drivers/watchdog/wdat_wdt.c | 1 +
drivers/xen/xlate_mmu.c | 1 -
fs/afs/dir.c | 5 +-
fs/binfmt_flat.c | 27 +++-
fs/btrfs/disk-io.c | 4 +-
fs/btrfs/volumes.c | 8 +-
fs/ceph/xattr.c | 10 +-
fs/cifs/cifsglob.h | 4 +-
fs/cifs/smb2ops.c | 7 +-
fs/cifs/smb2pdu.c | 3 +
fs/dax.c | 3 +-
fs/dlm/lock.c | 11 +-
fs/dlm/plock.c | 12 +-
fs/ext4/inline.c | 12 ++
fs/ext4/inode.c | 4 +
fs/ext4/namei.c | 84 +++++++++---
fs/ext4/super.c | 1 +
fs/f2fs/checkpoint.c | 4 +-
fs/f2fs/f2fs.h | 14 +-
fs/f2fs/file.c | 20 ++-
fs/f2fs/inode.c | 16 ++-
fs/f2fs/segment.c | 9 +-
fs/f2fs/segment.h | 32 +++--
fs/f2fs/super.c | 6 +-
fs/fat/fatent.c | 7 +-
fs/fs-writeback.c | 13 +-
fs/iomap/buffered-io.c | 3 +-
fs/jffs2/fs.c | 1 +
fs/jfs/jfs_dmap.c | 3 +-
fs/kernfs/dir.c | 31 +++--
fs/nfs/file.c | 7 +-
fs/nfs/nfs4proc.c | 4 +
fs/nfs/pnfs.c | 2 +
fs/nfs/write.c | 11 +-
fs/notify/fdinfo.c | 11 +-
fs/notify/inotify/inotify.h | 12 ++
fs/notify/inotify/inotify_user.c | 2 +-
fs/notify/mark.c | 6 +-
fs/ocfs2/dlmfs/userdlm.c | 16 ++-
fs/proc/generic.c | 3 +
fs/proc/proc_net.c | 3 +
include/drm/drm_edid.h | 6 +-
include/linux/bpf.h | 2 +
include/linux/efi.h | 2 +
include/linux/iio/common/st_sensors.h | 3 +
include/linux/mailbox_controller.h | 1 +
include/linux/mtd/cfi.h | 1 +
include/linux/nodemask.h | 51 ++++---
include/linux/ptrace.h | 7 -
include/linux/usb/hcd.h | 2 +
include/net/if_inet6.h | 8 ++
include/net/sch_generic.h | 42 ++----
include/scsi/libfcoe.h | 3 +-
include/sound/jack.h | 1 +
include/trace/events/rxrpc.h | 2 +-
include/trace/events/vmscan.h | 4 +-
init/Kconfig | 9 ++
ipc/mqueue.c | 14 ++
kernel/bpf/stackmap.c | 1 -
kernel/dma/debug.c | 2 +-
kernel/ptrace.c | 5 +-
kernel/sched/fair.c | 8 +-
kernel/sched/pelt.h | 4 +-
kernel/sched/sched.h | 4 +-
kernel/trace/trace.c | 13 +-
kernel/trace/trace_events_hist.c | 3 +
lib/nodemask.c | 4 +-
mm/compaction.c | 2 +
mm/hugetlb.c | 9 +-
net/bluetooth/sco.c | 21 +--
net/ipv4/ip_gre.c | 11 +-
net/ipv4/tcp_output.c | 4 +-
net/ipv4/xfrm4_protocol.c | 1 -
net/ipv6/addrconf.c | 33 ++++-
net/ipv6/seg6_hmac.c | 1 -
net/key/af_key.c | 10 +-
net/mac80211/chan.c | 7 +-
net/mac80211/ieee80211_i.h | 5 +
net/mac80211/scan.c | 20 +++
net/netfilter/nf_tables_api.c | 22 ++-
net/netfilter/nft_dynset.c | 3 -
net/netfilter/nft_nat.c | 3 +-
net/nfc/core.c | 1 +
net/rxrpc/ar-internal.h | 13 +-
net/rxrpc/call_event.c | 3 +-
net/rxrpc/input.c | 31 +++--
net/rxrpc/output.c | 20 +--
net/rxrpc/recvmsg.c | 8 +-
net/rxrpc/sendmsg.c | 6 +
net/rxrpc/sysctl.c | 4 +-
net/sctp/input.c | 4 +-
net/smc/af_smc.c | 2 +-
net/sunrpc/xdr.c | 6 +-
net/sunrpc/xprtrdma/rpc_rdma.c | 5 +
net/tipc/bearer.c | 3 +-
net/unix/af_unix.c | 2 +-
net/wireless/nl80211.c | 1 +
scripts/faddr2line | 150 +++++++++++++--------
scripts/gdb/linux/config.py | 6 +-
scripts/mod/modpost.c | 5 +-
.../integrity/platform_certs/keyring_handler.h | 8 ++
security/integrity/platform_certs/load_uefi.c | 33 +++++
sound/core/jack.c | 34 ++++-
sound/pci/hda/patch_conexant.c | 7 +
sound/pci/hda/patch_realtek.c | 10 ++
sound/soc/codecs/Kconfig | 1 -
sound/soc/codecs/rk3328_codec.c | 2 +-
sound/soc/codecs/rt5514.c | 2 +-
sound/soc/codecs/rt5645.c | 7 +-
sound/soc/codecs/tscs454.c | 12 +-
sound/soc/codecs/wm2000.c | 6 +-
sound/soc/fsl/fsl_sai.h | 4 +-
sound/soc/fsl/imx-sgtl5000.c | 14 +-
sound/soc/mediatek/mt2701/mt2701-wm8960.c | 9 +-
sound/soc/mediatek/mt8173/mt8173-max98090.c | 5 +-
sound/soc/mxs/mxs-saif.c | 1 +
sound/soc/soc-dapm.c | 2 -
tools/perf/builtin-c2c.c | 10 +-
tools/perf/pmu-events/jevents.c | 2 +-
tools/perf/util/data.h | 1 +
tools/power/x86/turbostat/turbostat.c | 1 +
.../bpf/progs/btf_dump_test_case_syntax.c | 2 +-
tools/testing/selftests/netfilter/nft_nat.sh | 43 ++++++
412 files changed, 2494 insertions(+), 1313 deletions(-)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 001/411] binfmt_flat: do not stop relocating GOT entries prematurely on riscv
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 002/411] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
` (414 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal,
Kees Cook, kernel test robot
From: Niklas Cassel <niklas.cassel@wdc.com>
commit 6045ab5fea4c849153ebeb0acb532da5f29d69c4 upstream.
bFLT binaries are usually created using elf2flt.
The linker script used by elf2flt has defined the .data section like the
following for the last 19 years:
.data : {
_sdata = . ;
__data_start = . ;
data_start = . ;
*(.got.plt)
*(.got)
FILL(0) ;
. = ALIGN(0x20) ;
LONG(-1)
. = ALIGN(0x20) ;
...
}
It places the .got.plt input section before the .got input section.
The same is true for the default linker script (ld --verbose) on most
architectures except x86/x86-64.
The binfmt_flat loader should relocate all GOT entries until it encounters
a -1 (the LONG(-1) in the linker script).
The problem is that the .got.plt input section starts with a GOTPLT header
(which has size 16 bytes on elf64-riscv and 8 bytes on elf32-riscv), where
the first word is set to -1. See the binutils implementation for riscv [1].
This causes the binfmt_flat loader to stop relocating GOT entries
prematurely and thus causes the application to crash when running.
Fix this by skipping the whole GOTPLT header, since the whole GOTPLT header
is reserved for the dynamic linker.
The GOTPLT header will only be skipped for bFLT binaries with flag
FLAT_FLAG_GOTPIC set. This flag is unconditionally set by elf2flt if the
supplied ELF binary has the symbol _GLOBAL_OFFSET_TABLE_ defined.
ELF binaries without a .got input section should thus remain unaffected.
Tested on RISC-V Canaan Kendryte K210 and RISC-V QEMU nommu_virt_defconfig.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elfnn-riscv.c;hb=binutils-2_38#l3275
Cc: <stable@vger.kernel.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Link: https://lore.kernel.org/r/20220414091018.896737-1-niklas.cassel@wdc.com
Fixed-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/202204182333.OIUOotK8-lkp@intel.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/binfmt_flat.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -422,6 +422,30 @@ static void old_reloc(unsigned long rl)
/****************************************************************************/
+static inline u32 __user *skip_got_header(u32 __user *rp)
+{
+ if (IS_ENABLED(CONFIG_RISCV)) {
+ /*
+ * RISC-V has a 16 byte GOT PLT header for elf64-riscv
+ * and 8 byte GOT PLT header for elf32-riscv.
+ * Skip the whole GOT PLT header, since it is reserved
+ * for the dynamic linker (ld.so).
+ */
+ u32 rp_val0, rp_val1;
+
+ if (get_user(rp_val0, rp))
+ return rp;
+ if (get_user(rp_val1, rp + 1))
+ return rp;
+
+ if (rp_val0 == 0xffffffff && rp_val1 == 0xffffffff)
+ rp += 4;
+ else if (rp_val0 == 0xffffffff)
+ rp += 2;
+ }
+ return rp;
+}
+
static int load_flat_file(struct linux_binprm *bprm,
struct lib_info *libinfo, int id, unsigned long *extra_stack)
{
@@ -769,7 +793,8 @@ static int load_flat_file(struct linux_b
* image.
*/
if (flags & FLAT_FLAG_GOTPIC) {
- for (rp = (u32 __user *)datapos; ; rp++) {
+ rp = skip_got_header((u32 __user *) datapos);
+ for (; ; rp++) {
u32 addr, rp_val;
if (get_user(rp_val, rp))
return -EFAULT;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 002/411] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 001/411] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 003/411] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
` (413 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marios Levogiannis, Takashi Iwai
From: Marios Levogiannis <marios.levogiannis@gmail.com>
commit 9bfa7b36343c7d84370bc61c9ed774635b05e4eb upstream.
Set microphone pins 0x18 (rear) and 0x19 (front) to VREF_50 to fix the
microphone noise on ASUS TUF B550M-PLUS which uses the ALCS1200A codec.
The initial value was VREF_80.
The same issue is also present on Windows using both the default Windows
driver and all tested Realtek drivers before version 6.0.9049.1. Comparing
Realtek driver 6.0.9049.1 (the first one without the microphone noise) to
Realtek driver 6.0.9047.1 (the last one with the microphone noise)
revealed that the fix is the result of setting pins 0x18 and 0x19 to
VREF_50.
This fix may also work for other boards that have been reported to have
the same microphone issue and use the ALC1150 and ALCS1200A codecs, since
these codecs are similar and the fix in the Realtek driver on Windows is
common for both. However, it is currently enabled only for ASUS TUF
B550M-PLUS as this is the only board that could be tested.
Signed-off-by: Marios Levogiannis <marios.levogiannis@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220530074131.12258-1-marios.levogiannis@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1932,6 +1932,7 @@ enum {
ALC1220_FIXUP_CLEVO_PB51ED_PINS,
ALC887_FIXUP_ASUS_AUDIO,
ALC887_FIXUP_ASUS_HMIC,
+ ALCS1200A_FIXUP_MIC_VREF,
};
static void alc889_fixup_coef(struct hda_codec *codec,
@@ -2477,6 +2478,14 @@ static const struct hda_fixup alc882_fix
.chained = true,
.chain_id = ALC887_FIXUP_ASUS_AUDIO,
},
+ [ALCS1200A_FIXUP_MIC_VREF] = {
+ .type = HDA_FIXUP_PINCTLS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x18, PIN_VREF50 }, /* rear mic */
+ { 0x19, PIN_VREF50 }, /* front mic */
+ {}
+ }
+ },
};
static const struct snd_pci_quirk alc882_fixup_tbl[] = {
@@ -2514,6 +2523,7 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1043, 0x835f, "Asus Eee 1601", ALC888_FIXUP_EEE1601),
SND_PCI_QUIRK(0x1043, 0x84bc, "ASUS ET2700", ALC887_FIXUP_ASUS_BASS),
SND_PCI_QUIRK(0x1043, 0x8691, "ASUS ROG Ranger VIII", ALC882_FIXUP_GPIO3),
+ SND_PCI_QUIRK(0x1043, 0x8797, "ASUS TUF B550M-PLUS", ALCS1200A_FIXUP_MIC_VREF),
SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT),
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 003/411] USB: serial: option: add Quectel BG95 modem
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 001/411] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 002/411] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 004/411] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
` (412 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Carl Yin, Johan Hovold
From: Carl Yin(殷张成) <carl.yin@quectel.com>
commit 33b7af2f459df453feb0d44628d820c47fefe7a8 upstream.
The BG95 modem has 3 USB configurations that are configurable via the AT
command AT+QCFGEXT="usbnet",["ecm"|"modem"|"rmnet"] which make the modem
enumerate with the following interfaces, respectively:
"modem": Diag + GNSS + Modem + Modem
"ecm" : Diag + GNSS + Modem + ECM
"rmnet": Diag + GNSS + Modem + QMI
Don't support Full QMI messages (e.g WDS_START_NETWORK_INTERFACE)
A detailed description of the USB configuration for each mode follows:
+QCFGEXT: "usbnet","modem"
--------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 3 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+QCFGEXT: "usbnet","ecm"
------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 4 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
A: FirstIf#= 3 IfCount= 2 Cls=02(comm.) Sub=00 Prot=00
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=06 Prot=00 Driver=cdc_ether
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
I: If#= 4 Alt= 0 #EPs= 0 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
I:* If#= 4 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+QCFGEXT: "usbnet","rmnet"
--------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 4 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Carl Yin <carl.yin@quectel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1137,6 +1137,8 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM12, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, 0x0620, 0xff, 0xff, 0x30) }, /* EM160R-GL */
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, 0x0620, 0xff, 0, 0) },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, 0x0700, 0xff), /* BG95 */
+ .driver_info = RSVD(3) | ZLP },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x30) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x10),
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 004/411] USB: new quirk for Dell Gen 2 devices
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 003/411] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 005/411] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
` (411 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Monish Kumar R
From: Monish Kumar R <monish.kumar.r@intel.com>
commit 97fa5887cf283bb75ffff5f6b2c0e71794c02400 upstream.
Add USB_QUIRK_NO_LPM and USB_QUIRK_RESET_RESUME quirks for Dell usb gen
2 device to not fail during enumeration.
Found this bug on own testing
Signed-off-by: Monish Kumar R <monish.kumar.r@intel.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220520130044.17303-1-monish.kumar.r@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -511,6 +511,9 @@ static const struct usb_device_id usb_qu
/* DJI CineSSD */
{ USB_DEVICE(0x2ca3, 0x0031), .driver_info = USB_QUIRK_NO_LPM },
+ /* DELL USB GEN2 */
+ { USB_DEVICE(0x413c, 0xb062), .driver_info = USB_QUIRK_NO_LPM | USB_QUIRK_RESET_RESUME },
+
/* VCOM device */
{ USB_DEVICE(0x4296, 0x7570), .driver_info = USB_QUIRK_CONFIG_INTF_STRINGS },
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 005/411] usb: core: hcd: Add support for deferring roothub registration
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 004/411] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 006/411] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
` (410 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Chris Chiu,
Alan Stern, Kishon Vijay Abraham I
From: Kishon Vijay Abraham I <kishon@ti.com>
commit a44623d9279086c89f631201d993aa332f7c9e66 upstream.
It has been observed with certain PCIe USB cards (like Inateck connected
to AM64 EVM or J7200 EVM) that as soon as the primary roothub is
registered, port status change is handled even before xHC is running
leading to cold plug USB devices not detected. For such cases, registering
both the root hubs along with the second HCD is required. Add support for
deferring roothub registration in usb_add_hcd(), so that both primary and
secondary roothubs are registered along with the second HCD.
This patch has been added and reverted earier as it triggered a race
in usb device enumeration.
That race is now fixed in 5.16-rc3, and in stable back to 5.4
commit 6cca13de26ee ("usb: hub: Fix locking issues with address0_mutex")
commit 6ae6dc22d2d1 ("usb: hub: Fix usb enumeration issue due to address0
race")
CC: stable@vger.kernel.org # 5.4+
Suggested-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Tested-by: Chris Chiu <chris.chiu@canonical.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Link: https://lore.kernel.org/r/20220510091630.16564-2-kishon@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hcd.c | 29 +++++++++++++++++++++++------
include/linux/usb/hcd.h | 2 ++
2 files changed, 25 insertions(+), 6 deletions(-)
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -2657,6 +2657,7 @@ int usb_add_hcd(struct usb_hcd *hcd,
{
int retval;
struct usb_device *rhdev;
+ struct usb_hcd *shared_hcd;
if (!hcd->skip_phy_initialization && usb_hcd_is_primary_hcd(hcd)) {
hcd->phy_roothub = usb_phy_roothub_alloc(hcd->self.sysdev);
@@ -2813,13 +2814,26 @@ int usb_add_hcd(struct usb_hcd *hcd,
goto err_hcd_driver_start;
}
+ /* starting here, usbcore will pay attention to the shared HCD roothub */
+ shared_hcd = hcd->shared_hcd;
+ if (!usb_hcd_is_primary_hcd(hcd) && shared_hcd && HCD_DEFER_RH_REGISTER(shared_hcd)) {
+ retval = register_root_hub(shared_hcd);
+ if (retval != 0)
+ goto err_register_root_hub;
+
+ if (shared_hcd->uses_new_polling && HCD_POLL_RH(shared_hcd))
+ usb_hcd_poll_rh_status(shared_hcd);
+ }
+
/* starting here, usbcore will pay attention to this root hub */
- retval = register_root_hub(hcd);
- if (retval != 0)
- goto err_register_root_hub;
+ if (!HCD_DEFER_RH_REGISTER(hcd)) {
+ retval = register_root_hub(hcd);
+ if (retval != 0)
+ goto err_register_root_hub;
- if (hcd->uses_new_polling && HCD_POLL_RH(hcd))
- usb_hcd_poll_rh_status(hcd);
+ if (hcd->uses_new_polling && HCD_POLL_RH(hcd))
+ usb_hcd_poll_rh_status(hcd);
+ }
return retval;
@@ -2862,6 +2876,7 @@ EXPORT_SYMBOL_GPL(usb_add_hcd);
void usb_remove_hcd(struct usb_hcd *hcd)
{
struct usb_device *rhdev = hcd->self.root_hub;
+ bool rh_registered;
dev_info(hcd->self.controller, "remove, state %x\n", hcd->state);
@@ -2872,6 +2887,7 @@ void usb_remove_hcd(struct usb_hcd *hcd)
dev_dbg(hcd->self.controller, "roothub graceful disconnect\n");
spin_lock_irq (&hcd_root_hub_lock);
+ rh_registered = hcd->rh_registered;
hcd->rh_registered = 0;
spin_unlock_irq (&hcd_root_hub_lock);
@@ -2881,7 +2897,8 @@ void usb_remove_hcd(struct usb_hcd *hcd)
cancel_work_sync(&hcd->died_work);
mutex_lock(&usb_bus_idr_lock);
- usb_disconnect(&rhdev); /* Sets rhdev to NULL */
+ if (rh_registered)
+ usb_disconnect(&rhdev); /* Sets rhdev to NULL */
mutex_unlock(&usb_bus_idr_lock);
/*
--- a/include/linux/usb/hcd.h
+++ b/include/linux/usb/hcd.h
@@ -124,6 +124,7 @@ struct usb_hcd {
#define HCD_FLAG_RH_RUNNING 5 /* root hub is running? */
#define HCD_FLAG_DEAD 6 /* controller has died? */
#define HCD_FLAG_INTF_AUTHORIZED 7 /* authorize interfaces? */
+#define HCD_FLAG_DEFER_RH_REGISTER 8 /* Defer roothub registration */
/* The flags can be tested using these macros; they are likely to
* be slightly faster than test_bit().
@@ -134,6 +135,7 @@ struct usb_hcd {
#define HCD_WAKEUP_PENDING(hcd) ((hcd)->flags & (1U << HCD_FLAG_WAKEUP_PENDING))
#define HCD_RH_RUNNING(hcd) ((hcd)->flags & (1U << HCD_FLAG_RH_RUNNING))
#define HCD_DEAD(hcd) ((hcd)->flags & (1U << HCD_FLAG_DEAD))
+#define HCD_DEFER_RH_REGISTER(hcd) ((hcd)->flags & (1U << HCD_FLAG_DEFER_RH_REGISTER))
/*
* Specifies if interfaces are authorized by default
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 006/411] perf/x86/intel: Fix event constraints for ICL
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 005/411] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 007/411] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
` (409 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Ingo Molnar, Peter Zijlstra
From: Kan Liang <kan.liang@linux.intel.com>
commit 86dca369075b3e310c3c0adb0f81e513c562b5e4 upstream.
According to the latest event list, the event encoding 0x55
INST_DECODED.DECODERS and 0x56 UOPS_DECODED.DEC0 are only available on
the first 4 counters. Add them into the event constraints table.
Fixes: 6017608936c1 ("perf/x86/intel: Add Icelake support")
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220525133952.1660658-1-kan.liang@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -250,7 +250,7 @@ static struct event_constraint intel_icl
INTEL_EVENT_CONSTRAINT_RANGE(0x03, 0x0a, 0xf),
INTEL_EVENT_CONSTRAINT_RANGE(0x1f, 0x28, 0xf),
INTEL_EVENT_CONSTRAINT(0x32, 0xf), /* SW_PREFETCH_ACCESS.* */
- INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x54, 0xf),
+ INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x56, 0xf),
INTEL_EVENT_CONSTRAINT_RANGE(0x60, 0x8b, 0xf),
INTEL_UEVENT_CONSTRAINT(0x04a3, 0xff), /* CYCLE_ACTIVITY.STALLS_TOTAL */
INTEL_UEVENT_CONSTRAINT(0x10a3, 0xff), /* CYCLE_ACTIVITY.CYCLES_MEM_ANY */
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 007/411] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 006/411] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 008/411] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
` (408 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Kees Cook,
Oleg Nesterov, Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit c200e4bb44e80b343c09841e7caaaca0aac5e5fa upstream.
User mode linux is the last user of the PT_DTRACE flag. Using the flag to indicate
single stepping is a little confusing and worse changing tsk->ptrace without locking
could potentionally cause problems.
So use a thread info flag with a better name instead of flag in tsk->ptrace.
Remove the definition PT_DTRACE as uml is the last user.
Cc: stable@vger.kernel.org
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-3-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/include/asm/thread_info.h | 2 ++
arch/um/kernel/exec.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/um/kernel/ptrace.c | 8 ++++----
arch/um/kernel/signal.c | 4 ++--
include/linux/ptrace.h | 1 -
6 files changed, 10 insertions(+), 9 deletions(-)
--- a/arch/um/include/asm/thread_info.h
+++ b/arch/um/include/asm/thread_info.h
@@ -63,6 +63,7 @@ static inline struct thread_info *curren
#define TIF_RESTORE_SIGMASK 7
#define TIF_NOTIFY_RESUME 8
#define TIF_SECCOMP 9 /* secure computing */
+#define TIF_SINGLESTEP 10 /* single stepping userspace */
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
@@ -70,5 +71,6 @@ static inline struct thread_info *curren
#define _TIF_MEMDIE (1 << TIF_MEMDIE)
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
+#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP)
#endif
--- a/arch/um/kernel/exec.c
+++ b/arch/um/kernel/exec.c
@@ -44,7 +44,7 @@ void start_thread(struct pt_regs *regs,
{
PT_REGS_IP(regs) = eip;
PT_REGS_SP(regs) = esp;
- current->ptrace &= ~PT_DTRACE;
+ clear_thread_flag(TIF_SINGLESTEP);
#ifdef SUBARCH_EXECVE1
SUBARCH_EXECVE1(regs->regs);
#endif
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
@@ -380,7 +380,7 @@ int singlestepping(void * t)
{
struct task_struct *task = t ? t : current;
- if (!(task->ptrace & PT_DTRACE))
+ if (!test_thread_flag(TIF_SINGLESTEP))
return 0;
if (task->thread.singlestep_syscall)
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -12,7 +12,7 @@
void user_enable_single_step(struct task_struct *child)
{
- child->ptrace |= PT_DTRACE;
+ set_tsk_thread_flag(child, TIF_SINGLESTEP);
child->thread.singlestep_syscall = 0;
#ifdef SUBARCH_SET_SINGLESTEPPING
@@ -22,7 +22,7 @@ void user_enable_single_step(struct task
void user_disable_single_step(struct task_struct *child)
{
- child->ptrace &= ~PT_DTRACE;
+ clear_tsk_thread_flag(child, TIF_SINGLESTEP);
child->thread.singlestep_syscall = 0;
#ifdef SUBARCH_SET_SINGLESTEPPING
@@ -121,7 +121,7 @@ static void send_sigtrap(struct uml_pt_r
}
/*
- * XXX Check PT_DTRACE vs TIF_SINGLESTEP for singlestepping check and
+ * XXX Check TIF_SINGLESTEP for singlestepping check and
* PT_PTRACED vs TIF_SYSCALL_TRACE for syscall tracing check
*/
int syscall_trace_enter(struct pt_regs *regs)
@@ -145,7 +145,7 @@ void syscall_trace_leave(struct pt_regs
audit_syscall_exit(regs);
/* Fake a debug trap */
- if (ptraced & PT_DTRACE)
+ if (test_thread_flag(TIF_SINGLESTEP))
send_sigtrap(®s->regs, 0);
if (!test_thread_flag(TIF_SYSCALL_TRACE))
--- a/arch/um/kernel/signal.c
+++ b/arch/um/kernel/signal.c
@@ -53,7 +53,7 @@ static void handle_signal(struct ksignal
unsigned long sp;
int err;
- if ((current->ptrace & PT_DTRACE) && (current->ptrace & PT_PTRACED))
+ if (test_thread_flag(TIF_SINGLESTEP) && (current->ptrace & PT_PTRACED))
singlestep = 1;
/* Did we come from a system call? */
@@ -128,7 +128,7 @@ void do_signal(struct pt_regs *regs)
* on the host. The tracing thread will check this flag and
* PTRACE_SYSCALL if necessary.
*/
- if (current->ptrace & PT_DTRACE)
+ if (test_thread_flag(TIF_SINGLESTEP))
current->thread.singlestep_syscall =
is_syscall(PT_REGS_IP(¤t->thread.regs));
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -30,7 +30,6 @@ extern int ptrace_access_vm(struct task_
#define PT_SEIZED 0x00010000 /* SEIZE used, enable new behavior */
#define PT_PTRACED 0x00000001
-#define PT_DTRACE 0x00000002 /* delayed trace (used on m68k, i386) */
#define PT_OPT_FLAG_SHIFT 3
/* PT_TRACE_* event enable flags */
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 008/411] ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 007/411] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 009/411] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
` (407 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Max Filippov, Kees Cook,
Oleg Nesterov, Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit 4a3d2717d140401df7501a95e454180831a0c5af upstream.
xtensa is the last user of the PT_SINGLESTEP flag. Changing tsk->ptrace in
user_enable_single_step and user_disable_single_step without locking could
potentiallly cause problems.
So use a thread info flag instead of a flag in tsk->ptrace. Use TIF_SINGLESTEP
that xtensa already had defined but unused.
Remove the definitions of PT_SINGLESTEP and PT_BLOCKSTEP as they have no more users.
Cc: stable@vger.kernel.org
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-4-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/xtensa/kernel/ptrace.c | 4 ++--
arch/xtensa/kernel/signal.c | 4 ++--
include/linux/ptrace.h | 6 ------
3 files changed, 4 insertions(+), 10 deletions(-)
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -225,12 +225,12 @@ const struct user_regset_view *task_user
void user_enable_single_step(struct task_struct *child)
{
- child->ptrace |= PT_SINGLESTEP;
+ set_tsk_thread_flag(child, TIF_SINGLESTEP);
}
void user_disable_single_step(struct task_struct *child)
{
- child->ptrace &= ~PT_SINGLESTEP;
+ clear_tsk_thread_flag(child, TIF_SINGLESTEP);
}
/*
--- a/arch/xtensa/kernel/signal.c
+++ b/arch/xtensa/kernel/signal.c
@@ -465,7 +465,7 @@ static void do_signal(struct pt_regs *re
/* Set up the stack frame */
ret = setup_frame(&ksig, sigmask_to_save(), regs);
signal_setup_done(ret, &ksig, 0);
- if (current->ptrace & PT_SINGLESTEP)
+ if (test_thread_flag(TIF_SINGLESTEP))
task_pt_regs(current)->icountlevel = 1;
return;
@@ -491,7 +491,7 @@ static void do_signal(struct pt_regs *re
/* If there's no signal to deliver, we just restore the saved mask. */
restore_saved_sigmask();
- if (current->ptrace & PT_SINGLESTEP)
+ if (test_thread_flag(TIF_SINGLESTEP))
task_pt_regs(current)->icountlevel = 1;
return;
}
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -46,12 +46,6 @@ extern int ptrace_access_vm(struct task_
#define PT_EXITKILL (PTRACE_O_EXITKILL << PT_OPT_FLAG_SHIFT)
#define PT_SUSPEND_SECCOMP (PTRACE_O_SUSPEND_SECCOMP << PT_OPT_FLAG_SHIFT)
-/* single stepping state bits (used on ARM and PA-RISC) */
-#define PT_SINGLESTEP_BIT 31
-#define PT_SINGLESTEP (1<<PT_SINGLESTEP_BIT)
-#define PT_BLOCKSTEP_BIT 30
-#define PT_BLOCKSTEP (1<<PT_BLOCKSTEP_BIT)
-
extern long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data);
extern int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 009/411] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 008/411] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 010/411] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
` (406 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Al Viro, Kees Cook, Oleg Nesterov,
Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit 6a2d90ba027adba528509ffa27097cffd3879257 upstream.
The current implementation of PTRACE_KILL is buggy and has been for
many years as it assumes it's target has stopped in ptrace_stop. At a
quick skim it looks like this assumption has existed since ptrace
support was added in linux v1.0.
While PTRACE_KILL has been deprecated we can not remove it as
a quick search with google code search reveals many existing
programs calling it.
When the ptracee is not stopped at ptrace_stop some fields would be
set that are ignored except in ptrace_stop. Making the userspace
visible behavior of PTRACE_KILL a noop in those case.
As the usual rules are not obeyed it is not clear what the
consequences are of calling PTRACE_KILL on a running process.
Presumably userspace does not do this as it achieves nothing.
Replace the implementation of PTRACE_KILL with a simple
send_sig_info(SIGKILL) followed by a return 0. This changes the
observable user space behavior only in that PTRACE_KILL on a process
not stopped in ptrace_stop will also kill it. As that has always
been the intent of the code this seems like a reasonable change.
Cc: stable@vger.kernel.org
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-7-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/step.c | 3 +--
kernel/ptrace.c | 5 ++---
2 files changed, 3 insertions(+), 5 deletions(-)
--- a/arch/x86/kernel/step.c
+++ b/arch/x86/kernel/step.c
@@ -175,8 +175,7 @@ void set_task_blockstep(struct task_stru
*
* NOTE: this means that set/clear TIF_BLOCKSTEP is only safe if
* task is current or it can't be running, otherwise we can race
- * with __switch_to_xtra(). We rely on ptrace_freeze_traced() but
- * PTRACE_KILL is not safe.
+ * with __switch_to_xtra(). We rely on ptrace_freeze_traced().
*/
local_irq_disable();
debugctl = get_debugctlmsr();
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -1219,9 +1219,8 @@ int ptrace_request(struct task_struct *c
return ptrace_resume(child, request, data);
case PTRACE_KILL:
- if (child->exit_state) /* already dead */
- return 0;
- return ptrace_resume(child, request, SIGKILL);
+ send_sig_info(SIGKILL, SEND_SIG_NOINFO, child);
+ return 0;
#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
case PTRACE_GETREGSET:
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 010/411] btrfs: add "0x" prefix for unsupported optional features
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 009/411] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 011/411] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
` (405 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit d5321a0fa8bc49f11bea0b470800962c17d92d8f upstream.
The following error message lack the "0x" obviously:
cannot mount because of unsupported optional features (4000)
Add the prefix to make it less confusing. This can happen on older
kernels that try to mount a filesystem with newer features so it makes
sense to backport to older trees.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -2927,7 +2927,7 @@ int open_ctree(struct super_block *sb,
~BTRFS_FEATURE_INCOMPAT_SUPP;
if (features) {
btrfs_err(fs_info,
- "cannot mount because of unsupported optional features (%llx)",
+ "cannot mount because of unsupported optional features (0x%llx)",
features);
err = -EINVAL;
goto fail_csum;
@@ -2965,7 +2965,7 @@ int open_ctree(struct super_block *sb,
~BTRFS_FEATURE_COMPAT_RO_SUPP;
if (!sb_rdonly(sb) && features) {
btrfs_err(fs_info,
- "cannot mount read-write because of unsupported optional features (%llx)",
+ "cannot mount read-write because of unsupported optional features (0x%llx)",
features);
err = -EINVAL;
goto fail_csum;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 011/411] btrfs: repair super block num_devices automatically
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 010/411] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 012/411] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
` (404 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luca Béla Palkovics, Qu Wenruo,
David Sterba
From: Qu Wenruo <wqu@suse.com>
commit d201238ccd2f30b9bfcfadaeae0972e3a486a176 upstream.
[BUG]
There is a report that a btrfs has a bad super block num devices.
This makes btrfs to reject the fs completely.
BTRFS error (device sdd3): super_num_devices 3 mismatch with num_devices 2 found here
BTRFS error (device sdd3): failed to read chunk tree: -22
BTRFS error (device sdd3): open_ctree failed
[CAUSE]
During btrfs device removal, chunk tree and super block num devs are
updated in two different transactions:
btrfs_rm_device()
|- btrfs_rm_dev_item(device)
| |- trans = btrfs_start_transaction()
| | Now we got transaction X
| |
| |- btrfs_del_item()
| | Now device item is removed from chunk tree
| |
| |- btrfs_commit_transaction()
| Transaction X got committed, super num devs untouched,
| but device item removed from chunk tree.
| (AKA, super num devs is already incorrect)
|
|- cur_devices->num_devices--;
|- cur_devices->total_devices--;
|- btrfs_set_super_num_devices()
All those operations are not in transaction X, thus it will
only be written back to disk in next transaction.
So after the transaction X in btrfs_rm_dev_item() committed, but before
transaction X+1 (which can be minutes away), a power loss happen, then
we got the super num mismatch.
This has been fixed by commit bbac58698a55 ("btrfs: remove device item
and update super block in the same transaction").
[FIX]
Make the super_num_devices check less strict, converting it from a hard
error to a warning, and reset the value to a correct one for the current
or next transaction commit.
As the number of device items is the critical information where the
super block num_devices is only a cached value (and also useful for
cross checking), it's safe to automatically update it. Other device
related problems like missing device are handled after that and may
require other means to resolve, like degraded mount. With this fix,
potentially affected filesystems won't fail mount and require the manual
repair by btrfs check.
Reported-by: Luca Béla Palkovics <luca.bela.palkovics@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CA+8xDSpvdm_U0QLBAnrH=zqDq_cWCOH5TiV46CKmp3igr44okQ@mail.gmail.com/
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/volumes.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -7383,12 +7383,12 @@ int btrfs_read_chunk_tree(struct btrfs_f
* do another round of validation checks.
*/
if (total_dev != fs_info->fs_devices->total_devices) {
- btrfs_err(fs_info,
- "super_num_devices %llu mismatch with num_devices %llu found here",
+ btrfs_warn(fs_info,
+"super block num_devices %llu mismatch with DEV_ITEM count %llu, will be repaired on next transaction commit",
btrfs_super_num_devices(fs_info->super_copy),
total_dev);
- ret = -EINVAL;
- goto error;
+ fs_info->fs_devices->total_devices = total_dev;
+ btrfs_set_super_num_devices(fs_info->super_copy, total_dev);
}
if (btrfs_super_total_bytes(fs_info->super_copy) <
fs_info->fs_devices->total_rw_bytes) {
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 012/411] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 011/411] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 013/411] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
` (403 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Zixian, Gerd Hoffmann, Sasha Levin
From: Liu Zixian <liuzixian4@huawei.com>
[ Upstream commit 194d250cdc4a40ccbd179afd522a9e9846957402 ]
drm_cvt_mode may return NULL and we should check it.
This bug is found by syzkaller:
FAULT_INJECTION stacktrace:
[ 168.567394] FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
[ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567408] Call trace:
[ 168.567414] dump_backtrace+0x0/0x310
[ 168.567418] show_stack+0x28/0x38
[ 168.567423] dump_stack+0xec/0x15c
[ 168.567427] should_fail+0x3ac/0x3d0
[ 168.567437] __should_failslab+0xb8/0x120
[ 168.567441] should_failslab+0x28/0xc0
[ 168.567445] kmem_cache_alloc_trace+0x50/0x640
[ 168.567454] drm_mode_create+0x40/0x90
[ 168.567458] drm_cvt_mode+0x48/0xc78
[ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu]
[ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567492] drm_mode_getconnector+0x2e0/0xa70
[ 168.567496] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567514] drm_ioctl+0x558/0x6d0
[ 168.567522] do_vfs_ioctl+0x160/0xf30
[ 168.567525] ksys_ioctl+0x98/0xd8
[ 168.567530] __arm64_sys_ioctl+0x50/0xc8
[ 168.567536] el0_svc_common+0xc8/0x320
[ 168.567540] el0_svc_handler+0xf8/0x160
[ 168.567544] el0_svc+0x10/0x218
KASAN stacktrace:
[ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425
[ 168.567566]
[ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567575] Call trace:
[ 168.567578] dump_backtrace+0x0/0x310
[ 168.567582] show_stack+0x28/0x38
[ 168.567586] dump_stack+0xec/0x15c
[ 168.567591] kasan_report+0x244/0x2f0
[ 168.567594] __asan_load4+0x58/0xb0
[ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567617] drm_mode_getconnector+0x2e0/0xa70
[ 168.567621] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567624] drm_ioctl+0x558/0x6d0
[ 168.567628] do_vfs_ioctl+0x160/0xf30
[ 168.567632] ksys_ioctl+0x98/0xd8
[ 168.567636] __arm64_sys_ioctl+0x50/0xc8
[ 168.567641] el0_svc_common+0xc8/0x320
[ 168.567645] el0_svc_handler+0xf8/0x160
[ 168.567649] el0_svc+0x10/0x218
Signed-off-by: Liu Zixian <liuzixian4@huawei.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220322091730.1653-1-liuzixian4@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_display.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/virtio/virtgpu_display.c b/drivers/gpu/drm/virtio/virtgpu_display.c
index e622485ae826..7e34307eb075 100644
--- a/drivers/gpu/drm/virtio/virtgpu_display.c
+++ b/drivers/gpu/drm/virtio/virtgpu_display.c
@@ -174,6 +174,8 @@ static int virtio_gpu_conn_get_modes(struct drm_connector *connector)
DRM_DEBUG("add mode: %dx%d\n", width, height);
mode = drm_cvt_mode(connector->dev, width, height, 60,
false, false, false);
+ if (!mode)
+ return count;
mode->type |= DRM_MODE_TYPE_PREFERRED;
drm_mode_probed_add(connector, mode);
count++;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 013/411] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 012/411] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 014/411] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
` (402 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Niels Dossche,
Kalle Valo, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 3e12968f6d12a34b540c39cbd696a760cc4616f0 ]
cfg80211_ch_switch_notify uses ASSERT_WDEV_LOCK to assert that
net_device->ieee80211_ptr->mtx (which is the same as priv->wdev.mtx)
is held during the function's execution.
mwifiex_dfs_chan_sw_work_queue is one of its callers, which does not
hold that lock, therefore violating the assertion.
Add a lock around the call.
Disclaimer:
I am currently working on a static analyser to detect missing locks.
This was a reported case. I manually verified the report by looking
at the code, so that I do not send wrong information or patches.
After concluding that this seems to be a true positive, I created
this patch.
However, as I do not in fact have this particular hardware,
I was unable to test it.
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220321225515.32113-1-dossche.niels@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/11h.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/11h.c b/drivers/net/wireless/marvell/mwifiex/11h.c
index 238accfe4f41..c4176e357b22 100644
--- a/drivers/net/wireless/marvell/mwifiex/11h.c
+++ b/drivers/net/wireless/marvell/mwifiex/11h.c
@@ -303,5 +303,7 @@ void mwifiex_dfs_chan_sw_work_queue(struct work_struct *work)
mwifiex_dbg(priv->adapter, MSG,
"indicating channel switch completion to kernel\n");
+ mutex_lock(&priv->wdev.mtx);
cfg80211_ch_switch_notify(priv->netdev, &priv->dfs_chandef);
+ mutex_unlock(&priv->wdev.mtx);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 014/411] b43legacy: Fix assigning negative value to unsigned variable
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 013/411] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 015/411] b43: " Greg Kroah-Hartman
` (401 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit 3f6b867559b3d43a7ce1b4799b755e812fc0d503 ]
fix warning reported by smatch:
drivers/net/wireless/broadcom/b43legacy/phy.c:1181 b43legacy_phy_lo_b_measure()
warn: assigning (-772) to unsigned variable 'fval'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648203433-8736-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/b43legacy/phy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/b43legacy/phy.c b/drivers/net/wireless/broadcom/b43legacy/phy.c
index a659259bc51a..6e76055e136d 100644
--- a/drivers/net/wireless/broadcom/b43legacy/phy.c
+++ b/drivers/net/wireless/broadcom/b43legacy/phy.c
@@ -1123,7 +1123,7 @@ void b43legacy_phy_lo_b_measure(struct b43legacy_wldev *dev)
struct b43legacy_phy *phy = &dev->phy;
u16 regstack[12] = { 0 };
u16 mls;
- u16 fval;
+ s16 fval;
int i;
int j;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 015/411] b43: Fix assigning negative value to unsigned variable
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 014/411] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 016/411] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
` (400 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit 11800d893b38e0e12d636c170c1abc19c43c730c ]
fix warning reported by smatch:
drivers/net/wireless/broadcom/b43/phy_n.c:585 b43_nphy_adjust_lna_gain_table()
warn: assigning (-2) to unsigned variable '*(lna_gain[0])'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648203315-28093-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/b43/phy_n.c b/drivers/net/wireless/broadcom/b43/phy_n.c
index 32ce1b42ce08..0ef62ef77af6 100644
--- a/drivers/net/wireless/broadcom/b43/phy_n.c
+++ b/drivers/net/wireless/broadcom/b43/phy_n.c
@@ -582,7 +582,7 @@ static void b43_nphy_adjust_lna_gain_table(struct b43_wldev *dev)
u16 data[4];
s16 gain[2];
u16 minmax[2];
- static const u16 lna_gain[4] = { -2, 10, 19, 25 };
+ static const s16 lna_gain[4] = { -2, 10, 19, 25 };
if (nphy->hang_avoid)
b43_nphy_stay_in_carrier_search(dev, 1);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 016/411] ipw2x00: Fix potential NULL dereference in libipw_xmit()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 015/411] b43: " Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 017/411] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
` (399 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit e8366bbabe1d207cf7c5b11ae50e223ae6fc278b ]
crypt and crypt->ops could be null, so we need to checking null
before dereference
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648797055-25730-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/ipw2x00/libipw_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/ipw2x00/libipw_tx.c b/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
index d9baa2fa603b..e4c60caa6543 100644
--- a/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
+++ b/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
@@ -383,7 +383,7 @@ netdev_tx_t libipw_xmit(struct sk_buff *skb, struct net_device *dev)
/* Each fragment may need to have room for encryption
* pre/postfix */
- if (host_encrypt)
+ if (host_encrypt && crypt && crypt->ops)
bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
crypt->ops->extra_mpdu_postfix_len;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 017/411] ipv6: fix locking issues with loops over idev->addr_list
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 016/411] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 018/411] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
` (398 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Abeni, Niels Dossche,
Jakub Kicinski, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 51454ea42c1ab4e0c2828bb0d4d53957976980de ]
idev->addr_list needs to be protected by idev->lock. However, it is not
always possible to do so while iterating and performing actions on
inet6_ifaddr instances. For example, multiple functions (like
addrconf_{join,leave}_anycast) eventually call down to other functions
that acquire the idev->lock. The current code temporarily unlocked the
idev->lock during the loops, which can cause race conditions. Moving the
locks up is also not an appropriate solution as the ordering of lock
acquisition will be inconsistent with for example mc_lock.
This solution adds an additional field to inet6_ifaddr that is used
to temporarily add the instances to a temporary list while holding
idev->lock. The temporary list can then be traversed without holding
idev->lock. This change was done in two places. In addrconf_ifdown, the
list_for_each_entry_safe variant of the list loop is also no longer
necessary as there is no deletion within that specific loop.
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20220403231523.45843-1-dossche.niels@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/if_inet6.h | 8 ++++++++
net/ipv6/addrconf.c | 30 ++++++++++++++++++++++++------
2 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index a01981d7108f..f6d614926e9e 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -64,6 +64,14 @@ struct inet6_ifaddr {
struct hlist_node addr_lst;
struct list_head if_list;
+ /*
+ * Used to safely traverse idev->addr_list in process context
+ * if the idev->lock needed to protect idev->addr_list cannot be held.
+ * In that case, add the items to this list temporarily and iterate
+ * without holding idev->lock.
+ * See addrconf_ifdown and dev_forward_change.
+ */
+ struct list_head if_list_aux;
struct list_head tmp_list;
struct inet6_ifaddr *ifpub;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 92b32d131e1c..efea88fb3cd5 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -789,6 +789,7 @@ static void dev_forward_change(struct inet6_dev *idev)
{
struct net_device *dev;
struct inet6_ifaddr *ifa;
+ LIST_HEAD(tmp_addr_list);
if (!idev)
return;
@@ -807,14 +808,24 @@ static void dev_forward_change(struct inet6_dev *idev)
}
}
+ read_lock_bh(&idev->lock);
list_for_each_entry(ifa, &idev->addr_list, if_list) {
if (ifa->flags&IFA_F_TENTATIVE)
continue;
+ list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
+ }
+ read_unlock_bh(&idev->lock);
+
+ while (!list_empty(&tmp_addr_list)) {
+ ifa = list_first_entry(&tmp_addr_list,
+ struct inet6_ifaddr, if_list_aux);
+ list_del(&ifa->if_list_aux);
if (idev->cnf.forwarding)
addrconf_join_anycast(ifa);
else
addrconf_leave_anycast(ifa);
}
+
inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
NETCONFA_FORWARDING,
dev->ifindex, &idev->cnf);
@@ -3713,7 +3724,8 @@ static int addrconf_ifdown(struct net_device *dev, int how)
unsigned long event = how ? NETDEV_UNREGISTER : NETDEV_DOWN;
struct net *net = dev_net(dev);
struct inet6_dev *idev;
- struct inet6_ifaddr *ifa, *tmp;
+ struct inet6_ifaddr *ifa;
+ LIST_HEAD(tmp_addr_list);
bool keep_addr = false;
bool was_ready;
int state, i;
@@ -3805,16 +3817,23 @@ static int addrconf_ifdown(struct net_device *dev, int how)
write_lock_bh(&idev->lock);
}
- list_for_each_entry_safe(ifa, tmp, &idev->addr_list, if_list) {
+ list_for_each_entry(ifa, &idev->addr_list, if_list)
+ list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
+ write_unlock_bh(&idev->lock);
+
+ while (!list_empty(&tmp_addr_list)) {
struct fib6_info *rt = NULL;
bool keep;
+ ifa = list_first_entry(&tmp_addr_list,
+ struct inet6_ifaddr, if_list_aux);
+ list_del(&ifa->if_list_aux);
+
addrconf_del_dad_work(ifa);
keep = keep_addr && (ifa->flags & IFA_F_PERMANENT) &&
!addr_is_local(&ifa->addr);
- write_unlock_bh(&idev->lock);
spin_lock_bh(&ifa->lock);
if (keep) {
@@ -3845,15 +3864,14 @@ static int addrconf_ifdown(struct net_device *dev, int how)
addrconf_leave_solict(ifa->idev, &ifa->addr);
}
- write_lock_bh(&idev->lock);
if (!keep) {
+ write_lock_bh(&idev->lock);
list_del_rcu(&ifa->if_list);
+ write_unlock_bh(&idev->lock);
in6_ifa_put(ifa);
}
}
- write_unlock_bh(&idev->lock);
-
/* Step 5: Discard anycast and multicast list */
if (how) {
ipv6_ac_destroy_dev(idev);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 018/411] fbcon: Consistently protect deferred_takeover with console_lock()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 017/411] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 019/411] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
` (397 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sam Ravnborg, Daniel Vetter,
Daniel Vetter, Du Cheng, Tetsuo Handa, Claudio Suarez,
Thomas Zimmermann, Sasha Levin
From: Daniel Vetter <daniel.vetter@ffwll.ch>
[ Upstream commit 43553559121ca90965b572cf8a1d6d0fd618b449 ]
This shouldn't be a problem in practice since until we've actually
taken over the console there's nothing we've registered with the
console/vt subsystem, so the exit/unbind path that check this can't
do the wrong thing. But it's confusing, so fix it by moving it a tad
later.
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Du Cheng <ducheng2@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Claudio Suarez <cssk@net-c.es>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220405210335.3434130-14-daniel.vetter@ffwll.ch
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/core/fbcon.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index 75b770514067..1decded4845f 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -3286,6 +3286,9 @@ static void fbcon_register_existing_fbs(struct work_struct *work)
console_lock();
+ deferred_takeover = false;
+ logo_shown = FBCON_LOGO_DONTSHOW;
+
for_each_registered_fb(i)
fbcon_fb_registered(registered_fb[i]);
@@ -3303,8 +3306,6 @@ static int fbcon_output_notifier(struct notifier_block *nb,
pr_info("fbcon: Taking over console\n");
dummycon_unregister_output_notifier(&fbcon_output_nb);
- deferred_takeover = false;
- logo_shown = FBCON_LOGO_DONTSHOW;
/* We may get called in atomic context */
schedule_work(&fbcon_deferred_takeover_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 019/411] ACPICA: Avoid cache flush inside virtual machines
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 018/411] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 020/411] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
` (396 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kirill A. Shutemov, Dave Hansen,
Dan Williams, Thomas Gleixner, Sasha Levin
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Upstream commit e2efb6359e620521d1e13f69b2257de8ceaa9475 ]
While running inside virtual machine, the kernel can bypass cache
flushing. Changing sleep state in a virtual machine doesn't affect the
host system sleep state and cannot lead to data loss.
Before entering sleep states, the ACPI code flushes caches to prevent
data loss using the WBINVD instruction. This mechanism is required on
bare metal.
But, any use WBINVD inside of a guest is worthless. Changing sleep
state in a virtual machine doesn't affect the host system sleep state
and cannot lead to data loss, so most hypervisors simply ignore it.
Despite this, the ACPI code calls WBINVD unconditionally anyway.
It's useless, but also normally harmless.
In TDX guests, though, WBINVD stops being harmless; it triggers a
virtualization exception (#VE). If the ACPI cache-flushing WBINVD
were left in place, TDX guests would need handling to recover from
the exception.
Avoid using WBINVD whenever running under a hypervisor. This both
removes the useless WBINVDs and saves TDX from implementing WBINVD
handling.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20220405232939.73860-30-kirill.shutemov@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/acenv.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/acenv.h b/arch/x86/include/asm/acenv.h
index 9aff97f0de7f..d937c55e717e 100644
--- a/arch/x86/include/asm/acenv.h
+++ b/arch/x86/include/asm/acenv.h
@@ -13,7 +13,19 @@
/* Asm macros */
-#define ACPI_FLUSH_CPU_CACHE() wbinvd()
+/*
+ * ACPI_FLUSH_CPU_CACHE() flushes caches on entering sleep states.
+ * It is required to prevent data loss.
+ *
+ * While running inside virtual machine, the kernel can bypass cache flushing.
+ * Changing sleep state in a virtual machine doesn't affect the host system
+ * sleep state and cannot lead to data loss.
+ */
+#define ACPI_FLUSH_CPU_CACHE() \
+do { \
+ if (!cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) \
+ wbinvd(); \
+} while (0)
int __acpi_acquire_global_lock(unsigned int *lock);
int __acpi_release_global_lock(unsigned int *lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 020/411] drm/komeda: return early if drm_universal_plane_init() fails.
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 019/411] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 021/411] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
` (395 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Price, Liviu Dudau, Sasha Levin
From: Liviu Dudau <liviu.dudau@arm.com>
[ Upstream commit c8f76c37cc3668ee45e081e76a15f24a352ebbdd ]
If drm_universal_plane_init() fails early we jump to the common cleanup code
that calls komeda_plane_destroy() which in turn could access the uninitalised
drm_plane and crash. Return early if an error is detected without going through
the common code.
Reported-by: Steven Price <steven.price@arm.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211203100946.2706922-1-liviu.dudau@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
index 98e915e325dd..a5f57b38d193 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
@@ -274,8 +274,10 @@ static int komeda_plane_add(struct komeda_kms_dev *kms,
komeda_put_fourcc_list(formats);
- if (err)
- goto cleanup;
+ if (err) {
+ kfree(kplane);
+ return err;
+ }
drm_plane_helper_add(plane, &komeda_plane_helper_funcs);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 021/411] ALSA: jack: Access input_dev under mutex
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 020/411] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 022/411] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
` (394 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński,
Cezary Rojewski, Takashi Iwai, Sasha Levin
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
[ Upstream commit 1b6a6fc5280e97559287b61eade2d4b363e836f2 ]
It is possible when using ASoC that input_dev is unregistered while
calling snd_jack_report, which causes NULL pointer dereference.
In order to prevent this serialize access to input_dev using mutex lock.
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20220412091628.3056922-1-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/jack.h | 1 +
sound/core/jack.c | 34 +++++++++++++++++++++++++++-------
2 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/include/sound/jack.h b/include/sound/jack.h
index 9eb2b5ec1ec4..78f3619f3de9 100644
--- a/include/sound/jack.h
+++ b/include/sound/jack.h
@@ -62,6 +62,7 @@ struct snd_jack {
const char *id;
#ifdef CONFIG_SND_JACK_INPUT_DEV
struct input_dev *input_dev;
+ struct mutex input_dev_lock;
int registered;
int type;
char name[100];
diff --git a/sound/core/jack.c b/sound/core/jack.c
index b00ae6f39f05..e7ac82d46821 100644
--- a/sound/core/jack.c
+++ b/sound/core/jack.c
@@ -34,8 +34,11 @@ static int snd_jack_dev_disconnect(struct snd_device *device)
#ifdef CONFIG_SND_JACK_INPUT_DEV
struct snd_jack *jack = device->device_data;
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return 0;
+ }
/* If the input device is registered with the input subsystem
* then we need to use a different deallocator. */
@@ -44,6 +47,7 @@ static int snd_jack_dev_disconnect(struct snd_device *device)
else
input_free_device(jack->input_dev);
jack->input_dev = NULL;
+ mutex_unlock(&jack->input_dev_lock);
#endif /* CONFIG_SND_JACK_INPUT_DEV */
return 0;
}
@@ -82,8 +86,11 @@ static int snd_jack_dev_register(struct snd_device *device)
snprintf(jack->name, sizeof(jack->name), "%s %s",
card->shortname, jack->id);
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return 0;
+ }
jack->input_dev->name = jack->name;
@@ -108,6 +115,7 @@ static int snd_jack_dev_register(struct snd_device *device)
if (err == 0)
jack->registered = 1;
+ mutex_unlock(&jack->input_dev_lock);
return err;
}
#endif /* CONFIG_SND_JACK_INPUT_DEV */
@@ -228,9 +236,11 @@ int snd_jack_new(struct snd_card *card, const char *id, int type,
return -ENOMEM;
}
- /* don't creat input device for phantom jack */
- if (!phantom_jack) {
#ifdef CONFIG_SND_JACK_INPUT_DEV
+ mutex_init(&jack->input_dev_lock);
+
+ /* don't create input device for phantom jack */
+ if (!phantom_jack) {
int i;
jack->input_dev = input_allocate_device();
@@ -248,8 +258,8 @@ int snd_jack_new(struct snd_card *card, const char *id, int type,
input_set_capability(jack->input_dev, EV_SW,
jack_switch_types[i]);
-#endif /* CONFIG_SND_JACK_INPUT_DEV */
}
+#endif /* CONFIG_SND_JACK_INPUT_DEV */
err = snd_device_new(card, SNDRV_DEV_JACK, jack, &ops);
if (err < 0)
@@ -289,10 +299,14 @@ EXPORT_SYMBOL(snd_jack_new);
void snd_jack_set_parent(struct snd_jack *jack, struct device *parent)
{
WARN_ON(jack->registered);
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return;
+ }
jack->input_dev->dev.parent = parent;
+ mutex_unlock(&jack->input_dev_lock);
}
EXPORT_SYMBOL(snd_jack_set_parent);
@@ -340,6 +354,8 @@ EXPORT_SYMBOL(snd_jack_set_key);
/**
* snd_jack_report - Report the current status of a jack
+ * Note: This function uses mutexes and should be called from a
+ * context which can sleep (such as a workqueue).
*
* @jack: The jack to report status for
* @status: The current status of the jack
@@ -359,8 +375,11 @@ void snd_jack_report(struct snd_jack *jack, int status)
status & jack_kctl->mask_bits);
#ifdef CONFIG_SND_JACK_INPUT_DEV
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return;
+ }
for (i = 0; i < ARRAY_SIZE(jack->key); i++) {
int testbit = SND_JACK_BTN_0 >> i;
@@ -379,6 +398,7 @@ void snd_jack_report(struct snd_jack *jack, int status)
}
input_sync(jack->input_dev);
+ mutex_unlock(&jack->input_dev_lock);
#endif /* CONFIG_SND_JACK_INPUT_DEV */
}
EXPORT_SYMBOL(snd_jack_report);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 022/411] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 021/411] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 023/411] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
` (393 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Vinod Koul,
Geert Uytterhoeven, Mark Brown, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 6f381481a5b236cb53d6de2c49c6ef83a4d0f432 ]
The direction field in the DMA config is deprecated. The rspi driver
sets {src,dst}_{addr,addr_width} based on the DMA direction and
it results in dmaengine_slave_config() failure as RZ DMAC driver
validates {src,dst}_addr_width values independent of DMA direction.
This patch fixes the issue by passing both {src,dst}_{addr,addr_width}
values independent of DMA direction.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Suggested-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20220411173115.6619-1-biju.das.jz@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-rspi.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/drivers/spi/spi-rspi.c b/drivers/spi/spi-rspi.c
index 7222c7689c3c..0524741d73b9 100644
--- a/drivers/spi/spi-rspi.c
+++ b/drivers/spi/spi-rspi.c
@@ -1044,14 +1044,11 @@ static struct dma_chan *rspi_request_dma_chan(struct device *dev,
}
memset(&cfg, 0, sizeof(cfg));
+ cfg.dst_addr = port_addr + RSPI_SPDR;
+ cfg.src_addr = port_addr + RSPI_SPDR;
+ cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
+ cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
cfg.direction = dir;
- if (dir == DMA_MEM_TO_DEV) {
- cfg.dst_addr = port_addr;
- cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
- } else {
- cfg.src_addr = port_addr;
- cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
- }
ret = dmaengine_slave_config(chan, &cfg);
if (ret) {
@@ -1082,12 +1079,12 @@ static int rspi_request_dma(struct device *dev, struct spi_controller *ctlr,
}
ctlr->dma_tx = rspi_request_dma_chan(dev, DMA_MEM_TO_DEV, dma_tx_id,
- res->start + RSPI_SPDR);
+ res->start);
if (!ctlr->dma_tx)
return -ENODEV;
ctlr->dma_rx = rspi_request_dma_chan(dev, DMA_DEV_TO_MEM, dma_rx_id,
- res->start + RSPI_SPDR);
+ res->start);
if (!ctlr->dma_rx) {
dma_release_channel(ctlr->dma_tx);
ctlr->dma_tx = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 023/411] tools/power turbostat: fix ICX DRAM power numbers
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 022/411] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 024/411] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
` (392 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Pandruvada, Len Brown, Sasha Levin
From: Len Brown <len.brown@intel.com>
[ Upstream commit 6397b6418935773a34b533b3348b03f4ce3d7050 ]
ICX (and its duplicates) require special hard-coded DRAM RAPL units,
rather than using the generic RAPL energy units.
Reported-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/turbostat/turbostat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
index 988326b67a91..8bf6b01b3560 100644
--- a/tools/power/x86/turbostat/turbostat.c
+++ b/tools/power/x86/turbostat/turbostat.c
@@ -3865,6 +3865,7 @@ rapl_dram_energy_units_probe(int model, double rapl_energy_units)
case INTEL_FAM6_HASWELL_X: /* HSX */
case INTEL_FAM6_BROADWELL_X: /* BDX */
case INTEL_FAM6_XEON_PHI_KNL: /* KNL */
+ case INTEL_FAM6_ICELAKE_X: /* ICX */
return (rapl_dram_energy_units = 15.3 / 1000000);
default:
return (rapl_energy_units);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 024/411] drm/amd/pm: fix double free in si_parse_power_table()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 023/411] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 025/411] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
` (391 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keita Suzuki, Alex Deucher, Sasha Levin
From: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
[ Upstream commit f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd ]
In function si_parse_power_table(), array adev->pm.dpm.ps and its member
is allocated. If the allocation of each member fails, the array itself
is freed and returned with an error code. However, the array is later
freed again in si_dpm_fini() function which is called when the function
returns an error.
This leads to potential double free of the array adev->pm.dpm.ps, as
well as leak of its array members, since the members are not freed in
the allocation function and the array is not nulled when freed.
In addition adev->pm.dpm.num_ps, which keeps track of the allocated
array member, is not updated until the member allocation is
successfully finished, this could also lead to either use after free,
or uninitialized variable access in si_dpm_fini().
Fix this by postponing the free of the array until si_dpm_fini() and
increment adev->pm.dpm.num_ps everytime the array member is allocated.
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/si_dpm.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/si_dpm.c b/drivers/gpu/drm/amd/amdgpu/si_dpm.c
index 4cb4c891120b..9931d5c17cfb 100644
--- a/drivers/gpu/drm/amd/amdgpu/si_dpm.c
+++ b/drivers/gpu/drm/amd/amdgpu/si_dpm.c
@@ -7250,17 +7250,15 @@ static int si_parse_power_table(struct amdgpu_device *adev)
if (!adev->pm.dpm.ps)
return -ENOMEM;
power_state_offset = (u8 *)state_array->states;
- for (i = 0; i < state_array->ucNumEntries; i++) {
+ for (adev->pm.dpm.num_ps = 0, i = 0; i < state_array->ucNumEntries; i++) {
u8 *idx;
power_state = (union pplib_power_state *)power_state_offset;
non_clock_array_index = power_state->v2.nonClockInfoIndex;
non_clock_info = (struct _ATOM_PPLIB_NONCLOCK_INFO *)
&non_clock_info_array->nonClockInfo[non_clock_array_index];
ps = kzalloc(sizeof(struct si_ps), GFP_KERNEL);
- if (ps == NULL) {
- kfree(adev->pm.dpm.ps);
+ if (ps == NULL)
return -ENOMEM;
- }
adev->pm.dpm.ps[i].ps_priv = ps;
si_parse_pplib_non_clock_info(adev, &adev->pm.dpm.ps[i],
non_clock_info,
@@ -7282,8 +7280,8 @@ static int si_parse_power_table(struct amdgpu_device *adev)
k++;
}
power_state_offset += 2 + power_state->v2.ucNumDPMLevels;
+ adev->pm.dpm.num_ps++;
}
- adev->pm.dpm.num_ps = state_array->ucNumEntries;
/* fill in the vce power states */
for (i = 0; i < adev->pm.dpm.num_of_vce_states; i++) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 025/411] ath9k: fix QCA9561 PA bias level
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 024/411] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 026/411] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
` (390 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thibaut VARÈNE, Felix Fietkau,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
[ Upstream commit e999a5da28a0e0f7de242d841ef7d5e48f4646ae ]
This patch fixes an invalid TX PA DC bias level on QCA9561, which
results in a very low output power and very low throughput as devices
are further away from the AP (compared to other 2.4GHz APs).
This patch was suggested by Felix Fietkau, who noted[1]:
"The value written to that register is wrong, because while the mask
definition AR_CH0_TOP2_XPABIASLVL uses a different value for 9561, the
shift definition AR_CH0_TOP2_XPABIASLVL_S is hardcoded to 12, which is
wrong for 9561."
In real life testing, without this patch the 2.4GHz throughput on
Yuncore XD3200 is around 10Mbps sitting next to the AP, and closer to
practical maximum with the patch applied.
[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
Signed-off-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
Acked-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220417145145.1847-1-hacks+kernel@slashdirt.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.h b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
index a171dbb29fbb..ad949eb02f3d 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
@@ -720,7 +720,7 @@
#define AR_CH0_TOP2 (AR_SREV_9300(ah) ? 0x1628c : \
(AR_SREV_9462(ah) ? 0x16290 : 0x16284))
#define AR_CH0_TOP2_XPABIASLVL (AR_SREV_9561(ah) ? 0x1e00 : 0xf000)
-#define AR_CH0_TOP2_XPABIASLVL_S 12
+#define AR_CH0_TOP2_XPABIASLVL_S (AR_SREV_9561(ah) ? 9 : 12)
#define AR_CH0_XTAL (AR_SREV_9300(ah) ? 0x16294 : \
((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x16298 : \
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 026/411] media: venus: hfi: avoid null dereference in deinit
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 025/411] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
@ 2022-06-13 10:04 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 027/411] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
` (389 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luca Weiss, Stanimir Varbanov,
Mauro Carvalho Chehab, Sasha Levin
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit 86594f6af867b5165d2ba7b5a71fae3a5961e56c ]
If venus_probe fails at pm_runtime_put_sync the error handling first
calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets
core->ops to NULL, hfi_core_deinit cannot call the core_deinit function
anymore.
Avoid this null pointer derefence by skipping the call when necessary.
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/hfi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/platform/qcom/venus/hfi.c b/drivers/media/platform/qcom/venus/hfi.c
index 3d8b1284d1f3..68964a80fe61 100644
--- a/drivers/media/platform/qcom/venus/hfi.c
+++ b/drivers/media/platform/qcom/venus/hfi.c
@@ -104,6 +104,9 @@ int hfi_core_deinit(struct venus_core *core, bool blocking)
mutex_lock(&core->lock);
}
+ if (!core->ops)
+ goto unlock;
+
ret = core->ops->core_deinit(core);
if (!ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 027/411] media: pci: cx23885: Fix the error handling in cx23885_initdev()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-06-13 10:04 ` [PATCH 5.4 026/411] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 028/411] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
` (388 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit e8123311cf06d7dae71e8c5fe78e0510d20cd30b ]
When the driver fails to call the dma_set_mask(), the driver will get
the following splat:
[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240
[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590
[ 55.856822] Call Trace:
[ 55.860327] __process_removed_driver+0x3c/0x240
[ 55.861347] bus_for_each_dev+0x102/0x160
[ 55.861681] i2c_del_driver+0x2f/0x50
This is because the driver has initialized the i2c related resources
in cx23885_dev_setup() but not released them in error handling, fix this
bug by modifying the error path that jumps after failing to call the
dma_set_mask().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx23885/cx23885-core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/pci/cx23885/cx23885-core.c b/drivers/media/pci/cx23885/cx23885-core.c
index ead0acb7807c..6747ecb4911b 100644
--- a/drivers/media/pci/cx23885/cx23885-core.c
+++ b/drivers/media/pci/cx23885/cx23885-core.c
@@ -2154,7 +2154,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
err = pci_set_dma_mask(pci_dev, 0xffffffff);
if (err) {
pr_err("%s/0: Oops: no 32bit PCI DMA ???\n", dev->name);
- goto fail_ctrl;
+ goto fail_dma_set_mask;
}
err = request_irq(pci_dev->irq, cx23885_irq,
@@ -2162,7 +2162,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
if (err < 0) {
pr_err("%s: can't get IRQ %d\n",
dev->name, pci_dev->irq);
- goto fail_irq;
+ goto fail_dma_set_mask;
}
switch (dev->board) {
@@ -2184,7 +2184,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
return 0;
-fail_irq:
+fail_dma_set_mask:
cx23885_dev_unregister(dev);
fail_ctrl:
v4l2_ctrl_handler_free(hdl);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 028/411] media: cx25821: Fix the warning when removing the module
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 027/411] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 029/411] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
` (387 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 2203436a4d24302871617373a7eb21bc17e38762 ]
When removing the module, we will get the following warning:
[ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'
[ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0
[ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0
[ 14.759589] Call Trace:
[ 14.759792] <TASK>
[ 14.759975] unregister_irq_proc+0x14c/0x170
[ 14.760340] irq_free_descs+0x94/0xe0
[ 14.760640] mp_unmap_irq+0xb6/0x100
[ 14.760937] acpi_unregister_gsi_ioapic+0x27/0x40
[ 14.761334] acpi_pci_irq_disable+0x1d3/0x320
[ 14.761688] pci_disable_device+0x1ad/0x380
[ 14.762027] ? _raw_spin_unlock_irqrestore+0x2d/0x60
[ 14.762442] ? cx25821_shutdown+0x20/0x9f0 [cx25821]
[ 14.762848] cx25821_finidev+0x48/0xc0 [cx25821]
[ 14.763242] pci_device_remove+0x92/0x240
Fix this by freeing the irq before call pci_disable_device().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx25821/cx25821-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/cx25821/cx25821-core.c b/drivers/media/pci/cx25821/cx25821-core.c
index 44839a6461e8..534829e352d1 100644
--- a/drivers/media/pci/cx25821/cx25821-core.c
+++ b/drivers/media/pci/cx25821/cx25821-core.c
@@ -1340,11 +1340,11 @@ static void cx25821_finidev(struct pci_dev *pci_dev)
struct cx25821_dev *dev = get_cx25821(v4l2_dev);
cx25821_shutdown(dev);
- pci_disable_device(pci_dev);
/* unregister stuff */
if (pci_dev->irq)
free_irq(pci_dev->irq, dev);
+ pci_disable_device(pci_dev);
cx25821_dev_unregister(dev);
v4l2_device_unregister(v4l2_dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 029/411] md/bitmap: dont set sb values if cant pass sanity check
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 028/411] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 030/411] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
` (386 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Guoqing Jiang, Heming Zhao, Song Liu, Sasha Levin
From: Heming Zhao <heming.zhao@suse.com>
[ Upstream commit e68cb83a57a458b01c9739e2ad9cb70b04d1e6d2 ]
If bitmap area contains invalid data, kernel will crash then mdadm
triggers "Segmentation fault".
This is cluster-md speical bug. In non-clustered env, mdadm will
handle broken metadata case. In clustered array, only kernel space
handles bitmap slot info. But even this bug only happened in clustered
env, current sanity check is wrong, the code should be changed.
How to trigger: (faulty injection)
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb
mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb
mdadm -Ss
echo aaa > magic.txt
== below modifying slot 2 bitmap data ==
dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 <== destroy magic
dd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 <== ZERO chunksize
mdadm -A /dev/md0 /dev/sda /dev/sdb
== kernel crashes. mdadm outputs "Segmentation fault" ==
Reason of kernel crash:
In md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn't
block chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T()
trigger "divide error".
Crash log:
kernel: md: md0 stopped.
kernel: md/raid1:md0: not clean -- starting background reconstruction
kernel: md/raid1:md0: active with 2 out of 2 mirrors
kernel: dlm: ... ...
kernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1
kernel: md0: invalid bitmap file superblock: bad magic
kernel: md_bitmap_copy_from_slot can't get bitmap from slot 2
kernel: md-cluster: Could not gather bitmaps from slot 2
kernel: divide error: 0000 [#1] SMP NOPTI
kernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default
kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
kernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246
kernel: ... ...
kernel: Call Trace:
kernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0]
kernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a]
kernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0]
kernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a]
kernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a]
kernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a]
kernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a]
kernel: ? blkdev_ioctl+0xb1/0x2b0
kernel: block_ioctl+0x3b/0x40
kernel: __x64_sys_ioctl+0x7f/0xb0
kernel: do_syscall_64+0x59/0x80
kernel: ? exit_to_user_mode_prepare+0x1ab/0x230
kernel: ? syscall_exit_to_user_mode+0x18/0x40
kernel: ? do_syscall_64+0x69/0x80
kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae
kernel: RIP: 0033:0x7f4a15fa722b
kernel: ... ...
kernel: ---[ end trace 8afa7612f559c868 ]---
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 44 ++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index d7eef5292ae2..a95e20c3d0d4 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -642,14 +642,6 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
daemon_sleep = le32_to_cpu(sb->daemon_sleep) * HZ;
write_behind = le32_to_cpu(sb->write_behind);
sectors_reserved = le32_to_cpu(sb->sectors_reserved);
- /* Setup nodes/clustername only if bitmap version is
- * cluster-compatible
- */
- if (sb->version == cpu_to_le32(BITMAP_MAJOR_CLUSTERED)) {
- nodes = le32_to_cpu(sb->nodes);
- strlcpy(bitmap->mddev->bitmap_info.cluster_name,
- sb->cluster_name, 64);
- }
/* verify that the bitmap-specific fields are valid */
if (sb->magic != cpu_to_le32(BITMAP_MAGIC))
@@ -671,6 +663,16 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
goto out;
}
+ /*
+ * Setup nodes/clustername only if bitmap version is
+ * cluster-compatible
+ */
+ if (sb->version == cpu_to_le32(BITMAP_MAJOR_CLUSTERED)) {
+ nodes = le32_to_cpu(sb->nodes);
+ strlcpy(bitmap->mddev->bitmap_info.cluster_name,
+ sb->cluster_name, 64);
+ }
+
/* keep the array size field of the bitmap superblock up to date */
sb->sync_size = cpu_to_le64(bitmap->mddev->resync_max_sectors);
@@ -703,9 +705,9 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
out:
kunmap_atomic(sb);
- /* Assigning chunksize is required for "re_read" */
- bitmap->mddev->bitmap_info.chunksize = chunksize;
if (err == 0 && nodes && (bitmap->cluster_slot < 0)) {
+ /* Assigning chunksize is required for "re_read" */
+ bitmap->mddev->bitmap_info.chunksize = chunksize;
err = md_setup_cluster(bitmap->mddev, nodes);
if (err) {
pr_warn("%s: Could not setup cluster service (%d)\n",
@@ -716,18 +718,18 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
goto re_read;
}
-
out_no_sb:
- if (test_bit(BITMAP_STALE, &bitmap->flags))
- bitmap->events_cleared = bitmap->mddev->events;
- bitmap->mddev->bitmap_info.chunksize = chunksize;
- bitmap->mddev->bitmap_info.daemon_sleep = daemon_sleep;
- bitmap->mddev->bitmap_info.max_write_behind = write_behind;
- bitmap->mddev->bitmap_info.nodes = nodes;
- if (bitmap->mddev->bitmap_info.space == 0 ||
- bitmap->mddev->bitmap_info.space > sectors_reserved)
- bitmap->mddev->bitmap_info.space = sectors_reserved;
- if (err) {
+ if (err == 0) {
+ if (test_bit(BITMAP_STALE, &bitmap->flags))
+ bitmap->events_cleared = bitmap->mddev->events;
+ bitmap->mddev->bitmap_info.chunksize = chunksize;
+ bitmap->mddev->bitmap_info.daemon_sleep = daemon_sleep;
+ bitmap->mddev->bitmap_info.max_write_behind = write_behind;
+ bitmap->mddev->bitmap_info.nodes = nodes;
+ if (bitmap->mddev->bitmap_info.space == 0 ||
+ bitmap->mddev->bitmap_info.space > sectors_reserved)
+ bitmap->mddev->bitmap_info.space = sectors_reserved;
+ } else {
md_bitmap_print_sb(bitmap);
if (bitmap->cluster_slot < 0)
md_cluster_stop(bitmap->mddev);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 030/411] mmc: jz4740: Apply DMA engine limits to maximum segment size
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 029/411] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 031/411] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
` (385 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aidan MacDonald, Ulf Hansson, Sasha Levin
From: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
[ Upstream commit afadb04f1d6e74b18a253403f5274cde5e3fd7bd ]
Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and
limit the maximum segment size based on the DMA engine's capabilities. This
is needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c
DMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]
CPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19
Workqueue: kblockd blk_mq_run_work_fn
Stack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac
814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444
00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62
6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009
805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000
...
Call Trace:
[<80107670>] show_stack+0x84/0x120
[<80528cd8>] __warn+0xb8/0xec
[<80528d78>] warn_slowpath_fmt+0x6c/0xb8
[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c
[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118
[<8016a27c>] dma_map_sg_attrs+0x14/0x28
[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4
[<804f6714>] jz4740_mmc_pre_request+0x30/0x54
[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc
[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4
[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664
[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370
[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164
[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94
[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc
[<80134c14>] process_one_work+0x1b8/0x264
[<80134ff8>] worker_thread+0x2ec/0x3b8
[<8013b13c>] kthread+0x104/0x10c
[<80101dcc>] ret_from_kernel_thread+0x14/0x1c
---[ end trace 0000000000000000 ]---
Signed-off-by: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
Link: https://lore.kernel.org/r/20220411153753.50443-1-aidanmacdonald.0x0@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/jz4740_mmc.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/drivers/mmc/host/jz4740_mmc.c b/drivers/mmc/host/jz4740_mmc.c
index f816c06ef916..a316c912a118 100644
--- a/drivers/mmc/host/jz4740_mmc.c
+++ b/drivers/mmc/host/jz4740_mmc.c
@@ -224,6 +224,26 @@ static int jz4740_mmc_acquire_dma_channels(struct jz4740_mmc_host *host)
return PTR_ERR(host->dma_rx);
}
+ /*
+ * Limit the maximum segment size in any SG entry according to
+ * the parameters of the DMA engine device.
+ */
+ if (host->dma_tx) {
+ struct device *dev = host->dma_tx->device->dev;
+ unsigned int max_seg_size = dma_get_max_seg_size(dev);
+
+ if (max_seg_size < host->mmc->max_seg_size)
+ host->mmc->max_seg_size = max_seg_size;
+ }
+
+ if (host->dma_rx) {
+ struct device *dev = host->dma_rx->device->dev;
+ unsigned int max_seg_size = dma_get_max_seg_size(dev);
+
+ if (max_seg_size < host->mmc->max_seg_size)
+ host->mmc->max_seg_size = max_seg_size;
+ }
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 031/411] scsi: megaraid: Fix error check return value of register_chrdev()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 030/411] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 032/411] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
` (384 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Martin K. Petersen, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit c5acd61dbb32b6bda0f3a354108f2b8dcb788985 ]
If major equals 0, register_chrdev() returns an error code when it fails.
This function dynamically allocates a major and returns its number on
success, so we should use "< 0" to check it instead of "!".
Link: https://lore.kernel.org/r/20220418105755.2558828-1-lv.ruyi@zte.com.cn
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/megaraid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c
index ff6d4aa92421..8b1ba690039b 100644
--- a/drivers/scsi/megaraid.c
+++ b/drivers/scsi/megaraid.c
@@ -4635,7 +4635,7 @@ static int __init megaraid_init(void)
* major number allocation.
*/
major = register_chrdev(0, "megadev_legacy", &megadev_fops);
- if (!major) {
+ if (major < 0) {
printk(KERN_WARNING
"megaraid: failed to register char device\n");
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 032/411] drm/plane: Move range check for format_count earlier
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 031/411] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 033/411] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
` (383 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Price, Liviu Dudau, Sasha Levin
From: Steven Price <steven.price@arm.com>
[ Upstream commit 4b674dd69701c2e22e8e7770c1706a69f3b17269 ]
While the check for format_count > 64 in __drm_universal_plane_init()
shouldn't be hit (it's a WARN_ON), in its current position it will then
leak the plane->format_types array and fail to call
drm_mode_object_unregister() leaking the modeset identifier. Move it to
the start of the function to avoid allocating those resources in the
first place.
Signed-off-by: Steven Price <steven.price@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211203102815.38624-1-steven.price@arm.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_plane.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
index d6ad60ab0d38..6bdebcca5690 100644
--- a/drivers/gpu/drm/drm_plane.c
+++ b/drivers/gpu/drm/drm_plane.c
@@ -186,6 +186,13 @@ int drm_universal_plane_init(struct drm_device *dev, struct drm_plane *plane,
if (WARN_ON(config->num_total_plane >= 32))
return -EINVAL;
+ /*
+ * First driver to need more than 64 formats needs to fix this. Each
+ * format is encoded as a bit and the current code only supports a u64.
+ */
+ if (WARN_ON(format_count > 64))
+ return -EINVAL;
+
WARN_ON(drm_drv_uses_atomic_modeset(dev) &&
(!funcs->atomic_destroy_state ||
!funcs->atomic_duplicate_state));
@@ -207,13 +214,6 @@ int drm_universal_plane_init(struct drm_device *dev, struct drm_plane *plane,
return -ENOMEM;
}
- /*
- * First driver to need more than 64 formats needs to fix this. Each
- * format is encoded as a bit and the current code only supports a u64.
- */
- if (WARN_ON(format_count > 64))
- return -EINVAL;
-
if (format_modifiers) {
const uint64_t *temp_modifiers = format_modifiers;
while (*temp_modifiers++ != DRM_FORMAT_MOD_INVALID)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 033/411] drm/amd/pm: fix the compile warning
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 032/411] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 034/411] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
` (382 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Alex Deucher,
Evan Quan, Sasha Levin
From: Evan Quan <evan.quan@amd.com>
[ Upstream commit 555238d92ac32dbad2d77ad2bafc48d17391990c ]
Fix the compile warning below:
drivers/gpu/drm/amd/amdgpu/../pm/legacy-dpm/kv_dpm.c:1641
kv_get_acp_boot_level() warn: always true condition '(table->entries[i]->clk >= 0) => (0-u32max >= 0)'
Reported-by: kernel test robot <lkp@intel.com>
CC: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/kv_dpm.c b/drivers/gpu/drm/amd/amdgpu/kv_dpm.c
index 4b3faaccecb9..c8a5a5698edd 100644
--- a/drivers/gpu/drm/amd/amdgpu/kv_dpm.c
+++ b/drivers/gpu/drm/amd/amdgpu/kv_dpm.c
@@ -1609,19 +1609,7 @@ static int kv_update_samu_dpm(struct amdgpu_device *adev, bool gate)
static u8 kv_get_acp_boot_level(struct amdgpu_device *adev)
{
- u8 i;
- struct amdgpu_clock_voltage_dependency_table *table =
- &adev->pm.dpm.dyn_state.acp_clock_voltage_dependency_table;
-
- for (i = 0; i < table->count; i++) {
- if (table->entries[i].clk >= 0) /* XXX */
- break;
- }
-
- if (i >= table->count)
- i = table->count - 1;
-
- return i;
+ return 0;
}
static void kv_update_acp_boot_level(struct amdgpu_device *adev)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 034/411] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 033/411] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 035/411] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
` (381 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandru Elisei, Marc Zyngier,
Catalin Marinas, Sasha Levin
From: Alexandru Elisei <alexandru.elisei@arm.com>
[ Upstream commit 3fed9e551417b84038b15117732ea4505eee386b ]
If a compat process tries to execute an unknown system call above the
__ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the
offending process. Information about the error is printed to dmesg in
compat_arm_syscall() -> arm64_notify_die() -> arm64_force_sig_fault() ->
arm64_show_signal().
arm64_show_signal() interprets a non-zero value for
current->thread.fault_code as an exception syndrome and displays the
message associated with the ESR_ELx.EC field (bits 31:26).
current->thread.fault_code is set in compat_arm_syscall() ->
arm64_notify_die() with the bad syscall number instead of a valid ESR_ELx
value. This means that the ESR_ELx.EC field has the value that the user set
for the syscall number and the kernel can end up printing bogus exception
messages*. For example, for the syscall number 0x68000000, which evaluates
to ESR_ELx.EC value of 0x1A (ESR_ELx_EC_FPAC) the kernel prints this error:
[ 18.349161] syscall[300]: unhandled exception: ERET/ERETAA/ERETAB, ESR 0x68000000, Oops - bad compat syscall(2) in syscall[10000+50000]
[ 18.350639] CPU: 2 PID: 300 Comm: syscall Not tainted 5.18.0-rc1 #79
[ 18.351249] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which is misleading, as the bad compat syscall has nothing to do with
pointer authentication.
Stop arm64_show_signal() from printing exception syndrome information by
having compat_arm_syscall() set the ESR_ELx value to 0, as it has no
meaning for an invalid system call number. The example above now becomes:
[ 19.935275] syscall[301]: unhandled exception: Oops - bad compat syscall(2) in syscall[10000+50000]
[ 19.936124] CPU: 1 PID: 301 Comm: syscall Not tainted 5.18.0-rc1-00005-g7e08006d4102 #80
[ 19.936894] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which although shows less information because the syscall number,
wrongfully advertised as the ESR value, is missing, it is better than
showing plainly wrong information. The syscall number can be easily
obtained with strace.
*A 32-bit value above or equal to 0x8000_0000 is interpreted as a negative
integer in compat_arm_syscal() and the condition scno < __ARM_NR_COMPAT_END
evaluates to true; the syscall will exit to userspace in this case with the
ENOSYS error code instead of arm64_notify_die() being called.
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220425114444.368693-3-alexandru.elisei@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/sys_compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/sys_compat.c b/arch/arm64/kernel/sys_compat.c
index 3c18c2454089..51274bab2565 100644
--- a/arch/arm64/kernel/sys_compat.c
+++ b/arch/arm64/kernel/sys_compat.c
@@ -115,6 +115,6 @@ long compat_arm_syscall(struct pt_regs *regs, int scno)
(compat_thumb_mode(regs) ? 2 : 4);
arm64_notify_die("Oops - bad compat syscall(2)", regs,
- SIGILL, ILL_ILLTRP, addr, scno);
+ SIGILL, ILL_ILLTRP, addr, 0);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 035/411] drm: msm: fix error check return value of irq_of_parse_and_map()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 034/411] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 036/411] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
` (380 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Dmitry Baryshkov, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit b9e4f1d2b505df8e2439b63e67afaa287c1c43e2 ]
The irq_of_parse_and_map() function returns 0 on failure, and does not
return an negative value.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/483175/
Link: https://lore.kernel.org/r/20220424031959.3172406-1-lv.ruyi@zte.com.cn
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
index 77823ccdd0f8..39d0082eedcc 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
@@ -698,9 +698,9 @@ struct msm_kms *mdp5_kms_init(struct drm_device *dev)
pdev = mdp5_kms->pdev;
irq = irq_of_parse_and_map(pdev->dev.of_node, 0);
- if (irq < 0) {
- ret = irq;
- DRM_DEV_ERROR(&pdev->dev, "failed to get irq: %d\n", ret);
+ if (!irq) {
+ ret = -EINVAL;
+ DRM_DEV_ERROR(&pdev->dev, "failed to get irq\n");
goto fail;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 036/411] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 035/411] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 037/411] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
` (379 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, jianghaoran, Jakub Kicinski, Sasha Levin
From: jianghaoran <jianghaoran@kylinos.cn>
[ Upstream commit b52e1cce31ca721e937d517411179f9196ee6135 ]
ARPHRD_TUNNEL interface can't process rs packets
and will generate TX errors
ex:
ip tunnel add ethn mode ipip local 192.168.1.1 remote 192.168.1.2
ifconfig ethn x.x.x.x
ethn: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
inet x.x.x.x netmask 255.255.255.255 destination x.x.x.x
inet6 fe80::5efe:ac1e:3cdb prefixlen 64 scopeid 0x20<link>
tunnel txqueuelen 1000 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 3 dropped 0 overruns 0 carrier 0 collisions 0
Signed-off-by: jianghaoran <jianghaoran@kylinos.cn>
Link: https://lore.kernel.org/r/20220429053802.246681-1-jianghaoran@kylinos.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/addrconf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index efea88fb3cd5..e29553e4f4ee 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4202,7 +4202,8 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id,
send_rs = send_mld &&
ipv6_accept_ra(ifp->idev) &&
ifp->idev->cnf.rtr_solicits != 0 &&
- (dev->flags&IFF_LOOPBACK) == 0;
+ (dev->flags & IFF_LOOPBACK) == 0 &&
+ (dev->type != ARPHRD_TUNNEL);
read_unlock_bh(&ifp->idev->lock);
/* While dad is in progress mld report's source address is in6_addrany.
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 037/411] net/mlx5: fs, delete the FTE when there are no rules attached to it
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 036/411] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 038/411] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
` (378 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Bloch, Maor Gottlieb,
Saeed Mahameed, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit 7b0c6338597613f465d131bd939a51844a00455a ]
When an FTE has no children is means all the rules where removed
and the FTE can be deleted regardless of the dests_size value.
While dests_size should be 0 when there are no children
be extra careful not to leak memory or get firmware syndrome
if the proper bookkeeping of dests_size wasn't done.
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 5baf2c666d29..8c8b68e7abb4 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -1937,16 +1937,16 @@ void mlx5_del_flow_rules(struct mlx5_flow_handle *handle)
down_write_ref_node(&fte->node, false);
for (i = handle->num_rules - 1; i >= 0; i--)
tree_remove_node(&handle->rule[i]->node, true);
- if (fte->dests_size) {
- if (fte->modify_mask)
- modify_fte(fte);
- up_write_ref_node(&fte->node, false);
- } else if (list_empty(&fte->node.children)) {
+ if (list_empty(&fte->node.children)) {
del_hw_fte(&fte->node);
/* Avoid double call to del_hw_fte */
fte->node.del_hw_func = NULL;
up_write_ref_node(&fte->node, false);
tree_put_node(&fte->node, false);
+ } else if (fte->dests_size) {
+ if (fte->modify_mask)
+ modify_fte(fte);
+ up_write_ref_node(&fte->node, false);
} else {
up_write_ref_node(&fte->node, false);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 038/411] ASoC: dapm: Dont fold register value changes into notifications
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 037/411] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 039/411] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
` (377 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown, Sasha Levin
From: Mark Brown <broonie@kernel.org>
[ Upstream commit ad685980469b9f9b99d4d6ea05f4cb8f57cb2234 ]
DAPM tracks and reports the value presented to the user from DAPM controls
separately to the register value, these may diverge during initialisation
or when an autodisable control is in use.
When writing DAPM controls we currently report that a change has occurred
if either the DAPM value or the value stored in the register has changed,
meaning that if the two are out of sync we may appear to report a spurious
event to userspace. Since we use this folded in value for nothing other
than the value reported to userspace simply drop the folding in of the
register change.
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220428161833.3690050-1-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-dapm.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index 1c09dfb0c0f0..56c9c4189f26 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -3421,7 +3421,6 @@ int snd_soc_dapm_put_volsw(struct snd_kcontrol *kcontrol,
update.val = val;
card->update = &update;
}
- change |= reg_change;
ret = soc_dapm_mixer_update_power(card, kcontrol, connect,
rconnect);
@@ -3527,7 +3526,6 @@ int snd_soc_dapm_put_enum_double(struct snd_kcontrol *kcontrol,
update.val = val;
card->update = &update;
}
- change |= reg_change;
ret = soc_dapm_mux_update_power(card, kcontrol, item[0], e);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 039/411] mlxsw: spectrum_dcb: Do not warn about priority changes
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 038/411] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 040/411] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
` (376 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maksym Yaremchuk, Petr Machata,
Ido Schimmel, David S. Miller, Sasha Levin
From: Petr Machata <petrm@nvidia.com>
[ Upstream commit b6b584562cbe7dc357083459d6dd5b171e12cadb ]
The idea behind the warnings is that the user would get warned in case when
more than one priority is configured for a given DSCP value on a netdevice.
The warning is currently wrong, because dcb_ieee_getapp_mask() returns
the first matching entry, not all of them, and the warning will then claim
that some priority is "current", when in fact it is not.
But more importantly, the warning is misleading in general. Consider the
following commands:
# dcb app flush dev swp19 dscp-prio
# dcb app add dev swp19 dscp-prio 24:3
# dcb app replace dev swp19 dscp-prio 24:2
The last command will issue the following warning:
mlxsw_spectrum3 0000:07:00.0 swp19: Ignoring new priority 2 for DSCP 24 in favor of current value of 3
The reason is that the "replace" command works by first adding the new
value, and then removing all old values. This is the only way to make the
replacement without causing the traffic to be prioritized to whatever the
chip defaults to. The warning is issued in response to adding the new
priority, and then no warning is shown when the old priority is removed.
The upshot is that the canonical way to change traffic prioritization
always produces a warning about ignoring the new priority, but what gets
configured is in fact what the user intended.
An option to just emit warning every time that the prioritization changes
just to make it clear that it happened is obviously unsatisfactory.
Therefore, in this patch, remove the warnings.
Reported-by: Maksym Yaremchuk <maksymy@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
index 21296fa7f7fb..bf51ed94952c 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
@@ -227,8 +227,6 @@ static int mlxsw_sp_dcbnl_ieee_setets(struct net_device *dev,
static int mlxsw_sp_dcbnl_app_validate(struct net_device *dev,
struct dcb_app *app)
{
- int prio;
-
if (app->priority >= IEEE_8021QAZ_MAX_TCS) {
netdev_err(dev, "APP entry with priority value %u is invalid\n",
app->priority);
@@ -242,17 +240,6 @@ static int mlxsw_sp_dcbnl_app_validate(struct net_device *dev,
app->protocol);
return -EINVAL;
}
-
- /* Warn about any DSCP APP entries with the same PID. */
- prio = fls(dcb_ieee_getapp_mask(dev, app));
- if (prio--) {
- if (prio < app->priority)
- netdev_warn(dev, "Choosing priority %d for DSCP %d in favor of previously-active value of %d\n",
- app->priority, app->protocol, prio);
- else if (prio > app->priority)
- netdev_warn(dev, "Ignoring new priority %d for DSCP %d in favor of current value of %d\n",
- app->priority, app->protocol, prio);
- }
break;
case IEEE_8021QAZ_APP_SEL_ETHERTYPE:
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 040/411] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 039/411] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 041/411] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
` (375 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alice Wong, Alex Deucher, Sasha Levin
From: Alice Wong <shiwei.wong@amd.com>
[ Upstream commit ab0cd4a9ae5b4679b714d8dbfedc0901fecdce9f ]
When psp_hw_init failed, it will set the load_type to AMDGPU_FW_LOAD_DIRECT.
During amdgpu_device_ip_fini, amdgpu_ucode_free_bo checks that load_type is
AMDGPU_FW_LOAD_DIRECT and skips deallocating fw_buf causing memory leak.
Remove load_type check in amdgpu_ucode_free_bo.
Signed-off-by: Alice Wong <shiwei.wong@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
index 3a6115ad0196..f3250db7f9c2 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
@@ -568,8 +568,7 @@ int amdgpu_ucode_create_bo(struct amdgpu_device *adev)
void amdgpu_ucode_free_bo(struct amdgpu_device *adev)
{
- if (adev->firmware.load_type != AMDGPU_FW_LOAD_DIRECT)
- amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
+ amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
&adev->firmware.fw_buf_mc,
&adev->firmware.fw_buf_ptr);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 041/411] HID: bigben: fix slab-out-of-bounds Write in bigben_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 040/411] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 042/411] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
` (374 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu, Jiri Kosina,
Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit fc4ef9d5724973193bfa5ebed181dba6de3a56db ]
There is a slab-out-of-bounds Write bug in hid-bigbenff driver.
The problem is the driver assumes the device must have an input but
some malicious devices violate this assumption.
Fix this by checking hid_device's input is non-empty before its usage.
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-bigbenff.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c
index 74ad8bf98bfd..e8c5e3ac9fff 100644
--- a/drivers/hid/hid-bigbenff.c
+++ b/drivers/hid/hid-bigbenff.c
@@ -347,6 +347,12 @@ static int bigben_probe(struct hid_device *hid,
bigben->report = list_entry(report_list->next,
struct hid_report, list);
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ error = -ENODEV;
+ goto error_hw_stop;
+ }
+
hidinput = list_first_entry(&hid->inputs, struct hid_input, list);
set_bit(FF_RUMBLE, hidinput->input->ffbit);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 042/411] ASoC: tscs454: Add endianness flag in snd_soc_component_driver
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 041/411] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 043/411] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
` (373 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Mark Brown, Sasha Levin
From: Charles Keepax <ckeepax@opensource.cirrus.com>
[ Upstream commit ff69ec96b87dccb3a29edef8cec5d4fefbbc2055 ]
The endianness flag is used on the CODEC side to specify an
ambivalence to endian, typically because it is lost over the hardware
link. This device receives audio over an I2S DAI and as such should
have endianness applied.
A fixup is also required to use the width directly rather than relying
on the format in hw_params, now both little and big endian would be
supported. It is worth noting this changes the behaviour of S24_LE to
use a word length of 24 rather than 32. This would appear to be a
correction since the fact S24_LE is stored as 32 bits should not be
presented over the bus.
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220504170905.332415-26-ckeepax@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tscs454.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/sound/soc/codecs/tscs454.c b/sound/soc/codecs/tscs454.c
index c3587af9985c..3d981441b8d1 100644
--- a/sound/soc/codecs/tscs454.c
+++ b/sound/soc/codecs/tscs454.c
@@ -3128,18 +3128,17 @@ static int set_aif_sample_format(struct snd_soc_component *component,
unsigned int width;
int ret;
- switch (format) {
- case SNDRV_PCM_FORMAT_S16_LE:
+ switch (snd_pcm_format_width(format)) {
+ case 16:
width = FV_WL_16;
break;
- case SNDRV_PCM_FORMAT_S20_3LE:
+ case 20:
width = FV_WL_20;
break;
- case SNDRV_PCM_FORMAT_S24_3LE:
+ case 24:
width = FV_WL_24;
break;
- case SNDRV_PCM_FORMAT_S24_LE:
- case SNDRV_PCM_FORMAT_S32_LE:
+ case 32:
width = FV_WL_32;
break;
default:
@@ -3337,6 +3336,7 @@ static const struct snd_soc_component_driver soc_component_dev_tscs454 = {
.num_dapm_routes = ARRAY_SIZE(tscs454_intercon),
.controls = tscs454_snd_controls,
.num_controls = ARRAY_SIZE(tscs454_snd_controls),
+ .endianness = 1,
};
#define TSCS454_RATES SNDRV_PCM_RATE_8000_96000
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 043/411] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 042/411] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 044/411] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
` (372 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Richter, Sven Schnelle,
Heiko Carstens, Sasha Levin
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit 63678eecec57fc51b778be3da35a397931287170 ]
gcc 12 does not (always) optimize away code that should only be generated
if parameters are constant and within in a certain range. This depends on
various obscure kernel config options, however in particular
PROFILE_ALL_BRANCHES can trigger this compile error:
In function ‘__atomic_add_const’,
inlined from ‘__preempt_count_add.part.0’ at ./arch/s390/include/asm/preempt.h:50:3:
./arch/s390/include/asm/atomic_ops.h:80:9: error: impossible constraint in ‘asm’
80 | asm volatile( \
| ^~~
Workaround this by simply disabling the optimization for
PROFILE_ALL_BRANCHES, since the kernel will be so slow, that this
optimization won't matter at all.
Reported-by: Thomas Richter <tmricht@linux.ibm.com>
Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/preempt.h | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/preempt.h b/arch/s390/include/asm/preempt.h
index b5ea9e14c017..3dcd8ab3db73 100644
--- a/arch/s390/include/asm/preempt.h
+++ b/arch/s390/include/asm/preempt.h
@@ -52,10 +52,17 @@ static inline bool test_preempt_need_resched(void)
static inline void __preempt_count_add(int val)
{
- if (__builtin_constant_p(val) && (val >= -128) && (val <= 127))
- __atomic_add_const(val, &S390_lowcore.preempt_count);
- else
- __atomic_add(val, &S390_lowcore.preempt_count);
+ /*
+ * With some obscure config options and CONFIG_PROFILE_ALL_BRANCHES
+ * enabled, gcc 12 fails to handle __builtin_constant_p().
+ */
+ if (!IS_ENABLED(CONFIG_PROFILE_ALL_BRANCHES)) {
+ if (__builtin_constant_p(val) && (val >= -128) && (val <= 127)) {
+ __atomic_add_const(val, &S390_lowcore.preempt_count);
+ return;
+ }
+ }
+ __atomic_add(val, &S390_lowcore.preempt_count);
}
static inline void __preempt_count_sub(int val)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 044/411] spi: stm32-qspi: Fix wait_cmd timeout in APM mode
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 043/411] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 045/411] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
` (371 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrice Chotard, eberhard.stoll,
Mark Brown, Sasha Levin
From: Patrice Chotard <patrice.chotard@foss.st.com>
[ Upstream commit d83d89ea68b4726700fa87b22db075e4217e691c ]
In APM mode, TCF and TEF flags are not set. To avoid timeout in
stm32_qspi_wait_cmd(), don't check if TCF/TEF are set.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reported-by: eberhard.stoll@kontron.de
Link: https://lore.kernel.org/r/20220511074644.558874-2-patrice.chotard@foss.st.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32-qspi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-stm32-qspi.c b/drivers/spi/spi-stm32-qspi.c
index ea77d915216a..8070b7420217 100644
--- a/drivers/spi/spi-stm32-qspi.c
+++ b/drivers/spi/spi-stm32-qspi.c
@@ -293,7 +293,8 @@ static int stm32_qspi_wait_cmd(struct stm32_qspi *qspi,
if (!op->data.nbytes)
goto wait_nobusy;
- if (readl_relaxed(qspi->io_base + QSPI_SR) & SR_TCF)
+ if ((readl_relaxed(qspi->io_base + QSPI_SR) & SR_TCF) ||
+ qspi->fmode == CCR_FMODE_APM)
goto out;
reinit_completion(&qspi->data_completion);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 045/411] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 044/411] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 046/411] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
` (370 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Christoph Hellwig,
Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 84bc4f1dbbbb5f8aa68706a96711dccb28b518e5 ]
We observed the error "cacheline tracking ENOMEM, dma-debug disabled"
during a light system load (copying some files). The reason for this error
is that the dma_active_cacheline radix tree uses GFP_NOWAIT allocation -
so it can't access the emergency memory reserves and it fails as soon as
anybody reaches the watermark.
This patch changes GFP_NOWAIT to GFP_ATOMIC, so that it can access the
emergency memory reserves.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/dma/debug.c b/kernel/dma/debug.c
index 4dc3bbfd3e3f..1c133f610f59 100644
--- a/kernel/dma/debug.c
+++ b/kernel/dma/debug.c
@@ -450,7 +450,7 @@ void debug_dma_dump_mappings(struct device *dev)
* At any time debug_dma_assert_idle() can be called to trigger a
* warning if any cachelines in the given page are in the active set.
*/
-static RADIX_TREE(dma_active_cacheline, GFP_NOWAIT);
+static RADIX_TREE(dma_active_cacheline, GFP_ATOMIC);
static DEFINE_SPINLOCK(radix_lock);
#define ACTIVE_CACHELINE_MAX_OVERLAP ((1 << RADIX_TREE_MAX_TAGS) - 1)
#define CACHELINE_PER_PAGE_SHIFT (PAGE_SHIFT - L1_CACHE_SHIFT)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 046/411] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 045/411] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 047/411] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
` (369 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jian-Hong Pan, Mario Limonciello,
Rafael J. Wysocki, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit d52848620de00cde4a3a5df908e231b8c8868250 ]
ASUS B1400CEAE fails to resume from suspend to idle by default. This was
bisected back to commit df4f9bc4fb9c ("nvme-pci: add support for ACPI
StorageD3Enable property") but this is a red herring to the problem.
Before this commit the system wasn't getting into deepest sleep state.
Presumably this commit is allowing entry into deepest sleep state as
advertised by firmware, but there are some other problems related to
the wakeup.
As it is confirmed the system works properly with S3, set the default for
this system to S3.
Reported-by: Jian-Hong Pan <jhp@endlessos.org>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215742
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Tested-by: Jian-Hong Pan <jhp@endlessos.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/sleep.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index b0e23e3fe0d5..34966128293b 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -374,6 +374,18 @@ static const struct dmi_system_id acpisleep_dmi_table[] __initconst = {
DMI_MATCH(DMI_PRODUCT_NAME, "20GGA00L00"),
},
},
+ /*
+ * ASUS B1400CEAE hangs on resume from suspend (see
+ * https://bugzilla.kernel.org/show_bug.cgi?id=215742).
+ */
+ {
+ .callback = init_default_s3,
+ .ident = "ASUS B1400CEAE",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "ASUS EXPERTBOOK B1400CEAE"),
+ },
+ },
{},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 047/411] ipmi:ssif: Check for NULL msg when handling events and messages
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 046/411] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 048/411] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
` (368 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Corey Minyard, Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 7602b957e2404e5f98d9a40b68f1fd27f0028712 ]
Even though it's not possible to get into the SSIF_GETTING_MESSAGES and
SSIF_GETTING_EVENTS states without a valid message in the msg field,
it's probably best to be defensive here and check and print a log, since
that means something else went wrong.
Also add a default clause to that switch statement to release the lock
and print a log, in case the state variable gets messed up somehow.
Reported-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_ssif.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index bb42a1c92cae..60fb6c62f224 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -845,6 +845,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
break;
case SSIF_GETTING_EVENTS:
+ if (!msg) {
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "No message set while getting events\n");
+ ipmi_ssif_unlock_cond(ssif_info, flags);
+ break;
+ }
+
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
/* Error getting event, probably done. */
msg->done(msg);
@@ -869,6 +877,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
break;
case SSIF_GETTING_MESSAGES:
+ if (!msg) {
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "No message set while getting messages\n");
+ ipmi_ssif_unlock_cond(ssif_info, flags);
+ break;
+ }
+
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
/* Error getting event, probably done. */
msg->done(msg);
@@ -892,6 +908,13 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
deliver_recv_msg(ssif_info, msg);
}
break;
+
+ default:
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "Invalid state in message done handling: %d\n",
+ ssif_info->ssif_state);
+ ipmi_ssif_unlock_cond(ssif_info, flags);
}
flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 048/411] ipmi: Fix pr_fmt to avoid compilation issues
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 047/411] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 049/411] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
` (367 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Corey Minyard,
Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 2ebaf18a0b7fb764bba6c806af99fe868cee93de ]
The was it was wouldn't work in some situations, simplify it. What was
there was unnecessary complexity.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_msghandler.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index ad2e6d55d4a5..736970312bbc 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -11,8 +11,8 @@
* Copyright 2002 MontaVista Software Inc.
*/
-#define pr_fmt(fmt) "%s" fmt, "IPMI message handler: "
-#define dev_fmt pr_fmt
+#define pr_fmt(fmt) "IPMI message handler: " fmt
+#define dev_fmt(fmt) pr_fmt(fmt)
#include <linux/module.h>
#include <linux/errno.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 049/411] rtlwifi: Use pr_warn instead of WARN_ONCE
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 048/411] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 050/411] media: coda: limit frame interval enumeration to supported encoder frame sizes Greg Kroah-Hartman
` (366 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu, Kalle Valo,
Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit ad732da434a2936128769216eddaece3b1af4588 ]
This memory allocation failure can be triggered by fault injection or
high pressure testing, resulting a WARN.
Fix this by replacing WARN with pr_warn.
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220511014453.1621366-1-dzm91@hust.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index bad06939a247..9bcb187d37dc 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1013,7 +1013,7 @@ int rtl_usb_probe(struct usb_interface *intf,
hw = ieee80211_alloc_hw(sizeof(struct rtl_priv) +
sizeof(struct rtl_usb_priv), &rtl_ops);
if (!hw) {
- WARN_ONCE(true, "rtl_usb: ieee80211 alloc failed\n");
+ pr_warn("rtl_usb: ieee80211 alloc failed\n");
return -ENOMEM;
}
rtlpriv = hw->priv;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 050/411] media: coda: limit frame interval enumeration to supported encoder frame sizes
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 049/411] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 051/411] media: cec-adap.c: fix is_configuring state Greg Kroah-Hartman
` (365 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Zabel, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Philipp Zabel <p.zabel@pengutronix.de>
[ Upstream commit 67e33dd957880879e785cfea83a3aa24bd5c5577 ]
Let VIDIOC_ENUM_FRAMEINTERVALS return -EINVAL if userspace queries
frame intervals for frame sizes unsupported by the encoder. Fixes the
following v4l2-compliance failure:
fail: v4l2-test-formats.cpp(123): found frame intervals for invalid size 47x16
fail: v4l2-test-formats.cpp(282): node->codec_mask & STATEFUL_ENCODER
test VIDIOC_ENUM_FMT/FRAMESIZES/FRAMEINTERVALS: FAIL
[hverkuil: drop incorrect 'For decoder devices, return -ENOTTY.' in the commit log]
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/coda-common.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/platform/coda/coda-common.c
index 0adc54832657..fb469340634b 100644
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -1192,7 +1192,8 @@ static int coda_enum_frameintervals(struct file *file, void *fh,
struct v4l2_frmivalenum *f)
{
struct coda_ctx *ctx = fh_to_ctx(fh);
- int i;
+ struct coda_q_data *q_data;
+ const struct coda_codec *codec;
if (f->index)
return -EINVAL;
@@ -1201,12 +1202,19 @@ static int coda_enum_frameintervals(struct file *file, void *fh,
if (!ctx->vdoa && f->pixel_format == V4L2_PIX_FMT_YUYV)
return -EINVAL;
- for (i = 0; i < CODA_MAX_FORMATS; i++) {
- if (f->pixel_format == ctx->cvd->src_formats[i] ||
- f->pixel_format == ctx->cvd->dst_formats[i])
- break;
+ if (coda_format_normalize_yuv(f->pixel_format) == V4L2_PIX_FMT_YUV420) {
+ q_data = get_q_data(ctx, V4L2_BUF_TYPE_VIDEO_CAPTURE);
+ codec = coda_find_codec(ctx->dev, f->pixel_format,
+ q_data->fourcc);
+ } else {
+ codec = coda_find_codec(ctx->dev, V4L2_PIX_FMT_YUV420,
+ f->pixel_format);
}
- if (i == CODA_MAX_FORMATS)
+ if (!codec)
+ return -EINVAL;
+
+ if (f->width < MIN_W || f->width > codec->max_w ||
+ f->height < MIN_H || f->height > codec->max_h)
return -EINVAL;
f->type = V4L2_FRMIVAL_TYPE_CONTINUOUS;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 051/411] media: cec-adap.c: fix is_configuring state
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 050/411] media: coda: limit frame interval enumeration to supported encoder frame sizes Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 052/411] openrisc: start CPU timer early in boot Greg Kroah-Hartman
` (364 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 59267fc34f4900dcd2ec3295f6be04b79aee2186 ]
If an adapter is trying to claim a free logical address then it is
in the 'is_configuring' state. If during that process the cable is
disconnected (HPD goes low, which in turn invalidates the physical
address), then cec_adap_unconfigure() is called, and that set the
is_configuring boolean to false, even though the thread that's
trying to claim an LA is still running.
Don't touch the is_configuring bool in cec_adap_unconfigure(), it
will eventually be cleared by the thread. By making that change
the cec_config_log_addr() function also had to change: it was
aborting if is_configuring became false (since that is what
cec_adap_unconfigure() did), but that no longer works. Instead
check if the physical address is invalid. That is a much
more appropriate check anyway.
This fixes a bug where the the adapter could be disabled even
though the device was still configuring. This could cause POLL
transmits to time out.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/cec/cec-adap.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c
index 56857ac0a0be..c665f7d20c44 100644
--- a/drivers/media/cec/cec-adap.c
+++ b/drivers/media/cec/cec-adap.c
@@ -1263,7 +1263,7 @@ static int cec_config_log_addr(struct cec_adapter *adap,
* While trying to poll the physical address was reset
* and the adapter was unconfigured, so bail out.
*/
- if (!adap->is_configuring)
+ if (adap->phys_addr == CEC_PHYS_ADDR_INVALID)
return -EINTR;
if (err)
@@ -1321,7 +1321,6 @@ static void cec_adap_unconfigure(struct cec_adapter *adap)
adap->phys_addr != CEC_PHYS_ADDR_INVALID)
WARN_ON(adap->ops->adap_log_addr(adap, CEC_LOG_ADDR_INVALID));
adap->log_addrs.log_addr_mask = 0;
- adap->is_configuring = false;
adap->is_configured = false;
memset(adap->phys_addrs, 0xff, sizeof(adap->phys_addrs));
cec_flush(adap);
@@ -1514,9 +1513,10 @@ static int cec_config_thread_func(void *arg)
for (i = 0; i < las->num_log_addrs; i++)
las->log_addr[i] = CEC_LOG_ADDR_INVALID;
cec_adap_unconfigure(adap);
+ adap->is_configuring = false;
adap->kthread_config = NULL;
- mutex_unlock(&adap->lock);
complete(&adap->config_completion);
+ mutex_unlock(&adap->lock);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 052/411] openrisc: start CPU timer early in boot
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 051/411] media: cec-adap.c: fix is_configuring state Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 053/411] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags Greg Kroah-Hartman
` (363 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Arnd Bergmann,
Jonas Bonn, Stefan Kristiansson, Stafford Horne, Guenter Roeck,
Jason A. Donenfeld, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 516dd4aacd67a0f27da94f3fe63fe0f4dbab6e2b ]
In order to measure the boot process, the timer should be switched on as
early in boot as possible. As well, the commit defines the get_cycles
macro, like the previous patches in this series, so that generic code is
aware that it's implemented by the platform, as is done on other archs.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Jonas Bonn <jonas@southpole.se>
Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
Acked-by: Stafford Horne <shorne@gmail.com>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/openrisc/include/asm/timex.h | 1 +
arch/openrisc/kernel/head.S | 9 +++++++++
2 files changed, 10 insertions(+)
diff --git a/arch/openrisc/include/asm/timex.h b/arch/openrisc/include/asm/timex.h
index d52b4e536e3f..5487fa93dd9b 100644
--- a/arch/openrisc/include/asm/timex.h
+++ b/arch/openrisc/include/asm/timex.h
@@ -23,6 +23,7 @@ static inline cycles_t get_cycles(void)
{
return mfspr(SPR_TTCR);
}
+#define get_cycles get_cycles
/* This isn't really used any more */
#define CLOCK_TICK_RATE 1000
diff --git a/arch/openrisc/kernel/head.S b/arch/openrisc/kernel/head.S
index b0dc974f9a74..ffbbf639b7f9 100644
--- a/arch/openrisc/kernel/head.S
+++ b/arch/openrisc/kernel/head.S
@@ -521,6 +521,15 @@ _start:
l.ori r3,r0,0x1
l.mtspr r0,r3,SPR_SR
+ /*
+ * Start the TTCR as early as possible, so that the RNG can make use of
+ * measurements of boot time from the earliest opportunity. Especially
+ * important is that the TTCR does not return zero by the time we reach
+ * rand_initialize().
+ */
+ l.movhi r3,hi(SPR_TTMR_CR)
+ l.mtspr r0,r3,SPR_TTMR
+
CLEAR_GPR(r1)
CLEAR_GPR(r2)
CLEAR_GPR(r3)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 053/411] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 052/411] openrisc: start CPU timer early in boot Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 054/411] ASoC: rt5645: Fix errorenous cleanup order Greg Kroah-Hartman
` (362 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kyle Smith, Chaitanya Kulkarni,
Hannes Reinecke, Christoph Hellwig, Sasha Levin
From: Smith, Kyle Miller (Nimble Kernel) <kyles@hpe.com>
[ Upstream commit da42761181627e9bdc37d18368b827948a583929 ]
In nvme_alloc_admin_tags, the admin_q can be set to an error (typically
-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which
is checked immediately after the call. However, when we return the error
message up the stack, to nvme_reset_work the error takes us to
nvme_remove_dead_ctrl()
nvme_dev_disable()
nvme_suspend_queue(&dev->queues[0]).
Here, we only check that the admin_q is non-NULL, rather than not
an error or NULL, and begin quiescing a queue that never existed, leading
to bad / NULL pointer dereference.
Signed-off-by: Kyle Smith <kyles@hpe.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index af516c35afe6..10fe7a7a2163 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1674,6 +1674,7 @@ static int nvme_alloc_admin_tags(struct nvme_dev *dev)
dev->ctrl.admin_q = blk_mq_init_queue(&dev->admin_tagset);
if (IS_ERR(dev->ctrl.admin_q)) {
blk_mq_free_tag_set(&dev->admin_tagset);
+ dev->ctrl.admin_q = NULL;
return -ENOMEM;
}
if (!blk_get_queue(dev->ctrl.admin_q)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 054/411] ASoC: rt5645: Fix errorenous cleanup order
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 053/411] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 055/411] nbd: Fix hung on disconnect request if socket is closed before Greg Kroah-Hartman
` (361 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lin Ma, Mark Brown, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 2def44d3aec59e38d2701c568d65540783f90f2f ]
There is a logic error when removing rt5645 device as the function
rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and
delete the &rt5645->btn_check_timer latter. However, since the timer
handler rt5645_btn_check_callback() will re-queue the jack_detect_work,
this cleanup order is buggy.
That is, once the del_timer_sync in rt5645_i2c_remove is concurrently
run with the rt5645_btn_check_callback, the canceled jack_detect_work
will be rescheduled again, leading to possible use-after-free.
This patch fix the issue by placing the del_timer_sync function before
the cancel_delayed_work_sync.
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20220516092035.28283-1-linma@zju.edu.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5645.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c
index c83f7f5da96b..a66e93a3af74 100644
--- a/sound/soc/codecs/rt5645.c
+++ b/sound/soc/codecs/rt5645.c
@@ -4074,9 +4074,14 @@ static int rt5645_i2c_remove(struct i2c_client *i2c)
if (i2c->irq)
free_irq(i2c->irq, rt5645);
+ /*
+ * Since the rt5645_btn_check_callback() can queue jack_detect_work,
+ * the timer need to be delted first
+ */
+ del_timer_sync(&rt5645->btn_check_timer);
+
cancel_delayed_work_sync(&rt5645->jack_detect_work);
cancel_delayed_work_sync(&rt5645->rcclock_work);
- del_timer_sync(&rt5645->btn_check_timer);
regulator_bulk_disable(ARRAY_SIZE(rt5645->supplies), rt5645->supplies);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 055/411] nbd: Fix hung on disconnect request if socket is closed before
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 054/411] ASoC: rt5645: Fix errorenous cleanup order Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 056/411] net: phy: micrel: Allow probing without .driver_data Greg Kroah-Hartman
` (360 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Jianhai, Xie Yongji, Josef Bacik,
Jens Axboe, Sasha Levin
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit 491bf8f236fdeec698fa6744993f1ecf3fafd1a5 ]
When userspace closes the socket before sending a disconnect
request, the following I/O requests will be blocked in
wait_for_reconnect() until dead timeout. This will cause the
following disconnect request also hung on blk_mq_quiesce_queue().
That means we have no way to disconnect a nbd device if there
are some I/O requests waiting for reconnecting until dead timeout.
It's not expected. So let's wake up the thread waiting for
reconnecting directly when a disconnect request is sent.
Reported-by: Xu Jianhai <zero.xu@bytedance.com>
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220322080639.142-1-xieyongji@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 25e81b1a59a5..510e75435c43 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -865,11 +865,15 @@ static int wait_for_reconnect(struct nbd_device *nbd)
struct nbd_config *config = nbd->config;
if (!config->dead_conn_timeout)
return 0;
- if (test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags))
+
+ if (!wait_event_timeout(config->conn_wait,
+ test_bit(NBD_RT_DISCONNECTED,
+ &config->runtime_flags) ||
+ atomic_read(&config->live_connections) > 0,
+ config->dead_conn_timeout))
return 0;
- return wait_event_timeout(config->conn_wait,
- atomic_read(&config->live_connections) > 0,
- config->dead_conn_timeout) > 0;
+
+ return !test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags);
}
static int nbd_handle_cmd(struct nbd_cmd *cmd, int index)
@@ -2014,6 +2018,7 @@ static void nbd_disconnect_and_put(struct nbd_device *nbd)
mutex_lock(&nbd->config_lock);
nbd_disconnect(nbd);
sock_shutdown(nbd);
+ wake_up(&nbd->config->conn_wait);
/*
* Make sure recv thread has finished, so it does not drop the last
* config ref and try to destroy the workqueue from inside the work
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 056/411] net: phy: micrel: Allow probing without .driver_data
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 055/411] nbd: Fix hung on disconnect request if socket is closed before Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 057/411] media: exynos4-is: Fix compile warning Greg Kroah-Hartman
` (359 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Andrew Lunn,
Jakub Kicinski, Sasha Levin
From: Fabio Estevam <festevam@denx.de>
[ Upstream commit f2ef6f7539c68c6bd6c32323d8845ee102b7c450 ]
Currently, if the .probe element is present in the phy_driver structure
and the .driver_data is not, a NULL pointer dereference happens.
Allow passing .probe without .driver_data by inserting NULL checks
for priv->type.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220513114613.762810-1-festevam@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/micrel.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c
index 18cc5e4280e8..721153dcfd15 100644
--- a/drivers/net/phy/micrel.c
+++ b/drivers/net/phy/micrel.c
@@ -282,7 +282,7 @@ static int kszphy_config_reset(struct phy_device *phydev)
}
}
- if (priv->led_mode >= 0)
+ if (priv->type && priv->led_mode >= 0)
kszphy_setup_led(phydev, priv->type->led_mode_reg, priv->led_mode);
return 0;
@@ -298,10 +298,10 @@ static int kszphy_config_init(struct phy_device *phydev)
type = priv->type;
- if (type->has_broadcast_disable)
+ if (type && type->has_broadcast_disable)
kszphy_broadcast_disable(phydev);
- if (type->has_nand_tree_disable)
+ if (type && type->has_nand_tree_disable)
kszphy_nand_tree_disable(phydev);
return kszphy_config_reset(phydev);
@@ -939,7 +939,7 @@ static int kszphy_probe(struct phy_device *phydev)
priv->type = type;
- if (type->led_mode_reg) {
+ if (type && type->led_mode_reg) {
ret = of_property_read_u32(np, "micrel,led-mode",
&priv->led_mode);
if (ret)
@@ -960,7 +960,8 @@ static int kszphy_probe(struct phy_device *phydev)
unsigned long rate = clk_get_rate(clk);
bool rmii_ref_clk_sel_25_mhz;
- priv->rmii_ref_clk_sel = type->has_rmii_ref_clk_sel;
+ if (type)
+ priv->rmii_ref_clk_sel = type->has_rmii_ref_clk_sel;
rmii_ref_clk_sel_25_mhz = of_property_read_bool(np,
"micrel,rmii-reference-clock-select-25-mhz");
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 057/411] media: exynos4-is: Fix compile warning
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 056/411] net: phy: micrel: Allow probing without .driver_data Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 058/411] ASoC: max98357a: remove dependency on GPIOLIB Greg Kroah-Hartman
` (358 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Kwanghoon Son,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
From: Kwanghoon Son <k.son@samsung.com>
[ Upstream commit e080f5c1f2b6d02c02ee5d674e0e392ccf63bbaf ]
Declare static on function 'fimc_isp_video_device_unregister'.
When VIDEO_EXYNOS4_ISP_DMA_CAPTURE=n, compiler warns about
warning: no previous prototype for function [-Wmissing-prototypes]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Kwanghoon Son <k.son@samsung.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-isp-video.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-isp-video.h b/drivers/media/platform/exynos4-is/fimc-isp-video.h
index edcb3a5e3cb9..2dd4ddbc748a 100644
--- a/drivers/media/platform/exynos4-is/fimc-isp-video.h
+++ b/drivers/media/platform/exynos4-is/fimc-isp-video.h
@@ -32,7 +32,7 @@ static inline int fimc_isp_video_device_register(struct fimc_isp *isp,
return 0;
}
-void fimc_isp_video_device_unregister(struct fimc_isp *isp,
+static inline void fimc_isp_video_device_unregister(struct fimc_isp *isp,
enum v4l2_buf_type type)
{
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 058/411] ASoC: max98357a: remove dependency on GPIOLIB
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 057/411] media: exynos4-is: Fix compile warning Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 059/411] hwmon: Make chip parameter for with_info API mandatory Greg Kroah-Hartman
` (357 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Pierre-Louis Bossart, Péter Ujfalusi, Mark Brown,
Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit 21ca3274333f5c1cbbf9d91e5b33f4f2463859b2 ]
commit dcc2c012c7691 ("ASoC: Fix gpiolib dependencies") removed a
series of unnecessary dependencies on GPIOLIB when the gpio was
optional.
A similar simplification seems valid for max98357a, so remove the
dependency as well. This will avoid the following warning
WARNING: unmet direct dependencies detected for SND_SOC_MAX98357A
Depends on [n]: SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] && GPIOLIB [=n]
Selected by [y]:
- SND_SOC_INTEL_SOF_CS42L42_MACH [=y] && SOUND [=y] && !UML &&
SND [=y] && SND_SOC [=y] && SND_SOC_INTEL_MACH [=y] &&
(SND_SOC_SOF_HDA_LINK [=y] || SND_SOC_SOF_BAYTRAIL [=n]) && I2C
[=y] && ACPI [=y] && SND_HDA_CODEC_HDMI [=y] &&
SND_SOC_SOF_HDA_AUDIO_CODEC [=y] && (MFD_INTEL_LPSS [=y] ||
COMPILE_TEST [=n])
Reported-by: kernel test robot <yujie.liu@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Link: https://lore.kernel.org/r/20220517172647.468244-2-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/sound/soc/codecs/Kconfig b/sound/soc/codecs/Kconfig
index 466dc67799f4..dfc536cd9d2f 100644
--- a/sound/soc/codecs/Kconfig
+++ b/sound/soc/codecs/Kconfig
@@ -759,7 +759,6 @@ config SND_SOC_MAX98095
config SND_SOC_MAX98357A
tristate "Maxim MAX98357A CODEC"
- depends on GPIOLIB
config SND_SOC_MAX98371
tristate
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 059/411] hwmon: Make chip parameter for with_info API mandatory
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 058/411] ASoC: max98357a: remove dependency on GPIOLIB Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 060/411] rxrpc: Return an error to sendmsg if call failed Greg Kroah-Hartman
` (356 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Sasha Levin
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit ddaefa209c4ac791c1262e97c9b2d0440c8ef1d5 ]
Various attempts were made recently to "convert" the old
hwmon_device_register() API to devm_hwmon_device_register_with_info()
by just changing the function name without actually converting the
driver. Prevent this from happening by making the 'chip' parameter of
devm_hwmon_device_register_with_info() mandatory.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/hwmon/hwmon-kernel-api.rst | 2 +-
drivers/hwmon/hwmon.c | 16 +++++++---------
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/Documentation/hwmon/hwmon-kernel-api.rst b/Documentation/hwmon/hwmon-kernel-api.rst
index c41eb6108103..23f27fe78e37 100644
--- a/Documentation/hwmon/hwmon-kernel-api.rst
+++ b/Documentation/hwmon/hwmon-kernel-api.rst
@@ -72,7 +72,7 @@ hwmon_device_register_with_info is the most comprehensive and preferred means
to register a hardware monitoring device. It creates the standard sysfs
attributes in the hardware monitoring core, letting the driver focus on reading
from and writing to the chip instead of having to bother with sysfs attributes.
-The parent device parameter cannot be NULL with non-NULL chip info. Its
+The parent device parameter as well as the chip parameter must not be NULL. Its
parameters are described in more detail below.
devm_hwmon_device_register_with_info is similar to
diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c
index a2175394cd25..c73b93b9bb87 100644
--- a/drivers/hwmon/hwmon.c
+++ b/drivers/hwmon/hwmon.c
@@ -715,11 +715,12 @@ EXPORT_SYMBOL_GPL(hwmon_device_register_with_groups);
/**
* hwmon_device_register_with_info - register w/ hwmon
- * @dev: the parent device
- * @name: hwmon name attribute
- * @drvdata: driver data to attach to created device
- * @chip: pointer to hwmon chip information
+ * @dev: the parent device (mandatory)
+ * @name: hwmon name attribute (mandatory)
+ * @drvdata: driver data to attach to created device (optional)
+ * @chip: pointer to hwmon chip information (mandatory)
* @extra_groups: pointer to list of additional non-standard attribute groups
+ * (optional)
*
* hwmon_device_unregister() must be called when the device is no
* longer needed.
@@ -732,13 +733,10 @@ hwmon_device_register_with_info(struct device *dev, const char *name,
const struct hwmon_chip_info *chip,
const struct attribute_group **extra_groups)
{
- if (!name)
- return ERR_PTR(-EINVAL);
-
- if (chip && (!chip->ops || !chip->ops->is_visible || !chip->info))
+ if (!dev || !name || !chip)
return ERR_PTR(-EINVAL);
- if (chip && !dev)
+ if (!chip->ops || !chip->ops->is_visible || !chip->info)
return ERR_PTR(-EINVAL);
return __hwmon_device_register(dev, name, drvdata, chip, extra_groups);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 060/411] rxrpc: Return an error to sendmsg if call failed
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 059/411] hwmon: Make chip parameter for with_info API mandatory Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 061/411] eth: tg3: silence the GCC 12 array-bounds warning Greg Kroah-Hartman
` (355 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Dionne, David Howells,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 4ba68c5192554876bd8c3afd904e3064d2915341 ]
If at the end of rxrpc sendmsg() or rxrpc_kernel_send_data() the call that
was being given data was aborted remotely or otherwise failed, return an
error rather than returning the amount of data buffered for transmission.
The call (presumably) did not complete, so there's not much point
continuing with it. AF_RXRPC considers it "complete" and so will be
unwilling to do anything else with it - and won't send a notification for
it, deeming the return from sendmsg sufficient.
Not returning an error causes afs to incorrectly handle a StoreData
operation that gets interrupted by a change of address due to NAT
reconfiguration.
This doesn't normally affect most operations since their request parameters
tend to fit into a single UDP packet and afs_make_call() returns before the
server responds; StoreData is different as it involves transmission of a
lot of data.
This can be triggered on a client by doing something like:
dd if=/dev/zero of=/afs/example.com/foo bs=1M count=512
at one prompt, and then changing the network address at another prompt,
e.g.:
ifconfig enp6s0 inet 192.168.6.2 && route add 192.168.6.1 dev enp6s0
Tracing packets on an Auristor fileserver looks something like:
192.168.6.1 -> 192.168.6.3 RX 107 ACK Idle Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
192.168.6.3 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(64538) (64538)
192.168.6.3 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(64538) (64538)
192.168.6.1 -> 192.168.6.3 RX 107 ACK Idle Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
<ARP exchange for 192.168.6.2>
192.168.6.2 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(0) (0)
192.168.6.2 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(0) (0)
192.168.6.1 -> 192.168.6.2 RX 107 ACK Exceeds Window Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
192.168.6.1 -> 192.168.6.2 RX 74 ABORT Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
192.168.6.1 -> 192.168.6.2 RX 74 ABORT Seq: 29321 Call: 4 Source Port: 7000 Destination Port: 7001
The Auristor fileserver logs code -453 (RXGEN_SS_UNMARSHAL), but the abort
code received by kafs is -5 (RX_PROTOCOL_ERROR) as the rx layer sees the
condition and generates an abort first and the unmarshal error is a
consequence of that at the application layer.
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Link: http://lists.infradead.org/pipermail/linux-afs/2021-December/004810.html # v1
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/sendmsg.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c
index 1a340eb0abf7..22f020099214 100644
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -463,6 +463,12 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
success:
ret = copied;
+ if (READ_ONCE(call->state) == RXRPC_CALL_COMPLETE) {
+ read_lock_bh(&call->state_lock);
+ if (call->error < 0)
+ ret = call->error;
+ read_unlock_bh(&call->state_lock);
+ }
out:
call->tx_pending = skb;
_leave(" = %d", ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 061/411] eth: tg3: silence the GCC 12 array-bounds warning
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 060/411] rxrpc: Return an error to sendmsg if call failed Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 062/411] selftests/bpf: fix btf_dump/btf_dump due to recent clang change Greg Kroah-Hartman
` (354 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, David S. Miller, Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 9dec850fd7c210a04b4707df8e6c95bfafdd6a4b ]
GCC 12 currently generates a rather inconsistent warning:
drivers/net/ethernet/broadcom/tg3.c:17795:51: warning: array subscript 5 is above array bounds of ‘struct tg3_napi[5]’ [-Warray-bounds]
17795 | struct tg3_napi *tnapi = &tp->napi[i];
| ~~~~~~~~^~~
i is guaranteed < tp->irq_max which in turn is either 1 or 5.
There are more loops like this one in the driver, but strangely
GCC 12 dislikes only this single one.
Silence this silliness for now.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/Makefile b/drivers/net/ethernet/broadcom/Makefile
index 7046ad6d3d0e..ac50da49ca77 100644
--- a/drivers/net/ethernet/broadcom/Makefile
+++ b/drivers/net/ethernet/broadcom/Makefile
@@ -16,3 +16,8 @@ obj-$(CONFIG_BGMAC_BCMA) += bgmac-bcma.o bgmac-bcma-mdio.o
obj-$(CONFIG_BGMAC_PLATFORM) += bgmac-platform.o
obj-$(CONFIG_SYSTEMPORT) += bcmsysport.o
obj-$(CONFIG_BNXT) += bnxt/
+
+# FIXME: temporarily silence -Warray-bounds on non W=1+ builds
+ifndef KBUILD_EXTRA_WARN
+CFLAGS_tg3.o += -Wno-array-bounds
+endif
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 062/411] selftests/bpf: fix btf_dump/btf_dump due to recent clang change
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 061/411] eth: tg3: silence the GCC 12 array-bounds warning Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 063/411] IB/rdmavt: add missing locks in rvt_ruc_loopback Greg Kroah-Hartman
` (353 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mykola Lysenko, Yonghong Song,
Alexei Starovoitov, Sasha Levin
From: Yonghong Song <yhs@fb.com>
[ Upstream commit 4050764cbaa25760aab40857f723393c07898474 ]
Latest llvm-project upstream had a change of behavior
related to qualifiers on function return type ([1]).
This caused selftests btf_dump/btf_dump failure.
The following example shows what changed.
$ cat t.c
typedef const char * const (* const (* const fn_ptr_arr2_t[5])())(char * (*)(int));
struct t {
int a;
fn_ptr_arr2_t l;
};
int foo(struct t *arg) {
return arg->a;
}
Compiled with latest upstream llvm15,
$ clang -O2 -g -target bpf -S -emit-llvm t.c
The related generated debuginfo IR looks like:
!16 = !DIDerivedType(tag: DW_TAG_typedef, name: "fn_ptr_arr2_t", file: !1, line: 1, baseType: !17)
!17 = !DICompositeType(tag: DW_TAG_array_type, baseType: !18, size: 320, elements: !32)
!18 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !19)
!19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64)
!20 = !DISubroutineType(types: !21)
!21 = !{!22, null}
!22 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !23, size: 64)
!23 = !DISubroutineType(types: !24)
!24 = !{!25, !28}
!25 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !26, size: 64)
!26 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !27)
!27 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char)
You can see two intermediate const qualifier to pointer are dropped in debuginfo IR.
With llvm14, we have following debuginfo IR:
!16 = !DIDerivedType(tag: DW_TAG_typedef, name: "fn_ptr_arr2_t", file: !1, line: 1, baseType: !17)
!17 = !DICompositeType(tag: DW_TAG_array_type, baseType: !18, size: 320, elements: !34)
!18 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !19)
!19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64)
!20 = !DISubroutineType(types: !21)
!21 = !{!22, null}
!22 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !23)
!23 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !24, size: 64)
!24 = !DISubroutineType(types: !25)
!25 = !{!26, !30}
!26 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !27)
!27 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !28, size: 64)
!28 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !29)
!29 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char)
All const qualifiers are preserved.
To adapt the selftest to both old and new llvm, this patch removed
the intermediate const qualifier in const-to-ptr types, to make the
test succeed again.
[1] https://reviews.llvm.org/D125919
Reported-by: Mykola Lysenko <mykolal@fb.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20220523152044.3905809-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c b/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c
index d4a02fe44a12..0620580a5c16 100644
--- a/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c
+++ b/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c
@@ -94,7 +94,7 @@ typedef void (* (*signal_t)(int, void (*)(int)))(int);
typedef char * (*fn_ptr_arr1_t[10])(int **);
-typedef char * (* const (* const fn_ptr_arr2_t[5])())(char * (*)(int));
+typedef char * (* (* const fn_ptr_arr2_t[5])())(char * (*)(int));
struct struct_w_typedefs {
int_t a;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 063/411] IB/rdmavt: add missing locks in rvt_ruc_loopback
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 062/411] selftests/bpf: fix btf_dump/btf_dump due to recent clang change Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 064/411] ARM: dts: ox820: align interrupt controller node name with dtschema Greg Kroah-Hartman
` (352 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niels Dossche, Jason Gunthorpe, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 22cbc6c2681a0a4fe76150270426e763d52353a4 ]
The documentation of the function rvt_error_qp says both r_lock and
s_lock need to be held when calling that function.
It also asserts using lockdep that both of those locks are held.
rvt_error_qp is called form rvt_send_cq, which is called from
rvt_qp_complete_swqe, which is called from rvt_send_complete, which is
called from rvt_ruc_loopback in two places. Both of these places do not
hold r_lock. Fix this by acquiring a spin_lock of r_lock in both of
these places.
The r_lock acquiring cannot be added in rvt_qp_complete_swqe because
some of its other callers already have r_lock acquired.
Link: https://lore.kernel.org/r/20220228195144.71946-1-dossche.niels@gmail.com
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rdmavt/qp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c
index 48e8612c1bc8..e97c13967174 100644
--- a/drivers/infiniband/sw/rdmavt/qp.c
+++ b/drivers/infiniband/sw/rdmavt/qp.c
@@ -2812,7 +2812,7 @@ void rvt_qp_iter(struct rvt_dev_info *rdi,
EXPORT_SYMBOL(rvt_qp_iter);
/*
- * This should be called with s_lock held.
+ * This should be called with s_lock and r_lock held.
*/
void rvt_send_complete(struct rvt_qp *qp, struct rvt_swqe *wqe,
enum ib_wc_status status)
@@ -3171,7 +3171,9 @@ void rvt_ruc_loopback(struct rvt_qp *sqp)
rvp->n_loop_pkts++;
flush_send:
sqp->s_rnr_retry = sqp->s_rnr_retry_cnt;
+ spin_lock(&sqp->r_lock);
rvt_send_complete(sqp, wqe, send_status);
+ spin_unlock(&sqp->r_lock);
if (local_ops) {
atomic_dec(&sqp->local_ops_pending);
local_ops = 0;
@@ -3225,7 +3227,9 @@ void rvt_ruc_loopback(struct rvt_qp *sqp)
spin_unlock_irqrestore(&qp->r_lock, flags);
serr_no_r_lock:
spin_lock_irqsave(&sqp->s_lock, flags);
+ spin_lock(&sqp->r_lock);
rvt_send_complete(sqp, wqe, send_status);
+ spin_unlock(&sqp->r_lock);
if (sqp->ibqp.qp_type == IB_QPT_RC) {
int lastwqe;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 064/411] ARM: dts: ox820: align interrupt controller node name with dtschema
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 063/411] IB/rdmavt: add missing locks in rvt_ruc_loopback Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 065/411] PM / devfreq: rk3399_dmc: Disable edev on remove() Greg Kroah-Hartman
` (351 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Neil Armstrong,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit fbcd5ad7a419ad40644a0bb8b4152bc660172d8a ]
Fixes dtbs_check warnings like:
gic@1000: $nodename:0: 'gic@1000' does not match '^interrupt-controller(@[0-9a-f,]+)*$'
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20220317115705.450427-1-krzysztof.kozlowski@canonical.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/ox820.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/ox820.dtsi b/arch/arm/boot/dts/ox820.dtsi
index 90846a7655b4..dde4364892bf 100644
--- a/arch/arm/boot/dts/ox820.dtsi
+++ b/arch/arm/boot/dts/ox820.dtsi
@@ -287,7 +287,7 @@
clocks = <&armclk>;
};
- gic: gic@1000 {
+ gic: interrupt-controller@1000 {
compatible = "arm,arm11mp-gic";
interrupt-controller;
#interrupt-cells = <3>;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 065/411] PM / devfreq: rk3399_dmc: Disable edev on remove()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 064/411] ARM: dts: ox820: align interrupt controller node name with dtschema Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 066/411] fs: jfs: fix possible NULL pointer dereference in dbFree() Greg Kroah-Hartman
` (350 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Chanwoo Choi, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 2fccf9e6050e0e3b8b4cd275d41daf7f7fa22804 ]
Otherwise we hit an unablanced enable-count when unbinding the DFI
device:
[ 1279.659119] ------------[ cut here ]------------
[ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c
...
[ 1279.659352] Hardware name: Google Kevin (DT)
[ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
[ 1279.659371] pc : devfreq_event_remove_edev+0x84/0x8c
[ 1279.659380] lr : devm_devfreq_event_release+0x1c/0x28
...
[ 1279.659571] Call trace:
[ 1279.659582] devfreq_event_remove_edev+0x84/0x8c
[ 1279.659590] devm_devfreq_event_release+0x1c/0x28
[ 1279.659602] release_nodes+0x1cc/0x244
[ 1279.659611] devres_release_all+0x44/0x60
[ 1279.659621] device_release_driver_internal+0x11c/0x1ac
[ 1279.659629] device_driver_detach+0x20/0x2c
[ 1279.659641] unbind_store+0x7c/0xb0
[ 1279.659650] drv_attr_store+0x2c/0x40
[ 1279.659663] sysfs_kf_write+0x44/0x58
[ 1279.659672] kernfs_fop_write_iter+0xf4/0x190
[ 1279.659684] vfs_write+0x2b0/0x2e4
[ 1279.659693] ksys_write+0x80/0xec
[ 1279.659701] __arm64_sys_write+0x24/0x30
[ 1279.659714] el0_svc_common+0xf0/0x1d8
[ 1279.659724] do_el0_svc_compat+0x28/0x3c
[ 1279.659738] el0_svc_compat+0x10/0x1c
[ 1279.659746] el0_sync_compat_handler+0xa8/0xcc
[ 1279.659758] el0_sync_compat+0x188/0x1c0
[ 1279.659768] ---[ end trace cec200e5094155b4 ]---
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/devfreq/rk3399_dmc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/devfreq/rk3399_dmc.c b/drivers/devfreq/rk3399_dmc.c
index 027769e39f9b..a491dcfa1dd0 100644
--- a/drivers/devfreq/rk3399_dmc.c
+++ b/drivers/devfreq/rk3399_dmc.c
@@ -485,6 +485,8 @@ static int rk3399_dmcfreq_remove(struct platform_device *pdev)
{
struct rk3399_dmcfreq *dmcfreq = dev_get_drvdata(&pdev->dev);
+ devfreq_event_disable_edev(dmcfreq->edev);
+
/*
* Before remove the opp table we need to unregister the opp notifier.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 066/411] fs: jfs: fix possible NULL pointer dereference in dbFree()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 065/411] PM / devfreq: rk3399_dmc: Disable edev on remove() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 067/411] ARM: OMAP1: clock: Fix UART rate reporting algorithm Greg Kroah-Hartman
` (349 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TOTE Robot, Zixuan Fu, Dave Kleikamp,
Sasha Levin
From: Zixuan Fu <r33s3n6@gmail.com>
[ Upstream commit 0d4837fdb796f99369cf7691d33de1b856bcaf1f ]
In our fault-injection testing, the variable "nblocks" in dbFree() can be
zero when kmalloc_array() fails in dtSearch(). In this case, the variable
"mp" in dbFree() would be NULL and then it is dereferenced in
"write_metapage(mp)".
The failure log is listed as follows:
[ 13.824137] BUG: kernel NULL pointer dereference, address: 0000000000000020
...
[ 13.827416] RIP: 0010:dbFree+0x5f7/0x910 [jfs]
[ 13.834341] Call Trace:
[ 13.834540] <TASK>
[ 13.834713] txFreeMap+0x7b4/0xb10 [jfs]
[ 13.835038] txUpdateMap+0x311/0x650 [jfs]
[ 13.835375] jfs_lazycommit+0x5f2/0xc70 [jfs]
[ 13.835726] ? sched_dynamic_update+0x1b0/0x1b0
[ 13.836092] kthread+0x3c2/0x4a0
[ 13.836355] ? txLockFree+0x160/0x160 [jfs]
[ 13.836763] ? kthread_unuse_mm+0x160/0x160
[ 13.837106] ret_from_fork+0x1f/0x30
[ 13.837402] </TASK>
...
This patch adds a NULL check of "mp" before "write_metapage(mp)" is called.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Zixuan Fu <r33s3n6@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_dmap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 79f3440e204b..d3cb27487c70 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -385,7 +385,8 @@ int dbFree(struct inode *ip, s64 blkno, s64 nblocks)
}
/* write the last buffer. */
- write_metapage(mp);
+ if (mp)
+ write_metapage(mp);
IREAD_UNLOCK(ipbmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 067/411] ARM: OMAP1: clock: Fix UART rate reporting algorithm
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 066/411] fs: jfs: fix possible NULL pointer dereference in dbFree() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 068/411] powerpc/fadump: Fix fadump to work with a different endian capture kernel Greg Kroah-Hartman
` (348 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Janusz Krzysztofik, Tony Lindgren,
Arnd Bergmann, Sasha Levin
From: Janusz Krzysztofik <jmkrzyszt@gmail.com>
[ Upstream commit 338d5d476cde853dfd97378d20496baabc2ce3c0 ]
Since its introduction to the mainline kernel, omap1_uart_recalc() helper
makes incorrect use of clk->enable_bit as a ready to use bitmap mask while
it only provides the bit number. Fix it.
Signed-off-by: Janusz Krzysztofik <jmkrzyszt@gmail.com>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-omap1/clock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-omap1/clock.c b/arch/arm/mach-omap1/clock.c
index bd5be82101f3..d89bda12bf3c 100644
--- a/arch/arm/mach-omap1/clock.c
+++ b/arch/arm/mach-omap1/clock.c
@@ -41,7 +41,7 @@ static DEFINE_SPINLOCK(clockfw_lock);
unsigned long omap1_uart_recalc(struct clk *clk)
{
unsigned int val = __raw_readl(clk->enable_reg);
- return val & clk->enable_bit ? 48000000 : 12000000;
+ return val & 1 << clk->enable_bit ? 48000000 : 12000000;
}
unsigned long omap1_sossi_recalc(struct clk *clk)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 068/411] powerpc/fadump: Fix fadump to work with a different endian capture kernel
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 067/411] ARM: OMAP1: clock: Fix UART rate reporting algorithm Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 069/411] fat: add ratelimit to fat*_ent_bread() Greg Kroah-Hartman
` (347 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Bathini, Michael Ellerman, Sasha Levin
From: Hari Bathini <hbathini@linux.ibm.com>
[ Upstream commit b74196af372f7cb4902179009265fe63ac81824f ]
Dump capture would fail if capture kernel is not of the endianess as the
production kernel, because the in-memory data structure (struct
opal_fadump_mem_struct) shared across production kernel and capture
kernel assumes the same endianess for both the kernels, which doesn't
have to be true always. Fix it by having a well-defined endianess for
struct opal_fadump_mem_struct.
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/161902744901.86147.14719228311655123526.stgit@hbathini
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/opal-fadump.c | 94 +++++++++++---------
arch/powerpc/platforms/powernv/opal-fadump.h | 10 +--
2 files changed, 57 insertions(+), 47 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/opal-fadump.c b/arch/powerpc/platforms/powernv/opal-fadump.c
index d361d37d975f..f5cea068f0bd 100644
--- a/arch/powerpc/platforms/powernv/opal-fadump.c
+++ b/arch/powerpc/platforms/powernv/opal-fadump.c
@@ -60,7 +60,7 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
addr = be64_to_cpu(addr);
pr_debug("Kernel metadata addr: %llx\n", addr);
opal_fdm_active = (void *)addr;
- if (opal_fdm_active->registered_regions == 0)
+ if (be16_to_cpu(opal_fdm_active->registered_regions) == 0)
return;
ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_BOOT_MEM, &addr);
@@ -95,17 +95,17 @@ static int opal_fadump_unregister(struct fw_dump *fadump_conf);
static void opal_fadump_update_config(struct fw_dump *fadump_conf,
const struct opal_fadump_mem_struct *fdm)
{
- pr_debug("Boot memory regions count: %d\n", fdm->region_cnt);
+ pr_debug("Boot memory regions count: %d\n", be16_to_cpu(fdm->region_cnt));
/*
* The destination address of the first boot memory region is the
* destination address of boot memory regions.
*/
- fadump_conf->boot_mem_dest_addr = fdm->rgn[0].dest;
+ fadump_conf->boot_mem_dest_addr = be64_to_cpu(fdm->rgn[0].dest);
pr_debug("Destination address of boot memory regions: %#016llx\n",
fadump_conf->boot_mem_dest_addr);
- fadump_conf->fadumphdr_addr = fdm->fadumphdr_addr;
+ fadump_conf->fadumphdr_addr = be64_to_cpu(fdm->fadumphdr_addr);
}
/*
@@ -126,9 +126,9 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
fadump_conf->boot_memory_size = 0;
pr_debug("Boot memory regions:\n");
- for (i = 0; i < fdm->region_cnt; i++) {
- base = fdm->rgn[i].src;
- size = fdm->rgn[i].size;
+ for (i = 0; i < be16_to_cpu(fdm->region_cnt); i++) {
+ base = be64_to_cpu(fdm->rgn[i].src);
+ size = be64_to_cpu(fdm->rgn[i].size);
pr_debug("\t[%03d] base: 0x%lx, size: 0x%lx\n", i, base, size);
fadump_conf->boot_mem_addr[i] = base;
@@ -143,7 +143,7 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
* Start address of reserve dump area (permanent reservation) for
* re-registering FADump after dump capture.
*/
- fadump_conf->reserve_dump_area_start = fdm->rgn[0].dest;
+ fadump_conf->reserve_dump_area_start = be64_to_cpu(fdm->rgn[0].dest);
/*
* Rarely, but it can so happen that system crashes before all
@@ -155,13 +155,14 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
* Hope the memory that could not be preserved only has pages
* that are usually filtered out while saving the vmcore.
*/
- if (fdm->region_cnt > fdm->registered_regions) {
+ if (be16_to_cpu(fdm->region_cnt) > be16_to_cpu(fdm->registered_regions)) {
pr_warn("Not all memory regions were saved!!!\n");
pr_warn(" Unsaved memory regions:\n");
- i = fdm->registered_regions;
- while (i < fdm->region_cnt) {
+ i = be16_to_cpu(fdm->registered_regions);
+ while (i < be16_to_cpu(fdm->region_cnt)) {
pr_warn("\t[%03d] base: 0x%llx, size: 0x%llx\n",
- i, fdm->rgn[i].src, fdm->rgn[i].size);
+ i, be64_to_cpu(fdm->rgn[i].src),
+ be64_to_cpu(fdm->rgn[i].size));
i++;
}
@@ -170,7 +171,7 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
}
fadump_conf->boot_mem_top = (fadump_conf->boot_memory_size + hole_size);
- fadump_conf->boot_mem_regs_cnt = fdm->region_cnt;
+ fadump_conf->boot_mem_regs_cnt = be16_to_cpu(fdm->region_cnt);
opal_fadump_update_config(fadump_conf, fdm);
}
@@ -178,35 +179,38 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
static void opal_fadump_init_metadata(struct opal_fadump_mem_struct *fdm)
{
fdm->version = OPAL_FADUMP_VERSION;
- fdm->region_cnt = 0;
- fdm->registered_regions = 0;
- fdm->fadumphdr_addr = 0;
+ fdm->region_cnt = cpu_to_be16(0);
+ fdm->registered_regions = cpu_to_be16(0);
+ fdm->fadumphdr_addr = cpu_to_be64(0);
}
static u64 opal_fadump_init_mem_struct(struct fw_dump *fadump_conf)
{
u64 addr = fadump_conf->reserve_dump_area_start;
+ u16 reg_cnt;
int i;
opal_fdm = __va(fadump_conf->kernel_metadata);
opal_fadump_init_metadata(opal_fdm);
/* Boot memory regions */
+ reg_cnt = be16_to_cpu(opal_fdm->region_cnt);
for (i = 0; i < fadump_conf->boot_mem_regs_cnt; i++) {
- opal_fdm->rgn[i].src = fadump_conf->boot_mem_addr[i];
- opal_fdm->rgn[i].dest = addr;
- opal_fdm->rgn[i].size = fadump_conf->boot_mem_sz[i];
+ opal_fdm->rgn[i].src = cpu_to_be64(fadump_conf->boot_mem_addr[i]);
+ opal_fdm->rgn[i].dest = cpu_to_be64(addr);
+ opal_fdm->rgn[i].size = cpu_to_be64(fadump_conf->boot_mem_sz[i]);
- opal_fdm->region_cnt++;
+ reg_cnt++;
addr += fadump_conf->boot_mem_sz[i];
}
+ opal_fdm->region_cnt = cpu_to_be16(reg_cnt);
/*
* Kernel metadata is passed to f/w and retrieved in capture kerenl.
* So, use it to save fadump header address instead of calculating it.
*/
- opal_fdm->fadumphdr_addr = (opal_fdm->rgn[0].dest +
- fadump_conf->boot_memory_size);
+ opal_fdm->fadumphdr_addr = cpu_to_be64(be64_to_cpu(opal_fdm->rgn[0].dest) +
+ fadump_conf->boot_memory_size);
opal_fadump_update_config(fadump_conf, opal_fdm);
@@ -269,18 +273,21 @@ static u64 opal_fadump_get_bootmem_min(void)
static int opal_fadump_register(struct fw_dump *fadump_conf)
{
s64 rc = OPAL_PARAMETER;
+ u16 registered_regs;
int i, err = -EIO;
- for (i = 0; i < opal_fdm->region_cnt; i++) {
+ registered_regs = be16_to_cpu(opal_fdm->registered_regions);
+ for (i = 0; i < be16_to_cpu(opal_fdm->region_cnt); i++) {
rc = opal_mpipl_update(OPAL_MPIPL_ADD_RANGE,
- opal_fdm->rgn[i].src,
- opal_fdm->rgn[i].dest,
- opal_fdm->rgn[i].size);
+ be64_to_cpu(opal_fdm->rgn[i].src),
+ be64_to_cpu(opal_fdm->rgn[i].dest),
+ be64_to_cpu(opal_fdm->rgn[i].size));
if (rc != OPAL_SUCCESS)
break;
- opal_fdm->registered_regions++;
+ registered_regs++;
}
+ opal_fdm->registered_regions = cpu_to_be16(registered_regs);
switch (rc) {
case OPAL_SUCCESS:
@@ -291,7 +298,8 @@ static int opal_fadump_register(struct fw_dump *fadump_conf)
case OPAL_RESOURCE:
/* If MAX regions limit in f/w is hit, warn and proceed. */
pr_warn("%d regions could not be registered for MPIPL as MAX limit is reached!\n",
- (opal_fdm->region_cnt - opal_fdm->registered_regions));
+ (be16_to_cpu(opal_fdm->region_cnt) -
+ be16_to_cpu(opal_fdm->registered_regions)));
fadump_conf->dump_registered = 1;
err = 0;
break;
@@ -312,7 +320,7 @@ static int opal_fadump_register(struct fw_dump *fadump_conf)
* If some regions were registered before OPAL_MPIPL_ADD_RANGE
* OPAL call failed, unregister all regions.
*/
- if ((err < 0) && (opal_fdm->registered_regions > 0))
+ if ((err < 0) && (be16_to_cpu(opal_fdm->registered_regions) > 0))
opal_fadump_unregister(fadump_conf);
return err;
@@ -328,7 +336,7 @@ static int opal_fadump_unregister(struct fw_dump *fadump_conf)
return -EIO;
}
- opal_fdm->registered_regions = 0;
+ opal_fdm->registered_regions = cpu_to_be16(0);
fadump_conf->dump_registered = 0;
return 0;
}
@@ -563,19 +571,20 @@ static void opal_fadump_region_show(struct fw_dump *fadump_conf,
else
fdm_ptr = opal_fdm;
- for (i = 0; i < fdm_ptr->region_cnt; i++) {
+ for (i = 0; i < be16_to_cpu(fdm_ptr->region_cnt); i++) {
/*
* Only regions that are registered for MPIPL
* would have dump data.
*/
if ((fadump_conf->dump_active) &&
- (i < fdm_ptr->registered_regions))
- dumped_bytes = fdm_ptr->rgn[i].size;
+ (i < be16_to_cpu(fdm_ptr->registered_regions)))
+ dumped_bytes = be64_to_cpu(fdm_ptr->rgn[i].size);
seq_printf(m, "DUMP: Src: %#016llx, Dest: %#016llx, ",
- fdm_ptr->rgn[i].src, fdm_ptr->rgn[i].dest);
+ be64_to_cpu(fdm_ptr->rgn[i].src),
+ be64_to_cpu(fdm_ptr->rgn[i].dest));
seq_printf(m, "Size: %#llx, Dumped: %#llx bytes\n",
- fdm_ptr->rgn[i].size, dumped_bytes);
+ be64_to_cpu(fdm_ptr->rgn[i].size), dumped_bytes);
}
/* Dump is active. Show reserved area start address. */
@@ -624,6 +633,7 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
{
const __be32 *prop;
unsigned long dn;
+ __be64 be_addr;
u64 addr = 0;
int i, len;
s64 ret;
@@ -680,13 +690,13 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
if (!prop)
return;
- ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_KERNEL, &addr);
- if ((ret != OPAL_SUCCESS) || !addr) {
+ ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_KERNEL, &be_addr);
+ if ((ret != OPAL_SUCCESS) || !be_addr) {
pr_err("Failed to get Kernel metadata (%lld)\n", ret);
return;
}
- addr = be64_to_cpu(addr);
+ addr = be64_to_cpu(be_addr);
pr_debug("Kernel metadata addr: %llx\n", addr);
opal_fdm_active = __va(addr);
@@ -697,14 +707,14 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
}
/* Kernel regions not registered with f/w for MPIPL */
- if (opal_fdm_active->registered_regions == 0) {
+ if (be16_to_cpu(opal_fdm_active->registered_regions) == 0) {
opal_fdm_active = NULL;
return;
}
- ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_CPU, &addr);
- if (addr) {
- addr = be64_to_cpu(addr);
+ ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_CPU, &be_addr);
+ if (be_addr) {
+ addr = be64_to_cpu(be_addr);
pr_debug("CPU metadata addr: %llx\n", addr);
opal_cpu_metadata = __va(addr);
}
diff --git a/arch/powerpc/platforms/powernv/opal-fadump.h b/arch/powerpc/platforms/powernv/opal-fadump.h
index f1e9ecf548c5..3f715efb0aa6 100644
--- a/arch/powerpc/platforms/powernv/opal-fadump.h
+++ b/arch/powerpc/platforms/powernv/opal-fadump.h
@@ -31,14 +31,14 @@
* OPAL FADump kernel metadata
*
* The address of this structure will be registered with f/w for retrieving
- * and processing during crash dump.
+ * in the capture kernel to process the crash dump.
*/
struct opal_fadump_mem_struct {
u8 version;
u8 reserved[3];
- u16 region_cnt; /* number of regions */
- u16 registered_regions; /* Regions registered for MPIPL */
- u64 fadumphdr_addr;
+ __be16 region_cnt; /* number of regions */
+ __be16 registered_regions; /* Regions registered for MPIPL */
+ __be64 fadumphdr_addr;
struct opal_mpipl_region rgn[FADUMP_MAX_MEM_REGS];
} __packed;
@@ -135,7 +135,7 @@ static inline void opal_fadump_read_regs(char *bufp, unsigned int regs_cnt,
for (i = 0; i < regs_cnt; i++, bufp += reg_entry_size) {
reg_entry = (struct hdat_fadump_reg_entry *)bufp;
val = (cpu_endian ? be64_to_cpu(reg_entry->reg_val) :
- reg_entry->reg_val);
+ (u64)(reg_entry->reg_val));
opal_fadump_set_regval_regnum(regs,
be32_to_cpu(reg_entry->reg_type),
be32_to_cpu(reg_entry->reg_num),
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 069/411] fat: add ratelimit to fat*_ent_bread()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 068/411] powerpc/fadump: Fix fadump to work with a different endian capture kernel Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 070/411] ARM: versatile: Add missing of_node_put in dcscb_init Greg Kroah-Hartman
` (346 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, OGAWA Hirofumi, qianfan,
Andrew Morton, Sasha Levin
From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
[ Upstream commit 183c3237c928109d2008c0456dff508baf692b20 ]
fat*_ent_bread() can be the cause of too many report on I/O error path.
So use fat_msg_ratelimit() instead.
Link: https://lkml.kernel.org/r/87bkxogfeq.fsf@mail.parknet.co.jp
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Reported-by: qianfan <qianfanguijin@163.com>
Tested-by: qianfan <qianfanguijin@163.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fat/fatent.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/fat/fatent.c b/fs/fat/fatent.c
index 3647c65a0f48..0191eb1dc7f6 100644
--- a/fs/fat/fatent.c
+++ b/fs/fat/fatent.c
@@ -93,7 +93,8 @@ static int fat12_ent_bread(struct super_block *sb, struct fat_entry *fatent,
err_brelse:
brelse(bhs[0]);
err:
- fat_msg(sb, KERN_ERR, "FAT read failed (blocknr %llu)", (llu)blocknr);
+ fat_msg_ratelimit(sb, KERN_ERR, "FAT read failed (blocknr %llu)",
+ (llu)blocknr);
return -EIO;
}
@@ -106,8 +107,8 @@ static int fat_ent_bread(struct super_block *sb, struct fat_entry *fatent,
fatent->fat_inode = MSDOS_SB(sb)->fat_inode;
fatent->bhs[0] = sb_bread(sb, blocknr);
if (!fatent->bhs[0]) {
- fat_msg(sb, KERN_ERR, "FAT read failed (blocknr %llu)",
- (llu)blocknr);
+ fat_msg_ratelimit(sb, KERN_ERR, "FAT read failed (blocknr %llu)",
+ (llu)blocknr);
return -EIO;
}
fatent->nr_bhs = 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 070/411] ARM: versatile: Add missing of_node_put in dcscb_init
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 069/411] fat: add ratelimit to fat*_ent_bread() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 071/411] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM Greg Kroah-Hartman
` (345 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Wu, Linus Walleij,
Arnd Bergmann, Sasha Levin
From: Peng Wu <wupeng58@huawei.com>
[ Upstream commit 23b44f9c649bbef10b45fa33080cd8b4166800ae ]
The device_node pointer is returned by of_find_compatible_node
with refcount incremented. We should use of_node_put() to avoid
the refcount leak.
Signed-off-by: Peng Wu <wupeng58@huawei.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220428230356.69418-1-linus.walleij@linaro.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-vexpress/dcscb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-vexpress/dcscb.c b/arch/arm/mach-vexpress/dcscb.c
index 46a903c88c6a..f553cde614f9 100644
--- a/arch/arm/mach-vexpress/dcscb.c
+++ b/arch/arm/mach-vexpress/dcscb.c
@@ -143,6 +143,7 @@ static int __init dcscb_init(void)
if (!node)
return -ENODEV;
dcscb_base = of_iomap(node, 0);
+ of_node_put(node);
if (!dcscb_base)
return -EADDRNOTAVAIL;
cfg = readl_relaxed(dcscb_base + DCS_CFG_R);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 071/411] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 070/411] ARM: versatile: Add missing of_node_put in dcscb_init Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 072/411] ARM: hisi: Add missing of_node_put after of_find_compatible_node Greg Kroah-Hartman
` (344 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Herring, Krzysztof Kozlowski,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit f038e8186fbc5723d7d38c6fa1d342945107347e ]
The Samsung s524ad0xd1 EEPROM should use atmel,24c128 fallback,
according to the AT24 EEPROM bindings.
Reported-by: Rob Herring <robh@kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220426183443.243113-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos5250-smdk5250.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/exynos5250-smdk5250.dts b/arch/arm/boot/dts/exynos5250-smdk5250.dts
index fa5dd992e327..c7e350ea03fe 100644
--- a/arch/arm/boot/dts/exynos5250-smdk5250.dts
+++ b/arch/arm/boot/dts/exynos5250-smdk5250.dts
@@ -128,7 +128,7 @@
samsung,i2c-max-bus-freq = <20000>;
eeprom@50 {
- compatible = "samsung,s524ad0xd1";
+ compatible = "samsung,s524ad0xd1", "atmel,24c128";
reg = <0x50>;
};
@@ -287,7 +287,7 @@
samsung,i2c-max-bus-freq = <20000>;
eeprom@51 {
- compatible = "samsung,s524ad0xd1";
+ compatible = "samsung,s524ad0xd1", "atmel,24c128";
reg = <0x51>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 072/411] ARM: hisi: Add missing of_node_put after of_find_compatible_node
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 071/411] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 073/411] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() Greg Kroah-Hartman
` (343 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Peng Wu, Wei Xu, Sasha Levin
From: Peng Wu <wupeng58@huawei.com>
[ Upstream commit 9bc72e47d4630d58a840a66a869c56b29554cfe4 ]
of_find_compatible_node will increment the refcount of the returned
device_node. Calling of_node_put() to avoid the refcount leak
Signed-off-by: Peng Wu <wupeng58@huawei.com>
Signed-off-by: Wei Xu <xuwei5@hisilicon.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-hisi/platsmp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm/mach-hisi/platsmp.c b/arch/arm/mach-hisi/platsmp.c
index da7a09c1dae5..1cd1d9b0aabf 100644
--- a/arch/arm/mach-hisi/platsmp.c
+++ b/arch/arm/mach-hisi/platsmp.c
@@ -67,14 +67,17 @@ static void __init hi3xxx_smp_prepare_cpus(unsigned int max_cpus)
}
ctrl_base = of_iomap(np, 0);
if (!ctrl_base) {
+ of_node_put(np);
pr_err("failed to map address\n");
return;
}
if (of_property_read_u32(np, "smp-offset", &offset) < 0) {
+ of_node_put(np);
pr_err("failed to find smp-offset property\n");
return;
}
ctrl_base += offset;
+ of_node_put(np);
}
}
@@ -160,6 +163,7 @@ static int hip01_boot_secondary(unsigned int cpu, struct task_struct *idle)
if (WARN_ON(!node))
return -1;
ctrl_base = of_iomap(node, 0);
+ of_node_put(node);
/* set the secondary core boot from DDR */
remap_reg_value = readl_relaxed(ctrl_base + REG_SC_CTRL);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 073/411] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 072/411] ARM: hisi: Add missing of_node_put after of_find_compatible_node Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 074/411] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate Greg Kroah-Hartman
` (342 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yicong Yang, Bjorn Helgaas,
Sasha Levin, Jay Zhou
From: Yicong Yang <yangyicong@hisilicon.com>
[ Upstream commit a91ee0e9fca9d7501286cfbced9b30a33e52740a ]
The sysfs sriov_numvfs_store() path acquires the device lock before the
config space access lock:
sriov_numvfs_store
device_lock # A (1) acquire device lock
sriov_configure
vfio_pci_sriov_configure # (for example)
vfio_pci_core_sriov_configure
pci_disable_sriov
sriov_disable
pci_cfg_access_lock
pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0
Previously, pci_dev_lock() acquired the config space access lock before the
device lock:
pci_dev_lock
pci_cfg_access_lock
dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1
device_lock # A (3) wait for device lock
Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may
deadlock with sriov_numvfs_store() if the operations occur in the sequence
(1) (2) (3) (4).
Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires
the device lock before the config space access lock, the same as the
sriov_numvfs_store() path.
[bhelgaas: combined and adapted commit log from Jay Zhou's independent
subsequent posting:
https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]
Link: https://lore.kernel.org/linux-pci/1583489997-17156-1-git-send-email-yangyicong@hisilicon.com/
Also-posted-by: Jay Zhou <jianjay.zhou@huawei.com>
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pci.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index d539eb379743..c988aa425ac9 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -4915,18 +4915,18 @@ static int pci_dev_reset_slot_function(struct pci_dev *dev, int probe)
static void pci_dev_lock(struct pci_dev *dev)
{
- pci_cfg_access_lock(dev);
/* block PM suspend, driver probe, etc. */
device_lock(&dev->dev);
+ pci_cfg_access_lock(dev);
}
/* Return 1 on successful lock, 0 on contention */
static int pci_dev_trylock(struct pci_dev *dev)
{
- if (pci_cfg_access_trylock(dev)) {
- if (device_trylock(&dev->dev))
+ if (device_trylock(&dev->dev)) {
+ if (pci_cfg_access_trylock(dev))
return 1;
- pci_cfg_access_unlock(dev);
+ device_unlock(&dev->dev);
}
return 0;
@@ -4934,8 +4934,8 @@ static int pci_dev_trylock(struct pci_dev *dev)
static void pci_dev_unlock(struct pci_dev *dev)
{
- device_unlock(&dev->dev);
pci_cfg_access_unlock(dev);
+ device_unlock(&dev->dev);
}
static void pci_dev_save_and_disable(struct pci_dev *dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 074/411] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 073/411] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 075/411] powerpc/xics: fix refcount leak in icp_opal_init() Greg Kroah-Hartman
` (341 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vasily Averin,
Steven Rostedt (Google),
Andrew Morton, Sasha Levin
From: Vasily Averin <vvs@openvz.org>
[ Upstream commit 2b132903de7124dd9a758be0c27562e91a510848 ]
Fixes following sparse warnings:
CHECK mm/vmscan.c
mm/vmscan.c: note: in included file (through
include/trace/trace_events.h, include/trace/define_trace.h,
include/trace/events/vmscan.h):
./include/trace/events/vmscan.h:281:1: sparse: warning:
cast to restricted isolate_mode_t
./include/trace/events/vmscan.h:281:1: sparse: warning:
restricted isolate_mode_t degrades to integer
Link: https://lkml.kernel.org/r/e85d7ff2-fd10-53f8-c24e-ba0458439c1b@openvz.org
Signed-off-by: Vasily Averin <vvs@openvz.org>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/vmscan.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/trace/events/vmscan.h b/include/trace/events/vmscan.h
index a5ab2973e8dc..57184c02e3b9 100644
--- a/include/trace/events/vmscan.h
+++ b/include/trace/events/vmscan.h
@@ -283,7 +283,7 @@ TRACE_EVENT(mm_vmscan_lru_isolate,
__field(unsigned long, nr_scanned)
__field(unsigned long, nr_skipped)
__field(unsigned long, nr_taken)
- __field(isolate_mode_t, isolate_mode)
+ __field(unsigned int, isolate_mode)
__field(int, lru)
),
@@ -294,7 +294,7 @@ TRACE_EVENT(mm_vmscan_lru_isolate,
__entry->nr_scanned = nr_scanned;
__entry->nr_skipped = nr_skipped;
__entry->nr_taken = nr_taken;
- __entry->isolate_mode = isolate_mode;
+ __entry->isolate_mode = (__force unsigned int)isolate_mode;
__entry->lru = lru;
),
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 075/411] powerpc/xics: fix refcount leak in icp_opal_init()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 074/411] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 076/411] powerpc/powernv: fix missing of_node_put in uv_init() Greg Kroah-Hartman
` (340 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Michael Ellerman, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 5dd9e27ea4a39f7edd4bf81e9e70208e7ac0b7c9 ]
The of_find_compatible_node() function returns a node pointer with
refcount incremented, use of_node_put() on it when done.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220402013419.2410298-1-lv.ruyi@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/xics/icp-opal.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/sysdev/xics/icp-opal.c b/arch/powerpc/sysdev/xics/icp-opal.c
index 68fd2540b093..7fa520efcefa 100644
--- a/arch/powerpc/sysdev/xics/icp-opal.c
+++ b/arch/powerpc/sysdev/xics/icp-opal.c
@@ -195,6 +195,7 @@ int icp_opal_init(void)
printk("XICS: Using OPAL ICP fallbacks\n");
+ of_node_put(np);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 076/411] powerpc/powernv: fix missing of_node_put in uv_init()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 075/411] powerpc/xics: fix refcount leak in icp_opal_init() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 077/411] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled Greg Kroah-Hartman
` (339 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Michael Ellerman, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 3ffa9fd471f57f365bc54fc87824c530422f64a5 ]
of_find_compatible_node() returns node pointer with refcount incremented,
use of_node_put() on it when done.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220407090043.2491854-1-lv.ruyi@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/ultravisor.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/powernv/ultravisor.c b/arch/powerpc/platforms/powernv/ultravisor.c
index e4a00ad06f9d..67c8c4b2d8b1 100644
--- a/arch/powerpc/platforms/powernv/ultravisor.c
+++ b/arch/powerpc/platforms/powernv/ultravisor.c
@@ -55,6 +55,7 @@ static int __init uv_init(void)
return -ENODEV;
uv_memcons = memcons_init(node, "memcons");
+ of_node_put(node);
if (!uv_memcons)
return -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 077/411] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 076/411] powerpc/powernv: fix missing of_node_put in uv_init() Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 078/411] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart Greg Kroah-Hartman
` (338 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Finn Thain,
Randy Dunlap, Christophe Leroy, Michael Ellerman, Sasha Levin
From: Finn Thain <fthain@linux-m68k.org>
[ Upstream commit 86ce436e30d86327c9f5260f718104ae7b21f506 ]
drivers/macintosh/via-pmu-event.o: In function `via_pmu_event':
via-pmu-event.c:(.text+0x44): undefined reference to `input_event'
via-pmu-event.c:(.text+0x68): undefined reference to `input_event'
via-pmu-event.c:(.text+0x94): undefined reference to `input_event'
via-pmu-event.c:(.text+0xb8): undefined reference to `input_event'
drivers/macintosh/via-pmu-event.o: In function `via_pmu_event_init':
via-pmu-event.c:(.init.text+0x20): undefined reference to `input_allocate_device'
via-pmu-event.c:(.init.text+0xc4): undefined reference to `input_register_device'
via-pmu-event.c:(.init.text+0xd4): undefined reference to `input_free_device'
make[1]: *** [Makefile:1155: vmlinux] Error 1
make: *** [Makefile:350: __build_one_by_one] Error 2
Don't call into the input subsystem unless CONFIG_INPUT is built-in.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Finn Thain <fthain@linux-m68k.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/5edbe76ce68227f71e09af4614cc4c1bd61c7ec8.1649326292.git.fthain@linux-m68k.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/Kconfig | 4 ++++
drivers/macintosh/Makefile | 3 ++-
drivers/macintosh/via-pmu.c | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/macintosh/Kconfig b/drivers/macintosh/Kconfig
index 574e122ae105..abaf1401cca6 100644
--- a/drivers/macintosh/Kconfig
+++ b/drivers/macintosh/Kconfig
@@ -67,6 +67,10 @@ config ADB_PMU
this device; you should do so if your machine is one of those
mentioned above.
+config ADB_PMU_EVENT
+ def_bool y
+ depends on ADB_PMU && INPUT=y
+
config ADB_PMU_LED
bool "Support for the Power/iBook front LED"
depends on PPC_PMAC && ADB_PMU
diff --git a/drivers/macintosh/Makefile b/drivers/macintosh/Makefile
index 49819b1b6f20..712edcb3e0b0 100644
--- a/drivers/macintosh/Makefile
+++ b/drivers/macintosh/Makefile
@@ -12,7 +12,8 @@ obj-$(CONFIG_MAC_EMUMOUSEBTN) += mac_hid.o
obj-$(CONFIG_INPUT_ADBHID) += adbhid.o
obj-$(CONFIG_ANSLCD) += ans-lcd.o
-obj-$(CONFIG_ADB_PMU) += via-pmu.o via-pmu-event.o
+obj-$(CONFIG_ADB_PMU) += via-pmu.o
+obj-$(CONFIG_ADB_PMU_EVENT) += via-pmu-event.o
obj-$(CONFIG_ADB_PMU_LED) += via-pmu-led.o
obj-$(CONFIG_PMAC_BACKLIGHT) += via-pmu-backlight.o
obj-$(CONFIG_ADB_CUDA) += via-cuda.o
diff --git a/drivers/macintosh/via-pmu.c b/drivers/macintosh/via-pmu.c
index 21d532a78fa4..d8b6ac2ec313 100644
--- a/drivers/macintosh/via-pmu.c
+++ b/drivers/macintosh/via-pmu.c
@@ -1464,7 +1464,7 @@ pmu_handle_data(unsigned char *data, int len)
pmu_pass_intr(data, len);
/* len == 6 is probably a bad check. But how do I
* know what PMU versions send what events here? */
- if (len == 6) {
+ if (IS_ENABLED(CONFIG_ADB_PMU_EVENT) && len == 6) {
via_pmu_event(PMU_EVT_POWER, !!(data[1]&8));
via_pmu_event(PMU_EVT_LID, data[1]&1);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 078/411] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 077/411] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 079/411] RDMA/hfi1: Prevent panic when SDMA is disabled Greg Kroah-Hartman
` (337 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Wu, Michael Ellerman, Sasha Levin
From: Peng Wu <wupeng58@huawei.com>
[ Upstream commit 57b742a5b8945118022973e6416b71351df512fb ]
The device_node pointer is returned by of_find_compatible_node
with refcount incremented. We should use of_node_put() to avoid
the refcount leak.
Signed-off-by: Peng Wu <wupeng58@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220425081245.21705-1-wupeng58@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/dart_iommu.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/sysdev/dart_iommu.c b/arch/powerpc/sysdev/dart_iommu.c
index 6b4a34b36d98..8ff9bcfe4b8d 100644
--- a/arch/powerpc/sysdev/dart_iommu.c
+++ b/arch/powerpc/sysdev/dart_iommu.c
@@ -403,9 +403,10 @@ void __init iommu_init_early_dart(struct pci_controller_ops *controller_ops)
}
/* Initialize the DART HW */
- if (dart_init(dn) != 0)
+ if (dart_init(dn) != 0) {
+ of_node_put(dn);
return;
-
+ }
/*
* U4 supports a DART bypass, we use it for 64-bit capable devices to
* improve performance. However, that only works for devices connected
@@ -418,6 +419,7 @@ void __init iommu_init_early_dart(struct pci_controller_ops *controller_ops)
/* Setup pci_dma ops */
set_pci_dma_ops(&dma_iommu_ops);
+ of_node_put(dn);
}
#ifdef CONFIG_PM
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 079/411] RDMA/hfi1: Prevent panic when SDMA is disabled
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 078/411] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 080/411] drm: fix EDID struct for old ARM OABI format Greg Kroah-Hartman
` (336 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Miller, Dennis Dalessandro,
Jason Gunthorpe, Sasha Levin
From: Douglas Miller <doug.miller@cornelisnetworks.com>
[ Upstream commit 629e052d0c98e46dde9f0824f0aa437f678d9b8f ]
If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to
hfi1_write_iter() will dereference a NULL pointer and panic. A typical
stack frame is:
sdma_select_user_engine [hfi1]
hfi1_user_sdma_process_request [hfi1]
hfi1_write_iter [hfi1]
do_iter_readv_writev
do_iter_write
vfs_writev
do_writev
do_syscall_64
The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with
EINVAL.
Link: https://lore.kernel.org/r/20220520183706.48973.79803.stgit@awfm-01.cornelisnetworks.com
Signed-off-by: Douglas Miller <doug.miller@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/file_ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c
index 89e1dfd07a1b..8c7ba7bad42b 100644
--- a/drivers/infiniband/hw/hfi1/file_ops.c
+++ b/drivers/infiniband/hw/hfi1/file_ops.c
@@ -308,6 +308,8 @@ static ssize_t hfi1_write_iter(struct kiocb *kiocb, struct iov_iter *from)
unsigned long dim = from->nr_segs;
int idx;
+ if (!HFI1_CAP_IS_KSET(SDMA))
+ return -EINVAL;
idx = srcu_read_lock(&fd->pq_srcu);
pq = srcu_dereference(fd->pq, &fd->pq_srcu);
if (!cq || !pq) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 080/411] drm: fix EDID struct for old ARM OABI format
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 079/411] RDMA/hfi1: Prevent panic when SDMA is disabled Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 081/411] ath9k: fix ar9003_get_eepmisc Greg Kroah-Hartman
` (335 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sudip Mukherjee, Arnd Bergmann,
Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann,
David Airlie, Daniel Vetter, Linus Torvalds, Sasha Levin
From: Linus Torvalds <torvalds@linux-foundation.org>
[ Upstream commit 47f15561b69e226bfc034e94ff6dbec51a4662af ]
When building the kernel for arm with the "-mabi=apcs-gnu" option, gcc
will force alignment of all structures and unions to a word boundary
(see also STRUCTURE_SIZE_BOUNDARY and the "-mstructure-size-boundary=XX"
option if you're a gcc person), even when the members of said structures
do not want or need said alignment.
This completely messes up the structure alignment of 'struct edid' on
those targets, because even though all the embedded structures are
marked with "__attribute__((packed))", the unions that contain them are
not.
This was exposed by commit f1e4c916f97f ("drm/edid: add EDID block count
and size helpers"), but the bug is pre-existing. That commit just made
the structure layout problem cause a build failure due to the addition
of the
BUILD_BUG_ON(sizeof(*edid) != EDID_LENGTH);
sanity check in drivers/gpu/drm/drm_edid.c:edid_block_data().
This legacy union alignment should probably not be used in the first
place, but we can fix the layout by adding the packed attribute to the
union entries even when each member is already packed and it shouldn't
matter in a sane build environment.
You can see this issue with a trivial test program:
union {
struct {
char c[5];
};
struct {
char d;
unsigned e;
} __attribute__((packed));
} a = { "1234" };
where building this with a normal "gcc -S" will result in the expected
5-byte size of said union:
.type a, @object
.size a, 5
but with an ARM compiler and the old ABI:
arm-linux-gnu-gcc -mabi=apcs-gnu -mfloat-abi=soft -S t.c
you get
.type a, %object
.size a, 8
instead, because even though each member of the union is packed, the
union itself still gets aligned.
This was reported by Sudip for the spear3xx_defconfig target.
Link: https://lore.kernel.org/lkml/YpCUzStDnSgQLNFN@debian/
Reported-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/drm/drm_edid.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/drm/drm_edid.h b/include/drm/drm_edid.h
index b9719418c3d2..f40a97417b68 100644
--- a/include/drm/drm_edid.h
+++ b/include/drm/drm_edid.h
@@ -116,7 +116,7 @@ struct detailed_data_monitor_range {
u8 supported_scalings;
u8 preferred_refresh;
} __attribute__((packed)) cvt;
- } formula;
+ } __attribute__((packed)) formula;
} __attribute__((packed));
struct detailed_data_wpindex {
@@ -149,7 +149,7 @@ struct detailed_non_pixel {
struct detailed_data_wpindex color;
struct std_timing timings[6];
struct cvt_timing cvt[4];
- } data;
+ } __attribute__((packed)) data;
} __attribute__((packed));
#define EDID_DETAIL_EST_TIMINGS 0xf7
@@ -167,7 +167,7 @@ struct detailed_timing {
union {
struct detailed_pixel_timing pixel_data;
struct detailed_non_pixel other_data;
- } data;
+ } __attribute__((packed)) data;
} __attribute__((packed));
#define DRM_EDID_INPUT_SERRATION_VSYNC (1 << 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 081/411] ath9k: fix ar9003_get_eepmisc
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 080/411] drm: fix EDID struct for old ARM OABI format Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 082/411] drm/edid: fix invalid EDID extension block filtering Greg Kroah-Hartman
` (334 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenli Looi,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Wenli Looi <wlooi@ucalgary.ca>
[ Upstream commit 9aaff3864b603408c02c629957ae8d8ff5d5a4f2 ]
The current implementation is reading the wrong eeprom type.
Fixes: d8ec2e2a63e8 ("ath9k: Add an eeprom_ops callback for retrieving the eepmisc value")
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220320233010.123106-5-wlooi@ucalgary.ca
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
index b0a4ca3559fd..abed1effd95c 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
@@ -5615,7 +5615,7 @@ unsigned int ar9003_get_paprd_scale_factor(struct ath_hw *ah,
static u8 ar9003_get_eepmisc(struct ath_hw *ah)
{
- return ah->eeprom.map4k.baseEepHeader.eepMisc;
+ return ah->eeprom.ar9300_eep.baseEepHeader.opCapFlags.eepMisc;
}
const struct eeprom_ops eep_ar9300_ops = {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 082/411] drm/edid: fix invalid EDID extension block filtering
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 081/411] ath9k: fix ar9003_get_eepmisc Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 083/411] drm/bridge: adv7511: clean up CEC adapter when probe fails Greg Kroah-Hartman
` (333 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ville Syrjälä,
Jani Nikula, Sasha Levin
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 3aefc722ff52076407203b6af9713de567993adf ]
The invalid EDID block filtering uses the number of valid EDID
extensions instead of all EDID extensions for looping the extensions in
the copy. This is fine, by coincidence, if all the invalid blocks are at
the end of the EDID. However, it's completely broken if there are
invalid extensions in the middle; the invalid blocks are included and
valid blocks are excluded.
Fix it by modifying the base block after, not before, the copy.
Fixes: 14544d0937bf ("drm/edid: Only print the bad edid when aborting")
Reported-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220330170426.349248-1-jani.nikula@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_edid.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
index aeeab1b57aad..2dc6dd6230d7 100644
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -1702,9 +1702,6 @@ struct edid *drm_do_get_edid(struct drm_connector *connector,
connector_bad_edid(connector, edid, edid[0x7e] + 1);
- edid[EDID_LENGTH-1] += edid[0x7e] - valid_extensions;
- edid[0x7e] = valid_extensions;
-
new = kmalloc_array(valid_extensions + 1, EDID_LENGTH,
GFP_KERNEL);
if (!new)
@@ -1721,6 +1718,9 @@ struct edid *drm_do_get_edid(struct drm_connector *connector,
base += EDID_LENGTH;
}
+ new[EDID_LENGTH - 1] += new[0x7e] - valid_extensions;
+ new[0x7e] = valid_extensions;
+
kfree(edid);
edid = new;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 083/411] drm/bridge: adv7511: clean up CEC adapter when probe fails
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 082/411] drm/edid: fix invalid EDID extension block filtering Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 084/411] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Greg Kroah-Hartman
` (332 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Robert Foss, Sasha Levin
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit 7ed2b0dabf7a22874cb30f8878df239ef638eb53 ]
When the probe routine fails we also need to clean up the
CEC adapter registered in adv7511_cec_init().
Fixes: 3b1b975003e4 ("drm: adv7511/33: add HDMI CEC support")
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220321104705.2804423-1-l.stach@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
index 9e13e466e72c..e7bf32f234d7 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
@@ -1225,6 +1225,7 @@ static int adv7511_probe(struct i2c_client *i2c, const struct i2c_device_id *id)
return 0;
err_unregister_cec:
+ cec_unregister_adapter(adv7511->cec_adap);
i2c_unregister_device(adv7511->i2c_cec);
if (adv7511->cec_clk)
clk_disable_unprepare(adv7511->cec_clk);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 084/411] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 083/411] drm/bridge: adv7511: clean up CEC adapter when probe fails Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 085/411] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe Greg Kroah-Hartman
` (331 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin,
AngeloGioacchino Del Regno, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 4f4e0454e226de3bf4efd7e7924d1edc571c52d5 ]
Call of_node_put(platform_node) to avoid refcount leak in
the error path.
Fixes: 94319ba10eca ("ASoC: mediatek: Use platform_of_node for machine drivers")
Fixes: 493433785df0 ("ASoC: mediatek: mt8173: fix device_node leak")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220404092903.26725-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8173/mt8173-max98090.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/soc/mediatek/mt8173/mt8173-max98090.c b/sound/soc/mediatek/mt8173/mt8173-max98090.c
index de1410c2c446..32df18180114 100644
--- a/sound/soc/mediatek/mt8173/mt8173-max98090.c
+++ b/sound/soc/mediatek/mt8173/mt8173-max98090.c
@@ -167,7 +167,8 @@ static int mt8173_max98090_dev_probe(struct platform_device *pdev)
if (!codec_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_platform_node;
}
for_each_card_prelinks(card, i, dai_link) {
if (dai_link->codecs->name)
@@ -182,6 +183,8 @@ static int mt8173_max98090_dev_probe(struct platform_device *pdev)
__func__, ret);
of_node_put(codec_node);
+
+put_platform_node:
of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 085/411] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 084/411] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 086/411] x86/delay: Fix the wrong asm constraint in delay_loop() Greg Kroah-Hartman
` (330 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 05654431a18fe24e5e46a375d98904134628a102 ]
This node pointer is returned by of_parse_phandle() with
refcount incremented in this function.
Calling of_node_put() to avoid the refcount leak.
Fixes: 8625c1dbd876 ("ASoC: mediatek: Add mt2701-wm8960 machine driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220404093526.30004-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt2701/mt2701-wm8960.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/sound/soc/mediatek/mt2701/mt2701-wm8960.c b/sound/soc/mediatek/mt2701/mt2701-wm8960.c
index 8c4c89e4c616..b9ad42112ea1 100644
--- a/sound/soc/mediatek/mt2701/mt2701-wm8960.c
+++ b/sound/soc/mediatek/mt2701/mt2701-wm8960.c
@@ -129,7 +129,8 @@ static int mt2701_wm8960_machine_probe(struct platform_device *pdev)
if (!codec_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_platform_node;
}
for_each_card_prelinks(card, i, dai_link) {
if (dai_link->codecs->name)
@@ -140,7 +141,7 @@ static int mt2701_wm8960_machine_probe(struct platform_device *pdev)
ret = snd_soc_of_parse_audio_routing(card, "audio-routing");
if (ret) {
dev_err(&pdev->dev, "failed to parse audio-routing: %d\n", ret);
- return ret;
+ goto put_codec_node;
}
ret = devm_snd_soc_register_card(&pdev->dev, card);
@@ -148,6 +149,10 @@ static int mt2701_wm8960_machine_probe(struct platform_device *pdev)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+put_codec_node:
+ of_node_put(codec_node);
+put_platform_node:
+ of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 086/411] x86/delay: Fix the wrong asm constraint in delay_loop()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 085/411] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe Greg Kroah-Hartman
@ 2022-06-13 10:05 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 087/411] drm/mediatek: Fix mtk_cec_mask() Greg Kroah-Hartman
` (329 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ammar Faizi, Borislav Petkov, Sasha Levin
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
[ Upstream commit b86eb74098a92afd789da02699b4b0dd3f73b889 ]
The asm constraint does not reflect the fact that the asm statement can
modify the value of the local variable loops. Which it does.
Specifying the wrong constraint may lead to undefined behavior, it may
clobber random stuff (e.g. local variable, important temporary value in
regs, etc.). This is especially dangerous when the compiler decides to
inline the function and since it doesn't know that the value gets
modified, it might decide to use it from a register directly without
reloading it.
Change the constraint to "+a" to denote that the first argument is an
input and an output argument.
[ bp: Fix typo, massage commit message. ]
Fixes: e01b70ef3eb3 ("x86: fix bug in arch/i386/lib/delay.c file, delay_loop function")
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220329104705.65256-2-ammarfaizi2@gnuweeb.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/lib/delay.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/lib/delay.c b/arch/x86/lib/delay.c
index c126571e5e2e..3d1cfad36ba2 100644
--- a/arch/x86/lib/delay.c
+++ b/arch/x86/lib/delay.c
@@ -43,8 +43,8 @@ static void delay_loop(unsigned long loops)
" jnz 2b \n"
"3: dec %0 \n"
- : /* we don't need output */
- :"a" (loops)
+ : "+a" (loops)
+ :
);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 087/411] drm/mediatek: Fix mtk_cec_mask()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-06-13 10:05 ` [PATCH 5.4 086/411] x86/delay: Fix the wrong asm constraint in delay_loop() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 088/411] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF Greg Kroah-Hartman
` (328 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miles Chen,
AngeloGioacchino Del Regno, Matthias Brugger, Zhiqiang Lin,
CK Hu, Chun-Kuang Hu, Sasha Levin
From: Miles Chen <miles.chen@mediatek.com>
[ Upstream commit 2c5d69b0a141e1e98febe3111e6f4fd8420493a5 ]
In current implementation, mtk_cec_mask() writes val into target register
and ignores the mask. After talking to our hdmi experts, mtk_cec_mask()
should read a register, clean only mask bits, and update (val | mask) bits
to the register.
Link: https://patchwork.kernel.org/project/linux-mediatek/patch/20220315232301.2434-1-miles.chen@mediatek.com/
Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support")
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Zhiqiang Lin <zhiqiang.lin@mediatek.com>
Cc: CK Hu <ck.hu@mediatek.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/mediatek/mtk_cec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_cec.c b/drivers/gpu/drm/mediatek/mtk_cec.c
index cb29b649fcdb..12bf93769497 100644
--- a/drivers/gpu/drm/mediatek/mtk_cec.c
+++ b/drivers/gpu/drm/mediatek/mtk_cec.c
@@ -84,7 +84,7 @@ static void mtk_cec_mask(struct mtk_cec *cec, unsigned int offset,
u32 tmp = readl(cec->regs + offset) & ~mask;
tmp |= val & mask;
- writel(val, cec->regs + offset);
+ writel(tmp, cec->regs + offset);
}
void mtk_cec_set_hpd_event(struct device *dev,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 088/411] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 087/411] drm/mediatek: Fix mtk_cec_mask() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 089/411] drm/vc4: txp: Force alpha to be 0xff if its disabled Greg Kroah-Hartman
` (327 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Thomas Zimmermann,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 234998df929f14d00cbf2f1e81a7facb69fd9266 ]
The TXP_VSTART_AT_EOF will generate a second VSTART signal to the HVS.
However, the HVS waits for VSTART to enable the FIFO and will thus start
filling the FIFO before the start of the frame.
This leads to corruption at the beginning of the first frame, and
content from the previous frame at the beginning of the next frames.
Since one VSTART is enough, let's get rid of it.
Fixes: 008095e065a8 ("drm/vc4: Add support for the transposer block")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://lore.kernel.org/r/20220328153659.2382206-3-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_txp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vc4/vc4_txp.c b/drivers/gpu/drm/vc4/vc4_txp.c
index bf720206727f..2342b49c16dd 100644
--- a/drivers/gpu/drm/vc4/vc4_txp.c
+++ b/drivers/gpu/drm/vc4/vc4_txp.c
@@ -285,7 +285,7 @@ static void vc4_txp_connector_atomic_commit(struct drm_connector *conn,
if (WARN_ON(i == ARRAY_SIZE(drm_fmts)))
return;
- ctrl = TXP_GO | TXP_VSTART_AT_EOF | TXP_EI |
+ ctrl = TXP_GO | TXP_EI |
VC4_SET_FIELD(0xf, TXP_BYTE_ENABLE) |
VC4_SET_FIELD(txp_fmts[i], TXP_FORMAT);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 089/411] drm/vc4: txp: Force alpha to be 0xff if its disabled
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 088/411] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 090/411] bpf: Fix excessive memory allocation in stack_map_alloc() Greg Kroah-Hartman
` (326 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Thomas Zimmermann,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 5453343a88ede8b12812fced81ecd24cb888ccc3 ]
If we use a format that has padding instead of the alpha component (such
as XRGB8888), it appears that the Transposer will fill the padding to 0,
disregarding what was stored in the input buffer padding.
This leads to issues with IGT, since it will set the padding to 0xff,
but will then compare the CRC of the two frames which will thus fail.
Another nice side effect is that it is now possible to just use the
buffer as ARGB.
Fixes: 008095e065a8 ("drm/vc4: Add support for the transposer block")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://lore.kernel.org/r/20220328153659.2382206-4-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_txp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/vc4/vc4_txp.c b/drivers/gpu/drm/vc4/vc4_txp.c
index 2342b49c16dd..0d9263f65d95 100644
--- a/drivers/gpu/drm/vc4/vc4_txp.c
+++ b/drivers/gpu/drm/vc4/vc4_txp.c
@@ -291,6 +291,12 @@ static void vc4_txp_connector_atomic_commit(struct drm_connector *conn,
if (fb->format->has_alpha)
ctrl |= TXP_ALPHA_ENABLE;
+ else
+ /*
+ * If TXP_ALPHA_ENABLE isn't set and TXP_ALPHA_INVERT is, the
+ * hardware will force the output padding to be 0xff.
+ */
+ ctrl |= TXP_ALPHA_INVERT;
gem = drm_fb_cma_get_gem_obj(fb, 0);
TXP_WRITE(TXP_DST_PTR, gem->paddr + fb->offsets[0]);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 090/411] bpf: Fix excessive memory allocation in stack_map_alloc()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 089/411] drm/vc4: txp: Force alpha to be 0xff if its disabled Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 091/411] nl80211: show SSID for P2P_GO interfaces Greg Kroah-Hartman
` (325 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yuntao Wang, Daniel Borkmann, Sasha Levin
From: Yuntao Wang <ytcoode@gmail.com>
[ Upstream commit b45043192b3e481304062938a6561da2ceea46a6 ]
The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of the
allocated memory for 'smap' is never used after the memlock accounting was
removed, thus get rid of it.
[ Note, Daniel:
Commit b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
moved `cost += n_buckets * (value_size + sizeof(struct stack_map_bucket))`
up and therefore before the bpf_map_area_alloc() allocation, sigh. In a later
step commit c85d69135a91 ("bpf: move memory size checks to bpf_map_charge_init()"),
and the overflow checks of `cost >= U32_MAX - PAGE_SIZE` moved into
bpf_map_charge_init(). And then 370868107bf6 ("bpf: Eliminate rlimit-based
memory accounting for stackmap maps") finally removed the bpf_map_charge_init().
Anyway, the original code did the allocation same way as /after/ this fix. ]
Fixes: b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220407130423.798386-1-ytcoode@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/stackmap.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
index 49c7a09d688d..768ffd603787 100644
--- a/kernel/bpf/stackmap.c
+++ b/kernel/bpf/stackmap.c
@@ -117,7 +117,6 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr)
return ERR_PTR(-E2BIG);
cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap);
- cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
err = bpf_map_charge_init(&mem, cost);
if (err)
return ERR_PTR(err);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 091/411] nl80211: show SSID for P2P_GO interfaces
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 090/411] bpf: Fix excessive memory allocation in stack_map_alloc() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 092/411] drm/komeda: Fix an undefined behavior bug in komeda_plane_add() Greg Kroah-Hartman
` (324 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit a75971bc2b8453630e9f85e0beaa4da8db8277a3 ]
There's no real reason not to send the SSID to userspace
when it requests information about P2P_GO, it is, in that
respect, exactly the same as AP interfaces. Fix that.
Fixes: 44905265bc15 ("nl80211: don't expose wdev->ssid for most interfaces")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220318134656.14354ae223f0.Ia25e85a512281b92e1645d4160766a4b1a471597@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/nl80211.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index d3e2b97d5d05..8459f5b6002e 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3240,6 +3240,7 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag
wdev_lock(wdev);
switch (wdev->iftype) {
case NL80211_IFTYPE_AP:
+ case NL80211_IFTYPE_P2P_GO:
if (wdev->ssid_len &&
nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
goto nla_put_failure_locked;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 092/411] drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 091/411] nl80211: show SSID for P2P_GO interfaces Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 093/411] drm: mali-dp: potential dereference of null pointer Greg Kroah-Hartman
` (323 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Liviu Dudau, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit f5e284bb74ab296f98122673c7ecd22028b2c200 ]
In komeda_plane_add(), komeda_get_layer_fourcc_list() is assigned to
formats and used in drm_universal_plane_init().
drm_universal_plane_init() passes formats to
__drm_universal_plane_init(). __drm_universal_plane_init() further
passes formats to memcpy() as src parameter, which could lead to an
undefined behavior bug on failure of komeda_get_layer_fourcc_list().
Fix this bug by adding a check of formats.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DRM_KOMEDA=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 61f1c4a8ab75 ("drm/komeda: Attach komeda_dev to DRM-KMS")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211201033704.32054-1-zhou1615@umn.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
index a5f57b38d193..bc3f42e915e9 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
@@ -264,6 +264,10 @@ static int komeda_plane_add(struct komeda_kms_dev *kms,
formats = komeda_get_layer_fourcc_list(&mdev->fmt_tbl,
layer->layer_type, &n_formats);
+ if (!formats) {
+ kfree(kplane);
+ return -ENOMEM;
+ }
err = drm_universal_plane_init(&kms->base, plane,
get_possible_crtcs(kms, c->pipeline),
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 093/411] drm: mali-dp: potential dereference of null pointer
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 092/411] drm/komeda: Fix an undefined behavior bug in komeda_plane_add() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 094/411] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout Greg Kroah-Hartman
` (322 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Brian Starkey,
Liviu Dudau, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 73c3ed7495c67b8fbdc31cf58e6ca8757df31a33 ]
The return value of kzalloc() needs to be checked.
To avoid use of null pointer '&state->base' in case of the
failure of alloc.
Fixes: 99665d072183 ("drm: mali-dp: add malidp_crtc_state struct")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Brian Starkey <brian.starkey@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211214100837.46912-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/arm/malidp_crtc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/arm/malidp_crtc.c b/drivers/gpu/drm/arm/malidp_crtc.c
index 587d94798f5c..af729094260c 100644
--- a/drivers/gpu/drm/arm/malidp_crtc.c
+++ b/drivers/gpu/drm/arm/malidp_crtc.c
@@ -483,7 +483,10 @@ static void malidp_crtc_reset(struct drm_crtc *crtc)
if (crtc->state)
malidp_crtc_destroy_state(crtc, crtc->state);
- __drm_atomic_helper_crtc_reset(crtc, &state->base);
+ if (state)
+ __drm_atomic_helper_crtc_reset(crtc, &state->base);
+ else
+ __drm_atomic_helper_crtc_reset(crtc, NULL);
}
static int malidp_crtc_enable_vblank(struct drm_crtc *crtc)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 094/411] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 093/411] drm: mali-dp: potential dereference of null pointer Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 095/411] NFC: NULL out the dev->rfkill to prevent UAF Greg Kroah-Hartman
` (321 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 8b1ea69a63eb62f97cef63e6d816b64ed84e8760 ]
wait_for_completion_timeout() returns unsigned long not int.
It returns 0 if timed out, and positive if completed.
The check for <= 0 is ambiguous and should be == 0 here
indicating timeout which is the only error case.
Fixes: 5720ec0a6d26 ("spi: spi-ti-qspi: Add DMA support for QSPI mmap read")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220411111034.24447-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-ti-qspi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-ti-qspi.c b/drivers/spi/spi-ti-qspi.c
index 6b6ef8944283..4bbad00244ab 100644
--- a/drivers/spi/spi-ti-qspi.c
+++ b/drivers/spi/spi-ti-qspi.c
@@ -401,6 +401,7 @@ static int ti_qspi_dma_xfer(struct ti_qspi *qspi, dma_addr_t dma_dst,
enum dma_ctrl_flags flags = DMA_CTRL_ACK | DMA_PREP_INTERRUPT;
struct dma_async_tx_descriptor *tx;
int ret;
+ unsigned long time_left;
tx = dmaengine_prep_dma_memcpy(chan, dma_dst, dma_src, len, flags);
if (!tx) {
@@ -420,9 +421,9 @@ static int ti_qspi_dma_xfer(struct ti_qspi *qspi, dma_addr_t dma_dst,
}
dma_async_issue_pending(chan);
- ret = wait_for_completion_timeout(&qspi->transfer_complete,
+ time_left = wait_for_completion_timeout(&qspi->transfer_complete,
msecs_to_jiffies(len));
- if (ret <= 0) {
+ if (time_left == 0) {
dmaengine_terminate_sync(chan);
dev_err(qspi->dev, "DMA wait_for_completion_timeout\n");
return -ETIMEDOUT;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 095/411] NFC: NULL out the dev->rfkill to prevent UAF
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 094/411] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 096/411] efi: Add missing prototype for efi_capsule_setup_info Greg Kroah-Hartman
` (320 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Ma, Krzysztof Kozlowski,
David S. Miller, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 1b0e81416a24d6e9b8c2341e22e8bf48f8b8bfc9 ]
Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device")
assumes the device_is_registered() in function nfc_dev_up() will help
to check when the rfkill is unregistered. However, this check only
take effect when device_del(&dev->dev) is done in nfc_unregister_device().
Hence, the rfkill object is still possible be dereferenced.
The crash trace in latest kernel (5.18-rc2):
[ 68.760105] ==================================================================
[ 68.760330] BUG: KASAN: use-after-free in __lock_acquire+0x3ec1/0x6750
[ 68.760756] Read of size 8 at addr ffff888009c93018 by task fuzz/313
[ 68.760756]
[ 68.760756] CPU: 0 PID: 313 Comm: fuzz Not tainted 5.18.0-rc2 #4
[ 68.760756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 68.760756] Call Trace:
[ 68.760756] <TASK>
[ 68.760756] dump_stack_lvl+0x57/0x7d
[ 68.760756] print_report.cold+0x5e/0x5db
[ 68.760756] ? __lock_acquire+0x3ec1/0x6750
[ 68.760756] kasan_report+0xbe/0x1c0
[ 68.760756] ? __lock_acquire+0x3ec1/0x6750
[ 68.760756] __lock_acquire+0x3ec1/0x6750
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] ? register_lock_class+0x18d0/0x18d0
[ 68.760756] lock_acquire+0x1ac/0x4f0
[ 68.760756] ? rfkill_blocked+0xe/0x60
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] ? mutex_lock_io_nested+0x12c0/0x12c0
[ 68.760756] ? nla_get_range_signed+0x540/0x540
[ 68.760756] ? _raw_spin_lock_irqsave+0x4e/0x50
[ 68.760756] _raw_spin_lock_irqsave+0x39/0x50
[ 68.760756] ? rfkill_blocked+0xe/0x60
[ 68.760756] rfkill_blocked+0xe/0x60
[ 68.760756] nfc_dev_up+0x84/0x260
[ 68.760756] nfc_genl_dev_up+0x90/0xe0
[ 68.760756] genl_family_rcv_msg_doit+0x1f4/0x2f0
[ 68.760756] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230
[ 68.760756] ? security_capable+0x51/0x90
[ 68.760756] genl_rcv_msg+0x280/0x500
[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0
[ 68.760756] ? lock_acquire+0x1ac/0x4f0
[ 68.760756] ? nfc_genl_dev_down+0xe0/0xe0
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] netlink_rcv_skb+0x11b/0x340
[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0
[ 68.760756] ? netlink_ack+0x9c0/0x9c0
[ 68.760756] ? netlink_deliver_tap+0x136/0xb00
[ 68.760756] genl_rcv+0x1f/0x30
[ 68.760756] netlink_unicast+0x430/0x710
[ 68.760756] ? memset+0x20/0x40
[ 68.760756] ? netlink_attachskb+0x740/0x740
[ 68.760756] ? __build_skb_around+0x1f4/0x2a0
[ 68.760756] netlink_sendmsg+0x75d/0xc00
[ 68.760756] ? netlink_unicast+0x710/0x710
[ 68.760756] ? netlink_unicast+0x710/0x710
[ 68.760756] sock_sendmsg+0xdf/0x110
[ 68.760756] __sys_sendto+0x19e/0x270
[ 68.760756] ? __ia32_sys_getpeername+0xa0/0xa0
[ 68.760756] ? fd_install+0x178/0x4c0
[ 68.760756] ? fd_install+0x195/0x4c0
[ 68.760756] ? kernel_fpu_begin_mask+0x1c0/0x1c0
[ 68.760756] __x64_sys_sendto+0xd8/0x1b0
[ 68.760756] ? lockdep_hardirqs_on+0xbf/0x130
[ 68.760756] ? syscall_enter_from_user_mode+0x1d/0x50
[ 68.760756] do_syscall_64+0x3b/0x90
[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.760756] RIP: 0033:0x7f67fb50e6b3
...
[ 68.760756] RSP: 002b:00007f67fa91fe90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 68.760756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67fb50e6b3
[ 68.760756] RDX: 000000000000001c RSI: 0000559354603090 RDI: 0000000000000003
[ 68.760756] RBP: 00007f67fa91ff00 R08: 00007f67fa91fedc R09: 000000000000000c
[ 68.760756] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe824d496e
[ 68.760756] R13: 00007ffe824d496f R14: 00007f67fa120000 R15: 0000000000000003
[ 68.760756] </TASK>
[ 68.760756]
[ 68.760756] Allocated by task 279:
[ 68.760756] kasan_save_stack+0x1e/0x40
[ 68.760756] __kasan_kmalloc+0x81/0xa0
[ 68.760756] rfkill_alloc+0x7f/0x280
[ 68.760756] nfc_register_device+0xa3/0x1a0
[ 68.760756] nci_register_device+0x77a/0xad0
[ 68.760756] nfcmrvl_nci_register_dev+0x20b/0x2c0
[ 68.760756] nfcmrvl_nci_uart_open+0xf2/0x1dd
[ 68.760756] nci_uart_tty_ioctl+0x2c3/0x4a0
[ 68.760756] tty_ioctl+0x764/0x1310
[ 68.760756] __x64_sys_ioctl+0x122/0x190
[ 68.760756] do_syscall_64+0x3b/0x90
[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.760756]
[ 68.760756] Freed by task 314:
[ 68.760756] kasan_save_stack+0x1e/0x40
[ 68.760756] kasan_set_track+0x21/0x30
[ 68.760756] kasan_set_free_info+0x20/0x30
[ 68.760756] __kasan_slab_free+0x108/0x170
[ 68.760756] kfree+0xb0/0x330
[ 68.760756] device_release+0x96/0x200
[ 68.760756] kobject_put+0xf9/0x1d0
[ 68.760756] nfc_unregister_device+0x77/0x190
[ 68.760756] nfcmrvl_nci_unregister_dev+0x88/0xd0
[ 68.760756] nci_uart_tty_close+0xdf/0x180
[ 68.760756] tty_ldisc_kill+0x73/0x110
[ 68.760756] tty_ldisc_hangup+0x281/0x5b0
[ 68.760756] __tty_hangup.part.0+0x431/0x890
[ 68.760756] tty_release+0x3a8/0xc80
[ 68.760756] __fput+0x1f0/0x8c0
[ 68.760756] task_work_run+0xc9/0x170
[ 68.760756] exit_to_user_mode_prepare+0x194/0x1a0
[ 68.760756] syscall_exit_to_user_mode+0x19/0x50
[ 68.760756] do_syscall_64+0x48/0x90
[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae
This patch just add the null out of dev->rfkill to make sure such
dereference cannot happen. This is safe since the device_lock() already
protect the check/write from data race.
Fixes: 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/nfc/core.c b/net/nfc/core.c
index 63701a980ee1..2d4729d1f0eb 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -1159,6 +1159,7 @@ void nfc_unregister_device(struct nfc_dev *dev)
if (dev->rfkill) {
rfkill_unregister(dev->rfkill);
rfkill_destroy(dev->rfkill);
+ dev->rfkill = NULL;
}
dev->shutting_down = true;
device_unlock(&dev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 096/411] efi: Add missing prototype for efi_capsule_setup_info
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 095/411] NFC: NULL out the dev->rfkill to prevent UAF Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 097/411] drbd: fix duplicate array initializer Greg Kroah-Hartman
` (319 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kiszka, Ard Biesheuvel, Sasha Levin
From: Jan Kiszka <jan.kiszka@siemens.com>
[ Upstream commit aa480379d8bdb33920d68acfd90f823c8af32578 ]
Fixes "no previous declaration for 'efi_capsule_setup_info'" warnings
under W=1.
Fixes: 2959c95d510c ("efi/capsule: Add support for Quark security header")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Link: https://lore.kernel.org/r/c28d3f86-dd72-27d1-e2c2-40971b8da6bd@siemens.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/efi.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index c82ef0eba4f8..f9b9f9a2fd4a 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -165,6 +165,8 @@ struct capsule_info {
size_t page_bytes_remain;
};
+int efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff,
+ size_t hdr_bytes);
int __efi_capsule_setup_info(struct capsule_info *cap_info);
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 097/411] drbd: fix duplicate array initializer
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 096/411] efi: Add missing prototype for efi_capsule_setup_info Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 098/411] HID: hid-led: fix maximum brightness for Dream Cheeky Greg Kroah-Hartman
` (318 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann,
Christoph Böhmwalder, Jens Axboe, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 33cb0917bbe241dd17a2b87ead63514c1b7e5615 ]
There are two initializers for P_RETRY_WRITE:
drivers/block/drbd/drbd_main.c:3676:22: warning: initialized field overwritten [-Woverride-init]
Remove the first one since it was already ignored by the compiler
and reorder the list to match the enum definition. As P_ZEROES had
no entry, add that one instead.
Fixes: 036b17eaab93 ("drbd: Receiving part for the PROTOCOL_UPDATE packet")
Fixes: f31e583aa2c2 ("drbd: introduce P_ZEROES (REQ_OP_WRITE_ZEROES on the "wire")")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com>
Link: https://lore.kernel.org/r/20220406190715.1938174-2-christoph.boehmwalder@linbit.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/drbd/drbd_main.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index ba10fa24fa1f..5ece2fd70d9c 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -3709,9 +3709,8 @@ const char *cmdname(enum drbd_packet cmd)
* when we want to support more than
* one PRO_VERSION */
static const char *cmdnames[] = {
+
[P_DATA] = "Data",
- [P_WSAME] = "WriteSame",
- [P_TRIM] = "Trim",
[P_DATA_REPLY] = "DataReply",
[P_RS_DATA_REPLY] = "RSDataReply",
[P_BARRIER] = "Barrier",
@@ -3722,7 +3721,6 @@ const char *cmdname(enum drbd_packet cmd)
[P_DATA_REQUEST] = "DataRequest",
[P_RS_DATA_REQUEST] = "RSDataRequest",
[P_SYNC_PARAM] = "SyncParam",
- [P_SYNC_PARAM89] = "SyncParam89",
[P_PROTOCOL] = "ReportProtocol",
[P_UUIDS] = "ReportUUIDs",
[P_SIZES] = "ReportSizes",
@@ -3730,6 +3728,7 @@ const char *cmdname(enum drbd_packet cmd)
[P_SYNC_UUID] = "ReportSyncUUID",
[P_AUTH_CHALLENGE] = "AuthChallenge",
[P_AUTH_RESPONSE] = "AuthResponse",
+ [P_STATE_CHG_REQ] = "StateChgRequest",
[P_PING] = "Ping",
[P_PING_ACK] = "PingAck",
[P_RECV_ACK] = "RecvAck",
@@ -3740,24 +3739,26 @@ const char *cmdname(enum drbd_packet cmd)
[P_NEG_DREPLY] = "NegDReply",
[P_NEG_RS_DREPLY] = "NegRSDReply",
[P_BARRIER_ACK] = "BarrierAck",
- [P_STATE_CHG_REQ] = "StateChgRequest",
[P_STATE_CHG_REPLY] = "StateChgReply",
[P_OV_REQUEST] = "OVRequest",
[P_OV_REPLY] = "OVReply",
[P_OV_RESULT] = "OVResult",
[P_CSUM_RS_REQUEST] = "CsumRSRequest",
[P_RS_IS_IN_SYNC] = "CsumRSIsInSync",
+ [P_SYNC_PARAM89] = "SyncParam89",
[P_COMPRESSED_BITMAP] = "CBitmap",
[P_DELAY_PROBE] = "DelayProbe",
[P_OUT_OF_SYNC] = "OutOfSync",
- [P_RETRY_WRITE] = "RetryWrite",
[P_RS_CANCEL] = "RSCancel",
[P_CONN_ST_CHG_REQ] = "conn_st_chg_req",
[P_CONN_ST_CHG_REPLY] = "conn_st_chg_reply",
[P_RETRY_WRITE] = "retry_write",
[P_PROTOCOL_UPDATE] = "protocol_update",
+ [P_TRIM] = "Trim",
[P_RS_THIN_REQ] = "rs_thin_req",
[P_RS_DEALLOCATED] = "rs_deallocated",
+ [P_WSAME] = "WriteSame",
+ [P_ZEROES] = "Zeroes",
/* enum drbd_packet, but not commands - obsoleted flags:
* P_MAY_IGNORE
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 098/411] HID: hid-led: fix maximum brightness for Dream Cheeky
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 097/411] drbd: fix duplicate array initializer Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 099/411] HID: elan: Fix potential double free in elan_input_configured Greg Kroah-Hartman
` (317 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Teh, Jiri Kosina, Sasha Levin
From: Jonathan Teh <jonathan.teh@outlook.com>
[ Upstream commit 116c3f4a78ebe478d5ad5a038baf931e93e7d748 ]
Increase maximum brightness for Dream Cheeky to 63. Emperically
determined based on testing in kernel 4.4 on this device:
Bus 003 Device 002: ID 1d34:0004 Dream Cheeky Webmail Notifier
Fixes: 6c7ad07e9e05 ("HID: migrate USB LED driver from usb misc to hid")
Signed-off-by: Jonathan Teh <jonathan.teh@outlook.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-led.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-led.c b/drivers/hid/hid-led.c
index c2c66ceca132..7d82f8d426bb 100644
--- a/drivers/hid/hid-led.c
+++ b/drivers/hid/hid-led.c
@@ -366,7 +366,7 @@ static const struct hidled_config hidled_configs[] = {
.type = DREAM_CHEEKY,
.name = "Dream Cheeky Webmail Notifier",
.short_name = "dream_cheeky",
- .max_brightness = 31,
+ .max_brightness = 63,
.num_leds = 1,
.report_size = 9,
.report_type = RAW_REQUEST,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 099/411] HID: elan: Fix potential double free in elan_input_configured
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 098/411] HID: hid-led: fix maximum brightness for Dream Cheeky Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 100/411] drm/bridge: Fix error handling in analogix_dp_probe Greg Kroah-Hartman
` (316 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Benjamin Tissoires,
Jiri Kosina, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 1af20714fedad238362571620be0bd690ded05b6 ]
'input' is a managed resource allocated with devm_input_allocate_device(),
so there is no need to call input_free_device() explicitly or
there will be a double free.
According to the doc of devm_input_allocate_device():
* Managed input devices do not need to be explicitly unregistered or
* freed as it will be done automatically when owner device unbinds from
* its driver (or binding fails).
Fixes: b7429ea53d6c ("HID: elan: Fix memleak in elan_input_configured")
Fixes: 9a6a4193d65b ("HID: Add driver for USB ELAN Touchpad")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-elan.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/hid/hid-elan.c b/drivers/hid/hid-elan.c
index 0e8f424025fe..838673303f77 100644
--- a/drivers/hid/hid-elan.c
+++ b/drivers/hid/hid-elan.c
@@ -188,7 +188,6 @@ static int elan_input_configured(struct hid_device *hdev, struct hid_input *hi)
ret = input_mt_init_slots(input, ELAN_MAX_FINGERS, INPUT_MT_POINTER);
if (ret) {
hid_err(hdev, "Failed to init elan MT slots: %d\n", ret);
- input_free_device(input);
return ret;
}
@@ -200,7 +199,6 @@ static int elan_input_configured(struct hid_device *hdev, struct hid_input *hi)
hid_err(hdev, "Failed to register elan input device: %d\n",
ret);
input_mt_destroy_slots(input);
- input_free_device(input);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 100/411] drm/bridge: Fix error handling in analogix_dp_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 099/411] HID: elan: Fix potential double free in elan_input_configured Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 101/411] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq Greg Kroah-Hartman
` (315 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Robert Foss, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9f15930bb2ef9f031d62ffc49629cbae89137733 ]
In the error handling path, the clk_prepare_enable() function
call should be balanced by a corresponding 'clk_disable_unprepare()'
call, as already done in the remove function.
Fixes: 3424e3a4f844 ("drm: bridge: analogix/dp: split exynos dp driver to bridge directory")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220420011644.25730-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/bridge/analogix/analogix_dp_core.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c b/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
index 1f26890a8da6..3db0a631a6be 100644
--- a/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
+++ b/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
@@ -1696,8 +1696,10 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
dp->reg_base = devm_ioremap_resource(&pdev->dev, res);
- if (IS_ERR(dp->reg_base))
- return ERR_CAST(dp->reg_base);
+ if (IS_ERR(dp->reg_base)) {
+ ret = PTR_ERR(dp->reg_base);
+ goto err_disable_clk;
+ }
dp->force_hpd = of_property_read_bool(dev->of_node, "force-hpd");
@@ -1709,7 +1711,8 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
if (IS_ERR(dp->hpd_gpiod)) {
dev_err(dev, "error getting HDP GPIO: %ld\n",
PTR_ERR(dp->hpd_gpiod));
- return ERR_CAST(dp->hpd_gpiod);
+ ret = PTR_ERR(dp->hpd_gpiod);
+ goto err_disable_clk;
}
if (dp->hpd_gpiod) {
@@ -1729,7 +1732,8 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
if (dp->irq == -ENXIO) {
dev_err(&pdev->dev, "failed to get irq\n");
- return ERR_PTR(-ENODEV);
+ ret = -ENODEV;
+ goto err_disable_clk;
}
ret = devm_request_threaded_irq(&pdev->dev, dp->irq,
@@ -1738,11 +1742,15 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
irq_flags, "analogix-dp", dp);
if (ret) {
dev_err(&pdev->dev, "failed to request irq\n");
- return ERR_PTR(ret);
+ goto err_disable_clk;
}
disable_irq(dp->irq);
return dp;
+
+err_disable_clk:
+ clk_disable_unprepare(dp->clock);
+ return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(analogix_dp_probe);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 101/411] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 100/411] drm/bridge: Fix error handling in analogix_dp_probe Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 102/411] spi: img-spfi: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
` (314 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengming Zhou,
Peter Zijlstra (Intel),
Ben Segall, Vincent Guittot, Sasha Levin
From: Chengming Zhou <zhouchengming@bytedance.com>
[ Upstream commit 64eaf50731ac0a8c76ce2fedd50ef6652aabc5ff ]
Since commit 23127296889f ("sched/fair: Update scale invariance of PELT")
change to use rq_clock_pelt() instead of rq_clock_task(), we should also
use rq_clock_pelt() for throttled_clock_task_time and throttled_clock_task
accounting to get correct cfs_rq_clock_pelt() of throttled cfs_rq. And
rename throttled_clock_task(_time) to be clock_pelt rather than clock_task.
Fixes: 23127296889f ("sched/fair: Update scale invariance of PELT")
Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Ben Segall <bsegall@google.com>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Link: https://lore.kernel.org/r/20220408115309.81603-1-zhouchengming@bytedance.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 8 ++++----
kernel/sched/pelt.h | 4 ++--
kernel/sched/sched.h | 4 ++--
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 87d9fad9d01d..d2a68ae7596e 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -4485,8 +4485,8 @@ static int tg_unthrottle_up(struct task_group *tg, void *data)
cfs_rq->throttle_count--;
if (!cfs_rq->throttle_count) {
- cfs_rq->throttled_clock_task_time += rq_clock_task(rq) -
- cfs_rq->throttled_clock_task;
+ cfs_rq->throttled_clock_pelt_time += rq_clock_pelt(rq) -
+ cfs_rq->throttled_clock_pelt;
/* Add cfs_rq with already running entity in the list */
if (cfs_rq->nr_running >= 1)
@@ -4503,7 +4503,7 @@ static int tg_throttle_down(struct task_group *tg, void *data)
/* group is entering throttled state, stop time */
if (!cfs_rq->throttle_count) {
- cfs_rq->throttled_clock_task = rq_clock_task(rq);
+ cfs_rq->throttled_clock_pelt = rq_clock_pelt(rq);
list_del_leaf_cfs_rq(cfs_rq);
}
cfs_rq->throttle_count++;
@@ -4932,7 +4932,7 @@ static void sync_throttle(struct task_group *tg, int cpu)
pcfs_rq = tg->parent->cfs_rq[cpu];
cfs_rq->throttle_count = pcfs_rq->throttle_count;
- cfs_rq->throttled_clock_task = rq_clock_task(cpu_rq(cpu));
+ cfs_rq->throttled_clock_pelt = rq_clock_pelt(cpu_rq(cpu));
}
/* conditionally throttle active cfs_rq's from put_prev_entity() */
diff --git a/kernel/sched/pelt.h b/kernel/sched/pelt.h
index afff644da065..43e2a47489fa 100644
--- a/kernel/sched/pelt.h
+++ b/kernel/sched/pelt.h
@@ -127,9 +127,9 @@ static inline u64 rq_clock_pelt(struct rq *rq)
static inline u64 cfs_rq_clock_pelt(struct cfs_rq *cfs_rq)
{
if (unlikely(cfs_rq->throttle_count))
- return cfs_rq->throttled_clock_task - cfs_rq->throttled_clock_task_time;
+ return cfs_rq->throttled_clock_pelt - cfs_rq->throttled_clock_pelt_time;
- return rq_clock_pelt(rq_of(cfs_rq)) - cfs_rq->throttled_clock_task_time;
+ return rq_clock_pelt(rq_of(cfs_rq)) - cfs_rq->throttled_clock_pelt_time;
}
#else
static inline u64 cfs_rq_clock_pelt(struct cfs_rq *cfs_rq)
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
index fe755c1a0af9..b8a3db59e326 100644
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -570,8 +570,8 @@ struct cfs_rq {
s64 runtime_remaining;
u64 throttled_clock;
- u64 throttled_clock_task;
- u64 throttled_clock_task_time;
+ u64 throttled_clock_pelt;
+ u64 throttled_clock_pelt_time;
int throttled;
int throttle_count;
struct list_head throttled_list;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 102/411] spi: img-spfi: Fix pm_runtime_get_sync() error checking
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 101/411] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 103/411] cpufreq: Fix possible race in cpufreq online error path Greg Kroah-Hartman
` (313 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Mark Brown, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit cc470d55343056d6b2a5c32e10e0aad06f324078 ]
If the device is already in a runtime PM enabled state
pm_runtime_get_sync() will return 1, so a test for negative
value should be used to check for errors.
Fixes: deba25800a12b ("spi: Add driver for IMG SPFI controller")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Link: https://lore.kernel.org/r/20220422062641.10486-1-zhengyongjun3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-img-spfi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-img-spfi.c b/drivers/spi/spi-img-spfi.c
index e9ef80983b79..5a6b02843f2b 100644
--- a/drivers/spi/spi-img-spfi.c
+++ b/drivers/spi/spi-img-spfi.c
@@ -771,7 +771,7 @@ static int img_spfi_resume(struct device *dev)
int ret;
ret = pm_runtime_get_sync(dev);
- if (ret) {
+ if (ret < 0) {
pm_runtime_put_noidle(dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 103/411] cpufreq: Fix possible race in cpufreq online error path
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 102/411] spi: img-spfi: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 104/411] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix Greg Kroah-Hartman
` (312 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Schspa Shi, Rafael J. Wysocki, Sasha Levin
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit f346e96267cd76175d6c201b40f770c0116a8a04 ]
When cpufreq online fails, the policy->cpus mask is not cleared and
policy->rwsem is released too early, so the driver can be invoked
via the cpuinfo_cur_freq sysfs attribute while its ->offline() or
->exit() callbacks are being run.
Take policy->clk as an example:
static int cpufreq_online(unsigned int cpu)
{
...
// policy->cpus != 0 at this time
down_write(&policy->rwsem);
ret = cpufreq_add_dev_interface(policy);
up_write(&policy->rwsem);
return 0;
out_destroy_policy:
for_each_cpu(j, policy->real_cpus)
remove_cpu_dev_symlink(policy, get_cpu_device(j));
up_write(&policy->rwsem);
...
out_exit_policy:
if (cpufreq_driver->exit)
cpufreq_driver->exit(policy);
clk_put(policy->clk);
// policy->clk is a wild pointer
...
^
|
Another process access
__cpufreq_get
cpufreq_verify_current_freq
cpufreq_generic_get
// acces wild pointer of policy->clk;
|
|
out_offline_policy: |
cpufreq_policy_free(policy); |
// deleted here, and will wait for no body reference
cpufreq_policy_put_kobj(policy);
}
Address this by modifying cpufreq_online() to release policy->rwsem
in the error path after the driver callbacks have run and to clear
policy->cpus before releasing the semaphore.
Fixes: 7106e02baed4 ("cpufreq: release policy->rwsem on error")
Signed-off-by: Schspa Shi <schspa@gmail.com>
[ rjw: Subject and changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index af9f34804862..7ea07764988e 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1509,8 +1509,6 @@ static int cpufreq_online(unsigned int cpu)
for_each_cpu(j, policy->real_cpus)
remove_cpu_dev_symlink(policy, get_cpu_device(j));
- up_write(&policy->rwsem);
-
out_offline_policy:
if (cpufreq_driver->offline)
cpufreq_driver->offline(policy);
@@ -1519,6 +1517,9 @@ static int cpufreq_online(unsigned int cpu)
if (cpufreq_driver->exit)
cpufreq_driver->exit(policy);
+ cpumask_clear(policy->cpus);
+ up_write(&policy->rwsem);
+
out_free_policy:
cpufreq_policy_free(policy);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 104/411] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 103/411] cpufreq: Fix possible race in cpufreq online error path Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 105/411] inotify: show inotify mask flags in proc fdinfo Greg Kroah-Hartman
` (311 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 2dc509305cf956381532792cb8dceef2b1504765 ]
The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to
ensure that it is within the bitmap.
drivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept()
error: passing untrusted data 'rx_stats->rs_keyix' to 'test_bit()'
Fixes: 4ed1a8d4a257 ("ath9k_htc: use ath9k_cmn_rx_accept")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220409061225.GA5447@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
index 628f45c8c06f..eeaf63de71bf 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
@@ -1005,6 +1005,14 @@ static bool ath9k_rx_prepare(struct ath9k_htc_priv *priv,
goto rx_next;
}
+ if (rxstatus->rs_keyix >= ATH_KEYMAX &&
+ rxstatus->rs_keyix != ATH9K_RXKEYIX_INVALID) {
+ ath_dbg(common, ANY,
+ "Invalid keyix, dropping (keyix: %d)\n",
+ rxstatus->rs_keyix);
+ goto rx_next;
+ }
+
/* Get the RX status information */
memset(rx_status, 0, sizeof(struct ieee80211_rx_status));
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 105/411] inotify: show inotify mask flags in proc fdinfo
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 104/411] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 106/411] fsnotify: fix wrong lockdep annotations Greg Kroah-Hartman
` (310 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amir Goldstein, Jan Kara, Sasha Levin
From: Amir Goldstein <amir73il@gmail.com>
[ Upstream commit a32e697cda27679a0327ae2cafdad8c7170f548f ]
The inotify mask flags IN_ONESHOT and IN_EXCL_UNLINK are not "internal
to kernel" and should be exposed in procfs fdinfo so CRIU can restore
them.
Fixes: 6933599697c9 ("inotify: hide internal kernel bits from fdinfo")
Link: https://lore.kernel.org/r/20220422120327.3459282-2-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/notify/fdinfo.c | 11 ++---------
fs/notify/inotify/inotify.h | 12 ++++++++++++
fs/notify/inotify/inotify_user.c | 2 +-
3 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/fs/notify/fdinfo.c b/fs/notify/fdinfo.c
index 1e2bfd26b352..7df9ad4d8433 100644
--- a/fs/notify/fdinfo.c
+++ b/fs/notify/fdinfo.c
@@ -84,16 +84,9 @@ static void inotify_fdinfo(struct seq_file *m, struct fsnotify_mark *mark)
inode_mark = container_of(mark, struct inotify_inode_mark, fsn_mark);
inode = igrab(fsnotify_conn_inode(mark->connector));
if (inode) {
- /*
- * IN_ALL_EVENTS represents all of the mask bits
- * that we expose to userspace. There is at
- * least one bit (FS_EVENT_ON_CHILD) which is
- * used only internally to the kernel.
- */
- u32 mask = mark->mask & IN_ALL_EVENTS;
- seq_printf(m, "inotify wd:%x ino:%lx sdev:%x mask:%x ignored_mask:%x ",
+ seq_printf(m, "inotify wd:%x ino:%lx sdev:%x mask:%x ignored_mask:0 ",
inode_mark->wd, inode->i_ino, inode->i_sb->s_dev,
- mask, mark->ignored_mask);
+ inotify_mark_user_mask(mark));
show_mark_fhandle(m, inode);
seq_putc(m, '\n');
iput(inode);
diff --git a/fs/notify/inotify/inotify.h b/fs/notify/inotify/inotify.h
index 3f246f7b8a92..8b8bf52dd08b 100644
--- a/fs/notify/inotify/inotify.h
+++ b/fs/notify/inotify/inotify.h
@@ -22,6 +22,18 @@ static inline struct inotify_event_info *INOTIFY_E(struct fsnotify_event *fse)
return container_of(fse, struct inotify_event_info, fse);
}
+/*
+ * INOTIFY_USER_FLAGS represents all of the mask bits that we expose to
+ * userspace. There is at least one bit (FS_EVENT_ON_CHILD) which is
+ * used only internally to the kernel.
+ */
+#define INOTIFY_USER_MASK (IN_ALL_EVENTS | IN_ONESHOT | IN_EXCL_UNLINK)
+
+static inline __u32 inotify_mark_user_mask(struct fsnotify_mark *fsn_mark)
+{
+ return fsn_mark->mask & INOTIFY_USER_MASK;
+}
+
extern void inotify_ignored_and_remove_idr(struct fsnotify_mark *fsn_mark,
struct fsnotify_group *group);
extern int inotify_handle_event(struct fsnotify_group *group,
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index 81ffc8629fc4..b949b2c02f4b 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -86,7 +86,7 @@ static inline __u32 inotify_arg_to_mask(u32 arg)
mask = (FS_IN_IGNORED | FS_EVENT_ON_CHILD | FS_UNMOUNT);
/* mask off the flags used to open the fd */
- mask |= (arg & (IN_ALL_EVENTS | IN_ONESHOT | IN_EXCL_UNLINK));
+ mask |= (arg & INOTIFY_USER_MASK);
return mask;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 106/411] fsnotify: fix wrong lockdep annotations
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 105/411] inotify: show inotify mask flags in proc fdinfo Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 107/411] of: overlay: do not break notify on NOTIFY_{OK|STOP} Greg Kroah-Hartman
` (309 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Khazhismel Kumykov, Amir Goldstein,
Jan Kara, Sasha Levin
From: Amir Goldstein <amir73il@gmail.com>
[ Upstream commit 623af4f538b5df9b416e1b82f720af7371b4c771 ]
Commit 6960b0d909cd ("fsnotify: change locking order") changed some
of the mark_mutex locks in direct reclaim path to use:
mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
This change is explained:
"...It uses nested locking to avoid deadlock in case we do the final
iput() on an inode which still holds marks and thus would take the
mutex again when calling fsnotify_inode_delete() in destroy_inode()."
The problem is that the mutex_lock_nested() is not a nested lock at
all. In fact, it has the opposite effect of preventing lockdep from
warning about a very possible deadlock.
Due to these wrong annotations, a deadlock that was introduced with
nfsd filecache in kernel v5.4 went unnoticed in v5.4.y for over two
years until it was reported recently by Khazhismel Kumykov, only to
find out that the deadlock was already fixed in kernel v5.5.
Fix the wrong lockdep annotations.
Cc: Khazhismel Kumykov <khazhy@google.com>
Fixes: 6960b0d909cd ("fsnotify: change locking order")
Link: https://lore.kernel.org/r/20220321112310.vpr7oxro2xkz5llh@quack3.lan/
Link: https://lore.kernel.org/r/20220422120327.3459282-4-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/notify/mark.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index 1d96216dffd1..fdf8e03bf3df 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -426,7 +426,7 @@ void fsnotify_free_mark(struct fsnotify_mark *mark)
void fsnotify_destroy_mark(struct fsnotify_mark *mark,
struct fsnotify_group *group)
{
- mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
+ mutex_lock(&group->mark_mutex);
fsnotify_detach_mark(mark);
mutex_unlock(&group->mark_mutex);
fsnotify_free_mark(mark);
@@ -738,7 +738,7 @@ void fsnotify_clear_marks_by_group(struct fsnotify_group *group,
* move marks to free to to_free list in one go and then free marks in
* to_free list one by one.
*/
- mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
+ mutex_lock(&group->mark_mutex);
list_for_each_entry_safe(mark, lmark, &group->marks_list, g_list) {
if ((1U << mark->connector->type) & type_mask)
list_move(&mark->g_list, &to_free);
@@ -747,7 +747,7 @@ void fsnotify_clear_marks_by_group(struct fsnotify_group *group,
clear:
while (1) {
- mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
+ mutex_lock(&group->mark_mutex);
if (list_empty(head)) {
mutex_unlock(&group->mark_mutex);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 107/411] of: overlay: do not break notify on NOTIFY_{OK|STOP}
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 106/411] fsnotify: fix wrong lockdep annotations Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 108/411] scsi: ufs: core: Exclude UECxx from SFR dump list Greg Kroah-Hartman
` (308 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nuno Sá, Rob Herring, Sasha Levin
From: Nuno Sá <nuno.sa@analog.com>
[ Upstream commit 5f756a2eaa4436d7d3dc1e040147f5e992ae34b5 ]
We should not break overlay notifications on NOTIFY_{OK|STOP}
otherwise we might break on the first fragment. We should only stop
notifications if a *real* errno is returned by one of the listeners.
Fixes: a1d19bd4cf1fe ("of: overlay: pr_err from return NOTIFY_OK to overlay apply/remove")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20220420130205.89435-1-nuno.sa@analog.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/overlay.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 1688f576ee8a..8420ef42d89e 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -170,9 +170,7 @@ static int overlay_notify(struct overlay_changeset *ovcs,
ret = blocking_notifier_call_chain(&overlay_notify_chain,
action, &nd);
- if (ret == NOTIFY_OK || ret == NOTIFY_STOP)
- return 0;
- if (ret) {
+ if (notifier_to_errno(ret)) {
ret = notifier_to_errno(ret);
pr_err("overlay changeset %s notifier error %d, target: %pOF\n",
of_overlay_action_name[action], ret, nd.target);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 108/411] scsi: ufs: core: Exclude UECxx from SFR dump list
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 107/411] of: overlay: do not break notify on NOTIFY_{OK|STOP} Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 109/411] x86/pm: Fix false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
` (307 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kiwoong Kim, Martin K. Petersen, Sasha Levin
From: Kiwoong Kim <kwmad.kim@samsung.com>
[ Upstream commit ef60031022eb6d972aac86ca26c98c33e1289436 ]
Some devices may return invalid or zeroed data during an UIC error
condition. In addition, reading these SFRs will clear them. This means the
subsequent error handling will not be able to see them and therefore no
error handling will be scheduled.
Skip reading these SFRs in ufshcd_dump_regs().
Link: https://lore.kernel.org/r/1648689845-33521-1-git-send-email-kwmad.kim@samsung.com
Fixes: d67247566450 ("scsi: ufs: Use explicit access size in ufshcd_dump_regs")
Signed-off-by: Kiwoong Kim <kwmad.kim@samsung.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ufshcd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index ebf7ae1ef70d..670f4c7934f8 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -118,8 +118,13 @@ int ufshcd_dump_regs(struct ufs_hba *hba, size_t offset, size_t len,
if (!regs)
return -ENOMEM;
- for (pos = 0; pos < len; pos += 4)
+ for (pos = 0; pos < len; pos += 4) {
+ if (offset == 0 &&
+ pos >= REG_UIC_ERROR_CODE_PHY_ADAPTER_LAYER &&
+ pos <= REG_UIC_ERROR_CODE_DME)
+ continue;
regs[pos / 4] = ufshcd_readl(hba, offset + pos);
+ }
ufshcd_hex_dump(prefix, regs, len);
kfree(regs);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 109/411] x86/pm: Fix false positive kmemleak report in msr_build_context()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 108/411] scsi: ufs: core: Exclude UECxx from SFR dump list Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 110/411] x86/speculation: Add missing prototype for unpriv_ebpf_notify() Greg Kroah-Hartman
` (306 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mat Martineau, Matthieu Baerts,
Borislav Petkov, Rafael J. Wysocki, Sasha Levin
From: Matthieu Baerts <matthieu.baerts@tessares.net>
[ Upstream commit b0b592cf08367719e1d1ef07c9f136e8c17f7ec3 ]
Since
e2a1256b17b1 ("x86/speculation: Restore speculation related MSRs during S3 resume")
kmemleak reports this issue:
unreferenced object 0xffff888009cedc00 (size 256):
comm "swapper/0", pid 1, jiffies 4294693823 (age 73.764s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 ........H.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
msr_build_context (include/linux/slab.h:621)
pm_check_save_msr (arch/x86/power/cpu.c:520)
do_one_initcall (init/main.c:1298)
kernel_init_freeable (init/main.c:1370)
kernel_init (init/main.c:1504)
ret_from_fork (arch/x86/entry/entry_64.S:304)
Reproducer:
- boot the VM with a debug kernel config (see
https://github.com/multipath-tcp/mptcp_net-next/issues/268)
- wait ~1 minute
- start a kmemleak scan
The root cause here is alignment within the packed struct saved_context
(from suspend_64.h). Kmemleak only searches for pointers that are
aligned (see how pointers are scanned in kmemleak.c), but pahole shows
that the saved_msrs struct member and all members after it in the
structure are unaligned:
struct saved_context {
struct pt_regs regs; /* 0 168 */
/* --- cacheline 2 boundary (128 bytes) was 40 bytes ago --- */
u16 ds; /* 168 2 */
...
u64 misc_enable; /* 232 8 */
bool misc_enable_saved; /* 240 1 */
/* Note below odd offset values for the remainder of this struct */
struct saved_msrs saved_msrs; /* 241 16 */
/* --- cacheline 4 boundary (256 bytes) was 1 bytes ago --- */
long unsigned int efer; /* 257 8 */
u16 gdt_pad; /* 265 2 */
struct desc_ptr gdt_desc; /* 267 10 */
u16 idt_pad; /* 277 2 */
struct desc_ptr idt; /* 279 10 */
u16 ldt; /* 289 2 */
u16 tss; /* 291 2 */
long unsigned int tr; /* 293 8 */
long unsigned int safety; /* 301 8 */
long unsigned int return_address; /* 309 8 */
/* size: 317, cachelines: 5, members: 25 */
/* last cacheline: 61 bytes */
} __attribute__((__packed__));
Move misc_enable_saved to the end of the struct declaration so that
saved_msrs fits in before the cacheline 4 boundary.
The comment above the saved_context declaration says to fix wakeup_64.S
file and __save/__restore_processor_state() if the struct is modified:
it looks like all the accesses in wakeup_64.S are done through offsets
which are computed at build-time. Update that comment accordingly.
At the end, the false positive kmemleak report is due to a limitation
from kmemleak but it is always good to avoid unaligned members for
optimisation purposes.
Please note that it looks like this issue is not new, e.g.
https://lore.kernel.org/all/9f1bb619-c4ee-21c4-a251-870bd4db04fa@lwfinger.net/
https://lore.kernel.org/all/94e48fcd-1dbd-ebd2-4c91-f39941735909@molgen.mpg.de/
[ bp: Massage + cleanup commit message. ]
Fixes: 7a9c2dd08ead ("x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume")
Suggested-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://lore.kernel.org/r/20220426202138.498310-1-matthieu.baerts@tessares.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/suspend_32.h | 2 +-
arch/x86/include/asm/suspend_64.h | 12 ++++++++----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/suspend_32.h b/arch/x86/include/asm/suspend_32.h
index fdbd9d7b7bca..3b97aa921543 100644
--- a/arch/x86/include/asm/suspend_32.h
+++ b/arch/x86/include/asm/suspend_32.h
@@ -21,7 +21,6 @@ struct saved_context {
#endif
unsigned long cr0, cr2, cr3, cr4;
u64 misc_enable;
- bool misc_enable_saved;
struct saved_msrs saved_msrs;
struct desc_ptr gdt_desc;
struct desc_ptr idt;
@@ -30,6 +29,7 @@ struct saved_context {
unsigned long tr;
unsigned long safety;
unsigned long return_address;
+ bool misc_enable_saved;
} __attribute__((packed));
/* routines for saving/restoring kernel state */
diff --git a/arch/x86/include/asm/suspend_64.h b/arch/x86/include/asm/suspend_64.h
index 35bb35d28733..54df06687d83 100644
--- a/arch/x86/include/asm/suspend_64.h
+++ b/arch/x86/include/asm/suspend_64.h
@@ -14,9 +14,13 @@
* Image of the saved processor state, used by the low level ACPI suspend to
* RAM code and by the low level hibernation code.
*
- * If you modify it, fix arch/x86/kernel/acpi/wakeup_64.S and make sure that
- * __save/__restore_processor_state(), defined in arch/x86/kernel/suspend_64.c,
- * still work as required.
+ * If you modify it, check how it is used in arch/x86/kernel/acpi/wakeup_64.S
+ * and make sure that __save/__restore_processor_state(), defined in
+ * arch/x86/power/cpu.c, still work as required.
+ *
+ * Because the structure is packed, make sure to avoid unaligned members. For
+ * optimisation purposes but also because tools like kmemleak only search for
+ * pointers that are aligned.
*/
struct saved_context {
struct pt_regs regs;
@@ -36,7 +40,6 @@ struct saved_context {
unsigned long cr0, cr2, cr3, cr4;
u64 misc_enable;
- bool misc_enable_saved;
struct saved_msrs saved_msrs;
unsigned long efer;
u16 gdt_pad; /* Unused */
@@ -48,6 +51,7 @@ struct saved_context {
unsigned long tr;
unsigned long safety;
unsigned long return_address;
+ bool misc_enable_saved;
} __attribute__((packed));
#define loaddebug(thread,register) \
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 110/411] x86/speculation: Add missing prototype for unpriv_ebpf_notify()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 109/411] x86/pm: Fix false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 111/411] ASoC: rk3328: fix disabling mclk on pclk probe failure Greg Kroah-Hartman
` (305 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Josh Poimboeuf,
Borislav Petkov, Sasha Levin
From: Josh Poimboeuf <jpoimboe@redhat.com>
[ Upstream commit 2147c438fde135d6c145a96e373d9348e7076f7f ]
Fix the following warnings seen with "make W=1":
kernel/sysctl.c:183:13: warning: no previous prototype for ‘unpriv_ebpf_notify’ [-Wmissing-prototypes]
183 | void __weak unpriv_ebpf_notify(int new_state)
| ^~~~~~~~~~~~~~~~~~
arch/x86/kernel/cpu/bugs.c:659:6: warning: no previous prototype for ‘unpriv_ebpf_notify’ [-Wmissing-prototypes]
659 | void unpriv_ebpf_notify(int new_state)
| ^~~~~~~~~~~~~~~~~~
Fixes: 44a3918c8245 ("x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/5689d065f739602ececaee1e05e68b8644009608.1650930000.git.jpoimboe@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index a73ca7c9c7d0..5705cda3c4c4 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -929,6 +929,8 @@ void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev,
struct net_device *netdev);
bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev);
+void unpriv_ebpf_notify(int new_state);
+
#if defined(CONFIG_NET) && defined(CONFIG_BPF_SYSCALL)
int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 111/411] ASoC: rk3328: fix disabling mclk on pclk probe failure
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 110/411] x86/speculation: Add missing prototype for unpriv_ebpf_notify() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 112/411] perf tools: Add missing headers needed by util/data.h Greg Kroah-Hartman
` (304 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Frattaroli, Katsuhiro Suzuki,
Mark Brown, Sasha Levin
From: Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
[ Upstream commit dd508e324cdde1c06ace08a8143fa50333a90703 ]
If preparing/enabling the pclk fails, the probe function should
unprepare and disable the previously prepared and enabled mclk,
which it doesn't do. This commit rectifies this.
Fixes: c32759035ad2 ("ASoC: rockchip: support ACODEC for rk3328")
Signed-off-by: Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
Reviewed-by: Katsuhiro Suzuki <katsuhiro@katsuster.net>
Link: https://lore.kernel.org/r/20220427172310.138638-1-frattaroli.nicolas@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rk3328_codec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/rk3328_codec.c b/sound/soc/codecs/rk3328_codec.c
index 514ebe16bbfa..4e71ecf54af7 100644
--- a/sound/soc/codecs/rk3328_codec.c
+++ b/sound/soc/codecs/rk3328_codec.c
@@ -479,7 +479,7 @@ static int rk3328_platform_probe(struct platform_device *pdev)
ret = clk_prepare_enable(rk3328->pclk);
if (ret < 0) {
dev_err(&pdev->dev, "failed to enable acodec pclk\n");
- return ret;
+ goto err_unprepare_mclk;
}
base = devm_platform_ioremap_resource(pdev, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 112/411] perf tools: Add missing headers needed by util/data.h
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 111/411] ASoC: rk3328: fix disabling mclk on pclk probe failure Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 113/411] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume Greg Kroah-Hartman
` (303 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Jihong, Adrian Hunter,
Alexander Shishkin, Andi Kleen, Ingo Molnar, Jiri Olsa,
Mark Rutland, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
From: Yang Jihong <yangjihong1@huawei.com>
[ Upstream commit 4d27cf1d9de5becfa4d1efb2ea54dba1b9fc962a ]
'struct perf_data' in util/data.h uses the "u64" data type, which is
defined in "linux/types.h".
If we only include util/data.h, the following compilation error occurs:
util/data.h:38:3: error: unknown type name ‘u64’
u64 version;
^~~
Solution: include "linux/types.h." to add the needed type definitions.
Fixes: 258031c017c353e8 ("perf header: Add DIR_FORMAT feature to describe directory data")
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220429090539.212448-1-yangjihong1@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/data.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/perf/util/data.h b/tools/perf/util/data.h
index 259868a39019..252d99071249 100644
--- a/tools/perf/util/data.h
+++ b/tools/perf/util/data.h
@@ -3,6 +3,7 @@
#define __PERF_DATA_H
#include <stdbool.h>
+#include <linux/types.h>
enum perf_data_mode {
PERF_DATA_MODE_WRITE,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 113/411] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 112/411] perf tools: Add missing headers needed by util/data.h Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 114/411] drm/msm/dsi: fix error checks and return values for DSI xmit functions Greg Kroah-Hartman
` (302 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vinod Polimera, Dmitry Baryshkov,
Sasha Levin
From: Vinod Polimera <quic_vpolimer@quicinc.com>
[ Upstream commit fa5186b279ecf44b14fb435540d2065be91cb1ed ]
BUG: Unable to handle kernel paging request at virtual address 006b6b6b6b6b6be3
Call trace:
dpu_vbif_init_memtypes+0x40/0xb8
dpu_runtime_resume+0xcc/0x1c0
pm_generic_runtime_resume+0x30/0x44
__genpd_runtime_resume+0x68/0x7c
genpd_runtime_resume+0x134/0x258
__rpm_callback+0x98/0x138
rpm_callback+0x30/0x88
rpm_resume+0x36c/0x49c
__pm_runtime_resume+0x80/0xb0
dpu_core_irq_uninstall+0x30/0xb0
dpu_irq_uninstall+0x18/0x24
msm_drm_uninit+0xd8/0x16c
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/483255/
Link: https://lore.kernel.org/r/1650857213-30075-1-git-send-email-quic_vpolimer@quicinc.com
[DB: fixed Fixes tag]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 72f487692adb..c08c67338d73 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -599,8 +599,10 @@ static void _dpu_kms_hw_destroy(struct dpu_kms *dpu_kms)
for (i = 0; i < dpu_kms->catalog->vbif_count; i++) {
u32 vbif_idx = dpu_kms->catalog->vbif[i].id;
- if ((vbif_idx < VBIF_MAX) && dpu_kms->hw_vbif[vbif_idx])
+ if ((vbif_idx < VBIF_MAX) && dpu_kms->hw_vbif[vbif_idx]) {
dpu_hw_vbif_destroy(dpu_kms->hw_vbif[vbif_idx]);
+ dpu_kms->hw_vbif[vbif_idx] = NULL;
+ }
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 114/411] drm/msm/dsi: fix error checks and return values for DSI xmit functions
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 113/411] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 115/411] drm/msm/hdmi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
` (301 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Dmitry Baryshkov,
Abhinav Kumar, Marijn Suijten, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit f0e7e9ed379c012c4d6b09a09b868accc426223c ]
As noticed by Dan ([1] an the followup thread) there are multiple issues
with the return values for MSM DSI command transmission callback. In
the error case it can easily return a positive value when it should
have returned a proper error code.
This commits attempts to fix these issues both in TX and in RX paths.
[1]: https://lore.kernel.org/linux-arm-msm/20211001123617.GH2283@kili/
Fixes: a689554ba6ed ("drm/msm: Initial add DSI connector support")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Tested-by: Marijn Suijten <marijn.suijten@somainline.org>
Patchwork: https://patchwork.freedesktop.org/patch/480501/
Link: https://lore.kernel.org/r/20220401231104.967193-1-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dsi/dsi_host.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c
index 423c4ae2be10..743142e15b4c 100644
--- a/drivers/gpu/drm/msm/dsi/dsi_host.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_host.c
@@ -1348,10 +1348,10 @@ static int dsi_cmds2buf_tx(struct msm_dsi_host *msm_host,
dsi_get_bpp(msm_host->format) / 8;
len = dsi_cmd_dma_add(msm_host, msg);
- if (!len) {
+ if (len < 0) {
pr_err("%s: failed to add cmd type = 0x%x\n",
__func__, msg->type);
- return -EINVAL;
+ return len;
}
/* for video mode, do not send cmds more than
@@ -1370,10 +1370,14 @@ static int dsi_cmds2buf_tx(struct msm_dsi_host *msm_host,
}
ret = dsi_cmd_dma_tx(msm_host, len);
- if (ret < len) {
- pr_err("%s: cmd dma tx failed, type=0x%x, data0=0x%x, len=%d\n",
- __func__, msg->type, (*(u8 *)(msg->tx_buf)), len);
- return -ECOMM;
+ if (ret < 0) {
+ pr_err("%s: cmd dma tx failed, type=0x%x, data0=0x%x, len=%d, ret=%d\n",
+ __func__, msg->type, (*(u8 *)(msg->tx_buf)), len, ret);
+ return ret;
+ } else if (ret < len) {
+ pr_err("%s: cmd dma tx failed, type=0x%x, data0=0x%x, ret=%d len=%d\n",
+ __func__, msg->type, (*(u8 *)(msg->tx_buf)), ret, len);
+ return -EIO;
}
return len;
@@ -2099,9 +2103,12 @@ int msm_dsi_host_cmd_rx(struct mipi_dsi_host *host,
}
ret = dsi_cmds2buf_tx(msm_host, msg);
- if (ret < msg->tx_len) {
+ if (ret < 0) {
pr_err("%s: Read cmd Tx failed, %d\n", __func__, ret);
return ret;
+ } else if (ret < msg->tx_len) {
+ pr_err("%s: Read cmd Tx failed, too short: %d\n", __func__, ret);
+ return -ECOMM;
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 115/411] drm/msm/hdmi: check return value after calling platform_get_resource_byname()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 114/411] drm/msm/dsi: fix error checks and return values for DSI xmit functions Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 116/411] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
` (300 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Dmitry Baryshkov,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit a36e506711548df923ceb7ec9f6001375be799a5 ]
It will cause null-ptr-deref if platform_get_resource_byname() returns NULL,
we need check the return value.
Fixes: c6a57a50ad56 ("drm/msm/hdmi: add hdmi hdcp support (V3)")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/482992/
Link: https://lore.kernel.org/r/20220422032227.2991553-1-yangyingliang@huawei.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/hdmi/hdmi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/msm/hdmi/hdmi.c b/drivers/gpu/drm/msm/hdmi/hdmi.c
index 1a7e77373407..a0fd62b6ec99 100644
--- a/drivers/gpu/drm/msm/hdmi/hdmi.c
+++ b/drivers/gpu/drm/msm/hdmi/hdmi.c
@@ -142,6 +142,10 @@ static struct hdmi *msm_hdmi_init(struct platform_device *pdev)
/* HDCP needs physical address of hdmi register */
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
config->mmio_name);
+ if (!res) {
+ ret = -EINVAL;
+ goto fail;
+ }
hdmi->mmio_phy_addr = res->start;
hdmi->qfprom_mmio = msm_ioremap(pdev,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 116/411] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 115/411] drm/msm/hdmi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 117/411] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() Greg Kroah-Hartman
` (299 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi, Stephen Boyd,
Dmitry Baryshkov, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 03371e4fbdeb7f596cbceacb59e474248b6d95ac ]
The irq_of_parse_and_map() function returns 0 on failure, and does not
return a negative value anyhow, so never enter this conditional branch.
Fixes: f6a8eaca0ea1 ("drm/msm/mdp5: use irqdomains")
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/483294/
Link: https://lore.kernel.org/r/20220425091831.3500487-1-lv.ruyi@zte.com.cn
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/hdmi/hdmi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/hdmi/hdmi.c b/drivers/gpu/drm/msm/hdmi/hdmi.c
index a0fd62b6ec99..e4c9ff934e5b 100644
--- a/drivers/gpu/drm/msm/hdmi/hdmi.c
+++ b/drivers/gpu/drm/msm/hdmi/hdmi.c
@@ -315,9 +315,9 @@ int msm_hdmi_modeset_init(struct hdmi *hdmi,
}
hdmi->irq = irq_of_parse_and_map(pdev->dev.of_node, 0);
- if (hdmi->irq < 0) {
- ret = hdmi->irq;
- DRM_DEV_ERROR(dev->dev, "failed to get irq: %d\n", ret);
+ if (!hdmi->irq) {
+ ret = -EINVAL;
+ DRM_DEV_ERROR(dev->dev, "failed to get irq\n");
goto fail;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 117/411] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 116/411] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 118/411] virtio_blk: fix the discard_granularity and discard_alignment queue limits Greg Kroah-Hartman
` (298 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Heiko Stuebner, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f8c242908ad15bbd604d3bcb54961b7d454c43f8 ]
It will cause null-ptr-deref in resource_size(), if platform_get_resource()
returns NULL, move calling resource_size() after devm_ioremap_resource() that
will check 'res' to avoid null-ptr-deref.
Fixes: 2048e3286f34 ("drm: rockchip: Add basic drm driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220422032854.2995175-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
index 84e3decb17b1..2e4e1933a43c 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -1848,10 +1848,10 @@ static int vop_bind(struct device *dev, struct device *master, void *data)
vop_win_init(vop);
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- vop->len = resource_size(res);
vop->regs = devm_ioremap_resource(dev, res);
if (IS_ERR(vop->regs))
return PTR_ERR(vop->regs);
+ vop->len = resource_size(res);
vop->regsbak = devm_kzalloc(dev, vop->len, GFP_KERNEL);
if (!vop->regsbak)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 118/411] virtio_blk: fix the discard_granularity and discard_alignment queue limits
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 117/411] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 119/411] x86: Fix return value of __setup handlers Greg Kroah-Hartman
` (297 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig,
Martin K. Petersen, Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 62952cc5bccd89b76d710de1d0b43244af0f2903 ]
The discard_alignment queue limit is named a bit misleading means the
offset into the block device at which the discard granularity starts.
On the other hand the discard_sector_alignment from the virtio 1.1 looks
similar to what Linux uses as discard granularity (even if not very well
described):
"discard_sector_alignment can be used by OS when splitting a request
based on alignment. "
And at least qemu does set it to the discard granularity.
So stop setting the discard_alignment and use the virtio
discard_sector_alignment to set the discard granularity.
Fixes: 1f23816b8eb8 ("virtio_blk: add discard and write zeroes support")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Link: https://lore.kernel.org/r/20220418045314.360785-5-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/virtio_blk.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 2a5cd502feae..9b3ea86c20e5 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -976,11 +976,12 @@ static int virtblk_probe(struct virtio_device *vdev)
blk_queue_io_opt(q, blk_size * opt_io_size);
if (virtio_has_feature(vdev, VIRTIO_BLK_F_DISCARD)) {
- q->limits.discard_granularity = blk_size;
-
virtio_cread(vdev, struct virtio_blk_config,
discard_sector_alignment, &v);
- q->limits.discard_alignment = v ? v << SECTOR_SHIFT : 0;
+ if (v)
+ q->limits.discard_granularity = v << SECTOR_SHIFT;
+ else
+ q->limits.discard_granularity = blk_size;
virtio_cread(vdev, struct virtio_blk_config,
max_discard_sectors, &v);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 119/411] x86: Fix return value of __setup handlers
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 118/411] virtio_blk: fix the discard_granularity and discard_alignment queue limits Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 120/411] irqchip/exiu: Fix acknowledgment of edge triggered interrupts Greg Kroah-Hartman
` (296 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Borislav Petkov, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 12441ccdf5e2f5a01a46e344976cbbd3d46845c9 ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled. A return
of 0 causes the boot option/value to be listed as an Unknown kernel
parameter and added to init's (limited) argument (no '=') or environment
(with '=') strings. So return 1 from these x86 __setup handlers.
Examples:
Unknown kernel command line parameters "apicpmtimer
BOOT_IMAGE=/boot/bzImage-517rc8 vdso=1 ring3mwait=disable", will be
passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
apicpmtimer
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc8
vdso=1
ring3mwait=disable
Fixes: 2aae950b21e4 ("x86_64: Add vDSO for x86-64 with gettimeofday/clock_gettime/getcpu")
Fixes: 77b52b4c5c66 ("x86: add "debugpat" boot option")
Fixes: e16fd002afe2 ("x86/cpufeature: Enable RING3MWAIT for Knights Landing")
Fixes: b8ce33590687 ("x86_64: convert to clock events")
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Link: https://lore.kernel.org/r/20220314012725.26661-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/apic/apic.c | 2 +-
arch/x86/kernel/cpu/intel.c | 2 +-
arch/x86/mm/pat.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
index f5937742b290..3613cfb83c6d 100644
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
@@ -323,7 +323,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
static __init int vdso_setup(char *s)
{
vdso64_enabled = simple_strtoul(s, NULL, 0);
- return 0;
+ return 1;
}
__setup("vdso=", vdso_setup);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 4e4476b832be..68c734032523 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -168,7 +168,7 @@ static __init int setup_apicpmtimer(char *s)
{
apic_calibrate_pmtmr = 1;
notsc_setup(NULL);
- return 0;
+ return 1;
}
__setup("apicpmtimer", setup_apicpmtimer);
#endif
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 11d5c5950e2d..44688917d51f 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -97,7 +97,7 @@ static bool ring3mwait_disabled __read_mostly;
static int __init ring3mwait_disable(char *__unused)
{
ring3mwait_disabled = true;
- return 0;
+ return 1;
}
__setup("ring3mwait=disable", ring3mwait_disable);
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index 35b2e35c2203..c7c4e2f8c6a5 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -75,7 +75,7 @@ int pat_debug_enable;
static int __init pat_debug_setup(char *str)
{
pat_debug_enable = 1;
- return 0;
+ return 1;
}
__setup("debugpat", pat_debug_setup);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 120/411] irqchip/exiu: Fix acknowledgment of edge triggered interrupts
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 119/411] x86: Fix return value of __setup handlers Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 121/411] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (295 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Thompson, Ard Biesheuvel,
Marc Zyngier, Sasha Levin
From: Daniel Thompson <daniel.thompson@linaro.org>
[ Upstream commit 4efc851c36e389f7ed432edac0149acc5f94b0c7 ]
Currently the EXIU uses the fasteoi interrupt flow that is configured by
it's parent (irq-gic-v3.c). With this flow the only chance to clear the
interrupt request happens during .irq_eoi() and (obviously) this happens
after the interrupt handler has run. EXIU requires edge triggered
interrupts to be acked prior to interrupt handling. Without this we
risk incorrect interrupt dismissal when a new interrupt is delivered
after the handler reads and acknowledges the peripheral but before the
irq_eoi() takes place.
Fix this by clearing the interrupt request from .irq_ack() if we are
configured for edge triggered interrupts. This requires adopting the
fasteoi-ack flow instead of the fasteoi to ensure the ack gets called.
These changes have been tested using the power button on a
Developerbox/SC2A11 combined with some hackery in gpio-keys so I can
play with the different trigger mode [and an mdelay(500) so I can
can check what happens on a double click in both modes].
Fixes: 706cffc1b912 ("irqchip/exiu: Add support for Socionext Synquacer EXIU controller")
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220503134541.2566457-1-daniel.thompson@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/Kconfig.platforms | 1 +
drivers/irqchip/irq-sni-exiu.c | 25 ++++++++++++++++++++++---
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/Kconfig.platforms b/arch/arm64/Kconfig.platforms
index 9dccf4db319b..90202e5608d1 100644
--- a/arch/arm64/Kconfig.platforms
+++ b/arch/arm64/Kconfig.platforms
@@ -225,6 +225,7 @@ config ARCH_STRATIX10
config ARCH_SYNQUACER
bool "Socionext SynQuacer SoC Family"
+ select IRQ_FASTEOI_HIERARCHY_HANDLERS
config ARCH_TEGRA
bool "NVIDIA Tegra SoC Family"
diff --git a/drivers/irqchip/irq-sni-exiu.c b/drivers/irqchip/irq-sni-exiu.c
index abd011fcecf4..c7db617e1a2f 100644
--- a/drivers/irqchip/irq-sni-exiu.c
+++ b/drivers/irqchip/irq-sni-exiu.c
@@ -37,11 +37,26 @@ struct exiu_irq_data {
u32 spi_base;
};
-static void exiu_irq_eoi(struct irq_data *d)
+static void exiu_irq_ack(struct irq_data *d)
{
struct exiu_irq_data *data = irq_data_get_irq_chip_data(d);
writel(BIT(d->hwirq), data->base + EIREQCLR);
+}
+
+static void exiu_irq_eoi(struct irq_data *d)
+{
+ struct exiu_irq_data *data = irq_data_get_irq_chip_data(d);
+
+ /*
+ * Level triggered interrupts are latched and must be cleared during
+ * EOI or the interrupt will be jammed on. Of course if a level
+ * triggered interrupt is still asserted then the write will not clear
+ * the interrupt.
+ */
+ if (irqd_is_level_type(d))
+ writel(BIT(d->hwirq), data->base + EIREQCLR);
+
irq_chip_eoi_parent(d);
}
@@ -91,10 +106,13 @@ static int exiu_irq_set_type(struct irq_data *d, unsigned int type)
writel_relaxed(val, data->base + EILVL);
val = readl_relaxed(data->base + EIEDG);
- if (type == IRQ_TYPE_LEVEL_LOW || type == IRQ_TYPE_LEVEL_HIGH)
+ if (type == IRQ_TYPE_LEVEL_LOW || type == IRQ_TYPE_LEVEL_HIGH) {
val &= ~BIT(d->hwirq);
- else
+ irq_set_handler_locked(d, handle_fasteoi_irq);
+ } else {
val |= BIT(d->hwirq);
+ irq_set_handler_locked(d, handle_fasteoi_ack_irq);
+ }
writel_relaxed(val, data->base + EIEDG);
writel_relaxed(BIT(d->hwirq), data->base + EIREQCLR);
@@ -104,6 +122,7 @@ static int exiu_irq_set_type(struct irq_data *d, unsigned int type)
static struct irq_chip exiu_irq_chip = {
.name = "EXIU",
+ .irq_ack = exiu_irq_ack,
.irq_eoi = exiu_irq_eoi,
.irq_enable = exiu_irq_enable,
.irq_mask = exiu_irq_mask,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 121/411] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 120/411] irqchip/exiu: Fix acknowledgment of edge triggered interrupts Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 122/411] x86/mm: Cleanup the control_va_addr_alignment() __setup handler Greg Kroah-Hartman
` (294 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Marc Zyngier,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 50f0f26e7c8665763d0d7d3372dbcf191f94d077 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: f48e699ddf70 ("irqchip/aspeed-i2c-ic: Add I2C IRQ controller for Aspeed")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220423094227.33148-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-aspeed-i2c-ic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-aspeed-i2c-ic.c b/drivers/irqchip/irq-aspeed-i2c-ic.c
index 8d591c179f81..3d3210828e9b 100644
--- a/drivers/irqchip/irq-aspeed-i2c-ic.c
+++ b/drivers/irqchip/irq-aspeed-i2c-ic.c
@@ -79,8 +79,8 @@ static int __init aspeed_i2c_ic_of_init(struct device_node *node,
}
i2c_ic->parent_irq = irq_of_parse_and_map(node, 0);
- if (i2c_ic->parent_irq < 0) {
- ret = i2c_ic->parent_irq;
+ if (!i2c_ic->parent_irq) {
+ ret = -EINVAL;
goto err_iounmap;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 122/411] x86/mm: Cleanup the control_va_addr_alignment() __setup handler
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 121/411] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 123/411] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET Greg Kroah-Hartman
` (293 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Borislav Petkov, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 1ef64b1e89e6d4018da46e08ffc32779a31160c7 ]
Clean up control_va_addr_alignment():
a. Make '=' required instead of optional (as documented).
b. Print a warning if an invalid option value is used.
c. Return 1 from the __setup handler when an invalid option value is
used. This prevents the kernel from polluting init's (limited)
environment space with the entire string.
Fixes: dfb09f9b7ab0 ("x86, amd: Avoid cache aliasing penalties on AMD family 15h")
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Link: https://lore.kernel.org/r/20220315001045.7680-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/sys_x86_64.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
index f7476ce23b6e..42e31358a9d3 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -70,9 +70,6 @@ static int __init control_va_addr_alignment(char *str)
if (*str == 0)
return 1;
- if (*str == '=')
- str++;
-
if (!strcmp(str, "32"))
va_align.flags = ALIGN_VA_32;
else if (!strcmp(str, "64"))
@@ -82,11 +79,11 @@ static int __init control_va_addr_alignment(char *str)
else if (!strcmp(str, "on"))
va_align.flags = ALIGN_VA_32 | ALIGN_VA_64;
else
- return 0;
+ pr_warn("invalid option value: 'align_va_addr=%s'\n", str);
return 1;
}
-__setup("align_va_addr", control_va_addr_alignment);
+__setup("align_va_addr=", control_va_addr_alignment);
SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
unsigned long, prot, unsigned long, flags,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 123/411] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 122/411] x86/mm: Cleanup the control_va_addr_alignment() __setup handler Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 124/411] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected Greg Kroah-Hartman
` (292 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zev Weiss, Mark Brown, Sasha Levin
From: Zev Weiss <zev@bewilderbeest.net>
[ Upstream commit c3e3ca05dae37f8f74bb80358efd540911cbc2c8 ]
Since the introduction of regulator->enable_count, a driver that did
an exclusive get on an already-enabled regulator would end up with
enable_count initialized to 0 but rdev->use_count initialized to 1.
With that starting point the regulator is effectively stuck enabled,
because if the driver attempted to disable it it would fail the
enable_count underflow check in _regulator_handle_consumer_disable().
The EXCLUSIVE_GET path in _regulator_get() now initializes
enable_count along with rdev->use_count so that the regulator can be
disabled without underflowing the former.
Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Fixes: 5451781dadf85 ("regulator: core: Only count load for enabled consumers")
Link: https://lore.kernel.org/r/20220505043152.12933-1-zev@bewilderbeest.net
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 7fd793d8536c..ae2addadb36f 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -1988,10 +1988,13 @@ struct regulator *_regulator_get(struct device *dev, const char *id,
rdev->exclusive = 1;
ret = _regulator_is_enabled(rdev);
- if (ret > 0)
+ if (ret > 0) {
rdev->use_count = 1;
- else
+ regulator->enable_count = 1;
+ } else {
rdev->use_count = 0;
+ regulator->enable_count = 0;
+ }
}
device_link_add(dev, &rdev->dev, DL_FLAG_STATELESS);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 124/411] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 123/411] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 125/411] drm/msm/mdp5: Return error code in mdp5_mixer_release " Greg Kroah-Hartman
` (291 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomeu Vizoso, Jessica Zhang,
Rob Clark, Dmitry Baryshkov, Sasha Levin
From: Jessica Zhang <quic_jesszhan@quicinc.com>
[ Upstream commit d59be579fa932c46b908f37509f319cbd4ca9a68 ]
mdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring
the modeset lock, but currently mdp5_pipe_release doesn't check for if
an error is returned. Because of this, there is a possibility of
mdp5_pipe_release hitting a NULL dereference error.
To avoid this, let's have mdp5_pipe_release check if
mdp5_get_global_state returns an error and propogate that error.
Changes since v1:
- Separated declaration and initialization of *new_state to avoid
compiler warning
- Fixed some spelling mistakes in commit message
Changes since v2:
- Return 0 in case where hwpipe is NULL as this is considered normal
behavior
- Added 2nd patch in series to fix a similar NULL dereference issue in
mdp5_mixer_release
Reported-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Signed-off-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Fixes: 7907a0d77cb4 ("drm/msm/mdp5: Use the new private_obj state")
Reviewed-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/485179/
Link: https://lore.kernel.org/r/20220505214051.155-1-quic_jesszhan@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 15 +++++++++++----
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h | 2 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 20 ++++++++++++++++----
3 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
index ba6695963aa6..a4f5cb90f3e8 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
@@ -119,18 +119,23 @@ int mdp5_pipe_assign(struct drm_atomic_state *s, struct drm_plane *plane,
return 0;
}
-void mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe)
+int mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe)
{
struct msm_drm_private *priv = s->dev->dev_private;
struct mdp5_kms *mdp5_kms = to_mdp5_kms(to_mdp_kms(priv->kms));
struct mdp5_global_state *state = mdp5_get_global_state(s);
- struct mdp5_hw_pipe_state *new_state = &state->hwpipe;
+ struct mdp5_hw_pipe_state *new_state;
if (!hwpipe)
- return;
+ return 0;
+
+ if (IS_ERR(state))
+ return PTR_ERR(state);
+
+ new_state = &state->hwpipe;
if (WARN_ON(!new_state->hwpipe_to_plane[hwpipe->idx]))
- return;
+ return -EINVAL;
DBG("%s: release from plane %s", hwpipe->name,
new_state->hwpipe_to_plane[hwpipe->idx]->name);
@@ -141,6 +146,8 @@ void mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe)
}
new_state->hwpipe_to_plane[hwpipe->idx] = NULL;
+
+ return 0;
}
void mdp5_pipe_destroy(struct mdp5_hw_pipe *hwpipe)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h
index 9b26d0761bd4..cca67938cab2 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h
@@ -37,7 +37,7 @@ int mdp5_pipe_assign(struct drm_atomic_state *s, struct drm_plane *plane,
uint32_t caps, uint32_t blkcfg,
struct mdp5_hw_pipe **hwpipe,
struct mdp5_hw_pipe **r_hwpipe);
-void mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe);
+int mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe);
struct mdp5_hw_pipe *mdp5_pipe_init(enum mdp5_pipe pipe,
uint32_t reg_offset, uint32_t caps);
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
index da0799333970..0dc23c86747e 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
@@ -393,12 +393,24 @@ static int mdp5_plane_atomic_check_with_state(struct drm_crtc_state *crtc_state,
mdp5_state->r_hwpipe = NULL;
- mdp5_pipe_release(state->state, old_hwpipe);
- mdp5_pipe_release(state->state, old_right_hwpipe);
+ ret = mdp5_pipe_release(state->state, old_hwpipe);
+ if (ret)
+ return ret;
+
+ ret = mdp5_pipe_release(state->state, old_right_hwpipe);
+ if (ret)
+ return ret;
+
}
} else {
- mdp5_pipe_release(state->state, mdp5_state->hwpipe);
- mdp5_pipe_release(state->state, mdp5_state->r_hwpipe);
+ ret = mdp5_pipe_release(state->state, mdp5_state->hwpipe);
+ if (ret)
+ return ret;
+
+ ret = mdp5_pipe_release(state->state, mdp5_state->r_hwpipe);
+ if (ret)
+ return ret;
+
mdp5_state->hwpipe = mdp5_state->r_hwpipe = NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 125/411] drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 124/411] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 126/411] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() Greg Kroah-Hartman
` (290 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomeu Vizoso, Jessica Zhang,
Rob Clark, Dmitry Baryshkov, Sasha Levin
From: Jessica Zhang <quic_jesszhan@quicinc.com>
[ Upstream commit ca75f6f7c6f89365e40f10f641b15981b1f07c31 ]
There is a possibility for mdp5_get_global_state to return
-EDEADLK when acquiring the modeset lock, but currently global_state in
mdp5_mixer_release doesn't check for if an error is returned.
To avoid a NULL dereference error, let's have mdp5_mixer_release
check if an error is returned and propagate that error.
Reported-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Signed-off-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Fixes: 7907a0d77cb4 ("drm/msm/mdp5: Use the new private_obj state")
Reviewed-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/485181/
Link: https://lore.kernel.org/r/20220505214051.155-2-quic_jesszhan@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 10 ++++++++--
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c | 15 +++++++++++----
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h | 4 ++--
3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
index 395146884a22..9afbce3cb87b 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
@@ -534,9 +534,15 @@ int mdp5_crtc_setup_pipeline(struct drm_crtc *crtc,
if (ret)
return ret;
- mdp5_mixer_release(new_crtc_state->state, old_mixer);
+ ret = mdp5_mixer_release(new_crtc_state->state, old_mixer);
+ if (ret)
+ return ret;
+
if (old_r_mixer) {
- mdp5_mixer_release(new_crtc_state->state, old_r_mixer);
+ ret = mdp5_mixer_release(new_crtc_state->state, old_r_mixer);
+ if (ret)
+ return ret;
+
if (!need_right_mixer)
pipeline->r_mixer = NULL;
}
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c
index 954db683ae44..2536def2a000 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c
@@ -116,21 +116,28 @@ int mdp5_mixer_assign(struct drm_atomic_state *s, struct drm_crtc *crtc,
return 0;
}
-void mdp5_mixer_release(struct drm_atomic_state *s, struct mdp5_hw_mixer *mixer)
+int mdp5_mixer_release(struct drm_atomic_state *s, struct mdp5_hw_mixer *mixer)
{
struct mdp5_global_state *global_state = mdp5_get_global_state(s);
- struct mdp5_hw_mixer_state *new_state = &global_state->hwmixer;
+ struct mdp5_hw_mixer_state *new_state;
if (!mixer)
- return;
+ return 0;
+
+ if (IS_ERR(global_state))
+ return PTR_ERR(global_state);
+
+ new_state = &global_state->hwmixer;
if (WARN_ON(!new_state->hwmixer_to_crtc[mixer->idx]))
- return;
+ return -EINVAL;
DBG("%s: release from crtc %s", mixer->name,
new_state->hwmixer_to_crtc[mixer->idx]->name);
new_state->hwmixer_to_crtc[mixer->idx] = NULL;
+
+ return 0;
}
void mdp5_mixer_destroy(struct mdp5_hw_mixer *mixer)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h
index 43c9ba43ce18..545ee223b9d7 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h
@@ -30,7 +30,7 @@ void mdp5_mixer_destroy(struct mdp5_hw_mixer *lm);
int mdp5_mixer_assign(struct drm_atomic_state *s, struct drm_crtc *crtc,
uint32_t caps, struct mdp5_hw_mixer **mixer,
struct mdp5_hw_mixer **r_mixer);
-void mdp5_mixer_release(struct drm_atomic_state *s,
- struct mdp5_hw_mixer *mixer);
+int mdp5_mixer_release(struct drm_atomic_state *s,
+ struct mdp5_hw_mixer *mixer);
#endif /* __MDP5_LM_H__ */
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 126/411] drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 125/411] drm/msm/mdp5: Return error code in mdp5_mixer_release " Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 127/411] media: uvcvideo: Fix missing check to determine if element is found in list Greg Kroah-Hartman
` (289 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Dmitry Baryshkov, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit cf575e31611eb6dccf08fad02e57e35b2187704d ]
The msm_gem_prime_get_sg_table() needs to return error pointers on
error. This is called from drm_gem_map_dma_buf() and returning a
NULL will lead to a crash in that function.
Fixes: ac45146733b0 ("drm/msm: fix msm_gem_prime_get_sg_table()")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/485023/
Link: https://lore.kernel.org/r/YnOmtS5tfENywR9m@kili
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/msm_gem_prime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/msm_gem_prime.c b/drivers/gpu/drm/msm/msm_gem_prime.c
index d7c8948427fe..705a834ba1e6 100644
--- a/drivers/gpu/drm/msm/msm_gem_prime.c
+++ b/drivers/gpu/drm/msm/msm_gem_prime.c
@@ -17,7 +17,7 @@ struct sg_table *msm_gem_prime_get_sg_table(struct drm_gem_object *obj)
int npages = obj->size >> PAGE_SHIFT;
if (WARN_ON(!msm_obj->pages)) /* should have already pinned! */
- return NULL;
+ return ERR_PTR(-ENOMEM);
return drm_prime_pages_to_sg(msm_obj->pages, npages);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 127/411] media: uvcvideo: Fix missing check to determine if element is found in list
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 126/411] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 128/411] iomap: iomap_write_failed fix Greg Kroah-Hartman
` (288 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
[ Upstream commit 261f33388c29f6f3c12a724e6d89172b7f6d5996 ]
The list iterator will point to a bogus position containing HEAD if
the list is empty or the element is not found in list. This case
should be checked before any use of the iterator, otherwise it will
lead to a invalid memory access. The missing check here is before
"pin = iterm->id;", just add check here to fix the security bug.
In addition, the list iterator value will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the element is not found in list, considering
the (mis)use here: "if (iterm == NULL".
Use a new value 'it' as the list iterator, while use the old value
'iterm' as a dedicated pointer to point to the found element, which
1. can fix this bug, due to 'iterm' is NULL only if it's not found.
2. do not need to change all the uses of 'iterm' after the loop.
3. can also limit the scope of the list iterator 'it' *only inside*
the traversal loop by simply declaring 'it' inside the loop in the
future, as usage of the iterator outside of the list_for_each_entry
is considered harmful. https://lkml.org/lkml/2022/2/17/1032
Fixes: d5e90b7a6cd1c ("[media] uvcvideo: Move to video_ioctl2")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/uvc/uvc_v4l2.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
index 3126ee9e965c..96ef64b6a232 100644
--- a/drivers/media/usb/uvc/uvc_v4l2.c
+++ b/drivers/media/usb/uvc/uvc_v4l2.c
@@ -859,29 +859,31 @@ static int uvc_ioctl_enum_input(struct file *file, void *fh,
struct uvc_video_chain *chain = handle->chain;
const struct uvc_entity *selector = chain->selector;
struct uvc_entity *iterm = NULL;
+ struct uvc_entity *it;
u32 index = input->index;
- int pin = 0;
if (selector == NULL ||
(chain->dev->quirks & UVC_QUIRK_IGNORE_SELECTOR_UNIT)) {
if (index != 0)
return -EINVAL;
- list_for_each_entry(iterm, &chain->entities, chain) {
- if (UVC_ENTITY_IS_ITERM(iterm))
+ list_for_each_entry(it, &chain->entities, chain) {
+ if (UVC_ENTITY_IS_ITERM(it)) {
+ iterm = it;
break;
+ }
}
- pin = iterm->id;
} else if (index < selector->bNrInPins) {
- pin = selector->baSourceID[index];
- list_for_each_entry(iterm, &chain->entities, chain) {
- if (!UVC_ENTITY_IS_ITERM(iterm))
+ list_for_each_entry(it, &chain->entities, chain) {
+ if (!UVC_ENTITY_IS_ITERM(it))
continue;
- if (iterm->id == pin)
+ if (it->id == selector->baSourceID[index]) {
+ iterm = it;
break;
+ }
}
}
- if (iterm == NULL || iterm->id != pin)
+ if (iterm == NULL)
return -EINVAL;
memset(input, 0, sizeof(*input));
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 128/411] iomap: iomap_write_failed fix
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 127/411] media: uvcvideo: Fix missing check to determine if element is found in list Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 129/411] Revert "cpufreq: Fix possible race in cpufreq online error path" Greg Kroah-Hartman
` (287 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher, Darrick J. Wong,
Sasha Levin
From: Andreas Gruenbacher <agruenba@redhat.com>
[ Upstream commit b71450e2cc4b3c79f33c5bd276d152af9bd54f79 ]
The @lend parameter of truncate_pagecache_range() should be the offset
of the last byte of the hole, not the first byte beyond it.
Fixes: ae259a9c8593 ("fs: introduce iomap infrastructure")
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/iomap/buffered-io.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index 5c73751adb2d..53cd7b2bb580 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -535,7 +535,8 @@ iomap_write_failed(struct inode *inode, loff_t pos, unsigned len)
* write started inside the existing inode size.
*/
if (pos + len > i_size)
- truncate_pagecache_range(inode, max(pos, i_size), pos + len);
+ truncate_pagecache_range(inode, max(pos, i_size),
+ pos + len - 1);
}
static int
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 129/411] Revert "cpufreq: Fix possible race in cpufreq online error path"
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 128/411] iomap: iomap_write_failed fix Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 130/411] perf/amd/ibs: Use interrupt regs ip for stack unwinding Greg Kroah-Hartman
` (286 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Viresh Kumar, Rafael J. Wysocki, Sasha Levin
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit 85f0e42bd65d01b351d561efb38e584d4c596553 ]
This reverts commit f346e96267cd76175d6c201b40f770c0116a8a04.
The commit tried to fix a possible real bug but it made it even worse.
The fix was simply buggy as now an error out to out_offline_policy or
out_exit_policy will try to release a semaphore which was never taken in
the first place. This works fine only if we failed late, i.e. via
out_destroy_policy.
Fixes: f346e96267cd ("cpufreq: Fix possible race in cpufreq online error path")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 7ea07764988e..af9f34804862 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1509,6 +1509,8 @@ static int cpufreq_online(unsigned int cpu)
for_each_cpu(j, policy->real_cpus)
remove_cpu_dev_symlink(policy, get_cpu_device(j));
+ up_write(&policy->rwsem);
+
out_offline_policy:
if (cpufreq_driver->offline)
cpufreq_driver->offline(policy);
@@ -1517,9 +1519,6 @@ static int cpufreq_online(unsigned int cpu)
if (cpufreq_driver->exit)
cpufreq_driver->exit(policy);
- cpumask_clear(policy->cpus);
- up_write(&policy->rwsem);
-
out_free_policy:
cpufreq_policy_free(policy);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 130/411] perf/amd/ibs: Use interrupt regs ip for stack unwinding
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 129/411] Revert "cpufreq: Fix possible race in cpufreq online error path" Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 131/411] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe Greg Kroah-Hartman
` (285 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Monakhov, Peter Zijlstra,
Ravi Bangoria, Sasha Levin
From: Ravi Bangoria <ravi.bangoria@amd.com>
[ Upstream commit 3d47083b9ff46863e8374ad3bb5edb5e464c75f8 ]
IbsOpRip is recorded when IBS interrupt is triggered. But there is
a skid from the time IBS interrupt gets triggered to the time the
interrupt is presented to the core. Meanwhile processor would have
moved ahead and thus IbsOpRip will be inconsistent with rsp and rbp
recorded as part of the interrupt regs. This causes issues while
unwinding stack using the ORC unwinder as it needs consistent rip,
rsp and rbp. Fix this by using rip from interrupt regs instead of
IbsOpRip for stack unwinding.
Fixes: ee9f8fce99640 ("x86/unwind: Add the ORC unwinder")
Reported-by: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20220429051441.14251-1-ravi.bangoria@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/ibs.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c
index b7baaa973317..2e930d8c04d9 100644
--- a/arch/x86/events/amd/ibs.c
+++ b/arch/x86/events/amd/ibs.c
@@ -312,6 +312,16 @@ static int perf_ibs_init(struct perf_event *event)
hwc->config_base = perf_ibs->msr;
hwc->config = config;
+ /*
+ * rip recorded by IbsOpRip will not be consistent with rsp and rbp
+ * recorded as part of interrupt regs. Thus we need to use rip from
+ * interrupt regs while unwinding call stack. Setting _EARLY flag
+ * makes sure we unwind call-stack before perf sample rip is set to
+ * IbsOpRip.
+ */
+ if (event->attr.sample_type & PERF_SAMPLE_CALLCHAIN)
+ event->attr.sample_type |= __PERF_SAMPLE_CALLCHAIN_EARLY;
+
return 0;
}
@@ -683,6 +693,14 @@ static int perf_ibs_handle_irq(struct perf_ibs *perf_ibs, struct pt_regs *iregs)
data.raw = &raw;
}
+ /*
+ * rip recorded by IbsOpRip will not be consistent with rsp and rbp
+ * recorded as part of interrupt regs. Thus we need to use rip from
+ * interrupt regs while unwinding call stack.
+ */
+ if (event->attr.sample_type & PERF_SAMPLE_CALLCHAIN)
+ data.callchain = perf_callchain(event, iregs);
+
throttle = perf_event_overflow(event, &data, ®s);
out:
if (throttle) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 131/411] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 130/411] perf/amd/ibs: Use interrupt regs ip for stack unwinding Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 132/411] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe Greg Kroah-Hartman
` (284 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Fabio Estevam,
Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 41cd312dfe980af869c3503b4d38e62ed20dd3b7 ]
of_find_i2c_device_by_node() takes a reference,
In error paths, we should call put_device() to drop
the reference to aviod refount leak.
Fixes: 81e8e4926167 ("ASoC: fsl: add sgtl5000 clock support for imx-sgtl5000")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20220511065803.3957-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/imx-sgtl5000.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/sound/soc/fsl/imx-sgtl5000.c b/sound/soc/fsl/imx-sgtl5000.c
index 15e8b9343c35..7106d56a3346 100644
--- a/sound/soc/fsl/imx-sgtl5000.c
+++ b/sound/soc/fsl/imx-sgtl5000.c
@@ -120,19 +120,19 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL);
if (!data) {
ret = -ENOMEM;
- goto fail;
+ goto put_device;
}
comp = devm_kzalloc(&pdev->dev, 3 * sizeof(*comp), GFP_KERNEL);
if (!comp) {
ret = -ENOMEM;
- goto fail;
+ goto put_device;
}
data->codec_clk = clk_get(&codec_dev->dev, NULL);
if (IS_ERR(data->codec_clk)) {
ret = PTR_ERR(data->codec_clk);
- goto fail;
+ goto put_device;
}
data->clk_frequency = clk_get_rate(data->codec_clk);
@@ -158,10 +158,10 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
data->card.dev = &pdev->dev;
ret = snd_soc_of_parse_card_name(&data->card, "model");
if (ret)
- goto fail;
+ goto put_device;
ret = snd_soc_of_parse_audio_routing(&data->card, "audio-routing");
if (ret)
- goto fail;
+ goto put_device;
data->card.num_links = 1;
data->card.owner = THIS_MODULE;
data->card.dai_link = &data->dai;
@@ -176,7 +176,7 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
if (ret != -EPROBE_DEFER)
dev_err(&pdev->dev, "snd_soc_register_card failed (%d)\n",
ret);
- goto fail;
+ goto put_device;
}
of_node_put(ssi_np);
@@ -184,6 +184,8 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
return 0;
+put_device:
+ put_device(&codec_dev->dev);
fail:
if (data && !IS_ERR(data->codec_clk))
clk_put(data->codec_clk);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 132/411] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 131/411] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 133/411] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt Greg Kroah-Hartman
` (283 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 2be84f73785fa9ed6443e3c5b158730266f1c2ee ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Fixes: 08641c7c74dd ("ASoC: mxs: add device tree support for mxs-saif")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220511133725.39039-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mxs/mxs-saif.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/mxs/mxs-saif.c b/sound/soc/mxs/mxs-saif.c
index cb1b525cbe9d..c899a05e896f 100644
--- a/sound/soc/mxs/mxs-saif.c
+++ b/sound/soc/mxs/mxs-saif.c
@@ -767,6 +767,7 @@ static int mxs_saif_probe(struct platform_device *pdev)
saif->master_id = saif->id;
} else {
ret = of_alias_get_id(master, "saif");
+ of_node_put(master);
if (ret < 0)
return ret;
else
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 133/411] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 132/411] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 134/411] scripts/faddr2line: Fix overlapping text section failures Greg Kroah-Hartman
` (282 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit afaa7b933ef00a2d3262f4d1252087613fb5c06d ]
of_node_get() returns a node with refcount incremented.
Calling of_node_put() to drop the reference when not needed anymore.
Fixes: 3784b6d64dc5 ("regulator: pfuze100: add pfuze100 regulator driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220511113506.45185-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/pfuze100-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/pfuze100-regulator.c b/drivers/regulator/pfuze100-regulator.c
index 44b1da7cc374..f873d97100e2 100644
--- a/drivers/regulator/pfuze100-regulator.c
+++ b/drivers/regulator/pfuze100-regulator.c
@@ -528,6 +528,7 @@ static int pfuze_parse_regulators_dt(struct pfuze_chip *chip)
parent = of_get_child_by_name(np, "regulators");
if (!parent) {
dev_err(dev, "regulators node not found\n");
+ of_node_put(np);
return -EINVAL;
}
@@ -557,6 +558,7 @@ static int pfuze_parse_regulators_dt(struct pfuze_chip *chip)
}
of_node_put(parent);
+ of_node_put(np);
if (ret < 0) {
dev_err(dev, "Error parsing regulator init data: %d\n",
ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 134/411] scripts/faddr2line: Fix overlapping text section failures
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 133/411] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 135/411] media: aspeed: Fix an error handling path in aspeed_video_probe() Greg Kroah-Hartman
` (281 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kaiwan N Billimoria, Peter Zijlstra,
Josh Poimboeuf, Sasha Levin
From: Josh Poimboeuf <jpoimboe@kernel.org>
[ Upstream commit 1d1a0e7c5100d332583e20b40aa8c0a8ed3d7849 ]
There have been some recent reports of faddr2line failures:
$ scripts/faddr2line sound/soundcore.ko sound_devnode+0x5/0x35
bad symbol size: base: 0x0000000000000000 end: 0x0000000000000000
$ ./scripts/faddr2line vmlinux.o enter_from_user_mode+0x24
bad symbol size: base: 0x0000000000005fe0 end: 0x0000000000005fe0
The problem is that faddr2line is based on 'nm', which has a major
limitation: it doesn't know how to distinguish between different text
sections. So if an offset exists in multiple text sections in the
object, it may fail.
Rewrite faddr2line to be section-aware, by basing it on readelf.
Fixes: 67326666e2d4 ("scripts: add script for translating stack dump function offsets")
Reported-by: Kaiwan N Billimoria <kaiwan.billimoria@gmail.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/29ff99f86e3da965b6e46c1cc2d72ce6528c17c3.1652382321.git.jpoimboe@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/faddr2line | 150 +++++++++++++++++++++++++++++----------------
1 file changed, 97 insertions(+), 53 deletions(-)
diff --git a/scripts/faddr2line b/scripts/faddr2line
index 6c6439f69a72..0e6268d59883 100755
--- a/scripts/faddr2line
+++ b/scripts/faddr2line
@@ -44,17 +44,6 @@
set -o errexit
set -o nounset
-READELF="${CROSS_COMPILE:-}readelf"
-ADDR2LINE="${CROSS_COMPILE:-}addr2line"
-SIZE="${CROSS_COMPILE:-}size"
-NM="${CROSS_COMPILE:-}nm"
-
-command -v awk >/dev/null 2>&1 || die "awk isn't installed"
-command -v ${READELF} >/dev/null 2>&1 || die "readelf isn't installed"
-command -v ${ADDR2LINE} >/dev/null 2>&1 || die "addr2line isn't installed"
-command -v ${SIZE} >/dev/null 2>&1 || die "size isn't installed"
-command -v ${NM} >/dev/null 2>&1 || die "nm isn't installed"
-
usage() {
echo "usage: faddr2line [--list] <object file> <func+offset> <func+offset>..." >&2
exit 1
@@ -69,6 +58,14 @@ die() {
exit 1
}
+READELF="${CROSS_COMPILE:-}readelf"
+ADDR2LINE="${CROSS_COMPILE:-}addr2line"
+AWK="awk"
+
+command -v ${AWK} >/dev/null 2>&1 || die "${AWK} isn't installed"
+command -v ${READELF} >/dev/null 2>&1 || die "${READELF} isn't installed"
+command -v ${ADDR2LINE} >/dev/null 2>&1 || die "${ADDR2LINE} isn't installed"
+
# Try to figure out the source directory prefix so we can remove it from the
# addr2line output. HACK ALERT: This assumes that start_kernel() is in
# init/main.c! This only works for vmlinux. Otherwise it falls back to
@@ -76,7 +73,7 @@ die() {
find_dir_prefix() {
local objfile=$1
- local start_kernel_addr=$(${READELF} -sW $objfile | awk '$8 == "start_kernel" {printf "0x%s", $2}')
+ local start_kernel_addr=$(${READELF} --symbols --wide $objfile | ${AWK} '$8 == "start_kernel" {printf "0x%s", $2}')
[[ -z $start_kernel_addr ]] && return
local file_line=$(${ADDR2LINE} -e $objfile $start_kernel_addr)
@@ -97,86 +94,133 @@ __faddr2line() {
local dir_prefix=$3
local print_warnings=$4
- local func=${func_addr%+*}
+ local sym_name=${func_addr%+*}
local offset=${func_addr#*+}
offset=${offset%/*}
- local size=
- [[ $func_addr =~ "/" ]] && size=${func_addr#*/}
+ local user_size=
+ [[ $func_addr =~ "/" ]] && user_size=${func_addr#*/}
- if [[ -z $func ]] || [[ -z $offset ]] || [[ $func = $func_addr ]]; then
+ if [[ -z $sym_name ]] || [[ -z $offset ]] || [[ $sym_name = $func_addr ]]; then
warn "bad func+offset $func_addr"
DONE=1
return
fi
# Go through each of the object's symbols which match the func name.
- # In rare cases there might be duplicates.
- file_end=$(${SIZE} -Ax $objfile | awk '$1 == ".text" {print $2}')
- while read symbol; do
- local fields=($symbol)
- local sym_base=0x${fields[0]}
- local sym_type=${fields[1]}
- local sym_end=${fields[3]}
-
- # calculate the size
- local sym_size=$(($sym_end - $sym_base))
+ # In rare cases there might be duplicates, in which case we print all
+ # matches.
+ while read line; do
+ local fields=($line)
+ local sym_addr=0x${fields[1]}
+ local sym_elf_size=${fields[2]}
+ local sym_sec=${fields[6]}
+
+ # Get the section size:
+ local sec_size=$(${READELF} --section-headers --wide $objfile |
+ sed 's/\[ /\[/' |
+ ${AWK} -v sec=$sym_sec '$1 == "[" sec "]" { print "0x" $6; exit }')
+
+ if [[ -z $sec_size ]]; then
+ warn "bad section size: section: $sym_sec"
+ DONE=1
+ return
+ fi
+
+ # Calculate the symbol size.
+ #
+ # Unfortunately we can't use the ELF size, because kallsyms
+ # also includes the padding bytes in its size calculation. For
+ # kallsyms, the size calculation is the distance between the
+ # symbol and the next symbol in a sorted list.
+ local sym_size
+ local cur_sym_addr
+ local found=0
+ while read line; do
+ local fields=($line)
+ cur_sym_addr=0x${fields[1]}
+ local cur_sym_elf_size=${fields[2]}
+ local cur_sym_name=${fields[7]:-}
+
+ if [[ $cur_sym_addr = $sym_addr ]] &&
+ [[ $cur_sym_elf_size = $sym_elf_size ]] &&
+ [[ $cur_sym_name = $sym_name ]]; then
+ found=1
+ continue
+ fi
+
+ if [[ $found = 1 ]]; then
+ sym_size=$(($cur_sym_addr - $sym_addr))
+ [[ $sym_size -lt $sym_elf_size ]] && continue;
+ found=2
+ break
+ fi
+ done < <(${READELF} --symbols --wide $objfile | ${AWK} -v sec=$sym_sec '$7 == sec' | sort --key=2)
+
+ if [[ $found = 0 ]]; then
+ warn "can't find symbol: sym_name: $sym_name sym_sec: $sym_sec sym_addr: $sym_addr sym_elf_size: $sym_elf_size"
+ DONE=1
+ return
+ fi
+
+ # If nothing was found after the symbol, assume it's the last
+ # symbol in the section.
+ [[ $found = 1 ]] && sym_size=$(($sec_size - $sym_addr))
+
if [[ -z $sym_size ]] || [[ $sym_size -le 0 ]]; then
- warn "bad symbol size: base: $sym_base end: $sym_end"
+ warn "bad symbol size: sym_addr: $sym_addr cur_sym_addr: $cur_sym_addr"
DONE=1
return
fi
+
sym_size=0x$(printf %x $sym_size)
- # calculate the address
- local addr=$(($sym_base + $offset))
+ # Calculate the section address from user-supplied offset:
+ local addr=$(($sym_addr + $offset))
if [[ -z $addr ]] || [[ $addr = 0 ]]; then
- warn "bad address: $sym_base + $offset"
+ warn "bad address: $sym_addr + $offset"
DONE=1
return
fi
addr=0x$(printf %x $addr)
- # weed out non-function symbols
- if [[ $sym_type != t ]] && [[ $sym_type != T ]]; then
- [[ $print_warnings = 1 ]] &&
- echo "skipping $func address at $addr due to non-function symbol of type '$sym_type'"
- continue
- fi
-
- # if the user provided a size, make sure it matches the symbol's size
- if [[ -n $size ]] && [[ $size -ne $sym_size ]]; then
+ # If the user provided a size, make sure it matches the symbol's size:
+ if [[ -n $user_size ]] && [[ $user_size -ne $sym_size ]]; then
[[ $print_warnings = 1 ]] &&
- echo "skipping $func address at $addr due to size mismatch ($size != $sym_size)"
+ echo "skipping $sym_name address at $addr due to size mismatch ($user_size != $sym_size)"
continue;
fi
- # make sure the provided offset is within the symbol's range
+ # Make sure the provided offset is within the symbol's range:
if [[ $offset -gt $sym_size ]]; then
[[ $print_warnings = 1 ]] &&
- echo "skipping $func address at $addr due to size mismatch ($offset > $sym_size)"
+ echo "skipping $sym_name address at $addr due to size mismatch ($offset > $sym_size)"
continue
fi
- # separate multiple entries with a blank line
+ # In case of duplicates or multiple addresses specified on the
+ # cmdline, separate multiple entries with a blank line:
[[ $FIRST = 0 ]] && echo
FIRST=0
- # pass real address to addr2line
- echo "$func+$offset/$sym_size:"
- local file_lines=$(${ADDR2LINE} -fpie $objfile $addr | sed "s; $dir_prefix\(\./\)*; ;")
- [[ -z $file_lines ]] && return
+ echo "$sym_name+$offset/$sym_size:"
+ # Pass section address to addr2line and strip absolute paths
+ # from the output:
+ local output=$(${ADDR2LINE} -fpie $objfile $addr | sed "s; $dir_prefix\(\./\)*; ;")
+ [[ -z $output ]] && continue
+
+ # Default output (non --list):
if [[ $LIST = 0 ]]; then
- echo "$file_lines" | while read -r line
+ echo "$output" | while read -r line
do
echo $line
done
DONE=1;
- return
+ continue
fi
- # show each line with context
- echo "$file_lines" | while read -r line
+ # For --list, show each line with its corresponding source code:
+ echo "$output" | while read -r line
do
echo
echo $line
@@ -184,12 +228,12 @@ __faddr2line() {
n1=$[$n-5]
n2=$[$n+5]
f=$(echo $line | sed 's/.*at \(.\+\):.*/\1/g')
- awk 'NR>=strtonum("'$n1'") && NR<=strtonum("'$n2'") { if (NR=='$n') printf(">%d<", NR); else printf(" %d ", NR); printf("\t%s\n", $0)}' $f
+ ${AWK} 'NR>=strtonum("'$n1'") && NR<=strtonum("'$n2'") { if (NR=='$n') printf(">%d<", NR); else printf(" %d ", NR); printf("\t%s\n", $0)}' $f
done
DONE=1
- done < <(${NM} -n $objfile | awk -v fn=$func -v end=$file_end '$3 == fn { found=1; line=$0; start=$1; next } found == 1 { found=0; print line, "0x"$1 } END {if (found == 1) print line, end; }')
+ done < <(${READELF} --symbols --wide $objfile | ${AWK} -v fn=$sym_name '$4 == "FUNC" && $8 == fn')
}
[[ $# -lt 2 ]] && usage
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 135/411] media: aspeed: Fix an error handling path in aspeed_video_probe()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 134/411] scripts/faddr2line: Fix overlapping text section failures Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 136/411] media: st-delta: Fix PM disable depth imbalance in delta_probe Greg Kroah-Hartman
` (280 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 310fda622bbd38be17fb444f7f049b137af3bc0d ]
A dma_free_coherent() call is missing in the error handling path of the
probe, as already done in the remove function.
In fact, this call is included in aspeed_video_free_buf(). So use the
latter both in the error handling path of the probe and in the remove
function.
It is easier to see the relation with aspeed_video_alloc_buf() this way.
Fixes: d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/aspeed-video.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/aspeed-video.c b/drivers/media/platform/aspeed-video.c
index c87eddb1c93f..c3f0b143330a 100644
--- a/drivers/media/platform/aspeed-video.c
+++ b/drivers/media/platform/aspeed-video.c
@@ -1688,6 +1688,7 @@ static int aspeed_video_probe(struct platform_device *pdev)
rc = aspeed_video_setup_video(video);
if (rc) {
+ aspeed_video_free_buf(video, &video->jpeg);
clk_unprepare(video->vclk);
clk_unprepare(video->eclk);
return rc;
@@ -1715,8 +1716,7 @@ static int aspeed_video_remove(struct platform_device *pdev)
v4l2_device_unregister(v4l2_dev);
- dma_free_coherent(video->dev, VE_JPEG_HEADER_SIZE, video->jpeg.virt,
- video->jpeg.dma);
+ aspeed_video_free_buf(video, &video->jpeg);
of_reserved_mem_device_release(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 136/411] media: st-delta: Fix PM disable depth imbalance in delta_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 135/411] media: aspeed: Fix an error handling path in aspeed_video_probe() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 137/411] media: exynos4-is: Change clk_disable to clk_disable_unprepare Greg Kroah-Hartman
` (279 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Hugues Fruchet,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 94e3dba710fe0afc772172305444250023fc2d30 ]
The pm_runtime_enable will decrease power disable depth.
If the probe fails, we should use pm_runtime_disable() to balance
pm_runtime_enable().
Fixes: f386509e4959 ("[media] st-delta: STiH4xx multi-format video decoder v4l2 driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Acked-by: Hugues Fruchet <hugues.fruchet@foss.st.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/sti/delta/delta-v4l2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/sti/delta/delta-v4l2.c b/drivers/media/platform/sti/delta/delta-v4l2.c
index 2791107e641b..29732b49a2cd 100644
--- a/drivers/media/platform/sti/delta/delta-v4l2.c
+++ b/drivers/media/platform/sti/delta/delta-v4l2.c
@@ -1862,7 +1862,7 @@ static int delta_probe(struct platform_device *pdev)
if (ret) {
dev_err(delta->dev, "%s failed to initialize firmware ipc channel\n",
DELTA_PREFIX);
- goto err;
+ goto err_pm_disable;
}
/* register all available decoders */
@@ -1876,7 +1876,7 @@ static int delta_probe(struct platform_device *pdev)
if (ret) {
dev_err(delta->dev, "%s failed to register V4L2 device\n",
DELTA_PREFIX);
- goto err;
+ goto err_pm_disable;
}
delta->work_queue = create_workqueue(DELTA_NAME);
@@ -1901,6 +1901,8 @@ static int delta_probe(struct platform_device *pdev)
destroy_workqueue(delta->work_queue);
err_v4l2:
v4l2_device_unregister(&delta->v4l2_dev);
+err_pm_disable:
+ pm_runtime_disable(dev);
err:
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 137/411] media: exynos4-is: Change clk_disable to clk_disable_unprepare
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 136/411] media: st-delta: Fix PM disable depth imbalance in delta_probe Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 138/411] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Greg Kroah-Hartman
` (278 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9fadab72a6916c7507d7fedcd644859eef995078 ]
The corresponding API for clk_prepare_enable is clk_disable_unprepare,
other than clk_disable.
Fix this by changing clk_disable to clk_disable_unprepare.
Fixes: b4155d7d5b2c ("[media] exynos4-is: Ensure fimc-is clocks are not enabled until properly configured")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-is.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-is.c b/drivers/media/platform/exynos4-is/fimc-is.c
index 64148b7e0d98..9bb14bb2e498 100644
--- a/drivers/media/platform/exynos4-is/fimc-is.c
+++ b/drivers/media/platform/exynos4-is/fimc-is.c
@@ -141,7 +141,7 @@ static int fimc_is_enable_clocks(struct fimc_is *is)
dev_err(&is->pdev->dev, "clock %s enable failed\n",
fimc_is_clocks[i]);
for (--i; i >= 0; i--)
- clk_disable(is->clocks[i]);
+ clk_disable_unprepare(is->clocks[i]);
return ret;
}
pr_debug("enabled clock: %s\n", fimc_is_clocks[i]);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 138/411] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 137/411] media: exynos4-is: Change clk_disable to clk_disable_unprepare Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 139/411] media: vsp1: Fix offset calculation for plane cropping Greg Kroah-Hartman
` (277 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin, syzbot+1a247e36149ffd709a9b
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 471bec68457aaf981add77b4f590d65dd7da1059 ]
Syzbot reported that -1 is used as array index. The problem was in
missing validation check.
hdw->unit_number is initialized with -1 and then if init table walk fails
this value remains unchanged. Since code blindly uses this member for
array indexing adding sanity check is the easiest fix for that.
hdw->workpoll initialization moved upper to prevent warning in
__flush_work.
Reported-and-tested-by: syzbot+1a247e36149ffd709a9b@syzkaller.appspotmail.com
Fixes: d855497edbfb ("V4L/DVB (4228a): pvrusb2 to kernel 2.6.18")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
index 2f00679f65a0..11e7fcfc3f19 100644
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
@@ -2570,6 +2570,11 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf,
} while (0);
mutex_unlock(&pvr2_unit_mtx);
+ INIT_WORK(&hdw->workpoll, pvr2_hdw_worker_poll);
+
+ if (hdw->unit_number == -1)
+ goto fail;
+
cnt1 = 0;
cnt2 = scnprintf(hdw->name+cnt1,sizeof(hdw->name)-cnt1,"pvrusb2");
cnt1 += cnt2;
@@ -2581,8 +2586,6 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf,
if (cnt1 >= sizeof(hdw->name)) cnt1 = sizeof(hdw->name)-1;
hdw->name[cnt1] = 0;
- INIT_WORK(&hdw->workpoll,pvr2_hdw_worker_poll);
-
pvr2_trace(PVR2_TRACE_INIT,"Driver unit number is %d, name is %s",
hdw->unit_number,hdw->name);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 139/411] media: vsp1: Fix offset calculation for plane cropping
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 138/411] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 140/411] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Greg Kroah-Hartman
` (276 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Rodin, LUU HOAI,
Laurent Pinchart, Kieran Bingham, Mauro Carvalho Chehab,
Sasha Levin
From: Michael Rodin <mrodin@de.adit-jv.com>
[ Upstream commit 5f25abec8f21b7527c1223a354d23c270befddb3 ]
The vertical subsampling factor is currently not considered in the
offset calculation for plane cropping done in rpf_configure_partition.
This causes a distortion (shift of the color plane) when formats with
the vsub factor larger than 1 are used (e.g. NV12, see
vsp1_video_formats in vsp1_pipe.c). This commit considers vsub factor
for all planes except plane 0 (luminance).
Drop generalization of the offset calculation to reduce the binary size.
Fixes: e5ad37b64de9 ("[media] v4l: vsp1: Add cropping support")
Signed-off-by: Michael Rodin <mrodin@de.adit-jv.com>
Signed-off-by: LUU HOAI <hoai.luu.ub@renesas.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vsp1/vsp1_rpf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/vsp1/vsp1_rpf.c b/drivers/media/platform/vsp1/vsp1_rpf.c
index 85587c1b6a37..75083cb234fe 100644
--- a/drivers/media/platform/vsp1/vsp1_rpf.c
+++ b/drivers/media/platform/vsp1/vsp1_rpf.c
@@ -291,11 +291,11 @@ static void rpf_configure_partition(struct vsp1_entity *entity,
+ crop.left * fmtinfo->bpp[0] / 8;
if (format->num_planes > 1) {
+ unsigned int bpl = format->plane_fmt[1].bytesperline;
unsigned int offset;
- offset = crop.top * format->plane_fmt[1].bytesperline
- + crop.left / fmtinfo->hsub
- * fmtinfo->bpp[1] / 8;
+ offset = crop.top / fmtinfo->vsub * bpl
+ + crop.left / fmtinfo->hsub * fmtinfo->bpp[1] / 8;
mem.addr[1] += offset;
mem.addr[2] += offset;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 140/411] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 139/411] media: vsp1: Fix offset calculation for plane cropping Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 141/411] m68k: math-emu: Fix dependencies of math emulation support Greg Kroah-Hartman
` (275 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+2bef95d3ab4daa10155b,
Ying Hsu, Joseph Hwang, Marcel Holtmann, Sasha Levin
From: Ying Hsu <yinghsu@chromium.org>
[ Upstream commit 7aa1e7d15f8a5b65f67bacb100d8fc033b21efa2 ]
Connecting the same socket twice consecutively in sco_sock_connect()
could lead to a race condition where two sco_conn objects are created
but only one is associated with the socket. If the socket is closed
before the SCO connection is established, the timer associated with the
dangling sco_conn object won't be canceled. As the sock object is being
freed, the use-after-free problem happens when the timer callback
function sco_sock_timeout() accesses the socket. Here's the call trace:
dump_stack+0x107/0x163
? refcount_inc+0x1c/
print_address_description.constprop.0+0x1c/0x47e
? refcount_inc+0x1c/0x7b
kasan_report+0x13a/0x173
? refcount_inc+0x1c/0x7b
check_memory_region+0x132/0x139
refcount_inc+0x1c/0x7b
sco_sock_timeout+0xb2/0x1ba
process_one_work+0x739/0xbd1
? cancel_delayed_work+0x13f/0x13f
? __raw_spin_lock_init+0xf0/0xf0
? to_kthread+0x59/0x85
worker_thread+0x593/0x70e
kthread+0x346/0x35a
? drain_workqueue+0x31a/0x31a
? kthread_bind+0x4b/0x4b
ret_from_fork+0x1f/0x30
Link: https://syzkaller.appspot.com/bug?extid=2bef95d3ab4daa10155b
Reported-by: syzbot+2bef95d3ab4daa10155b@syzkaller.appspotmail.com
Fixes: e1dee2c1de2b ("Bluetooth: fix repeated calls to sco_sock_kill")
Signed-off-by: Ying Hsu <yinghsu@chromium.org>
Reviewed-by: Joseph Hwang <josephsih@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/sco.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 2c616c1c6295..fbfb12e43010 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -563,19 +563,24 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
- if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
- return -EBADFD;
+ lock_sock(sk);
+ if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
+ err = -EBADFD;
+ goto done;
+ }
- if (sk->sk_type != SOCK_SEQPACKET)
- return -EINVAL;
+ if (sk->sk_type != SOCK_SEQPACKET) {
+ err = -EINVAL;
+ goto done;
+ }
hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
- if (!hdev)
- return -EHOSTUNREACH;
+ if (!hdev) {
+ err = -EHOSTUNREACH;
+ goto done;
+ }
hci_dev_lock(hdev);
- lock_sock(sk);
-
/* Set destination address and psm */
bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 141/411] m68k: math-emu: Fix dependencies of math emulation support
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 140/411] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 142/411] sctp: read sk->sk_bound_dev_if once in sctp_rcv() Greg Kroah-Hartman
` (274 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Geert Uytterhoeven, Greg Ungerer, Sasha Levin
From: Geert Uytterhoeven <geert@linux-m68k.org>
[ Upstream commit ed6bc6bf0a7d75e80eb1df883c09975ebb74e590 ]
If CONFIG_M54xx=y, CONFIG_MMU=y, and CONFIG_M68KFPU_EMU=y:
{standard input}:272: Error: invalid instruction for this architecture; needs 68000 or higher (68000 [68ec000, 68hc000, 68hc001, 68008, 68302, 68306, 68307, 68322, 68356], 68010, 68020 [68k, 68ec020], 68030 [68ec030], 68040 [68ec040], 68060 [68ec060], cpu32 [68330, 68331, 68332, 68333, 68334, 68336, 68340, 68341, 68349, 68360], fidoa [fido]) -- statement `sub.b %d1,%d3' ignored
{standard input}:609: Error: invalid instruction for this architecture; needs 68020 or higher (68020 [68k, 68ec020], 68030 [68ec030], 68040 [68ec040], 68060 [68ec060]) -- statement `bfextu 4(%a1){%d0,#8},%d0' ignored
{standard input}:752: Error: operands mismatch -- statement `mulu.l 4(%a0),%d3:%d0' ignored
{standard input}:1155: Error: operands mismatch -- statement `divu.l %d0,%d3:%d7' ignored
The math emulation support code is intended for 68020 and higher, and
uses several instructions or instruction modes not available on coldfire
or 68000.
Originally, the dependency of M68KFPU_EMU on MMU was fine, as MMU
support was only available on 68020 or higher. But this assumption
was broken by the introduction of MMU support for M547x and M548x.
Drop the dependency on MMU, as the code should work fine on 68020 and up
without MMU (which are not yet supported by Linux, though).
Add dependencies on M68KCLASSIC (to rule out Coldfire) and FPU (kernel
has some type of floating-point support --- be it hardware or software
emulated, to rule out anything below 68020).
Fixes: 1f7034b9616e6f14 ("m68k: allow ColdFire 547x and 548x CPUs to be built with MMU enabled")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: Greg Ungerer <gerg@linux-m68k.org>
Link: https://lore.kernel.org/r/18c34695b7c95107f60ccca82a4ff252f3edf477.1652446117.git.geert@linux-m68k.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/Kconfig.cpu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/m68k/Kconfig.cpu b/arch/m68k/Kconfig.cpu
index 60ac1cd8b96f..6bc7fc14163f 100644
--- a/arch/m68k/Kconfig.cpu
+++ b/arch/m68k/Kconfig.cpu
@@ -309,7 +309,7 @@ comment "Processor Specific Options"
config M68KFPU_EMU
bool "Math emulation support"
- depends on MMU
+ depends on M68KCLASSIC && FPU
help
At some point in the future, this will cause floating-point math
instructions to be emulated by the kernel on machines that lack a
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 142/411] sctp: read sk->sk_bound_dev_if once in sctp_rcv()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 141/411] m68k: math-emu: Fix dependencies of math emulation support Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 143/411] media: ov7670: remove ov7670_power_off from ov7670_remove Greg Kroah-Hartman
` (273 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Neil Horman,
Vlad Yasevich, Marcelo Ricardo Leitner, David S. Miller,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a20ea298071f46effa3aaf965bf9bb34c901db3f ]
sctp_rcv() reads sk->sk_bound_dev_if twice while the socket
is not locked. Another cpu could change this field under us.
Fixes: 0fd9a65a76e8 ("[SCTP] Support SO_BINDTODEVICE socket option on incoming packets.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/input.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/sctp/input.c b/net/sctp/input.c
index 9616b600a876..c306cb25f524 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -92,6 +92,7 @@ int sctp_rcv(struct sk_buff *skb)
struct sctp_chunk *chunk;
union sctp_addr src;
union sctp_addr dest;
+ int bound_dev_if;
int family;
struct sctp_af *af;
struct net *net = dev_net(skb->dev);
@@ -169,7 +170,8 @@ int sctp_rcv(struct sk_buff *skb)
* If a frame arrives on an interface and the receiving socket is
* bound to another interface, via SO_BINDTODEVICE, treat it as OOTB
*/
- if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb))) {
+ bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
+ if (bound_dev_if && (bound_dev_if != af->skb_iif(skb))) {
if (transport) {
sctp_transport_put(transport);
asoc = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 143/411] media: ov7670: remove ov7670_power_off from ov7670_remove
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 142/411] sctp: read sk->sk_bound_dev_if once in sctp_rcv() Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 144/411] ext4: reject the commit option on ext2 filesystems Greg Kroah-Hartman
` (272 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dongliang Mu, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 5bf19572e31375368f19edd2dbb2e0789518bb99 ]
In ov7670_probe, it always invokes ov7670_power_off() no matter
the execution is successful or failed. So we cannot invoke it
agiain in ov7670_remove().
Fix this by removing ov7670_power_off from ov7670_remove.
Fixes: 030f9f682e66 ("media: ov7670: control clock along with power")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov7670.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/media/i2c/ov7670.c b/drivers/media/i2c/ov7670.c
index b42b289faaef..154776d0069e 100644
--- a/drivers/media/i2c/ov7670.c
+++ b/drivers/media/i2c/ov7670.c
@@ -2000,7 +2000,6 @@ static int ov7670_remove(struct i2c_client *client)
v4l2_async_unregister_subdev(sd);
v4l2_ctrl_handler_free(&info->hdl);
media_entity_cleanup(&info->sd.entity);
- ov7670_power_off(sd);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 144/411] ext4: reject the commit option on ext2 filesystems
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 143/411] media: ov7670: remove ov7670_power_off from ov7670_remove Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 145/411] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init Greg Kroah-Hartman
` (271 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, Ritesh Harjani,
Lukas Czerner, Sasha Levin
From: Eric Biggers <ebiggers@google.com>
[ Upstream commit cb8435dc8ba33bcafa41cf2aa253794320a3b8df ]
The 'commit' option is only applicable for ext3 and ext4 filesystems,
and has never been accepted by the ext2 filesystem driver, so the ext4
driver shouldn't allow it on ext2 filesystems.
This fixes a failure in xfstest ext4/053.
Fixes: 8dc0aa8cf0f7 ("ext4: check incompatible mount options while mounting ext2/3")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ritesh Harjani <ritesh.list@gmail.com>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Link: https://lore.kernel.org/r/20220510183232.172615-1-ebiggers@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index c13879bd2168..eba2506f4399 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1703,6 +1703,7 @@ static const struct mount_opts {
MOPT_EXT4_ONLY | MOPT_CLEAR},
{Opt_warn_on_error, EXT4_MOUNT_WARN_ON_ERROR, MOPT_SET},
{Opt_nowarn_on_error, EXT4_MOUNT_WARN_ON_ERROR, MOPT_CLEAR},
+ {Opt_commit, 0, MOPT_NO_EXT2},
{Opt_nojournal_checksum, EXT4_MOUNT_JOURNAL_CHECKSUM,
MOPT_EXT4_ONLY | MOPT_CLEAR},
{Opt_journal_checksum, EXT4_MOUNT_JOURNAL_CHECKSUM,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 145/411] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 144/411] ext4: reject the commit option on ext2 filesystems Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 146/411] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() Greg Kroah-Hartman
` (270 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Akhil P Oommen,
Rob Clark, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit c56de483093d7ad0782327f95dda7da97bc4c315 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
a6xx_gmu_init() passes the node to of_find_device_by_node()
and of_dma_configure(), of_find_device_by_node() will takes its
reference, of_dma_configure() doesn't need the node after usage.
Add missing of_node_put() to avoid refcount leak.
Fixes: 4b565ca5a2cb ("drm/msm: Add A6XX device support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Akhil P Oommen <quic_akhilpo@quicinc.com>
Link: https://lore.kernel.org/r/20220512121955.56937-1-linmq006@gmail.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
index df2656e57991..a3ae6c1d341b 100644
--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
@@ -891,6 +891,7 @@ struct msm_gpu *a6xx_gpu_init(struct drm_device *dev)
BUG_ON(!node);
ret = a6xx_gmu_init(a6xx_gpu, node);
+ of_node_put(node);
if (ret) {
a6xx_destroy(&(a6xx_gpu->base.base));
return ERR_PTR(ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 146/411] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 145/411] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init Greg Kroah-Hartman
@ 2022-06-13 10:06 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 147/411] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe Greg Kroah-Hartman
` (269 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:06 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Rob Clark, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 947a844bb3ebff0f4736d244d792ce129f6700d7 ]
drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo
needs to be put when msm_gem_get_and_pin_iova fails.
Fixes: e172d10a9c4a ("drm/msm/mdp5: Add hardware cursor support")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220509061125.18585-1-hbh25y@gmail.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
index 9afbce3cb87b..03d60eb09257 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
@@ -909,8 +909,10 @@ static int mdp5_crtc_cursor_set(struct drm_crtc *crtc,
ret = msm_gem_get_and_pin_iova(cursor_bo, kms->aspace,
&mdp5_crtc->cursor.iova);
- if (ret)
+ if (ret) {
+ drm_gem_object_put(cursor_bo);
return -EINVAL;
+ }
pm_runtime_get_sync(&pdev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 147/411] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-06-13 10:06 ` [PATCH 5.4 146/411] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 148/411] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() Greg Kroah-Hartman
` (268 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Daniel Lezcano, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit e20d136ec7d6f309989c447638365840d3424c8e ]
platform_get_resource() may return NULL, add proper check to
avoid potential NULL dereferencing.
Fixes: 250e211057c72 ("thermal: broadcom: Add Stingray thermal driver")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Link: https://lore.kernel.org/r/20220425092929.90412-1-zhengyongjun3@huawei.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/broadcom/sr-thermal.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/thermal/broadcom/sr-thermal.c b/drivers/thermal/broadcom/sr-thermal.c
index 475ce2900771..85ab9edd580c 100644
--- a/drivers/thermal/broadcom/sr-thermal.c
+++ b/drivers/thermal/broadcom/sr-thermal.c
@@ -60,6 +60,9 @@ static int sr_thermal_probe(struct platform_device *pdev)
return -ENOMEM;
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!res)
+ return -ENOENT;
+
sr_thermal->regs = (void __iomem *)devm_memremap(&pdev->dev, res->start,
resource_size(res),
MEMREMAP_WB);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 148/411] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 147/411] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 149/411] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx Greg Kroah-Hartman
` (267 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Charles Keepax,
Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit be2af740e2a9c7134f2d8ab4f104006e110b13de ]
Fix the missing clk_disable_unprepare() before return
from wm2000_anc_transition() in the error handling case.
Fixes: 514cfd6dd725 ("ASoC: wm2000: Integrate with clock API")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220514091053.686416-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm2000.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm2000.c b/sound/soc/codecs/wm2000.c
index 72e165cc6443..97ece3114b3d 100644
--- a/sound/soc/codecs/wm2000.c
+++ b/sound/soc/codecs/wm2000.c
@@ -536,7 +536,7 @@ static int wm2000_anc_transition(struct wm2000_priv *wm2000,
{
struct i2c_client *i2c = wm2000->i2c;
int i, j;
- int ret;
+ int ret = 0;
if (wm2000->anc_mode == mode)
return 0;
@@ -566,13 +566,13 @@ static int wm2000_anc_transition(struct wm2000_priv *wm2000,
ret = anc_transitions[i].step[j](i2c,
anc_transitions[i].analogue);
if (ret != 0)
- return ret;
+ break;
}
if (anc_transitions[i].dest == ANC_OFF)
clk_disable_unprepare(wm2000->mclk);
- return 0;
+ return ret;
}
static int wm2000_anc_set_mode(struct wm2000_priv *wm2000)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 149/411] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 148/411] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 150/411] rxrpc: Fix listen() setting the bar too high for the prealloc rings Greg Kroah-Hartman
` (266 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Krzysztof Kozlowski,
Jakub Kicinski, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit b413b0cb008646e9f24ce5253cb3cf7ee217aff6 ]
There are sleep in atomic context bugs when the request to secure
element of st21nfca is timeout. The root cause is that kzalloc and
alloc_skb with GFP_KERNEL parameter and mutex_lock are called in
st21nfca_se_wt_timeout which is a timer handler. The call tree shows
the execution paths that could lead to bugs:
(Interrupt context)
st21nfca_se_wt_timeout
nfc_hci_send_event
nfc_hci_hcp_message_tx
kzalloc(..., GFP_KERNEL) //may sleep
alloc_skb(..., GFP_KERNEL) //may sleep
mutex_lock() //may sleep
This patch moves the operations that may sleep into a work item.
The work item will run in another kernel thread which is in
process context to execute the bottom half of the interrupt.
So it could prevent atomic context from sleeping.
Fixes: 2130fb97fecf ("NFC: st21nfca: Adding support for secure element")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220518115733.62111-1-duoming@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st21nfca/se.c | 17 ++++++++++++++---
drivers/nfc/st21nfca/st21nfca.h | 1 +
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c
index a7ab6dab0f32..5256195f313b 100644
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -241,7 +241,7 @@ int st21nfca_hci_se_io(struct nfc_hci_dev *hdev, u32 se_idx,
}
EXPORT_SYMBOL(st21nfca_hci_se_io);
-static void st21nfca_se_wt_timeout(struct timer_list *t)
+static void st21nfca_se_wt_work(struct work_struct *work)
{
/*
* No answer from the secure element
@@ -254,8 +254,9 @@ static void st21nfca_se_wt_timeout(struct timer_list *t)
*/
/* hardware reset managed through VCC_UICC_OUT power supply */
u8 param = 0x01;
- struct st21nfca_hci_info *info = from_timer(info, t,
- se_info.bwi_timer);
+ struct st21nfca_hci_info *info = container_of(work,
+ struct st21nfca_hci_info,
+ se_info.timeout_work);
pr_debug("\n");
@@ -273,6 +274,13 @@ static void st21nfca_se_wt_timeout(struct timer_list *t)
info->se_info.cb(info->se_info.cb_context, NULL, 0, -ETIME);
}
+static void st21nfca_se_wt_timeout(struct timer_list *t)
+{
+ struct st21nfca_hci_info *info = from_timer(info, t, se_info.bwi_timer);
+
+ schedule_work(&info->se_info.timeout_work);
+}
+
static void st21nfca_se_activation_timeout(struct timer_list *t)
{
struct st21nfca_hci_info *info = from_timer(info, t,
@@ -365,6 +373,7 @@ int st21nfca_apdu_reader_event_received(struct nfc_hci_dev *hdev,
switch (event) {
case ST21NFCA_EVT_TRANSMIT_DATA:
del_timer_sync(&info->se_info.bwi_timer);
+ cancel_work_sync(&info->se_info.timeout_work);
info->se_info.bwi_active = false;
r = nfc_hci_send_event(hdev, ST21NFCA_DEVICE_MGNT_GATE,
ST21NFCA_EVT_SE_END_OF_APDU_TRANSFER, NULL, 0);
@@ -394,6 +403,7 @@ void st21nfca_se_init(struct nfc_hci_dev *hdev)
struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
init_completion(&info->se_info.req_completion);
+ INIT_WORK(&info->se_info.timeout_work, st21nfca_se_wt_work);
/* initialize timers */
timer_setup(&info->se_info.bwi_timer, st21nfca_se_wt_timeout, 0);
info->se_info.bwi_active = false;
@@ -421,6 +431,7 @@ void st21nfca_se_deinit(struct nfc_hci_dev *hdev)
if (info->se_info.se_active)
del_timer_sync(&info->se_info.se_active_timer);
+ cancel_work_sync(&info->se_info.timeout_work);
info->se_info.bwi_active = false;
info->se_info.se_active = false;
}
diff --git a/drivers/nfc/st21nfca/st21nfca.h b/drivers/nfc/st21nfca/st21nfca.h
index 5e0de0fef1d4..0e4a93d11efb 100644
--- a/drivers/nfc/st21nfca/st21nfca.h
+++ b/drivers/nfc/st21nfca/st21nfca.h
@@ -141,6 +141,7 @@ struct st21nfca_se_info {
se_io_cb_t cb;
void *cb_context;
+ struct work_struct timeout_work;
};
struct st21nfca_hci_info {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 150/411] rxrpc: Fix listen() setting the bar too high for the prealloc rings
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 149/411] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 151/411] rxrpc: Dont try to resend the request if were receiving the reply Greg Kroah-Hartman
` (265 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Dionne, David Howells,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 88e22159750b0d55793302eeed8ee603f5c1a95c ]
AF_RXRPC's listen() handler lets you set the backlog up to 32 (if you bump
up the sysctl), but whilst the preallocation circular buffers have 32 slots
in them, one of them has to be a dead slot because we're using CIRC_CNT().
This means that listen(rxrpc_sock, 32) will cause an oops when the socket
is closed because rxrpc_service_prealloc_one() allocated one too many calls
and rxrpc_discard_prealloc() won't then be able to get rid of them because
it'll think the ring is empty. rxrpc_release_calls_on_socket() then tries
to abort them, but oopses because call->peer isn't yet set.
Fix this by setting the maximum backlog to RXRPC_BACKLOG_MAX - 1 to match
the ring capacity.
BUG: kernel NULL pointer dereference, address: 0000000000000086
...
RIP: 0010:rxrpc_send_abort_packet+0x73/0x240 [rxrpc]
Call Trace:
<TASK>
? __wake_up_common_lock+0x7a/0x90
? rxrpc_notify_socket+0x8e/0x140 [rxrpc]
? rxrpc_abort_call+0x4c/0x60 [rxrpc]
rxrpc_release_calls_on_socket+0x107/0x1a0 [rxrpc]
rxrpc_release+0xc9/0x1c0 [rxrpc]
__sock_release+0x37/0xa0
sock_close+0x11/0x20
__fput+0x89/0x240
task_work_run+0x59/0x90
do_exit+0x319/0xaa0
Fixes: 00e907127e6f ("rxrpc: Preallocate peers, conns and calls for incoming service requests")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Link: https://lists.infradead.org/pipermail/linux-afs/2022-March/005079.html
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/sysctl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/rxrpc/sysctl.c b/net/rxrpc/sysctl.c
index 18dade4e6f9a..8fc419072505 100644
--- a/net/rxrpc/sysctl.c
+++ b/net/rxrpc/sysctl.c
@@ -12,7 +12,7 @@
static struct ctl_table_header *rxrpc_sysctl_reg_table;
static const unsigned int four = 4;
-static const unsigned int thirtytwo = 32;
+static const unsigned int max_backlog = RXRPC_BACKLOG_MAX - 1;
static const unsigned int n_65535 = 65535;
static const unsigned int n_max_acks = RXRPC_RXTX_BUFF_SIZE - 1;
static const unsigned long one_jiffy = 1;
@@ -97,7 +97,7 @@ static struct ctl_table rxrpc_sysctl_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
.extra1 = (void *)&four,
- .extra2 = (void *)&thirtytwo,
+ .extra2 = (void *)&max_backlog,
},
{
.procname = "rx_window_size",
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 151/411] rxrpc: Dont try to resend the request if were receiving the reply
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 150/411] rxrpc: Fix listen() setting the bar too high for the prealloc rings Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 152/411] rxrpc: Fix overlapping ACK accounting Greg Kroah-Hartman
` (264 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, linux-afs,
David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 114af61f88fbe34d641b13922d098ffec4c1be1b ]
rxrpc has a timer to trigger resending of unacked data packets in a call.
This is not cancelled when a client call switches to the receive phase on
the basis that most calls don't last long enough for it to ever expire.
However, if it *does* expire after we've started to receive the reply, we
shouldn't then go into trying to retransmit or pinging the server to find
out if an ack got lost.
Fix this by skipping the resend code if we're into receiving the reply to a
client call.
Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/call_event.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/rxrpc/call_event.c b/net/rxrpc/call_event.c
index 80e15310f1b2..8574e7066d94 100644
--- a/net/rxrpc/call_event.c
+++ b/net/rxrpc/call_event.c
@@ -407,7 +407,8 @@ void rxrpc_process_call(struct work_struct *work)
goto recheck_state;
}
- if (test_and_clear_bit(RXRPC_CALL_EV_RESEND, &call->events)) {
+ if (test_and_clear_bit(RXRPC_CALL_EV_RESEND, &call->events) &&
+ call->state != RXRPC_CALL_CLIENT_RECV_REPLY) {
rxrpc_resend(call, now);
goto recheck_state;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 152/411] rxrpc: Fix overlapping ACK accounting
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 151/411] rxrpc: Dont try to resend the request if were receiving the reply Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 153/411] rxrpc: Dont let ack.previousPacket regress Greg Kroah-Hartman
` (263 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Jeffrey Altman,
Marc Dionne, linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 8940ba3cfe4841928777fd45eaa92051522c7f0c ]
Fix accidental overlapping of Rx-phase ACK accounting with Tx-phase ACK
accounting through variables shared between the two. call->acks_* members
refer to ACKs received in the Tx phase and call->ackr_* members to ACKs
sent/to be sent during the Rx phase.
Fixes: 1a2391c30c0b ("rxrpc: Fix detection of out of order acks")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jeffrey Altman <jaltman@auristor.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/ar-internal.h | 7 ++++---
net/rxrpc/input.c | 16 ++++++++--------
2 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 9fe264bec70c..8e72b77b33a9 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -665,10 +665,9 @@ struct rxrpc_call {
spinlock_t input_lock; /* Lock for packet input to this call */
- /* receive-phase ACK management */
+ /* Receive-phase ACK management (ACKs we send). */
u8 ackr_reason; /* reason to ACK */
rxrpc_serial_t ackr_serial; /* serial of packet being ACK'd */
- rxrpc_serial_t ackr_first_seq; /* first sequence number received */
rxrpc_seq_t ackr_prev_seq; /* previous sequence number received */
rxrpc_seq_t ackr_consumed; /* Highest packet shown consumed */
rxrpc_seq_t ackr_seen; /* Highest packet shown seen */
@@ -677,8 +676,10 @@ struct rxrpc_call {
rxrpc_serial_t ping_serial; /* Last ping sent */
ktime_t ping_time; /* Time last ping sent */
- /* transmission-phase ACK management */
+ /* Transmission-phase ACK management (ACKs we've received). */
ktime_t acks_latest_ts; /* Timestamp of latest ACK received */
+ rxrpc_seq_t acks_first_seq; /* first sequence number received */
+ rxrpc_seq_t acks_prev_seq; /* previous sequence number received */
rxrpc_seq_t acks_lowest_nak; /* Lowest NACK in the buffer (or ==tx_hard_ack) */
rxrpc_seq_t acks_lost_top; /* tx_top at the time lost-ack ping sent */
rxrpc_serial_t acks_lost_ping; /* Serial number of probe ACK */
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 916d1f455b21..164dcd8d684a 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -808,7 +808,7 @@ static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks,
static bool rxrpc_is_ack_valid(struct rxrpc_call *call,
rxrpc_seq_t first_pkt, rxrpc_seq_t prev_pkt)
{
- rxrpc_seq_t base = READ_ONCE(call->ackr_first_seq);
+ rxrpc_seq_t base = READ_ONCE(call->acks_first_seq);
if (after(first_pkt, base))
return true; /* The window advanced */
@@ -816,7 +816,7 @@ static bool rxrpc_is_ack_valid(struct rxrpc_call *call,
if (before(first_pkt, base))
return false; /* firstPacket regressed */
- if (after_eq(prev_pkt, call->ackr_prev_seq))
+ if (after_eq(prev_pkt, call->acks_prev_seq))
return true; /* previousPacket hasn't regressed. */
/* Some rx implementations put a serial number in previousPacket. */
@@ -891,8 +891,8 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
/* Discard any out-of-order or duplicate ACKs (outside lock). */
if (!rxrpc_is_ack_valid(call, first_soft_ack, prev_pkt)) {
trace_rxrpc_rx_discard_ack(call->debug_id, ack_serial,
- first_soft_ack, call->ackr_first_seq,
- prev_pkt, call->ackr_prev_seq);
+ first_soft_ack, call->acks_first_seq,
+ prev_pkt, call->acks_prev_seq);
return;
}
@@ -907,14 +907,14 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
/* Discard any out-of-order or duplicate ACKs (inside lock). */
if (!rxrpc_is_ack_valid(call, first_soft_ack, prev_pkt)) {
trace_rxrpc_rx_discard_ack(call->debug_id, ack_serial,
- first_soft_ack, call->ackr_first_seq,
- prev_pkt, call->ackr_prev_seq);
+ first_soft_ack, call->acks_first_seq,
+ prev_pkt, call->acks_prev_seq);
goto out;
}
call->acks_latest_ts = skb->tstamp;
- call->ackr_first_seq = first_soft_ack;
- call->ackr_prev_seq = prev_pkt;
+ call->acks_first_seq = first_soft_ack;
+ call->acks_prev_seq = prev_pkt;
/* Parse rwind and mtu sizes if provided. */
if (buf.info.rxMTU)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 153/411] rxrpc: Dont let ack.previousPacket regress
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 152/411] rxrpc: Fix overlapping ACK accounting Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 154/411] rxrpc: Fix decision on when to generate an IDLE ACK Greg Kroah-Hartman
` (262 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Marc Dionne,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 81524b6312535897707f2942695da1d359a5e56b ]
The previousPacket field in the rx ACK packet should never go backwards -
it's now the highest DATA sequence number received, not the last on
received (it used to be used for out of sequence detection).
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/ar-internal.h | 4 ++--
net/rxrpc/input.c | 4 +++-
net/rxrpc/output.c | 2 +-
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 8e72b77b33a9..8ca7afe0ac26 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -668,7 +668,7 @@ struct rxrpc_call {
/* Receive-phase ACK management (ACKs we send). */
u8 ackr_reason; /* reason to ACK */
rxrpc_serial_t ackr_serial; /* serial of packet being ACK'd */
- rxrpc_seq_t ackr_prev_seq; /* previous sequence number received */
+ rxrpc_seq_t ackr_highest_seq; /* Higest sequence number received */
rxrpc_seq_t ackr_consumed; /* Highest packet shown consumed */
rxrpc_seq_t ackr_seen; /* Highest packet shown seen */
@@ -679,7 +679,7 @@ struct rxrpc_call {
/* Transmission-phase ACK management (ACKs we've received). */
ktime_t acks_latest_ts; /* Timestamp of latest ACK received */
rxrpc_seq_t acks_first_seq; /* first sequence number received */
- rxrpc_seq_t acks_prev_seq; /* previous sequence number received */
+ rxrpc_seq_t acks_prev_seq; /* Highest previousPacket received */
rxrpc_seq_t acks_lowest_nak; /* Lowest NACK in the buffer (or ==tx_hard_ack) */
rxrpc_seq_t acks_lost_top; /* tx_top at the time lost-ack ping sent */
rxrpc_serial_t acks_lost_ping; /* Serial number of probe ACK */
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 164dcd8d684a..8eafa3463b88 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -454,7 +454,6 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
!rxrpc_receiving_reply(call))
goto unlock;
- call->ackr_prev_seq = seq0;
hard_ack = READ_ONCE(call->rx_hard_ack);
nr_subpackets = sp->nr_subpackets;
@@ -535,6 +534,9 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
ack_serial = serial;
}
+ if (after(seq0, call->ackr_highest_seq))
+ call->ackr_highest_seq = seq0;
+
/* Queue the packet. We use a couple of memory barriers here as need
* to make sure that rx_top is perceived to be set after the buffer
* pointer and that the buffer pointer is set after the annotation and
diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
index a4a6f8ee0720..7f1c8116e030 100644
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -89,7 +89,7 @@ static size_t rxrpc_fill_out_ack(struct rxrpc_connection *conn,
pkt->ack.bufferSpace = htons(8);
pkt->ack.maxSkew = htons(0);
pkt->ack.firstPacket = htonl(hard_ack + 1);
- pkt->ack.previousPacket = htonl(call->ackr_prev_seq);
+ pkt->ack.previousPacket = htonl(call->ackr_highest_seq);
pkt->ack.serial = htonl(serial);
pkt->ack.reason = reason;
pkt->ack.nAcks = top - hard_ack;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 154/411] rxrpc: Fix decision on when to generate an IDLE ACK
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 153/411] rxrpc: Dont let ack.previousPacket regress Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 155/411] net/smc: postpone sk_refcnt increment in connect() Greg Kroah-Hartman
` (261 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Marc Dionne,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 9a3dedcf18096e8f7f22b8777d78c4acfdea1651 ]
Fix the decision on when to generate an IDLE ACK by keeping a count of the
number of packets we've received, but not yet soft-ACK'd, and the number of
packets we've processed, but not yet hard-ACK'd, rather than trying to keep
track of which DATA sequence numbers correspond to those points.
We then generate an ACK when either counter exceeds 2. The counters are
both cleared when we transcribe the information into any sort of ACK packet
for transmission. IDLE and DELAY ACKs are skipped if both counters are 0
(ie. no change).
Fixes: 805b21b929e2 ("rxrpc: Send an ACK after every few DATA packets we receive")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/rxrpc.h | 2 +-
net/rxrpc/ar-internal.h | 4 ++--
net/rxrpc/input.c | 11 +++++++++--
net/rxrpc/output.c | 18 +++++++++++-------
net/rxrpc/recvmsg.c | 8 +++-----
5 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h
index 059b6e45a028..839bb07b93a7 100644
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -1511,7 +1511,7 @@ TRACE_EVENT(rxrpc_call_reset,
__entry->call_serial = call->rx_serial;
__entry->conn_serial = call->conn->hi_serial;
__entry->tx_seq = call->tx_hard_ack;
- __entry->rx_seq = call->ackr_seen;
+ __entry->rx_seq = call->rx_hard_ack;
),
TP_printk("c=%08x %08x:%08x r=%08x/%08x tx=%08x rx=%08x",
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 8ca7afe0ac26..cb174f699665 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -669,8 +669,8 @@ struct rxrpc_call {
u8 ackr_reason; /* reason to ACK */
rxrpc_serial_t ackr_serial; /* serial of packet being ACK'd */
rxrpc_seq_t ackr_highest_seq; /* Higest sequence number received */
- rxrpc_seq_t ackr_consumed; /* Highest packet shown consumed */
- rxrpc_seq_t ackr_seen; /* Highest packet shown seen */
+ atomic_t ackr_nr_unacked; /* Number of unacked packets */
+ atomic_t ackr_nr_consumed; /* Number of packets needing hard ACK */
/* ping management */
rxrpc_serial_t ping_serial; /* Last ping sent */
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 8eafa3463b88..5cf64cf8debf 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -413,8 +413,8 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
{
struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
enum rxrpc_call_state state;
- unsigned int j, nr_subpackets;
- rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0;
+ unsigned int j, nr_subpackets, nr_unacked = 0;
+ rxrpc_serial_t serial = sp->hdr.serial, ack_serial = serial;
rxrpc_seq_t seq0 = sp->hdr.seq, hard_ack;
bool immediate_ack = false, jumbo_bad = false;
u8 ack = 0;
@@ -570,6 +570,8 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
sp = NULL;
}
+ nr_unacked++;
+
if (last) {
set_bit(RXRPC_CALL_RX_LAST, &call->flags);
if (!ack) {
@@ -589,9 +591,14 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
}
call->rx_expect_next = seq + 1;
}
+ if (!ack)
+ ack_serial = serial;
}
ack:
+ if (atomic_add_return(nr_unacked, &call->ackr_nr_unacked) > 2 && !ack)
+ ack = RXRPC_ACK_IDLE;
+
if (ack)
rxrpc_propose_ACK(call, ack, ack_serial,
immediate_ack, true,
diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
index 7f1c8116e030..6202d2e32914 100644
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -74,11 +74,18 @@ static size_t rxrpc_fill_out_ack(struct rxrpc_connection *conn,
u8 reason)
{
rxrpc_serial_t serial;
+ unsigned int tmp;
rxrpc_seq_t hard_ack, top, seq;
int ix;
u32 mtu, jmax;
u8 *ackp = pkt->acks;
+ tmp = atomic_xchg(&call->ackr_nr_unacked, 0);
+ tmp |= atomic_xchg(&call->ackr_nr_consumed, 0);
+ if (!tmp && (reason == RXRPC_ACK_DELAY ||
+ reason == RXRPC_ACK_IDLE))
+ return 0;
+
/* Barrier against rxrpc_input_data(). */
serial = call->ackr_serial;
hard_ack = READ_ONCE(call->rx_hard_ack);
@@ -180,6 +187,10 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
n = rxrpc_fill_out_ack(conn, call, pkt, &hard_ack, &top, reason);
spin_unlock_bh(&call->lock);
+ if (n == 0) {
+ kfree(pkt);
+ return 0;
+ }
iov[0].iov_base = pkt;
iov[0].iov_len = sizeof(pkt->whdr) + sizeof(pkt->ack) + n;
@@ -227,13 +238,6 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
ntohl(pkt->ack.serial),
false, true,
rxrpc_propose_ack_retry_tx);
- } else {
- spin_lock_bh(&call->lock);
- if (after(hard_ack, call->ackr_consumed))
- call->ackr_consumed = hard_ack;
- if (after(top, call->ackr_seen))
- call->ackr_seen = top;
- spin_unlock_bh(&call->lock);
}
rxrpc_set_keepalive(call);
diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c
index 4f48e3bdd4b4..c75789ebc514 100644
--- a/net/rxrpc/recvmsg.c
+++ b/net/rxrpc/recvmsg.c
@@ -212,11 +212,9 @@ static void rxrpc_rotate_rx_window(struct rxrpc_call *call)
rxrpc_end_rx_phase(call, serial);
} else {
/* Check to see if there's an ACK that needs sending. */
- if (after_eq(hard_ack, call->ackr_consumed + 2) ||
- after_eq(top, call->ackr_seen + 2) ||
- (hard_ack == top && after(hard_ack, call->ackr_consumed)))
- rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, serial,
- true, true,
+ if (atomic_inc_return(&call->ackr_nr_consumed) > 2)
+ rxrpc_propose_ACK(call, RXRPC_ACK_IDLE, serial,
+ true, false,
rxrpc_propose_ack_rotate_rx);
if (call->ackr_reason && call->ackr_reason != RXRPC_ACK_DELAY)
rxrpc_send_ack_packet(call, false, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 155/411] net/smc: postpone sk_refcnt increment in connect()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 154/411] rxrpc: Fix decision on when to generate an IDLE ACK Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 156/411] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 Greg Kroah-Hartman
` (260 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, liuyacan, David S. Miller, Sasha Levin
From: liuyacan <liuyacan@corp.netease.com>
[ Upstream commit 75c1edf23b95a9c66923d9269d8e86e4dbde151f ]
Same trigger condition as commit 86434744. When setsockopt runs
in parallel to a connect(), and switch the socket into fallback
mode. Then the sk_refcnt is incremented in smc_connect(), but
its state stay in SMC_INIT (NOT SMC_ACTIVE). This cause the
corresponding sk_refcnt decrement in __smc_release() will not be
performed.
Fixes: 86434744fedf ("net/smc: add fallback check to connect()")
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/af_smc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index a5a8cca46bd5..394491692a07 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -877,9 +877,9 @@ static int smc_connect(struct socket *sock, struct sockaddr *addr,
if (rc && rc != -EINPROGRESS)
goto out;
- sock_hold(&smc->sk); /* sock put in passive closing */
if (smc->use_fallback)
goto out;
+ sock_hold(&smc->sk); /* sock put in passive closing */
if (flags & O_NONBLOCK) {
if (schedule_work(&smc->connect_work))
smc->connect_nonblock = 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 156/411] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 155/411] net/smc: postpone sk_refcnt increment in connect() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 157/411] ARM: dts: suniv: F1C100: fix watchdog compatible Greg Kroah-Hartman
` (259 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shawn Lin, Heiko Stuebner, Sasha Levin
From: Shawn Lin <shawn.lin@rock-chips.com>
[ Upstream commit 4246d0bab2a8685e3d4aec2cb0ef8c526689ce96 ]
drive-impedance-ohm is introduced for emmc phy instead of pcie phy.
Fixes: fb8b7460c995 ("arm64: dts: rockchip: Define drive-impedance-ohm for RK3399's emmc-phy.")
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Link: https://lore.kernel.org/r/1647336426-154797-1-git-send-email-shawn.lin@rock-chips.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
index 95942d917de5..4496f7e1c68f 100644
--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
@@ -1447,6 +1447,7 @@
reg = <0xf780 0x24>;
clocks = <&sdhci>;
clock-names = "emmcclk";
+ drive-impedance-ohm = <50>;
#phy-cells = <0>;
status = "disabled";
};
@@ -1457,7 +1458,6 @@
clock-names = "refclk";
#phy-cells = <1>;
resets = <&cru SRST_PCIEPHY>;
- drive-impedance-ohm = <50>;
reset-names = "phy";
status = "disabled";
};
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 157/411] ARM: dts: suniv: F1C100: fix watchdog compatible
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 156/411] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 158/411] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc Greg Kroah-Hartman
` (258 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andre Przywara, Guenter Roeck,
Jernej Skrabec, Sasha Levin
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit 01a850ee61cbf0ab77dcbf26bb133fec2dd640d6 ]
The F1C100 series of SoCs actually have their watchdog IP being
compatible with the newer Allwinner generation, not the older one.
The currently described sun4i-a10-wdt actually does not work, neither
the watchdog functionality (just never fires), nor the reset part
(reboot hangs).
Replace the compatible string with the one used by the newer generation.
Verified to work with both the watchdog and reboot functionality on a
LicheePi Nano.
Also add the missing interrupt line and clock source, to make it binding
compliant.
Fixes: 4ba16d17efdd ("ARM: dts: suniv: add initial DTSI file for F1C100s")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Link: https://lore.kernel.org/r/20220317162349.739636-4-andre.przywara@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/suniv-f1c100s.dtsi | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/suniv-f1c100s.dtsi b/arch/arm/boot/dts/suniv-f1c100s.dtsi
index 6100d3b75f61..def830101448 100644
--- a/arch/arm/boot/dts/suniv-f1c100s.dtsi
+++ b/arch/arm/boot/dts/suniv-f1c100s.dtsi
@@ -104,8 +104,10 @@
wdt: watchdog@1c20ca0 {
compatible = "allwinner,suniv-f1c100s-wdt",
- "allwinner,sun4i-a10-wdt";
+ "allwinner,sun6i-a31-wdt";
reg = <0x01c20ca0 0x20>;
+ interrupts = <16>;
+ clocks = <&osc32k>;
};
uart0: serial@1c25000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 158/411] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 157/411] ARM: dts: suniv: F1C100: fix watchdog compatible Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 159/411] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc Greg Kroah-Hartman
` (257 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Bjorn Andersson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 8fd3f18ea31a398ecce4a6d3804433658678b0a3 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: 50e99641413e ("soc: qcom: smp2p: Qualcomm Shared Memory Point to Point")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220308071942.22942-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smp2p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/smp2p.c b/drivers/soc/qcom/smp2p.c
index 42e0b8f647ae..d42bcca3b98e 100644
--- a/drivers/soc/qcom/smp2p.c
+++ b/drivers/soc/qcom/smp2p.c
@@ -420,6 +420,7 @@ static int smp2p_parse_ipc(struct qcom_smp2p *smp2p)
}
smp2p->ipc_regmap = syscon_node_to_regmap(syscon);
+ of_node_put(syscon);
if (IS_ERR(smp2p->ipc_regmap))
return PTR_ERR(smp2p->ipc_regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 159/411] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 158/411] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 160/411] PCI: cadence: Fix find_first_zero_bit() limit Greg Kroah-Hartman
` (256 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Bjorn Andersson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit aad66a3c78da668f4506356c2fdb70b7a19ecc76 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: c97c4090ff72 ("soc: qcom: smsm: Add driver for Qualcomm SMSM")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220308073648.24634-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smsm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/smsm.c b/drivers/soc/qcom/smsm.c
index c428d0f78816..6564f15c5319 100644
--- a/drivers/soc/qcom/smsm.c
+++ b/drivers/soc/qcom/smsm.c
@@ -359,6 +359,7 @@ static int smsm_parse_ipc(struct qcom_smsm *smsm, unsigned host_id)
return 0;
host->ipc_regmap = syscon_node_to_regmap(syscon);
+ of_node_put(syscon);
if (IS_ERR(host->ipc_regmap))
return PTR_ERR(host->ipc_regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 160/411] PCI: cadence: Fix find_first_zero_bit() limit
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 159/411] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 161/411] PCI: rockchip: " Greg Kroah-Hartman
` (255 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Lorenzo Pieralisi,
Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 0aa3a0937feeb91a0e4e438c3c063b749b194192 ]
The ep->ob_region_map bitmap is a long and it has BITS_PER_LONG bits.
Link: https://lore.kernel.org/r/20220315065829.GA13572@kili
Fixes: 37dddf14f1ae ("PCI: cadence: Add EndPoint Controller driver for Cadence PCIe controller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-cadence-ep.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/pci/controller/pcie-cadence-ep.c b/drivers/pci/controller/pcie-cadence-ep.c
index def7820cb824..5e23d575e200 100644
--- a/drivers/pci/controller/pcie-cadence-ep.c
+++ b/drivers/pci/controller/pcie-cadence-ep.c
@@ -178,8 +178,7 @@ static int cdns_pcie_ep_map_addr(struct pci_epc *epc, u8 fn, phys_addr_t addr,
struct cdns_pcie *pcie = &ep->pcie;
u32 r;
- r = find_first_zero_bit(&ep->ob_region_map,
- sizeof(ep->ob_region_map) * BITS_PER_LONG);
+ r = find_first_zero_bit(&ep->ob_region_map, BITS_PER_LONG);
if (r >= ep->max_regions - 1) {
dev_err(&epc->dev, "no free outbound region\n");
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 161/411] PCI: rockchip: Fix find_first_zero_bit() limit
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 160/411] PCI: cadence: Fix find_first_zero_bit() limit Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 162/411] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry Greg Kroah-Hartman
` (254 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Lorenzo Pieralisi,
Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 096950e230b8d83645c7cf408b9f399f58c08b96 ]
The ep->ob_region_map bitmap is a long and it has BITS_PER_LONG bits.
Link: https://lore.kernel.org/r/20220315065944.GB13572@kili
Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-rockchip-ep.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/pci/controller/pcie-rockchip-ep.c b/drivers/pci/controller/pcie-rockchip-ep.c
index d743b0a48988..b82edefffd15 100644
--- a/drivers/pci/controller/pcie-rockchip-ep.c
+++ b/drivers/pci/controller/pcie-rockchip-ep.c
@@ -263,8 +263,7 @@ static int rockchip_pcie_ep_map_addr(struct pci_epc *epc, u8 fn,
struct rockchip_pcie *pcie = &ep->rockchip;
u32 r;
- r = find_first_zero_bit(&ep->ob_region_map,
- sizeof(ep->ob_region_map) * BITS_PER_LONG);
+ r = find_first_zero_bit(&ep->ob_region_map, BITS_PER_LONG);
/*
* Region 0 is reserved for configuration space and shouldn't
* be used elsewhere per TRM, so leave it out.
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 162/411] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 161/411] PCI: rockchip: " Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 163/411] can: xilinx_can: mark bit timing constants as const Greg Kroah-Hartman
` (253 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini,
Sasha Levin
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit c3634d25fbee88e2368a8e0903ae0d0670eb9e71 ]
Don't modify vmcs12 exit fields except EXIT_REASON and EXIT_QUALIFICATION
when performing a nested VM-Exit due to failed VM-Entry. Per the SDM,
only the two aformentioned fields are filled and "All other VM-exit
information fields are unmodified".
Fixes: 4704d0befb07 ("KVM: nVMX: Exiting from L2 to L1")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220407002315.78092-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/vmx/nested.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 3041015b05f7..9f61ae64b727 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3746,12 +3746,12 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
/* update exit information fields: */
vmcs12->vm_exit_reason = exit_reason;
vmcs12->exit_qualification = exit_qualification;
- vmcs12->vm_exit_intr_info = exit_intr_info;
-
- vmcs12->idt_vectoring_info_field = 0;
- vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
- vmcs12->vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
+ /*
+ * On VM-Exit due to a failed VM-Entry, the VMCS isn't marked launched
+ * and only EXIT_REASON and EXIT_QUALIFICATION are updated, all other
+ * exit info fields are unmodified.
+ */
if (!(vmcs12->vm_exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY)) {
vmcs12->launch_state = 1;
@@ -3763,8 +3763,13 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
* Transfer the event that L0 or L1 may wanted to inject into
* L2 to IDT_VECTORING_INFO_FIELD.
*/
+ vmcs12->idt_vectoring_info_field = 0;
vmcs12_save_pending_event(vcpu, vmcs12);
+ vmcs12->vm_exit_intr_info = exit_intr_info;
+ vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
+ vmcs12->vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
+
/*
* According to spec, there's no need to store the guest's
* MSRs if the exit is due to a VM-entry failure that occurs
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 163/411] can: xilinx_can: mark bit timing constants as const
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 162/411] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 164/411] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT Greg Kroah-Hartman
` (252 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Appana Durga Kedareswara rao,
Naga Sureshkumar Relli, Marc Kleine-Budde, Sasha Levin
From: Marc Kleine-Budde <mkl@pengutronix.de>
[ Upstream commit ae38fda02996d43d9fb09f16e81e0008704dd524 ]
This patch marks the bit timing constants as const.
Fixes: c223da689324 ("can: xilinx_can: Add support for CANFD FD frames")
Link: https://lore.kernel.org/all/20220317203119.792552-1-mkl@pengutronix.de
Cc: Appana Durga Kedareswara rao <appana.durga.rao@xilinx.com>
Cc: Naga Sureshkumar Relli <naga.sureshkumar.relli@xilinx.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/xilinx_can.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/xilinx_can.c b/drivers/net/can/xilinx_can.c
index 008d3d492bd1..be3811311db2 100644
--- a/drivers/net/can/xilinx_can.c
+++ b/drivers/net/can/xilinx_can.c
@@ -239,7 +239,7 @@ static const struct can_bittiming_const xcan_bittiming_const_canfd = {
};
/* AXI CANFD Data Bittiming constants as per AXI CANFD 1.0 specs */
-static struct can_bittiming_const xcan_data_bittiming_const_canfd = {
+static const struct can_bittiming_const xcan_data_bittiming_const_canfd = {
.name = DRIVER_NAME,
.tseg1_min = 1,
.tseg1_max = 16,
@@ -265,7 +265,7 @@ static const struct can_bittiming_const xcan_bittiming_const_canfd2 = {
};
/* AXI CANFD 2.0 Data Bittiming constants as per AXI CANFD 2.0 spec */
-static struct can_bittiming_const xcan_data_bittiming_const_canfd2 = {
+static const struct can_bittiming_const xcan_data_bittiming_const_canfd2 = {
.name = DRIVER_NAME,
.tseg1_min = 1,
.tseg1_max = 32,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 164/411] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 163/411] can: xilinx_can: mark bit timing constants as const Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 165/411] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C Greg Kroah-Hartman
` (251 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Phil Elwell <phil@raspberrypi.com>
[ Upstream commit 2c663e5e5bbf2a5b85e0f76ccb69663f583c3e33 ]
The GPIOs 30 to 39 are connected to the Cypress CYW43438 (Wifi/BT).
So fix the GPIO line names accordingly.
Fixes: 2c7c040c73e9 ("ARM: dts: bcm2835: Add Raspberry Pi Zero W")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts b/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
index f65448c01e31..34a85ad9f03c 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
@@ -74,16 +74,18 @@
"GPIO27",
"SDA0",
"SCL0",
- "NC", /* GPIO30 */
- "NC", /* GPIO31 */
- "NC", /* GPIO32 */
- "NC", /* GPIO33 */
- "NC", /* GPIO34 */
- "NC", /* GPIO35 */
- "NC", /* GPIO36 */
- "NC", /* GPIO37 */
- "NC", /* GPIO38 */
- "NC", /* GPIO39 */
+ /* Used by BT module */
+ "CTS0",
+ "RTS0",
+ "TXD0",
+ "RXD0",
+ /* Used by Wifi */
+ "SD1_CLK",
+ "SD1_CMD",
+ "SD1_DATA0",
+ "SD1_DATA1",
+ "SD1_DATA2",
+ "SD1_DATA3",
"CAM_GPIO1", /* GPIO40 */
"WL_ON", /* GPIO41 */
"NC", /* GPIO42 */
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 165/411] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 164/411] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 166/411] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED Greg Kroah-Hartman
` (250 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Phil Elwell <phil@raspberrypi.com>
[ Upstream commit 9fd26fd02749ec964eb0d588a3bab9e09bf77927 ]
The GPIOs 46 & 47 are already used for a I2C interface to a SMPS.
So fix the GPIO line names accordingly.
Fixes: a54fe8a6cf66 ("ARM: dts: add Raspberry Pi Compute Module 3 and IO board")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts b/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts
index 588d9411ceb6..3dfce4312dfc 100644
--- a/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts
+++ b/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts
@@ -63,8 +63,8 @@
"GPIO43",
"GPIO44",
"GPIO45",
- "GPIO46",
- "GPIO47",
+ "SMPS_SCL",
+ "SMPS_SDA",
/* Used by eMMC */
"SD_CLK_R",
"SD_CMD_R",
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 166/411] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 165/411] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 167/411] ARM: dts: bcm2835-rpi-b: Fix GPIO line names Greg Kroah-Hartman
` (249 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Phil Elwell <phil@raspberrypi.com>
[ Upstream commit 57f718aa4b93392fb1a8c0a874ab882b9e18136a ]
The red LED on the Raspberry Pi 3 B Plus is the power LED.
So fix the GPIO line name accordingly.
Fixes: 71c0cd2283f2 ("ARM: dts: bcm2837: Add Raspberry Pi 3 B+")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts b/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts
index 74ed6d047807..d9f63fc59f16 100644
--- a/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts
+++ b/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts
@@ -43,7 +43,7 @@
#gpio-cells = <2>;
gpio-line-names = "BT_ON",
"WL_ON",
- "STATUS_LED_R",
+ "PWR_LED_R",
"LAN_RUN",
"",
"CAM_GPIO0",
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 167/411] ARM: dts: bcm2835-rpi-b: Fix GPIO line names
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 166/411] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 168/411] misc: ocxl: fix possible double free in ocxl_file_register_afu Greg Kroah-Hartman
` (248 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 97bd8659c1c46c23e4daea7e040befca30939950 ]
Recently this has been fixed in the vendor tree, so upstream this.
Fixes: 731b26a6ac17 ("ARM: bcm2835: Add names for the Raspberry Pi GPIO lines")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2835-rpi-b.dts | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-b.dts b/arch/arm/boot/dts/bcm2835-rpi-b.dts
index 2b69957e0113..1838e0fa0ff5 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-b.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-b.dts
@@ -53,18 +53,17 @@
"GPIO18",
"NC", /* GPIO19 */
"NC", /* GPIO20 */
- "GPIO21",
+ "CAM_GPIO0",
"GPIO22",
"GPIO23",
"GPIO24",
"GPIO25",
"NC", /* GPIO26 */
- "CAM_GPIO0",
- /* Binary number representing build/revision */
- "CONFIG0",
- "CONFIG1",
- "CONFIG2",
- "CONFIG3",
+ "GPIO27",
+ "GPIO28",
+ "GPIO29",
+ "GPIO30",
+ "GPIO31",
"NC", /* GPIO32 */
"NC", /* GPIO33 */
"NC", /* GPIO34 */
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 168/411] misc: ocxl: fix possible double free in ocxl_file_register_afu
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 167/411] ARM: dts: bcm2835-rpi-b: Fix GPIO line names Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 169/411] crypto: marvell/cesa - ECB does not IV Greg Kroah-Hartman
` (247 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Frederic Barrat,
Michael Ellerman, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 950cf957fe34d40d63dfa3bf3968210430b6491e ]
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Fix this by adding free_minor() and return to err_unregister error path.
Fixes: 75ca758adbaf ("ocxl: Create a clear delineation between ocxl backend & frontend")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220418085758.38145-1-hbh25y@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/ocxl/file.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/misc/ocxl/file.c b/drivers/misc/ocxl/file.c
index 4d1b44de1492..c742ab02ae18 100644
--- a/drivers/misc/ocxl/file.c
+++ b/drivers/misc/ocxl/file.c
@@ -558,7 +558,9 @@ int ocxl_file_register_afu(struct ocxl_afu *afu)
err_unregister:
ocxl_sysfs_unregister_afu(info); // safe to call even if register failed
+ free_minor(info);
device_unregister(&info->dev);
+ return rc;
err_put:
ocxl_afu_put(afu);
free_minor(info);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 169/411] crypto: marvell/cesa - ECB does not IV
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 168/411] misc: ocxl: fix possible double free in ocxl_file_register_afu Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 170/411] arm: mediatek: select arch timer for mt7629 Greg Kroah-Hartman
` (246 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Herbert Xu, Sasha Levin
From: Corentin Labbe <clabbe@baylibre.com>
[ Upstream commit 4ffa1763622ae5752961499588f3f8874315f974 ]
The DES3 ECB has an IV size set but ECB does not need one.
Fixes: 4ada483978237 ("crypto: marvell/cesa - add Triple-DES support")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/marvell/cipher.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c
index 84ceddfee76b..708dc63b2f09 100644
--- a/drivers/crypto/marvell/cipher.c
+++ b/drivers/crypto/marvell/cipher.c
@@ -610,7 +610,6 @@ struct skcipher_alg mv_cesa_ecb_des3_ede_alg = {
.decrypt = mv_cesa_ecb_des3_ede_decrypt,
.min_keysize = DES3_EDE_KEY_SIZE,
.max_keysize = DES3_EDE_KEY_SIZE,
- .ivsize = DES3_EDE_BLOCK_SIZE,
.base = {
.cra_name = "ecb(des3_ede)",
.cra_driver_name = "mv-ecb-des3-ede",
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 170/411] arm: mediatek: select arch timer for mt7629
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 169/411] crypto: marvell/cesa - ECB does not IV Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 171/411] powerpc/fadump: fix PT_LOAD segment for boot memory area Greg Kroah-Hartman
` (245 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuanhong Guo, Matthias Brugger, Sasha Levin
From: Chuanhong Guo <gch981213@gmail.com>
[ Upstream commit d66aea197d534e23d4989eb72fca9c0c114b97c9 ]
This chip has an armv7 arch timer according to the dts. Select it in
Kconfig to enforce the support for it.
Otherwise the system time is just completely wrong if user forget to
enable ARM_ARCH_TIMER in kernel config.
Fixes: a43379dddf1b ("arm: mediatek: add MT7629 smp bring up code")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Link: https://lore.kernel.org/r/20220409091347.2473449-1-gch981213@gmail.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-mediatek/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-mediatek/Kconfig b/arch/arm/mach-mediatek/Kconfig
index 9e0f592d87d8..35a3430c7942 100644
--- a/arch/arm/mach-mediatek/Kconfig
+++ b/arch/arm/mach-mediatek/Kconfig
@@ -30,6 +30,7 @@ config MACH_MT7623
config MACH_MT7629
bool "MediaTek MT7629 SoCs support"
default ARCH_MEDIATEK
+ select HAVE_ARM_ARCH_TIMER
config MACH_MT8127
bool "MediaTek MT8127 SoCs support"
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 171/411] powerpc/fadump: fix PT_LOAD segment for boot memory area
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 170/411] arm: mediatek: select arch timer for mt7629 Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 172/411] mfd: ipaq-micro: Fix error check return value of platform_get_irq() Greg Kroah-Hartman
` (244 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Bathini, Michael Ellerman, Sasha Levin
From: Hari Bathini <hbathini@linux.ibm.com>
[ Upstream commit 15eb77f873255cf9f4d703b63cfbd23c46579654 ]
Boot memory area is setup as separate PT_LOAD segment in the vmcore
as it is moved by f/w, on crash, to a destination address provided by
the kernel. Having separate PT_LOAD segment helps in handling the
different physical address and offset for boot memory area in the
vmcore.
Commit ced1bf52f477 ("powerpc/fadump: merge adjacent memory ranges to
reduce PT_LOAD segements") inadvertly broke this pre-condition for
cases where some of the first kernel memory is available adjacent to
boot memory area. This scenario is rare but possible when memory for
fadump could not be reserved adjacent to boot memory area owing to
memory hole or such. Reading memory from a vmcore exported in such
scenario provides incorrect data. Fix it by ensuring no other region
is folded into boot memory area.
Fixes: ced1bf52f477 ("powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements")
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220406093839.206608-2-hbathini@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/fadump.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index 0455dc1b2797..69d64f406204 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -835,7 +835,6 @@ static int fadump_alloc_mem_ranges(struct fadump_mrange_info *mrange_info)
sizeof(struct fadump_memory_range));
return 0;
}
-
static inline int fadump_add_mem_range(struct fadump_mrange_info *mrange_info,
u64 base, u64 end)
{
@@ -854,7 +853,12 @@ static inline int fadump_add_mem_range(struct fadump_mrange_info *mrange_info,
start = mem_ranges[mrange_info->mem_range_cnt - 1].base;
size = mem_ranges[mrange_info->mem_range_cnt - 1].size;
- if ((start + size) == base)
+ /*
+ * Boot memory area needs separate PT_LOAD segment(s) as it
+ * is moved to a different location at the time of crash.
+ * So, fold only if the region is not boot memory area.
+ */
+ if ((start + size) == base && start >= fw_dump.boot_mem_top)
is_adjacent = true;
}
if (!is_adjacent) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 172/411] mfd: ipaq-micro: Fix error check return value of platform_get_irq()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 171/411] powerpc/fadump: fix PT_LOAD segment for boot memory area Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 173/411] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() Greg Kroah-Hartman
` (243 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi, Linus Walleij,
Lee Jones, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 3b49ae380ce1a3054e0c505dd9a356b82a5b48e8 ]
platform_get_irq() return negative value on failure, so null check of
irq is incorrect. Fix it by comparing whether it is less than zero.
Fixes: dcc21cc09e3c ("mfd: Add driver for Atmel Microcontroller on iPaq h3xxx")
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220412085305.2533030-1-lv.ruyi@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/ipaq-micro.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mfd/ipaq-micro.c b/drivers/mfd/ipaq-micro.c
index a1d9be82734d..88387c7e7443 100644
--- a/drivers/mfd/ipaq-micro.c
+++ b/drivers/mfd/ipaq-micro.c
@@ -407,7 +407,7 @@ static int __init micro_probe(struct platform_device *pdev)
micro_reset_comm(micro);
irq = platform_get_irq(pdev, 0);
- if (!irq)
+ if (irq < 0)
return -EINVAL;
ret = devm_request_irq(&pdev->dev, irq, micro_serial_isr,
IRQF_SHARED, "ipaq-micro",
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 173/411] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 172/411] mfd: ipaq-micro: Fix error check return value of platform_get_irq() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 174/411] firmware: arm_scmi: Fix list protocols enumeration in the base protocol Greg Kroah-Hartman
` (242 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 54db804d5d7d36709d1ce70bde3b9a6c61b290b6 ]
Fix the following Wstringop-overflow warnings when building with GCC-11:
drivers/scsi/fcoe/fcoe.c: In function ‘fcoe_netdev_config’:
drivers/scsi/fcoe/fcoe.c:744:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
744 | wwnn = fcoe_wwn_from_mac(ctlr->ctl_src_addr, 1, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/fcoe/fcoe.c:744:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/fcoe/fcoe.c:36:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
drivers/scsi/fcoe/fcoe.c:747:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
747 | wwpn = fcoe_wwn_from_mac(ctlr->ctl_src_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
748 | 2, 0);
| ~~~~~
drivers/scsi/fcoe/fcoe.c:747:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/fcoe/fcoe.c:36:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
CC drivers/scsi/bnx2fc/bnx2fc_io.o
In function ‘bnx2fc_net_config’,
inlined from ‘bnx2fc_if_create’ at drivers/scsi/bnx2fc/bnx2fc_fcoe.c:1543:7:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:833:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
833 | wwnn = fcoe_wwn_from_mac(ctlr->ctl_src_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
834 | 1, 0);
| ~~~~~
drivers/scsi/bnx2fc/bnx2fc_fcoe.c: In function ‘bnx2fc_if_create’:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:833:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/bnx2fc/bnx2fc.h:53,
from drivers/scsi/bnx2fc/bnx2fc_fcoe.c:17:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
In function ‘bnx2fc_net_config’,
inlined from ‘bnx2fc_if_create’ at drivers/scsi/bnx2fc/bnx2fc_fcoe.c:1543:7:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:839:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
839 | wwpn = fcoe_wwn_from_mac(ctlr->ctl_src_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
840 | 2, 0);
| ~~~~~
drivers/scsi/bnx2fc/bnx2fc_fcoe.c: In function ‘bnx2fc_if_create’:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:839:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/bnx2fc/bnx2fc.h:53,
from drivers/scsi/bnx2fc/bnx2fc_fcoe.c:17:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c: In function ‘__qedf_probe’:
drivers/scsi/qedf/qedf_main.c:3520:30: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
3520 | qedf->wwnn = fcoe_wwn_from_mac(qedf->mac, 1, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c:3520:30: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/qedf/qedf.h:9,
from drivers/scsi/qedf/qedf_main.c:23:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c:3521:30: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
3521 | qedf->wwpn = fcoe_wwn_from_mac(qedf->mac, 2, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c:3521:30: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/qedf/qedf.h:9,
from drivers/scsi/qedf/qedf_main.c:23:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
by changing the array size to the correct value of ETH_ALEN in the
argument declaration.
Also, fix a couple of checkpatch warnings:
WARNING: function definition argument 'unsigned int' should also have an identifier name
This helps with the ongoing efforts to globally enable
-Wstringop-overflow.
Link: https://github.com/KSPP/linux/issues/181
Fixes: 85b4aa4926a5 ("[SCSI] fcoe: Fibre Channel over Ethernet")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/fcoe/fcoe_ctlr.c | 2 +-
include/scsi/libfcoe.h | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/fcoe/fcoe_ctlr.c b/drivers/scsi/fcoe/fcoe_ctlr.c
index 07a0dadc75bf..7ce2a0434e1e 100644
--- a/drivers/scsi/fcoe/fcoe_ctlr.c
+++ b/drivers/scsi/fcoe/fcoe_ctlr.c
@@ -1966,7 +1966,7 @@ EXPORT_SYMBOL(fcoe_ctlr_recv_flogi);
*
* Returns: u64 fc world wide name
*/
-u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN],
+u64 fcoe_wwn_from_mac(unsigned char mac[ETH_ALEN],
unsigned int scheme, unsigned int port)
{
u64 wwn;
diff --git a/include/scsi/libfcoe.h b/include/scsi/libfcoe.h
index fac8e89aed81..310e0dbffda9 100644
--- a/include/scsi/libfcoe.h
+++ b/include/scsi/libfcoe.h
@@ -249,7 +249,8 @@ int fcoe_ctlr_recv_flogi(struct fcoe_ctlr *, struct fc_lport *,
struct fc_frame *);
/* libfcoe funcs */
-u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
+u64 fcoe_wwn_from_mac(unsigned char mac[ETH_ALEN], unsigned int scheme,
+ unsigned int port);
int fcoe_libfc_config(struct fc_lport *, struct fcoe_ctlr *,
const struct libfc_function_template *, int init_fcp);
u32 fcoe_fc_crc(struct fc_frame *fp);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 174/411] firmware: arm_scmi: Fix list protocols enumeration in the base protocol
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 173/411] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 175/411] nvdimm: Allow overwrite in the presence of disabled dimms Greg Kroah-Hartman
` (241 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cristian Marussi, Sudeep Holla, Sasha Levin
From: Cristian Marussi <cristian.marussi@arm.com>
[ Upstream commit 8009120e0354a67068e920eb10dce532391361d0 ]
While enumerating protocols implemented by the SCMI platform using
BASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is
currently validated in an improper way since the check employs a sum
between unsigned integers that could overflow and cause the check itself
to be silently bypassed if the returned value 'loop_num_ret' is big
enough.
Fix the validation avoiding the addition.
Link: https://lore.kernel.org/r/20220330150551.2573938-4-cristian.marussi@arm.com
Fixes: b6f20ff8bd94 ("firmware: arm_scmi: add common infrastructure and support for base protocol")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scmi/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/arm_scmi/base.c b/drivers/firmware/arm_scmi/base.c
index f986ee8919f0..2be32e86445f 100644
--- a/drivers/firmware/arm_scmi/base.c
+++ b/drivers/firmware/arm_scmi/base.c
@@ -164,7 +164,7 @@ static int scmi_base_implementation_list_get(const struct scmi_handle *handle,
break;
loop_num_ret = le32_to_cpu(*num_ret);
- if (tot_num_ret + loop_num_ret > MAX_PROTOCOLS_IMP) {
+ if (loop_num_ret > MAX_PROTOCOLS_IMP - tot_num_ret) {
dev_err(dev, "No. of Protocol > MAX_PROTOCOLS_IMP");
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 175/411] nvdimm: Allow overwrite in the presence of disabled dimms
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 174/411] firmware: arm_scmi: Fix list protocols enumeration in the base protocol Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 176/411] pinctrl: mvebu: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (240 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vishal Verma, Dave Jiang, Ira Weiny,
Jeff Moyer, Krzysztof Kensicki, Dan Williams, Sasha Levin
From: Dan Williams <dan.j.williams@intel.com>
[ Upstream commit bb7bf697fed58eae9d3445944e457ab0de4da54f ]
It is not clear why the original implementation of overwrite support
required the dimm driver to be active before overwrite could proceed. In
fact that can lead to cases where the kernel retains an invalid cached
copy of the labels from before the overwrite. Unfortunately the kernel
has not only allowed that case, but enforced it.
Going forward, allow for overwrite to happen while the label area is
offline, and follow-on with updates to 'ndctl sanitize-dimm --overwrite'
to trigger the label area invalidation by default.
Cc: Vishal Verma <vishal.l.verma@intel.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Reported-by: Krzysztof Kensicki <krzysztof.kensicki@intel.com>
Fixes: 7d988097c546 ("acpi/nfit, libnvdimm/security: Add security DSM overwrite support")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvdimm/security.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index 35d265014e1e..0e23d8c27792 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -379,11 +379,6 @@ static int security_overwrite(struct nvdimm *nvdimm, unsigned int keyid)
|| !nvdimm->sec.flags)
return -EOPNOTSUPP;
- if (dev->driver == NULL) {
- dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
- return -EINVAL;
- }
-
rc = check_security_state(nvdimm);
if (rc)
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 176/411] pinctrl: mvebu: Fix irq_of_parse_and_map() return value
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 175/411] nvdimm: Allow overwrite in the presence of disabled dimms Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 177/411] drivers/base/node.c: fix compaction sysfs file leak Greg Kroah-Hartman
` (239 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Linus Walleij,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 71bc7cf3be65bab441e03667cf215c557712976c ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: 2f227605394b ("pinctrl: armada-37xx: Add irqchip support")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220422105339.78810-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c
index f56add78d58c..359b2ecfcbdb 100644
--- a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c
+++ b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c
@@ -773,7 +773,7 @@ static int armada_37xx_irqchip_register(struct platform_device *pdev,
for (i = 0; i < nr_irq_parent; i++) {
int irq = irq_of_parse_and_map(np, i);
- if (irq < 0)
+ if (!irq)
continue;
gpiochip_set_chained_irqchip(gc, irqchip, irq,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 177/411] drivers/base/node.c: fix compaction sysfs file leak
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 176/411] pinctrl: mvebu: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 178/411] dax: fix cache flush on PMD-mapped pages Greg Kroah-Hartman
` (238 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaohe Lin, Rafael J. Wysocki,
Mel Gorman, Minchan Kim, KAMEZAWA Hiroyuki, KOSAKI Motohiro,
Andrew Morton, Sasha Levin
From: Miaohe Lin <linmiaohe@huawei.com>
[ Upstream commit da63dc84befaa9e6079a0bc363ff0eaa975f9073 ]
Compaction sysfs file is created via compaction_register_node in
register_node. But we forgot to remove it in unregister_node. Thus
compaction sysfs file is leaked. Using compaction_unregister_node to fix
this issue.
Link: https://lkml.kernel.org/r/20220401070905.43679-1-linmiaohe@huawei.com
Fixes: ed4a6d7f0676 ("mm: compaction: add /sys trigger for per-node memory compaction")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Minchan Kim <minchan.kim@gmail.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/node.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/base/node.c b/drivers/base/node.c
index 62a052990bb9..666eb55c0774 100644
--- a/drivers/base/node.c
+++ b/drivers/base/node.c
@@ -641,6 +641,7 @@ static int register_node(struct node *node, int num)
*/
void unregister_node(struct node *node)
{
+ compaction_unregister_node(node);
hugetlb_unregister_node(node); /* no-op, if memoryless node */
node_remove_accesses(node);
node_remove_caches(node);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 178/411] dax: fix cache flush on PMD-mapped pages
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 177/411] drivers/base/node.c: fix compaction sysfs file leak Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 179/411] powerpc/8xx: export cpm_setbrg for modules Greg Kroah-Hartman
` (237 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Muchun Song, Dan Williams,
Christoph Hellwig, Alistair Popple, Al Viro, Hugh Dickins,
Jan Kara, Kirill A. Shutemov, Matthew Wilcox, Ralph Campbell,
Ross Zwisler, Xiongchun Duan, Xiyu Yang, Yang Shi, Andrew Morton,
Sasha Levin
From: Muchun Song <songmuchun@bytedance.com>
[ Upstream commit e583b5c472bd23d450e06f148dc1f37be74f7666 ]
The flush_cache_page() only remove a PAGE_SIZE sized range from the cache.
However, it does not cover the full pages in a THP except a head page.
Replace it with flush_cache_range() to fix this issue. This is just a
documentation issue with the respect to properly documenting the expected
usage of cache flushing before modifying the pmd. However, in practice
this is not a problem due to the fact that DAX is not available on
architectures with virtually indexed caches per:
commit d92576f1167c ("dax: does not work correctly with virtual aliasing caches")
Link: https://lkml.kernel.org/r/20220403053957.10770-3-songmuchun@bytedance.com
Fixes: f729c8c9b24f ("dax: wrprotect pmd_t in dax_mapping_entry_mkclean")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Cc: Ross Zwisler <zwisler@kernel.org>
Cc: Xiongchun Duan <duanxiongchun@bytedance.com>
Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc: Yang Shi <shy828301@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dax.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/dax.c b/fs/dax.c
index 12953e892bb2..bcb7c6b43fb2 100644
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -819,7 +819,8 @@ static void dax_entry_mkclean(struct address_space *mapping, pgoff_t index,
if (!pmd_dirty(*pmdp) && !pmd_write(*pmdp))
goto unlock_pmd;
- flush_cache_page(vma, address, pfn);
+ flush_cache_range(vma, address,
+ address + HPAGE_PMD_SIZE);
pmd = pmdp_invalidate(vma, address, pmdp);
pmd = pmd_wrprotect(pmd);
pmd = pmd_mkclean(pmd);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 179/411] powerpc/8xx: export cpm_setbrg for modules
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 178/411] dax: fix cache flush on PMD-mapped pages Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 180/411] powerpc/idle: Fix return value of __setup() handler Greg Kroah-Hartman
` (236 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Christophe Leroy, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 22f8e625ebabd7ed3185b82b44b4f12fc0402113 ]
Fix missing export for a loadable module build:
ERROR: modpost: "cpm_setbrg" [drivers/tty/serial/cpm_uart/cpm_uart.ko] undefined!
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
[chleroy: Changed Fixes: tag]
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210122010819.30986-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/8xx/cpm1.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/8xx/cpm1.c b/arch/powerpc/platforms/8xx/cpm1.c
index 0f65c51271db..ec6dc2d7a9db 100644
--- a/arch/powerpc/platforms/8xx/cpm1.c
+++ b/arch/powerpc/platforms/8xx/cpm1.c
@@ -292,6 +292,7 @@ cpm_setbrg(uint brg, uint rate)
out_be32(bp, (((BRG_UART_CLK_DIV16 / rate) - 1) << 1) |
CPM_BRG_EN | CPM_BRG_DIV16);
}
+EXPORT_SYMBOL(cpm_setbrg);
struct cpm_ioport16 {
__be16 dir, par, odr_sor, dat, intr;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 180/411] powerpc/idle: Fix return value of __setup() handler
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 179/411] powerpc/8xx: export cpm_setbrg for modules Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 181/411] powerpc/4xx/cpm: " Greg Kroah-Hartman
` (235 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit b793a01000122d2bd133ba451a76cc135b5e162c ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings.
Also, error return codes don't mean anything to obsolete_checksetup() --
only non-zero (usually 1) or zero. So return 1 from powersave_off().
Fixes: 302eca184fb8 ("[POWERPC] cell: use ppc_md->power_save instead of cbe_idle_loop")
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220502192925.19954-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/idle.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/idle.c b/arch/powerpc/kernel/idle.c
index a36fd053c3db..0615ba86baef 100644
--- a/arch/powerpc/kernel/idle.c
+++ b/arch/powerpc/kernel/idle.c
@@ -37,7 +37,7 @@ static int __init powersave_off(char *arg)
{
ppc_md.power_save = NULL;
cpuidle_disable = IDLE_POWERSAVE_OFF;
- return 0;
+ return 1;
}
__setup("powersave=off", powersave_off);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 181/411] powerpc/4xx/cpm: Fix return value of __setup() handler
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 180/411] powerpc/idle: Fix return value of __setup() handler Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 182/411] proc: fix dentry/inode overinstantiating under /proc/${pid}/net Greg Kroah-Hartman
` (234 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 5bb99fd4090fe1acfdb90a97993fcda7f8f5a3d6 ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings.
Also, error return codes don't mean anything to obsolete_checksetup() --
only non-zero (usually 1) or zero. So return 1 from cpm_powersave_off().
Fixes: d164f6d4f910 ("powerpc/4xx: Add suspend and idle support")
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220502192941.20955-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/4xx/cpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/4xx/cpm.c b/arch/powerpc/platforms/4xx/cpm.c
index ae8b812c9202..2481e78c0423 100644
--- a/arch/powerpc/platforms/4xx/cpm.c
+++ b/arch/powerpc/platforms/4xx/cpm.c
@@ -327,6 +327,6 @@ late_initcall(cpm_init);
static int __init cpm_powersave_off(char *arg)
{
cpm.powersave_off = 1;
- return 0;
+ return 1;
}
__setup("powersave=off", cpm_powersave_off);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 182/411] proc: fix dentry/inode overinstantiating under /proc/${pid}/net
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 181/411] powerpc/4xx/cpm: " Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 183/411] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() Greg Kroah-Hartman
` (233 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Dobriyan, hui li, Al Viro,
Andrew Morton, Sasha Levin
From: Alexey Dobriyan <adobriyan@gmail.com>
[ Upstream commit 7055197705709c59b8ab77e6a5c7d46d61edd96e ]
When a process exits, /proc/${pid}, and /proc/${pid}/net dentries are
flushed. However some leaf dentries like /proc/${pid}/net/arp_cache
aren't. That's because respective PDEs have proc_misc_d_revalidate() hook
which returns 1 and leaves dentries/inodes in the LRU.
Force revalidation/lookup on everything under /proc/${pid}/net by
inheriting proc_net_dentry_ops.
[akpm@linux-foundation.org: coding-style cleanups]
Link: https://lkml.kernel.org/r/YjdVHgildbWO7diJ@localhost.localdomain
Fixes: c6c75deda813 ("proc: fix lookup in /proc/net subdirectories after setns(2)")
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Reported-by: hui li <juanfengpy@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/proc/generic.c | 3 +++
fs/proc/proc_net.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 8c3dbe13e647..372b4dad4863 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -446,6 +446,9 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
proc_set_user(ent, (*parent)->uid, (*parent)->gid);
ent->proc_dops = &proc_misc_dentry_ops;
+ /* Revalidate everything under /proc/${pid}/net */
+ if ((*parent)->proc_dops == &proc_net_dentry_ops)
+ pde_force_lookup(ent);
out:
return ent;
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
index 313b7c751867..9cd5b47199cb 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -343,6 +343,9 @@ static __net_init int proc_net_ns_init(struct net *net)
proc_set_user(netd, uid, gid);
+ /* Seed dentry revalidation for /proc/${pid}/net */
+ pde_force_lookup(netd);
+
err = -EEXIST;
net_statd = proc_net_mkdir(net, "stat", netd);
if (!net_statd)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 183/411] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 182/411] proc: fix dentry/inode overinstantiating under /proc/${pid}/net Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 184/411] PCI: imx6: Fix PERST# start-up sequence Greg Kroah-Hartman
` (232 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Al Viro, David Howells,
Manfred Spraul, Davidlohr Bueso, Andrew Morton, Sasha Levin
From: Waiman Long <longman@redhat.com>
[ Upstream commit d60c4d01a98bc1942dba6e3adc02031f5519f94b ]
When running the stress-ng clone benchmark with multiple testing threads,
it was found that there were significant spinlock contention in sget_fc().
The contended spinlock was the sb_lock. It is under heavy contention
because the following code in the critcal section of sget_fc():
hlist_for_each_entry(old, &fc->fs_type->fs_supers, s_instances) {
if (test(old, fc))
goto share_extant_sb;
}
After testing with added instrumentation code, it was found that the
benchmark could generate thousands of ipc namespaces with the
corresponding number of entries in the mqueue's fs_supers list where the
namespaces are the key for the search. This leads to excessive time in
scanning the list for a match.
Looking back at the mqueue calling sequence leading to sget_fc():
mq_init_ns()
=> mq_create_mount()
=> fc_mount()
=> vfs_get_tree()
=> mqueue_get_tree()
=> get_tree_keyed()
=> vfs_get_super()
=> sget_fc()
Currently, mq_init_ns() is the only mqueue function that will indirectly
call mqueue_get_tree() with a newly allocated ipc namespace as the key for
searching. As a result, there will never be a match with the exising ipc
namespaces stored in the mqueue's fs_supers list.
So using get_tree_keyed() to do an existing ipc namespace search is just a
waste of time. Instead, we could use get_tree_nodev() to eliminate the
useless search. By doing so, we can greatly reduce the sb_lock hold time
and avoid the spinlock contention problem in case a large number of ipc
namespaces are present.
Of course, if the code is modified in the future to allow
mqueue_get_tree() to be called with an existing ipc namespace instead of a
new one, we will have to use get_tree_keyed() in this case.
The following stress-ng clone benchmark command was run on a 2-socket
48-core Intel system:
./stress-ng --clone 32 --verbose --oomable --metrics-brief -t 20
The "bogo ops/s" increased from 5948.45 before patch to 9137.06 after
patch. This is an increase of 54% in performance.
Link: https://lkml.kernel.org/r/20220121172315.19652-1-longman@redhat.com
Fixes: 935c6912b198 ("ipc: Convert mqueue fs to fs_context")
Signed-off-by: Waiman Long <longman@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: David Howells <dhowells@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
ipc/mqueue.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 2ea0c08188e6..12519bf5f330 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -45,6 +45,7 @@
struct mqueue_fs_context {
struct ipc_namespace *ipc_ns;
+ bool newns; /* Set if newly created ipc namespace */
};
#define MQUEUE_MAGIC 0x19800202
@@ -365,6 +366,14 @@ static int mqueue_get_tree(struct fs_context *fc)
{
struct mqueue_fs_context *ctx = fc->fs_private;
+ /*
+ * With a newly created ipc namespace, we don't need to do a search
+ * for an ipc namespace match, but we still need to set s_fs_info.
+ */
+ if (ctx->newns) {
+ fc->s_fs_info = ctx->ipc_ns;
+ return get_tree_nodev(fc, mqueue_fill_super);
+ }
return get_tree_keyed(fc, mqueue_fill_super, ctx->ipc_ns);
}
@@ -392,6 +401,10 @@ static int mqueue_init_fs_context(struct fs_context *fc)
return 0;
}
+/*
+ * mq_init_ns() is currently the only caller of mq_create_mount().
+ * So the ns parameter is always a newly created ipc namespace.
+ */
static struct vfsmount *mq_create_mount(struct ipc_namespace *ns)
{
struct mqueue_fs_context *ctx;
@@ -403,6 +416,7 @@ static struct vfsmount *mq_create_mount(struct ipc_namespace *ns)
return ERR_CAST(fc);
ctx = fc->fs_private;
+ ctx->newns = true;
put_ipc_ns(ctx->ipc_ns);
ctx->ipc_ns = get_ipc_ns(ns);
put_user_ns(fc->user_ns);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 184/411] PCI: imx6: Fix PERST# start-up sequence
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 183/411] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 185/411] tty: fix deadlock caused by calling printk() under tty_port->lock Greg Kroah-Hartman
` (231 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Francesco Dolcini, Lorenzo Pieralisi,
Lucas Stach, Richard Zhu, Sasha Levin
From: Francesco Dolcini <francesco.dolcini@toradex.com>
[ Upstream commit a6809941c1f17f455db2cf4ca19c6d8c8746ec25 ]
According to the PCIe standard the PERST# signal (reset-gpio in
fsl,imx* compatible dts) should be kept asserted for at least 100 usec
before the PCIe refclock is stable, should be kept asserted for at
least 100 msec after the power rails are stable and the host should wait
at least 100 msec after it is de-asserted before accessing the
configuration space of any attached device.
>From PCIe CEM r2.0, sec 2.6.2
T-PVPERL: Power stable to PERST# inactive - 100 msec
T-PERST-CLK: REFCLK stable before PERST# inactive - 100 usec.
>From PCIe r5.0, sec 6.6.1
With a Downstream Port that does not support Link speeds greater than
5.0 GT/s, software must wait a minimum of 100 ms before sending a
Configuration Request to the device immediately below that Port.
Failure to do so could prevent PCIe devices to be working correctly,
and this was experienced with real devices.
Move reset assert to imx6_pcie_assert_core_reset(), this way we ensure
that PERST# is asserted before enabling any clock, move de-assert to the
end of imx6_pcie_deassert_core_reset() after the clock is enabled and
deemed stable and add a new delay of 100 msec just afterward.
Link: https://lore.kernel.org/all/20220211152550.286821-1-francesco.dolcini@toradex.com
Link: https://lore.kernel.org/r/20220404081509.94356-1-francesco.dolcini@toradex.com
Fixes: bb38919ec56e ("PCI: imx6: Add support for i.MX6 PCIe controller")
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Acked-by: Richard Zhu <hongxing.zhu@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pci-imx6.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
index acfbd34032a8..b34b52b364d5 100644
--- a/drivers/pci/controller/dwc/pci-imx6.c
+++ b/drivers/pci/controller/dwc/pci-imx6.c
@@ -413,6 +413,11 @@ static void imx6_pcie_assert_core_reset(struct imx6_pcie *imx6_pcie)
dev_err(dev, "failed to disable vpcie regulator: %d\n",
ret);
}
+
+ /* Some boards don't have PCIe reset GPIO. */
+ if (gpio_is_valid(imx6_pcie->reset_gpio))
+ gpio_set_value_cansleep(imx6_pcie->reset_gpio,
+ imx6_pcie->gpio_active_high);
}
static unsigned int imx6_pcie_grp_offset(const struct imx6_pcie *imx6_pcie)
@@ -535,15 +540,6 @@ static void imx6_pcie_deassert_core_reset(struct imx6_pcie *imx6_pcie)
/* allow the clocks to stabilize */
usleep_range(200, 500);
- /* Some boards don't have PCIe reset GPIO. */
- if (gpio_is_valid(imx6_pcie->reset_gpio)) {
- gpio_set_value_cansleep(imx6_pcie->reset_gpio,
- imx6_pcie->gpio_active_high);
- msleep(100);
- gpio_set_value_cansleep(imx6_pcie->reset_gpio,
- !imx6_pcie->gpio_active_high);
- }
-
switch (imx6_pcie->drvdata->variant) {
case IMX8MQ:
reset_control_deassert(imx6_pcie->pciephy_reset);
@@ -586,6 +582,15 @@ static void imx6_pcie_deassert_core_reset(struct imx6_pcie *imx6_pcie)
break;
}
+ /* Some boards don't have PCIe reset GPIO. */
+ if (gpio_is_valid(imx6_pcie->reset_gpio)) {
+ msleep(100);
+ gpio_set_value_cansleep(imx6_pcie->reset_gpio,
+ !imx6_pcie->gpio_active_high);
+ /* Wait for 100ms after PERST# deassertion (PCIe r5.0, 6.6.1) */
+ msleep(100);
+ }
+
return;
err_ref_clk:
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 185/411] tty: fix deadlock caused by calling printk() under tty_port->lock
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 184/411] PCI: imx6: Fix PERST# start-up sequence Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 186/411] crypto: cryptd - Protect per-CPU resource by disabling BH Greg Kroah-Hartman
` (230 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qi Zheng, Jiri Slaby, Akinobu Mita,
Vlastimil Babka, Steven Rostedt (Google),
Andrew Morton, Sasha Levin
From: Qi Zheng <zhengqi.arch@bytedance.com>
[ Upstream commit 6b9dbedbe3499fef862c4dff5217cf91f34e43b3 ]
pty_write() invokes kmalloc() which may invoke a normal printk() to print
failure message. This can cause a deadlock in the scenario reported by
syz-bot below:
CPU0 CPU1 CPU2
---- ---- ----
lock(console_owner);
lock(&port_lock_key);
lock(&port->lock);
lock(&port_lock_key);
lock(&port->lock);
lock(console_owner);
As commit dbdda842fe96 ("printk: Add console owner and waiter logic to
load balance console writes") said, such deadlock can be prevented by
using printk_deferred() in kmalloc() (which is invoked in the section
guarded by the port->lock). But there are too many printk() on the
kmalloc() path, and kmalloc() can be called from anywhere, so changing
printk() to printk_deferred() is too complicated and inelegant.
Therefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so
that printk() will not be called, and this deadlock problem can be
avoided.
Syzbot reported the following lockdep error:
======================================================
WARNING: possible circular locking dependency detected
5.4.143-00237-g08ccc19a-dirty #10 Not tainted
------------------------------------------------------
syz-executor.4/29420 is trying to acquire lock:
ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline]
ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023
but task is already holding lock:
ffff8880119c9158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&port->lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159
tty_port_tty_get drivers/tty/tty_port.c:288 [inline] <-- lock(&port->lock);
tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47
serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767
serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] <-- lock(&port_lock_key);
serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870
serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156
[...]
-> #1 (&port_lock_key){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159
serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198
<-- lock(&port_lock_key);
call_console_drivers kernel/printk/printk.c:1819 [inline]
console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504
vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024 <-- lock(console_owner);
vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394
printk+0xba/0xed kernel/printk/printk.c:2084
register_console+0x8b3/0xc10 kernel/printk/printk.c:2829
univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681
console_init+0x49d/0x6d3 kernel/printk/printk.c:2915
start_kernel+0x5e9/0x879 init/main.c:713
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241
-> #0 (console_owner){....}-{0:0}:
[...]
lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734
console_trylock_spinning kernel/printk/printk.c:1773 [inline] <-- lock(console_owner);
vprintk_emit+0x307/0x470 kernel/printk/printk.c:2023
vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394
printk+0xba/0xed kernel/printk/printk.c:2084
fail_dump lib/fault-inject.c:45 [inline]
should_fail+0x67b/0x7c0 lib/fault-inject.c:144
__should_failslab+0x152/0x1c0 mm/failslab.c:33
should_failslab+0x5/0x10 mm/slab_common.c:1224
slab_pre_alloc_hook mm/slab.h:468 [inline]
slab_alloc_node mm/slub.c:2723 [inline]
slab_alloc mm/slub.c:2807 [inline]
__kmalloc+0x72/0x300 mm/slub.c:3871
kmalloc include/linux/slab.h:582 [inline]
tty_buffer_alloc+0x23f/0x2a0 drivers/tty/tty_buffer.c:175
__tty_buffer_request_room+0x156/0x2a0 drivers/tty/tty_buffer.c:273
tty_insert_flip_string_fixed_flag+0x93/0x250 drivers/tty/tty_buffer.c:318
tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
pty_write+0x126/0x1f0 drivers/tty/pty.c:122 <-- lock(&port->lock);
n_tty_write+0xa7a/0xfc0 drivers/tty/n_tty.c:2356
do_tty_write drivers/tty/tty_io.c:961 [inline]
tty_write+0x512/0x930 drivers/tty/tty_io.c:1045
__vfs_write+0x76/0x100 fs/read_write.c:494
[...]
other info that might help us debug this:
Chain exists of:
console_owner --> &port_lock_key --> &port->lock
Link: https://lkml.kernel.org/r/20220511061951.1114-2-zhengqi.arch@bytedance.com
Link: https://lkml.kernel.org/r/20220510113809.80626-2-zhengqi.arch@bytedance.com
Fixes: b6da31b2c07c ("tty: Fix data race in tty_insert_flip_string_fixed_flag")
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Acked-by: Jiri Slaby <jirislaby@kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/tty_buffer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c
index bb148dbfbb88..47f2370ad85c 100644
--- a/drivers/tty/tty_buffer.c
+++ b/drivers/tty/tty_buffer.c
@@ -172,7 +172,8 @@ static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
have queued and recycle that ? */
if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
return NULL;
- p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
+ p = kmalloc(sizeof(struct tty_buffer) + 2 * size,
+ GFP_ATOMIC | __GFP_NOWARN);
if (p == NULL)
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 186/411] crypto: cryptd - Protect per-CPU resource by disabling BH.
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 185/411] tty: fix deadlock caused by calling printk() under tty_port->lock Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 187/411] Input: sparcspkr - fix refcount leak in bbc_beep_probe Greg Kroah-Hartman
` (229 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior,
Herbert Xu, Sasha Levin
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
[ Upstream commit 91e8bcd7b4da182e09ea19a2c73167345fe14c98 ]
The access to cryptd_queue::cpu_queue is synchronized by disabling
preemption in cryptd_enqueue_request() and disabling BH in
cryptd_queue_worker(). This implies that access is allowed from BH.
If cryptd_enqueue_request() is invoked from preemptible context _and_
soft interrupt then this can lead to list corruption since
cryptd_enqueue_request() is not protected against access from
soft interrupt.
Replace get_cpu() in cryptd_enqueue_request() with local_bh_disable()
to ensure BH is always disabled.
Remove preempt_disable() from cryptd_queue_worker() since it is not
needed because local_bh_disable() ensures synchronisation.
Fixes: 254eff771441 ("crypto: cryptd - Per-CPU thread implementation...")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/cryptd.c | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 927760b316a4..43a1a855886b 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -39,6 +39,10 @@ struct cryptd_cpu_queue {
};
struct cryptd_queue {
+ /*
+ * Protected by disabling BH to allow enqueueing from softinterrupt and
+ * dequeuing from kworker (cryptd_queue_worker()).
+ */
struct cryptd_cpu_queue __percpu *cpu_queue;
};
@@ -125,28 +129,28 @@ static void cryptd_fini_queue(struct cryptd_queue *queue)
static int cryptd_enqueue_request(struct cryptd_queue *queue,
struct crypto_async_request *request)
{
- int cpu, err;
+ int err;
struct cryptd_cpu_queue *cpu_queue;
refcount_t *refcnt;
- cpu = get_cpu();
+ local_bh_disable();
cpu_queue = this_cpu_ptr(queue->cpu_queue);
err = crypto_enqueue_request(&cpu_queue->queue, request);
refcnt = crypto_tfm_ctx(request->tfm);
if (err == -ENOSPC)
- goto out_put_cpu;
+ goto out;
- queue_work_on(cpu, cryptd_wq, &cpu_queue->work);
+ queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work);
if (!refcount_read(refcnt))
- goto out_put_cpu;
+ goto out;
refcount_inc(refcnt);
-out_put_cpu:
- put_cpu();
+out:
+ local_bh_enable();
return err;
}
@@ -162,15 +166,10 @@ static void cryptd_queue_worker(struct work_struct *work)
cpu_queue = container_of(work, struct cryptd_cpu_queue, work);
/*
* Only handle one request at a time to avoid hogging crypto workqueue.
- * preempt_disable/enable is used to prevent being preempted by
- * cryptd_enqueue_request(). local_bh_disable/enable is used to prevent
- * cryptd_enqueue_request() being accessed from software interrupts.
*/
local_bh_disable();
- preempt_disable();
backlog = crypto_get_backlog(&cpu_queue->queue);
req = crypto_dequeue_request(&cpu_queue->queue);
- preempt_enable();
local_bh_enable();
if (!req)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 187/411] Input: sparcspkr - fix refcount leak in bbc_beep_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 186/411] crypto: cryptd - Protect per-CPU resource by disabling BH Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 188/411] powerpc/64: Only WARN if __pa()/__va() called with bad addresses Greg Kroah-Hartman
` (228 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Dmitry Torokhov, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit c8994b30d71d64d5dcc9bc0edbfdf367171aa96f ]
of_find_node_by_path() calls of_find_node_opts_by_path(),
which returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: 9c1a5077fdca ("input: Rewrite sparcspkr device probing.")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220516081018.42728-1-linmq006@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/sparcspkr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c
index fe43e5557ed7..cdcb7737c46a 100644
--- a/drivers/input/misc/sparcspkr.c
+++ b/drivers/input/misc/sparcspkr.c
@@ -205,6 +205,7 @@ static int bbc_beep_probe(struct platform_device *op)
info = &state->u.bbc;
info->clock_freq = of_getintprop_default(dp, "clock-frequency", 0);
+ of_node_put(dp);
if (!info->clock_freq)
goto out_free;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 188/411] powerpc/64: Only WARN if __pa()/__va() called with bad addresses
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 187/411] Input: sparcspkr - fix refcount leak in bbc_beep_probe Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 189/411] powerpc/perf: Fix the threshold compare group constraint for power9 Greg Kroah-Hartman
` (227 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit c4bce84d0bd3f396f702d69be2e92bbd8af97583 ]
We added checks to __pa() / __va() to ensure they're only called with
appropriate addresses. But using BUG_ON() is too strong, it means
virt_addr_valid() will BUG when DEBUG_VIRTUAL is enabled.
Instead switch them to warnings, arm64 does the same.
Fixes: 4dd7554a6456 ("powerpc/64: Add VIRTUAL_BUG_ON checks for __va and __pa addresses")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220406145802.538416-5-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/page.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index 0d8f9246ce15..d92353a96f81 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -216,6 +216,9 @@ static inline bool pfn_valid(unsigned long pfn)
#define __pa(x) ((unsigned long)(x) - VIRT_PHYS_OFFSET)
#else
#ifdef CONFIG_PPC64
+
+#define VIRTUAL_WARN_ON(x) WARN_ON(IS_ENABLED(CONFIG_DEBUG_VIRTUAL) && (x))
+
/*
* gcc miscompiles (unsigned long)(&static_var) - PAGE_OFFSET
* with -mcmodel=medium, so we use & and | instead of - and + on 64-bit.
@@ -223,13 +226,13 @@ static inline bool pfn_valid(unsigned long pfn)
*/
#define __va(x) \
({ \
- VIRTUAL_BUG_ON((unsigned long)(x) >= PAGE_OFFSET); \
+ VIRTUAL_WARN_ON((unsigned long)(x) >= PAGE_OFFSET); \
(void *)(unsigned long)((phys_addr_t)(x) | PAGE_OFFSET); \
})
#define __pa(x) \
({ \
- VIRTUAL_BUG_ON((unsigned long)(x) < PAGE_OFFSET); \
+ VIRTUAL_WARN_ON((unsigned long)(x) < PAGE_OFFSET); \
(unsigned long)(x) & 0x0fffffffffffffffUL; \
})
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 189/411] powerpc/perf: Fix the threshold compare group constraint for power9
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 188/411] powerpc/64: Only WARN if __pa()/__va() called with bad addresses Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 190/411] macintosh: via-pmu and via-cuda need RTC_LIB Greg Kroah-Hartman
` (226 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kajol Jain, Athira Rajeev,
Michael Ellerman, Sasha Levin
From: Kajol Jain <kjain@linux.ibm.com>
[ Upstream commit ab0cc6bbf0c812731c703ec757fcc3fc3a457a34 ]
Thresh compare bits for a event is used to program thresh compare
field in Monitor Mode Control Register A (MMCRA: 9-18 bits for power9).
When scheduling events as a group, all events in that group should
match value in threshold bits (like thresh compare, thresh control,
thresh select). Otherwise event open for the sibling events should fail.
But in the current code, incase thresh compare bits are not valid,
we are not failing in group_constraint function which can result
in invalid group schduling.
Fix the issue by returning -1 incase event is threshold and threshold
compare value is not valid.
Thresh control bits in the event code is used to program thresh_ctl
field in Monitor Mode Control Register A (MMCRA: 48-55). In below example,
the scheduling of group events PM_MRK_INST_CMPL (873534401e0) and
PM_THRESH_MET (8734340101ec) is expected to fail as both event
request different thresh control bits and invalid thresh compare value.
Result before the patch changes:
[command]# perf stat -e "{r8735340401e0,r8734340101ec}" sleep 1
Performance counter stats for 'sleep 1':
11,048 r8735340401e0
1,967 r8734340101ec
1.001354036 seconds time elapsed
0.001421000 seconds user
0.000000000 seconds sys
Result after the patch changes:
[command]# perf stat -e "{r8735340401e0,r8734340101ec}" sleep 1
Error:
The sys_perf_event_open() syscall returned with 22 (Invalid argument)
for event (r8735340401e0).
/bin/dmesg | grep -i perf may provide additional information.
Fixes: 78a16d9fc1206 ("powerpc/perf: Avoid FAB_*_MATCH checks for power9")
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
Reviewed-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220506061015.43916-2-kjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/isa207-common.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/perf/isa207-common.c b/arch/powerpc/perf/isa207-common.c
index 944180f55a3c..25eda98f3b1b 100644
--- a/arch/powerpc/perf/isa207-common.c
+++ b/arch/powerpc/perf/isa207-common.c
@@ -326,7 +326,8 @@ int isa207_get_constraint(u64 event, unsigned long *maskp, unsigned long *valp)
if (event_is_threshold(event) && is_thresh_cmp_valid(event)) {
mask |= CNST_THRESH_MASK;
value |= CNST_THRESH_VAL(event >> EVENT_THRESH_SHIFT);
- }
+ } else if (event_is_threshold(event))
+ return -1;
} else {
/*
* Special case for PM_MRK_FAB_RSP_MATCH and PM_MRK_FAB_RSP_MATCH_CYC,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 190/411] macintosh: via-pmu and via-cuda need RTC_LIB
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 189/411] powerpc/perf: Fix the threshold compare group constraint for power9 Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 191/411] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup Greg Kroah-Hartman
` (225 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Christophe Leroy,
Randy Dunlap, Arnd Bergmann, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 9a9c5ff5fff87eb1a43db0d899473554e408fd7b ]
Fix build when RTC_LIB is not set/enabled.
Eliminates these build errors:
m68k-linux-ld: drivers/macintosh/via-pmu.o: in function `pmu_set_rtc_time':
drivers/macintosh/via-pmu.c:1769: undefined reference to `rtc_tm_to_time64'
m68k-linux-ld: drivers/macintosh/via-cuda.o: in function `cuda_set_rtc_time':
drivers/macintosh/via-cuda.c:797: undefined reference to `rtc_tm_to_time64'
Fixes: 0792a2c8e0bb ("macintosh: Use common code to access RTC")
Reported-by: kernel test robot <lkp@intel.com>
Suggested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220410161035.592-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/Kconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/macintosh/Kconfig b/drivers/macintosh/Kconfig
index abaf1401cca6..b5a534206edd 100644
--- a/drivers/macintosh/Kconfig
+++ b/drivers/macintosh/Kconfig
@@ -44,6 +44,7 @@ config ADB_IOP
config ADB_CUDA
bool "Support for Cuda/Egret based Macs and PowerMacs"
depends on (ADB || PPC_PMAC) && !PPC_PMAC64
+ select RTC_LIB
help
This provides support for Cuda/Egret based Macintosh and
Power Macintosh systems. This includes most m68k based Macs,
@@ -57,6 +58,7 @@ config ADB_CUDA
config ADB_PMU
bool "Support for PMU based PowerMacs and PowerBooks"
depends on PPC_PMAC || MAC
+ select RTC_LIB
help
On PowerBooks, iBooks, and recent iMacs and Power Macintoshes, the
PMU is an embedded microprocessor whose primary function is to
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 191/411] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 190/411] macintosh: via-pmu and via-cuda need RTC_LIB Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 192/411] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() Greg Kroah-Hartman
` (224 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Michael Ellerman, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit fcee96924ba1596ca80a6770b2567ca546f9a482 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: abc3aeae3aaa ("fsl-rio: Add two ports and rapidio message units support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220512123724.62931-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/fsl_rio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/sysdev/fsl_rio.c b/arch/powerpc/sysdev/fsl_rio.c
index 07c164f7f8cf..3f9f78621cf3 100644
--- a/arch/powerpc/sysdev/fsl_rio.c
+++ b/arch/powerpc/sysdev/fsl_rio.c
@@ -505,8 +505,10 @@ int fsl_rio_setup(struct platform_device *dev)
if (rc) {
dev_err(&dev->dev, "Can't get %pOF property 'reg'\n",
rmu_node);
+ of_node_put(rmu_node);
goto err_rmu;
}
+ of_node_put(rmu_node);
rmu_regs_win = ioremap(rmu_regs.start, resource_size(&rmu_regs));
if (!rmu_regs_win) {
dev_err(&dev->dev, "Unable to map rmu register window\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 192/411] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 191/411] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 193/411] mailbox: forward the hrtimer if not queued and under a lock Greg Kroah-Hartman
` (223 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Lee Jones, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 311242c7703df0da14c206260b7e855f69cb0264 ]
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
Fixes: b5e29aa880be ("mfd: davinci_voicecodec: Remove pointless #include")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220426030857.3539336-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/davinci_voicecodec.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/mfd/davinci_voicecodec.c b/drivers/mfd/davinci_voicecodec.c
index e5c8bc998eb4..965820481f1e 100644
--- a/drivers/mfd/davinci_voicecodec.c
+++ b/drivers/mfd/davinci_voicecodec.c
@@ -46,14 +46,12 @@ static int __init davinci_vc_probe(struct platform_device *pdev)
}
clk_enable(davinci_vc->clk);
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
-
- fifo_base = (dma_addr_t)res->start;
- davinci_vc->base = devm_ioremap_resource(&pdev->dev, res);
+ davinci_vc->base = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
if (IS_ERR(davinci_vc->base)) {
ret = PTR_ERR(davinci_vc->base);
goto fail;
}
+ fifo_base = (dma_addr_t)res->start;
davinci_vc->regmap = devm_regmap_init_mmio(&pdev->dev,
davinci_vc->base,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 193/411] mailbox: forward the hrtimer if not queued and under a lock
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 192/411] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 194/411] RDMA/hfi1: Prevent use of lock before it is initialized Greg Kroah-Hartman
` (222 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Björn Ardö,
Jassi Brar, Sasha Levin
From: Björn Ardö <bjorn.ardo@axis.com>
[ Upstream commit bca1a1004615efe141fd78f360ecc48c60bc4ad5 ]
This reverts commit c7dacf5b0f32957b24ef29df1207dc2cd8307743,
"mailbox: avoid timer start from callback"
The previous commit was reverted since it lead to a race that
caused the hrtimer to not be started at all. The check for
hrtimer_active() in msg_submit() will return true if the
callback function txdone_hrtimer() is currently running. This
function could return HRTIMER_NORESTART and then the timer
will not be restarted, and also msg_submit() will not start
the timer. This will lead to a message actually being submitted
but no timer will start to check for its compleation.
The original fix that added checking hrtimer_active() was added to
avoid a warning with hrtimer_forward. Looking in the kernel
another solution to avoid this warning is to check hrtimer_is_queued()
before calling hrtimer_forward_now() instead. This however requires a
lock so the timer is not started by msg_submit() inbetween this check
and the hrtimer_forward() call.
Fixes: c7dacf5b0f32 ("mailbox: avoid timer start from callback")
Signed-off-by: Björn Ardö <bjorn.ardo@axis.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/mailbox.c | 19 +++++++++++++------
include/linux/mailbox_controller.h | 1 +
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c
index 3e7d4b20ab34..4229b9b5da98 100644
--- a/drivers/mailbox/mailbox.c
+++ b/drivers/mailbox/mailbox.c
@@ -82,11 +82,11 @@ static void msg_submit(struct mbox_chan *chan)
exit:
spin_unlock_irqrestore(&chan->lock, flags);
- /* kick start the timer immediately to avoid delays */
if (!err && (chan->txdone_method & TXDONE_BY_POLL)) {
- /* but only if not already active */
- if (!hrtimer_active(&chan->mbox->poll_hrt))
- hrtimer_start(&chan->mbox->poll_hrt, 0, HRTIMER_MODE_REL);
+ /* kick start the timer immediately to avoid delays */
+ spin_lock_irqsave(&chan->mbox->poll_hrt_lock, flags);
+ hrtimer_start(&chan->mbox->poll_hrt, 0, HRTIMER_MODE_REL);
+ spin_unlock_irqrestore(&chan->mbox->poll_hrt_lock, flags);
}
}
@@ -120,20 +120,26 @@ static enum hrtimer_restart txdone_hrtimer(struct hrtimer *hrtimer)
container_of(hrtimer, struct mbox_controller, poll_hrt);
bool txdone, resched = false;
int i;
+ unsigned long flags;
for (i = 0; i < mbox->num_chans; i++) {
struct mbox_chan *chan = &mbox->chans[i];
if (chan->active_req && chan->cl) {
- resched = true;
txdone = chan->mbox->ops->last_tx_done(chan);
if (txdone)
tx_tick(chan, 0);
+ else
+ resched = true;
}
}
if (resched) {
- hrtimer_forward_now(hrtimer, ms_to_ktime(mbox->txpoll_period));
+ spin_lock_irqsave(&mbox->poll_hrt_lock, flags);
+ if (!hrtimer_is_queued(hrtimer))
+ hrtimer_forward_now(hrtimer, ms_to_ktime(mbox->txpoll_period));
+ spin_unlock_irqrestore(&mbox->poll_hrt_lock, flags);
+
return HRTIMER_RESTART;
}
return HRTIMER_NORESTART;
@@ -500,6 +506,7 @@ int mbox_controller_register(struct mbox_controller *mbox)
hrtimer_init(&mbox->poll_hrt, CLOCK_MONOTONIC,
HRTIMER_MODE_REL);
mbox->poll_hrt.function = txdone_hrtimer;
+ spin_lock_init(&mbox->poll_hrt_lock);
}
for (i = 0; i < mbox->num_chans; i++) {
diff --git a/include/linux/mailbox_controller.h b/include/linux/mailbox_controller.h
index 36d6ce673503..6fee33cb52f5 100644
--- a/include/linux/mailbox_controller.h
+++ b/include/linux/mailbox_controller.h
@@ -83,6 +83,7 @@ struct mbox_controller {
const struct of_phandle_args *sp);
/* Internal to API */
struct hrtimer poll_hrt;
+ spinlock_t poll_hrt_lock;
struct list_head node;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 194/411] RDMA/hfi1: Prevent use of lock before it is initialized
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 193/411] mailbox: forward the hrtimer if not queued and under a lock Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 195/411] Input: stmfts - do not leave device disabled in stmfts_input_open Greg Kroah-Hartman
` (221 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Douglas Miller,
Dennis Dalessandro, Jason Gunthorpe, Sasha Levin
From: Douglas Miller <doug.miller@cornelisnetworks.com>
[ Upstream commit 05c03dfd09c069c4ffd783b47b2da5dcc9421f2c ]
If there is a failure during probe of hfi1 before the sdma_map_lock is
initialized, the call to hfi1_free_devdata() will attempt to use a lock
that has not been initialized. If the locking correctness validator is on
then an INFO message and stack trace resembling the following may be seen:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Call Trace:
register_lock_class+0x11b/0x880
__lock_acquire+0xf3/0x7930
lock_acquire+0xff/0x2d0
_raw_spin_lock_irq+0x46/0x60
sdma_clean+0x42a/0x660 [hfi1]
hfi1_free_devdata+0x3a7/0x420 [hfi1]
init_one+0x867/0x11a0 [hfi1]
pci_device_probe+0x40e/0x8d0
The use of sdma_map_lock in sdma_clean() is for freeing the sdma_map
memory, and sdma_map is not allocated/initialized until after
sdma_map_lock has been initialized. This code only needs to be run if
sdma_map is not NULL, and so checking for that condition will avoid trying
to use the lock before it is initialized.
Fixes: 473291b3ea0e ("IB/hfi1: Fix for early release of sdma context")
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20220520183701.48973.72434.stgit@awfm-01.cornelisnetworks.com
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Douglas Miller <doug.miller@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/sdma.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c
index 248be21acdbe..2a684fc6056e 100644
--- a/drivers/infiniband/hw/hfi1/sdma.c
+++ b/drivers/infiniband/hw/hfi1/sdma.c
@@ -1329,11 +1329,13 @@ void sdma_clean(struct hfi1_devdata *dd, size_t num_engines)
kvfree(sde->tx_ring);
sde->tx_ring = NULL;
}
- spin_lock_irq(&dd->sde_map_lock);
- sdma_map_free(rcu_access_pointer(dd->sdma_map));
- RCU_INIT_POINTER(dd->sdma_map, NULL);
- spin_unlock_irq(&dd->sde_map_lock);
- synchronize_rcu();
+ if (rcu_access_pointer(dd->sdma_map)) {
+ spin_lock_irq(&dd->sde_map_lock);
+ sdma_map_free(rcu_access_pointer(dd->sdma_map));
+ RCU_INIT_POINTER(dd->sdma_map, NULL);
+ spin_unlock_irq(&dd->sde_map_lock);
+ synchronize_rcu();
+ }
kfree(dd->per_sdma);
dd->per_sdma = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 195/411] Input: stmfts - do not leave device disabled in stmfts_input_open
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 194/411] RDMA/hfi1: Prevent use of lock before it is initialized Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 196/411] f2fs: fix dereference of stale list iterator after loop body Greg Kroah-Hartman
` (220 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Dmitry Torokhov, Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 5f76955ab1e43e5795a9631b22ca4f918a0ae986 ]
The commit 26623eea0da3 attempted to deal with potential leak of runtime
PM counter when opening the touchscreen device, however it ended up
erroneously dropping the counter in the case of successfully enabling the
device.
Let's address this by using pm_runtime_resume_and_get() and then executing
pm_runtime_put_sync() only when we fail to send "sense on" command to the
device.
Fixes: 26623eea0da3 ("Input: stmfts - fix reference leak in stmfts_input_open")
Reported-by: Pavel Machek <pavel@denx.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/stmfts.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/input/touchscreen/stmfts.c b/drivers/input/touchscreen/stmfts.c
index be1dd504d5b1..20bc2279a2f2 100644
--- a/drivers/input/touchscreen/stmfts.c
+++ b/drivers/input/touchscreen/stmfts.c
@@ -337,13 +337,15 @@ static int stmfts_input_open(struct input_dev *dev)
struct stmfts_data *sdata = input_get_drvdata(dev);
int err;
- err = pm_runtime_get_sync(&sdata->client->dev);
- if (err < 0)
- goto out;
+ err = pm_runtime_resume_and_get(&sdata->client->dev);
+ if (err)
+ return err;
err = i2c_smbus_write_byte(sdata->client, STMFTS_MS_MT_SENSE_ON);
- if (err)
- goto out;
+ if (err) {
+ pm_runtime_put_sync(&sdata->client->dev);
+ return err;
+ }
mutex_lock(&sdata->mutex);
sdata->running = true;
@@ -366,9 +368,7 @@ static int stmfts_input_open(struct input_dev *dev)
"failed to enable touchkey\n");
}
-out:
- pm_runtime_put_noidle(&sdata->client->dev);
- return err;
+ return 0;
}
static void stmfts_input_close(struct input_dev *dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 196/411] f2fs: fix dereference of stale list iterator after loop body
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 195/411] Input: stmfts - do not leave device disabled in stmfts_input_open Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 197/411] iommu/mediatek: Add list_del in mtk_iommu_remove Greg Kroah-Hartman
` (219 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakob Koschel, Chao Yu, Jaegeuk Kim,
Sasha Levin
From: Jakob Koschel <jakobkoschel@gmail.com>
[ Upstream commit 2aaf51dd39afb6d01d13f1e6fe20b684733b37d5 ]
The list iterator variable will be a bogus pointer if no break was hit.
Dereferencing it (cur->page in this case) could load an out-of-bounds/undefined
value making it unsafe to use that in the comparision to determine if the
specific element was found.
Since 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that
by chance (or intention of an attacker) it matches the value of 'page'
even though the correct element was not found.
This is fixed by using a separate list iterator variable for the loop
and only setting the original variable if a suitable element was found.
Then determing if the element was found is simply checking if the
variable is set.
Fixes: 8c242db9b8c0 ("f2fs: fix stale ATOMIC_WRITTEN_PAGE private pointer")
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 78c54bb7898d..7759323bd775 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -352,16 +352,19 @@ void f2fs_drop_inmem_page(struct inode *inode, struct page *page)
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
struct list_head *head = &fi->inmem_pages;
struct inmem_pages *cur = NULL;
+ struct inmem_pages *tmp;
f2fs_bug_on(sbi, !IS_ATOMIC_WRITTEN_PAGE(page));
mutex_lock(&fi->inmem_lock);
- list_for_each_entry(cur, head, list) {
- if (cur->page == page)
+ list_for_each_entry(tmp, head, list) {
+ if (tmp->page == page) {
+ cur = tmp;
break;
+ }
}
- f2fs_bug_on(sbi, list_empty(head) || cur->page != page);
+ f2fs_bug_on(sbi, !cur);
list_del(&cur->list);
mutex_unlock(&fi->inmem_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 197/411] iommu/mediatek: Add list_del in mtk_iommu_remove
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 196/411] f2fs: fix dereference of stale list iterator after loop body Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 198/411] i2c: at91: use dma safe buffers Greg Kroah-Hartman
` (218 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yong Wu, AngeloGioacchino Del Regno,
Matthias Brugger, Joerg Roedel, Sasha Levin
From: Yong Wu <yong.wu@mediatek.com>
[ Upstream commit ee55f75e4bcade81d253163641b63bef3e76cac4 ]
Lack the list_del in the mtk_iommu_remove, and remove
bus_set_iommu(*, NULL) since there may be several iommu HWs.
we can not bus_set_iommu null when one iommu driver unbind.
This could be a fix for mt2712 which support 2 M4U HW and list them.
Fixes: 7c3a2ec02806 ("iommu/mediatek: Merge 2 M4U HWs into one iommu domain")
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/20220503071427.2285-6-yong.wu@mediatek.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/mtk_iommu.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c
index c2f6c78fee44..18d7c818a174 100644
--- a/drivers/iommu/mtk_iommu.c
+++ b/drivers/iommu/mtk_iommu.c
@@ -769,8 +769,7 @@ static int mtk_iommu_remove(struct platform_device *pdev)
iommu_device_sysfs_remove(&data->iommu);
iommu_device_unregister(&data->iommu);
- if (iommu_present(&platform_bus_type))
- bus_set_iommu(&platform_bus_type, NULL);
+ list_del(&data->list);
clk_disable_unprepare(data->bclk);
devm_free_irq(&pdev->dev, data->irq, data);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 198/411] i2c: at91: use dma safe buffers
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 197/411] iommu/mediatek: Add list_del in mtk_iommu_remove Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 199/411] i2c: at91: Initialize dma_buf in at91_twi_xfer() Greg Kroah-Hartman
` (217 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Codrin Ciubotariu,
Wolfram Sang, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 03fbb903c8bf7e53e101e8d9a7b261264317c411 ]
The supplied buffer might be on the stack and we get the following error
message:
[ 3.312058] at91_i2c e0070600.i2c: rejecting DMA map of vmalloc memory
Use i2c_{get,put}_dma_safe_msg_buf() to get a DMA-able memory region if
necessary.
Fixes: 60937b2cdbf9 ("i2c: at91: add dma support")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-at91-master.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/i2c/busses/i2c-at91-master.c b/drivers/i2c/busses/i2c-at91-master.c
index a3fcc35ffd3b..44502024cc10 100644
--- a/drivers/i2c/busses/i2c-at91-master.c
+++ b/drivers/i2c/busses/i2c-at91-master.c
@@ -609,6 +609,7 @@ static int at91_twi_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, int num)
unsigned int_addr_flag = 0;
struct i2c_msg *m_start = msg;
bool is_read;
+ u8 *dma_buf;
dev_dbg(&adap->dev, "at91_xfer: processing %d messages:\n", num);
@@ -656,7 +657,17 @@ static int at91_twi_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, int num)
dev->msg = m_start;
dev->recv_len_abort = false;
+ if (dev->use_dma) {
+ dma_buf = i2c_get_dma_safe_msg_buf(m_start, 1);
+ if (!dma_buf) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ dev->buf = dma_buf;
+ }
+
ret = at91_do_twi_transfer(dev);
+ i2c_put_dma_safe_msg_buf(dma_buf, m_start, !ret);
ret = (ret < 0) ? ret : num;
out:
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 199/411] i2c: at91: Initialize dma_buf in at91_twi_xfer()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 198/411] i2c: at91: use dma safe buffers Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 200/411] NFS: Do not report EINTR/ERESTARTSYS as mapping errors Greg Kroah-Hartman
` (216 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Michael Walle,
Wolfram Sang, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 6977262c2eee111645668fe9e235ef2f5694abf7 ]
Clang warns:
drivers/i2c/busses/i2c-at91-master.c:707:6: warning: variable 'dma_buf' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
if (dev->use_dma) {
^~~~~~~~~~~~
drivers/i2c/busses/i2c-at91-master.c:717:27: note: uninitialized use occurs here
i2c_put_dma_safe_msg_buf(dma_buf, m_start, !ret);
^~~~~~~
Initialize dma_buf to NULL, as i2c_put_dma_safe_msg_buf() is a no-op
when the first argument is NULL, which will work for the !dev->use_dma
case.
Fixes: 03fbb903c8bf ("i2c: at91: use dma safe buffers")
Link: https://github.com/ClangBuiltLinux/linux/issues/1629
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Michael Walle <michael@walle.cc>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-at91-master.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-at91-master.c b/drivers/i2c/busses/i2c-at91-master.c
index 44502024cc10..f74d5ad2f1fa 100644
--- a/drivers/i2c/busses/i2c-at91-master.c
+++ b/drivers/i2c/busses/i2c-at91-master.c
@@ -609,7 +609,7 @@ static int at91_twi_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, int num)
unsigned int_addr_flag = 0;
struct i2c_msg *m_start = msg;
bool is_read;
- u8 *dma_buf;
+ u8 *dma_buf = NULL;
dev_dbg(&adap->dev, "at91_xfer: processing %d messages:\n", num);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 200/411] NFS: Do not report EINTR/ERESTARTSYS as mapping errors
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 199/411] i2c: at91: Initialize dma_buf in at91_twi_xfer() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 201/411] NFS: Do not report flush errors in nfs_write_end() Greg Kroah-Hartman
` (215 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit cea9ba7239dcc84175041174304c6cdeae3226e5 ]
If the attempt to flush data was interrupted due to a local signal, then
just requeue the writes back for I/O.
Fixes: 6fbda89b257f ("NFS: Replace custom error reporting mechanism with generic one")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/write.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 30d8e7bc1cef..ecdd79a55840 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1429,7 +1429,7 @@ static void nfs_async_write_error(struct list_head *head, int error)
while (!list_empty(head)) {
req = nfs_list_entry(head->next);
nfs_list_remove_request(req);
- if (nfs_error_is_fatal(error))
+ if (nfs_error_is_fatal_on_server(error))
nfs_write_error(req, error);
else
nfs_redirty_request(req);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 201/411] NFS: Do not report flush errors in nfs_write_end()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 200/411] NFS: Do not report EINTR/ERESTARTSYS as mapping errors Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 202/411] NFS: Dont report errors from nfs_pageio_complete() more than once Greg Kroah-Hartman
` (214 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit d95b26650e86175e4a97698d89bc1626cd1df0c6 ]
If we do flush cached writebacks in nfs_write_end() due to the imminent
expiration of an RPCSEC_GSS session, then we should defer reporting any
resulting errors until the calls to file_check_and_advance_wb_err() in
nfs_file_write() and nfs_file_fsync().
Fixes: 6fbda89b257f ("NFS: Replace custom error reporting mechanism with generic one")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/file.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 73415970af38..3233da79d49a 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -394,11 +394,8 @@ static int nfs_write_end(struct file *file, struct address_space *mapping,
return status;
NFS_I(mapping->host)->write_io += copied;
- if (nfs_ctx_key_to_expire(ctx, mapping->host)) {
- status = nfs_wb_all(mapping->host);
- if (status < 0)
- return status;
- }
+ if (nfs_ctx_key_to_expire(ctx, mapping->host))
+ nfs_wb_all(mapping->host);
return copied;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 202/411] NFS: Dont report errors from nfs_pageio_complete() more than once
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 201/411] NFS: Do not report flush errors in nfs_write_end() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 203/411] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout Greg Kroah-Hartman
` (213 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit c5e483b77cc2edb318da152abe07e33006b975fd ]
Since errors from nfs_pageio_complete() are already being reported
through nfs_async_write_error(), we should not be returning them to the
callers of do_writepages() as well. They will end up being reported
through the generic mechanism instead.
Fixes: 6fbda89b257f ("NFS: Replace custom error reporting mechanism with generic one")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/write.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index ecdd79a55840..10ce264a6456 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -692,11 +692,7 @@ static int nfs_writepage_locked(struct page *page,
err = nfs_do_writepage(page, wbc, &pgio);
pgio.pg_error = 0;
nfs_pageio_complete(&pgio);
- if (err < 0)
- return err;
- if (nfs_error_is_fatal(pgio.pg_error))
- return pgio.pg_error;
- return 0;
+ return err;
}
int nfs_writepage(struct page *page, struct writeback_control *wbc)
@@ -747,9 +743,6 @@ int nfs_writepages(struct address_space *mapping, struct writeback_control *wbc)
if (err < 0)
goto out_err;
- err = pgio.pg_error;
- if (nfs_error_is_fatal(err))
- goto out_err;
return 0;
out_err:
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 203/411] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 202/411] NFS: Dont report errors from nfs_pageio_complete() more than once Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 204/411] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup Greg Kroah-Hartman
` (212 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Olga Kornievskaia, Trond Myklebust,
Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 3764a17e31d579cf9b4bd0a69894b577e8d75702 ]
Commit 587f03deb69b caused pnfs_update_layout() to stop returning ENOMEM
when the memory allocation fails, and hence causes it to fall back to
trying to do I/O through the MDS. There is no guarantee that this will
fare any better. If we're failing the pNFS layout allocation, then we
should just redirty the page and retry later.
Reported-by: Olga Kornievskaia <aglo@umich.edu>
Fixes: 587f03deb69b ("pnfs: refactor send_layoutget")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/pnfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 0471b6e0da16..2fe48982fbb4 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -1961,6 +1961,7 @@ pnfs_update_layout(struct inode *ino,
lo = pnfs_find_alloc_layout(ino, ctx, gfp_flags);
if (lo == NULL) {
spin_unlock(&ino->i_lock);
+ lseg = ERR_PTR(-ENOMEM);
trace_pnfs_update_layout(ino, pos, count, iomode, lo, lseg,
PNFS_UPDATE_LAYOUT_NOMEM);
goto out;
@@ -2090,6 +2091,7 @@ pnfs_update_layout(struct inode *ino,
lgp = pnfs_alloc_init_layoutget_args(ino, ctx, &stateid, &arg, gfp_flags);
if (!lgp) {
+ lseg = ERR_PTR(-ENOMEM);
trace_pnfs_update_layout(ino, pos, count, iomode, lo, NULL,
PNFS_UPDATE_LAYOUT_NOMEM);
nfs_layoutget_end(lo);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 204/411] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 203/411] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 205/411] dmaengine: stm32-mdma: remove GISR1 register Greg Kroah-Hartman
` (211 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Helge Deller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit b23789a59fa6f00e98a319291819f91fbba0deb8 ]
of_parse_phandle() returns a node pointer with refcount incremented, we should
use of_node_put() on it when not need anymore. Add missing of_node_put() to
avoid refcount leak.
Fixes: d10715be03bd ("video: ARM CLCD: Add DT support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/amba-clcd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
index 7de43be6ef2c..3b7a7c74bf0a 100644
--- a/drivers/video/fbdev/amba-clcd.c
+++ b/drivers/video/fbdev/amba-clcd.c
@@ -774,12 +774,15 @@ static int clcdfb_of_vram_setup(struct clcd_fb *fb)
return -ENODEV;
fb->fb.screen_base = of_iomap(memory, 0);
- if (!fb->fb.screen_base)
+ if (!fb->fb.screen_base) {
+ of_node_put(memory);
return -ENOMEM;
+ }
fb->fb.fix.smem_start = of_translate_address(memory,
of_get_address(memory, 0, &size, NULL));
fb->fb.fix.smem_len = size;
+ of_node_put(memory);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 205/411] dmaengine: stm32-mdma: remove GISR1 register
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 204/411] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 206/411] iommu/amd: Increase timeout waiting for GA log enablement Greg Kroah-Hartman
` (210 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amelie Delaunay, Vinod Koul, Sasha Levin
From: Amelie Delaunay <amelie.delaunay@foss.st.com>
[ Upstream commit 9d6a2d92e450926c483e45eaf426080a19219f4e ]
GISR1 was described in a not up-to-date documentation when the stm32-mdma
driver has been developed. This register has not been added in reference
manual of STM32 SoC with MDMA, which have only 32 MDMA channels.
So remove it from stm32-mdma driver.
Fixes: a4ffb13c8946 ("dmaengine: Add STM32 MDMA driver")
Signed-off-by: Amelie Delaunay <amelie.delaunay@foss.st.com>
Link: https://lore.kernel.org/r/20220504155322.121431-2-amelie.delaunay@foss.st.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/stm32-mdma.c | 21 +++++----------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/drivers/dma/stm32-mdma.c b/drivers/dma/stm32-mdma.c
index a05355d1292e..c902c2480640 100644
--- a/drivers/dma/stm32-mdma.c
+++ b/drivers/dma/stm32-mdma.c
@@ -40,7 +40,6 @@
STM32_MDMA_SHIFT(mask))
#define STM32_MDMA_GISR0 0x0000 /* MDMA Int Status Reg 1 */
-#define STM32_MDMA_GISR1 0x0004 /* MDMA Int Status Reg 2 */
/* MDMA Channel x interrupt/status register */
#define STM32_MDMA_CISR(x) (0x40 + 0x40 * (x)) /* x = 0..62 */
@@ -196,7 +195,7 @@
#define STM32_MDMA_MAX_BUF_LEN 128
#define STM32_MDMA_MAX_BLOCK_LEN 65536
-#define STM32_MDMA_MAX_CHANNELS 63
+#define STM32_MDMA_MAX_CHANNELS 32
#define STM32_MDMA_MAX_REQUESTS 256
#define STM32_MDMA_MAX_BURST 128
#define STM32_MDMA_VERY_HIGH_PRIORITY 0x11
@@ -1351,21 +1350,11 @@ static irqreturn_t stm32_mdma_irq_handler(int irq, void *devid)
/* Find out which channel generates the interrupt */
status = readl_relaxed(dmadev->base + STM32_MDMA_GISR0);
- if (status) {
- id = __ffs(status);
- } else {
- status = readl_relaxed(dmadev->base + STM32_MDMA_GISR1);
- if (!status) {
- dev_dbg(mdma2dev(dmadev), "spurious it\n");
- return IRQ_NONE;
- }
- id = __ffs(status);
- /*
- * As GISR0 provides status for channel id from 0 to 31,
- * so GISR1 provides status for channel id from 32 to 62
- */
- id += 32;
+ if (!status) {
+ dev_dbg(mdma2dev(dmadev), "spurious it\n");
+ return IRQ_NONE;
}
+ id = __ffs(status);
chan = &dmadev->chan[id];
if (!chan) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 206/411] iommu/amd: Increase timeout waiting for GA log enablement
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 205/411] dmaengine: stm32-mdma: remove GISR1 register Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 207/411] perf c2c: Use stdio interface if slang is not supported Greg Kroah-Hartman
` (209 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, D. Ziegfeld, Jörg-Volker Peetz,
Joerg Roedel, Sasha Levin
From: Joerg Roedel <jroedel@suse.de>
[ Upstream commit 42bb5aa043382f09bef2cc33b8431be867c70f8e ]
On some systems it can take a long time for the hardware to enable the
GA log of the AMD IOMMU. The current wait time is only 0.1ms, but
testing showed that it can take up to 14ms for the GA log to enter
running state after it has been enabled.
Sometimes the long delay happens when booting the system, sometimes
only on resume. Adjust the timeout accordingly to not print a warning
when hardware takes a longer than usual.
There has already been an attempt to fix this with commit
9b45a7738eec ("iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()")
But that commit was based on some wrong math and did not fix the issue
in all cases.
Cc: "D. Ziegfeld" <dzigg@posteo.de>
Cc: Jörg-Volker Peetz <jvpeetz@web.de>
Fixes: 8bda0cfbdc1a ("iommu/amd: Detect and initialize guest vAPIC log")
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Link: https://lore.kernel.org/r/20220520102214.12563-1-joro@8bytes.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd_iommu_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
index 7502fa84e253..82d008310418 100644
--- a/drivers/iommu/amd_iommu_init.c
+++ b/drivers/iommu/amd_iommu_init.c
@@ -83,7 +83,7 @@
#define ACPI_DEVFLAG_LINT1 0x80
#define ACPI_DEVFLAG_ATSDIS 0x10000000
-#define LOOP_TIMEOUT 100000
+#define LOOP_TIMEOUT 2000000
/*
* ACPI table definitions
*
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 207/411] perf c2c: Use stdio interface if slang is not supported
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.4 206/411] iommu/amd: Increase timeout waiting for GA log enablement Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 208/411] perf jevents: Fix event syntax error caused by ExtSel Greg Kroah-Hartman
` (208 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Mario, Leo Yan,
Alexander Shishkin, Jiri Olsa, Mark Rutland, Namhyung Kim,
Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: Leo Yan <leo.yan@linaro.org>
[ Upstream commit c4040212bc97d16040712a410335f93bc94d2262 ]
If the slang lib is not installed on the system, perf c2c tool disables TUI
mode and roll back to use stdio mode; but the flag 'c2c.use_stdio' is
missed to set true and thus it wrongly applies UI quirks in the function
ui_quirks().
This commit forces to use stdio interface if slang is not supported, and
it can avoid to apply the UI quirks and show the correct metric header.
Before:
=================================================
Shared Cache Line Distribution Pareto
=================================================
-------------------------------------------------------------------------------
0 0 0 99 0 0 0 0xaaaac17d6000
-------------------------------------------------------------------------------
0.00% 0.00% 6.06% 0.00% 0.00% 0.00% 0x20 N/A 0 0xaaaac17c25ac 0 0 43 375 18469 2 [.] 0x00000000000025ac memstress memstress[25ac] 0
0.00% 0.00% 93.94% 0.00% 0.00% 0.00% 0x29 N/A 0 0xaaaac17c3e88 0 0 173 180 135 2 [.] 0x0000000000003e88 memstress memstress[3e88] 0
After:
=================================================
Shared Cache Line Distribution Pareto
=================================================
-------------------------------------------------------------------------------
0 0 0 99 0 0 0 0xaaaac17d6000
-------------------------------------------------------------------------------
0.00% 0.00% 6.06% 0.00% 0.00% 0.00% 0x20 N/A 0 0xaaaac17c25ac 0 0 43 375 18469 2 [.] 0x00000000000025ac memstress memstress[25ac] 0
0.00% 0.00% 93.94% 0.00% 0.00% 0.00% 0x29 N/A 0 0xaaaac17c3e88 0 0 173 180 135 2 [.] 0x0000000000003e88 memstress memstress[3e88] 0
Fixes: 5a1a99cd2e4e1557 ("perf c2c report: Add main TUI browser")
Reported-by: Joe Mario <jmario@redhat.com>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20220526145400.611249-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-c2c.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/perf/builtin-c2c.c b/tools/perf/builtin-c2c.c
index f2e9d2b1b913..d3e0ea06d78d 100644
--- a/tools/perf/builtin-c2c.c
+++ b/tools/perf/builtin-c2c.c
@@ -2733,9 +2733,7 @@ static int perf_c2c__report(int argc, const char **argv)
"the input file to process"),
OPT_INCR('N', "node-info", &c2c.node_info,
"show extra node info in report (repeat for more info)"),
-#ifdef HAVE_SLANG_SUPPORT
OPT_BOOLEAN(0, "stdio", &c2c.use_stdio, "Use the stdio interface"),
-#endif
OPT_BOOLEAN(0, "stats", &c2c.stats_only,
"Display only statistic tables (implies --stdio)"),
OPT_BOOLEAN(0, "full-symbols", &c2c.symbol_full,
@@ -2762,6 +2760,10 @@ static int perf_c2c__report(int argc, const char **argv)
if (argc)
usage_with_options(report_c2c_usage, options);
+#ifndef HAVE_SLANG_SUPPORT
+ c2c.use_stdio = true;
+#endif
+
if (c2c.stats_only)
c2c.use_stdio = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 208/411] perf jevents: Fix event syntax error caused by ExtSel
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 207/411] perf c2c: Use stdio interface if slang is not supported Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 209/411] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() Greg Kroah-Hartman
` (207 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Xing Zhengjun, Ian Rogers,
Adrian Hunter, Alexander Shishkin, Andi Kleen, Ingo Molnar,
Jiri Olsa, Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: Zhengjun Xing <zhengjun.xing@linux.intel.com>
[ Upstream commit f4df0dbbe62ee8e4405a57b27ccd54393971c773 ]
In the origin code, when "ExtSel" is 1, the eventcode will change to
"eventcode |= 1 << 21”. For event “UNC_Q_RxL_CREDITS_CONSUMED_VN0.DRS",
its "ExtSel" is "1", its eventcode will change from 0x1E to 0x20001E,
but in fact the eventcode should <=0x1FF, so this will cause the parse
fail:
# perf stat -e "UNC_Q_RxL_CREDITS_CONSUMED_VN0.DRS" -a sleep 0.1
event syntax error: '.._RxL_CREDITS_CONSUMED_VN0.DRS'
\___ value too big for format, maximum is 511
On the perf kernel side, the kernel assumes the valid bits are continuous.
It will adjust the 0x100 (bit 8 for perf tool) to bit 21 in HW.
DEFINE_UNCORE_FORMAT_ATTR(event_ext, event, "config:0-7,21");
So the perf tool follows the kernel side and just set bit8 other than bit21.
Fixes: fedb2b518239cbc0 ("perf jevents: Add support for parsing uncore json files")
Reviewed-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Xing Zhengjun <zhengjun.xing@linux.intel.com>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220525140410.1706851-1-zhengjun.xing@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/pmu-events/jevents.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-events/jevents.c
index 47f57f5829d3..a4244bf242e6 100644
--- a/tools/perf/pmu-events/jevents.c
+++ b/tools/perf/pmu-events/jevents.c
@@ -567,7 +567,7 @@ int json_events(const char *fn,
} else if (json_streq(map, field, "ExtSel")) {
char *code = NULL;
addfield(map, &code, "", "", val);
- eventcode |= strtoul(code, NULL, 0) << 21;
+ eventcode |= strtoul(code, NULL, 0) << 8;
free(code);
} else if (json_streq(map, field, "EventName")) {
addfield(map, &name, "", "", val);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 209/411] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 208/411] perf jevents: Fix event syntax error caused by ExtSel Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 210/411] f2fs: fix to do sanity check on block address in f2fs_do_zero_range() Greg Kroah-Hartman
` (206 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 4d17e6fe9293d57081ffdc11e1cf313e25e8fd9e upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215897
I have encountered a bug in F2FS file system in kernel v5.17.
The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can
reproduce the bug by running the following commands:
The kernel message is shown below:
kernel BUG at fs/f2fs/f2fs.h:2511!
Call Trace:
f2fs_remove_inode_page+0x2a2/0x830
f2fs_evict_inode+0x9b7/0x1510
evict+0x282/0x4e0
do_unlinkat+0x33a/0x540
__x64_sys_unlinkat+0x8e/0xd0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
The root cause is: .total_valid_block_count or .total_valid_node_count
could fuzzed to zero, then once dec_valid_node_count() was called, it
will cause BUG_ON(), this patch fixes to print warning info and set
SBI_NEED_FSCK into CP instead of panic.
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/f2fs.h | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2100,11 +2100,17 @@ static inline void dec_valid_node_count(
{
spin_lock(&sbi->stat_lock);
- f2fs_bug_on(sbi, !sbi->total_valid_block_count);
- f2fs_bug_on(sbi, !sbi->total_valid_node_count);
+ if (unlikely(!sbi->total_valid_block_count ||
+ !sbi->total_valid_node_count)) {
+ f2fs_warn(sbi, "dec_valid_node_count: inconsistent block counts, total_valid_block:%u, total_valid_node:%u",
+ sbi->total_valid_block_count,
+ sbi->total_valid_node_count);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ } else {
+ sbi->total_valid_block_count--;
+ sbi->total_valid_node_count--;
+ }
- sbi->total_valid_node_count--;
- sbi->total_valid_block_count--;
if (sbi->reserved_blocks &&
sbi->current_reserved_blocks < sbi->reserved_blocks)
sbi->current_reserved_blocks++;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 210/411] f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 209/411] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 211/411] f2fs: fix to clear dirty inode in f2fs_evict_inode() Greg Kroah-Hartman
` (205 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 25f8236213a91efdf708b9d77e9e51b6fc3e141c upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215894
I have encountered a bug in F2FS file system in kernel v5.17.
I have uploaded the system call sequence as case.c, and a fuzzed image can
be found in google net disk
The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can
reproduce the bug by running the following commands:
kernel BUG at fs/f2fs/segment.c:2291!
Call Trace:
f2fs_invalidate_blocks+0x193/0x2d0
f2fs_fallocate+0x2593/0x4a70
vfs_fallocate+0x2a5/0xac0
ksys_fallocate+0x35/0x70
__x64_sys_fallocate+0x8e/0xf0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
The root cause is, after image was fuzzed, block mapping info in inode
will be inconsistent with SIT table, so in f2fs_fallocate(), it will cause
panic when updating SIT with invalid blkaddr.
Let's fix the issue by adding sanity check on block address before updating
SIT table with it.
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/file.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1320,11 +1320,19 @@ static int f2fs_do_zero_range(struct dno
ret = -ENOSPC;
break;
}
- if (dn->data_blkaddr != NEW_ADDR) {
- f2fs_invalidate_blocks(sbi, dn->data_blkaddr);
- dn->data_blkaddr = NEW_ADDR;
- f2fs_set_data_blkaddr(dn);
+
+ if (dn->data_blkaddr == NEW_ADDR)
+ continue;
+
+ if (!f2fs_is_valid_blkaddr(sbi, dn->data_blkaddr,
+ DATA_GENERIC_ENHANCE)) {
+ ret = -EFSCORRUPTED;
+ break;
}
+
+ f2fs_invalidate_blocks(sbi, dn->data_blkaddr);
+ dn->data_blkaddr = NEW_ADDR;
+ f2fs_set_data_blkaddr(dn);
}
f2fs_update_extent_cache_range(dn, start, 0, index - start);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 211/411] f2fs: fix to clear dirty inode in f2fs_evict_inode()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 210/411] f2fs: fix to do sanity check on block address in f2fs_do_zero_range() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 212/411] f2fs: fix deadloop in foreground GC Greg Kroah-Hartman
` (204 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit f2db71053dc0409fae785096ad19cce4c8a95af7 upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215904
The kernel message is shown below:
kernel BUG at fs/f2fs/inode.c:825!
Call Trace:
evict+0x282/0x4e0
__dentry_kill+0x2b2/0x4d0
shrink_dentry_list+0x17c/0x4f0
shrink_dcache_parent+0x143/0x1e0
do_one_tree+0x9/0x30
shrink_dcache_for_umount+0x51/0x120
generic_shutdown_super+0x5c/0x3a0
kill_block_super+0x90/0xd0
kill_f2fs_super+0x225/0x310
deactivate_locked_super+0x78/0xc0
cleanup_mnt+0x2b7/0x480
task_work_run+0xc8/0x150
exit_to_user_mode_prepare+0x14a/0x150
syscall_exit_to_user_mode+0x1d/0x40
do_syscall_64+0x48/0x90
The root cause is: inode node and dnode node share the same nid,
so during f2fs_evict_inode(), dnode node truncation will invalidate
its NAT entry, so when truncating inode node, it fails due to
invalid NAT entry, result in inode is still marked as dirty, fix
this issue by clearing dirty for inode and setting SBI_NEED_FSCK
flag in filesystem.
output from dump.f2fs:
[print_node_info: 354] Node ID [0xf:15] is inode
i_nid[0] [0x f : 15]
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/inode.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -689,8 +689,22 @@ retry:
f2fs_lock_op(sbi);
err = f2fs_remove_inode_page(inode);
f2fs_unlock_op(sbi);
- if (err == -ENOENT)
+ if (err == -ENOENT) {
err = 0;
+
+ /*
+ * in fuzzed image, another node may has the same
+ * block address as inode's, if it was truncated
+ * previously, truncation of inode node will fail.
+ */
+ if (is_inode_flag_set(inode, FI_DIRTY_INODE)) {
+ f2fs_warn(F2FS_I_SB(inode),
+ "f2fs_evict_inode: inconsistent node id, ino:%lu",
+ inode->i_ino);
+ f2fs_inode_synced(inode);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ }
+ }
}
/* give more chances, if ENOMEM case */
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 212/411] f2fs: fix deadloop in foreground GC
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 211/411] f2fs: fix to clear dirty inode in f2fs_evict_inode() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 213/411] f2fs: dont need inode lock for system hidden quota Greg Kroah-Hartman
` (203 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit cfd66bb715fd11fde3338d0660cffa1396adc27d upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215914
The root cause is: in a very small sized image, it's very easy to
exceed threshold of foreground GC, if we calculate free space and
dirty data based on section granularity, in corner case,
has_not_enough_free_secs() will always return true, result in
deadloop in f2fs_gc().
So this patch refactors has_not_enough_free_secs() as below to fix
this issue:
1. calculate needed space based on block granularity, and separate
all blocks to two parts, section part, and block part, comparing
section part to free section, and comparing block part to free space
in openned log.
2. account F2FS_DIRTY_NODES, F2FS_DIRTY_IMETA and F2FS_DIRTY_DENTS
as node block consumer;
3. account F2FS_DIRTY_DENTS as data block consumer;
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/segment.h | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -542,11 +542,10 @@ static inline int reserved_sections(stru
return GET_SEC_FROM_SEG(sbi, (unsigned int)reserved_segments(sbi));
}
-static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi)
+static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi,
+ unsigned int node_blocks, unsigned int dent_blocks)
{
- unsigned int node_blocks = get_pages(sbi, F2FS_DIRTY_NODES) +
- get_pages(sbi, F2FS_DIRTY_DENTS);
- unsigned int dent_blocks = get_pages(sbi, F2FS_DIRTY_DENTS);
+
unsigned int segno, left_blocks;
int i;
@@ -572,19 +571,28 @@ static inline bool has_curseg_enough_spa
static inline bool has_not_enough_free_secs(struct f2fs_sb_info *sbi,
int freed, int needed)
{
- int node_secs = get_blocktype_secs(sbi, F2FS_DIRTY_NODES);
- int dent_secs = get_blocktype_secs(sbi, F2FS_DIRTY_DENTS);
- int imeta_secs = get_blocktype_secs(sbi, F2FS_DIRTY_IMETA);
+ unsigned int total_node_blocks = get_pages(sbi, F2FS_DIRTY_NODES) +
+ get_pages(sbi, F2FS_DIRTY_DENTS) +
+ get_pages(sbi, F2FS_DIRTY_IMETA);
+ unsigned int total_dent_blocks = get_pages(sbi, F2FS_DIRTY_DENTS);
+ unsigned int node_secs = total_node_blocks / BLKS_PER_SEC(sbi);
+ unsigned int dent_secs = total_dent_blocks / BLKS_PER_SEC(sbi);
+ unsigned int node_blocks = total_node_blocks % BLKS_PER_SEC(sbi);
+ unsigned int dent_blocks = total_dent_blocks % BLKS_PER_SEC(sbi);
+ unsigned int free, need_lower, need_upper;
if (unlikely(is_sbi_flag_set(sbi, SBI_POR_DOING)))
return false;
- if (free_sections(sbi) + freed == reserved_sections(sbi) + needed &&
- has_curseg_enough_space(sbi))
+ free = free_sections(sbi) + freed;
+ need_lower = node_secs + dent_secs + reserved_sections(sbi) + needed;
+ need_upper = need_lower + (node_blocks ? 1 : 0) + (dent_blocks ? 1 : 0);
+
+ if (free > need_upper)
return false;
- return (free_sections(sbi) + freed) <=
- (node_secs + 2 * dent_secs + imeta_secs +
- reserved_sections(sbi) + needed);
+ else if (free <= need_lower)
+ return true;
+ return !has_curseg_enough_space(sbi, node_blocks, dent_blocks);
}
static inline bool f2fs_is_checkpoint_ready(struct f2fs_sb_info *sbi)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 213/411] f2fs: dont need inode lock for system hidden quota
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 212/411] f2fs: fix deadloop in foreground GC Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 214/411] f2fs: fix fallocate to use file_modified to update permissions consistently Greg Kroah-Hartman
` (202 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 6213f5d4d23c50d393a31dc8e351e63a1fd10dbe upstream.
Let's avoid false-alarmed lockdep warning.
[ 58.914674] [T1501146] -> #2 (&sb->s_type->i_mutex_key#20){+.+.}-{3:3}:
[ 58.915975] [T1501146] system_server: down_write+0x7c/0xe0
[ 58.916738] [T1501146] system_server: f2fs_quota_sync+0x60/0x1a8
[ 58.917563] [T1501146] system_server: block_operations+0x16c/0x43c
[ 58.918410] [T1501146] system_server: f2fs_write_checkpoint+0x114/0x318
[ 58.919312] [T1501146] system_server: f2fs_issue_checkpoint+0x178/0x21c
[ 58.920214] [T1501146] system_server: f2fs_sync_fs+0x48/0x6c
[ 58.920999] [T1501146] system_server: f2fs_do_sync_file+0x334/0x738
[ 58.921862] [T1501146] system_server: f2fs_sync_file+0x30/0x48
[ 58.922667] [T1501146] system_server: __arm64_sys_fsync+0x84/0xf8
[ 58.923506] [T1501146] system_server: el0_svc_common.llvm.12821150825140585682+0xd8/0x20c
[ 58.924604] [T1501146] system_server: do_el0_svc+0x28/0xa0
[ 58.925366] [T1501146] system_server: el0_svc+0x24/0x38
[ 58.926094] [T1501146] system_server: el0_sync_handler+0x88/0xec
[ 58.926920] [T1501146] system_server: el0_sync+0x1b4/0x1c0
[ 58.927681] [T1501146] -> #1 (&sbi->cp_global_sem){+.+.}-{3:3}:
[ 58.928889] [T1501146] system_server: down_write+0x7c/0xe0
[ 58.929650] [T1501146] system_server: f2fs_write_checkpoint+0xbc/0x318
[ 58.930541] [T1501146] system_server: f2fs_issue_checkpoint+0x178/0x21c
[ 58.931443] [T1501146] system_server: f2fs_sync_fs+0x48/0x6c
[ 58.932226] [T1501146] system_server: sync_filesystem+0xac/0x130
[ 58.933053] [T1501146] system_server: generic_shutdown_super+0x38/0x150
[ 58.933958] [T1501146] system_server: kill_block_super+0x24/0x58
[ 58.934791] [T1501146] system_server: kill_f2fs_super+0xcc/0x124
[ 58.935618] [T1501146] system_server: deactivate_locked_super+0x90/0x120
[ 58.936529] [T1501146] system_server: deactivate_super+0x74/0xac
[ 58.937356] [T1501146] system_server: cleanup_mnt+0x128/0x168
[ 58.938150] [T1501146] system_server: __cleanup_mnt+0x18/0x28
[ 58.938944] [T1501146] system_server: task_work_run+0xb8/0x14c
[ 58.939749] [T1501146] system_server: do_notify_resume+0x114/0x1e8
[ 58.940595] [T1501146] system_server: work_pending+0xc/0x5f0
[ 58.941375] [T1501146] -> #0 (&sbi->gc_lock){+.+.}-{3:3}:
[ 58.942519] [T1501146] system_server: __lock_acquire+0x1270/0x2868
[ 58.943366] [T1501146] system_server: lock_acquire+0x114/0x294
[ 58.944169] [T1501146] system_server: down_write+0x7c/0xe0
[ 58.944930] [T1501146] system_server: f2fs_issue_checkpoint+0x13c/0x21c
[ 58.945831] [T1501146] system_server: f2fs_sync_fs+0x48/0x6c
[ 58.946614] [T1501146] system_server: f2fs_do_sync_file+0x334/0x738
[ 58.947472] [T1501146] system_server: f2fs_ioc_commit_atomic_write+0xc8/0x14c
[ 58.948439] [T1501146] system_server: __f2fs_ioctl+0x674/0x154c
[ 58.949253] [T1501146] system_server: f2fs_ioctl+0x54/0x88
[ 58.950018] [T1501146] system_server: __arm64_sys_ioctl+0xa8/0x110
[ 58.950865] [T1501146] system_server: el0_svc_common.llvm.12821150825140585682+0xd8/0x20c
[ 58.951965] [T1501146] system_server: do_el0_svc+0x28/0xa0
[ 58.952727] [T1501146] system_server: el0_svc+0x24/0x38
[ 58.953454] [T1501146] system_server: el0_sync_handler+0x88/0xec
[ 58.954279] [T1501146] system_server: el0_sync+0x1b4/0x1c0
Cc: stable@vger.kernel.org
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -2080,7 +2080,8 @@ int f2fs_quota_sync(struct super_block *
if (!sb_has_quota_active(sb, cnt))
continue;
- inode_lock(dqopt->files[cnt]);
+ if (!f2fs_sb_has_quota_ino(sbi))
+ inode_lock(dqopt->files[cnt]);
/*
* do_quotactl
@@ -2099,7 +2100,8 @@ int f2fs_quota_sync(struct super_block *
up_read(&sbi->quota_sem);
f2fs_unlock_op(sbi);
- inode_unlock(dqopt->files[cnt]);
+ if (!f2fs_sb_has_quota_ino(sbi))
+ inode_unlock(dqopt->files[cnt]);
if (ret)
break;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 214/411] f2fs: fix fallocate to use file_modified to update permissions consistently
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 213/411] f2fs: dont need inode lock for system hidden quota Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 215/411] wifi: mac80211: fix use-after-free in chanctx code Greg Kroah-Hartman
` (201 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 958ed92922028ec67f504dcdc72bfdfd0f43936a upstream.
This patch tries to fix permission consistency issue as all other
mainline filesystems.
Since the initial introduction of (posix) fallocate back at the turn of
the century, it has been possible to use this syscall to change the
user-visible contents of files. This can happen by extending the file
size during a preallocation, or through any of the newer modes (punch,
zero, collapse, insert range). Because the call can be used to change
file contents, we should treat it like we do any other modification to a
file -- update the mtime, and drop set[ug]id privileges/capabilities.
The VFS function file_modified() does all this for us if pass it a
locked inode, so let's make fallocate drop permissions correctly.
Cc: stable@kernel.org
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/file.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1608,6 +1608,10 @@ static long f2fs_fallocate(struct file *
inode_lock(inode);
+ ret = file_modified(file);
+ if (ret)
+ goto out;
+
if (mode & FALLOC_FL_PUNCH_HOLE) {
if (offset >= inode->i_size)
goto out;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 215/411] wifi: mac80211: fix use-after-free in chanctx code
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 214/411] f2fs: fix fallocate to use file_modified to update permissions consistently Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 216/411] iwlwifi: mvm: fix assert 1F04 upon reconfig Greg Kroah-Hartman
` (200 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Kalle Valo
From: Johannes Berg <johannes.berg@intel.com>
commit 2965c4cdf7ad9ce0796fac5e57debb9519ea721e upstream.
In ieee80211_vif_use_reserved_context(), when we have an
old context and the new context's replace_state is set to
IEEE80211_CHANCTX_REPLACE_NONE, we free the old context
in ieee80211_vif_use_reserved_reassign(). Therefore, we
cannot check the old_ctx anymore, so we should set it to
NULL after this point.
However, since the new_ctx replace state is clearly not
IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do
anything else in this function and can just return to
avoid accessing the freed old_ctx.
Cc: stable@vger.kernel.org
Fixes: 5bcae31d9cb1 ("mac80211: implement multi-vif in-place reservations")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220601091926.df419d91b165.I17a9b3894ff0b8323ce2afdb153b101124c821e5@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/chan.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -1639,12 +1639,9 @@ int ieee80211_vif_use_reserved_context(s
if (new_ctx->replace_state == IEEE80211_CHANCTX_REPLACE_NONE) {
if (old_ctx)
- err = ieee80211_vif_use_reserved_reassign(sdata);
- else
- err = ieee80211_vif_use_reserved_assign(sdata);
+ return ieee80211_vif_use_reserved_reassign(sdata);
- if (err)
- return err;
+ return ieee80211_vif_use_reserved_assign(sdata);
}
/*
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 216/411] iwlwifi: mvm: fix assert 1F04 upon reconfig
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 215/411] wifi: mac80211: fix use-after-free in chanctx code Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 217/411] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages Greg Kroah-Hartman
` (199 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach, Gregory Greenman,
Johannes Berg
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit 9d096e3d3061dbf4ee10e2b59fc2c06e05bdb997 upstream.
When we reconfig we must not send the MAC_POWER command that relates to
a MAC that was not yet added to the firmware.
Ignore those in the iterator.
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20220517120044.ed2ffc8ce732.If786e19512d0da4334a6382ea6148703422c7d7b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/power.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/power.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/power.c
@@ -626,6 +626,9 @@ static void iwl_mvm_power_get_vifs_itera
struct iwl_power_vifs *power_iterator = _data;
bool active = mvmvif->phy_ctxt && mvmvif->phy_ctxt->id < NUM_PHY_CTX;
+ if (!mvmvif->uploaded)
+ return;
+
switch (ieee80211_vif_type_p2p(vif)) {
case NL80211_IFTYPE_P2P_DEVICE:
break;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 217/411] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 216/411] iwlwifi: mvm: fix assert 1F04 upon reconfig Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 218/411] efi: Do not import certificates from UEFI Secure Boot for T2 Macs Greg Kroah-Hartman
` (198 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Jan Kara,
Christoph Hellwig, Jens Axboe
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 68f4c6eba70df70a720188bce95c85570ddfcc87 upstream.
Commit 505a666ee3fc ("writeback: plug writeback in wb_writeback() and
writeback_inodes_wb()") has us holding a plug during wb_writeback, which
may cause a potential ABBA dead lock:
wb_writeback fat_file_fsync
blk_start_plug(&plug)
for (;;) {
iter i-1: some reqs have been added into plug->mq_list // LOCK A
iter i:
progress = __writeback_inodes_wb(wb, work)
. writeback_sb_inodes // fat's bdev
. __writeback_single_inode
. . generic_writepages
. . __block_write_full_page
. . . . __generic_file_fsync
. . . . sync_inode_metadata
. . . . writeback_single_inode
. . . . __writeback_single_inode
. . . . fat_write_inode
. . . . __fat_write_inode
. . . . sync_dirty_buffer // fat's bdev
. . . . lock_buffer(bh) // LOCK B
. . . . submit_bh
. . . . blk_mq_get_tag // LOCK A
. . . trylock_buffer(bh) // LOCK B
. . . redirty_page_for_writepage
. . . wbc->pages_skipped++
. . --wbc->nr_to_write
. wrote += write_chunk - wbc.nr_to_write // wrote > 0
. requeue_inode
. redirty_tail_locked
if (progress) // progress > 0
continue;
iter i+1:
queue_io
// similar process with iter i, infinite for-loop !
}
blk_finish_plug(&plug) // flush plug won't be called
Above process triggers a hungtask like:
[ 399.044861] INFO: task bb:2607 blocked for more than 30 seconds.
[ 399.046824] Not tainted 5.18.0-rc1-00005-gefae4d9eb6a2-dirty
[ 399.051539] task:bb state:D stack: 0 pid: 2607 ppid:
2426 flags:0x00004000
[ 399.051556] Call Trace:
[ 399.051570] __schedule+0x480/0x1050
[ 399.051592] schedule+0x92/0x1a0
[ 399.051602] io_schedule+0x22/0x50
[ 399.051613] blk_mq_get_tag+0x1d3/0x3c0
[ 399.051640] __blk_mq_alloc_requests+0x21d/0x3f0
[ 399.051657] blk_mq_submit_bio+0x68d/0xca0
[ 399.051674] __submit_bio+0x1b5/0x2d0
[ 399.051708] submit_bio_noacct+0x34e/0x720
[ 399.051718] submit_bio+0x3b/0x150
[ 399.051725] submit_bh_wbc+0x161/0x230
[ 399.051734] __sync_dirty_buffer+0xd1/0x420
[ 399.051744] sync_dirty_buffer+0x17/0x20
[ 399.051750] __fat_write_inode+0x289/0x310
[ 399.051766] fat_write_inode+0x2a/0xa0
[ 399.051783] __writeback_single_inode+0x53c/0x6f0
[ 399.051795] writeback_single_inode+0x145/0x200
[ 399.051803] sync_inode_metadata+0x45/0x70
[ 399.051856] __generic_file_fsync+0xa3/0x150
[ 399.051880] fat_file_fsync+0x1d/0x80
[ 399.051895] vfs_fsync_range+0x40/0xb0
[ 399.051929] __x64_sys_fsync+0x18/0x30
In my test, 'need_resched()' (which is imported by 590dca3a71 "fs-writeback:
unplug before cond_resched in writeback_sb_inodes") in function
'writeback_sb_inodes()' seldom comes true, unless cond_resched() is deleted
from write_cache_pages().
Fix it by correcting wrote number according number of skipped pages
in writeback_sb_inodes().
Goto Link to find a reproducer.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215837
Cc: stable@vger.kernel.org # v4.3
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220510133805.1988292-1-chengzhihao1@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fs-writeback.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -1650,11 +1650,12 @@ static long writeback_sb_inodes(struct s
};
unsigned long start_time = jiffies;
long write_chunk;
- long wrote = 0; /* count both pages and inodes */
+ long total_wrote = 0; /* count both pages and inodes */
while (!list_empty(&wb->b_io)) {
struct inode *inode = wb_inode(wb->b_io.prev);
struct bdi_writeback *tmp_wb;
+ long wrote;
if (inode->i_sb != sb) {
if (work->sb) {
@@ -1730,7 +1731,9 @@ static long writeback_sb_inodes(struct s
wbc_detach_inode(&wbc);
work->nr_pages -= write_chunk - wbc.nr_to_write;
- wrote += write_chunk - wbc.nr_to_write;
+ wrote = write_chunk - wbc.nr_to_write - wbc.pages_skipped;
+ wrote = wrote < 0 ? 0 : wrote;
+ total_wrote += wrote;
if (need_resched()) {
/*
@@ -1752,7 +1755,7 @@ static long writeback_sb_inodes(struct s
tmp_wb = inode_to_wb_and_lock_list(inode);
spin_lock(&inode->i_lock);
if (!(inode->i_state & I_DIRTY_ALL))
- wrote++;
+ total_wrote++;
requeue_inode(inode, tmp_wb, &wbc);
inode_sync_complete(inode);
spin_unlock(&inode->i_lock);
@@ -1766,14 +1769,14 @@ static long writeback_sb_inodes(struct s
* bail out to wb_writeback() often enough to check
* background threshold and other termination conditions.
*/
- if (wrote) {
+ if (total_wrote) {
if (time_is_before_jiffies(start_time + HZ / 10UL))
break;
if (work->nr_pages <= 0)
break;
}
}
- return wrote;
+ return total_wrote;
}
static long __writeback_inodes_wb(struct bdi_writeback *wb,
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 218/411] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 217/411] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 219/411] bfq: Split shared queues on move between cgroups Greg Kroah-Hartman
` (197 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aditya Garg, Mimi Zohar
From: Aditya Garg <gargaditya08@live.com>
commit 155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb upstream.
On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables
at early boot to load UEFI Secure Boot certificates, a page fault occurs
in Apple firmware code and EFI runtime services are disabled with the
following logs:
[Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000
WARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0
(Removed some logs from here)
Call Trace:
<TASK>
page_fault_oops+0x4f/0x2c0
? search_bpf_extables+0x6b/0x80
? search_module_extables+0x50/0x80
? search_exception_tables+0x5b/0x60
kernelmode_fixup_or_oops+0x9e/0x110
__bad_area_nosemaphore+0x155/0x190
bad_area_nosemaphore+0x16/0x20
do_kern_addr_fault+0x8c/0xa0
exc_page_fault+0xd8/0x180
asm_exc_page_fault+0x1e/0x30
(Removed some logs from here)
? __efi_call+0x28/0x30
? switch_mm+0x20/0x30
? efi_call_rts+0x19a/0x8e0
? process_one_work+0x222/0x3f0
? worker_thread+0x4a/0x3d0
? kthread+0x17a/0x1a0
? process_one_work+0x3f0/0x3f0
? set_kthread_struct+0x40/0x40
? ret_from_fork+0x22/0x30
</TASK>
---[ end trace 1f82023595a5927f ]---
efi: Froze efi_rts_wq and disabled EFI Runtime Services
integrity: Couldn't get size: 0x8000000000000015
integrity: MODSIGN: Couldn't get UEFI db list
efi: EFI Runtime Services are disabled!
integrity: Couldn't get size: 0x8000000000000015
integrity: Couldn't get UEFI dbx list
integrity: Couldn't get size: 0x8000000000000015
integrity: Couldn't get mokx list
integrity: Couldn't get size: 0x80000000
So we avoid reading these UEFI variables and thus prevent the crash.
Cc: stable@vger.kernel.org
Signed-off-by: Aditya Garg <gargaditya08@live.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/platform_certs/keyring_handler.h | 8 ++++
security/integrity/platform_certs/load_uefi.c | 33 ++++++++++++++++++++
2 files changed, 41 insertions(+)
--- a/security/integrity/platform_certs/keyring_handler.h
+++ b/security/integrity/platform_certs/keyring_handler.h
@@ -30,3 +30,11 @@ efi_element_handler_t get_handler_for_db
efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type);
#endif
+
+#ifndef UEFI_QUIRK_SKIP_CERT
+#define UEFI_QUIRK_SKIP_CERT(vendor, product) \
+ .matches = { \
+ DMI_MATCH(DMI_BOARD_VENDOR, vendor), \
+ DMI_MATCH(DMI_PRODUCT_NAME, product), \
+ },
+#endif
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -3,6 +3,7 @@
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/cred.h>
+#include <linux/dmi.h>
#include <linux/err.h>
#include <linux/efi.h>
#include <linux/slab.h>
@@ -12,6 +13,31 @@
#include "keyring_handler.h"
/*
+ * On T2 Macs reading the db and dbx efi variables to load UEFI Secure Boot
+ * certificates causes occurrence of a page fault in Apple's firmware and
+ * a crash disabling EFI runtime services. The following quirk skips reading
+ * these variables.
+ */
+static const struct dmi_system_id uefi_skip_cert[] = {
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,2") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,3") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,4") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,2") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,3") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,4") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") },
+ { }
+};
+
+/*
* Look to see if a UEFI variable called MokIgnoreDB exists and return true if
* it does.
*
@@ -78,6 +104,13 @@ static int __init load_uefi_certs(void)
unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
efi_status_t status;
int rc = 0;
+ const struct dmi_system_id *dmi_id;
+
+ dmi_id = dmi_first_match(uefi_skip_cert);
+ if (dmi_id) {
+ pr_err("Reading UEFI Secure Boot Certs is not supported on T2 Macs.\n");
+ return false;
+ }
if (!efi.get_variable)
return false;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 219/411] bfq: Split shared queues on move between cgroups
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 218/411] efi: Do not import certificates from UEFI Secure Boot for T2 Macs Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 220/411] bfq: Update cgroup information before merging bio Greg Kroah-Hartman
` (196 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yukuai (C),
Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 3bc5e683c67d94bd839a1da2e796c15847b51b69 upstream.
When bfqq is shared by multiple processes it can happen that one of the
processes gets moved to a different cgroup (or just starts submitting IO
for different cgroup). In case that happens we need to split the merged
bfqq as otherwise we will have IO for multiple cgroups in one bfqq and
we will just account IO time to wrong entities etc.
Similarly if the bfqq is scheduled to merge with another bfqq but the
merge didn't happen yet, cancel the merge as it need not be valid
anymore.
CC: stable@vger.kernel.org
Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-3-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 36 +++++++++++++++++++++++++++++++++---
block/bfq-iosched.c | 2 +-
block/bfq-iosched.h | 1 +
3 files changed, 35 insertions(+), 4 deletions(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -708,9 +708,39 @@ static struct bfq_group *__bfq_bic_chang
}
if (sync_bfqq) {
- entity = &sync_bfqq->entity;
- if (entity->sched_data != &bfqg->sched_data)
- bfq_bfqq_move(bfqd, sync_bfqq, bfqg);
+ if (!sync_bfqq->new_bfqq && !bfq_bfqq_coop(sync_bfqq)) {
+ /* We are the only user of this bfqq, just move it */
+ if (sync_bfqq->entity.sched_data != &bfqg->sched_data)
+ bfq_bfqq_move(bfqd, sync_bfqq, bfqg);
+ } else {
+ struct bfq_queue *bfqq;
+
+ /*
+ * The queue was merged to a different queue. Check
+ * that the merge chain still belongs to the same
+ * cgroup.
+ */
+ for (bfqq = sync_bfqq; bfqq; bfqq = bfqq->new_bfqq)
+ if (bfqq->entity.sched_data !=
+ &bfqg->sched_data)
+ break;
+ if (bfqq) {
+ /*
+ * Some queue changed cgroup so the merge is
+ * not valid anymore. We cannot easily just
+ * cancel the merge (by clearing new_bfqq) as
+ * there may be other processes using this
+ * queue and holding refs to all queues below
+ * sync_bfqq->new_bfqq. Similarly if the merge
+ * already happened, we need to detach from
+ * bfqq now so that we cannot merge bio to a
+ * request from the old cgroup.
+ */
+ bfq_put_cooperator(sync_bfqq);
+ bfq_release_process_ref(bfqd, sync_bfqq);
+ bic_set_bfqq(bic, NULL, 1);
+ }
+ }
}
return bfqg;
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -4914,7 +4914,7 @@ void bfq_put_queue(struct bfq_queue *bfq
bfqg_and_blkg_put(bfqg);
}
-static void bfq_put_cooperator(struct bfq_queue *bfqq)
+void bfq_put_cooperator(struct bfq_queue *bfqq)
{
struct bfq_queue *__bfqq, *next;
--- a/block/bfq-iosched.h
+++ b/block/bfq-iosched.h
@@ -949,6 +949,7 @@ void bfq_weights_tree_remove(struct bfq_
void bfq_bfqq_expire(struct bfq_data *bfqd, struct bfq_queue *bfqq,
bool compensate, enum bfqq_expiration reason);
void bfq_put_queue(struct bfq_queue *bfqq);
+void bfq_put_cooperator(struct bfq_queue *bfqq);
void bfq_end_wr_async_queues(struct bfq_data *bfqd, struct bfq_group *bfqg);
void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq);
void bfq_schedule_dispatch(struct bfq_data *bfqd);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 220/411] bfq: Update cgroup information before merging bio
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 219/411] bfq: Split shared queues on move between cgroups Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 221/411] bfq: Track whether bfq_group is still online Greg Kroah-Hartman
` (195 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yukuai (C),
Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit ea591cd4eb270393810e7be01feb8fde6a34fbbe upstream.
When the process is migrated to a different cgroup (or in case of
writeback just starts submitting bios associated with a different
cgroup) bfq_merge_bio() can operate with stale cgroup information in
bic. Thus the bio can be merged to a request from a different cgroup or
it can result in merging of bfqqs for different cgroups or bfqqs of
already dead cgroups and causing possible use-after-free issues. Fix the
problem by updating cgroup information in bfq_merge_bio().
CC: stable@vger.kernel.org
Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-4-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2227,10 +2227,17 @@ static bool bfq_bio_merge(struct request
spin_lock_irq(&bfqd->lock);
- if (bic)
+ if (bic) {
+ /*
+ * Make sure cgroup info is uptodate for current process before
+ * considering the merge.
+ */
+ bfq_bic_update_cgroup(bic, bio);
+
bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf));
- else
+ } else {
bfqd->bio_bfqq = NULL;
+ }
bfqd->bio_bic = bic;
ret = blk_mq_sched_try_merge(q, bio, nr_segs, &free);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 221/411] bfq: Track whether bfq_group is still online
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 220/411] bfq: Update cgroup information before merging bio Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 222/411] netfilter: nf_tables: disallow non-stateful expression in sets earlier Greg Kroah-Hartman
` (194 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yukuai (C),
Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 09f871868080c33992cd6a9b72a5ca49582578fa upstream.
Track whether bfq_group is still online. We cannot rely on
blkcg_gq->online because that gets cleared only after all policies are
offlined and we need something that gets updated already under
bfqd->lock when we are cleaning up our bfq_group to be able to guarantee
that when we see online bfq_group, it will stay online while we are
holding bfqd->lock lock.
CC: stable@vger.kernel.org
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-7-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 3 ++-
block/bfq-iosched.h | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -536,6 +536,7 @@ static void bfq_pd_init(struct blkg_poli
*/
bfqg->bfqd = bfqd;
bfqg->active_entities = 0;
+ bfqg->online = true;
bfqg->rq_pos_tree = RB_ROOT;
}
@@ -582,7 +583,6 @@ struct bfq_group *bfq_find_set_group(str
struct bfq_entity *entity;
bfqg = bfq_lookup_bfqg(bfqd, blkcg);
-
if (unlikely(!bfqg))
return NULL;
@@ -944,6 +944,7 @@ static void bfq_pd_offline(struct blkg_p
put_async_queues:
bfq_put_async_queues(bfqd, bfqg);
+ bfqg->online = false;
spin_unlock_irqrestore(&bfqd->lock, flags);
/*
--- a/block/bfq-iosched.h
+++ b/block/bfq-iosched.h
@@ -896,6 +896,8 @@ struct bfq_group {
/* reference counter (see comments in bfq_bic_update_cgroup) */
int ref;
+ /* Is bfq_group still online? */
+ bool online;
struct bfq_entity entity;
struct bfq_sched_data sched_data;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 222/411] netfilter: nf_tables: disallow non-stateful expression in sets earlier
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 221/411] bfq: Track whether bfq_group is still online Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 223/411] ext4: fix use-after-free in ext4_rename_dir_prepare Greg Kroah-Hartman
` (193 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Ajay Kaher, Aaron Adams
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 520778042ccca019f3ffa136dd0ca565c486cedd upstream.
Since 3e135cd499bf ("netfilter: nft_dynset: dynamic stateful expression
instantiation"), it is possible to attach stateful expressions to set
elements.
cd5125d8f518 ("netfilter: nf_tables: split set destruction in deactivate
and destroy phase") introduces conditional destruction on the object to
accomodate transaction semantics.
nft_expr_init() calls expr->ops->init() first, then check for
NFT_STATEFUL_EXPR, this stills allows to initialize a non-stateful
lookup expressions which points to a set, which might lead to UAF since
the set is not properly detached from the set->binding for this case.
Anyway, this combination is non-sense from nf_tables perspective.
This patch fixes this problem by checking for NFT_STATEFUL_EXPR before
expr->ops->init() is called.
The reporter provides a KASAN splat and a poc reproducer (similar to
those autogenerated by syzbot to report use-after-free errors). It is
unknown to me if they are using syzbot or if they use similar automated
tool to locate the bug that they are reporting.
For the record, this is the KASAN splat.
[ 85.431824] ==================================================================
[ 85.432901] BUG: KASAN: use-after-free in nf_tables_bind_set+0x81b/0xa20
[ 85.433825] Write of size 8 at addr ffff8880286f0e98 by task poc/776
[ 85.434756]
[ 85.434999] CPU: 1 PID: 776 Comm: poc Tainted: G W 5.18.0+ #2
[ 85.436023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Fixes: 0b2d8a7b638b ("netfilter: nf_tables: add helper functions for expression handling")
Reported-and-tested-by: Aaron Adams <edg-e@nccgroup.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[Ajay: Regenerated the patch for v5.4.y]
Signed-off-by: Ajay Kaher <akaher@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 16 ++++++++++------
net/netfilter/nft_dynset.c | 3 ---
2 files changed, 10 insertions(+), 9 deletions(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2267,27 +2267,31 @@ struct nft_expr *nft_expr_init(const str
err = nf_tables_expr_parse(ctx, nla, &info);
if (err < 0)
- goto err1;
+ goto err_expr_parse;
+
+ err = -EOPNOTSUPP;
+ if (!(info.ops->type->flags & NFT_EXPR_STATEFUL))
+ goto err_expr_stateful;
err = -ENOMEM;
expr = kzalloc(info.ops->size, GFP_KERNEL);
if (expr == NULL)
- goto err2;
+ goto err_expr_stateful;
err = nf_tables_newexpr(ctx, &info, expr);
if (err < 0)
- goto err3;
+ goto err_expr_new;
return expr;
-err3:
+err_expr_new:
kfree(expr);
-err2:
+err_expr_stateful:
owner = info.ops->type->owner;
if (info.ops->type->release_ops)
info.ops->type->release_ops(info.ops);
module_put(owner);
-err1:
+err_expr_parse:
return ERR_PTR(err);
}
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -204,9 +204,6 @@ static int nft_dynset_init(const struct
return PTR_ERR(priv->expr);
err = -EOPNOTSUPP;
- if (!(priv->expr->ops->type->flags & NFT_EXPR_STATEFUL))
- goto err1;
-
if (priv->expr->ops->type->flags & NFT_EXPR_GC) {
if (set->flags & NFT_SET_TIMEOUT)
goto err1;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 223/411] ext4: fix use-after-free in ext4_rename_dir_prepare
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 222/411] netfilter: nf_tables: disallow non-stateful expression in sets earlier Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 224/411] ext4: fix warning in ext4_handle_inode_extension Greg Kroah-Hartman
` (192 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Bin, Jan Kara, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit 0be698ecbe4471fcad80e81ec6a05001421041b3 upstream.
We got issue as follows:
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
ext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 len=34478
ext4_get_first_dir_block: *parent_de=0xffff88810beee6ae bh->b_data=0xffff88810bee6000
ext4_rename_dir_prepare: [1] parent_de=0xffff88810beee6ae
==================================================================
BUG: KASAN: use-after-free in ext4_rename_dir_prepare+0x152/0x220
Read of size 4 at addr ffff88810beee6ae by task rep/1895
CPU: 13 PID: 1895 Comm: rep Not tainted 5.10.0+ #241
Call Trace:
dump_stack+0xbe/0xf9
print_address_description.constprop.0+0x1e/0x220
kasan_report.cold+0x37/0x7f
ext4_rename_dir_prepare+0x152/0x220
ext4_rename+0xf44/0x1ad0
ext4_rename2+0x11c/0x170
vfs_rename+0xa84/0x1440
do_renameat2+0x683/0x8f0
__x64_sys_renameat+0x53/0x60
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f45a6fc41c9
RSP: 002b:00007ffc5a470218 EFLAGS: 00000246 ORIG_RAX: 0000000000000108
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f45a6fc41c9
RDX: 0000000000000005 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007ffc5a470240 R08: 00007ffc5a470160 R09: 0000000020000080
R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000400bb0
R13: 00007ffc5a470320 R14: 0000000000000000 R15: 0000000000000000
The buggy address belongs to the page:
page:00000000440015ce refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x10beee
flags: 0x200000000000000()
raw: 0200000000000000 ffffea00043ff4c8 ffffea0004325608 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88810beee580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88810beee600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88810beee680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88810beee700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88810beee780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
Disabling lock debugging due to kernel taint
ext4_rename_dir_prepare: [2] parent_de->inode=3537895424
ext4_rename_dir_prepare: [3] dir=0xffff888124170140
ext4_rename_dir_prepare: [4] ino=2
ext4_rename_dir_prepare: ent->dir->i_ino=2 parent=-757071872
Reason is first directory entry which 'rec_len' is 34478, then will get illegal
parent entry. Now, we do not check directory entry after read directory block
in 'ext4_get_first_dir_block'.
To solve this issue, check directory entry in 'ext4_get_first_dir_block'.
[ Trigger an ext4_error() instead of just warning if the directory is
missing a '.' or '..' entry. Also make sure we return an error code
if the file system is corrupted. -TYT ]
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220414025223.4113128-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3442,6 +3442,9 @@ static struct buffer_head *ext4_get_firs
struct buffer_head *bh;
if (!ext4_has_inline_data(inode)) {
+ struct ext4_dir_entry_2 *de;
+ unsigned int offset;
+
/* The first directory block must not be a hole, so
* treat it as DIRENT_HTREE
*/
@@ -3450,9 +3453,30 @@ static struct buffer_head *ext4_get_firs
*retval = PTR_ERR(bh);
return NULL;
}
- *parent_de = ext4_next_entry(
- (struct ext4_dir_entry_2 *)bh->b_data,
- inode->i_sb->s_blocksize);
+
+ de = (struct ext4_dir_entry_2 *) bh->b_data;
+ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data,
+ bh->b_size, 0) ||
+ le32_to_cpu(de->inode) != inode->i_ino ||
+ strcmp(".", de->name)) {
+ EXT4_ERROR_INODE(inode, "directory missing '.'");
+ brelse(bh);
+ *retval = -EFSCORRUPTED;
+ return NULL;
+ }
+ offset = ext4_rec_len_from_disk(de->rec_len,
+ inode->i_sb->s_blocksize);
+ de = ext4_next_entry(de, inode->i_sb->s_blocksize);
+ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data,
+ bh->b_size, offset) ||
+ le32_to_cpu(de->inode) == 0 || strcmp("..", de->name)) {
+ EXT4_ERROR_INODE(inode, "directory missing '..'");
+ brelse(bh);
+ *retval = -EFSCORRUPTED;
+ return NULL;
+ }
+ *parent_de = de;
+
return bh;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 224/411] ext4: fix warning in ext4_handle_inode_extension
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 223/411] ext4: fix use-after-free in ext4_rename_dir_prepare Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 225/411] ext4: fix bug_on in ext4_writepages Greg Kroah-Hartman
` (191 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ye Bin, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit f4534c9fc94d22383f187b9409abb3f9df2e3db3 upstream.
We got issue as follows:
EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory
EXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error
EXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory
EXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can't allocate blocks for non-extent mapped inodes with bigalloc
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4361 at fs/ext4/file.c:301 ext4_file_write_iter+0x11c9/0x1220
Modules linked in:
CPU: 1 PID: 4361 Comm: syz-executor.0 Not tainted 5.10.0+ #1
RIP: 0010:ext4_file_write_iter+0x11c9/0x1220
RSP: 0018:ffff924d80b27c00 EFLAGS: 00010282
RAX: ffffffff815a3379 RBX: 0000000000000000 RCX: 000000003b000000
RDX: ffff924d81601000 RSI: 00000000000009cc RDI: 00000000000009cd
RBP: 000000000000000d R08: ffffffffbc5a2c6b R09: 0000902e0e52a96f
R10: ffff902e2b7c1b40 R11: ffff902e2b7c1b40 R12: 000000000000000a
R13: 0000000000000001 R14: ffff902e0e52aa10 R15: ffffffffffffff8b
FS: 00007f81a7f65700(0000) GS:ffff902e3bc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 000000012db88001 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
do_iter_readv_writev+0x2e5/0x360
do_iter_write+0x112/0x4c0
do_pwritev+0x1e5/0x390
__x64_sys_pwritev2+0x7e/0xa0
do_syscall_64+0x37/0x50
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Above issue may happen as follows:
Assume
inode.i_size=4096
EXT4_I(inode)->i_disksize=4096
step 1: set inode->i_isize = 8192
ext4_setattr
if (attr->ia_size != inode->i_size)
EXT4_I(inode)->i_disksize = attr->ia_size;
rc = ext4_mark_inode_dirty
ext4_reserve_inode_write
ext4_get_inode_loc
__ext4_get_inode_loc
sb_getblk --> return -ENOMEM
...
if (!error) ->will not update i_size
i_size_write(inode, attr->ia_size);
Now:
inode.i_size=4096
EXT4_I(inode)->i_disksize=8192
step 2: Direct write 4096 bytes
ext4_file_write_iter
ext4_dio_write_iter
iomap_dio_rw ->return error
if (extend)
ext4_handle_inode_extension
WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize);
->Then trigger warning.
To solve above issue, if mark inode dirty failed in ext4_setattr just
set 'EXT4_I(inode)->i_disksize' with old value.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/r/20220326065351.761952-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5668,6 +5668,7 @@ int ext4_setattr(struct dentry *dentry,
if (attr->ia_valid & ATTR_SIZE) {
handle_t *handle;
loff_t oldsize = inode->i_size;
+ loff_t old_disksize;
int shrink = (attr->ia_size < inode->i_size);
if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
@@ -5723,6 +5724,7 @@ int ext4_setattr(struct dentry *dentry,
inode->i_ctime = inode->i_mtime;
}
down_write(&EXT4_I(inode)->i_data_sem);
+ old_disksize = EXT4_I(inode)->i_disksize;
EXT4_I(inode)->i_disksize = attr->ia_size;
rc = ext4_mark_inode_dirty(handle, inode);
if (!error)
@@ -5734,6 +5736,8 @@ int ext4_setattr(struct dentry *dentry,
*/
if (!error)
i_size_write(inode, attr->ia_size);
+ else
+ EXT4_I(inode)->i_disksize = old_disksize;
up_write(&EXT4_I(inode)->i_data_sem);
ext4_journal_stop(handle);
if (error)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 225/411] ext4: fix bug_on in ext4_writepages
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 224/411] ext4: fix warning in ext4_handle_inode_extension Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 226/411] ext4: verify dir block before splitting it Greg Kroah-Hartman
` (190 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit ef09ed5d37b84d18562b30cf7253e57062d0db05 upstream.
we got issue as follows:
EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:2708!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155
RIP: 0010:ext4_writepages+0x1977/0x1c10
RSP: 0018:ffff88811d3e7880 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88811c098000
RDX: 0000000000000000 RSI: ffff88811c098000 RDI: 0000000000000002
RBP: ffff888128140f50 R08: ffffffffb1ff6387 R09: 0000000000000000
R10: 0000000000000007 R11: ffffed10250281ea R12: 0000000000000001
R13: 00000000000000a4 R14: ffff88811d3e7bb8 R15: ffff888128141028
FS: 00007f443aed9740(0000) GS:ffff8883aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020007200 CR3: 000000011c2a4000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
do_writepages+0x130/0x3a0
filemap_fdatawrite_wbc+0x83/0xa0
filemap_flush+0xab/0xe0
ext4_alloc_da_blocks+0x51/0x120
__ext4_ioctl+0x1534/0x3210
__x64_sys_ioctl+0x12c/0x170
do_syscall_64+0x3b/0x90
It may happen as follows:
1. write inline_data inode
vfs_write
new_sync_write
ext4_file_write_iter
ext4_buffered_write_iter
generic_perform_write
ext4_da_write_begin
ext4_da_write_inline_data_begin -> If inline data size too
small will allocate block to write, then mapping will has
dirty page
ext4_da_convert_inline_data_to_extent ->clear EXT4_STATE_MAY_INLINE_DATA
2. fallocate
do_vfs_ioctl
ioctl_preallocate
vfs_fallocate
ext4_fallocate
ext4_convert_inline_data
ext4_convert_inline_data_nolock
ext4_map_blocks -> fail will goto restore data
ext4_restore_inline_data
ext4_create_inline_data
ext4_write_inline_data
ext4_set_inode_state -> set inode EXT4_STATE_MAY_INLINE_DATA
3. writepages
__ext4_ioctl
ext4_alloc_da_blocks
filemap_flush
filemap_fdatawrite_wbc
do_writepages
ext4_writepages
if (ext4_has_inline_data(inode))
BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
The root cause of this issue is we destory inline data until call
ext4_writepages under delay allocation mode. But there maybe already
convert from inline to extent. To solve this issue, we call
filemap_flush first..
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220516122634.1690462-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inline.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -2013,6 +2013,18 @@ int ext4_convert_inline_data(struct inod
if (!ext4_has_inline_data(inode)) {
ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
return 0;
+ } else if (!ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ /*
+ * Inode has inline data but EXT4_STATE_MAY_INLINE_DATA is
+ * cleared. This means we are in the middle of moving of
+ * inline data to delay allocated block. Just force writeout
+ * here to finish conversion.
+ */
+ error = filemap_flush(inode->i_mapping);
+ if (error)
+ return error;
+ if (!ext4_has_inline_data(inode))
+ return 0;
}
needed_blocks = ext4_writepage_trans_blocks(inode);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 226/411] ext4: verify dir block before splitting it
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 225/411] ext4: fix bug_on in ext4_writepages Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 227/411] ext4: avoid cycles in directory h-tree Greg Kroah-Hartman
` (189 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 46c116b920ebec58031f0a78c5ea9599b0d2a371 upstream.
Before splitting a directory block verify its directory entries are sane
so that the splitting code does not access memory it should not.
Cc: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220518093332.13986-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -273,9 +273,9 @@ static struct dx_frame *dx_probe(struct
struct dx_hash_info *hinfo,
struct dx_frame *frame);
static void dx_release(struct dx_frame *frames);
-static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de,
- unsigned blocksize, struct dx_hash_info *hinfo,
- struct dx_map_entry map[]);
+static int dx_make_map(struct inode *dir, struct buffer_head *bh,
+ struct dx_hash_info *hinfo,
+ struct dx_map_entry *map_tail);
static void dx_sort_map(struct dx_map_entry *map, unsigned count);
static struct ext4_dir_entry_2 *dx_move_dirents(char *from, char *to,
struct dx_map_entry *offsets, int count, unsigned blocksize);
@@ -1205,15 +1205,23 @@ static inline int search_dirblock(struct
* Create map of hash values, offsets, and sizes, stored at end of block.
* Returns number of entries mapped.
*/
-static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de,
- unsigned blocksize, struct dx_hash_info *hinfo,
+static int dx_make_map(struct inode *dir, struct buffer_head *bh,
+ struct dx_hash_info *hinfo,
struct dx_map_entry *map_tail)
{
int count = 0;
- char *base = (char *) de;
+ struct ext4_dir_entry_2 *de = (struct ext4_dir_entry_2 *)bh->b_data;
+ unsigned int buflen = bh->b_size;
+ char *base = bh->b_data;
struct dx_hash_info h = *hinfo;
- while ((char *) de < base + blocksize) {
+ if (ext4_has_metadata_csum(dir->i_sb))
+ buflen -= sizeof(struct ext4_dir_entry_tail);
+
+ while ((char *) de < base + buflen) {
+ if (ext4_check_dir_entry(dir, NULL, de, bh, base, buflen,
+ ((char *)de) - base))
+ return -EFSCORRUPTED;
if (de->name_len && de->inode) {
ext4fs_dirhash(dir, de->name, de->name_len, &h);
map_tail--;
@@ -1223,8 +1231,7 @@ static int dx_make_map(struct inode *dir
count++;
cond_resched();
}
- /* XXX: do we need to check rec_len == 0 case? -Chris */
- de = ext4_next_entry(de, blocksize);
+ de = ext4_next_entry(de, dir->i_sb->s_blocksize);
}
return count;
}
@@ -1848,8 +1855,11 @@ static struct ext4_dir_entry_2 *do_split
/* create map in the end of data2 block */
map = (struct dx_map_entry *) (data2 + blocksize);
- count = dx_make_map(dir, (struct ext4_dir_entry_2 *) data1,
- blocksize, hinfo, map);
+ count = dx_make_map(dir, *bh, hinfo, map);
+ if (count < 0) {
+ err = count;
+ goto journal_error;
+ }
map -= count;
dx_sort_map(map, count);
/* Ensure that neither split block is over half full */
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 227/411] ext4: avoid cycles in directory h-tree
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 226/411] ext4: verify dir block before splitting it Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 228/411] ACPI: property: Release subnode properties with data nodes Greg Kroah-Hartman
` (188 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 3ba733f879c2a88910744647e41edeefbc0d92b2 upstream.
A maliciously corrupted filesystem can contain cycles in the h-tree
stored inside a directory. That can easily lead to the kernel corrupting
tree nodes that were already verified under its hands while doing a node
split and consequently accessing unallocated memory. Fix the problem by
verifying traversed block numbers are unique.
Cc: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220518093332.13986-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -750,12 +750,14 @@ static struct dx_frame *
dx_probe(struct ext4_filename *fname, struct inode *dir,
struct dx_hash_info *hinfo, struct dx_frame *frame_in)
{
- unsigned count, indirect;
+ unsigned count, indirect, level, i;
struct dx_entry *at, *entries, *p, *q, *m;
struct dx_root *root;
struct dx_frame *frame = frame_in;
struct dx_frame *ret_err = ERR_PTR(ERR_BAD_DX_DIR);
u32 hash;
+ ext4_lblk_t block;
+ ext4_lblk_t blocks[EXT4_HTREE_LEVEL];
memset(frame_in, 0, EXT4_HTREE_LEVEL * sizeof(frame_in[0]));
frame->bh = ext4_read_dirblock(dir, 0, INDEX);
@@ -811,6 +813,8 @@ dx_probe(struct ext4_filename *fname, st
}
dxtrace(printk("Look up %x", hash));
+ level = 0;
+ blocks[0] = 0;
while (1) {
count = dx_get_count(entries);
if (!count || count > dx_get_limit(entries)) {
@@ -852,15 +856,27 @@ dx_probe(struct ext4_filename *fname, st
dx_get_block(at)));
frame->entries = entries;
frame->at = at;
- if (!indirect--)
+
+ block = dx_get_block(at);
+ for (i = 0; i <= level; i++) {
+ if (blocks[i] == block) {
+ ext4_warning_inode(dir,
+ "dx entry: tree cycle block %u points back to block %u",
+ blocks[level], block);
+ goto fail;
+ }
+ }
+ if (++level > indirect)
return frame;
+ blocks[level] = block;
frame++;
- frame->bh = ext4_read_dirblock(dir, dx_get_block(at), INDEX);
+ frame->bh = ext4_read_dirblock(dir, block, INDEX);
if (IS_ERR(frame->bh)) {
ret_err = (struct dx_frame *) frame->bh;
frame->bh = NULL;
goto fail;
}
+
entries = ((struct dx_node *) frame->bh->b_data)->entries;
if (dx_get_limit(entries) != dx_node_limit(dir)) {
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 228/411] ACPI: property: Release subnode properties with data nodes
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 227/411] ext4: avoid cycles in directory h-tree Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 229/411] tracing: Fix potential double free in create_var_ref() Greg Kroah-Hartman
` (187 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Andy Shevchenko,
Rafael J. Wysocki
From: Sakari Ailus <sakari.ailus@linux.intel.com>
commit 3bd561e1572ee02a50cd1a5be339abf1a5b78d56 upstream.
struct acpi_device_properties describes one source of properties present
on either struct acpi_device or struct acpi_data_node. When properties are
parsed, both are populated but when released, only those properties that
are associated with the device node are freed.
Fix this by also releasing memory of the data node properties.
Fixes: 5f5e4890d57a ("ACPI / property: Allow multiple property compatible _DSD entries")
Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/property.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--- a/drivers/acpi/property.c
+++ b/drivers/acpi/property.c
@@ -430,6 +430,16 @@ void acpi_init_properties(struct acpi_de
acpi_extract_apple_properties(adev);
}
+static void acpi_free_device_properties(struct list_head *list)
+{
+ struct acpi_device_properties *props, *tmp;
+
+ list_for_each_entry_safe(props, tmp, list, list) {
+ list_del(&props->list);
+ kfree(props);
+ }
+}
+
static void acpi_destroy_nondev_subnodes(struct list_head *list)
{
struct acpi_data_node *dn, *next;
@@ -442,22 +452,18 @@ static void acpi_destroy_nondev_subnodes
wait_for_completion(&dn->kobj_done);
list_del(&dn->sibling);
ACPI_FREE((void *)dn->data.pointer);
+ acpi_free_device_properties(&dn->data.properties);
kfree(dn);
}
}
void acpi_free_properties(struct acpi_device *adev)
{
- struct acpi_device_properties *props, *tmp;
-
acpi_destroy_nondev_subnodes(&adev->data.subnodes);
ACPI_FREE((void *)adev->data.pointer);
adev->data.of_compatible = NULL;
adev->data.pointer = NULL;
- list_for_each_entry_safe(props, tmp, &adev->data.properties, list) {
- list_del(&props->list);
- kfree(props);
- }
+ acpi_free_device_properties(&adev->data.properties);
}
/**
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 229/411] tracing: Fix potential double free in create_var_ref()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 228/411] ACPI: property: Release subnode properties with data nodes Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 230/411] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 Greg Kroah-Hartman
` (186 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu, Tom Zanussi,
Keita Suzuki, Steven Rostedt (Google)
From: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
commit 99696a2592bca641eb88cc9a80c90e591afebd0f upstream.
In create_var_ref(), init_var_ref() is called to initialize the fields
of variable ref_field, which is allocated in the previous function call
to create_hist_field(). Function init_var_ref() allocates the
corresponding fields such as ref_field->system, but frees these fields
when the function encounters an error. The caller later calls
destroy_hist_field() to conduct error handling, which frees the fields
and the variable itself. This results in double free of the fields which
are already freed in the previous function.
Fix this by storing NULL to the corresponding fields when they are freed
in init_var_ref().
Link: https://lkml.kernel.org/r/20220425063739.3859998-1-keitasuzuki.park@sslab.ics.keio.ac.jp
Fixes: 067fe038e70f ("tracing: Add variable reference handling to hist triggers")
CC: stable@vger.kernel.org
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_hist.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -2695,8 +2695,11 @@ static int init_var_ref(struct hist_fiel
return err;
free:
kfree(ref_field->system);
+ ref_field->system = NULL;
kfree(ref_field->event_name);
+ ref_field->event_name = NULL;
kfree(ref_field->name);
+ ref_field->name = NULL;
goto out;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 230/411] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 229/411] tracing: Fix potential double free in create_var_ref() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 231/411] PCI: qcom: Fix runtime PM imbalance on probe errors Greg Kroah-Hartman
` (185 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas
From: Bjorn Helgaas <bhelgaas@google.com>
commit 12068bb346db5776d0ec9bb4cd073f8427a1ac92 upstream.
92597f97a40b ("PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold") omitted
braces around the new Elo i2 entry, so it overwrote the existing Gigabyte
X299 entry. Add the appropriate braces.
Found by:
$ make W=1 drivers/pci/pci.o
CC drivers/pci/pci.o
drivers/pci/pci.c:2974:12: error: initialized field overwritten [-Werror=override-init]
2974 | .ident = "Elo i2",
| ^~~~~~~~
Link: https://lore.kernel.org/r/20220526221258.GA409855@bhelgaas
Fixes: 92597f97a40b ("PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org # v5.15+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -2613,6 +2613,8 @@ static const struct dmi_system_id bridge
DMI_MATCH(DMI_BOARD_VENDOR, "Gigabyte Technology Co., Ltd."),
DMI_MATCH(DMI_BOARD_NAME, "X299 DESIGNARE EX-CF"),
},
+ },
+ {
/*
* Downstream device is not accessible after putting a root port
* into D3cold and back into D0 on Elo i2.
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 231/411] PCI: qcom: Fix runtime PM imbalance on probe errors
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 230/411] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 232/411] PCI: qcom: Fix unbalanced PHY init " Greg Kroah-Hartman
` (184 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Lorenzo Pieralisi,
Bjorn Helgaas, Manivannan Sadhasivam, Stanimir Varbanov,
Bjorn Andersson
From: Johan Hovold <johan+linaro@kernel.org>
commit 87d83b96c8d6c6c2d2096bd0bdba73bcf42b8ef0 upstream.
Drop the leftover pm_runtime_disable() calls from the late probe error
paths that would, for example, prevent runtime PM from being reenabled
after a probe deferral.
Link: https://lore.kernel.org/r/20220401133854.10421-2-johan+linaro@kernel.org
Fixes: 6e5da6f7d824 ("PCI: qcom: Fix error handling in runtime PM support")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Acked-by: Stanimir Varbanov <svarbanov@mm-sol.com>
Cc: stable@vger.kernel.org # 4.20
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/dwc/pcie-qcom.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -1343,17 +1343,14 @@ static int qcom_pcie_probe(struct platfo
}
ret = phy_init(pcie->phy);
- if (ret) {
- pm_runtime_disable(&pdev->dev);
+ if (ret)
goto err_pm_runtime_put;
- }
platform_set_drvdata(pdev, pcie);
ret = dw_pcie_host_init(pp);
if (ret) {
dev_err(dev, "cannot initialize host\n");
- pm_runtime_disable(&pdev->dev);
goto err_pm_runtime_put;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 232/411] PCI: qcom: Fix unbalanced PHY init on probe errors
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 231/411] PCI: qcom: Fix runtime PM imbalance on probe errors Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 233/411] mm, compaction: fast_find_migrateblock() should return pfn in the target zone Greg Kroah-Hartman
` (183 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Lorenzo Pieralisi,
Bjorn Helgaas, Manivannan Sadhasivam, Stanimir Varbanov
From: Johan Hovold <johan+linaro@kernel.org>
commit 83013631f0f9961416abd812e228c8efbc2f6069 upstream.
Undo the PHY initialisation (e.g. balance runtime PM) if host
initialisation fails during probe.
Link: https://lore.kernel.org/r/20220401133854.10421-3-johan+linaro@kernel.org
Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Acked-by: Stanimir Varbanov <svarbanov@mm-sol.com>
Cc: stable@vger.kernel.org # 4.5
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/dwc/pcie-qcom.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -1351,11 +1351,13 @@ static int qcom_pcie_probe(struct platfo
ret = dw_pcie_host_init(pp);
if (ret) {
dev_err(dev, "cannot initialize host\n");
- goto err_pm_runtime_put;
+ goto err_phy_exit;
}
return 0;
+err_phy_exit:
+ phy_exit(pcie->phy);
err_pm_runtime_put:
pm_runtime_put(dev);
pm_runtime_disable(dev);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 233/411] mm, compaction: fast_find_migrateblock() should return pfn in the target zone
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 232/411] PCI: qcom: Fix unbalanced PHY init " Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 234/411] dlm: fix plock invalid read Greg Kroah-Hartman
` (182 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rei Yamamoto, Miaohe Lin, Mel Gorman,
Oscar Salvador, Don Dutile, Wonhyuk Yang, Andrew Morton
From: Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
commit bbe832b9db2e1ad21522f8f0bf02775fff8a0e0e upstream.
At present, pages not in the target zone are added to cc->migratepages
list in isolate_migratepages_block(). As a result, pages may migrate
between nodes unintentionally.
This would be a serious problem for older kernels without commit
a984226f457f849e ("mm: memcontrol: remove the pgdata parameter of
mem_cgroup_page_lruvec"), because it can corrupt the lru list by
handling pages in list without holding proper lru_lock.
Avoid returning a pfn outside the target zone in the case that it is
not aligned with a pageblock boundary. Otherwise
isolate_migratepages_block() will handle pages not in the target zone.
Link: https://lkml.kernel.org/r/20220511044300.4069-1-yamamoto.rei@jp.fujitsu.com
Fixes: 70b44595eafe ("mm, compaction: use free lists to quickly locate a migration source")
Signed-off-by: Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Don Dutile <ddutile@redhat.com>
Cc: Wonhyuk Yang <vvghjk1234@gmail.com>
Cc: Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/compaction.c | 2 ++
1 file changed, 2 insertions(+)
--- a/mm/compaction.c
+++ b/mm/compaction.c
@@ -1709,6 +1709,8 @@ static unsigned long fast_find_migratebl
update_fast_start_pfn(cc, free_pfn);
pfn = pageblock_start_pfn(free_pfn);
+ if (pfn < cc->zone->zone_start_pfn)
+ pfn = cc->zone->zone_start_pfn;
cc->fast_search_fail = 0;
found_block = true;
set_pageblock_skip(freepage);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 234/411] dlm: fix plock invalid read
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 233/411] mm, compaction: fast_find_migrateblock() should return pfn in the target zone Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 235/411] dlm: fix missing lkb refcount handling Greg Kroah-Hartman
` (181 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher, Alexander Aring,
David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 42252d0d2aa9b94d168241710a761588b3959019 upstream.
This patch fixes an invalid read showed by KASAN. A unlock will allocate a
"struct plock_op" and a followed send_op() will append it to a global
send_list data structure. In some cases a followed dev_read() moves it
to recv_list and dev_write() will cast it to "struct plock_xop" and access
fields which are only available in those structures. At this point an
invalid read happens by accessing those fields.
To fix this issue the "callback" field is moved to "struct plock_op" to
indicate that a cast to "plock_xop" is allowed and does the additional
"plock_xop" handling if set.
Example of the KASAN output which showed the invalid read:
[ 2064.296453] ==================================================================
[ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm]
[ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484
[ 2064.308168]
[ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9
[ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2064.311618] Call Trace:
[ 2064.312218] dump_stack_lvl+0x56/0x7b
[ 2064.313150] print_address_description.constprop.8+0x21/0x150
[ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.316595] kasan_report.cold.14+0x7f/0x11b
[ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.318687] dev_write+0x52b/0x5a0 [dlm]
[ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm]
[ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10
[ 2064.321926] vfs_write+0x17e/0x930
[ 2064.322769] ? __fget_light+0x1aa/0x220
[ 2064.323753] ksys_write+0xf1/0x1c0
[ 2064.324548] ? __ia32_sys_read+0xb0/0xb0
[ 2064.325464] do_syscall_64+0x3a/0x80
[ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2064.327606] RIP: 0033:0x7f807e4ba96f
[ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48
[ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f
[ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010
[ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001
[ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80
[ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001
[ 2064.342857]
[ 2064.343226] Allocated by task 12438:
[ 2064.344057] kasan_save_stack+0x1c/0x40
[ 2064.345079] __kasan_kmalloc+0x84/0xa0
[ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220
[ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm]
[ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0
[ 2064.351070] fcntl_setlk+0x281/0xbc0
[ 2064.352879] do_fcntl+0x5e4/0xfe0
[ 2064.354657] __x64_sys_fcntl+0x11f/0x170
[ 2064.356550] do_syscall_64+0x3a/0x80
[ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2064.360745]
[ 2064.361511] Last potentially related work creation:
[ 2064.363957] kasan_save_stack+0x1c/0x40
[ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0
[ 2064.368100] call_rcu+0x11b/0xf70
[ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]
[ 2064.372404] receive_from_sock+0x290/0x770 [dlm]
[ 2064.374607] process_recv_sockets+0x32/0x40 [dlm]
[ 2064.377290] process_one_work+0x9a8/0x16e0
[ 2064.379357] worker_thread+0x87/0xbf0
[ 2064.381188] kthread+0x3ac/0x490
[ 2064.383460] ret_from_fork+0x22/0x30
[ 2064.385588]
[ 2064.386518] Second to last potentially related work creation:
[ 2064.389219] kasan_save_stack+0x1c/0x40
[ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0
[ 2064.393303] call_rcu+0x11b/0xf70
[ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]
[ 2064.397694] receive_from_sock+0x290/0x770 [dlm]
[ 2064.399932] process_recv_sockets+0x32/0x40 [dlm]
[ 2064.402180] process_one_work+0x9a8/0x16e0
[ 2064.404388] worker_thread+0x87/0xbf0
[ 2064.406124] kthread+0x3ac/0x490
[ 2064.408021] ret_from_fork+0x22/0x30
[ 2064.409834]
[ 2064.410599] The buggy address belongs to the object at ffff88800ef22780
[ 2064.410599] which belongs to the cache kmalloc-96 of size 96
[ 2064.416495] The buggy address is located 88 bytes inside of
[ 2064.416495] 96-byte region [ffff88800ef22780, ffff88800ef227e0)
[ 2064.422045] The buggy address belongs to the page:
[ 2064.424635] page:00000000b6bef8bc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xef22
[ 2064.428970] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2064.432515] raw: 000fffffc0000200 ffffea0000d68b80 0000001400000014 ffff888001041780
[ 2064.436110] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2064.439813] page dumped because: kasan: bad access detected
[ 2064.442548]
[ 2064.443310] Memory state around the buggy address:
[ 2064.445988] ffff88800ef22680: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 2064.449444] ffff88800ef22700: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 2064.452941] >ffff88800ef22780: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 2064.456383] ^
[ 2064.459386] ffff88800ef22800: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 2064.462788] ffff88800ef22880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 2064.466239] ==================================================================
reproducer in python:
import argparse
import struct
import fcntl
import os
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--file',
help='file to use fcntl, must be on dlm lock filesystem e.g. gfs2')
args = parser.parse_args()
f = open(args.file, 'wb+')
lockdata = struct.pack('hhllhh', fcntl.F_WRLCK,0,0,0,0,0)
fcntl.fcntl(f, fcntl.F_SETLK, lockdata)
lockdata = struct.pack('hhllhh', fcntl.F_UNLCK,0,0,0,0,0)
fcntl.fcntl(f, fcntl.F_SETLK, lockdata)
Fixes: 586759f03e2e ("gfs2: nfs lock support for gfs2")
Cc: stable@vger.kernel.org
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/plock.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
--- a/fs/dlm/plock.c
+++ b/fs/dlm/plock.c
@@ -23,11 +23,11 @@ struct plock_op {
struct list_head list;
int done;
struct dlm_plock_info info;
+ int (*callback)(struct file_lock *fl, int result);
};
struct plock_xop {
struct plock_op xop;
- int (*callback)(struct file_lock *fl, int result);
void *fl;
void *file;
struct file_lock flc;
@@ -129,19 +129,18 @@ int dlm_posix_lock(dlm_lockspace_t *lock
/* fl_owner is lockd which doesn't distinguish
processes on the nfs client */
op->info.owner = (__u64) fl->fl_pid;
- xop->callback = fl->fl_lmops->lm_grant;
+ op->callback = fl->fl_lmops->lm_grant;
locks_init_lock(&xop->flc);
locks_copy_lock(&xop->flc, fl);
xop->fl = fl;
xop->file = file;
} else {
op->info.owner = (__u64)(long) fl->fl_owner;
- xop->callback = NULL;
}
send_op(op);
- if (xop->callback == NULL) {
+ if (!op->callback) {
rv = wait_event_interruptible(recv_wq, (op->done != 0));
if (rv == -ERESTARTSYS) {
log_debug(ls, "dlm_posix_lock: wait killed %llx",
@@ -203,7 +202,7 @@ static int dlm_plock_callback(struct plo
file = xop->file;
flc = &xop->flc;
fl = xop->fl;
- notify = xop->callback;
+ notify = op->callback;
if (op->info.rv) {
notify(fl, op->info.rv);
@@ -436,10 +435,9 @@ static ssize_t dev_write(struct file *fi
if (op->info.fsid == info.fsid &&
op->info.number == info.number &&
op->info.owner == info.owner) {
- struct plock_xop *xop = (struct plock_xop *)op;
list_del_init(&op->list);
memcpy(&op->info, &info, sizeof(info));
- if (xop->callback)
+ if (op->callback)
do_callback = 1;
else
op->done = 1;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 235/411] dlm: fix missing lkb refcount handling
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 234/411] dlm: fix plock invalid read Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 236/411] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock Greg Kroah-Hartman
` (180 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 1689c169134f4b5a39156122d799b7dca76d8ddb upstream.
We always call hold_lkb(lkb) if we increment lkb->lkb_wait_count.
So, we always need to call unhold_lkb(lkb) if we decrement
lkb->lkb_wait_count. This patch will add missing unhold_lkb(lkb) if we
decrement lkb->lkb_wait_count. In case of setting lkb->lkb_wait_count to
zero we need to countdown until reaching zero and call unhold_lkb(lkb).
The waiters list unhold_lkb(lkb) can be removed because it's done for
the last lkb_wait_count decrement iteration as it's done in
_remove_from_waiters().
This issue was discovered by a dlm gfs2 test case which use excessively
dlm_unlock(LKF_CANCEL) feature. Probably the lkb->lkb_wait_count value
never reached above 1 if this feature isn't used and so it was not
discovered before.
The testcase ended in a rsb on the rsb keep data structure with a
refcount of 1 but no lkb was associated with it, which is itself
an invalid behaviour. A side effect of that was a condition in which
the dlm was sending remove messages in a looping behaviour. With this
patch that has not been reproduced.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/lock.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -1551,6 +1551,7 @@ static int _remove_from_waiters(struct d
lkb->lkb_wait_type = 0;
lkb->lkb_flags &= ~DLM_IFL_OVERLAP_CANCEL;
lkb->lkb_wait_count--;
+ unhold_lkb(lkb);
goto out_del;
}
@@ -1577,6 +1578,7 @@ static int _remove_from_waiters(struct d
log_error(ls, "remwait error %x reply %d wait_type %d overlap",
lkb->lkb_id, mstype, lkb->lkb_wait_type);
lkb->lkb_wait_count--;
+ unhold_lkb(lkb);
lkb->lkb_wait_type = 0;
}
@@ -5312,11 +5314,16 @@ int dlm_recover_waiters_post(struct dlm_
lkb->lkb_flags &= ~DLM_IFL_OVERLAP_UNLOCK;
lkb->lkb_flags &= ~DLM_IFL_OVERLAP_CANCEL;
lkb->lkb_wait_type = 0;
- lkb->lkb_wait_count = 0;
+ /* drop all wait_count references we still
+ * hold a reference for this iteration.
+ */
+ while (lkb->lkb_wait_count) {
+ lkb->lkb_wait_count--;
+ unhold_lkb(lkb);
+ }
mutex_lock(&ls->ls_waiters_mutex);
list_del_init(&lkb->lkb_wait_reply);
mutex_unlock(&ls->ls_waiters_mutex);
- unhold_lkb(lkb); /* for waiters list */
if (oc || ou) {
/* do an unlock or cancel instead of resending */
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 236/411] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 235/411] dlm: fix missing lkb refcount handling Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 237/411] scsi: dc395x: Fix a missing check on list iterator Greg Kroah-Hartman
` (179 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Junxiao Bi, Joseph Qi, Mark Fasheh,
Joel Becker, Joseph Qi, Changwei Ge, Gang He, Jun Piao,
Andrew Morton
From: Junxiao Bi via Ocfs2-devel <ocfs2-devel@oss.oracle.com>
commit 863e0d81b6683c4cbc588ad831f560c90e494bef upstream.
When user_dlm_destroy_lock failed, it didn't clean up the flags it set
before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of
lock is still in used, next time when unlink invokes this function, it
will return succeed, and then unlink will remove inode and dentry if lock
is not in used(file closed), but the dlm lock is still linked in dlm lock
resource, then when bast come in, it will trigger a panic due to
user-after-free. See the following panic call trace. To fix this,
USER_LOCK_IN_TEARDOWN should be reverted if fail. And also error should
be returned if USER_LOCK_IN_TEARDOWN is set to let user know that unlink
fail.
For the case of ocfs2_dlm_unlock failure, besides USER_LOCK_IN_TEARDOWN,
USER_LOCK_BUSY is also required to be cleared. Even though spin lock is
released in between, but USER_LOCK_IN_TEARDOWN is still set, for
USER_LOCK_BUSY, if before every place that waits on this flag,
USER_LOCK_IN_TEARDOWN is checked to bail out, that will make sure no flow
waits on the busy flag set by user_dlm_destroy_lock(), then we can
simplely revert USER_LOCK_BUSY when ocfs2_dlm_unlock fails. Fix
user_dlm_cluster_lock() which is the only function not following this.
[ 941.336392] (python,26174,16):dlmfs_unlink:562 ERROR: unlink
004fb0000060000b5a90b8c847b72e1, error -16 from destroy
[ 989.757536] ------------[ cut here ]------------
[ 989.757709] kernel BUG at fs/ocfs2/dlmfs/userdlm.c:173!
[ 989.757876] invalid opcode: 0000 [#1] SMP
[ 989.758027] Modules linked in: ksplice_2zhuk2jr_ib_ipoib_new(O)
ksplice_2zhuk2jr(O) mptctl mptbase xen_netback xen_blkback xen_gntalloc
xen_gntdev xen_evtchn cdc_ether usbnet mii ocfs2 jbd2 rpcsec_gss_krb5
auth_rpcgss nfsv4 nfsv3 nfs_acl nfs fscache lockd grace ocfs2_dlmfs
ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs bnx2fc
fcoe libfcoe libfc scsi_transport_fc sunrpc ipmi_devintf bridge stp llc
rds_rdma rds bonding ib_sdp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad
rdma_cm ib_cm iw_cm falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE)
mlx4_vnic falcon_kal(E) falcon_lsm_pinned_13402(E) mlx4_ib ib_sa ib_mad
ib_core ib_addr xenfs xen_privcmd dm_multipath iTCO_wdt iTCO_vendor_support
pcspkr sb_edac edac_core i2c_i801 lpc_ich mfd_core ipmi_ssif i2c_core ipmi_si
ipmi_msghandler
[ 989.760686] ioatdma sg ext3 jbd mbcache sd_mod ahci libahci ixgbe dca ptp
pps_core vxlan udp_tunnel ip6_udp_tunnel megaraid_sas mlx4_core crc32c_intel
be2iscsi bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi ipv6 cxgb3 mdio
libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi wmi
dm_mirror dm_region_hash dm_log dm_mod [last unloaded:
ksplice_2zhuk2jr_ib_ipoib_old]
[ 989.761987] CPU: 10 PID: 19102 Comm: dlm_thread Tainted: P OE
4.1.12-124.57.1.el6uek.x86_64 #2
[ 989.762290] Hardware name: Oracle Corporation ORACLE SERVER
X5-2/ASM,MOTHERBOARD,1U, BIOS 30350100 06/17/2021
[ 989.762599] task: ffff880178af6200 ti: ffff88017f7c8000 task.ti:
ffff88017f7c8000
[ 989.762848] RIP: e030:[<ffffffffc07d4316>] [<ffffffffc07d4316>]
__user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs]
[ 989.763185] RSP: e02b:ffff88017f7cbcb8 EFLAGS: 00010246
[ 989.763353] RAX: 0000000000000000 RBX: ffff880174d48008 RCX:
0000000000000003
[ 989.763565] RDX: 0000000000120012 RSI: 0000000000000003 RDI:
ffff880174d48170
[ 989.763778] RBP: ffff88017f7cbcc8 R08: ffff88021f4293b0 R09:
0000000000000000
[ 989.763991] R10: ffff880179c8c000 R11: 0000000000000003 R12:
ffff880174d48008
[ 989.764204] R13: 0000000000000003 R14: ffff880179c8c000 R15:
ffff88021db7a000
[ 989.764422] FS: 0000000000000000(0000) GS:ffff880247480000(0000)
knlGS:ffff880247480000
[ 989.764685] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 989.764865] CR2: ffff8000007f6800 CR3: 0000000001ae0000 CR4:
0000000000042660
[ 989.765081] Stack:
[ 989.765167] 0000000000000003 ffff880174d48040 ffff88017f7cbd18
ffffffffc07d455f
[ 989.765442] ffff88017f7cbd88 ffffffff816fb639 ffff88017f7cbd38
ffff8800361b5600
[ 989.765717] ffff88021db7a000 ffff88021f429380 0000000000000003
ffffffffc0453020
[ 989.765991] Call Trace:
[ 989.766093] [<ffffffffc07d455f>] user_bast+0x5f/0xf0 [ocfs2_dlmfs]
[ 989.766287] [<ffffffff816fb639>] ? schedule_timeout+0x169/0x2d0
[ 989.766475] [<ffffffffc0453020>] ? o2dlm_lock_ast_wrapper+0x20/0x20
[ocfs2_stack_o2cb]
[ 989.766738] [<ffffffffc045303a>] o2dlm_blocking_ast_wrapper+0x1a/0x20
[ocfs2_stack_o2cb]
[ 989.767010] [<ffffffffc0864ec6>] dlm_do_local_bast+0x46/0xe0 [ocfs2_dlm]
[ 989.767217] [<ffffffffc084f5cc>] ? dlm_lockres_calc_usage+0x4c/0x60
[ocfs2_dlm]
[ 989.767466] [<ffffffffc08501f1>] dlm_thread+0xa31/0x1140 [ocfs2_dlm]
[ 989.767662] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.767834] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.768006] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.768178] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.768349] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.768521] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.768693] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.768893] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.769067] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.769241] [<ffffffff810ce4d0>] ? wait_woken+0x90/0x90
[ 989.769411] [<ffffffffc084f7c0>] ? dlm_kick_thread+0x80/0x80 [ocfs2_dlm]
[ 989.769617] [<ffffffff810a8bbb>] kthread+0xcb/0xf0
[ 989.769774] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.769945] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.770117] [<ffffffff810a8af0>] ? kthread_create_on_node+0x180/0x180
[ 989.770321] [<ffffffff816fdaa1>] ret_from_fork+0x61/0x90
[ 989.770492] [<ffffffff810a8af0>] ? kthread_create_on_node+0x180/0x180
[ 989.770689] Code: d0 00 00 00 f0 45 7d c0 bf 00 20 00 00 48 89 83 c0 00 00
00 48 89 83 c8 00 00 00 e8 55 c1 8c c0 83 4b 04 10 48 83 c4 08 5b 5d c3 <0f>
0b 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 55 41 54 53 48 83
[ 989.771892] RIP [<ffffffffc07d4316>]
__user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs]
[ 989.772174] RSP <ffff88017f7cbcb8>
[ 989.772704] ---[ end trace ebd1e38cebcc93a8 ]---
[ 989.772907] Kernel panic - not syncing: Fatal exception
[ 989.773173] Kernel Offset: disabled
Link: https://lkml.kernel.org/r/20220518235224.87100-2-junxiao.bi@oracle.com
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/dlmfs/userdlm.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
--- a/fs/ocfs2/dlmfs/userdlm.c
+++ b/fs/ocfs2/dlmfs/userdlm.c
@@ -435,6 +435,11 @@ again:
}
spin_lock(&lockres->l_lock);
+ if (lockres->l_flags & USER_LOCK_IN_TEARDOWN) {
+ spin_unlock(&lockres->l_lock);
+ status = -EAGAIN;
+ goto bail;
+ }
/* We only compare against the currently granted level
* here. If the lock is blocked waiting on a downconvert,
@@ -601,7 +606,7 @@ int user_dlm_destroy_lock(struct user_lo
spin_lock(&lockres->l_lock);
if (lockres->l_flags & USER_LOCK_IN_TEARDOWN) {
spin_unlock(&lockres->l_lock);
- return 0;
+ goto bail;
}
lockres->l_flags |= USER_LOCK_IN_TEARDOWN;
@@ -615,12 +620,17 @@ int user_dlm_destroy_lock(struct user_lo
}
if (lockres->l_ro_holders || lockres->l_ex_holders) {
+ lockres->l_flags &= ~USER_LOCK_IN_TEARDOWN;
spin_unlock(&lockres->l_lock);
goto bail;
}
status = 0;
if (!(lockres->l_flags & USER_LOCK_ATTACHED)) {
+ /*
+ * lock is never requested, leave USER_LOCK_IN_TEARDOWN set
+ * to avoid new lock request coming in.
+ */
spin_unlock(&lockres->l_lock);
goto bail;
}
@@ -631,6 +641,10 @@ int user_dlm_destroy_lock(struct user_lo
status = ocfs2_dlm_unlock(conn, &lockres->l_lksb, DLM_LKF_VALBLK);
if (status) {
+ spin_lock(&lockres->l_lock);
+ lockres->l_flags &= ~USER_LOCK_IN_TEARDOWN;
+ lockres->l_flags &= ~USER_LOCK_BUSY;
+ spin_unlock(&lockres->l_lock);
user_log_dlm_error("ocfs2_dlm_unlock", status, lockres);
goto bail;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 237/411] scsi: dc395x: Fix a missing check on list iterator
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 236/411] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 238/411] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled Greg Kroah-Hartman
` (178 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Martin K. Petersen
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 036a45aa587a10fa2abbd50fbd0f6c4cfc44f69f upstream.
The bug is here:
p->target_id, p->target_lun);
The list iterator 'p' will point to a bogus position containing HEAD if the
list is empty or no element is found. This case must be checked before any
use of the iterator, otherwise it will lead to an invalid memory access.
To fix this bug, add a check. Use a new variable 'iter' as the list
iterator, and use the original variable 'p' as a dedicated pointer to point
to the found element.
Link: https://lore.kernel.org/r/20220414040231.2662-1-xiam0nd.tong@gmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/dc395x.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/drivers/scsi/dc395x.c
+++ b/drivers/scsi/dc395x.c
@@ -3664,10 +3664,19 @@ static struct DeviceCtlBlk *device_alloc
#endif
if (dcb->target_lun != 0) {
/* Copy settings */
- struct DeviceCtlBlk *p;
- list_for_each_entry(p, &acb->dcb_list, list)
- if (p->target_id == dcb->target_id)
+ struct DeviceCtlBlk *p = NULL, *iter;
+
+ list_for_each_entry(iter, &acb->dcb_list, list)
+ if (iter->target_id == dcb->target_id) {
+ p = iter;
break;
+ }
+
+ if (!p) {
+ kfree(dcb);
+ return NULL;
+ }
+
dprintkdbg(DBG_1,
"device_alloc: <%02i-%i> copy from <%02i-%i>\n",
dcb->target_id, dcb->target_lun,
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 238/411] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 237/411] scsi: dc395x: Fix a missing check on list iterator Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 239/411] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Greg Kroah-Hartman
` (177 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Andersson,
Manivannan Sadhasivam, Martin K. Petersen
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
commit 8eecddfca30e1651dc1c74531ed5eef21dcce7e3 upstream.
In ufs_qcom_dev_ref_clk_ctrl(), it was noted that the ref_clk needs to be
stable for at least 1us. Even though there is wmb() to make sure the write
gets "completed", there is no guarantee that the write actually reached the
UFS device. There is a good chance that the write could be stored in a
Write Buffer (WB). In that case, even though the CPU waits for 1us, the
ref_clk might not be stable for that period.
So lets do a readl() to make sure that the previous write has reached the
UFS device before udelay().
Also, the wmb() after writel_relaxed() is not really needed. Both writel()
and readl() are ordered on all architectures and the CPU won't speculate
instructions after readl() due to the in-built control dependency with read
value on weakly ordered architectures. So it can be safely removed.
Link: https://lore.kernel.org/r/20220504084212.11605-4-manivannan.sadhasivam@linaro.org
Fixes: f06fcc7155dc ("scsi: ufs-qcom: add QUniPro hardware support and power optimizations")
Cc: stable@vger.kernel.org
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/ufs/ufs-qcom.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/scsi/ufs/ufs-qcom.c
+++ b/drivers/scsi/ufs/ufs-qcom.c
@@ -781,8 +781,11 @@ static void ufs_qcom_dev_ref_clk_ctrl(st
writel_relaxed(temp, host->dev_ref_clk_ctrl_mmio);
- /* ensure that ref_clk is enabled/disabled before we return */
- wmb();
+ /*
+ * Make sure the write to ref_clk reaches the destination and
+ * not stored in a Write Buffer (WB).
+ */
+ readl(host->dev_ref_clk_ctrl_mmio);
/*
* If we call hibern8 exit after this, we need to make sure that
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 239/411] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 238/411] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 240/411] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem Greg Kroah-Hartman
` (176 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dave Airlie, Alex Deucher
From: Dave Airlie <airlied@redhat.com>
commit 31ab27b14daaa75541a415c6794d6f3567fea44a upstream.
Submitting a cs with 0 chunks, causes an oops later, found trying
to execute the wrong userspace driver.
MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo
[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8
[172536.665188] #PF: supervisor read access in kernel mode
[172536.665189] #PF: error_code(0x0000) - not-present page
[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0
[172536.665195] Oops: 0000 [#1] SMP NOPTI
[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS
[172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015
[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]
[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10
[172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246
[172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68
[172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38
[172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40
[172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28
[172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000
[172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0
[172536.665287] Call Trace:
[172536.665322] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665332] drm_ioctl_kernel+0xaa/0xf0 [drm]
[172536.665338] drm_ioctl+0x201/0x3b0 [drm]
[172536.665369] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665372] ? selinux_file_ioctl+0x135/0x230
[172536.665399] amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
[172536.665403] __x64_sys_ioctl+0x83/0xb0
[172536.665406] do_syscall_64+0x33/0x40
[172536.665409] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
Signed-off-by: Dave Airlie <airlied@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -114,7 +114,7 @@ static int amdgpu_cs_parser_init(struct
int ret;
if (cs->in.num_chunks == 0)
- return 0;
+ return -EINVAL;
chunk_array = kmalloc_array(cs->in.num_chunks, sizeof(uint64_t), GFP_KERNEL);
if (!chunk_array)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 240/411] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 239/411] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 241/411] drm/nouveau/clk: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (175 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Philipp Zabel,
Guido Günther
From: Lucas Stach <l.stach@pengutronix.de>
commit e168c25526cd0368af098095c2ded4a008007e1b upstream.
When the mapping is already reaped the unmap must be a no-op, as we
would otherwise try to remove the mapping twice, corrupting the involved
data structures.
Cc: stable@vger.kernel.org # 5.4
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Tested-by: Guido Günther <agx@sigxcpu.org>
Acked-by: Guido Günther <agx@sigxcpu.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
@@ -289,6 +289,12 @@ void etnaviv_iommu_unmap_gem(struct etna
mutex_lock(&context->lock);
+ /* Bail if the mapping has been reaped by another thread */
+ if (!mapping->context) {
+ mutex_unlock(&context->lock);
+ return;
+ }
+
/* If the vram node is on the mm, unmap and remove the node */
if (mapping->vram_node.mm == &context->mm)
etnaviv_iommu_remove_mapping(context, mapping);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 241/411] drm/nouveau/clk: Fix an incorrect NULL check on list iterator
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 240/411] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 242/411] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX Greg Kroah-Hartman
` (174 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Lyude Paul
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 1c3b2a27def609473ed13b1cd668cb10deab49b4 upstream.
The bug is here:
if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp))
return cstate;
The list iterator value 'cstate' will *always* be set and non-NULL
by list_for_each_entry_from_reverse(), so it is incorrect to assume
that the iterator value will be unchanged if the list is empty or no
element is found (In fact, it will be a bogus pointer to an invalid
structure object containing the HEAD). Also it missed a NULL check
at callsite and may lead to invalid memory access after that.
To fix this bug, just return 'encoder' when found, otherwise return
NULL. And add the NULL check.
Cc: stable@vger.kernel.org
Fixes: 1f7f3d91ad38a ("drm/nouveau/clk: Respect voltage limits in nvkm_cstate_prog")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327075824.11806-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c
@@ -135,10 +135,10 @@ nvkm_cstate_find_best(struct nvkm_clk *c
list_for_each_entry_from_reverse(cstate, &pstate->list, head) {
if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp))
- break;
+ return cstate;
}
- return cstate;
+ return NULL;
}
static struct nvkm_cstate *
@@ -169,6 +169,8 @@ nvkm_cstate_prog(struct nvkm_clk *clk, s
if (!list_empty(&pstate->list)) {
cstate = nvkm_cstate_get(clk, pstate, cstatei);
cstate = nvkm_cstate_find_best(clk, pstate, cstate);
+ if (!cstate)
+ return -EINVAL;
} else {
cstate = &pstate->base;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 242/411] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 241/411] drm/nouveau/clk: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 243/411] md: fix an incorrect NULL check in does_sb_need_changing Greg Kroah-Hartman
` (173 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomeu Vizoso, Brian Norris, Douglas Anderson
From: Brian Norris <briannorris@chromium.org>
commit 8fb6c44fe8468f92ac7b8bbfcca4404a4e88645f upstream.
If the display is not enable()d, then we aren't holding a runtime PM
reference here. Thus, it's easy to accidentally cause a hang, if user
space is poking around at /dev/drm_dp_aux0 at the "wrong" time.
Let's get a runtime PM reference, and check that we "see" the panel.
Don't force any panel power-up, etc., because that can be intrusive, and
that's not what other drivers do (see
drivers/gpu/drm/bridge/ti-sn65dsi86.c and
drivers/gpu/drm/bridge/parade-ps8640.c.)
Fixes: 0d97ad03f422 ("drm/bridge: analogix_dp: Remove duplicated code")
Cc: <stable@vger.kernel.org>
Cc: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220301181107.v4.1.I773a08785666ebb236917b0c8e6c05e3de471e75@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
+++ b/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
@@ -1630,8 +1630,19 @@ static ssize_t analogix_dpaux_transfer(s
struct drm_dp_aux_msg *msg)
{
struct analogix_dp_device *dp = to_dp(aux);
+ int ret;
- return analogix_dp_transfer(dp, msg);
+ pm_runtime_get_sync(dp->dev);
+
+ ret = analogix_dp_detect_hpd(dp);
+ if (ret)
+ goto out;
+
+ ret = analogix_dp_transfer(dp, msg);
+out:
+ pm_runtime_put(dp->dev);
+
+ return ret;
}
struct analogix_dp_device *
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 243/411] md: fix an incorrect NULL check in does_sb_need_changing
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 242/411] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 244/411] md: fix an incorrect NULL check in md_reload_sb Greg Kroah-Hartman
` (172 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Xiaomeng Tong,
Goldwyn Rodrigues, Song Liu
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit fc8738343eefc4ea8afb6122826dea48eacde514 upstream.
The bug is here:
if (!rdev)
The list iterator value 'rdev' will *always* be set and non-NULL
by rdev_for_each(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element found.
Otherwise it will bypass the NULL check and lead to invalid memory
access passing the check.
To fix the bug, use a new variable 'iter' as the list iterator,
while using the original variable 'rdev' as a dedicated pointer to
point to the found element.
Cc: stable@vger.kernel.org
Fixes: 2aa82191ac36 ("md-cluster: Perform a lazy update")
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -2532,14 +2532,16 @@ static void sync_sbs(struct mddev *mddev
static bool does_sb_need_changing(struct mddev *mddev)
{
- struct md_rdev *rdev;
+ struct md_rdev *rdev = NULL, *iter;
struct mdp_superblock_1 *sb;
int role;
/* Find a good rdev */
- rdev_for_each(rdev, mddev)
- if ((rdev->raid_disk >= 0) && !test_bit(Faulty, &rdev->flags))
+ rdev_for_each(iter, mddev)
+ if ((iter->raid_disk >= 0) && !test_bit(Faulty, &iter->flags)) {
+ rdev = iter;
break;
+ }
/* No good device found. */
if (!rdev)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 244/411] md: fix an incorrect NULL check in md_reload_sb
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 243/411] md: fix an incorrect NULL check in does_sb_need_changing Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 245/411] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write Greg Kroah-Hartman
` (171 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Song Liu
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 64c54d9244a4efe9bc6e9c98e13c4bbb8bb39083 upstream.
The bug is here:
if (!rdev || rdev->desc_nr != nr) {
The list iterator value 'rdev' will *always* be set and non-NULL
by rdev_for_each_rcu(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
found (In fact, it will be a bogus pointer to an invalid struct
object containing the HEAD). Otherwise it will bypass the check
and lead to invalid memory access passing the check.
To fix the bug, use a new variable 'iter' as the list iterator,
while using the original variable 'pdev' as a dedicated pointer to
point to the found element.
Cc: stable@vger.kernel.org
Fixes: 70bcecdb1534 ("md-cluster: Improve md_reload_sb to be less error prone")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -9531,16 +9531,18 @@ static int read_rdev(struct mddev *mddev
void md_reload_sb(struct mddev *mddev, int nr)
{
- struct md_rdev *rdev;
+ struct md_rdev *rdev = NULL, *iter;
int err;
/* Find the rdev */
- rdev_for_each_rcu(rdev, mddev) {
- if (rdev->desc_nr == nr)
+ rdev_for_each_rcu(iter, mddev) {
+ if (iter->desc_nr == nr) {
+ rdev = iter;
break;
+ }
}
- if (!rdev || rdev->desc_nr != nr) {
+ if (!rdev) {
pr_warn("%s: %d Could not find rdev with nr %d\n", __func__, __LINE__, nr);
return;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 245/411] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 244/411] md: fix an incorrect NULL check in md_reload_sb Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 246/411] media: coda: Fix reported H264 profile Greg Kroah-Hartman
` (170 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tokunori Ikegami,
Vignesh Raghavendra, Miquel Raynal
From: Tokunori Ikegami <ikegami.t@gmail.com>
commit 083084df578a8bdb18334f69e7b32d690aaa3247 upstream.
This is a preparation patch for the S29GL064N buffer writes fix. There
is no functional change.
Link: https://lore.kernel.org/r/b687c259-6413-26c9-d4c9-b3afa69ea124@pengutronix.de/
Fixes: dfeae1073583("mtd: cfi_cmdset_0002: Change write buffer to check correct value")
Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
Cc: stable@vger.kernel.org
Acked-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220323170458.5608-2-ikegami.t@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/chips/cfi_cmdset_0002.c | 95 ++++++++++++------------------------
1 file changed, 32 insertions(+), 63 deletions(-)
--- a/drivers/mtd/chips/cfi_cmdset_0002.c
+++ b/drivers/mtd/chips/cfi_cmdset_0002.c
@@ -798,21 +798,25 @@ static struct mtd_info *cfi_amdstd_setup
}
/*
- * Return true if the chip is ready.
+ * Return true if the chip is ready and has the correct value.
*
* Ready is one of: read mode, query mode, erase-suspend-read mode (in any
* non-suspended sector) and is indicated by no toggle bits toggling.
*
+ * Error are indicated by toggling bits or bits held with the wrong value,
+ * or with bits toggling.
+ *
* Note that anything more complicated than checking if no bits are toggling
* (including checking DQ5 for an error status) is tricky to get working
* correctly and is therefore not done (particularly with interleaved chips
* as each chip must be checked independently of the others).
*/
static int __xipram chip_ready(struct map_info *map, struct flchip *chip,
- unsigned long addr)
+ unsigned long addr, map_word *expected)
{
struct cfi_private *cfi = map->fldrv_priv;
map_word d, t;
+ int ret;
if (cfi_use_status_reg(cfi)) {
map_word ready = CMD(CFI_SR_DRB);
@@ -822,57 +826,20 @@ static int __xipram chip_ready(struct ma
*/
cfi_send_gen_cmd(0x70, cfi->addr_unlock1, chip->start, map, cfi,
cfi->device_type, NULL);
- d = map_read(map, addr);
+ t = map_read(map, addr);
- return map_word_andequal(map, d, ready, ready);
+ return map_word_andequal(map, t, ready, ready);
}
d = map_read(map, addr);
t = map_read(map, addr);
- return map_word_equal(map, d, t);
-}
-
-/*
- * Return true if the chip is ready and has the correct value.
- *
- * Ready is one of: read mode, query mode, erase-suspend-read mode (in any
- * non-suspended sector) and it is indicated by no bits toggling.
- *
- * Error are indicated by toggling bits or bits held with the wrong value,
- * or with bits toggling.
- *
- * Note that anything more complicated than checking if no bits are toggling
- * (including checking DQ5 for an error status) is tricky to get working
- * correctly and is therefore not done (particularly with interleaved chips
- * as each chip must be checked independently of the others).
- *
- */
-static int __xipram chip_good(struct map_info *map, struct flchip *chip,
- unsigned long addr, map_word expected)
-{
- struct cfi_private *cfi = map->fldrv_priv;
- map_word oldd, curd;
-
- if (cfi_use_status_reg(cfi)) {
- map_word ready = CMD(CFI_SR_DRB);
-
- /*
- * For chips that support status register, check device
- * ready bit
- */
- cfi_send_gen_cmd(0x70, cfi->addr_unlock1, chip->start, map, cfi,
- cfi->device_type, NULL);
- curd = map_read(map, addr);
-
- return map_word_andequal(map, curd, ready, ready);
- }
+ ret = map_word_equal(map, d, t);
- oldd = map_read(map, addr);
- curd = map_read(map, addr);
+ if (!ret || !expected)
+ return ret;
- return map_word_equal(map, oldd, curd) &&
- map_word_equal(map, curd, expected);
+ return map_word_equal(map, t, *expected);
}
static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr, int mode)
@@ -889,7 +856,7 @@ static int get_chip(struct map_info *map
case FL_STATUS:
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
@@ -927,7 +894,7 @@ static int get_chip(struct map_info *map
chip->state = FL_ERASE_SUSPENDING;
chip->erase_suspended = 1;
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
@@ -1459,7 +1426,7 @@ static int do_otp_lock(struct map_info *
/* wait for chip to become ready */
timeo = jiffies + msecs_to_jiffies(2);
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
@@ -1691,11 +1658,11 @@ static int __xipram do_write_oneword_onc
}
/*
- * We check "time_after" and "!chip_good" before checking
- * "chip_good" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_ready" before checking
+ * "chip_ready" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_good(map, chip, adr, datum)) {
+ !chip_ready(map, chip, adr, &datum)) {
xip_enable(map, chip, adr);
printk(KERN_WARNING "MTD %s(): software timeout\n", __func__);
xip_disable(map, chip, adr);
@@ -1703,7 +1670,7 @@ static int __xipram do_write_oneword_onc
break;
}
- if (chip_good(map, chip, adr, datum)) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -1971,18 +1938,18 @@ static int __xipram do_write_buffer_wait
}
/*
- * We check "time_after" and "!chip_good" before checking
- * "chip_good" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_ready" before checking
+ * "chip_ready" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_good(map, chip, adr, datum)) {
+ !chip_ready(map, chip, adr, &datum)) {
pr_err("MTD %s(): software timeout, address:0x%.8lx.\n",
__func__, adr);
ret = -EIO;
break;
}
- if (chip_good(map, chip, adr, datum)) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -2191,7 +2158,7 @@ static int cfi_amdstd_panic_wait(struct
* If the driver thinks the chip is idle, and no toggle bits
* are changing, then the chip is actually idle for sure.
*/
- if (chip->state == FL_READY && chip_ready(map, chip, adr))
+ if (chip->state == FL_READY && chip_ready(map, chip, adr, NULL))
return 0;
/*
@@ -2208,7 +2175,7 @@ static int cfi_amdstd_panic_wait(struct
/* wait for the chip to become ready */
for (i = 0; i < jiffies_to_usecs(timeo); i++) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
return 0;
udelay(1);
@@ -2272,13 +2239,13 @@ retry:
map_write(map, datum, adr);
for (i = 0; i < jiffies_to_usecs(uWriteTimeout); i++) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
udelay(1);
}
- if (!chip_good(map, chip, adr, datum) ||
+ if (!chip_ready(map, chip, adr, &datum) ||
cfi_check_err_status(map, chip, adr)) {
/* reset on all failures. */
map_write(map, CMD(0xF0), chip->start);
@@ -2420,6 +2387,7 @@ static int __xipram do_erase_chip(struct
DECLARE_WAITQUEUE(wait, current);
int ret = 0;
int retry_cnt = 0;
+ map_word datum = map_word_ff(map);
adr = cfi->addr_unlock1;
@@ -2474,7 +2442,7 @@ static int __xipram do_erase_chip(struct
chip->erase_suspended = 0;
}
- if (chip_good(map, chip, adr, map_word_ff(map))) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -2519,6 +2487,7 @@ static int __xipram do_erase_oneblock(st
DECLARE_WAITQUEUE(wait, current);
int ret = 0;
int retry_cnt = 0;
+ map_word datum = map_word_ff(map);
adr += chip->start;
@@ -2573,7 +2542,7 @@ static int __xipram do_erase_oneblock(st
chip->erase_suspended = 0;
}
- if (chip_good(map, chip, adr, map_word_ff(map))) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -2767,7 +2736,7 @@ static int __maybe_unused do_ppb_xxlock(
*/
timeo = jiffies + msecs_to_jiffies(2000); /* 2s max (un)locking */
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 246/411] media: coda: Fix reported H264 profile
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 245/411] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 247/411] media: coda: Add more H264 levels for CODA960 Greg Kroah-Hartman
` (169 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dufresne, Ezequiel Garcia,
Pascal Speck, Fabio Estevam, Philipp Zabel, Hans Verkuil,
Mauro Carvalho Chehab
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
commit 7110c08ea71953a7fc342f0b76046f72442cf26c upstream.
The CODA960 manual states that ASO/FMO features of baseline are not
supported, so for this reason this driver should only report
constrained baseline support.
This fixes negotiation issue with constrained baseline content
on GStreamer 1.17.1.
ASO/FMO features are unsupported for the encoder and untested for the
decoder because there is currently no userspace support. Neither GStreamer
parsers nor FFMPEG parsers support ASO/FMO.
Cc: stable@vger.kernel.org
Fixes: 42a68012e67c2 ("media: coda: add read-only h.264 decoder profile/level controls")
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Tested-by: Pascal Speck <kernel@iktek.de>
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/coda/coda-common.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -2172,8 +2172,8 @@ static void coda_encode_ctrls(struct cod
V4L2_CID_MPEG_VIDEO_H264_CHROMA_QP_INDEX_OFFSET, -12, 12, 1, 0);
v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
V4L2_CID_MPEG_VIDEO_H264_PROFILE,
- V4L2_MPEG_VIDEO_H264_PROFILE_BASELINE, 0x0,
- V4L2_MPEG_VIDEO_H264_PROFILE_BASELINE);
+ V4L2_MPEG_VIDEO_H264_PROFILE_CONSTRAINED_BASELINE, 0x0,
+ V4L2_MPEG_VIDEO_H264_PROFILE_CONSTRAINED_BASELINE);
if (ctx->dev->devtype->product == CODA_HX4 ||
ctx->dev->devtype->product == CODA_7541) {
v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
@@ -2254,7 +2254,7 @@ static void coda_decode_ctrls(struct cod
ctx->h264_profile_ctrl = v4l2_ctrl_new_std_menu(&ctx->ctrls,
&coda_ctrl_ops, V4L2_CID_MPEG_VIDEO_H264_PROFILE,
V4L2_MPEG_VIDEO_H264_PROFILE_HIGH,
- ~((1 << V4L2_MPEG_VIDEO_H264_PROFILE_BASELINE) |
+ ~((1 << V4L2_MPEG_VIDEO_H264_PROFILE_CONSTRAINED_BASELINE) |
(1 << V4L2_MPEG_VIDEO_H264_PROFILE_MAIN) |
(1 << V4L2_MPEG_VIDEO_H264_PROFILE_HIGH)),
V4L2_MPEG_VIDEO_H264_PROFILE_HIGH);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 247/411] media: coda: Add more H264 levels for CODA960
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 246/411] media: coda: Fix reported H264 profile Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 248/411] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug Greg Kroah-Hartman
` (168 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Zabel, Nicolas Dufresne,
Ezequiel Garcia, Fabio Estevam, Hans Verkuil,
Mauro Carvalho Chehab
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
commit eb2fd187abc878a2dfad46902becb74963473c7d upstream.
Add H264 level 1.0, 4.1, 4.2 to the list of supported formats.
While the hardware does not fully support these levels, it does support
most of them. The constraints on frame size and pixel formats already
cover the limitation.
This fixes negotiation of level on GStreamer 1.17.1.
Cc: stable@vger.kernel.org
Fixes: 42a68012e67c2 ("media: coda: add read-only h.264 decoder profile/level controls")
Suggested-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/coda/coda-common.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -2187,12 +2187,15 @@ static void coda_encode_ctrls(struct cod
if (ctx->dev->devtype->product == CODA_960) {
v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
V4L2_CID_MPEG_VIDEO_H264_LEVEL,
- V4L2_MPEG_VIDEO_H264_LEVEL_4_0,
- ~((1 << V4L2_MPEG_VIDEO_H264_LEVEL_2_0) |
+ V4L2_MPEG_VIDEO_H264_LEVEL_4_2,
+ ~((1 << V4L2_MPEG_VIDEO_H264_LEVEL_1_0) |
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_2_0) |
(1 << V4L2_MPEG_VIDEO_H264_LEVEL_3_0) |
(1 << V4L2_MPEG_VIDEO_H264_LEVEL_3_1) |
(1 << V4L2_MPEG_VIDEO_H264_LEVEL_3_2) |
- (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_0)),
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_0) |
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_1) |
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_2)),
V4L2_MPEG_VIDEO_H264_LEVEL_4_0);
}
v4l2_ctrl_new_std(&ctx->ctrls, &coda_ctrl_ops,
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 248/411] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 247/411] media: coda: Add more H264 levels for CODA960 Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 249/411] RDMA/hfi1: Fix potential integer multiplication overflow errors Greg Kroah-Hartman
` (167 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nick Desaulniers,
Sean Christopherson, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit 1aa0e8b144b6474c4914439d232d15bfe883636b upstream.
Add a config option to guard (future) usage of asm_volatile_goto() that
includes "tied outputs", i.e. "+" constraints that specify both an input
and output parameter. clang-13 has a bug[1] that causes compilation of
such inline asm to fail, and KVM wants to use a "+m" constraint to
implement a uaccess form of CMPXCHG[2]. E.g. the test code fails with
<stdin>:1:29: error: invalid operand in inline asm: '.long (${1:l}) - .'
int foo(int *x) { asm goto (".long (%l[bar]) - .\n": "+m"(*x) ::: bar); return *x; bar: return 0; }
^
<stdin>:1:29: error: unknown token in expression
<inline asm>:1:9: note: instantiated into assembly here
.long () - .
^
2 errors generated.
on clang-13, but passes on gcc (with appropriate asm goto support). The
bug is fixed in clang-14, but won't be backported to clang-13 as the
changes are too invasive/risky.
gcc also had a similar bug[3], fixed in gcc-11, where gcc failed to
account for its behavior of assigning two numbers to tied outputs (one
for input, one for output) when evaluating symbolic references.
[1] https://github.com/ClangBuiltLinux/linux/issues/1512
[2] https://lore.kernel.org/all/YfMruK8%2F1izZ2VHS@google.com
[3] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98096
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220202004945.2540433-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
init/Kconfig | 5 +++++
1 file changed, 5 insertions(+)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -33,6 +33,11 @@ config CC_CAN_LINK
config CC_HAS_ASM_GOTO
def_bool $(success,$(srctree)/scripts/gcc-goto.sh $(CC))
+config CC_HAS_ASM_GOTO_TIED_OUTPUT
+ depends on CC_HAS_ASM_GOTO_OUTPUT
+ # Detect buggy gcc and clang, fixed in gcc-11 clang-14.
+ def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .\n": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
+
config TOOLS_SUPPORT_RELR
def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 249/411] RDMA/hfi1: Fix potential integer multiplication overflow errors
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 248/411] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 250/411] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x Greg Kroah-Hartman
` (166 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marciniszyn, Dennis Dalessandro,
Jason Gunthorpe
From: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
commit f93e91a0372c922c20d5bee260b0f43b4b8a1bee upstream.
When multiplying of different types, an overflow is possible even when
storing the result in a larger type. This is because the conversion is
done after the multiplication. So arithmetic overflow and thus in
incorrect value is possible.
Correct an instance of this in the inter packet delay calculation. Fix by
ensuring one of the operands is u64 which will promote the other to u64 as
well ensuring no overflow.
Cc: stable@vger.kernel.org
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20220520183712.48973.29855.stgit@awfm-01.cornelisnetworks.com
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/hw/hfi1/init.c
+++ b/drivers/infiniband/hw/hfi1/init.c
@@ -543,7 +543,7 @@ void set_link_ipg(struct hfi1_pportdata
u16 shift, mult;
u64 src;
u32 current_egress_rate; /* Mbits /sec */
- u32 max_pkt_time;
+ u64 max_pkt_time;
/*
* max_pkt_time is the maximum packet egress time in units
* of the fabric clock period 1/(805 MHz).
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 250/411] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 249/411] RDMA/hfi1: Fix potential integer multiplication overflow errors Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 251/411] irqchip: irq-xtensa-mx: fix initial IRQ affinity Greg Kroah-Hartman
` (165 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Andrew Lunn, Marc Zyngier
From: Pali Rohár <pali@kernel.org>
commit a3d66a76348daf559873f19afc912a2a7c2ccdaf upstream.
Register ARMADA_370_XP_INT_FABRIC_MASK_OFFS is Armada 370 and XP specific
and on new Armada platforms it has different meaning. It does not configure
Performance Counter Overflow interrupt masking. So do not touch this
register on non-A370/XP platforms (A375, A38x and A39x).
Signed-off-by: Pali Rohár <pali@kernel.org>
Cc: stable@vger.kernel.org
Fixes: 28da06dfd9e4 ("irqchip: armada-370-xp: Enable the PMU interrupts")
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220425113706.29310-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-armada-370-xp.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/irqchip/irq-armada-370-xp.c
+++ b/drivers/irqchip/irq-armada-370-xp.c
@@ -392,7 +392,16 @@ static void armada_xp_mpic_smp_cpu_init(
static void armada_xp_mpic_perf_init(void)
{
- unsigned long cpuid = cpu_logical_map(smp_processor_id());
+ unsigned long cpuid;
+
+ /*
+ * This Performance Counter Overflow interrupt is specific for
+ * Armada 370 and XP. It is not available on Armada 375, 38x and 39x.
+ */
+ if (!of_machine_is_compatible("marvell,armada-370-xp"))
+ return;
+
+ cpuid = cpu_logical_map(smp_processor_id());
/* Enable Performance Counter Overflow interrupts */
writel(ARMADA_370_XP_INT_CAUSE_PERF(cpuid),
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 251/411] irqchip: irq-xtensa-mx: fix initial IRQ affinity
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 250/411] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 252/411] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx Greg Kroah-Hartman
` (164 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Max Filippov
From: Max Filippov <jcmvbkbc@gmail.com>
commit a255ee29252066d621df5d6b420bf534c6ba5bc0 upstream.
When irq-xtensa-mx chip is used in non-SMP configuration its
irq_set_affinity callback is not called leaving IRQ affinity set empty.
As a result IRQ delivery does not work in that configuration.
Initialize IRQ affinity of the xtensa MX interrupt distributor to CPU 0
for all external IRQ lines.
Cc: stable@vger.kernel.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-xtensa-mx.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/drivers/irqchip/irq-xtensa-mx.c
+++ b/drivers/irqchip/irq-xtensa-mx.c
@@ -151,14 +151,25 @@ static struct irq_chip xtensa_mx_irq_chi
.irq_set_affinity = xtensa_mx_irq_set_affinity,
};
+static void __init xtensa_mx_init_common(struct irq_domain *root_domain)
+{
+ unsigned int i;
+
+ irq_set_default_host(root_domain);
+ secondary_init_irq();
+
+ /* Initialize default IRQ routing to CPU 0 */
+ for (i = 0; i < XCHAL_NUM_EXTINTERRUPTS; ++i)
+ set_er(1, MIROUT(i));
+}
+
int __init xtensa_mx_init_legacy(struct device_node *interrupt_parent)
{
struct irq_domain *root_domain =
irq_domain_add_legacy(NULL, NR_IRQS - 1, 1, 0,
&xtensa_mx_irq_domain_ops,
&xtensa_mx_irq_chip);
- irq_set_default_host(root_domain);
- secondary_init_irq();
+ xtensa_mx_init_common(root_domain);
return 0;
}
@@ -168,8 +179,7 @@ static int __init xtensa_mx_init(struct
struct irq_domain *root_domain =
irq_domain_add_linear(np, NR_IRQS, &xtensa_mx_irq_domain_ops,
&xtensa_mx_irq_chip);
- irq_set_default_host(root_domain);
- secondary_init_irq();
+ xtensa_mx_init_common(root_domain);
return 0;
}
IRQCHIP_DECLARE(xtensa_mx_irq_chip, "cdns,xtensa-mx", xtensa_mx_init);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 252/411] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 251/411] irqchip: irq-xtensa-mx: fix initial IRQ affinity Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 253/411] um: chan_user: Fix winch_tramp() return value Greg Kroah-Hartman
` (163 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Catrinel Catrinescu, Felix Fietkau,
Johannes Berg
From: Felix Fietkau <nbd@nbd.name>
commit b041b7b9de6e1d4362de855ab90f9d03ef323edd upstream.
In client mode, we can't connect to hidden SSID APs or SSIDs not advertised
in beacons on DFS channels, since we're forced to passive scan. Fix this by
sending out a probe request immediately after the first beacon, if active
scan was requested by the user.
Cc: stable@vger.kernel.org
Reported-by: Catrinel Catrinescu <cc@80211.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20220420104907.36275-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/ieee80211_i.h | 5 +++++
net/mac80211/scan.c | 20 ++++++++++++++++++++
2 files changed, 25 insertions(+)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1082,6 +1082,9 @@ struct tpt_led_trigger {
* a scan complete for an aborted scan.
* @SCAN_HW_CANCELLED: Set for our scan work function when the scan is being
* cancelled.
+ * @SCAN_BEACON_WAIT: Set whenever we're passive scanning because of radar/no-IR
+ * and could send a probe request after receiving a beacon.
+ * @SCAN_BEACON_DONE: Beacon received, we can now send a probe request
*/
enum {
SCAN_SW_SCANNING,
@@ -1090,6 +1093,8 @@ enum {
SCAN_COMPLETED,
SCAN_ABORTED,
SCAN_HW_CANCELLED,
+ SCAN_BEACON_WAIT,
+ SCAN_BEACON_DONE,
};
/**
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -252,6 +252,16 @@ void ieee80211_scan_rx(struct ieee80211_
if (likely(!sdata1 && !sdata2))
return;
+ if (test_and_clear_bit(SCAN_BEACON_WAIT, &local->scanning)) {
+ /*
+ * we were passive scanning because of radar/no-IR, but
+ * the beacon/proberesp rx gives us an opportunity to upgrade
+ * to active scan
+ */
+ set_bit(SCAN_BEACON_DONE, &local->scanning);
+ ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
+ }
+
if (ieee80211_is_probe_resp(mgmt->frame_control)) {
struct cfg80211_scan_request *scan_req;
struct cfg80211_sched_scan_request *sched_scan_req;
@@ -753,6 +763,8 @@ static int __ieee80211_start_scan(struct
IEEE80211_CHAN_RADAR)) ||
!req->n_ssids) {
next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
+ if (req->n_ssids)
+ set_bit(SCAN_BEACON_WAIT, &local->scanning);
} else {
ieee80211_scan_state_send_probe(local, &next_delay);
next_delay = IEEE80211_CHANNEL_TIME;
@@ -945,6 +957,8 @@ static void ieee80211_scan_state_set_cha
!scan_req->n_ssids) {
*next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
local->next_scan_state = SCAN_DECISION;
+ if (scan_req->n_ssids)
+ set_bit(SCAN_BEACON_WAIT, &local->scanning);
return;
}
@@ -1037,6 +1051,8 @@ void ieee80211_scan_work(struct work_str
goto out;
}
+ clear_bit(SCAN_BEACON_WAIT, &local->scanning);
+
/*
* as long as no delay is required advance immediately
* without scheduling a new work
@@ -1047,6 +1063,10 @@ void ieee80211_scan_work(struct work_str
goto out_complete;
}
+ if (test_and_clear_bit(SCAN_BEACON_DONE, &local->scanning) &&
+ local->next_scan_state == SCAN_DECISION)
+ local->next_scan_state = SCAN_SEND_PROBE;
+
switch (local->next_scan_state) {
case SCAN_DECISION:
/* if no more bands/channels left, complete scan */
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 253/411] um: chan_user: Fix winch_tramp() return value
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 252/411] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 254/411] um: Fix out-of-bounds read in LDT setup Greg Kroah-Hartman
` (162 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Richard Weinberger,
Nathan Chancellor
From: Johannes Berg <johannes.berg@intel.com>
commit 57ae0b67b747031bc41fb44643aa5344ab58607e upstream.
The previous fix here was only partially correct, it did
result in returning a proper error value in case of error,
but it also clobbered the pid that we need to return from
this function (not just zero for success).
As a result, it returned 0 here, but later this is treated
as a pid and used to kill the process, but since it's now
0 we kill(0, SIGKILL), which makes UML kill itself rather
than just the helper thread.
Fix that and make it more obvious by using a separate
variable for the pid.
Fixes: ccf1236ecac4 ("um: fix error return code in winch_tramp()")
Reported-and-tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/drivers/chan_user.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/arch/um/drivers/chan_user.c
+++ b/arch/um/drivers/chan_user.c
@@ -220,7 +220,7 @@ static int winch_tramp(int fd, struct tt
unsigned long *stack_out)
{
struct winch_data data;
- int fds[2], n, err;
+ int fds[2], n, err, pid;
char c;
err = os_pipe(fds, 1, 1);
@@ -238,8 +238,9 @@ static int winch_tramp(int fd, struct tt
* problem with /dev/net/tun, which if held open by this
* thread, prevents the TUN/TAP device from being reused.
*/
- err = run_helper_thread(winch_thread, &data, CLONE_FILES, stack_out);
- if (err < 0) {
+ pid = run_helper_thread(winch_thread, &data, CLONE_FILES, stack_out);
+ if (pid < 0) {
+ err = pid;
printk(UM_KERN_ERR "fork of winch_thread failed - errno = %d\n",
-err);
goto out_close;
@@ -263,7 +264,7 @@ static int winch_tramp(int fd, struct tt
goto out_close;
}
- return err;
+ return pid;
out_close:
close(fds[1]);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 254/411] um: Fix out-of-bounds read in LDT setup
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 253/411] um: chan_user: Fix winch_tramp() return value Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 255/411] iommu/msm: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (161 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Whitchurch, Richard Weinberger
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
commit 2a4a62a14be1947fa945c5c11ebf67326381a568 upstream.
syscall_stub_data() expects the data_count parameter to be the number of
longs, not bytes.
==================================================================
BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0
Read of size 128 at addr 000000006411f6f0 by task swapper/1
CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18
Call Trace:
show_stack.cold+0x166/0x2a7
__dump_stack+0x3a/0x43
dump_stack_lvl+0x1f/0x27
print_report.cold+0xdb/0xf81
kasan_report+0x119/0x1f0
kasan_check_range+0x3a3/0x440
memcpy+0x52/0x140
syscall_stub_data+0x70/0xe0
write_ldt_entry+0xac/0x190
init_new_ldt+0x515/0x960
init_new_context+0x2c4/0x4d0
mm_init.constprop.0+0x5ed/0x760
mm_alloc+0x118/0x170
0x60033f48
do_one_initcall+0x1d7/0x860
0x60003e7b
kernel_init+0x6e/0x3d4
new_thread_handler+0x1e7/0x2c0
The buggy address belongs to stack of task swapper/1
and is located at offset 64 in frame:
init_new_ldt+0x0/0x960
This frame has 2 objects:
[32, 40) 'addr'
[64, 80) 'desc'
==================================================================
Fixes: 858259cf7d1c443c83 ("uml: maintain own LDT entries")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/um/ldt.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/x86/um/ldt.c
+++ b/arch/x86/um/ldt.c
@@ -23,9 +23,11 @@ static long write_ldt_entry(struct mm_id
{
long res;
void *stub_addr;
+
+ BUILD_BUG_ON(sizeof(*desc) % sizeof(long));
+
res = syscall_stub_data(mm_idp, (unsigned long *)desc,
- (sizeof(*desc) + sizeof(long) - 1) &
- ~(sizeof(long) - 1),
+ sizeof(*desc) / sizeof(long),
addr, &stub_addr);
if (!res) {
unsigned long args[] = { func,
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 255/411] iommu/msm: Fix an incorrect NULL check on list iterator
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 254/411] um: Fix out-of-bounds read in LDT setup Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 256/411] nodemask.h: fix compilation error with GCC12 Greg Kroah-Hartman
` (160 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Joerg Roedel
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 8b9ad480bd1dd25f4ff4854af5685fa334a2f57a upstream.
The bug is here:
if (!iommu || iommu->dev->of_node != spec->np) {
The list iterator value 'iommu' will *always* be set and non-NULL by
list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element is found (in fact,
it will point to a invalid structure object containing HEAD).
To fix the bug, use a new value 'iter' as the list iterator, while use
the old value 'iommu' as a dedicated variable to point to the found one,
and remove the unneeded check for 'iommu->dev->of_node != spec->np'
outside the loop.
Cc: stable@vger.kernel.org
Fixes: f78ebca8ff3d6 ("iommu/msm: Add support for generic master bindings")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220501132823.12714-1-xiam0nd.tong@gmail.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/msm_iommu.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/iommu/msm_iommu.c
+++ b/drivers/iommu/msm_iommu.c
@@ -636,16 +636,19 @@ static void insert_iommu_master(struct d
static int qcom_iommu_of_xlate(struct device *dev,
struct of_phandle_args *spec)
{
- struct msm_iommu_dev *iommu;
+ struct msm_iommu_dev *iommu = NULL, *iter;
unsigned long flags;
int ret = 0;
spin_lock_irqsave(&msm_iommu_lock, flags);
- list_for_each_entry(iommu, &qcom_iommu_devices, dev_node)
- if (iommu->dev->of_node == spec->np)
+ list_for_each_entry(iter, &qcom_iommu_devices, dev_node) {
+ if (iter->dev->of_node == spec->np) {
+ iommu = iter;
break;
+ }
+ }
- if (!iommu || iommu->dev->of_node != spec->np) {
+ if (!iommu) {
ret = -ENODEV;
goto fail;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 256/411] nodemask.h: fix compilation error with GCC12
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 255/411] iommu/msm: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 257/411] hugetlb: fix huge_pmd_unshare address update Greg Kroah-Hartman
` (159 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe de Dinechin,
Christophe de Dinechin, Andrew Morton, Ben Segall,
Michael S. Tsirkin, Steven Rostedt, Ingo Molnar, Mel Gorman,
Dietmar Eggemann, Vincent Guittot, Paolo Bonzini,
Daniel Bristot de Oliveira, Jason Wang, Zhen Lei, Juri Lelli,
Peter Zijlstra
From: Christophe de Dinechin <dinechin@redhat.com>
commit 37462a920392cb86541650a6f4121155f11f1199 upstream.
With gcc version 12.0.1 20220401 (Red Hat 12.0.1-0), building with
defconfig results in the following compilation error:
| CC mm/swapfile.o
| mm/swapfile.c: In function `setup_swap_info':
| mm/swapfile.c:2291:47: error: array subscript -1 is below array bounds
| of `struct plist_node[]' [-Werror=array-bounds]
| 2291 | p->avail_lists[i].prio = 1;
| | ~~~~~~~~~~~~~~^~~
| In file included from mm/swapfile.c:16:
| ./include/linux/swap.h:292:27: note: while referencing `avail_lists'
| 292 | struct plist_node avail_lists[]; /*
| | ^~~~~~~~~~~
This is due to the compiler detecting that the mask in
node_states[__state] could theoretically be zero, which would lead to
first_node() returning -1 through find_first_bit.
I believe that the warning/error is legitimate. I first tried adding a
test to check that the node mask is not emtpy, since a similar test exists
in the case where MAX_NUMNODES == 1.
However, adding the if statement causes other warnings to appear in
for_each_cpu_node_but, because it introduces a dangling else ambiguity.
And unfortunately, GCC is not smart enough to detect that the added test
makes the case where (node) == -1 impossible, so it still complains with
the same message.
This is why I settled on replacing that with a harmless, but relatively
useless (node) >= 0 test. Based on the warning for the dangling else, I
also decided to fix the case where MAX_NUMNODES == 1 by moving the
condition inside the for loop. It will still only be tested once. This
ensures that the meaning of an else following for_each_node_mask or
derivatives would not silently have a different meaning depending on the
configuration.
Link: https://lkml.kernel.org/r/20220414150855.2407137-3-dinechin@redhat.com
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Ben Segall <bsegall@google.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/nodemask.h | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--- a/include/linux/nodemask.h
+++ b/include/linux/nodemask.h
@@ -375,14 +375,13 @@ static inline void __nodes_fold(nodemask
}
#if MAX_NUMNODES > 1
-#define for_each_node_mask(node, mask) \
- for ((node) = first_node(mask); \
- (node) < MAX_NUMNODES; \
- (node) = next_node((node), (mask)))
+#define for_each_node_mask(node, mask) \
+ for ((node) = first_node(mask); \
+ (node >= 0) && (node) < MAX_NUMNODES; \
+ (node) = next_node((node), (mask)))
#else /* MAX_NUMNODES == 1 */
-#define for_each_node_mask(node, mask) \
- if (!nodes_empty(mask)) \
- for ((node) = 0; (node) < 1; (node)++)
+#define for_each_node_mask(node, mask) \
+ for ((node) = 0; (node) < 1 && !nodes_empty(mask); (node)++)
#endif /* MAX_NUMNODES */
/*
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 257/411] hugetlb: fix huge_pmd_unshare address update
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 256/411] nodemask.h: fix compilation error with GCC12 Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 258/411] rtl818x: Prevent using not initialized queues Greg Kroah-Hartman
` (158 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Kravetz, Muchun Song, Andrew Morton
From: Mike Kravetz <mike.kravetz@oracle.com>
commit 48381273f8734d28ef56a5bdf1966dd8530111bc upstream.
The routine huge_pmd_unshare() is passed a pointer to an address
associated with an area which may be unshared. If unshare is successful
this address is updated to 'optimize' callers iterating over huge page
addresses. For the optimization to work correctly, address should be
updated to the last huge page in the unmapped/unshared area. However, in
the common case where the passed address is PUD_SIZE aligned, the address
is incorrectly updated to the address of the preceding huge page. That
wastes CPU cycles as the unmapped/unshared range is scanned twice.
Link: https://lkml.kernel.org/r/20220524205003.126184-1-mike.kravetz@oracle.com
Fixes: 39dde65c9940 ("shared page table for hugetlb page")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5033,7 +5033,14 @@ int huge_pmd_unshare(struct mm_struct *m
pud_clear(pud);
put_page(virt_to_page(ptep));
mm_dec_nr_pmds(mm);
- *addr = ALIGN(*addr, HPAGE_SIZE * PTRS_PER_PTE) - HPAGE_SIZE;
+ /*
+ * This update of passed address optimizes loops sequentially
+ * processing addresses in increments of huge page size (PMD_SIZE
+ * in this case). By clearing the pud, a PUD_SIZE area is unmapped.
+ * Update address to the 'last page' in the cleared area so that
+ * calling loop can move to first page past this area.
+ */
+ *addr |= PUD_SIZE - PMD_SIZE;
return 1;
}
#define want_pmd_share() (1)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 258/411] rtl818x: Prevent using not initialized queues
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 257/411] hugetlb: fix huge_pmd_unshare address update Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 259/411] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control Greg Kroah-Hartman
` (157 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, pa, Alexander Wetzel, Kalle Valo
From: Alexander Wetzel <alexander@wetzel-home.de>
commit 746285cf81dc19502ab238249d75f5990bd2d231 upstream.
Using not existing queues can panic the kernel with rtl8180/rtl8185 cards.
Ignore the skb priority for those cards, they only have one tx queue. Pierre
Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum:
https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html
He also confirmed that this patch fixes the issue. In summary this happened:
After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a
"divide error: 0000" when connecting to an AP. Control port tx now tries to
use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in
2.10.
Since only the rtl8187se part of the driver supports QoS, the priority
of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185
cards.
rtl8180 is then unconditionally reading out the priority and finally crashes on
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this
patch:
idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries
"ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got
initialized.
Cc: stable@vger.kernel.org
Reported-by: pa@panix.com
Tested-by: pa@panix.com
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220422145228.7567-1-alexander@wetzel-home.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c
+++ b/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c
@@ -460,8 +460,10 @@ static void rtl8180_tx(struct ieee80211_
struct rtl8180_priv *priv = dev->priv;
struct rtl8180_tx_ring *ring;
struct rtl8180_tx_desc *entry;
+ unsigned int prio = 0;
unsigned long flags;
- unsigned int idx, prio, hw_prio;
+ unsigned int idx, hw_prio;
+
dma_addr_t mapping;
u32 tx_flags;
u8 rc_flags;
@@ -470,7 +472,9 @@ static void rtl8180_tx(struct ieee80211_
/* do arithmetic and then convert to le16 */
u16 frame_duration = 0;
- prio = skb_get_queue_mapping(skb);
+ /* rtl8180/rtl8185 only has one useable tx queue */
+ if (dev->queues > IEEE80211_AC_BK)
+ prio = skb_get_queue_mapping(skb);
ring = &priv->tx_ring[prio];
mapping = pci_map_single(priv->pdev, skb->data,
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 259/411] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 258/411] rtl818x: Prevent using not initialized queues Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 260/411] carl9170: tx: fix an incorrect use of list iterator Greg Kroah-Hartman
` (156 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown
From: Mark Brown <broonie@kernel.org>
commit 4213ff556740bb45e2d9ff0f50d056c4e7dd0921 upstream.
The driver has a custom put function for "DSP Voice Wake Up" which does
not generate event notifications on change, instead returning 0. Since we
already exit early in the case that there is no change this can be fixed
by unconditionally returning 1 at the end of the function.
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220428162444.3883147-1-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/rt5514.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/rt5514.c
+++ b/sound/soc/codecs/rt5514.c
@@ -419,7 +419,7 @@ static int rt5514_dsp_voice_wake_up_put(
}
}
- return 0;
+ return 1;
}
static const struct snd_kcontrol_new rt5514_snd_controls[] = {
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 260/411] carl9170: tx: fix an incorrect use of list iterator
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 259/411] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 261/411] serial: pch: dont overwrite xmit->buf[0] by x_char Greg Kroah-Hartman
` (155 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Christian Lamparter,
Kalle Valo
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 54a6f29522da3c914da30e50721dedf51046449a upstream.
If the previous list_for_each_entry_continue_rcu() don't exit early
(no goto hit inside the loop), the iterator 'cvif' after the loop
will be a bogus pointer to an invalid structure object containing
the HEAD (&ar->vif_list). As a result, the use of 'cvif' after that
will lead to a invalid memory access (i.e., 'cvif->id': the invalid
pointer dereference when return back to/after the callsite in the
carl9170_update_beacon()).
The original intention should have been to return the valid 'cvif'
when found in list, NULL otherwise. So just return NULL when no
entry found, to fix this bug.
Cc: stable@vger.kernel.org
Fixes: 1f1d9654e183c ("carl9170: refactor carl9170_update_beacon")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220328122820.1004-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/carl9170/tx.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/wireless/ath/carl9170/tx.c
+++ b/drivers/net/wireless/ath/carl9170/tx.c
@@ -1557,6 +1557,9 @@ static struct carl9170_vif_info *carl917
goto out;
}
} while (ar->beacon_enabled && i--);
+
+ /* no entry found in list */
+ return NULL;
}
out:
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 261/411] serial: pch: dont overwrite xmit->buf[0] by x_char
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 260/411] carl9170: tx: fix an incorrect use of list iterator Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 262/411] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (154 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jiri Slaby
From: Jiri Slaby <jslaby@suse.cz>
commit d9f3af4fbb1d955bbaf872d9e76502f6e3e803cb upstream.
When x_char is to be sent, the TX path overwrites whatever is in the
circular buffer at offset 0 with x_char and sends it using
pch_uart_hal_write(). I don't understand how this was supposed to work
if xmit->buf[0] already contained some character. It must have been
lost.
Remove this whole pop_tx_x() concept and do the work directly in the
callers. (Without printing anything using dev_dbg().)
Cc: <stable@vger.kernel.org>
Fixes: 3c6a483275f4 (Serial: EG20T: add PCH_UART driver)
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220503080808.28332-1-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/pch_uart.c | 27 +++++++--------------------
1 file changed, 7 insertions(+), 20 deletions(-)
--- a/drivers/tty/serial/pch_uart.c
+++ b/drivers/tty/serial/pch_uart.c
@@ -635,22 +635,6 @@ static int push_rx(struct eg20t_port *pr
return 0;
}
-static int pop_tx_x(struct eg20t_port *priv, unsigned char *buf)
-{
- int ret = 0;
- struct uart_port *port = &priv->port;
-
- if (port->x_char) {
- dev_dbg(priv->port.dev, "%s:X character send %02x (%lu)\n",
- __func__, port->x_char, jiffies);
- buf[0] = port->x_char;
- port->x_char = 0;
- ret = 1;
- }
-
- return ret;
-}
-
static int dma_push_rx(struct eg20t_port *priv, int size)
{
int room;
@@ -900,9 +884,10 @@ static unsigned int handle_tx(struct eg2
fifo_size = max(priv->fifo_size, 1);
tx_empty = 1;
- if (pop_tx_x(priv, xmit->buf)) {
- pch_uart_hal_write(priv, xmit->buf, 1);
+ if (port->x_char) {
+ pch_uart_hal_write(priv, &port->x_char, 1);
port->icount.tx++;
+ port->x_char = 0;
tx_empty = 0;
fifo_size--;
}
@@ -957,9 +942,11 @@ static unsigned int dma_handle_tx(struct
}
fifo_size = max(priv->fifo_size, 1);
- if (pop_tx_x(priv, xmit->buf)) {
- pch_uart_hal_write(priv, xmit->buf, 1);
+
+ if (port->x_char) {
+ pch_uart_hal_write(priv, &port->x_char, 1);
port->icount.tx++;
+ port->x_char = 0;
fifo_size--;
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 262/411] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 261/411] serial: pch: dont overwrite xmit->buf[0] by x_char Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 263/411] gma500: " Greg Kroah-Hartman
` (153 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Jyri Sarha
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 8b917cbe38e9b0d002492477a9fc2bfee2412ce4 upstream.
The bug is here:
if (!encoder) {
The list iterator value 'encoder' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
is found.
To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'encoder' as a dedicated pointer
to point to the found element.
Cc: stable@vger.kernel.org
Fixes: ec9eab097a500 ("drm/tilcdc: Add drm bridge support for attaching drm bridge drivers")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Reviewed-by: Jyri Sarha <jyri.sarha@iki.fi>
Tested-by: Jyri Sarha <jyri.sarha@iki.fi>
Signed-off-by: Jyri Sarha <jyri.sarha@iki.fi>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327061516.5076-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/tilcdc/tilcdc_external.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/tilcdc/tilcdc_external.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_external.c
@@ -58,11 +58,13 @@ struct drm_connector *tilcdc_encoder_fin
int tilcdc_add_component_encoder(struct drm_device *ddev)
{
struct tilcdc_drm_private *priv = ddev->dev_private;
- struct drm_encoder *encoder;
+ struct drm_encoder *encoder = NULL, *iter;
- list_for_each_entry(encoder, &ddev->mode_config.encoder_list, head)
- if (encoder->possible_crtcs & (1 << priv->crtc->index))
+ list_for_each_entry(iter, &ddev->mode_config.encoder_list, head)
+ if (iter->possible_crtcs & (1 << priv->crtc->index)) {
+ encoder = iter;
break;
+ }
if (!encoder) {
dev_err(ddev->dev, "%s: No suitable encoder found\n", __func__);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 263/411] gma500: fix an incorrect NULL check on list iterator
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 262/411] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 264/411] arm64: dts: qcom: ipq8074: fix the sleep clock frequency Greg Kroah-Hartman
` (152 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Patrik Jakobsson
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit bdef417d84536715145f6dc9cc3275c46f26295a upstream.
The bug is here:
return crtc;
The list iterator value 'crtc' will *always* be set and non-NULL by
list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element is found.
To fix the bug, return 'crtc' when found, otherwise return NULL.
Cc: stable@vger.kernel.org
fixes: 89c78134cc54d ("gma500: Add Poulsbo support")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327052028.2013-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/gma500/psb_intel_display.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/gma500/psb_intel_display.c
+++ b/drivers/gpu/drm/gma500/psb_intel_display.c
@@ -532,14 +532,15 @@ void psb_intel_crtc_init(struct drm_devi
struct drm_crtc *psb_intel_get_crtc_from_pipe(struct drm_device *dev, int pipe)
{
- struct drm_crtc *crtc = NULL;
+ struct drm_crtc *crtc;
list_for_each_entry(crtc, &dev->mode_config.crtc_list, head) {
struct gma_crtc *gma_crtc = to_gma_crtc(crtc);
+
if (gma_crtc->pipe == pipe)
- break;
+ return crtc;
}
- return crtc;
+ return NULL;
}
int gma_connector_clones(struct drm_device *dev, int type_mask)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 264/411] arm64: dts: qcom: ipq8074: fix the sleep clock frequency
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 263/411] gma500: " Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 265/411] phy: qcom-qmp: fix struct clk leak on probe errors Greg Kroah-Hartman
` (151 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kathiravan T, Bjorn Andersson
From: Kathiravan T <quic_kathirav@quicinc.com>
commit f607dd767f5d6800ffbdce5b99ba81763b023781 upstream.
Sleep clock frequency should be 32768Hz. Lets fix it.
Cc: stable@vger.kernel.org
Fixes: 41dac73e243d ("arm64: dts: Add ipq8074 SoC and HK01 board support")
Link: https://lore.kernel.org/all/e2a447f8-6024-0369-f698-2027b6edcf9e@codeaurora.org/
Signed-off-by: Kathiravan T <quic_kathirav@quicinc.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/1644581655-11568-1-git-send-email-quic_kathirav@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
@@ -482,7 +482,7 @@
clocks {
sleep_clk: sleep_clk {
compatible = "fixed-clock";
- clock-frequency = <32000>;
+ clock-frequency = <32768>;
#clock-cells = <0>;
};
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 265/411] phy: qcom-qmp: fix struct clk leak on probe errors
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 264/411] arm64: dts: qcom: ipq8074: fix the sleep clock frequency Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 266/411] ARM: pxa: maybe fix gpio lookup tables Greg Kroah-Hartman
` (150 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vivek Gautam, Bjorn Andersson,
Johan Hovold, Vinod Koul
From: Johan Hovold <johan+linaro@kernel.org>
commit f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df upstream.
Make sure to release the pipe clock reference in case of a late probe
error (e.g. probe deferral).
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Cc: stable@vger.kernel.org # 4.12
Cc: Vivek Gautam <vivek.gautam@codeaurora.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220427063243.32576-2-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/phy/qualcomm/phy-qcom-qmp.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp.c
@@ -1929,7 +1929,7 @@ int qcom_qmp_phy_create(struct device *d
* all phys that don't need this.
*/
snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
- qphy->pipe_clk = of_clk_get_by_name(np, prop_name);
+ qphy->pipe_clk = devm_get_clk_from_child(dev, np, prop_name);
if (IS_ERR(qphy->pipe_clk)) {
if (qmp->cfg->type == PHY_TYPE_PCIE ||
qmp->cfg->type == PHY_TYPE_USB3) {
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 266/411] ARM: pxa: maybe fix gpio lookup tables
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 265/411] phy: qcom-qmp: fix struct clk leak on probe errors Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 267/411] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 Greg Kroah-Hartman
` (149 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Jarzmik, Linus Walleij, Arnd Bergmann
From: Arnd Bergmann <arnd@arndb.de>
commit 2672a4bff6c03a20d5ae460a091f67ee782c3eff upstream.
>From inspection I found a couple of GPIO lookups that are
listed with device "gpio-pxa", but actually have a number
from a different gpio controller.
Try to rectify that here, with a guess of what the actual
device name is.
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-pxa/cm-x300.c | 8 ++++----
arch/arm/mach-pxa/magician.c | 2 +-
arch/arm/mach-pxa/tosa.c | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
--- a/arch/arm/mach-pxa/cm-x300.c
+++ b/arch/arm/mach-pxa/cm-x300.c
@@ -355,13 +355,13 @@ static struct platform_device cm_x300_sp
static struct gpiod_lookup_table cm_x300_spi_gpiod_table = {
.dev_id = "spi_gpio",
.table = {
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_SCL,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_SCL - GPIO_LCD_BASE,
"sck", GPIO_ACTIVE_HIGH),
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_DIN,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_DIN - GPIO_LCD_BASE,
"mosi", GPIO_ACTIVE_HIGH),
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_DOUT,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_DOUT - GPIO_LCD_BASE,
"miso", GPIO_ACTIVE_HIGH),
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_CS,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_CS - GPIO_LCD_BASE,
"cs", GPIO_ACTIVE_HIGH),
{ },
},
--- a/arch/arm/mach-pxa/magician.c
+++ b/arch/arm/mach-pxa/magician.c
@@ -675,7 +675,7 @@ static struct platform_device bq24022 =
static struct gpiod_lookup_table bq24022_gpiod_table = {
.dev_id = "gpio-regulator",
.table = {
- GPIO_LOOKUP("gpio-pxa", EGPIO_MAGICIAN_BQ24022_ISET2,
+ GPIO_LOOKUP("htc-egpio-0", EGPIO_MAGICIAN_BQ24022_ISET2 - MAGICIAN_EGPIO_BASE,
NULL, GPIO_ACTIVE_HIGH),
GPIO_LOOKUP("gpio-pxa", GPIO30_MAGICIAN_BQ24022_nCHARGE_EN,
"enable", GPIO_ACTIVE_LOW),
--- a/arch/arm/mach-pxa/tosa.c
+++ b/arch/arm/mach-pxa/tosa.c
@@ -295,9 +295,9 @@ static struct gpiod_lookup_table tosa_mc
.table = {
GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_nSD_DETECT,
"cd", GPIO_ACTIVE_LOW),
- GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_SD_WP,
+ GPIO_LOOKUP("sharp-scoop.0", TOSA_GPIO_SD_WP - TOSA_SCOOP_GPIO_BASE,
"wp", GPIO_ACTIVE_LOW),
- GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_PWR_ON,
+ GPIO_LOOKUP("sharp-scoop.0", TOSA_GPIO_PWR_ON - TOSA_SCOOP_GPIO_BASE,
"power", GPIO_ACTIVE_HIGH),
{ },
},
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 267/411] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.4 266/411] ARM: pxa: maybe fix gpio lookup tables Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 268/411] dt-bindings: gpio: altera: correct interrupt-cells Greg Kroah-Hartman
` (148 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Akira Yokosawa, Jonathan Corbet
From: Akira Yokosawa <akiyks@gmail.com>
commit 627f01eab93d8671d4e4afee9b148f9998d20e7c upstream.
One of the changes in Sphinx 5.0.0 [1] says [sic]:
5.0.0 final
- #10474: language does not accept None as it value.
The default value of language becomes to 'en' now.
[1]: https://www.sphinx-doc.org/en/master/changes.html#release-5-0-0-released-may-30-2022
It results in a new warning from Sphinx 5.0.0 [sic]:
WARNING: Invalid configuration value found: 'language = None'.
Update your configuration to a valid langauge code. Falling
back to 'en' (English).
Silence the warning by using 'en'.
It works with all the Sphinx versions required for building
kernel documentation (1.7.9 or later).
Signed-off-by: Akira Yokosawa <akiyks@gmail.com>
Link: https://lore.kernel.org/r/bd0c2ddc-2401-03cb-4526-79ca664e1cbe@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/conf.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/conf.py
+++ b/Documentation/conf.py
@@ -98,7 +98,7 @@ finally:
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
-language = None
+language = 'en'
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 268/411] dt-bindings: gpio: altera: correct interrupt-cells
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 267/411] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 269/411] blk-iolatency: Fix inflight count imbalances and IO hangs on offline Greg Kroah-Hartman
` (147 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dinh Nguyen
From: Dinh Nguyen <dinguyen@kernel.org>
commit 3a21c3ac93aff7b4522b152399df8f6a041df56d upstream.
update documentation to correctly state the interrupt-cells to be 2.
Cc: stable@vger.kernel.org
Fixes: 4fd9bbc6e071 ("drivers/gpio: Altera soft IP GPIO driver devicetree binding")
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/gpio/gpio-altera.txt | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/Documentation/devicetree/bindings/gpio/gpio-altera.txt
+++ b/Documentation/devicetree/bindings/gpio/gpio-altera.txt
@@ -9,8 +9,9 @@ Required properties:
- The second cell is reserved and is currently unused.
- gpio-controller : Marks the device node as a GPIO controller.
- interrupt-controller: Mark the device node as an interrupt controller
-- #interrupt-cells : Should be 1. The interrupt type is fixed in the hardware.
+- #interrupt-cells : Should be 2. The interrupt type is fixed in the hardware.
- The first cell is the GPIO offset number within the GPIO controller.
+ - The second cell is the interrupt trigger type and level flags.
- interrupts: Specify the interrupt.
- altr,interrupt-type: Specifies the interrupt trigger type the GPIO
hardware is synthesized. This field is required if the Altera GPIO controller
@@ -38,6 +39,6 @@ gpio_altr: gpio@ff200000 {
altr,interrupt-type = <IRQ_TYPE_EDGE_RISING>;
#gpio-cells = <2>;
gpio-controller;
- #interrupt-cells = <1>;
+ #interrupt-cells = <2>;
interrupt-controller;
};
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 269/411] blk-iolatency: Fix inflight count imbalances and IO hangs on offline
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 268/411] dt-bindings: gpio: altera: correct interrupt-cells Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 270/411] phy: qcom-qmp: fix reset-controller leak on probe errors Greg Kroah-Hartman
` (146 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tejun Heo, Josef Bacik, Liu Bo, Jens Axboe
From: Tejun Heo <tj@kernel.org>
commit 8a177a36da6c54c98b8685d4f914cb3637d53c0d upstream.
iolatency needs to track the number of inflight IOs per cgroup. As this
tracking can be expensive, it is disabled when no cgroup has iolatency
configured for the device. To ensure that the inflight counters stay
balanced, iolatency_set_limit() freezes the request_queue while manipulating
the enabled counter, which ensures that no IO is in flight and thus all
counters are zero.
Unfortunately, iolatency_set_limit() isn't the only place where the enabled
counter is manipulated. iolatency_pd_offline() can also dec the counter and
trigger disabling. As this disabling happens without freezing the q, this
can easily happen while some IOs are in flight and thus leak the counts.
This can be easily demonstrated by turning on iolatency on an one empty
cgroup while IOs are in flight in other cgroups and then removing the
cgroup. Note that iolatency shouldn't have been enabled elsewhere in the
system to ensure that removing the cgroup disables iolatency for the whole
device.
The following keeps flipping on and off iolatency on sda:
echo +io > /sys/fs/cgroup/cgroup.subtree_control
while true; do
mkdir -p /sys/fs/cgroup/test
echo '8:0 target=100000' > /sys/fs/cgroup/test/io.latency
sleep 1
rmdir /sys/fs/cgroup/test
sleep 1
done
and there's concurrent fio generating direct rand reads:
fio --name test --filename=/dev/sda --direct=1 --rw=randread \
--runtime=600 --time_based --iodepth=256 --numjobs=4 --bs=4k
while monitoring with the following drgn script:
while True:
for css in css_for_each_descendant_pre(prog['blkcg_root'].css.address_of_()):
for pos in hlist_for_each(container_of(css, 'struct blkcg', 'css').blkg_list):
blkg = container_of(pos, 'struct blkcg_gq', 'blkcg_node')
pd = blkg.pd[prog['blkcg_policy_iolatency'].plid]
if pd.value_() == 0:
continue
iolat = container_of(pd, 'struct iolatency_grp', 'pd')
inflight = iolat.rq_wait.inflight.counter.value_()
if inflight:
print(f'inflight={inflight} {disk_name(blkg.q.disk).decode("utf-8")} '
f'{cgroup_path(css.cgroup).decode("utf-8")}')
time.sleep(1)
The monitoring output looks like the following:
inflight=1 sda /user.slice
inflight=1 sda /user.slice
...
inflight=14 sda /user.slice
inflight=13 sda /user.slice
inflight=17 sda /user.slice
inflight=15 sda /user.slice
inflight=18 sda /user.slice
inflight=17 sda /user.slice
inflight=20 sda /user.slice
inflight=19 sda /user.slice <- fio stopped, inflight stuck at 19
inflight=19 sda /user.slice
inflight=19 sda /user.slice
If a cgroup with stuck inflight ends up getting throttled, the throttled IOs
will never get issued as there's no completion event to wake it up leading
to an indefinite hang.
This patch fixes the bug by unifying enable handling into a work item which
is automatically kicked off from iolatency_set_min_lat_nsec() which is
called from both iolatency_set_limit() and iolatency_pd_offline() paths.
Punting to a work item is necessary as iolatency_pd_offline() is called
under spinlocks while freezing a request_queue requires a sleepable context.
This also simplifies the code reducing LOC sans the comments and avoids the
unnecessary freezes which were happening whenever a cgroup's latency target
is newly set or cleared.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Liu Bo <bo.liu@linux.alibaba.com>
Fixes: 8c772a9bfc7c ("blk-iolatency: fix IO hang due to negative inflight counter")
Cc: stable@vger.kernel.org # v5.0+
Link: https://lore.kernel.org/r/Yn9ScX6Nx2qIiQQi@slm.duckdns.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-iolatency.c | 122 ++++++++++++++++++++++++++------------------------
1 file changed, 64 insertions(+), 58 deletions(-)
--- a/block/blk-iolatency.c
+++ b/block/blk-iolatency.c
@@ -86,7 +86,17 @@ struct iolatency_grp;
struct blk_iolatency {
struct rq_qos rqos;
struct timer_list timer;
- atomic_t enabled;
+
+ /*
+ * ->enabled is the master enable switch gating the throttling logic and
+ * inflight tracking. The number of cgroups which have iolat enabled is
+ * tracked in ->enable_cnt, and ->enable is flipped on/off accordingly
+ * from ->enable_work with the request_queue frozen. For details, See
+ * blkiolatency_enable_work_fn().
+ */
+ bool enabled;
+ atomic_t enable_cnt;
+ struct work_struct enable_work;
};
static inline struct blk_iolatency *BLKIOLATENCY(struct rq_qos *rqos)
@@ -94,11 +104,6 @@ static inline struct blk_iolatency *BLKI
return container_of(rqos, struct blk_iolatency, rqos);
}
-static inline bool blk_iolatency_enabled(struct blk_iolatency *blkiolat)
-{
- return atomic_read(&blkiolat->enabled) > 0;
-}
-
struct child_latency_info {
spinlock_t lock;
@@ -463,7 +468,7 @@ static void blkcg_iolatency_throttle(str
struct blkcg_gq *blkg = bio->bi_blkg;
bool issue_as_root = bio_issue_as_root_blkg(bio);
- if (!blk_iolatency_enabled(blkiolat))
+ if (!blkiolat->enabled)
return;
while (blkg && blkg->parent) {
@@ -593,7 +598,6 @@ static void blkcg_iolatency_done_bio(str
u64 window_start;
u64 now = ktime_to_ns(ktime_get());
bool issue_as_root = bio_issue_as_root_blkg(bio);
- bool enabled = false;
int inflight = 0;
blkg = bio->bi_blkg;
@@ -604,8 +608,7 @@ static void blkcg_iolatency_done_bio(str
if (!iolat)
return;
- enabled = blk_iolatency_enabled(iolat->blkiolat);
- if (!enabled)
+ if (!iolat->blkiolat->enabled)
return;
while (blkg && blkg->parent) {
@@ -643,6 +646,7 @@ static void blkcg_iolatency_exit(struct
struct blk_iolatency *blkiolat = BLKIOLATENCY(rqos);
del_timer_sync(&blkiolat->timer);
+ flush_work(&blkiolat->enable_work);
blkcg_deactivate_policy(rqos->q, &blkcg_policy_iolatency);
kfree(blkiolat);
}
@@ -714,6 +718,44 @@ next:
rcu_read_unlock();
}
+/**
+ * blkiolatency_enable_work_fn - Enable or disable iolatency on the device
+ * @work: enable_work of the blk_iolatency of interest
+ *
+ * iolatency needs to keep track of the number of in-flight IOs per cgroup. This
+ * is relatively expensive as it involves walking up the hierarchy twice for
+ * every IO. Thus, if iolatency is not enabled in any cgroup for the device, we
+ * want to disable the in-flight tracking.
+ *
+ * We have to make sure that the counting is balanced - we don't want to leak
+ * the in-flight counts by disabling accounting in the completion path while IOs
+ * are in flight. This is achieved by ensuring that no IO is in flight by
+ * freezing the queue while flipping ->enabled. As this requires a sleepable
+ * context, ->enabled flipping is punted to this work function.
+ */
+static void blkiolatency_enable_work_fn(struct work_struct *work)
+{
+ struct blk_iolatency *blkiolat = container_of(work, struct blk_iolatency,
+ enable_work);
+ bool enabled;
+
+ /*
+ * There can only be one instance of this function running for @blkiolat
+ * and it's guaranteed to be executed at least once after the latest
+ * ->enabled_cnt modification. Acting on the latest ->enable_cnt is
+ * sufficient.
+ *
+ * Also, we know @blkiolat is safe to access as ->enable_work is flushed
+ * in blkcg_iolatency_exit().
+ */
+ enabled = atomic_read(&blkiolat->enable_cnt);
+ if (enabled != blkiolat->enabled) {
+ blk_mq_freeze_queue(blkiolat->rqos.q);
+ blkiolat->enabled = enabled;
+ blk_mq_unfreeze_queue(blkiolat->rqos.q);
+ }
+}
+
int blk_iolatency_init(struct request_queue *q)
{
struct blk_iolatency *blkiolat;
@@ -739,17 +781,15 @@ int blk_iolatency_init(struct request_qu
}
timer_setup(&blkiolat->timer, blkiolatency_timer_fn, 0);
+ INIT_WORK(&blkiolat->enable_work, blkiolatency_enable_work_fn);
return 0;
}
-/*
- * return 1 for enabling iolatency, return -1 for disabling iolatency, otherwise
- * return 0.
- */
-static int iolatency_set_min_lat_nsec(struct blkcg_gq *blkg, u64 val)
+static void iolatency_set_min_lat_nsec(struct blkcg_gq *blkg, u64 val)
{
struct iolatency_grp *iolat = blkg_to_lat(blkg);
+ struct blk_iolatency *blkiolat = iolat->blkiolat;
u64 oldval = iolat->min_lat_nsec;
iolat->min_lat_nsec = val;
@@ -757,13 +797,15 @@ static int iolatency_set_min_lat_nsec(st
iolat->cur_win_nsec = min_t(u64, iolat->cur_win_nsec,
BLKIOLATENCY_MAX_WIN_SIZE);
- if (!oldval && val)
- return 1;
+ if (!oldval && val) {
+ if (atomic_inc_return(&blkiolat->enable_cnt) == 1)
+ schedule_work(&blkiolat->enable_work);
+ }
if (oldval && !val) {
blkcg_clear_delay(blkg);
- return -1;
+ if (atomic_dec_return(&blkiolat->enable_cnt) == 0)
+ schedule_work(&blkiolat->enable_work);
}
- return 0;
}
static void iolatency_clear_scaling(struct blkcg_gq *blkg)
@@ -795,7 +837,6 @@ static ssize_t iolatency_set_limit(struc
u64 lat_val = 0;
u64 oldval;
int ret;
- int enable = 0;
ret = blkg_conf_prep(blkcg, &blkcg_policy_iolatency, buf, &ctx);
if (ret)
@@ -830,41 +871,12 @@ static ssize_t iolatency_set_limit(struc
blkg = ctx.blkg;
oldval = iolat->min_lat_nsec;
- enable = iolatency_set_min_lat_nsec(blkg, lat_val);
- if (enable) {
- if (!blk_get_queue(blkg->q)) {
- ret = -ENODEV;
- goto out;
- }
-
- blkg_get(blkg);
- }
-
- if (oldval != iolat->min_lat_nsec) {
+ iolatency_set_min_lat_nsec(blkg, lat_val);
+ if (oldval != iolat->min_lat_nsec)
iolatency_clear_scaling(blkg);
- }
-
ret = 0;
out:
blkg_conf_finish(&ctx);
- if (ret == 0 && enable) {
- struct iolatency_grp *tmp = blkg_to_lat(blkg);
- struct blk_iolatency *blkiolat = tmp->blkiolat;
-
- blk_mq_freeze_queue(blkg->q);
-
- if (enable == 1)
- atomic_inc(&blkiolat->enabled);
- else if (enable == -1)
- atomic_dec(&blkiolat->enabled);
- else
- WARN_ON_ONCE(1);
-
- blk_mq_unfreeze_queue(blkg->q);
-
- blkg_put(blkg);
- blk_put_queue(blkg->q);
- }
return ret ?: nbytes;
}
@@ -1005,14 +1017,8 @@ static void iolatency_pd_offline(struct
{
struct iolatency_grp *iolat = pd_to_lat(pd);
struct blkcg_gq *blkg = lat_to_blkg(iolat);
- struct blk_iolatency *blkiolat = iolat->blkiolat;
- int ret;
- ret = iolatency_set_min_lat_nsec(blkg, 0);
- if (ret == 1)
- atomic_inc(&blkiolat->enabled);
- if (ret == -1)
- atomic_dec(&blkiolat->enabled);
+ iolatency_set_min_lat_nsec(blkg, 0);
iolatency_clear_scaling(blkg);
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 270/411] phy: qcom-qmp: fix reset-controller leak on probe errors
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 269/411] blk-iolatency: Fix inflight count imbalances and IO hangs on offline Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 271/411] Kconfig: add config option for asm goto w/ outputs Greg Kroah-Hartman
` (145 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vivek Gautam, Philipp Zabel,
Johan Hovold, Bjorn Andersson, Vinod Koul
From: Johan Hovold <johan+linaro@kernel.org>
commit 4d2900f20edfe541f75756a00deeb2ffe7c66bc1 upstream.
Make sure to release the lane reset controller in case of a late probe
error (e.g. probe deferral).
Note that due to the reset controller being defined in devicetree in
"lane" child nodes, devm_reset_control_get_exclusive() cannot be used
directly.
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Cc: stable@vger.kernel.org # 4.12
Cc: Vivek Gautam <vivek.gautam@codeaurora.org>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220427063243.32576-3-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/phy/qualcomm/phy-qcom-qmp.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/phy/qualcomm/phy-qcom-qmp.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp.c
@@ -1860,6 +1860,11 @@ static const struct phy_ops qcom_qmp_ufs
.owner = THIS_MODULE,
};
+static void qcom_qmp_reset_control_put(void *data)
+{
+ reset_control_put(data);
+}
+
static
int qcom_qmp_phy_create(struct device *dev, struct device_node *np, int id)
{
@@ -1951,6 +1956,10 @@ int qcom_qmp_phy_create(struct device *d
dev_err(dev, "failed to get lane%d reset\n", id);
return PTR_ERR(qphy->lane_rst);
}
+ ret = devm_add_action_or_reset(dev, qcom_qmp_reset_control_put,
+ qphy->lane_rst);
+ if (ret)
+ return ret;
}
if (qmp->cfg->type == PHY_TYPE_UFS)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 271/411] Kconfig: add config option for asm goto w/ outputs
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 270/411] phy: qcom-qmp: fix reset-controller leak on probe errors Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 272/411] RDMA/rxe: Generate a completion for unsupported/invalid opcode Greg Kroah-Hartman
` (144 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nick Desaulniers, Linus Torvalds
From: Nick Desaulniers <ndesaulniers@google.com>
commit 587f17018a2c6c414e41a312b002faaef60cf423 upstream.
This allows C code to make use of compilers with support for output
variables along the fallthrough path via preprocessor define:
CONFIG_CC_HAS_ASM_GOTO_OUTPUT
[ This is not used anywhere yet, and currently released compilers don't
support this yet, but it's coming, and I have some local experimental
patches to take advantage of it when it does - Linus ]
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
init/Kconfig | 4 ++++
1 file changed, 4 insertions(+)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -38,6 +38,10 @@ config CC_HAS_ASM_GOTO_TIED_OUTPUT
# Detect buggy gcc and clang, fixed in gcc-11 clang-14.
def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .\n": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
+config CC_HAS_ASM_GOTO_OUTPUT
+ depends on CC_HAS_ASM_GOTO
+ def_bool $(success,echo 'int foo(int x) { asm goto ("": "=r"(x) ::: bar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null)
+
config TOOLS_SUPPORT_RELR
def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 272/411] RDMA/rxe: Generate a completion for unsupported/invalid opcode
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 271/411] Kconfig: add config option for asm goto w/ outputs Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 273/411] MIPS: IP27: Remove incorrect `cpu_has_fpu override Greg Kroah-Hartman
` (143 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiao Yang, Jason Gunthorpe
From: Xiao Yang <yangx.jy@fujitsu.com>
commit 2f917af777011c88e977b9b9a5d00b280d3a59ce upstream.
Current rxe_requester() doesn't generate a completion when processing an
unsupported/invalid opcode. If rxe driver doesn't support a new opcode
(e.g. RDMA Atomic Write) and RDMA library supports it, an application
using the new opcode can reproduce this issue. Fix the issue by calling
"goto err;".
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20220410113513.27537-1-yangx.jy@fujitsu.com
Signed-off-by: Xiao Yang <yangx.jy@fujitsu.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/sw/rxe/rxe_req.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/sw/rxe/rxe_req.c
+++ b/drivers/infiniband/sw/rxe/rxe_req.c
@@ -680,7 +680,7 @@ next_wqe:
opcode = next_opcode(qp, wqe, wqe->wr.opcode);
if (unlikely(opcode < 0)) {
wqe->status = IB_WC_LOC_QP_OP_ERR;
- goto exit;
+ goto err;
}
mask = rxe_opcode[opcode].mask;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 273/411] MIPS: IP27: Remove incorrect `cpu_has_fpu override
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 272/411] RDMA/rxe: Generate a completion for unsupported/invalid opcode Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 274/411] bfq: Avoid merging queues with different parents Greg Kroah-Hartman
` (142 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Stephen Zhang,
Thomas Bogendoerfer
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 424c3781dd1cb401857585331eaaa425a13f2429 upstream.
Remove unsupported forcing of `cpu_has_fpu' to 1, which makes the `nofpu'
kernel parameter non-functional, and also causes a link error:
ld: arch/mips/kernel/traps.o: in function `trap_init':
./arch/mips/include/asm/msa.h:(.init.text+0x348): undefined reference to `handle_fpe'
ld: ./arch/mips/include/asm/msa.h:(.init.text+0x354): undefined reference to `handle_fpe'
ld: ./arch/mips/include/asm/msa.h:(.init.text+0x360): undefined reference to `handle_fpe'
where the CONFIG_MIPS_FP_SUPPORT configuration option has been disabled.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Reported-by: Stephen Zhang <starzhangzsd@gmail.com>
Fixes: 0ebb2f4159af ("MIPS: IP27: Update/restructure CPU overrides")
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/mach-ip27/cpu-feature-overrides.h | 1 -
1 file changed, 1 deletion(-)
--- a/arch/mips/include/asm/mach-ip27/cpu-feature-overrides.h
+++ b/arch/mips/include/asm/mach-ip27/cpu-feature-overrides.h
@@ -28,7 +28,6 @@
#define cpu_has_6k_cache 0
#define cpu_has_8k_cache 0
#define cpu_has_tx39_cache 0
-#define cpu_has_fpu 1
#define cpu_has_nofpuex 0
#define cpu_has_32fpr 1
#define cpu_has_counter 1
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 274/411] bfq: Avoid merging queues with different parents
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 273/411] MIPS: IP27: Remove incorrect `cpu_has_fpu override Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 275/411] bfq: Drop pointless unlock-lock pair Greg Kroah-Hartman
` (141 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit c1cee4ab36acef271be9101590756ed0c0c374d9 upstream.
It can happen that the parent of a bfqq changes between the moment we
decide two queues are worth to merge (and set bic->stable_merge_bfqq)
and the moment bfq_setup_merge() is called. This can happen e.g. because
the process submitted IO for a different cgroup and thus bfqq got
reparented. It can even happen that the bfqq we are merging with has
parent cgroup that is already offline and going to be destroyed in which
case the merge can lead to use-after-free issues such as:
BUG: KASAN: use-after-free in __bfq_deactivate_entity+0x9cb/0xa50
Read of size 8 at addr ffff88800693c0c0 by task runc:[2:INIT]/10544
CPU: 0 PID: 10544 Comm: runc:[2:INIT] Tainted: G E 5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased) f1f3b891c72369aebecd2e43e4641a6358867c70
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014
Call Trace:
<IRQ>
dump_stack_lvl+0x46/0x5a
print_address_description.constprop.0+0x1f/0x140
? __bfq_deactivate_entity+0x9cb/0xa50
kasan_report.cold+0x7f/0x11b
? __bfq_deactivate_entity+0x9cb/0xa50
__bfq_deactivate_entity+0x9cb/0xa50
? update_curr+0x32f/0x5d0
bfq_deactivate_entity+0xa0/0x1d0
bfq_del_bfqq_busy+0x28a/0x420
? resched_curr+0x116/0x1d0
? bfq_requeue_bfqq+0x70/0x70
? check_preempt_wakeup+0x52b/0xbc0
__bfq_bfqq_expire+0x1a2/0x270
bfq_bfqq_expire+0xd16/0x2160
? try_to_wake_up+0x4ee/0x1260
? bfq_end_wr_async_queues+0xe0/0xe0
? _raw_write_unlock_bh+0x60/0x60
? _raw_spin_lock_irq+0x81/0xe0
bfq_idle_slice_timer+0x109/0x280
? bfq_dispatch_request+0x4870/0x4870
__hrtimer_run_queues+0x37d/0x700
? enqueue_hrtimer+0x1b0/0x1b0
? kvm_clock_get_cycles+0xd/0x10
? ktime_get_update_offsets_now+0x6f/0x280
hrtimer_interrupt+0x2c8/0x740
Fix the problem by checking that the parent of the two bfqqs we are
merging in bfq_setup_merge() is the same.
Link: https://lore.kernel.org/linux-block/20211125172809.GC19572@quack2.suse.cz/
CC: stable@vger.kernel.org
Fixes: 430a67f9d616 ("block, bfq: merge bursts of newly-created queues")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-2-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2509,6 +2509,14 @@ bfq_setup_merge(struct bfq_queue *bfqq,
if (process_refs == 0 || new_process_refs == 0)
return NULL;
+ /*
+ * Make sure merged queues belong to the same parent. Parents could
+ * have changed since the time we decided the two queues are suitable
+ * for merging.
+ */
+ if (new_bfqq->entity.parent != bfqq->entity.parent)
+ return NULL;
+
bfq_log_bfqq(bfqq->bfqd, bfqq, "scheduling merge with queue %d",
new_bfqq->pid);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 275/411] bfq: Drop pointless unlock-lock pair
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 274/411] bfq: Avoid merging queues with different parents Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 276/411] bfq: Remove pointless bfq_init_rq() calls Greg Kroah-Hartman
` (140 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit fc84e1f941b91221092da5b3102ec82da24c5673 upstream.
In bfq_insert_request() we unlock bfqd->lock only to call
trace_block_rq_insert() and then lock bfqd->lock again. This is really
pointless since tracing is disabled if we really care about performance
and even if the tracepoint is enabled, it is a quick call.
CC: stable@vger.kernel.org
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-5-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 3 ---
1 file changed, 3 deletions(-)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -5529,11 +5529,8 @@ static void bfq_insert_request(struct bl
return;
}
- spin_unlock_irq(&bfqd->lock);
-
blk_mq_sched_request_inserted(rq);
- spin_lock_irq(&bfqd->lock);
bfqq = bfq_init_rq(rq);
if (!bfqq || at_head || blk_rq_is_passthrough(rq)) {
if (at_head)
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 276/411] bfq: Remove pointless bfq_init_rq() calls
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 275/411] bfq: Drop pointless unlock-lock pair Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 277/411] bfq: Get rid of __bio_blkcg() usage Greg Kroah-Hartman
` (139 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 5f550ede5edf846ecc0067be1ba80514e6fe7f8e upstream.
We call bfq_init_rq() from request merging functions where requests we
get should have already gone through bfq_init_rq() during insert and
anyway we want to do anything only if the request is already tracked by
BFQ. So replace calls to bfq_init_rq() with RQ_BFQQ() instead to simply
skip requests untracked by BFQ. We move bfq_init_rq() call in
bfq_insert_request() a bit earlier to cover request merging and thus
can transfer FIFO position in case of a merge.
CC: stable@vger.kernel.org
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-6-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2267,8 +2267,6 @@ static int bfq_request_merge(struct requ
return ELEVATOR_NO_MERGE;
}
-static struct bfq_queue *bfq_init_rq(struct request *rq);
-
static void bfq_request_merged(struct request_queue *q, struct request *req,
enum elv_merge type)
{
@@ -2277,7 +2275,7 @@ static void bfq_request_merged(struct re
blk_rq_pos(req) <
blk_rq_pos(container_of(rb_prev(&req->rb_node),
struct request, rb_node))) {
- struct bfq_queue *bfqq = bfq_init_rq(req);
+ struct bfq_queue *bfqq = RQ_BFQQ(req);
struct bfq_data *bfqd;
struct request *prev, *next_rq;
@@ -2329,8 +2327,8 @@ static void bfq_request_merged(struct re
static void bfq_requests_merged(struct request_queue *q, struct request *rq,
struct request *next)
{
- struct bfq_queue *bfqq = bfq_init_rq(rq),
- *next_bfqq = bfq_init_rq(next);
+ struct bfq_queue *bfqq = RQ_BFQQ(rq),
+ *next_bfqq = RQ_BFQQ(next);
if (!bfqq)
return;
@@ -5514,6 +5512,8 @@ static inline void bfq_update_insert_sta
unsigned int cmd_flags) {}
#endif /* CONFIG_BFQ_CGROUP_DEBUG */
+static struct bfq_queue *bfq_init_rq(struct request *rq);
+
static void bfq_insert_request(struct blk_mq_hw_ctx *hctx, struct request *rq,
bool at_head)
{
@@ -5524,6 +5524,7 @@ static void bfq_insert_request(struct bl
unsigned int cmd_flags;
spin_lock_irq(&bfqd->lock);
+ bfqq = bfq_init_rq(rq);
if (blk_mq_sched_try_insert_merge(q, rq)) {
spin_unlock_irq(&bfqd->lock);
return;
@@ -5531,7 +5532,6 @@ static void bfq_insert_request(struct bl
blk_mq_sched_request_inserted(rq);
- bfqq = bfq_init_rq(rq);
if (!bfqq || at_head || blk_rq_is_passthrough(rq)) {
if (at_head)
list_add(&rq->queuelist, &bfqd->dispatch);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 277/411] bfq: Get rid of __bio_blkcg() usage
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 276/411] bfq: Remove pointless bfq_init_rq() calls Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 278/411] bfq: Make sure bfqg for which we are queueing requests is online Greg Kroah-Hartman
` (138 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 4e54a2493e582361adc3bfbf06c7d50d19d18837 upstream.
BFQ usage of __bio_blkcg() is a relict from the past. Furthermore if bio
would not be associated with any blkcg, the usage of __bio_blkcg() in
BFQ is prone to races with the task being migrated between cgroups as
__bio_blkcg() calls at different places could return different blkcgs.
Convert BFQ to the new situation where bio->bi_blkg is initialized in
bio_set_dev() and thus practically always valid. This allows us to save
blkcg_gq lookup and noticeably simplify the code.
CC: stable@vger.kernel.org
Fixes: 0fe061b9f03c ("blkcg: fix ref count issue with bio_blkcg() using task_css")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-8-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 63 ++++++++++++++++++----------------------------------
block/bfq-iosched.c | 10 --------
block/bfq-iosched.h | 3 --
3 files changed, 25 insertions(+), 51 deletions(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -565,27 +565,11 @@ static void bfq_group_set_parent(struct
entity->sched_data = &parent->sched_data;
}
-static struct bfq_group *bfq_lookup_bfqg(struct bfq_data *bfqd,
- struct blkcg *blkcg)
+static void bfq_link_bfqg(struct bfq_data *bfqd, struct bfq_group *bfqg)
{
- struct blkcg_gq *blkg;
-
- blkg = blkg_lookup(blkcg, bfqd->queue);
- if (likely(blkg))
- return blkg_to_bfqg(blkg);
- return NULL;
-}
-
-struct bfq_group *bfq_find_set_group(struct bfq_data *bfqd,
- struct blkcg *blkcg)
-{
- struct bfq_group *bfqg, *parent;
+ struct bfq_group *parent;
struct bfq_entity *entity;
- bfqg = bfq_lookup_bfqg(bfqd, blkcg);
- if (unlikely(!bfqg))
- return NULL;
-
/*
* Update chain of bfq_groups as we might be handling a leaf group
* which, along with some of its relatives, has not been hooked yet
@@ -602,8 +586,15 @@ struct bfq_group *bfq_find_set_group(str
bfq_group_set_parent(curr_bfqg, parent);
}
}
+}
- return bfqg;
+struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
+{
+ struct blkcg_gq *blkg = bio->bi_blkg;
+
+ if (!blkg)
+ return bfqd->root_group;
+ return blkg_to_bfqg(blkg);
}
/**
@@ -679,25 +670,15 @@ void bfq_bfqq_move(struct bfq_data *bfqd
* Move bic to blkcg, assuming that bfqd->lock is held; which makes
* sure that the reference to cgroup is valid across the call (see
* comments in bfq_bic_update_cgroup on this issue)
- *
- * NOTE: an alternative approach might have been to store the current
- * cgroup in bfqq and getting a reference to it, reducing the lookup
- * time here, at the price of slightly more complex code.
*/
-static struct bfq_group *__bfq_bic_change_cgroup(struct bfq_data *bfqd,
- struct bfq_io_cq *bic,
- struct blkcg *blkcg)
+static void *__bfq_bic_change_cgroup(struct bfq_data *bfqd,
+ struct bfq_io_cq *bic,
+ struct bfq_group *bfqg)
{
struct bfq_queue *async_bfqq = bic_to_bfqq(bic, 0);
struct bfq_queue *sync_bfqq = bic_to_bfqq(bic, 1);
- struct bfq_group *bfqg;
struct bfq_entity *entity;
- bfqg = bfq_find_set_group(bfqd, blkcg);
-
- if (unlikely(!bfqg))
- bfqg = bfqd->root_group;
-
if (async_bfqq) {
entity = &async_bfqq->entity;
@@ -749,20 +730,24 @@ static struct bfq_group *__bfq_bic_chang
void bfq_bic_update_cgroup(struct bfq_io_cq *bic, struct bio *bio)
{
struct bfq_data *bfqd = bic_to_bfqd(bic);
- struct bfq_group *bfqg = NULL;
+ struct bfq_group *bfqg = bfq_bio_bfqg(bfqd, bio);
uint64_t serial_nr;
- rcu_read_lock();
- serial_nr = __bio_blkcg(bio)->css.serial_nr;
+ serial_nr = bfqg_to_blkg(bfqg)->blkcg->css.serial_nr;
/*
* Check whether blkcg has changed. The condition may trigger
* spuriously on a newly created cic but there's no harm.
*/
if (unlikely(!bfqd) || likely(bic->blkcg_serial_nr == serial_nr))
- goto out;
+ return;
- bfqg = __bfq_bic_change_cgroup(bfqd, bic, __bio_blkcg(bio));
+ /*
+ * New cgroup for this process. Make sure it is linked to bfq internal
+ * cgroup hierarchy.
+ */
+ bfq_link_bfqg(bfqd, bfqg);
+ __bfq_bic_change_cgroup(bfqd, bic, bfqg);
/*
* Update blkg_path for bfq_log_* functions. We cache this
* path, and update it here, for the following
@@ -815,8 +800,6 @@ void bfq_bic_update_cgroup(struct bfq_io
*/
blkg_path(bfqg_to_blkg(bfqg), bfqg->blkg_path, sizeof(bfqg->blkg_path));
bic->blkcg_serial_nr = serial_nr;
-out:
- rcu_read_unlock();
}
/**
@@ -1433,7 +1416,7 @@ void bfq_end_wr_async(struct bfq_data *b
bfq_end_wr_async_queues(bfqd, bfqd->root_group);
}
-struct bfq_group *bfq_find_set_group(struct bfq_data *bfqd, struct blkcg *blkcg)
+struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
{
return bfqd->root_group;
}
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -5158,14 +5158,7 @@ static struct bfq_queue *bfq_get_queue(s
struct bfq_queue *bfqq;
struct bfq_group *bfqg;
- rcu_read_lock();
-
- bfqg = bfq_find_set_group(bfqd, __bio_blkcg(bio));
- if (!bfqg) {
- bfqq = &bfqd->oom_bfqq;
- goto out;
- }
-
+ bfqg = bfq_bio_bfqg(bfqd, bio);
if (!is_sync) {
async_bfqq = bfq_async_queue_prio(bfqd, bfqg, ioprio_class,
ioprio);
@@ -5209,7 +5202,6 @@ static struct bfq_queue *bfq_get_queue(s
out:
bfqq->ref++; /* get a process reference to this queue */
bfq_log_bfqq(bfqd, bfqq, "get_queue, at end: %p, %d", bfqq, bfqq->ref);
- rcu_read_unlock();
return bfqq;
}
--- a/block/bfq-iosched.h
+++ b/block/bfq-iosched.h
@@ -978,8 +978,7 @@ void bfq_bfqq_move(struct bfq_data *bfqd
void bfq_init_entity(struct bfq_entity *entity, struct bfq_group *bfqg);
void bfq_bic_update_cgroup(struct bfq_io_cq *bic, struct bio *bio);
void bfq_end_wr_async(struct bfq_data *bfqd);
-struct bfq_group *bfq_find_set_group(struct bfq_data *bfqd,
- struct blkcg *blkcg);
+struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio);
struct blkcg_gq *bfqg_to_blkg(struct bfq_group *bfqg);
struct bfq_group *bfqq_group(struct bfq_queue *bfqq);
struct bfq_group *bfq_create_group_hierarchy(struct bfq_data *bfqd, int node);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 278/411] bfq: Make sure bfqg for which we are queueing requests is online
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 277/411] bfq: Get rid of __bio_blkcg() usage Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 279/411] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq Greg Kroah-Hartman
` (137 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 075a53b78b815301f8d3dd1ee2cd99554e34f0dd upstream.
Bios queued into BFQ IO scheduler can be associated with a cgroup that
was already offlined. This may then cause insertion of this bfq_group
into a service tree. But this bfq_group will get freed as soon as last
bio associated with it is completed leading to use after free issues for
service tree users. Fix the problem by making sure we always operate on
online bfq_group. If the bfq_group associated with the bio is not
online, we pick the first online parent.
CC: stable@vger.kernel.org
Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-9-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -591,10 +591,19 @@ static void bfq_link_bfqg(struct bfq_dat
struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
{
struct blkcg_gq *blkg = bio->bi_blkg;
+ struct bfq_group *bfqg;
- if (!blkg)
- return bfqd->root_group;
- return blkg_to_bfqg(blkg);
+ while (blkg) {
+ bfqg = blkg_to_bfqg(blkg);
+ if (bfqg->online) {
+ bio_associate_blkg_from_css(bio, &blkg->blkcg->css);
+ return bfqg;
+ }
+ blkg = blkg->parent;
+ }
+ bio_associate_blkg_from_css(bio,
+ &bfqg_to_blkg(bfqd->root_group)->blkcg->css);
+ return bfqd->root_group;
}
/**
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 279/411] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 278/411] bfq: Make sure bfqg for which we are queueing requests is online Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 280/411] md: bcache: check the return value of kzalloc() in detached_dev_do_request() Greg Kroah-Hartman
` (136 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Logan Gunthorpe, Christoph Hellwig, Jan Kara,
Jens Axboe, Donald Buczek
From: Jan Kara <jack@suse.cz>
commit 22b106e5355d6e7a9c3b5cb5ed4ef22ae585ea94 upstream.
Commit d92c370a16cb ("block: really clone the block cgroup in
bio_clone_blkg_association") changed bio_clone_blkg_association() to
just clone bio->bi_blkg reference from source to destination bio. This
is however wrong if the source and destination bios are against
different block devices because struct blkcg_gq is different for each
bdev-blkcg pair. This will result in IOs being accounted (and throttled
as a result) multiple times against the same device (src bdev) while
throttling of the other device (dst bdev) is ignored. In case of BFQ the
inconsistency can even result in crashes in bfq_bic_update_cgroup().
Fix the problem by looking up correct blkcg_gq for the cloned bio.
Reported-by: Logan Gunthorpe <logang@deltatee.com>
Reported-and-tested-by: Donald Buczek <buczek@molgen.mpg.de>
Fixes: d92c370a16cb ("block: really clone the block cgroup in bio_clone_blkg_association")
CC: stable@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220602081242.7731-1-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/block/bio.c
+++ b/block/bio.c
@@ -2179,7 +2179,7 @@ void bio_clone_blkg_association(struct b
rcu_read_lock();
if (src->bi_blkg)
- __bio_associate_blkg(dst, src->bi_blkg);
+ bio_associate_blkg_from_css(dst, &bio_blkcg(src)->css);
rcu_read_unlock();
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 280/411] md: bcache: check the return value of kzalloc() in detached_dev_do_request()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 279/411] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 281/411] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards Greg Kroah-Hartman
` (135 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TOTE Robot, Jia-Ju Bai, Coly Li, Jens Axboe
From: Jia-Ju Bai <baijiaju1990@gmail.com>
commit 40f567bbb3b0639d2ec7d1c6ad4b1b018f80cf19 upstream.
The function kzalloc() in detached_dev_do_request() can fail, so its
return value should be checked.
Fixes: bc082a55d25c ("bcache: fix inaccurate io state for detached bcache devices")
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Link: https://lore.kernel.org/r/20220527152818.27545-4-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/request.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -1119,6 +1119,12 @@ static void detached_dev_do_request(stru
* which would call closure_get(&dc->disk.cl)
*/
ddip = kzalloc(sizeof(struct detached_dev_io_private), GFP_NOIO);
+ if (!ddip) {
+ bio->bi_status = BLK_STS_RESOURCE;
+ bio->bi_end_io(bio);
+ return;
+ }
+
ddip->d = d;
ddip->start_time = jiffies;
ddip->bi_end_io = bio->bi_end_io;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 281/411] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 280/411] md: bcache: check the return value of kzalloc() in detached_dev_do_request() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 282/411] staging: greybus: codecs: fix type confusion of list iterator variable Greg Kroah-Hartman
` (134 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Arnd Bergmann, Daniel Vetter, Kees Cook, Thomas Bogendoerfer,
linux-mips, Manuel Lauss, Dominik Brodowski, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 3928cf08334ed895a31458cbebd8d4ec6d84c080 ]
When the MIPS_ALCHEMY board selection is MIPS_XXS1500 instead of
MIPS_DB1XXX, the PCMCIA driver 'db1xxx_ss' has build errors due
to missing DB1XXX symbols. The PCMCIA driver should be restricted
to MIPS_DB1XXX instead of MIPS_ALCHEMY to fix this build error.
ERROR: modpost: "bcsr_read" [drivers/pcmcia/db1xxx_ss.ko] undefined!
ERROR: modpost: "bcsr_mod" [drivers/pcmcia/db1xxx_ss.ko] undefined!
Fixes: 42a4f17dc356 ("MIPS: Alchemy: remove SOC_AU1X00 in favor of MIPS_ALCHEMY")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: linux-mips@vger.kernel.org
Acked-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pcmcia/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pcmcia/Kconfig b/drivers/pcmcia/Kconfig
index e004d8da03dc..73df71a14253 100644
--- a/drivers/pcmcia/Kconfig
+++ b/drivers/pcmcia/Kconfig
@@ -151,7 +151,7 @@ config TCIC
config PCMCIA_ALCHEMY_DEVBOARD
tristate "Alchemy Db/Pb1xxx PCMCIA socket services"
- depends on MIPS_ALCHEMY && PCMCIA
+ depends on MIPS_DB1XXX && PCMCIA
help
Enable this driver of you want PCMCIA support on your Alchemy
Db1000, Db/Pb1100, Db/Pb1500, Db/Pb1550, Db/Pb1200, DB1300
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 282/411] staging: greybus: codecs: fix type confusion of list iterator variable
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 281/411] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 283/411] iio: adc: ad7124: Remove shift from scan_type Greg Kroah-Hartman
` (133 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Vaibhav Agarwal,
Mark Greer, Jakob Koschel, Sasha Levin
From: Jakob Koschel <jakobkoschel@gmail.com>
[ Upstream commit 84ef256550196bc06e6849a34224c998b45bd557 ]
If the list does not exit early then data == NULL and 'module' does not
point to a valid list element.
Using 'module' in such a case is not valid and was therefore removed.
Fixes: 6dd67645f22c ("greybus: audio: Use single codec driver registration")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Vaibhav Agarwal <vaibhav.sr@gmail.com>
Reviewed-by: Mark Greer <mgreer@animalcreek.com>
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Link: https://lore.kernel.org/r/20220321123626.3068639-1-jakobkoschel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/greybus/audio_codec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/greybus/audio_codec.c b/drivers/staging/greybus/audio_codec.c
index 3259bf02ba25..2418fbf1d2ab 100644
--- a/drivers/staging/greybus/audio_codec.c
+++ b/drivers/staging/greybus/audio_codec.c
@@ -620,8 +620,8 @@ static int gbcodec_mute_stream(struct snd_soc_dai *dai, int mute, int stream)
break;
}
if (!data) {
- dev_err(dai->dev, "%s:%s DATA connection missing\n",
- dai->name, module->name);
+ dev_err(dai->dev, "%s DATA connection missing\n",
+ dai->name);
mutex_unlock(&codec->lock);
return -ENODEV;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 283/411] iio: adc: ad7124: Remove shift from scan_type
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 282/411] staging: greybus: codecs: fix type confusion of list iterator variable Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 284/411] tty: goldfish: Use tty_port_destroy() to destroy port Greg Kroah-Hartman
` (132 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandru Tachici, Jonathan Cameron,
Sasha Levin
From: Alexandru Tachici <alexandru.tachici@analog.com>
[ Upstream commit fe78ccf79b0e29fd6d8dc2e2c3b0dbeda4ce3ad8 ]
The 24 bits data is stored in 32 bits in BE. There
is no need to shift it. This confuses user-space apps.
Fixes: b3af341bbd966 ("iio: adc: Add ad7124 support")
Signed-off-by: Alexandru Tachici <alexandru.tachici@analog.com>
Link: https://lore.kernel.org/r/20220322105029.86389-2-alexandru.tachici@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/ad7124.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c
index 635cc1e7b123..793a803919c5 100644
--- a/drivers/iio/adc/ad7124.c
+++ b/drivers/iio/adc/ad7124.c
@@ -142,7 +142,6 @@ static const struct iio_chan_spec ad7124_channel_template = {
.sign = 'u',
.realbits = 24,
.storagebits = 32,
- .shift = 8,
.endianness = IIO_BE,
},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 284/411] tty: goldfish: Use tty_port_destroy() to destroy port
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 283/411] iio: adc: ad7124: Remove shift from scan_type Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 285/411] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Greg Kroah-Hartman
` (131 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Wang Weiyang, Sasha Levin
From: Wang Weiyang <wangweiyang2@huawei.com>
[ Upstream commit 507b05063d1b7a1fcb9f7d7c47586fc4f3508f98 ]
In goldfish_tty_probe(), the port initialized through tty_port_init()
should be destroyed in error paths.In goldfish_tty_remove(), qtty->port
also should be destroyed or else might leak resources.
Fix the above by calling tty_port_destroy().
Fixes: 666b7793d4bf ("goldfish: tty driver")
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
Link: https://lore.kernel.org/r/20220328115844.86032-1-wangweiyang2@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/goldfish.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/goldfish.c b/drivers/tty/goldfish.c
index c8c5cdfc5e19..abc84d84f638 100644
--- a/drivers/tty/goldfish.c
+++ b/drivers/tty/goldfish.c
@@ -407,6 +407,7 @@ static int goldfish_tty_probe(struct platform_device *pdev)
err_tty_register_device_failed:
free_irq(irq, qtty);
err_dec_line_count:
+ tty_port_destroy(&qtty->port);
goldfish_tty_current_line_count--;
if (goldfish_tty_current_line_count == 0)
goldfish_tty_delete_driver();
@@ -428,6 +429,7 @@ static int goldfish_tty_remove(struct platform_device *pdev)
iounmap(qtty->base);
qtty->base = NULL;
free_irq(qtty->irq, pdev);
+ tty_port_destroy(&qtty->port);
goldfish_tty_current_line_count--;
if (goldfish_tty_current_line_count == 0)
goldfish_tty_delete_driver();
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 285/411] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 284/411] tty: goldfish: Use tty_port_destroy() to destroy port Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 286/411] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Greg Kroah-Hartman
` (130 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit bcea0f547ec1a2ee44d429aaf0334633e386e67c ]
Fix the missing clk_disable_unprepare() before return
from owl_uart_probe() in the error handling case.
Fixes: abf42d2f333b ("tty: serial: owl: add "much needed" clk_prepare_enable()")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220307105135.11698-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/owl-uart.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c
index c55c8507713c..e87953f8a768 100644
--- a/drivers/tty/serial/owl-uart.c
+++ b/drivers/tty/serial/owl-uart.c
@@ -695,6 +695,7 @@ static int owl_uart_probe(struct platform_device *pdev)
owl_port->port.uartclk = clk_get_rate(owl_port->clk);
if (owl_port->port.uartclk == 0) {
dev_err(&pdev->dev, "clock rate is zero\n");
+ clk_disable_unprepare(owl_port->clk);
return -EINVAL;
}
owl_port->port.flags = UPF_BOOT_AUTOCONF | UPF_IOREMAP | UPF_LOW_LATENCY;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 286/411] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 285/411] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 287/411] usb: usbip: fix a refcount leak in stub_probe() Greg Kroah-Hartman
` (129 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sherry Sun, Sasha Levin
From: Sherry Sun <sherry.sun@nxp.com>
[ Upstream commit f398e0aa325c61fa20903833a5b534ecb8e6e418 ]
Now fsl_lpuart driver use both of_alias_get_id() and ida_simple_get() in
.probe(), which has the potential bug. For example, when remove the
lpuart7 alias in dts, of_alias_get_id() will return error, then call
ida_simple_get() to allocate the id 0 for lpuart7, this may confilct
with the lpuart4 which has alias 0.
aliases {
...
serial0 = &lpuart4;
serial1 = &lpuart5;
serial2 = &lpuart6;
serial3 = &lpuart7;
}
So remove the ida_simple_get() in .probe(), return an error directly
when calling of_alias_get_id() fails, which is consistent with other
uart drivers behavior.
Fixes: 3bc3206e1c0f ("serial: fsl_lpuart: Remove the alias node dependence")
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Link: https://lore.kernel.org/r/20220321112211.8895-1-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 24 ++++--------------------
1 file changed, 4 insertions(+), 20 deletions(-)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 13e705b53217..4bdc12908146 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -233,8 +233,6 @@
/* IMX lpuart has four extra unused regs located at the beginning */
#define IMX_REG_OFF 0x10
-static DEFINE_IDA(fsl_lpuart_ida);
-
enum lpuart_type {
VF610_LPUART,
LS1021A_LPUART,
@@ -269,7 +267,6 @@ struct lpuart_port {
int rx_dma_rng_buf_len;
unsigned int dma_tx_nents;
wait_queue_head_t dma_wait;
- bool id_allocated;
};
struct lpuart_soc_data {
@@ -2450,23 +2447,18 @@ static int lpuart_probe(struct platform_device *pdev)
ret = of_alias_get_id(np, "serial");
if (ret < 0) {
- ret = ida_simple_get(&fsl_lpuart_ida, 0, UART_NR, GFP_KERNEL);
- if (ret < 0) {
- dev_err(&pdev->dev, "port line is full, add device failed\n");
- return ret;
- }
- sport->id_allocated = true;
+ dev_err(&pdev->dev, "failed to get alias id, errno %d\n", ret);
+ return ret;
}
if (ret >= ARRAY_SIZE(lpuart_ports)) {
dev_err(&pdev->dev, "serial%d out of range\n", ret);
- ret = -EINVAL;
- goto failed_out_of_range;
+ return -EINVAL;
}
sport->port.line = ret;
ret = lpuart_enable_clks(sport);
if (ret)
- goto failed_clock_enable;
+ return ret;
sport->port.uartclk = lpuart_get_baud_clk_rate(sport);
lpuart_ports[sport->port.line] = sport;
@@ -2516,10 +2508,6 @@ static int lpuart_probe(struct platform_device *pdev)
failed_attach_port:
failed_irq_request:
lpuart_disable_clks(sport);
-failed_clock_enable:
-failed_out_of_range:
- if (sport->id_allocated)
- ida_simple_remove(&fsl_lpuart_ida, sport->port.line);
return ret;
}
@@ -2529,9 +2517,6 @@ static int lpuart_remove(struct platform_device *pdev)
uart_remove_one_port(&lpuart_reg, &sport->port);
- if (sport->id_allocated)
- ida_simple_remove(&fsl_lpuart_ida, sport->port.line);
-
lpuart_disable_clks(sport);
if (sport->dma_tx_chan)
@@ -2663,7 +2648,6 @@ static int __init lpuart_serial_init(void)
static void __exit lpuart_serial_exit(void)
{
- ida_destroy(&fsl_lpuart_ida);
platform_driver_unregister(&lpuart_driver);
uart_unregister_driver(&lpuart_reg);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 287/411] usb: usbip: fix a refcount leak in stub_probe()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 286/411] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 288/411] usb: usbip: add missing device lock on tweak configuration cmd Greg Kroah-Hartman
` (128 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, Hangyu Hua, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 9ec4cbf1cc55d126759051acfe328d489c5d6e60 ]
usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails
after that, usb_put_dev() needs to be called to release the reference.
Fix this by moving usb_put_dev() to sdev_free error path handling.
Find this by code review.
Fixes: 3ff67445750a ("usbip: fix error handling in stub_probe()")
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220412020257.9767-1-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/usbip/stub_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c
index d8d3892e5a69..3c6d452e3bf4 100644
--- a/drivers/usb/usbip/stub_dev.c
+++ b/drivers/usb/usbip/stub_dev.c
@@ -393,7 +393,6 @@ static int stub_probe(struct usb_device *udev)
err_port:
dev_set_drvdata(&udev->dev, NULL);
- usb_put_dev(udev);
/* we already have busid_priv, just lock busid_lock */
spin_lock(&busid_priv->busid_lock);
@@ -408,6 +407,7 @@ static int stub_probe(struct usb_device *udev)
put_busid_priv(busid_priv);
sdev_free:
+ usb_put_dev(udev);
stub_device_free(sdev);
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 288/411] usb: usbip: add missing device lock on tweak configuration cmd
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 287/411] usb: usbip: fix a refcount leak in stub_probe() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 289/411] USB: storage: karma: fix rio_karma_init return Greg Kroah-Hartman
` (127 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, Niels Dossche, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit d088fabace2ca337b275d1d4b36db4fe7771e44f ]
The function documentation of usb_set_configuration says that its
callers should hold the device lock. This lock is held for all
callsites except tweak_set_configuration_cmd. The code path can be
executed for example when attaching a remote USB device.
The solution is to surround the call by the device lock.
This bug was found using my experimental own-developed static analysis
tool, which reported the missing lock on v5.17.2. I manually verified
this bug report by doing code review as well. I runtime checked that
the required lock is not held. I compiled and runtime tested this on
x86_64 with a USB mouse. After applying this patch, my analyser no
longer reports this potential bug.
Fixes: 2c8c98158946 ("staging: usbip: let client choose device configuration")
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Link: https://lore.kernel.org/r/20220412165055.257113-1-dossche.niels@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/usbip/stub_rx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c
index e2b019532234..d3d360ff0d24 100644
--- a/drivers/usb/usbip/stub_rx.c
+++ b/drivers/usb/usbip/stub_rx.c
@@ -138,7 +138,9 @@ static int tweak_set_configuration_cmd(struct urb *urb)
req = (struct usb_ctrlrequest *) urb->setup_packet;
config = le16_to_cpu(req->wValue);
+ usb_lock_device(sdev->udev);
err = usb_set_configuration(sdev->udev, config);
+ usb_unlock_device(sdev->udev);
if (err && err != -ENODEV)
dev_err(&sdev->udev->dev, "can't set config #%d, error %d\n",
config, err);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 289/411] USB: storage: karma: fix rio_karma_init return
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 288/411] usb: usbip: add missing device lock on tweak configuration cmd Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 290/411] usb: musb: Fix missing of_node_put() in omap2430_probe Greg Kroah-Hartman
` (126 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alan Stern, Lin Ma, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit b92ffb1eddd9a66a90defc556dcbf65a43c196c7 ]
The function rio_karam_init() should return -ENOMEM instead of
value 0 (USB_STOR_TRANSPORT_GOOD) when allocation fails.
Similarly, it should return -EIO when rio_karma_send_command() fails.
Fixes: dfe0d3ba20e8 ("USB Storage: add rio karma eject support")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20220412144359.28447-1-linma@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/storage/karma.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/storage/karma.c b/drivers/usb/storage/karma.c
index 05cec81dcd3f..38ddfedef629 100644
--- a/drivers/usb/storage/karma.c
+++ b/drivers/usb/storage/karma.c
@@ -174,24 +174,25 @@ static void rio_karma_destructor(void *extra)
static int rio_karma_init(struct us_data *us)
{
- int ret = 0;
struct karma_data *data = kzalloc(sizeof(struct karma_data), GFP_NOIO);
if (!data)
- goto out;
+ return -ENOMEM;
data->recv = kmalloc(RIO_RECV_LEN, GFP_NOIO);
if (!data->recv) {
kfree(data);
- goto out;
+ return -ENOMEM;
}
us->extra = data;
us->extra_destructor = rio_karma_destructor;
- ret = rio_karma_send_command(RIO_ENTER_STORAGE, us);
- data->in_storage = (ret == 0);
-out:
- return ret;
+ if (rio_karma_send_command(RIO_ENTER_STORAGE, us))
+ return -EIO;
+
+ data->in_storage = 1;
+
+ return 0;
}
static struct scsi_host_template karma_host_template;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 290/411] usb: musb: Fix missing of_node_put() in omap2430_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 289/411] USB: storage: karma: fix rio_karma_init return Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 291/411] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Greg Kroah-Hartman
` (125 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 424bef51fa530389b0b9008c9e144e40c10e8458 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: 8934d3e4d0e7 ("usb: musb: omap2430: Don't use omap_get_control_dev()")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220309111033.24487-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/musb/omap2430.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/musb/omap2430.c b/drivers/usb/musb/omap2430.c
index 5c93226e0e20..8def19fc5025 100644
--- a/drivers/usb/musb/omap2430.c
+++ b/drivers/usb/musb/omap2430.c
@@ -433,6 +433,7 @@ static int omap2430_probe(struct platform_device *pdev)
control_node = of_parse_phandle(np, "ctrl-module", 0);
if (control_node) {
control_pdev = of_find_device_by_node(control_node);
+ of_node_put(control_node);
if (!control_pdev) {
dev_err(&pdev->dev, "Failed to get control device\n");
ret = -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 291/411] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 290/411] usb: musb: Fix missing of_node_put() in omap2430_probe Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 292/411] pwm: lp3943: Fix duty calculation in case period was clamped Greg Kroah-Hartman
` (124 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 7079b3483a17be2cfba64cbd4feb1b7ae07f1ea7 ]
If device_register() fails, device_unregister() should not be called
because it will free some resources that are not allocated.
put_device() should be used instead.
Fixes: 308ee87a2f1e ("staging: fieldbus: anybus-s: support HMS Anybus-S bus")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/5401a519608d6e1a4e7435c20f4f20b0c5c36c23.1650610082.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/fieldbus/anybuss/host.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/fieldbus/anybuss/host.c b/drivers/staging/fieldbus/anybuss/host.c
index f69dc4930457..b7a91bdef6f4 100644
--- a/drivers/staging/fieldbus/anybuss/host.c
+++ b/drivers/staging/fieldbus/anybuss/host.c
@@ -1384,7 +1384,7 @@ anybuss_host_common_probe(struct device *dev,
goto err_device;
return cd;
err_device:
- device_unregister(&cd->client->dev);
+ put_device(&cd->client->dev);
err_kthread:
kthread_stop(cd->qthread);
err_reset:
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 292/411] pwm: lp3943: Fix duty calculation in case period was clamped
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 291/411] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 293/411] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (123 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König,
Thierry Reding, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 5e3b07ca5cc78cd4a987e78446849e41288d87cb ]
The hardware only supports periods <= 1.6 ms and if a bigger period is
requested it is clamped to 1.6 ms. In this case duty_cycle might be bigger
than 1.6 ms and then the duty cycle register is written with a value
bigger than LP3943_MAX_DUTY. So clamp duty_cycle accordingly.
Fixes: af66b3c0934e ("pwm: Add LP3943 PWM driver")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-lp3943.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pwm/pwm-lp3943.c b/drivers/pwm/pwm-lp3943.c
index bf3f14fb5f24..05e4120fd702 100644
--- a/drivers/pwm/pwm-lp3943.c
+++ b/drivers/pwm/pwm-lp3943.c
@@ -125,6 +125,7 @@ static int lp3943_pwm_config(struct pwm_chip *chip, struct pwm_device *pwm,
if (err)
return err;
+ duty_ns = min(duty_ns, period_ns);
val = (u8)(duty_ns * LP3943_MAX_DUTY / period_ns);
return lp3943_write_byte(lp3943, reg_duty, val);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 293/411] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 292/411] pwm: lp3943: Fix duty calculation in case period was clamped Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 294/411] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
` (122 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bjorn Andersson,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 1a358d35066487d228a68303d808bc4721c6b1b9 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220422105326.78713-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_smd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c
index 19903de6268d..db5f6009fb49 100644
--- a/drivers/rpmsg/qcom_smd.c
+++ b/drivers/rpmsg/qcom_smd.c
@@ -1388,7 +1388,7 @@ static int qcom_smd_parse_edge(struct device *dev,
edge->name = node->name;
irq = irq_of_parse_and_map(node, 0);
- if (irq < 0) {
+ if (!irq) {
dev_err(dev, "required smd interrupt missing\n");
ret = irq;
goto put_node;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 294/411] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 293/411] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 295/411] firmware: stratix10-svc: fix a missing check on list iterator Greg Kroah-Hartman
` (121 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit a03e2ddab8e735e2cc315609b297b300e9cc60d2 ]
If the device is already in a runtime PM enabled state
pm_runtime_get_sync() will return 1, so a test for negative
value should be used to check for errors.
Fixes: 8eed00b237a28 ("usb: dwc3: pci: Runtime resume child device from wq")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Link: https://lore.kernel.org/r/20220422062652.10575-1-zhengyongjun3@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/dwc3-pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c
index 99964f96ff74..955bf820f410 100644
--- a/drivers/usb/dwc3/dwc3-pci.c
+++ b/drivers/usb/dwc3/dwc3-pci.c
@@ -211,7 +211,7 @@ static void dwc3_pci_resume_work(struct work_struct *work)
int ret;
ret = pm_runtime_get_sync(&dwc3->dev);
- if (ret) {
+ if (ret < 0) {
pm_runtime_put_sync_autosuspend(&dwc3->dev);
return;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 295/411] firmware: stratix10-svc: fix a missing check on list iterator
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 294/411] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 296/411] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Greg Kroah-Hartman
` (120 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Sasha Levin
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
[ Upstream commit 5a0793ac66ac0e254d292f129a4d6c526f9f2aff ]
The bug is here:
pmem->vaddr = NULL;
The list iterator 'pmem' will point to a bogus position containing
HEAD if the list is empty or no element is found. This case must
be checked before any use of the iterator, otherwise it will
lead to a invalid memory access.
To fix this bug, just gen_pool_free/set NULL/list_del() and return
when found, otherwise list_del HEAD and return;
Fixes: 7ca5ce896524f ("firmware: add Intel Stratix10 service layer driver")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220414035609.2239-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/stratix10-svc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index b2b4ba240fb1..08c422380a00 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -934,17 +934,17 @@ EXPORT_SYMBOL_GPL(stratix10_svc_allocate_memory);
void stratix10_svc_free_memory(struct stratix10_svc_chan *chan, void *kaddr)
{
struct stratix10_svc_data_mem *pmem;
- size_t size = 0;
list_for_each_entry(pmem, &svc_data_mem, node)
if (pmem->vaddr == kaddr) {
- size = pmem->size;
- break;
+ gen_pool_free(chan->ctrl->genpool,
+ (unsigned long)kaddr, pmem->size);
+ pmem->vaddr = NULL;
+ list_del(&pmem->node);
+ return;
}
- gen_pool_free(chan->ctrl->genpool, (unsigned long)kaddr, size);
- pmem->vaddr = NULL;
- list_del(&pmem->node);
+ list_del(&svc_data_mem);
}
EXPORT_SYMBOL_GPL(stratix10_svc_free_memory);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 296/411] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 295/411] firmware: stratix10-svc: fix a missing check on list iterator Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 297/411] iio: adc: sc27xx: fix read big scale voltage not right Greg Kroah-Hartman
` (119 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Philippe Schenker,
Jonathan Cameron, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit d345b23200bcdbd2bd3582213d738c258b77718f ]
wait_for_completion_timeout() returns unsigned long not long.
it returns 0 if timed out, and positive if completed.
The check for <= 0 is ambiguous and should be == 0 here
indicating timeout which is the only error case
Fixes: e813dde6f833 ("iio: stmpe-adc: Use wait_for_completion_timeout")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Philippe Schenker <philippe.schenker@toradex.com>
Link: https://lore.kernel.org/r/20220412065150.14486-1-linmq006@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/stmpe-adc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/adc/stmpe-adc.c b/drivers/iio/adc/stmpe-adc.c
index bd72727fc417..35ae801c4d35 100644
--- a/drivers/iio/adc/stmpe-adc.c
+++ b/drivers/iio/adc/stmpe-adc.c
@@ -61,7 +61,7 @@ struct stmpe_adc {
static int stmpe_read_voltage(struct stmpe_adc *info,
struct iio_chan_spec const *chan, int *val)
{
- long ret;
+ unsigned long ret;
mutex_lock(&info->lock);
@@ -79,7 +79,7 @@ static int stmpe_read_voltage(struct stmpe_adc *info,
ret = wait_for_completion_timeout(&info->completion, STMPE_ADC_TIMEOUT);
- if (ret <= 0) {
+ if (ret == 0) {
stmpe_reg_write(info->stmpe, STMPE_REG_ADC_INT_STA,
STMPE_ADC_CH(info->channel));
mutex_unlock(&info->lock);
@@ -96,7 +96,7 @@ static int stmpe_read_voltage(struct stmpe_adc *info,
static int stmpe_read_temp(struct stmpe_adc *info,
struct iio_chan_spec const *chan, int *val)
{
- long ret;
+ unsigned long ret;
mutex_lock(&info->lock);
@@ -114,7 +114,7 @@ static int stmpe_read_temp(struct stmpe_adc *info,
ret = wait_for_completion_timeout(&info->completion, STMPE_ADC_TIMEOUT);
- if (ret <= 0) {
+ if (ret == 0) {
mutex_unlock(&info->lock);
return -ETIMEDOUT;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 297/411] iio: adc: sc27xx: fix read big scale voltage not right
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 296/411] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 298/411] iio: adc: sc27xx: Fine tune the scale calibration values Greg Kroah-Hartman
` (118 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cixi Geng, Baolin Wang,
Jonathan Cameron, Sasha Levin
From: Cixi Geng <cixi.geng1@unisoc.com>
[ Upstream commit ad930a75613282400179361e220e58b87386b8c7 ]
Fix wrong configuration value of SC27XX_ADC_SCALE_MASK and
SC27XX_ADC_SCALE_SHIFT by spec documetation.
Fixes: 5df362a6cf49c (iio: adc: Add Spreadtrum SC27XX PMICs ADC support)
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Reviewed-by: Baolin Wang <baolin.wang7@gmail.com>
Link: https://lore.kernel.org/r/20220419142458.884933-3-gengcixi@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/sc27xx_adc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/adc/sc27xx_adc.c b/drivers/iio/adc/sc27xx_adc.c
index a6c046575ec3..dcc01cdcff3f 100644
--- a/drivers/iio/adc/sc27xx_adc.c
+++ b/drivers/iio/adc/sc27xx_adc.c
@@ -36,8 +36,8 @@
/* Bits and mask definition for SC27XX_ADC_CH_CFG register */
#define SC27XX_ADC_CHN_ID_MASK GENMASK(4, 0)
-#define SC27XX_ADC_SCALE_MASK GENMASK(10, 8)
-#define SC27XX_ADC_SCALE_SHIFT 8
+#define SC27XX_ADC_SCALE_MASK GENMASK(10, 9)
+#define SC27XX_ADC_SCALE_SHIFT 9
/* Bits definitions for SC27XX_ADC_INT_EN registers */
#define SC27XX_ADC_IRQ_EN BIT(0)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 298/411] iio: adc: sc27xx: Fine tune the scale calibration values
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 297/411] iio: adc: sc27xx: fix read big scale voltage not right Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 299/411] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Greg Kroah-Hartman
` (117 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cixi Geng, Jonathan Cameron, Sasha Levin
From: Cixi Geng <cixi.geng1@unisoc.com>
[ Upstream commit 5a7a184b11c6910f47600ff5cbbee34168f701a8 ]
Small adjustment the scale calibration value for the sc2731,
use new name sc2731_[big|small]_scale_graph_calib, and remove
the origin [big|small]_scale_graph_calib struct for unused.
Fixes: 8ba0dbfd07a35 (iio: adc: sc27xx: Add ADC scale calibration)
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Link: https://lore.kernel.org/r/20220419142458.884933-4-gengcixi@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/sc27xx_adc.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/iio/adc/sc27xx_adc.c b/drivers/iio/adc/sc27xx_adc.c
index dcc01cdcff3f..5b79c8b9ccde 100644
--- a/drivers/iio/adc/sc27xx_adc.c
+++ b/drivers/iio/adc/sc27xx_adc.c
@@ -103,14 +103,14 @@ static struct sc27xx_adc_linear_graph small_scale_graph = {
100, 341,
};
-static const struct sc27xx_adc_linear_graph big_scale_graph_calib = {
- 4200, 856,
- 3600, 733,
+static const struct sc27xx_adc_linear_graph sc2731_big_scale_graph_calib = {
+ 4200, 850,
+ 3600, 728,
};
-static const struct sc27xx_adc_linear_graph small_scale_graph_calib = {
- 1000, 833,
- 100, 80,
+static const struct sc27xx_adc_linear_graph sc2731_small_scale_graph_calib = {
+ 1000, 838,
+ 100, 84,
};
static int sc27xx_adc_get_calib_data(u32 calib_data, int calib_adc)
@@ -130,11 +130,11 @@ static int sc27xx_adc_scale_calibration(struct sc27xx_adc_data *data,
size_t len;
if (big_scale) {
- calib_graph = &big_scale_graph_calib;
+ calib_graph = &sc2731_big_scale_graph_calib;
graph = &big_scale_graph;
cell_name = "big_scale_calib";
} else {
- calib_graph = &small_scale_graph_calib;
+ calib_graph = &sc2731_small_scale_graph_calib;
graph = &small_scale_graph;
cell_name = "small_scale_calib";
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 299/411] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 298/411] iio: adc: sc27xx: Fine tune the scale calibration values Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 300/411] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Greg Kroah-Hartman
` (116 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bjorn Andersson,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 59d6f72f6f9c92fec8757d9e29527da828e9281f ]
irq_of_parse_and_map() returns 0 on failure, so this should not be
passed further as error return code.
Fixes: 1a358d350664 ("rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220423093932.32136-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_smd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c
index db5f6009fb49..a4db9f6100d2 100644
--- a/drivers/rpmsg/qcom_smd.c
+++ b/drivers/rpmsg/qcom_smd.c
@@ -1390,7 +1390,7 @@ static int qcom_smd_parse_edge(struct device *dev,
irq = irq_of_parse_and_map(node, 0);
if (!irq) {
dev_err(dev, "required smd interrupt missing\n");
- ret = irq;
+ ret = -EINVAL;
goto put_node;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 300/411] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 299/411] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 301/411] serial: sifive: Report actual baud base rather than fixed 115200 Greg Kroah-Hartman
` (115 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Green, Johan Hovold, Vinod Koul,
Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 5e73b2d9867998278479ccc065a8a8227a5513ef ]
Make sure to disable the pipe clock also if ufs-reset deassertion fails
during power on.
Note that the ufs-reset is asserted in qcom_qmp_phy_com_exit().
Fixes: c9b589791fc1 ("phy: qcom: Utilize UFS reset controller")
Cc: Evan Green <evgreen@chromium.org>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220502133130.4125-2-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp.c b/drivers/phy/qualcomm/phy-qcom-qmp.c
index ff5955fb4d8b..21d40c665854 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp.c
@@ -1517,7 +1517,7 @@ static int qcom_qmp_phy_enable(struct phy *phy)
qcom_qmp_phy_configure(pcs, cfg->regs, cfg->pcs_tbl, cfg->pcs_tbl_num);
ret = reset_control_deassert(qmp->ufs_reset);
if (ret)
- goto err_lane_rst;
+ goto err_pcs_ready;
/*
* Pull out PHY from POWER DOWN state.
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 301/411] serial: sifive: Report actual baud base rather than fixed 115200
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 300/411] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 302/411] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Greg Kroah-Hartman
` (114 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Sasha Levin
From: Maciej W. Rozycki <macro@orcam.me.uk>
[ Upstream commit 0a7ff843d507ce2cca2c3b7e169ee56e28133530 ]
The base baud value reported is supposed to be the highest baud rate
that can be set for a serial port. The SiFive FU740-C000 SOC's on-chip
UART supports baud rates of up to 1/16 of the input clock rate, which is
the bus clock `tlclk'[1], often at 130MHz in the case of the HiFive
Unmatched board.
However the sifive UART driver reports a fixed value of 115200 instead:
10010000.serial: ttySIF0 at MMIO 0x10010000 (irq = 1, base_baud = 115200) is a SiFive UART v0
10011000.serial: ttySIF1 at MMIO 0x10011000 (irq = 2, base_baud = 115200) is a SiFive UART v0
even though we already support setting higher baud rates, e.g.:
$ tty
/dev/ttySIF1
$ stty speed
230400
The baud base value is computed by the serial core by dividing the UART
clock recorded in `struct uart_port' by 16, which is also the minimum
value of the clock divider supported, so correct the baud base value
reported by setting the UART clock recorded to the input clock rate
rather than 115200:
10010000.serial: ttySIF0 at MMIO 0x10010000 (irq = 1, base_baud = 8125000) is a SiFive UART v0
10011000.serial: ttySIF1 at MMIO 0x10011000 (irq = 2, base_baud = 8125000) is a SiFive UART v0
[1] "SiFive FU740-C000 Manual", v1p3, SiFive, Inc., August 13, 2021,
Section 16.9 "Baud Rate Divisor Register (div)", pp.143-144
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: 1f1496a923b6 ("riscv: Fix sifive serial driver")
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2204291656280.9383@angie.orcam.me.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sifive.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c
index 6a2dc823ea82..ec9bd2207271 100644
--- a/drivers/tty/serial/sifive.c
+++ b/drivers/tty/serial/sifive.c
@@ -973,7 +973,7 @@ static int sifive_serial_probe(struct platform_device *pdev)
/* Set up clock divider */
ssp->clkin_rate = clk_get_rate(ssp->clk);
ssp->baud_rate = SIFIVE_DEFAULT_BAUD_RATE;
- ssp->port.uartclk = ssp->baud_rate * 16;
+ ssp->port.uartclk = ssp->clkin_rate;
__ssp_update_div(ssp);
platform_set_drvdata(pdev, ssp);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 302/411] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 301/411] serial: sifive: Report actual baud base rather than fixed 115200 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 303/411] soc: rockchip: Fix refcount leak in rockchip_grf_init Greg Kroah-Hartman
` (113 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leo Yan, Mathieu Poirier, Mike Leach,
Suzuki K Poulose, Guilherme G. Piccoli, Sasha Levin
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
[ Upstream commit 1adff542d67a2ed1120955cb219bfff8a9c53f59 ]
The panic notifier infrastructure executes registered callbacks when
a panic event happens - such callbacks are executed in atomic context,
with interrupts and preemption disabled in the running CPU and all other
CPUs disabled. That said, mutexes in such context are not a good idea.
This patch replaces a regular mutex with a mutex_trylock safer approach;
given the nature of the mutex used in the driver, it should be pretty
uncommon being unable to acquire such mutex in the panic path, hence
no functional change should be observed (and if it is, that would be
likely a deadlock with the regular mutex).
Fixes: 2227b7c74634 ("coresight: add support for CPU debug module")
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20220427224924.592546-10-gpiccoli@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/coresight/coresight-cpu-debug.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-cpu-debug.c b/drivers/hwtracing/coresight/coresight-cpu-debug.c
index 96544b348c27..ebe34fd6adb0 100644
--- a/drivers/hwtracing/coresight/coresight-cpu-debug.c
+++ b/drivers/hwtracing/coresight/coresight-cpu-debug.c
@@ -379,9 +379,10 @@ static int debug_notifier_call(struct notifier_block *self,
int cpu;
struct debug_drvdata *drvdata;
- mutex_lock(&debug_lock);
+ /* Bail out if we can't acquire the mutex or the functionality is off */
+ if (!mutex_trylock(&debug_lock))
+ return NOTIFY_DONE;
- /* Bail out if the functionality is disabled */
if (!debug_enable)
goto skip_dump;
@@ -400,7 +401,7 @@ static int debug_notifier_call(struct notifier_block *self,
skip_dump:
mutex_unlock(&debug_lock);
- return 0;
+ return NOTIFY_DONE;
}
static struct notifier_block debug_notifier = {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 303/411] soc: rockchip: Fix refcount leak in rockchip_grf_init
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 302/411] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 304/411] clocksource/drivers/riscv: Events are stopped during CPU suspend Greg Kroah-Hartman
` (112 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Heiko Stuebner, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9b59588d8be91c96bfb0371e912ceb4f16315dbf ]
of_find_matching_node_and_match returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: 4c58063d4258 ("soc: rockchip: add driver handling grf setup")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220516072013.19731-1-linmq006@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/rockchip/grf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/soc/rockchip/grf.c b/drivers/soc/rockchip/grf.c
index 494cf2b5bf7b..343ff61ccccb 100644
--- a/drivers/soc/rockchip/grf.c
+++ b/drivers/soc/rockchip/grf.c
@@ -148,12 +148,14 @@ static int __init rockchip_grf_init(void)
return -ENODEV;
if (!match || !match->data) {
pr_err("%s: missing grf data\n", __func__);
+ of_node_put(np);
return -EINVAL;
}
grf_info = match->data;
grf = syscon_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(grf)) {
pr_err("%s: could not get grf syscon\n", __func__);
return PTR_ERR(grf);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 304/411] clocksource/drivers/riscv: Events are stopped during CPU suspend
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 303/411] soc: rockchip: Fix refcount leak in rockchip_grf_init Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 305/411] rtc: mt6397: check return value after calling platform_get_resource() Greg Kroah-Hartman
` (111 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samuel Holland, Anup Patel,
Daniel Lezcano, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit 232ccac1bd9b5bfe73895f527c08623e7fa0752d ]
Some implementations of the SBI time extension depend on hart-local
state (for example, CSRs) that are lost or hardware that is powered
down when a CPU is suspended. To be safe, the clockevents driver
cannot assume that timer IRQs will be received during CPU suspend.
Fixes: 62b019436814 ("clocksource: new RISC-V SBI timer driver")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Anup Patel <anup@brainfault.org>
Link: https://lore.kernel.org/r/20220509012121.40031-1-samuel@sholland.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-riscv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clocksource/timer-riscv.c b/drivers/clocksource/timer-riscv.c
index 4b04ffbe5e7e..e3be5c2f57b8 100644
--- a/drivers/clocksource/timer-riscv.c
+++ b/drivers/clocksource/timer-riscv.c
@@ -26,7 +26,7 @@ static int riscv_clock_next_event(unsigned long delta,
static DEFINE_PER_CPU(struct clock_event_device, riscv_clock_event) = {
.name = "riscv_timer_clockevent",
- .features = CLOCK_EVT_FEAT_ONESHOT,
+ .features = CLOCK_EVT_FEAT_ONESHOT | CLOCK_EVT_FEAT_C3STOP,
.rating = 100,
.set_next_event = riscv_clock_next_event,
};
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 305/411] rtc: mt6397: check return value after calling platform_get_resource()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 304/411] clocksource/drivers/riscv: Events are stopped during CPU suspend Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 306/411] serial: meson: acquire port->lock in startup() Greg Kroah-Hartman
` (110 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang,
AngeloGioacchino Del Regno, Alexandre Belloni, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d3b43eb505bffb8e4cdf6800c15660c001553fe6 ]
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
Fixes: fc2979118f3f ("rtc: mediatek: Add MT6397 RTC driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20220505125043.1594771-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-mt6397.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/rtc/rtc-mt6397.c b/drivers/rtc/rtc-mt6397.c
index b216bdcba0da..dd3901b0a4ed 100644
--- a/drivers/rtc/rtc-mt6397.c
+++ b/drivers/rtc/rtc-mt6397.c
@@ -331,6 +331,8 @@ static int mtk_rtc_probe(struct platform_device *pdev)
return -ENOMEM;
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!res)
+ return -EINVAL;
rtc->addr_base = res->start;
rtc->irq = platform_get_irq(pdev, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 306/411] serial: meson: acquire port->lock in startup()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 305/411] rtc: mt6397: check return value after calling platform_get_resource() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 307/411] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 Greg Kroah-Hartman
` (109 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Petr Mladek,
Jiri Slaby, Neil Armstrong, John Ogness, Sasha Levin
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit 589f892ac8ef244e47c5a00ffd8605daa1eaef8e ]
The uart_ops startup() callback is called without interrupts
disabled and without port->lock locked, relatively late during the
boot process (from the call path of console_on_rootfs()). If the
device is a console, it was already previously registered and could
be actively printing messages.
Since the startup() callback is reading/writing registers used by
the console write() callback (AML_UART_CONTROL), its access must
be synchronized using the port->lock. Currently it is not.
The startup() callback is the only function that explicitly enables
interrupts. Without the synchronization, it is possible that
interrupts become accidentally permanently disabled.
CPU0 CPU1
meson_serial_console_write meson_uart_startup
-------------------------- ------------------
spin_lock(port->lock)
val = readl(AML_UART_CONTROL)
uart_console_write()
writel(INT_EN, AML_UART_CONTROL)
writel(val, AML_UART_CONTROL)
spin_unlock(port->lock)
Add port->lock synchronization to meson_uart_startup() to avoid
racing with meson_serial_console_write().
Also add detailed comments to meson_uart_reset() explaining why it
is *not* using port->lock synchronization.
Link: https://lore.kernel.org/lkml/2a82eae7-a256-f70c-fd82-4e510750906e@samsung.com
Fixes: ff7693d079e5 ("ARM: meson: serial: add MesonX SoC on-chip uart driver")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Link: https://lore.kernel.org/r/20220508103547.626355-1-john.ogness@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/meson_uart.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/tty/serial/meson_uart.c b/drivers/tty/serial/meson_uart.c
index fbc5bc022a39..849ce8c1ef39 100644
--- a/drivers/tty/serial/meson_uart.c
+++ b/drivers/tty/serial/meson_uart.c
@@ -256,6 +256,14 @@ static const char *meson_uart_type(struct uart_port *port)
return (port->type == PORT_MESON) ? "meson_uart" : NULL;
}
+/*
+ * This function is called only from probe() using a temporary io mapping
+ * in order to perform a reset before setting up the device. Since the
+ * temporarily mapped region was successfully requested, there can be no
+ * console on this port at this time. Hence it is not necessary for this
+ * function to acquire the port->lock. (Since there is no console on this
+ * port at this time, the port->lock is not initialized yet.)
+ */
static void meson_uart_reset(struct uart_port *port)
{
u32 val;
@@ -270,9 +278,12 @@ static void meson_uart_reset(struct uart_port *port)
static int meson_uart_startup(struct uart_port *port)
{
+ unsigned long flags;
u32 val;
int ret = 0;
+ spin_lock_irqsave(&port->lock, flags);
+
val = readl(port->membase + AML_UART_CONTROL);
val |= AML_UART_CLEAR_ERR;
writel(val, port->membase + AML_UART_CONTROL);
@@ -288,6 +299,8 @@ static int meson_uart_startup(struct uart_port *port)
val = (AML_UART_RECV_IRQ(1) | AML_UART_XMIT_IRQ(port->fifosize / 2));
writel(val, port->membase + AML_UART_MISC);
+ spin_unlock_irqrestore(&port->lock, flags);
+
ret = request_irq(port->irq, meson_uart_interrupt, 0,
port->name, port);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 307/411] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 306/411] serial: meson: acquire port->lock in startup() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 308/411] serial: digicolor-usart: Dont allow CS5-6 Greg Kroah-Hartman
` (108 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ricardo Ribalda Delgado,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit af0179270977508df6986b51242825d7edd59caf ]
SER_RS485_RTS_ON_SEND and SER_RS485_RTS_AFTER_SEND relate to behavior
within RS485 operation. The driver checks if they have the same value
which is not possible to realize with the hardware. The check is taken
regardless of SER_RS485_ENABLED flag and -EINVAL is returned when the
check fails, which creates problems.
This check makes it unnecessarily complicated to turn RS485 mode off as
simple zeroed serial_rs485 struct will trigger that equal values check.
In addition, the driver itself memsets its rs485 structure to zero when
RS485 is disabled but if userspace would try to make an TIOCSRS485
ioctl() call with the very same struct, it would end up failing with
-EINVAL which doesn't make much sense.
Resolve the problem by moving the check inside SER_RS485_ENABLED block.
Fixes: 7ecc77011c6f ("serial: 8250_fintek: Return -EINVAL on invalid configuration")
Cc: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/035c738-8ea5-8b17-b1d7-84a7b3aeaa51@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_fintek.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_fintek.c b/drivers/tty/serial/8250/8250_fintek.c
index e24161004ddc..9b1cddbfc75c 100644
--- a/drivers/tty/serial/8250/8250_fintek.c
+++ b/drivers/tty/serial/8250/8250_fintek.c
@@ -197,12 +197,12 @@ static int fintek_8250_rs485_config(struct uart_port *port,
if (!pdata)
return -EINVAL;
- /* Hardware do not support same RTS level on send and receive */
- if (!(rs485->flags & SER_RS485_RTS_ON_SEND) ==
- !(rs485->flags & SER_RS485_RTS_AFTER_SEND))
- return -EINVAL;
if (rs485->flags & SER_RS485_ENABLED) {
+ /* Hardware do not support same RTS level on send and receive */
+ if (!(rs485->flags & SER_RS485_RTS_ON_SEND) ==
+ !(rs485->flags & SER_RS485_RTS_AFTER_SEND))
+ return -EINVAL;
memset(rs485->padding, 0, sizeof(rs485->padding));
config |= RS485_URA;
} else {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 308/411] serial: digicolor-usart: Dont allow CS5-6
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 307/411] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 309/411] serial: rda-uart: " Greg Kroah-Hartman
` (107 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baruch Siach, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit fd63031b8c0763addcecdefe0e0c59d49646204e ]
Only CS7 and CS8 seem supported but CSIZE is not sanitized to CS8 in
the default: block.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: 5930cb3511df (serial: driver for Conexant Digicolor USART)
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-3-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/digicolor-usart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/digicolor-usart.c b/drivers/tty/serial/digicolor-usart.c
index 4446c13629b1..e06967ca62fa 100644
--- a/drivers/tty/serial/digicolor-usart.c
+++ b/drivers/tty/serial/digicolor-usart.c
@@ -309,6 +309,8 @@ static void digicolor_uart_set_termios(struct uart_port *port,
case CS8:
default:
config |= UA_CONFIG_CHAR_LEN;
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 309/411] serial: rda-uart: Dont allow CS5-6
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 308/411] serial: digicolor-usart: Dont allow CS5-6 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 310/411] serial: txx9: " Greg Kroah-Hartman
` (106 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manivannan Sadhasivam,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 098333a9c7d12bb3ce44c82f08b4d810c44d31b0 ]
Only CS7 and CS8 are supported but CSIZE is not sanitized after
fallthrough from CS5 or CS6 to CS7.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: c10b13325ced (tty: serial: Add RDA8810PL UART driver)
Cc: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-4-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/rda-uart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/rda-uart.c b/drivers/tty/serial/rda-uart.c
index ff9a27d48bca..877d86ff6819 100644
--- a/drivers/tty/serial/rda-uart.c
+++ b/drivers/tty/serial/rda-uart.c
@@ -262,6 +262,8 @@ static void rda_uart_set_termios(struct uart_port *port,
/* Fall through */
case CS7:
ctrl &= ~RDA_UART_DBITS_8;
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS7;
break;
default:
ctrl |= RDA_UART_DBITS_8;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 310/411] serial: txx9: Dont allow CS5-6
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 309/411] serial: rda-uart: " Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 311/411] serial: sh-sci: " Greg Kroah-Hartman
` (105 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 79ac88655dc0551e3571ad16bdabdbe65d61553e ]
Only CS7 and CS8 are supported but CSIZE is not sanitized with
CS5 or CS6 to CS8.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: 1da177e4c3f4 (Linux-2.6.12-rc2)
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-5-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial_txx9.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/serial_txx9.c b/drivers/tty/serial/serial_txx9.c
index 8507f18900d0..2783baa5dfe5 100644
--- a/drivers/tty/serial/serial_txx9.c
+++ b/drivers/tty/serial/serial_txx9.c
@@ -648,6 +648,8 @@ serial_txx9_set_termios(struct uart_port *port, struct ktermios *termios,
case CS6: /* not supported */
case CS8:
cval |= TXX9_SILCR_UMODE_8BIT;
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 311/411] serial: sh-sci: Dont allow CS5-6
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 310/411] serial: txx9: " Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 312/411] serial: sifive: Sanitize CSIZE and c_iflag Greg Kroah-Hartman
` (104 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 9b87162de8be26bf3156460b37deee6399fd0fcb ]
Only CS7 and CS8 seem supported but CSIZE is not sanitized from
CS5 or CS6 to CS8.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: 1da177e4c3f4 (Linux-2.6.12-rc2)
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-6-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sh-sci.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index ecff9b208808..c066bb7f07b0 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -2395,8 +2395,12 @@ static void sci_set_termios(struct uart_port *port, struct ktermios *termios,
int best_clk = -1;
unsigned long flags;
- if ((termios->c_cflag & CSIZE) == CS7)
+ if ((termios->c_cflag & CSIZE) == CS7) {
smr_val |= SCSMR_CHR;
+ } else {
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
+ }
if (termios->c_cflag & PARENB)
smr_val |= SCSMR_PE;
if (termios->c_cflag & PARODD)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 312/411] serial: sifive: Sanitize CSIZE and c_iflag
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 311/411] serial: sh-sci: " Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 313/411] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Greg Kroah-Hartman
` (103 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Walmsley, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit c069d2756c01ed36121fae6a42c14fdf1325c71d ]
Only CS8 is supported but CSIZE was not sanitized to CS8.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Similarly, INPCK, PARMRK, and BRKINT are reported textually unsupported
but were not cleared in termios c_iflag which is the machine-readable
format.
Fixes: 45c054d0815b (tty: serial: add driver for the SiFive UART)
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-7-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sifive.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c
index ec9bd2207271..7015632c4990 100644
--- a/drivers/tty/serial/sifive.c
+++ b/drivers/tty/serial/sifive.c
@@ -667,12 +667,16 @@ static void sifive_serial_set_termios(struct uart_port *port,
int rate;
char nstop;
- if ((termios->c_cflag & CSIZE) != CS8)
+ if ((termios->c_cflag & CSIZE) != CS8) {
dev_err_once(ssp->port.dev, "only 8-bit words supported\n");
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
+ }
if (termios->c_iflag & (INPCK | PARMRK))
dev_err_once(ssp->port.dev, "parity checking not supported\n");
if (termios->c_iflag & BRKINT)
dev_err_once(ssp->port.dev, "BREAK detection not supported\n");
+ termios->c_iflag &= ~(INPCK|PARMRK|BRKINT);
/* Set number of stop bits */
nstop = (termios->c_cflag & CSTOPB) ? 2 : 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 313/411] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 312/411] serial: sifive: Sanitize CSIZE and c_iflag Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 314/411] serial: stm32-usart: Correct CSIZE, bits, and parity Greg Kroah-Hartman
` (102 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 52bb1cb7118564166b04d52387bd8403632f5190 ]
Only CS7 and CS8 seem supported but CSIZE is not sanitized from CS5 or
CS6 to CS8. In addition, ASC_CTL_MODE_7BIT_PAR suggests that CS7 has
to have parity, thus add PARENB.
Incorrect CSIZE results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: c4b058560762 (serial:st-asc: Add ST ASC driver.)
Cc: Srinivas Kandagatla <srinivas.kandagatla@st.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-8-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/st-asc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/serial/st-asc.c b/drivers/tty/serial/st-asc.c
index 7971997cdead..ce35e3a131b1 100644
--- a/drivers/tty/serial/st-asc.c
+++ b/drivers/tty/serial/st-asc.c
@@ -540,10 +540,14 @@ static void asc_set_termios(struct uart_port *port, struct ktermios *termios,
/* set character length */
if ((cflag & CSIZE) == CS7) {
ctrl_val |= ASC_CTL_MODE_7BIT_PAR;
+ cflag |= PARENB;
} else {
ctrl_val |= (cflag & PARENB) ? ASC_CTL_MODE_8BIT_PAR :
ASC_CTL_MODE_8BIT;
+ cflag &= ~CSIZE;
+ cflag |= CS8;
}
+ termios->c_cflag = cflag;
/* set stop bit */
ctrl_val |= (cflag & CSTOPB) ? ASC_CTL_STOP_2BIT : ASC_CTL_STOP_1BIT;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 314/411] serial: stm32-usart: Correct CSIZE, bits, and parity
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 313/411] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 315/411] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Greg Kroah-Hartman
` (101 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erwan Le Ray, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 1deeda8d2877c18bc2b9eeee10dd6d2628852848 ]
Add CSIZE sanitization for unsupported CSIZE configurations. In
addition, if parity is asked for but CSx was unsupported, the sensible
result is CS8+parity which requires setting USART_CR1_M0 like with 9
bits.
Incorrect CSIZE results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: c8a9d043947b (serial: stm32: fix word length configuration)
Cc: Erwan Le Ray <erwan.leray@st.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-9-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/stm32-usart.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c
index d517b911cd04..d5a084ffde89 100644
--- a/drivers/tty/serial/stm32-usart.c
+++ b/drivers/tty/serial/stm32-usart.c
@@ -745,13 +745,22 @@ static void stm32_set_termios(struct uart_port *port, struct ktermios *termios,
* CS8 or (CS7 + parity), 8 bits word aka [M1:M0] = 0b00
* M0 and M1 already cleared by cr1 initialization.
*/
- if (bits == 9)
+ if (bits == 9) {
cr1 |= USART_CR1_M0;
- else if ((bits == 7) && cfg->has_7bits_data)
+ } else if ((bits == 7) && cfg->has_7bits_data) {
cr1 |= USART_CR1_M1;
- else if (bits != 8)
+ } else if (bits != 8) {
dev_dbg(port->dev, "Unsupported data bits config: %u bits\n"
, bits);
+ cflag &= ~CSIZE;
+ cflag |= CS8;
+ termios->c_cflag = cflag;
+ bits = 8;
+ if (cflag & PARENB) {
+ bits++;
+ cr1 |= USART_CR1_M0;
+ }
+ }
if (ofs->rtor != UNDEF_REG && (stm32_port->rx_ch ||
stm32_port->fifoen)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 315/411] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 314/411] serial: stm32-usart: Correct CSIZE, bits, and parity Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 316/411] bus: ti-sysc: Fix warnings for unbind for serial Greg Kroah-Hartman
` (100 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 660ba678f9998aca6db74f2dd912fa5124f0fa31 ]
kobject_init_and_add() takes reference even when it fails.
According to the doc of kobject_init_and_add()
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Fix this issue by calling kobject_put().
Fixes: 948af1f0bbc8 ("firmware: Basic dmi-sysfs support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220511071421.9769-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/dmi-sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/dmi-sysfs.c b/drivers/firmware/dmi-sysfs.c
index b6180023eba7..2858e05636e9 100644
--- a/drivers/firmware/dmi-sysfs.c
+++ b/drivers/firmware/dmi-sysfs.c
@@ -603,7 +603,7 @@ static void __init dmi_sysfs_register_handle(const struct dmi_header *dh,
"%d-%d", dh->type, entry->instance);
if (*ret) {
- kfree(entry);
+ kobject_put(&entry->kobj);
return;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 316/411] bus: ti-sysc: Fix warnings for unbind for serial
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 315/411] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 317/411] driver: base: fix UAF when driver_attach failed Greg Kroah-Hartman
` (99 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Romain Naour, Tony Lindgren, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit c337125b8834f9719dfda0e40b25eaa266f1b8cf ]
We can get "failed to disable" clock_unprepare warnings on unbind at least
for the serial console device if the unbind is done before the device has
been idled.
As some devices are using deferred idle, we must check the status for
pending idle work to idle the device.
Fixes: 76f0f772e469 ("bus: ti-sysc: Improve handling for no-reset-on-init and no-idle-on-init")
Cc: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20220512053021.61650-1-tony@atomide.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/ti-sysc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c
index 469ca73de4ce..44aeceaccfa4 100644
--- a/drivers/bus/ti-sysc.c
+++ b/drivers/bus/ti-sysc.c
@@ -2724,7 +2724,9 @@ static int sysc_remove(struct platform_device *pdev)
struct sysc *ddata = platform_get_drvdata(pdev);
int error;
- cancel_delayed_work_sync(&ddata->idle_work);
+ /* Device can still be enabled, see deferred idle quirk in probe */
+ if (cancel_delayed_work_sync(&ddata->idle_work))
+ ti_sysc_idle(&ddata->idle_work.work);
error = pm_runtime_get_sync(ddata->dev);
if (error < 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 317/411] driver: base: fix UAF when driver_attach failed
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 316/411] bus: ti-sysc: Fix warnings for unbind for serial Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 318/411] driver core: fix deadlock in __device_attach Greg Kroah-Hartman
` (98 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Schspa Shi, Sasha Levin
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit 310862e574001a97ad02272bac0fd13f75f42a27 ]
When driver_attach(drv); failed, the driver_private will be freed.
But it has been added to the bus, which caused a UAF.
To fix it, we need to delete it from the bus when failed.
Fixes: 190888ac01d0 ("driver core: fix possible missing of device probe")
Signed-off-by: Schspa Shi <schspa@gmail.com>
Link: https://lore.kernel.org/r/20220513112444.45112-1-schspa@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/bus.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index a1d1e8256324..7d7d28f498ed 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -620,7 +620,7 @@ int bus_add_driver(struct device_driver *drv)
if (drv->bus->p->drivers_autoprobe) {
error = driver_attach(drv);
if (error)
- goto out_unregister;
+ goto out_del_list;
}
module_add_driver(drv->owner, drv);
@@ -647,6 +647,8 @@ int bus_add_driver(struct device_driver *drv)
return 0;
+out_del_list:
+ klist_del(&priv->knode_bus);
out_unregister:
kobject_put(&priv->kobj);
/* drv->p is freed in driver_release() */
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 318/411] driver core: fix deadlock in __device_attach
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 317/411] driver: base: fix UAF when driver_attach failed Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 319/411] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Greg Kroah-Hartman
` (97 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhang Wensheng, Sasha Levin
From: Zhang Wensheng <zhangwensheng5@huawei.com>
[ Upstream commit b232b02bf3c205b13a26dcec08e53baddd8e59ed ]
In __device_attach function, The lock holding logic is as follows:
...
__device_attach
device_lock(dev) // get lock dev
async_schedule_dev(__device_attach_async_helper, dev); // func
async_schedule_node
async_schedule_node_domain(func)
entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);
/* when fail or work limit, sync to execute func, but
__device_attach_async_helper will get lock dev as
well, which will lead to A-A deadlock. */
if (!entry || atomic_read(&entry_count) > MAX_WORK) {
func;
else
queue_work_node(node, system_unbound_wq, &entry->work)
device_unlock(dev)
As shown above, when it is allowed to do async probes, because of
out of memory or work limit, async work is not allowed, to do
sync execute instead. it will lead to A-A deadlock because of
__device_attach_async_helper getting lock dev.
To fix the deadlock, move the async_schedule_dev outside device_lock,
as we can see, in async_schedule_node_domain, the parameter of
queue_work_node is system_unbound_wq, so it can accept concurrent
operations. which will also not change the code logic, and will
not lead to deadlock.
Fixes: 765230b5f084 ("driver-core: add asynchronous probing support for drivers")
Signed-off-by: Zhang Wensheng <zhangwensheng5@huawei.com>
Link: https://lore.kernel.org/r/20220518074516.1225580-1-zhangwensheng5@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/dd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index 26cd4ce3ac75..6f85280fef8d 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -873,6 +873,7 @@ static void __device_attach_async_helper(void *_dev, async_cookie_t cookie)
static int __device_attach(struct device *dev, bool allow_async)
{
int ret = 0;
+ bool async = false;
device_lock(dev);
if (dev->p->dead) {
@@ -911,7 +912,7 @@ static int __device_attach(struct device *dev, bool allow_async)
*/
dev_dbg(dev, "scheduling asynchronous probe\n");
get_device(dev);
- async_schedule_dev(__device_attach_async_helper, dev);
+ async = true;
} else {
pm_request_idle(dev);
}
@@ -921,6 +922,8 @@ static int __device_attach(struct device *dev, bool allow_async)
}
out_unlock:
device_unlock(dev);
+ if (async)
+ async_schedule_dev(__device_attach_async_helper, dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 319/411] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 318/411] driver core: fix deadlock in __device_attach Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 320/411] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Greg Kroah-Hartman
` (96 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 5d24df3d690809952528e7a19a43d84bc5b99d44 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() in some error paths.
Fixes: bf9006399939 ("watchdog: ts4800: add driver for TS-4800 watchdog")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220511114203.47420-1-linmq006@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/ts4800_wdt.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/watchdog/ts4800_wdt.c b/drivers/watchdog/ts4800_wdt.c
index c137ad2bd5c3..0ea554c7cda5 100644
--- a/drivers/watchdog/ts4800_wdt.c
+++ b/drivers/watchdog/ts4800_wdt.c
@@ -125,13 +125,16 @@ static int ts4800_wdt_probe(struct platform_device *pdev)
ret = of_property_read_u32_index(np, "syscon", 1, ®);
if (ret < 0) {
dev_err(dev, "no offset in syscon\n");
+ of_node_put(syscon_np);
return ret;
}
/* allocate memory for watchdog struct */
wdt = devm_kzalloc(dev, sizeof(*wdt), GFP_KERNEL);
- if (!wdt)
+ if (!wdt) {
+ of_node_put(syscon_np);
return -ENOMEM;
+ }
/* set regmap and offset to know where to write */
wdt->feed_offset = reg;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 320/411] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 319/411] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 321/411] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (95 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shengjiu Wang, Mark Brown, Sasha Levin
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit e4dd748dc87cf431af7b3954963be0d9f6150217 ]
There are multiple xDR and xFR registers, the index is
from 0 to 7. FSL_SAI_xDR and FSL_SAI_xFR is abandoned,
replace them with FSL_SAI_xDR0 and FSL_SAI_xFR0.
Fixes: 4f7a0728b530 ("ASoC: fsl_sai: Add support for SAI new version")
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Link: https://lore.kernel.org/r/1653284661-18964-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_sai.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/fsl/fsl_sai.h b/sound/soc/fsl/fsl_sai.h
index 677ecfc1ec68..afaef2027234 100644
--- a/sound/soc/fsl/fsl_sai.h
+++ b/sound/soc/fsl/fsl_sai.h
@@ -67,8 +67,8 @@
#define FSL_SAI_xCR3(tx, ofs) (tx ? FSL_SAI_TCR3(ofs) : FSL_SAI_RCR3(ofs))
#define FSL_SAI_xCR4(tx, ofs) (tx ? FSL_SAI_TCR4(ofs) : FSL_SAI_RCR4(ofs))
#define FSL_SAI_xCR5(tx, ofs) (tx ? FSL_SAI_TCR5(ofs) : FSL_SAI_RCR5(ofs))
-#define FSL_SAI_xDR(tx, ofs) (tx ? FSL_SAI_TDR(ofs) : FSL_SAI_RDR(ofs))
-#define FSL_SAI_xFR(tx, ofs) (tx ? FSL_SAI_TFR(ofs) : FSL_SAI_RFR(ofs))
+#define FSL_SAI_xDR0(tx) (tx ? FSL_SAI_TDR0 : FSL_SAI_RDR0)
+#define FSL_SAI_xFR0(tx) (tx ? FSL_SAI_TFR0 : FSL_SAI_RFR0)
#define FSL_SAI_xMR(tx) (tx ? FSL_SAI_TMR : FSL_SAI_RMR)
/* SAI Transmit/Receive Control Register */
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 321/411] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 320/411] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 322/411] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Greg Kroah-Hartman
` (94 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Neil Armstrong,
Daniel Lezcano, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 9c04a8ff03def4df3f81219ffbe1ec9b44ff5348 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: 89355274e1f7 ("clocksource/drivers/oxnas-rps: Add Oxford Semiconductor RPS Dual Timer")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20220422104101.55754-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-oxnas-rps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clocksource/timer-oxnas-rps.c b/drivers/clocksource/timer-oxnas-rps.c
index 56c0cc32d0ac..d514b44e67dd 100644
--- a/drivers/clocksource/timer-oxnas-rps.c
+++ b/drivers/clocksource/timer-oxnas-rps.c
@@ -236,7 +236,7 @@ static int __init oxnas_rps_timer_init(struct device_node *np)
}
rps->irq = irq_of_parse_and_map(np, 0);
- if (rps->irq < 0) {
+ if (!rps->irq) {
ret = -EINVAL;
goto err_iomap;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 322/411] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 321/411] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 323/411] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Greg Kroah-Hartman
` (93 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jann Horn, Harald Freudenberger,
Heiko Carstens, Sasha Levin
From: Jann Horn <jannh@google.com>
[ Upstream commit bd52cd5e23f134019b23f0c389db0f9a436e4576 ]
The argument of scatterwalk_unmap() is supposed to be the void* that was
returned by the previous scatterwalk_map() call.
The s390 AES-GCM implementation was instead passing the pointer to the
struct scatter_walk.
This doesn't actually break anything because scatterwalk_unmap() only uses
its argument under CONFIG_HIGHMEM and ARCH_HAS_FLUSH_ON_KUNMAP.
Fixes: bf7fa038707c ("s390/crypto: add s390 platform specific aes gcm support.")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Harald Freudenberger <freude@linux.ibm.com>
Link: https://lore.kernel.org/r/20220517143047.3054498-1-jannh@google.com
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/crypto/aes_s390.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
index 9803e96d2924..558cfe570ccf 100644
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -861,7 +861,7 @@ static inline void _gcm_sg_unmap_and_advance(struct gcm_sg_walk *gw,
unsigned int nbytes)
{
gw->walk_bytes_remain -= nbytes;
- scatterwalk_unmap(&gw->walk);
+ scatterwalk_unmap(gw->walk_ptr);
scatterwalk_advance(&gw->walk, nbytes);
scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain);
gw->walk_ptr = NULL;
@@ -936,7 +936,7 @@ static int gcm_out_walk_go(struct gcm_sg_walk *gw, unsigned int minbytesneeded)
goto out;
}
- scatterwalk_unmap(&gw->walk);
+ scatterwalk_unmap(gw->walk_ptr);
gw->walk_ptr = NULL;
gw->ptr = gw->buf;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 323/411] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 322/411] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 324/411] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Greg Kroah-Hartman
` (92 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Ray, Eric Dumazet,
Jakub Kicinski, Sasha Levin
From: Vincent Ray <vray@kalrayinc.com>
[ Upstream commit a54ce3703613e41fe1d98060b62ec09a3984dc28 ]
In qdisc_run_begin(), smp_mb__before_atomic() used before test_bit()
does not provide any ordering guarantee as test_bit() is not an atomic
operation. This, added to the fact that the spin_trylock() call at
the beginning of qdisc_run_begin() does not guarantee acquire
semantics if it does not grab the lock, makes it possible for the
following statement :
if (test_bit(__QDISC_STATE_MISSED, &qdisc->state))
to be executed before an enqueue operation called before
qdisc_run_begin().
As a result the following race can happen :
CPU 1 CPU 2
qdisc_run_begin() qdisc_run_begin() /* true */
set(MISSED) .
/* returns false */ .
. /* sees MISSED = 1 */
. /* so qdisc not empty */
. __qdisc_run()
. .
. pfifo_fast_dequeue()
----> /* may be done here */ .
| . clear(MISSED)
| . .
| . smp_mb __after_atomic();
| . .
| . /* recheck the queue */
| . /* nothing => exit */
| enqueue(skb1)
| .
| qdisc_run_begin()
| .
| spin_trylock() /* fail */
| .
| smp_mb__before_atomic() /* not enough */
| .
---- if (test_bit(MISSED))
return false; /* exit */
In the above scenario, CPU 1 and CPU 2 both try to grab the
qdisc->seqlock at the same time. Only CPU 2 succeeds and enters the
bypass code path, where it emits its skb then calls __qdisc_run().
CPU1 fails, sets MISSED and goes down the traditionnal enqueue() +
dequeue() code path. But when executing qdisc_run_begin() for the
second time, after enqueuing its skbuff, it sees the MISSED bit still
set (by itself) and consequently chooses to exit early without setting
it again nor trying to grab the spinlock again.
Meanwhile CPU2 has seen MISSED = 1, cleared it, checked the queue
and found it empty, so it returned.
At the end of the sequence, we end up with skb1 enqueued in the
backlog, both CPUs out of __dev_xmit_skb(), the MISSED bit not set,
and no __netif_schedule() called made. skb1 will now linger in the
qdisc until somebody later performs a full __qdisc_run(). Associated
to the bypass capacity of the qdisc, and the ability of the TCP layer
to avoid resending packets which it knows are still in the qdisc, this
can lead to serious traffic "holes" in a TCP connection.
We fix this by replacing the smp_mb__before_atomic() / test_bit() /
set_bit() / smp_mb__after_atomic() sequence inside qdisc_run_begin()
by a single test_and_set_bit() call, which is more concise and
enforces the needed memory barriers.
Fixes: 89837eb4b246 ("net: sched: add barrier to ensure correct ordering for lockless qdisc")
Signed-off-by: Vincent Ray <vray@kalrayinc.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20220526001746.2437669-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sch_generic.h | 36 ++++++++----------------------------
1 file changed, 8 insertions(+), 28 deletions(-)
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index ae69059ba76d..90fb413d9fd7 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -160,37 +160,17 @@ static inline bool qdisc_run_begin(struct Qdisc *qdisc)
if (spin_trylock(&qdisc->seqlock))
goto nolock_empty;
- /* Paired with smp_mb__after_atomic() to make sure
- * STATE_MISSED checking is synchronized with clearing
- * in pfifo_fast_dequeue().
+ /* No need to insist if the MISSED flag was already set.
+ * Note that test_and_set_bit() also gives us memory ordering
+ * guarantees wrt potential earlier enqueue() and below
+ * spin_trylock(), both of which are necessary to prevent races
*/
- smp_mb__before_atomic();
-
- /* If the MISSED flag is set, it means other thread has
- * set the MISSED flag before second spin_trylock(), so
- * we can return false here to avoid multi cpus doing
- * the set_bit() and second spin_trylock() concurrently.
- */
- if (test_bit(__QDISC_STATE_MISSED, &qdisc->state))
+ if (test_and_set_bit(__QDISC_STATE_MISSED, &qdisc->state))
return false;
- /* Set the MISSED flag before the second spin_trylock(),
- * if the second spin_trylock() return false, it means
- * other cpu holding the lock will do dequeuing for us
- * or it will see the MISSED flag set after releasing
- * lock and reschedule the net_tx_action() to do the
- * dequeuing.
- */
- set_bit(__QDISC_STATE_MISSED, &qdisc->state);
-
- /* spin_trylock() only has load-acquire semantic, so use
- * smp_mb__after_atomic() to ensure STATE_MISSED is set
- * before doing the second spin_trylock().
- */
- smp_mb__after_atomic();
-
- /* Retry again in case other CPU may not see the new flag
- * after it releases the lock at the end of qdisc_run_end().
+ /* Try to take the lock again to make sure that we will either
+ * grab it or the CPU that still has it will see MISSED set
+ * when testing it in qdisc_run_end()
*/
if (!spin_trylock(&qdisc->seqlock))
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 324/411] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 323/411] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 325/411] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Greg Kroah-Hartman
` (91 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, David S. Miller, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit e7e7104e2d5ddf3806a28695670f21bef471f1e1 ]
The "fsp->location" variable comes from user via ethtool_get_rxnfc().
Check that it is valid to prevent an out of bounds read.
Fixes: 7aab747e5563 ("net: ethernet: mediatek: add ethtool functions to configure RX flows of HW LRO")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 3351d4f9363a..5dce4cd60f58 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -1962,6 +1962,9 @@ static int mtk_hwlro_get_fdir_entry(struct net_device *dev,
struct ethtool_rx_flow_spec *fsp =
(struct ethtool_rx_flow_spec *)&cmd->fs;
+ if (fsp->location >= ARRAY_SIZE(mac->hwlro_ip))
+ return -EINVAL;
+
/* only tcp dst ipv4 is meaningful, others are meaningless */
fsp->flow_type = TCP_V4_FLOW;
fsp->h_u.tcp_ip4_spec.ip4dst = ntohl(mac->hwlro_ip[fsp->location]);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 325/411] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 324/411] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 326/411] modpost: fix removing numeric suffixes Greg Kroah-Hartman
` (90 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Marek Behún,
David S. Miller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 02ded5a173619b11728b8bf75a3fd995a2c1ff28 ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
mv88e6xxx_mdio_register() pass the device node to of_mdiobus_register().
We don't need the device node after it.
Add missing of_node_put() to avoid refcount leak.
Fixes: a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/mv88e6xxx/chip.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index 87d28ef82559..b336ed071fa8 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -2910,6 +2910,7 @@ static int mv88e6xxx_mdios_register(struct mv88e6xxx_chip *chip,
*/
child = of_get_child_by_name(np, "mdio");
err = mv88e6xxx_mdio_register(chip, child, false);
+ of_node_put(child);
if (err)
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 326/411] modpost: fix removing numeric suffixes
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 325/411] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 327/411] jffs2: fix memory leak in jffs2_do_fill_super Greg Kroah-Hartman
` (89 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Lobakin, Petr Mladek,
Masahiro Yamada, Sasha Levin
From: Alexander Lobakin <alexandr.lobakin@intel.com>
[ Upstream commit b5beffa20d83c4e15306c991ffd00de0d8628338 ]
With the `-z unique-symbol` linker flag or any similar mechanism,
it is possible to trigger the following:
ERROR: modpost: "param_set_uint.0" [vmlinux] is a static EXPORT_SYMBOL
The reason is that for now the condition from remove_dot():
if (m && (s[n + m] == '.' || s[n + m] == 0))
which was designed to test if it's a dot or a '\0' after the suffix
is never satisfied.
This is due to that `s[n + m]` always points to the last digit of a
numeric suffix, not on the symbol next to it (from a custom debug
print added to modpost):
param_set_uint.0, s[n + m] is '0', s[n + m + 1] is '\0'
So it's off-by-one and was like that since 2014.
Fix this for the sake of any potential upcoming features, but don't
bother stable-backporting, as it's well hidden -- apart from that
LD flag, it can be triggered only with GCC LTO which never landed
upstream.
Fixes: fcd38ed0ff26 ("scripts: modpost: fix compilation warning")
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/modpost.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 13cda6aa2688..74e2052f429d 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1998,7 +1998,7 @@ static char *remove_dot(char *s)
if (n && s[n]) {
size_t m = strspn(s + n + 1, "0123456789");
- if (m && (s[n + m] == '.' || s[n + m] == 0))
+ if (m && (s[n + m + 1] == '.' || s[n + m + 1] == 0))
s[n] = 0;
}
return s;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 327/411] jffs2: fix memory leak in jffs2_do_fill_super
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.4 326/411] modpost: fix removing numeric suffixes Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 328/411] ubi: ubi_create_volume: Fix use-after-free when volume creation failed Greg Kroah-Hartman
` (88 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baokun Li, Richard Weinberger, Sasha Levin
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit c14adb1cf70a984ed081c67e9d27bc3caad9537c ]
If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns
an error, we can observe the following kmemleak report:
--------------------------------------------
unreferenced object 0xffff888105a65340 (size 64):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff859c45e5>] kmem_cache_alloc_trace+0x475/0x8a0
[<ffffffff86160146>] jffs2_sum_init+0x96/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
unreferenced object 0xffff8881bd7f0000 (size 65536):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
backtrace:
[<ffffffff858579ba>] kmalloc_order+0xda/0x110
[<ffffffff85857a11>] kmalloc_order_trace+0x21/0x130
[<ffffffff859c2ed1>] __kmalloc+0x711/0x8a0
[<ffffffff86160189>] jffs2_sum_init+0xd9/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
--------------------------------------------
This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.
Fixes: e631ddba5887 ("[JFFS2] Add erase block summary support (mount time improvement)")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jffs2/fs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
index ad1eba809e7e..ee2282b8c7a7 100644
--- a/fs/jffs2/fs.c
+++ b/fs/jffs2/fs.c
@@ -603,6 +603,7 @@ int jffs2_do_fill_super(struct super_block *sb, struct fs_context *fc)
jffs2_free_raw_node_refs(c);
kvfree(c->blocks);
jffs2_clear_xattr_subsystem(c);
+ jffs2_sum_exit(c);
out_inohash:
kfree(c->inocache_list);
out_wbuf:
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 328/411] ubi: ubi_create_volume: Fix use-after-free when volume creation failed
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 327/411] jffs2: fix memory leak in jffs2_do_fill_super Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 329/411] nfp: only report pause frame configuration for physical device Greg Kroah-Hartman
` (87 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger,
Sasha Levin
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit 8c03a1c21d72210f81cb369cc528e3fde4b45411 ]
There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s
error handling path:
ubi_eba_replace_table(vol, eba_tbl)
vol->eba_tbl = tbl
out_mapping:
ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl'
out_unlock:
put_device(&vol->dev)
vol_release
kfree(tbl->entries) // UAF
Fix it by removing redundant 'eba_tbl' releasing.
Fetch a reproducer in [Link].
Fixes: 493cfaeaa0c9b ("mtd: utilize new cdev_device_add helper function")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215965
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/ubi/vmt.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c
index 1bc7b3a05604..6ea95ade4ca6 100644
--- a/drivers/mtd/ubi/vmt.c
+++ b/drivers/mtd/ubi/vmt.c
@@ -309,7 +309,6 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
ubi->volumes[vol_id] = NULL;
ubi->vol_count -= 1;
spin_unlock(&ubi->volumes_lock);
- ubi_eba_destroy_table(eba_tbl);
out_acc:
spin_lock(&ubi->volumes_lock);
ubi->rsvd_pebs -= vol->reserved_pebs;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 329/411] nfp: only report pause frame configuration for physical device
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 328/411] ubi: ubi_create_volume: Fix use-after-free when volume creation failed Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 330/411] net/mlx5: Dont use already freed action pointer Greg Kroah-Hartman
` (86 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Xiao, Simon Horman,
David S. Miller, Sasha Levin
From: Yu Xiao <yu.xiao@corigine.com>
[ Upstream commit 0649e4d63420ebc8cbebef3e9d39e12ffc5eb9fa ]
Only report pause frame configuration for physical device. Logical
port of both PCI PF and PCI VF do not support it.
Fixes: 9fdc5d85a8fe ("nfp: update ethtool reporting of pauseframe control")
Signed-off-by: Yu Xiao <yu.xiao@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
index 89e578e25ff8..10857914c552 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
@@ -266,8 +266,6 @@ nfp_net_get_link_ksettings(struct net_device *netdev,
/* Init to unknowns */
ethtool_link_ksettings_add_link_mode(cmd, supported, FIBRE);
- ethtool_link_ksettings_add_link_mode(cmd, supported, Pause);
- ethtool_link_ksettings_add_link_mode(cmd, advertising, Pause);
cmd->base.port = PORT_OTHER;
cmd->base.speed = SPEED_UNKNOWN;
cmd->base.duplex = DUPLEX_UNKNOWN;
@@ -275,6 +273,8 @@ nfp_net_get_link_ksettings(struct net_device *netdev,
port = nfp_port_from_netdev(netdev);
eth_port = nfp_port_get_eth_port(port);
if (eth_port) {
+ ethtool_link_ksettings_add_link_mode(cmd, supported, Pause);
+ ethtool_link_ksettings_add_link_mode(cmd, advertising, Pause);
cmd->base.autoneg = eth_port->aneg != NFP_ANEG_DISABLED ?
AUTONEG_ENABLE : AUTONEG_DISABLE;
nfp_net_set_fec_link_mode(eth_port, cmd);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 330/411] net/mlx5: Dont use already freed action pointer
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 329/411] nfp: only report pause frame configuration for physical device Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 331/411] net/mlx5e: Update netdev features after changing XDP state Greg Kroah-Hartman
` (85 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Leon Romanovsky,
Saeed Mahameed, Sasha Levin
From: Leon Romanovsky <leonro@nvidia.com>
[ Upstream commit 80b2bd737d0e833e6a2b77e482e5a714a79c86a4 ]
The call to mlx5dr_action_destroy() releases "action" memory. That
pointer is set to miss_action later and generates the following smatch
error:
drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c:53 set_miss_action()
warn: 'action' was already freed.
Make sure that the pointer is always valid by setting NULL after destroy.
Fixes: 6a48faeeca10 ("net/mlx5: Add direct rule fs_cmd implementation")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c
index 348f02e336f6..d64368506754 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c
@@ -43,11 +43,10 @@ static int set_miss_action(struct mlx5_flow_root_namespace *ns,
err = mlx5dr_table_set_miss_action(ft->fs_dr_table.dr_table, action);
if (err && action) {
err = mlx5dr_action_destroy(action);
- if (err) {
- action = NULL;
- mlx5_core_err(ns->dev, "Failed to destroy action (%d)\n",
- err);
- }
+ if (err)
+ mlx5_core_err(ns->dev,
+ "Failed to destroy action (%d)\n", err);
+ action = NULL;
}
ft->fs_dr_table.miss_action = action;
if (old_miss_action) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 331/411] net/mlx5e: Update netdev features after changing XDP state
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 330/411] net/mlx5: Dont use already freed action pointer Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 332/411] net: sched: add barrier to fix packet stuck problem for lockless qdisc Greg Kroah-Hartman
` (84 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Mikityanskiy, Tariq Toukan,
Saeed Mahameed, Sasha Levin
From: Maxim Mikityanskiy <maximmi@nvidia.com>
[ Upstream commit f6279f113ad593971999c877eb69dc3d36a75894 ]
Some features (LRO, HW GRO) conflict with XDP. If there is an attempt to
enable such features while XDP is active, they will be set to `off
[requested on]`. In order to activate these features after XDP is turned
off, the driver needs to call netdev_update_features(). This commit adds
this missing call after XDP state changes.
Fixes: cf6e34c8c22f ("net/mlx5e: Properly block LRO when XDP is enabled")
Fixes: b0617e7b3500 ("net/mlx5e: Properly block HW GRO when XDP is enabled")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 73291051808f..35630b538c82 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -4638,6 +4638,11 @@ static int mlx5e_xdp_set(struct net_device *netdev, struct bpf_prog *prog)
unlock:
mutex_unlock(&priv->state_lock);
+
+ /* Need to fix some features. */
+ if (!err)
+ netdev_update_features(netdev);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 332/411] net: sched: add barrier to fix packet stuck problem for lockless qdisc
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 331/411] net/mlx5e: Update netdev features after changing XDP state Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 333/411] tcp: tcp_rtx_synack() can be called from process context Greg Kroah-Hartman
` (83 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoju Fang, Jakub Kicinski, Sasha Levin
From: Guoju Fang <gjfang@linux.alibaba.com>
[ Upstream commit 2e8728c955ce0624b958eee6e030a37aca3a5d86 ]
In qdisc_run_end(), the spin_unlock() only has store-release semantic,
which guarantees all earlier memory access are visible before it. But
the subsequent test_bit() has no barrier semantics so may be reordered
ahead of the spin_unlock(). The store-load reordering may cause a packet
stuck problem.
The concurrent operations can be described as below,
CPU 0 | CPU 1
qdisc_run_end() | qdisc_run_begin()
. | .
----> /* may be reorderd here */ | .
| . | .
| spin_unlock() | set_bit()
| . | smp_mb__after_atomic()
---- test_bit() | spin_trylock()
. | .
Consider the following sequence of events:
CPU 0 reorder test_bit() ahead and see MISSED = 0
CPU 1 calls set_bit()
CPU 1 calls spin_trylock() and return fail
CPU 0 executes spin_unlock()
At the end of the sequence, CPU 0 calls spin_unlock() and does nothing
because it see MISSED = 0. The skb on CPU 1 has beed enqueued but no one
take it, until the next cpu pushing to the qdisc (if ever ...) will
notice and dequeue it.
This patch fix this by adding one explicit barrier. As spin_unlock() and
test_bit() ordering is a store-load ordering, a full memory barrier
smp_mb() is needed here.
Fixes: a90c57f2cedd ("net: sched: fix packet stuck problem for lockless qdisc")
Signed-off-by: Guoju Fang <gjfang@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220528101628.120193-1-gjfang@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sch_generic.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 90fb413d9fd7..1ee396ce0eda 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -194,6 +194,12 @@ static inline void qdisc_run_end(struct Qdisc *qdisc)
if (qdisc->flags & TCQ_F_NOLOCK) {
spin_unlock(&qdisc->seqlock);
+ /* spin_unlock() only has store-release semantic. The unlock
+ * and test_bit() ordering is a store-load ordering, so a full
+ * memory barrier is needed here.
+ */
+ smp_mb();
+
if (unlikely(test_bit(__QDISC_STATE_MISSED,
&qdisc->state))) {
clear_bit(__QDISC_STATE_MISSED, &qdisc->state);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 333/411] tcp: tcp_rtx_synack() can be called from process context
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 332/411] net: sched: add barrier to fix packet stuck problem for lockless qdisc Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 334/411] afs: Fix infinite loop found by xfstest generic/676 Greg Kroah-Hartman
` (82 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Laurent Fasnacht,
Neal Cardwell, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 0a375c822497ed6ad6b5da0792a12a6f1af10c0b ]
Laurent reported the enclosed report [1]
This bug triggers with following coditions:
0) Kernel built with CONFIG_DEBUG_PREEMPT=y
1) A new passive FastOpen TCP socket is created.
This FO socket waits for an ACK coming from client to be a complete
ESTABLISHED one.
2) A socket operation on this socket goes through lock_sock()
release_sock() dance.
3) While the socket is owned by the user in step 2),
a retransmit of the SYN is received and stored in socket backlog.
4) At release_sock() time, the socket backlog is processed while
in process context.
5) A SYNACK packet is cooked in response of the SYN retransmit.
6) -> tcp_rtx_synack() is called in process context.
Before blamed commit, tcp_rtx_synack() was always called from BH handler,
from a timer handler.
Fix this by using TCP_INC_STATS() & NET_INC_STATS()
which do not assume caller is in non preemptible context.
[1]
BUG: using __this_cpu_add() in preemptible [00000000] code: epollpep/2180
caller is tcp_rtx_synack.part.0+0x36/0xc0
CPU: 10 PID: 2180 Comm: epollpep Tainted: G OE 5.16.0-0.bpo.4-amd64 #1 Debian 5.16.12-1~bpo11+1
Hardware name: Supermicro SYS-5039MC-H8TRF/X11SCD-F, BIOS 1.7 11/23/2021
Call Trace:
<TASK>
dump_stack_lvl+0x48/0x5e
check_preemption_disabled+0xde/0xe0
tcp_rtx_synack.part.0+0x36/0xc0
tcp_rtx_synack+0x8d/0xa0
? kmem_cache_alloc+0x2e0/0x3e0
? apparmor_file_alloc_security+0x3b/0x1f0
inet_rtx_syn_ack+0x16/0x30
tcp_check_req+0x367/0x610
tcp_rcv_state_process+0x91/0xf60
? get_nohz_timer_target+0x18/0x1a0
? lock_timer_base+0x61/0x80
? preempt_count_add+0x68/0xa0
tcp_v4_do_rcv+0xbd/0x270
__release_sock+0x6d/0xb0
release_sock+0x2b/0x90
sock_setsockopt+0x138/0x1140
? __sys_getsockname+0x7e/0xc0
? aa_sk_perm+0x3e/0x1a0
__sys_setsockopt+0x198/0x1e0
__x64_sys_setsockopt+0x21/0x30
do_syscall_64+0x38/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 168a8f58059a ("tcp: TCP Fast Open Server - main code path")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Laurent Fasnacht <laurent.fasnacht@proton.ch>
Acked-by: Neal Cardwell <ncardwell@google.com>
Link: https://lore.kernel.org/r/20220530213713.601888-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_output.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 67493ec6318a..739fc69cdcc6 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3869,8 +3869,8 @@ int tcp_rtx_synack(const struct sock *sk, struct request_sock *req)
tcp_rsk(req)->txhash = net_tx_rndhash();
res = af_ops->send_synack(sk, NULL, &fl, req, NULL, TCP_SYNACK_NORMAL);
if (!res) {
- __TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
- __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
+ TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
if (unlikely(tcp_passive_fastopen(sk)))
tcp_sk(sk)->total_retrans++;
trace_tcp_retransmit_synack(sk, req);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 334/411] afs: Fix infinite loop found by xfstest generic/676
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 333/411] tcp: tcp_rtx_synack() can be called from process context Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 335/411] tipc: check attribute length for bearer name Greg Kroah-Hartman
` (81 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Marc Dionne,
linux-afs, Linus Torvalds, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 17eabd42560f4636648ad65ba5b20228071e2363 ]
In AFS, a directory is handled as a file that the client downloads and
parses locally for the purposes of performing lookup and getdents
operations. The in-kernel afs filesystem has a number of functions that
do this.
A directory file is arranged as a series of 2K blocks divided into
32-byte slots, where a directory entry occupies one or more slots, plus
each block starts with one or more metadata blocks.
When parsing a block, if the last slots are occupied by a dirent that
occupies more than a single slot and the file position points at a slot
that's not the initial one, the logic in afs_dir_iterate_block() that
skips over it won't advance the file pointer to the end of it. This
will cause an infinite loop in getdents() as it will keep retrying that
block and failing to advance beyond the final entry.
Fix this by advancing the file pointer if the next entry will be beyond
it when we skip a block.
This was found by the generic/676 xfstest but can also be triggered with
something like:
~/xfstests-dev/src/t_readdir_3 /xfstest.test/z 4000 1
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: http://lore.kernel.org/r/165391973497.110268.2939296942213894166.stgit@warthog.procyon.org.uk/
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/dir.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/afs/dir.c b/fs/afs/dir.c
index 8c39533d122a..3a355a209919 100644
--- a/fs/afs/dir.c
+++ b/fs/afs/dir.c
@@ -415,8 +415,11 @@ static int afs_dir_iterate_block(struct afs_vnode *dvnode,
}
/* skip if starts before the current position */
- if (offset < curr)
+ if (offset < curr) {
+ if (next > curr)
+ ctx->pos = blkoff + next * sizeof(union afs_xdr_dirent);
continue;
+ }
/* found the next entry */
if (!dir_emit(ctx, dire->u.name, nlen,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 335/411] tipc: check attribute length for bearer name
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 334/411] afs: Fix infinite loop found by xfstest generic/676 Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 336/411] perf c2c: Fix sorting in percent_rmt_hitm_cmp() Greg Kroah-Hartman
` (80 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+e820fdc8ce362f2dea51,
Jon Maloy, Hoang Le, Jakub Kicinski, Sasha Levin
From: Hoang Le <hoang.h.le@dektech.com.au>
[ Upstream commit 7f36f798f89bf32c0164049cb0e3fd1af613d0bb ]
syzbot reported uninit-value:
=====================================================
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]
BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725
string_nocheck lib/vsprintf.c:644 [inline]
string+0x4f9/0x6f0 lib/vsprintf.c:725
vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283
vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50
_printk+0x18d/0x1cf kernel/printk/printk.c:2293
tipc_enable_bearer net/tipc/bearer.c:371 [inline]
__tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033
tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042
genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
- Do sanity check the attribute length for TIPC_NLA_BEARER_NAME.
- Do not use 'illegal name' in printing message.
Reported-by: syzbot+e820fdc8ce362f2dea51@syzkaller.appspotmail.com
Fixes: cb30a63384bc ("tipc: refactor function tipc_enable_bearer()")
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Link: https://lore.kernel.org/r/20220602063053.5892-1-hoang.h.le@dektech.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/bearer.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 8bd2454cc89d..577f71dd63fb 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -248,9 +248,8 @@ static int tipc_enable_bearer(struct net *net, const char *name,
u32 i;
if (!bearer_name_validate(name, &b_names)) {
- errstr = "illegal name";
NL_SET_ERR_MSG(extack, "Illegal name");
- goto rejected;
+ return res;
}
if (prio > TIPC_MAX_LINK_PRI && prio != TIPC_MEDIA_LINK_PRI) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 336/411] perf c2c: Fix sorting in percent_rmt_hitm_cmp()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 335/411] tipc: check attribute length for bearer name Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 337/411] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Greg Kroah-Hartman
` (79 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leo Yan, Namhyung Kim,
Alexander Shishkin, Ingo Molnar, Jiri Olsa, Joe Mario,
Mark Rutland, Peter Zijlstra, Arnaldo Carvalho de Melo,
Sasha Levin
From: Leo Yan <leo.yan@linaro.org>
[ Upstream commit b24192a17337abbf3f44aaa75e15df14a2d0016e ]
The function percent_rmt_hitm_cmp() wrongly uses local HITMs for
sorting remote HITMs.
Since this function is to sort cache lines for remote HITMs, this patch
changes to use 'rmt_hitm' field for correct sorting.
Fixes: 9cb3500afc0980c5 ("perf c2c report: Add hitm/store percent related sort keys")
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Joe Mario <jmario@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220530084253.750190-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-c2c.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/perf/builtin-c2c.c b/tools/perf/builtin-c2c.c
index d3e0ea06d78d..29d460c30176 100644
--- a/tools/perf/builtin-c2c.c
+++ b/tools/perf/builtin-c2c.c
@@ -953,8 +953,8 @@ percent_rmt_hitm_cmp(struct perf_hpp_fmt *fmt __maybe_unused,
double per_left;
double per_right;
- per_left = PERCENT(left, lcl_hitm);
- per_right = PERCENT(right, lcl_hitm);
+ per_left = PERCENT(left, rmt_hitm);
+ per_right = PERCENT(right, rmt_hitm);
return per_left - per_right;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 337/411] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 336/411] perf c2c: Fix sorting in percent_rmt_hitm_cmp() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 338/411] tracing: Fix sleeping function called from invalid context on RT kernel Greg Kroah-Hartman
` (78 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gong Yuanjun, Serge Semin,
Thomas Bogendoerfer, Sasha Levin
From: Gong Yuanjun <ruc_gongyuanjun@163.com>
[ Upstream commit 4107fa700f314592850e2c64608f6ede4c077476 ]
Add the missing of_node_put() to release the refcount incremented
by of_find_compatible_node().
Signed-off-by: Gong Yuanjun <ruc_gongyuanjun@163.com>
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/mips-cpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/mips/kernel/mips-cpc.c b/arch/mips/kernel/mips-cpc.c
index 69e3e0b556bf..1b0d4bb617a9 100644
--- a/arch/mips/kernel/mips-cpc.c
+++ b/arch/mips/kernel/mips-cpc.c
@@ -27,6 +27,7 @@ phys_addr_t __weak mips_cpc_default_phys_base(void)
cpc_node = of_find_compatible_node(of_root, NULL, "mti,mips-cpc");
if (cpc_node) {
err = of_address_to_resource(cpc_node, 0, &res);
+ of_node_put(cpc_node);
if (!err)
return res.start;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 338/411] tracing: Fix sleeping function called from invalid context on RT kernel
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 337/411] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 339/411] tracing: Avoid adding tracer option before update_tracer_options Greg Kroah-Hartman
` (77 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jun Miao, Steven Rostedt (Google),
Sasha Levin
From: Jun Miao <jun.miao@intel.com>
[ Upstream commit 12025abdc8539ed9d5014e2d647a3fd1bd3de5cd ]
When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in the
cmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the
atomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel,
these locks are replaced with sleepable rt-spinlock, so the stack calltrace will
be triggered.
Fix it by raw_spin_lock_irqsave when PREEMPT_RT and "trace_event=initcall:initcall_start
tp_printk=1" enabled.
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0
preempt_count: 2, expected: 0
RCU nest depth: 0, expected: 0
Preemption disabled at:
[<ffffffff8992303e>] try_to_wake_up+0x7e/0xba0
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x60/0x8c
dump_stack+0x10/0x12
__might_resched.cold+0x11d/0x155
rt_spin_lock+0x40/0x70
trace_event_buffer_commit+0x2fa/0x4c0
? map_vsyscall+0x93/0x93
trace_event_raw_event_initcall_start+0xbe/0x110
? perf_trace_initcall_finish+0x210/0x210
? probe_sched_wakeup+0x34/0x40
? ttwu_do_wakeup+0xda/0x310
? trace_hardirqs_on+0x35/0x170
? map_vsyscall+0x93/0x93
do_one_initcall+0x217/0x3c0
? trace_event_raw_event_initcall_level+0x170/0x170
? push_cpu_stop+0x400/0x400
? cblist_init_generic+0x241/0x290
kernel_init_freeable+0x1ac/0x347
? _raw_spin_unlock_irq+0x65/0x80
? rest_init+0xf0/0xf0
kernel_init+0x1e/0x150
ret_from_fork+0x22/0x30
</TASK>
Link: https://lkml.kernel.org/r/20220419013910.894370-1-jun.miao@intel.com
Signed-off-by: Jun Miao <jun.miao@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 56619766e910..ce9165de019c 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2537,7 +2537,7 @@ trace_event_buffer_lock_reserve(struct ring_buffer **current_rb,
}
EXPORT_SYMBOL_GPL(trace_event_buffer_lock_reserve);
-static DEFINE_SPINLOCK(tracepoint_iter_lock);
+static DEFINE_RAW_SPINLOCK(tracepoint_iter_lock);
static DEFINE_MUTEX(tracepoint_printk_mutex);
static void output_printk(struct trace_event_buffer *fbuffer)
@@ -2558,14 +2558,14 @@ static void output_printk(struct trace_event_buffer *fbuffer)
event = &fbuffer->trace_file->event_call->event;
- spin_lock_irqsave(&tracepoint_iter_lock, flags);
+ raw_spin_lock_irqsave(&tracepoint_iter_lock, flags);
trace_seq_init(&iter->seq);
iter->ent = fbuffer->entry;
event_call->event.funcs->trace(iter, 0, event);
trace_seq_putc(&iter->seq, 0);
printk("%s", iter->seq.buffer);
- spin_unlock_irqrestore(&tracepoint_iter_lock, flags);
+ raw_spin_unlock_irqrestore(&tracepoint_iter_lock, flags);
}
int tracepoint_printk_sysctl(struct ctl_table *table, int write,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 339/411] tracing: Avoid adding tracer option before update_tracer_options
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 338/411] tracing: Fix sleeping function called from invalid context on RT kernel Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 340/411] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Greg Kroah-Hartman
` (76 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Mark-PK Tsai,
Steven Rostedt (Google),
Sasha Levin
From: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
[ Upstream commit ef9188bcc6ca1d8a2ad83e826b548e6820721061 ]
To prepare for support asynchronous tracer_init_tracefs initcall,
avoid calling create_trace_option_files before __update_tracer_options.
Otherwise, create_trace_option_files will show warning because
some tracers in trace_types list are already in tr->topts.
For example, hwlat_tracer call register_tracer in late_initcall,
and global_trace.dir is already created in tracing_init_dentry,
hwlat_tracer will be put into tr->topts.
Then if the __update_tracer_options is executed after hwlat_tracer
registered, create_trace_option_files find that hwlat_tracer is
already in tr->topts.
Link: https://lkml.kernel.org/r/20220426122407.17042-2-mark-pk.tsai@mediatek.com
Link: https://lore.kernel.org/lkml/20220322133339.GA32582@xsang-OptiPlex-9020/
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index ce9165de019c..55da88f18342 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -5638,12 +5638,18 @@ static void tracing_set_nop(struct trace_array *tr)
tr->current_trace = &nop_trace;
}
+static bool tracer_options_updated;
+
static void add_tracer_options(struct trace_array *tr, struct tracer *t)
{
/* Only enable if the directory has been created already. */
if (!tr->dir)
return;
+ /* Only create trace option files after update_tracer_options finish */
+ if (!tracer_options_updated)
+ return;
+
create_trace_option_files(tr, t);
}
@@ -8391,6 +8397,7 @@ static void __update_tracer_options(struct trace_array *tr)
static void update_tracer_options(struct trace_array *tr)
{
mutex_lock(&trace_types_lock);
+ tracer_options_updated = true;
__update_tracer_options(tr);
mutex_unlock(&trace_types_lock);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 340/411] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 339/411] tracing: Avoid adding tracer option before update_tracer_options Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 341/411] i2c: cadence: Increase timeout per message if necessary Greg Kroah-Hartman
` (75 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+763ae12a2ede1d99d4dc,
Dongliang Mu, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit dc2f78e2d4cc844a1458653d57ce1b54d4a29f21 ]
Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and
__is_bitmap_valid. For example, in f2fs_is_valid_blkaddr,
if type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ,
it invokes WARN_ON if blkaddr is not in the right range.
The call trace is as follows:
f2fs_get_node_info+0x45f/0x1070
read_node_page+0x577/0x1190
__get_node_page.part.0+0x9e/0x10e0
__get_node_page
f2fs_get_node_page+0x109/0x180
do_read_inode
f2fs_iget+0x2a5/0x58b0
f2fs_fill_super+0x3b39/0x7ca0
Fix these two WARNs by replacing WARN_ON with dump_stack.
Reported-by: syzbot+763ae12a2ede1d99d4dc@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/checkpoint.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index 54f0d2c4c7d8..44c5110e18f0 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -149,7 +149,7 @@ static bool __is_bitmap_valid(struct f2fs_sb_info *sbi, block_t blkaddr,
f2fs_err(sbi, "Inconsistent error blkaddr:%u, sit bitmap:%d",
blkaddr, exist);
set_sbi_flag(sbi, SBI_NEED_FSCK);
- WARN_ON(1);
+ dump_stack();
}
return exist;
}
@@ -187,7 +187,7 @@ bool f2fs_is_valid_blkaddr(struct f2fs_sb_info *sbi,
f2fs_warn(sbi, "access invalid blkaddr:%u",
blkaddr);
set_sbi_flag(sbi, SBI_NEED_FSCK);
- WARN_ON(1);
+ dump_stack();
return false;
} else {
return __is_bitmap_valid(sbi, blkaddr, type);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 341/411] i2c: cadence: Increase timeout per message if necessary
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 340/411] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 342/411] m68knommu: set ZERO_PAGE() to the allocated zeroed page Greg Kroah-Hartman
` (74 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Tanure, Michal Simek,
Wolfram Sang, Sasha Levin
From: Lucas Tanure <tanureal@opensource.cirrus.com>
[ Upstream commit 96789dce043f5bff8b7d62aa28d52a7c59403a84 ]
Timeout as 1 second sets an upper limit on the length
of the transfer executed, but there is no maximum length
of a write or read message set in i2c_adapter_quirks for
this controller.
This upper limit affects devices that require sending
large firmware blobs over I2C.
To remove that limitation, calculate the minimal time
necessary, plus some wiggle room, for every message and
use it instead of the default one second, if more than
one second.
Signed-off-by: Lucas Tanure <tanureal@opensource.cirrus.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-cadence.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c
index 17f0dd1f891e..8a3a0991bc1c 100644
--- a/drivers/i2c/busses/i2c-cadence.c
+++ b/drivers/i2c/busses/i2c-cadence.c
@@ -506,7 +506,7 @@ static void cdns_i2c_master_reset(struct i2c_adapter *adap)
static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg,
struct i2c_adapter *adap)
{
- unsigned long time_left;
+ unsigned long time_left, msg_timeout;
u32 reg;
id->p_msg = msg;
@@ -531,8 +531,16 @@ static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg,
else
cdns_i2c_msend(id);
+ /* Minimal time to execute this message */
+ msg_timeout = msecs_to_jiffies((1000 * msg->len * BITS_PER_BYTE) / id->i2c_clk);
+ /* Plus some wiggle room */
+ msg_timeout += msecs_to_jiffies(500);
+
+ if (msg_timeout < adap->timeout)
+ msg_timeout = adap->timeout;
+
/* Wait for the signal of completion */
- time_left = wait_for_completion_timeout(&id->xfer_done, adap->timeout);
+ time_left = wait_for_completion_timeout(&id->xfer_done, msg_timeout);
if (time_left == 0) {
cdns_i2c_master_reset(adap);
dev_err(id->adap.dev.parent,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 342/411] m68knommu: set ZERO_PAGE() to the allocated zeroed page
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 341/411] i2c: cadence: Increase timeout per message if necessary Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 343/411] m68knommu: fix undefined reference to `_init_sp Greg Kroah-Hartman
` (73 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hugh Dickens, Greg Ungerer, Sasha Levin
From: Greg Ungerer <gerg@linux-m68k.org>
[ Upstream commit dc068f46217970d9516f16cd37972a01d50dc055 ]
The non-MMU m68k pagetable ZERO_PAGE() macro is being set to the
somewhat non-sensical value of "virt_to_page(0)". The zeroth page
is not in any way guaranteed to be a page full of "0". So the result
is that ZERO_PAGE() will almost certainly contain random values.
We already allocate a real "empty_zero_page" in the mm setup code shared
between MMU m68k and non-MMU m68k. It is just not hooked up to the
ZERO_PAGE() macro for the non-MMU m68k case.
Fix ZERO_PAGE() to use the allocated "empty_zero_page" pointer.
I am not aware of any specific issues caused by the old code.
Link: https://lore.kernel.org/linux-m68k/2a462b23-5b8e-bbf4-ec7d-778434a3b9d7@google.com/T/#t
Reported-by: Hugh Dickens <hughd@google.com>
Signed-off-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/include/asm/pgtable_no.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/m68k/include/asm/pgtable_no.h b/arch/m68k/include/asm/pgtable_no.h
index c18165b0d904..6b0248466569 100644
--- a/arch/m68k/include/asm/pgtable_no.h
+++ b/arch/m68k/include/asm/pgtable_no.h
@@ -42,7 +42,8 @@ extern void paging_init(void);
* ZERO_PAGE is a global shared page that is always zero: used
* for zero-mapped memory areas etc..
*/
-#define ZERO_PAGE(vaddr) (virt_to_page(0))
+extern void *empty_zero_page;
+#define ZERO_PAGE(vaddr) (virt_to_page(empty_zero_page))
/*
* All 32bit addresses are effectively valid for vmalloc...
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 343/411] m68knommu: fix undefined reference to `_init_sp
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 342/411] m68knommu: set ZERO_PAGE() to the allocated zeroed page Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 344/411] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Kroah-Hartman
` (72 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Geert Uytterhoeven, Greg Ungerer, Sasha Levin
From: Greg Ungerer <gerg@linux-m68k.org>
[ Upstream commit a71b9e66fee47c59b3ec34e652b5c23bc6550794 ]
When configuring a nommu classic m68k system enabling the uboot parameter
passing support (CONFIG_UBOOT) will produce the following compile error:
m68k-linux-ld: arch/m68k/kernel/uboot.o: in function `process_uboot_commandline':
uboot.c:(.init.text+0x32): undefined reference to `_init_sp'
The logic to support this option is only used on ColdFire based platforms
(in its head.S startup code). So make the selection of this option
depend on building for a ColdFire based platform.
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/Kconfig.machine | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/m68k/Kconfig.machine b/arch/m68k/Kconfig.machine
index b88a980f56f8..f0527b155c05 100644
--- a/arch/m68k/Kconfig.machine
+++ b/arch/m68k/Kconfig.machine
@@ -320,6 +320,7 @@ comment "Machine Options"
config UBOOT
bool "Support for U-Boot command line parameters"
+ depends on COLDFIRE
help
If you say Y here kernel will try to collect command
line parameters from the initial u-boot stack.
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 344/411] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 343/411] m68knommu: fix undefined reference to `_init_sp Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 345/411] NFSv4: Dont hold the layoutget locks across multiple RPC calls Greg Kroah-Hartman
` (71 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Radhey Shyam Pandey, Vinod Koul, Sasha Levin
From: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
[ Upstream commit f9a9f43a62a04ec3183fb0da9226c7706eed0115 ]
In zynqmp_dma_alloc/free_chan_resources functions there is a
potential overflow in the below expressions.
dma_alloc_coherent(chan->dev, (2 * chan->desc_size *
ZYNQMP_DMA_NUM_DESCS),
&chan->desc_pool_p, GFP_KERNEL);
dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *
ZYNQMP_DMA_NUM_DESCS),
chan->desc_pool_v, chan->desc_pool_p);
The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though
this overflow condition is not observed but it is a potential problem
in the case of 32-bit multiplication. Hence fix it by changing the
desc_size data type to size_t.
In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in
dma_alloc_coherent API argument.
Addresses-Coverity: Event overflow_before_widen.
Signed-off-by: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
Link: https://lore.kernel.org/r/1652166762-18317-2-git-send-email-radhey.shyam.pandey@xilinx.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/xilinx/zynqmp_dma.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c
index 84009c5e0f33..b61d0c79dffb 100644
--- a/drivers/dma/xilinx/zynqmp_dma.c
+++ b/drivers/dma/xilinx/zynqmp_dma.c
@@ -232,7 +232,7 @@ struct zynqmp_dma_chan {
bool is_dmacoherent;
struct tasklet_struct tasklet;
bool idle;
- u32 desc_size;
+ size_t desc_size;
bool err;
u32 bus_width;
u32 src_burst_len;
@@ -489,7 +489,8 @@ static int zynqmp_dma_alloc_chan_resources(struct dma_chan *dchan)
}
chan->desc_pool_v = dma_alloc_coherent(chan->dev,
- (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS),
+ (2 * ZYNQMP_DMA_DESC_SIZE(chan) *
+ ZYNQMP_DMA_NUM_DESCS),
&chan->desc_pool_p, GFP_KERNEL);
if (!chan->desc_pool_v)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 345/411] NFSv4: Dont hold the layoutget locks across multiple RPC calls
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 344/411] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 346/411] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Greg Kroah-Hartman
` (70 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 6949493884fe88500de4af182588e071cf1544ee ]
When doing layoutget as part of the open() compound, we have to be
careful to release the layout locks before we can call any further RPC
calls, such as setattr(). The reason is that those calls could trigger
a recall, which could deadlock.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4proc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index cf3b00751ff6..ba4a03a69fbf 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3041,6 +3041,10 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata,
}
out:
+ if (opendata->lgp) {
+ nfs4_lgopen_release(opendata->lgp);
+ opendata->lgp = NULL;
+ }
if (!opendata->cancelled)
nfs4_sequence_free_slot(&opendata->o_res.seq_res);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 346/411] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 345/411] NFSv4: Dont hold the layoutget locks across multiple RPC calls Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 347/411] xprtrdma: treat all calls not a bcall when bc_serv is NULL Greg Kroah-Hartman
` (69 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Helge Deller, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d87ad457f7e1b8d2492ca5b1531eb35030a1cc8f ]
In pxa3xx_gcu_probe(), the sequence of error lable is wrong, it will
leads some resource leaked, so adjust the sequence to handle the error
correctly, and if pxa3xx_gcu_add_buffer() fails, pxa3xx_gcu_free_buffers()
need be called.
In pxa3xx_gcu_remove(), add missing clk_disable_unpreprare().
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/pxa3xx-gcu.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/video/fbdev/pxa3xx-gcu.c b/drivers/video/fbdev/pxa3xx-gcu.c
index 74ffb446e00c..7c4694d70dac 100644
--- a/drivers/video/fbdev/pxa3xx-gcu.c
+++ b/drivers/video/fbdev/pxa3xx-gcu.c
@@ -651,6 +651,7 @@ static int pxa3xx_gcu_probe(struct platform_device *pdev)
for (i = 0; i < 8; i++) {
ret = pxa3xx_gcu_add_buffer(dev, priv);
if (ret) {
+ pxa3xx_gcu_free_buffers(dev, priv);
dev_err(dev, "failed to allocate DMA memory\n");
goto err_disable_clk;
}
@@ -667,15 +668,15 @@ static int pxa3xx_gcu_probe(struct platform_device *pdev)
SHARED_SIZE, irq);
return 0;
-err_free_dma:
- dma_free_coherent(dev, SHARED_SIZE,
- priv->shared, priv->shared_phys);
+err_disable_clk:
+ clk_disable_unprepare(priv->clk);
err_misc_deregister:
misc_deregister(&priv->misc_dev);
-err_disable_clk:
- clk_disable_unprepare(priv->clk);
+err_free_dma:
+ dma_free_coherent(dev, SHARED_SIZE,
+ priv->shared, priv->shared_phys);
return ret;
}
@@ -688,6 +689,7 @@ static int pxa3xx_gcu_remove(struct platform_device *pdev)
pxa3xx_gcu_wait_idle(priv);
misc_deregister(&priv->misc_dev);
dma_free_coherent(dev, SHARED_SIZE, priv->shared, priv->shared_phys);
+ clk_disable_unprepare(priv->clk);
pxa3xx_gcu_free_buffers(dev, priv);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 347/411] xprtrdma: treat all calls not a bcall when bc_serv is NULL
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 346/411] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 348/411] netfilter: nat: really support inet nat without l3 address Greg Kroah-Hartman
` (68 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kinglong Mee, Chuck Lever,
Anna Schumaker, Sasha Levin
From: Kinglong Mee <kinglongmee@gmail.com>
[ Upstream commit 11270e7ca268e8d61b5d9e5c3a54bd1550642c9c ]
When a rdma server returns a fault format reply, nfs v3 client may
treats it as a bcall when bc service is not exist.
The debug message at rpcrdma_bc_receive_call are,
[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID
00000001, length=20
[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 04
After that, rpcrdma_bc_receive_call will meets NULL pointer as,
[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at
00000000000000c8
...
[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20
...
[ 226.059732] Call Trace:
[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]
[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core]
[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core]
[ 226.060257] process_one_work+0x1a7/0x360
[ 226.060367] ? create_worker+0x1a0/0x1a0
[ 226.060440] worker_thread+0x30/0x390
[ 226.060500] ? create_worker+0x1a0/0x1a0
[ 226.060574] kthread+0x116/0x130
[ 226.060661] ? kthread_flush_work_fn+0x10/0x10
[ 226.060724] ret_from_fork+0x35/0x40
...
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xprtrdma/rpc_rdma.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c
index c091417bd799..60aaed9457e4 100644
--- a/net/sunrpc/xprtrdma/rpc_rdma.c
+++ b/net/sunrpc/xprtrdma/rpc_rdma.c
@@ -1042,6 +1042,7 @@ static bool
rpcrdma_is_bcall(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep)
#if defined(CONFIG_SUNRPC_BACKCHANNEL)
{
+ struct rpc_xprt *xprt = &r_xprt->rx_xprt;
struct xdr_stream *xdr = &rep->rr_stream;
__be32 *p;
@@ -1065,6 +1066,10 @@ rpcrdma_is_bcall(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep)
if (*p != cpu_to_be32(RPC_CALL))
return false;
+ /* No bc service. */
+ if (xprt->bc_serv == NULL)
+ return false;
+
/* Now that we are sure this is a backchannel call,
* advance to the RPC header.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 348/411] netfilter: nat: really support inet nat without l3 address
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 347/411] xprtrdma: treat all calls not a bcall when bc_serv is NULL Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 349/411] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Greg Kroah-Hartman
` (67 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yi Chen, Florian Westphal,
Pablo Neira Ayuso, Sasha Levin
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 282e5f8fe907dc3f2fbf9f2103b0e62ffc3a68a5 ]
When no l3 address is given, priv->family is set to NFPROTO_INET and
the evaluation function isn't called.
Call it too so l4-only rewrite can work.
Also add a test case for this.
Fixes: a33f387ecd5aa ("netfilter: nft_nat: allow to specify layer 4 protocol NAT only")
Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nft_nat.c | 3 +-
tools/testing/selftests/netfilter/nft_nat.sh | 43 ++++++++++++++++++++
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 17c0f75dfcdb..0c5bc3c37ecf 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -283,7 +283,8 @@ static void nft_nat_inet_eval(const struct nft_expr *expr,
{
const struct nft_nat *priv = nft_expr_priv(expr);
- if (priv->family == nft_pf(pkt))
+ if (priv->family == nft_pf(pkt) ||
+ priv->family == NFPROTO_INET)
nft_nat_eval(expr, regs, pkt);
}
diff --git a/tools/testing/selftests/netfilter/nft_nat.sh b/tools/testing/selftests/netfilter/nft_nat.sh
index d7e07f4c3d7f..4e15e8167310 100755
--- a/tools/testing/selftests/netfilter/nft_nat.sh
+++ b/tools/testing/selftests/netfilter/nft_nat.sh
@@ -374,6 +374,45 @@ EOF
return $lret
}
+test_local_dnat_portonly()
+{
+ local family=$1
+ local daddr=$2
+ local lret=0
+ local sr_s
+ local sr_r
+
+ip netns exec "$ns0" nft -f /dev/stdin <<EOF
+table $family nat {
+ chain output {
+ type nat hook output priority 0; policy accept;
+ meta l4proto tcp dnat to :2000
+
+ }
+}
+EOF
+ if [ $? -ne 0 ]; then
+ if [ $family = "inet" ];then
+ echo "SKIP: inet port test"
+ test_inet_nat=false
+ return
+ fi
+ echo "SKIP: Could not add $family dnat hook"
+ return
+ fi
+
+ echo SERVER-$family | ip netns exec "$ns1" timeout 5 socat -u STDIN TCP-LISTEN:2000 &
+ sc_s=$!
+
+ result=$(ip netns exec "$ns0" timeout 1 socat TCP:$daddr:2000 STDOUT)
+
+ if [ "$result" = "SERVER-inet" ];then
+ echo "PASS: inet port rewrite without l3 address"
+ else
+ echo "ERROR: inet port rewrite"
+ ret=1
+ fi
+}
test_masquerade6()
{
@@ -841,6 +880,10 @@ fi
reset_counters
test_local_dnat ip
test_local_dnat6 ip6
+
+reset_counters
+test_local_dnat_portonly inet 10.0.1.99
+
reset_counters
$test_inet_nat && test_local_dnat inet
$test_inet_nat && test_local_dnat6 inet
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 349/411] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 348/411] netfilter: nat: really support inet nat without l3 address Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 350/411] netfilter: nf_tables: memleak flow rule from commit path Greg Kroah-Hartman
` (66 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sergey Shtylyov,
Damien Le Moal, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 10d6bdf532902be1d8aa5900b3c03c5671612aa2 ]
of_find_device_by_node() takes reference, we should use put_device()
to release it when not need anymore.
Add missing put_device() to avoid refcount leak.
Fixes: 43f01da0f279 ("MIPS/OCTEON/ata: Convert pata_octeon_cf.c to use device tree.")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/pata_octeon_cf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/ata/pata_octeon_cf.c b/drivers/ata/pata_octeon_cf.c
index ac3b1fda820f..c240d8cbfd41 100644
--- a/drivers/ata/pata_octeon_cf.c
+++ b/drivers/ata/pata_octeon_cf.c
@@ -888,12 +888,14 @@ static int octeon_cf_probe(struct platform_device *pdev)
int i;
res_dma = platform_get_resource(dma_dev, IORESOURCE_MEM, 0);
if (!res_dma) {
+ put_device(&dma_dev->dev);
of_node_put(dma_node);
return -EINVAL;
}
cf_port->dma_base = (u64)devm_ioremap_nocache(&pdev->dev, res_dma->start,
resource_size(res_dma));
if (!cf_port->dma_base) {
+ put_device(&dma_dev->dev);
of_node_put(dma_node);
return -EINVAL;
}
@@ -903,6 +905,7 @@ static int octeon_cf_probe(struct platform_device *pdev)
irq = i;
irq_handler = octeon_cf_interrupt;
}
+ put_device(&dma_dev->dev);
}
of_node_put(dma_node);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 350/411] netfilter: nf_tables: memleak flow rule from commit path
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 349/411] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 351/411] xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Greg Kroah-Hartman
` (65 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 ]
Abort path release flow rule object, however, commit path does not.
Update code to destroy these objects before releasing the transaction.
Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b51c192105fc..58a7d89719b1 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6570,6 +6570,9 @@ static void nft_commit_release(struct nft_trans *trans)
nf_tables_chain_destroy(&trans->ctx);
break;
case NFT_MSG_DELRULE:
+ if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
+ nft_flow_rule_destroy(nft_trans_flow_rule(trans));
+
nf_tables_rule_destroy(&trans->ctx, nft_trans_rule(trans));
break;
case NFT_MSG_DELSET:
@@ -6891,6 +6894,9 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
nf_tables_rule_notify(&trans->ctx,
nft_trans_rule(trans),
NFT_MSG_NEWRULE);
+ if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
+ nft_flow_rule_destroy(nft_trans_flow_rule(trans));
+
nft_trans_destroy(trans);
break;
case NFT_MSG_DELRULE:
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 351/411] xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 350/411] netfilter: nf_tables: memleak flow rule from commit path Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 352/411] af_unix: Fix a data-race in unix_dgram_peer_wake_me() Greg Kroah-Hartman
` (64 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Oleksandr Tyshchenko, Stefano Stabellini, Juergen Gross,
Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit dbac14a5a05ff8e1ce7c0da0e1f520ce39ec62ea ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because none of the in-tree call-sites
(arch/arm/xen/enlighten.c, arch/x86/xen/grant-table.c) is compiled as
modular.
Fixes: 243848fc018c ("xen/grant-table: Move xlated_setup_gnttab_pages to common place")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Link: https://lore.kernel.org/r/20220606045920.4161881-1-masahiroy@kernel.org
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/xlate_mmu.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/xen/xlate_mmu.c b/drivers/xen/xlate_mmu.c
index 7b1077f0abcb..c8aa4f5f85db 100644
--- a/drivers/xen/xlate_mmu.c
+++ b/drivers/xen/xlate_mmu.c
@@ -261,7 +261,6 @@ int __init xen_xlate_map_ballooned_pages(xen_pfn_t **gfns, void **virt,
return 0;
}
-EXPORT_SYMBOL_GPL(xen_xlate_map_ballooned_pages);
struct remap_pfn {
struct mm_struct *mm;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 352/411] af_unix: Fix a data-race in unix_dgram_peer_wake_me().
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 351/411] xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 353/411] bpf, arm64: Clear prog->jited_len along prog->jited Greg Kroah-Hartman
` (63 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuniyuki Iwashima, Paolo Abeni, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 662a80946ce13633ae90a55379f1346c10f0c432 ]
unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s
lock held and check if its receive queue is full. Here we need to
use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise
KCSAN will report a data-race.
Fixes: 7d267278a9ec ("unix: avoid use-after-free in ep_remove_wait_queue")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20220605232325.11804-1-kuniyu@amazon.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/unix/af_unix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 05470ca91bd9..f33e90bd0683 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -440,7 +440,7 @@ static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
* -ECONNREFUSED. Otherwise, if we haven't queued any skbs
* to other and its full, we will hang waiting for POLLOUT.
*/
- if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
+ if (unix_recvq_full_lockless(other) && !sock_flag(other, SOCK_DEAD))
return 1;
if (connected)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 353/411] bpf, arm64: Clear prog->jited_len along prog->jited
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 352/411] af_unix: Fix a data-race in unix_dgram_peer_wake_me() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 354/411] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Greg Kroah-Hartman
` (62 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Eric Dumazet,
Daniel Borkmann, Song Liu, Alexei Starovoitov, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 10f3b29c65bb2fe0d47c2945cd0b4087be1c5218 ]
syzbot reported an illegal copy_to_user() attempt
from bpf_prog_get_info_by_fd() [1]
There was no repro yet on this bug, but I think
that commit 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns")
is exposing a prior bug in bpf arm64.
bpf_prog_get_info_by_fd() looks at prog->jited_len
to determine if the JIT image can be copied out to user space.
My theory is that syzbot managed to get a prog where prog->jited_len
has been set to 43, while prog->bpf_func has ben cleared.
It is not clear why copy_to_user(uinsns, NULL, ulen) is triggering
this particular warning.
I thought find_vma_area(NULL) would not find a vm_struct.
As we do not hold vmap_area_lock spinlock, it might be possible
that the found vm_struct was garbage.
[1]
usercopy: Kernel memory exposure attempt detected from vmalloc (offset 792633534417210172, size 43)!
kernel BUG at mm/usercopy.c:101!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 25002 Comm: syz-executor.1 Not tainted 5.18.0-syzkaller-10139-g8291eaafed36 #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usercopy_abort+0x90/0x94 mm/usercopy.c:101
lr : usercopy_abort+0x90/0x94 mm/usercopy.c:89
sp : ffff80000b773a20
x29: ffff80000b773a30 x28: faff80000b745000 x27: ffff80000b773b48
x26: 0000000000000000 x25: 000000000000002b x24: 0000000000000000
x23: 00000000000000e0 x22: ffff80000b75db67 x21: 0000000000000001
x20: 000000000000002b x19: ffff80000b75db3c x18: 00000000fffffffd
x17: 2820636f6c6c616d x16: 76206d6f72662064 x15: 6574636574656420
x14: 74706d6574746120 x13: 2129333420657a69 x12: 73202c3237313031
x11: 3237313434333533 x10: 3336323937207465 x9 : 657275736f707865
x8 : ffff80000a30c550 x7 : ffff80000b773830 x6 : ffff80000b773830
x5 : 0000000000000000 x4 : ffff00007fbbaa10 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f7ff000028fc0000 x0 : 0000000000000064
Call trace:
usercopy_abort+0x90/0x94 mm/usercopy.c:89
check_heap_object mm/usercopy.c:186 [inline]
__check_object_size mm/usercopy.c:252 [inline]
__check_object_size+0x198/0x36c mm/usercopy.c:214
check_object_size include/linux/thread_info.h:199 [inline]
check_copy_size include/linux/thread_info.h:235 [inline]
copy_to_user include/linux/uaccess.h:159 [inline]
bpf_prog_get_info_by_fd.isra.0+0xf14/0xfdc kernel/bpf/syscall.c:3993
bpf_obj_get_info_by_fd+0x12c/0x510 kernel/bpf/syscall.c:4253
__sys_bpf+0x900/0x2150 kernel/bpf/syscall.c:4956
__do_sys_bpf kernel/bpf/syscall.c:5021 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5019 [inline]
__arm64_sys_bpf+0x28/0x40 kernel/bpf/syscall.c:5019
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142
do_el0_svc+0xa0/0xc0 arch/arm64/kernel/syscall.c:206
el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:624
el0t_64_sync_handler+0x1ac/0x1b0 arch/arm64/kernel/entry-common.c:642
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581
Code: aa0003e3 d00038c0 91248000 97fff65f (d4210000)
Fixes: db496944fdaa ("bpf: arm64: add JIT support for multi-function programs")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20220531215113.1100754-1-eric.dumazet@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/net/bpf_jit_comp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index 17a8d1484f9b..9f71ca441482 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -973,6 +973,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
bpf_jit_binary_free(header);
prog->bpf_func = NULL;
prog->jited = 0;
+ prog->jited_len = 0;
goto out_off;
}
bpf_jit_binary_lock_ro(header);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 354/411] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 353/411] bpf, arm64: Clear prog->jited_len along prog->jited Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 355/411] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Greg Kroah-Hartman
` (61 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Jakub Kicinski, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 0737e018a05e2aa352828c52bdeed3b02cff2930 ]
Every iteration of for_each_available_child_of_node() decrements
the reference count of the previous node.
when breaking early from a for_each_available_child_of_node() loop,
we need to explicitly call of_node_put() on the gphy_fw_np.
Add missing of_node_put() to avoid refcount leak.
Fixes: 14fceff4771e ("net: dsa: Add Lantiq / Intel DSA driver for vrx200")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220605072335.11257-1-linmq006@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/lantiq_gswip.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/dsa/lantiq_gswip.c b/drivers/net/dsa/lantiq_gswip.c
index 0c191d395f8f..b546002e5fd4 100644
--- a/drivers/net/dsa/lantiq_gswip.c
+++ b/drivers/net/dsa/lantiq_gswip.c
@@ -1958,8 +1958,10 @@ static int gswip_gphy_fw_list(struct gswip_priv *priv,
for_each_available_child_of_node(gphy_fw_list_np, gphy_fw_np) {
err = gswip_gphy_fw_probe(priv, &priv->gphy_fw[i],
gphy_fw_np, i);
- if (err)
+ if (err) {
+ of_node_put(gphy_fw_np);
goto remove_gphy;
+ }
i++;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 355/411] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 354/411] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 356/411] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Greg Kroah-Hartman
` (60 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gal Pressman, Tariq Toukan,
Jakub Kicinski, Sasha Levin
From: Gal Pressman <gal@nvidia.com>
[ Upstream commit f5826c8c9d57210a17031af5527056eefdc2b7eb ]
The ioctl EEPROM query wrongly returns success on read failures, fix
that by returning the appropriate error code.
Fixes: 7202da8b7f71 ("ethtool, net/mlx4_en: Cable info, get_module_info/eeprom ethtool support")
Signed-off-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://lore.kernel.org/r/20220606115718.14233-1-tariqt@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
index dd029d91bbc2..b711148a9d50 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
@@ -2083,7 +2083,7 @@ static int mlx4_en_get_module_eeprom(struct net_device *dev,
en_err(priv,
"mlx4_get_module_info i(%d) offset(%d) bytes_to_read(%d) - FAILED (0x%x)\n",
i, offset, ee->len - i, ret);
- return 0;
+ return ret;
}
i += ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 356/411] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 355/411] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 357/411] net: mdio: unexport __init-annotated mdio_bus_init() Greg Kroah-Hartman
` (59 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuck Lever, NeilBrown,
J. Bruce Fields, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 6c254bf3b637dd4ef4f78eb78c7447419c0161d7 ]
I found that NFSD's new NFSv3 READDIRPLUS XDR encoder was screwing up
right at the end of the page array. xdr_get_next_encode_buffer() does
not compute the value of xdr->end correctly:
* The check to see if we're on the final available page in xdr->buf
needs to account for the space consumed by @nbytes.
* The new xdr->end value needs to account for the portion of @nbytes
that is to be encoded into the previous buffer.
Fixes: 2825a7f90753 ("nfsd4: allow encoding across page boundaries")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: NeilBrown <neilb@suse.de>
Reviewed-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xdr.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 7ef37054071f..cb8740d15633 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -608,7 +608,11 @@ static __be32 *xdr_get_next_encode_buffer(struct xdr_stream *xdr,
*/
xdr->p = (void *)p + frag2bytes;
space_left = xdr->buf->buflen - xdr->buf->len;
- xdr->end = (void *)p + min_t(int, space_left, PAGE_SIZE);
+ if (space_left - nbytes >= PAGE_SIZE)
+ xdr->end = (void *)p + PAGE_SIZE;
+ else
+ xdr->end = (void *)p + space_left - frag1bytes;
+
xdr->buf->page_len += frag2bytes;
xdr->buf->len += nbytes;
return p;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 357/411] net: mdio: unexport __init-annotated mdio_bus_init()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 356/411] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 358/411] net: xfrm: unexport __init-annotated xfrm4_protocol_init() Greg Kroah-Hartman
` (58 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Florian Fainelli, Russell King (Oracle),
Jakub Kicinski, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 35b42dce619701f1300fb8498dae82c9bb1f0263 ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site,
drivers/net/phy/phy_device.c is never compiled as modular.
(CONFIG_PHYLIB is boolean)
Fixes: 90eff9096c01 ("net: phy: Allow splitting MDIO bus/device support from PHYs")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/mdio_bus.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index b0a439248ff6..05c24db507a2 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -753,7 +753,6 @@ int __init mdio_bus_init(void)
return ret;
}
-EXPORT_SYMBOL_GPL(mdio_bus_init);
#if IS_ENABLED(CONFIG_PHYLIB)
void mdio_bus_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 358/411] net: xfrm: unexport __init-annotated xfrm4_protocol_init()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 357/411] net: mdio: unexport __init-annotated mdio_bus_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 359/411] net: ipv6: unexport __init-annotated seg6_hmac_init() Greg Kroah-Hartman
` (57 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Steffen Klassert, Jakub Kicinski, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 4a388f08d8784af48f352193d2b72aaf167a57a1 ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site,
net/ipv4/xfrm4_policy.c is never compiled as modular.
(CONFIG_XFRM is boolean)
Fixes: 2f32b51b609f ("xfrm: Introduce xfrm_input_afinfo to access the the callbacks properly")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/xfrm4_protocol.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c
index 8a4285712808..9031b7732fec 100644
--- a/net/ipv4/xfrm4_protocol.c
+++ b/net/ipv4/xfrm4_protocol.c
@@ -298,4 +298,3 @@ void __init xfrm4_protocol_init(void)
{
xfrm_input_register_afinfo(&xfrm4_input_afinfo);
}
-EXPORT_SYMBOL(xfrm4_protocol_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 359/411] net: ipv6: unexport __init-annotated seg6_hmac_init()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 358/411] net: xfrm: unexport __init-annotated xfrm4_protocol_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 360/411] net/mlx5: Rearm the FW tracer after each tracer event Greg Kroah-Hartman
` (56 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Jakub Kicinski, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 5801f064e35181c71857a80ff18af4dbec3c5f5c ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the caller (net/ipv6/seg6.c)
and the callee (net/ipv6/seg6_hmac.c) belong to the same module.
It seems an internal function call in ipv6.ko.
Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/seg6_hmac.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index ffcfcd2b128f..a4cad71c4204 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -401,7 +401,6 @@ int __init seg6_hmac_init(void)
{
return seg6_hmac_init_algo();
}
-EXPORT_SYMBOL(seg6_hmac_init);
int __net_init seg6_hmac_net_init(struct net *net)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 360/411] net/mlx5: Rearm the FW tracer after each tracer event
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 359/411] net: ipv6: unexport __init-annotated seg6_hmac_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 361/411] net/mlx5: fs, fail conflicting actions Greg Kroah-Hartman
` (55 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Feras Daoud, Roy Novich,
Moshe Shemesh, Saeed Mahameed, Sasha Levin
From: Feras Daoud <ferasda@nvidia.com>
[ Upstream commit 8bf94e6414c9481bfa28269022688ab445d0081d ]
The current design does not arm the tracer if traces are available before
the tracer string database is fully loaded, leading to an unfunctional tracer.
This fix will rearm the tracer every time the FW triggers tracer event
regardless of the tracer strings database status.
Fixes: c71ad41ccb0c ("net/mlx5: FW tracer, events handling")
Signed-off-by: Feras Daoud <ferasda@nvidia.com>
Signed-off-by: Roy Novich <royno@nvidia.com>
Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
index 97359417c6e7..f8144ce7e476 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
@@ -673,6 +673,9 @@ static void mlx5_fw_tracer_handle_traces(struct work_struct *work)
if (!tracer->owner)
return;
+ if (unlikely(!tracer->str_db.loaded))
+ goto arm;
+
block_count = tracer->buff.size / TRACER_BLOCK_SIZE_BYTE;
start_offset = tracer->buff.consumer_index * TRACER_BLOCK_SIZE_BYTE;
@@ -730,6 +733,7 @@ static void mlx5_fw_tracer_handle_traces(struct work_struct *work)
&tmp_trace_block[TRACES_PER_BLOCK - 1]);
}
+arm:
mlx5_fw_tracer_arm(dev);
}
@@ -1084,8 +1088,7 @@ static int fw_tracer_event(struct notifier_block *nb, unsigned long action, void
queue_work(tracer->work_queue, &tracer->ownership_change_work);
break;
case MLX5_TRACER_SUBTYPE_TRACES_AVAILABLE:
- if (likely(tracer->str_db.loaded))
- queue_work(tracer->work_queue, &tracer->handle_traces_work);
+ queue_work(tracer->work_queue, &tracer->handle_traces_work);
break;
default:
mlx5_core_dbg(dev, "FWTracer: Event with unrecognized subtype: sub_type %d\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 361/411] net/mlx5: fs, fail conflicting actions
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 360/411] net/mlx5: Rearm the FW tracer after each tracer event Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 362/411] ip_gre: test csum_start instead of transport header Greg Kroah-Hartman
` (54 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Bloch, Maor Gottlieb,
Saeed Mahameed, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit 8fa5e7b20e01042b14f8cd684d2da9b638460c74 ]
When combining two steering rules into one check
not only do they share the same actions but those
actions are also the same. This resolves an issue where
when creating two different rules with the same match
the actions are overwritten and one of the rules is deleted
a FW syndrome can be seen in dmesg.
mlx5_core 0000:03:00.0: mlx5_cmd_check:819:(pid 2105): DEALLOC_MODIFY_HEADER_CONTEXT(0x941) op_mod(0x0) failed, status bad resource state(0x9), syndrome (0x1ab444)
Fixes: 0d235c3fabb7 ("net/mlx5: Add hash table to search FTEs in a flow-group")
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/mellanox/mlx5/core/fs_core.c | 35 +++++++++++++++++--
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 8c8b68e7abb4..41087c0618c1 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -1450,9 +1450,22 @@ static struct mlx5_flow_rule *find_flow_rule(struct fs_fte *fte,
return NULL;
}
-static bool check_conflicting_actions(u32 action1, u32 action2)
+static bool check_conflicting_actions_vlan(const struct mlx5_fs_vlan *vlan0,
+ const struct mlx5_fs_vlan *vlan1)
{
- u32 xored_actions = action1 ^ action2;
+ return vlan0->ethtype != vlan1->ethtype ||
+ vlan0->vid != vlan1->vid ||
+ vlan0->prio != vlan1->prio;
+}
+
+static bool check_conflicting_actions(const struct mlx5_flow_act *act1,
+ const struct mlx5_flow_act *act2)
+{
+ u32 action1 = act1->action;
+ u32 action2 = act2->action;
+ u32 xored_actions;
+
+ xored_actions = action1 ^ action2;
/* if one rule only wants to count, it's ok */
if (action1 == MLX5_FLOW_CONTEXT_ACTION_COUNT ||
@@ -1469,6 +1482,22 @@ static bool check_conflicting_actions(u32 action1, u32 action2)
MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2))
return true;
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT &&
+ act1->pkt_reformat != act2->pkt_reformat)
+ return true;
+
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR &&
+ act1->modify_hdr != act2->modify_hdr)
+ return true;
+
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH &&
+ check_conflicting_actions_vlan(&act1->vlan[0], &act2->vlan[0]))
+ return true;
+
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2 &&
+ check_conflicting_actions_vlan(&act1->vlan[1], &act2->vlan[1]))
+ return true;
+
return false;
}
@@ -1476,7 +1505,7 @@ static int check_conflicting_ftes(struct fs_fte *fte,
const struct mlx5_flow_context *flow_context,
const struct mlx5_flow_act *flow_act)
{
- if (check_conflicting_actions(flow_act->action, fte->action.action)) {
+ if (check_conflicting_actions(flow_act, &fte->action)) {
mlx5_core_warn(get_dev(&fte->node),
"Found two FTEs with conflicting actions\n");
return -EEXIST;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 362/411] ip_gre: test csum_start instead of transport header
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 361/411] net/mlx5: fs, fail conflicting actions Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 363/411] net: altera: Fix refcount leak in altera_tse_mdio_create Greg Kroah-Hartman
` (53 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Willem de Bruijn,
Eric Dumazet, Alexander Duyck, Jakub Kicinski, Sasha Levin
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 8d21e9963bec1aad2280cdd034c8993033ef2948 ]
GRE with TUNNEL_CSUM will apply local checksum offload on
CHECKSUM_PARTIAL packets.
ipgre_xmit must validate csum_start after an optional skb_pull,
else lco_csum may trigger an overflow. The original check was
if (csum && skb_checksum_start(skb) < skb->data)
return -EINVAL;
This had false positives when skb_checksum_start is undefined:
when ip_summed is not CHECKSUM_PARTIAL. A discussed refinement
was straightforward
if (csum && skb->ip_summed == CHECKSUM_PARTIAL &&
skb_checksum_start(skb) < skb->data)
return -EINVAL;
But was eventually revised more thoroughly:
- restrict the check to the only branch where needed, in an
uncommon GRE path that uses header_ops and calls skb_pull.
- test skb_transport_header, which is set along with csum_start
in skb_partial_csum_set in the normal header_ops datapath.
Turns out skbs can arrive in this branch without the transport
header set, e.g., through BPF redirection.
Revise the check back to check csum_start directly, and only if
CHECKSUM_PARTIAL. Do leave the check in the updated location.
Check field regardless of whether TUNNEL_CSUM is configured.
Link: https://lore.kernel.org/netdev/YS+h%2FtqCJJiQei+W@shredder/
Link: https://lore.kernel.org/all/20210902193447.94039-2-willemdebruijn.kernel@gmail.com/T/#u
Fixes: 8a0ed250f911 ("ip_gre: validate csum_start only on pull")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Link: https://lore.kernel.org/r/20220606132107.3582565-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_gre.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 5b38d03f6d79..614410a6db44 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -602,21 +602,20 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
}
if (dev->header_ops) {
- const int pull_len = tunnel->hlen + sizeof(struct iphdr);
-
if (skb_cow_head(skb, 0))
goto free_skb;
tnl_params = (const struct iphdr *)skb->data;
- if (pull_len > skb_transport_offset(skb))
- goto free_skb;
-
/* Pull skb since ip_tunnel_xmit() needs skb->data pointing
* to gre header.
*/
- skb_pull(skb, pull_len);
+ skb_pull(skb, tunnel->hlen + sizeof(struct iphdr));
skb_reset_mac_header(skb);
+
+ if (skb->ip_summed == CHECKSUM_PARTIAL &&
+ skb_checksum_start(skb) < skb->data)
+ goto free_skb;
} else {
if (skb_cow_head(skb, dev->needed_headroom))
goto free_skb;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 363/411] net: altera: Fix refcount leak in altera_tse_mdio_create
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 362/411] ip_gre: test csum_start instead of transport header Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 364/411] drm: imx: fix compiler warning with gcc-12 Greg Kroah-Hartman
` (52 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Jakub Kicinski, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 11ec18b1d8d92b9df307d31950dcba0b3dd7283c ]
Every iteration of for_each_child_of_node() decrements
the reference count of the previous node.
When break from a for_each_child_of_node() loop,
we need to explicitly call of_node_put() on the child node when
not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: bbd2190ce96d ("Altera TSE: Add main and header file for Altera Ethernet Driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220607041144.7553-1-linmq006@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/altera/altera_tse_main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/altera/altera_tse_main.c b/drivers/net/ethernet/altera/altera_tse_main.c
index 1f8c3b669dc1..f36536114790 100644
--- a/drivers/net/ethernet/altera/altera_tse_main.c
+++ b/drivers/net/ethernet/altera/altera_tse_main.c
@@ -163,7 +163,8 @@ static int altera_tse_mdio_create(struct net_device *dev, unsigned int id)
mdio = mdiobus_alloc();
if (mdio == NULL) {
netdev_err(dev, "Error allocating MDIO bus\n");
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto put_node;
}
mdio->name = ALTERA_TSE_RESOURCE_NAME;
@@ -180,6 +181,7 @@ static int altera_tse_mdio_create(struct net_device *dev, unsigned int id)
mdio->id);
goto out_free_mdio;
}
+ of_node_put(mdio_node);
if (netif_msg_drv(priv))
netdev_info(dev, "MDIO bus %s: created\n", mdio->id);
@@ -189,6 +191,8 @@ static int altera_tse_mdio_create(struct net_device *dev, unsigned int id)
out_free_mdio:
mdiobus_free(mdio);
mdio = NULL;
+put_node:
+ of_node_put(mdio_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 364/411] drm: imx: fix compiler warning with gcc-12
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 363/411] net: altera: Fix refcount leak in altera_tse_mdio_create Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 365/411] iio: dummy: iio_simple_dummy: check the return value of kstrdup() Greg Kroah-Hartman
` (51 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Zabel, Linus Torvalds, Sasha Levin
From: Linus Torvalds <torvalds@linux-foundation.org>
[ Upstream commit 7aefd8b53815274f3ef398d370a3c9b27dd9f00c ]
Gcc-12 correctly warned about this code using a non-NULL pointer as a
truth value:
drivers/gpu/drm/imx/ipuv3-crtc.c: In function ‘ipu_crtc_disable_planes’:
drivers/gpu/drm/imx/ipuv3-crtc.c:72:21: error: the comparison will always evaluate as ‘true’ for the address of ‘plane’ will never be NULL [-Werror=address]
72 | if (&ipu_crtc->plane[1] && plane == &ipu_crtc->plane[1]->base)
| ^
due to the extraneous '&' address-of operator.
Philipp Zabel points out that The mistake had no adverse effect since
the following condition doesn't actually dereference the NULL pointer,
but the intent of the code was obviously to check for it, not to take
the address of the member.
Fixes: eb8c88808c83 ("drm/imx: add deferred plane disabling")
Acked-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/imx/ipuv3-crtc.c b/drivers/gpu/drm/imx/ipuv3-crtc.c
index 2256c9789fc2..f19264e91d4d 100644
--- a/drivers/gpu/drm/imx/ipuv3-crtc.c
+++ b/drivers/gpu/drm/imx/ipuv3-crtc.c
@@ -68,7 +68,7 @@ static void ipu_crtc_disable_planes(struct ipu_crtc *ipu_crtc,
drm_atomic_crtc_state_for_each_plane(plane, old_crtc_state) {
if (plane == &ipu_crtc->plane[0]->base)
disable_full = true;
- if (&ipu_crtc->plane[1] && plane == &ipu_crtc->plane[1]->base)
+ if (ipu_crtc->plane[1] && plane == &ipu_crtc->plane[1]->base)
disable_partial = true;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 365/411] iio: dummy: iio_simple_dummy: check the return value of kstrdup()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 364/411] drm: imx: fix compiler warning with gcc-12 Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 366/411] iio: st_sensors: Add a local lock for protecting odr Greg Kroah-Hartman
` (50 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaoke Wang, Jonathan Cameron, Sasha Levin
From: Xiaoke Wang <xkernel.wang@foxmail.com>
[ Upstream commit ba93642188a6fed754bf7447f638bc410e05a929 ]
kstrdup() is also a memory allocation-related function, it returns NULL
when some memory errors happen. So it is better to check the return
value of it so to catch the memory error in time. Besides, there should
have a kfree() to clear up the allocation if we get a failure later in
this function to prevent memory leak.
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_C920CFCC33B9CC1C63141FE1334A39FF8508@qq.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/dummy/iio_simple_dummy.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/iio/dummy/iio_simple_dummy.c b/drivers/iio/dummy/iio_simple_dummy.c
index 6cb02299a215..18cfe1cb7a40 100644
--- a/drivers/iio/dummy/iio_simple_dummy.c
+++ b/drivers/iio/dummy/iio_simple_dummy.c
@@ -568,10 +568,9 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
struct iio_sw_device *swd;
swd = kzalloc(sizeof(*swd), GFP_KERNEL);
- if (!swd) {
- ret = -ENOMEM;
- goto error_kzalloc;
- }
+ if (!swd)
+ return ERR_PTR(-ENOMEM);
+
/*
* Allocate an IIO device.
*
@@ -583,7 +582,7 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
indio_dev = iio_device_alloc(sizeof(*st));
if (!indio_dev) {
ret = -ENOMEM;
- goto error_ret;
+ goto error_free_swd;
}
st = iio_priv(indio_dev);
@@ -614,6 +613,10 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
* indio_dev->name = spi_get_device_id(spi)->name;
*/
indio_dev->name = kstrdup(name, GFP_KERNEL);
+ if (!indio_dev->name) {
+ ret = -ENOMEM;
+ goto error_free_device;
+ }
/* Provide description of available channels */
indio_dev->channels = iio_dummy_channels;
@@ -630,7 +633,7 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
ret = iio_simple_dummy_events_register(indio_dev);
if (ret < 0)
- goto error_free_device;
+ goto error_free_name;
ret = iio_simple_dummy_configure_buffer(indio_dev);
if (ret < 0)
@@ -647,11 +650,12 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
iio_simple_dummy_unconfigure_buffer(indio_dev);
error_unregister_events:
iio_simple_dummy_events_unregister(indio_dev);
+error_free_name:
+ kfree(indio_dev->name);
error_free_device:
iio_device_free(indio_dev);
-error_ret:
+error_free_swd:
kfree(swd);
-error_kzalloc:
return ERR_PTR(ret);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 366/411] iio: st_sensors: Add a local lock for protecting odr
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 365/411] iio: dummy: iio_simple_dummy: check the return value of kstrdup() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 367/411] lkdtm/usercopy: Expand size of "out of frame" object Greg Kroah-Hartman
` (49 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Cameron, Denis Ciocca,
Miquel Raynal, Jonathan Cameron, Sasha Levin
From: Miquel Raynal <miquel.raynal@bootlin.com>
[ Upstream commit 474010127e2505fc463236470908e1ff5ddb3578 ]
Right now the (framework) mlock lock is (ab)used for multiple purposes:
1- protecting concurrent accesses over the odr local cache
2- avoid changing samplig frequency whilst buffer is running
Let's start by handling situation #1 with a local lock.
Suggested-by: Jonathan Cameron <jic23@kernel.org>
Cc: Denis Ciocca <denis.ciocca@st.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/r/20220207143840.707510-7-miquel.raynal@bootlin.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../iio/common/st_sensors/st_sensors_core.c | 24 ++++++++++++++-----
include/linux/iio/common/st_sensors.h | 3 +++
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/drivers/iio/common/st_sensors/st_sensors_core.c b/drivers/iio/common/st_sensors/st_sensors_core.c
index 364683783ae5..c25b0bc89b0c 100644
--- a/drivers/iio/common/st_sensors/st_sensors_core.c
+++ b/drivers/iio/common/st_sensors/st_sensors_core.c
@@ -76,16 +76,18 @@ static int st_sensors_match_odr(struct st_sensor_settings *sensor_settings,
int st_sensors_set_odr(struct iio_dev *indio_dev, unsigned int odr)
{
- int err;
+ int err = 0;
struct st_sensor_odr_avl odr_out = {0, 0};
struct st_sensor_data *sdata = iio_priv(indio_dev);
+ mutex_lock(&sdata->odr_lock);
+
if (!sdata->sensor_settings->odr.mask)
- return 0;
+ goto unlock_mutex;
err = st_sensors_match_odr(sdata->sensor_settings, odr, &odr_out);
if (err < 0)
- goto st_sensors_match_odr_error;
+ goto unlock_mutex;
if ((sdata->sensor_settings->odr.addr ==
sdata->sensor_settings->pw.addr) &&
@@ -108,7 +110,9 @@ int st_sensors_set_odr(struct iio_dev *indio_dev, unsigned int odr)
if (err >= 0)
sdata->odr = odr_out.hz;
-st_sensors_match_odr_error:
+unlock_mutex:
+ mutex_unlock(&sdata->odr_lock);
+
return err;
}
EXPORT_SYMBOL(st_sensors_set_odr);
@@ -384,6 +388,8 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev,
struct st_sensors_platform_data *of_pdata;
int err = 0;
+ mutex_init(&sdata->odr_lock);
+
/* If OF/DT pdata exists, it will take precedence of anything else */
of_pdata = st_sensors_of_probe(indio_dev->dev.parent, pdata);
if (of_pdata)
@@ -575,18 +581,24 @@ int st_sensors_read_info_raw(struct iio_dev *indio_dev,
err = -EBUSY;
goto out;
} else {
+ mutex_lock(&sdata->odr_lock);
err = st_sensors_set_enable(indio_dev, true);
- if (err < 0)
+ if (err < 0) {
+ mutex_unlock(&sdata->odr_lock);
goto out;
+ }
msleep((sdata->sensor_settings->bootime * 1000) / sdata->odr);
err = st_sensors_read_axis_data(indio_dev, ch, val);
- if (err < 0)
+ if (err < 0) {
+ mutex_unlock(&sdata->odr_lock);
goto out;
+ }
*val = *val >> ch->scan_type.shift;
err = st_sensors_set_enable(indio_dev, false);
+ mutex_unlock(&sdata->odr_lock);
}
out:
mutex_unlock(&indio_dev->mlock);
diff --git a/include/linux/iio/common/st_sensors.h b/include/linux/iio/common/st_sensors.h
index 686be532f4cb..7816bf070f83 100644
--- a/include/linux/iio/common/st_sensors.h
+++ b/include/linux/iio/common/st_sensors.h
@@ -228,6 +228,7 @@ struct st_sensor_settings {
* @hw_irq_trigger: if we're using the hardware interrupt on the sensor.
* @hw_timestamp: Latest timestamp from the interrupt handler, when in use.
* @buffer_data: Data used by buffer part.
+ * @odr_lock: Local lock for preventing concurrent ODR accesses/changes
*/
struct st_sensor_data {
struct device *dev;
@@ -253,6 +254,8 @@ struct st_sensor_data {
s64 hw_timestamp;
char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned;
+
+ struct mutex odr_lock;
};
#ifdef CONFIG_IIO_BUFFER
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 367/411] lkdtm/usercopy: Expand size of "out of frame" object
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 366/411] iio: st_sensors: Add a local lock for protecting odr Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 368/411] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Greg Kroah-Hartman
` (48 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Muhammad Usama Anjum, Arnd Bergmann,
Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit f387e86d3a74407bdd9c5815820ac9d060962840 ]
To be sufficiently out of range for the usercopy test to see the lifetime
mismatch, expand the size of the "bad" buffer, which will let it be
beyond current_stack_pointer regardless of stack growth direction.
Paired with the recent addition of stack depth checking under
CONFIG_HARDENED_USERCOPY=y, this will correctly start tripping again.
Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Link: https://lore.kernel.org/lkml/762faf1b-0443-5ddf-4430-44a20cf2ec4d@collabora.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/lkdtm/usercopy.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c
index e172719dd86d..4617c63b1026 100644
--- a/drivers/misc/lkdtm/usercopy.c
+++ b/drivers/misc/lkdtm/usercopy.c
@@ -30,12 +30,12 @@ static const unsigned char test_text[] = "This is a test.\n";
*/
static noinline unsigned char *trick_compiler(unsigned char *stack)
{
- return stack + 0;
+ return stack + unconst;
}
static noinline unsigned char *do_usercopy_stack_callee(int value)
{
- unsigned char buf[32];
+ unsigned char buf[128];
int i;
/* Exercise stack to avoid everything living in registers. */
@@ -43,7 +43,12 @@ static noinline unsigned char *do_usercopy_stack_callee(int value)
buf[i] = value & 0xff;
}
- return trick_compiler(buf);
+ /*
+ * Put the target buffer in the middle of stack allocation
+ * so that we don't step on future stack users regardless
+ * of stack growth direction.
+ */
+ return trick_compiler(&buf[(128/2)-32]);
}
static noinline void do_usercopy_stack(bool to_user, bool bad_frame)
@@ -66,6 +71,12 @@ static noinline void do_usercopy_stack(bool to_user, bool bad_frame)
bad_stack -= sizeof(unsigned long);
}
+#ifdef ARCH_HAS_CURRENT_STACK_POINTER
+ pr_info("stack : %px\n", (void *)current_stack_pointer);
+#endif
+ pr_info("good_stack: %px-%px\n", good_stack, good_stack + sizeof(good_stack));
+ pr_info("bad_stack : %px-%px\n", bad_stack, bad_stack + sizeof(good_stack));
+
user_addr = vm_mmap(NULL, 0, PAGE_SIZE,
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_ANONYMOUS | MAP_PRIVATE, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 368/411] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 367/411] lkdtm/usercopy: Expand size of "out of frame" object Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 369/411] tty: Fix a possible resource leak in icom_probe Greg Kroah-Hartman
` (47 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Zheyu Ma, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 689ca31c542687709ba21ec2195c1fbce34fd029 ]
When the driver fails at alloc_hdlcdev(), and then we remove the driver
module, we will get the following splat:
[ 25.065966] general protection fault, probably for non-canonical address 0xdffffc0000000182: 0000 [#1] PREEMPT SMP KASAN PTI
[ 25.066914] KASAN: null-ptr-deref in range [0x0000000000000c10-0x0000000000000c17]
[ 25.069262] RIP: 0010:detach_hdlc_protocol+0x2a/0x3e0
[ 25.077709] Call Trace:
[ 25.077924] <TASK>
[ 25.078108] unregister_hdlc_device+0x16/0x30
[ 25.078481] slgt_cleanup+0x157/0x9f0 [synclink_gt]
Fix this by checking whether the 'info->netdev' is a null pointer first.
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Link: https://lore.kernel.org/r/20220410114814.3920474-1-zheyuma97@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/synclink_gt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c
index ff345a8e0fcc..b72471373c71 100644
--- a/drivers/tty/synclink_gt.c
+++ b/drivers/tty/synclink_gt.c
@@ -1752,6 +1752,8 @@ static int hdlcdev_init(struct slgt_info *info)
*/
static void hdlcdev_exit(struct slgt_info *info)
{
+ if (!info->netdev)
+ return;
unregister_hdlc_device(info->netdev);
free_netdev(info->netdev);
info->netdev = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 369/411] tty: Fix a possible resource leak in icom_probe
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 368/411] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 370/411] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Greg Kroah-Hartman
` (46 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Huang Guobin, Sasha Levin
From: Huang Guobin <huangguobin4@huawei.com>
[ Upstream commit ee157a79e7c82b01ae4c25de0ac75899801f322c ]
When pci_read_config_dword failed, call pci_release_regions() and
pci_disable_device() to recycle the resource previously allocated.
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Huang Guobin <huangguobin4@huawei.com>
Link: https://lore.kernel.org/r/20220331091005.3290753-1-huangguobin4@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/icom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/icom.c b/drivers/tty/serial/icom.c
index 624f3d541c68..d047380259b5 100644
--- a/drivers/tty/serial/icom.c
+++ b/drivers/tty/serial/icom.c
@@ -1499,7 +1499,7 @@ static int icom_probe(struct pci_dev *dev,
retval = pci_read_config_dword(dev, PCI_COMMAND, &command_reg);
if (retval) {
dev_err(&dev->dev, "PCI Config read FAILED\n");
- return retval;
+ goto probe_exit0;
}
pci_write_config_dword(dev, PCI_COMMAND,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 370/411] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 369/411] tty: Fix a possible resource leak in icom_probe Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 371/411] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Greg Kroah-Hartman
` (45 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 806c7b53414934ba2a39449b31fd1a038e500273 ]
There is a deadlock in ieee80211_beacons_stop(), which is shown below:
(Thread 1) | (Thread 2)
| ieee80211_send_beacon()
ieee80211_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | ieee80211_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and use
del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, ieee80211_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417135407.109536-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
index 33a6af7aad22..a869694337f7 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
@@ -528,9 +528,9 @@ static void ieee80211_beacons_stop(struct ieee80211_device *ieee)
spin_lock_irqsave(&ieee->beacon_lock, flags);
ieee->beacon_txing = 0;
- del_timer_sync(&ieee->beacon_timer);
spin_unlock_irqrestore(&ieee->beacon_lock, flags);
+ del_timer_sync(&ieee->beacon_timer);
}
void ieee80211_stop_send_beacons(struct ieee80211_device *ieee)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 371/411] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 370/411] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 372/411] USB: host: isp116x: check return value after calling platform_get_resource() Greg Kroah-Hartman
` (44 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 9b6bdbd9337de3917945847bde262a34a87a6303 ]
There is a deadlock in rtllib_beacons_stop(), which is shown
below:
(Thread 1) | (Thread 2)
| rtllib_send_beacon()
rtllib_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | rtllib_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, rtllib_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417141641.124388-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib_softmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192e/rtllib_softmac.c b/drivers/staging/rtl8192e/rtllib_softmac.c
index 4ff8fd694c60..0154f5791b12 100644
--- a/drivers/staging/rtl8192e/rtllib_softmac.c
+++ b/drivers/staging/rtl8192e/rtllib_softmac.c
@@ -651,9 +651,9 @@ static void rtllib_beacons_stop(struct rtllib_device *ieee)
spin_lock_irqsave(&ieee->beacon_lock, flags);
ieee->beacon_txing = 0;
- del_timer_sync(&ieee->beacon_timer);
spin_unlock_irqrestore(&ieee->beacon_lock, flags);
+ del_timer_sync(&ieee->beacon_timer);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 372/411] USB: host: isp116x: check return value after calling platform_get_resource()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 371/411] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 373/411] drivers: tty: serial: Fix deadlock in sa1100_set_termios() Greg Kroah-Hartman
` (43 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhen Ni, Sasha Levin
From: Zhen Ni <nizhen@uniontech.com>
[ Upstream commit 134a3408c2d3f7e23eb0e4556e0a2d9f36c2614e ]
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
Signed-off-by: Zhen Ni <nizhen@uniontech.com>
Link: https://lore.kernel.org/r/20220302033716.31272-1-nizhen@uniontech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/isp116x-hcd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/host/isp116x-hcd.c b/drivers/usb/host/isp116x-hcd.c
index a87c0b26279e..00a4e12a1f15 100644
--- a/drivers/usb/host/isp116x-hcd.c
+++ b/drivers/usb/host/isp116x-hcd.c
@@ -1541,10 +1541,12 @@ static int isp116x_remove(struct platform_device *pdev)
iounmap(isp116x->data_reg);
res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
- release_mem_region(res->start, 2);
+ if (res)
+ release_mem_region(res->start, 2);
iounmap(isp116x->addr_reg);
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- release_mem_region(res->start, 2);
+ if (res)
+ release_mem_region(res->start, 2);
usb_put_hcd(hcd);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 373/411] drivers: tty: serial: Fix deadlock in sa1100_set_termios()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 372/411] USB: host: isp116x: check return value after calling platform_get_resource() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 374/411] drivers: usb: host: Fix deadlock in oxu_bus_suspend() Greg Kroah-Hartman
` (42 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 62b2caef400c1738b6d22f636c628d9f85cd4c4c ]
There is a deadlock in sa1100_set_termios(), which is shown
below:
(Thread 1) | (Thread 2)
| sa1100_enable_ms()
sa1100_set_termios() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | sa1100_timeout()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold sport->port.lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need sport->port.lock in position (2) of thread 2. As a result,
sa1100_set_termios() will block forever.
This patch moves del_timer_sync() before spin_lock_irqsave()
in order to prevent the deadlock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417111626.7802-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sa1100.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/sa1100.c b/drivers/tty/serial/sa1100.c
index 8e618129e65c..ff4b44bdf6b6 100644
--- a/drivers/tty/serial/sa1100.c
+++ b/drivers/tty/serial/sa1100.c
@@ -454,6 +454,8 @@ sa1100_set_termios(struct uart_port *port, struct ktermios *termios,
baud = uart_get_baud_rate(port, termios, old, 0, port->uartclk/16);
quot = uart_get_divisor(port, baud);
+ del_timer_sync(&sport->timer);
+
spin_lock_irqsave(&sport->port.lock, flags);
sport->port.read_status_mask &= UTSR0_TO_SM(UTSR0_TFS);
@@ -484,8 +486,6 @@ sa1100_set_termios(struct uart_port *port, struct ktermios *termios,
UTSR1_TO_SM(UTSR1_ROR);
}
- del_timer_sync(&sport->timer);
-
/*
* Update the per-port timeout.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 374/411] drivers: usb: host: Fix deadlock in oxu_bus_suspend()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 373/411] drivers: tty: serial: Fix deadlock in sa1100_set_termios() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 375/411] USB: hcd-pci: Fully suspend across freeze/thaw cycle Greg Kroah-Hartman
` (41 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 4d378f2ae58138d4c55684e1d274e7dd94aa6524 ]
There is a deadlock in oxu_bus_suspend(), which is shown below:
(Thread 1) | (Thread 2)
| timer_action()
oxu_bus_suspend() | mod_timer()
spin_lock_irq() //(1) | (wait a time)
... | oxu_watchdog()
del_timer_sync() | spin_lock_irq() //(2)
(wait timer to stop) | ...
We hold oxu->lock in position (1) of thread 1, and use
del_timer_sync() to wait timer to stop, but timer handler
also need oxu->lock in position (2) of thread 2. As a result,
oxu_bus_suspend() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irq(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417120305.64577-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/oxu210hp-hcd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/host/oxu210hp-hcd.c b/drivers/usb/host/oxu210hp-hcd.c
index 65985247fc00..f05b6f2b0865 100644
--- a/drivers/usb/host/oxu210hp-hcd.c
+++ b/drivers/usb/host/oxu210hp-hcd.c
@@ -3906,8 +3906,10 @@ static int oxu_bus_suspend(struct usb_hcd *hcd)
}
}
+ spin_unlock_irq(&oxu->lock);
/* turn off now-idle HC */
del_timer_sync(&oxu->watchdog);
+ spin_lock_irq(&oxu->lock);
ehci_halt(oxu);
hcd->state = HC_STATE_SUSPENDED;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 375/411] USB: hcd-pci: Fully suspend across freeze/thaw cycle
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 374/411] drivers: usb: host: Fix deadlock in oxu_bus_suspend() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 376/411] usb: dwc2: gadget: dont reset gadgets driver->bus Greg Kroah-Hartman
` (40 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Evan Green, Sasha Levin
From: Evan Green <evgreen@chromium.org>
[ Upstream commit 63acaa8e9c65dc34dc249440216f8e977f5d2748 ]
The documentation for the freeze() method says that it "should quiesce
the device so that it doesn't generate IRQs or DMA". The unspoken
consequence of not doing this is that MSIs aimed at non-boot CPUs may
get fully lost if they're sent during the period where the target CPU is
offline.
The current callbacks for USB HCD do not fully quiesce interrupts,
specifically on XHCI. Change to use the full suspend/resume flow for
freeze/thaw to ensure interrupts are fully quiesced. This fixes issues
where USB devices fail to thaw during hibernation because XHCI misses
its interrupt and cannot recover.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Evan Green <evgreen@chromium.org>
Link: https://lore.kernel.org/r/20220421103751.v3.2.I8226c7fdae88329ef70957b96a39b346c69a914e@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/core/hcd-pci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/core/hcd-pci.c b/drivers/usb/core/hcd-pci.c
index 9e26b0143a59..db16efe293e0 100644
--- a/drivers/usb/core/hcd-pci.c
+++ b/drivers/usb/core/hcd-pci.c
@@ -604,10 +604,10 @@ const struct dev_pm_ops usb_hcd_pci_pm_ops = {
.suspend_noirq = hcd_pci_suspend_noirq,
.resume_noirq = hcd_pci_resume_noirq,
.resume = hcd_pci_resume,
- .freeze = check_root_hub_suspended,
+ .freeze = hcd_pci_suspend,
.freeze_noirq = check_root_hub_suspended,
.thaw_noirq = NULL,
- .thaw = NULL,
+ .thaw = hcd_pci_resume,
.poweroff = hcd_pci_suspend,
.poweroff_noirq = hcd_pci_suspend_noirq,
.restore_noirq = hcd_pci_resume_noirq,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 376/411] usb: dwc2: gadget: dont reset gadgets driver->bus
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 375/411] USB: hcd-pci: Fully suspend across freeze/thaw cycle Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 377/411] misc: rtsx: set NULL intfdata when probe fails Greg Kroah-Hartman
` (39 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Sasha Levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 3120aac6d0ecd9accf56894aeac0e265f74d3d5a ]
UDC driver should not touch gadget's driver internals, especially it
should not reset driver->bus. This wasn't harmful so far, but since
commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget
subsystem got it's own bus and messing with ->bus triggers the
following NULL pointer dereference:
dwc2 12480000.hsotg: bound driver g_ether
8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in: ...
CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862
Hardware name: Samsung Exynos (Flattened Device Tree)
PC is at module_add_driver+0x44/0xe8
LR is at sysfs_do_create_link_sd+0x84/0xe0
...
Process modprobe (pid: 620, stack limit = 0x(ptrval))
...
module_add_driver from bus_add_driver+0xf4/0x1e4
bus_add_driver from driver_register+0x78/0x10c
driver_register from usb_gadget_register_driver_owner+0x40/0xb4
usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0
do_one_initcall from do_init_module+0x44/0x1c8
do_init_module from load_module+0x19b8/0x1b9c
load_module from sys_finit_module+0xdc/0xfc
sys_finit_module from ret_fast_syscall+0x0/0x54
Exception stack(0xf1771fa8 to 0xf1771ff0)
...
dwc2 12480000.hsotg: new device is high-speed
---[ end trace 0000000000000000 ]---
Fix this by removing driver->bus entry reset.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20220505104618.22729-1-m.szyprowski@samsung.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc2/gadget.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c
index 379bbf27c7ce..8fd6eefc671c 100644
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -4486,7 +4486,6 @@ static int dwc2_hsotg_udc_start(struct usb_gadget *gadget,
WARN_ON(hsotg->driver);
- driver->driver.bus = NULL;
hsotg->driver = driver;
hsotg->gadget.dev.of_node = hsotg->dev->of_node;
hsotg->gadget.speed = USB_SPEED_UNKNOWN;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 377/411] misc: rtsx: set NULL intfdata when probe fails
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 376/411] usb: dwc2: gadget: dont reset gadgets driver->bus Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 378/411] extcon: Modify extcon device to be created after driver data is set Greg Kroah-Hartman
` (38 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shuah Khan, Sasha Levin
From: Shuah Khan <skhan@linuxfoundation.org>
[ Upstream commit f861d36e021e1ac4a0a2a1f6411d623809975d63 ]
rtsx_usb_probe() doesn't call usb_set_intfdata() to null out the
interface pointer when probe fails. This leaves a stale pointer.
Noticed the missing usb_set_intfdata() while debugging an unrelated
invalid DMA mapping problem.
Fix it with a call to usb_set_intfdata(..., NULL).
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Link: https://lore.kernel.org/r/20220429210913.46804-1-skhan@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cardreader/rtsx_usb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c
index a328cab11014..4aef33d07cc3 100644
--- a/drivers/misc/cardreader/rtsx_usb.c
+++ b/drivers/misc/cardreader/rtsx_usb.c
@@ -667,6 +667,7 @@ static int rtsx_usb_probe(struct usb_interface *intf,
return 0;
out_init_fail:
+ usb_set_intfdata(ucr->pusb_intf, NULL);
usb_free_coherent(ucr->pusb_dev, IOBUF_SIZE, ucr->iobuf,
ucr->iobuf_dma);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 378/411] extcon: Modify extcon device to be created after driver data is set
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 377/411] misc: rtsx: set NULL intfdata when probe fails Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 379/411] clocksource/drivers/sp804: Avoid error on multiple instances Greg Kroah-Hartman
` (37 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, bumwoo lee, Chanwoo Choi, Sasha Levin
From: bumwoo lee <bw365.lee@samsung.com>
[ Upstream commit 5dcc2afe716d69f5112ce035cb14f007461ff189 ]
Currently, someone can invoke the sysfs such as state_show()
intermittently before dev_set_drvdata() is done.
And it can be a cause of kernel Oops because of edev is Null at that time.
So modified the driver registration to after setting drviver data.
- Oops's backtrace.
Backtrace:
[<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show)
[<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show)
[<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show)
[<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read)
[<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read)
[<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read)
[<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read)
[<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read)
[<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read)
[<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)
Signed-off-by: bumwoo lee <bw365.lee@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index 5c9e156cd086..6b905c3d30f4 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1230,19 +1230,14 @@ int extcon_dev_register(struct extcon_dev *edev)
edev->dev.type = &edev->extcon_dev_type;
}
- ret = device_register(&edev->dev);
- if (ret) {
- put_device(&edev->dev);
- goto err_dev;
- }
-
spin_lock_init(&edev->lock);
- edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
- sizeof(*edev->nh), GFP_KERNEL);
- if (!edev->nh) {
- ret = -ENOMEM;
- device_unregister(&edev->dev);
- goto err_dev;
+ if (edev->max_supported) {
+ edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh),
+ GFP_KERNEL);
+ if (!edev->nh) {
+ ret = -ENOMEM;
+ goto err_alloc_nh;
+ }
}
for (index = 0; index < edev->max_supported; index++)
@@ -1253,6 +1248,12 @@ int extcon_dev_register(struct extcon_dev *edev)
dev_set_drvdata(&edev->dev, edev);
edev->state = 0;
+ ret = device_register(&edev->dev);
+ if (ret) {
+ put_device(&edev->dev);
+ goto err_dev;
+ }
+
mutex_lock(&extcon_dev_list_lock);
list_add(&edev->entry, &extcon_dev_list);
mutex_unlock(&extcon_dev_list_lock);
@@ -1260,6 +1261,9 @@ int extcon_dev_register(struct extcon_dev *edev)
return 0;
err_dev:
+ if (edev->max_supported)
+ kfree(edev->nh);
+err_alloc_nh:
if (edev->max_supported)
kfree(edev->extcon_dev_type.groups);
err_alloc_groups:
@@ -1320,6 +1324,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
if (edev->max_supported) {
kfree(edev->extcon_dev_type.groups);
kfree(edev->cables);
+ kfree(edev->nh);
}
put_device(&edev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 379/411] clocksource/drivers/sp804: Avoid error on multiple instances
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 378/411] extcon: Modify extcon device to be created after driver data is set Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 380/411] staging: rtl8712: fix uninit-value in usb_read8() and friends Greg Kroah-Hartman
` (36 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andre Przywara, Robin Murphy,
Daniel Lezcano, Sasha Levin
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit a98399cbc1e05f7b977419f03905501d566cf54e ]
When a machine sports more than one SP804 timer instance, we only bring
up the first one, since multiple timers of the same kind are not useful
to Linux. As this is intentional behaviour, we should not return an
error message, as we do today:
===============
[ 0.000800] Failed to initialize '/bus@8000000/motherboard-bus@8000000/iofpga-bus@300000000/timer@120000': -22
===============
Replace the -EINVAL return with a debug message and return 0 instead.
Also we do not reach the init function anymore if the DT node is
disabled (as this is now handled by OF_DECLARE), so remove the explicit
check for that case.
This fixes a long standing bogus error when booting ARM's fastmodels.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20220506162522.3675399-1-andre.przywara@arm.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-sp804.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/clocksource/timer-sp804.c b/drivers/clocksource/timer-sp804.c
index 9c841980eed1..c9aa0498fb84 100644
--- a/drivers/clocksource/timer-sp804.c
+++ b/drivers/clocksource/timer-sp804.c
@@ -215,6 +215,11 @@ static int __init sp804_of_init(struct device_node *np)
struct clk *clk1, *clk2;
const char *name = of_get_property(np, "compatible", NULL);
+ if (initialized) {
+ pr_debug("%pOF: skipping further SP804 timer device\n", np);
+ return 0;
+ }
+
base = of_iomap(np, 0);
if (!base)
return -ENXIO;
@@ -223,11 +228,6 @@ static int __init sp804_of_init(struct device_node *np)
writel(0, base + TIMER_CTRL);
writel(0, base + TIMER_2_BASE + TIMER_CTRL);
- if (initialized || !of_device_is_available(np)) {
- ret = -EINVAL;
- goto err;
- }
-
clk1 = of_clk_get(np, 0);
if (IS_ERR(clk1))
clk1 = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 380/411] staging: rtl8712: fix uninit-value in usb_read8() and friends
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 379/411] clocksource/drivers/sp804: Avoid error on multiple instances Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 381/411] staging: rtl8712: fix uninit-value in r871xu_drv_init() Greg Kroah-Hartman
` (35 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6f5ecd144854c0d8580b,
Dan Carpenter, Wang Cheng, Sasha Levin
From: Wang Cheng <wanngchenng@gmail.com>
[ Upstream commit d1b57669732d09da7e13ef86d058dab0cd57f6e0 ]
When r8712_usbctrl_vendorreq() returns negative, 'data' in
usb_read{8,16,32} will not be initialized.
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]
BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725
string_nocheck lib/vsprintf.c:643 [inline]
string+0x4ec/0x6f0 lib/vsprintf.c:725
vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
va_format lib/vsprintf.c:1704 [inline]
pointer+0x18e6/0x1f70 lib/vsprintf.c:2443
vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810
vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604
dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615
__dev_printk+0x3be/0x440 drivers/base/core.c:4627
_dev_info+0x1ea/0x22f drivers/base/core.c:4673
r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
really_probe+0x6c7/0x1350 drivers/base/dd.c:621
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
really_probe+0x6c7/0x1350 drivers/base/dd.c:621
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5363 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747
process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289
worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436
kthread+0x3c7/0x500 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
Local variable data created at:
usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33
r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29
KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
Reported-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Tested-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Wang Cheng <wanngchenng@gmail.com>
Link: https://lore.kernel.org/r/b9b7a6ee02c02aa28054f5cf16129977775f3cd9.1652618244.git.wanngchenng@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8712/usb_ops.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/drivers/staging/rtl8712/usb_ops.c b/drivers/staging/rtl8712/usb_ops.c
index e64845e6adf3..af9966d03979 100644
--- a/drivers/staging/rtl8712/usb_ops.c
+++ b/drivers/staging/rtl8712/usb_ops.c
@@ -29,7 +29,8 @@ static u8 usb_read8(struct intf_hdl *intfhdl, u32 addr)
u16 wvalue;
u16 index;
u16 len;
- __le32 data;
+ int status;
+ __le32 data = 0;
struct intf_priv *intfpriv = intfhdl->pintfpriv;
request = 0x05;
@@ -37,8 +38,10 @@ static u8 usb_read8(struct intf_hdl *intfhdl, u32 addr)
index = 0;
wvalue = (u16)(addr & 0x0000ffff);
len = 1;
- r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index, &data, len,
- requesttype);
+ status = r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index,
+ &data, len, requesttype);
+ if (status < 0)
+ return 0;
return (u8)(le32_to_cpu(data) & 0x0ff);
}
@@ -49,7 +52,8 @@ static u16 usb_read16(struct intf_hdl *intfhdl, u32 addr)
u16 wvalue;
u16 index;
u16 len;
- __le32 data;
+ int status;
+ __le32 data = 0;
struct intf_priv *intfpriv = intfhdl->pintfpriv;
request = 0x05;
@@ -57,8 +61,10 @@ static u16 usb_read16(struct intf_hdl *intfhdl, u32 addr)
index = 0;
wvalue = (u16)(addr & 0x0000ffff);
len = 2;
- r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index, &data, len,
- requesttype);
+ status = r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index,
+ &data, len, requesttype);
+ if (status < 0)
+ return 0;
return (u16)(le32_to_cpu(data) & 0xffff);
}
@@ -69,7 +75,8 @@ static u32 usb_read32(struct intf_hdl *intfhdl, u32 addr)
u16 wvalue;
u16 index;
u16 len;
- __le32 data;
+ int status;
+ __le32 data = 0;
struct intf_priv *intfpriv = intfhdl->pintfpriv;
request = 0x05;
@@ -77,8 +84,10 @@ static u32 usb_read32(struct intf_hdl *intfhdl, u32 addr)
index = 0;
wvalue = (u16)(addr & 0x0000ffff);
len = 4;
- r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index, &data, len,
- requesttype);
+ status = r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index,
+ &data, len, requesttype);
+ if (status < 0)
+ return 0;
return le32_to_cpu(data);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 381/411] staging: rtl8712: fix uninit-value in r871xu_drv_init()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 380/411] staging: rtl8712: fix uninit-value in usb_read8() and friends Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 382/411] serial: msm_serial: disable interrupts in __msm_console_write() Greg Kroah-Hartman
` (34 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6f5ecd144854c0d8580b,
Dan Carpenter, Wang Cheng, Sasha Levin
From: Wang Cheng <wanngchenng@gmail.com>
[ Upstream commit 0458e5428e5e959d201a40ffe71d762a79ecedc4 ]
When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,
'mac[6]' will not be initialized.
BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742
process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
kthread+0x3c7/0x500 kernel/kthread.c:377
ret_from_fork+0x1f/0x30
Local variable mac created at:
r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
Reported-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Tested-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Wang Cheng <wanngchenng@gmail.com>
Link: https://lore.kernel.org/r/14c3886173dfa4597f0704547c414cfdbcd11d16.1652618244.git.wanngchenng@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8712/usb_intf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c
index 49188ab04612..f7c1258eaa39 100644
--- a/drivers/staging/rtl8712/usb_intf.c
+++ b/drivers/staging/rtl8712/usb_intf.c
@@ -539,13 +539,13 @@ static int r871xu_drv_init(struct usb_interface *pusb_intf,
} else {
AutoloadFail = false;
}
- if (((mac[0] == 0xff) && (mac[1] == 0xff) &&
+ if ((!AutoloadFail) ||
+ ((mac[0] == 0xff) && (mac[1] == 0xff) &&
(mac[2] == 0xff) && (mac[3] == 0xff) &&
(mac[4] == 0xff) && (mac[5] == 0xff)) ||
((mac[0] == 0x00) && (mac[1] == 0x00) &&
(mac[2] == 0x00) && (mac[3] == 0x00) &&
- (mac[4] == 0x00) && (mac[5] == 0x00)) ||
- (!AutoloadFail)) {
+ (mac[4] == 0x00) && (mac[5] == 0x00))) {
mac[0] = 0x00;
mac[1] = 0xe0;
mac[2] = 0x4c;
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 382/411] serial: msm_serial: disable interrupts in __msm_console_write()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 381/411] staging: rtl8712: fix uninit-value in r871xu_drv_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 383/411] kernfs: Separate kernfs_pr_cont_buf and rename_lock Greg Kroah-Hartman
` (33 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Petr Mladek,
John Ogness, Sasha Levin
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit aabdbb1b7a5819e18c403334a31fb0cc2c06ad41 ]
__msm_console_write() assumes that interrupts are disabled, but
with threaded console printers it is possible that the write()
callback of the console is called with interrupts enabled.
Explicitly disable interrupts using local_irq_save() to preserve
the assumed context.
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Link: https://lore.kernel.org/r/20220506213324.470461-1-john.ogness@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/msm_serial.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
index 5129c2dfbe07..aac96659694d 100644
--- a/drivers/tty/serial/msm_serial.c
+++ b/drivers/tty/serial/msm_serial.c
@@ -1579,6 +1579,7 @@ static inline struct uart_port *msm_get_port_from_line(unsigned int line)
static void __msm_console_write(struct uart_port *port, const char *s,
unsigned int count, bool is_uartdm)
{
+ unsigned long flags;
int i;
int num_newlines = 0;
bool replaced = false;
@@ -1596,6 +1597,8 @@ static void __msm_console_write(struct uart_port *port, const char *s,
num_newlines++;
count += num_newlines;
+ local_irq_save(flags);
+
if (port->sysrq)
locked = 0;
else if (oops_in_progress)
@@ -1641,6 +1644,8 @@ static void __msm_console_write(struct uart_port *port, const char *s,
if (locked)
spin_unlock(&port->lock);
+
+ local_irq_restore(flags);
}
static void msm_console_write(struct console *co, const char *s,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 383/411] kernfs: Separate kernfs_pr_cont_buf and rename_lock.
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 382/411] serial: msm_serial: disable interrupts in __msm_console_write() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 384/411] watchdog: wdat_wdt: Stop watchdog when rebooting the system Greg Kroah-Hartman
` (32 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tejun Heo, Hao Luo, Sasha Levin
From: Hao Luo <haoluo@google.com>
[ Upstream commit 1a702dc88e150487c9c173a249b3d236498b9183 ]
Previously the protection of kernfs_pr_cont_buf was piggy backed by
rename_lock, which means that pr_cont() needs to be protected under
rename_lock. This can cause potential circular lock dependencies.
If there is an OOM, we have the following call hierarchy:
-> cpuset_print_current_mems_allowed()
-> pr_cont_cgroup_name()
-> pr_cont_kernfs_name()
pr_cont_kernfs_name() will grab rename_lock and call printk. So we have
the following lock dependencies:
kernfs_rename_lock -> console_sem
Sometimes, printk does a wakeup before releasing console_sem, which has
the dependence chain:
console_sem -> p->pi_lock -> rq->lock
Now, imagine one wants to read cgroup_name under rq->lock, for example,
printing cgroup_name in a tracepoint in the scheduler code. They will
be holding rq->lock and take rename_lock:
rq->lock -> kernfs_rename_lock
Now they will deadlock.
A prevention to this circular lock dependency is to separate the
protection of pr_cont_buf from rename_lock. In principle, rename_lock
is to protect the integrity of cgroup name when copying to buf. Once
pr_cont_buf has got its content, rename_lock can be dropped. So it's
safe to drop rename_lock after kernfs_name_locked (and
kernfs_path_from_node_locked) and rely on a dedicated pr_cont_lock
to protect pr_cont_buf.
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Hao Luo <haoluo@google.com>
Link: https://lore.kernel.org/r/20220516190951.3144144-1-haoluo@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/kernfs/dir.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index 7d4af6cea2a6..99ee657596b5 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -19,7 +19,15 @@
DEFINE_MUTEX(kernfs_mutex);
static DEFINE_SPINLOCK(kernfs_rename_lock); /* kn->parent and ->name */
-static char kernfs_pr_cont_buf[PATH_MAX]; /* protected by rename_lock */
+/*
+ * Don't use rename_lock to piggy back on pr_cont_buf. We don't want to
+ * call pr_cont() while holding rename_lock. Because sometimes pr_cont()
+ * will perform wakeups when releasing console_sem. Holding rename_lock
+ * will introduce deadlock if the scheduler reads the kernfs_name in the
+ * wakeup path.
+ */
+static DEFINE_SPINLOCK(kernfs_pr_cont_lock);
+static char kernfs_pr_cont_buf[PATH_MAX]; /* protected by pr_cont_lock */
static DEFINE_SPINLOCK(kernfs_idr_lock); /* root->ino_idr */
#define rb_to_kn(X) rb_entry((X), struct kernfs_node, rb)
@@ -230,12 +238,12 @@ void pr_cont_kernfs_name(struct kernfs_node *kn)
{
unsigned long flags;
- spin_lock_irqsave(&kernfs_rename_lock, flags);
+ spin_lock_irqsave(&kernfs_pr_cont_lock, flags);
- kernfs_name_locked(kn, kernfs_pr_cont_buf, sizeof(kernfs_pr_cont_buf));
+ kernfs_name(kn, kernfs_pr_cont_buf, sizeof(kernfs_pr_cont_buf));
pr_cont("%s", kernfs_pr_cont_buf);
- spin_unlock_irqrestore(&kernfs_rename_lock, flags);
+ spin_unlock_irqrestore(&kernfs_pr_cont_lock, flags);
}
/**
@@ -249,10 +257,10 @@ void pr_cont_kernfs_path(struct kernfs_node *kn)
unsigned long flags;
int sz;
- spin_lock_irqsave(&kernfs_rename_lock, flags);
+ spin_lock_irqsave(&kernfs_pr_cont_lock, flags);
- sz = kernfs_path_from_node_locked(kn, NULL, kernfs_pr_cont_buf,
- sizeof(kernfs_pr_cont_buf));
+ sz = kernfs_path_from_node(kn, NULL, kernfs_pr_cont_buf,
+ sizeof(kernfs_pr_cont_buf));
if (sz < 0) {
pr_cont("(error)");
goto out;
@@ -266,7 +274,7 @@ void pr_cont_kernfs_path(struct kernfs_node *kn)
pr_cont("%s", kernfs_pr_cont_buf);
out:
- spin_unlock_irqrestore(&kernfs_rename_lock, flags);
+ spin_unlock_irqrestore(&kernfs_pr_cont_lock, flags);
}
/**
@@ -870,13 +878,12 @@ static struct kernfs_node *kernfs_walk_ns(struct kernfs_node *parent,
lockdep_assert_held(&kernfs_mutex);
- /* grab kernfs_rename_lock to piggy back on kernfs_pr_cont_buf */
- spin_lock_irq(&kernfs_rename_lock);
+ spin_lock_irq(&kernfs_pr_cont_lock);
len = strlcpy(kernfs_pr_cont_buf, path, sizeof(kernfs_pr_cont_buf));
if (len >= sizeof(kernfs_pr_cont_buf)) {
- spin_unlock_irq(&kernfs_rename_lock);
+ spin_unlock_irq(&kernfs_pr_cont_lock);
return NULL;
}
@@ -888,7 +895,7 @@ static struct kernfs_node *kernfs_walk_ns(struct kernfs_node *parent,
parent = kernfs_find_ns(parent, name, ns);
}
- spin_unlock_irq(&kernfs_rename_lock);
+ spin_unlock_irq(&kernfs_pr_cont_lock);
return parent;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 384/411] watchdog: wdat_wdt: Stop watchdog when rebooting the system
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 383/411] kernfs: Separate kernfs_pr_cont_buf and rename_lock Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 385/411] md: protect md_unregister_thread from reentrancy Greg Kroah-Hartman
` (31 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Xinpeng, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
From: Liu Xinpeng <liuxp11@chinatelecom.cn>
[ Upstream commit 27fdf84510a1374748904db43f6755f912736d92 ]
Executing reboot command several times on the machine "Dell
PowerEdge R740", UEFI security detection stopped machine
with the following prompt:
UEFI0082: The system was reset due to a timeout from the watchdog
timer. Check the System Event Log (SEL) or crash dumps from
Operating Sysstem to identify the source that triggered the
watchdog timer reset. Update the firmware or driver for the
identified device.
iDRAC has warning event: "The watchdog timer reset the system".
This patch fixes this issue by adding the reboot notifier.
Signed-off-by: Liu Xinpeng <liuxp11@chinatelecom.cn>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/1650984810-6247-3-git-send-email-liuxp11@chinatelecom.cn
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/wdat_wdt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/watchdog/wdat_wdt.c b/drivers/watchdog/wdat_wdt.c
index 88c5e6361aa0..fddbb39433be 100644
--- a/drivers/watchdog/wdat_wdt.c
+++ b/drivers/watchdog/wdat_wdt.c
@@ -462,6 +462,7 @@ static int wdat_wdt_probe(struct platform_device *pdev)
return ret;
watchdog_set_nowayout(&wdat->wdd, nowayout);
+ watchdog_stop_on_reboot(&wdat->wdd);
return devm_watchdog_register_device(dev, &wdat->wdd);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 385/411] md: protect md_unregister_thread from reentrancy
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 384/411] watchdog: wdat_wdt: Stop watchdog when rebooting the system Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 386/411] scsi: myrb: Fix up null pointer access on myrb_cleanup() Greg Kroah-Hartman
` (30 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Donald Buczek, Guoqing Jiang,
Song Liu, Sasha Levin
From: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
[ Upstream commit 1e267742283a4b5a8ca65755c44166be27e9aa0f ]
Generally, the md_unregister_thread is called with reconfig_mutex, but
raid_message in dm-raid doesn't hold reconfig_mutex to unregister thread,
so md_unregister_thread can be called simulitaneously from two call sites
in theory.
Then after previous commit which remove the protection of reconfig_mutex
for md_unregister_thread completely, the potential issue could be worse
than before.
Let's take pers_lock at the beginning of function to ensure reentrancy.
Reported-by: Donald Buczek <buczek@molgen.mpg.de>
Signed-off-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 4d1ef470f2fa..11fd3b32b562 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7777,17 +7777,22 @@ EXPORT_SYMBOL(md_register_thread);
void md_unregister_thread(struct md_thread **threadp)
{
- struct md_thread *thread = *threadp;
- if (!thread)
- return;
- pr_debug("interrupting MD-thread pid %d\n", task_pid_nr(thread->tsk));
- /* Locking ensures that mddev_unlock does not wake_up a
+ struct md_thread *thread;
+
+ /*
+ * Locking ensures that mddev_unlock does not wake_up a
* non-existent thread
*/
spin_lock(&pers_lock);
+ thread = *threadp;
+ if (!thread) {
+ spin_unlock(&pers_lock);
+ return;
+ }
*threadp = NULL;
spin_unlock(&pers_lock);
+ pr_debug("interrupting MD-thread pid %d\n", task_pid_nr(thread->tsk));
kthread_stop(thread->tsk);
kfree(thread);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 386/411] scsi: myrb: Fix up null pointer access on myrb_cleanup()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 385/411] md: protect md_unregister_thread from reentrancy Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 387/411] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Greg Kroah-Hartman
` (29 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hannes Reinecke,
Martin K. Petersen, Sasha Levin
From: Hannes Reinecke <hare@suse.de>
[ Upstream commit f9f0a46141e2e39bedb4779c88380d1b5f018c14 ]
When myrb_probe() fails the callback might not be set, so we need to
validate the 'disable_intr' callback in myrb_cleanup() to not cause a null
pointer exception. And while at it do not call myrb_cleanup() if we cannot
enable the PCI device at all.
Link: https://lore.kernel.org/r/20220523120244.99515-1-hare@suse.de
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Tested-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/myrb.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c
index 539ac8ce4fcd..35b32920a94a 100644
--- a/drivers/scsi/myrb.c
+++ b/drivers/scsi/myrb.c
@@ -1241,7 +1241,8 @@ static void myrb_cleanup(struct myrb_hba *cb)
myrb_unmap(cb);
if (cb->mmio_base) {
- cb->disable_intr(cb->io_base);
+ if (cb->disable_intr)
+ cb->disable_intr(cb->io_base);
iounmap(cb->mmio_base);
}
if (cb->irq)
@@ -3516,9 +3517,13 @@ static struct myrb_hba *myrb_detect(struct pci_dev *pdev,
mutex_init(&cb->dcmd_mutex);
mutex_init(&cb->dma_mutex);
cb->pdev = pdev;
+ cb->host = shost;
- if (pci_enable_device(pdev))
- goto failure;
+ if (pci_enable_device(pdev)) {
+ dev_err(&pdev->dev, "Failed to enable PCI device\n");
+ scsi_host_put(shost);
+ return NULL;
+ }
if (privdata->hw_init == DAC960_PD_hw_init ||
privdata->hw_init == DAC960_P_hw_init) {
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 387/411] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.4 386/411] scsi: myrb: Fix up null pointer access on myrb_cleanup() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 388/411] ceph: allow ceph.dir.rctime xattr to be updatable Greg Kroah-Hartman
` (28 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Kubecek, Steffen Klassert,
Sasha Levin
From: Michal Kubecek <mkubecek@suse.cz>
[ Upstream commit 9c90c9b3e50e16d03c7f87d63e9db373974781e0 ]
This reverts commit 4dc2a5a8f6754492180741facf2a8787f2c415d7.
A non-zero return value from pfkey_broadcast() does not necessarily mean
an error occurred as this function returns -ESRCH when no registered
listener received the message. In particular, a call with
BROADCAST_PROMISC_ONLY flag and null one_sk argument can never return
zero so that this commit in fact prevents processing any PF_KEY message.
One visible effect is that racoon daemon fails to find encryption
algorithms like aes and refuses to start.
Excluding -ESRCH return value would fix this but it's not obvious that
we really want to bail out here and most other callers of
pfkey_broadcast() also ignore the return value. Also, as pointed out by
Steffen Klassert, PF_KEY is kind of deprecated and newer userspace code
should use netlink instead so that we should only disturb the code for
really important fixes.
v2: add a comment explaining why is the return value ignored
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/key/af_key.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index dd064d5eff6e..32fe99cd01fc 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2830,10 +2830,12 @@ static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb
void *ext_hdrs[SADB_EXT_MAX];
int err;
- err = pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
- BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
- if (err)
- return err;
+ /* Non-zero return value of pfkey_broadcast() does not always signal
+ * an error and even on an actual error we may still want to process
+ * the message so rather ignore the return value.
+ */
+ pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
+ BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
memset(ext_hdrs, 0, sizeof(ext_hdrs));
err = parse_exthdrs(skb, hdr, ext_hdrs);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 388/411] ceph: allow ceph.dir.rctime xattr to be updatable
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 387/411] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 389/411] drm/radeon: fix a possible null pointer dereference Greg Kroah-Hartman
` (27 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Venky Shankar, Xiubo Li,
Ilya Dryomov, Sasha Levin
From: Venky Shankar <vshankar@redhat.com>
[ Upstream commit d7a2dc523085f8b8c60548ceedc696934aefeb0e ]
`rctime' has been a pain point in cephfs due to its buggy
nature - inconsistent values reported and those sorts.
Fixing rctime is non-trivial needing an overall redesign
of the entire nested statistics infrastructure.
As a workaround, PR
http://github.com/ceph/ceph/pull/37938
allows this extended attribute to be manually set. This allows
users to "fixup" inconsistent rctime values. While this sounds
messy, its probably the wisest approach allowing users/scripts
to workaround buggy rctime values.
The above PR enables Ceph MDS to allow manually setting
rctime extended attribute with the corresponding user-land
changes. We may as well allow the same to be done via kclient
for parity.
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/xattr.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index cb18ee637cb7..4bcf0226818d 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -316,6 +316,14 @@ static ssize_t ceph_vxattrcb_snap_btime(struct ceph_inode_info *ci, char *val,
}
#define XATTR_RSTAT_FIELD(_type, _name) \
XATTR_NAME_CEPH(_type, _name, VXATTR_FLAG_RSTAT)
+#define XATTR_RSTAT_FIELD_UPDATABLE(_type, _name) \
+ { \
+ .name = CEPH_XATTR_NAME(_type, _name), \
+ .name_size = sizeof (CEPH_XATTR_NAME(_type, _name)), \
+ .getxattr_cb = ceph_vxattrcb_ ## _type ## _ ## _name, \
+ .exists_cb = NULL, \
+ .flags = VXATTR_FLAG_RSTAT, \
+ }
#define XATTR_LAYOUT_FIELD(_type, _name, _field) \
{ \
.name = CEPH_XATTR_NAME2(_type, _name, _field), \
@@ -353,7 +361,7 @@ static struct ceph_vxattr ceph_dir_vxattrs[] = {
XATTR_RSTAT_FIELD(dir, rfiles),
XATTR_RSTAT_FIELD(dir, rsubdirs),
XATTR_RSTAT_FIELD(dir, rbytes),
- XATTR_RSTAT_FIELD(dir, rctime),
+ XATTR_RSTAT_FIELD_UPDATABLE(dir, rctime),
{
.name = "ceph.dir.pin",
.name_size = sizeof("ceph.dir.pin"),
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 389/411] drm/radeon: fix a possible null pointer dereference
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 388/411] ceph: allow ceph.dir.rctime xattr to be updatable Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 390/411] modpost: fix undefined behavior of is_arm_mapping_symbol() Greg Kroah-Hartman
` (26 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gong Yuanjun, Alex Deucher, Sasha Levin
From: Gong Yuanjun <ruc_gongyuanjun@163.com>
[ Upstream commit a2b28708b645c5632dc93669ab06e97874c8244f ]
In radeon_fp_native_mode(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.
The failure status of drm_cvt_mode() on the other path is checked too.
Signed-off-by: Gong Yuanjun <ruc_gongyuanjun@163.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_connectors.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
index bc63f4cecf5d..ca6ccd69424e 100644
--- a/drivers/gpu/drm/radeon/radeon_connectors.c
+++ b/drivers/gpu/drm/radeon/radeon_connectors.c
@@ -477,6 +477,8 @@ static struct drm_display_mode *radeon_fp_native_mode(struct drm_encoder *encode
native_mode->vdisplay != 0 &&
native_mode->clock != 0) {
mode = drm_mode_duplicate(dev, native_mode);
+ if (!mode)
+ return NULL;
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
drm_mode_set_name(mode);
@@ -491,6 +493,8 @@ static struct drm_display_mode *radeon_fp_native_mode(struct drm_encoder *encode
* simpler.
*/
mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false);
+ if (!mode)
+ return NULL;
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 390/411] modpost: fix undefined behavior of is_arm_mapping_symbol()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 389/411] drm/radeon: fix a possible null pointer dereference Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 391/411] x86/cpu: Elide KCSAN for cpu_has() and friends Greg Kroah-Hartman
` (25 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Nick Desaulniers,
Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit d6b732666a1bae0df3c3ae06925043bba34502b1 ]
The return value of is_arm_mapping_symbol() is unpredictable when "$"
is passed in.
strchr(3) says:
The strchr() and strrchr() functions return a pointer to the matched
character or NULL if the character is not found. The terminating null
byte is considered part of the string, so that if c is specified as
'\0', these functions return a pointer to the terminator.
When str[1] is '\0', strchr("axtd", str[1]) is not NULL, and str[2] is
referenced (i.e. buffer overrun).
Test code
---------
char str1[] = "abc";
char str2[] = "ab";
strcpy(str1, "$");
strcpy(str2, "$");
printf("test1: %d\n", is_arm_mapping_symbol(str1));
printf("test2: %d\n", is_arm_mapping_symbol(str2));
Result
------
test1: 0
test2: 1
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/modpost.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 74e2052f429d..59011ddf8bb8 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1283,7 +1283,8 @@ static int secref_whitelist(const struct sectioncheck *mismatch,
static inline int is_arm_mapping_symbol(const char *str)
{
- return str[0] == '$' && strchr("axtd", str[1])
+ return str[0] == '$' &&
+ (str[1] == 'a' || str[1] == 'd' || str[1] == 't' || str[1] == 'x')
&& (str[2] == '\0' || str[2] == '.');
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 391/411] x86/cpu: Elide KCSAN for cpu_has() and friends
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 390/411] modpost: fix undefined behavior of is_arm_mapping_symbol() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 392/411] nbd: call genl_unregister_family() first in nbd_cleanup() Greg Kroah-Hartman
` (24 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Peter Zijlstra (Intel),
Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit a6a5eb269f6f3a2fe392f725a8d9052190c731e2 ]
As x86 uses the <asm-generic/bitops/instrumented-*.h> headers, the
regular forms of all bitops are instrumented with explicit calls to
KASAN and KCSAN checks. As these are explicit calls, these are not
suppressed by the noinstr function attribute.
This can result in calls to those check functions in noinstr code, which
objtool warns about:
vmlinux.o: warning: objtool: enter_from_user_mode+0x24: call to __kcsan_check_access() leaves .noinstr.text section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode+0x28: call to __kcsan_check_access() leaves .noinstr.text section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode_prepare+0x24: call to __kcsan_check_access() leaves .noinstr.text section
vmlinux.o: warning: objtool: irqentry_enter_from_user_mode+0x24: call to __kcsan_check_access() leaves .noinstr.text section
Prevent this by using the arch_*() bitops, which are the underlying
bitops without explciit instrumentation.
[null: Changelog]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20220502111216.290518605@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/cpufeature.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 59bf91c57aa8..619c1f80a2ab 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -49,7 +49,7 @@ extern const char * const x86_power_flags[32];
extern const char * const x86_bug_flags[NBUGINTS*32];
#define test_cpu_cap(c, bit) \
- test_bit(bit, (unsigned long *)((c)->x86_capability))
+ arch_test_bit(bit, (unsigned long *)((c)->x86_capability))
/*
* There are 32 bits/features in each mask word. The high bits
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 392/411] nbd: call genl_unregister_family() first in nbd_cleanup()
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 391/411] x86/cpu: Elide KCSAN for cpu_has() and friends Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 393/411] nbd: fix race between nbd_alloc_config() and module removal Greg Kroah-Hartman
` (23 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Yu Kuai, Josef Bacik,
Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 06c4da89c24e7023ea448cadf8e9daf06a0aae6e ]
Otherwise there may be race between module removal and the handling of
netlink command, which can lead to the oops as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000098
Oops: 0002 [#1] SMP PTI
CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:down_write+0x1a/0x50
Call Trace:
start_creating+0x89/0x130
debugfs_create_dir+0x1b/0x130
nbd_start_device+0x13d/0x390 [nbd]
nbd_genl_connect+0x42f/0x748 [nbd]
genl_family_rcv_msg_doit.isra.0+0xec/0x150
genl_rcv_msg+0xe5/0x1e0
netlink_rcv_skb+0x55/0x100
genl_rcv+0x29/0x40
netlink_unicast+0x1a8/0x250
netlink_sendmsg+0x21b/0x430
____sys_sendmsg+0x2a4/0x2d0
___sys_sendmsg+0x81/0xc0
__sys_sendmsg+0x62/0xb0
__x64_sys_sendmsg+0x1f/0x30
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Modules linked in: nbd(E-)
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-2-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 510e75435c43..f3425e51a54b 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -2446,6 +2446,12 @@ static void __exit nbd_cleanup(void)
struct nbd_device *nbd;
LIST_HEAD(del_list);
+ /*
+ * Unregister netlink interface prior to waiting
+ * for the completion of netlink commands.
+ */
+ genl_unregister_family(&nbd_genl_family);
+
nbd_dbg_close();
mutex_lock(&nbd_index_mutex);
@@ -2461,7 +2467,6 @@ static void __exit nbd_cleanup(void)
}
idr_destroy(&nbd_index_idr);
- genl_unregister_family(&nbd_genl_family);
unregister_blkdev(NBD_MAJOR, "nbd");
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 393/411] nbd: fix race between nbd_alloc_config() and module removal
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 392/411] nbd: call genl_unregister_family() first in nbd_cleanup() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 394/411] nbd: fix io hung while disconnecting device Greg Kroah-Hartman
` (22 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Yu Kuai, Josef Bacik,
Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit c55b2b983b0fa012942c3eb16384b2b722caa810 ]
When nbd module is being removing, nbd_alloc_config() may be
called concurrently by nbd_genl_connect(), although try_module_get()
will return false, but nbd_alloc_config() doesn't handle it.
The race may lead to the leak of nbd_config and its related
resources (e.g, recv_workq) and oops in nbd_read_stat() due
to the unload of nbd module as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000040
Oops: 0000 [#1] SMP PTI
CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Workqueue: knbd16-recv recv_work [nbd]
RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd]
Call Trace:
recv_work+0x3b/0xb0 [nbd]
process_one_work+0x1ed/0x390
worker_thread+0x4a/0x3d0
kthread+0x12a/0x150
ret_from_fork+0x22/0x30
Fixing it by checking the return value of try_module_get()
in nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV),
assign nbd->config only when nbd_alloc_config() succeeds to ensure
the value of nbd->config is binary (valid or NULL).
Also adding a debug message to check the reference counter
of nbd_config during module removal.
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-3-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index f3425e51a54b..ef355f14ed2c 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1457,15 +1457,20 @@ static struct nbd_config *nbd_alloc_config(void)
{
struct nbd_config *config;
+ if (!try_module_get(THIS_MODULE))
+ return ERR_PTR(-ENODEV);
+
config = kzalloc(sizeof(struct nbd_config), GFP_NOFS);
- if (!config)
- return NULL;
+ if (!config) {
+ module_put(THIS_MODULE);
+ return ERR_PTR(-ENOMEM);
+ }
+
atomic_set(&config->recv_threads, 0);
init_waitqueue_head(&config->recv_wq);
init_waitqueue_head(&config->conn_wait);
config->blksize = NBD_DEF_BLKSIZE;
atomic_set(&config->live_connections, 0);
- try_module_get(THIS_MODULE);
return config;
}
@@ -1492,12 +1497,13 @@ static int nbd_open(struct block_device *bdev, fmode_t mode)
mutex_unlock(&nbd->config_lock);
goto out;
}
- config = nbd->config = nbd_alloc_config();
- if (!config) {
- ret = -ENOMEM;
+ config = nbd_alloc_config();
+ if (IS_ERR(config)) {
+ ret = PTR_ERR(config);
mutex_unlock(&nbd->config_lock);
goto out;
}
+ nbd->config = config;
refcount_set(&nbd->config_refs, 1);
refcount_inc(&nbd->refs);
mutex_unlock(&nbd->config_lock);
@@ -1919,13 +1925,14 @@ static int nbd_genl_connect(struct sk_buff *skb, struct genl_info *info)
nbd_put(nbd);
return -EINVAL;
}
- config = nbd->config = nbd_alloc_config();
- if (!nbd->config) {
+ config = nbd_alloc_config();
+ if (IS_ERR(config)) {
mutex_unlock(&nbd->config_lock);
nbd_put(nbd);
printk(KERN_ERR "nbd: couldn't allocate config\n");
- return -ENOMEM;
+ return PTR_ERR(config);
}
+ nbd->config = config;
refcount_set(&nbd->config_refs, 1);
set_bit(NBD_RT_BOUND, &config->runtime_flags);
@@ -2461,6 +2468,9 @@ static void __exit nbd_cleanup(void)
while (!list_empty(&del_list)) {
nbd = list_first_entry(&del_list, struct nbd_device, list);
list_del_init(&nbd->list);
+ if (refcount_read(&nbd->config_refs))
+ printk(KERN_ERR "nbd: possibly leaking nbd_config (ref %d)\n",
+ refcount_read(&nbd->config_refs));
if (refcount_read(&nbd->refs) != 1)
printk(KERN_ERR "nbd: possibly leaking a device\n");
nbd_put(nbd);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 394/411] nbd: fix io hung while disconnecting device
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 393/411] nbd: fix race between nbd_alloc_config() and module removal Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 395/411] s390/gmap: voluntarily schedule during key setting Greg Kroah-Hartman
` (21 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Kuai, Josef Bacik, Jens Axboe,
Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 09dadb5985023e27d4740ebd17e6fea4640110e5 ]
In our tests, "qemu-nbd" triggers a io hung:
INFO: task qemu-nbd:11445 blocked for more than 368 seconds.
Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x480/0x1050
? _raw_spin_lock_irqsave+0x3e/0xb0
schedule+0x9c/0x1b0
blk_mq_freeze_queue_wait+0x9d/0xf0
? ipi_rseq+0x70/0x70
blk_mq_freeze_queue+0x2b/0x40
nbd_add_socket+0x6b/0x270 [nbd]
nbd_ioctl+0x383/0x510 [nbd]
blkdev_ioctl+0x18e/0x3e0
__x64_sys_ioctl+0xac/0x120
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd8ff706577
RSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577
RDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f
RBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0
R10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d
R13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0
"qemu-ndb -d" will call ioctl 'NBD_DISCONNECT' first, however, following
message was found:
block nbd0: Send disconnect failed -32
Which indicate that something is wrong with the server. Then,
"qemu-nbd -d" will call ioctl 'NBD_CLEAR_SOCK', however ioctl can't clear
requests after commit 2516ab1543fd("nbd: only clear the queue on device
teardown"). And in the meantime, request can't complete through timeout
because nbd_xmit_timeout() will always return 'BLK_EH_RESET_TIMER', which
means such request will never be completed in this situation.
Now that the flag 'NBD_CMD_INFLIGHT' can make sure requests won't
complete multiple times, switch back to call nbd_clear_sock() in
nbd_clear_sock_ioctl(), so that inflight requests can be cleared.
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-5-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index ef355f14ed2c..09323b0510f0 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1344,7 +1344,7 @@ static int nbd_start_device_ioctl(struct nbd_device *nbd, struct block_device *b
static void nbd_clear_sock_ioctl(struct nbd_device *nbd,
struct block_device *bdev)
{
- sock_shutdown(nbd);
+ nbd_clear_sock(nbd);
__invalidate_device(bdev, true);
nbd_bdev_reset(bdev);
if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 395/411] s390/gmap: voluntarily schedule during key setting
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 394/411] nbd: fix io hung while disconnecting device Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 396/411] cifs: version operations for smb20 unneeded when legacy support disabled Greg Kroah-Hartman
` (20 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Borntraeger,
Alexander Gordeev, Claudio Imbrenda, Heiko Carstens, Sasha Levin
From: Christian Borntraeger <borntraeger@linux.ibm.com>
[ Upstream commit 6d5946274df1fff539a7eece458a43be733d1db8 ]
With large and many guest with storage keys it is possible to create
large latencies or stalls during initial key setting:
rcu: INFO: rcu_sched self-detected stall on CPU
rcu: 18-....: (2099 ticks this GP) idle=54e/1/0x4000000000000002 softirq=35598716/35598716 fqs=998
(t=2100 jiffies g=155867385 q=20879)
Task dump for CPU 18:
CPU 1/KVM R running task 0 1030947 256019 0x06000004
Call Trace:
sched_show_task
rcu_dump_cpu_stacks
rcu_sched_clock_irq
update_process_times
tick_sched_handle
tick_sched_timer
__hrtimer_run_queues
hrtimer_interrupt
do_IRQ
ext_int_handler
ptep_zap_key
The mmap lock is held during the page walking but since this is a
semaphore scheduling is still possible. Same for the kvm srcu.
To minimize overhead do this on every segment table entry or large page.
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Link: https://lore.kernel.org/r/20220530092706.11637-2-borntraeger@linux.ibm.com
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/mm/gmap.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c
index 5e5a4e1f0e6c..19ee8355b2a7 100644
--- a/arch/s390/mm/gmap.c
+++ b/arch/s390/mm/gmap.c
@@ -2579,6 +2579,18 @@ static int __s390_enable_skey_pte(pte_t *pte, unsigned long addr,
return 0;
}
+/*
+ * Give a chance to schedule after setting a key to 256 pages.
+ * We only hold the mm lock, which is a rwsem and the kvm srcu.
+ * Both can sleep.
+ */
+static int __s390_enable_skey_pmd(pmd_t *pmd, unsigned long addr,
+ unsigned long next, struct mm_walk *walk)
+{
+ cond_resched();
+ return 0;
+}
+
static int __s390_enable_skey_hugetlb(pte_t *pte, unsigned long addr,
unsigned long hmask, unsigned long next,
struct mm_walk *walk)
@@ -2601,12 +2613,14 @@ static int __s390_enable_skey_hugetlb(pte_t *pte, unsigned long addr,
end = start + HPAGE_SIZE - 1;
__storage_key_init_range(start, end);
set_bit(PG_arch_1, &page->flags);
+ cond_resched();
return 0;
}
static const struct mm_walk_ops enable_skey_walk_ops = {
.hugetlb_entry = __s390_enable_skey_hugetlb,
.pte_entry = __s390_enable_skey_pte,
+ .pmd_entry = __s390_enable_skey_pmd,
};
int s390_enable_skey(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 396/411] cifs: version operations for smb20 unneeded when legacy support disabled
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 395/411] s390/gmap: voluntarily schedule during key setting Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 397/411] nodemask: Fix return values to be unsigned Greg Kroah-Hartman
` (19 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French, Sasha Levin
From: Steve French <stfrench@microsoft.com>
[ Upstream commit 7ef93ffccd55fb0ba000ed16ef6a81cd7dee07b5 ]
We should not be including unused smb20 specific code when legacy
support is disabled (CONFIG_CIFS_ALLOW_INSECURE_LEGACY turned
off). For example smb2_operations and smb2_values aren't used
in that case. Over time we can move more and more SMB1/CIFS and SMB2.0
code into the insecure legacy ifdefs
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/cifsglob.h | 4 +++-
fs/cifs/smb2ops.c | 7 ++++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 9c0e348cb00f..414936989255 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -1930,11 +1930,13 @@ extern mempool_t *cifs_mid_poolp;
/* Operations for different SMB versions */
#define SMB1_VERSION_STRING "1.0"
+#define SMB20_VERSION_STRING "2.0"
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
extern struct smb_version_operations smb1_operations;
extern struct smb_version_values smb1_values;
-#define SMB20_VERSION_STRING "2.0"
extern struct smb_version_operations smb20_operations;
extern struct smb_version_values smb20_values;
+#endif /* CIFS_ALLOW_INSECURE_LEGACY */
#define SMB21_VERSION_STRING "2.1"
extern struct smb_version_operations smb21_operations;
extern struct smb_version_values smb21_values;
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 7985fe25850b..57164563eec6 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3487,11 +3487,13 @@ smb3_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
}
}
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
static bool
smb2_is_read_op(__u32 oplock)
{
return oplock == SMB2_OPLOCK_LEVEL_II;
}
+#endif /* CIFS_ALLOW_INSECURE_LEGACY */
static bool
smb21_is_read_op(__u32 oplock)
@@ -4573,7 +4575,7 @@ smb2_make_node(unsigned int xid, struct inode *inode,
return rc;
}
-
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
struct smb_version_operations smb20_operations = {
.compare_fids = smb2_compare_fids,
.setup_request = smb2_setup_request,
@@ -4670,6 +4672,7 @@ struct smb_version_operations smb20_operations = {
.fiemap = smb3_fiemap,
.llseek = smb3_llseek,
};
+#endif /* CIFS_ALLOW_INSECURE_LEGACY */
struct smb_version_operations smb21_operations = {
.compare_fids = smb2_compare_fids,
@@ -4987,6 +4990,7 @@ struct smb_version_operations smb311_operations = {
.llseek = smb3_llseek,
};
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
struct smb_version_values smb20_values = {
.version_string = SMB20_VERSION_STRING,
.protocol_id = SMB20_PROT_ID,
@@ -5007,6 +5011,7 @@ struct smb_version_values smb20_values = {
.signing_required = SMB2_NEGOTIATE_SIGNING_REQUIRED,
.create_lease_size = sizeof(struct create_lease),
};
+#endif /* ALLOW_INSECURE_LEGACY */
struct smb_version_values smb21_values = {
.version_string = SMB21_VERSION_STRING,
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 397/411] nodemask: Fix return values to be unsigned
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 396/411] cifs: version operations for smb20 unneeded when legacy support disabled Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 398/411] vringh: Fix loop descriptors check in the indirect cases Greg Kroah-Hartman
` (18 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe de Dinechin,
Alexey Dobriyan, Yury Norov, Andy Shevchenko, Rasmus Villemoes,
Andrew Morton, Zhen Lei, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 0dfe54071d7c828a02917b595456bfde1afdddc9 ]
The nodemask routines had mixed return values that provided potentially
signed return values that could never happen. This was leading to the
compiler getting confusing about the range of possible return values
(it was thinking things could be negative where they could not be). Fix
all the nodemask routines that should be returning unsigned
(or bool) values. Silences:
mm/swapfile.c: In function ‘setup_swap_info’:
mm/swapfile.c:2291:47: error: array subscript -1 is below array bounds of ‘struct plist_node[]’ [-Werror=array-bounds]
2291 | p->avail_lists[i].prio = 1;
| ~~~~~~~~~~~~~~^~~
In file included from mm/swapfile.c:16:
./include/linux/swap.h:292:27: note: while referencing ‘avail_lists’
292 | struct plist_node avail_lists[]; /*
| ^~~~~~~~~~~
Reported-by: Christophe de Dinechin <dinechin@redhat.com>
Link: https://lore.kernel.org/lkml/20220414150855.2407137-3-dinechin@redhat.com/
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Yury Norov <yury.norov@gmail.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/nodemask.h | 38 +++++++++++++++++++-------------------
lib/nodemask.c | 4 ++--
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/include/linux/nodemask.h b/include/linux/nodemask.h
index 8a404dfeec42..a8d79f5b9a52 100644
--- a/include/linux/nodemask.h
+++ b/include/linux/nodemask.h
@@ -42,11 +42,11 @@
* void nodes_shift_right(dst, src, n) Shift right
* void nodes_shift_left(dst, src, n) Shift left
*
- * int first_node(mask) Number lowest set bit, or MAX_NUMNODES
- * int next_node(node, mask) Next node past 'node', or MAX_NUMNODES
- * int next_node_in(node, mask) Next node past 'node', or wrap to first,
+ * unsigned int first_node(mask) Number lowest set bit, or MAX_NUMNODES
+ * unsigend int next_node(node, mask) Next node past 'node', or MAX_NUMNODES
+ * unsigned int next_node_in(node, mask) Next node past 'node', or wrap to first,
* or MAX_NUMNODES
- * int first_unset_node(mask) First node not set in mask, or
+ * unsigned int first_unset_node(mask) First node not set in mask, or
* MAX_NUMNODES
*
* nodemask_t nodemask_of_node(node) Return nodemask with bit 'node' set
@@ -153,7 +153,7 @@ static inline void __nodes_clear(nodemask_t *dstp, unsigned int nbits)
#define node_test_and_set(node, nodemask) \
__node_test_and_set((node), &(nodemask))
-static inline int __node_test_and_set(int node, nodemask_t *addr)
+static inline bool __node_test_and_set(int node, nodemask_t *addr)
{
return test_and_set_bit(node, addr->bits);
}
@@ -200,7 +200,7 @@ static inline void __nodes_complement(nodemask_t *dstp,
#define nodes_equal(src1, src2) \
__nodes_equal(&(src1), &(src2), MAX_NUMNODES)
-static inline int __nodes_equal(const nodemask_t *src1p,
+static inline bool __nodes_equal(const nodemask_t *src1p,
const nodemask_t *src2p, unsigned int nbits)
{
return bitmap_equal(src1p->bits, src2p->bits, nbits);
@@ -208,7 +208,7 @@ static inline int __nodes_equal(const nodemask_t *src1p,
#define nodes_intersects(src1, src2) \
__nodes_intersects(&(src1), &(src2), MAX_NUMNODES)
-static inline int __nodes_intersects(const nodemask_t *src1p,
+static inline bool __nodes_intersects(const nodemask_t *src1p,
const nodemask_t *src2p, unsigned int nbits)
{
return bitmap_intersects(src1p->bits, src2p->bits, nbits);
@@ -216,20 +216,20 @@ static inline int __nodes_intersects(const nodemask_t *src1p,
#define nodes_subset(src1, src2) \
__nodes_subset(&(src1), &(src2), MAX_NUMNODES)
-static inline int __nodes_subset(const nodemask_t *src1p,
+static inline bool __nodes_subset(const nodemask_t *src1p,
const nodemask_t *src2p, unsigned int nbits)
{
return bitmap_subset(src1p->bits, src2p->bits, nbits);
}
#define nodes_empty(src) __nodes_empty(&(src), MAX_NUMNODES)
-static inline int __nodes_empty(const nodemask_t *srcp, unsigned int nbits)
+static inline bool __nodes_empty(const nodemask_t *srcp, unsigned int nbits)
{
return bitmap_empty(srcp->bits, nbits);
}
#define nodes_full(nodemask) __nodes_full(&(nodemask), MAX_NUMNODES)
-static inline int __nodes_full(const nodemask_t *srcp, unsigned int nbits)
+static inline bool __nodes_full(const nodemask_t *srcp, unsigned int nbits)
{
return bitmap_full(srcp->bits, nbits);
}
@@ -260,15 +260,15 @@ static inline void __nodes_shift_left(nodemask_t *dstp,
> MAX_NUMNODES, then the silly min_ts could be dropped. */
#define first_node(src) __first_node(&(src))
-static inline int __first_node(const nodemask_t *srcp)
+static inline unsigned int __first_node(const nodemask_t *srcp)
{
- return min_t(int, MAX_NUMNODES, find_first_bit(srcp->bits, MAX_NUMNODES));
+ return min_t(unsigned int, MAX_NUMNODES, find_first_bit(srcp->bits, MAX_NUMNODES));
}
#define next_node(n, src) __next_node((n), &(src))
-static inline int __next_node(int n, const nodemask_t *srcp)
+static inline unsigned int __next_node(int n, const nodemask_t *srcp)
{
- return min_t(int,MAX_NUMNODES,find_next_bit(srcp->bits, MAX_NUMNODES, n+1));
+ return min_t(unsigned int, MAX_NUMNODES, find_next_bit(srcp->bits, MAX_NUMNODES, n+1));
}
/*
@@ -276,7 +276,7 @@ static inline int __next_node(int n, const nodemask_t *srcp)
* the first node in src if needed. Returns MAX_NUMNODES if src is empty.
*/
#define next_node_in(n, src) __next_node_in((n), &(src))
-int __next_node_in(int node, const nodemask_t *srcp);
+unsigned int __next_node_in(int node, const nodemask_t *srcp);
static inline void init_nodemask_of_node(nodemask_t *mask, int node)
{
@@ -296,9 +296,9 @@ static inline void init_nodemask_of_node(nodemask_t *mask, int node)
})
#define first_unset_node(mask) __first_unset_node(&(mask))
-static inline int __first_unset_node(const nodemask_t *maskp)
+static inline unsigned int __first_unset_node(const nodemask_t *maskp)
{
- return min_t(int,MAX_NUMNODES,
+ return min_t(unsigned int, MAX_NUMNODES,
find_first_zero_bit(maskp->bits, MAX_NUMNODES));
}
@@ -434,11 +434,11 @@ static inline int num_node_state(enum node_states state)
#define first_online_node first_node(node_states[N_ONLINE])
#define first_memory_node first_node(node_states[N_MEMORY])
-static inline int next_online_node(int nid)
+static inline unsigned int next_online_node(int nid)
{
return next_node(nid, node_states[N_ONLINE]);
}
-static inline int next_memory_node(int nid)
+static inline unsigned int next_memory_node(int nid)
{
return next_node(nid, node_states[N_MEMORY]);
}
diff --git a/lib/nodemask.c b/lib/nodemask.c
index 3aa454c54c0d..e22647f5181b 100644
--- a/lib/nodemask.c
+++ b/lib/nodemask.c
@@ -3,9 +3,9 @@
#include <linux/module.h>
#include <linux/random.h>
-int __next_node_in(int node, const nodemask_t *srcp)
+unsigned int __next_node_in(int node, const nodemask_t *srcp)
{
- int ret = __next_node(node, srcp);
+ unsigned int ret = __next_node(node, srcp);
if (ret == MAX_NUMNODES)
ret = __first_node(srcp);
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 398/411] vringh: Fix loop descriptors check in the indirect cases
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 397/411] nodemask: Fix return values to be unsigned Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 399/411] scripts/gdb: change kernel config dumping method Greg Kroah-Hartman
` (17 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xie Yongji, Fam Zheng,
Michael S. Tsirkin, Jason Wang, Sasha Levin
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit dbd29e0752286af74243cf891accf472b2f3edd8 ]
We should use size of descriptor chain to test loop condition
in the indirect case. And another statistical count is also introduced
for indirect descriptors to avoid conflict with the statistical count
of direct descriptors.
Fixes: f87d0fbb5798 ("vringh: host-side implementation of virtio rings.")
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Signed-off-by: Fam Zheng <fam.zheng@bytedance.com>
Message-Id: <20220505100910.137-1-xieyongji@bytedance.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vhost/vringh.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 4653de001e26..264cbe385a63 100644
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -264,7 +264,7 @@ __vringh_iov(struct vringh *vrh, u16 i,
gfp_t gfp,
int (*copy)(void *dst, const void *src, size_t len))
{
- int err, count = 0, up_next, desc_max;
+ int err, count = 0, indirect_count = 0, up_next, desc_max;
struct vring_desc desc, *descs;
struct vringh_range range = { -1ULL, 0 }, slowrange;
bool slow = false;
@@ -321,7 +321,12 @@ __vringh_iov(struct vringh *vrh, u16 i,
continue;
}
- if (count++ == vrh->vring.num) {
+ if (up_next == -1)
+ count++;
+ else
+ indirect_count++;
+
+ if (count > vrh->vring.num || indirect_count > desc_max) {
vringh_bad("Descriptor loop in %p", descs);
err = -ELOOP;
goto fail;
@@ -383,6 +388,7 @@ __vringh_iov(struct vringh *vrh, u16 i,
i = return_from_indirect(vrh, &up_next,
&descs, &desc_max);
slow = false;
+ indirect_count = 0;
} else
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 399/411] scripts/gdb: change kernel config dumping method
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 398/411] vringh: Fix loop descriptors check in the indirect cases Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 400/411] ALSA: hda/conexant - Fix loopback issue with CX20632 Greg Kroah-Hartman
` (16 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuan-Ying Lee, Masahiro Yamada, Sasha Levin
From: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
[ Upstream commit 1f7a6cf6b07c74a17343c2559cd5f5018a245961 ]
MAGIC_START("IKCFG_ST") and MAGIC_END("IKCFG_ED") are moved out
from the kernel_config_data variable.
Thus, we parse kernel_config_data directly instead of considering
offset of MAGIC_START and MAGIC_END.
Fixes: 13610aa908dc ("kernel/configs: use .incbin directive to embed config_data.gz")
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/gdb/linux/config.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/gdb/linux/config.py b/scripts/gdb/linux/config.py
index 90e1565b1967..8843ab3cbadd 100644
--- a/scripts/gdb/linux/config.py
+++ b/scripts/gdb/linux/config.py
@@ -24,9 +24,9 @@ class LxConfigDump(gdb.Command):
filename = arg
try:
- py_config_ptr = gdb.parse_and_eval("kernel_config_data + 8")
- py_config_size = gdb.parse_and_eval(
- "sizeof(kernel_config_data) - 1 - 8 * 2")
+ py_config_ptr = gdb.parse_and_eval("&kernel_config_data")
+ py_config_ptr_end = gdb.parse_and_eval("&kernel_config_data_end")
+ py_config_size = py_config_ptr_end - py_config_ptr
except gdb.error as e:
raise gdb.GdbError("Can't find config, enable CONFIG_IKCONFIG?")
--
2.35.1
^ permalink raw reply related [flat|nested] 417+ messages in thread
* [PATCH 5.4 400/411] ALSA: hda/conexant - Fix loopback issue with CX20632
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 399/411] scripts/gdb: change kernel config dumping method Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 401/411] cifs: return errors during session setup during reconnects Greg Kroah-Hartman
` (15 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, huangwenhui, Takashi Iwai
From: huangwenhui <huangwenhuia@uniontech.com>
commit d5ea7544c32ba27c2c5826248e4ff58bd50a2518 upstream.
On a machine with CX20632, Alsamixer doesn't have 'Loopback
Mixing' and 'Line'.
Signed-off-by: huangwenhui <huangwenhuia@uniontech.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220607065631.10708-1-huangwenhuia@uniontech.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_conexant.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -1012,6 +1012,13 @@ static int patch_conexant_auto(struct hd
snd_hda_pick_fixup(codec, cxt5051_fixup_models,
cxt5051_fixups, cxt_fixups);
break;
+ case 0x14f15098:
+ codec->pin_amp_workaround = 1;
+ spec->gen.mixer_nid = 0x22;
+ spec->gen.add_stereo_mix_input = HDA_HINT_STEREO_MIX_AUTO;
+ snd_hda_pick_fixup(codec, cxt5066_fixup_models,
+ cxt5066_fixups, cxt_fixups);
+ break;
case 0x14f150f2:
codec->power_save_node = 1;
/* Fall through */
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 401/411] cifs: return errors during session setup during reconnects
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 400/411] ALSA: hda/conexant - Fix loopback issue with CX20632 Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 402/411] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Greg Kroah-Hartman
` (14 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shyam Prasad N, Enzo Matsumiya, Steve French
From: Shyam Prasad N <sprasad@microsoft.com>
commit 8ea21823aa584b55ba4b861307093b78054b0c1b upstream.
During reconnects, we check the return value from
cifs_negotiate_protocol, and have handlers for both success
and failures. But if that passes, and cifs_setup_session
returns any errors other than -EACCES, we do not handle
that. This fix adds a handler for that, so that we don't
go ahead and try a tree_connect on a failed session.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -356,6 +356,9 @@ smb2_reconnect(__le16 smb2_command, stru
rc = -EHOSTDOWN;
mutex_unlock(&tcon->ses->session_mutex);
goto failed;
+ } else if (rc) {
+ mutex_unlock(&ses->session_mutex);
+ goto out;
}
}
if (rc || !tcon->need_reconnect) {
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 402/411] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 401/411] cifs: return errors during session setup during reconnects Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 403/411] mmc: block: Fix CQE recovery reset success Greg Kroah-Hartman
` (13 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Damien Le Moal
From: Sergey Shtylyov <s.shtylyov@omp.ru>
commit 72aad489f992871e908ff6d9055b26c6366fb864 upstream.
The {dma|pio}_mode sysfs files are incorrectly documented as having a
list of the supported DMA/PIO transfer modes, while the corresponding
fields of the *struct* ata_device hold the transfer mode IDs, not masks.
To match these docs, the {dma|pio}_mode (and even xfer_mode!) sysfs
files are handled by the ata_bitfield_name_match() macro which leads to
reading such kind of nonsense from them:
$ cat /sys/class/ata_device/dev3.0/pio_mode
XFER_UDMA_7, XFER_UDMA_6, XFER_UDMA_5, XFER_UDMA_4, XFER_MW_DMA_4,
XFER_PIO_6, XFER_PIO_5, XFER_PIO_4, XFER_PIO_3, XFER_PIO_2, XFER_PIO_1,
XFER_PIO_0
Using the correct ata_bitfield_name_search() macro fixes that:
$ cat /sys/class/ata_device/dev3.0/pio_mode
XFER_PIO_4
While fixing the file documentation, somewhat reword the {dma|pio}_mode
file doc and add a note about being mostly useful for PATA devices to
the xfer_mode file doc...
Fixes: d9027470b886 ("[libata] Add ATA transport class")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/ABI/testing/sysfs-ata | 11 ++++++-----
drivers/ata/libata-transport.c | 2 +-
2 files changed, 7 insertions(+), 6 deletions(-)
--- a/Documentation/ABI/testing/sysfs-ata
+++ b/Documentation/ABI/testing/sysfs-ata
@@ -107,13 +107,14 @@ Description:
described in ATA8 7.16 and 7.17. Only valid if
the device is not a PM.
- pio_mode: (RO) Transfer modes supported by the device when
- in PIO mode. Mostly used by PATA device.
+ pio_mode: (RO) PIO transfer mode used by the device.
+ Mostly used by PATA devices.
- xfer_mode: (RO) Current transfer mode
+ xfer_mode: (RO) Current transfer mode. Mostly used by
+ PATA devices.
- dma_mode: (RO) Transfer modes supported by the device when
- in DMA mode. Mostly used by PATA device.
+ dma_mode: (RO) DMA transfer mode used by the device.
+ Mostly used by PATA devices.
class: (RO) Device class. Can be "ata" for disk,
"atapi" for packet device, "pmp" for PM, or
--- a/drivers/ata/libata-transport.c
+++ b/drivers/ata/libata-transport.c
@@ -196,7 +196,7 @@ static struct {
{ XFER_PIO_0, "XFER_PIO_0" },
{ XFER_PIO_SLOW, "XFER_PIO_SLOW" }
};
-ata_bitfield_name_match(xfer,ata_xfer_names)
+ata_bitfield_name_search(xfer, ata_xfer_names)
/*
* ATA Port attributes
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 403/411] mmc: block: Fix CQE recovery reset success
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 402/411] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 404/411] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
` (12 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Ulf Hansson
From: Adrian Hunter <adrian.hunter@intel.com>
commit a051246b786af7e4a9d9219cc7038a6e8a411531 upstream.
The intention of the use of mmc_blk_reset_success() in
mmc_blk_cqe_recovery() was to prevent repeated resets when retrying and
getting the same error. However, that may not be the case - any amount
of time and I/O may pass before another recovery is needed, in which
case there would be no reason to deny it the opportunity to recover via
a reset if necessary. CQE recovery is expected seldom and failure to
recover (if the clear tasks command fails), even more seldom, so it is
better to allow the reset always, which can be done by calling
mmc_blk_reset_success() always.
Fixes: 1e8e55b67030c6 ("mmc: block: Add CQE support")
Cc: stable@vger.kernel.org
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20220531171922.76080-1-adrian.hunter@intel.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/block.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -1492,8 +1492,7 @@ void mmc_blk_cqe_recovery(struct mmc_que
err = mmc_cqe_recovery(host);
if (err)
mmc_blk_reset(mq->blkdata, host, MMC_BLK_CQE_RECOVERY);
- else
- mmc_blk_reset_success(mq->blkdata, MMC_BLK_CQE_RECOVERY);
+ mmc_blk_reset_success(mq->blkdata, MMC_BLK_CQE_RECOVERY);
pr_debug("%s: CQE recovery done\n", mmc_hostname(host));
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 404/411] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 403/411] mmc: block: Fix CQE recovery reset success Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 405/411] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Greg Kroah-Hartman
` (11 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Faltesek, Guenter Roeck,
Krzysztof Kozlowski, Jakub Kicinski
From: Martin Faltesek <mfaltesek@google.com>
commit 77e5fe8f176a525523ae091d6fd0fbb8834c156d upstream.
The first validation check for EVT_TRANSACTION has two different checks
tied together with logical AND. One is a check for minimum packet length,
and the other is for a valid aid_tag. If either condition is true (fails),
then an error should be triggered. The fix is to change && to ||.
Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support")
Cc: stable@vger.kernel.org
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/st21nfca/se.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -319,7 +319,7 @@ int st21nfca_connectivity_event_received
* AID 81 5 to 16
* PARAMETERS 82 0 to 255
*/
- if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
+ if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
return -EPROTO;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 405/411] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 404/411] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 406/411] ixgbe: fix bcast packets Rx on VF after promisc removal Greg Kroah-Hartman
` (10 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Faltesek, Guenter Roeck,
Krzysztof Kozlowski, Jakub Kicinski
From: Martin Faltesek <mfaltesek@google.com>
commit 996419e0594abb311fb958553809f24f38e7abbe upstream.
Error paths do not free previously allocated memory. Add devm_kfree() to
those failure paths.
Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support")
Fixes: 4fbcc1a4cb20 ("nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION")
Cc: stable@vger.kernel.org
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/st21nfca/se.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -331,22 +331,29 @@ int st21nfca_connectivity_event_received
transaction->aid_len = skb->data[1];
/* Checking if the length of the AID is valid */
- if (transaction->aid_len > sizeof(transaction->aid))
+ if (transaction->aid_len > sizeof(transaction->aid)) {
+ devm_kfree(dev, transaction);
return -EINVAL;
+ }
memcpy(transaction->aid, &skb->data[2],
transaction->aid_len);
/* Check next byte is PARAMETERS tag (82) */
if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG)
+ NFC_EVT_TRANSACTION_PARAMS_TAG) {
+ devm_kfree(dev, transaction);
return -EPROTO;
+ }
transaction->params_len = skb->data[transaction->aid_len + 3];
/* Total size is allocated (skb->len - 2) minus fixed array members */
- if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction)))
+ if (transaction->params_len > ((skb->len - 2) -
+ sizeof(struct nfc_evt_transaction))) {
+ devm_kfree(dev, transaction);
return -EINVAL;
+ }
memcpy(transaction->params, skb->data +
transaction->aid_len + 4, transaction->params_len);
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 406/411] ixgbe: fix bcast packets Rx on VF after promisc removal
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 405/411] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 407/411] ixgbe: fix unexpected VLAN Rx in promisc mode on VF Greg Kroah-Hartman
` (9 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dichtel, Olivier Matz,
Konrad Jankowski, Tony Nguyen
From: Olivier Matz <olivier.matz@6wind.com>
commit 803e9895ea2b0fe80bc85980ae2d7a7e44037914 upstream.
After a VF requested to remove the promiscuous flag on an interface, the
broadcast packets are not received anymore. This breaks some protocols
like ARP.
In ixgbe_update_vf_xcast_mode(), we should keep the IXGBE_VMOLR_BAM
bit (Broadcast Accept) on promiscuous removal.
This flag is already set by default in ixgbe_set_vmolr() on VF reset.
Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode")
Cc: stable@vger.kernel.org
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1157,9 +1157,9 @@ static int ixgbe_update_vf_xcast_mode(st
switch (xcast_mode) {
case IXGBEVF_XCAST_MODE_NONE:
- disable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE |
+ disable = IXGBE_VMOLR_ROMPE |
IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE;
- enable = 0;
+ enable = IXGBE_VMOLR_BAM;
break;
case IXGBEVF_XCAST_MODE_MULTI:
disable = IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 407/411] ixgbe: fix unexpected VLAN Rx in promisc mode on VF
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 406/411] ixgbe: fix bcast packets Rx on VF after promisc removal Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 408/411] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Greg Kroah-Hartman
` (8 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dichtel, Olivier Matz,
Konrad Jankowski, Tony Nguyen
From: Olivier Matz <olivier.matz@6wind.com>
commit 7bb0fb7c63df95d6027dc50d6af3bc3bbbc25483 upstream.
When the promiscuous mode is enabled on a VF, the IXGBE_VMOLR_VPE
bit (VLAN Promiscuous Enable) is set. This means that the VF will
receive packets whose VLAN is not the same than the VLAN of the VF.
For instance, in this situation:
┌────────┐ ┌────────┐ ┌────────┐
│ │ │ │ │ │
│ │ │ │ │ │
│ VF0├────┤VF1 VF2├────┤VF3 │
│ │ │ │ │ │
└────────┘ └────────┘ └────────┘
VM1 VM2 VM3
vf 0: vlan 1000
vf 1: vlan 1000
vf 2: vlan 1001
vf 3: vlan 1001
If we tcpdump on VF3, we see all the packets, even those transmitted
on vlan 1000.
This behavior prevents to bridge VF1 and VF2 in VM2, because it will
create a loop: packets transmitted on VF1 will be received by VF2 and
vice-versa, and bridged again through the software bridge.
This patch remove the activation of VLAN Promiscuous when a VF enables
the promiscuous mode. However, the IXGBE_VMOLR_UPE bit (Unicast
Promiscuous) is kept, so that a VF receives all packets that has the
same VLAN, whatever the destination MAC address.
Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode")
Cc: stable@vger.kernel.org
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1181,9 +1181,9 @@ static int ixgbe_update_vf_xcast_mode(st
return -EPERM;
}
- disable = 0;
+ disable = IXGBE_VMOLR_VPE;
enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE |
- IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE;
+ IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE;
break;
default:
return -EOPNOTSUPP;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 408/411] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 407/411] ixgbe: fix unexpected VLAN Rx in promisc mode on VF Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 409/411] powerpc/32: Fix overread/overwrite of thread_struct via ptrace Greg Kroah-Hartman
` (7 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Dmitry Torokhov
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit c42e65664390be7c1ef3838cd84956d3a2739d60 upstream.
The bcm5974 driver does the allocation and dma mapping of the usb urb
data buffer, but driver does not set the URB_NO_TRANSFER_DMA_MAP flag
to let usb core know the buffer is already mapped.
usb core tries to map the already mapped buffer, causing a warning:
"xhci_hcd 0000:00:14.0: rejecting DMA map of vmalloc memory"
Fix this by setting the URB_NO_TRANSFER_DMA_MAP, letting usb core
know buffer is already mapped by bcm5974 driver
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215890
Link: https://lore.kernel.org/r/20220606113636.588955-1-mathias.nyman@linux.intel.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/bcm5974.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/input/mouse/bcm5974.c
+++ b/drivers/input/mouse/bcm5974.c
@@ -942,17 +942,22 @@ static int bcm5974_probe(struct usb_inte
if (!dev->tp_data)
goto err_free_bt_buffer;
- if (dev->bt_urb)
+ if (dev->bt_urb) {
usb_fill_int_urb(dev->bt_urb, udev,
usb_rcvintpipe(udev, cfg->bt_ep),
dev->bt_data, dev->cfg.bt_datalen,
bcm5974_irq_button, dev, 1);
+ dev->bt_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+ }
+
usb_fill_int_urb(dev->tp_urb, udev,
usb_rcvintpipe(udev, cfg->tp_ep),
dev->tp_data, dev->cfg.tp_datalen,
bcm5974_irq_trackpad, dev, 1);
+ dev->tp_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+
/* create bcm5974 device */
usb_make_path(udev, dev->phys, sizeof(dev->phys));
strlcat(dev->phys, "/input0", sizeof(dev->phys));
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 409/411] powerpc/32: Fix overread/overwrite of thread_struct via ptrace
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (407 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 408/411] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 410/411] md/raid0: Ignore RAID0 layout if the second zone has only one device Greg Kroah-Hartman
` (6 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ariel Miculas, Christophe Leroy,
Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 upstream.
The ptrace PEEKUSR/POKEUSR (aka PEEKUSER/POKEUSER) API allows a process
to read/write registers of another process.
To get/set a register, the API takes an index into an imaginary address
space called the "USER area", where the registers of the process are
laid out in some fashion.
The kernel then maps that index to a particular register in its own data
structures and gets/sets the value.
The API only allows a single machine-word to be read/written at a time.
So 4 bytes on 32-bit kernels and 8 bytes on 64-bit kernels.
The way floating point registers (FPRs) are addressed is somewhat
complicated, because double precision float values are 64-bit even on
32-bit CPUs. That means on 32-bit kernels each FPR occupies two
word-sized locations in the USER area. On 64-bit kernels each FPR
occupies one word-sized location in the USER area.
Internally the kernel stores the FPRs in an array of u64s, or if VSX is
enabled, an array of pairs of u64s where one half of each pair stores
the FPR. Which half of the pair stores the FPR depends on the kernel's
endianness.
To handle the different layouts of the FPRs depending on VSX/no-VSX and
big/little endian, the TS_FPR() macro was introduced.
Unfortunately the TS_FPR() macro does not take into account the fact
that the addressing of each FPR differs between 32-bit and 64-bit
kernels. It just takes the index into the "USER area" passed from
userspace and indexes into the fp_state.fpr array.
On 32-bit there are 64 indexes that address FPRs, but only 32 entries in
the fp_state.fpr array, meaning the user can read/write 256 bytes past
the end of the array. Because the fp_state sits in the middle of the
thread_struct there are various fields than can be overwritten,
including some pointers. As such it may be exploitable.
It has also been observed to cause systems to hang or otherwise
misbehave when using gdbserver, and is probably the root cause of this
report which could not be easily reproduced:
https://lore.kernel.org/linuxppc-dev/dc38afe9-6b78-f3f5-666b-986939e40fc6@keymile.com/
Rather than trying to make the TS_FPR() macro even more complicated to
fix the bug, or add more macros, instead add a special-case for 32-bit
kernels. This is more obvious and hopefully avoids a similar bug
happening again in future.
Note that because 32-bit kernels never have VSX enabled the code doesn't
need to consider TS_FPRWIDTH/OFFSET at all. Add a BUILD_BUG_ON() to
ensure that 32-bit && VSX is never enabled.
Fixes: 87fec0514f61 ("powerpc: PTRACE_PEEKUSR/PTRACE_POKEUSER of FPR registers in little endian builds")
Cc: stable@vger.kernel.org # v3.13+
Reported-by: Ariel Miculas <ariel.miculas@belden.com>
Tested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220609133245.573565-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/ptrace.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -3014,8 +3014,13 @@ long arch_ptrace(struct task_struct *chi
flush_fp_to_thread(child);
if (fpidx < (PT_FPSCR - PT_FPR0))
- memcpy(&tmp, &child->thread.TS_FPR(fpidx),
- sizeof(long));
+ if (IS_ENABLED(CONFIG_PPC32)) {
+ // On 32-bit the index we are passed refers to 32-bit words
+ tmp = ((u32 *)child->thread.fp_state.fpr)[fpidx];
+ } else {
+ memcpy(&tmp, &child->thread.TS_FPR(fpidx),
+ sizeof(long));
+ }
else
tmp = child->thread.fp_state.fpscr;
}
@@ -3047,8 +3052,13 @@ long arch_ptrace(struct task_struct *chi
flush_fp_to_thread(child);
if (fpidx < (PT_FPSCR - PT_FPR0))
- memcpy(&child->thread.TS_FPR(fpidx), &data,
- sizeof(long));
+ if (IS_ENABLED(CONFIG_PPC32)) {
+ // On 32-bit the index we are passed refers to 32-bit words
+ ((u32 *)child->thread.fp_state.fpr)[fpidx] = data;
+ } else {
+ memcpy(&child->thread.TS_FPR(fpidx), &data,
+ sizeof(long));
+ }
else
child->thread.fp_state.fpscr = data;
ret = 0;
@@ -3398,4 +3408,7 @@ void __init pt_regs_check(void)
offsetof(struct user_pt_regs, result));
BUILD_BUG_ON(sizeof(struct user_pt_regs) > sizeof(struct pt_regs));
+
+ // ptrace_get/put_fpr() rely on PPC32 and VSX being incompatible
+ BUILD_BUG_ON(IS_ENABLED(CONFIG_PPC32) && IS_ENABLED(CONFIG_VSX));
}
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 410/411] md/raid0: Ignore RAID0 layout if the second zone has only one device
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (408 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 409/411] powerpc/32: Fix overread/overwrite of thread_struct via ptrace Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 411/411] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N Greg Kroah-Hartman
` (5 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Pascal Hambourg, Song Liu
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
commit ea23994edc4169bd90d7a9b5908c6ccefd82fa40 upstream.
The RAID0 layout is irrelevant if all members have the same size so the
array has only one zone. It is *also* irrelevant if the array has two
zones and the second zone has only one device, for example if the array
has two members of different sizes.
So in that case it makes sense to allow assembly even when the layout is
undefined, like what is done when the array has only one zone.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Pascal Hambourg <pascal@plouf.fr.eu.org>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid0.c | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -143,21 +143,6 @@ static int create_strip_zones(struct mdd
pr_debug("md/raid0:%s: FINAL %d zones\n",
mdname(mddev), conf->nr_strip_zones);
- if (conf->nr_strip_zones == 1) {
- conf->layout = RAID0_ORIG_LAYOUT;
- } else if (mddev->layout == RAID0_ORIG_LAYOUT ||
- mddev->layout == RAID0_ALT_MULTIZONE_LAYOUT) {
- conf->layout = mddev->layout;
- } else if (default_layout == RAID0_ORIG_LAYOUT ||
- default_layout == RAID0_ALT_MULTIZONE_LAYOUT) {
- conf->layout = default_layout;
- } else {
- pr_err("md/raid0:%s: cannot assemble multi-zone RAID0 with default_layout setting\n",
- mdname(mddev));
- pr_err("md/raid0: please set raid0.default_layout to 1 or 2\n");
- err = -ENOTSUPP;
- goto abort;
- }
/*
* now since we have the hard sector sizes, we can make sure
* chunk size is a multiple of that sector size
@@ -288,6 +273,22 @@ static int create_strip_zones(struct mdd
(unsigned long long)smallest->sectors);
}
+ if (conf->nr_strip_zones == 1 || conf->strip_zone[1].nb_dev == 1) {
+ conf->layout = RAID0_ORIG_LAYOUT;
+ } else if (mddev->layout == RAID0_ORIG_LAYOUT ||
+ mddev->layout == RAID0_ALT_MULTIZONE_LAYOUT) {
+ conf->layout = mddev->layout;
+ } else if (default_layout == RAID0_ORIG_LAYOUT ||
+ default_layout == RAID0_ALT_MULTIZONE_LAYOUT) {
+ conf->layout = default_layout;
+ } else {
+ pr_err("md/raid0:%s: cannot assemble multi-zone RAID0 with default_layout setting\n",
+ mdname(mddev));
+ pr_err("md/raid0: please set raid0.default_layout to 1 or 2\n");
+ err = -EOPNOTSUPP;
+ goto abort;
+ }
+
pr_debug("md/raid0:%s: done.\n", mdname(mddev));
*private_conf = conf;
^ permalink raw reply [flat|nested] 417+ messages in thread
* [PATCH 5.4 411/411] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (409 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 410/411] md/raid0: Ignore RAID0 layout if the second zone has only one device Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 18:17 ` [PATCH 5.4 000/411] 5.4.198-rc1 review Florian Fainelli
` (4 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tokunori Ikegami,
Vignesh Raghavendra, Miquel Raynal
From: Tokunori Ikegami <ikegami.t@gmail.com>
commit 0a8e98305f63deaf0a799d5cf5532cc83af035d1 upstream.
Since commit dfeae1073583("mtd: cfi_cmdset_0002: Change write buffer to
check correct value") buffered writes fail on S29GL064N. This is
because, on S29GL064N, reads return 0xFF at the end of DQ polling for
write completion, where as, chip_good() check expects actual data
written to the last location to be returned post DQ polling completion.
Fix is to revert to using chip_good() for S29GL064N which only checks
for DQ lines to settle down to determine write completion.
Link: https://lore.kernel.org/r/b687c259-6413-26c9-d4c9-b3afa69ea124@pengutronix.de/
Fixes: dfeae1073583("mtd: cfi_cmdset_0002: Change write buffer to check correct value")
Cc: stable@vger.kernel.org
Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
Acked-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220323170458.5608-3-ikegami.t@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/chips/cfi_cmdset_0002.c | 42 +++++++++++++++++++++++++++++-------
include/linux/mtd/cfi.h | 1
2 files changed, 35 insertions(+), 8 deletions(-)
--- a/drivers/mtd/chips/cfi_cmdset_0002.c
+++ b/drivers/mtd/chips/cfi_cmdset_0002.c
@@ -59,6 +59,10 @@
#define CFI_SR_WBASB BIT(3)
#define CFI_SR_SLSB BIT(1)
+enum cfi_quirks {
+ CFI_QUIRK_DQ_TRUE_DATA = BIT(0),
+};
+
static int cfi_amdstd_read (struct mtd_info *, loff_t, size_t, size_t *, u_char *);
static int cfi_amdstd_write_words(struct mtd_info *, loff_t, size_t, size_t *, const u_char *);
#if !FORCE_WORD_WRITE
@@ -432,6 +436,15 @@ static void fixup_s29ns512p_sectors(stru
mtd->name);
}
+static void fixup_quirks(struct mtd_info *mtd)
+{
+ struct map_info *map = mtd->priv;
+ struct cfi_private *cfi = map->fldrv_priv;
+
+ if (cfi->mfr == CFI_MFR_AMD && cfi->id == 0x0c01)
+ cfi->quirks |= CFI_QUIRK_DQ_TRUE_DATA;
+}
+
/* Used to fix CFI-Tables of chips without Extended Query Tables */
static struct cfi_fixup cfi_nopri_fixup_table[] = {
{ CFI_MFR_SST, 0x234a, fixup_sst39vf }, /* SST39VF1602 */
@@ -470,6 +483,7 @@ static struct cfi_fixup cfi_fixup_table[
#if !FORCE_WORD_WRITE
{ CFI_MFR_ANY, CFI_ID_ANY, fixup_use_write_buffers },
#endif
+ { CFI_MFR_ANY, CFI_ID_ANY, fixup_quirks },
{ 0, 0, NULL }
};
static struct cfi_fixup jedec_fixup_table[] = {
@@ -842,6 +856,18 @@ static int __xipram chip_ready(struct ma
return map_word_equal(map, t, *expected);
}
+static int __xipram chip_good(struct map_info *map, struct flchip *chip,
+ unsigned long addr, map_word *expected)
+{
+ struct cfi_private *cfi = map->fldrv_priv;
+ map_word *datum = expected;
+
+ if (cfi->quirks & CFI_QUIRK_DQ_TRUE_DATA)
+ datum = NULL;
+
+ return chip_ready(map, chip, addr, datum);
+}
+
static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr, int mode)
{
DECLARE_WAITQUEUE(wait, current);
@@ -1658,11 +1684,11 @@ static int __xipram do_write_oneword_onc
}
/*
- * We check "time_after" and "!chip_ready" before checking
- * "chip_ready" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_good" before checking
+ * "chip_good" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_ready(map, chip, adr, &datum)) {
+ !chip_good(map, chip, adr, &datum)) {
xip_enable(map, chip, adr);
printk(KERN_WARNING "MTD %s(): software timeout\n", __func__);
xip_disable(map, chip, adr);
@@ -1670,7 +1696,7 @@ static int __xipram do_write_oneword_onc
break;
}
- if (chip_ready(map, chip, adr, &datum)) {
+ if (chip_good(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -1938,18 +1964,18 @@ static int __xipram do_write_buffer_wait
}
/*
- * We check "time_after" and "!chip_ready" before checking
- * "chip_ready" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_good" before checking
+ * "chip_good" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_ready(map, chip, adr, &datum)) {
+ !chip_good(map, chip, adr, &datum)) {
pr_err("MTD %s(): software timeout, address:0x%.8lx.\n",
__func__, adr);
ret = -EIO;
break;
}
- if (chip_ready(map, chip, adr, &datum)) {
+ if (chip_good(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
--- a/include/linux/mtd/cfi.h
+++ b/include/linux/mtd/cfi.h
@@ -286,6 +286,7 @@ struct cfi_private {
map_word sector_erase_cmd;
unsigned long chipshift; /* Because they're of the same type */
const char *im_name; /* inter_module name for cmdset_setup */
+ unsigned long quirks;
struct flchip chips[0]; /* per-chip data structure for each chip */
};
^ permalink raw reply [flat|nested] 417+ messages in thread
* Re: [PATCH 5.4 000/411] 5.4.198-rc1 review
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (410 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.4 411/411] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N Greg Kroah-Hartman
@ 2022-06-13 18:17 ` Florian Fainelli
2022-06-13 23:57 ` Guenter Roeck
` (3 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Florian Fainelli @ 2022-06-13 18:17 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, sudipm.mukherjee, slade
On 6/13/22 03:04, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.198 release.
> There are 411 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.198-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels:
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply [flat|nested] 417+ messages in thread
* Re: [PATCH 5.4 000/411] 5.4.198-rc1 review
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (411 preceding siblings ...)
2022-06-13 18:17 ` [PATCH 5.4 000/411] 5.4.198-rc1 review Florian Fainelli
@ 2022-06-13 23:57 ` Guenter Roeck
2022-06-14 3:08 ` Shuah Khan
` (2 subsequent siblings)
415 siblings, 0 replies; 417+ messages in thread
From: Guenter Roeck @ 2022-06-13 23:57 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Mon, Jun 13, 2022 at 12:04:33PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.198 release.
> There are 411 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 161 pass: 161 fail: 0
Qemu test results:
total: 449 pass: 449 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 417+ messages in thread
* Re: [PATCH 5.4 000/411] 5.4.198-rc1 review
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (412 preceding siblings ...)
2022-06-13 23:57 ` Guenter Roeck
@ 2022-06-14 3:08 ` Shuah Khan
2022-06-14 10:25 ` Sudip Mukherjee
2022-06-14 15:17 ` Naresh Kamboju
415 siblings, 0 replies; 417+ messages in thread
From: Shuah Khan @ 2022-06-14 3:08 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, slade,
Shuah Khan
On 6/13/22 4:04 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.198 release.
> There are 411 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.198-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 417+ messages in thread
* Re: [PATCH 5.4 000/411] 5.4.198-rc1 review
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (413 preceding siblings ...)
2022-06-14 3:08 ` Shuah Khan
@ 2022-06-14 10:25 ` Sudip Mukherjee
2022-06-14 15:17 ` Naresh Kamboju
415 siblings, 0 replies; 417+ messages in thread
From: Sudip Mukherjee @ 2022-06-14 10:25 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, slade
Hi Greg,
On Mon, Jun 13, 2022 at 12:04:33PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.198 release.
> There are 411 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
> Anything received after that time might be too late.
Build test (gcc version 11.3.1 20220612):
mips: 65 configs -> no failure
arm: 106 configs -> no failure
arm64: 2 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
powerpc allmodconfig and riscv allmodconfig failed to build.
backported patches sent separately.
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
[1]. https://openqa.qa.codethink.co.uk/tests/1316
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 417+ messages in thread
* Re: [PATCH 5.4 000/411] 5.4.198-rc1 review
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
` (414 preceding siblings ...)
2022-06-14 10:25 ` Sudip Mukherjee
@ 2022-06-14 15:17 ` Naresh Kamboju
415 siblings, 0 replies; 417+ messages in thread
From: Naresh Kamboju @ 2022-06-14 15:17 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Mon, 13 Jun 2022 at 15:57, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.4.198 release.
> There are 411 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.198-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 5.4.198-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.4.y
* git commit: deacfea5b2321cbcf23622a0f37317ddabfdf76b
* git describe: v5.4.197-412-gdeacfea5b232
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.4.y/build/v5.4.197-412-gdeacfea5b232
## Test Regressions (compared to v5.4.196-11-g04a2bb5e4a0b)
No test regressions found.
## Metric Regressions (compared to v5.4.196-11-g04a2bb5e4a0b)
No metric regressions found.
## Test Fixes (compared to v5.4.196-11-g04a2bb5e4a0b)
No test fixes found.
## Metric Fixes (compared to v5.4.196-11-g04a2bb5e4a0b)
No metric fixes found.
## Test result summary
total: 119666, pass: 106701, fail: 219, skip: 11909, xfail: 837
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 313 total, 313 passed, 0 failed
* arm64: 57 total, 53 passed, 4 failed
* i386: 28 total, 25 passed, 3 failed
* mips: 37 total, 37 passed, 0 failed
* parisc: 12 total, 12 passed, 0 failed
* powerpc: 54 total, 54 passed, 0 failed
* riscv: 27 total, 27 passed, 0 failed
* s390: 12 total, 12 passed, 0 failed
* sh: 24 total, 24 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x86_64: 55 total, 54 passed, 1 failed
## Test suites summary
* fwts
* igt-gpu-tools
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-cap_bounds-tests
* ltp-commands
* ltp-commands-tests
* ltp-containers
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests
* ltp-fcntl-locktests-tests
* ltp-filecaps
* ltp-filecaps-tests
* ltp-fs
* ltp-fs-tests
* ltp-fs_bind
* ltp-fs_bind-tests
* ltp-fs_perms_simple
* ltp-fs_perms_simple-tests
* ltp-fsx
* ltp-fsx-tests
* ltp-hugetlb
* ltp-hugetlb-tests
* ltp-io
* ltp-io-tests
* ltp-ipc
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty
* ltp-pty-tests
* ltp-sched
* ltp-sched-tests
* ltp-securebits
* ltp-securebits-tests
* ltp-smoke
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* packetdrill
* rcutorture
* ssuite
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 417+ messages in thread
end of thread, other threads:[~2022-06-14 15:17 UTC | newest]
Thread overview: 417+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-13 10:04 [PATCH 5.4 000/411] 5.4.198-rc1 review Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 001/411] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 002/411] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 003/411] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 004/411] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 005/411] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 006/411] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 007/411] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 008/411] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 009/411] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 010/411] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 011/411] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 012/411] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 013/411] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 014/411] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 015/411] b43: " Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 016/411] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 017/411] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 018/411] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 019/411] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 020/411] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 021/411] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 022/411] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 023/411] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 024/411] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 025/411] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
2022-06-13 10:04 ` [PATCH 5.4 026/411] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 027/411] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 028/411] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 029/411] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 030/411] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 031/411] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 032/411] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 033/411] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 034/411] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 035/411] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 036/411] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 037/411] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 038/411] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 039/411] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 040/411] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 041/411] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 042/411] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 043/411] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 044/411] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 045/411] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 046/411] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 047/411] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 048/411] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 049/411] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 050/411] media: coda: limit frame interval enumeration to supported encoder frame sizes Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 051/411] media: cec-adap.c: fix is_configuring state Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 052/411] openrisc: start CPU timer early in boot Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 053/411] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 054/411] ASoC: rt5645: Fix errorenous cleanup order Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 055/411] nbd: Fix hung on disconnect request if socket is closed before Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 056/411] net: phy: micrel: Allow probing without .driver_data Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 057/411] media: exynos4-is: Fix compile warning Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 058/411] ASoC: max98357a: remove dependency on GPIOLIB Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 059/411] hwmon: Make chip parameter for with_info API mandatory Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 060/411] rxrpc: Return an error to sendmsg if call failed Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 061/411] eth: tg3: silence the GCC 12 array-bounds warning Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 062/411] selftests/bpf: fix btf_dump/btf_dump due to recent clang change Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 063/411] IB/rdmavt: add missing locks in rvt_ruc_loopback Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 064/411] ARM: dts: ox820: align interrupt controller node name with dtschema Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 065/411] PM / devfreq: rk3399_dmc: Disable edev on remove() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 066/411] fs: jfs: fix possible NULL pointer dereference in dbFree() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 067/411] ARM: OMAP1: clock: Fix UART rate reporting algorithm Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 068/411] powerpc/fadump: Fix fadump to work with a different endian capture kernel Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 069/411] fat: add ratelimit to fat*_ent_bread() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 070/411] ARM: versatile: Add missing of_node_put in dcscb_init Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 071/411] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 072/411] ARM: hisi: Add missing of_node_put after of_find_compatible_node Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 073/411] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 074/411] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 075/411] powerpc/xics: fix refcount leak in icp_opal_init() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 076/411] powerpc/powernv: fix missing of_node_put in uv_init() Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 077/411] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 078/411] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 079/411] RDMA/hfi1: Prevent panic when SDMA is disabled Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 080/411] drm: fix EDID struct for old ARM OABI format Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 081/411] ath9k: fix ar9003_get_eepmisc Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 082/411] drm/edid: fix invalid EDID extension block filtering Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 083/411] drm/bridge: adv7511: clean up CEC adapter when probe fails Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 084/411] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 085/411] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe Greg Kroah-Hartman
2022-06-13 10:05 ` [PATCH 5.4 086/411] x86/delay: Fix the wrong asm constraint in delay_loop() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 087/411] drm/mediatek: Fix mtk_cec_mask() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 088/411] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 089/411] drm/vc4: txp: Force alpha to be 0xff if its disabled Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 090/411] bpf: Fix excessive memory allocation in stack_map_alloc() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 091/411] nl80211: show SSID for P2P_GO interfaces Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 092/411] drm/komeda: Fix an undefined behavior bug in komeda_plane_add() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 093/411] drm: mali-dp: potential dereference of null pointer Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 094/411] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 095/411] NFC: NULL out the dev->rfkill to prevent UAF Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 096/411] efi: Add missing prototype for efi_capsule_setup_info Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 097/411] drbd: fix duplicate array initializer Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 098/411] HID: hid-led: fix maximum brightness for Dream Cheeky Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 099/411] HID: elan: Fix potential double free in elan_input_configured Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 100/411] drm/bridge: Fix error handling in analogix_dp_probe Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 101/411] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 102/411] spi: img-spfi: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 103/411] cpufreq: Fix possible race in cpufreq online error path Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 104/411] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 105/411] inotify: show inotify mask flags in proc fdinfo Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 106/411] fsnotify: fix wrong lockdep annotations Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 107/411] of: overlay: do not break notify on NOTIFY_{OK|STOP} Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 108/411] scsi: ufs: core: Exclude UECxx from SFR dump list Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 109/411] x86/pm: Fix false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 110/411] x86/speculation: Add missing prototype for unpriv_ebpf_notify() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 111/411] ASoC: rk3328: fix disabling mclk on pclk probe failure Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 112/411] perf tools: Add missing headers needed by util/data.h Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 113/411] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 114/411] drm/msm/dsi: fix error checks and return values for DSI xmit functions Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 115/411] drm/msm/hdmi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 116/411] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 117/411] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 118/411] virtio_blk: fix the discard_granularity and discard_alignment queue limits Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 119/411] x86: Fix return value of __setup handlers Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 120/411] irqchip/exiu: Fix acknowledgment of edge triggered interrupts Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 121/411] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 122/411] x86/mm: Cleanup the control_va_addr_alignment() __setup handler Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 123/411] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 124/411] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 125/411] drm/msm/mdp5: Return error code in mdp5_mixer_release " Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 126/411] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 127/411] media: uvcvideo: Fix missing check to determine if element is found in list Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 128/411] iomap: iomap_write_failed fix Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 129/411] Revert "cpufreq: Fix possible race in cpufreq online error path" Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 130/411] perf/amd/ibs: Use interrupt regs ip for stack unwinding Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 131/411] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 132/411] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 133/411] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 134/411] scripts/faddr2line: Fix overlapping text section failures Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 135/411] media: aspeed: Fix an error handling path in aspeed_video_probe() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 136/411] media: st-delta: Fix PM disable depth imbalance in delta_probe Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 137/411] media: exynos4-is: Change clk_disable to clk_disable_unprepare Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 138/411] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 139/411] media: vsp1: Fix offset calculation for plane cropping Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 140/411] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 141/411] m68k: math-emu: Fix dependencies of math emulation support Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 142/411] sctp: read sk->sk_bound_dev_if once in sctp_rcv() Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 143/411] media: ov7670: remove ov7670_power_off from ov7670_remove Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 144/411] ext4: reject the commit option on ext2 filesystems Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 145/411] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init Greg Kroah-Hartman
2022-06-13 10:06 ` [PATCH 5.4 146/411] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 147/411] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 148/411] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 149/411] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 150/411] rxrpc: Fix listen() setting the bar too high for the prealloc rings Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 151/411] rxrpc: Dont try to resend the request if were receiving the reply Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 152/411] rxrpc: Fix overlapping ACK accounting Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 153/411] rxrpc: Dont let ack.previousPacket regress Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 154/411] rxrpc: Fix decision on when to generate an IDLE ACK Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 155/411] net/smc: postpone sk_refcnt increment in connect() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 156/411] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 157/411] ARM: dts: suniv: F1C100: fix watchdog compatible Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 158/411] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 159/411] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 160/411] PCI: cadence: Fix find_first_zero_bit() limit Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 161/411] PCI: rockchip: " Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 162/411] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 163/411] can: xilinx_can: mark bit timing constants as const Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 164/411] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 165/411] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 166/411] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 167/411] ARM: dts: bcm2835-rpi-b: Fix GPIO line names Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 168/411] misc: ocxl: fix possible double free in ocxl_file_register_afu Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 169/411] crypto: marvell/cesa - ECB does not IV Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 170/411] arm: mediatek: select arch timer for mt7629 Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 171/411] powerpc/fadump: fix PT_LOAD segment for boot memory area Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 172/411] mfd: ipaq-micro: Fix error check return value of platform_get_irq() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 173/411] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 174/411] firmware: arm_scmi: Fix list protocols enumeration in the base protocol Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 175/411] nvdimm: Allow overwrite in the presence of disabled dimms Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 176/411] pinctrl: mvebu: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 177/411] drivers/base/node.c: fix compaction sysfs file leak Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 178/411] dax: fix cache flush on PMD-mapped pages Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 179/411] powerpc/8xx: export cpm_setbrg for modules Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 180/411] powerpc/idle: Fix return value of __setup() handler Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 181/411] powerpc/4xx/cpm: " Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 182/411] proc: fix dentry/inode overinstantiating under /proc/${pid}/net Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 183/411] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 184/411] PCI: imx6: Fix PERST# start-up sequence Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 185/411] tty: fix deadlock caused by calling printk() under tty_port->lock Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 186/411] crypto: cryptd - Protect per-CPU resource by disabling BH Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 187/411] Input: sparcspkr - fix refcount leak in bbc_beep_probe Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 188/411] powerpc/64: Only WARN if __pa()/__va() called with bad addresses Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 189/411] powerpc/perf: Fix the threshold compare group constraint for power9 Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 190/411] macintosh: via-pmu and via-cuda need RTC_LIB Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 191/411] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 192/411] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 193/411] mailbox: forward the hrtimer if not queued and under a lock Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 194/411] RDMA/hfi1: Prevent use of lock before it is initialized Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 195/411] Input: stmfts - do not leave device disabled in stmfts_input_open Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 196/411] f2fs: fix dereference of stale list iterator after loop body Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 197/411] iommu/mediatek: Add list_del in mtk_iommu_remove Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 198/411] i2c: at91: use dma safe buffers Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 199/411] i2c: at91: Initialize dma_buf in at91_twi_xfer() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 200/411] NFS: Do not report EINTR/ERESTARTSYS as mapping errors Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 201/411] NFS: Do not report flush errors in nfs_write_end() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 202/411] NFS: Dont report errors from nfs_pageio_complete() more than once Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 203/411] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 204/411] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 205/411] dmaengine: stm32-mdma: remove GISR1 register Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.4 206/411] iommu/amd: Increase timeout waiting for GA log enablement Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 207/411] perf c2c: Use stdio interface if slang is not supported Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 208/411] perf jevents: Fix event syntax error caused by ExtSel Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 209/411] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 210/411] f2fs: fix to do sanity check on block address in f2fs_do_zero_range() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 211/411] f2fs: fix to clear dirty inode in f2fs_evict_inode() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 212/411] f2fs: fix deadloop in foreground GC Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 213/411] f2fs: dont need inode lock for system hidden quota Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 214/411] f2fs: fix fallocate to use file_modified to update permissions consistently Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 215/411] wifi: mac80211: fix use-after-free in chanctx code Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 216/411] iwlwifi: mvm: fix assert 1F04 upon reconfig Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 217/411] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 218/411] efi: Do not import certificates from UEFI Secure Boot for T2 Macs Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 219/411] bfq: Split shared queues on move between cgroups Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 220/411] bfq: Update cgroup information before merging bio Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 221/411] bfq: Track whether bfq_group is still online Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 222/411] netfilter: nf_tables: disallow non-stateful expression in sets earlier Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 223/411] ext4: fix use-after-free in ext4_rename_dir_prepare Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 224/411] ext4: fix warning in ext4_handle_inode_extension Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 225/411] ext4: fix bug_on in ext4_writepages Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 226/411] ext4: verify dir block before splitting it Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 227/411] ext4: avoid cycles in directory h-tree Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 228/411] ACPI: property: Release subnode properties with data nodes Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 229/411] tracing: Fix potential double free in create_var_ref() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 230/411] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 231/411] PCI: qcom: Fix runtime PM imbalance on probe errors Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 232/411] PCI: qcom: Fix unbalanced PHY init " Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 233/411] mm, compaction: fast_find_migrateblock() should return pfn in the target zone Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 234/411] dlm: fix plock invalid read Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 235/411] dlm: fix missing lkb refcount handling Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 236/411] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 237/411] scsi: dc395x: Fix a missing check on list iterator Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 238/411] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 239/411] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 240/411] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 241/411] drm/nouveau/clk: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 242/411] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 243/411] md: fix an incorrect NULL check in does_sb_need_changing Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 244/411] md: fix an incorrect NULL check in md_reload_sb Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 245/411] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 246/411] media: coda: Fix reported H264 profile Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 247/411] media: coda: Add more H264 levels for CODA960 Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 248/411] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 249/411] RDMA/hfi1: Fix potential integer multiplication overflow errors Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 250/411] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 251/411] irqchip: irq-xtensa-mx: fix initial IRQ affinity Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 252/411] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 253/411] um: chan_user: Fix winch_tramp() return value Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 254/411] um: Fix out-of-bounds read in LDT setup Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 255/411] iommu/msm: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 256/411] nodemask.h: fix compilation error with GCC12 Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 257/411] hugetlb: fix huge_pmd_unshare address update Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 258/411] rtl818x: Prevent using not initialized queues Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 259/411] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 260/411] carl9170: tx: fix an incorrect use of list iterator Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 261/411] serial: pch: dont overwrite xmit->buf[0] by x_char Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 262/411] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 263/411] gma500: " Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 264/411] arm64: dts: qcom: ipq8074: fix the sleep clock frequency Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 265/411] phy: qcom-qmp: fix struct clk leak on probe errors Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.4 266/411] ARM: pxa: maybe fix gpio lookup tables Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 267/411] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 268/411] dt-bindings: gpio: altera: correct interrupt-cells Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 269/411] blk-iolatency: Fix inflight count imbalances and IO hangs on offline Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 270/411] phy: qcom-qmp: fix reset-controller leak on probe errors Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 271/411] Kconfig: add config option for asm goto w/ outputs Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 272/411] RDMA/rxe: Generate a completion for unsupported/invalid opcode Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 273/411] MIPS: IP27: Remove incorrect `cpu_has_fpu override Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 274/411] bfq: Avoid merging queues with different parents Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 275/411] bfq: Drop pointless unlock-lock pair Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 276/411] bfq: Remove pointless bfq_init_rq() calls Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 277/411] bfq: Get rid of __bio_blkcg() usage Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 278/411] bfq: Make sure bfqg for which we are queueing requests is online Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 279/411] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 280/411] md: bcache: check the return value of kzalloc() in detached_dev_do_request() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 281/411] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 282/411] staging: greybus: codecs: fix type confusion of list iterator variable Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 283/411] iio: adc: ad7124: Remove shift from scan_type Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 284/411] tty: goldfish: Use tty_port_destroy() to destroy port Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 285/411] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 286/411] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 287/411] usb: usbip: fix a refcount leak in stub_probe() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 288/411] usb: usbip: add missing device lock on tweak configuration cmd Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 289/411] USB: storage: karma: fix rio_karma_init return Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 290/411] usb: musb: Fix missing of_node_put() in omap2430_probe Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 291/411] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 292/411] pwm: lp3943: Fix duty calculation in case period was clamped Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 293/411] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 294/411] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 295/411] firmware: stratix10-svc: fix a missing check on list iterator Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 296/411] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 297/411] iio: adc: sc27xx: fix read big scale voltage not right Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 298/411] iio: adc: sc27xx: Fine tune the scale calibration values Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 299/411] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 300/411] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 301/411] serial: sifive: Report actual baud base rather than fixed 115200 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 302/411] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 303/411] soc: rockchip: Fix refcount leak in rockchip_grf_init Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 304/411] clocksource/drivers/riscv: Events are stopped during CPU suspend Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 305/411] rtc: mt6397: check return value after calling platform_get_resource() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 306/411] serial: meson: acquire port->lock in startup() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 307/411] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 308/411] serial: digicolor-usart: Dont allow CS5-6 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 309/411] serial: rda-uart: " Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 310/411] serial: txx9: " Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 311/411] serial: sh-sci: " Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 312/411] serial: sifive: Sanitize CSIZE and c_iflag Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 313/411] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 314/411] serial: stm32-usart: Correct CSIZE, bits, and parity Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 315/411] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 316/411] bus: ti-sysc: Fix warnings for unbind for serial Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 317/411] driver: base: fix UAF when driver_attach failed Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 318/411] driver core: fix deadlock in __device_attach Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 319/411] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 320/411] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 321/411] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 322/411] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 323/411] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 324/411] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 325/411] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.4 326/411] modpost: fix removing numeric suffixes Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 327/411] jffs2: fix memory leak in jffs2_do_fill_super Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 328/411] ubi: ubi_create_volume: Fix use-after-free when volume creation failed Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 329/411] nfp: only report pause frame configuration for physical device Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 330/411] net/mlx5: Dont use already freed action pointer Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 331/411] net/mlx5e: Update netdev features after changing XDP state Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 332/411] net: sched: add barrier to fix packet stuck problem for lockless qdisc Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 333/411] tcp: tcp_rtx_synack() can be called from process context Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 334/411] afs: Fix infinite loop found by xfstest generic/676 Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 335/411] tipc: check attribute length for bearer name Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 336/411] perf c2c: Fix sorting in percent_rmt_hitm_cmp() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 337/411] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 338/411] tracing: Fix sleeping function called from invalid context on RT kernel Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 339/411] tracing: Avoid adding tracer option before update_tracer_options Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 340/411] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 341/411] i2c: cadence: Increase timeout per message if necessary Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 342/411] m68knommu: set ZERO_PAGE() to the allocated zeroed page Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 343/411] m68knommu: fix undefined reference to `_init_sp Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 344/411] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 345/411] NFSv4: Dont hold the layoutget locks across multiple RPC calls Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 346/411] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 347/411] xprtrdma: treat all calls not a bcall when bc_serv is NULL Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 348/411] netfilter: nat: really support inet nat without l3 address Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 349/411] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 350/411] netfilter: nf_tables: memleak flow rule from commit path Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 351/411] xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 352/411] af_unix: Fix a data-race in unix_dgram_peer_wake_me() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 353/411] bpf, arm64: Clear prog->jited_len along prog->jited Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 354/411] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 355/411] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 356/411] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 357/411] net: mdio: unexport __init-annotated mdio_bus_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 358/411] net: xfrm: unexport __init-annotated xfrm4_protocol_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 359/411] net: ipv6: unexport __init-annotated seg6_hmac_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 360/411] net/mlx5: Rearm the FW tracer after each tracer event Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 361/411] net/mlx5: fs, fail conflicting actions Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 362/411] ip_gre: test csum_start instead of transport header Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 363/411] net: altera: Fix refcount leak in altera_tse_mdio_create Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 364/411] drm: imx: fix compiler warning with gcc-12 Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 365/411] iio: dummy: iio_simple_dummy: check the return value of kstrdup() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 366/411] iio: st_sensors: Add a local lock for protecting odr Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 367/411] lkdtm/usercopy: Expand size of "out of frame" object Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 368/411] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 369/411] tty: Fix a possible resource leak in icom_probe Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 370/411] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 371/411] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 372/411] USB: host: isp116x: check return value after calling platform_get_resource() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 373/411] drivers: tty: serial: Fix deadlock in sa1100_set_termios() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 374/411] drivers: usb: host: Fix deadlock in oxu_bus_suspend() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 375/411] USB: hcd-pci: Fully suspend across freeze/thaw cycle Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 376/411] usb: dwc2: gadget: dont reset gadgets driver->bus Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 377/411] misc: rtsx: set NULL intfdata when probe fails Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 378/411] extcon: Modify extcon device to be created after driver data is set Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 379/411] clocksource/drivers/sp804: Avoid error on multiple instances Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 380/411] staging: rtl8712: fix uninit-value in usb_read8() and friends Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 381/411] staging: rtl8712: fix uninit-value in r871xu_drv_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 382/411] serial: msm_serial: disable interrupts in __msm_console_write() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 383/411] kernfs: Separate kernfs_pr_cont_buf and rename_lock Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 384/411] watchdog: wdat_wdt: Stop watchdog when rebooting the system Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 385/411] md: protect md_unregister_thread from reentrancy Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.4 386/411] scsi: myrb: Fix up null pointer access on myrb_cleanup() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 387/411] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 388/411] ceph: allow ceph.dir.rctime xattr to be updatable Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 389/411] drm/radeon: fix a possible null pointer dereference Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 390/411] modpost: fix undefined behavior of is_arm_mapping_symbol() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 391/411] x86/cpu: Elide KCSAN for cpu_has() and friends Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 392/411] nbd: call genl_unregister_family() first in nbd_cleanup() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 393/411] nbd: fix race between nbd_alloc_config() and module removal Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 394/411] nbd: fix io hung while disconnecting device Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 395/411] s390/gmap: voluntarily schedule during key setting Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 396/411] cifs: version operations for smb20 unneeded when legacy support disabled Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 397/411] nodemask: Fix return values to be unsigned Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 398/411] vringh: Fix loop descriptors check in the indirect cases Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 399/411] scripts/gdb: change kernel config dumping method Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 400/411] ALSA: hda/conexant - Fix loopback issue with CX20632 Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 401/411] cifs: return errors during session setup during reconnects Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 402/411] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 403/411] mmc: block: Fix CQE recovery reset success Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 404/411] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 405/411] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 406/411] ixgbe: fix bcast packets Rx on VF after promisc removal Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 407/411] ixgbe: fix unexpected VLAN Rx in promisc mode on VF Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 408/411] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 409/411] powerpc/32: Fix overread/overwrite of thread_struct via ptrace Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 410/411] md/raid0: Ignore RAID0 layout if the second zone has only one device Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.4 411/411] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N Greg Kroah-Hartman
2022-06-13 18:17 ` [PATCH 5.4 000/411] 5.4.198-rc1 review Florian Fainelli
2022-06-13 23:57 ` Guenter Roeck
2022-06-14 3:08 ` Shuah Khan
2022-06-14 10:25 ` Sudip Mukherjee
2022-06-14 15:17 ` Naresh Kamboju
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).